From: Mark Vitale Date: Tue, 13 May 2014 23:18:57 +0000 (-0400) Subject: kauth: fix klog principal name parsing X-Git-Tag: openafs-stable-1_8_0pre1~443 X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=47a1a786786bc7f1e3939aff9100c2196cfcb5a7;hp=01917b4497c5ad4f91bf8bd260a3cc6b7c25f150 kauth: fix klog principal name parsing If a principal name is specified to the klog command, it is not correctly passed in the pw structure. This in turn causes uninitialized storage to be passed to ka_UserAuthenticateGeneral. This may either lead to a segmentation fault in klog, or cause garbage to be passed to the kaserver, leading to garbage in some log and audit messages. In all cases it is impossible to authenticate to kaserver with a specified principal name. However, klog still works correctly when no principal name is specified. This was introduced by commit 68ce3aa814a7e3085242e705f013f05ed5da2d5c which removed lclpw to eliminate a clang warning. However, the clang warning was misleading in this case, as lclpw was actually used (confusingly) to indirectly update the pw structure. Instead of reverting this commit, just update pw->pwname directly. Change-Id: I565360c6e2f970637422e8b01998d3fc29874ec4 Reviewed-on: http://gerrit.openafs.org/11145 Reviewed-by: Mark Vitale Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman --- diff --git a/src/kauth/klog.c b/src/kauth/klog.c index 458c606..9116a88 100644 --- a/src/kauth/klog.c +++ b/src/kauth/klog.c @@ -268,6 +268,7 @@ CommandProc(struct cmd_syndesc *as, void *arock) foundExplicitCell = 1; strncpy(realm, cell, sizeof(realm)); } + pw->pw_name = name; } else { /* No explicit name provided: use Unix uid. */ pw = getpwuid(getuid());