nicowilliams
commented
1 year ago BTW, I'm quite impressed with this codebase. Keep it up!
Open nicowilliams opened 1 year ago
nicowilliams
commented
1 year ago BTW, I'm quite impressed with this codebase. Keep it up!
The textual form of principal names that most implementations use (and thus what we all have to interoperate with) is given in RFC 1964, section 2.1.1:
Most importantly
@,/, and\in principal name components need to be backslash-escaped, and@in realm names also needs to be backslash-escaped. There's also whitespace characters (newline, tab), backspace, and embeddedNULs that must be expressed as\n,\t,\b, and\0respectively, though commonly implementations disallow embeddedNULs, and I have never ever seen any principals with newline, tab, or backspace in them, but principals with@in a component do happen. Specifically, the ill-named concept of User Principal Name (UPN), which is reallyname\@domain@REALMdoes require backslash-escaping of@in order to parse correctly.I recommend at least handling backslash-escaping of
/in principal name components, and@in principal name components and realm names.https://github.com/jcmturner/gokrb5/blob/master/types/PrincipalName.go#L22 https://github.com/jcmturner/gokrb5/blob/master/types/PrincipalName.go#L49 https://github.com/jcmturner/gokrb5/blob/master/types/PrincipalName.go#L58