Open
Conversation
* ticketer now update existing ccache if KRB5CCNAME is specified * ticketConverter now convert all TGS within the Kirbi or provided Ccache * Fix a bug during the conversion from ccache to kirbi that does not correctly preserve ticket flags
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fix multiple issues, all related to Kerberos tickets handling.
Current
ticketer.pylogic is to create a new ticket, the introduced modification will take into account the presence ofKRB5CCNAMEenvironment variable, and if set, will load the content of the ticket before adding the generated ticket and saving it to the target.In the same manner,
ticketConverter.pyonly takes the first TGS and discard all other tickets during conversion. This PR now loop on all tickets.During the conversion of tickets, from ccache to kirbi, the ticket's flags are converted to their ASN1 representation. However, the conversion is not properly done when an integer is given and null bytes are stripped. Using a string containing the binary representation of the flags solve the issue.
Currently, when using
ticketer.pyand thenticketConverter.pyto a kirbi file, the ticket flags go from 0x50a00000 to 0xa1400000.