krb5_get_init_creds_password with empty password and no prompter

Stef Walter stef at thewalter.net
Wed May 22 03:41:58 EDT 2013


On 06.05.2013 18:11, Greg Hudson wrote:
> On 05/06/2013 10:50 AM, Stef Walter wrote:
>> I've tried to fix this in preauth2.c get_as_key() without success. Any
>> tips on a good way to tackle/patch this?
> 
> I think the gak_data contract needs to be modified.  Right now gak_data
> points to a krb5_data, which either contains the pre-supplied password
> or a buffer for the prompter output, and we tell the difference by
> testing if password->data[0] != '\0'.  If the pre-supplied password
> might be empty, then we need another way to tell the difference,
> probably by encapsulating the krb5_data in a structure with a flag.
> 
> Once we have a contract which can support empty pre-supplied passwords,
> the conditional at line 273 ("if (password && password[0])") also needs
> to be adjusted.

Just got back to this now. Attached is a patch, and test case for this
issue. Let me know if you'd like it revised. Happy to adjust it.

Cheers,

Stef


-- 

stef at thewalter.net
http://stef.thewalter.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-corner-case-with-empty-password-and-preauth.patch
Type: text/x-patch
Size: 10970 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20130522/f89113e3/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: frob-krb5-preauth.c
Type: text/x-csrc
Size: 1021 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20130522/f89113e3/attachment-0001.bin


More information about the krbdev mailing list