RT RT/krbdev.mit.edu: Ticket #438 login.c uses wrong criteria to set KRB_ENVIRON Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
438
Status
new
Worked
0 min
Priority
50/
Queue
krb5-appl
 

 Keyword Selections  
Component
Version_reported
Version_Fixed
Target_Version
Tags
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Sat Jun 14 15:52:02 1997
Starts: Not set
Started: Not set
Last Contact: Not set
Due: Not set
Updated: Tue Dec 31 13:40:46 2013 by tlyu
 

 People  
Owner
 Nobody
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Mon Aug 19 14:17:48 2002  RT_System - Default: Import/ changed from to    
     
From ghudson@MIT.EDU  Sat Jun 14 15:51:40 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU
(8.7.5/8.7.3) with SMTP id PAA05108 for <bugs@RT-11.MIT.EDU>; Sat, 14 Jun 1997
15:51:39 -0400
Received: from THE-LIGHT-FANTASTIC.MIT.EDU by MIT.EDU with SMTP
	id AA00198; Sat, 14 Jun 97 15:50:41 EDT
Received: (from ghudson@localhost) by the-light-fantastic.MIT.EDU (8.6.12/8.6.12) id
PAA06926; Sat, 14 Jun 1997 15:51:37 -0400
Message-Id: <199706141951.PAA06926@the-light-fantastic.MIT.EDU>
Date: Sat, 14 Jun 1997 15:51:37 -0400
From: Greg Hudson <ghudson@MIT.EDU>
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: login.c uses wrong criteria to set KRB_ENVIRON
X-Send-Pr-Version: 3.99

>Number:         438
>Category:       krb5-appl
>Synopsis:       login.c uses wrong criteria to set KRB_ENVIRON
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Sat Jun 14 15:52:02 EDT 1997
>Last-Modified:
>Originator:     Greg Hudson
>Organization:
MIT
>Release:        1.0
>Environment:
	Solaris 2.5.1 (Athena 8.1), but not really system-dependent

>Description:
	When deciding whether to set KRBTKFILE in the login environment,
	src/appl/bsd/login.c checks for "login_krb4_get_tickets &&
	tkfile[0]".  This is wrong because (a) KRBTKFILE should be set
	if login_krb4_convert is true, even if login_krb4_get_tickets is
	false, and (b) tkfile[0] is pretty much always true; it's not a
	good indicator of whether we got tickets above.

	The simple fix is to test for tkfile[0].  However, another problem
	remains.  If login is called with the -p option (which is the
	normal behavior), then KRBTKFILE will remain set from when it was
	set in k_init().  To fix that, I think you need to remember the
	old value of KRBTKFILE and reset it if tickets are not acquired

>How-To-Repeat:
	rlogin to a krb5 host which has login_krb4_get_tickets set,
	don't acquire v4 tickets, and notice that KRBTKFILE is set.

	Modify krlogind to invoke login without the -p option.  rlogin
	to a krb5 host with the modified krlogind and which has
	login_krb4_convert true but not login_krb4_get_tickets.  Forward
	your v5 tickets.  Notice that KRBTKFILE is not set.

	rlogin to a krb5 host with the unmodified krlogind and which has
	login_krb4_convert true but not login_krb4_get_tickets.  Don't
	forward your v5 tickets.  Notice that KRBTKFILE is still set
	even though it wasn't set up in the login environment (because
	login_krb4_get_tickets is not true)

>Fix:
	Here is the fix for the simple problem.  Please get back to me
	when the more complicated problem is fixed, so that I can apply
	exactly the same patch to the Athena krb5 sources as you guys
	use.

Index: login.c
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/login.c,v
retrieving revision 1.4
diff -c -r1.4 login.c
*** login.c	1997/04/01 00:26:05	1.4
--- login.c	1997/06/14 18:49:55
***************
*** 1852,1858 ****
  		(void)setenv("TERM", term, 0);
  #ifdef KRB4_GET_TICKETS
  	/* tkfile[0] is only set if we got tickets above */
! 	if (login_krb4_get_tickets && tkfile[0])
  	    (void) setenv(KRB_ENVIRON, tkfile, 1);
  #endif /* KRB4_GET_TICKETS */
  #ifdef KRB5_GET_TICKETS
--- 1852,1858 ----
  		(void)setenv("TERM", term, 0);
  #ifdef KRB4_GET_TICKETS
  	/* tkfile[0] is only set if we got tickets above */
! 	if (got_v4_tickets)
  	    (void) setenv(KRB_ENVIRON, tkfile, 1);
  #endif /* KRB4_GET_TICKETS */
  #ifdef KRB5_GET_TICKETS
>Audit-Trail:
>Unformatted:


Download (untitled) 3.5k
      Mon Aug 19 14:17:48 2002  RT_System - Component krb5-appl added    
      Fri Jan  9 16:56:02 2004  hartmans - Subject changed from login.c uses wrong criteria to set KRB_ENVIRON to preauth    
      Tue Dec 31 13:40:46 2013  tlyu - Subject changed from login.c uses wrong criteria to set KRB_ENVIRON to login.c uses wrong criteria to set KRB_ENVIRON    
      Tue Dec 31 13:40:46 2013  tlyu - Queue changed from krb5 to krb5-appl