Skip Menu |
 

To: krb5-bugs@MIT.EDU
Subject: NFS fails to work with KRB5 1.7
From: Sam Hartman <hartmans@MIT.EDU>
Date: Wed, 13 May 2009 17:32:10 -0400


I didn't make much progress on this today and may not have additional
time to work on it, so I wanted to at least open the bug.

See http://bugs.debian.org/528514

Apparently, gss_export_lucid_sec_context creates a returned context
that segfaults when accessed by rpc.gssd.
From: ghudson@mit.edu
Subject: SVN Commit

gss_krb5int_export_lucid_sec_context was erroneously copying the first
sizeof(void *) bytes of the context into data_set, instead of the
pointer to the context.


https://github.com/krb5/krb5/commit/97ab8ebd3d26e279ffc92a58b59a3ff6c85c67db
Commit By: ghudson
Revision: 22351
Changed Files:
U trunk/src/lib/gssapi/krb5/lucid_context.c
I'm leaving this issue open until we hear back from the reporter of the
Debian bug, since I haven't tested the fix.
To: rt-comment@krbdev.MIT.EDU
Subject: Re: [krbdev.mit.edu #6488] NFS fails to work with KRB5 1.7
From: Tom Yu <tlyu@MIT.EDU>
Date: Fri, 15 May 2009 15:57:24 -0400
RT-Send-Cc:
Also, that there is an additional issue reported in that Debian bug
having to do with "unsupported algorithm 1". This looks like it is
due to the kernel supporting only des-cbc-raw. It could be that the
subkey setup that occurs in the context no longer smashes the enctype
of the keyblock, but we need to investigate further.
From: hartmans@mit.edu
Subject: SVN Commit

Copy the sequence key rather than the subkey for lucid contexts in RFC
1964 mode, so that we map to raw des enctypes rather than say
des-cbc-crc.

https://github.com/krb5/krb5/commit/cbb34c759c2d4c189fd4e825dd2cadfe38f4ad2d
Commit By: hartmans
Revision: 22354
Changed Files:
U trunk/src/lib/gssapi/krb5/lucid_context.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r22351, r22354 from trunk

------------------------------------------------------------------------
r22354 | hartmans | 2009-05-18 21:08:48 +0200 (Mon, 18 May 2009) | 8 lines

ticket: 6488
target_version: 1.7
tags: pullup

Copy the sequence key rather than the subkey for lucid contexts in RFC
1964 mode, so that we map to raw des enctypes rather than say
des-cbc-crc.
------------------------------------------------------------------------
r22351 | ghudson | 2009-05-14 18:50:52 +0200 (Thu, 14 May 2009) | 9 lines

ticket: 6488
status: open
tags: pullup
target_version: 1.7

gss_krb5int_export_lucid_sec_context was erroneously copying the first
sizeof(void *) bytes of the context into data_set, instead of the
pointer to the context.

https://github.com/krb5/krb5/commit/fb5ee2d640a0861bb5ea52bd68111ad6d5fc692c
Commit By: tlyu
Revision: 22373
Changed Files:
U branches/krb5-1-7/src/lib/gssapi/krb5/lucid_context.c