[krbdev.mit.edu #5126] krb5_verify_init_creds behaves badly with a ticket cache
Russ Allbery <rra@stanford.edu> via RT
rt-comment at krbdev.mit.edu
Tue Dec 19 00:52:11 EST 2006
If the ticket cache argument to krb5_verify_init_creds is non-NULL and
points to an existing file cache (if it points to a memory cache or to a
NULL pointer, everything still works), krb5_verify_init_creds fails with
an internal error because it tries to write to a ticket cache opened
read-only.
To see why, observe that krb5_verify_init_creds calls
krb5_cc_copy_creds_except to do the work of copying the credentials into
the cache. The first thing that function does is call krb5_cc_set_flags
on both ticket caches to turn off OPENCLOSE mode. However, in the file
cache implementation, as soon as OPENCLOSE mode is turned off, the file
(which is always at that point closed) is opened read-only. When
credentials are stored in the target cache, a write is done without
trying to reopen the cache read/write, since it's already open, and the
operation then fails with an OS error.
The quick fix is to not call krb5_cc_set_flags on the target cache and
leave it in OPENCLOSE mode. This shouldn't be a noticable performance
issue; for one, krb5_verify_init_creds is not a performance-critical
operation since it's normally done only once in the lifetime of a ticket
cache, and for another, there are generally only two tickets in the
credential cache it's copying.
However, I think there's a deeper bug here. Turning off OPENCLOSE mode
shouldn't make a ticket cache read-only. Fixing that, however, may be
problematic; the cleanest fix code-wise that I can see would be to store
a flag in the ticket cache structure saying what mode the cache was
opened in and then reopening it as needed for a particular operation.
That may not be too bad, since it looks like the structure is not
exposed in the API, but it requires changing a lot of code. My guess is
that always reopening the ticket cache read/write won't be acceptable
since it disallows read-only ticket caches when OPENCLOSE mode is turned
off, something that doesn't feel clean.
More information about the krb5-bugs
mailing list