[2976] in Kerberos-V5-bugs
krb5-appl/638: krb4 encrypted rcp to local host
daemon@ATHENA.MIT.EDU (ghudson@MIT.EDU)
Mon Sep 28 11:07:02 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, ghudson@MIT.EDU
Date: Mon, 28 Sep 1998 10:58:24 -0400
From: ghudson@MIT.EDU
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
>Number: 638
>Category: krb5-appl
>Synopsis: v4rcp does not set local and foreign port numbers
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Sep 28 10:59:00 EDT 1998
>Last-Modified:
>Originator: Greg Hudson
>Organization:
MIT
>Release: 1.0pl1
>Environment:
System: SunOS small-gods.mit.edu 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
When doing a krb4 encrypted rcp to a v5 machine, src/appl/bsd/v4rcp.c
does not set up the port numbers for the local and foreign address, only
the IP addresses. If the rcp is to the same machine (say, if you have
only krb4 tickets), then the direction bit may be set wrong during the
mutual authentication check.
>How-To-Repeat:
Do a krb4 encrypted rcp to a different user on the local host. Note that
it usually fails with a "time out of bounds" error (which is a poor
error message, of course).
>Fix:
kshd has to be modified to export the port numbers in the environment.
Index: krshd.c
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/krshd.c,v
retrieving revision 1.9
diff -c -r1.9 krshd.c
*** krshd.c 1998/06/11 17:58:53 1.9
--- krshd.c 1998/09/24 23:26:10
***************
*** 439,446 ****
char path_rest[] = RPATH;
char remote_addr[64]; /* = "KRB5REMOTEADDR=" */
char local_addr[64]; /* = "KRB5LOCALADDR=" */
! #define ADDRPAD 0,0 /* remoteaddr, localaddr */
#define KRBPAD 0 /* KRB5CCNAME, optional */
/* The following include extra space for TZ and MAXENV pointers... */
--- 439,448 ----
char path_rest[] = RPATH;
char remote_addr[64]; /* = "KRB5REMOTEADDR=" */
+ char remote_port[64]; /* = "KRB5REMOTEPORT=" */
char local_addr[64]; /* = "KRB5LOCALADDR=" */
! char local_port[64]; /* = "KRB5LOCALPORT=" */
! #define ADDRPAD 0,0,0,0
#define KRBPAD 0 /* KRB5CCNAME, optional */
/* The following include extra space for TZ and MAXENV pointers... */
***************
*** 1364,1377 ****
{
int i;
! /* these two are covered by ADDRPAD */
sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr));
for (i = 0; envinit[i]; i++);
envinit[i] =local_addr;
sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr));
for (; envinit[i]; i++);
envinit[i] =remote_addr;
}
/* If we do anything else, make sure there is space in the array. */
--- 1366,1387 ----
{
int i;
! /* these four are covered by ADDRPAD */
sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr));
for (i = 0; envinit[i]; i++);
envinit[i] =local_addr;
+ sprintf(local_port, "KRB5LOCALPORT=%d", ntohs(localaddr.sin_port));
+ for (; envinit[i]; i++);
+ envinit[i] =local_port;
+
sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr));
for (; envinit[i]; i++);
envinit[i] =remote_addr;
+
+ sprintf(remote_port, "KRB5REMOTEPORT=%d", ntohs(fromp->sin_port));
+ for (; envinit[i]; i++);
+ envinit[i] =remote_port;
}
/* If we do anything else, make sure there is space in the array. */
Index: v4rcp.c
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/v4rcp.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 v4rcp.c
*** v4rcp.c 1997/01/21 09:18:11 1.1.1.1
--- v4rcp.c 1998/09/24 21:55:04
***************
*** 1005,1011 ****
local.sin_addr.s_addr = inet_addr(envaddr);
#endif
local.sin_family = AF_INET;
! local.sin_port = 0;
} else {
fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n");
exit(1);
--- 1005,1014 ----
local.sin_addr.s_addr = inet_addr(envaddr);
#endif
local.sin_family = AF_INET;
! if (envaddr = getenv("KRB5LOCALPORT"))
! local.sin_port = htons(atoi(envaddr));
! else
! local.sin_port = 0;
} else {
fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n");
exit(1);
***************
*** 1017,1023 ****
foreign.sin_addr.s_addr = inet_addr(envaddr);
#endif
foreign.sin_family = AF_INET;
! foreign.sin_port = 0;
} else {
fprintf(stderr, "v4rcp: couldn't get remote address (KRB5REMOTEADDR)\n");
exit(1);
--- 1020,1029 ----
foreign.sin_addr.s_addr = inet_addr(envaddr);
#endif
foreign.sin_family = AF_INET;
! if (envaddr = getenv("KRB5REMOTEPORT"))
! foreign.sin_port = htons(atoi(envaddr));
! else
! foreign.sin_port = 0;
} else {
fprintf(stderr, "v4rcp: couldn't get remote address (KRB5REMOTEADDR)\n");
exit(1);
>Audit-Trail:
>Unformatted:
