[1184] in Kerberos-V5-bugs
bug report for krb5 b4p3, src/lib/krb5/keytab/file/ktf_get_en.c
daemon@ATHENA.MIT.EDU (Paul Pomes)
Wed Mar 15 15:50:57 1995
Date: Wed, 15 Mar 1995 14:50:22 -0600
From: Paul Pomes <p-pomes@uiuc.edu>
To: krb5-bugs@MIT.EDU
I haven't wrapped my head all the way around this problem, but in debugging
why kprop wasn't working for me, I found this in krb5_ktfile_get_entry():
if (krb5_principal_compare(principal, new_entry.principal)) {
if (kvno == IGNORE_VNO) {
if (cur_entry.vno < new_entry.vno) {
krb5_kt_free_entry(&cur_entry);
cur_entry = new_entry;
+ break;
}
} else {
cur_entry = new_entry;
break;
}
} else {
Until I added the break; statement, there was no way to get the v5 kprop/kpropd
programs to work. I also need to make some changes to the programs themselves
as shown below.
*** /var/apps/src/security/krb5-b4.3/src/slave/kprop.c Thu Sep 29 21:17:40 1994
--- kprop.c Wed Mar 15 14:40:46 1995
***************
*** 416,436 ****
struct flock lock_arg;
#endif
! if ((fd = open(data_fn, O_RDONLY)) < 0) {
com_err(progname, errno, "while trying to open %s",
data_fn);
exit(1);
}
#ifdef POSIX_FILE_LOCKS
! lock_arg.l_whence = 0;
! lock_arg.l_start = 0;
! lock_arg.l_len = 0;
if (fcntl(fd, F_SETLK, &lock_arg) == -1) {
if (errno == EACCES || errno == EAGAIN)
com_err(progname, 0, "database locked");
else
! com_err(progname, errno, "while trying to flock %s",
data_fn);
exit(1);
}
--- 416,435 ----
struct flock lock_arg;
#endif
! if ((fd = open(data_fn, O_RDWR)) < 0) {
com_err(progname, errno, "while trying to open %s",
data_fn);
exit(1);
}
#ifdef POSIX_FILE_LOCKS
! memset(&lock_arg, 0, sizeof(lock_arg));
! lock_arg.l_type = F_WRLCK;
if (fcntl(fd, F_SETLK, &lock_arg) == -1) {
if (errno == EACCES || errno == EAGAIN)
com_err(progname, 0, "database locked");
else
! com_err(progname, errno, "while trying to fcntl %s",
data_fn);
exit(1);
}
On many systems, a fd has to be opened for writing to get an exclusive lock.
Also the lock type has to be specified.
*** /var/apps/src/security/krb5-b4.3/src/slave/kpropd.c Thu Sep 15 11:49:32 1994
--- kpropd.c Wed Mar 15 14:38:46 1995
***************
*** 195,200 ****
--- 195,201 ----
if (getpeername(fd, (struct sockaddr *) &from, &fromlen) < 0) {
fprintf(stderr, "%s: ", progname);
perror("getpeername");
+ syslog(LOG_ERR, "getpeername(): %m");
exit(1);
}
if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (caddr_t) &on,
