From ghudson@MIT.EDU Sat Jun 14 15:51:40 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA05108 for <bugs@RT-11.MIT.EDU>; Sat, 14 Jun 1997 15:51:39 -0400
Received: from THE-LIGHT-FANTASTIC.MIT.EDU by MIT.EDU with SMTP
id AA00198; Sat, 14 Jun 97 15:50:41 EDT
Received: (from ghudson@localhost) by the-light-fantastic.MIT.EDU (8.6.12/8.6.12) id PAA06926; Sat, 14 Jun 1997 15:51:37 -0400
Message-Id: <199706141951.PAA06926@the-light-fantastic.MIT.EDU>
Date: Sat, 14 Jun 1997 15:51:37 -0400
From: Greg Hudson <ghudson@MIT.EDU>
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: login.c uses wrong criteria to set KRB_ENVIRON
X-Send-Pr-Version: 3.99
src/appl/bsd/login.c checks for "login_krb4_get_tickets &&
tkfile[0]". This is wrong because (a) KRBTKFILE should be set
if login_krb4_convert is true, even if login_krb4_get_tickets is
false, and (b) tkfile[0] is pretty much always true; it's not a
good indicator of whether we got tickets above.
The simple fix is to test for tkfile[0]. However, another problem
remains. If login is called with the -p option (which is the
normal behavior), then KRBTKFILE will remain set from when it was
set in k_init(). To fix that, I think you need to remember the
old value of KRBTKFILE and reset it if tickets are not acquired
don't acquire v4 tickets, and notice that KRBTKFILE is set.
Modify krlogind to invoke login without the -p option. rlogin
to a krb5 host with the modified krlogind and which has
login_krb4_convert true but not login_krb4_get_tickets. Forward
your v5 tickets. Notice that KRBTKFILE is not set.
rlogin to a krb5 host with the unmodified krlogind and which has
login_krb4_convert true but not login_krb4_get_tickets. Don't
forward your v5 tickets. Notice that KRBTKFILE is still set
even though it wasn't set up in the login environment (because
login_krb4_get_tickets is not true)
when the more complicated problem is fixed, so that I can apply
exactly the same patch to the Athena krb5 sources as you guys
use.
Index: login.c
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/login.c,v
retrieving revision 1.4
diff -c -r1.4 login.c
*** login.c 1997/04/01 00:26:05 1.4
--- login.c 1997/06/14 18:49:55
***************
*** 1852,1858 ****
(void)setenv("TERM", term, 0);
#ifdef KRB4_GET_TICKETS
/* tkfile[0] is only set if we got tickets above */
! if (login_krb4_get_tickets && tkfile[0])
(void) setenv(KRB_ENVIRON, tkfile, 1);
#endif /* KRB4_GET_TICKETS */
#ifdef KRB5_GET_TICKETS
--- 1852,1858 ----
(void)setenv("TERM", term, 0);
#ifdef KRB4_GET_TICKETS
/* tkfile[0] is only set if we got tickets above */
! if (got_v4_tickets)
(void) setenv(KRB_ENVIRON, tkfile, 1);
#endif /* KRB4_GET_TICKETS */
#ifdef KRB5_GET_TICKETS
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA05108 for <bugs@RT-11.MIT.EDU>; Sat, 14 Jun 1997 15:51:39 -0400
Received: from THE-LIGHT-FANTASTIC.MIT.EDU by MIT.EDU with SMTP
id AA00198; Sat, 14 Jun 97 15:50:41 EDT
Received: (from ghudson@localhost) by the-light-fantastic.MIT.EDU (8.6.12/8.6.12) id PAA06926; Sat, 14 Jun 1997 15:51:37 -0400
Message-Id: <199706141951.PAA06926@the-light-fantastic.MIT.EDU>
Date: Sat, 14 Jun 1997 15:51:37 -0400
From: Greg Hudson <ghudson@MIT.EDU>
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: login.c uses wrong criteria to set KRB_ENVIRON
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 438
>Category: krb5-appl
>Synopsis: login.c uses wrong criteria to set KRB_ENVIRON
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sat Jun 14 15:52:02 EDT 1997
>Last-Modified:
>Originator: Greg Hudson
>Organization:
MIT>Category: krb5-appl
>Synopsis: login.c uses wrong criteria to set KRB_ENVIRON
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sat Jun 14 15:52:02 EDT 1997
>Last-Modified:
>Originator: Greg Hudson
>Organization:
Show quoted text
>Release: 1.0
>Environment:
Solaris 2.5.1 (Athena 8.1), but not really system-dependent>Environment:
Show quoted text
>Description:
When deciding whether to set KRBTKFILE in the login environment,src/appl/bsd/login.c checks for "login_krb4_get_tickets &&
tkfile[0]". This is wrong because (a) KRBTKFILE should be set
if login_krb4_convert is true, even if login_krb4_get_tickets is
false, and (b) tkfile[0] is pretty much always true; it's not a
good indicator of whether we got tickets above.
The simple fix is to test for tkfile[0]. However, another problem
remains. If login is called with the -p option (which is the
normal behavior), then KRBTKFILE will remain set from when it was
set in k_init(). To fix that, I think you need to remember the
old value of KRBTKFILE and reset it if tickets are not acquired
Show quoted text
>How-To-Repeat:
rlogin to a krb5 host which has login_krb4_get_tickets set,don't acquire v4 tickets, and notice that KRBTKFILE is set.
Modify krlogind to invoke login without the -p option. rlogin
to a krb5 host with the modified krlogind and which has
login_krb4_convert true but not login_krb4_get_tickets. Forward
your v5 tickets. Notice that KRBTKFILE is not set.
rlogin to a krb5 host with the unmodified krlogind and which has
login_krb4_convert true but not login_krb4_get_tickets. Don't
forward your v5 tickets. Notice that KRBTKFILE is still set
even though it wasn't set up in the login environment (because
login_krb4_get_tickets is not true)
Show quoted text
>Fix:
Here is the fix for the simple problem. Please get back to mewhen the more complicated problem is fixed, so that I can apply
exactly the same patch to the Athena krb5 sources as you guys
use.
Index: login.c
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/login.c,v
retrieving revision 1.4
diff -c -r1.4 login.c
*** login.c 1997/04/01 00:26:05 1.4
--- login.c 1997/06/14 18:49:55
***************
*** 1852,1858 ****
(void)setenv("TERM", term, 0);
#ifdef KRB4_GET_TICKETS
/* tkfile[0] is only set if we got tickets above */
! if (login_krb4_get_tickets && tkfile[0])
(void) setenv(KRB_ENVIRON, tkfile, 1);
#endif /* KRB4_GET_TICKETS */
#ifdef KRB5_GET_TICKETS
--- 1852,1858 ----
(void)setenv("TERM", term, 0);
#ifdef KRB4_GET_TICKETS
/* tkfile[0] is only set if we got tickets above */
! if (got_v4_tickets)
(void) setenv(KRB_ENVIRON, tkfile, 1);
#endif /* KRB4_GET_TICKETS */
#ifdef KRB5_GET_TICKETS
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: