summaryrefslogtreecommitdiffstats
path: root/network/krb5/patches/2008-001-patch.txt
diff options
context:
space:
mode:
Diffstat (limited to 'network/krb5/patches/2008-001-patch.txt')
-rw-r--r--network/krb5/patches/2008-001-patch.txt337
1 files changed, 0 insertions, 337 deletions
diff --git a/network/krb5/patches/2008-001-patch.txt b/network/krb5/patches/2008-001-patch.txt
deleted file mode 100644
index b26b9fddcf..0000000000
--- a/network/krb5/patches/2008-001-patch.txt
+++ /dev/null
@@ -1,337 +0,0 @@
-Index: src/kdc/dispatch.c
-===================================================================
---- src/kdc/dispatch.c (revision 20192)
-+++ src/kdc/dispatch.c (working copy)
-@@ -1,7 +1,7 @@
- /*
- * kdc/dispatch.c
- *
-- * Copyright 1990 by the Massachusetts Institute of Technology.
-+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
-@@ -107,7 +107,7 @@
- retval = KRB5KRB_AP_ERR_MSG_TYPE;
- #ifndef NOCACHE
- /* put the response into the lookaside buffer */
-- if (!retval)
-+ if (!retval && *response != NULL)
- kdc_insert_lookaside(pkt, *response);
- #endif
-
-Index: src/kdc/kerberos_v4.c
-===================================================================
---- src/kdc/kerberos_v4.c (revision 20192)
-+++ src/kdc/kerberos_v4.c (working copy)
-@@ -1,7 +1,7 @@
- /*
- * kdc/kerberos_v4.c
- *
-- * Copyright 1985, 1986, 1987, 1988,1991 by the Massachusetts Institute
-+ * Copyright 1985, 1986, 1987, 1988,1991,2007 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
-@@ -87,11 +87,6 @@
- #define MSB_FIRST 0 /* 68000, IBM RT/PC */
- #define LSB_FIRST 1 /* Vax, PC8086 */
-
--int f;
--
--/* XXX several files in libkdb know about this */
--char *progname;
--
- #ifndef BACKWARD_COMPAT
- static Key_schedule master_key_schedule;
- static C_Block master_key;
-@@ -143,10 +138,8 @@
- #include "com_err.h"
- #include "extern.h" /* to pick up master_princ */
-
--static krb5_data *response;
--
--void kerberos_v4 (struct sockaddr_in *, KTEXT);
--void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
-+static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT);
-+static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
- static int set_tgtkey (char *, krb5_kvno, krb5_boolean);
-
- /* Attributes converted from V5 to V4 - internal representation */
-@@ -262,12 +255,12 @@
- (void) klog(L_KRB_PERR, "V4 request too long.");
- return KRB5KRB_ERR_FIELD_TOOLONG;
- }
-+ memset( &v4_pkt, 0, sizeof(v4_pkt));
- v4_pkt.length = pkt->length;
- v4_pkt.mbz = 0;
- memcpy( v4_pkt.dat, pkt->data, pkt->length);
-
-- kerberos_v4( &client_sockaddr, &v4_pkt);
-- *resp = response;
-+ *resp = kerberos_v4( &client_sockaddr, &v4_pkt);
- return(retval);
- }
-
-@@ -300,19 +293,20 @@
- }
-
- static
--int krb4_sendto(int s, const char *msg, int len, int flags,
-- const struct sockaddr *to, int to_len)
-+krb5_data *make_response(const char *msg, int len)
- {
-+ krb5_data *response;
-+
- if ( !(response = (krb5_data *) malloc( sizeof *response))) {
-- return ENOMEM;
-+ return 0;
- }
- if ( !(response->data = (char *) malloc( len))) {
- krb5_free_data(kdc_context, response);
-- return ENOMEM;
-+ return 0;
- }
- response->length = len;
- memcpy( response->data, msg, len);
-- return( 0);
-+ return response;
- }
- static void
- hang(void)
-@@ -586,7 +580,7 @@
- *cp = 0;
- }
-
--void
-+static krb5_data *
- kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
- {
- static KTEXT_ST rpkt_st;
-@@ -599,8 +593,8 @@
- KTEXT auth = &auth_st;
- AUTH_DAT ad_st;
- AUTH_DAT *ad = &ad_st;
-+ krb5_data *response = 0;
-
--
- static struct in_addr client_host;
- static int msg_byte_order;
- static int swap_bytes;
-@@ -637,8 +631,7 @@
- inet_ntoa(client_host));
- /* send an error reply */
- req_name_ptr = req_inst_ptr = req_realm_ptr = "";
-- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
-- return;
-+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
- }
-
- /* check packet version */
-@@ -648,8 +641,7 @@
- KRB_PROT_VERSION, req_version, 0);
- /* send an error reply */
- req_name_ptr = req_inst_ptr = req_realm_ptr = "";
-- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
-- return;
-+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
- }
- msg_byte_order = req_msg_type & 1;
-
-@@ -707,10 +699,10 @@
-
- if ((i = check_princ(req_name_ptr, req_inst_ptr, 0,
- &a_name_data, &k5key, 0, &ck5life))) {
-- kerb_err_reply(client, pkt, i, "check_princ failed");
-+ response = kerb_err_reply(client, pkt, i, "check_princ failed");
- a_name_data.key_low = a_name_data.key_high = 0;
- krb5_free_keyblock_contents(kdc_context, &k5key);
-- return;
-+ return response;
- }
- /* don't use k5key for client */
- krb5_free_keyblock_contents(kdc_context, &k5key);
-@@ -722,11 +714,11 @@
- /* this does all the checking */
- if ((i = check_princ(service, instance, lifetime,
- &s_name_data, &k5key, 1, &sk5life))) {
-- kerb_err_reply(client, pkt, i, "check_princ failed");
-+ response = kerb_err_reply(client, pkt, i, "check_princ failed");
- a_name_data.key_high = a_name_data.key_low = 0;
- s_name_data.key_high = s_name_data.key_low = 0;
- krb5_free_keyblock_contents(kdc_context, &k5key);
-- return;
-+ return response;
- }
- /* Bound requested lifetime with service and user */
- v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life);
-@@ -797,8 +789,7 @@
- rpkt = create_auth_reply(req_name_ptr, req_inst_ptr,
- req_realm_ptr, req_time_ws, 0, a_name_data.exp_date,
- a_name_data.key_version, ciph);
-- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0,
-- (struct sockaddr *) client, sizeof (struct sockaddr_in));
-+ response = make_response((char *) rpkt->dat, rpkt->length);
- memset(&a_name_data, 0, sizeof(a_name_data));
- memset(&s_name_data, 0, sizeof(s_name_data));
- break;
-@@ -824,9 +815,8 @@
- lt = klog(L_KRB_PERR,
- "APPL request with realm length too long from %s",
- inet_ntoa(client_host));
-- kerb_err_reply(client, pkt, RD_AP_INCON,
-- "realm length too long");
-- return;
-+ return kerb_err_reply(client, pkt, RD_AP_INCON,
-+ "realm length too long");
- }
-
- auth->length += (int) *(pkt->dat + auth->length) +
-@@ -835,9 +825,8 @@
- lt = klog(L_KRB_PERR,
- "APPL request with funky tkt or req_id length from %s",
- inet_ntoa(client_host));
-- kerb_err_reply(client, pkt, RD_AP_INCON,
-- "funky tkt or req_id length");
-- return;
-+ return kerb_err_reply(client, pkt, RD_AP_INCON,
-+ "funky tkt or req_id length");
- }
-
- memcpy(auth->dat, pkt->dat, auth->length);
-@@ -848,18 +837,16 @@
- if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) {
- lt = klog(L_ERR_UNK,
- "Cross realm ticket from %s denied by policy,", tktrlm);
-- kerb_err_reply(client, pkt,
-- KERB_ERR_PRINCIPAL_UNKNOWN, lt);
-- return;
-+ return kerb_err_reply(client, pkt,
-+ KERB_ERR_PRINCIPAL_UNKNOWN, lt);
- }
- if (set_tgtkey(tktrlm, kvno, 0)) {
-- lt = klog(L_ERR_UNK,
-+ lt = klog(L_ERR_UNK,
- "FAILED set_tgtkey realm %s, kvno %d. Host: %s ",
- tktrlm, kvno, inet_ntoa(client_host));
- /* no better error code */
-- kerb_err_reply(client, pkt,
-- KERB_ERR_PRINCIPAL_UNKNOWN, lt);
-- return;
-+ return kerb_err_reply(client, pkt,
-+ KERB_ERR_PRINCIPAL_UNKNOWN, lt);
- }
- kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
- ad, 0);
-@@ -869,9 +856,8 @@
- "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ",
- tktrlm, kvno, inet_ntoa(client_host));
- /* no better error code */
-- kerb_err_reply(client, pkt,
-- KERB_ERR_PRINCIPAL_UNKNOWN, lt);
-- return;
-+ return kerb_err_reply(client, pkt,
-+ KERB_ERR_PRINCIPAL_UNKNOWN, lt);
- }
- kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
- ad, 0);
-@@ -881,8 +867,7 @@
- klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s",
- inet_ntoa(client_host), krb_get_err_text(kerno));
- req_name_ptr = req_inst_ptr = req_realm_ptr = "";
-- kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
-- return;
-+ return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
- }
- ptr = (char *) pkt->dat + auth->length;
-
-@@ -904,22 +889,21 @@
- req_realm_ptr = ad->prealm;
-
- if (strcmp(ad->prealm, tktrlm)) {
-- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
-- "Can't hop realms");
-- return;
-+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
-+ "Can't hop realms");
- }
- if (!strcmp(service, "changepw")) {
-- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
-- "Can't authorize password changed based on TGT");
-- return;
-+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
-+ "Can't authorize password changed based on TGT");
- }
- kerno = check_princ(service, instance, req_life,
- &s_name_data, &k5key, 1, &sk5life);
- if (kerno) {
-- kerb_err_reply(client, pkt, kerno, "check_princ failed");
-+ response = kerb_err_reply(client, pkt, kerno,
-+ "check_princ failed");
- s_name_data.key_high = s_name_data.key_low = 0;
- krb5_free_keyblock_contents(kdc_context, &k5key);
-- return;
-+ return response;
- }
- /* Bound requested lifetime with service and user */
- v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life);
-@@ -975,8 +959,7 @@
- rpkt = create_auth_reply(ad->pname, ad->pinst,
- ad->prealm, time_ws,
- 0, 0, 0, ciph);
-- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0,
-- (struct sockaddr *) client, sizeof (struct sockaddr_in));
-+ response = make_response((char *) rpkt->dat, rpkt->length);
- memset(&s_name_data, 0, sizeof(s_name_data));
- break;
- }
-@@ -1001,6 +984,7 @@
- break;
- }
- }
-+ return response;
- }
-
-
-@@ -1010,7 +994,7 @@
- * client.
- */
-
--void
-+static krb5_data *
- kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string)
- {
- static KTEXT_ST e_pkt_st;
-@@ -1021,9 +1005,7 @@
- strncat(e_msg, string, sizeof(e_msg) - 1 - 19);
- cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
- req_time_ws, err, e_msg);
-- krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0,
-- (struct sockaddr *) client, sizeof (struct sockaddr_in));
--
-+ return make_response((char *) e_pkt->dat, e_pkt->length);
- }
-
- static int
-Index: src/kdc/network.c
-===================================================================
---- src/kdc/network.c (revision 20192)
-+++ src/kdc/network.c (working copy)
-@@ -1,7 +1,7 @@
- /*
- * kdc/network.c
- *
-- * Copyright 1990,2000 by the Massachusetts Institute of Technology.
-+ * Copyright 1990,2000,2007 by the Massachusetts Institute of Technology.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
-@@ -747,6 +747,8 @@
- com_err(prog, retval, "while dispatching (udp)");
- return;
- }
-+ if (response == NULL)
-+ return;
- cc = sendto(port_fd, response->data, (socklen_t) response->length, 0,
- (struct sockaddr *)&saddr, saddr_len);
- if (cc == -1) {
generated by cgit v1.2.3 (git 2.32.0) at 2024-06-18 00:25:23 +0200