[16134] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8745] libss without readline can interfere with

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Oct 3 18:45:11 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8745@krbdev.mit.edu>
Message-ID: <rt-8745-48876.1.61833809069719@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8745'":;
Date: Wed,  3 Oct 2018 18:43:24 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu

Without readline support, libss uses a dummy version which just calls 
fgets() on stdin.

krb5_read_password() (used by ktutil and kadmin) uses 
krb5_prompter_posix(), which opens its own unbuffered copy of fd 0.  
Therefore, it will not see any data buffered within stdin.

Put together, kadmin or ktutil can exhibit incorrect behavior when 
fed mixed libss and password input over a pipe or from a file:

    $ kadmin.local << EOF
    cpw user
    pw
    pw
    EOF
    Authenticating as principal user/admin@KRBTEST.COM with password.
    kadmin.local:  Enter password for principal "user@KRBTEST.COM": 
    change_password: Cannot read password while reading password for 
"user@KRBTEST.COM".
    kadmin.local:  kadmin.local: Unknown request "pw".  Type "?" for 
a request list.
    kadmin.local:  kadmin.local: Unknown request "pw".  Type "?" for 
a request list.
    kadmin.local:

If ss is built with readline support, this bug does not manifest 
because readline() is careful not to read any characters from fd 0 
beyond the newline.

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home help back first fref pref prev next nref lref last post