RT RT/krbdev.mit.edu: Ticket #7024 PAC resigning should support buffer resizing Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
7024
Status
open
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
Target_Version
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Tue Nov 22 19:45:20 2011
Starts: Not set
Started: Not set
Last Contact: Not set
Due: Not set
Updated: Tue Nov 22 19:45:21 2011 by ghudson
 

 People  
Owner
 Nobody
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Tue Nov 22 19:45:20 2011  ghudson - Ticket created    
     
Subject: PAC resigning should support buffer resizing

krb5_pac_sign allows an existing signed PAC to be re-signed, but only if
the mandatory cksumtype corresponding to the key enctypes has the same
hash size as the cksumtypes used in the existing signatures.  This
restriction makes re-signing PACs fairly useless because most of the time
you're trying to transfer a PAC from one ticket to another (say, from a
TGT to a service ticket) and the service key for the target ticket won't
necessarily be of the same time as the service key for the source, which
means the checksum types may be different.

So, we should add a routine to resize a buffer within a PAC and support
buffer resizing while re-signing.  In the meantime, code which wants to
re-sign a PAC needs to construct a new PAC, using krb5_pac_get_types and
krb5_pac_get_buffer to copy information from the old one.


Download (untitled) 832b