Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION

will be bumped again once some other patches are in.
author: tonnerre <tonnerre> 2008-06-07 22:26:10 +0000
committer: tonnerre <tonnerre> 2008-06-07 22:26:10 +0000
commit: b4ce790f228fd12547ece2fb8829aebe31583532 (patch)
tree: ed0b47b6940a16444c5b78011227fb8eebb28f76 /security
parent: 6eb00c368e5e3565f8f2c3d05ff69aa8d732a4b8 (diff)
download: pkgsrc-b4ce790f228fd12547ece2fb8829aebe31583532.tar.gz
4 files changed, 132 insertions, 28 deletions
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index 3898bcd4dd3..713c57106b6 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.18 2008/06/07 20:22:18 tonnerre Exp $
+$NetBSD: distinfo,v 1.19 2008/06/07 22:26:10 tonnerre Exp $
 
 SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -29,8 +29,10 @@ SHA1 (patch-aw) = 0e651b675d166e71f6543cbad8e29eece89d5b67
 SHA1 (patch-ax) = d403c910211e48c6d1dc27cb2dd98d5f20cc688d
 SHA1 (patch-ay) = 9f54c79c105d7baca3f1efa68a25f9b39dbf7683
 SHA1 (patch-az) = 79fd9cbbf34287b78d5c6c2faf72e147457f7f37
-SHA1 (patch-ba) = ae3071aa6039d52ba56eab8f2b105623d62e5689
+SHA1 (patch-ba) = b413b82de3248600beb003456cde811637d05206
 SHA1 (patch-bb) = 156d3341d1cf40cfbe5833f7ad68b5aec297d3fb
 SHA1 (patch-bc) = 8b422991ca22903596cf157ea3603abb741c50a5
 SHA1 (patch-bd) = 8cf0425d2fedea452f80fa599f3c4515e51d834c
 SHA1 (patch-be) = c4497d7b68cefd8109d615c2125d9dc7aa508e5d
+SHA1 (patch-bf) = 1e16b6cbe51a5aa07ac7c7c3c343e82bf16dcde6
+SHA1 (patch-bg) = fa70e00a2eb283782c9960a2c74a879862b979c5
diff --git a/security/mit-krb5/patches/patch-ba b/security/mit-krb5/patches/patch-ba
index 90bcd6c8e88..2e8efa90974 100644
--- a/security/mit-krb5/patches/patch-ba
+++ b/security/mit-krb5/patches/patch-ba
@@ -167,15 +167,53 @@ $NetBSD$
      }
      free_server_handle(handle);
      free(prime_arg);
-@@ -510,17 +556,14 @@ rename_principal_1_svc(rprinc_arg *arg, 
+@@ -466,12 +512,13 @@ rename_principal_1_svc(rprinc_arg *arg, 
+     static generic_ret		ret;
+     char			*prime_arg1,
+ 				*prime_arg2;
+-    char			prime_arg[BUFSIZ];
+     gss_buffer_desc		client_name,
+ 				service_name;
+     OM_uint32			minor_stat;
+     kadm5_server_handle_t	handle;
+     restriction_t		*rp;
++    size_t tlen1, tlen2, clen, slen;
++    char *tdots1, *tdots2, *cdots, *sdots;
+ 
+     xdr_free(xdr_generic_ret, &ret);
+ 
+@@ -492,7 +539,14 @@ rename_principal_1_svc(rprinc_arg *arg, 
+ 	 ret.code = KADM5_BAD_PRINCIPAL;
+ 	 return &ret;
+     }
+-    sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
++    tlen1 = strlen(prime_arg1);
++    trunc_name(&tlen1, &tdots1);
++    tlen2 = strlen(prime_arg2);
++    trunc_name(&tlen2, &tdots2);
++    clen = client_name.length;
++    trunc_name(&clen, &cdots);
++    slen = service_name.length;
++    trunc_name(&slen, &sdots);
+ 
+     ret.code = KADM5_OK;
+     if (! CHANGEPW_SERVICE(rqstp)) {
+@@ -510,17 +564,29 @@ rename_principal_1_svc(rprinc_arg *arg, 
      } else
  	 ret.code = KADM5_AUTH_INSUFFICIENT;
      if (ret.code != KADM5_OK) {
 -	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal",
 -		prime_arg, client_name.value, service_name.value,
 -		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+	 log_unauth("kadm5_rename_principal", prime_arg,
-+		    &client_name, &service_name, rqstp);
++	 krb5_klog_syslog(LOG_NOTICE,
++			  "Unauthorized request: kadm5_rename_principal, "
++			  "%.*s%s to %.*s%s, "
++			  "client=%.*s%s, service=%.*s%s, addr=%s",
++			  tlen1, prime_arg1, tdots1,
++			  tlen2, prime_arg2, tdots2,
++			  clen, client_name.value, cdots,
++			  slen, service_name.value, sdots,
++			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
      } else {
  	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
  						arg->dest);
@@ -184,13 +222,21 @@ $NetBSD$
 -			    error_message(ret.code)), 
 -		client_name.value, service_name.value,
 -		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+	 log_done("kadm5_rename_principal", prime_arg,
-+		  ((ret.code == 0) ? "success" : error_message(ret.code)),
-+		  &client_name, &service_name, rqstp);
++	 krb5_klog_syslog(LOG_NOTICE,
++			  "Request: kadm5_rename_principal, "
++			  "%.*s%s to %.*s%s, %s, "
++			  "client=%.*s%s, service=%.*s%s, addr=%s",
++			  tlen1, prime_arg1, tdots1,
++			  tlen2, prime_arg2, tdots2,
++		  	  ((ret.code == 0) ? "success" :
++				error_message(ret.code)),
++			  clen, client_name.value, cdots,
++			  slen, service_name.value, sdots,
++			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
      }
      free_server_handle(handle);
      free(prime_arg1);
-@@ -572,9 +615,8 @@ get_principal_1_svc(gprinc_arg *arg, str
+@@ -572,9 +638,8 @@ get_principal_1_svc(gprinc_arg *arg, str
  					       arg->princ,
  					       NULL))) {
  	 ret.code = KADM5_AUTH_GET;
@@ -202,7 +248,7 @@ $NetBSD$
      } else {
  	 if (handle->api_version == KADM5_API_VERSION_1) {
  	      ret.code  = kadm5_get_principal_v1((void *)handle,
-@@ -588,12 +630,10 @@ get_principal_1_svc(gprinc_arg *arg, str
+@@ -588,12 +653,10 @@ get_principal_1_svc(gprinc_arg *arg, str
  					      arg->princ, &ret.rec,
  					      arg->mask);
  	 }
@@ -219,7 +265,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      free(prime_arg);
-@@ -638,18 +678,15 @@ get_princs_1_svc(gprincs_arg *arg, struc
+@@ -638,18 +701,15 @@ get_princs_1_svc(gprincs_arg *arg, struc
  					      NULL,
  					      NULL)) {
  	 ret.code = KADM5_AUTH_LIST;
@@ -242,7 +288,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
-@@ -697,18 +734,15 @@ chpass_principal_1_svc(chpass_arg *arg, 
+@@ -697,18 +757,15 @@ chpass_principal_1_svc(chpass_arg *arg, 
  	 ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
  						arg->pass);
      } else {
@@ -266,7 +312,7 @@ $NetBSD$
      }
  
      free_server_handle(handle);
-@@ -764,18 +798,15 @@ chpass_principal3_1_svc(chpass3_arg *arg
+@@ -764,18 +821,15 @@ chpass_principal3_1_svc(chpass3_arg *arg
  					     arg->ks_tuple,
  					     arg->pass);
      } else {
@@ -290,7 +336,7 @@ $NetBSD$
      }
  
      free_server_handle(handle);
-@@ -822,18 +853,15 @@ setv4key_principal_1_svc(setv4key_arg *a
+@@ -822,18 +876,15 @@ setv4key_principal_1_svc(setv4key_arg *a
  	 ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
  					     arg->keyblock);
      } else {
@@ -314,7 +360,7 @@ $NetBSD$
      }
  
      free_server_handle(handle);
-@@ -880,18 +908,15 @@ setkey_principal_1_svc(setkey_arg *arg, 
+@@ -880,18 +931,15 @@ setkey_principal_1_svc(setkey_arg *arg, 
  	 ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
  					   arg->keyblocks, arg->n_keys);
      } else {
@@ -338,7 +384,7 @@ $NetBSD$
      }
  
      free_server_handle(handle);
-@@ -941,18 +966,15 @@ setkey_principal3_1_svc(setkey3_arg *arg
+@@ -941,18 +989,15 @@ setkey_principal3_1_svc(setkey3_arg *arg
  					     arg->ks_tuple,
  					     arg->keyblocks, arg->n_keys);
      } else {
@@ -362,7 +408,7 @@ $NetBSD$
      }
  
      free_server_handle(handle);
-@@ -1008,9 +1030,8 @@ chrand_principal_1_svc(chrand_arg *arg, 
+@@ -1008,9 +1053,8 @@ chrand_principal_1_svc(chrand_arg *arg, 
  	 ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
  					    &k, &nkeys);
      } else {
@@ -374,7 +420,7 @@ $NetBSD$
  	 ret.code = KADM5_AUTH_CHANGEPW;
      }
  
-@@ -1025,11 +1046,9 @@ chrand_principal_1_svc(chrand_arg *arg, 
+@@ -1025,11 +1069,9 @@ chrand_principal_1_svc(chrand_arg *arg, 
      }
  
      if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -389,7 +435,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      free(prime_arg);
-@@ -1090,9 +1109,8 @@ chrand_principal3_1_svc(chrand3_arg *arg
+@@ -1090,9 +1132,8 @@ chrand_principal3_1_svc(chrand3_arg *arg
  					      arg->ks_tuple,
  					      &k, &nkeys);
      } else {
@@ -401,7 +447,7 @@ $NetBSD$
  	 ret.code = KADM5_AUTH_CHANGEPW;
      }
  
-@@ -1107,11 +1125,9 @@ chrand_principal3_1_svc(chrand3_arg *arg
+@@ -1107,11 +1148,9 @@ chrand_principal3_1_svc(chrand3_arg *arg
      }
  
      if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -416,7 +462,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      free(prime_arg);
-@@ -1152,18 +1168,15 @@ create_policy_1_svc(cpol_arg *arg, struc
+@@ -1152,18 +1191,15 @@ create_policy_1_svc(cpol_arg *arg, struc
  					      rqst2name(rqstp),
  					      ACL_ADD, NULL, NULL)) {
  	 ret.code = KADM5_AUTH_ADD;
@@ -441,7 +487,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
-@@ -1202,17 +1215,15 @@ delete_policy_1_svc(dpol_arg *arg, struc
+@@ -1202,17 +1238,15 @@ delete_policy_1_svc(dpol_arg *arg, struc
      if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
  					      rqst2name(rqstp),
  					      ACL_DELETE, NULL, NULL)) {
@@ -465,7 +511,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
-@@ -1251,18 +1262,16 @@ modify_policy_1_svc(mpol_arg *arg, struc
+@@ -1251,18 +1285,16 @@ modify_policy_1_svc(mpol_arg *arg, struc
      if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
  					      rqst2name(rqstp),
  					      ACL_MODIFY, NULL, NULL)) {
@@ -490,7 +536,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
-@@ -1337,15 +1346,13 @@ get_policy_1_svc(gpol_arg *arg, struct s
+@@ -1337,15 +1369,13 @@ get_policy_1_svc(gpol_arg *arg, struct s
  					  &ret.rec);
  	 }
  	 
@@ -512,7 +558,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
-@@ -1388,18 +1395,15 @@ get_pols_1_svc(gpols_arg *arg, struct sv
+@@ -1388,18 +1418,15 @@ get_pols_1_svc(gpols_arg *arg, struct sv
  					      rqst2name(rqstp),
  					      ACL_LIST, NULL, NULL)) {
  	 ret.code = KADM5_AUTH_LIST;
@@ -536,7 +582,7 @@ $NetBSD$
      }
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
-@@ -1432,11 +1436,9 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4
+@@ -1432,11 +1459,9 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4
       }
  
       ret.code = kadm5_get_privs((void *)handle, &ret.privs);
@@ -551,7 +597,7 @@ $NetBSD$
       free_server_handle(handle);
       gss_release_buffer(&minor_stat, &client_name);
       gss_release_buffer(&minor_stat, &service_name);
-@@ -1450,6 +1452,8 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, 
+@@ -1450,6 +1475,8 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, 
  	 			service_name;
       kadm5_server_handle_t	handle;
       OM_uint32			minor_stat;
@@ -560,7 +606,7 @@ $NetBSD$
  
       xdr_free(xdr_generic_ret, &ret);
  
-@@ -1466,12 +1470,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, 
+@@ -1466,12 +1493,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, 
  	  return &ret;
       }
  
diff --git a/security/mit-krb5/patches/patch-bf b/security/mit-krb5/patches/patch-bf
new file mode 100644
index 00000000000..fa61d5cae50
--- /dev/null
+++ b/security/mit-krb5/patches/patch-bf
@@ -0,0 +1,13 @@
+$NetBSD: patch-bf,v 1.1 2008/06/07 22:26:10 tonnerre Exp $
+
+--- lib/rpc/svc_auth_gssapi.c.orig	2004-09-17 23:52:11.000000000 +0200
++++ lib/rpc/svc_auth_gssapi.c
+@@ -148,6 +148,8 @@ enum auth_stat gssrpc__svcauth_gssapi(
+      rqst->rq_xprt->xp_auth = &svc_auth_none;
+      
+      memset((char *) &call_res, 0, sizeof(call_res));
++     creds.client_handle.length = 0;
++     creds.client_handle.value = NULL;
+      
+      cred = &msg->rm_call.cb_cred;
+      verf = &msg->rm_call.cb_verf;
diff --git a/security/mit-krb5/patches/patch-bg b/security/mit-krb5/patches/patch-bg
new file mode 100644
index 00000000000..18c587200e6
--- /dev/null
+++ b/security/mit-krb5/patches/patch-bg
@@ -0,0 +1,43 @@
+$NetBSD: patch-bg,v 1.1 2008/06/07 22:26:10 tonnerre Exp $
+
+--- lib/rpc/svc_auth_unix.c.orig	2004-09-17 23:52:11.000000000 +0200
++++ lib/rpc/svc_auth_unix.c
+@@ -64,8 +64,7 @@ gssrpc__svcauth_unix(
+ 		char area_machname[MAX_MACHINE_NAME+1];
+ 		int area_gids[NGRPS];
+ 	} *area;
+-	u_int auth_len;
+-	int str_len, gid_len;
++	u_int auth_len, str_len, gid_len;
+ 	register int i;
+ 
+ 	rqst->rq_xprt->xp_auth = &svc_auth_none;
+@@ -74,7 +73,9 @@ gssrpc__svcauth_unix(
+ 	aup = &area->area_aup;
+ 	aup->aup_machname = area->area_machname;
+ 	aup->aup_gids = area->area_gids;
+-	auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
++	auth_len = msg->rm_call.cb_cred.oa_length;
++	if (auth_len > INT_MAX)
++		return AUTH_BADCRED;
+ 	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
+ 	buf = XDR_INLINE(&xdrs, (int)auth_len);
+ 	if (buf != NULL) {
+@@ -84,7 +85,7 @@ gssrpc__svcauth_unix(
+ 			stat = AUTH_BADCRED;
+ 			goto done;
+ 		}
+-		memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
++		memmove(aup->aup_machname, buf, str_len);
+ 		aup->aup_machname[str_len] = 0;
+ 		str_len = RNDUP(str_len);
+ 		buf += str_len / BYTES_PER_XDR_UNIT;
+@@ -104,7 +105,7 @@ gssrpc__svcauth_unix(
+ 		 * timestamp, hostname len (0), uid, gid, and gids len (0).
+ 		 */
+ 		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
+-			(void) printf("bad auth_len gid %d str %d auth %d\n",
++			(void) printf("bad auth_len gid %u str %u auth %u\n",
+ 			    gid_len, str_len, auth_len);
+ 			stat = AUTH_BADCRED;
+ 			goto done;
author	tonnerre <tonnerre>	2008-06-07 22:26:10 +0000
committer	tonnerre <tonnerre>	2008-06-07 22:26:10 +0000
commit	b4ce790f228fd12547ece2fb8829aebe31583532 (patch)
tree	ed0b47b6940a16444c5b78011227fb8eebb28f76 /security
parent	6eb00c368e5e3565f8f2c3d05ff69aa8d732a4b8 (diff)
download	pkgsrc-b4ce790f228fd12547ece2fb8829aebe31583532.tar.gz