diff options
author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2007-06-27 18:45:20 +0000 |
---|---|---|
committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2007-06-27 18:45:20 +0000 |
commit | 7370e23af4a10e8fb717f33705bc498f4c2722de (patch) | |
tree | 05dfcdc326ebaab84b7a88224d7261ac02b0dc6a | |
parent | 2d4538958f234955d2ab996fe0b89d9b8283ccbf (diff) | |
download | krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.tar.gz krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.tar.xz krb5-7370e23af4a10e8fb717f33705bc498f4c2722de.zip |
right, need to actually add the new patcheskrb5-1_6_1-2_1_fc7
-rw-r--r-- | 2007-004-patch.txt | 86 | ||||
-rw-r--r-- | 2007-005-patch.txt | 108 |
2 files changed, 194 insertions, 0 deletions
diff --git a/2007-004-patch.txt b/2007-004-patch.txt new file mode 100644 index 0000000..8adc386 --- /dev/null +++ b/2007-004-patch.txt @@ -0,0 +1,86 @@ +*** src/lib/rpc/svc_auth_gssapi.c (revision 20015) +--- src/lib/rpc/svc_auth_gssapi.c (local) +*************** +*** 149,154 **** +--- 149,156 ---- + rqst->rq_xprt->xp_auth = &svc_auth_none; + + memset((char *) &call_res, 0, sizeof(call_res)); ++ creds.client_handle.length = 0; ++ creds.client_handle.value = NULL; + + cred = &msg->rm_call.cb_cred; + verf = &msg->rm_call.cb_verf; +*** src/lib/rpc/svc_auth_unix.c (revision 20015) +--- src/lib/rpc/svc_auth_unix.c (local) +*************** +*** 64,71 **** + char area_machname[MAX_MACHINE_NAME+1]; + int area_gids[NGRPS]; + } *area; +! u_int auth_len; +! int str_len, gid_len; + register int i; + + rqst->rq_xprt->xp_auth = &svc_auth_none; +--- 64,70 ---- + char area_machname[MAX_MACHINE_NAME+1]; + int area_gids[NGRPS]; + } *area; +! u_int auth_len, str_len, gid_len; + register int i; + + rqst->rq_xprt->xp_auth = &svc_auth_none; +*************** +*** 74,80 **** + aup = &area->area_aup; + aup->aup_machname = area->area_machname; + aup->aup_gids = area->area_gids; +! auth_len = (u_int)msg->rm_call.cb_cred.oa_length; + xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); + buf = XDR_INLINE(&xdrs, (int)auth_len); + if (buf != NULL) { +--- 73,81 ---- + aup = &area->area_aup; + aup->aup_machname = area->area_machname; + aup->aup_gids = area->area_gids; +! auth_len = msg->rm_call.cb_cred.oa_length; +! if (auth_len > INT_MAX) +! return AUTH_BADCRED; + xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); + buf = XDR_INLINE(&xdrs, (int)auth_len); + if (buf != NULL) { +*************** +*** 84,90 **** + stat = AUTH_BADCRED; + goto done; + } +! memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len); + aup->aup_machname[str_len] = 0; + str_len = RNDUP(str_len); + buf += str_len / BYTES_PER_XDR_UNIT; +--- 85,91 ---- + stat = AUTH_BADCRED; + goto done; + } +! memmove(aup->aup_machname, buf, str_len); + aup->aup_machname[str_len] = 0; + str_len = RNDUP(str_len); + buf += str_len / BYTES_PER_XDR_UNIT; +*************** +*** 104,110 **** + * timestamp, hostname len (0), uid, gid, and gids len (0). + */ + if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { +! (void) printf("bad auth_len gid %d str %d auth %d\n", + gid_len, str_len, auth_len); + stat = AUTH_BADCRED; + goto done; +--- 105,111 ---- + * timestamp, hostname len (0), uid, gid, and gids len (0). + */ + if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { +! (void) printf("bad auth_len gid %u str %u auth %u\n", + gid_len, str_len, auth_len); + stat = AUTH_BADCRED; + goto done; diff --git a/2007-005-patch.txt b/2007-005-patch.txt new file mode 100644 index 0000000..5c369c1 --- /dev/null +++ b/2007-005-patch.txt @@ -0,0 +1,108 @@ +*** src/kadmin/server/server_stubs.c (revision 20024) +--- src/kadmin/server/server_stubs.c (local) +*************** +*** 545,557 **** + static generic_ret ret; + char *prime_arg1, + *prime_arg2; +- char prime_arg[BUFSIZ]; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; + char *errmsg; + + xdr_free(xdr_generic_ret, &ret); + +--- 545,558 ---- + static generic_ret ret; + char *prime_arg1, + *prime_arg2; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; + char *errmsg; ++ size_t tlen1, tlen2, clen, slen; ++ char *tdots1, *tdots2, *cdots, *sdots; + + xdr_free(xdr_generic_ret, &ret); + +*************** +*** 572,578 **** + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; + } +! sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2); + + ret.code = KADM5_OK; + if (! CHANGEPW_SERVICE(rqstp)) { +--- 573,586 ---- + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; + } +! tlen1 = strlen(prime_arg1); +! trunc_name(&tlen1, &tdots1); +! tlen2 = strlen(prime_arg2); +! trunc_name(&tlen2, &tdots2); +! clen = client_name.length; +! trunc_name(&clen, &cdots); +! slen = service_name.length; +! trunc_name(&slen, &sdots); + + ret.code = KADM5_OK; + if (! CHANGEPW_SERVICE(rqstp)) { +*************** +*** 590,597 **** + } else + ret.code = KADM5_AUTH_INSUFFICIENT; + if (ret.code != KADM5_OK) { +! log_unauth("kadm5_rename_principal", prime_arg, +! &client_name, &service_name, rqstp); + } else { + ret.code = kadm5_rename_principal((void *)handle, arg->src, + arg->dest); +--- 598,612 ---- + } else + ret.code = KADM5_AUTH_INSUFFICIENT; + if (ret.code != KADM5_OK) { +! krb5_klog_syslog(LOG_NOTICE, +! "Unauthorized request: kadm5_rename_principal, " +! "%.*s%s to %.*s%s, " +! "client=%.*s%s, service=%.*s%s, addr=%s", +! tlen1, prime_arg1, tdots1, +! tlen2, prime_arg2, tdots2, +! clen, client_name.value, cdots, +! slen, service_name.value, sdots, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + ret.code = kadm5_rename_principal((void *)handle, arg->src, + arg->dest); +*************** +*** 600,607 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_rename_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + free(prime_arg1); +--- 615,629 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, +! "Request: kadm5_rename_principal, " +! "%.*s%s to %.*s%s, %s, " +! "client=%.*s%s, service=%.*s%s, addr=%s", +! tlen1, prime_arg1, tdots1, +! tlen2, prime_arg2, tdots2, errmsg, +! clen, client_name.value, cdots, +! slen, service_name.value, sdots, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + free(prime_arg1); |