[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

problems with kinit against MIT KDC

Testing the latest CVS kinit against our MIT KDCs (1.4.3 and 1.6+) I
ran into a couple of problems.  The first error being reported was
"Did not find a plugin for resolve".  It turns out, this wasn't the
real error, but it was the only one being reported.

I patched lib/krb5/krbhost.c to clear the error message if a kdc is
eventually found.  This allowed the real error to be printed.  It
seems there is a general problem of getting the right error printed.

The real problem was then revealed.  I now got the message "ASN.1
invalid character in string".  After a little digging, I found that
the error packet returned by the MIT KDC has the string
"NEEDED_PREAUTH\0" encoded with a length of 15.
der_get_general_string() checks to see if the string contains a null
and reports an error.  In this case there is a null, but it the last
character, which seems harmless.  I'm sure more work could be done to
eliminate the double null if desired.  Also, I couldn't figure out
what the initial length check was really trying to check.  What is
there seems useless.

Patch attached.  (Again, the krbhost.c change is really only a
band-aid for a more general problem.)

Index: lib/asn1/der_get.c
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/asn1/der_get.c,v
retrieving revision 1.52
diff -p -u -r1.52 der_get.c
--- lib/asn1/der_get.c	20 Jan 2007 21:53:32 -0000	1.52
+++ lib/asn1/der_get.c	16 Mar 2007 20:25:50 -0000
@@ -137,10 +137,10 @@ der_get_general_string (const unsigned c
     char *s;
-    if (len > len + 1)
+    if (len > len + 1)	/* XXX What is this trying to check? */
 	return ASN1_BAD_LENGTH;
-    if (memchr(p, 0, len) != NULL)
+    if ((memchr(p, 0, len) != NULL) && (memchr(p, 0, len-1) != NULL))
     s = malloc (len + 1);
Index: lib/krb5/krbhst.c
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/krb5/krbhst.c,v
retrieving revision 1.61
diff -p -u -r1.61 krbhst.c
--- lib/krb5/krbhst.c	30 Nov 2006 17:23:08 -0000	1.61
+++ lib/krb5/krbhst.c	16 Mar 2007 20:25:51 -0000
@@ -570,8 +570,10 @@ kdc_get_next(krb5_context context,
     if((kd->flags & KD_CONFIG) == 0) {
 	config_get_hosts(context, kd, "kdc");
 	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
+	if(get_next(kd, host)) {
+	    krb5_clear_error_string(context);
 	    return 0;
+	}
     if (kd->flags & KD_CONFIG_EXISTS)