[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: problems
Arkadiusz Mi¶kiewicz <misiek@misiek.eu.org> writes:
> Hello, again
Hi
> 1)
> this time I have problems with kdc server on Linux 2.2.10 (IPv6 configured), and
> egcs-1.1.2, glibc-2.1.1, nmap-2.02 ...
>
> when I run port scanning using nmap then kdc exit with SIGSEGV (nmap myserver)
This is (partially) due to a bug in the handling of recvfrom in linux,
but I the following patch should work around that and make things more
robust.
Index: kdc/connect.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/kdc/connect.c,v
retrieving revision 1.62
retrieving revision 1.64
diff -u -w -r1.62 -r1.64
--- connect.c 1999/06/23 13:12:39 1.62
+++ connect.c 1999/07/05 19:11:50 1.64
@@ -656,17 +656,20 @@
}
sa = (struct sockaddr *)sa_buf;
- from_len = sa_size;
- n = recvfrom(d[index].s, buf, sizeof(buf), 0,
- sa, &from_len);
+ /*
+ * We can't trust recvfrom to return an address so we always call
+ * getpeername.
+ */
+
+ n = recvfrom(d[index].s, buf, sizeof(buf), 0, NULL, NULL);
if(n < 0){
krb5_warn(context, errno, "recvfrom");
goto out;
}
- /* sometimes recvfrom doesn't return an address */
- if(from_len == 0) {
from_len = sa_size;
- getpeername(d[index].s, sa, &from_len);
+ if (getpeername(d[index].s, sa, &from_len) < 0) {
+ krb5_warn(context, errno, "getpeername");
+ goto out;
}
addr_to_string(sa, from_len, addr, sizeof(addr));
if (grow_descr (&d[index], n))
@@ -676,6 +679,7 @@
if(d[index].len > 4 && d[index].buf[0] == 0) {
ret = handle_vanilla_tcp (&d[index]);
} else if(enable_http &&
+ d[index].len >= 4 &&
strncmp((char *)d[index].buf, "GET ", 4) == 0 &&
strncmp((char *)d[index].buf + d[index].len - 4,
"\r\n\r\n", 4) == 0) {
> 2)
> Also:
> root@linstar /root# /usr/heimdal/sbin/dump_log
> Segmentation fault
I'm not able to reproduce this bug. What is the contents of your
/var/heimdal directory? And can you run gdb on the core so that I can
see where it's failing?
> 3)
> what heimdal entries I should add to /etc/services ?
> I know only about kx/tcp port 16136 and
> hprop/tcp port 754.
This is probably a good beginning:
#
# Kerberos
#
kerberos-sec 88/udp # Kerberos secondary port UDP
kerberos-sec 88/tcp # Kerberos secondary port TCP
kpasswd 464/udp # password changing
kpasswd 464/tdp # password changing
klogin 543/tcp # Kerberos authenticated rlogin
kshell 544/tcp krcmd # and remote shell
ekshell 545/tcp # Kerberos encrypted remote shell -kfall
ekshell2 2106/tcp # What U of Colorado @ Boulder uses?
kerberos-adm 749/udp # v5 kadmin
kerberos-adm 749/tcp # v5 kadmin
kerberos-iv 750/udp kerberos kdc # Kerberos authentication--udp
kerberos-iv 750/tcp kerberos kdc # Kerberos authentication--tcp
kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp # Kerberos authentication
krb_prop 754/tcp # Kerberos slave propagation
hprop 754/tcp # Kerberos slave propagation
kpop 1109/tcp # Pop with Kerberos
eklogin 2105/tcp # Kerberos encrypted rlogin
rkinit 2108/tcp # Kerberos remote kinit
kx 2111/tcp # X over kerberos
kip 2112/tcp # IP over kerberos
kauth 2120/tcp # Remote kauth
> 4)
> misiek@linstar bin$ ./kinit misiek
> misiek@ZSZ2.STARACHOWICE.PL's Password:
> kinit: krb5_get_init_creds: Program lacks support for checksum type
> misiek@linstar bin$
>
> kdc says only:
> 05-Jul-1999 18:04:06 AS-REQ misiek@ZSZ2.STARACHOWICE.PL from
> IPv4:195.164.211.33 for krbtgt/ZSZ2.STARACHOWICE.PL@ZSZ2.STARACHOWICE.PL
> 05-Jul-1999 18:04:06 Using des3-cbc-sha1/des3-cbc-sha1
> 05-Jul-1999 18:04:06 sending 767 bytes to IPv4:195.164.211.33
>
> but I don't get ticket:
> misiek@linstar bin$ ./klist
> klist: No ticket file: /tmp/krb5cc_500
Somehow the client doesn't handle des3-cbc-sha1. Did you compile both
client and server with --enable-new-des3-code? Can you do a `kadmin
-l get -l misiek' on your KDC?
/assar
- References:
- problems
- From: Arkadiusz Miśkiewicz <misiek@misiek.eu.org>