Skip Menu |
 

Download (untitled) / with headers
text/plain 7.3KiB
From kenh@cmf.nrl.navy.mil Thu Nov 14 12:42:01 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA10186 for <bugs@RT-11.MIT.EDU>; Thu, 14 Nov 1996 12:42:00 -0500
Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP
id AA01562; Thu, 14 Nov 96 12:41:59 EST
Received: from elvis.cmf.nrl.navy.mil (kenh@elvis.cmf.nrl.navy.mil [134.207.10.38]) by ginger.cmf.nrl.navy.mil (8.7.5/8.7.3) with ESMTP id MAA00250 for <krb5-bugs@mit.edu>; Thu, 14 Nov 1996 12:42:00 -0500 (EST)
Received: (kenh@localhost) by elvis.cmf.nrl.navy.mil (8.6.12/8.6.11) id MAA10837; Thu, 14 Nov 1996 12:41:53 -0500
Message-Id: <199611141741.MAA10837@elvis.cmf.nrl.navy.mil>
Date: Thu, 14 Nov 1996 12:41:53 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: AFS token destroying code in login.c doesn't work
X-Send-Pr-Version: 3.2

Show quoted text
>Number: 190
>Category: krb5-appl
>Synopsis: AFS token destroying code in login.c doesn't work
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: epeisach
>State: analyzed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 14 12:43:01 EST 1996
>Last-Modified: Sun Jan 26 22:28:00 EST 1997
>Originator: Ken Hornstein
>Organization:
Naval Research Lab
Show quoted text
>Release: beta-7
>Environment:

System: SunOS elvis 4.1.3_U1 13 sun4m
Architecture: sun4

Show quoted text
>Description:

The code that destroys AFS tokens upon logout doesn't work. I'm not sure
how it was ever supposed to work, since it never actually calls
ktc_ForgetAllTokens().
Show quoted text
>How-To-Repeat:
Login using login.krb5, do

(sleep 30; tokens) > /tmp/tokentest &

Logout, and observe that tokens still exist for that pag.


Show quoted text
>Fix:
I don't have fix right now, but I wanted people to be aware of this. It
might be easier to comment out the code so people wouldn't think that it
actually works.

Show quoted text
>Audit-Trail:

State-Changed-From-To: open-feedback
State-Changed-By: tytso
State-Changed-When: Fri Nov 15 17:49:33 1996
State-Changed-Why:


From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: kenh@cmf.nrl.navy.mil
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/190: AFS token destroying code in login.c doesn't work
Date: Fri, 15 Nov 1996 17:51:04 -0500

From kenh@cmf.nrl.navy.mil Thu Nov 14 12:42:01 1996
Date: Thu, 14 Nov 1996 12:41:53 -0500

The code that destroys AFS tokens upon logout doesn't work. I'm not sure
how it was ever supposed to work, since it never actually calls
ktc_ForgetAllTokens().

Did you actually #define SETPAG when you compiled login.c? The code to
call ktc_ForgetAllTokens() is there, in afs_cleanup(), but you have to
define SETPAG before it will work. (try_unlog is #defined to be
try_afscall(ktc_ForgetAllTokens)).

- Ted

From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/190: AFS token destroying code in login.c doesn't work
Date: Fri, 15 Nov 1996 17:56:52 -0500

Show quoted text
>Did you actually #define SETPAG when you compiled login.c? The code to
>call ktc_ForgetAllTokens() is there, in afs_cleanup(), but you have to
>define SETPAG before it will work. (try_unlog is #defined to be
>try_afscall(ktc_ForgetAllTokens)).

SETPAG is defined if you use --with-afs, which I did.

Please look at try_afscall more closely ... you'll see that it doesn't
take an argument. So even if you do try_afscall(ktc_ForgetAllTokens),
ktc_ForgetAllTokens never actually gets called. It always calls setpag().
This code could have never worked, ever.

(I did triple-check this, honest :-) ).

--Ken

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/190: AFS token destroying code in login.c doesn't work
Date: Fri, 15 Nov 1996 18:43:57 -0500

So it does... yes, that's quite bad, isn't it? Thanks for pointing this
out!!

- Ted

From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/190: AFS token destroying code in login.c doesn't work
Date: Fri, 15 Nov 1996 18:53:29 -0500

Show quoted text
>So it does... yes, that's quite bad, isn't it? Thanks for pointing this
>out!!

It all of a sudden occurs to me that if this code _does_ get fixed, please
make it possible to turn this behavior off, because there are some cases
where you don't want it to do that. For example, on machines that use
the AFS-NFS translator, there are no PAGs, and as a result if you clear
one login session's tokens, you clear them all.

(In one sense, I'm glad this is broken right now :-) ).

--Ken

Responsible-Changed-From-To: krb5-unassigned->epeisach
Responsible-Changed-By: tlyu
Responsible-Changed-When: Wed Nov 20 13:41:26 1996
Responsible-Changed-Why:
Ezra said he would deal.

State-Changed-From-To: feedback-analyzed
State-Changed-By: tlyu
State-Changed-When: Sat Jan 25 22:04:44 1997
State-Changed-Why:

I haven't seen any actual indications that a fix is happening yet.
Ezra?


From: Ezra Peisach <epeisach@MIT.EDU>
To: Tom Yu <tlyu@MIT.EDU>
Cc: kenh@cmf.nrl.navy.mil
Subject: Re: krb5-appl/190: AFS token destroying code in login.c doesn't work
Date: Sun, 26 Jan 1997 12:35:46 EST

The problem as indicated in the more recent bug report is that the parent
process does not know that the child process actually created a new PAG.
I had an obvious fix by moving the dofork later in the code - but then there is
the question about tty handling and Sam was not 100% sure at that late
date before release if it would all work... So we fixed the cosmetic bug,
knowing that it was not right yet - amnd I never got back to it...
(Outside proposition suddenly killed December for me).

Ezra

From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: Ezra Peisach <epeisach@MIT.EDU>
Cc: Tom Yu <tlyu@MIT.EDU>
Subject: Re: krb5-appl/190: AFS token destroying code in login.c doesn't work
Date: Sun, 26 Jan 1997 14:06:52 -0500

Show quoted text
>The problem as indicated in the more recent bug report is that the parent
>process does not know that the child process actually created a new PAG.
>I had an obvious fix by moving the dofork later in the code - but then there
>is the question about tty handling and Sam was not 100% sure at that late
>date before release if it would all work... So we fixed the cosmetic bug,
>knowing that it was not right yet - amnd I never got back to it...

Okay, no problem ... didn't know that had happened.

IMHO, I think allocating the PAG before you fork, then running aklog after
you fork, would be the right thing to do.

--Ken
Show quoted text
>Unformatted:
Well, there are two problems in the code. I have fixed try_afscall() so
that it will work as intended. Note however that this does not fix the
problem yet of destroying tokens. Why? Because login.krb5 will fork if
it needs to destroy tickets/tokens (after the child returns from the
login shell) - a variable is set in the child process indicating that a
setpag is done (and works) but the parent process never finds this
out. Therefore the parent process will never do the unlog call.

A potential fix which works for OSF/1 is to move the dofork call way
down to before the exec of the child process shell, but I have some
serious questions regarding the while process group setup. For this
reason, this change was not made to source tree until it could be
examined and tested in more detail.

Ezra
Download (untitled) / with headers
text/plain 2.2KiB
From kenh@cmf.nrl.navy.mil Fri Jan 24 01:36:25 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id BAA11308 for <bugs@RT-11.MIT.EDU>; Fri, 24 Jan 1997 01:36:24 -0500
Received: from [134.207.10.161] by MIT.EDU with SMTP
id AA22525; Fri, 24 Jan 97 01:36:23 EST
Received: from nexus.cmf.nrl.navy.mil (kenh@nexus.cmf.nrl.navy.mil [134.207.10.9]) by ginger.cmf.nrl.navy.mil (8.7.5/8.7.3) with ESMTP id BAA10462 for <krb5-bugs@mit.edu>; Fri, 24 Jan 1997 01:36:17 -0500 (EST)
Received: (kenh@localhost) by nexus.cmf.nrl.navy.mil (8.7.5/8.6.11) id BAA04990; Fri, 24 Jan 1997 01:36:20 -0500 (EST)
Message-Id: <199701240636.BAA04990@nexus.cmf.nrl.navy.mil>
Date: Fri, 24 Jan 1997 01:36:20 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: Login still doesn't destroy AFS tokens
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 350
>Category: krb5-appl
>Synopsis: Ticket destroying code in login.krb5 doesn't work
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Jan 24 01:37:00 EST 1997
>Last-Modified:
>Originator: Ken Hornstein
>Organization:
Navel Research Lab

Show quoted text
>Release: 1.0
>Environment:

System: SunOS nexus 4.1.4 2 sun4m
Architecture: sun4

Show quoted text
>Description:

The code in login.krb5 to destroy AFS tokens was re-organized to make
it actually work. However, it still doesn't (it _almost_ works :-) ).

What happens is that afs_login is called after the login process has
already forked. This causes two things to happen:

1) Only the child process is in the PAG (ie - the parent isn't, and can't
access the token).
2) The pagflag variable only gets set in the child, so the parent doesn't
even _try_ to destroy the token.
Show quoted text
>How-To-Repeat:

Use kdump to display the AFS token list and observe that tokens aren't getting
destroyed.
Show quoted text
>Fix:

I'd send a context diff, but I've made a bazillion changes to login and
I can't easily separate those changes out. The gist is, however, make sure
you call setpag before you fork (I created a separate afs_setpag function).
Show quoted text
>Audit-Trail:
>Unformatted:
To: rt-comment@krbdev.mit.edu
Subject: [krbdev.mit.edu #190] still a bug
Date: Thu, 30 Jan 2003 15:51:29 -0500 (EST)
From: hartmans@mit.edu (Sam Hartman)
RT-Send-Cc:

This still looks broken and Ezra's comments still seem to apply.