kadmin cpw does not complain about mismatching passwords

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

kadmin cpw does not complain about mismatching passwords

Harald Barth-2

I thought I would at least get a "yes, seems reasonable, show us a
patch" as a response to my previous email on this subject.

Out of curiousity, I traced the bug back to when the function in
question was introduced to heimdal, version 0.0n. Even if the bug is
now old enough to buy me a drink (in most juristdictions), I felt it's
time to do something about it. See attached patch.

Harald.


--- cpw.c.orig 2017-12-07 05:11:23.000000000 +0100
+++ cpw.c 2019-03-04 14:37:57.253372844 +0100
@@ -101,13 +101,16 @@
  ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
  free (prompt);
  if(ret){
-    return 0; /* XXX error code? */
+    ret = KRB5_LIBOS_BADPWDMATCH;
+    krb5_set_error_message(context, ret, "failed to verify password");
+    goto out;
  }
  password = pwbuf;
     }
     if(ret == 0)
  ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL,
        password);
+out:
     memset(pwbuf, 0, sizeof(pwbuf));
     return ret;
 }
Reply | Threaded
Open this post in threaded view
|

Re: kadmin cpw does not complain about mismatching passwords

Andreas Haupt-2
Hi Harald,

On Mon, 2019-03-04 at 15:00 +0100, Harald Barth wrote:
> I thought I would at least get a "yes, seems reasonable, show us a
> patch" as a response to my previous email on this subject.

Looks like both of your mails hung on mif.h5l.org until today.
Impressive ...

Cheers,
Andreas
--
| Andreas Haupt            | E-Mail: [hidden email]
|  DESY Zeuthen            | WWW:    http://www-zeuthen.desy.de/~ahaupt
|  Platanenallee 6         | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen         | Fax:    +49/33762/7-7216


smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: kadmin cpw does not complain about mismatching passwords

Jeffrey Altman-2
On 3/22/2019 5:21 AM, Andreas Haupt wrote:

> Hi Harald,
>
> On Mon, 2019-03-04 at 15:00 +0100, Harald Barth wrote:
>> I thought I would at least get a "yes, seems reasonable, show us a
>> patch" as a response to my previous email on this subject.
>
> Looks like both of your mails hung on mif.h5l.org until today.
> Impressive ...
>
> Cheers,
> Andreas
The mailing list server has been offline since before March 1st
due to hardware failure.

Jeffrey Altman



smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: kadmin cpw does not complain about mismatching passwords

Love Hörnquist Åstrand


> 22 mars 2019 kl. 06:59 skrev Jeffrey Altman <[hidden email]>:
>
> On 3/22/2019 5:21 AM, Andreas Haupt wrote:
>> Hi Harald,
>>
>> On Mon, 2019-03-04 at 15:00 +0100, Harald Barth wrote:
>>> I thought I would at least get a "yes, seems reasonable, show us a
>>> patch" as a response to my previous email on this subject.
>>
>> Looks like both of your mails hung on mif.h5l.org until today.
>> Impressive ...
>>
>> Cheers,
>> Andreas
>
> The mailing list server has been offline since before March 1st
> due to hardware failure.

Boot volume filled up and then a the a unschedule maintenance reboot made the server never recover, oops.

Love