[2595] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-kdc/310: preauth is broken

daemon@ATHENA.MIT.EDU (epeisach@MIT.EDU)
Thu Dec 19 16:24:49 1996

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, epeisach@MIT.EDU
Date: Thu, 19 Dec 1996 16:23:40 -0500
From: epeisach@MIT.EDU
Reply-To: epeisach@MIT.EDU
To: krb5-bugs@MIT.EDU


>Number:         310
>Category:       krb5-kdc
>Synopsis:       preauth is broken
>Confidential:   yes
>Severity:       critical
>Priority:       high
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Thu Dec 19 16:24:00 EST 1996
>Last-Modified:
>Originator:     Ezra Peisach
>Organization:
mit
>Release:        1.0-development
>Environment:
System: OSF1 kangaroo.mit.edu V3.2 214 alpha
Machine: alpha
>Description:
	If one sets the preauth flag on a principal in the database,
attempt to get tickets from the server results in a core dump of the
kdc. 
>How-To-Repeat:
	kadmin.local: modprinc +preauth principal
	kinit principal
>Fix:
	This is on fix - but is not complete.  
The klist man page needs to document the A and H flags.

cvs diff: Diffing .
Index: kdc_preauth.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/kdc/kdc_preauth.c,v
retrieving revision 5.11
diff -c -r5.11 kdc_preauth.c
*** kdc_preauth.c	1996/11/23 22:37:33	5.11
--- kdc_preauth.c	1996/12/16 09:55:35
***************
*** 637,643 ****
  
      {
        char *uname;
!       int npr = 1, more;
        krb5_db_entry assoc;
        krb5_key_data  *assoc_key;
        krb5_principal newp;
--- 637,644 ----
  
      {
        char *uname;
!       int npr = 1;
!       krb5_boolean more;
        krb5_db_entry assoc;
        krb5_key_data  *assoc_key;
        krb5_principal newp;
***************
*** 663,669 ****
  	  strlen(sam_ptr->name);
  	npr = 1;
  	retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more);
! 	if(!retval) {
  	  sc.sam_type = sam_ptr->sam_type;
  	  break;
  	}
--- 664,670 ----
  	  strlen(sam_ptr->name);
  	npr = 1;
  	retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more);
! 	if(!retval && npr) {
  	  sc.sam_type = sam_ptr->sam_type;
  	  break;
  	}
***************
*** 697,702 ****
--- 698,707 ----
  	  }
  	  /* now we can use encrypting_key... */
  	}
+       } else {
+ 	  /* SAM is not an option - so don't return as hint */
+ 	  retval = KRB5_PREAUTH_BAD_TYPE;
+ 	  goto cleanup;
        }
  
        krb5_princ_component(kdc_context,newp,probeslot)->data = 0;

>Audit-Trail:
>Unformatted:

home help back first fref pref prev next nref lref last post