From donn@u.washington.edu Tue Oct 5 17:30:30 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA02767 for <bugs@RT-11.MIT.EDU>; Tue, 5 Oct 1999 17:30:26 -0400
Received: from [140.142.77.10] by MIT.EDU with SMTP
id AA27969; Tue, 5 Oct 99 17:30:11 EDT
Received: from saul8.u.washington.edu (donn@saul8.u.washington.edu [140.142.82.3])
by jason03.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.08) with ESMTP id OAA33810
for <krb5-bugs@mit.edu>; Tue, 5 Oct 1999 14:28:44 -0700
Received: (from donn@localhost)
by saul8.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.08) id OAA20895;
Tue, 5 Oct 1999 14:28:43 -0700 (PDT)
Message-Id: <199910052128.OAA20895@saul8.u.washington.edu>
Date: Tue, 5 Oct 1999 14:28:43 -0700 (PDT)
From: donn@u.washington.edu
Reply-To: donn@u.washington.edu
To: krb5-bugs@MIT.EDU
Subject: login.c, default credentials cache
X-Send-Pr-Version: 3.99
Machine: RS/6000
to call krb5_cc_set_default_name() to store that value in the context.
The value apparently is actually stored there prior to setuid(), since
it's /tmp/krb5cc_0. User's credentials are apparently missing, but
actually stored in a different file from where KRB5CCNAME points.
TGT using password.
*** appl/bsd/login.c.dist Thu Sep 23 15:40:09 1999
--- appl/bsd/login.c Tue Oct 5 14:07:52 1999
***************
*** 518,523 ****
--- 518,524 ----
if (!getenv(KRB5_ENV_CCNAME)) {
sprintf(ccfile, "FILE:/tmp/krb5cc_p%d", getpid());
setenv(KRB5_ENV_CCNAME, ccfile, 1);
+ krb5_cc_set_default_name(kcontext, ccfile);
unlink(ccfile+strlen("FILE:"));
} else {
/* note it correctly */
***************
*** 1727,1732 ****
--- 1727,1733 ----
if (ccname)
setenv("KRB5CCNAME", ccname, 1);
+ krb5_cc_set_default_name(kcontext, ccname);
setenv("HOME", pwd->pw_dir, 1);
setenv("PATH", LPATH, 1);
***************
*** 1748,1755 ****
#ifdef KRB5_GET_TICKETS
/* ccfile[0] is only set if we got tickets above */
! if (login_krb5_get_tickets && ccfile[0])
(void) setenv(KRB5_ENV_CCNAME, ccfile, 1);
#endif /* KRB5_GET_TICKETS */
if (tty[sizeof("tty")-1] == 'd')
--- 1749,1758 ----
#ifdef KRB5_GET_TICKETS
/* ccfile[0] is only set if we got tickets above */
! if (login_krb5_get_tickets && ccfile[0]) {
(void) setenv(KRB5_ENV_CCNAME, ccfile, 1);
+ krb5_cc_set_default_name(kcontext, ccfile);
+ }
#endif /* KRB5_GET_TICKETS */
if (tty[sizeof("tty")-1] == 'd')
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA02767 for <bugs@RT-11.MIT.EDU>; Tue, 5 Oct 1999 17:30:26 -0400
Received: from [140.142.77.10] by MIT.EDU with SMTP
id AA27969; Tue, 5 Oct 99 17:30:11 EDT
Received: from saul8.u.washington.edu (donn@saul8.u.washington.edu [140.142.82.3])
by jason03.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.08) with ESMTP id OAA33810
for <krb5-bugs@mit.edu>; Tue, 5 Oct 1999 14:28:44 -0700
Received: (from donn@localhost)
by saul8.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.08) id OAA20895;
Tue, 5 Oct 1999 14:28:43 -0700 (PDT)
Message-Id: <199910052128.OAA20895@saul8.u.washington.edu>
Date: Tue, 5 Oct 1999 14:28:43 -0700 (PDT)
From: donn@u.washington.edu
Reply-To: donn@u.washington.edu
To: krb5-bugs@MIT.EDU
Subject: login.c, default credentials cache
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 762
>Category: krb5-appl
>Synopsis: login.c fails to set default credentials cache name.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct 05 17:31:01 EDT 1999
>Last-Modified:
>Originator: Donn Cave
>Organization:
University of Washington>Category: krb5-appl
>Synopsis: login.c fails to set default credentials cache name.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct 05 17:31:01 EDT 1999
>Last-Modified:
>Originator: Donn Cave
>Organization:
Show quoted text
>Release: krb5-1.1
>Environment:
System: AIX 4.2>Environment:
Machine: RS/6000
Show quoted text
>Description:
login.c sets the KRB5CCNAME environment variable (repeatedly) but failsto call krb5_cc_set_default_name() to store that value in the context.
The value apparently is actually stored there prior to setuid(), since
it's /tmp/krb5cc_0. User's credentials are apparently missing, but
actually stored in a different file from where KRB5CCNAME points.
Show quoted text
>How-To-Repeat:
Log in via telnet, without telnet service ticket, so login acquiresTGT using password.
Show quoted text
>Fix:
[Line numbers reflect a couple of other fixes.]*** appl/bsd/login.c.dist Thu Sep 23 15:40:09 1999
--- appl/bsd/login.c Tue Oct 5 14:07:52 1999
***************
*** 518,523 ****
--- 518,524 ----
if (!getenv(KRB5_ENV_CCNAME)) {
sprintf(ccfile, "FILE:/tmp/krb5cc_p%d", getpid());
setenv(KRB5_ENV_CCNAME, ccfile, 1);
+ krb5_cc_set_default_name(kcontext, ccfile);
unlink(ccfile+strlen("FILE:"));
} else {
/* note it correctly */
***************
*** 1727,1732 ****
--- 1727,1733 ----
if (ccname)
setenv("KRB5CCNAME", ccname, 1);
+ krb5_cc_set_default_name(kcontext, ccname);
setenv("HOME", pwd->pw_dir, 1);
setenv("PATH", LPATH, 1);
***************
*** 1748,1755 ****
#ifdef KRB5_GET_TICKETS
/* ccfile[0] is only set if we got tickets above */
! if (login_krb5_get_tickets && ccfile[0])
(void) setenv(KRB5_ENV_CCNAME, ccfile, 1);
#endif /* KRB5_GET_TICKETS */
if (tty[sizeof("tty")-1] == 'd')
--- 1749,1758 ----
#ifdef KRB5_GET_TICKETS
/* ccfile[0] is only set if we got tickets above */
! if (login_krb5_get_tickets && ccfile[0]) {
(void) setenv(KRB5_ENV_CCNAME, ccfile, 1);
+ krb5_cc_set_default_name(kcontext, ccfile);
+ }
#endif /* KRB5_GET_TICKETS */
if (tty[sizeof("tty")-1] == 'd')
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: