[3266] in Kerberos-V5-bugs
pty/1011: patch to fix utmpx updates on Solaris 8 for krb5-1.2.2 update_utmp.c
daemon@ATHENA.MIT.EDU (Alex.Swab@digex.com)
Mon Nov 5 19:36:11 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: hartmans@mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, Alex.Swab@digex.com
Message-Id: <200111060035.fA60ZBs19687@panda.isbu.digex.net>
Date: Mon, 5 Nov 2001 19:35:11 -0500 (EST)
From: Alex.Swab@digex.com
Reply-To: Alex.Swab@digex.com
To: krb5-bugs@mit.edu
>Number: 1011
>Category: pty
>Synopsis: fix for the known utmpx bug described in krb5-1.2.2/README
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: hartmans
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 5 19:36:01 EST 2001
>Last-Modified:
>Originator: Alex Swab
>Organization:
Digex, Inc.
>Release: krb5-1.2.2
>Environment:
sparc, Solaris 8
System: SunOS csgate.corp.digex.com 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-60
Architecture: sun4
>Description:
The utmpx bug is known and documented in the krb5-1.2.2/README.
The utmpx filename becomes littered with random characters when Kerberos
programs call the pty_update_utmp function. On Solaris 8 sparc, the
littered filename becomes /var/adm/utmp*x where '*' seems to be a random
number of random characters. A new file is created with a different
littered name and contains a single utmpx entry each time the
pty_update_utmp function is called. The 'who' command on Solaris 8
reads the /var/adm/utmpx file by default, so when pty_update_utmp
creates an utmpx entry into a littered filename, 'who' will not show
the Kerberos login, however the 'last' command does show the login
because wtmpx updates seem to be working fine.
>How-To-Repeat:
To test, for example, install Kerberos 1.2.2 or some earlier versions
onto Solaris 8 sparc and setup klogind server to run from inetd, then
use Kerberos rlogin from a remote machine to login to the klogind.
I'm using the following line in the /etc/inet/inetd.conf for klogind:
eklogin stream tcp nowait root /usr/local/sbin/klogind klogind -5 -c -e -w ip
The results for me is that the user can login and function fine,
but the utmpx file name is littered as described above.
>Fix:
I'm including a patch that fixes the utmpx problem on Solaris 8 sparc.
I haven't tested the patched code on other platforms, so I'm not sure
if it won't break another platform. I left most of the code as-is
by still first populating an utmp structure when utmpx is available.
However, I setup preprocessor directives to avoid calling most of the
utmp functions (utmpname, setutent, pututline, and endutent) when
HAVE_SETUTXENT is defined. As original, the code still copies the utmp
structure 'ent' to utmpx structure 'utx' with the getutmpx function
else does the HP-UX/DEC workaround. I moved the setutxent call from
before the getutmpx down to after the utmpx structure is complete just
before the pututxline call. I addeded a utmpxname call just before the
new setutxent and gave it an argument of the preprocessed UTMPX_FILE.
Here is the patch:
*** DIST/krb5-1.2.2/src/util/pty/update_utmp.c Wed Feb 28 17:08:33 2001
--- PATCHED/krb5-1.2.2/src/util/pty/update_utmp.c Mon Nov 5 15:08:10 2001
***************
*** 112,119 ****
--- 112,122 ----
#ifdef HAVE_SETUTENT
+ #ifndef HAVE_SETUTXENT
utmpname(UTMP_FILE);
setutent();
+ #endif
+
/* If we need to preserve the user name in the wtmp structure and
* Our flags tell us we can obtain it from the utmp and we succeed in
* obtaining it, we then save the utmp structure we obtain, write
***************
*** 131,141 ****
}
#endif
pututline(&ent);
endutent();
#ifdef HAVE_SETUTXENT
! setutxent();
#ifdef HAVE_GETUTMPX
getutmpx(&ent, &utx);
#else
--- 134,146 ----
}
#endif
+ #ifndef HAVE_SETUTXENT
pututline(&ent);
endutent();
+ #endif
#ifdef HAVE_SETUTXENT
!
#ifdef HAVE_GETUTMPX
getutmpx(&ent, &utx);
#else
***************
*** 163,168 ****
--- 168,175 ----
strncpy(utx.ut_host, host, sizeof(utx.ut_host));
else
utx.ut_host[0] = 0;
+ utmpxname(UTMPX_FILE);
+ setutxent();
pututxline(&utx);
endutxent();
#endif /* HAVE_SETUTXENT */
>Audit-Trail:
>Unformatted:
