From ghudson@MIT.EDU Mon Sep 28 10:58:27 1998 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id KAA05927 for ; Mon, 28 Sep 1998 10:58:26 -0400 Received: from SMALL-GODS.MIT.EDU by MIT.EDU with SMTP id AA19739; Mon, 28 Sep 98 10:58:24 EDT Received: by small-gods.mit.edu (SMI-8.6/4.7) id KAA15367; Mon, 28 Sep 1998 10:58:24 -0400 Message-Id: <199809281458.KAA15367@small-gods.mit.edu> Date: Mon, 28 Sep 1998 10:58:24 -0400 From: ghudson@MIT.EDU Reply-To: ghudson@MIT.EDU To: krb5-bugs@MIT.EDU Subject: krb4 encrypted rcp to local host X-Send-Pr-Version: 3.99 >Number: 638 >Category: krb5-appl >Synopsis: v4rcp does not set local and foreign port numbers >Confidential: no >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Mon Sep 28 10:59:00 EDT 1998 >Last-Modified: Thu Oct 08 01:52:01 EDT 1998 >Originator: Greg Hudson >Organization: MIT >Release: 1.0pl1 >Environment: System: SunOS small-gods.mit.edu 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-5_10 Architecture: sun4 >Description: When doing a krb4 encrypted rcp to a v5 machine, src/appl/bsd/v4rcp.c does not set up the port numbers for the local and foreign address, only the IP addresses. If the rcp is to the same machine (say, if you have only krb4 tickets), then the direction bit may be set wrong during the mutual authentication check. >How-To-Repeat: Do a krb4 encrypted rcp to a different user on the local host. Note that it usually fails with a "time out of bounds" error (which is a poor error message, of course). >Fix: kshd has to be modified to export the port numbers in the environment. Index: krshd.c =================================================================== RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/krshd.c,v retrieving revision 1.9 diff -c -r1.9 krshd.c *** krshd.c 1998/06/11 17:58:53 1.9 --- krshd.c 1998/09/24 23:26:10 *************** *** 439,446 **** char path_rest[] = RPATH; char remote_addr[64]; /* = "KRB5REMOTEADDR=" */ char local_addr[64]; /* = "KRB5LOCALADDR=" */ ! #define ADDRPAD 0,0 /* remoteaddr, localaddr */ #define KRBPAD 0 /* KRB5CCNAME, optional */ /* The following include extra space for TZ and MAXENV pointers... */ --- 439,448 ---- char path_rest[] = RPATH; char remote_addr[64]; /* = "KRB5REMOTEADDR=" */ + char remote_port[64]; /* = "KRB5REMOTEPORT=" */ char local_addr[64]; /* = "KRB5LOCALADDR=" */ ! char local_port[64]; /* = "KRB5LOCALPORT=" */ ! #define ADDRPAD 0,0,0,0 #define KRBPAD 0 /* KRB5CCNAME, optional */ /* The following include extra space for TZ and MAXENV pointers... */ *************** *** 1364,1377 **** { int i; ! /* these two are covered by ADDRPAD */ sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr)); for (i = 0; envinit[i]; i++); envinit[i] =local_addr; sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr)); for (; envinit[i]; i++); envinit[i] =remote_addr; } /* If we do anything else, make sure there is space in the array. */ --- 1366,1387 ---- { int i; ! /* these four are covered by ADDRPAD */ sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr)); for (i = 0; envinit[i]; i++); envinit[i] =local_addr; + sprintf(local_port, "KRB5LOCALPORT=%d", ntohs(localaddr.sin_port)); + for (; envinit[i]; i++); + envinit[i] =local_port; + sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr)); for (; envinit[i]; i++); envinit[i] =remote_addr; + + sprintf(remote_port, "KRB5REMOTEPORT=%d", ntohs(fromp->sin_port)); + for (; envinit[i]; i++); + envinit[i] =remote_port; } /* If we do anything else, make sure there is space in the array. */ Index: v4rcp.c =================================================================== RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/v4rcp.c,v retrieving revision 1.1.1.1 diff -c -r1.1.1.1 v4rcp.c *** v4rcp.c 1997/01/21 09:18:11 1.1.1.1 --- v4rcp.c 1998/09/24 21:55:04 *************** *** 1005,1011 **** local.sin_addr.s_addr = inet_addr(envaddr); #endif local.sin_family = AF_INET; ! local.sin_port = 0; } else { fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n"); exit(1); --- 1005,1014 ---- local.sin_addr.s_addr = inet_addr(envaddr); #endif local.sin_family = AF_INET; ! if (envaddr = getenv("KRB5LOCALPORT")) ! local.sin_port = htons(atoi(envaddr)); ! else ! local.sin_port = 0; } else { fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n"); exit(1); *************** *** 1017,1023 **** foreign.sin_addr.s_addr = inet_addr(envaddr); #endif foreign.sin_family = AF_INET; ! foreign.sin_port = 0; } else { fprintf(stderr, "v4rcp: couldn't get remote address (KRB5REMOTEADDR)\n"); exit(1); --- 1020,1029 ---- foreign.sin_addr.s_addr = inet_addr(envaddr); #endif foreign.sin_family = AF_INET; ! if (envaddr = getenv("KRB5REMOTEPORT")) ! foreign.sin_port = htons(atoi(envaddr)); ! else ! foreign.sin_port = 0; } else { fprintf(stderr, "v4rcp: couldn't get remote address (KRB5REMOTEADDR)\n"); exit(1); >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: tytso State-Changed-When: Thu Oct 8 01:51:47 1998 State-Changed-Why: I've checked in your suggested change. Thanks! >Unformatted: