From epeisach@MIT.EDU Thu Dec 19 16:23:41 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA05659 for <bugs@RT-11.MIT.EDU>; Thu, 19 Dec 1996 16:23:41 -0500
Received: from KANGAROO.MIT.EDU by MIT.EDU with SMTP
id AA29485; Thu, 19 Dec 96 16:23:40 EST
Received: by kangaroo.mit.edu; (5.65/1.1.8.2/08Mar96-0212PM)
id AA01609; Thu, 19 Dec 1996 16:23:40 -0500
Message-Id: <9612192123.AA01609@kangaroo.mit.edu>
Date: Thu, 19 Dec 1996 16:23:40 -0500
From: epeisach@MIT.EDU
Reply-To: epeisach@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: preauth is broken
X-Send-Pr-Version: 3.99
Machine: alpha
attempt to get tickets from the server results in a core dump of the
kdc.
kinit principal
The klist man page needs to document the A and H flags.
cvs diff: Diffing .
Index: kdc_preauth.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/kdc/kdc_preauth.c,v
retrieving revision 5.11
diff -c -r5.11 kdc_preauth.c
*** kdc_preauth.c 1996/11/23 22:37:33 5.11
--- kdc_preauth.c 1996/12/16 09:55:35
***************
*** 637,643 ****
{
char *uname;
! int npr = 1, more;
krb5_db_entry assoc;
krb5_key_data *assoc_key;
krb5_principal newp;
--- 637,644 ----
{
char *uname;
! int npr = 1;
! krb5_boolean more;
krb5_db_entry assoc;
krb5_key_data *assoc_key;
krb5_principal newp;
***************
*** 663,669 ****
strlen(sam_ptr->name);
npr = 1;
retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more);
! if(!retval) {
sc.sam_type = sam_ptr->sam_type;
break;
}
--- 664,670 ----
strlen(sam_ptr->name);
npr = 1;
retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more);
! if(!retval && npr) {
sc.sam_type = sam_ptr->sam_type;
break;
}
***************
*** 697,702 ****
--- 698,707 ----
}
/* now we can use encrypting_key... */
}
+ } else {
+ /* SAM is not an option - so don't return as hint */
+ retval = KRB5_PREAUTH_BAD_TYPE;
+ goto cleanup;
}
krb5_princ_component(kdc_context,newp,probeslot)->data = 0;
Responsible-Changed-By: epeisach
Responsible-Changed-When: Thu Dec 19 16:46:54 EST 1996
Responsible-Changed-Why:
I am working on fixes to this.
State-Changed-From-To: open-closed
State-Changed-By: epeisach
State-Changed-When: Wed Jan 1 23:11:34 1997
State-Changed-Why:
I have checked in my fix. I think we need a way of turning off v4
requests but that will be a separate pr.
Changelog: 5.111
kdc_preauth.c: 5.12
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA05659 for <bugs@RT-11.MIT.EDU>; Thu, 19 Dec 1996 16:23:41 -0500
Received: from KANGAROO.MIT.EDU by MIT.EDU with SMTP
id AA29485; Thu, 19 Dec 96 16:23:40 EST
Received: by kangaroo.mit.edu; (5.65/1.1.8.2/08Mar96-0212PM)
id AA01609; Thu, 19 Dec 1996 16:23:40 -0500
Message-Id: <9612192123.AA01609@kangaroo.mit.edu>
Date: Thu, 19 Dec 1996 16:23:40 -0500
From: epeisach@MIT.EDU
Reply-To: epeisach@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: preauth is broken
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 310
>Category: krb5-kdc
>Synopsis: preauth is broken
>Confidential: yes
>Severity: critical
>Priority: high
>Responsible: epeisach
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Dec 19 16:24:00 EST 1996
>Last-Modified: Wed Jan 01 23:12:20 EST 1997
>Originator: Ezra Peisach
>Organization:
mit>Category: krb5-kdc
>Synopsis: preauth is broken
>Confidential: yes
>Severity: critical
>Priority: high
>Responsible: epeisach
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Dec 19 16:24:00 EST 1996
>Last-Modified: Wed Jan 01 23:12:20 EST 1997
>Originator: Ezra Peisach
>Organization:
Show quoted text
>Release: 1.0-development
>Environment:
System: OSF1 kangaroo.mit.edu V3.2 214 alpha>Environment:
Machine: alpha
Show quoted text
>Description:
If one sets the preauth flag on a principal in the database,attempt to get tickets from the server results in a core dump of the
kdc.
Show quoted text
>How-To-Repeat:
kadmin.local: modprinc +preauth principalkinit principal
Show quoted text
>Fix:
This is on fix - but is not complete. The klist man page needs to document the A and H flags.
cvs diff: Diffing .
Index: kdc_preauth.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/kdc/kdc_preauth.c,v
retrieving revision 5.11
diff -c -r5.11 kdc_preauth.c
*** kdc_preauth.c 1996/11/23 22:37:33 5.11
--- kdc_preauth.c 1996/12/16 09:55:35
***************
*** 637,643 ****
{
char *uname;
! int npr = 1, more;
krb5_db_entry assoc;
krb5_key_data *assoc_key;
krb5_principal newp;
--- 637,644 ----
{
char *uname;
! int npr = 1;
! krb5_boolean more;
krb5_db_entry assoc;
krb5_key_data *assoc_key;
krb5_principal newp;
***************
*** 663,669 ****
strlen(sam_ptr->name);
npr = 1;
retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more);
! if(!retval) {
sc.sam_type = sam_ptr->sam_type;
break;
}
--- 664,670 ----
strlen(sam_ptr->name);
npr = 1;
retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more);
! if(!retval && npr) {
sc.sam_type = sam_ptr->sam_type;
break;
}
***************
*** 697,702 ****
--- 698,707 ----
}
/* now we can use encrypting_key... */
}
+ } else {
+ /* SAM is not an option - so don't return as hint */
+ retval = KRB5_PREAUTH_BAD_TYPE;
+ goto cleanup;
}
krb5_princ_component(kdc_context,newp,probeslot)->data = 0;
Show quoted text
>Audit-Trail:
Responsible-Changed-From-To: krb5-unassigned->epeisach Responsible-Changed-By: epeisach
Responsible-Changed-When: Thu Dec 19 16:46:54 EST 1996
Responsible-Changed-Why:
I am working on fixes to this.
State-Changed-From-To: open-closed
State-Changed-By: epeisach
State-Changed-When: Wed Jan 1 23:11:34 1997
State-Changed-Why:
I have checked in my fix. I think we need a way of turning off v4
requests but that will be a separate pr.
Changelog: 5.111
kdc_preauth.c: 5.12
Show quoted text
>Unformatted: