From owner-freebsd-bugs@FreeBSD.ORG  Fri Oct 21 04:00:28 2011
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6537F1065673
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 21 Oct 2011 04:00:28 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id E9DFB8FC0C
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 21 Oct 2011 04:00:19 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p9L40JAJ090059
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 21 Oct 2011 04:00:19 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p9L40Jcc090058;
	Fri, 21 Oct 2011 04:00:19 GMT (envelope-from gnats)
Resent-Date: Fri, 21 Oct 2011 04:00:19 GMT
Resent-Message-Id: <201110210400.p9L40Jcc090058@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Harry Coin <hcoin@quietfountain.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D6922106566B
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri, 21 Oct 2011 03:58:23 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id C600D8FC15
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri, 21 Oct 2011 03:58:23 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p9L3wNFp009537
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 21 Oct 2011 03:58:23 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p9L3wNU6009536;
	Fri, 21 Oct 2011 03:58:23 GMT (envelope-from nobody)
Message-Id: <201110210358.p9L3wNU6009536@red.freebsd.org>
Date: Fri, 21 Oct 2011 03:58:23 GMT
From: Harry Coin <hcoin@quietfountain.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/161854: _gsskrb5_pname_to_uid lname lookup fails,
	breaks nfs/kerberos
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2011 04:00:28 -0000


>Number:         161854
>Category:       kern
>Synopsis:       _gsskrb5_pname_to_uid lname lookup fails, breaks nfs/kerberos
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 21 04:00:19 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Harry Coin
>Release:        8Stable
>Organization:
Quiet Fountain LLC
>Environment:
amd64
>Description:
Notice in

http://svnweb.freebsd.org/base/head/kerberos5/lib/libgssapi_krb5/pname_to_uid.c?revision=181344&view=markup

..
OM_uint32
34 	_gsskrb5_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname,
35 	const gss_OID mech, uid_t *uidp)
36 	{
37 	krb5_context context;
38 	krb5_const_principal name = (krb5_const_principal) pname;
39 	krb5_error_code kret;
40 	char lname[MAXLOGNAME + 1], buf[128];
41 	struct passwd pwd, *pw;


52     getpwnam_r(lname, &pwd, buf, sizeof(buf), &pw);

128 is too small.  Any non-trivial use of kerberos via nfs fails to record the correct user names.
>How-To-Repeat:
Put some debug writes in there, you'll notice when kerberos is being used no user names authenticate.  kerberos on nfs is essentially broken if the total length of the strings in the passwd structure exceed 128 bytes.  Given the password itself can be 128 characters, much less the gecos, dir, shell, etc. etc....



>Fix:
-40 	char lname[MAXLOGNAME + 1], buf[128];
+40 	char lname[MAXLOGNAME + 1], buf[1204];



>Release-Note:
>Audit-Trail:
>Unformatted: