Skip Menu |
 

Download (untitled) / with headers
text/plain 3.2KiB
From ratliff@austin.ibm.com Thu Nov 1 17:19:53 2001
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id RAA28891
for <bugs@RT-11.mit.edu>; Thu, 1 Nov 2001 17:19:53 -0500 (EST)
Received: from mg01.austin.ibm.com (mg01.austin.ibm.com [192.35.232.18])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id RAA02182
for <krb5-bugs@mit.edu>; Thu, 1 Nov 2001 17:19:52 -0500 (EST)
Received: from austin.ibm.com (netmail.austin.ibm.com [9.3.7.137])
by mg01.austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id QAA08570
for <krb5-bugs@mit.edu>; Thu, 1 Nov 2001 16:20:55 -0600
Received: from spiff.austin.ibm.com (spiff.austin.ibm.com [9.53.216.123])
by austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id QAA28876
for <krb5-bugs@mit.edu>; Thu, 1 Nov 2001 16:19:47 -0600
Received: by spiff.austin.ibm.com (Postfix, from userid 501)
id 7F19582ADC; Thu, 1 Nov 2001 16:19:42 -0600 (CST)
Message-Id: <20011101221942.7F19582ADC@spiff.austin.ibm.com>
Date: Thu, 1 Nov 2001 16:19:42 -0600 (CST)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu, ratliff@austin.ibm.com
Subject: tuple check enforces presence of tuples
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 1008
>Category: krb5-libs
>Synopsis: tuple check enforces presence of tuples
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 1 17:20:00 EST 2001
>Last-Modified:
>Originator: Emily Ratliff & Bill Dodd
>Organization:
IBM Linux Technology Center, Security
Show quoted text
>Release: krb5-current-20011030
>Environment:

System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686

Show quoted text
>Description:
In src/lib/kadm5/srv/svr_principal.c the code enforces the presence
of tuples even though the tuples seem to be optional.

It seems that the tuples are optional based on the fact that there
are 2 client APIs, kadm5_setkey_principal and kadm5_setkey_principal_3.
kadm5_setkey_principal_3 takes tuple args and kadm5_setkey_principal
does not.

When they get to the server side, both cases are handled by the
server-side kadm5_setkey_principal_3. If kadm5_setkey_principal was
the client-side call, n_ks_tuple and ks_tuple are passed in to the
server-side kadm5_setkey_principal_3 with values of zero. So, if you
want the client-side call to kadm5_setkey_principal to work, the
server-side kadm5_setkey_principal_3 must handle the case where no
tuple info is supplied (n_ks_tuple is zero and ks_tuple is NULL).

This patch checks whether tuples have been supplied in addition
to the check that makes sure that the correct number of tuples have
been supplied.
Show quoted text
>How-To-Repeat:

Show quoted text
>Fix:

diff -ur src.orig/lib/kadm5/srv/svr_principal.c src/lib/kadm5/srv/svr_principal.c
--- src.orig/lib/kadm5/srv/svr_principal.c Tue Oct 30 14:53:14 2001
+++ src/lib/kadm5/srv/svr_principal.c Tue Oct 30 15:02:00 2001
@@ -1546,7 +1546,7 @@
}
}

- if (n_ks_tuple != n_keys)
+ if (n_ks_tuple && (n_ks_tuple != n_keys))
return KADM5_SETKEY3_ETYPE_MISMATCH;

if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
Show quoted text
>Audit-Trail:
>Unformatted:
From: tlyu@mit.edu
Subject: CVS Commit
Thanks, patch applied.

* svr_principal.c (kadm5_setkey_principal_3): Apply patch from
Emily Ratliff to allow n_ks_tuple to be zero, which is the case if
being called from kadmind answering a client's setkey_principal
request.


To generate a diff of this commit:



cvs diff -r1.71 -r1.72 krb5/src/lib/kadm5/srv/ChangeLog
cvs diff -r1.25 -r1.26 krb5/src/lib/kadm5/srv/svr_principal.c
From: tlyu@mit.edu
Subject: CVS Commit
pull up from trunk


To generate a diff of this commit:



cvs diff -r1.46.2.1.2.4 -r1.46.2.1.2.5
krb5/src/lib/kadm5/srv/ChangeLog
cvs diff -r1.19.4.2 -r1.19.4.3
krb5/src/lib/kadm5/srv/svr_principal.c