Skip Menu |
 

Download (untitled) / with headers
text/plain 5.6KiB
From root@mickey.digex.net Fri Mar 26 16:46:21 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA20262 for <bugs@RT-11.MIT.EDU>; Fri, 26 Mar 1999 16:46:20 -0500
Received: from mickey.digex.net by MIT.EDU with SMTP
id AA17000; Fri, 26 Mar 99 16:46:11 EST
Received: (from root@localhost) by mickey.digex.net (980427.SGI.8.8.8/980728.SGI.AUTOCF) id QAA21355; Fri, 26 Mar 1999 16:46:19 -0500 (EST)
Message-Id: <199903262146.QAA21355@mickey.digex.net>
Date: Fri, 26 Mar 1999 16:46:19 -0500 (EST)
From: sentner@digex.net
Reply-To: sentner@digex.net
To: krb5-bugs@MIT.EDU
Subject: Problem with login.krb5 setting ttyname in utmp under irix
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 706
>Category: pty
>Synopsis: utmp ttyname problem under irix
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: hartmans
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Mar 26 16:47:01 EST 1999
>Last-Modified: Fri Mar 26 17:37:00 EST 1999
>Originator: Eric J. Sentner
>Organization:
Intermedia Communications/DIGEX, Beltsville, MD USA

Show quoted text
>Release: krb5-1.0.5
>Environment:
Multiple machines, Irix 6.x, compiled with MIPSpro C

System: IRIX64 mickey 6.5 11051731 IP27


Show quoted text
>Description:
When compiled on an SGI running irix, there is a problem with the
way that the login program sets the utmp entry. Because it adds the 'kl' to
the beginning of the tty name, irix does not return the correct name for
the 'logname' command. This causes problems with some programs which check
for your logname. I found the problem when I tried changing the cache
settings on a RAID but it told me I was not allowed (even though I was logged
in as root). 'logname' showed me logged in as a normal user who'd previously
been on the same tty using ssh instead of rlogin. This causes other wierd
problems.

Show quoted text
>How-To-Repeat:
Compile krb5 under irix (I used 6.5). Log into the machine using a
non-kerberized telnetd or sshd as some user. Run 'who' to find out your tty
name. Run 'whoami' and 'logname' and the results should match. Then log out,
and log back in through a kerberized telnetd or klogind as a _different_ user.
Run 'who' again to make sure you're on the same tty. If so, run 'whoami'
then 'logname' again, and the results should not match. The logname output
will be the same as the previous user. The reason is that the system reads
utmp and uses the real tty name (not the kltty) entry when looking up your
username from utmp.

Show quoted text
>Fix:
There is only one line to change in 'src/util/pty/update_utmp.c'.
There appears to have been a problem with hpux machines as well because
there is an "#ifdef __hpux" statement in there which works around this
problem by just copying the ttyname instead of adding the 'kl' to the
beginning. Just changing that line to "#if defined(__hpux) || defined(__sgi)"
solved the problem.

Show quoted text
>Audit-Trail:

From: Von Welch <vwelch@ncsa.uiuc.edu>
To: sentner@digex.net
Cc: krb5-bugs@MIT.EDU
Subject: Re: pty/706: Problem with login.krb5 setting ttyname in utmp
under irix
Date: Fri, 26 Mar 1999 16:13:11 -0600

At 04:46 PM 3/26/99 -0500, sentner@digex.net wrote:
Show quoted text
>>Fix:
> There is only one line to change in 'src/util/pty/update_utmp.c'.
>There appears to have been a problem with hpux machines as well because
>there is an "#ifdef __hpux" statement in there which works around this
>problem by just copying the ttyname instead of adding the 'kl' to the
>beginning. Just changing that line to "#if defined(__hpux) ||
defined(__sgi)"
Show quoted text
>solved the problem.

I've been fighting this problem here and I believe the correct solution is
to actually copy all the characters after '/dev/tty' (which might be more
than 2 which is all the __hpux solution copies).

e.g.
strncpy(utmp_id, line + 8, 4);

If you copy just two chars it works fine until you get enough users that
lines such as /dev/ttyq10 start being used.

You also need to fix this in appl/gssftp/ftpd/logwtmp.c as well.

Von


----
Von Welch Senior Network Engineer (doing security stuff)
vwelch@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/People/vwelch
NCSA Alliance Computation Environment and Security


From: "Eric J. Sentner" <sentner@katana.digex.net>
To: Von Welch <vwelch@ncsa.uiuc.edu>
Cc: sentner@digex.net, krb5-bugs@MIT.EDU
Subject: Re: pty/706: Problem with login.krb5 setting ttyname in utmp
under irix
Date: Fri, 26 Mar 1999 17:36:17 -0500 (EST)

References: <199903262146.QAA21355@mickey.digex.net>
<3.0.5.32.19990326161311.009c3990@pop.ncsa.uiuc.edu>
X-Mailer: VM 6.22 under 19.15p6 XEmacs Lucid


On March 26, Von Welch wrote:

Show quoted text
> I've been fighting this problem here and I believe the correct solution is
> to actually copy all the characters after '/dev/tty' (which might be more
> than 2 which is all the __hpux solution copies).
>
> e.g.
> strncpy(utmp_id, line + 8, 4);
>
> If you copy just two chars it works fine until you get enough users that
> lines such as /dev/ttyq10 start being used.

Makes sense.. I didn't see that tmpx was getting stripped down to the
last 2 characters.. I've changed it to:

#ifdef __hpux
strcpy(utmp_id, tmpx);
#elif defined(__sgi)
strncpy(utmp_id, line + 8, 4);
#else
sprintf(utmp_id, "kl%s", tmpx);
#endif



Show quoted text
> You also need to fix this in appl/gssftp/ftpd/logwtmp.c as well.

What's getting passed to it in the line variable? It seems to copy
everything it's passed into ut.ut_line:

(void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));

Where does line get set? That's where this would need changed..

Thanks for the help!

-- Eric
Show quoted text
>Unformatted:
fixed by pty library rewrite in krb5-1.2.3