Attachment 146508 Details for Bug 212363 – 1.5-MITKRB5-SA-2008-001.patch

[patch] 1.5-MITKRB5-SA-2008-001.patch

1.5-MITKRB5-SA-2008-001.patch (text/plain), 10.76 KB, created by Markus Ullmann (RETIRED) on 2008-03-18 20:39:07 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Markus Ullmann (RETIRED)

Created: 2008-03-18 20:39:07 UTC

Size: 10.76 KB

patch

obsolete

>--- src/kdc/dispatch.c  (revision 20192)
>+++ src/kdc/dispatch.c  (working copy)
>@@ -1,7 +1,7 @@
> /*
>  * kdc/dispatch.c
>  *
>- * Copyright 1990 by the Massachusetts Institute of Technology.
>+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology.
>  *
>  * Export of this software from the United States of America may
>  *   require a specific license from the United States Government.
>@@ -107,7 +107,7 @@
>        retval = KRB5KRB_AP_ERR_MSG_TYPE;
> #ifndef NOCACHE
>     /* put the response into the lookaside buffer */
>-    if (!retval)
>+    if (!retval && *response != NULL)
>	kdc_insert_lookaside(pkt, *response);
> #endif
> 
>--- src/kdc/kerberos_v4.c       (revision 20192)
>+++ src/kdc/kerberos_v4.c       (working copy)
>@@ -1,7 +1,7 @@
> /*
>  * kdc/kerberos_v4.c
>  *
>- * Copyright 1985, 1986, 1987, 1988,1991 by the Massachusetts Institute
>+ * Copyright 1985, 1986, 1987, 1988,1991,2007 by the Massachusetts Institute
>  * of Technology.
>  * All Rights Reserved.
>  *
>@@ -87,11 +87,6 @@
> #define                MSB_FIRST               0       /* 68000, IBM RT/PC */
> #define                LSB_FIRST               1       /* Vax, PC8086 */
> 
>-int     f;
>-
>-/* XXX several files in libkdb know about this */
>-char *progname;
>-
> #ifndef BACKWARD_COMPAT
> static Key_schedule master_key_schedule;
> static C_Block master_key;
>@@ -143,10 +138,8 @@
> #include "com_err.h"
> #include "extern.h"            /* to pick up master_princ */
> 
>-static krb5_data *response;
>-
>-void kerberos_v4 (struct sockaddr_in *, KTEXT);
>-void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
>+static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT);
>+static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
> static int set_tgtkey (char *, krb5_kvno, krb5_boolean);
> 
> /* Attributes converted from V5 to V4 - internal representation */
>@@ -262,12 +255,12 @@
>            (void) klog(L_KRB_PERR, "V4 request too long.");
>            return KRB5KRB_ERR_FIELD_TOOLONG;
>     }
>+    memset( &v4_pkt, 0, sizeof(v4_pkt));
>     v4_pkt.length = pkt->length;
>     v4_pkt.mbz = 0;
>     memcpy( v4_pkt.dat, pkt->data, pkt->length);
> 
>-    kerberos_v4( &client_sockaddr, &v4_pkt);
>-    *resp = response;
>+    *resp = kerberos_v4( &client_sockaddr, &v4_pkt);
>     return(retval);
> }
> 
>@@ -300,19 +293,20 @@
> }
> 
> static
>-int krb4_sendto(int s, const char *msg, int len, int flags,
>-		const struct sockaddr *to, int to_len)
>+krb5_data *make_response(const char *msg, int len)
> {
>+    krb5_data *response;
>+
>     if (  !(response = (krb5_data *) malloc( sizeof *response))) {
>-	return ENOMEM;
>+       return 0;
>     }
>     if ( !(response->data = (char *) malloc( len))) {
>	krb5_free_data(kdc_context,  response);
>-	return ENOMEM;
>+       return 0;
>     }
>     response->length = len;
>     memcpy( response->data, msg, len);
>-    return( 0);
>+    return response;
> }
> static void
> hang(void)
>@@ -586,7 +580,7 @@
>        *cp = 0;
> }
> 
>-void
>+static krb5_data *
> kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
> {
>     static KTEXT_ST rpkt_st;
>@@ -599,8 +593,8 @@
>     KTEXT   auth = &auth_st;
>     AUTH_DAT ad_st;
>     AUTH_DAT *ad = &ad_st;
>+    krb5_data *response = 0;
> 
>-
>     static struct in_addr client_host;
>     static int msg_byte_order;
>     static int swap_bytes;
>@@ -637,8 +631,7 @@
>		 inet_ntoa(client_host));
>	/* send an error reply */
>	req_name_ptr = req_inst_ptr = req_realm_ptr = "";
>-	kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
>-	return;
>+       return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
>     }
> 
>     /* check packet version */
>@@ -648,8 +641,7 @@
>		 KRB_PROT_VERSION, req_version, 0);
>	/* send an error reply */
>	req_name_ptr = req_inst_ptr = req_realm_ptr = "";
>-	kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
>-	return;
>+       return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
>     }
>     msg_byte_order = req_msg_type & 1;
> 
>@@ -707,10 +699,10 @@
> 
>	     if ((i = check_princ(req_name_ptr, req_inst_ptr, 0,
>				 &a_name_data, &k5key, 0, &ck5life))) {
>-		kerb_err_reply(client, pkt, i, "check_princ failed");
>+               response = kerb_err_reply(client, pkt, i, "check_princ failed");
>		a_name_data.key_low = a_name_data.key_high = 0;
>		krb5_free_keyblock_contents(kdc_context, &k5key);
>-		return;
>+               return response;
>	    }
>	    /* don't use k5key for client */
>	    krb5_free_keyblock_contents(kdc_context, &k5key);
>@@ -722,11 +714,11 @@
>	   /* this does all the checking */
>	   if ((i = check_princ(service, instance, lifetime,
>				 &s_name_data, &k5key, 1, &sk5life))) {
>-		kerb_err_reply(client, pkt, i, "check_princ failed");
>+               response = kerb_err_reply(client, pkt, i, "check_princ failed");
>		a_name_data.key_high = a_name_data.key_low = 0;
>		s_name_data.key_high = s_name_data.key_low = 0;
>		krb5_free_keyblock_contents(kdc_context, &k5key);
>-		return;
>+               return response;
>	    }
>	    /* Bound requested lifetime with service and user */
>	    v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life);
>@@ -797,8 +789,7 @@
>	    rpkt = create_auth_reply(req_name_ptr, req_inst_ptr,
>		req_realm_ptr, req_time_ws, 0, a_name_data.exp_date,
>		a_name_data.key_version, ciph);
>-	    krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0,
>-		   (struct sockaddr *) client, S_AD_SZ);
>+           response = make_response((char *) rpkt->dat, rpkt->length);
>	    memset(&a_name_data, 0, sizeof(a_name_data));
>	    memset(&s_name_data, 0, sizeof(s_name_data));
>	    break;
>@@ -824,9 +815,8 @@
>		lt = klog(L_KRB_PERR,
>			  "APPL request with realm length too long from %s",
>			  inet_ntoa(client_host));
>-		kerb_err_reply(client, pkt, RD_AP_INCON,
>-			       "realm length too long");
>-		return;
>+               return kerb_err_reply(client, pkt, RD_AP_INCON,
>+                                     "realm length too long");
>	    }
> 
>	    auth->length += (int) *(pkt->dat + auth->length) +
>@@ -835,9 +825,8 @@
>		lt = klog(L_KRB_PERR,
>			  "APPL request with funky tkt or req_id length from %s",
>			  inet_ntoa(client_host));
>-		kerb_err_reply(client, pkt, RD_AP_INCON,
>-			       "funky tkt or req_id length");
>-		return;
>+               return kerb_err_reply(client, pkt, RD_AP_INCON,
>+                                     "funky tkt or req_id length");
>	    }
> 
>	    memcpy(auth->dat, pkt->dat, auth->length);
>@@ -848,18 +837,16 @@
>	    if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) {
>	      lt = klog(L_ERR_UNK,
>			"Cross realm ticket from %s denied by policy,", tktrlm);
>-	      kerb_err_reply(client, pkt,
>-			       KERB_ERR_PRINCIPAL_UNKNOWN, lt);
>-		return;
>+             return kerb_err_reply(client, pkt,
>+                                   KERB_ERR_PRINCIPAL_UNKNOWN, lt);
>	    }
>	    if (set_tgtkey(tktrlm, kvno, 0)) {
>-	      lt = klog(L_ERR_UNK,
>+	        lt = klog(L_ERR_UNK,
>			  "FAILED set_tgtkey realm %s, kvno %d. Host: %s ",
>			  tktrlm, kvno, inet_ntoa(client_host));
>		/* no better error code */
>-		kerb_err_reply(client, pkt,
>-			       KERB_ERR_PRINCIPAL_UNKNOWN, lt);
>-		return;
>+               return kerb_err_reply(client, pkt,
>+                                     KERB_ERR_PRINCIPAL_UNKNOWN, lt);
>	    }
>	    kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
>		ad, 0);
>@@ -869,9 +856,8 @@
>			      "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ",
>			      tktrlm, kvno, inet_ntoa(client_host));
>		    /* no better error code */
>-		    kerb_err_reply(client, pkt,
>-				   KERB_ERR_PRINCIPAL_UNKNOWN, lt);
>-		    return;
>+                   return kerb_err_reply(client, pkt,
>+                                         KERB_ERR_PRINCIPAL_UNKNOWN, lt);
>		}
>		kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
>				   ad, 0);
>@@ -881,8 +867,7 @@
>		klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s",
>		     inet_ntoa(client_host), krb_get_err_text(kerno));
>		req_name_ptr = req_inst_ptr = req_realm_ptr = "";
>-		kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
>-		return;
>+               return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
>	    }
>	    ptr = (char *) pkt->dat + auth->length;
> 
>@@ -904,22 +889,21 @@
>	    req_realm_ptr = ad->prealm;
> 
>	    if (strcmp(ad->prealm, tktrlm)) {
>-		kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
>-		     "Can't hop realms");
>-		return;
>+               return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
>+                                     "Can't hop realms");
>	    }
>	    if (!strcmp(service, "changepw")) {
>-		kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
>-		     "Can't authorize password changed based on TGT");
>-		return;
>+               return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
>+                                     "Can't authorize password changed based on TGT");
>	    }
>	    kerno = check_princ(service, instance, req_life,
>				&s_name_data, &k5key, 1, &sk5life);
>	    if (kerno) {
>-		kerb_err_reply(client, pkt, kerno, "check_princ failed");
>+               response = kerb_err_reply(client, pkt, kerno,
>+                                         "check_princ failed");
>		s_name_data.key_high = s_name_data.key_low = 0;
>		krb5_free_keyblock_contents(kdc_context, &k5key);
>-		return;
>+               return response;
>	    }
>	    /* Bound requested lifetime with service and user */
>	    v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life);
>@@ -975,8 +959,7 @@
>	    rpkt = create_auth_reply(ad->pname, ad->pinst,
>				     ad->prealm, time_ws,
>				     0, 0, 0, ciph);
>-	    krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0,
>-		   (struct sockaddr *) client, S_AD_SZ);
>+           response = make_response((char *) rpkt->dat, rpkt->length);
>	    memset(&s_name_data, 0, sizeof(s_name_data));
>	    break;
>	}
>@@ -1001,6 +984,7 @@
>	    break;
>	}
>     }
>+    return response;
> }
> 
> 
>@@ -1010,7 +994,7 @@
>  * client. 
>  */
> 
>-void
>+static krb5_data *
> kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string)
> {
>     static KTEXT_ST e_pkt_st;
>@@ -1021,9 +1005,7 @@
>     strncat(e_msg, string, sizeof(e_msg) - 1 - 19);
>     cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
>		 req_time_ws, err, e_msg);
>-    krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0,
>-	   (struct sockaddr *) client, S_AD_SZ);
>-
>+    return make_response((char *) e_pkt->dat, e_pkt->length);
> }
> 
> static int
>--- src/kdc/network.c   (revision 20192)
>+++ src/kdc/network.c   (working copy)
>@@ -1,7 +1,7 @@
> /*
>  * kdc/network.c
>  *
>- * Copyright 1990,2000 by the Massachusetts Institute of Technology.
>+ * Copyright 1990,2000,2007 by the Massachusetts Institute of Technology.
>  *
>  * Export of this software from the United States of America may
>  *   require a specific license from the United States Government.
>@@ -747,6 +747,8 @@
>        com_err(prog, retval, "while dispatching (udp)");
>        return;
>     }
>+    if (response == NULL)
>+       return;
>     cc = sendto(port_fd, response->data, (socklen_t) response->length, 0,
>                (struct sockaddr *)&saddr, saddr_len);
>     if (cc == -1) {

Actions: View | Diff

Attachments on bug 212363: 145336 | 145337 | 146508 | 146509 | 146510 | 146511 | 146512