Re: [bug-inetutils] Important update of telnetd.

[Simon Josefsson]

Mats Erik Andersson <address@hidden> writes:

> onsdag den  8 augusti 2012 klockan 14:07 skrev Simon Josefsson detta:
>> Thanks for working on Shishi support in InetUtils!
>> 
>> Mats Erik Andersson <address@hidden> writes:
>> 
>> >  * There was a call to shishi_done() executed from within
>> >    auth_finished() until yesterday. That lead to the premature
>> >    release of the Shishi handle, and sometimes segfaults.
>> 
>> Do you know what kind of problems you'd get due to this?
>
> As long as krb5shishi_cleanup() was called by auth_finished()
> in krb5shishi_is_auth() [sic!] there was a segmentation fault
> when krb5shishi_status() issued shishi_authorized_p(), caused
> by the invalidation of the handle. This is how I discovered
> the matter. Not easy to back track after that, though.

Yeah, these function pointer structs are a bit messy.

> The issue at hand originates in "telnetd/utility.c" where the
> server cannot avoid to call auth_wait() in order to capture
> the authorization status. This is done very late, so the
> Shishi handle must be alive at least until this point.
>
> How about the encryption case? Does it need prolonged access
> to the handle, or could the encryption run independently of
> the shishi handle?

It needs a shishi handle, but I don't think it needs to share any
information with the shishi handle used during authentication.

> The client needs shishi_done() in order to incorporate
> any issued and valid ticket into the cache.

Ah, yes, that would be good to do.  Maybe there should be a Shishi
interface for saving the cached tickets.  InetUtils could invoke this to
achieve it though:

shishi_tkts_to_file (shishi_tkts_default (handle), shishi_tkts_default_file 
(handle))

However maybe saving received tickets should be done automatically by
Shishi.

> Does the server need to propagate any bits into its own cache? In such
> case, we must find a suitable location to call shishi_done().

No the server is stateless.

/Simon