[11782] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #6818] KPASSWD port is not correct

daemon@ATHENA.MIT.EDU (Roman Semenov via RT)
Thu Nov 11 17:59:24 2010

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Roman Semenov via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6818@krbdev.mit.edu>
Message-ID: <rt-6818-33453.7.42140722003803@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6818'":;"'AdminCc of krbdev.mit.edu Ticket #6818'":;@MIT.EDU
Date: Thu, 11 Nov 2010 17:59:22 -0500 (EST)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu

Hello,

Recently I found wrong logic in krb5_locate_kpasswd() function 
(krb5/build/src/lib/krb5/os/changepw.c file).

If we got success on first call for krb5int_locate_server(), then the 
following code will not be executed:
         if (!code) {
             /* Success with admin_server but now we need to change the
                port number to use DEFAULT_KPASSWD_PORT and the 
socktype.  */
             int i;
             for (i=0; i<addrlist->naddrs; i++) {
                 struct addrinfo *a = addrlist->addrs[i].ai;
                 if (a->ai_family == AF_INET)
                     sa2sin (a->ai_addr)->sin_port = 
htons(DEFAULT_KPASSWD_PORT);
                 if (sockType != SOCK_STREAM)
                     a->ai_socktype = sockType;
             }
         }

As a result MS Kpasswd request will be wrongly sent to 88 port. Default 
port for kadmin/chpasswd is 464.


The following patch will fix issue:
==== //xxxxx/krb5/build/src/lib/krb5/os/changepw.c#4 - 
/yyyyy/krb5/build/src/lib/krb5/os/changepw.c ====
@@ -70,6 +70,7 @@
         code = krb5int_locate_server (context, realm, addrlist,
                                       locate_service_kadmin, SOCK_STREAM,
                                       AF_INET);
+    }
         if (!code) {
             /* Success with admin_server but now we need to change the
                port number to use DEFAULT_KPASSWD_PORT and the 
socktype.  */
@@ -82,7 +83,7 @@
                     a->ai_socktype = sockType;
             }
         }
-    }
+
      return (code);
  }


Thanks,
Roman

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
home help back first fref pref prev next nref lref last post