[5480] in Kerberos
Re: sserver: recvauth failed--Bad file number
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Jul 11 11:40:26 1995
To: jns@cisco.com (John Stewart)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "11 Jul 1995 07:04:23 GMT."
<JNS.95Jul11000423@ace.cisco.com>
Date: Tue, 11 Jul 1995 11:17:31 EDT
From: Sam Hartman <hartmans@MIT.EDU>
> Received: from PACIFIC-CARRIER-ANNEX.MIT.EDU by po7.MIT.EDU (5.61/4.7) id AA20595; Tue, 11 Jul 95 03:20:21 EDT
> Received: from pad-thai.cam.ov.com by MIT.EDU with SMTP
> id AA13617; Tue, 11 Jul 95 03:05:31 EDT
> Received: by pad-thai.cam.ov.com (8.6.12/)
> id <DAA11198@pad-thai.cam.ov.com>; Tue, 11 Jul 1995 03:06:25 -0400
> Received: from GATEWAY by pad-thai.cam.ov.com with netnews
> for kerberos-wrapper@cam.ov.com (kerberos@mit.edu)
> To: kerberos@MIT.EDU
> Date: 11 Jul 1995 07:04:23 GMT
> From: jns@cisco.com (John Stewart)
> Message-Id: <JNS.95Jul11000423@ace.cisco.com>
> Organization: cisco Systems
> Sender: usenet@cam.ov.com
> References: <JNS.95Jul10160718@ace.cisco.com>
> Subject: Re: sserver: recvauth failed--Bad file number
>
>
>
> Here I am following up my own postings ... go figure. Well, I narrowed
> it down to krb5_net_read having a bad file decriptor (-1 to be exact)
> and backtraced to it sserver.c having "sock" initialized to -1 at run
> time -- even if it's running from inetd.
>
> Out of inetd, it should be 0, not -1. A minor patch, see the attached
> - for a one-liner, this was painful. Anyway, another note -- I've
> noticed that in certain instances, if there are principals in the
> database with say, kshell/foo.cisco.com and also a host/foo.cisco.com
> and rsh/rlogin client does into wait state waiting for the daemon to
> return -- and that daemon sits waiting on a read.
>
> I'm looking into that as well, but since it took me far too long to
> identify the coding error for this simple one, I think I'll go to
> sleep instead :)
It sounds like a bug I fixed recently in recvauth.c.
Basically, sendauth under v5 waits for a response from the server,
either a null message indicating success, or a krb_err reply
indicating an error. Unfortunately, recvauth only sends the error
reply if problem (the error code) is both zero and non-zero. I
suspect that after fixing this, you'll find a different problem
(either in local configuration, or in the kcmd protocol) that causes
the error.
I have included a patch below to recvauth.c. Several other
changes to recvauth.c have been made since beta5, but this patch
appears to apply cleanly to the beta5 recvauth; I didn't try
rebuilding.
--Sam
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/krb5/krb/recvauth.c,v
retrieving revision 5.23
retrieving revision 5.24
diff -c -5 -r5.23 -r5.24
*** recvauth.c 1995/06/12 21:41:23 5.23
--- recvauth.c 1995/07/02 23:22:04 5.24
***************
*** 186,195 ****
--- 186,200 ----
const char *message;
memset((char *)&error, 0, sizeof(error));
krb5_us_timeofday(context, &error.stime, &error.susec);
error.server = server;
+
+
+
+
+
error.error = problem - ERROR_TABLE_BASE_krb5;
if (error.error > 127)
error.error = KRB_ERR_GENERIC;
message = error_message(problem);
error.text.length = strlen(message) + 1;
***************
*** 206,226 ****
} else {
outbuf.length = 0;
outbuf.data = 0;
}
! if (!problem) {
! retval = krb5_write_message(context, fd, &outbuf);
! if (outbuf.data)
! krb5_xfree(outbuf.data);
! if (retval)
! goto cleanup;
! } else {
/* We sent back an error, we need cleanup then return */
retval = problem;
goto cleanup;
}
/* Here lies the mutual authentication stuff... */
if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) {
if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) {
return(retval);
--- 211,229 ----
} else {
outbuf.length = 0;
outbuf.data = 0;
}
! retval = krb5_write_message(context, fd, &outbuf);
! if (outbuf.data) {
! krb5_xfree(outbuf.data);
/* We sent back an error, we need cleanup then return */
retval = problem;
goto cleanup;
}
+ if (retval)
+ goto cleanup;
/* Here lies the mutual authentication stuff... */
if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) {
if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) {
return(retval);
