diff options
author | ache <ache@FreeBSD.org> | 1998-11-10 13:20:21 +0000 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 1998-11-10 13:20:21 +0000 |
commit | c0a5441257eac2f572ba70f1e9eb0bbc4e74b746 (patch) | |
tree | 117bbf2b302459da654b36050b48043d7cfe3fdf /security/ssh | |
parent | 4e8cfdcdd98d9e49d3f5906fc317459ff1fc0b1e (diff) | |
download | FreeBSD-ports-c0a5441257eac2f572ba70f1e9eb0bbc4e74b746.zip FreeBSD-ports-c0a5441257eac2f572ba70f1e9eb0bbc4e74b746.tar.gz |
add official kerberos patch
Diffstat (limited to 'security/ssh')
-rw-r--r-- | security/ssh/files/patch-ag | 286 |
1 files changed, 286 insertions, 0 deletions
diff --git a/security/ssh/files/patch-ag b/security/ssh/files/patch-ag new file mode 100644 index 0000000..c384805 --- /dev/null +++ b/security/ssh/files/patch-ag @@ -0,0 +1,286 @@ +--- sshconnect.c.orig Wed Jul 8 20:40:38 1998 ++++ sshconnect.c Tue Nov 10 15:43:45 1998 +@@ -282,7 +282,7 @@ + + /* Child. Permanently give up superuser privileges. */ + if (setuid(getuid()) < 0) +- fatal("setuid: %s", strerror(errno)); ++ fatal("setuid: %.100s", strerror(errno)); + + /* Redirect stdin and stdout. */ + close(pin[1]); +@@ -944,7 +944,7 @@ + if (!ssh_context) + { + if ((r = krb5_init_context(&ssh_context))) +- fatal("Kerberos V5: %s while initializing krb5.", error_message(r)); ++ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r)); + krb5_init_ets(ssh_context); + } + +@@ -959,14 +959,14 @@ + "host", KRB5_NT_SRV_HST, + &creds.server))) + { +- debug("Kerberos V5: error while constructing service name: %s.", ++ debug("Kerberos V5: error while constructing service name: %.100s.", + error_message(r)); + goto cleanup; + } + if ((r = krb5_cc_get_principal(ssh_context, ccache, + &creds.client))) + { +- debug("Kerberos V5: failure on principal (%s).", ++ debug("Kerberos V5: failure on principal (%.100s).", + error_message(r)); + goto cleanup; + } +@@ -975,7 +975,7 @@ + if ((r = krb5_get_credentials(ssh_context, 0, + ccache, &creds, &new_creds))) + { +- debug("Kerberos V5: failure on credentials(%s).", ++ debug("Kerberos V5: failure on credentials(%.100s).", + error_message(r)); + goto cleanup; + } +@@ -987,7 +987,7 @@ + { + if ((r = krb5_auth_con_init(ssh_context, &auth_context))) + { +- debug("Kerberos V5: failed to init auth_context (%s)", ++ debug("Kerberos V5: failed to init auth_context (%.100s)", + error_message(r)); + goto cleanup; + } +@@ -998,7 +998,7 @@ + if ((r = krb5_mk_req_extended(ssh_context, &auth_context, ap_opts, + 0, new_creds, &auth))) + { +- debug("Kerberos V5: failed krb5_mk_req_extended (%s)", ++ debug("Kerberos V5: failed krb5_mk_req_extended (%.100s)", + error_message(r)); + goto cleanup; + } +@@ -1046,7 +1046,7 @@ + + if (r = krb5_rd_rep(ssh_context, auth_context, &auth, &repl)) + { +- packet_disconnect("Kerberos V5 Authentication failed: %s", ++ packet_disconnect("Kerberos V5 Authentication failed: %.100s", + error_message(r)); + goto cleanup; + } +@@ -1090,7 +1090,7 @@ + krb5_data outbuf; + krb5_error_code r; + int type; +- char server_name[128]; ++ char server_name[512]; + + remotehost = (char *) get_canonical_hostname(); + memset(&outbuf, 0 , sizeof(outbuf)); +@@ -1100,14 +1100,14 @@ + if (!ssh_context) + { + if ((r = krb5_init_context(&ssh_context))) +- fatal("Kerberos V5: %s while initializing krb5.", error_message(r)); ++ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r)); + krb5_init_ets(ssh_context); + } + if (!auth_context) + { + if ((r = krb5_auth_con_init(ssh_context, &auth_context))) + { +- debug("Kerberos V5: failed to init auth_context (%s)", ++ debug("Kerberos V5: failed to init auth_context (%.100s)", + error_message(r)); + return 0 ; + } +@@ -1124,7 +1124,7 @@ + if ((r = krb5_cc_get_principal(ssh_context, ccache, + &client))) + { +- debug("Kerberos V5: failure on principal (%s)", ++ debug("Kerberos V5: failure on principal (%.100s)", + error_message(r)); + return 0 ; + } +@@ -1136,7 +1136,7 @@ + principal and point it to clients realm. This way + we pass over a TGT of the clients realm. */ + +- sprintf(server_name,"host/%s@", remotehost); ++ sprintf(server_name,"host/%.100s@", remotehost); + strncat(server_name,client->realm.data,client->realm.length); + krb5_parse_name(ssh_context,server_name, &server); + server->type = KRB5_NT_SRV_HST; +@@ -1145,7 +1145,7 @@ + if ((r = krb5_fwd_tgt_creds(ssh_context, auth_context, 0, client, + server, ccache, 1, &outbuf))) + { +- debug("Kerberos V5 krb5_fwd_tgt_creds failure (%s)", ++ debug("Kerberos V5 krb5_fwd_tgt_creds failure (%.100s)", + error_message(r)); + krb5_free_principal(ssh_context, client); + krb5_free_principal(ssh_context, server); +@@ -1416,7 +1416,7 @@ + error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); + error("It is also possible that the host key has just been changed."); + error("Please contact your system administrator."); +- error("Add correct host key in %s to get rid of this message.", ++ error("Add correct host key in %.100s to get rid of this message.", + options->user_hostfile); + + /* If strict host key checking is in use, the user will have to edit +@@ -1589,7 +1589,7 @@ + if (!ssh_context) + { + if ((problem = krb5_init_context(&ssh_context))) +- fatal("Kerberos V5: %s while initializing krb5.", ++ fatal("Kerberos V5: %.100s while initializing krb5.", + error_message(problem)); + krb5_init_ets(ssh_context); + } +@@ -1605,7 +1605,7 @@ + if ((problem = krb5_cc_get_principal(ssh_context, ccache, + &client))) + { +- debug("Kerberos V5: failure on principal (%s).", ++ debug("Kerberos V5: failure on principal (%.100s).", + error_message(problem)); + } + else { +--- auth-kerberos.c.orig Wed Jul 8 20:40:35 1998 ++++ auth-kerberos.c Tue Nov 10 15:50:15 1998 +@@ -63,11 +63,11 @@ + krb5_auth_con_free(ssh_context, auth_context); + auth_context = 0; + } +- log_msg("Kerberos ticket authentication of user %s failed: %s", ++ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", + server_user, error_message(problem)); + +- debug("Kerberos krb5_auth_con_genaddrs (%s).", error_message(problem)); +- packet_send_debug("Kerberos krb5_auth_con_genaddrs: %s", ++ debug("Kerberos krb5_auth_con_genaddrs (%.100s).", error_message(problem)); ++ packet_send_debug("Kerberos krb5_auth_con_genaddrs: %.100s", + error_message(problem)); + return 0; + } +@@ -80,11 +80,11 @@ + krb5_auth_con_free(ssh_context, auth_context); + auth_context = 0; + } +- log_msg("Kerberos ticket authentication of user %s failed: %s", ++ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", + server_user, error_message(problem)); + +- debug("Kerberos V5 rd_req failed (%s).", error_message(problem)); +- packet_send_debug("Kerberos V5 krb5_rd_req: %s", error_message(problem)); ++ debug("Kerberos V5 rd_req failed (%.100s).", error_message(problem)); ++ packet_send_debug("Kerberos V5 krb5_rd_req: %.100s", error_message(problem)); + return 0; + } + +@@ -93,22 +93,22 @@ + if (problem) + { + krb5_free_ticket(ssh_context, ticket); +- log_msg("Kerberos ticket authentication of user %s failed: %s", ++ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", + server_user, error_message(problem)); + +- debug("Kerberos krb5_unparse_name failed (%s).", error_message(problem)); +- packet_send_debug("Kerberos krb5_unparse_name: %s", ++ debug("Kerberos krb5_unparse_name failed (%.100s).", error_message(problem)); ++ packet_send_debug("Kerberos krb5_unparse_name: %.100s", + error_message(problem)); + return 0; + } + if (strncmp(server, "host/", strlen("host/"))) + { + krb5_free_ticket(ssh_context, ticket); +- log_msg("Kerberos ticket authentication of user %s failed: invalid service name (%s)", ++ log_msg("Kerberos ticket authentication of user %.100s failed: invalid service name (%.100s)", + server_user, server); + +- debug("Kerberos invalid service name (%s).", server); +- packet_send_debug("Kerberos invalid service name (%s).", server); ++ debug("Kerberos invalid service name (%.100s).", server); ++ packet_send_debug("Kerberos invalid service name (%.100s).", server); + krb5_xfree(server); + return 0; + } +@@ -122,11 +122,11 @@ + + if (problem) + { +- log_msg("Kerberos ticket authentication of user %s failed: %s", ++ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", + server_user, error_message(problem)); +- debug("Kerberos krb5_copy_principal failed (%s).", ++ debug("Kerberos krb5_copy_principal failed (%.100s).", + error_message(problem)); +- packet_send_debug("Kerberos krb5_copy_principal: %s", ++ packet_send_debug("Kerberos krb5_copy_principal: %.100s", + error_message(problem)); + return 0; + } +@@ -135,11 +135,11 @@ + /* Make the reply - so that mutual authentication can be done */ + if ((problem = krb5_mk_rep(ssh_context, auth_context, &reply))) + { +- log_msg("Kerberos ticket authentication of user %s failed: %s", ++ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", + server_user, error_message(problem)); +- debug("Kerberos krb5_mk_rep failed (%s).", ++ debug("Kerberos krb5_mk_rep failed (%.100s).", + error_message(problem)); +- packet_send_debug("Kerberos krb5_mk_rep failed: %s", ++ packet_send_debug("Kerberos krb5_mk_rep failed: %.100s", + error_message(problem)); + return 0; + } +@@ -160,7 +160,7 @@ + { + krb5_creds **creds; + krb5_error_code retval; +- static char ccname[128]; ++ static char ccname[512]; + krb5_ccache ccache = NULL; + struct passwd *pwd; + extern char *ticket; +@@ -208,9 +208,9 @@ + + if (retval = krb5_rd_cred(ssh_context, auth_context, krb5data, &creds, NULL)) + { +- log_msg("Kerberos V5 tgt rejected for user %.100s : %s", server_user, ++ log_msg("Kerberos V5 tgt rejected for user %.100s : %.100s", server_user, + error_message(retval)); +- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", ++ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", + server_user, + error_message(retval)); + packet_start(SSH_SMSG_FAILURE); +@@ -234,7 +234,7 @@ + goto errout; + + ticket = xmalloc(strlen(ccname) + 1); +- (void) sprintf(ticket, "%s", ccname); ++ (void) sprintf(ticket, "%.100s", ccname); + + /* Successful */ + packet_start(SSH_SMSG_SUCCESS); +@@ -244,9 +244,9 @@ + + errout: + krb5_free_tgt_creds(ssh_context, creds); +- log_msg("Kerberos V5 tgt rejected for user %.100s :%s", server_user, ++ log_msg("Kerberos V5 tgt rejected for user %.100s :%.100s", server_user, + error_message(retval)); +- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", server_user, ++ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", server_user, + error_message(retval)); + packet_start(SSH_SMSG_FAILURE); + packet_send(); |