kern/161854: _gsskrb5_pname_to_uid lname lookup fails, breaks nfs/kerberos

Harry Coin hcoin at
Fri Oct 21 04:00:28 UTC 2011

>Number:         161854
>Category:       kern
>Synopsis:       _gsskrb5_pname_to_uid lname lookup fails, breaks nfs/kerberos
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 21 04:00:19 UTC 2011
>Originator:     Harry Coin
>Release:        8Stable
Quiet Fountain LLC
Notice in

34 	_gsskrb5_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname,
35 	const gss_OID mech, uid_t *uidp)
36 	{
37 	krb5_context context;
38 	krb5_const_principal name = (krb5_const_principal) pname;
39 	krb5_error_code kret;
40 	char lname[MAXLOGNAME + 1], buf[128];
41 	struct passwd pwd, *pw;

52     getpwnam_r(lname, &pwd, buf, sizeof(buf), &pw);

128 is too small.  Any non-trivial use of kerberos via nfs fails to record the correct user names.
Put some debug writes in there, you'll notice when kerberos is being used no user names authenticate.  kerberos on nfs is essentially broken if the total length of the strings in the passwd structure exceed 128 bytes.  Given the password itself can be 128 characters, much less the gecos, dir, shell, etc. etc....

-40 	char lname[MAXLOGNAME + 1], buf[128];
+40 	char lname[MAXLOGNAME + 1], buf[1204];


More information about the freebsd-bugs mailing list