[397] in Kerberos-V5-bugs
Bug report/Fix
tytso@ATHENA.MIT.EDU (tytso@ATHENA.MIT.EDU)
Thu Jan 13 12:20:22 1994
Fixed already, but placed in the discuss meeting for archival value....
Date: Thu, 9 Sep 93 13:44:18 PDT
From: ari@ISI.EDU
Posted-Date: Thu, 9 Sep 93 13:44:18 PDT
To: tytso@MIT.EDU
Subject: Bug report/Fix
Cc: bcn@ISI.EDU
Ted,
We found the following bug in kerberos:
when using kadmin to add a new
principal to the database, the kadmind server writes a new
entry for the principal but does not write the associated
password (key) of the principal. This causes crashes of krb5kdc server later
on when kinit, kpasswd ...etc is used.
The bug is in file src/kadmin/server/adm_funcs.c in function adm_modify_kdb.
In the beginning of the function the following code encrypts the keys:
----------------------------------------------------------------
if (key && key->length) {
retval = krb5_kdb_encrypt_key(&master_encblock,
key,
&entry->key);
if (retval) {
com_err("adm_modify_kdb", retval,
"while encrypting key for '%s'", newprinc);
return(KADM_NO_ENCRYPT);
}
}
if (alt_key && alt_key->length) {
retval = krb5_kdb_encrypt_key(&master_encblock,
alt_key,
&entry->alt_key);
if (retval) {
com_err("adm_modify_kdb", retval,
"while encrypting alt_key for '%s'", newprinc);
return(KADM_NO_ENCRYPT);
}
---------------------------------------------------------------------
The problem comes in right after this code, a check
is made to see if it's a new entry:
if (!req_type) { /* New entry - initialize */
and then the the value of entry (including both keys, entry->alt_key and
entry->key is reset !):
memset((char *)entry, 0, sizeof(*entry));
So the keys are lost !!!
-------------------------------------------------------------
A solution to this problem is to place the code initializing the keys
after this code:
if (!req_type) { /* New entry -initialize */
.
.
.
}
else {}
-Ari
