From b17783@pembroke.ctd.anl.gov Thu Nov 20 14:29:19 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA07895 for <bugs@RT-11.MIT.EDU>; Thu, 20 Nov 1997 14:29:19 -0500
Received: from [146.137.64.73] by MIT.EDU with SMTP
id AA03687; Thu, 20 Nov 97 14:27:43 EST
Received: (from b17783@localhost) by pembroke.ctd.anl.gov (AIX4.2/UCB 8.7/8.7) id NAA33098; Thu, 20 Nov 1997 13:27:21 -0600 (CST)
Message-Id: <199711201927.NAA33098@pembroke.ctd.anl.gov>
Date: Thu, 20 Nov 1997 13:27:21 -0600 (CST)
From: Doug Engert <DEEngert@anl.gov>
To: krb5-bugs@MIT.EDU
Subject: krlogind fails with 1.0.3
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
System: AIX pembroke 2 4 000300234600
The parameters to rd_and_store_for_creds in forward.c were changed
but the call in krlogind.c was not. This caused the lusername
to be treated as the cache.
Also chown code was moved, but krlogind does not have this
code either.
Parameters and chown code need to be corrected. Add
chown to krlogind.
At one time the forward.c module with telnet was identical
to the bsd version, and comments implied it would be moved
to lil/krb5. Consider doing this, and adding
rd_and_store_for_creds in krb5.h
Look at the rd_and_store_for_creds in
lib/gssapi/krb5/accept_sec_context.c
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
From: Doug Engert <DEEngert@anl.gov>
To: Doug Engert <DEEngert@anl.gov>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/502: krlogind fails with 1.0.3
Date: Thu, 20 Nov 1997 15:49:19 -0600 (CST)
Here is a possible solution to the krb5-appl/502 problem with
krlogind.c. The numbers may not match, as I have some extra mods in
here too.
*** ,krlogind.c Thu Nov 20 08:33:34 1997
--- krlogind.c Thu Nov 20 14:07:18 1997
***************
*** 1398,1403 ****
--- 1423,1429 ----
char v4_version[9];
krb5_authenticator *authenticator;
krb5_rcache rcache;
+ struct passwd *pwd;
*valid_checksum = 0;
len = sizeof(laddr);
***************
*** 1559,1568 ****
if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)))
fatal(netf, "Error reading message");
! if ((inbuf.length) && /* Forwarding being done, read creds */
! (status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
! ticket, lusername, &ccache))) {
! fatal(netf, "Can't get forwarded credentials");
}
return 0;
}
--- 1585,1607 ----
if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)))
fatal(netf, "Error reading message");
! if (inbuf.length) { /* Forwarding being done, read creds */
!
! pwd = getpwnam(lusername);
! if (!pwd) {
! fatal(netf, "Login incorrect.");
! }
! if (status = rd_and_store_for_creds(bsd_context, auth_context,
! &inbuf, ticket, &ccache)) {
! fatal(netf, "Can't get forwarded credentials");
! }
! if (chown(krb5_cc_get_name(bsd_context, ccache),
! pwd->pw_uid, pwd->pw_gid) == -1) {
! fatal(netf, "Can't chown forwarded credentials");
! }
}
return 0;
}
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Jan 27 00:19:28 1998
State-Changed-Why:
Fixed in 1.0.4
Changes in forward.c cause krlogind.c to fail.
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA07895 for <bugs@RT-11.MIT.EDU>; Thu, 20 Nov 1997 14:29:19 -0500
Received: from [146.137.64.73] by MIT.EDU with SMTP
id AA03687; Thu, 20 Nov 97 14:27:43 EST
Received: (from b17783@localhost) by pembroke.ctd.anl.gov (AIX4.2/UCB 8.7/8.7) id NAA33098; Thu, 20 Nov 1997 13:27:21 -0600 (CST)
Message-Id: <199711201927.NAA33098@pembroke.ctd.anl.gov>
Date: Thu, 20 Nov 1997 13:27:21 -0600 (CST)
From: Doug Engert <DEEngert@anl.gov>
To: krb5-bugs@MIT.EDU
Subject: krlogind fails with 1.0.3
Show quoted text
>Number: 502
>Category: krb5-appl
>Synopsis: krlogind fails with 1.0.3
>Confidential: yes
>Severity: critical
>Priority: high
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 20 14:30:00 EST 1997
>Last-Modified: Tue Jan 27 00:19:47 EST 1998
>Originator: Douglas Engert
>Organization:
>Category: krb5-appl
>Synopsis: krlogind fails with 1.0.3
>Confidential: yes
>Severity: critical
>Priority: high
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 20 14:30:00 EST 1997
>Last-Modified: Tue Jan 27 00:19:47 EST 1998
>Originator: Douglas Engert
>Organization:
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Show quoted text
>Release: krb5-1.0.3
>Environment:
<machine, os, target, libraries (multiple lines)>>Environment:
System: AIX pembroke 2 4 000300234600
Show quoted text
>Description:
<precise description of the problem (multiple lines)>The parameters to rd_and_store_for_creds in forward.c were changed
but the call in krlogind.c was not. This caused the lusername
to be treated as the cache.
Also chown code was moved, but krlogind does not have this
code either.
Show quoted text
>How-To-Repeat:
Show quoted text
>Fix:
Parameters and chown code need to be corrected. Add
chown to krlogind.
At one time the forward.c module with telnet was identical
to the bsd version, and comments implied it would be moved
to lil/krb5. Consider doing this, and adding
rd_and_store_for_creds in krb5.h
Look at the rd_and_store_for_creds in
lib/gssapi/krb5/accept_sec_context.c
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Show quoted text
>Audit-Trail:
From: Doug Engert <DEEngert@anl.gov>
To: Doug Engert <DEEngert@anl.gov>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/502: krlogind fails with 1.0.3
Date: Thu, 20 Nov 1997 15:49:19 -0600 (CST)
Here is a possible solution to the krb5-appl/502 problem with
krlogind.c. The numbers may not match, as I have some extra mods in
here too.
*** ,krlogind.c Thu Nov 20 08:33:34 1997
--- krlogind.c Thu Nov 20 14:07:18 1997
***************
*** 1398,1403 ****
--- 1423,1429 ----
char v4_version[9];
krb5_authenticator *authenticator;
krb5_rcache rcache;
+ struct passwd *pwd;
*valid_checksum = 0;
len = sizeof(laddr);
***************
*** 1559,1568 ****
if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)))
fatal(netf, "Error reading message");
! if ((inbuf.length) && /* Forwarding being done, read creds */
! (status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
! ticket, lusername, &ccache))) {
! fatal(netf, "Can't get forwarded credentials");
}
return 0;
}
--- 1585,1607 ----
if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)))
fatal(netf, "Error reading message");
! if (inbuf.length) { /* Forwarding being done, read creds */
!
! pwd = getpwnam(lusername);
! if (!pwd) {
! fatal(netf, "Login incorrect.");
! }
! if (status = rd_and_store_for_creds(bsd_context, auth_context,
! &inbuf, ticket, &ccache)) {
! fatal(netf, "Can't get forwarded credentials");
! }
! if (chown(krb5_cc_get_name(bsd_context, ccache),
! pwd->pw_uid, pwd->pw_gid) == -1) {
! fatal(netf, "Can't chown forwarded credentials");
! }
}
return 0;
}
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Jan 27 00:19:28 1998
State-Changed-Why:
Fixed in 1.0.4
Show quoted text
>Unformatted:
X-send-pr-version: 3.99Changes in forward.c cause krlogind.c to fail.