Bug 611713
Summary: | kshd: locuser too long for usernames >= 16 chars | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Rik Brown <richard.brown> | ||||||
Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> | ||||||
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 5.5 | CC: | dpal, jplans | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | krb5-1.6.1-52.el5 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | |||||||||
: | 632442 (view as bug list) | Environment: | |||||||
Last Closed: | 2011-01-13 23:53:16 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 632442 | ||||||||
Attachments: |
|
Using UT_NAMESIZE looks like exactly the right thing to me. Thanks! Created attachment 446385 [details]
modified patch
Looks like $USER's getting truncated, so we might as well also make the buffer that's used to hold its value bigger.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0098.html |
Created attachment 429710 [details] Patch for krb5 source to set NMAX as UT_NAMESIZE, not 16. Description of problem: If Kerberized rsh is used to attempt to execute a command on a remote machine, logging in as a username with 16 or more characters, a "kshd: locuser too long" message is seen. However, just performing a login is successful. Version-Release number of selected component (if applicable): Appears to affect all versions of Kerberos in RedHat (RHEL4 and RHEL5), as well as upstream krb5-appl-1.0.1. [RHEL5 box]# rpm -q krb5-workstation krb5-workstation-1.6.1-36.4 [RHEL4 box]# rpm -q krb5-workstation krb5-workstation-1.3.4-62.2 How reproducible: 100% Steps to Reproduce: 1. kinit as any principle (e.g. your own) 2. Attempt to use Kerberos rsh to execute a command on any other Kerberos client as a username with <16 characters. The user does not need to exist. - e.g. # /usr/kerberos/bin/rsh -x -l 123456789012345 some-server uptime 3. Now repeat the command except with any username >=16 characters. - e.g. # /usr/kerberos/bin/rsh -x -l 1234567890123456 some-server uptime 4. Now simply attempt to perform a remote login. - e.g. # /usr/kerberos/bin/rsh -x -l 1234567890123456 some-server Actual results: - (2) A <16 char username will either perform the command correctly or give the expected "kshd: Login incorrect." error if it did not exist. - (3) A >=16 char username will see "kshd: locuser too long", regardless of whether the user exists. - (4) However when simply performing a remote login the command will be performed correctly, or will be rejected as not authorized if valid permissions/the user didn't exist. - as expected. Expected results: - Successful command completion (or "kshd: Login incorrect." if the user didn't exist) or both tests 2/3. - Successful remote login or the expected Kerberos error e.g. not authorized for test 4. Additional info: It appears that the source code for kshd.c (src/appl/bsd/krshd.c) defines the locuser and remuser char array variables with a size of NMAX+1. NMAX is #define'd earlier as the fixed figure, 16. The "getstr" helper function checks the length and throws the aforementioned error (as the user couldn't fit in the char array). However, the source code for krlogind.c (src/appl/bsd/krlogind.c) defines the similar variables "lusername" and "rusername" as UT_NAMESIZE+1. UT_NAMESIZE is either defined in the included <utmp.h> (from glibc) or defined as sizeof(((struct utmp *)0)->ut_name). In RHEL, this equates to 32 characters and I believe (from reading around online) refers to the maximum username size in Linux. I have attached a patch which changes kshd.c to simply also include the lines referring to UT_NAMESIZE and define NMAX based upon it. Thus, consistency is restored and both remote login and kerberos rsh can correctly login to a user up to UT_NAMESIZE. This patch can be applied to Kerberos 1.6.1-36.4 (RHEL5) and 1.3.4-62.2 (RHEL4). Other versions and upstream have not been tested vs this patch, but I assume will work too (as upstream does not seem to have changed these much).