[2062] in Kerberos-V5-bugs
Re: possible rsh/kshd problem?
daemon@ATHENA.MIT.EDU (Mark Eichin)
Mon Jul 1 23:03:29 1996
From: Mark Eichin <eichin@cygnus.com>
Date: Mon, 1 Jul 1996 22:47:49 -0400
To: Dave McGuire <mcguire@rocinante.digex.net>
Cc: kerberos@MIT.EDU, krb5-bugs@MIT.EDU, rdist-bugs@usc.edu
In-Reply-To: "[7557] in Kerberos"
(hmm. the original hasn't gone to the newsgroup yet...)
> unmodified...I grab tickets with kinit, and tell rdist on the command
There's a bug in rdist that keeps it from working with v5 rsh. Simply
put: rdistd writes to stdin. (Yes, std*in*.) This works with ucb rsh
or v4 rsh because all they do is dup() the network socket, which is
bidirectional anyway, to 0 and 1. v4-encrypting (at least the cygnus
version, but any other version would have to...) or v5-anymode, rsh
both use pipes, which are one-way, to talk to the subprocess, and
rdistd dies.
The simple fix changes "rem" to mean the *output* filedescriptor, and
then change the readrem() function to check for fileno(stdout) and
substitute fileno(stdin). This was mostly intended to minimize the
patch; it certainly works now.
rdist-bugs folks - I'd be pleased to see this patch, or anything with
the same result, go in :-)
_Mark_ <eichin@cygnus.com>
Cygnus Support
Cygnus Network Security <network-security@cygnus.com>
http://www.cygnus.com/data/cns/
cvs diff -u -D06/21/1996
cvs server: Diffing .
Index: ChangeLog
===================================================================
RCS file: /cvs/cvsfiles/krb5/appl/rdist/ChangeLog,v
retrieving revision 1.8
retrieving revision 1.10
diff -u -r1.8 -r1.10
--- ChangeLog 1996/06/10 21:29:46 1.8
+++ ChangeLog 1996/06/22 06:31:20 1.10
@@ -1,3 +1,15 @@
+Sat Jun 22 01:20:24 1996 Mark Eichin <eichin@cygnus.com>
+
+ * src/rdistd.c (main): use stdout, not stdin, for the remote file
+ descriptor (since all reads go through remread and get fixed but
+ writes don't.)
+
+ * src/common.c (remread): don't try to read from stdout;
+ explicitly check and read from stdin instead. (classic rsh just
+ dup'ed the socket onto stdin/stdout, so we got away with it
+ because sockets are bidirectional; pipes aren't, so encrypting
+ rsh breaks this.)
+
Mon Jun 10 17:26:15 1996 Marc Horowitz <marc@mit.edu>
* configure.in (f_fstypename), src/Makefile.in (DEFS): add a test
cvs server: Diffing src
Index: src/common.c
===================================================================
RCS file: /cvs/cvsfiles/krb5/appl/rdist/src/common.c,v
retrieving revision 1.2
retrieving revision 1.4
diff -u -r1.2 -r1.4
--- common.c 1996/02/21 22:06:48 1.2
+++ common.c 1996/06/22 05:25:07 1.4
@@ -364,7 +364,9 @@
u_char *buf;
int bufsiz;
{
- return(read(fd, (char *)buf, bufsiz));
+ int realfd = fd;
+ if (fd == fileno(stdout)) realfd = fileno(stdin);
+ return(read(realfd, (char *)buf, bufsiz));
}
static int remmore()
Index: src/rdistd.c
===================================================================
RCS file: /cvs/cvsfiles/krb5/appl/rdist/src/rdistd.c,v
retrieving revision 1.2
retrieving revision 1.4
diff -u -r1.2 -r1.4
--- rdistd.c 1996/02/21 22:07:09 1.2
+++ rdistd.c 1996/06/22 05:31:00 1.4
@@ -93,8 +93,8 @@
exit(1);
}
- /* Use stdin for remote descriptor */
- rem = fileno(stdin);
+ /* Use stdout for remote descriptor */
+ rem = fileno(stdout);
/* Set logging */
if (cp = msgparseopts(localmsglist, TRUE))
cvs server: Diffing support
Compilation exited abnormally with code 1 at Mon Jul 1 22:43:16
