SHA256
1
0
forked from pool/krb5
OBS User unknown 2007-09-13 16:47:35 +00:00 committed by Git OBS Bridge
parent 47047c041c
commit c1c1df81b9
7 changed files with 372 additions and 8 deletions

View File

@ -1,7 +1,184 @@
Index: src/clients/kvno/kvno.M
===================================================================
--- src/clients/kvno/kvno.M (.../tags/krb5-1-6-2-final) (Revision 19931)
+++ src/clients/kvno/kvno.M (.../branches/krb5-1-6) (Revision 19931)
@@ -55,6 +55,15 @@
specifies that Kerberos version 4 tickets should be acquired and
described. This option is only available if Kerberos 4 support was
enabled at compilation time.
+.TP
+.B \-S sname
+specifies that krb5_sname_to_principal() will be used to build
+principal names. If this flag is specified, the
+.B service1 service2 ...
+arguments are interpreted as hostnames (rather than principal names),
+and
+.B sname
+is interpreted as the service name.
.SH ENVIRONMENT
.B Kvno
uses the following environment variable:
Index: src/clients/kvno/kvno.c
===================================================================
--- src/clients/kvno/kvno.c (.../tags/krb5-1-6-2-final) (Revision 19931)
+++ src/clients/kvno/kvno.c (.../branches/krb5-1-6) (Revision 19931)
@@ -41,10 +41,10 @@
{
#ifdef KRB5_KRB4_COMPAT
fprintf(stderr,
- "usage: %s [-4 | [-c ccache] [-e etype] [-k keytab]] service1 service2 ...\n",
+ "usage: %s [-4 | [-c ccache] [-e etype] [-k keytab] [-S sname]] service1 service2 ...\n",
prog);
#else
- fprintf(stderr, "usage: %s [-c ccache] [-e etype] [-k keytab] service1 service2 ...\n",
+ fprintf(stderr, "usage: %s [-c ccache] [-e etype] [-k keytab] [-S sname] service1 service2 ...\n",
prog);
#endif
exit(1);
@@ -54,7 +54,8 @@
static void do_v4_kvno (int argc, char *argv[]);
static void do_v5_kvno (int argc, char *argv[],
- char *ccachestr, char *etypestr, char *keytab_name);
+ char *ccachestr, char *etypestr, char *keytab_name,
+ char *sname);
#include <com_err.h>
static void extended_com_err_fn (const char *, errcode_t, const char *,
@@ -64,6 +65,7 @@
{
int option;
char *etypestr = NULL, *ccachestr = NULL, *keytab_name = NULL;
+ char *sname = NULL;
int v4 = 0;
set_com_err_hook (extended_com_err_fn);
@@ -71,7 +73,7 @@
prog = strrchr(argv[0], '/');
prog = prog ? (prog + 1) : argv[0];
- while ((option = getopt(argc, argv, "c:e:hk:q4")) != -1) {
+ while ((option = getopt(argc, argv, "c:e:hk:q4S:")) != -1) {
switch (option) {
case 'c':
ccachestr = optarg;
@@ -91,6 +93,9 @@
case '4':
v4 = 1;
break;
+ case 'S':
+ sname = optarg;
+ break;
default:
xusage();
break;
@@ -103,10 +108,14 @@
if ((ccachestr != NULL || etypestr != NULL || keytab_name != NULL) && v4)
xusage();
+ if (sname != NULL && v4)
+ xusage();
+
if (v4)
do_v4_kvno(argc - optind, argv + optind);
else
- do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr, keytab_name);
+ do_v5_kvno(argc - optind, argv + optind,
+ ccachestr, etypestr, keytab_name, sname);
return 0;
}
@@ -172,7 +181,8 @@
}
static void do_v5_kvno (int count, char *names[],
- char * ccachestr, char *etypestr, char *keytab_name)
+ char * ccachestr, char *etypestr, char *keytab_name,
+ char *sname)
{
krb5_error_code ret;
int i, errors;
@@ -230,7 +240,13 @@
in_creds.client = me;
- ret = krb5_parse_name(context, names[i], &in_creds.server);
+ if (sname != NULL) {
+ ret = krb5_sname_to_principal(context, names[i],
+ sname, KRB5_NT_SRV_HST,
+ &in_creds.server);
+ } else {
+ ret = krb5_parse_name(context, names[i], &in_creds.server);
+ }
if (ret) {
if (!quiet)
com_err(prog, ret, "while parsing principal name %s", names[i]);
Index: src/lib/crypto/prng.c
===================================================================
--- src/lib/crypto/prng.c (.../tags/krb5-1-6-2-final) (Revision 19931)
+++ src/lib/crypto/prng.c (.../branches/krb5-1-6) (Revision 19931)
@@ -162,7 +162,7 @@
krb5_data data;
struct stat sb;
int fd;
- unsigned char buf[YARROW_SLOW_THRESH/8];
+ unsigned char buf[YARROW_SLOW_THRESH/8], *bp;
int left;
fd = open (device, O_RDONLY);
if (fd == -1)
@@ -173,14 +173,16 @@
close(fd);
return 0;
}
- for (left = sizeof (buf); left > 0;) {
+
+ for (bp = &buf, left = sizeof (buf); left > 0;) {
ssize_t count;
- count = read (fd, &buf, (unsigned) left);
+ count = read (fd, bp, (unsigned) left);
if (count <= 0) {
close(fd);
return 0;
}
left -= count;
+ bp += count;
}
close (fd);
data.length = sizeof (buf);
@@ -199,7 +201,7 @@
int unused;
int *oursuccess = success?success:&unused;
*oursuccess = 0;
- /* If we are getting strong data then try that first. We aare
+ /* If we are getting strong data then try that first. We are
guaranteed to cause a reseed of some kind if strong is true and
we have both /dev/random and /dev/urandom. We want the strong
data included in the reseed so we get it first.*/
Index: src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- src/lib/gssapi/spnego/spnego_mech.c (.../tags/krb5-1-6-2-final) (Revision 19931)
+++ src/lib/gssapi/spnego/spnego_mech.c (.../branches/krb5-1-6) (Revision 19931)
@@ -61,7 +61,7 @@
/* private routines for spnego_mechanism */
static spnego_token_t make_spnego_token(char *);
static gss_buffer_desc make_err_msg(char *);
-static int g_token_size(gss_OID_const, OM_uint32);
+static int g_token_size(gss_OID_const, unsigned int);
static int g_make_token_header(gss_OID_const, unsigned int,
unsigned char **, unsigned int);
static int g_verify_token_header(gss_OID_const, unsigned int *,
@@ -835,6 +835,7 @@
ret = GSS_S_FAILURE;
}
}
+ gss_release_buffer(&tmpmin, &mechtok_out);
if (ret == GSS_S_COMPLETE) {
/*
* Now, switch the output context to refer to the
Index: src/lib/krb5/ccache/cc_file.c Index: src/lib/krb5/ccache/cc_file.c
=================================================================== ===================================================================
--- src/lib/krb5/ccache/cc_file.c (.../tags/krb5-1-6-2-final) (Revision 19755) --- src/lib/krb5/ccache/cc_file.c (.../tags/krb5-1-6-2-final) (Revision 19931)
+++ src/lib/krb5/ccache/cc_file.c (.../branches/krb5-1-6) (Revision 19755) +++ src/lib/krb5/ccache/cc_file.c (.../branches/krb5-1-6) (Revision 19931)
@@ -1954,6 +1954,9 @@ @@ -1954,6 +1954,9 @@
char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for
NUL */ NUL */
@ -143,10 +320,79 @@ Index: src/lib/krb5/ccache/cc_file.c
err_out: err_out:
krb5_xfree(((krb5_fcc_data *) lid->data)->filename); krb5_xfree(((krb5_fcc_data *) lid->data)->filename);
Index: src/lib/krb5/ccache/ccfns.c
===================================================================
--- src/lib/krb5/ccache/ccfns.c (.../tags/krb5-1-6-2-final) (Revision 19931)
+++ src/lib/krb5/ccache/ccfns.c (.../branches/krb5-1-6) (Revision 19931)
@@ -1,7 +1,7 @@
/*
* lib/krb5/ccache/ccfns.c
*
- * Copyright 2000 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -65,7 +65,29 @@
krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
krb5_creds *creds)
{
- return cache->ops->store(context, cache, creds);
+ krb5_error_code ret;
+ krb5_ticket *tkt;
+ krb5_principal s1, s2;
+
+ ret = cache->ops->store(context, cache, creds);
+ if (ret) return ret;
+
+ /*
+ * If creds->server and the server in the decoded ticket differ,
+ * store both principals.
+ */
+ s1 = creds->server;
+ ret = decode_krb5_ticket(&creds->ticket, &tkt);
+ /* Bail out on errors in case someone is storing a non-ticket. */
+ if (ret) return 0;
+ s2 = tkt->server;
+ if (!krb5_principal_compare(context, s1, s2)) {
+ creds->server = s2;
+ ret = cache->ops->store(context, cache, creds);
+ creds->server = s1;
+ }
+ krb5_free_ticket(context, tkt);
+ return ret;
}
krb5_error_code KRB5_CALLCONV
@@ -73,7 +95,23 @@
krb5_flags flags, krb5_creds *mcreds,
krb5_creds *creds)
{
- return cache->ops->retrieve(context, cache, flags, mcreds, creds);
+ krb5_error_code ret;
+ krb5_data tmprealm;
+
+ ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
+ if (ret != KRB5_CC_NOTFOUND)
+ return ret;
+ if (!krb5_is_referral_realm(&mcreds->server->realm))
+ return ret;
+
+ /*
+ * Retry using client's realm if service has referral realm.
+ */
+ tmprealm = mcreds->server->realm;
+ mcreds->server->realm = mcreds->client->realm;
+ ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
+ mcreds->server->realm = tmprealm;
+ return ret;
}
krb5_error_code KRB5_CALLCONV
Index: src/lib/krb5/krb/gc_frm_kdc.c Index: src/lib/krb5/krb/gc_frm_kdc.c
=================================================================== ===================================================================
--- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19755) --- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19931)
+++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19755) +++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19931)
@@ -906,7 +906,6 @@ @@ -906,7 +906,6 @@
/* Whether or not that succeeded, we're done. */ /* Whether or not that succeeded, we're done. */
goto cleanup; goto cleanup;
@ -204,4 +450,3 @@ Index: src/lib/krb5/krb/gc_frm_kdc.c
} }
} }

View File

@ -0,0 +1,41 @@
--- src/lib/kadm5/srv/svr_policy.c
+++ src/lib/kadm5/srv/svr_policy.c 2007/08/24 14:32:34
@@ -211,8 +211,9 @@
if((mask & KADM5_POLICY))
return KADM5_BAD_MASK;
- ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt);
- if( ret && (cnt==0) )
+ if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
+ return ret;
+ if (cnt != 1)
return KADM5_UNK_POLICY;
if ((mask & KADM5_PW_MAX_LIFE))
--- src/lib/rpc/svc_auth_gss.c
+++ src/lib/rpc/svc_auth_gss.c 2007/09/06 08:32:37
@@ -355,6 +355,15 @@
memset(rpchdr, 0, sizeof(rpchdr));
/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
+ oa = &msg->rm_call.cb_cred;
+ if (oa->oa_length > MAX_AUTH_BYTES)
+ return (FALSE);
+
+ /* 8 XDR units from the IXDR macro calls. */
+ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
+ RNDUP(oa->oa_length)))
+ return (FALSE);
+
buf = (int32_t *)(void *)rpchdr;
IXDR_PUT_LONG(buf, msg->rm_xid);
IXDR_PUT_ENUM(buf, msg->rm_direction);
@@ -362,7 +371,6 @@
IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
- oa = &msg->rm_call.cb_cred;
IXDR_PUT_ENUM(buf, oa->oa_flavor);
IXDR_PUT_LONG(buf, oa->oa_length);
if (oa->oa_length) {

View File

@ -13,7 +13,7 @@
Name: krb5-doc Name: krb5-doc
BuildRequires: ghostscript-library latex2html texlive BuildRequires: ghostscript-library latex2html texlive
Version: 1.6.2 Version: 1.6.2
Release: 12 Release: 28
%define srcRoot krb5-1.6.2 %define srcRoot krb5-1.6.2
Summary: MIT Kerberos5 Implementation--Documentation Summary: MIT Kerberos5 Implementation--Documentation
License: X11/MIT License: X11/MIT

View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Tue Sep 11 15:11:34 CEST 2007 - mc@suse.de
- update krb5-1.6.2-post.dif
* new -S sname option for kvno
* read_entropy_from_device on partial read will not fill buffer
* Bail out if encoded "ticket" doesn't decode correctly.
* patch for referrals loop
-------------------------------------------------------------------
Thu Sep 6 10:43:50 CEST 2007 - mc@suse.de
- fix a problem with the originally published patch
for MITKRB5-SA-2007-006 - CVE-2007-3999
[#302377]
-------------------------------------------------------------------
Wed Sep 5 12:18:38 CEST 2007 - mc@suse.de
- fix execute arbitrary code
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
[#302377]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Aug 7 11:59:05 CEST 2007 - mc@suse.de Tue Aug 7 11:59:05 CEST 2007 - mc@suse.de

View File

@ -13,7 +13,7 @@
Name: krb5-plugins Name: krb5-plugins
Version: 1.6.2 Version: 1.6.2
Release: 2 Release: 3
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
%define srcRoot krb5-1.6.2 %define srcRoot krb5-1.6.2
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
@ -45,6 +45,7 @@ Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
Patch24: krb5-1.5.1-fix-strncat-warning.dif Patch24: krb5-1.5.1-fix-strncat-warning.dif
Patch25: krb5-1.6.1-init-salt-length.dif Patch25: krb5-1.6.1-init-salt-length.dif
Patch26: krb5-1.4.3-extra-check-kt_file.c.dif Patch26: krb5-1.4.3-extra-check-kt_file.c.dif
Patch27: krb5-MITKRB5-SA-2007-006-fix-execute-code-2.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -110,6 +111,7 @@ fi
%patch24 %patch24
%patch25 %patch25
%patch26 %patch26
%patch27
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
%build %build
@ -207,6 +209,20 @@ rm -rf %{buildroot}
%{_mandir}/man8/* %{_mandir}/man8/*
%changelog %changelog
* Tue Sep 11 2007 - mc@suse.de
- update krb5-1.6.2-post.dif
* new -S sname option for kvno
* read_entropy_from_device on partial read will not fill buffer
* Bail out if encoded "ticket" doesn't decode correctly.
* patch for referrals loop
* Thu Sep 06 2007 - mc@suse.de
- fix a problem with the originally published patch
for MITKRB5-SA-2007-006 - CVE-2007-3999
[#302377]
* Wed Sep 05 2007 - mc@suse.de
- fix execute arbitrary code
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
[#302377]
* Tue Aug 07 2007 - mc@suse.de * Tue Aug 07 2007 - mc@suse.de
- add krb5-1.6.2-post.dif - add krb5-1.6.2-post.dif
* during the referrals loop, check to see if the * during the referrals loop, check to see if the

View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de
- update krb5-1.6.2-post.dif
* new -S sname option for kvno
* read_entropy_from_device on partial read will not fill buffer
* Bail out if encoded "ticket" doesn't decode correctly.
* patch for referrals loop
-------------------------------------------------------------------
Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de
- fix a problem with the originally published patch
for MITKRB5-SA-2007-006 - CVE-2007-3999
[#302377]
-------------------------------------------------------------------
Wed Sep 5 12:18:21 CEST 2007 - mc@suse.de
- fix execute arbitrary code
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
[#302377]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de

View File

@ -12,7 +12,7 @@
Name: krb5 Name: krb5
Version: 1.6.2 Version: 1.6.2
Release: 9 Release: 18
BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: bison libcom_err-devel ncurses-devel
%if %{suse_version} > 1010 %if %{suse_version} > 1010
BuildRequires: keyutils keyutils-devel BuildRequires: keyutils keyutils-devel
@ -49,6 +49,7 @@ Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
Patch24: krb5-1.5.1-fix-strncat-warning.dif Patch24: krb5-1.5.1-fix-strncat-warning.dif
Patch25: krb5-1.6.1-init-salt-length.dif Patch25: krb5-1.6.1-init-salt-length.dif
Patch26: krb5-1.4.3-extra-check-kt_file.c.dif Patch26: krb5-1.4.3-extra-check-kt_file.c.dif
Patch27: krb5-MITKRB5-SA-2007-006-fix-execute-code-2.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch PreReq: mktemp, grep, /bin/touch
@ -201,6 +202,7 @@ fi
%patch24 %patch24
%patch25 %patch25
%patch26 %patch26
%patch27
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
%build %build
@ -511,6 +513,20 @@ rm -rf %{buildroot}
%{_mandir}/man1/krb5-config.1* %{_mandir}/man1/krb5-config.1*
%changelog %changelog
* Tue Sep 11 2007 - mc@suse.de
- update krb5-1.6.2-post.dif
* new -S sname option for kvno
* read_entropy_from_device on partial read will not fill buffer
* Bail out if encoded "ticket" doesn't decode correctly.
* patch for referrals loop
* Thu Sep 06 2007 - mc@suse.de
- fix a problem with the originally published patch
for MITKRB5-SA-2007-006 - CVE-2007-3999
[#302377]
* Wed Sep 05 2007 - mc@suse.de
- fix execute arbitrary code
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
[#302377]
* Tue Aug 07 2007 - mc@suse.de * Tue Aug 07 2007 - mc@suse.de
- add krb5-1.6.2-post.dif - add krb5-1.6.2-post.dif
* during the referrals loop, check to see if the * during the referrals loop, check to see if the