Skip Menu |
 

Download (untitled) / with headers
text/plain 3.9KiB
From bdr@cray.com Thu Dec 12 09:20:38 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id JAA20902 for <bugs@RT-11.MIT.EDU>; Thu, 12 Dec 1996 09:20:37 -0500
Received: from timbuk.cray.com by MIT.EDU with SMTP
id AA05067; Thu, 12 Dec 96 09:20:31 EST
Received: from ironwood.cray.com (root@ironwood-fddi.cray.com [128.162.21.36]) by timbuk.cray.com (8.8.4/CRI-gate-8-2.11) with SMTP id IAA26511 for <krb5-bugs@mit.edu>; Thu, 12 Dec 1996 08:20:20 -0600 (CST)
Received: from brain.cray.com (brain [128.162.150.157]) by ironwood.cray.com (8.6.12/CRI-ccm_serv-8-2.8) with ESMTP id IAA01946 for <krb5-bugs@mit.edu>; Thu, 12 Dec 1996 08:20:10 -0600
Received: by brain.cray.com (8.8.0/btd-b3)
id OAA24029; Thu, 12 Dec 1996 14:20:02 GMT
Message-Id: <199612121420.OAA24029@brain.cray.com>
Date: Thu, 12 Dec 1996 08:20:01 -0600 (CST)
From: Brian Reitz <bdr@cray.com>
To: krb5-bugs@MIT.EDU
Subject: beta-5 to post-beta-7 ticket forwarding broken

Show quoted text
>Number: 295
>Category: krb5-libs
>Synopsis: beta-5 to post-beta-7 ticket forwarding broken
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Dec 12 09:21:01 EST 1996
>Last-Modified: Tue Sep 18 18:09:32 EDT 2001
>Originator: Brian Reitz
>Organization:
------------------------------------------------------------------------------
Brian Reitz voice: (612) 683-5092
Cray Research (A Silicon Graphics Company) email: bdr@cray.com
655F Lone Oak Drive
Eagan, MN, 55121, USA
------------------------------------------------------------------------------
Show quoted text
>Release: beta-5, 1.0?
>Environment:
>Description:
When using the bsd login utils to forward tickets there is a backwards
compatibility issue with older (pre 5.6) clients attempting to talk to
5.6 or 5.7 servers.

The problem is that in 5.5 the fowarded ticket did not include a local
or a remote address in the cred ( the s_address and r_address fields in a
krb5_cred_enc_part structure). The 5.6 and 5.7 versions of the ticket
forwarding code do fill in these addrs.

The 5.6 or 5.7 krb5_rd_cred_basic() routine expects to have a s_address as
part of the encrypted message. The asn1 code can deal with the fact that
this addr is not filled in, but krb5_rd_cred_basic() can not and will SEGV
on a 6.2 IRIX box. I can only assume that it will not do anything good on
other platforms as well.

This is only an issue if you are trying to run 5.6 or later servers
(klogind for example) and wish to provide service to pre 5.6 clients
(a 5.5 klogin for example) and allow them to forward tickets.

Show quoted text
>How-To-Repeat:
>Fix:
The fix is to lib/krb5/krb/rd_cred.c and looks like this:

*** /build/bdr/krb5build/src/lib/krb5/krb/rd_cred.c Tue Nov 19 00:31:49 199
6
--- rd_cred.c Tue Dec 3 22:09:46 1996
***************
*** 106,112 ****
* an init_sec_context message, skip over this check.
*/
if (pkeyblock != NULL) {
! if (!krb5_address_compare(context, remote_addr, encpart.s_address)) {
retval = KRB5KRB_AP_ERR_BADADDR;
goto cleanup_cred;
}
--- 106,113 ----
* an init_sec_context message, skip over this check.
*/
if (pkeyblock != NULL) {
! if (remote_addr && encpart.s_address &&
! !krb5_address_compare(context, remote_addr, encpart.s_address)) {
retval = KRB5KRB_AP_ERR_BADADDR;
goto cleanup_cred;
}


Show quoted text
>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: tlyu
Responsible-Changed-When: Tue Feb 11 18:05:47 1997
Responsible-Changed-Why:

refiled; the patch looks sane, but I want some more comments first.

State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Sep 18 18:09:25 2001
State-Changed-Why:

Fixed long ago.

Show quoted text
>Unformatted: