Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id QAA29473; Mon, 25 Apr 2005 16:10:48 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j3PKAIh7025985 for ; Mon, 25 Apr 2005 16:10:18 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j3PDT8h7003289 for ; Mon, 25 Apr 2005 09:29:08 -0400 Received: from palrel10.hp.com (palrel10.hp.com [156.153.255.245]) j3PDT11K009415 for ; Mon, 25 Apr 2005 09:29:01 -0400 (EDT) Received: from iconsrv6.india.hp.com (iconsrv6.india.hp.com [15.42.227.74]) by palrel10.hp.com (Postfix) with ESMTP id 39872B9D; Mon, 25 Apr 2005 06:28:59 -0700 (PDT) Received: from [15.42.230.95] (nt23095.india.hp.com [15.42.230.95]) ESMTP id SAA16573; Mon, 25 Apr 2005 18:58:25 +0530 (IST) Message-Id: <426CF148.5070407@hp.com> Date: Mon, 25 Apr 2005 19:01:52 +0530 From: "RAGHAVENDRA, RAMYA (HP-ISO)" User-Agent: Mozilla Thunderbird 0.8 (X11/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: krb5-bugs@mit.edu Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -4.9 X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 X-Mailman-Approved-At: Mon, 25 Apr 2005 13:58:28 -0400 Subject: Bug report: Kinit has no suport for addresses in credentials. Kinit -a is not enabled. X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: iso-8859-1 Content-Length: 2533 Hello, I would like to report a bug in the Kerberos V5 Release 1.4.1. The description and the proposed fix is as follows: Defect: Kinit has no support for addresses in the credentials Description: The -a option is not enabled for kinit. File: /krb5-1.4.1/src/clients/kinit/kinit.c line: 284 while ((i = GETOPT(argc, argv, "r:fpFP54AVl:s:c:kt:RS:v")) does not specify option "a" for tickets with addresses. Proposed fix: Introduce -a option in GETOPT Line 284 in kinit.c has to be changed to while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:v")) However, just making this change will cause a core dump at line 764 if (opts->addresses) { krb5_address **addresses = NULL; code = krb5_os_localaddr(k5->ctx, &addresses); if (code != 0) { com_err(progname, code, "getting local addresses"); goto cleanup; } krb5_get_init_creds_opt_set_address_list(&options, addresses); } when the local copy of addresses in referenced. To fix this, the change to be made is : if (opts->addresses) { code = krb5_os_localaddr(k5->ctx, &addresses); if (code != 0) { com_err(progname, code, "getting local addresses"); goto cleanup; } krb5_get_init_creds_opt_set_address_list(&options, addresses); } The declaration and initialization for addresses is moved out of the block Line 738: Current implementation: krb5_error_code code = 0; krb5_get_init_creds_opt options; if (!got_k5) return 0; Proposed fix: krb5_error_code code = 0; krb5_get_init_creds_opt options; > krb5_address **addresses = NULL; if (!got_k5) return 0; Finally, the addresses structure needs to be freed during cleanup. The folowing 2 lines are to be added to current implementation of kinit.c Line862: cleanup: > if(addresses) > krb5_free_addresses(k5->ctx, addresses); Please consider incorporating the above fix in the future release of Kerberos V5. Yuo can get back to be in case of further clarifications. Thanks, Ramya -- *********************************************************************** Ramya Raghavendra SNSL-i, Internet Security and Enterprise Computing HP-ISO ramya.raghavendra@hp.com Ph: 2205 2882