Bug#428732: [krbdev.mit.edu #5593] kadmin crashes during password changes

[Ken Raeburn via RT]

I just tried on our x86_64 etch system (1.4.4-7etch1 kadmind  
installed), and with a few simple tests, couldn't reproduce the  
problem.  I set up a realm FOOBAR.X with a user principal ken with  
admin privileges, ran "kadmin -p ken -q 'cpw ken'" and then "kpasswd"  
a few times, sometimes re-using the same password, sometimes trying  
different passwords (all short).

However, after a reminder from Tom Yu that we had some int/pointer  
problems fixed in that code a while back, I built -7etch1 (since  
-7etch2 doesn't seem to be on the servers I'm using?), worked out a  
rough function call stack from the stack trace in the Debian bug  
report, and found this once I knew where to look:

../../../src/kadmin/server/misc.c:148: warning: assignment makes  
pointer from integer without a cast

Line 148:                 time_string = ctime(&until);

A disassembly confirms that the compiler is widening the assumed int  
return value from ctime, from 32 to 64 bits, when in fact it's a 64- 
bit pointer.  I tried calling ctime under gdb, and it showed me a 32- 
bit value with the high bit set.  Whether that's the true value, or  
gdb was confused about the return type and truncated to 32 bits, I  
don't know.  But either way, that high bit in the low 32 is going to  
get copied into the upper 32 bits, probably not what we want.

This code path requires that the principal in question have a policy  
dictating a minimum time before the password can be changed, and a  
password change made before that time has elapsed.  (I should've  
thought of that given the description of changing passwords  
specifically in a short time.)  Andrew, does that describe your  
situation?  If so, changing src/kadmin/server/misc.c to include  
<time.h> could fix the problem.

Ken