On Wed, 2008-10-01 at 16:42 -0500, Will Fiveash wrote: > On Wed, Oct 01, 2008 at 05:47:18PM +0200, Mark Phalan wrote: > > On Mon, 2008-09-29 at 19:20 -0500, Will Fiveash wrote: > > > On Thu, Aug 28, 2008 at 08:22:27PM +0200, Mark Phalan wrote: > > > > > > > > > > > > I've just uploaded a webrev of my resync/pkinit workspace. There still > > > > needs to be some work on pkinit so don't expect the code in > > > > usr/src/lib/krb5/plugins/preauth/pkinit/ to be complete (you can ignore > > > > it for now). I'll post another incremental webrev with any changes I > > > > make to the pkinit code later on. The rest of the changes are resync > > > > changes for MIT 1.6.3. The hg comment needs to be updated, I'll do that > > > > once we get the pkinit PSARC case submitted. > > > > > > > > I've chunked the review up into four pieces as I expect the krb team to > > > > do the review. > > > > > > > > Shawn: Chunk 1 > > > > Peter: Chunk 2 > > > > Glenn: Chunk 3 > > > > Will: Chunk 4 > > > > > > > > I'd like to have this completed by 17th Sept. Let me know if thats a > > > > problem for anyone. > > > > > > > > webrev here: > > > > http://cr.opensolaris.org/~mbp/pkinit/ > > > > > > Have you run this code through the lint -errsecurity=standard security > > > checks? > > > <see http://secprog.sfbay.sun.com/lint/levels.html> > > > > No. I was relying on the standard ON lint checks. I'll re-run with > > "-errsecurity=standard" for the new pkinit code. > > Speaking of this, in > usr/src/uts/common/gssapi/mechs/krb5/crypto/des/weak_key.c: > > 78 79 for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { > 79 - if (!memcmp((char *)weak_p++,(char > *)key,sizeof(mit_des_cblock))) > 80 + if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) > 80 81 return 1; > > > Why were the casts removed? Note that this code is common to user and > kernel space and Wyllys had previously modified the kernel code to be > lint clean. Did this change introduce any new lint warnings?
No new lint warnings. What are the lint requirements for Kerberos? lint clean nightly run? Certainly running "make lint" in most of the krb sub-dirs (current ON) produces a lot of output. -M
