[1386] in Kerberos-V5-bugs
Re: krb5.b5 ksu core dump
daemon@ATHENA.MIT.EDU (Wolfgang Rupprecht)
Tue May 9 17:09:36 1995
Date: Tue, 9 May 1995 14:09:14 -0700
From: wolfgang@wsrcc.com (Wolfgang Rupprecht)
To: epeisach@MIT.EDU
Cc: krb5-bugs@MIT.EDU
In-Reply-To: <9505092008.AA24712@kangaroo.mit.edu>
Ezra,
Thanks for the quick reply. I did infact find a few more problems
with missing context args. Appended is my full collection of edits.
FYI: I managed to get gcc to do a bit more of the leg-work for me by
running gcc's protoize on a throw-away copy of the ksu directory. I
then appended the resulting *.X files onto the end of the real ksu.h
and compiled. (If you do use protoize be sure to first 'su nobody'
and make sure only the throw-away directory and files are writable by
nobody. Protoize is like a damn piranha - it'll rip up files all over
your filesystem.)
#
# patch generated by wolfgang on Tue May 9 13:46:16 PDT 1995
# in directory wsrcc.com:/v/src/krb5.5/src/clients/ksu .
# Patched files are:
#
# ccache.c
# heuristic.c
# krb_auth_su.c
#
*** orig/ccache.c Fri Jan 13 14:00:42 1995
--- ccache.c Tue May 9 13:45:38 1995
***************
*** 234,244 ****
return retval;
}
if (auth_debug){
fprintf(stderr,"krb5_ccache_copy: CREDS EXPIRED:\n");
fputs(" Valid starting Expires Service principal\n",stdout);
! show_credential(&creds, cc);
fprintf(stderr,"\n");
}
}
else { /* these credentials didn't expire */
--- 234,244 ----
return retval;
}
if (auth_debug){
fprintf(stderr,"krb5_ccache_copy: CREDS EXPIRED:\n");
fputs(" Valid starting Expires Service principal\n",stdout);
! show_credential(context, &creds, cc);
fprintf(stderr,"\n");
}
}
else { /* these credentials didn't expire */
*** orig/heuristic.c Fri Jan 13 14:00:44 1995
--- heuristic.c Tue May 9 13:45:38 1995
***************
*** 415,425 ****
cc_source_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_source_name, &st_temp)){
! if (retval = find_ticket (cc, client, end_server, &temp_found)) {
return retval;
}
if (temp_found == FALSE){
--- 415,425 ----
cc_source_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_source_name, &st_temp)){
! if (retval = find_ticket (context, cc, client, end_server, &temp_found)) {
return retval;
}
if (temp_found == FALSE){
***************
*** 428,438 ****
krb5_princ_realm(context, client),
&kdc_server)){
return retval ;
}
! if(retval = find_ticket (cc,client, kdc_server, &temp_found)) {
return retval;
}
}
else {
if (auth_debug)
--- 428,438 ----
krb5_princ_realm(context, client),
&kdc_server)){
return retval ;
}
! if(retval = find_ticket (context, cc,client, kdc_server, &temp_found)) {
return retval;
}
}
else {
if (auth_debug)
***************
*** 682,699 ****
princ_trials[i].found = FALSE;
}
for (i= 0; i < count; i ++){
if(princ_trials[i].p){
! if (retval= find_princ_in_list(princ_trials[i].p, aplist, &found)){
return retval;
}
if ( found == TRUE){
princ_trials[i].found = TRUE;
! if (retval = find_either_ticket (cc_source, princ_trials[i].p,
end_server, &found)){
return retval;
}
if (found == TRUE){
*client = princ_trials[i].p;
--- 682,699 ----
princ_trials[i].found = FALSE;
}
for (i= 0; i < count; i ++){
if(princ_trials[i].p){
! if (retval= find_princ_in_list(context, princ_trials[i].p, aplist, &found)){
return retval;
}
if ( found == TRUE){
princ_trials[i].found = TRUE;
! if (retval = find_either_ticket (context, cc_source, princ_trials[i].p,
end_server, &found)){
return retval;
}
if (found == TRUE){
*client = princ_trials[i].p;
***************
*** 714,724 ****
if (retval = krb5_parse_name(context, aplist[i], &temp_client)){
return retval;
}
! if (retval = find_either_ticket (cc_source, temp_client,
end_server, &found)){
return retval;
}
if (found == TRUE){
if (auth_debug){
--- 714,724 ----
if (retval = krb5_parse_name(context, aplist[i], &temp_client)){
return retval;
}
! if (retval = find_either_ticket (context, cc_source, temp_client,
end_server, &found)){
return retval;
}
if (found == TRUE){
if (auth_debug){
***************
*** 760,770 ****
}
/* get the client name that is the closest
to the three princ in trials */
! if(retval=get_closest_principal(aplist, &temp_client, & found)){
return retval;
}
if (found == TRUE){
*client = temp_client;
--- 760,770 ----
}
/* get the client name that is the closest
to the three princ in trials */
! if(retval=get_closest_principal(context, aplist, &temp_client, & found)){
return retval;
}
if (found == TRUE){
*client = temp_client;
*** orig/krb_auth_su.c Thu Feb 23 05:26:23 1995
--- krb_auth_su.c Tue May 9 13:45:38 1995
***************
*** 80,90 ****
com_err(prog_name, retval,"while copying client principal");
return (FALSE) ;
}
if (auth_debug)
! { dump_principal("krb5_auth_check: Client principal name", client); }
if ( retval = krb5_sname_to_principal(context, hostname, NULL,
KRB5_NT_SRV_HST, &server)){
com_err(prog_name, retval,
"while creating server %s principal name", hostname);
--- 80,90 ----
com_err(prog_name, retval,"while copying client principal");
return (FALSE) ;
}
if (auth_debug)
! { dump_principal(context, "krb5_auth_check: Client principal name", client); }
if ( retval = krb5_sname_to_principal(context, hostname, NULL,
KRB5_NT_SRV_HST, &server)){
com_err(prog_name, retval,
"while creating server %s principal name", hostname);
***************
*** 91,101 ****
krb5_free_principal(context, client);
return (FALSE) ;
}
if (auth_debug)
! { dump_principal("krb5_auth_check: Server principal name", server); }
/* check if ticket is already in the cache, if it is
then use it.
--- 91,101 ----
krb5_free_principal(context, client);
return (FALSE) ;
}
if (auth_debug)
! { dump_principal(context, "krb5_auth_check: Server principal name", server); }
/* check if ticket is already in the cache, if it is
then use it.
***************
*** 121,131 ****
krb5_free_principal(context, client);
krb5_free_principal(context, server);
return (FALSE) ;
}
! if (auth_debug){ dump_principal("local tgt principal name", tgtq.server ); }
retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
&tgtq, &tgt);
if (! retval) retval = krb5_check_exp(context, tgt.times);
--- 121,131 ----
krb5_free_principal(context, client);
krb5_free_principal(context, server);
return (FALSE) ;
}
! if (auth_debug){ dump_principal(context, "local tgt principal name", tgtq.server ); }
retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
&tgtq, &tgt);
if (! retval) retval = krb5_check_exp(context, tgt.times);
***************
*** 179,189 ****
}
if (auth_debug){
fprintf(stderr,"krb5_auth_check: got ticket for end server \n");
! dump_principal("out_creds->server", out_creds->server );
}
if (tgts){
register int i =0;
--- 179,189 ----
}
if (auth_debug){
fprintf(stderr,"krb5_auth_check: got ticket for end server \n");
! dump_principal(context, "out_creds->server", out_creds->server );
}
if (tgts){
register int i =0;
***************
*** 291,302 ****
return KRB5KRB_AP_WRONG_PRINC;
}
if (auth_debug){
fprintf(stderr,"krb5_verify_tkt_def: verified target server\n");
! dump_principal("server", server);
! dump_principal("tkt->server", tkt->server);
}
/* get the default keytab */
if( retval = krb5_kt_default(context, &keytabid)){
krb5_free_ticket(context, tkt);
--- 291,302 ----
return KRB5KRB_AP_WRONG_PRINC;
}
if (auth_debug){
fprintf(stderr,"krb5_verify_tkt_def: verified target server\n");
! dump_principal(context, "server", server);
! dump_principal(context, "tkt->server", tkt->server);
}
/* get the default keytab */
if( retval = krb5_kt_default(context, &keytabid)){
krb5_free_ticket(context, tkt);
***************
*** 338,349 ****
}
if (auth_debug){
fprintf(stderr,
"krb5_verify_tkt_def: verified client's identity\n");
! dump_principal("client", client);
! dump_principal("tkt->enc_part2->client",tkt->enc_part2->client);
}
tkt_ses_key = tkt->enc_part2->session;
if (cred_ses_key->keytype != tkt_ses_key->keytype ||
--- 338,349 ----
}
if (auth_debug){
fprintf(stderr,
"krb5_verify_tkt_def: verified client's identity\n");
! dump_principal(context, "client", client);
! dump_principal(context, "tkt->enc_part2->client",tkt->enc_part2->client);
}
tkt_ses_key = tkt->enc_part2->session;
if (cred_ses_key->keytype != tkt_ses_key->keytype ||
# end
--
Wolfgang Rupprecht <wolfgang@wsrcc.com> <http://www.wsrcc.com/>
