Code review request: 8016594: Native Windows ccache still reads DES tickets
Dmitry Samersoff
dmitry.samersoff at oracle.com
Wed Aug 7 11:12:20 UTC 2013
Weijun,
> That's because KERB_ETYPE_RC4_MD4 is a MS-private etype we don't
> support. Now that we pass in default_tkt_enctypes explicitly as an
> argument it seems no need to hardcode or comment on anything.
OK. Thank you for explaining.
-Dmitry
On 2013-08-07 14:58, Weijun Wang wrote:
>
>
> On 8/7/13 5:23 PM, Dmitry Samersoff wrote:
>> Weijun,
>>
>> nativeccache.c:
>>
>> 322: Could you change strlen("krbtgt") to sizeof("krbtgt")-1 to save a
>> bit of computer power?
>
> Sure.
>
>>
>> NativeCreds.c:
>>
>> (a)
>> 478: As it doesn't have sence to process ticket if
>> KERB_TICKET_FLAGS_invalid is set, it might be better to move
>>
>> if (msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) out of loop to
>> ll. 462
>
> Good. I'll also move the time compare out of loop.
>
>>
>> (b)
>> Original code always ignore RC4 & MD4 combination, but changed code not.
>> Is it intentional? if yes, could you add an appropriate comments?
>
> That's because KERB_ETYPE_RC4_MD4 is a MS-private etype we don't
> support. Now that we pass in default_tkt_enctypes explicitly as an
> argument it seems no need to hardcode or comment on anything.
>
> Thanks
> Max
>
>>
>> -Dmitry
>>
>> On 2013-07-15 15:02, Weijun Wang wrote:
>>> Please take a look at
>>>
>>> http://cr.openjdk.java.net/~weijun/8016594/webrev.00/
>>>
>>> Instead of always reading tickets with session key of DES/RC4 etypes, it
>>> should accept any ticket in the default_tkt_enctypes setting.
>>>
>>> No reg test, needs a SQE test running with Windows 2008 as server.
>>>
>>> Thanks
>>> Max
>>
>>
--
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* I would love to change the world, but they won't give me the sources.
More information about the security-dev
mailing list