Add security patches for 3 Kerberos vulnerabilities: - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003.

(tonnerre)

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.41 2007/06/22 14:20:01 gdt Exp $
+# $NetBSD: Makefile,v 1.42 2008/06/07 18:36:06 tonnerre Exp $
 DISTNAME=	krb5-1.4.2
 PKGNAME=	mit-${DISTNAME:S/-signed$//}
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	security
 MASTER_SITES=	http://web.mit.edu/kerberos/dist/krb5/1.4/
 DISTFILES=	${DISTNAME}-signed${EXTRACT_SUFX}
 EXTRACT_SUFX=	.tar
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://web.mit.edu/kerberos/www/
 COMMENT=	MIT Kerberos 5 authentication system
 WRKSRC=		${WRKDIR}/${DISTNAME}/src
 .include "../../mk/bsd.prefs.mk"

 @@ -1,24 +1,36 @@
-$NetBSD: distinfo,v 1.16 2007/01/17 23:43:47 salo Exp $
+$NetBSD: distinfo,v 1.17 2008/06/07 18:36:06 tonnerre Exp $
 SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
 Size (krb5-1.4.2-signed.tar) = 6696960 bytes
 SHA1 (patch-aa) = 17e0934ea2ef21b3457fba54cf3d1c36de2da479
 SHA1 (patch-ab) = 8d6904b80e8576085acbaa3ac0cd17824c7b301d
 SHA1 (patch-ac) = d0777e6005cd1249c7c6406068973f6959d11302
 SHA1 (patch-ad) = 7b17ffcd14cdedeb0ddfb606802a156589995c1b
 SHA1 (patch-ae) = fc6d5e11cd827cdfbe1bfc3a3c7ca9f5a71c17d7
 SHA1 (patch-af) = c9631743e3c93aee2aab5c8a370e9bebfc4084e5
 SHA1 (patch-ag) = 5da57455f36a2bd40e0f97db94e93249e90e0b8e
 SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f
 SHA1 (patch-ai) = 02cd8a292392b107609b48b6188cd15f4597f72b
 SHA1 (patch-aj) = 5c633571ea932ce349065cbb4c3bf482cc971675
 SHA1 (patch-ak) = 9d95372fd8edddbf0366e83a51d7a0b8a507f218
 SHA1 (patch-al) = fb611fe47bd7c773d7baf11424e90cd3af70c422
 SHA1 (patch-am) = 050690479d75c5df6e89424bac594ab48ae98a8c
 SHA1 (patch-an) = ccf76eecb4a0f3b4c7addd37ab8391dc831caa41
 SHA1 (patch-ao) = 22f907ce8c6d66582523b05326a9e8d56ae28401
 SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65
 SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
 SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
 SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
 SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c
 SHA1 (patch-au) = d0201dcbc543d8a31520afc72d4ce624ce552a35
 SHA1 (patch-av) = 4166e5be21a72bf64cd634039fd71aa56594ebfd
 SHA1 (patch-aw) = f9a91c4b4d6963ab09f5df1c1377303066955f4c
 SHA1 (patch-ax) = f35194913d12d202389072ba399d70ef868c5432
 SHA1 (patch-ay) = 183c15b1c654c63902d5dbcf161a0879f70804a8
 SHA1 (patch-az) = 548d3275605934e6574efb878b7f4ddc97078d3d
 SHA1 (patch-ba) = 7faacf94c157854fc099aaf40abae870a2e61ba6
 SHA1 (patch-bb) = 06595821593100b718e3e76c8dc2e5f0b99c8d67
 SHA1 (patch-bc) = c7d2b014b1092c0d53de6b3adcc91af39653396b
 SHA1 (patch-bd) = 6a8906aaaf0f620c80f830551eb19b61d42741d6
 SHA1 (patch-be) = 09f737ae6a3a1ed0bbce4f9a26611972260523ca

$NetBSD: patch-ai,v 1.3 2008/06/07 18:36:06 tonnerre Exp $ --- src/appl/telnet/telnetd/sys_term.c.orig 2008-06-07 15:55:51.000000000 +0200 +++ src/appl/telnet/telnetd/sys_term.c @@ -1287,6 +1287,16 @@ start_login(host, autologin, name) #endif #if defined (AUTHENTICATION) if (auth_level >= 0 && autologin == AUTH_VALID) { + if (name[0] == '-') { + /* Authenticated and authorized to log in to an + account starting with '-'? Even if that + unlikely case comes to pass, the current login + program will not parse the resulting command + line properly. */ + syslog(LOG_ERR, "user name cannot start with '-'"); + fatal(net, "user name cannot start with '-'"); + exit(1); + } # if !defined(NO_LOGIN_F) #if defined(LOGIN_CAP_F) argv = addarg(argv, "-F"); @@ -1377,12 +1387,20 @@ start_login(host, autologin, name) } else #endif if (getenv("USER")) { - argv = addarg(argv, getenv("USER")); + char *user = getenv("USER"); + if (user[0] == '-') { + /* "telnet -l-x ..." */ + syslog(LOG_ERR, "user name cannot start with '-'"); + fatal(net, "user name cannot start with '-'"); + exit(EXIT_FAILURE); + } + argv = addarg(argv, user); #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) { register char **cpp; for (cpp = environ; *cpp; cpp++) - argv = addarg(argv, *cpp); + if ((*cpp)[0] != '-') + argv = addarg(argv, *cpp); } #endif /*

$NetBSD$ --- src/appl/telnet/telnetd/state.c.orig 2002-11-15 21:21:51.000000000 +0100 +++ src/appl/telnet/telnetd/state.c @@ -1665,7 +1665,8 @@ static int envvarok(varp) strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ strcmp(varp, "NLSPATH") && /* locale stuff */ strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ - strcmp(varp, "IFS")) { + strcmp(varp, "IFS") && + !strchr(varp, '-')) { return 1; } else { syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp);

$NetBSD$ --- src/kdc/kdc_util.c.orig 2004-02-13 05:20:56.000000000 +0100 +++ src/kdc/kdc_util.c @@ -404,6 +404,7 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_db_free_principal(kdc_context, &server, nprincs); if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) { + limit_string(sname); krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'", sname); free(sname);

$NetBSD$ --- src/kdc/do_tgs_req.c.orig 2005-07-12 22:59:51.000000000 +0200 +++ src/kdc/do_tgs_req.c @@ -490,27 +490,40 @@ tgt_again: newtransited = 1; } if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) { + unsigned int tlen; + char *tdots; + errcode = krb5_check_transited_list (kdc_context, &enc_tkt_reply.transited.tr_contents, krb5_princ_realm (kdc_context, header_ticket->enc_part2->client), krb5_princ_realm (kdc_context, request->server)); + tlen = enc_tkt_reply.transited.tr_contents.length; + tdots = tlen > 125 ? "..." : ""; + tlen = tlen > 125 ? 125 : tlen; + if (errcode == 0) { setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED); } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT) krb5_klog_syslog (LOG_INFO, - "bad realm transit path from '%s' to '%s' via '%.*s'", + "bad realm transit path from '%s' to '%s' " + "via '%.*s%s'", cname ? cname : "<unknown client>", sname ? sname : "<unknown server>", - enc_tkt_reply.transited.tr_contents.length, - enc_tkt_reply.transited.tr_contents.data); - else + tlen, + enc_tkt_reply.transited.tr_contents.data, + tdots); + else { + char *emsg = krb5_get_error_message(kdc_context, errcode); krb5_klog_syslog (LOG_ERR, - "unexpected error checking transit from '%s' to '%s' via '%.*s': %s", + "unexpected error checking transit from " + "'%s' to '%s' via '%.*s%s': %s", cname ? cname : "<unknown client>", sname ? sname : "<unknown server>", - enc_tkt_reply.transited.tr_contents.length, + tlen, enc_tkt_reply.transited.tr_contents.data, - error_message (errcode)); + tdots, emsg); + krb5_free_error_message(kdc_context, emsg); + } } else krb5_klog_syslog (LOG_INFO, "not checking transit path"); if (reject_bad_transit @@ -538,6 +551,9 @@ tgt_again: if (!krb5_principal_compare(kdc_context, request->server, client2)) { if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp))) tmp = 0; + if (tmp != NULL) + limit_string(tmp); + krb5_klog_syslog(LOG_INFO, "TGS_REQ %s: 2ND_TKT_MISMATCH: " "authtime %d, %s for %s, 2nd tkt client %s", @@ -800,6 +816,7 @@ find_alternate_tgs(krb5_kdc_req *request krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing alternate <un-unparseable> TGT"); } else { + limit_string(sname); krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing TGT %s", sname); free(sname);

$NetBSD$ --- src/kadmin/server/ovsec_kadmd.c.orig 2004-09-21 20:20:16.000000000 +0200 +++ src/kadmin/server/ovsec_kadmd.c @@ -952,13 +952,25 @@ void log_badverf(gss_name_t client_name, rpcproc_t proc; int i; const char *procname; + size_t clen, slen; + char *cdots, *sdots; (void) gss_display_name(&minor, client_name, &client, &gss_type); (void) gss_display_name(&minor, server_name, &server, &gss_type); if (client.value == NULL) client.value = "(null)"; - if (server.value == NULL) + clen = sizeof("(null)") -1; + } else { + clen = client.length; + } + trunc_name(&clen, &cdots); + if (server.value == NULL) { server.value = "(null)"; + slen = sizeof("(null)") - 1; + } else { + slen = server.length; + } + trunc_name(&slen, &sdots); a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); proc = msg->rm_call.cb_proc; @@ -971,14 +983,14 @@ void log_badverf(gss_name_t client_name, } if (procname != NULL) krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " - "claimed client = %s, server = %s, addr = %s", - procname, client.value, - server.value, a); + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + procname, clen, client.value, cdots, + slen, server.value, sdots, a); else krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " - "claimed client = %s, server = %s, addr = %s", - proc, client.value, - server.value, a); + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + proc, clen, client.value, cdots, + slen, server.value, sdots, a); (void) gss_release_buffer(&minor, &client); (void) gss_release_buffer(&minor, &server);

$NetBSD$ --- src/kadmin/server/misc.h.orig 2004-10-28 00:12:48.000000000 +0200 +++ src/kadmin/server/misc.h @@ -44,3 +44,5 @@ krb5_error_code process_chpw_request(krb #ifdef SVC_GETARGS void kadm_1(struct svc_req *, SVCXPRT *); #endif + +void trunc_name(size_t *len, char **dots);

$NetBSD$ --- src/kadmin/server/schpw.c.orig 2004-10-28 00:12:48.000000000 +0200 +++ src/kadmin/server/schpw.c @@ -41,6 +41,8 @@ process_chpw_request(context, server_han int numresult; char strresult[1024]; char *clientstr; + size_t clen; + char *cdots; ret = 0; rep->length = 0; @@ -259,9 +261,12 @@ process_chpw_request(context, server_han free(ptr); clear.length = 0; - krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s", + clen = strlen(clientstr); + trunc_name(&clen, &cdots); + krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s", inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr), - clientstr, ret ? error_message(ret) : "success"); + clen, clientstr, cdots, + ret ? krb5_get_error_message (context, ret) : "success"); krb5_free_unparsed_name(context, clientstr); if (ret) {

$NetBSD$ --- src/kadmin/server/server_stubs.c.orig 2004-08-20 20:45:30.000000000 +0200 +++ src/kadmin/server/server_stubs.c @@ -14,6 +14,7 @@ #include <arpa/inet.h> /* inet_ntoa */ #include <krb5/adm_proto.h> /* krb5_klog_syslog */ #include "misc.h" +#include <string.h> #define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" #define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" @@ -237,6 +238,61 @@ gss_name_to_string(gss_name_t gss_name, return 0; } +static int +log_unauth( + char *op, + char *target, + gss_buffer_t client, + gss_buffer_t server, + struct svc_req *rqstp) +{ + size_t tlen, clen, slen; + char *tdots, *cdots, *sdots; + + tlen = strlen(target); + trunc_name(&tlen, &tdots); + clen = client->length; + trunc_name(&clen, &cdots); + slen = server->length; + trunc_name(&slen, &sdots); + + return krb5_klog_syslog(LOG_NOTICE, + "Unauthorized request: %s, %.*s%s, " + "client=%.*s%s, service=%.*s%s, addr=%s", + op, tlen, target, tdots, + clen, client->value, cdots, + slen, server->value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); +} + +static int +log_done( + char *op, + char *target, + char *errmsg, + gss_buffer_t client, + gss_buffer_t server, + struct svc_req *rqstp) +{ + size_t tlen, clen, slen; + char *tdots, *cdots, *sdots; + + tlen = strlen(target); + trunc_name(&tlen, &tdots); + clen = client->length; + trunc_name(&clen, &cdots); + slen = server->length; + trunc_name(&slen, &sdots); + + return krb5_klog_syslog(LOG_NOTICE, + "Request: %s, %.*s%s, %s, " + "client=%.*s%s, service=%.*s%s, addr=%s", + op, tlen, target, tdots, errmsg, + clen, client->value, cdots, + slen, server->value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); +} + generic_ret * create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp) { @@ -274,18 +330,15 @@ create_principal_1_svc(cprinc_arg *arg, || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_ADD; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_create_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_create_principal((void *)handle, &arg->rec, arg->mask, arg->passwd); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg,((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_create_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg); @@ -331,20 +384,18 @@ create_principal3_1_svc(cprinc3_arg *arg || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_ADD; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_create_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_create_principal_3((void *)handle, &arg->rec, arg->mask, arg->n_ks_tuple, arg->ks_tuple, arg->passwd); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg,((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + log_done("kadm5_create_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg); @@ -388,15 +439,13 @@ delete_principal_1_svc(dprinc_arg *arg, || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->princ, NULL)) { ret.code = KADM5_AUTH_DELETE; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_delete_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_delete_principal((void *)handle, arg->princ); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_delete_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free(prime_arg); free_server_handle(handle); @@ -441,17 +490,14 @@ modify_principal_1_svc(mprinc_arg *arg, || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_MODIFY; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_modify_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_modify_principal((void *)handle, &arg->rec, arg->mask); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_modify_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg); @@ -510,17 +556,14 @@ rename_principal_1_svc(rprinc_arg *arg, } else ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_rename_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_rename_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg1); @@ -572,9 +615,8 @@ get_principal_1_svc(gprinc_arg *arg, str arg->princ, NULL))) { ret.code = KADM5_AUTH_GET; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); } else { if (handle->api_version == KADM5_API_VERSION_1) { ret.code = kadm5_get_principal_v1((void *)handle, @@ -588,12 +630,10 @@ get_principal_1_svc(gprinc_arg *arg, str arg->princ, &ret.rec, arg->mask); } - - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + log_done(funcname, prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg); @@ -638,18 +678,15 @@ get_princs_1_svc(gprincs_arg *arg, struc NULL, NULL)) { ret.code = KADM5_AUTH_LIST; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_get_principals", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_get_principals((void *)handle, arg->exp, &ret.princs, &ret.count); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", - prime_arg, + log_done("kadm5_get_principals", prime_arg, ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -697,18 +734,15 @@ chpass_principal_1_svc(chpass_arg *arg, ret.code = kadm5_chpass_principal((void *)handle, arg->princ, arg->pass); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_chpass_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } if(ret.code != KADM5_AUTH_CHANGEPW) { - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_chpass_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -764,18 +798,15 @@ chpass_principal3_1_svc(chpass3_arg *arg arg->ks_tuple, arg->pass); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_chpass_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } if(ret.code != KADM5_AUTH_CHANGEPW) { - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_chpass_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -822,18 +853,15 @@ setv4key_principal_1_svc(setv4key_arg *a ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, arg->keyblock); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_setv4key_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_setv4key_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -880,18 +908,15 @@ setkey_principal_1_svc(setkey_arg *arg, ret.code = kadm5_setkey_principal((void *)handle, arg->princ, arg->keyblocks, arg->n_keys); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_setkey_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_setkey_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -941,18 +966,15 @@ setkey_principal3_1_svc(setkey3_arg *arg arg->ks_tuple, arg->keyblocks, arg->n_keys); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_setkey_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_setkey_principal", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -1008,9 +1030,8 @@ chrand_principal_1_svc(chrand_arg *arg, ret.code = kadm5_randkey_principal((void *)handle, arg->princ, &k, &nkeys); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } @@ -1025,11 +1046,9 @@ chrand_principal_1_svc(chrand_arg *arg, } if(ret.code != KADM5_AUTH_CHANGEPW) { - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done(funcname, prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg); @@ -1090,9 +1109,8 @@ chrand_principal3_1_svc(chrand3_arg *arg arg->ks_tuple, &k, &nkeys); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } @@ -1107,11 +1125,9 @@ chrand_principal3_1_svc(chrand3_arg *arg } if(ret.code != KADM5_AUTH_CHANGEPW) { - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done(funcname, prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg); @@ -1152,18 +1168,15 @@ create_policy_1_svc(cpol_arg *arg, struc rqst2name(rqstp), ACL_ADD, NULL, NULL)) { ret.code = KADM5_AUTH_ADD; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - + log_unauth("kadm5_create_policy", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_create_policy((void *)handle, &arg->rec, arg->mask); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_create_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1202,17 +1215,15 @@ delete_policy_1_svc(dpol_arg *arg, struc if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, NULL, NULL)) { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_delete_policy", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_DELETE; } else { ret.code = kadm5_delete_policy((void *)handle, arg->name); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_delete_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1251,18 +1262,16 @@ modify_policy_1_svc(mpol_arg *arg, struc if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, NULL, NULL)) { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_modify_policy", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_MODIFY; } else { ret.code = kadm5_modify_policy((void *)handle, &arg->rec, arg->mask); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_modify_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1337,15 +1346,13 @@ get_policy_1_svc(gpol_arg *arg, struct s &ret.rec); } - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done(funcname, + ((prime_arg == NULL) ? "(null)" : prime_arg), + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1388,18 +1395,15 @@ get_pols_1_svc(gpols_arg *arg, struct sv rqst2name(rqstp), ACL_LIST, NULL, NULL)) { ret.code = KADM5_AUTH_LIST; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_get_policies", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_get_policies((void *)handle, arg->exp, &ret.pols, &ret.count); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", - prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_get_policies", prime_arg, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1432,11 +1436,9 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 } ret.code = kadm5_get_privs((void *)handle, &ret.privs); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", - client_name.value, - ((ret.code == 0) ? "success" : error_message(ret.code)), - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_get_privs", client_name.value, + ((ret.code == 0) ? "success" : error_message(ret.code)), + &client_name, &service_name, rqstp); free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); @@ -1450,6 +1452,8 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, service_name; kadm5_server_handle_t handle; OM_uint32 minor_stat; + size_t clen, slen; + char *cdots, *sdots; xdr_free(xdr_generic_ret, &ret); @@ -1466,12 +1470,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, return &ret; } - krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", + clen = client_name.length; + trunc_name(&clen, &cdots); + slen = service_name.length; + trunc_name(&slen, &sdots); + krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, " + client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d", (ret.api_version == KADM5_API_VERSION_1 ? "kadm5_init (V1)" : "kadm5_init"), - client_name.value, + clen, client_name.value, cdots, (ret.code == 0) ? "success" : error_message(ret.code), - client_name.value, service_name.value, + clen, client_name.value, cdots, + slen, service_name.value, sdots, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), rqstp->rq_cred.oa_flavor); gss_release_buffer(&minor_stat, &client_name);

$NetBSD$ --- src/kadmin/server/kadm_rpc_svc.c.orig 2004-06-16 05:11:51.000000000 +0200 +++ src/kadmin/server/kadm_rpc_svc.c @@ -249,6 +249,8 @@ check_rpcsec_auth(struct svc_req *rqstp) krb5_data *c1, *c2, *realm; gss_buffer_desc gss_str; kadm5_server_handle_t handle; + size_t slen; + char *sdots; success = 0; handle = (kadm5_server_handle_t)global_server_handle; @@ -273,6 +275,9 @@ check_rpcsec_auth(struct svc_req *rqstp) if (ret == 0) goto fail_name; + slen = gss_str.length; + trunc_name(&slen, &sdots); + /* * Since we accept with GSS_C_NO_NAME, the client can authenticate * against the entire kdb. Therefore, ensure that the service @@ -295,8 +300,8 @@ check_rpcsec_auth(struct svc_req *rqstp) fail_princ: if (!success) { - krb5_klog_syslog(LOG_ERR, "bad service principal %.*s", - gss_str.length, gss_str.value); + krb5_klog_syslog(LOG_ERR, "bad service principal %.*s%s", + slen, gss_str.value, sdots); } gss_release_buffer(&min_stat, &gss_str); krb5_free_principal(kctx, princ);

$NetBSD$ --- src/kadmin/server/misc.c.orig 2004-10-29 01:41:10.000000000 +0200 +++ src/kadmin/server/misc.c @@ -149,3 +149,12 @@ check_min_life(void *server_handle, krb5 return kadm5_free_principal_ent(handle->lhandle, &princ); } + +#define MAXPRINCLEN 125 + +void +trunc_name(size_t *len, char **dots) +{ + *dots = *len > MAXPRINCLEN ? "..." : ""; + *len = *len > MAXPRINCLEN ? MAXPRINCLEN : *len; +}

$NetBSD$ --- src/lib/kadm5/logger.c.orig 2002-09-18 22:44:13.000000000 +0200 +++ src/lib/kadm5/logger.c @@ -45,7 +45,7 @@ #include <varargs.h> #endif /* HAVE_STDARG_H */ -#define KRB5_KLOG_MAX_ERRMSG_SIZE 1024 +#define KRB5_KLOG_MAX_ERRMSG_SIZE 2048 #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 256 #endif /* MAXHOSTNAMELEN */ @@ -256,7 +256,9 @@ klog_com_err_proc(const char *whoami, lo #endif /* HAVE_SYSLOG */ /* Now format the actual message */ -#if HAVE_VSPRINTF +#if HAVE_VSNPRINTF + vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap); +#elif HAVE_VSPRINTF vsprintf(cp, actual_format, ap); #else /* HAVE_VSPRINTF */ sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1], @@ -843,7 +845,9 @@ klog_vsyslog(int priority, const char *f syslogp = &outbuf[strlen(outbuf)]; /* Now format the actual message */ -#ifdef HAVE_VSPRINTF +#ifdef HAVE_VSNPRINTF + vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist); +#elif HAVE_VSPRINTF vsprintf(syslogp, format, arglist); #else /* HAVE_VSPRINTF */ sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1],

$NetBSD$ --- src/lib/gssapi/krb5/k5unseal.c.orig 2004-04-13 22:00:19.000000000 +0200 +++ src/lib/gssapi/krb5/k5unseal.c @@ -457,8 +457,11 @@ kg_unseal_v1(context, minor_status, ctx, if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { - if (toktype == KG_TOK_SEAL_MSG) + if (toktype == KG_TOK_SEAL_MSG) { xfree(token.value); + message_buffer->value = NULL; + message_buffer->length = 0; + } *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); }