[1419] in Kerberos-V5-bugs
Kerberos 5 beta 5 patches
daemon@ATHENA.MIT.EDU (Jon 'Iain' Boone)
Thu May 18 11:28:06 1995
Date: Thu, 18 May 1995 11:01:20 -0400 (EDT)
From: "Jon 'Iain' Boone" <boone@prep.net>
To: kerberos@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Folks,
I have a copy of Kerberos 5 beta 5 and I can get it to compile properly on
LINUX [SLACKWARE 1.2 w/Kernel 1.2.8 upgrade] and DEC Ultrix 4.4.
I am running the KDC on my Ultrix machine and I can get tickets from both
the DEC and the Linux machine. However, I can't get any of the other
client/server packages to work.
------------------------------------------------------
I have tried using sclient/sserver -- I get
sclient: Software caused connection abort while using sendauth
from both platforms.
I added some debugging stuff and I get the following output from my DECstation:
Iain -=> ./sclient nic.prep.net
using port 13135
contacting host nic.prep.net (192.156.226.50)
retval on obtaining credentials for boone@PREP.NET is 0
retval on sending authorization for boone@PREP.NET to
sample/nic.prep.net@PREP.NET is 53
./sclient: Software caused connection abort while using sendauth
Now, this "53" is the retval from the following line of code:
retval = krb5_sendauth(context, &auth_context, (krb5_pointer) &sock,
SAMPLE_VERSION, client, server,
AP_OPTS_MUTUAL_REQUIRED,
&cksum_data,
0, /* no creds, use ccache instead */
ccdef, &err_ret, &rep_ret, NULL);
Then, after freeing the principal, the following check is made:
if (retval && retval != KRB5_SENDAUTH_REJECTED) {
com_err(argv[0], retval, "while using sendauth");
exit(1);
}
Now, obviously, 53 && 53 will not equal to (-1765328180L). So, why am I
getting error code 53?
-------------------------------------------------------
I have set up the krb5/telnetd on my linux box and when I try to telnet
in, I get:
Kerberos error: Can't send request (send_to_kdc)
Last login: Tue May 16 17:49:00 from nic.prep.net
Warning: No Kerberos tickets obtained.
-------------------------------------------------------
I have tried rsh/rlogin. My .k5login has my PREP.NET principal
in it. I have tickets for that principal on both the DECstation and
the LINUX machine. Both platforms open the rsh/rlogin connection
and then it just hangs. A "netstat" on the target host shows
the connection to the host.eklogin port, but I don't get a shell or a
rejection. It just hangs...
---------------------------------------------------
I have a number of patches for various files in order to get them to
compile.
One is a comment that is not properly closed. The source has it ending
with "* /" instead of "*/". In that same file, I changed the references to
the character '"' into their octal equivalents to prevent further possible
mischeif by my C compilers. Both GCC on Linux and MIPS-CC on DEC
barf on this missed comment.
BEGIN PATCH
#
# patches for libtelnet sources
#
-------------------------
--- src/appl/telnet/libtelnet/kerberos5.c~ Thu Apr 27 15:53:53 1995
+++ src/appl/telnet/libtelnet/kerberos5.c Sat May 13 17:51:39 1995
@@ -273,7 +273,7 @@
/*
* keep the key in our private storage, but don't use it yet
* ---see kerberos5_reply() below
- * /
+ */
if (newkey && (newkey->keytype != KEYTYPE_DES)) {
if (new_creds->keyblock.keytype == KEYTYPE_DES)
/* use the session key in credentials instead */
@@ -580,10 +580,10 @@
BUMP(buf, buflen);
if (cnt <= 4)
break;
- ADDC(buf, buflen, '"');
+ ADDC(buf, buflen, '\042');
for (i = 4; i < cnt; i++)
ADDC(buf, buflen, data[i]);
- ADDC(buf, buflen, '"');
+ ADDC(buf, buflen, '\042');
ADDC(buf, buflen, '\0');
break;
-------------------------
END PATCH
With the -DDEBUG flag, they involve patching
things in the libdes425 str_to_key files so that they use consistent
variables for the des debuging [des_debug everywhere]. The
rest are support for des_debug in the programs that link with libdes425.
BEGIN PATCHES
#
# patches for libdes425 sources
#
-------------------------
--- src/lib/des425/str_to_key.c~ Thu Apr 13 20:50:20 1995
+++ src/lib/des425/str_to_key.c Sat May 13 02:16:05 1995
@@ -43,7 +43,7 @@
#include "des.h"
/* #include "des_internal.h" */
-extern int mit_des_debug;
+extern int des_debug;
/*
* convert an arbitrary length string to a DES key
@@ -73,7 +73,7 @@
memset(k_char, 0,sizeof(k_char));
#ifdef DEBUG
- if (mit_des_debug)
+ if (des_debug)
fprintf(stdout,
"\n\ninput str length = %d string = %s\nstring = 0x ",
length,str);
@@ -84,7 +84,7 @@
/* get next input key byte */
temp = (unsigned int) *str++;
#ifdef DEBUG
- if (mit_des_debug)
+ if (des_debug)
fprintf(stdout,"%02x ",temp & 0xff);
#endif
/* loop through bits within byte, ignore parity */
@@ -125,7 +125,7 @@
des_fixup_key_parity(key);
#ifdef DEBUG
- if (mit_des_debug)
+ if (des_debug)
fprintf(stdout,
"\nResulting string_to_key = 0x%x 0x%x\n",
*((unsigned long *) key),
-------------------------
--- src/lib/des425/string2key.c~ Tue Feb 28 04:31:26 1995
+++ src/lib/des425/string2key.c Sat May 13 02:15:40 1995
@@ -103,7 +103,7 @@
memset(k_char,0,sizeof(k_char));
#ifdef DEBUG
- if (mit_des_debug)
+ if (des_debug)
fprintf(stdout,
"\n\ninput str length = %d string = %s\nstring = 0x ",
length,str);
@@ -114,7 +114,7 @@
/* get next input key byte */
temp = (unsigned int) *str++;
#ifdef DEBUG
- if (mit_des_debug)
+ if (des_debug)
fprintf(stdout,"%02x ",temp & 0xff);
#endif
/* loop through bits within byte, ignore parity */
@@ -155,7 +155,7 @@
mit_des_fixup_key_parity(key);
#ifdef DEBUG
- if (mit_des_debug)
+ if (des_debug)
fprintf(stdout,
"\nResulting string_to_key = 0x%x 0x%x\n",
*((unsigned long *) key),
-------------------------
#
# patches for r-commands
#
-------------------------
--- src/appl/bsd/krshd.c~ Wed May 3 03:46:08 1995
+++ src/appl/bsd/krshd.c Sat May 13 04:17:57 1995
@@ -230,6 +230,11 @@
}
#endif
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
main(argc, argv)
int argc;
-------------------------
--- src/appl/bsd/krlogind.c~ Wed May 3 03:46:06 1995
+++ src/appl/bsd/krlogind.c Sat May 13 04:22:40 1995
@@ -235,6 +235,11 @@
#define SECURE_MESSAGE "This rlogin session is using DES encryption
for all data transmissions.\r\n
"
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
int (*des_read)(), (*des_write)();
char des_inbuf[2*BUFSIZ]; /* needs to be > largest read size */
char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */
-------------------------
--- src/appl/bsd/login.c~ Fri Apr 28 20:36:13 1995
+++ src/appl/bsd/login.c Sat May 13 04:27:26 1995
@@ -199,6 +199,11 @@
#endif /* SETPAG */
#endif /* KRB4 */
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
char *getenv();
void dofork();
-------------------------
#
# patch for kadmin.v4.server sources
#
-------------------------
--- src/kadmin.v4/server/admin_server.c~ Sat Apr 29 00:35:37 1995
+++ src/kadmin.v4/server/admin_server.c Sat May 13 03:44:34 1995
@@ -53,6 +53,11 @@
#define SIGNAL_RETURN return(0)
#endif
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
/* Almost all procs and such need this, so it is global */
admin_params prm; /* The command line parameters struct */
-------------------------
#
# patch for krb5db_convert sources
#
----------------------------
--- src/admin/convert/kdb5_convert.c~ Tue Apr 18 17:46:38 1995
+++ src/admin/convert/kdb5_convert.c Sat May 13 03:26:45 1995
@@ -47,6 +47,13 @@
#define PROGNAME argv[0]
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
+char *progname;
+
enum ap_op {
NULL_KEY, /* setup null keys */
MASTER_KEY, /* use master key as new key */
@@ -166,6 +173,8 @@
krb5_context context;
krb5_enctype etype = 0xffff;
+
+ progname = (char *) PROGNAME;
krb5_init_context(&context);
-------------------------
#
# patch for kedit sources
#
-------------------------
--- src/admin/edit/ss_wrapper.c~ Fri Mar 17 15:59:25 1995
+++ src/admin/edit/ss_wrapper.c Sat May 13 03:06:51 1995
@@ -32,6 +32,11 @@
extern ss_request_table kdb5_edit_cmds;
extern int exit_status;
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
int main(argc, argv)
int argc;
char *argv[];
-------------------------
#
# patches for krb5b5 kdc sources
#
-------------------------
--- src/kdc/main.c~ Fri Mar 31 16:51:05 1995
+++ src/kdc/main.c Sat May 13 02:49:14 1995
@@ -41,6 +41,11 @@
static int nofork = 0;
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
static void
kdc_com_err_proc(whoami, code, format, pvar)
const char *whoami;
-------------------------
#
# patches for telnet sources
#
-------------------------
--- src/appl/telnet/telnet/main.c~ Fri Apr 21 12:47:10 1995
+++ src/appl/telnet/telnet/main.c Sat May 13 18:48:40 1995
@@ -54,6 +54,11 @@
#define FORWARD
#endif
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
/*
* Initialize variables.
*/
-------------------------
#
# patches for telnetd sources
#
-------------------------
--- src/appl/telnet/telnetd/telnetd.c~ Wed May 3 19:52:11 1995
+++ src/appl/telnet/telnetd/telnetd.c Sat May 13 19:05:37 1995
@@ -171,6 +171,11 @@
'\0'
};
+#ifdef DEBUG
+/* no support for DEBUG yet */
+int des_debug = 0;
+#endif
+
main(argc, argv)
int argc;
char *argv[];
-------------------------
END PATCHES
There are also a few bugs with the tex documentation,
but since it isn't done yet, I didn't include them... :-)
/***************************************************************/
/* Jon 'Iain' Boone Senior Network Engineer boone@prep.net */
/* (412) 268-7874 PREPnet iain+@cmu.edu */
/***************************************************************/
