Bug#354133: libpam-krb5 segfaults when trying to authenticate an unknown user

Thu, 23 Feb 2006 08:18:08 -0800 

Package: libpam-krb5
Version: 1.2.0-2
Severity: important


If an application tries to authenticate a non-existing user through
pam-krb5 this application (it was CUPS here) segfaults. I attached an
example application to test this behaviour.

Run the application like this:

[EMAIL PROTECTED] ~/krb5/testkrb5 $ ./main c0034029
Trying to authenticate c0034029
Password: 
Not Authenticated
[EMAIL PROTECTED] ~/krb5/testkrb5 $ ./main foobar  
Trying to authenticate foobar
Segmentation fault

Newer versions of pam-krb5 (I tried snapshot 2003.06.01) do not have
this problem any more but unfortunately this package is not in debian.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.2-rzprt5
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages libpam-krb5 depends on:
ii  krb5-config   1.7                        Configuration files for Kerberos V
ii  libc6         2.3.5-13                   GNU C Library: Shared libraries an
ii  libcomerr2    1.38+1.39-WIP-2005.12.31-1 common error description library
ii  libkrb53      1.4.3-5                    MIT Kerberos runtime libraries
ii  libpam0g      0.79-3.1                   Pluggable Authentication Modules l

libpam-krb5 recommends no packages.

-- no debconf information

/*
  Adapted from
  http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_appl-8.html
  
  This program was contributed by Shane Watts
  [modifications by AGM]

  Create a file /etc/pam.d/testkrb5 with the following content:
  ---
  # check authorization
  auth       required     /lib/security/pam_krb5.so 
  ---
  Then compile this program with
  gcc -lpam -lpam_misc -o main main.c
 */

#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>

static struct pam_conv conv = {
    misc_conv,
    NULL
};

int main(int argc, char *argv[])
{
    pam_handle_t *pamh=NULL;
    int retval;
    const char *user="nobody";

    if(argc == 2) {
        user = argv[1];
    }

    if(argc > 2) {
        fprintf(stderr, "Usage: check_user [username]\n");
        exit(1);
    }

    printf("Trying to authenticate %s\n", user);

    retval = pam_start("testkrb5", user, &conv, &pamh);
        
    if (retval == PAM_SUCCESS)
        retval = pam_authenticate(pamh, 0);    /* is user really user? */

    /* This is where we have been authorized or not. */

    if (retval == PAM_SUCCESS) {
        fprintf(stdout, "Authenticated\n");
    } else {
        fprintf(stdout, "Not Authenticated\n");
    }

    if (pam_end(pamh,retval) != PAM_SUCCESS) {     /* close Linux-PAM */
        pamh = NULL;
        fprintf(stderr, "check_user: failed to release authenticator\n");
        exit(1);
    }

    return ( retval == PAM_SUCCESS ? 0:1 );       /* indicate success */
}

Reply via email to