blob: ac293922fefd3a26798574ac877a329b07f3f9d5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
stuff to add:
- write up understanding of current referral logic to krbcore
- given the length of conversations with hartmans and raeburn, others
are likely to take issue with the finer points.
- add klist option to print actual credential principal
- referral loop checking
- properly return TGT string for ccache
- old code was convoluted and buggy. replace.
bug fixes:
- memory management issues:
- kvno crashes freeing in_cred after the call completes. why is this?
reproduce: "kvno host/maybe.not.ms.mit.edu@NOT.MS.MIT.EDU"
- assertion failure: "./ptest argos.mit.edu"
- might require NOT tickets and no domain_realm setting
- no longer reproducible?
- fix double-free in gc_from_kdc_opt cleanup
testing issues:
- verify that cached tickets work properly
- verify that intermediate TGTs aren't cached but
- Should we do the single non-referral fallback always or only on certain
KDC failure states? Probably answer this from testing.
- credential cacheing unreliable; investiagate
- "kvno host/argos.mit.edu@NOT.MS.MIT.EDU" with NOT tickets fills up ccache
low-priority:
- code (or explicitly punt) edge cases in krb5_get_cred_from_kdc_opt
later, high-priority, hard:
- padata parsing
final:
- check namespace use with tom
- review code for:
- string safety, particularly strcmp use -- nothing is guaranteed to be a string,
do not use string functions at all.
- memory leaks
- check assumptions on assumed dereferencability of credential members
- review code format
- #ifdef out tracing/debugging code
- review implementation notes against actual implementation
|