From b4ce790f228fd12547ece2fb8829aebe31583532 Mon Sep 17 00:00:00 2001 From: tonnerre Date: Sat, 7 Jun 2008 22:26:10 +0000 Subject: Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION will be bumped again once some other patches are in. --- security/mit-krb5/distinfo | 6 ++- security/mit-krb5/patches/patch-ba | 98 ++++++++++++++++++++++++++++---------- security/mit-krb5/patches/patch-bf | 13 +++++ security/mit-krb5/patches/patch-bg | 43 +++++++++++++++++ 4 files changed, 132 insertions(+), 28 deletions(-) create mode 100644 security/mit-krb5/patches/patch-bf create mode 100644 security/mit-krb5/patches/patch-bg (limited to 'security') diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 3898bcd4dd3..713c57106b6 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.18 2008/06/07 20:22:18 tonnerre Exp $ +$NetBSD: distinfo,v 1.19 2008/06/07 22:26:10 tonnerre Exp $ SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f @@ -29,8 +29,10 @@ SHA1 (patch-aw) = 0e651b675d166e71f6543cbad8e29eece89d5b67 SHA1 (patch-ax) = d403c910211e48c6d1dc27cb2dd98d5f20cc688d SHA1 (patch-ay) = 9f54c79c105d7baca3f1efa68a25f9b39dbf7683 SHA1 (patch-az) = 79fd9cbbf34287b78d5c6c2faf72e147457f7f37 -SHA1 (patch-ba) = ae3071aa6039d52ba56eab8f2b105623d62e5689 +SHA1 (patch-ba) = b413b82de3248600beb003456cde811637d05206 SHA1 (patch-bb) = 156d3341d1cf40cfbe5833f7ad68b5aec297d3fb SHA1 (patch-bc) = 8b422991ca22903596cf157ea3603abb741c50a5 SHA1 (patch-bd) = 8cf0425d2fedea452f80fa599f3c4515e51d834c SHA1 (patch-be) = c4497d7b68cefd8109d615c2125d9dc7aa508e5d +SHA1 (patch-bf) = 1e16b6cbe51a5aa07ac7c7c3c343e82bf16dcde6 +SHA1 (patch-bg) = fa70e00a2eb283782c9960a2c74a879862b979c5 diff --git a/security/mit-krb5/patches/patch-ba b/security/mit-krb5/patches/patch-ba index 90bcd6c8e88..2e8efa90974 100644 --- a/security/mit-krb5/patches/patch-ba +++ b/security/mit-krb5/patches/patch-ba @@ -167,15 +167,53 @@ $NetBSD$ } free_server_handle(handle); free(prime_arg); -@@ -510,17 +556,14 @@ rename_principal_1_svc(rprinc_arg *arg, +@@ -466,12 +512,13 @@ rename_principal_1_svc(rprinc_arg *arg, + static generic_ret ret; + char *prime_arg1, + *prime_arg2; +- char prime_arg[BUFSIZ]; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; ++ size_t tlen1, tlen2, clen, slen; ++ char *tdots1, *tdots2, *cdots, *sdots; + + xdr_free(xdr_generic_ret, &ret); + +@@ -492,7 +539,14 @@ rename_principal_1_svc(rprinc_arg *arg, + ret.code = KADM5_BAD_PRINCIPAL; + return &ret; + } +- sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2); ++ tlen1 = strlen(prime_arg1); ++ trunc_name(&tlen1, &tdots1); ++ tlen2 = strlen(prime_arg2); ++ trunc_name(&tlen2, &tdots2); ++ clen = client_name.length; ++ trunc_name(&clen, &cdots); ++ slen = service_name.length; ++ trunc_name(&slen, &sdots); + + ret.code = KADM5_OK; + if (! CHANGEPW_SERVICE(rqstp)) { +@@ -510,17 +564,29 @@ rename_principal_1_svc(rprinc_arg *arg, } else ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_rename_principal", prime_arg, -+ &client_name, &service_name, rqstp); ++ krb5_klog_syslog(LOG_NOTICE, ++ "Unauthorized request: kadm5_rename_principal, " ++ "%.*s%s to %.*s%s, " ++ "client=%.*s%s, service=%.*s%s, addr=%s", ++ tlen1, prime_arg1, tdots1, ++ tlen2, prime_arg2, tdots2, ++ clen, client_name.value, cdots, ++ slen, service_name.value, sdots, ++ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); @@ -184,13 +222,21 @@ $NetBSD$ - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_rename_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); ++ krb5_klog_syslog(LOG_NOTICE, ++ "Request: kadm5_rename_principal, " ++ "%.*s%s to %.*s%s, %s, " ++ "client=%.*s%s, service=%.*s%s, addr=%s", ++ tlen1, prime_arg1, tdots1, ++ tlen2, prime_arg2, tdots2, ++ ((ret.code == 0) ? "success" : ++ error_message(ret.code)), ++ clen, client_name.value, cdots, ++ slen, service_name.value, sdots, ++ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } free_server_handle(handle); free(prime_arg1); -@@ -572,9 +615,8 @@ get_principal_1_svc(gprinc_arg *arg, str +@@ -572,9 +638,8 @@ get_principal_1_svc(gprinc_arg *arg, str arg->princ, NULL))) { ret.code = KADM5_AUTH_GET; @@ -202,7 +248,7 @@ $NetBSD$ } else { if (handle->api_version == KADM5_API_VERSION_1) { ret.code = kadm5_get_principal_v1((void *)handle, -@@ -588,12 +630,10 @@ get_principal_1_svc(gprinc_arg *arg, str +@@ -588,12 +653,10 @@ get_principal_1_svc(gprinc_arg *arg, str arg->princ, &ret.rec, arg->mask); } @@ -219,7 +265,7 @@ $NetBSD$ } free_server_handle(handle); free(prime_arg); -@@ -638,18 +678,15 @@ get_princs_1_svc(gprincs_arg *arg, struc +@@ -638,18 +701,15 @@ get_princs_1_svc(gprincs_arg *arg, struc NULL, NULL)) { ret.code = KADM5_AUTH_LIST; @@ -242,7 +288,7 @@ $NetBSD$ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); -@@ -697,18 +734,15 @@ chpass_principal_1_svc(chpass_arg *arg, +@@ -697,18 +757,15 @@ chpass_principal_1_svc(chpass_arg *arg, ret.code = kadm5_chpass_principal((void *)handle, arg->princ, arg->pass); } else { @@ -266,7 +312,7 @@ $NetBSD$ } free_server_handle(handle); -@@ -764,18 +798,15 @@ chpass_principal3_1_svc(chpass3_arg *arg +@@ -764,18 +821,15 @@ chpass_principal3_1_svc(chpass3_arg *arg arg->ks_tuple, arg->pass); } else { @@ -290,7 +336,7 @@ $NetBSD$ } free_server_handle(handle); -@@ -822,18 +853,15 @@ setv4key_principal_1_svc(setv4key_arg *a +@@ -822,18 +876,15 @@ setv4key_principal_1_svc(setv4key_arg *a ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, arg->keyblock); } else { @@ -314,7 +360,7 @@ $NetBSD$ } free_server_handle(handle); -@@ -880,18 +908,15 @@ setkey_principal_1_svc(setkey_arg *arg, +@@ -880,18 +931,15 @@ setkey_principal_1_svc(setkey_arg *arg, ret.code = kadm5_setkey_principal((void *)handle, arg->princ, arg->keyblocks, arg->n_keys); } else { @@ -338,7 +384,7 @@ $NetBSD$ } free_server_handle(handle); -@@ -941,18 +966,15 @@ setkey_principal3_1_svc(setkey3_arg *arg +@@ -941,18 +989,15 @@ setkey_principal3_1_svc(setkey3_arg *arg arg->ks_tuple, arg->keyblocks, arg->n_keys); } else { @@ -362,7 +408,7 @@ $NetBSD$ } free_server_handle(handle); -@@ -1008,9 +1030,8 @@ chrand_principal_1_svc(chrand_arg *arg, +@@ -1008,9 +1053,8 @@ chrand_principal_1_svc(chrand_arg *arg, ret.code = kadm5_randkey_principal((void *)handle, arg->princ, &k, &nkeys); } else { @@ -374,7 +420,7 @@ $NetBSD$ ret.code = KADM5_AUTH_CHANGEPW; } -@@ -1025,11 +1046,9 @@ chrand_principal_1_svc(chrand_arg *arg, +@@ -1025,11 +1069,9 @@ chrand_principal_1_svc(chrand_arg *arg, } if(ret.code != KADM5_AUTH_CHANGEPW) { @@ -389,7 +435,7 @@ $NetBSD$ } free_server_handle(handle); free(prime_arg); -@@ -1090,9 +1109,8 @@ chrand_principal3_1_svc(chrand3_arg *arg +@@ -1090,9 +1132,8 @@ chrand_principal3_1_svc(chrand3_arg *arg arg->ks_tuple, &k, &nkeys); } else { @@ -401,7 +447,7 @@ $NetBSD$ ret.code = KADM5_AUTH_CHANGEPW; } -@@ -1107,11 +1125,9 @@ chrand_principal3_1_svc(chrand3_arg *arg +@@ -1107,11 +1148,9 @@ chrand_principal3_1_svc(chrand3_arg *arg } if(ret.code != KADM5_AUTH_CHANGEPW) { @@ -416,7 +462,7 @@ $NetBSD$ } free_server_handle(handle); free(prime_arg); -@@ -1152,18 +1168,15 @@ create_policy_1_svc(cpol_arg *arg, struc +@@ -1152,18 +1191,15 @@ create_policy_1_svc(cpol_arg *arg, struc rqst2name(rqstp), ACL_ADD, NULL, NULL)) { ret.code = KADM5_AUTH_ADD; @@ -441,7 +487,7 @@ $NetBSD$ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); -@@ -1202,17 +1215,15 @@ delete_policy_1_svc(dpol_arg *arg, struc +@@ -1202,17 +1238,15 @@ delete_policy_1_svc(dpol_arg *arg, struc if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, NULL, NULL)) { @@ -465,7 +511,7 @@ $NetBSD$ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); -@@ -1251,18 +1262,16 @@ modify_policy_1_svc(mpol_arg *arg, struc +@@ -1251,18 +1285,16 @@ modify_policy_1_svc(mpol_arg *arg, struc if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, NULL, NULL)) { @@ -490,7 +536,7 @@ $NetBSD$ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); -@@ -1337,15 +1346,13 @@ get_policy_1_svc(gpol_arg *arg, struct s +@@ -1337,15 +1369,13 @@ get_policy_1_svc(gpol_arg *arg, struct s &ret.rec); } @@ -512,7 +558,7 @@ $NetBSD$ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); -@@ -1388,18 +1395,15 @@ get_pols_1_svc(gpols_arg *arg, struct sv +@@ -1388,18 +1418,15 @@ get_pols_1_svc(gpols_arg *arg, struct sv rqst2name(rqstp), ACL_LIST, NULL, NULL)) { ret.code = KADM5_AUTH_LIST; @@ -536,7 +582,7 @@ $NetBSD$ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); -@@ -1432,11 +1436,9 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 +@@ -1432,11 +1459,9 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 } ret.code = kadm5_get_privs((void *)handle, &ret.privs); @@ -551,7 +597,7 @@ $NetBSD$ free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); -@@ -1450,6 +1452,8 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, +@@ -1450,6 +1475,8 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, service_name; kadm5_server_handle_t handle; OM_uint32 minor_stat; @@ -560,7 +606,7 @@ $NetBSD$ xdr_free(xdr_generic_ret, &ret); -@@ -1466,12 +1470,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, +@@ -1466,12 +1493,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, return &ret; } diff --git a/security/mit-krb5/patches/patch-bf b/security/mit-krb5/patches/patch-bf new file mode 100644 index 00000000000..fa61d5cae50 --- /dev/null +++ b/security/mit-krb5/patches/patch-bf @@ -0,0 +1,13 @@ +$NetBSD: patch-bf,v 1.1 2008/06/07 22:26:10 tonnerre Exp $ + +--- lib/rpc/svc_auth_gssapi.c.orig 2004-09-17 23:52:11.000000000 +0200 ++++ lib/rpc/svc_auth_gssapi.c +@@ -148,6 +148,8 @@ enum auth_stat gssrpc__svcauth_gssapi( + rqst->rq_xprt->xp_auth = &svc_auth_none; + + memset((char *) &call_res, 0, sizeof(call_res)); ++ creds.client_handle.length = 0; ++ creds.client_handle.value = NULL; + + cred = &msg->rm_call.cb_cred; + verf = &msg->rm_call.cb_verf; diff --git a/security/mit-krb5/patches/patch-bg b/security/mit-krb5/patches/patch-bg new file mode 100644 index 00000000000..18c587200e6 --- /dev/null +++ b/security/mit-krb5/patches/patch-bg @@ -0,0 +1,43 @@ +$NetBSD: patch-bg,v 1.1 2008/06/07 22:26:10 tonnerre Exp $ + +--- lib/rpc/svc_auth_unix.c.orig 2004-09-17 23:52:11.000000000 +0200 ++++ lib/rpc/svc_auth_unix.c +@@ -64,8 +64,7 @@ gssrpc__svcauth_unix( + char area_machname[MAX_MACHINE_NAME+1]; + int area_gids[NGRPS]; + } *area; +- u_int auth_len; +- int str_len, gid_len; ++ u_int auth_len, str_len, gid_len; + register int i; + + rqst->rq_xprt->xp_auth = &svc_auth_none; +@@ -74,7 +73,9 @@ gssrpc__svcauth_unix( + aup = &area->area_aup; + aup->aup_machname = area->area_machname; + aup->aup_gids = area->area_gids; +- auth_len = (u_int)msg->rm_call.cb_cred.oa_length; ++ auth_len = msg->rm_call.cb_cred.oa_length; ++ if (auth_len > INT_MAX) ++ return AUTH_BADCRED; + xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); + buf = XDR_INLINE(&xdrs, (int)auth_len); + if (buf != NULL) { +@@ -84,7 +85,7 @@ gssrpc__svcauth_unix( + stat = AUTH_BADCRED; + goto done; + } +- memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len); ++ memmove(aup->aup_machname, buf, str_len); + aup->aup_machname[str_len] = 0; + str_len = RNDUP(str_len); + buf += str_len / BYTES_PER_XDR_UNIT; +@@ -104,7 +105,7 @@ gssrpc__svcauth_unix( + * timestamp, hostname len (0), uid, gid, and gids len (0). + */ + if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { +- (void) printf("bad auth_len gid %d str %d auth %d\n", ++ (void) printf("bad auth_len gid %u str %u auth %u\n", + gid_len, str_len, auth_len); + stat = AUTH_BADCRED; + goto done; -- cgit v1.2.3