Date: | Thu, 11 Nov 2010 17:00:16 +0600 |
From: | Roman Semenov <r.semenov@f5.com> |
To: | <krb5-bugs@mit.edu> |
Subject: | KPASSWD port is not correct |
CC: | Dennis Zhou <d.zhou@f5.com> |
Hello,
Recently I found wrong logic in krb5_locate_kpasswd() function (krb5/build/src/lib/krb5/os/changepw.c file).
If we got success on first call for krb5int_locate_server(), then the following code will not be executed:
if (!code) {
/* Success with admin_server but now we need to change the
port number to use DEFAULT_KPASSWD_PORT and the socktype. */
int i;
for (i=0; i<addrlist->naddrs; i++) {
struct addrinfo *a = addrlist->addrs[i].ai;
if (a->ai_family == AF_INET)
sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
if (sockType != SOCK_STREAM)
a->ai_socktype = sockType;
}
}
As a result MS Kpasswd request will be wrongly sent to 88 port. Default port for kadmin/chpasswd is 464.
The following patch will fix issue:
code = krb5int_locate_server (context, realm, addrlist,
locate_service_kadmin, SOCK_STREAM,
AF_INET);
+ }
if (!code) {
/* Success with admin_server but now we need to change the
port number to use DEFAULT_KPASSWD_PORT and the socktype. */
@@ -82,7 +83,7 @@
a->ai_socktype = sockType;
}
}
- }
+
return (code);
}
Thanks,
Roman
Recently I found wrong logic in krb5_locate_kpasswd() function (krb5/build/src/lib/krb5/os/changepw.c file).
If we got success on first call for krb5int_locate_server(), then the following code will not be executed:
if (!code) {
/* Success with admin_server but now we need to change the
port number to use DEFAULT_KPASSWD_PORT and the socktype. */
int i;
for (i=0; i<addrlist->naddrs; i++) {
struct addrinfo *a = addrlist->addrs[i].ai;
if (a->ai_family == AF_INET)
sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
if (sockType != SOCK_STREAM)
a->ai_socktype = sockType;
}
}
As a result MS Kpasswd request will be wrongly sent to 88 port. Default port for kadmin/chpasswd is 464.
The following patch will fix issue:
Show quoted text
==== //xxxxx/krb5/build/src/lib/krb5/os/changepw.c#4 -
/yyyyy/krb5/build/src/lib/krb5/os/changepw.c ====
@@ -70,6 +70,7 @@code = krb5int_locate_server (context, realm, addrlist,
locate_service_kadmin, SOCK_STREAM,
AF_INET);
+ }
if (!code) {
/* Success with admin_server but now we need to change the
port number to use DEFAULT_KPASSWD_PORT and the socktype. */
@@ -82,7 +83,7 @@
a->ai_socktype = sockType;
}
}
- }
+
return (code);
}
Thanks,
Roman