Bug 55317 - pam_krb5afs.so incorrectly parses /etc/krb5.conf (PATCH included)
pam_krb5afs.so incorrectly parses /etc/krb5.conf (PATCH included)
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: krb5 (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-10-29 12:23 EST by Need Real Name
Modified: 2007-04-18 12:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 10:33:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-10-29 12:23:00 EST
Description of Problem:
pam_krb5afs.so will parse lines of the following type incorrectly in
/etc/krb5.conf.  The problem is in the regular expression in krb5conf.l.

foo=bar		(no space between foo and =, and = and bar)
foo=a b c	(a line with multiple strings will not read all strings
		 this is need for afs_cells in our environment)

Version-Release number of selected component (if applicable):
pam_krb5-1.46-1

How Reproducible:
Try changing a line in /etc/krb5.conf to not include spaces before and
after '=' and using pam_krb5afs.so for authentication.  You should the
following error logged in /var/logs/messages.

Oct 25 13:39:51 bratan login[24264]: pam_krb5: error parsing /etc/krb5.conf
at line 14 at ` ': syntax error

Additional Information:

Here is a patch that fixes this problem.  The patch just modifies one line
that contains the regular expression for recognizing strings.

*** krb5conf.l.~1~      Tue Jul 31 12:05:47 2001
--- krb5conf.l  Fri Oct 26 16:10:37 2001
***************
*** 13,19 ****
  \;.*                                                  {};
  [[:blank:]]+                                          {};
  \r{0,1}\n                                             {
xkrb5_conf_lineno++; return NEWLINE; };
! [^[:blank:]#;\[\]{}=\n][^[:blank:]#;\n]*              { yylval.sval =
strdup(yytext); return STRING; };
  =                                                     { return EQUALS; };
  \[[^[:blank:]]+\]                                     { char *p;
                                                          yylval.sval =
strdup(yytext + 1);
--- 13,19 ----
  \;.*                                                  {};
  [[:blank:]]+                                          {};
  \r{0,1}\n                                             {
xkrb5_conf_lineno++; return NEWLINE; };
! [^[:blank:]#;\[\]{}=\n][^#;=\n]*                      { yylval.sval =
strdup(yytext); return STRING; };
  =                                                     { return EQUALS; };
  \[[^[:blank:]]+\]                                     { char *p;
                                                          yylval.sval =
strdup(yytext + 1);
Comment 1 Bill Nottingham 2006-08-07 13:28:25 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 2 Bill Nottingham 2006-10-18 10:33:59 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.