From owner-freebsd-current@FreeBSD.ORG Mon Feb 18 23:44:59 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id EA55091 for ; Mon, 18 Feb 2013 23:44:59 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.net.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id AA513DF3 for ; Mon, 18 Feb 2013 23:44:58 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqEEACy8IlGDaFvO/2dsb2JhbABEhkm5W4Ebc4IfAQEBAwEBAQEgBCcgCwUWGAICDQUUAikBCSYGCAcEARkDBIdrBgyueZI2gSOMSoENNAcSDYIOgRMDiGeKBoEHgjiBHY87gyVPgQU1 X-IronPort-AV: E=Sophos;i="4.84,691,1355115600"; d="scan'208";a="14643689" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-annu.net.uoguelph.ca with ESMTP; 18 Feb 2013 18:44:51 -0500 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 17CDDB3F51; Mon, 18 Feb 2013 18:44:52 -0500 (EST) Date: Mon, 18 Feb 2013 18:44:52 -0500 (EST) From: Rick Macklem To: =?utf-8?Q?Elias_M=C3=A5rtenson?= Message-ID: <1789218505.3102975.1361231092074.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: Subject: Re: Possible bug in NFSv4 with krb5p security? MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.203] X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - FF3.0 (Win)/6.0.10_GA_2692) Cc: freebsd-current@freebsd.org, Benjamin Kaduk X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2013 23:45:00 -0000 Elias Martenson wrote: > On 17 February 2013 22:58, Rick Macklem wrote: > > I think the Makefiles are in the kerberos5 directory. > > > > Since the only function you care about is the one in > > kerberos5/lib/libgssapi_krb5/pname_to_uid.c, I'd > > just put a copy of that file in usr.sbin/gssd and > > modify the Makefile there to compile it and link > > its .o into gssd, avoiding rebuilding any libraries. > > > > I'd put a couple of fprintf(stderr, ...) in it and > > then run "gssd -d" and see what it says. > > > > Just how I'd attack it, rick > > > Good news! The problem is solved! > > You were right, the problem was in pname_to_uid.c. In it, the > following > code can be found: > > char lname[MAXLOGNAME + 1], buf[1024]; > > /* some code snipped for brevity... */ > > getpwnam_r(lname, &pwd, buf, sizeof(buf), &pw); > if (pw) { > *uidp = pw->pw_uid; > return (GSS_S_COMPLETE); > } else { > return (GSS_S_FAILURE); > } > > As it turns out, the getpwnam_r() call fails with ERANGE (I had to > check > the return value from getpwnam_r() in order to determine this, as pw > is set > to NULL both if there was an error or if the user name can't be > found). > > Now, increasing the size of buf to 1024 solved the problem, and now > the > lookup works correctly. > > I wrote a small test program that issued the same call to getpwnam_r() > and > it worked. Until I su'ed to root, and then it failed. > > It seems as though the buffer needs to be bigger if you're root. I > have no > idea why, but there you have it. Problem solved. > > Should this be fixed in the main codebase? > Yes, I would definitely say so. I won't be able to do a commit until April, but meybe someone else can do a commit sooner? > Oh, and thanks so much to all of you for being patient with me while > solving this. I really appreciate it. Also, I'd like to say that the > code > base was quite pleasant to work with. Thanks for that too. :-) > And thanks for working through this, so we now have a fix, rick > Regards, > Elias > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org"