From krb5-bugs-incoming-bounces@PCH.MIT.EDU Mon Aug 20 17:02:03 2007
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
id l7KL23HW025149; Mon, 20 Aug 2007 17:02:03 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l7KL1wlw031447;
Mon, 20 Aug 2007 17:01:58 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l7KJNtlu019395
for <krb5-bugs-incoming@PCH.mit.edu>; Mon, 20 Aug 2007 15:23:55 -0400
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
l7KJNr32004806
for <krb5-bugs@mit.edu>; Mon, 20 Aug 2007 15:23:53 -0400 (EDT)
Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36])
by mit.edu (Spam Firewall) with ESMTP id 34D857A5682
for <krb5-bugs@mit.edu>; Mon, 20 Aug 2007 14:03:13 -0400 (EDT)
Received: from mdw by spam.ifs.umich.edu with local (Exim 4.63)
(envelope-from <mdw@umich.edu>)
id 1INBX6-0002w3-Gq; Mon, 20 Aug 2007 13:59:20 -0400
To: krb5-bugs@mit.edu
Subject: bug in kadmin listprincs
From: mdw@umich.edu
X-send-pr-version: 3.99
Message-Id: <E1INBX6-0002w3-Gq@spam.ifs.umich.edu>
Date: Mon, 20 Aug 2007 13:59:20 -0400
X-Spam-Score: 0.55
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Mon, 20 Aug 2007 17:01:45 -0400
Cc: kwc@umich.edu, vpliakas@umich.edu, mdw@umich.edu
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: mdw@umich.edu
Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU
System: Linux lose-the-lion.ifs.umich.edu 2.4.26-generic #1 SMP Sat Jun 19 04:03:39 EDT 2004 i686 unknown unknown GNU/Linux
Architecture: i686
listprincs *z
causes the routine "glob_to_regexp()" in lib/kadm5/srv/svr_iters.c
to be called which converts the given glob expression into a
regular expression. If no realm is specified, then this logic
tacks on "@*", resulting in "^.*z@*$". This results in matching
z followed by 0 or more @ signs at the end of the principal name.
Unless the local realm name happens to end in z, this likely
won't match anything.
a lower-case 'z' in the realm name. Add one or more principals
that contain 'z' in the principal name.
Now,
listprincs *z@*
will list those principals, but
listprincs *z
will fail to find them.
the realm, and do not end in *, finish out the regular expression with @*.
Compile-time fix, apply the patch in
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.2-rlmre1.patch
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
id l7KL23HW025149; Mon, 20 Aug 2007 17:02:03 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l7KL1wlw031447;
Mon, 20 Aug 2007 17:01:58 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l7KJNtlu019395
for <krb5-bugs-incoming@PCH.mit.edu>; Mon, 20 Aug 2007 15:23:55 -0400
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
l7KJNr32004806
for <krb5-bugs@mit.edu>; Mon, 20 Aug 2007 15:23:53 -0400 (EDT)
Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36])
by mit.edu (Spam Firewall) with ESMTP id 34D857A5682
for <krb5-bugs@mit.edu>; Mon, 20 Aug 2007 14:03:13 -0400 (EDT)
Received: from mdw by spam.ifs.umich.edu with local (Exim 4.63)
(envelope-from <mdw@umich.edu>)
id 1INBX6-0002w3-Gq; Mon, 20 Aug 2007 13:59:20 -0400
To: krb5-bugs@mit.edu
Subject: bug in kadmin listprincs
From: mdw@umich.edu
X-send-pr-version: 3.99
Message-Id: <E1INBX6-0002w3-Gq@spam.ifs.umich.edu>
Date: Mon, 20 Aug 2007 13:59:20 -0400
X-Spam-Score: 0.55
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Mon, 20 Aug 2007 17:01:45 -0400
Cc: kwc@umich.edu, vpliakas@umich.edu, mdw@umich.edu
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: mdw@umich.edu
Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Show quoted text
>Submitter-Id: net
>Originator: mdw@umich.edu
>Organization:
University of Michigan>Originator: mdw@umich.edu
>Organization:
Show quoted text
>Confidential: no
>Synopsis: listprincs *z is broken
>Severity: non-critical
>Priority: low
>Category: krb5-admin
>Class: sw-bug
>Release: 1.6.2
>Environment:
dell gx1p running umce linux, krb5 1.6.2+patches>Synopsis: listprincs *z is broken
>Severity: non-critical
>Priority: low
>Category: krb5-admin
>Class: sw-bug
>Release: 1.6.2
>Environment:
System: Linux lose-the-lion.ifs.umich.edu 2.4.26-generic #1 SMP Sat Jun 19 04:03:39 EDT 2004 i686 unknown unknown GNU/Linux
Architecture: i686
Show quoted text
>Description:
The commandlistprincs *z
causes the routine "glob_to_regexp()" in lib/kadm5/srv/svr_iters.c
to be called which converts the given glob expression into a
regular expression. If no realm is specified, then this logic
tacks on "@*", resulting in "^.*z@*$". This results in matching
z followed by 0 or more @ signs at the end of the principal name.
Unless the local realm name happens to end in z, this likely
won't match anything.
Show quoted text
>How-To-Repeat:
construct or use a kerberos database that does not containa lower-case 'z' in the realm name. Add one or more principals
that contain 'z' in the principal name.
Now,
listprincs *z@*
will list those principals, but
listprincs *z
will fail to find them.
Show quoted text
>Fix:
Run-time workaround, for listprinc patterns that don't already specifythe realm, and do not end in *, finish out the regular expression with @*.
Compile-time fix, apply the patch in
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.2-rlmre1.patch