[303] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

Jik: Some patches to V5 B2

tytso@ATHENA.MIT.EDU (tytso@ATHENA.MIT.EDU)
Tue Mar 9 22:49:28 1993

[2348]  daemon@ATHENA.MIT.EDU (Jonathan I. Kamens) Kerberos 11/05/92 22:48 (338 lines)
Subject: Some patches to V5 B2
Date: 6 Nov 92 00:49:40 GMT
From: jik@Athena.MIT.EDU (Jonathan I. Kamens)
To: kerberos@shelby.Stanford.EDU


The patches below, prepared by Barry Jaspan <bjaspan@mit.edu> and me,
do the following:

include/kerberosIV/Imakefile:
	Create the file, which installs header files in
	$(KRB5_INCDIR)/kerberosIV.

include/Imakefile:
	Descend into the kerberosIV subdirectory.

lib/krb425/rd_req.c:
	1) Prepend "FILE:" to the name of the srvtab file name before
	   passing it to V5 routines.
	2) Correctly extract the aname, instance and realm from the V5
	   ticket for the V4 ticket.

lib/krb425/get_cred.c:
	1) Correctly extract the aname and instance from the V5
	   ticket.
	2) Correctly extract the service aname and instance from the
	   V5 server ticket.

lib/des/Imakefile:
	Add "depend" dependencies for the .c and .h files that are
	machine-generated.

lib/Imakefile:
	Install the krb425 and des425 libraries.

kdc/do_as_req.c:
	Print more useful error messages.

kdc/policy.c:
	"#ifdef 0" should be "#if 0".

kadmin/kpasswd/kpasswd.c:
	Fix a stupid error that was causing an "out of memory" error
	unnecessarily.

config-files/services.append:
	Add this file.

Jonathan Kamens                                         jik@MIT.Edu
Geer Zolot Associates                       Moderator, news.answers

*** /dev/null	Thu Nov  5 17:17:21 1992
--- include/kerberosIV/Imakefile	Thu Nov  5 14:49:18 1992
***************
*** 0 ****
--- 1,9 ----
+ KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h
+ 
+ all::
+ 
+ clean::
+ 
+ depend::
+ 
+ Krb5InstallHeaders($(KRB4_HEADERS),$(KRB5_INCDIR)/kerberosIV)
*** 5.3	1991/06/06 09:35:05
--- include/Imakefile	1992/11/04 20:52:25
***************
*** 25,30 ****
  #define IHaveSubdirs
  #define PassCDebugFlags
  
! SUBDIRS=krb5
  
  MakeSubdirs($(SUBDIRS))
--- 25,30 ----
  #define IHaveSubdirs
  #define PassCDebugFlags
  
! SUBDIRS=krb5 kerberosIV
  
  MakeSubdirs($(SUBDIRS))
*** 5.9	1992/08/21 03:16:54
--- lib/krb425/rd_req.c	1992/11/05 23:45:21
***************
*** 27,36 ****
  
  #if !defined(lint) && !defined(SABER)
  static char rcsid_rd_req_c[] =
  "$Id: rd_req.c,v 5.9 1992/08/21 03:16:54 jfc Exp $";
  #endif	/* !lint & !SABER */
  
  #include "krb425.h"
  
  static krb5_error_code
  setkey_key_proc(DECLARG(krb5_pointer,arg),
--- 27,37 ----
  
  #if !defined(lint) && !defined(SABER)
  static char rcsid_rd_req_c[] =
  "$Id: rd_req.c,v 5.9 1992/08/21 03:16:54 jfc Exp $";
  #endif	/* !lint & !SABER */
  
  #include "krb425.h"
+ #include <sys/param.h>
  
  static krb5_error_code
  setkey_key_proc(DECLARG(krb5_pointer,arg),
***************
*** 62,67 ****
--- 63,70 ----
  	krb5_data authe;
  	extern int gethostname();
  	int use_set_key = 0;
+ 	char file_name[MAXPATHLEN+5]; /* 5 for "FILE:" */
+ 	int tmp;
  
  	if (from_addr) {
  		peer.addrtype = ADDRTYPE_INET;
***************
*** 108,115 ****
  	if (!fn) {
  	    use_set_key = 1;
  	    fn = (char *)0;
! 	} else if (!*fn)
! 	    fn = (char *)0;
  
  #ifdef  EBUG
          EPRINT "Calling krb5_rd_req with:\n");
--- 111,124 ----
  	if (!fn) {
  	    use_set_key = 1;
  	    fn = (char *)0;
! 	} else if (!*fn) {
! 		fn = (char *)0;
! 	} else {
! 		strcpy(file_name, "FILE:");
! 		strncpy(file_name + 5, fn, MAXPATHLEN);
! 		file_name[sizeof(file_name)-1] = '\0';
! 		fn = file_name;
! 	}
  
  #ifdef  EBUG
          EPRINT "Calling krb5_rd_req with:\n");
***************
*** 175,185 ****
  	r = 0;
  #endif
  	set_string(ad->pname, ANAME_SZ,
- 		   krb5_princ_component(authdat->authenticator->client, 1));
- 	set_string(ad->pinst, INST_SZ,
- 		   krb5_princ_component(authdat->authenticator->client, 2));
- 	set_string(ad->prealm, REALM_SZ,
  		   krb5_princ_component(authdat->authenticator->client, 0));
  
  	ad->checksum = *(long *)authdat->authenticator->checksum->contents;
  
--- 184,202 ----
  	r = 0;
  #endif
  	set_string(ad->pname, ANAME_SZ,
  		   krb5_princ_component(authdat->authenticator->client, 0));
+ 
+ 	if (authdat->authenticator->client->length > 1) {
+      		set_string(ad->pinst, INST_SZ,
+ 			   krb5_princ_component(authdat->authenticator->client,
+ 						1));
+ 	}
+ 	else {
+ 		ad->pinst[0] = '\0';
+ 	}
+ 
+ 	set_string(ad->prealm, REALM_SZ,
+ 		   krb5_princ_realm(authdat->authenticator->client));
  
  	ad->checksum = *(long *)authdat->authenticator->checksum->contents;
  
*** 5.7	1992/08/21 03:17:43
--- lib/krb425/get_cred.c	1992/11/05 23:21:11
***************
*** 93,104 ****
  			}
  	}
  #endif
! 	set_string(c->pname, ANAME_SZ, krb5_princ_component(creds.client, 1));
! 	set_string(c->pinst, INST_SZ, krb5_princ_component(creds.client, 2));
! 
  	set_string(c->realm, REALM_SZ, krb5_princ_realm(creds.server));
! 	set_string(c->service, REALM_SZ, krb5_princ_component(creds.server, 1));
! 	set_string(c->instance, REALM_SZ, krb5_princ_component(creds.server, 2));
  
  	c->ticket_st.length = creds.ticket.length;
  	memcpy((char *)c->ticket_st.dat,
--- 93,108 ----
  			}
  	}
  #endif
! 	set_string(c->pname, ANAME_SZ, krb5_princ_component(creds.client, 0));
! 	if (creds.client->length > 1) {
! 	  set_string(c->pinst, INST_SZ, krb5_princ_component(creds.client, 1));
! 	}
! 	else {
! 	  c->pinst[0] = '\0';
! 	}
  	set_string(c->realm, REALM_SZ, krb5_princ_realm(creds.server));
! 	set_string(c->service, REALM_SZ, krb5_princ_component(creds.server, 0));
! 	set_string(c->instance, REALM_SZ, krb5_princ_component(creds.server, 1));
  
  	c->ticket_st.length = creds.ticket.length;
  	memcpy((char *)c->ticket_st.dat,
*** 5.24	1992/08/21 02:59:25
--- lib/des/Imakefile	1992/11/05 23:26:20
***************
*** 128,130 ****
--- 128,134 ----
  	./make_st s_table.h
  
  NormalLintTarget($(SRCS))
+ 
+ depend:: key_perm.h odd.h p_table.h s_table.h
+ 
+ depend:: fp.c ip.c p.c
*** 5.28	1992/08/21 03:21:29
--- lib/Imakefile	1992/11/05 23:26:41
***************
*** 121,126 ****
--- 121,128 ----
  
  Krb5InstallLibrary(krb5,$(KRB5_LIBDIR))
  Krb5InstallLibrary($(DESLIB),$(KRB5_LIBDIR))
+ Krb5InstallLibrary(krb425,$(KRB5_LIBDIR))
+ Krb5InstallLibrary(des425,$(KRB5_LIBDIR))
  
  SharedLibraryTarget(kdb5,-L$(KRB5_LIBDIR) -Lshared $(LDLOCATIONS) -lkrb5 -l$(DESLIB) $(ISODELIB) -lcom_err)
  /* SharedLibraryTarget(des425,-L$(KRB5_LIBDIR) -Lshared $(LDLOCATIONS) -l$(DESLIB)) */
*** 5.32	1992/09/30 14:06:19
--- kdc/do_as_req.c	1992/11/04 22:36:04
***************
*** 548,556 ****
      krb5_error errpkt;
      krb5_error_code retval;
      krb5_data *scratch;
  
!     syslog(LOG_INFO, "AS_REQ: %s while processing request",
! 	   error_message(error+KRB5KDC_ERR_NONE));
  
      errpkt.ctime = request->nonce;
      errpkt.cusec = 0;
--- 548,581 ----
      krb5_error errpkt;
      krb5_error_code retval;
      krb5_data *scratch;
+     char unparse_failed = 0, *cname = 0, *sname = 0;
  
!     if (retval = krb5_unparse_name(request->client, &cname)) {
! 	 syslog(LOG_INFO, "AS_REQ: %s while unparsing client name for error",
! 		error_message(retval));
! 	 unparse_failed = 1;
!     }
!     if (retval = krb5_unparse_name(request->server, &sname)) {
! 	 syslog(LOG_INFO, "AS_REQ: %s while unparsing server name for error",
! 		error_message(retval));
! 	 unparse_failed = 2;
!     }
! 
!     if (!unparse_failed)
! 	 syslog(LOG_INFO, "AS_REQ: %s while processing request from %s for %s",
! 		error_message(error+KRB5KDC_ERR_NONE), cname, sname);
!     else
! 	 syslog(LOG_INFO, "AS_REQ: %s while processing request",
! 		error_message(error+KRB5KDC_ERR_NONE));
! 
!     switch (unparse_failed) {
!     case 0:
! 	 free(sname);
!     case 2:
! 	 free(cname);
!     case 1:
! 	 break;
!     }
  
      errpkt.ctime = request->nonce;
      errpkt.cusec = 0;
*** 5.6	1992/09/30 14:08:14
--- kdc/policy.c	1992/11/05 23:34:37
***************
*** 58,64 ****
  krb5_ticket *ticket;
  char **status;
  {
! #ifdef 0
      /*
       * For example, if your site wants to disallow ticket forwarding,
       * you might do something like this:
--- 58,64 ----
  krb5_ticket *ticket;
  char **status;
  {
! #if 0
      /*
       * For example, if your site wants to disallow ticket forwarding,
       * you might do something like this:
*** /dev/null	Thu Nov  5 17:17:21 1992
--- config-files/services.append	Wed Nov  4 16:24:37 1992
***************
*** 0 ****
--- 1,13 ----
+ klogin		543/tcp				# Kerberos authenticated rlogin
+ kerberos	88/udp 		kdc		# Kerberos authentication--udp
+ kerberos	88/tcp 		kdc		# Kerberos authentication--tcp
+ kerberos-sec	750/udp 			# Kerberos authentication--udp
+ kerberos-sec	750/tcp 			# Kerberos authentication--tcp
+ kerberos_master	751/udp 			# Kerberos authentication
+ kerberos_master	751/tcp 			# Kerberos authentication
+ kerberos_adm	752/tcp				# Kerberos 5 admin/changepw
+ passwd_server	752/udp				# Kerberos passwd server
+ kpop		1109/tcp			# Pop with Kerberos
+ kshell		544/tcp		cmd		# and remote shell
+ eklogin		2105/tcp			# Kerberos encrypted rlogin
+ krb_prop	754/tcp				# Kerberos slave propagation
*** 5.1	1992/09/30 14:33:37
--- kadmin/kpasswd/kpasswd.c	1992/11/04 22:37:42
***************
*** 150,156 ****
  	arg = &arg2;
      }
      my_keyblock = (krb5_keyblock *)malloc(sizeof(**key));
!     if (!*key) {
  	if (f_salt) xfree(salt.data);
  	if (arg != (struct v4_pwd_keyproc_arg *) keyseed) 
  		memset((char *) arg->password.data, 0, arg->password.length);
--- 150,156 ----
  	arg = &arg2;
      }
      my_keyblock = (krb5_keyblock *)malloc(sizeof(**key));
!     if (!my_keyblock) {
  	if (f_salt) xfree(salt.data);
  	if (arg != (struct v4_pwd_keyproc_arg *) keyseed) 
  		memset((char *) arg->password.data, 0, arg->password.length);
--[2348]--

home help back first fref pref prev next nref lref last post