cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add official kerberos patch

Browse Source
This commit is contained in:
Andrey A. Chernov 1998-11-10 13:20:21 +00:00
parent 3603bad711
commit f5f3107e73
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=14446
2 changed files with 572 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

286
security/ssh/files/patch-ag Normal file
View File

@ -0,0 +1,286 @@
--- sshconnect.c.orig Wed Jul 8 20:40:38 1998
+++ sshconnect.c Tue Nov 10 15:43:45 1998
@@ -282,7 +282,7 @@
/* Child. Permanently give up superuser privileges. */
if (setuid(getuid()) < 0)
- fatal("setuid: %s", strerror(errno));
+ fatal("setuid: %.100s", strerror(errno));
/* Redirect stdin and stdout. */
close(pin[1]);
@@ -944,7 +944,7 @@
if (!ssh_context)
{
if ((r = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.", error_message(r));
+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r));
krb5_init_ets(ssh_context);
}
@@ -959,14 +959,14 @@
"host", KRB5_NT_SRV_HST,
&creds.server)))
{
- debug("Kerberos V5: error while constructing service name: %s.",
+ debug("Kerberos V5: error while constructing service name: %.100s.",
error_message(r));
goto cleanup;
}
if ((r = krb5_cc_get_principal(ssh_context, ccache,
&creds.client)))
{
- debug("Kerberos V5: failure on principal (%s).",
+ debug("Kerberos V5: failure on principal (%.100s).",
error_message(r));
goto cleanup;
}
@@ -975,7 +975,7 @@
if ((r = krb5_get_credentials(ssh_context, 0,
ccache, &creds, &new_creds)))
{
- debug("Kerberos V5: failure on credentials(%s).",
+ debug("Kerberos V5: failure on credentials(%.100s).",
error_message(r));
goto cleanup;
}
@@ -987,7 +987,7 @@
{
if ((r = krb5_auth_con_init(ssh_context, &auth_context)))
{
- debug("Kerberos V5: failed to init auth_context (%s)",
+ debug("Kerberos V5: failed to init auth_context (%.100s)",
error_message(r));
goto cleanup;
}
@@ -998,7 +998,7 @@
if ((r = krb5_mk_req_extended(ssh_context, &auth_context, ap_opts,
0, new_creds, &auth)))
{
- debug("Kerberos V5: failed krb5_mk_req_extended (%s)",
+ debug("Kerberos V5: failed krb5_mk_req_extended (%.100s)",
error_message(r));
goto cleanup;
}
@@ -1046,7 +1046,7 @@
if (r = krb5_rd_rep(ssh_context, auth_context, &auth, &repl))
{
- packet_disconnect("Kerberos V5 Authentication failed: %s",
+ packet_disconnect("Kerberos V5 Authentication failed: %.100s",
error_message(r));
goto cleanup;
}
@@ -1090,7 +1090,7 @@
krb5_data outbuf;
krb5_error_code r;
int type;
- char server_name[128];
+ char server_name[512];
remotehost = (char *) get_canonical_hostname();
memset(&outbuf, 0 , sizeof(outbuf));
@@ -1100,14 +1100,14 @@
if (!ssh_context)
{
if ((r = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.", error_message(r));
+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r));
krb5_init_ets(ssh_context);
}
if (!auth_context)
{
if ((r = krb5_auth_con_init(ssh_context, &auth_context)))
{
- debug("Kerberos V5: failed to init auth_context (%s)",
+ debug("Kerberos V5: failed to init auth_context (%.100s)",
error_message(r));
return 0 ;
}
@@ -1124,7 +1124,7 @@
if ((r = krb5_cc_get_principal(ssh_context, ccache,
&client)))
{
- debug("Kerberos V5: failure on principal (%s)",
+ debug("Kerberos V5: failure on principal (%.100s)",
error_message(r));
return 0 ;
}
@@ -1136,7 +1136,7 @@
principal and point it to clients realm. This way
we pass over a TGT of the clients realm. */
- sprintf(server_name,"host/%s@", remotehost);
+ sprintf(server_name,"host/%.100s@", remotehost);
strncat(server_name,client->realm.data,client->realm.length);
krb5_parse_name(ssh_context,server_name, &server);
server->type = KRB5_NT_SRV_HST;
@@ -1145,7 +1145,7 @@
if ((r = krb5_fwd_tgt_creds(ssh_context, auth_context, 0, client,
server, ccache, 1, &outbuf)))
{
- debug("Kerberos V5 krb5_fwd_tgt_creds failure (%s)",
+ debug("Kerberos V5 krb5_fwd_tgt_creds failure (%.100s)",
error_message(r));
krb5_free_principal(ssh_context, client);
krb5_free_principal(ssh_context, server);
@@ -1416,7 +1416,7 @@
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the host key has just been changed.");
error("Please contact your system administrator.");
- error("Add correct host key in %s to get rid of this message.",
+ error("Add correct host key in %.100s to get rid of this message.",
options->user_hostfile);
/* If strict host key checking is in use, the user will have to edit
@@ -1589,7 +1589,7 @@
if (!ssh_context)
{
if ((problem = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.",
+ fatal("Kerberos V5: %.100s while initializing krb5.",
error_message(problem));
krb5_init_ets(ssh_context);
}
@@ -1605,7 +1605,7 @@
if ((problem = krb5_cc_get_principal(ssh_context, ccache,
&client)))
{
- debug("Kerberos V5: failure on principal (%s).",
+ debug("Kerberos V5: failure on principal (%.100s).",
error_message(problem));
}
else {
--- auth-kerberos.c.orig Wed Jul 8 20:40:35 1998
+++ auth-kerberos.c Tue Nov 10 15:50:15 1998
@@ -63,11 +63,11 @@
krb5_auth_con_free(ssh_context, auth_context);
auth_context = 0;
}
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_auth_con_genaddrs (%s).", error_message(problem));
- packet_send_debug("Kerberos krb5_auth_con_genaddrs: %s",
+ debug("Kerberos krb5_auth_con_genaddrs (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos krb5_auth_con_genaddrs: %.100s",
error_message(problem));
return 0;
}
@@ -80,11 +80,11 @@
krb5_auth_con_free(ssh_context, auth_context);
auth_context = 0;
}
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos V5 rd_req failed (%s).", error_message(problem));
- packet_send_debug("Kerberos V5 krb5_rd_req: %s", error_message(problem));
+ debug("Kerberos V5 rd_req failed (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos V5 krb5_rd_req: %.100s", error_message(problem));
return 0;
}
@@ -93,22 +93,22 @@
if (problem)
{
krb5_free_ticket(ssh_context, ticket);
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_unparse_name failed (%s).", error_message(problem));
- packet_send_debug("Kerberos krb5_unparse_name: %s",
+ debug("Kerberos krb5_unparse_name failed (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos krb5_unparse_name: %.100s",
error_message(problem));
return 0;
}
if (strncmp(server, "host/", strlen("host/")))
{
krb5_free_ticket(ssh_context, ticket);
- log_msg("Kerberos ticket authentication of user %s failed: invalid service name (%s)",
+ log_msg("Kerberos ticket authentication of user %.100s failed: invalid service name (%.100s)",
server_user, server);
- debug("Kerberos invalid service name (%s).", server);
- packet_send_debug("Kerberos invalid service name (%s).", server);
+ debug("Kerberos invalid service name (%.100s).", server);
+ packet_send_debug("Kerberos invalid service name (%.100s).", server);
krb5_xfree(server);
return 0;
}
@@ -122,11 +122,11 @@
if (problem)
{
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_copy_principal failed (%s).",
+ debug("Kerberos krb5_copy_principal failed (%.100s).",
error_message(problem));
- packet_send_debug("Kerberos krb5_copy_principal: %s",
+ packet_send_debug("Kerberos krb5_copy_principal: %.100s",
error_message(problem));
return 0;
}
@@ -135,11 +135,11 @@
/* Make the reply - so that mutual authentication can be done */
if ((problem = krb5_mk_rep(ssh_context, auth_context, &reply)))
{
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_mk_rep failed (%s).",
+ debug("Kerberos krb5_mk_rep failed (%.100s).",
error_message(problem));
- packet_send_debug("Kerberos krb5_mk_rep failed: %s",
+ packet_send_debug("Kerberos krb5_mk_rep failed: %.100s",
error_message(problem));
return 0;
}
@@ -160,7 +160,7 @@
{
krb5_creds **creds;
krb5_error_code retval;
- static char ccname[128];
+ static char ccname[512];
krb5_ccache ccache = NULL;
struct passwd *pwd;
extern char *ticket;
@@ -208,9 +208,9 @@
if (retval = krb5_rd_cred(ssh_context, auth_context, krb5data, &creds, NULL))
{
- log_msg("Kerberos V5 tgt rejected for user %.100s : %s", server_user,
+ log_msg("Kerberos V5 tgt rejected for user %.100s : %.100s", server_user,
error_message(retval));
- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s",
+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s",
server_user,
error_message(retval));
packet_start(SSH_SMSG_FAILURE);
@@ -234,7 +234,7 @@
goto errout;
ticket = xmalloc(strlen(ccname) + 1);
- (void) sprintf(ticket, "%s", ccname);
+ (void) sprintf(ticket, "%.100s", ccname);
/* Successful */
packet_start(SSH_SMSG_SUCCESS);
@@ -244,9 +244,9 @@
errout:
krb5_free_tgt_creds(ssh_context, creds);
- log_msg("Kerberos V5 tgt rejected for user %.100s :%s", server_user,
+ log_msg("Kerberos V5 tgt rejected for user %.100s :%.100s", server_user,
error_message(retval));
- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", server_user,
+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", server_user,
error_message(retval));
packet_start(SSH_SMSG_FAILURE);
packet_send();

286
security/ssh2/files/patch-ag Normal file
View File

@ -0,0 +1,286 @@
--- sshconnect.c.orig Wed Jul 8 20:40:38 1998
+++ sshconnect.c Tue Nov 10 15:43:45 1998
@@ -282,7 +282,7 @@
/* Child. Permanently give up superuser privileges. */
if (setuid(getuid()) < 0)
- fatal("setuid: %s", strerror(errno));
+ fatal("setuid: %.100s", strerror(errno));
/* Redirect stdin and stdout. */
close(pin[1]);
@@ -944,7 +944,7 @@
if (!ssh_context)
{
if ((r = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.", error_message(r));
+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r));
krb5_init_ets(ssh_context);
}
@@ -959,14 +959,14 @@
"host", KRB5_NT_SRV_HST,
&creds.server)))
{
- debug("Kerberos V5: error while constructing service name: %s.",
+ debug("Kerberos V5: error while constructing service name: %.100s.",
error_message(r));
goto cleanup;
}
if ((r = krb5_cc_get_principal(ssh_context, ccache,
&creds.client)))
{
- debug("Kerberos V5: failure on principal (%s).",
+ debug("Kerberos V5: failure on principal (%.100s).",
error_message(r));
goto cleanup;
}
@@ -975,7 +975,7 @@
if ((r = krb5_get_credentials(ssh_context, 0,
ccache, &creds, &new_creds)))
{
- debug("Kerberos V5: failure on credentials(%s).",
+ debug("Kerberos V5: failure on credentials(%.100s).",
error_message(r));
goto cleanup;
}
@@ -987,7 +987,7 @@
{
if ((r = krb5_auth_con_init(ssh_context, &auth_context)))
{
- debug("Kerberos V5: failed to init auth_context (%s)",
+ debug("Kerberos V5: failed to init auth_context (%.100s)",
error_message(r));
goto cleanup;
}
@@ -998,7 +998,7 @@
if ((r = krb5_mk_req_extended(ssh_context, &auth_context, ap_opts,
0, new_creds, &auth)))
{
- debug("Kerberos V5: failed krb5_mk_req_extended (%s)",
+ debug("Kerberos V5: failed krb5_mk_req_extended (%.100s)",
error_message(r));
goto cleanup;
}
@@ -1046,7 +1046,7 @@
if (r = krb5_rd_rep(ssh_context, auth_context, &auth, &repl))
{
- packet_disconnect("Kerberos V5 Authentication failed: %s",
+ packet_disconnect("Kerberos V5 Authentication failed: %.100s",
error_message(r));
goto cleanup;
}
@@ -1090,7 +1090,7 @@
krb5_data outbuf;
krb5_error_code r;
int type;
- char server_name[128];
+ char server_name[512];
remotehost = (char *) get_canonical_hostname();
memset(&outbuf, 0 , sizeof(outbuf));
@@ -1100,14 +1100,14 @@
if (!ssh_context)
{
if ((r = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.", error_message(r));
+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r));
krb5_init_ets(ssh_context);
}
if (!auth_context)
{
if ((r = krb5_auth_con_init(ssh_context, &auth_context)))
{
- debug("Kerberos V5: failed to init auth_context (%s)",
+ debug("Kerberos V5: failed to init auth_context (%.100s)",
error_message(r));
return 0 ;
}
@@ -1124,7 +1124,7 @@
if ((r = krb5_cc_get_principal(ssh_context, ccache,
&client)))
{
- debug("Kerberos V5: failure on principal (%s)",
+ debug("Kerberos V5: failure on principal (%.100s)",
error_message(r));
return 0 ;
}
@@ -1136,7 +1136,7 @@
principal and point it to clients realm. This way
we pass over a TGT of the clients realm. */
- sprintf(server_name,"host/%s@", remotehost);
+ sprintf(server_name,"host/%.100s@", remotehost);
strncat(server_name,client->realm.data,client->realm.length);
krb5_parse_name(ssh_context,server_name, &server);
server->type = KRB5_NT_SRV_HST;
@@ -1145,7 +1145,7 @@
if ((r = krb5_fwd_tgt_creds(ssh_context, auth_context, 0, client,
server, ccache, 1, &outbuf)))
{
- debug("Kerberos V5 krb5_fwd_tgt_creds failure (%s)",
+ debug("Kerberos V5 krb5_fwd_tgt_creds failure (%.100s)",
error_message(r));
krb5_free_principal(ssh_context, client);
krb5_free_principal(ssh_context, server);
@@ -1416,7 +1416,7 @@
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the host key has just been changed.");
error("Please contact your system administrator.");
- error("Add correct host key in %s to get rid of this message.",
+ error("Add correct host key in %.100s to get rid of this message.",
options->user_hostfile);
/* If strict host key checking is in use, the user will have to edit
@@ -1589,7 +1589,7 @@
if (!ssh_context)
{
if ((problem = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.",
+ fatal("Kerberos V5: %.100s while initializing krb5.",
error_message(problem));
krb5_init_ets(ssh_context);
}
@@ -1605,7 +1605,7 @@
if ((problem = krb5_cc_get_principal(ssh_context, ccache,
&client)))
{
- debug("Kerberos V5: failure on principal (%s).",
+ debug("Kerberos V5: failure on principal (%.100s).",
error_message(problem));
}
else {
--- auth-kerberos.c.orig Wed Jul 8 20:40:35 1998
+++ auth-kerberos.c Tue Nov 10 15:50:15 1998
@@ -63,11 +63,11 @@
krb5_auth_con_free(ssh_context, auth_context);
auth_context = 0;
}
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_auth_con_genaddrs (%s).", error_message(problem));
- packet_send_debug("Kerberos krb5_auth_con_genaddrs: %s",
+ debug("Kerberos krb5_auth_con_genaddrs (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos krb5_auth_con_genaddrs: %.100s",
error_message(problem));
return 0;
}
@@ -80,11 +80,11 @@
krb5_auth_con_free(ssh_context, auth_context);
auth_context = 0;
}
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos V5 rd_req failed (%s).", error_message(problem));
- packet_send_debug("Kerberos V5 krb5_rd_req: %s", error_message(problem));
+ debug("Kerberos V5 rd_req failed (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos V5 krb5_rd_req: %.100s", error_message(problem));
return 0;
}
@@ -93,22 +93,22 @@
if (problem)
{
krb5_free_ticket(ssh_context, ticket);
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_unparse_name failed (%s).", error_message(problem));
- packet_send_debug("Kerberos krb5_unparse_name: %s",
+ debug("Kerberos krb5_unparse_name failed (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos krb5_unparse_name: %.100s",
error_message(problem));
return 0;
}
if (strncmp(server, "host/", strlen("host/")))
{
krb5_free_ticket(ssh_context, ticket);
- log_msg("Kerberos ticket authentication of user %s failed: invalid service name (%s)",
+ log_msg("Kerberos ticket authentication of user %.100s failed: invalid service name (%.100s)",
server_user, server);
- debug("Kerberos invalid service name (%s).", server);
- packet_send_debug("Kerberos invalid service name (%s).", server);
+ debug("Kerberos invalid service name (%.100s).", server);
+ packet_send_debug("Kerberos invalid service name (%.100s).", server);
krb5_xfree(server);
return 0;
}
@@ -122,11 +122,11 @@
if (problem)
{
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_copy_principal failed (%s).",
+ debug("Kerberos krb5_copy_principal failed (%.100s).",
error_message(problem));
- packet_send_debug("Kerberos krb5_copy_principal: %s",
+ packet_send_debug("Kerberos krb5_copy_principal: %.100s",
error_message(problem));
return 0;
}
@@ -135,11 +135,11 @@
/* Make the reply - so that mutual authentication can be done */
if ((problem = krb5_mk_rep(ssh_context, auth_context, &reply)))
{
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_mk_rep failed (%s).",
+ debug("Kerberos krb5_mk_rep failed (%.100s).",
error_message(problem));
- packet_send_debug("Kerberos krb5_mk_rep failed: %s",
+ packet_send_debug("Kerberos krb5_mk_rep failed: %.100s",
error_message(problem));
return 0;
}
@@ -160,7 +160,7 @@
{
krb5_creds **creds;
krb5_error_code retval;
- static char ccname[128];
+ static char ccname[512];
krb5_ccache ccache = NULL;
struct passwd *pwd;
extern char *ticket;
@@ -208,9 +208,9 @@
if (retval = krb5_rd_cred(ssh_context, auth_context, krb5data, &creds, NULL))
{
- log_msg("Kerberos V5 tgt rejected for user %.100s : %s", server_user,
+ log_msg("Kerberos V5 tgt rejected for user %.100s : %.100s", server_user,
error_message(retval));
- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s",
+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s",
server_user,
error_message(retval));
packet_start(SSH_SMSG_FAILURE);
@@ -234,7 +234,7 @@
goto errout;
ticket = xmalloc(strlen(ccname) + 1);
- (void) sprintf(ticket, "%s", ccname);
+ (void) sprintf(ticket, "%.100s", ccname);
/* Successful */
packet_start(SSH_SMSG_SUCCESS);
@@ -244,9 +244,9 @@
errout:
krb5_free_tgt_creds(ssh_context, creds);
- log_msg("Kerberos V5 tgt rejected for user %.100s :%s", server_user,
+ log_msg("Kerberos V5 tgt rejected for user %.100s :%.100s", server_user,
error_message(retval));
- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", server_user,
+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", server_user,
error_message(retval));
packet_start(SSH_SMSG_FAILURE);
packet_send();