From bdr@cray.com Thu Dec 12 09:20:38 1996 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id JAA20902 for ; Thu, 12 Dec 1996 09:20:37 -0500 Received: from timbuk.cray.com by MIT.EDU with SMTP id AA05067; Thu, 12 Dec 96 09:20:31 EST Received: from ironwood.cray.com (root@ironwood-fddi.cray.com [128.162.21.36]) by timbuk.cray.com (8.8.4/CRI-gate-8-2.11) with SMTP id IAA26511 for ; Thu, 12 Dec 1996 08:20:20 -0600 (CST) Received: from brain.cray.com (brain [128.162.150.157]) by ironwood.cray.com (8.6.12/CRI-ccm_serv-8-2.8) with ESMTP id IAA01946 for ; Thu, 12 Dec 1996 08:20:10 -0600 Received: by brain.cray.com (8.8.0/btd-b3) id OAA24029; Thu, 12 Dec 1996 14:20:02 GMT Message-Id: <199612121420.OAA24029@brain.cray.com> Date: Thu, 12 Dec 1996 08:20:01 -0600 (CST) From: Brian Reitz To: krb5-bugs@MIT.EDU Subject: beta-5 to post-beta-7 ticket forwarding broken >Number: 295 >Category: krb5-libs >Synopsis: beta-5 to post-beta-7 ticket forwarding broken >Confidential: yes >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Thu Dec 12 09:21:01 EST 1996 >Last-Modified: Tue Sep 18 18:09:32 EDT 2001 >Originator: Brian Reitz >Organization: ------------------------------------------------------------------------------ Brian Reitz voice: (612) 683-5092 Cray Research (A Silicon Graphics Company) email: bdr@cray.com 655F Lone Oak Drive Eagan, MN, 55121, USA ------------------------------------------------------------------------------ >Release: beta-5, 1.0? >Environment: >Description: When using the bsd login utils to forward tickets there is a backwards compatibility issue with older (pre 5.6) clients attempting to talk to 5.6 or 5.7 servers. The problem is that in 5.5 the fowarded ticket did not include a local or a remote address in the cred ( the s_address and r_address fields in a krb5_cred_enc_part structure). The 5.6 and 5.7 versions of the ticket forwarding code do fill in these addrs. The 5.6 or 5.7 krb5_rd_cred_basic() routine expects to have a s_address as part of the encrypted message. The asn1 code can deal with the fact that this addr is not filled in, but krb5_rd_cred_basic() can not and will SEGV on a 6.2 IRIX box. I can only assume that it will not do anything good on other platforms as well. This is only an issue if you are trying to run 5.6 or later servers (klogind for example) and wish to provide service to pre 5.6 clients (a 5.5 klogin for example) and allow them to forward tickets. >How-To-Repeat: >Fix: The fix is to lib/krb5/krb/rd_cred.c and looks like this: *** /build/bdr/krb5build/src/lib/krb5/krb/rd_cred.c Tue Nov 19 00:31:49 199 6 --- rd_cred.c Tue Dec 3 22:09:46 1996 *************** *** 106,112 **** * an init_sec_context message, skip over this check. */ if (pkeyblock != NULL) { ! if (!krb5_address_compare(context, remote_addr, encpart.s_address)) { retval = KRB5KRB_AP_ERR_BADADDR; goto cleanup_cred; } --- 106,113 ---- * an init_sec_context message, skip over this check. */ if (pkeyblock != NULL) { ! if (remote_addr && encpart.s_address && ! !krb5_address_compare(context, remote_addr, encpart.s_address)) { retval = KRB5KRB_AP_ERR_BADADDR; goto cleanup_cred; } >Audit-Trail: Responsible-Changed-From-To: gnats-admin->krb5-unassigned Responsible-Changed-By: tlyu Responsible-Changed-When: Tue Feb 11 18:05:47 1997 Responsible-Changed-Why: refiled; the patch looks sane, but I want some more comments first. State-Changed-From-To: open-closed State-Changed-By: tlyu State-Changed-When: Tue Sep 18 18:09:25 2001 State-Changed-Why: Fixed long ago. >Unformatted: