[7690] in Athena Bugs
Re: xlogin (all versions) 7.2R (and current sources)
daemon@ATHENA.MIT.EDU (Richard Basch)
Wed Jun 26 07:05:10 1991
Date: Wed, 26 Jun 91 07:04:49 -0400
To: eichin@ATHENA.MIT.EDU, bugs@MIT.EDU
From: Richard Basch <basch@MIT.EDU>
Subject: xlogin (all versions) 7.2R (and current sources)
Date: Tue, 25 Jun 91 22:20:26 EDT
From: "Mark W. Eichin" <eichin@MIT.EDU>
To: bugs@ATHENA.MIT.EDU
In etc.athena/xdm/xlogin/verify.c, version 1.15, the following logic
is found:
User types invalid user name, no password.
verify.c: check local account. (FAILS)
hes_getpwnam(user) (FAILS)
clear password
cleanup(NULL)
return (and try again.)
Note that "cleanup", on line 391, begins by calling dest_tkt(). This
routine is in the kerberos library; it refers to TKT_FILE, which calls
tkt_string, which synthesizes a ticket file name out of getuid() (did
you see a setuid call in the above logic? Nope...) so
krb_ticket_string gets set to "/tmp/tkt0", which tkt_string returns
the next time around and uses.
A fix would be to simply make sure that krb_set_tkt_string()
is called around line 126 of verify.c, where the setenv("KRBTKFILE")
occurs, so that the kerberos library is informed of the new value.
_Mark_ <eichin@athena.mit.edu>
MIT Student Information Processing Board
Watchmaker Computing <eichin@watch.com>
This was recently discovered and will be fixed for 7.3; it has
supposedly been fixed by Mark Rosenstein in his development locker,
which he will be handing over to us as soon as he integrates the RIOS
changes. (Admittedly, I don't expect anyone to have known this bizarre
status, including QA, which is why I am responding...)
-Richard
