diff options
author | Ladislav Hagara | 2007-04-04 23:48:49 +0200 |
---|---|---|
committer | Eric Sandall | 2007-04-04 17:16:29 -0700 |
commit | d09c20a4e4ff12a5d4077e06743c86b67deaf166 (patch) | |
tree | 6dddb20c3138b7e2fcfb92d94dcbe6282b75b772 | |
parent | 7a170aff7b111f3da1ec0f99eb13dfb784d80133 (diff) |
krb5 security fix
(cherry picked from commit 2fa4a86d5a4c76448ab12d43f85d9608dc64161c)
-rw-r--r-- | crypto/krb5/2007-001-patch.txt | 74 | ||||
-rw-r--r-- | crypto/krb5/2007-002-patch.txt | 1273 | ||||
-rw-r--r-- | crypto/krb5/2007-003-patch.txt | 24 |
3 files changed, 1371 insertions, 0 deletions
diff --git a/crypto/krb5/2007-001-patch.txt b/crypto/krb5/2007-001-patch.txt new file mode 100644 index 0000000000..741ed35ad4 --- /dev/null +++ b/crypto/krb5/2007-001-patch.txt @@ -0,0 +1,74 @@ +*** src/appl/telnet/telnetd/state.c (revision 19480) +--- src/appl/telnet/telnetd/state.c (local) +*************** +*** 1665,1671 **** + strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ + strcmp(varp, "NLSPATH") && /* locale stuff */ + strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ +! strcmp(varp, "IFS")) { + return 1; + } else { + syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); +--- 1665,1672 ---- + strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ + strcmp(varp, "NLSPATH") && /* locale stuff */ + strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ +! strcmp(varp, "IFS") && +! !strchr(varp, '-')) { + return 1; + } else { + syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); +*** src/appl/telnet/telnetd/sys_term.c (revision 19480) +--- src/appl/telnet/telnetd/sys_term.c (local) +*************** +*** 1287,1292 **** +--- 1287,1302 ---- + #endif + #if defined (AUTHENTICATION) + if (auth_level >= 0 && autologin == AUTH_VALID) { ++ if (name[0] == '-') { ++ /* Authenticated and authorized to log in to an ++ account starting with '-'? Even if that ++ unlikely case comes to pass, the current login ++ program will not parse the resulting command ++ line properly. */ ++ syslog(LOG_ERR, "user name cannot start with '-'"); ++ fatal(net, "user name cannot start with '-'"); ++ exit(1); ++ } + # if !defined(NO_LOGIN_F) + #if defined(LOGIN_CAP_F) + argv = addarg(argv, "-F"); +*************** +*** 1377,1387 **** + } else + #endif + if (getenv("USER")) { +! argv = addarg(argv, getenv("USER")); + #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) + { + register char **cpp; + for (cpp = environ; *cpp; cpp++) + argv = addarg(argv, *cpp); + } + #endif +--- 1387,1405 ---- + } else + #endif + if (getenv("USER")) { +! char *user = getenv("USER"); +! if (user[0] == '-') { +! /* "telnet -l-x ..." */ +! syslog(LOG_ERR, "user name cannot start with '-'"); +! fatal(net, "user name cannot start with '-'"); +! exit(1); +! } +! argv = addarg(argv, user); + #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) + { + register char **cpp; + for (cpp = environ; *cpp; cpp++) ++ if ((*cpp)[0] != '-') + argv = addarg(argv, *cpp); + } + #endif diff --git a/crypto/krb5/2007-002-patch.txt b/crypto/krb5/2007-002-patch.txt new file mode 100644 index 0000000000..69f7d198f7 --- /dev/null +++ b/crypto/krb5/2007-002-patch.txt @@ -0,0 +1,1273 @@ +*** src/kadmin/server/kadm_rpc_svc.c (revision 19480) +--- src/kadmin/server/kadm_rpc_svc.c (local) +*************** +*** 250,255 **** +--- 250,257 ---- + krb5_data *c1, *c2, *realm; + gss_buffer_desc gss_str; + kadm5_server_handle_t handle; ++ size_t slen; ++ char *sdots; + + success = 0; + handle = (kadm5_server_handle_t)global_server_handle; +*************** +*** 274,279 **** +--- 276,283 ---- + if (ret == 0) + goto fail_name; + ++ slen = gss_str.length; ++ trunc_name(&slen, &sdots); + /* + * Since we accept with GSS_C_NO_NAME, the client can authenticate + * against the entire kdb. Therefore, ensure that the service +*************** +*** 296,303 **** + + fail_princ: + if (!success) { +! krb5_klog_syslog(LOG_ERR, "bad service principal %.*s", +! gss_str.length, gss_str.value); + } + gss_release_buffer(&min_stat, &gss_str); + krb5_free_principal(kctx, princ); +--- 300,307 ---- + + fail_princ: + if (!success) { +! krb5_klog_syslog(LOG_ERR, "bad service principal %.*s%s", +! slen, gss_str.value, sdots); + } + gss_release_buffer(&min_stat, &gss_str); + krb5_free_principal(kctx, princ); +*** src/kadmin/server/misc.c (revision 19480) +--- src/kadmin/server/misc.c (local) +*************** +*** 171,173 **** +--- 171,182 ---- + + return kadm5_free_principal_ent(handle->lhandle, &princ); + } ++ ++ #define MAXPRINCLEN 125 ++ ++ void ++ trunc_name(size_t *len, char **dots) ++ { ++ *dots = *len > MAXPRINCLEN ? "..." : ""; ++ *len = *len > MAXPRINCLEN ? MAXPRINCLEN : *len; ++ } +*** src/kadmin/server/misc.h (revision 19480) +--- src/kadmin/server/misc.h (local) +*************** +*** 45,47 **** +--- 45,49 ---- + #ifdef SVC_GETARGS + void kadm_1(struct svc_req *, SVCXPRT *); + #endif ++ ++ void trunc_name(size_t *len, char **dots); +*** src/kadmin/server/ovsec_kadmd.c (revision 19480) +--- src/kadmin/server/ovsec_kadmd.c (local) +*************** +*** 992,997 **** +--- 992,999 ---- + rpcproc_t proc; + int i; + const char *procname; ++ size_t clen, slen; ++ char *cdots, *sdots; + + client.length = 0; + client.value = NULL; +*************** +*** 1000,1009 **** + + (void) gss_display_name(&minor, client_name, &client, &gss_type); + (void) gss_display_name(&minor, server_name, &server, &gss_type); +! if (client.value == NULL) + client.value = "(null)"; +! if (server.value == NULL) + server.value = "(null)"; + a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); + + proc = msg->rm_call.cb_proc; +--- 1002,1021 ---- + + (void) gss_display_name(&minor, client_name, &client, &gss_type); + (void) gss_display_name(&minor, server_name, &server, &gss_type); +! if (client.value == NULL) { + client.value = "(null)"; +! clen = sizeof("(null)") -1; +! } else { +! clen = client.length; +! } +! trunc_name(&clen, &cdots); +! if (server.value == NULL) { + server.value = "(null)"; ++ slen = sizeof("(null)") - 1; ++ } else { ++ slen = server.length; ++ } ++ trunc_name(&slen, &sdots); + a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); + + proc = msg->rm_call.cb_proc; +*************** +*** 1016,1029 **** + } + if (procname != NULL) + krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " +! "claimed client = %s, server = %s, addr = %s", +! procname, client.value, +! server.value, a); + else + krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " +! "claimed client = %s, server = %s, addr = %s", +! proc, client.value, +! server.value, a); + + (void) gss_release_buffer(&minor, &client); + (void) gss_release_buffer(&minor, &server); +--- 1028,1041 ---- + } + if (procname != NULL) + krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " +! "claimed client = %.*s%s, server = %.*s%s, addr = %s", +! procname, clen, client.value, cdots, +! slen, server.value, sdots, a); + else + krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " +! "claimed client = %.*s%s, server = %.*s%s, addr = %s", +! proc, clen, client.value, cdots, +! slen, server.value, sdots, a); + + (void) gss_release_buffer(&minor, &client); + (void) gss_release_buffer(&minor, &server); +*** src/kadmin/server/schpw.c (revision 19480) +--- src/kadmin/server/schpw.c (local) +*************** +*** 40,45 **** +--- 40,47 ---- + int numresult; + char strresult[1024]; + char *clientstr; ++ size_t clen; ++ char *cdots; + + ret = 0; + rep->length = 0; +*************** +*** 258,266 **** + free(ptr); + clear.length = 0; + +! krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s", + inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr), +! clientstr, ret ? krb5_get_error_message (context, ret) : "success"); + krb5_free_unparsed_name(context, clientstr); + + if (ret) { +--- 260,271 ---- + free(ptr); + clear.length = 0; + +! clen = strlen(clientstr); +! trunc_name(&clen, &cdots); +! krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s", + inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr), +! clen, clientstr, cdots, +! ret ? krb5_get_error_message (context, ret) : "success"); + krb5_free_unparsed_name(context, clientstr); + + if (ret) { +*** src/kadmin/server/server_stubs.c (revision 19480) +--- src/kadmin/server/server_stubs.c (local) +*************** +*** 14,19 **** +--- 14,20 ---- + #include <arpa/inet.h> /* inet_ntoa */ + #include <adm_proto.h> /* krb5_klog_syslog */ + #include "misc.h" ++ #include <string.h> + + #define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" + #define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" +*************** +*** 237,242 **** +--- 238,298 ---- + return 0; + } + ++ static int ++ log_unauth( ++ char *op, ++ char *target, ++ gss_buffer_t client, ++ gss_buffer_t server, ++ struct svc_req *rqstp) ++ { ++ size_t tlen, clen, slen; ++ char *tdots, *cdots, *sdots; ++ ++ tlen = strlen(target); ++ trunc_name(&tlen, &tdots); ++ clen = client->length; ++ trunc_name(&clen, &cdots); ++ slen = server->length; ++ trunc_name(&slen, &sdots); ++ ++ return krb5_klog_syslog(LOG_NOTICE, ++ "Unauthorized request: %s, %.*s%s, " ++ "client=%.*s%s, service=%.*s%s, addr=%s", ++ op, tlen, target, tdots, ++ clen, client->value, cdots, ++ slen, server->value, sdots, ++ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); ++ } ++ ++ static int ++ log_done( ++ char *op, ++ char *target, ++ char *errmsg, ++ gss_buffer_t client, ++ gss_buffer_t server, ++ struct svc_req *rqstp) ++ { ++ size_t tlen, clen, slen; ++ char *tdots, *cdots, *sdots; ++ ++ tlen = strlen(target); ++ trunc_name(&tlen, &tdots); ++ clen = client->length; ++ trunc_name(&clen, &cdots); ++ slen = server->length; ++ trunc_name(&slen, &sdots); ++ ++ return krb5_klog_syslog(LOG_NOTICE, ++ "Request: %s, %.*s%s, %s, " ++ "client=%.*s%s, service=%.*s%s, addr=%s", ++ op, tlen, target, tdots, errmsg, ++ clen, client->value, cdots, ++ slen, server->value, sdots, ++ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); ++ } ++ + generic_ret * + create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) + { +*************** +*** 275,283 **** + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_ADD; +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + ret.code = kadm5_create_principal((void *)handle, + &arg->rec, arg->mask, +--- 331,338 ---- + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_ADD; +! log_unauth("kadm5_create_principal", prime_arg, +! &client_name, &service_name, rqstp); + } else { + ret.code = kadm5_create_principal((void *)handle, + &arg->rec, arg->mask, +*************** +*** 287,296 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } +--- 342,349 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_create_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } +*************** +*** 341,349 **** + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_ADD; +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + ret.code = kadm5_create_principal_3((void *)handle, + &arg->rec, arg->mask, +--- 394,401 ---- + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_ADD; +! log_unauth("kadm5_create_principal", prime_arg, +! &client_name, &service_name, rqstp); + } else { + ret.code = kadm5_create_principal_3((void *)handle, + &arg->rec, arg->mask, +*************** +*** 355,364 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } +--- 407,414 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_create_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } +*************** +*** 406,414 **** + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, + arg->princ, NULL)) { + ret.code = KADM5_AUTH_DELETE; +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + ret.code = kadm5_delete_principal((void *)handle, arg->princ); + if( ret.code == 0 ) +--- 456,463 ---- + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, + arg->princ, NULL)) { + ret.code = KADM5_AUTH_DELETE; +! log_unauth("kadm5_delete_principal", prime_arg, +! &client_name, &service_name, rqstp); + } else { + ret.code = kadm5_delete_principal((void *)handle, arg->princ); + if( ret.code == 0 ) +*************** +*** 416,425 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } +--- 465,472 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_delete_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } +*************** +*** 469,477 **** + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_MODIFY; +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + ret.code = kadm5_modify_principal((void *)handle, &arg->rec, + arg->mask); +--- 516,523 ---- + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_MODIFY; +! log_unauth("kadm5_modify_principal", prime_arg, +! &client_name, &service_name, rqstp); + } else { + ret.code = kadm5_modify_principal((void *)handle, &arg->rec, + arg->mask); +*************** +*** 480,489 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } +--- 526,533 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_modify_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } +*************** +*** 546,554 **** + } else + ret.code = KADM5_AUTH_INSUFFICIENT; + if (ret.code != KADM5_OK) { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + ret.code = kadm5_rename_principal((void *)handle, arg->src, + arg->dest); +--- 590,597 ---- + } else + ret.code = KADM5_AUTH_INSUFFICIENT; + if (ret.code != KADM5_OK) { +! log_unauth("kadm5_rename_principal", prime_arg, +! &client_name, &service_name, rqstp); + } else { + ret.code = kadm5_rename_principal((void *)handle, arg->src, + arg->dest); +*************** +*** 557,566 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + free(prime_arg1); +--- 600,607 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_rename_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + free(prime_arg1); +*************** +*** 614,622 **** + arg->princ, + NULL))) { + ret.code = KADM5_AUTH_GET; +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + if (handle->api_version == KADM5_API_VERSION_1) { + ret.code = kadm5_get_principal_v1((void *)handle, +--- 655,662 ---- + arg->princ, + NULL))) { + ret.code = KADM5_AUTH_GET; +! log_unauth(funcname, prime_arg, +! &client_name, &service_name, rqstp); + } else { + if (handle->api_version == KADM5_API_VERSION_1) { + ret.code = kadm5_get_principal_v1((void *)handle, +*************** +*** 636,646 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, +! prime_arg, +! errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + } + free_server_handle(handle); +--- 676,683 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done(funcname, prime_arg, errmsg, +! &client_name, &service_name, rqstp); + + } + free_server_handle(handle); +*************** +*** 688,696 **** + NULL, + NULL)) { + ret.code = KADM5_AUTH_LIST; +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + ret.code = kadm5_get_principals((void *)handle, + arg->exp, &ret.princs, +--- 725,732 ---- + NULL, + NULL)) { + ret.code = KADM5_AUTH_LIST; +! log_unauth("kadm5_get_principals", prime_arg, +! &client_name, &service_name, rqstp); + } else { + ret.code = kadm5_get_principals((void *)handle, + arg->exp, &ret.princs, +*************** +*** 700,710 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", +! prime_arg, +! errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + } + free_server_handle(handle); +--- 736,743 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_get_principals", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + + } + free_server_handle(handle); +*************** +*** 755,763 **** + ret.code = kadm5_chpass_principal((void *)handle, arg->princ, + arg->pass); + } else { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_CHANGEPW; + } + +--- 788,795 ---- + ret.code = kadm5_chpass_principal((void *)handle, arg->princ, + arg->pass); + } else { +! log_unauth("kadm5_chpass_principal", prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_CHANGEPW; + } + +*************** +*** 767,776 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + + free_server_handle(handle); +--- 799,806 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_chpass_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + + free_server_handle(handle); +*************** +*** 828,836 **** + arg->ks_tuple, + arg->pass); + } else { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_CHANGEPW; + } + +--- 858,865 ---- + arg->ks_tuple, + arg->pass); + } else { +! log_unauth("kadm5_chpass_principal", prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_CHANGEPW; + } + +*************** +*** 840,849 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + + free_server_handle(handle); +--- 869,876 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_chpass_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + + free_server_handle(handle); +*************** +*** 892,900 **** + ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, + arg->keyblock); + } else { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_SETKEY; + } + +--- 919,926 ---- + ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, + arg->keyblock); + } else { +! log_unauth("kadm5_setv4key_principal", prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_SETKEY; + } + +*************** +*** 904,913 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + + free_server_handle(handle); +--- 930,937 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_setv4key_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + + free_server_handle(handle); +*************** +*** 956,964 **** + ret.code = kadm5_setkey_principal((void *)handle, arg->princ, + arg->keyblocks, arg->n_keys); + } else { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_SETKEY; + } + +--- 980,987 ---- + ret.code = kadm5_setkey_principal((void *)handle, arg->princ, + arg->keyblocks, arg->n_keys); + } else { +! log_unauth("kadm5_setkey_principal", prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_SETKEY; + } + +*************** +*** 968,977 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + + free_server_handle(handle); +--- 991,998 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_setkey_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + + free_server_handle(handle); +*************** +*** 1023,1031 **** + arg->ks_tuple, + arg->keyblocks, arg->n_keys); + } else { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_SETKEY; + } + +--- 1044,1051 ---- + arg->ks_tuple, + arg->keyblocks, arg->n_keys); + } else { +! log_unauth("kadm5_setkey_principal", prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_SETKEY; + } + +*************** +*** 1035,1044 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + + free_server_handle(handle); +--- 1055,1062 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_setkey_principal", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + + free_server_handle(handle); +*************** +*** 1097,1105 **** + ret.code = kadm5_randkey_principal((void *)handle, arg->princ, + &k, &nkeys); + } else { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_CHANGEPW; + } + +--- 1115,1122 ---- + ret.code = kadm5_randkey_principal((void *)handle, arg->princ, + &k, &nkeys); + } else { +! log_unauth(funcname, prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_CHANGEPW; + } + +*************** +*** 1119,1128 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + free(prime_arg); +--- 1136,1143 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done(funcname, prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + free(prime_arg); +*************** +*** 1185,1193 **** + arg->ks_tuple, + &k, &nkeys); + } else { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_CHANGEPW; + } + +--- 1200,1207 ---- + arg->ks_tuple, + &k, &nkeys); + } else { +! log_unauth(funcname, prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_CHANGEPW; + } + +*************** +*** 1207,1216 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, +! prime_arg, errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + free(prime_arg); +--- 1221,1228 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done(funcname, prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + free(prime_arg); +*************** +*** 1253,1262 **** + rqst2name(rqstp), + ACL_ADD, NULL, NULL)) { + ret.code = KADM5_AUTH_ADD; +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); +! + } else { + ret.code = kadm5_create_policy((void *)handle, &arg->rec, + arg->mask); +--- 1265,1273 ---- + rqst2name(rqstp), + ACL_ADD, NULL, NULL)) { + ret.code = KADM5_AUTH_ADD; +! log_unauth("kadm5_create_policy", prime_arg, +! &client_name, &service_name, rqstp); +! + } else { + ret.code = kadm5_create_policy((void *)handle, &arg->rec, + arg->mask); +*************** +*** 1265,1275 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", +! ((prime_arg == NULL) ? "(null)" : prime_arg), +! errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +--- 1276,1284 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_create_policy", +! ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +*************** +*** 1310,1318 **** + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, + rqst2name(rqstp), + ACL_DELETE, NULL, NULL)) { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_DELETE; + } else { + ret.code = kadm5_delete_policy((void *)handle, arg->name); +--- 1319,1326 ---- + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, + rqst2name(rqstp), + ACL_DELETE, NULL, NULL)) { +! log_unauth("kadm5_delete_policy", prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_DELETE; + } else { + ret.code = kadm5_delete_policy((void *)handle, arg->name); +*************** +*** 1321,1331 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", +! ((prime_arg == NULL) ? "(null)" : prime_arg), +! errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +--- 1329,1337 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_delete_policy", +! ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +*************** +*** 1366,1374 **** + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, + rqst2name(rqstp), + ACL_MODIFY, NULL, NULL)) { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + ret.code = KADM5_AUTH_MODIFY; + } else { + ret.code = kadm5_modify_policy((void *)handle, &arg->rec, +--- 1372,1379 ---- + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, + rqst2name(rqstp), + ACL_MODIFY, NULL, NULL)) { +! log_unauth("kadm5_modify_policy", prime_arg, +! &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_MODIFY; + } else { + ret.code = kadm5_modify_policy((void *)handle, &arg->rec, +*************** +*** 1378,1388 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", +! ((prime_arg == NULL) ? "(null)" : prime_arg), +! errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +--- 1383,1391 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_modify_policy", +! ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +*************** +*** 1464,1478 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, +! ((prime_arg == NULL) ? "(null)" : prime_arg), +! errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +--- 1467,1478 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done(funcname, +! ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, +! &client_name, &service_name, rqstp); + } else { +! log_unauth(funcname, prime_arg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +*************** +*** 1517,1525 **** + rqst2name(rqstp), + ACL_LIST, NULL, NULL)) { + ret.code = KADM5_AUTH_LIST; +! krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies", +! prime_arg, client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } else { + ret.code = kadm5_get_policies((void *)handle, + arg->exp, &ret.pols, +--- 1517,1524 ---- + rqst2name(rqstp), + ACL_LIST, NULL, NULL)) { + ret.code = KADM5_AUTH_LIST; +! log_unauth("kadm5_get_policies", prime_arg, +! &client_name, &service_name, rqstp); + } else { + ret.code = kadm5_get_policies((void *)handle, + arg->exp, &ret.pols, +*************** +*** 1529,1539 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", +! prime_arg, +! errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +--- 1528,1535 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_get_policies", prime_arg, errmsg, +! &client_name, &service_name, rqstp); + } + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +*************** +*** 1573,1583 **** + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", +! client_name.value, +! errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +--- 1569,1576 ---- + else + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + +! log_done("kadm5_get_privs", client_name.value, errmsg, +! &client_name, &service_name, rqstp); + + free_server_handle(handle); + gss_release_buffer(&minor_stat, &client_name); +*************** +*** 1594,1599 **** +--- 1587,1594 ---- + kadm5_server_handle_t handle; + OM_uint32 minor_stat; + char *errmsg = 0; ++ size_t clen, slen; ++ char *cdots, *sdots; + + xdr_free(xdr_generic_ret, &ret); + +*************** +*** 1612,1625 **** + + if (ret.code != 0) + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); +! krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", +! (ret.api_version == KADM5_API_VERSION_1 ? +! "kadm5_init (V1)" : "kadm5_init"), +! client_name.value, +! (ret.code == 0) ? "success" : errmsg, +! client_name.value, service_name.value, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), +! rqstp->rq_cred.oa_flavor); + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); + +--- 1607,1628 ---- + + if (ret.code != 0) + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); +! else +! errmsg = "success"; +! +! clen = client_name.length; +! trunc_name(&clen, &cdots); +! slen = service_name.length; +! trunc_name(&slen, &sdots); +! krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, " +! "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d", +! (ret.api_version == KADM5_API_VERSION_1 ? +! "kadm5_init (V1)" : "kadm5_init"), +! clen, client_name.value, cdots, errmsg, +! clen, client_name.value, cdots, +! slen, service_name.value, sdots, +! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), +! rqstp->rq_cred.oa_flavor); + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); + +*** src/kdc/do_tgs_req.c (revision 19480) +--- src/kdc/do_tgs_req.c (local) +*************** +*** 491,518 **** + newtransited = 1; + } + if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) { + errcode = krb5_check_transited_list (kdc_context, + &enc_tkt_reply.transited.tr_contents, + krb5_princ_realm (kdc_context, header_ticket->enc_part2->client), + krb5_princ_realm (kdc_context, request->server)); + if (errcode == 0) { + setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED); + } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT) + krb5_klog_syslog (LOG_INFO, +! "bad realm transit path from '%s' to '%s' via '%.*s'", + cname ? cname : "<unknown client>", + sname ? sname : "<unknown server>", +! enc_tkt_reply.transited.tr_contents.length, +! enc_tkt_reply.transited.tr_contents.data); + else { + const char *emsg = krb5_get_error_message(kdc_context, errcode); + krb5_klog_syslog (LOG_ERR, +! "unexpected error checking transit from '%s' to '%s' via '%.*s': %s", + cname ? cname : "<unknown client>", + sname ? sname : "<unknown server>", +! enc_tkt_reply.transited.tr_contents.length, + enc_tkt_reply.transited.tr_contents.data, +! emsg); + krb5_free_error_message(kdc_context, emsg); + } + } else +--- 491,528 ---- + newtransited = 1; + } + if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) { ++ unsigned int tlen; ++ char *tdots; ++ + errcode = krb5_check_transited_list (kdc_context, + &enc_tkt_reply.transited.tr_contents, + krb5_princ_realm (kdc_context, header_ticket->enc_part2->client), + krb5_princ_realm (kdc_context, request->server)); ++ tlen = enc_tkt_reply.transited.tr_contents.length; ++ tdots = tlen > 125 ? "..." : ""; ++ tlen = tlen > 125 ? 125 : tlen; ++ + if (errcode == 0) { + setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED); + } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT) + krb5_klog_syslog (LOG_INFO, +! "bad realm transit path from '%s' to '%s' " +! "via '%.*s%s'", + cname ? cname : "<unknown client>", + sname ? sname : "<unknown server>", +! tlen, +! enc_tkt_reply.transited.tr_contents.data, +! tdots); + else { + const char *emsg = krb5_get_error_message(kdc_context, errcode); + krb5_klog_syslog (LOG_ERR, +! "unexpected error checking transit from " +! "'%s' to '%s' via '%.*s%s': %s", + cname ? cname : "<unknown client>", + sname ? sname : "<unknown server>", +! tlen, + enc_tkt_reply.transited.tr_contents.data, +! tdots, emsg); + krb5_free_error_message(kdc_context, emsg); + } + } else +*************** +*** 542,547 **** +--- 552,560 ---- + if (!krb5_principal_compare(kdc_context, request->server, client2)) { + if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp))) + tmp = 0; ++ if (tmp != NULL) ++ limit_string(tmp); ++ + krb5_klog_syslog(LOG_INFO, + "TGS_REQ %s: 2ND_TKT_MISMATCH: " + "authtime %d, %s for %s, 2nd tkt client %s", +*************** +*** 816,821 **** +--- 829,835 ---- + krb5_klog_syslog(LOG_INFO, + "TGS_REQ: issuing alternate <un-unparseable> TGT"); + } else { ++ limit_string(sname); + krb5_klog_syslog(LOG_INFO, + "TGS_REQ: issuing TGT %s", sname); + free(sname); +*** src/kdc/kdc_util.c (revision 19480) +--- src/kdc/kdc_util.c (local) +*************** +*** 404,409 **** +--- 404,410 ---- + + krb5_db_free_principal(kdc_context, &server, nprincs); + if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) { ++ limit_string(sname); + krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'", + sname); + free(sname); +*** src/lib/kadm5/logger.c (revision 19480) +--- src/lib/kadm5/logger.c (local) +*************** +*** 45,51 **** + #include <varargs.h> + #endif /* HAVE_STDARG_H */ + +! #define KRB5_KLOG_MAX_ERRMSG_SIZE 1024 + #ifndef MAXHOSTNAMELEN + #define MAXHOSTNAMELEN 256 + #endif /* MAXHOSTNAMELEN */ +--- 45,51 ---- + #include <varargs.h> + #endif /* HAVE_STDARG_H */ + +! #define KRB5_KLOG_MAX_ERRMSG_SIZE 2048 + #ifndef MAXHOSTNAMELEN + #define MAXHOSTNAMELEN 256 + #endif /* MAXHOSTNAMELEN */ +*************** +*** 261,267 **** + #endif /* HAVE_SYSLOG */ + + /* Now format the actual message */ +! #if HAVE_VSPRINTF + vsprintf(cp, actual_format, ap); + #else /* HAVE_VSPRINTF */ + sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1], +--- 261,269 ---- + #endif /* HAVE_SYSLOG */ + + /* Now format the actual message */ +! #if HAVE_VSNPRINTF +! vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap); +! #elif HAVE_VSPRINTF + vsprintf(cp, actual_format, ap); + #else /* HAVE_VSPRINTF */ + sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1], +*************** +*** 850,856 **** + syslogp = &outbuf[strlen(outbuf)]; + + /* Now format the actual message */ +! #ifdef HAVE_VSPRINTF + vsprintf(syslogp, format, arglist); + #else /* HAVE_VSPRINTF */ + sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1], +--- 852,860 ---- + syslogp = &outbuf[strlen(outbuf)]; + + /* Now format the actual message */ +! #ifdef HAVE_VSNPRINTF +! vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist); +! #elif HAVE_VSPRINTF + vsprintf(syslogp, format, arglist); + #else /* HAVE_VSPRINTF */ + sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1], diff --git a/crypto/krb5/2007-003-patch.txt b/crypto/krb5/2007-003-patch.txt new file mode 100644 index 0000000000..cefd7247a2 --- /dev/null +++ b/crypto/krb5/2007-003-patch.txt @@ -0,0 +1,24 @@ +*** src/lib/gssapi/krb5/k5unseal.c (revision 19510) +--- src/lib/gssapi/krb5/k5unseal.c (revision 19511) +*************** +*** 457,464 **** + + if ((ctx->initiate && direction != 0xff) || + (!ctx->initiate && direction != 0)) { +! if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = G_BAD_DIRECTION; + return(GSS_S_BAD_SIG); + } +--- 457,467 ---- + + if ((ctx->initiate && direction != 0xff) || + (!ctx->initiate && direction != 0)) { +! if (toktype == KG_TOK_SEAL_MSG) { + xfree(token.value); ++ message_buffer->value = NULL; ++ message_buffer->length = 0; ++ } + *minor_status = G_BAD_DIRECTION; + return(GSS_S_BAD_SIG); + } |