Skip Menu |
 

Date: Mon, 25 Apr 2005 19:01:52 +0530
From: "RAGHAVENDRA, RAMYA (HP-ISO)" <ramya.raghavendra@hp.com>
To: krb5-bugs@mit.edu
Subject: Bug report: Kinit has no suport for addresses in credentials. Kinit -a is not enabled.
Download (untitled) / with headers
text/plain 2.4KiB
Hello,

I would like to report a bug in the Kerberos V5 Release 1.4.1.
The description and the proposed fix is as follows:

Defect: Kinit has no support for addresses in the credentials
Description: The -a option is not enabled for kinit.
File: /krb5-1.4.1/src/clients/kinit/kinit.c line: 284
while ((i = GETOPT(argc, argv, "r:fpFP54AVl:s:c:kt:RS:v"))
does not specify option "a" for tickets with addresses.

Proposed fix:
Introduce -a option in GETOPT
Line 284 in kinit.c has to be changed to
while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:v"))

However, just making this change will cause a core dump at line 764

if (opts->addresses)
{
krb5_address **addresses = NULL;
code = krb5_os_localaddr(k5->ctx, &addresses);
if (code != 0) {
com_err(progname, code, "getting local addresses");
goto cleanup;
}
krb5_get_init_creds_opt_set_address_list(&options, addresses);
}
when the local copy of addresses in referenced.
To fix this, the change to be made is :
if (opts->addresses)
{
code = krb5_os_localaddr(k5->ctx, &addresses);
if (code != 0) {
com_err(progname, code, "getting local addresses");
goto cleanup;
}
krb5_get_init_creds_opt_set_address_list(&options, addresses);
}

The declaration and initialization for addresses is moved out of the block
Line 738:
Current implementation:
krb5_error_code code = 0;
krb5_get_init_creds_opt options;


if (!got_k5)
return 0;

Proposed fix:
krb5_error_code code = 0;
krb5_get_init_creds_opt options;
Show quoted text
> krb5_address **addresses = NULL;

if (!got_k5)
return 0;


Finally, the addresses structure needs to be freed during cleanup. The
folowing 2 lines are to be added
to current implementation of kinit.c

Line862:
cleanup:
Show quoted text
> if(addresses)
> krb5_free_addresses(k5->ctx, addresses);


Please consider incorporating the above fix in the future release of
Kerberos V5. Yuo can get back to be in case of further clarifications.

Thanks,
Ramya

--


***********************************************************************
Ramya Raghavendra
SNSL-i, Internet Security and Enterprise Computing
HP-ISO
ramya.raghavendra@hp.com
Ph: 2205 2882
Date: Fri, 29 Apr 2005 17:56:14 +0530
From: "RAGHAVENDRA, RAMYA (HP-ISO)" <ramya.raghavendra@hp.com>
To: krb5-bugs@mit.edu
Subject: krbdev.mit.edu #3030
Download (untitled) / with headers
text/plain 1.3KiB
*** 359,366 ****
int use_k5 = 0;
int i;

! /* Added to support -a option*/
! while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:v"))
!= -1) {
switch (i) {
case 'V':
--- 281,287 ----
int use_k5 = 0;
int i;

! while ((i = GETOPT(argc, argv, "r:fpFP54AVl:s:c:kt:RS:v"))
!= -1) {
switch (i) {
case 'V':
***************
*** 816,822 ****
krb5_creds my_creds;
krb5_error_code code = 0;
krb5_get_init_creds_opt options;
- krb5_address **addresses = NULL;

if (!got_k5)
return 0;
--- 737,742 ----
***************
*** 843,848 ****
--- 763,769 ----
krb5_get_init_creds_opt_set_proxiable(&options, 0);
if (opts->addresses)
{
+ krb5_address **addresses = NULL;
code = krb5_os_localaddr(k5->ctx, &addresses);
if (code != 0) {
com_err(progname, code, "getting local addresses");
***************
*** 942,950 ****
notix = 0;

cleanup:
- if(addresses)
- krb5_free_addresses(k5->ctx, addresses);
-
if (my_creds.client == k5->me) {
my_creds.client = 0;
}
--- 860,865 ----

--


***********************************************************************
Ramya Raghavendra
SNSL-i, Internet Security and Enterprise Computing
HP-ISO
ramya.raghavendra@hp.com
Ph: 2205 2882
Some of the commentary in this bug doesn't make a lot of sense to me. I
don't get the parts about referencing the local addresses variable; a
simpler change works fine for me in practice.

Anyway, attached is a slightly more complete patch that doesn't move the
addresses variable and that adds documentation strings. I've tested
this patch and confirmed that it has the desired behavior.
Download kinit-a
application/octet-stream 1.5KiB

Message body not shown because it is not plain text.

From: Russ Allbery <rra@stanford.edu>
Subject: CVS Commit
Enable kinit -a to match the man page and add documentation.

Commit By: rra



Revision: 18125
Changed Files:
U trunk/src/clients/kinit/kinit.c