right, need to actually add the new patcheskrb5-1_6_1-2_1_fc7

author: Nalin Dahyabhai <nalin@fedoraproject.org> 2007-06-27 18:45:20 +0000
committer: Nalin Dahyabhai <nalin@fedoraproject.org> 2007-06-27 18:45:20 +0000
commit: 7370e23af4a10e8fb717f33705bc498f4c2722de (patch)
tree: 05dfcdc326ebaab84b7a88224d7261ac02b0dc6a
parent: 2d4538958f234955d2ab996fe0b89d9b8283ccbf (diff)
download: krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.tar.gz
krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.tar.xz
krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.zip
2 files changed, 194 insertions, 0 deletions
diff --git a/2007-004-patch.txt b/2007-004-patch.txt
new file mode 100644
index 0000000..8adc386
--- /dev/null
+++ b/2007-004-patch.txt
@@ -0,0 +1,86 @@
+*** src/lib/rpc/svc_auth_gssapi.c	(revision 20015)
+--- src/lib/rpc/svc_auth_gssapi.c	(local)
+***************
+*** 149,154 ****
+--- 149,156 ----
+       rqst->rq_xprt->xp_auth = &svc_auth_none;
+       
+       memset((char *) &call_res, 0, sizeof(call_res));
++      creds.client_handle.length = 0;
++      creds.client_handle.value = NULL;
+       
+       cred = &msg->rm_call.cb_cred;
+       verf = &msg->rm_call.cb_verf;
+*** src/lib/rpc/svc_auth_unix.c	(revision 20015)
+--- src/lib/rpc/svc_auth_unix.c	(local)
+***************
+*** 64,71 ****
+  		char area_machname[MAX_MACHINE_NAME+1];
+  		int area_gids[NGRPS];
+  	} *area;
+! 	u_int auth_len;
+! 	int str_len, gid_len;
+  	register int i;
+  
+  	rqst->rq_xprt->xp_auth = &svc_auth_none;
+--- 64,70 ----
+  		char area_machname[MAX_MACHINE_NAME+1];
+  		int area_gids[NGRPS];
+  	} *area;
+! 	u_int auth_len, str_len, gid_len;
+  	register int i;
+  
+  	rqst->rq_xprt->xp_auth = &svc_auth_none;
+***************
+*** 74,80 ****
+  	aup = &area->area_aup;
+  	aup->aup_machname = area->area_machname;
+  	aup->aup_gids = area->area_gids;
+! 	auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
+  	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
+  	buf = XDR_INLINE(&xdrs, (int)auth_len);
+  	if (buf != NULL) {
+--- 73,81 ----
+  	aup = &area->area_aup;
+  	aup->aup_machname = area->area_machname;
+  	aup->aup_gids = area->area_gids;
+! 	auth_len = msg->rm_call.cb_cred.oa_length;
+! 	if (auth_len > INT_MAX)
+! 		return AUTH_BADCRED;
+  	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
+  	buf = XDR_INLINE(&xdrs, (int)auth_len);
+  	if (buf != NULL) {
+***************
+*** 84,90 ****
+  			stat = AUTH_BADCRED;
+  			goto done;
+  		}
+! 		memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
+  		aup->aup_machname[str_len] = 0;
+  		str_len = RNDUP(str_len);
+  		buf += str_len / BYTES_PER_XDR_UNIT;
+--- 85,91 ----
+  			stat = AUTH_BADCRED;
+  			goto done;
+  		}
+! 		memmove(aup->aup_machname, buf, str_len);
+  		aup->aup_machname[str_len] = 0;
+  		str_len = RNDUP(str_len);
+  		buf += str_len / BYTES_PER_XDR_UNIT;
+***************
+*** 104,110 ****
+  		 * timestamp, hostname len (0), uid, gid, and gids len (0).
+  		 */
+  		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
+! 			(void) printf("bad auth_len gid %d str %d auth %d\n",
+  			    gid_len, str_len, auth_len);
+  			stat = AUTH_BADCRED;
+  			goto done;
+--- 105,111 ----
+  		 * timestamp, hostname len (0), uid, gid, and gids len (0).
+  		 */
+  		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
+! 			(void) printf("bad auth_len gid %u str %u auth %u\n",
+  			    gid_len, str_len, auth_len);
+  			stat = AUTH_BADCRED;
+  			goto done;
diff --git a/2007-005-patch.txt b/2007-005-patch.txt
new file mode 100644
index 0000000..5c369c1
--- /dev/null
+++ b/2007-005-patch.txt
@@ -0,0 +1,108 @@
+*** src/kadmin/server/server_stubs.c	(revision 20024)
+--- src/kadmin/server/server_stubs.c	(local)
+***************
+*** 545,557 ****
+      static generic_ret		ret;
+      char			*prime_arg1,
+  				*prime_arg2;
+-     char			prime_arg[BUFSIZ];
+      gss_buffer_desc		client_name,
+  				service_name;
+      OM_uint32			minor_stat;
+      kadm5_server_handle_t	handle;
+      restriction_t		*rp;
+      char                        *errmsg;
+  
+      xdr_free(xdr_generic_ret, &ret);
+  
+--- 545,558 ----
+      static generic_ret		ret;
+      char			*prime_arg1,
+  				*prime_arg2;
+      gss_buffer_desc		client_name,
+  				service_name;
+      OM_uint32			minor_stat;
+      kadm5_server_handle_t	handle;
+      restriction_t		*rp;
+      char                        *errmsg;
++     size_t			tlen1, tlen2, clen, slen;
++     char			*tdots1, *tdots2, *cdots, *sdots;
+  
+      xdr_free(xdr_generic_ret, &ret);
+  
+***************
+*** 572,578 ****
+  	 ret.code = KADM5_BAD_PRINCIPAL;
+  	 goto exit_func;
+      }
+!     sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
+  
+      ret.code = KADM5_OK;
+      if (! CHANGEPW_SERVICE(rqstp)) {
+--- 573,586 ----
+  	 ret.code = KADM5_BAD_PRINCIPAL;
+  	 goto exit_func;
+      }
+!     tlen1 = strlen(prime_arg1);
+!     trunc_name(&tlen1, &tdots1);
+!     tlen2 = strlen(prime_arg2);
+!     trunc_name(&tlen2, &tdots2);
+!     clen = client_name.length;
+!     trunc_name(&clen, &cdots);
+!     slen = service_name.length;
+!     trunc_name(&slen, &sdots);
+  
+      ret.code = KADM5_OK;
+      if (! CHANGEPW_SERVICE(rqstp)) {
+***************
+*** 590,597 ****
+      } else
+  	 ret.code = KADM5_AUTH_INSUFFICIENT;
+      if (ret.code != KADM5_OK) {
+! 	 log_unauth("kadm5_rename_principal", prime_arg,
+! 		    &client_name, &service_name, rqstp);
+      } else {
+  	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
+  						arg->dest);
+--- 598,612 ----
+      } else
+  	 ret.code = KADM5_AUTH_INSUFFICIENT;
+      if (ret.code != KADM5_OK) {
+! 	 krb5_klog_syslog(LOG_NOTICE,
+! 			  "Unauthorized request: kadm5_rename_principal, "
+! 			  "%.*s%s to %.*s%s, "
+! 			  "client=%.*s%s, service=%.*s%s, addr=%s",
+! 			  tlen1, prime_arg1, tdots1,
+! 			  tlen2, prime_arg2, tdots2,
+! 			  clen, client_name.value, cdots,
+! 			  slen, service_name.value, sdots,
+! 			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+      } else {
+  	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
+  						arg->dest);
+***************
+*** 600,607 ****
+  	 else
+  	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+  
+! 	 log_done("kadm5_rename_principal", prime_arg, errmsg,
+! 		  &client_name, &service_name, rqstp);
+      }
+      free_server_handle(handle);
+      free(prime_arg1);
+--- 615,629 ----
+  	 else
+  	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+  
+! 	 krb5_klog_syslog(LOG_NOTICE,
+! 			  "Request: kadm5_rename_principal, "
+! 			  "%.*s%s to %.*s%s, %s, "
+! 			  "client=%.*s%s, service=%.*s%s, addr=%s",
+! 			  tlen1, prime_arg1, tdots1,
+! 			  tlen2, prime_arg2, tdots2, errmsg,
+! 			  clen, client_name.value, cdots,
+! 			  slen, service_name.value, sdots,
+! 			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+      }
+      free_server_handle(handle);
+      free(prime_arg1);
author	Nalin Dahyabhai <nalin@fedoraproject.org>	2007-06-27 18:45:20 +0000
committer	Nalin Dahyabhai <nalin@fedoraproject.org>	2007-06-27 18:45:20 +0000
commit	7370e23af4a10e8fb717f33705bc498f4c2722de (patch)
tree	05dfcdc326ebaab84b7a88224d7261ac02b0dc6a
parent	2d4538958f234955d2ab996fe0b89d9b8283ccbf (diff)
download	krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.tar.gz krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.tar.xz krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.zip