From crawdad@gungnir.fnal.gov Thu Sep 16 12:18:59 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA05384 for <bugs@RT-11.MIT.EDU>; Thu, 16 Sep 1999 12:18:55 -0400
Received: from gungnir.fnal.gov by MIT.EDU with SMTP
id AA22579; Thu, 16 Sep 99 12:18:51 EDT
Received: (from crawdad@localhost)
by gungnir.fnal.gov (8.9.1/8.9.1) id LAA05169;
Thu, 16 Sep 1999 11:18:52 -0500 (CDT)
Message-Id: <199909161618.LAA05169@gungnir.fnal.gov>
Date: Thu, 16 Sep 1999 11:18:52 -0500 (CDT)
From: crawdad@fnal.gov
Reply-To: crawdad@gungnir.fnal.gov
To: krb5-bugs@MIT.EDU
Cc: kenh@cmf.nrl.navy.mil
Subject: kadmin modprinc does insufficient arg checking
X-Send-Pr-Version: 3.99
System: SunOS gungnir.fnal.gov 5.5.1 Generic_103640-24 sun4u sparc SUNW,Ultra-1
Architecture: sun4
ignores it, letting the unwary admin think the password has
been changed.
modrinc +needchange -pw new-PASS-789 name
===================================================================
RCS file: /cvs/cd/kerberos/src/kadmin/cli/kadmin.c,v
retrieving revision 1.2
diff -c -r1.2 kadmin.c
*** kadmin.c 1999/07/27 20:35:32 1.2
--- kadmin.c 1999/09/16 16:11:44
***************
*** 954,959 ****
--- 954,966 ----
free(canon);
return;
}
+ if (pass) {
+ fprintf(stderr,
+ "modify_principal: -pw not allowed; use change_password\n");
+ krb5_free_principal(context, princ.principal);
+ free(canon);
+ return;
+ }
retval = kadm5_modify_principal(handle, &princ, mask);
krb5_free_principal(context, princ.principal);
if (retval) {
State-Changed-From-To: open-closed
State-Changed-By: raeburn
State-Changed-When: Fri Feb 25 22:25:37 2000
State-Changed-Why:
Checked in for 1.2.
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA05384 for <bugs@RT-11.MIT.EDU>; Thu, 16 Sep 1999 12:18:55 -0400
Received: from gungnir.fnal.gov by MIT.EDU with SMTP
id AA22579; Thu, 16 Sep 99 12:18:51 EDT
Received: (from crawdad@localhost)
by gungnir.fnal.gov (8.9.1/8.9.1) id LAA05169;
Thu, 16 Sep 1999 11:18:52 -0500 (CDT)
Message-Id: <199909161618.LAA05169@gungnir.fnal.gov>
Date: Thu, 16 Sep 1999 11:18:52 -0500 (CDT)
From: crawdad@fnal.gov
Reply-To: crawdad@gungnir.fnal.gov
To: krb5-bugs@MIT.EDU
Cc: kenh@cmf.nrl.navy.mil
Subject: kadmin modprinc does insufficient arg checking
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 753
>Category: krb5-admin
>Synopsis: kadmin modprinc allows -pw, silently ignores
>Confidential: yes
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Sep 16 12:20:00 EDT 1999
>Last-Modified: Fri Feb 25 22:25:43 EST 2000
>Originator: Matt Crawford
>Organization:
Fermilab>Category: krb5-admin
>Synopsis: kadmin modprinc allows -pw, silently ignores
>Confidential: yes
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Sep 16 12:20:00 EDT 1999
>Last-Modified: Fri Feb 25 22:25:43 EST 2000
>Originator: Matt Crawford
>Organization:
Show quoted text
>Release: krb5-1.0.6
>Environment:
Ultra-1, Solaris 2.5.1>Environment:
System: SunOS gungnir.fnal.gov 5.5.1 Generic_103640-24 sun4u sparc SUNW,Ultra-1
Architecture: sun4
Show quoted text
>Description:
kadmin's modprinc function allows "-pw PASSWORD" but silentlyignores it, letting the unwary admin think the password has
been changed.
Show quoted text
>How-To-Repeat:
kadmin.localmodrinc +needchange -pw new-PASS-789 name
Show quoted text
>Fix:
Index: kadmin.c===================================================================
RCS file: /cvs/cd/kerberos/src/kadmin/cli/kadmin.c,v
retrieving revision 1.2
diff -c -r1.2 kadmin.c
*** kadmin.c 1999/07/27 20:35:32 1.2
--- kadmin.c 1999/09/16 16:11:44
***************
*** 954,959 ****
--- 954,966 ----
free(canon);
return;
}
+ if (pass) {
+ fprintf(stderr,
+ "modify_principal: -pw not allowed; use change_password\n");
+ krb5_free_principal(context, princ.principal);
+ free(canon);
+ return;
+ }
retval = kadm5_modify_principal(handle, &princ, mask);
krb5_free_principal(context, princ.principal);
if (retval) {
Show quoted text
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: raeburn
State-Changed-When: Fri Feb 25 22:25:37 2000
State-Changed-Why:
Checked in for 1.2.
Show quoted text
>Unformatted: