summaryrefslogtreecommitdiff
path: root/net-fs
diff options
context:
space:
mode:
authorRyan Phillips <rphillips@gentoo.org>2003-03-29 23:23:11 +0000
committerRyan Phillips <rphillips@gentoo.org>2003-03-29 23:23:11 +0000
commit6a8be0e7a353f4789e77876acef12de4f193e1d3 (patch)
treeaeccdf675ad98b5a6b051e4e2bbb5bddc38b7338 /net-fs
parentvirtual/motif migration and parallel build fix (diff)
downloadgentoo-2-6a8be0e7a353f4789e77876acef12de4f193e1d3.tar.gz
gentoo-2-6a8be0e7a353f4789e77876acef12de4f193e1d3.tar.bz2
gentoo-2-6a8be0e7a353f4789e77876acef12de4f193e1d3.zip
Added patch to fix security hole in the kaserver
Diffstat (limited to 'net-fs')
-rw-r--r--net-fs/openafs/ChangeLog7
-rw-r--r--net-fs/openafs/files/kaserver-patch.diff65
-rw-r--r--net-fs/openafs/openafs-1.3.2-r1.ebuild104
3 files changed, 174 insertions, 2 deletions
diff --git a/net-fs/openafs/ChangeLog b/net-fs/openafs/ChangeLog
index 035de57832cf..a21bab127730 100644
--- a/net-fs/openafs/ChangeLog
+++ b/net-fs/openafs/ChangeLog
@@ -1,12 +1,15 @@
# ChangeLog for net-fs/openafs
# Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/openafs/ChangeLog,v 1.17 2003/02/12 07:57:01 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/openafs/ChangeLog,v 1.18 2003/03/29 23:23:11 rphillips Exp $
+
+ 29 Mar 2003; Ryan Phillips <rphillips@gentoo.org> files/kaserver-diff.patch:
+ Fixes a security hole in openafs.
03 Jan 2003; Daniel Ahlberg <aliz@gentoo.org> files/afs.rc.rc6 :
Fix bug #5634.
06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords
-
+
*openafs-1.2.8 (31 Jan 2003)
31 Jan 2003; Ryan Phillips <rphillips@gentoo.org> openafs-1.2.8.ebuild :
diff --git a/net-fs/openafs/files/kaserver-patch.diff b/net-fs/openafs/files/kaserver-patch.diff
new file mode 100644
index 000000000000..8ea1458580de
--- /dev/null
+++ b/net-fs/openafs/files/kaserver-patch.diff
@@ -0,0 +1,65 @@
+--- openafs/src/kauth/kaprocs.c 6 Sep 2002 02:44:03 -0000 1.12
++++ openafs/src/kauth/kaprocs.c 18 Mar 2003 03:56:18 -0000 1.13
+@@ -1706,6 +1706,11 @@
+ celllen = strlen (cell);
+ if (import && (celllen == 0)) {code = KABADTICKET; goto abort;}
+ if (export && (celllen == 0)) strcpy (cell, lrealm);
++
++ if (!krb4_cross && celllen && strcmp(lrealm, cell) != 0) {
++ code = KABADUSER;
++ goto abort;
++ }
+
+ des_ecb_encrypt (atimes->SeqBody, &times, schedule, DECRYPT);
+ times.start = ntohl(times.start);
+--- openafs/src/kauth/kaserver.c 21 Aug 2002 18:13:22 -0000 1.13
++++ openafs/src/kauth/kaserver.c 18 Mar 2003 03:56:18 -0000 1.14
+@@ -56,6 +56,8 @@
+ struct ubik_dbase *KA_dbase;
+ afs_int32 myHost = 0;
+ afs_int32 verbose_track = 1;
++afs_int32 krb4_cross = 0;
++
+ struct afsconf_dir *KA_conf; /* for getting cell info */
+
+ extern afs_int32 ubik_lastYesTime;
+@@ -193,6 +195,7 @@
+ usage:
+ printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
+ "[-localfiles <lclpath>] [-minhours <n>] [-servers <serverlist>] "
++ "[-crossrealm]"
+ /*" [-enable_peer_stats] [-enable_process_stats] " */
+ "[-help]\n");
+ exit(1);
+@@ -250,6 +253,7 @@
+ else if (IsArg("-clear")) level = rxkad_clear;
+ else if (IsArg("-sorry")) level = rxkad_clear;
+ else if (IsArg("-debug")) verbose_track = 0;
++ else if (IsArg("-crossrealm")) krb4_cross = 1;
+ else if (IsArg("-minhours")) {
+ MinHours = atoi(argv[++a]);
+ }
+--- openafs/src/kauth/kaserver.h 4 Nov 2000 10:04:39 -0000 1.2
++++ openafs/src/kauth/kaserver.h 18 Mar 2003 23:47:51 -0000 1.4
+@@ -179,6 +179,7 @@
+ u_int locktime
+ );
+
++extern afs_int32 krb4_cross;
+
+ #define LOCKPW
+
+--- openafs/src/kauth/krb_udp.c 22 Aug 2002 18:45:16 -0000 1.20
++++ openafs/src/kauth/krb_udp.c 18 Mar 2003 03:56:18 -0000 1.21
+@@ -461,6 +461,11 @@
+ strncpy (cell, lrealm, MAXKTCREALMLEN-1);
+ cell[MAXKTCREALMLEN-1] = 0;
+ };
++
++ if (!krb4_cross && strcmp(lrealm, cell) != 0) {
++ code = KERB_ERR_PRINCIPAL_UNKNOWN;
++ goto abort;
++ }
+
+ if (krb_udp_debug) {
+ printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",
diff --git a/net-fs/openafs/openafs-1.3.2-r1.ebuild b/net-fs/openafs/openafs-1.3.2-r1.ebuild
new file mode 100644
index 000000000000..1090229f450c
--- /dev/null
+++ b/net-fs/openafs/openafs-1.3.2-r1.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# /home/cvsroot/gentoo-x86/net-fs/openafs/openafs-1.1.1.ebuild,v 1.3 2001/08/31 03:23:39 pm Exp
+
+
+S=${WORKDIR}/${P}
+DESCRIPTION="The AFS 3 distributed file system targets the issues critical to
+distributed computing environments. AFS performs exceptionally well,
+both within small, local work groups of machines and across wide-area
+configurations in support of large, collaborative efforts. AFS provides
+an architecture geared towards system management, along with the tools
+to perform important management tasks. For a user, AFS is a familiar yet
+extensive UNIX environment for accessing files easily and quickly."
+
+SRC_URI="http://www.openafs.org/dl/${PN}/${PV}/${P}-src.tar.gz"
+HOMEPAGE="http://www.openafs.org/"
+
+SLOT="0"
+LICENSE="IPL-1"
+KEYWORDS="-* x86"
+
+SANDBOX_DISABLED="1"
+
+DEPEND=">=sys-apps/portage-2.0.47-r10
+ >=sys-libs/ncurses-5.2
+ >=sys-libs/pam-0.75"
+
+ARCH=i386_linux24
+
+src_unpack() {
+ unpack ${A}
+
+ cd ${S}/src/config
+ cp Makefile.in Makefile.in.old
+ sed -i "s|/usr/lib/libncurses.so|-lncurses|g" Makefile.in
+
+ cd ${S}
+ patch -p1 < ${FILESDIR}/kaserver-patch.diff
+}
+
+src_compile() {
+ ./configure \
+ --with-afs-sysname=i386_linux24 \
+ --enable-transarc-paths || die
+ make || die
+ make dest || die
+}
+
+src_install () {
+
+
+ # Client
+
+ cd ${S}/${ARCH}/dest/root.client/usr/vice
+
+ insinto /etc/afs/modload
+ doins etc/modload/*
+ insinto /etc/afs/C
+ doins etc/C/*
+
+ insinto /etc/afs
+ doins ${FILESDIR}/{ThisCell,CellServDB}
+ doins etc/afs.conf
+
+ dodir /afs
+
+ exeinto /etc/init.d
+ newexe ${FILESDIR}/afs.rc.rc6 afs
+
+ dosbin etc/afsd
+
+ # Client Bin
+ cd ${S}/${ARCH}/dest
+ exeinto /usr/afsws/bin
+ doexe bin/*
+
+ exeinto /etc/afs/afsws
+ doexe etc/*
+
+ cp -a include lib ${D}/usr/afsws
+ dosym /usr/afsws/lib/afs/libtermlib.a /usr/afsws/lib/afs/libnull.a
+
+ # Server
+ cd ${S}/${ARCH}/dest/root.server/usr/afs
+ exeinto /usr/afs/bin
+ doexe bin/*
+
+ dodir /usr/vice
+ dosym /etc/afs /usr/vice/etc
+ dosym /etc/afs/afsws /usr/afsws/etc
+
+ dodoc ${FILESDIR}/README
+
+ dodir /etc/env.d
+ echo 'CONFIG_PROTECT_MASK="/etc/afs/C /etc/afs/afsws"' > ${D}/etc/env.d/01${PN}
+ echo 'PATH=/usr/afsws/bin:/etc/afs/afsws' >> ${D}/etc/env.d/01${PN}
+ echo 'ROOTPATH=/usr/afsws/bin:/etc/afs/afsws:/usr/afs/bin' >> ${D}/etc/env.d/01${PN}
+}
+
+pkg_postinst () {
+ echo ">>> UPDATE CellServDB and ThisCell to your needs !!"
+ echo ">>> FOLLOW THE INSTRUCTIONS IN AFS QUICK BEGINNINGS"
+ echo ">>> PAGE >45 TO DO INITIAL SERVER SETUP" fi
+}