kadmin cpw does not complain about mismatching passwords

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

kadmin cpw does not complain about mismatching passwords

Harald Barth-2

You can try to set passwords from kadmin like this, I mismatch the
password given to the Verify prompt:

kadmin> get haba
            Principal: [hidden email]
(...)
            Kvno: 11
(...)
            Last modified: 2019-02-25 14:12:43 UTC
(...)
kadmin> cpw haba
[hidden email]'s Password: xxx
Verify password - [hidden email]'s Password: yyy
kadmin> get haba
            Principal: [hidden email]
(...)
            Kvno: 11
(...)
            Last modified: 2019-02-25 14:12:43 UTC
(...)

Obviously the passwords above did not match. As expected the
principal's data did _not_ change. However the user who tried it did
not get any notice about this and the return value from kadmin is also
wrong if invoked from the command line like this:

# /usr/heimdal-7.5.0/bin/kadmin cpw haba
[hidden email]'s Password: xxx
Verify password - [hidden email]'s Password: yyy
# echo $?
0

I think this is due to this:

kadmin/cpw.c, set_password():

        ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
        free (prompt);
        if(ret){
            return 0; /* XXX error code? */
        }

Compare to

kadmin/ank.c, add_one_principal()

        ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
        free (prompt);
        if (ret) {
            ret = KRB5_LIBOS_BADPWDMATCH;
            krb5_set_error_message(context, ret, "failed to verify password");
            goto out;
        }

Is there any reason that this is handled different in the two cases?

I'd just handle it in cpw like in ank. Any objections?

Harald.