kern/161854: _gsskrb5_pname_to_uid lname lookup fails,
breaks nfs/kerberos
Harry Coin
hcoin at quietfountain.com
Fri Oct 21 04:00:28 UTC 2011
>Number: 161854
>Category: kern
>Synopsis: _gsskrb5_pname_to_uid lname lookup fails, breaks nfs/kerberos
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 21 04:00:19 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Harry Coin
>Release: 8Stable
>Organization:
Quiet Fountain LLC
>Environment:
amd64
>Description:
Notice in
http://svnweb.freebsd.org/base/head/kerberos5/lib/libgssapi_krb5/pname_to_uid.c?revision=181344&view=markup
..
OM_uint32
34 _gsskrb5_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname,
35 const gss_OID mech, uid_t *uidp)
36 {
37 krb5_context context;
38 krb5_const_principal name = (krb5_const_principal) pname;
39 krb5_error_code kret;
40 char lname[MAXLOGNAME + 1], buf[128];
41 struct passwd pwd, *pw;
52 getpwnam_r(lname, &pwd, buf, sizeof(buf), &pw);
128 is too small. Any non-trivial use of kerberos via nfs fails to record the correct user names.
>How-To-Repeat:
Put some debug writes in there, you'll notice when kerberos is being used no user names authenticate. kerberos on nfs is essentially broken if the total length of the strings in the passwd structure exceed 128 bytes. Given the password itself can be 128 characters, much less the gecos, dir, shell, etc. etc....
>Fix:
-40 char lname[MAXLOGNAME + 1], buf[128];
+40 char lname[MAXLOGNAME + 1], buf[1204];
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list