[krbdev.mit.edu #8745] libss without readline can interfere with reading passwords

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8745] libss without readline can interfere with reading passwords

Greg Hudson via RT-2
Without readline support, libss uses a dummy version which just calls
fgets() on stdin.

krb5_read_password() (used by ktutil and kadmin) uses
krb5_prompter_posix(), which opens its own unbuffered copy of fd 0.  
Therefore, it will not see any data buffered within stdin.

Put together, kadmin or ktutil can exhibit incorrect behavior when
fed mixed libss and password input over a pipe or from a file:

    $ kadmin.local << EOF
    cpw user
    pw
    pw
    EOF
    Authenticating as principal user/[hidden email] with password.
    kadmin.local:  Enter password for principal "[hidden email]":
    change_password: Cannot read password while reading password for
"[hidden email]".
    kadmin.local:  kadmin.local: Unknown request "pw".  Type "?" for
a request list.
    kadmin.local:  kadmin.local: Unknown request "pw".  Type "?" for
a request list.
    kadmin.local:

If ss is built with readline support, this bug does not manifest
because readline() is careful not to read any characters from fd 0
beyond the newline.

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs