Bug 167917 - pam_krb5 sets PAM_AUTHTOK with rubbish instead of PAM_OLDAUTHTOK with a valid pointer in pam_sm_chauthtok
Summary: pam_krb5 sets PAM_AUTHTOK with rubbish instead of PAM_OLDAUTHTOK with a valid...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam_krb5   
(Show other bugs)
Version: 4.0
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-09-09 15:16 UTC by John Haxby
Modified: 2010-02-12 18:49 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-02-12 18:49:30 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch. (735 bytes, patch)
2005-09-09 15:35 UTC, John Haxby
no flags Details | Diff

Description John Haxby 2005-09-09 15:16:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.10) Gecko/20050719 Red Hat/1.0.6-1.4.1 Firefox/1.0.6

Description of problem:
During the PAM_PRELIM_CHECK phase of pam_sm_chauthtok, a call to pam_set_item() set the PAM_AUTHTOK item to the validated password.   It correctly *uses* PAM_OLDAUTHTOK for use_first_pass is true and correctly sets PAM_AUTHTOK to the *new* password in the PAM_UPDATE_AUTHTOK phase.

As you can imagine, this causes problems for stacked modules that follow pam_krb5 that want to use_first_pass.

Rather worse than that both calls to pam_set_item() pass "&password" as the last parameter.  Since this last parameter is passed to strdup() you store rubbish in pamh->authtok (if you're lucky) or experience a painful segmentation fault (if you're not).   That's why I've set this to "high" -- it's a matter of luck that passwd(1) doesn't crash.

The other calls to pam_set_item() in auth.c are, thankfully, correct.

Version-Release number of selected component (if applicable):
pam_krb5-2.1.2-1

How reproducible:
Always

Steps to Reproduce:
1. grep -n pam_set_item .../pam_krb5-2.1.2-1/src/password.c


Actual Results:  187: pam_set_item(pamh, PAM_AUTHTOK, &password);
250: pam_set_item(pamh, PAM_AUTHTOK, &password);

Expected Results:  187: pam_set_item(pamh, PAM_OLDAUTHTOK, password);
250: pam_set_item(pamh, PAM_AUTHTOK, password);

Additional info:

Comment 1 John Haxby 2005-09-09 15:35:23 UTC
Created attachment 118639 [details]
Proposed patch.

Just to save you some work :-)	 I've tested this, pam_krb5 now behaves as
expected when changing passwords.

Comment 2 Nalin Dahyabhai 2010-02-12 18:49:30 UTC
Fixed in 2.1.16.  Thanks!


Note You need to log in before you can comment on or make changes to this bug.