[5329] in Kerberos
Re: Problems with forwarding of credentials, K 5 Beta 5
daemon@ATHENA.MIT.EDU (Doug Engert)
Mon Jun 5 17:00:45 1995
Date: Mon, 05 Jun 95 15:46:40 CDT
From: "Doug Engert" <DEEngert@anl.gov>
To: <kerberos@MIT.EDU>
Cc: <authtf@es.net>, <wolfgang@wsrcc.com>, <mike@ux5.lbl.gov>
While trying to use forwarded credentials with Kerberos 5 beta 5,
I reported problems last week with using forwarded credentials. I would get
ASN.1 identifier ... error messages from kcmd or telnet.
I was only able to use forwarded credentials only on a SunOS system.
Over the weekend and this morning, I think I have found the problem.
The module rd_cred.c frees up the ticket which was just received via
a forward operation.
The code at lines 173, 174
pcur->ticket = *pdata;
krb5_free_data(context, pdata);
copy the length and pointer to the data to the pcur->ticket, then
krb5_free_data frees both the krb5_data structure and the data.
This should be changed to
krb5_xfree(pdata);
so as to only free the krb5_data structure, and not the data which the
pcur->ticket is still pointing at.
There is also a problem with all the lib/krb5/krb routines which use
the CLEANUP_PUSH macro. They should not be passing the address of the
address. i.e. remove the & on every reference to CLEANUP_PUSH(&
in mk_cred.c mk_priv.c mk_safe.c rd_cred.c rd_priv.c rd_safe.c
I am now able to forward a credential for a SunOS 4.1.3_u1 to a Solaris 2.3
system and use that forward credential to rlogin to another system.
These two problems have been reported to the krb5-bugs@mit.edu.
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
