Code review request: 8016594: Native Windows ccache still reads DES tickets

Dmitry Samersoff dmitry.samersoff at oracle.com
Wed Aug 7 04:12:20 PDT 2013


Weijun,

> That's because KERB_ETYPE_RC4_MD4 is a MS-private etype we don't
> support. Now that we pass in default_tkt_enctypes explicitly as an
> argument it seems no need to hardcode or comment on anything.

OK. Thank you for explaining.

-Dmitry

On 2013-08-07 14:58, Weijun Wang wrote:
> 
> 
> On 8/7/13 5:23 PM, Dmitry Samersoff wrote:
>> Weijun,
>>
>> nativeccache.c:
>>
>> 322: Could you change strlen("krbtgt") to sizeof("krbtgt")-1 to save a
>> bit of computer power?
> 
> Sure.
> 
>>
>> NativeCreds.c:
>>
>> (a)
>> 478: As it doesn't have sence to process ticket if
>> KERB_TICKET_FLAGS_invalid is set, it might be better to move
>>
>> if (msticket->TicketFlags & KERB_TICKET_FLAGS_invalid)  out of loop to
>> ll. 462
> 
> Good. I'll also move the time compare out of loop.
> 
>>
>> (b)
>> Original code always ignore RC4 & MD4 combination, but changed code not.
>> Is it intentional? if yes, could you add an appropriate comments?
> 
> That's because KERB_ETYPE_RC4_MD4 is a MS-private etype we don't
> support. Now that we pass in default_tkt_enctypes explicitly as an
> argument it seems no need to hardcode or comment on anything.
> 
> Thanks
> Max
> 
>>
>> -Dmitry
>>
>> On 2013-07-15 15:02, Weijun Wang wrote:
>>> Please take a look at
>>>
>>>     http://cr.openjdk.java.net/~weijun/8016594/webrev.00/
>>>
>>> Instead of always reading tickets with session key of DES/RC4 etypes, it
>>> should accept any ticket in the default_tkt_enctypes setting.
>>>
>>> No reg test, needs a SQE test running with Windows 2008 as server.
>>>
>>> Thanks
>>> Max
>>
>>


-- 
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* I would love to change the world, but they won't give me the sources.


More information about the security-dev mailing list