[957] in Kerberos-V5-bugs
few more bugs
daemon@ATHENA.MIT.EDU (Andrew Gross)
Mon Nov 14 03:05:52 1994
Date: Mon, 14 Nov 94 00:05:36 -0800
From: Andrew Gross <drew@drew.sdsc.edu>
To: krb5-bugs@MIT.EDU
Hello,
Here are a few more bugs.
Thanks,
Andrew Gross
=========================================================================
1)
In appl/bsd/krlogind.c, at about line 1600:
/* Setup up eblock if encrypted login session */
/* otherwise zero out session key */
if (do_encrypt) {
krb5_use_keytype(&eblock,
ticket->enc_part2->session->keytype);
if (status = krb5_process_key(&eblock,
ticket->enc_part2->session))
fatal(netf, "Permission denied");
+ ticket->enc_part2->session = 0;
}
The (+) line is needed because the krb5_process_key calls
lib/crypto/des/process_ky.c:mit_des_process_key(eblock,keyblock)
which just copies the pointer out of the ticket structure:
default:
eblock->key = (krb5_keyblock *) keyblock;
then when the ticket is free in do_krb_login() the keyblock data is
lost.
=========================================================================
2)
In tests/hammer/kdc5_hammer.c:get_tgt(), krb5_cc_destroy is called
on the ccache struct. krb5_cc_destroy not only destroys the cache but
also frees the pointer associated with the ccache structure which
invalidates it for further use in main loop in main() (cf,
lib/krb5/ccache/file/fcc_destry.c) .
Either the krb5_cc_destroy() should be commented out, allowing the
tickets to accumulate in the ccache, or &ccache should be passed in
along with the command line specified cache file (or lack thereof) and
a krb5_cc_default (or krb5_cc_resolve) called as appropriate.
=========================================================================
3)
In appl/bsd/krcp.c:answer_auth() calls both krb5_cc_close() and
krb5_cc_destroy(). Both of these routines free the same pointers so
they shoud not be called in succession.
Is there an easy way to determine if a credential cache exists previous
to a krb5_cc_get_principal call? If I have done a rlogin -f to host foo
and then try to rcp to host foo, I would like to have answer_auth() do a
krb5_cc_close() instead of a krb5_cc_destroy() since I do want those
credentials there.
=========================================================================
