[303] in Kerberos-V5-bugs
Jik: Some patches to V5 B2
tytso@ATHENA.MIT.EDU (tytso@ATHENA.MIT.EDU)
Tue Mar 9 22:49:28 1993
[2348] daemon@ATHENA.MIT.EDU (Jonathan I. Kamens) Kerberos 11/05/92 22:48 (338 lines)
Subject: Some patches to V5 B2
Date: 6 Nov 92 00:49:40 GMT
From: jik@Athena.MIT.EDU (Jonathan I. Kamens)
To: kerberos@shelby.Stanford.EDU
The patches below, prepared by Barry Jaspan <bjaspan@mit.edu> and me,
do the following:
include/kerberosIV/Imakefile:
Create the file, which installs header files in
$(KRB5_INCDIR)/kerberosIV.
include/Imakefile:
Descend into the kerberosIV subdirectory.
lib/krb425/rd_req.c:
1) Prepend "FILE:" to the name of the srvtab file name before
passing it to V5 routines.
2) Correctly extract the aname, instance and realm from the V5
ticket for the V4 ticket.
lib/krb425/get_cred.c:
1) Correctly extract the aname and instance from the V5
ticket.
2) Correctly extract the service aname and instance from the
V5 server ticket.
lib/des/Imakefile:
Add "depend" dependencies for the .c and .h files that are
machine-generated.
lib/Imakefile:
Install the krb425 and des425 libraries.
kdc/do_as_req.c:
Print more useful error messages.
kdc/policy.c:
"#ifdef 0" should be "#if 0".
kadmin/kpasswd/kpasswd.c:
Fix a stupid error that was causing an "out of memory" error
unnecessarily.
config-files/services.append:
Add this file.
Jonathan Kamens jik@MIT.Edu
Geer Zolot Associates Moderator, news.answers
*** /dev/null Thu Nov 5 17:17:21 1992
--- include/kerberosIV/Imakefile Thu Nov 5 14:49:18 1992
***************
*** 0 ****
--- 1,9 ----
+ KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h
+
+ all::
+
+ clean::
+
+ depend::
+
+ Krb5InstallHeaders($(KRB4_HEADERS),$(KRB5_INCDIR)/kerberosIV)
*** 5.3 1991/06/06 09:35:05
--- include/Imakefile 1992/11/04 20:52:25
***************
*** 25,30 ****
#define IHaveSubdirs
#define PassCDebugFlags
! SUBDIRS=krb5
MakeSubdirs($(SUBDIRS))
--- 25,30 ----
#define IHaveSubdirs
#define PassCDebugFlags
! SUBDIRS=krb5 kerberosIV
MakeSubdirs($(SUBDIRS))
*** 5.9 1992/08/21 03:16:54
--- lib/krb425/rd_req.c 1992/11/05 23:45:21
***************
*** 27,36 ****
#if !defined(lint) && !defined(SABER)
static char rcsid_rd_req_c[] =
"$Id: rd_req.c,v 5.9 1992/08/21 03:16:54 jfc Exp $";
#endif /* !lint & !SABER */
#include "krb425.h"
static krb5_error_code
setkey_key_proc(DECLARG(krb5_pointer,arg),
--- 27,37 ----
#if !defined(lint) && !defined(SABER)
static char rcsid_rd_req_c[] =
"$Id: rd_req.c,v 5.9 1992/08/21 03:16:54 jfc Exp $";
#endif /* !lint & !SABER */
#include "krb425.h"
+ #include <sys/param.h>
static krb5_error_code
setkey_key_proc(DECLARG(krb5_pointer,arg),
***************
*** 62,67 ****
--- 63,70 ----
krb5_data authe;
extern int gethostname();
int use_set_key = 0;
+ char file_name[MAXPATHLEN+5]; /* 5 for "FILE:" */
+ int tmp;
if (from_addr) {
peer.addrtype = ADDRTYPE_INET;
***************
*** 108,115 ****
if (!fn) {
use_set_key = 1;
fn = (char *)0;
! } else if (!*fn)
! fn = (char *)0;
#ifdef EBUG
EPRINT "Calling krb5_rd_req with:\n");
--- 111,124 ----
if (!fn) {
use_set_key = 1;
fn = (char *)0;
! } else if (!*fn) {
! fn = (char *)0;
! } else {
! strcpy(file_name, "FILE:");
! strncpy(file_name + 5, fn, MAXPATHLEN);
! file_name[sizeof(file_name)-1] = '\0';
! fn = file_name;
! }
#ifdef EBUG
EPRINT "Calling krb5_rd_req with:\n");
***************
*** 175,185 ****
r = 0;
#endif
set_string(ad->pname, ANAME_SZ,
- krb5_princ_component(authdat->authenticator->client, 1));
- set_string(ad->pinst, INST_SZ,
- krb5_princ_component(authdat->authenticator->client, 2));
- set_string(ad->prealm, REALM_SZ,
krb5_princ_component(authdat->authenticator->client, 0));
ad->checksum = *(long *)authdat->authenticator->checksum->contents;
--- 184,202 ----
r = 0;
#endif
set_string(ad->pname, ANAME_SZ,
krb5_princ_component(authdat->authenticator->client, 0));
+
+ if (authdat->authenticator->client->length > 1) {
+ set_string(ad->pinst, INST_SZ,
+ krb5_princ_component(authdat->authenticator->client,
+ 1));
+ }
+ else {
+ ad->pinst[0] = '\0';
+ }
+
+ set_string(ad->prealm, REALM_SZ,
+ krb5_princ_realm(authdat->authenticator->client));
ad->checksum = *(long *)authdat->authenticator->checksum->contents;
*** 5.7 1992/08/21 03:17:43
--- lib/krb425/get_cred.c 1992/11/05 23:21:11
***************
*** 93,104 ****
}
}
#endif
! set_string(c->pname, ANAME_SZ, krb5_princ_component(creds.client, 1));
! set_string(c->pinst, INST_SZ, krb5_princ_component(creds.client, 2));
!
set_string(c->realm, REALM_SZ, krb5_princ_realm(creds.server));
! set_string(c->service, REALM_SZ, krb5_princ_component(creds.server, 1));
! set_string(c->instance, REALM_SZ, krb5_princ_component(creds.server, 2));
c->ticket_st.length = creds.ticket.length;
memcpy((char *)c->ticket_st.dat,
--- 93,108 ----
}
}
#endif
! set_string(c->pname, ANAME_SZ, krb5_princ_component(creds.client, 0));
! if (creds.client->length > 1) {
! set_string(c->pinst, INST_SZ, krb5_princ_component(creds.client, 1));
! }
! else {
! c->pinst[0] = '\0';
! }
set_string(c->realm, REALM_SZ, krb5_princ_realm(creds.server));
! set_string(c->service, REALM_SZ, krb5_princ_component(creds.server, 0));
! set_string(c->instance, REALM_SZ, krb5_princ_component(creds.server, 1));
c->ticket_st.length = creds.ticket.length;
memcpy((char *)c->ticket_st.dat,
*** 5.24 1992/08/21 02:59:25
--- lib/des/Imakefile 1992/11/05 23:26:20
***************
*** 128,130 ****
--- 128,134 ----
./make_st s_table.h
NormalLintTarget($(SRCS))
+
+ depend:: key_perm.h odd.h p_table.h s_table.h
+
+ depend:: fp.c ip.c p.c
*** 5.28 1992/08/21 03:21:29
--- lib/Imakefile 1992/11/05 23:26:41
***************
*** 121,126 ****
--- 121,128 ----
Krb5InstallLibrary(krb5,$(KRB5_LIBDIR))
Krb5InstallLibrary($(DESLIB),$(KRB5_LIBDIR))
+ Krb5InstallLibrary(krb425,$(KRB5_LIBDIR))
+ Krb5InstallLibrary(des425,$(KRB5_LIBDIR))
SharedLibraryTarget(kdb5,-L$(KRB5_LIBDIR) -Lshared $(LDLOCATIONS) -lkrb5 -l$(DESLIB) $(ISODELIB) -lcom_err)
/* SharedLibraryTarget(des425,-L$(KRB5_LIBDIR) -Lshared $(LDLOCATIONS) -l$(DESLIB)) */
*** 5.32 1992/09/30 14:06:19
--- kdc/do_as_req.c 1992/11/04 22:36:04
***************
*** 548,556 ****
krb5_error errpkt;
krb5_error_code retval;
krb5_data *scratch;
! syslog(LOG_INFO, "AS_REQ: %s while processing request",
! error_message(error+KRB5KDC_ERR_NONE));
errpkt.ctime = request->nonce;
errpkt.cusec = 0;
--- 548,581 ----
krb5_error errpkt;
krb5_error_code retval;
krb5_data *scratch;
+ char unparse_failed = 0, *cname = 0, *sname = 0;
! if (retval = krb5_unparse_name(request->client, &cname)) {
! syslog(LOG_INFO, "AS_REQ: %s while unparsing client name for error",
! error_message(retval));
! unparse_failed = 1;
! }
! if (retval = krb5_unparse_name(request->server, &sname)) {
! syslog(LOG_INFO, "AS_REQ: %s while unparsing server name for error",
! error_message(retval));
! unparse_failed = 2;
! }
!
! if (!unparse_failed)
! syslog(LOG_INFO, "AS_REQ: %s while processing request from %s for %s",
! error_message(error+KRB5KDC_ERR_NONE), cname, sname);
! else
! syslog(LOG_INFO, "AS_REQ: %s while processing request",
! error_message(error+KRB5KDC_ERR_NONE));
!
! switch (unparse_failed) {
! case 0:
! free(sname);
! case 2:
! free(cname);
! case 1:
! break;
! }
errpkt.ctime = request->nonce;
errpkt.cusec = 0;
*** 5.6 1992/09/30 14:08:14
--- kdc/policy.c 1992/11/05 23:34:37
***************
*** 58,64 ****
krb5_ticket *ticket;
char **status;
{
! #ifdef 0
/*
* For example, if your site wants to disallow ticket forwarding,
* you might do something like this:
--- 58,64 ----
krb5_ticket *ticket;
char **status;
{
! #if 0
/*
* For example, if your site wants to disallow ticket forwarding,
* you might do something like this:
*** /dev/null Thu Nov 5 17:17:21 1992
--- config-files/services.append Wed Nov 4 16:24:37 1992
***************
*** 0 ****
--- 1,13 ----
+ klogin 543/tcp # Kerberos authenticated rlogin
+ kerberos 88/udp kdc # Kerberos authentication--udp
+ kerberos 88/tcp kdc # Kerberos authentication--tcp
+ kerberos-sec 750/udp # Kerberos authentication--udp
+ kerberos-sec 750/tcp # Kerberos authentication--tcp
+ kerberos_master 751/udp # Kerberos authentication
+ kerberos_master 751/tcp # Kerberos authentication
+ kerberos_adm 752/tcp # Kerberos 5 admin/changepw
+ passwd_server 752/udp # Kerberos passwd server
+ kpop 1109/tcp # Pop with Kerberos
+ kshell 544/tcp cmd # and remote shell
+ eklogin 2105/tcp # Kerberos encrypted rlogin
+ krb_prop 754/tcp # Kerberos slave propagation
*** 5.1 1992/09/30 14:33:37
--- kadmin/kpasswd/kpasswd.c 1992/11/04 22:37:42
***************
*** 150,156 ****
arg = &arg2;
}
my_keyblock = (krb5_keyblock *)malloc(sizeof(**key));
! if (!*key) {
if (f_salt) xfree(salt.data);
if (arg != (struct v4_pwd_keyproc_arg *) keyseed)
memset((char *) arg->password.data, 0, arg->password.length);
--- 150,156 ----
arg = &arg2;
}
my_keyblock = (krb5_keyblock *)malloc(sizeof(**key));
! if (!my_keyblock) {
if (f_salt) xfree(salt.data);
if (arg != (struct v4_pwd_keyproc_arg *) keyseed)
memset((char *) arg->password.data, 0, arg->password.length);
--[2348]--