[3000] in Kerberos-V5-bugs
krb5-libs/658: new creds API prompter_fct doesn't use sam_type_name
daemon@ATHENA.MIT.EDU (fcusack@iconnet.net)
Wed Nov 11 16:44:45 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, fcusack@iconnet.net
Date: Wed, 11 Nov 1998 16:31:22 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
>Number: 658
>Category: krb5-libs
>Synopsis: new creds API prompter_fct doesn't use sam_type_name
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Wed Nov 11 16:31:00 EST 1998
>Last-Modified:
>Originator: Frank Cusack
>Organization:
Icon CMT Corp.
>Release: krb5-current-19981012
>Environment:
Unix/win32
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
SAM preauth has a field "sam-type-name" which, according to
the passwords-03 draft, the client can display to the user.
This field is not passed to the prompter function.
The fix also includes a change to the SAMDATA macro.
Previously, if a kdc supplied string was too long,
it would be truncated. Now, instead of truncating,
the default string is used.
Some of these patches may not apply cleanly.
>How-To-Repeat:
>Fix:
Index: krb5.hin
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5/src/include/krb5.hin,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- krb5.hin 1998/11/10 16:44:15 1.3
+++ krb5.hin 1998/11/11 20:53:14 1.4
@@ -2081,6 +2081,7 @@
typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
void *data,
+ const char *name,
const char *banner,
int num_prompts,
krb5_prompt prompts[]);
Index: prompter.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5/src/lib/krb5/os/prompter.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 prompter.c
--- prompter.c 1998/10/14 00:47:23 1.1.1.1
+++ prompter.c 1998/11/11 20:56:03
@@ -25,6 +25,7 @@
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
krb5_prompter_posix(krb5_context context,
void *data,
+ const char *name,
const char *banner,
int num_prompts,
krb5_prompt prompts[])
@@ -41,6 +42,11 @@
int fd;
#endif
+ if (name) {
+ fputs(name, stdout);
+ fputs("\n", stdout);
+ }
+
if (banner) {
fputs(banner, stdout);
fputs("\n", stdout);
@@ -117,10 +123,11 @@
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
krb5_prompter_posix(krb5_context context,
- void *data,
- const char *banner,
- int num_prompts,
- krb5_prompt prompts[])
+ void *data,
+ const char *name,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[])
{
return(EINVAL);
}
Index: preauth2.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5/src/lib/krb5/krb/preauth2.c,v
retrieving revision 1.3
diff -u -r1.3 preauth2.c
--- preauth2.c 1998/11/09 23:03:26 1.3
+++ preauth2.c 1998/11/11 21:07:24
@@ -190,9 +190,10 @@
#define SAMDATA(kdata, str, maxsize) \
(kdata.length)? \
- ((((kdata.length)<=(maxsize))?(kdata.length):(maxsize))): \
+ ((((kdata.length)<=(maxsize))?(kdata.length):(strlen(str)))): \
strlen(str), \
- (kdata.length)?(kdata.data):(str)
+ (kdata.length)? \
+ ((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str)
/* XXX Danger! This code is not in sync with the kerberos-password-02
draft. This draft cannot be implemented as written. This code is
@@ -212,7 +213,8 @@
{
krb5_error_code ret;
krb5_data tmpsam;
- char banner[100], prompt[100], response[100];
+ char name[100], banner[100];
+ char prompt[100], response[100];
krb5_data response_data;
krb5_prompt kprompt;
krb5_encrypt_block eblock;
@@ -255,6 +257,7 @@
/*
* We need to use the password as part or all of the key.
* If as_key contains info, it should be the users pass phrase.
+ * If not, get the password before issuing the challenge.
*/
if (as_key->length == 0) {
if (ret = ((*gak_fct)(context, request->client,
@@ -278,6 +281,10 @@
}
}
+ sprintf(name, "%.*s",
+ SAMDATA(sam_challenge->sam_type_name, "SAM Authentication",
+ sizeof(name) - 1));
+
sprintf(banner, "%.*s: [%.*s]",
SAMDATA(sam_challenge->sam_challenge_label, "Challenge",
sizeof(banner) - 25),
@@ -308,7 +315,8 @@
kprompt.hidden = sam_challenge->sam_challenge.length ? 0 : 1;
kprompt.reply = &response_data;
- if (ret = ((*prompter)(context, prompter_data, banner, 1, &kprompt))) {
+ if (ret = ((*prompter)(context, prompter_data, name,
+ banner, 1, &kprompt))) {
krb5_free_sam_challenge(context, sam_challenge);
return(ret);
}
Index: vardlg.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5/src/windows/lib/vardlg.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 vardlg.c
--- vardlg.c 1998/10/14 00:48:11 1.1.1.1
+++ vardlg.c 1998/11/11 21:13:33
@@ -171,8 +171,8 @@
* fields for each item.
*/
void *
-vardlg_build(WORD cx, const char *banner, WORD n, krb5_prompt prompts[],
- WORD id)
+vardlg_build(WORD cx, const char *name, const char *banner,
+ WORD n, krb5_prompt prompts[], WORD id)
{
unsigned char *p;
WORD i;
@@ -187,7 +187,9 @@
/*
* Store the dialog template
*/
- p += ADD_DLGTEMPLATE(p, 0, 0, cx, 0, "KerbNet", "MS Sans Serif", 8,
+ p += ADD_DLGTEMPLATE(p, 0, 0, cx, 0,
+ strlen(name) < 30 ? name : "KerbNet",
+ "MS Sans Serif", 8,
(WORD)(n * 2 + 3));
/*
Index: krb5.hin
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5/src/include/krb5.hin,v
retrieving revision 1.4
diff -u -r1.4 krb5.hin
--- krb5.hin 1998/11/11 20:53:14 1.4
+++ krb5.hin 1998/11/11 21:19:01
@@ -2091,6 +2091,7 @@
krb5_prompter_posix
KRB5_PROTOTYPE((krb5_context context,
void *data,
+ const char *name,
const char *banner,
int num_prompts,
krb5_prompt prompts[]));
Index: vardlg.h
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5/src/windows/lib/vardlg.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 vardlg.h
--- vardlg.h 1998/10/14 00:48:11 1.1.1.1
+++ vardlg.h 1998/11/11 21:20:55
@@ -25,7 +25,7 @@
* If there are items, we also create a Cancel button and one (label, entry)
* fields for each item.
*/
-void *vardlg_build(WORD, const char *, WORD, krb5_prompt *, WORD);
+void *vardlg_build(WORD, const char *, const char *, WORD, krb5_prompt *, WORD);
void vardlg_config(HWND, WORD, const char *, WORD, krb5_prompt *, WORD);
Index: gic.h
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5/src/windows/lib/gic.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 gic.h
--- gic.h 1998/10/14 00:48:11 1.1.1.1
+++ gic.h 1998/11/11 21:21:55
@@ -23,6 +23,6 @@
} gic_data;
krb5_error_code KRB5_CALLCONV gic_prompter(krb5_context, void *, const char *,
- int, krb5_prompt []);
+ const char *, int, krb5_prompt []);
#endif /* _WINDOWS_LIB_GIC_H */
Index: gic_pwd.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5/src/lib/krb5/krb/gic_pwd.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 gic_pwd.c
--- gic_pwd.c 1998/10/14 00:47:18 1.1.1.1
+++ gic_pwd.c 1998/11/11 21:27:18
@@ -57,7 +57,7 @@
prompt.hidden = 1;
prompt.reply = password;
- if (ret = ((*prompter)(context, prompter_data, NULL, 1, &prompt)))
+ if (ret = ((*prompter)(context, prompter_data, NULL, NULL, 1, &prompt)))
return(ret);
}
>Audit-Trail:
>Unformatted:
