rpms/krb5/F-7 2007-004-patch.txt, NONE, 1.1 2007-005-patch.txt, NONE, 1.1
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Wed Jun 27 18:45:25 UTC 2007
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8337
Added Files:
2007-004-patch.txt 2007-005-patch.txt
Log Message:
right, need to actually add the new patches
--- NEW FILE 2007-004-patch.txt ---
*** src/lib/rpc/svc_auth_gssapi.c (revision 20015)
--- src/lib/rpc/svc_auth_gssapi.c (local)
***************
*** 149,154 ****
--- 149,156 ----
rqst->rq_xprt->xp_auth = &svc_auth_none;
memset((char *) &call_res, 0, sizeof(call_res));
+ creds.client_handle.length = 0;
+ creds.client_handle.value = NULL;
cred = &msg->rm_call.cb_cred;
verf = &msg->rm_call.cb_verf;
*** src/lib/rpc/svc_auth_unix.c (revision 20015)
--- src/lib/rpc/svc_auth_unix.c (local)
***************
*** 64,71 ****
char area_machname[MAX_MACHINE_NAME+1];
int area_gids[NGRPS];
} *area;
! u_int auth_len;
! int str_len, gid_len;
register int i;
rqst->rq_xprt->xp_auth = &svc_auth_none;
--- 64,70 ----
char area_machname[MAX_MACHINE_NAME+1];
int area_gids[NGRPS];
} *area;
! u_int auth_len, str_len, gid_len;
register int i;
rqst->rq_xprt->xp_auth = &svc_auth_none;
***************
*** 74,80 ****
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
! auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
buf = XDR_INLINE(&xdrs, (int)auth_len);
if (buf != NULL) {
--- 73,81 ----
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
! auth_len = msg->rm_call.cb_cred.oa_length;
! if (auth_len > INT_MAX)
! return AUTH_BADCRED;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
buf = XDR_INLINE(&xdrs, (int)auth_len);
if (buf != NULL) {
***************
*** 84,90 ****
stat = AUTH_BADCRED;
goto done;
}
! memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
buf += str_len / BYTES_PER_XDR_UNIT;
--- 85,91 ----
stat = AUTH_BADCRED;
goto done;
}
! memmove(aup->aup_machname, buf, str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
buf += str_len / BYTES_PER_XDR_UNIT;
***************
*** 104,110 ****
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
! (void) printf("bad auth_len gid %d str %d auth %d\n",
gid_len, str_len, auth_len);
stat = AUTH_BADCRED;
goto done;
--- 105,111 ----
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
! (void) printf("bad auth_len gid %u str %u auth %u\n",
gid_len, str_len, auth_len);
stat = AUTH_BADCRED;
goto done;
--- NEW FILE 2007-005-patch.txt ---
*** src/kadmin/server/server_stubs.c (revision 20024)
--- src/kadmin/server/server_stubs.c (local)
***************
*** 545,557 ****
static generic_ret ret;
char *prime_arg1,
*prime_arg2;
- char prime_arg[BUFSIZ];
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
char *errmsg;
xdr_free(xdr_generic_ret, &ret);
--- 545,558 ----
static generic_ret ret;
char *prime_arg1,
*prime_arg2;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
char *errmsg;
+ size_t tlen1, tlen2, clen, slen;
+ char *tdots1, *tdots2, *cdots, *sdots;
xdr_free(xdr_generic_ret, &ret);
***************
*** 572,578 ****
ret.code = KADM5_BAD_PRINCIPAL;
goto exit_func;
}
! sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
ret.code = KADM5_OK;
if (! CHANGEPW_SERVICE(rqstp)) {
--- 573,586 ----
ret.code = KADM5_BAD_PRINCIPAL;
goto exit_func;
}
! tlen1 = strlen(prime_arg1);
! trunc_name(&tlen1, &tdots1);
! tlen2 = strlen(prime_arg2);
! trunc_name(&tlen2, &tdots2);
! clen = client_name.length;
! trunc_name(&clen, &cdots);
! slen = service_name.length;
! trunc_name(&slen, &sdots);
ret.code = KADM5_OK;
if (! CHANGEPW_SERVICE(rqstp)) {
***************
*** 590,597 ****
} else
ret.code = KADM5_AUTH_INSUFFICIENT;
if (ret.code != KADM5_OK) {
! log_unauth("kadm5_rename_principal", prime_arg,
! &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
--- 598,612 ----
} else
ret.code = KADM5_AUTH_INSUFFICIENT;
if (ret.code != KADM5_OK) {
! krb5_klog_syslog(LOG_NOTICE,
! "Unauthorized request: kadm5_rename_principal, "
! "%.*s%s to %.*s%s, "
! "client=%.*s%s, service=%.*s%s, addr=%s",
! tlen1, prime_arg1, tdots1,
! tlen2, prime_arg2, tdots2,
! clen, client_name.value, cdots,
! slen, service_name.value, sdots,
! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
***************
*** 600,607 ****
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
! log_done("kadm5_rename_principal", prime_arg, errmsg,
! &client_name, &service_name, rqstp);
}
free_server_handle(handle);
free(prime_arg1);
--- 615,629 ----
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
! krb5_klog_syslog(LOG_NOTICE,
! "Request: kadm5_rename_principal, "
! "%.*s%s to %.*s%s, %s, "
! "client=%.*s%s, service=%.*s%s, addr=%s",
! tlen1, prime_arg1, tdots1,
! tlen2, prime_arg2, tdots2, errmsg,
! clen, client_name.value, cdots,
! slen, service_name.value, sdots,
! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
}
free_server_handle(handle);
free(prime_arg1);
More information about the fedora-extras-commits
mailing list