Opened 4 years ago

Closed 3 years ago

#7 closed defect (fixed)

verify_krb5_conf not consistently drive letter tolerant

Reported by: lewisr Owned by:
Priority: major Milestone: Heimdal - 1.5.3
Component: utilities Version: Heimdal - 1.5.3
Keywords: Cc:

Description

Attempting to check validity of krb5.conf using verify_krb5_conf.exe with KRB5_CONFIG=c:/mptn/etc/krb5.conf (for example), yields:

verify_krb5_conf: krb5_config_parse_file: open c: No such file or directory

Explicitly stating the configuration file (including drive letter and path) seems to work, however.

Change History (11)

comment:1 Changed 3 years ago by psmedley

Does ​http://smedley.id.au/tmp/krb5.zip fix this too?

comment:2 Changed 3 years ago by lewisr

Assuming one explicitly specifies the location of krb5.conf, the command seems to work (it may have before). Thus:

[c:\]verify_krb5_conf.exe --dumpconfig c:\MPTN\ETC\krb5.conf

works, however:

[c:\]verify_krb5_conf.exe --dumpconfig
verify_krb5_conf.exe: krb5_config_parse_file: open c: No such file or directory
[libdefaults]
    default_realm = SAMBA.ARCANOAE
    dns_lookup_kdc = false
    verify_ap_req_nofail = true
    default_cc_name = FILE:C:/var/temp/krb5cc_%{uid}
[realms]
    SAMBA.ARCANOAE = {
        kdc = KERBEROS.SAMBA.ARCANOAE
        kdc = 192.168.100.17
        admin_server = KERBEROS.SAMBA.ARCANOAE
    }
[logging]
    kdc = CONSOLE

So, it did actually dump the config, but it made noise about it. Running the above from a different volume, however, yields:

[j:\]verify_krb5_conf.exe --dumpconfig
verify_krb5_conf.exe: krb5_config_parse_file: open c: No such file or directory
verify_krb5_conf.exe: krb5_config_parse_file: open /mptn/etc/krb5.conf: No such
file or directory

This looks like the same "colon confusion" as we saw with #6. Are you sure this one isn't static?

comment:3 Changed 3 years ago by psmedley

You're right - it seems verify_krb5_conf statically links krb5.

http://smedley.id.au/tmp/heimdal-1.5.3-os2-20160723.zip has a rebuild....

comment:4 Changed 3 years ago by lewisr

Getting closer:

[j:\download\os2\kerberos]verify_krb5_conf.exe --dumpconfig
verify_krb5_conf.exe: krb5_config_parse_file: Access to home directory not allowed
[libdefaults]
    default_realm = SAMBA.ARCANOAE
    dns_lookup_kdc = false
    verify_ap_req_nofail = true
    default_cc_name = FILE:C:/var/temp/krb5cc_%{uid}
[realms]
    SAMBA.ARCANOAE = {
        kdc = KERBEROS.SAMBA.ARCANOAE
        kdc = 192.168.100.17
        admin_server = KERBEROS.SAMBA.ARCANOAE
    }
[logging]
    kdc = CONSOLE

I get the same warning about the home directory when I am logged onto the same volume where it is located and when I am not.

comment:5 Changed 3 years ago by psmedley

Interesting, here I get:

[U:\DEV\kerberos-netlabs\heimdal\trunk\lib\krb5]verify_krb5_conf --dumpconfig
[libdefaults]
    default_realm = SAMBA.ARCANOAE
    dns_lookup_kdc = false
[realms]
    SAMBA.ARCANOAE = {
        kdc = KERBEROS.SAMBA.ARCANOAE
        admin_server = KERBEROS.SAMBA.ARCANOAE
    }
[logging]
    kdc = console
verify_krb5_conf: /logging/kdc: unknown log type: "console"

comment:6 Changed 3 years ago by psmedley

comment:7 Changed 3 years ago by lewisr

Hmmm...

With the above, whether logged onto the same volume with the config or not, I get:

[j:\download\os2\kerberos]verify_krb5_conf.exe --dumpconfig
verify_krb5_conf.exe: krb5_config_parse_file: open C:\HOME\DEFAULT/.krb5/config:
 No such file or directory

and then the expected output.

I get the same result with the krb5.dll from the latest full package:

7-22-16 18:01 1,109,392 124 krb5.dll

The point is that we shouldn't be looking in %HOME% at all unless KRB5_CONFIG points to it.

With:

KRB5_CONFIG=%ETC%/krb5.conf

I get expected results (with files from the latest full build). What we need to do is in the absence of KRB5_CONFIG in the environment, just follow our default of %ETC% to find the conf (which is apparently how the output is being located).

comment:8 Changed 3 years ago by psmedley

The following paths are searched for krb5.conf:

KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__
"~/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP
"/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP
"~/Library/Preferences/edu.mit.Kerberos" PATH_SEP
"/Library/Preferences/edu.mit.Kerberos" PATH_SEP
#endif	/* __APPLE__ */
"~/.krb5/config" PATH_SEP
SYSCONFDIR "/krb5.conf"
#ifdef _WIN32
PATH_SEP "%{COMMON_APPDATA}/Kerberos/krb5.conf"
PATH_SEP "%{WINDOWS}/krb5.ini"
#else
PATH_SEP "/etc/krb5.conf"
#endif
;

The warning about %HOME%/.krb5/config is a result of the expansion of "~/.krb5/config" I personally think this warning is relatively harmless - it would be preferable if it searched that directory and ignored the error, but still pretty harmless....

comment:9 Changed 3 years ago by lewisr

Agreed. Obviously, there is no harm done searching there, but we should only throw an warning (I would think) when we can't find a conf anywhere.

I don't want to suggest that we not look under ~/.krb5/config, because some OS/2 systems are set up for multiuser, and this may become more common at some point in the future.

comment:10 Changed 3 years ago by psmedley

I don't really disagree regarding the warning, but it's non-trivial to mask it away.... The easiest short term fix would be to NOT open ~/.krb5/config....

comment:11 Changed 3 years ago by lewisr

  • Resolution set to fixed
  • Status changed from new to closed

There are more important things to do. For now, this is a readme item, like the accepted time formats discussed in ticket #5.

Note: See TracTickets for help on using tickets.