Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-RT-Original-Encoding: iso-8859-1 Content-Length: 3547 Hello,

Recently I found wrong logic in krb5_locate_kpasswd() function (krb5/build/src/lib/krb5/os/changepw.c file).

If we got success on first call for krb5int_locate_server(), then the following code will not be executed:
        if (!code) {
            /* Success with admin_server but now we need to change the
               port number to use DEFAULT_KPASSWD_PORT and the socktype.  */
            int i;
            for (i=0; i<addrlist->naddrs; i++) {
                struct addrinfo *a = addrlist->addrs[i].ai;
                if (a->ai_family == AF_INET)
                    sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
                if (sockType != SOCK_STREAM)
                    a->ai_socktype = sockType;
            }
        }

As a result MS Kpasswd request will be wrongly sent to 88 port. Default port for kadmin/chpasswd is 464.


The following patch will fix issue:
==== //xxxxx/krb5/build/src/lib/krb5/os/changepw.c#4 - /yyyyy/krb5/build/src/lib/krb5/os/changepw.c ====
@@ -70,6 +70,7 @@
        code = krb5int_locate_server (context, realm, addrlist,
                                      locate_service_kadmin, SOCK_STREAM,
                                      AF_INET);
+    }
        if (!code) {
            /* Success with admin_server but now we need to change the
               port number to use DEFAULT_KPASSWD_PORT and the socktype.  */
@@ -82,7 +83,7 @@
                    a->ai_socktype = sockType;
            }
        }
-    }
+
     return (code);
 }


Thanks,
Roman