[krbdev.mit.edu #3030] Bug report: Kinit has no suport for addresses in credentials. Kinit -a is not enabled.

""RAGHAVENDRA@MIT.EDU ""RAGHAVENDRA at MIT.EDU
Mon Apr 25 16:10:56 EDT 2005 

Hello,

I would like to report a bug in the Kerberos V5 Release 1.4.1.
The description and the proposed fix is as follows:

Defect:  Kinit  has no support for addresses in the credentials
Description: The -a option is not enabled for kinit.
File: /krb5-1.4.1/src/clients/kinit/kinit.c            line: 284
while ((i = GETOPT(argc, argv, "r:fpFP54AVl:s:c:kt:RS:v"))
does not specify option "a" for tickets with addresses.

Proposed fix:
Introduce -a option in GETOPT
Line 284 in kinit.c has to be changed to
while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:v"))

However, just making this change will cause a core dump at line 764

   if (opts->addresses)
   {
       krb5_address **addresses = NULL;
       code = krb5_os_localaddr(k5->ctx, &addresses);
       if (code != 0) {
           com_err(progname, code, "getting local addresses");
           goto cleanup;
       }
       krb5_get_init_creds_opt_set_address_list(&options, addresses);
   }
when the local copy of  addresses in referenced.
To fix this, the change to be made is :
   if (opts->addresses)
   {
       code = krb5_os_localaddr(k5->ctx, &addresses);
       if (code != 0) {
           com_err(progname, code, "getting local addresses");
           goto cleanup;
       }
       krb5_get_init_creds_opt_set_address_list(&options, addresses);
   }

The declaration and initialization for addresses is moved out of the block
Line 738:
Current implementation:
    krb5_error_code code = 0;
    krb5_get_init_creds_opt options;
                                                                                                                             

    if (!got_k5)
        return 0;

Proposed fix:
    krb5_error_code code = 0;
   krb5_get_init_creds_opt options;
 >    krb5_address **addresses = NULL;
    
    if (!got_k5)
        return 0;
    

Finally, the addresses structure needs to be freed during cleanup. The 
folowing 2 lines are to be added
to current implementation of kinit.c

Line862:
 cleanup:
  > if(addresses)
  >  krb5_free_addresses(k5->ctx, addresses);
                                                                                                                            

Please consider incorporating the above fix in the future release of
Kerberos V5.  Yuo can get back to be in case of further clarifications.

Thanks,
Ramya

-- 


***********************************************************************
Ramya Raghavendra
SNSL-i,  Internet Security and Enterprise Computing
HP-ISO
ramya.raghavendra at hp.com
Ph: 2205 2882

More information about the krb5-bugs mailing list