Skip Menu |
 

Download (untitled) / with headers
text/plain 4.2KiB
From krb5-bugs-incoming-bounces@PCH.mit.edu Fri Mar 12 17:09:52 2010
Return-Path: <krb5-bugs-incoming-bounces@PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by krbdev.mit.edu (Postfix) with ESMTP id 7ADB03F0F8;
Fri, 12 Mar 2010 17:09:51 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o2CM9pgb013895;
Fri, 12 Mar 2010 17:09:51 -0500
Received: from mailhub-dmz-1.mit.edu (MAILHUB-DMZ-1.MIT.EDU [18.9.21.41])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o2CKgPmo001072
for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 12 Mar 2010 15:42:25 -0500
Received: from dmz-mailsec-scanner-1.mit.edu (DMZ-MAILSEC-SCANNER-1.MIT.EDU
[18.9.25.12])
by mailhub-dmz-1.mit.edu (8.13.8/8.9.2) with ESMTP id o2CKfRCW022295
for <krb5-bugs@mit.edu>; Fri, 12 Mar 2010 15:42:25 -0500
X-AuditID: 1209190c-b7c8cae00000610c-c5-4b9aa7317e59
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by dmz-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with
SMTP id 9D.B5.24844.137AA9B4; Fri, 12 Mar 2010 15:42:25 -0500 (EST)
Received: from int-mx04.intmail.prod.int.phx2.redhat.com
(int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.17])
by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o2CKgOwg013366
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
for <krb5-bugs@mit.edu>; Fri, 12 Mar 2010 15:42:24 -0500
Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.0.23])
by int-mx04.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id o2CKgMnU032536
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <krb5-bugs@mit.edu>; Fri, 12 Mar 2010 15:42:23 -0500
Received: from blade.bos.redhat.com (localhost [127.0.0.1])
by blade.bos.redhat.com (8.14.4/8.14.3) with ESMTP id o2CKgMXj023161
for <krb5-bugs@mit.edu>; Fri, 12 Mar 2010 15:42:22 -0500
Received: (from nalin@localhost)
by blade.bos.redhat.com (8.14.4/8.14.4/Submit) id o2CKgMgP023160;
Fri, 12 Mar 2010 15:42:22 -0500
Date: Fri, 12 Mar 2010 15:42:22 -0500
Message-Id: <201003122042.o2CKgMgP023160@blade.bos.redhat.com>
To: krb5-bugs@mit.edu
Subject: kpasswd doesn't guess the client principal name correctly without a
ccache
From: nalin@redhat.com
X-send-pr-version: 3.99
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.17
X-Brightmail-Tracker: AAAABAF7bc0TPSK9Ez0j1hM9/MI=
X-Mailman-Approved-At: Fri, 12 Mar 2010 17:09:50 -0500
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: nalin@redhat.com
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu


Show quoted text
>Submitter-Id: net
>Originator: Nalin Dahyabhai
>Organization:
>Confidential: no
>Synopsis: kpasswd doesn't guess the client principal name correctly without a ccache
>Severity: non-critical
>Priority: low
>Category: krb5-clients
>Class: sw-bug
>Release: 1.8
>Environment:

System: Linux blade.bos.redhat.com 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64

Show quoted text
>Description:
When the invoking user doesn't have a credential cache, kpasswd doesn't
derive the client's principal name from the user name, while the man
page says that it does.
Show quoted text
>How-To-Repeat:
env -i kdestroy
env -i kpasswd
Show quoted text
>Fix:
Here's a patch for moving on after encountering errors while
attempting to read the user's principal name from the ccache:

Index: src/clients/kpasswd/kpasswd.c
===================================================================
--- src/clients/kpasswd/kpasswd.c (revision 23799)
+++ src/clients/kpasswd/kpasswd.c (working copy)
@@ -85,21 +85,23 @@
exit(1);
}
} else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) {
+ princ = NULL;
+
if (ret) {
com_err(argv[0], ret, "opening default ccache");
- exit(1);
}
+ else

if ((ret = krb5_cc_get_principal(context, ccache, &princ))) {
com_err(argv[0], ret, "getting principal from ccache");
- exit(1);
}
+ else

if ((ret = krb5_cc_close(context, ccache))) {
com_err(argv[0], ret, "closing ccache");
- exit(1);
}
- } else {
+ }
+ if (princ == NULL) {
get_name_from_passwd_file(argv[0], context, &princ);
}

I don't think we want to ignore all errors reading the ccache, though we
certainly do want to function as documented. I think the code was
assuming that krb5_cc_default() would error out with KRB5_CC_NOTFOUND if
the cache didn't exist, and that's not the case with file ccaches.

Right now this is a little tough to fix cleanly because the file ccache
code returns a type-specific error (KRB5_FCC_NOFILE) when you try to
fetch something from an absent cache. I'll need to figure out how we
want to address that.

(Also, if you're using this patch locally, I think you're using princ
uninitialized in the case where krb5_cc_default() returns KRB5_CC_NOTFOUND.)
From: ghudson@mit.edu
Subject: SVN Commit

Fix the kpasswd fallback from the ccache principal name to the
username in the case where the ccache doesn't exist.


https://github.com/krb5/krb5/commit/cd93ab84c5a2ff0705d3ae113ed63dc03333ca3c
Commit By: ghudson
Revision: 23819
Changed Files:
U trunk/src/clients/kpasswd/kpasswd.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r23819 from trunk

------------------------------------------------------------------------
r23819 | ghudson | 2010-03-18 10:37:31 -0700 (Thu, 18 Mar 2010) | 7 lines

ticket: 6683
target_version: 1.8.1
tags: pullup

Fix the kpasswd fallback from the ccache principal name to the
username in the case where the ccache doesn't exist.

https://github.com/krb5/krb5/commit/c0a71892c7c7a663722401c02d345081c98c1c30
Commit By: tlyu
Revision: 23826
Changed Files:
U branches/krb5-1-8/src/clients/kpasswd/kpasswd.c