(Sorry folks, I have already posted this to [EMAIL PROTECTED]
You can remove it as a doublette if it pops up.)
The pam_krb5.so module provides a callback function that queries users for
their passwords or displays informational messages. This callback is registered
to various Kerberos functions. All of these Kerberos functions usually call the
callback with ONE message string only.
This works perfectly fine.
However, if a user is to change her password, Kerberos will call the callback
with THREE messages:
i) Password expired. You must change it now.
ii) Enter new password:
iii) Enter it again:
The array of pointers to these messages is handled incorrectly.
It is processed as:
one single pointer pointing to an array of pam_messages.
However, PAM expects it to be:
an array of pointers, each pointing to one single pam_message
This makes no difference for one single message, of course.
Hence, the module works perfectly in most circumstances.
However, in the above case, when three messages are to be displayed, it fails.
Either authentication is denied or the module segfaults, which is no better ;-)
Users who have to change their passwords are effectively locked out,
yielding a Denial Of Service.
Attached patch corrects the pointer arithmetics and solves the problem.
--
REQUIRES_PWCHANGE is treated as a failure
https://launchpad.net/bugs/49609
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
