Code review request: 8016594: Native Windows ccache still reads DES tickets
Weijun Wang
weijun.wang at oracle.com
Wed Aug 7 10:58:26 UTC 2013
On 8/7/13 5:23 PM, Dmitry Samersoff wrote:
> Weijun,
>
> nativeccache.c:
>
> 322: Could you change strlen("krbtgt") to sizeof("krbtgt")-1 to save a
> bit of computer power?
Sure.
>
> NativeCreds.c:
>
> (a)
> 478: As it doesn't have sence to process ticket if
> KERB_TICKET_FLAGS_invalid is set, it might be better to move
>
> if (msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) out of loop to
> ll. 462
Good. I'll also move the time compare out of loop.
>
> (b)
> Original code always ignore RC4 & MD4 combination, but changed code not.
> Is it intentional? if yes, could you add an appropriate comments?
That's because KERB_ETYPE_RC4_MD4 is a MS-private etype we don't
support. Now that we pass in default_tkt_enctypes explicitly as an
argument it seems no need to hardcode or comment on anything.
Thanks
Max
>
> -Dmitry
>
> On 2013-07-15 15:02, Weijun Wang wrote:
>> Please take a look at
>>
>> http://cr.openjdk.java.net/~weijun/8016594/webrev.00/
>>
>> Instead of always reading tickets with session key of DES/RC4 etypes, it
>> should accept any ticket in the default_tkt_enctypes setting.
>>
>> No reg test, needs a SQE test running with Windows 2008 as server.
>>
>> Thanks
>> Max
>
>
More information about the security-dev
mailing list