On Wed, 2008-10-01 at 18:58 -0500, Will Fiveash wrote: > On Wed, Oct 01, 2008 at 05:47:18PM +0200, Mark Phalan wrote: > > On Mon, 2008-09-29 at 19:20 -0500, Will Fiveash wrote: > > > On Thu, Aug 28, 2008 at 08:22:27PM +0200, Mark Phalan wrote: > > > > > > > > > > > > I've just uploaded a webrev of my resync/pkinit workspace. There still > > > > needs to be some work on pkinit so don't expect the code in > > > > usr/src/lib/krb5/plugins/preauth/pkinit/ to be complete (you can ignore > > > > it for now). I'll post another incremental webrev with any changes I > > > > make to the pkinit code later on. The rest of the changes are resync > > > > changes for MIT 1.6.3. The hg comment needs to be updated, I'll do that > > > > once we get the pkinit PSARC case submitted. > > > > > > > > I've chunked the review up into four pieces as I expect the krb team to > > > > do the review. > > > > > > > > Shawn: Chunk 1 > > > > Peter: Chunk 2 > > > > Glenn: Chunk 3 > > > > Will: Chunk 4 > > > > > > > > I'd like to have this completed by 17th Sept. Let me know if thats a > > > > problem for anyone. > > > > > > > > webrev here: > > > > http://cr.opensolaris.org/~mbp/pkinit/ > > In usr/src/uts/common/gssapi/mechs/krb5/include/k5-int.h: > 265 -/* > 266 - * Solaris Kerberos: > 267 - * Define whether or not to do a reverse lookup when looking up a > host in DNS. > 268 - */ > 269 -#define REV_LOOKUP 1 > 270 -#define NO_REV_LOOKUP 0 > > - Did you make the change so that the current Solaris behavior (no > reverse lookup) is maintained by default?
Yes. See: sn2princ.c 44 #if !defined(DEFAULT_RDNS_LOOKUP) 45 /* Solaris Kerberos */ 46 #define DEFAULT_RDNS_LOOKUP 0 47 #endif which is used as the "defalt" value here: 59 maybe_use_reverse_dns (krb5_context context, int defalt) which is called here: 168 if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) > > In usr/src/uts/common/gssapi/mechs/krb5/include/k5-thread.h: > > 595 630 # endif > 596 - > 631 +asdfsdf > > - asdfsdf seems like a typo. How did this compile? Indeed. There were further lint errors which need to be fixed in k5-thread.h. The asdfsdf typo was fixed. > > In usr/src/uts/common/gssapi/mechs/krb5/mech/k5seal.c: > > 137 - conflen = kg_confounder_size(context, enc); > 138 - else > 139 - conflen = 0; > 115 + conflen = kg_confounder_size(context, enc); > 116 + else conflen = 0; > > - I hate the format change on line 116 . It's ugly. I don't like it either. MIT has it bla bla.. > > 223 - md5cksum.length = (size_t)sumlen; > 195 + md5cksum.length = sumlen; > > - Still linty fresh? Nightly doesn't complain when using the lint flag. > > 241 - if (pad) > 242 - (void) memset(plain+conflen+text->length, pad, pad); > 214 + if (pad) (void) memset(plain+conflen+text->length, pad, pad); > > - more format ickyness. Yup, as above. > > In usr/src/uts/common/gssapi/mechs/krb5/mech/k5sealv3.c: > > 494 - plain.length = bodysize - ec; > 493 + plain.length = bodysize-ec; > > - more format ickyness. > > That's all I've got for section 4 (except for the > usr/src/lib/krb5/plugins/preauth/pkinit/* files). Great. I hope to send an updated webrev out soon. -M
