diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2003-05-07 03:47:49 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2003-05-07 03:47:49 +0000 |
| commit | b19f46658c50e2c65f0ecc453aefa382cad5a7a6 (patch) | |
| tree | b57b48ed1a735d2330de6a46009debbb41f6f118 /security/krb5-appl/files | |
| parent | Rename a patch file. (diff) | |
Update 1.2.7 --> 1.2.8.
Notes
Notes:
svn path=/head/; revision=80323
Diffstat (limited to 'security/krb5-appl/files')
| -rw-r--r-- | security/krb5-appl/files/patch-appl::telnet::libtelnet::kerberos5.c | 14 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-clients::ksu::heuristic.c | 12 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-clients::ksu::krb_auth_su.c | 13 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-kdc::do_tgs_req.c | 12 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-kdc::kdc_util.c | 27 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-kdc::kdc_util.h | 15 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-kdc::kerberos_v4.c | 233 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-kdc::main.c | 37 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-krb524::cnv_tkt_skey.c | 34 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-krb524::krb524d.c | 89 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-lib::kdb::keytab.c | 86 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-lib::krb5::krb::gc_frm_kdc.c | 14 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-lib::krb5::krb::parse.c | 29 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-lib::krb5::krb::unparse.c | 17 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-lib::rpc::xdr_mem.c | 136 |
15 files changed, 0 insertions, 768 deletions
diff --git a/security/krb5-appl/files/patch-appl::telnet::libtelnet::kerberos5.c b/security/krb5-appl/files/patch-appl::telnet::libtelnet::kerberos5.c deleted file mode 100644 index 2115fd77a446..000000000000 --- a/security/krb5-appl/files/patch-appl::telnet::libtelnet::kerberos5.c +++ /dev/null @@ -1,14 +0,0 @@ -diff -ur krb5-1.2.7/src/appl/telnet/libtelnet/kerberos5.c krb5-1.2.7/src/appl/telnet/libtelnet/kerberos5.c ---- appl/telnet/libtelnet/kerberos5.c 2002-03-29 00:07:09.000000000-0500 -+++ appl/telnet/libtelnet/kerberos5.c 2003-02-03 17:30:18.000000000-0500 -@@ -441,6 +441,10 @@ - * first component of a service name especially since - * the default is of length 4. - */ -+ if (krb5_princ_size(telnet_context,ticket->server) < 1) { -+ (void) strcpy(errbuf, "malformed service name"); -+ goto errout; -+ } - if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) { - char princ[256]; - strncpy(princ, diff --git a/security/krb5-appl/files/patch-clients::ksu::heuristic.c b/security/krb5-appl/files/patch-clients::ksu::heuristic.c deleted file mode 100644 index 9a92c4eb7058..000000000000 --- a/security/krb5-appl/files/patch-clients::ksu::heuristic.c +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur krb5-1.2.7/src/clients/ksu/heuristic.c krb5-1.2.7/src/clients/ksu/heuristic.c ---- clients/ksu/heuristic.c 2003-02-03 15:24:57.000000000 -0500 -+++ clients/ksu/heuristic.c 2003-02-03 17:56:38.000000000 -0500 -@@ -355,7 +355,7 @@ - krb5_data *p2 = - krb5_princ_component(context, temp_client, j); - -- if ((p1->length != p2->length) || -+ if (!p1 || !p2 || (p1->length != p2->length) || - memcmp(p1->data,p2->data,p1->length)){ - got_one = FALSE; - break; diff --git a/security/krb5-appl/files/patch-clients::ksu::krb_auth_su.c b/security/krb5-appl/files/patch-clients::ksu::krb_auth_su.c deleted file mode 100644 index 150551765d3d..000000000000 --- a/security/krb5-appl/files/patch-clients::ksu::krb_auth_su.c +++ /dev/null @@ -1,13 +0,0 @@ ---- clients/ksu/krb_auth_su.c.orig Mon Dec 6 13:56:09 1999 -+++ clients/ksu/krb_auth_su.c Tue Feb 25 19:54:14 2003 -@@ -620,7 +620,9 @@ - krb5_princ_realm(context, temp_client)->length))){ - - -- if(nelem){ -+ if(nelem && -+ (krb5_princ_size(context, *client) > 0) && -+ (krb5_princ_size(context, temp_client) > 0)){ - krb5_data *p1 = - krb5_princ_component(context, *client, 0); - krb5_data *p2 = diff --git a/security/krb5-appl/files/patch-kdc::do_tgs_req.c b/security/krb5-appl/files/patch-kdc::do_tgs_req.c deleted file mode 100644 index 58e41c08a5e7..000000000000 --- a/security/krb5-appl/files/patch-kdc::do_tgs_req.c +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur krb5-1.2.7/src/kdc/do_tgs_req.c krb5-1.2.7/src/kdc/do_tgs_req.c ---- kdc/do_tgs_req.c 2003-02-03 15:24:58.000000000 -0500 -+++ kdc/do_tgs_req.c 2003-02-03 17:54:27.000000000 -0500 -@@ -180,7 +180,7 @@ - krb5_data *tgs_1 = - krb5_princ_component(kdc_context, tgs_server, 1); - -- if (server_1->length != tgs_1->length || -+ if (!tgs_1 || server_1->length != tgs_1->length || - memcmp(server_1->data, tgs_1->data, tgs_1->length)) { - krb5_db_free_principal(kdc_context, &server, nprincs); - find_alternate_tgs(request, &server, &more, &nprincs); diff --git a/security/krb5-appl/files/patch-kdc::kdc_util.c b/security/krb5-appl/files/patch-kdc::kdc_util.c deleted file mode 100644 index 078a4b73c4fe..000000000000 --- a/security/krb5-appl/files/patch-kdc::kdc_util.c +++ /dev/null @@ -1,27 +0,0 @@ -Index: kdc/kdc_util.c -=================================================================== -RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v -retrieving revision 5.96.2.2.2.3 -diff -p -u -r5.96.2.2.2.3 kdc_util.c ---- kdc/kdc_util.c 2002/10/31 00:38:34 5.96.2.2.2.3 -+++ kdc/kdc_util.c 2003/03/19 00:39:00 -@@ -157,7 +157,8 @@ realm_compare(princ1, princ2) - krb5_boolean krb5_is_tgs_principal(principal) - krb5_principal principal; - { -- if ((krb5_princ_component(kdc_context, principal, 0)->length == -+ if (krb5_princ_size(kdc_context, principal) > 0 && -+ (krb5_princ_component(kdc_context, principal, 0)->length == - KRB5_TGS_NAME_SIZE) && - (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data, - KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE))) -@@ -1195,7 +1196,8 @@ - return KRB_AP_ERR_NOT_US; - } - /* ...and that the second component matches the server realm... */ -- if ((krb5_princ_component(kdc_context, ticket->server, 1)->length != -+ if ((krb5_princ_size(kdc_context, ticket->server) <= 1) || -+ (krb5_princ_component(kdc_context, ticket->server, 1)->length != - krb5_princ_realm(kdc_context, request->server)->length) || - memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data, - krb5_princ_realm(kdc_context, request->server)->data, diff --git a/security/krb5-appl/files/patch-kdc::kdc_util.h b/security/krb5-appl/files/patch-kdc::kdc_util.h deleted file mode 100644 index 262f3ff8cb29..000000000000 --- a/security/krb5-appl/files/patch-kdc::kdc_util.h +++ /dev/null @@ -1,15 +0,0 @@ -Index: kdc/kdc_util.h -=================================================================== -RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.h,v -retrieving revision 5.44.4.1 -diff -u -r5.44.4.1 kdc_util.h ---- kdc/kdc_util.h 2001/10/13 00:12:26 5.44.4.1 -+++ kdc/kdc_util.h 2002/10/15 23:32:45 -@@ -183,6 +183,7 @@ - const krb5_fulladdr *, - int is_secondary, - krb5_data **)); -+void enable_v4_crossrealm(char *); - #else - #define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION - #endif diff --git a/security/krb5-appl/files/patch-kdc::kerberos_v4.c b/security/krb5-appl/files/patch-kdc::kerberos_v4.c deleted file mode 100644 index 5b197f68afd9..000000000000 --- a/security/krb5-appl/files/patch-kdc::kerberos_v4.c +++ /dev/null @@ -1,233 +0,0 @@ -Index: kdc/kerberos_v4.c -=================================================================== -RCS file: /cvs/krbdev/krb5/src/kdc/kerberos_v4.c,v -retrieving revision 5.68.2.3.2.1 -diff -u -r5.68.2.3.2.1 kerberos_v4.c ---- kdc/kerberos_v4.c 2002/08/15 21:28:54 5.68.2.3.2.1 -+++ kdc/kerberos_v4.c 2002/10/15 23:32:45 -@@ -149,7 +149,7 @@ - - void kerberos_v4 PROTOTYPE((struct sockaddr_in *, KTEXT)); - void kerb_err_reply PROTOTYPE((struct sockaddr_in *, KTEXT, long, char *)); --static int set_tgtkey PROTOTYPE((char *, krb5_kvno)); -+static int set_tgtkey PROTOTYPE((char *, krb5_kvno, krb5_boolean)); - - /* Attributes converted from V5 to V4 - internal representation */ - #define V4_KDB_REQUIRES_PREAUTH 0x1 -@@ -182,6 +182,7 @@ - - static const int v4mode_table_nents = sizeof(v4mode_table)/ - sizeof(v4mode_table[0]); -+static int allow_v4_crossrealm = 0; - - void process_v4_mode(progname, string) - const char *progname; -@@ -210,6 +211,11 @@ - return; - } - -+void enable_v4_crossrealm ( char *programname) { -+ allow_v4_crossrealm = 1; -+ krb5_klog_syslog(LOG_ERR, "Enabling v4 cross-realm compatibility; this is a known security hole"); -+} -+ - krb5_error_code - process_v4( pkt, client_fulladdr, is_secondary, resp) - const krb5_data *pkt; -@@ -401,6 +407,14 @@ - #define MIN5 300 - #define HR21 255 - -+/* -+ * Previously this code returned either a v4 key or a v5 key and you -+ * could tell from the enctype of the v5 key whether the v4 key was -+ * useful. Now we return both keys so the code can try both des3 and -+ * des decryption. We fail if the ticket doesn't have a v4 key. -+ * Also, note as a side effect, the v5 key is basically useless in -+ * the client case. It is still returned so the caller can free it. -+ */ - static int - kerb_get_principal(name, inst, principal, maxn, more, k5key, kvno, issrv) - char *name; /* could have wild card */ -@@ -482,8 +496,28 @@ - return(0); - } - } else { -- /* XXX yes I know this is a hardcoded search order */ -- if (krb5_dbe_find_enctype(kdc_context, &entries, -+ if ( krb5_dbe_find_enctype(kdc_context, &entries, -+ ENCTYPE_DES_CBC_CRC, -+ KRB5_KDB_SALTTYPE_V4, kvno, &pkey) && -+ krb5_dbe_find_enctype(kdc_context, &entries, -+ ENCTYPE_DES_CBC_CRC, -+ -1, kvno, &pkey)) { -+ lt = klog(L_KRB_PERR, -+ "KDC V4: failed to find key for %s.%s #%d", -+ name, inst, kvno); -+ krb5_db_free_principal(kdc_context, &entries, nprinc); -+ return(0); -+ } -+ } -+ -+ if (!compat_decrypt_key(pkey, k, k5key, issrv)) { -+ memcpy( &principal->key_low, k, LONGLEN); -+ memcpy( &principal->key_high, (krb5_ui_4 *) k + 1, LONGLEN); -+ } -+ memset(k, 0, sizeof k); -+ if (issrv) { -+ krb5_free_keyblock_contents (kdc_context, k5key); -+ if (krb5_dbe_find_enctype(kdc_context, &entries, - ENCTYPE_DES3_CBC_RAW, - -1, kvno, &pkey) && - krb5_dbe_find_enctype(kdc_context, &entries, -@@ -504,12 +538,10 @@ - krb5_db_free_principal(kdc_context, &entries, nprinc); - return(0); - } -+ compat_decrypt_key(pkey, k, k5key, issrv); -+ memset (k, 0, sizeof k); - } - -- if (!compat_decrypt_key(pkey, k, k5key, issrv)) { -- memcpy( &principal->key_low, k, LONGLEN); -- memcpy( &principal->key_high, (krb5_ui_4 *) k + 1, LONGLEN); -- } - /* convert v5's entries struct to v4's Principal struct: - * v5's time-unit for lifetimes is 1 sec, while v4 uses 5 minutes. - */ -@@ -746,21 +778,14 @@ - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - /* construct and seal the ticket */ -- if (K4KDC_ENCTYPE_OK(k5key.enctype)) { -- krb_create_ticket(tk, k_flags, a_name_data.name, -- a_name_data.instance, local_realm, -- client_host.s_addr, (char *) session_key, -- lifetime, kerb_time.tv_sec, -- s_name_data.name, s_name_data.instance, -- key); -- } else { -- krb_cr_tkt_krb5(tk, k_flags, a_name_data.name, -- a_name_data.instance, local_realm, -- client_host.s_addr, (char *) session_key, -- lifetime, kerb_time.tv_sec, -- s_name_data.name, s_name_data.instance, -- &k5key); -- } -+ /* We always issue des tickets; the 3des tickets are a broken hack*/ -+ krb_create_ticket(tk, k_flags, a_name_data.name, -+ a_name_data.instance, local_realm, -+ client_host.s_addr, (char *) session_key, -+ lifetime, kerb_time.tv_sec, -+ s_name_data.name, s_name_data.instance, -+ key); -+ - krb5_free_keyblock_contents(kdc_context, &k5key); - memset(key, 0, sizeof(key)); - memset(key_s, 0, sizeof(key_s)); -@@ -840,8 +865,15 @@ - strncpy(tktrlm, (char *)auth->dat + 3, REALM_SZ); - tktrlm[REALM_SZ-1] = '\0'; - kvno = (krb5_kvno)auth->dat[2]; -- if (set_tgtkey(tktrlm, kvno)) { -- lt = klog(L_ERR_UNK, -+ if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) { -+ lt = klog(L_ERR_UNK, -+ "Cross realm ticket from %s denied by policy,", tktrlm); -+ kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); -+ return; -+ } -+ if (set_tgtkey(tktrlm, kvno, 0)) { -+ lt = klog(L_ERR_UNK, - "FAILED set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ -@@ -851,6 +883,19 @@ - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); -+ if (kerno) { -+ if (set_tgtkey(tktrlm, kvno, 1)) { -+ lt = klog(L_ERR_UNK, -+ "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ", -+ tktrlm, kvno, inet_ntoa(client_host)); -+ /* no better error code */ -+ kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); -+ return; -+ } -+ kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, -+ ad, 0); -+ } - - if (kerno) { - klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", -@@ -916,21 +961,13 @@ - des_new_random_key(session_key); - #endif - -- if (K4KDC_ENCTYPE_OK(k5key.enctype)) { -- krb_create_ticket(tk, k_flags, ad->pname, ad->pinst, -- ad->prealm, client_host.s_addr, -- (char *) session_key, lifetime, -- kerb_time.tv_sec, -- s_name_data.name, s_name_data.instance, -- key); -- } else { -- krb_cr_tkt_krb5(tk, k_flags, ad->pname, ad->pinst, -- ad->prealm, client_host.s_addr, -- (char *) session_key, lifetime, -- kerb_time.tv_sec, -- s_name_data.name, s_name_data.instance, -- &k5key); -- } -+ /* ALways issue des tickets*/ -+ krb_create_ticket(tk, k_flags, ad->pname, ad->pinst, -+ ad->prealm, client_host.s_addr, -+ (char *) session_key, lifetime, -+ kerb_time.tv_sec, -+ s_name_data.name, s_name_data.instance, -+ key); - krb5_free_keyblock_contents(kdc_context, &k5key); - memset(key, 0, sizeof(key)); - memset(key_s, 0, sizeof(key_s)); -@@ -1138,20 +1175,22 @@ - - /* Set the key for krb_rd_req so we can check tgt */ - static int --set_tgtkey(r, kvno) -+set_tgtkey(r, kvno, use_3des) - char *r; /* Realm for desired key */ - krb5_kvno kvno; -+ krb5_boolean use_3des; - { - int n; - static char lastrealm[REALM_SZ] = ""; - static int last_kvno = 0; -+ static krb5_boolean last_use_3des = 0; - Principal p_st; - Principal *p = &p_st; - C_Block key; - krb5_keyblock k5key; - - k5key.contents = NULL; -- if (!strcmp(lastrealm, r) && last_kvno == kvno) -+ if (!strcmp(lastrealm, r) && last_kvno == kvno && last_use_3des == use_3des) - return (KSUCCESS); - - /* log("Getting key for %s", r); */ -@@ -1173,11 +1212,12 @@ - return KFAILURE; - } - -- if (!K4KDC_ENCTYPE_OK(k5key.enctype)) { -+ if (use_3des&&!K4KDC_ENCTYPE_OK(k5key.enctype)) { - krb_set_key_krb5(kdc_context, &k5key); - strncpy(lastrealm, r, sizeof(lastrealm) - 1); - lastrealm[sizeof(lastrealm) - 1] = '\0'; - last_kvno = kvno; -+ last_use_3des = use_3des; - } else { - /* unseal tgt key from master key */ - memcpy(key, &p->key_low, 4); diff --git a/security/krb5-appl/files/patch-kdc::main.c b/security/krb5-appl/files/patch-kdc::main.c deleted file mode 100644 index 2e16cbece0fb..000000000000 --- a/security/krb5-appl/files/patch-kdc::main.c +++ /dev/null @@ -1,37 +0,0 @@ -Index: kdc/main.c -=================================================================== -RCS file: /cvs/krbdev/krb5/src/kdc/main.c,v -retrieving revision 5.99.4.1 -diff -u -r5.99.4.1 main.c ---- kdc/main.c 2001/09/26 00:46:11 5.99.4.1 -+++ kdc/main.c 2002/10/15 23:32:45 -@@ -559,7 +559,7 @@ - usage(name) - char *name; - { -- fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-4 v4mode] [-n]\n", name); -+ fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-4 v4mode] [-X] [-n]\n", name); - return; - } - -@@ -611,7 +611,7 @@ - * Loop through the option list. Each time we encounter a realm name, - * use the previously scanned options to fill in for defaults. - */ -- while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:s:n4:3")) != -1) { -+ while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:s:n4:X3")) != -1) { - switch(c) { - case 'r': /* realm name for db */ - if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) { -@@ -661,6 +661,11 @@ - v4mode = strdup(optarg); - #endif - break; -+ case 'X': -+#ifdef KRB5_KRB4_COMPAT -+ enable_v4_crossrealm(argv[0]); -+#endif -+ break; - case '3': - #ifdef ATHENA_DES3_KLUDGE - if (krb5_enctypes_list[krb5_enctypes_length-1].etype diff --git a/security/krb5-appl/files/patch-krb524::cnv_tkt_skey.c b/security/krb5-appl/files/patch-krb524::cnv_tkt_skey.c deleted file mode 100644 index b8204faee367..000000000000 --- a/security/krb5-appl/files/patch-krb524::cnv_tkt_skey.c +++ /dev/null @@ -1,34 +0,0 @@ -Index: krb524/cnv_tkt_skey.c -=================================================================== -RCS file: /cvs/krbdev/krb5/src/krb524/cnv_tkt_skey.c,v -retrieving revision 1.17.2.1.2.1 -diff -u -r1.17.2.1.2.1 cnv_tkt_skey.c ---- krb524/cnv_tkt_skey.c 2002/03/01 16:05:20 1.17.2.1.2.1 -+++ krb524/cnv_tkt_skey.c 2002/10/15 23:32:45 -@@ -173,25 +173,7 @@ - sname, - sinst, - v4_skey->contents); -- } else { -- /* Force enctype to be raw if using DES3. */ -- if (v4_skey->enctype == ENCTYPE_DES3_CBC_SHA1 || -- v4_skey->enctype == ENCTYPE_LOCAL_DES3_HMAC_SHA1) -- v4_skey->enctype = ENCTYPE_DES3_CBC_RAW; -- ret = krb_cr_tkt_krb5(v4tkt, -- 0, /* flags */ -- pname, -- pinst, -- prealm, -- *((unsigned long *)kaddr.contents), -- (char *) v5etkt->session->contents, -- lifetime, -- /* issue_data */ -- server_time, -- sname, -- sinst, -- v4_skey); -- } -+ } else abort(); - - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; diff --git a/security/krb5-appl/files/patch-krb524::krb524d.c b/security/krb5-appl/files/patch-krb524::krb524d.c deleted file mode 100644 index 5d121045582a..000000000000 --- a/security/krb5-appl/files/patch-krb524::krb524d.c +++ /dev/null @@ -1,89 +0,0 @@ -Index: krb524/krb524d.c -=================================================================== -RCS file: /cvs/krbdev/krb5/src/krb524/krb524d.c,v -retrieving revision 1.40.4.3 -diff -u -r1.40.4.3 krb524d.c ---- krb524/krb524d.c 2002/08/29 06:48:05 1.40.4.3 -+++ krb524/krb524d.c 2002/10/15 23:32:45 -@@ -70,6 +70,7 @@ - void *handle; - - int use_keytab, use_master; -+int allow_v4_crossrealm = 0; - char *keytab = NULL; - krb5_keytab kt; - -@@ -134,7 +135,10 @@ - config_params.mask = 0; - - while (argc) { -- if (strncmp(*argv, "-k", 2) == 0) -+ if (strncmp(*argv, "-X", 2) == 0) { -+ allow_v4_crossrealm = 1; -+ } -+ else if (strncmp(*argv, "-k", 2) == 0) - use_keytab = 1; - else if (strncmp(*argv, "-m", 2) == 0) - use_master = 1; -@@ -317,7 +317,7 @@ - if (debug) - printf("V5 ticket decoded\n"); - -- if( v5tkt->server->length >= 1 -+ if( krb5_princ_size(context, v5tkt->server) >= 1 - &&krb5_princ_component(context, v5tkt->server, 0)->length == 3 - &&strncmp(krb5_princ_component(context, v5tkt->server, 0)->data, - "afs", 3) == 0) { -@@ -495,19 +499,7 @@ - &v5_service_key, NULL))) - goto error; - -- if ((ret = lookup_service_key(context, v5tkt->server, -- ENCTYPE_DES3_CBC_RAW, -- 0, /* highest kvno */ -- &v4_service_key, v4kvno)) && -- (ret = lookup_service_key(context, v5tkt->server, -- ENCTYPE_LOCAL_DES3_HMAC_SHA1, -- 0, -- &v4_service_key, v4kvno)) && -- (ret = lookup_service_key(context, v5tkt->server, -- ENCTYPE_DES3_CBC_SHA1, -- 0, -- &v4_service_key, v4kvno)) && -- (ret = lookup_service_key(context, v5tkt->server, -+ if ( (ret = lookup_service_key(context, v5tkt->server, - ENCTYPE_DES_CBC_CRC, - 0, - &v4_service_key, v4kvno))) -@@ -515,8 +507,19 @@ - - if (debug) - printf("service key retrieved\n"); -+ if ((ret = krb5_decrypt_tkt_part(context, &v5_service_key, v5tkt))) { -+ goto error; -+ } - -- ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key, -+ if (!(allow_v4_crossrealm || krb5_realm_compare(context, v5tkt->server, -+ v5tkt->enc_part2->client))) { -+ret = KRB5KDC_ERR_POLICY ; -+ goto error; -+ } -+ krb5_free_enc_tkt_part(context, v5tkt->enc_part2); -+ v5tkt->enc_part2= NULL; -+ -+ ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key, - &v4_service_key, - (struct sockaddr_in *)saddr); - if (ret) -@@ -532,6 +535,9 @@ - printf("v4 credentials encoded\n"); - - error: -+ if (v5tkt->enc_part2) -+ krb5_free_enc_tkt_part(context, v5tkt->enc_part2); -+ - if(v5_service_key.contents) - krb5_free_keyblock_contents(context, &v5_service_key); - if (v4_service_key.contents) -diff -ur krb5-1.2.7/src/krb524/krb524d.c krb5-1.2.7/src/krb524/krb524d.c diff --git a/security/krb5-appl/files/patch-lib::kdb::keytab.c b/security/krb5-appl/files/patch-lib::kdb::keytab.c deleted file mode 100644 index a77f4bc32718..000000000000 --- a/security/krb5-appl/files/patch-lib::kdb::keytab.c +++ /dev/null @@ -1,86 +0,0 @@ -Index: lib/kdb/keytab.c -=================================================================== -RCS file: /cvs/krbdev/krb5/src/lib/kdb/keytab.c,v -retrieving revision 5.11.4.2 -diff -u -r5.11.4.2 keytab.c ---- lib/kdb/keytab.c 2002/08/15 21:27:34 5.11.4.2 -+++ lib/kdb/keytab.c 2002/10/15 23:32:46 -@@ -28,6 +28,8 @@ - #include "k5-int.h" - #include "kdb_kt.h" - -+static int -+is_xrealm_tgt(krb5_context, krb5_const_principal); - krb5_error_code krb5_ktkdb_close KRB5_PROTOTYPE((krb5_context, krb5_keytab)); - - krb5_error_code krb5_ktkdb_get_entry KRB5_PROTOTYPE((krb5_context, krb5_keytab, krb5_const_principal, -@@ -98,6 +100,8 @@ - krb5_db_entry db_entry; - krb5_boolean more = 0; - int n = 0; -+ int xrealm_tgt = is_xrealm_tgt(context, principal); -+ int similar; - - /* Open database */ - /* krb5_db_init(context); */ -@@ -127,16 +131,31 @@ - if (kerror) - goto error; - -+ /* For cross realm tgts, we match whatever enctype is provided; -+ * for other principals, we only match the first enctype that is -+ * found. Since the TGS and AS code do the same thing, then we -+ * will only successfully decrypt tickets we have issued.*/ - kerror = krb5_dbe_find_enctype(context, &db_entry, -- enctype, -1, kvno, &key_data); -+ xrealm_tgt?enctype:-1, -+ -1, kvno, &key_data); - if (kerror) - goto error; - -+ - kerror = krb5_dbekd_decrypt_key_data(context, master_key, - key_data, &entry->key, NULL); - if (kerror) - goto error; - -+ kerror = krb5_c_enctype_compare(context, enctype, entry->key.enctype, &similar); -+ if (kerror) -+ goto error; -+ -+ if (!similar) { -+ kerror = KRB5_KDB_NO_PERMITTED_KEY; -+ goto error; -+ } -+ - /* - * Coerce the enctype of the output keyblock in case we got an - * inexact match on the enctype; this behavior will go away when -@@ -154,3 +173,27 @@ - krb5_db_close_database(context); - return(kerror); - } -+ -+/* -+ * is_xrealm_tgt: Returns true if the principal is a cross-realm TGT -+ * principal-- a principal with first component krbtgt and second -+ * component not equal to realm. -+ */ -+static int -+is_xrealm_tgt(krb5_context context, krb5_const_principal princ) -+{ -+ krb5_data *dat; -+ if (krb5_princ_size(context, princ) != 2) -+ return 0; -+ dat = krb5_princ_component(context, princ, 0); -+ if (strncmp("krbtgt", dat->data, dat->length) != 0) -+ return 0; -+ dat = krb5_princ_component(context, princ, 1); -+ if (dat->length != princ->realm.length) -+ return 1; -+ if (strcmp(dat->data, princ->realm.data) == 0) -+ return 0; -+ return 1; -+ -+} -+ diff --git a/security/krb5-appl/files/patch-lib::krb5::krb::gc_frm_kdc.c b/security/krb5-appl/files/patch-lib::krb5::krb::gc_frm_kdc.c deleted file mode 100644 index 4ad0d8cc43c5..000000000000 --- a/security/krb5-appl/files/patch-lib::krb5::krb::gc_frm_kdc.c +++ /dev/null @@ -1,14 +0,0 @@ -diff -ur krb5-1.2.7/src/lib/krb5/krb/gc_frm_kdc.c krb5-1.2.7/src/lib/krb5/krb/gc_frm_kdc.c ---- lib/krb5/krb/gc_frm_kdc.c 1999-09-24 17:19:24.000000000 -0400 -+++ lib/krb5/krb/gc_frm_kdc.c 2003-02-03 17:35:40.000000000 -0500 -@@ -347,7 +347,9 @@ - for (next_server = top_server; *next_server; next_server++) { - krb5_data *realm_1 = krb5_princ_component(context, next_server[0], 1); - krb5_data *realm_2 = krb5_princ_component(context, tgtr->server, 1); -- if (realm_1->length == realm_2->length && -+ if (realm_1 != NULL && -+ realm_2 != NULL && -+ realm_1->length == realm_2->length && - !memcmp(realm_1->data, realm_2->data, realm_1->length)) { - break; - } diff --git a/security/krb5-appl/files/patch-lib::krb5::krb::parse.c b/security/krb5-appl/files/patch-lib::krb5::krb::parse.c deleted file mode 100644 index 8eb73b24c158..000000000000 --- a/security/krb5-appl/files/patch-lib::krb5::krb::parse.c +++ /dev/null @@ -1,29 +0,0 @@ -diff -ur krb5-1.2.7/src/lib/krb5/krb/parse.c krb5-1.2.7/src/lib/krb5/krb/parse.c ---- lib/krb5/krb/parse.c 2002-02-28 12:08:35.000000000 -0500 -+++ lib/krb5/krb/parse.c 2003-02-03 17:44:04.000000000 -0500 -@@ -173,11 +173,13 @@ - cp++; - size++; - } else if (c == COMPONENT_SEP) { -- krb5_princ_component(context, principal, i)->length = size; -+ if (krb5_princ_size(context, principal) > i) -+ krb5_princ_component(context, principal, i)->length = size; - size = 0; - i++; - } else if (c == REALM_SEP) { -- krb5_princ_component(context, principal, i)->length = size; -+ if (krb5_princ_size(context, principal) > i) -+ krb5_princ_component(context, principal, i)->length = size; - size = 0; - parsed_realm = cp+1; - } else -@@ -186,7 +188,8 @@ - if (parsed_realm) - krb5_princ_realm(context, principal)->length = size; - else -- krb5_princ_component(context, principal, i)->length = size; -+ if (krb5_princ_size(context, principal) > i) -+ krb5_princ_component(context, principal, i)->length = size; - if (i + 1 != components) { - #if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh) - fprintf(stderr, diff --git a/security/krb5-appl/files/patch-lib::krb5::krb::unparse.c b/security/krb5-appl/files/patch-lib::krb5::krb::unparse.c deleted file mode 100644 index 690eb5febea2..000000000000 --- a/security/krb5-appl/files/patch-lib::krb5::krb::unparse.c +++ /dev/null @@ -1,17 +0,0 @@ -Index: lib/krb5/krb/unparse.c -=================================================================== -RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/unparse.c,v -retrieving revision 5.27.4.1 -diff -p -u -r5.27.4.1 unparse.c ---- lib/krb5/krb/unparse.c 2002/08/12 22:55:01 5.27.4.1 -+++ lib/krb5/krb/unparse.c 2003/03/19 00:39:02 -@@ -153,7 +153,8 @@ krb5_unparse_name_ext(context, principal - *q++ = COMPONENT_SEP; - } - -- q--; /* Back up last component separator */ -+ if (i > 0) -+ q--; /* Back up last component separator */ - *q++ = REALM_SEP; - - cp = krb5_princ_realm(context, principal)->data; diff --git a/security/krb5-appl/files/patch-lib::rpc::xdr_mem.c b/security/krb5-appl/files/patch-lib::rpc::xdr_mem.c deleted file mode 100644 index 2508c3620772..000000000000 --- a/security/krb5-appl/files/patch-lib::rpc::xdr_mem.c +++ /dev/null @@ -1,136 +0,0 @@ -Index: xdr_mem.c -=================================================================== -RCS file: /cvs/krbdev/krb5/src/lib/rpc/xdr_mem.c,v -retrieving revision 1.8 -diff -c -r1.8 xdr_mem.c -*** lib/rpc/xdr_mem.c 1998/02/14 02:27:24 1.8 ---- lib/rpc/xdr_mem.c 2003/02/04 22:57:24 -*************** -*** 47,52 **** ---- 47,54 ---- - #include <gssrpc/xdr.h> - #include <netinet/in.h> - #include <stdio.h> -+ #include <string.h> -+ #include <limits.h> - - static bool_t xdrmem_getlong(); - static bool_t xdrmem_putlong(); -*************** -*** 83,89 **** - xdrs->x_op = op; - xdrs->x_ops = &xdrmem_ops; - xdrs->x_private = xdrs->x_base = addr; -! xdrs->x_handy = size; - } - - static void ---- 85,91 ---- - xdrs->x_op = op; - xdrs->x_ops = &xdrmem_ops; - xdrs->x_private = xdrs->x_base = addr; -! xdrs->x_handy = (size > INT_MAX) ? INT_MAX : size; /* XXX */ - } - - static void -*************** -*** 98,105 **** - long *lp; - { - -! if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0) - return (FALSE); - *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); - xdrs->x_private += sizeof(rpc_int32); - return (TRUE); ---- 100,109 ---- - long *lp; - { - -! if (xdrs->x_handy < sizeof(rpc_int32)) - return (FALSE); -+ else -+ xdrs->x_handy -= sizeof(rpc_int32); - *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); - xdrs->x_private += sizeof(rpc_int32); - return (TRUE); -*************** -*** 111,118 **** - long *lp; - { - -! if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0) - return (FALSE); - *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); - xdrs->x_private += sizeof(rpc_int32); - return (TRUE); ---- 115,124 ---- - long *lp; - { - -! if (xdrs->x_handy < sizeof(rpc_int32)) - return (FALSE); -+ else -+ xdrs->x_handy -= sizeof(rpc_int32); - *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); - xdrs->x_private += sizeof(rpc_int32); - return (TRUE); -*************** -*** 125,132 **** - register unsigned int len; - { - -! if ((xdrs->x_handy -= len) < 0) - return (FALSE); - memmove(addr, xdrs->x_private, len); - xdrs->x_private += len; - return (TRUE); ---- 131,140 ---- - register unsigned int len; - { - -! if (xdrs->x_handy < len) - return (FALSE); -+ else -+ xdrs->x_handy -= len; - memmove(addr, xdrs->x_private, len); - xdrs->x_private += len; - return (TRUE); -*************** -*** 139,146 **** - register unsigned int len; - { - -! if ((xdrs->x_handy -= len) < 0) - return (FALSE); - memmove(xdrs->x_private, addr, len); - xdrs->x_private += len; - return (TRUE); ---- 147,156 ---- - register unsigned int len; - { - -! if (xdrs->x_handy < len) - return (FALSE); -+ else -+ xdrs->x_handy -= len; - memmove(xdrs->x_private, addr, len); - xdrs->x_private += len; - return (TRUE); -*************** -*** 179,185 **** - { - rpc_int32 *buf = 0; - -! if (xdrs->x_handy >= len) { - xdrs->x_handy -= len; - buf = (rpc_int32 *) xdrs->x_private; - xdrs->x_private += len; ---- 189,195 ---- - { - rpc_int32 *buf = 0; - -! if (len >= 0 && xdrs->x_handy >= len) { - xdrs->x_handy -= len; - buf = (rpc_int32 *) xdrs->x_private; - xdrs->x_private += len; |