[3112] in Kerberos-V5-bugs
krb5-admin/753: kadmin modprinc does insufficient arg checking
daemon@ATHENA.MIT.EDU (crawdad@fnal.gov)
Thu Sep 16 12:20:13 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, crawdad@gungnir.fnal.gov
Message-Id: <199909161618.LAA05169@gungnir.fnal.gov>
Date: Thu, 16 Sep 1999 11:18:52 -0500 (CDT)
From: crawdad@fnal.gov
Reply-To: crawdad@gungnir.fnal.gov
To: krb5-bugs@MIT.EDU
Cc: kenh@cmf.nrl.navy.mil
>Number: 753
>Category: krb5-admin
>Synopsis: kadmin modprinc allows -pw, silently ignores
>Confidential: yes
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Sep 16 12:20:00 EDT 1999
>Last-Modified:
>Originator: Matt Crawford
>Organization:
Fermilab
>Release: krb5-1.0.6
>Environment:
Ultra-1, Solaris 2.5.1
System: SunOS gungnir.fnal.gov 5.5.1 Generic_103640-24 sun4u sparc SUNW,Ultra-1
Architecture: sun4
>Description:
kadmin's modprinc function allows "-pw PASSWORD" but silently
ignores it, letting the unwary admin think the password has
been changed.
>How-To-Repeat:
kadmin.local
modrinc +needchange -pw new-PASS-789 name
>Fix:
Index: kadmin.c
===================================================================
RCS file: /cvs/cd/kerberos/src/kadmin/cli/kadmin.c,v
retrieving revision 1.2
diff -c -r1.2 kadmin.c
*** kadmin.c 1999/07/27 20:35:32 1.2
--- kadmin.c 1999/09/16 16:11:44
***************
*** 954,959 ****
--- 954,966 ----
free(canon);
return;
}
+ if (pass) {
+ fprintf(stderr,
+ "modify_principal: -pw not allowed; use change_password\n");
+ krb5_free_principal(context, princ.principal);
+ free(canon);
+ return;
+ }
retval = kadm5_modify_principal(handle, &princ, mask);
krb5_free_principal(context, princ.principal);
if (retval) {
>Audit-Trail:
>Unformatted:
