[2141] in Kerberos-V5-bugs
Kerberos POP (popper and movemail) are busted
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Mon Aug 12 00:01:57 1996
To: krb5-bugs@MIT.EDU
Date: Mon, 12 Aug 1996 00:01:38 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1113.839822449.1@cmf.nrl.navy.mil>
Both the Kerberos POP daemon and movemail in beta 6 are broken. In the
pop daemon's case, it uses a variable called "ext_client" but never
initializes it; in movemail's case, it never initializes auth_context before
calling krb5_sendauth().
Here's a patch that fixes both. BTW, I noticed that the patches for MH
that are included with the popper daemon are really dusty; is there interest
in an updated version of that patch? I am going to do that myself ...
--Ken
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1113.839822449.2@cmf.nrl.navy.mil>
Content-Description: Patch to fix Kerberos POP
--- src/appl/popper/pop_init.c.orig Sun Jun 11 02:20:30 1995
+++ src/appl/popper/pop_init.c Sun Aug 11 23:33:11 1996
@@ -290,6 +290,7 @@
krb5_auth_context auth_context = NULL;
krb5_error_code retval;
krb5_principal server;
+ krb5_ticket *ticket;
int sock = 0;
krb5_init_context(&pop_context);
@@ -309,7 +310,7 @@
"KPOPV1.0", server,
0, /* no flags */
NULL, /* default keytab */
- NULL /* don't care about ticket */
+ &ticket /* need ticket for client name */
)) {
pop_msg(p, POP_FAILURE, "recvauth failed--%s", error_message(retval));
pop_log(p, POP_WARNING, "%s: recvauth failed--%s",
@@ -318,6 +319,15 @@
}
krb5_free_principal(pop_context, server);
krb5_auth_con_free(pop_context, auth_context);
+ if (retval = krb5_copy_principal(pop_context, ticket->enc_part2->client,
+ &ext_client)) {
+ pop_msg(p, POP_FAILURE, "unable to copy principal--%s",
+ error_message(retval));
+ pop_msg(p, POP_FAILURE, "unable to copy principal (%s)",
+ inet_ntoa(addr->sin_addr));
+ exit(-1);
+ }
+ krb5_free_ticket(pop_context, ticket);
if (retval = krb5_unparse_name(pop_context, ext_client, &client_name)) {
pop_msg(p, POP_FAILURE, "name not parsable--%s",
error_message(retval));
--- src/appl/movemail/movemail.c.orig Sun Aug 11 23:44:10 1996
+++ src/appl/movemail/movemail.c Sun Aug 11 23:45:02 1996
@@ -535,7 +535,7 @@
krb5_context context;
krb5_principal client, server;
krb5_error *err_ret = NULL;
- krb5_auth_context auth_context;
+ krb5_auth_context auth_context = NULL;
char *hostname;
#endif /* KRB5 */
#endif /* KERBEROS */
@@ -628,6 +628,7 @@
&err_ret, 0,
NULL); /* don't need reply */
krb5_free_principal(context, server);
+ krb5_auth_con_free(context, auth_context);
if (retval) {
if (err_ret && err_ret->text.length) {
sprintf(Errmsg, "krb5 error: %s [server says '%*s'] ",
------- =_aaaaaaaaaa0--
