Created attachment 429710 [details]
Patch for krb5 source to set NMAX as UT_NAMESIZE, not 16.
Description of problem:
If Kerberized rsh is used to attempt to execute a command on a remote machine, logging in as a username with 16 or more characters, a "kshd: locuser too long" message is seen. However, just performing a login is successful.
Version-Release number of selected component (if applicable):
Appears to affect all versions of Kerberos in RedHat (RHEL4 and RHEL5), as well as upstream krb5-appl-1.0.1.
[RHEL5 box]# rpm -q krb5-workstation
[RHEL4 box]# rpm -q krb5-workstation
Steps to Reproduce:
1. kinit as any principle (e.g. your own)
2. Attempt to use Kerberos rsh to execute a command on any other Kerberos client as a username with <16 characters. The user does not need to exist.
- e.g. # /usr/kerberos/bin/rsh -x -l 123456789012345 some-server uptime
3. Now repeat the command except with any username >=16 characters.
- e.g. # /usr/kerberos/bin/rsh -x -l 1234567890123456 some-server uptime
4. Now simply attempt to perform a remote login.
- e.g. # /usr/kerberos/bin/rsh -x -l 1234567890123456 some-server
- (2) A <16 char username will either perform the command correctly or give the expected "kshd: Login incorrect." error if it did not exist.
- (3) A >=16 char username will see "kshd: locuser too long", regardless of whether the user exists.
- (4) However when simply performing a remote login the command will be performed correctly, or will be rejected as not authorized if valid permissions/the user didn't exist. - as expected.
- Successful command completion (or "kshd: Login incorrect." if the user didn't exist) or both tests 2/3.
- Successful remote login or the expected Kerberos error e.g. not authorized for test 4.
It appears that the source code for kshd.c (src/appl/bsd/krshd.c) defines the locuser and remuser char array variables with a size of NMAX+1. NMAX is #define'd earlier as the fixed figure, 16. The "getstr" helper function checks the length and throws the aforementioned error (as the user couldn't fit in the char array).
However, the source code for krlogind.c (src/appl/bsd/krlogind.c) defines the similar variables "lusername" and "rusername" as UT_NAMESIZE+1. UT_NAMESIZE is either defined in the included <utmp.h> (from glibc) or defined as sizeof(((struct utmp *)0)->ut_name).
In RHEL, this equates to 32 characters and I believe (from reading around online) refers to the maximum username size in Linux.
I have attached a patch which changes kshd.c to simply also include the lines referring to UT_NAMESIZE and define NMAX based upon it. Thus, consistency is restored and both remote login and kerberos rsh can correctly login to a user up to UT_NAMESIZE.
This patch can be applied to Kerberos 1.6.1-36.4 (RHEL5) and 1.3.4-62.2 (RHEL4). Other versions and upstream have not been tested vs this patch, but I assume will work too (as upstream does not seem to have changed these much).
Using UT_NAMESIZE looks like exactly the right thing to me. Thanks!
Created attachment 446385 [details]
Looks like $USER's getting truncated, so we might as well also make the buffer that's used to hold its value bigger.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.