Ignore:
Timestamp:
Apr 8, 2009, 7:11:17 AM (13 years ago)
Author:
mitchb
Message:
Updates to the build system for krb5
Allow us to build with patches for CVE-2009-0844 through CVE-2009-0847
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/common/patches/krb5-kuserok-scripts.patch

    r125 r1069  
    1818# See /COPYRIGHT in this repository for more information.
    1919#
    20 --- krb5-1.4.3/src/lib/krb5/os/kuserok.c.old    2006-09-09 19:03:33.000000000 -0400
    21 +++ krb5-1.4.3/src/lib/krb5/os/kuserok.c        2006-09-09 19:50:48.000000000 -0400
     20--- krb5-1.6.3/src/lib/krb5/os/kuserok.c.old    2009-04-08 06:17:06.000000000 -0400
     21+++ krb5-1.6.3/src/lib/krb5/os/kuserok.c        2009-04-08 06:17:18.000000000 -0400
    2222@@ -31,6 +31,7 @@
    2323 #if !defined(_WIN32)           /* Not yet for Windows */
     
    2828 #if defined(_AIX) && defined(_IBMR2)
    2929 #include <sys/access.h>
    30 @@ -64,7 +65,6 @@
     30@@ -71,7 +72,6 @@
    3131 {
    3232     struct stat sbuf;
     
    3636     FILE *fp;
    3737     char kuser[MAX_USERNAME];
    38 @@ -72,70 +72,35 @@
     38@@ -79,70 +79,35 @@
    3939     char linebuf[BUFSIZ];
    4040     char *newline;
     
    8080-       free(princname);
    8181-       return(FALSE);
    82 -    }
     82+    if ((pid = fork()) == -1) {
     83+       free(princname);
     84+       return(FALSE);
     85     }
    8386-    if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) {
    8487-       fclose(fp);
    8588-       free(princname);
    8689-       return(FALSE);
    87 -    }
     90+    if (pid == 0) {
     91+       char *args[4];
     92+#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
     93+       args[0] = ADMOF_PATH;
     94+       args[1] = (char *) luser;
     95+       args[2] = princname;
     96+       args[3] = NULL;
     97+       execv(ADMOF_PATH, args);
     98+       exit(1);
     99     }
    88100-
    89101-    /* check each line */
     
    102114-       if (!newline)
    103115-           while (((gobble = getc(fp)) != EOF) && gobble != '\n');
    104 -    }
    105 +    if ((pid = fork()) == -1) {
    106 +       free(princname);
    107 +       return(FALSE);
    108 +    }
    109 +    if (pid == 0) {
    110 +       char *args[4];
    111 +#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
    112 +       args[0] = ADMOF_PATH;
    113 +       args[1] = (char *) luser;
    114 +       args[2] = princname;
    115 +       args[3] = NULL;
    116 +       execv(ADMOF_PATH, args);
    117 +       exit(1);
    118 +    }
    119116+    if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && WEXITSTATUS(status) == 33) {
    120117+       isok=TRUE;
    121 +    }
     118     }
    122119+   
    123120     free(princname);
Note: See TracChangeset for help on using the changeset viewer.