Skip Menu |
 

Download (untitled) / with headers
text/plain 5.6KiB
From ghudson@MIT.EDU Mon Sep 28 10:58:27 1998
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id KAA05927 for <bugs@RT-11.MIT.EDU>; Mon, 28 Sep 1998 10:58:26 -0400
Received: from SMALL-GODS.MIT.EDU by MIT.EDU with SMTP
id AA19739; Mon, 28 Sep 98 10:58:24 EDT
Received: by small-gods.mit.edu (SMI-8.6/4.7) id KAA15367; Mon, 28 Sep 1998 10:58:24 -0400
Message-Id: <199809281458.KAA15367@small-gods.mit.edu>
Date: Mon, 28 Sep 1998 10:58:24 -0400
From: ghudson@MIT.EDU
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: krb4 encrypted rcp to local host
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 638
>Category: krb5-appl
>Synopsis: v4rcp does not set local and foreign port numbers
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Sep 28 10:59:00 EDT 1998
>Last-Modified: Thu Oct 08 01:52:01 EDT 1998
>Originator: Greg Hudson
>Organization:
MIT
Show quoted text
>Release: 1.0pl1
>Environment:

System: SunOS small-gods.mit.edu 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

Show quoted text
>Description:
When doing a krb4 encrypted rcp to a v5 machine, src/appl/bsd/v4rcp.c
does not set up the port numbers for the local and foreign address, only
the IP addresses. If the rcp is to the same machine (say, if you have
only krb4 tickets), then the direction bit may be set wrong during the
mutual authentication check.
Show quoted text
>How-To-Repeat:
Do a krb4 encrypted rcp to a different user on the local host. Note that
it usually fails with a "time out of bounds" error (which is a poor
error message, of course).
Show quoted text
>Fix:
kshd has to be modified to export the port numbers in the environment.

Index: krshd.c
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/krshd.c,v
retrieving revision 1.9
diff -c -r1.9 krshd.c
*** krshd.c 1998/06/11 17:58:53 1.9
--- krshd.c 1998/09/24 23:26:10
***************
*** 439,446 ****
char path_rest[] = RPATH;

char remote_addr[64]; /* = "KRB5REMOTEADDR=" */
char local_addr[64]; /* = "KRB5LOCALADDR=" */
! #define ADDRPAD 0,0 /* remoteaddr, localaddr */
#define KRBPAD 0 /* KRB5CCNAME, optional */

/* The following include extra space for TZ and MAXENV pointers... */
--- 439,448 ----
char path_rest[] = RPATH;

char remote_addr[64]; /* = "KRB5REMOTEADDR=" */
+ char remote_port[64]; /* = "KRB5REMOTEPORT=" */
char local_addr[64]; /* = "KRB5LOCALADDR=" */
! char local_port[64]; /* = "KRB5LOCALPORT=" */
! #define ADDRPAD 0,0,0,0
#define KRBPAD 0 /* KRB5CCNAME, optional */

/* The following include extra space for TZ and MAXENV pointers... */
***************
*** 1364,1377 ****

{
int i;
! /* these two are covered by ADDRPAD */
sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr));
for (i = 0; envinit[i]; i++);
envinit[i] =local_addr;

sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr));
for (; envinit[i]; i++);
envinit[i] =remote_addr;
}

/* If we do anything else, make sure there is space in the array. */
--- 1366,1387 ----

{
int i;
! /* these four are covered by ADDRPAD */
sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr));
for (i = 0; envinit[i]; i++);
envinit[i] =local_addr;

+ sprintf(local_port, "KRB5LOCALPORT=%d", ntohs(localaddr.sin_port));
+ for (; envinit[i]; i++);
+ envinit[i] =local_port;
+
sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr));
for (; envinit[i]; i++);
envinit[i] =remote_addr;
+
+ sprintf(remote_port, "KRB5REMOTEPORT=%d", ntohs(fromp->sin_port));
+ for (; envinit[i]; i++);
+ envinit[i] =remote_port;
}

/* If we do anything else, make sure there is space in the array. */
Index: v4rcp.c
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/v4rcp.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 v4rcp.c
*** v4rcp.c 1997/01/21 09:18:11 1.1.1.1
--- v4rcp.c 1998/09/24 21:55:04
***************
*** 1005,1011 ****
local.sin_addr.s_addr = inet_addr(envaddr);
#endif
local.sin_family = AF_INET;
! local.sin_port = 0;
} else {
fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n");
exit(1);
--- 1005,1014 ----
local.sin_addr.s_addr = inet_addr(envaddr);
#endif
local.sin_family = AF_INET;
! if (envaddr = getenv("KRB5LOCALPORT"))
! local.sin_port = htons(atoi(envaddr));
! else
! local.sin_port = 0;
} else {
fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n");
exit(1);
***************
*** 1017,1023 ****
foreign.sin_addr.s_addr = inet_addr(envaddr);
#endif
foreign.sin_family = AF_INET;
! foreign.sin_port = 0;
} else {
fprintf(stderr, "v4rcp: couldn't get remote address (KRB5REMOTEADDR)\n");
exit(1);
--- 1020,1029 ----
foreign.sin_addr.s_addr = inet_addr(envaddr);
#endif
foreign.sin_family = AF_INET;
! if (envaddr = getenv("KRB5REMOTEPORT"))
! foreign.sin_port = htons(atoi(envaddr));
! else
! foreign.sin_port = 0;
} else {
fprintf(stderr, "v4rcp: couldn't get remote address (KRB5REMOTEADDR)\n");
exit(1);
Show quoted text
>Audit-Trail:

State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Thu Oct 8 01:51:47 1998
State-Changed-Why: I've checked in your suggested change. Thanks!

Show quoted text
>Unformatted: