[3278] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-appl/1023: ftpd forms its service principal from host name, not connection

daemon@ATHENA.MIT.EDU (donn@u.washington.edu)
Wed Dec 5 15:38:04 2001

Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, donn@u.washington.edu
Message-Id: <200112052037.fB5Kbuh43700@melville.u.washington.edu>
Date: Wed, 5 Dec 2001 12:37:56 -0800
From: donn@u.washington.edu
Reply-To: donn@u.washington.edu
To: krb5-bugs@mit.edu


>Number:         1023
>Category:       krb5-appl
>Synopsis:       ftpd service principal is hostname, not address lookup
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Wed Dec  5 15:38:00 EST 2001
>Last-Modified:
>Originator:     Donn Cave
>Organization:
	University Computing Services
	University of Washington
>Release:        krb5-1.2.2
>Environment:
	(Any UNIX)
System: AIX melville 3 4 00600210C000


>Description:
	On host with multiple interfaces, each with its own IP and DNS
	addresses, ftp connections to any but one of the addresses fails
	with "wrong principal".  While this could be solved by modifying
	krb5_gss_accept_sec_contect() to pass no service principal to
	krb5_rd_req(), it would arguably be better for ftpd to at least
	use the DNS name associated with the connection.
>How-To-Repeat:
	Equip a host with more than one network interface, and ftp service
	principals for each.  Connect to a DNS name that doesn't match
	gethostname(); ftp will form a service principal from the DNS name,
	but ftpd will use gethostname().
>Fix:
*** appl/gssftp/ftpd/ftpd.c.pltx	Wed Aug  8 13:32:06 2001
--- appl/gssftp/ftpd/ftpd.c	Mon Dec  3 16:13:44 2001
***************
*** 2391,2397 ****
  			syslog(LOG_ERR, "Couldn't get local hostname (%d)", errno);
  			return 0;
  		}
! 		if (!(hp = gethostbyname(localname))) {
  			reply(501, "couldn't canonicalize local hostname\n");
  			syslog(LOG_ERR, "Couldn't canonicalize local hostname");
  			return 0;
--- 2391,2399 ----
  			syslog(LOG_ERR, "Couldn't get local hostname (%d)", errno);
  			return 0;
  		}
! 		/* if (!(hp = gethostbyname(localname))) { */
! 		hp = gethostbyaddr(&ctrl_addr.sin_addr.s_addr, 4, AF_INET);
! 		if (!hp) {
  			reply(501, "couldn't canonicalize local hostname\n");
  			syslog(LOG_ERR, "Couldn't canonicalize local hostname");
  			return 0;
>Audit-Trail:
>Unformatted:
home help back first fref pref prev next nref lref last post