From 555a2c2034e13cc39ef749206d50780021819842 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 6 Apr 2007 20:06:37 +0000 Subject: [PATCH] pull up r19395 from trunk r19395@cathode-dark-space: tlyu | 2007-04-03 15:23:52 -0400 ticket: new subject: MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog target_version: 1.6.1 tags: pullup Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog. * src/lib/krb5/krb/get_in_tkt.c (krb5_klog_syslog): Use vsnprintf if available. Everything else: use precision fields on "%s" specifiers to truncate logged strings, in case someone doesn't have vsnprintf. ticket: 5513 version_fixed: 1.5.3 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19404 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/kadm_rpc_svc.c | 8 +- src/kadmin/server/misc.c | 9 + src/kadmin/server/misc.h | 2 + src/kadmin/server/ovsec_kadmd.c | 28 ++- src/kadmin/server/schpw.c | 9 +- src/kadmin/server/server_stubs.c | 311 ++++++++++++++++--------------- src/kdc/do_tgs_req.c | 26 ++- src/kdc/kdc_util.c | 1 + src/lib/kadm5/logger.c | 10 +- 9 files changed, 229 insertions(+), 175 deletions(-) diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c index 978ca3c33..cd1f0d2f1 100644 --- a/src/kadmin/server/kadm_rpc_svc.c +++ b/src/kadmin/server/kadm_rpc_svc.c @@ -250,6 +250,8 @@ check_rpcsec_auth(struct svc_req *rqstp) krb5_data *c1, *c2, *realm; gss_buffer_desc gss_str; kadm5_server_handle_t handle; + size_t slen; + char *sdots; success = 0; handle = (kadm5_server_handle_t)global_server_handle; @@ -274,6 +276,8 @@ check_rpcsec_auth(struct svc_req *rqstp) if (ret == 0) goto fail_name; + slen = gss_str.length; + trunc_name(&slen, &sdots); /* * Since we accept with GSS_C_NO_NAME, the client can authenticate * against the entire kdb. Therefore, ensure that the service @@ -296,8 +300,8 @@ check_rpcsec_auth(struct svc_req *rqstp) fail_princ: if (!success) { - krb5_klog_syslog(LOG_ERR, "bad service principal %.*s", - gss_str.length, gss_str.value); + krb5_klog_syslog(LOG_ERR, "bad service principal %.*s%s", + slen, gss_str.value, sdots); } gss_release_buffer(&min_stat, &gss_str); krb5_free_principal(kctx, princ); diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index fa4ca914c..ed5110048 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -171,3 +171,12 @@ check_min_life(void *server_handle, krb5_principal principal, return kadm5_free_principal_ent(handle->lhandle, &princ); } + +#define MAXPRINCLEN 125 + +void +trunc_name(size_t *len, char **dots) +{ + *dots = *len > MAXPRINCLEN ? "..." : ""; + *len = *len > MAXPRINCLEN ? MAXPRINCLEN : *len; +} diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h index b519ba079..a020874fd 100644 --- a/src/kadmin/server/misc.h +++ b/src/kadmin/server/misc.h @@ -45,3 +45,5 @@ krb5_error_code process_chpw_request(krb5_context context, #ifdef SVC_GETARGS void kadm_1(struct svc_req *, SVCXPRT *); #endif + +void trunc_name(size_t *len, char **dots); diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 421ec9bca..976369f68 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -989,6 +989,8 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, rpcproc_t proc; int i; const char *procname; + size_t clen, slen; + char *cdots, *sdots; client.length = 0; client.value = NULL; @@ -997,10 +999,20 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, (void) gss_display_name(&minor, client_name, &client, &gss_type); (void) gss_display_name(&minor, server_name, &server, &gss_type); - if (client.value == NULL) + if (client.value == NULL) { client.value = "(null)"; - if (server.value == NULL) + clen = sizeof("(null)") -1; + } else { + clen = client.length; + } + trunc_name(&clen, &cdots); + if (server.value == NULL) { server.value = "(null)"; + slen = sizeof("(null)") - 1; + } else { + slen = server.length; + } + trunc_name(&slen, &sdots); a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); proc = msg->rm_call.cb_proc; @@ -1013,14 +1025,14 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, } if (procname != NULL) krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " - "claimed client = %s, server = %s, addr = %s", - procname, client.value, - server.value, a); + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + procname, clen, client.value, cdots, + slen, server.value, sdots, a); else krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " - "claimed client = %s, server = %s, addr = %s", - proc, client.value, - server.value, a); + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + proc, clen, client.value, cdots, + slen, server.value, sdots, a); (void) gss_release_buffer(&minor, &client); (void) gss_release_buffer(&minor, &server); diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index b30c2d536..e974beb7b 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -40,6 +40,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, int numresult; char strresult[1024]; char *clientstr; + size_t clen; + char *cdots; ret = 0; rep->length = 0; @@ -258,9 +260,12 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, free(ptr); clear.length = 0; - krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s", + clen = strlen(clientstr); + trunc_name(&clen, &cdots); + krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s", inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr), - clientstr, ret ? krb5_get_error_message (context, ret) : "success"); + clen, clientstr, cdots, + ret ? krb5_get_error_message (context, ret) : "success"); krb5_free_unparsed_name(context, clientstr); if (ret) { diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index ee5d653cd..cf823984f 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -14,6 +14,7 @@ #include /* inet_ntoa */ #include /* krb5_klog_syslog */ #include "misc.h" +#include #define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" #define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" @@ -237,6 +238,61 @@ gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str) return 0; } +static int +log_unauth( + char *op, + char *target, + gss_buffer_t client, + gss_buffer_t server, + struct svc_req *rqstp) +{ + size_t tlen, clen, slen; + char *tdots, *cdots, *sdots; + + tlen = strlen(target); + trunc_name(&tlen, &tdots); + clen = client->length; + trunc_name(&clen, &cdots); + slen = server->length; + trunc_name(&slen, &sdots); + + return krb5_klog_syslog(LOG_NOTICE, + "Unauthorized request: %s, %.*s%s, " + "client=%.*s%s, service=%.*s%s, addr=%s", + op, tlen, target, tdots, + clen, client->value, cdots, + slen, server->value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); +} + +static int +log_done( + char *op, + char *target, + char *errmsg, + gss_buffer_t client, + gss_buffer_t server, + struct svc_req *rqstp) +{ + size_t tlen, clen, slen; + char *tdots, *cdots, *sdots; + + tlen = strlen(target); + trunc_name(&tlen, &tdots); + clen = client->length; + trunc_name(&clen, &cdots); + slen = server->length; + trunc_name(&slen, &sdots); + + return krb5_klog_syslog(LOG_NOTICE, + "Request: %s, %.*s%s, %s, " + "client=%.*s%s, service=%.*s%s, addr=%s", + op, tlen, target, tdots, errmsg, + clen, client->value, cdots, + slen, server->value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); +} + generic_ret * create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) { @@ -275,9 +331,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_ADD; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_create_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_create_principal((void *)handle, &arg->rec, arg->mask, @@ -287,10 +342,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_create_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } @@ -341,9 +394,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_ADD; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_create_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_create_principal_3((void *)handle, &arg->rec, arg->mask, @@ -355,10 +407,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_create_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } @@ -406,9 +456,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->princ, NULL)) { ret.code = KADM5_AUTH_DELETE; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_delete_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_delete_principal((void *)handle, arg->princ); if( ret.code == 0 ) @@ -416,10 +465,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_delete_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } @@ -469,9 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_MODIFY; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_modify_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_modify_principal((void *)handle, &arg->rec, arg->mask); @@ -480,10 +526,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_modify_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } @@ -546,9 +590,8 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) } else ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_rename_principal", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); @@ -557,10 +600,8 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_rename_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg1); @@ -614,9 +655,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) arg->princ, NULL))) { ret.code = KADM5_AUTH_GET; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); } else { if (handle->api_version == KADM5_API_VERSION_1) { ret.code = kadm5_get_principal_v1((void *)handle, @@ -636,11 +676,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, - errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done(funcname, prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -688,9 +725,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) NULL, NULL)) { ret.code = KADM5_AUTH_LIST; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_get_principals", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_get_principals((void *)handle, arg->exp, &ret.princs, @@ -700,11 +736,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", - prime_arg, - errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_get_principals", prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -755,9 +788,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) ret.code = kadm5_chpass_principal((void *)handle, arg->princ, arg->pass); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_chpass_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } @@ -767,10 +799,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_chpass_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -828,9 +858,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) arg->ks_tuple, arg->pass); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_chpass_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } @@ -840,10 +869,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_chpass_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -892,9 +919,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, arg->keyblock); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_setv4key_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } @@ -904,10 +930,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_setv4key_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -956,9 +980,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) ret.code = kadm5_setkey_principal((void *)handle, arg->princ, arg->keyblocks, arg->n_keys); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_setkey_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } @@ -968,10 +991,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_setkey_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -1023,9 +1044,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) arg->ks_tuple, arg->keyblocks, arg->n_keys); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_setkey_principal", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } @@ -1035,10 +1055,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_setkey_principal", prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); @@ -1097,9 +1115,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) ret.code = kadm5_randkey_principal((void *)handle, arg->princ, &k, &nkeys); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } @@ -1119,10 +1136,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done(funcname, prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg); @@ -1185,9 +1200,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) arg->ks_tuple, &k, &nkeys); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } @@ -1207,10 +1221,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done(funcname, prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg); @@ -1253,10 +1265,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) rqst2name(rqstp), ACL_ADD, NULL, NULL)) { ret.code = KADM5_AUTH_ADD; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - + log_unauth("kadm5_create_policy", prime_arg, + &client_name, &service_name, rqstp); + } else { ret.code = kadm5_create_policy((void *)handle, &arg->rec, arg->mask); @@ -1265,11 +1276,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_create_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1310,9 +1319,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, NULL, NULL)) { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_delete_policy", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_DELETE; } else { ret.code = kadm5_delete_policy((void *)handle, arg->name); @@ -1321,11 +1329,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_delete_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1366,9 +1372,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, NULL, NULL)) { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_modify_policy", prime_arg, + &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_MODIFY; } else { ret.code = kadm5_modify_policy((void *)handle, &arg->rec, @@ -1378,11 +1383,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_modify_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1464,15 +1467,12 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - ((prime_arg == NULL) ? "(null)" : prime_arg), - errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done(funcname, + ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, + &client_name, &service_name, rqstp); } else { - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1517,9 +1517,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) rqst2name(rqstp), ACL_LIST, NULL, NULL)) { ret.code = KADM5_AUTH_LIST; - krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies", - prime_arg, client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_unauth("kadm5_get_policies", prime_arg, + &client_name, &service_name, rqstp); } else { ret.code = kadm5_get_policies((void *)handle, arg->exp, &ret.pols, @@ -1529,11 +1528,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", - prime_arg, - errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_get_policies", prime_arg, errmsg, + &client_name, &service_name, rqstp); } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1573,11 +1569,8 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", - client_name.value, - errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + log_done("kadm5_get_privs", client_name.value, errmsg, + &client_name, &service_name, rqstp); free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); @@ -1594,6 +1587,8 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) kadm5_server_handle_t handle; OM_uint32 minor_stat; char *errmsg = 0; + size_t clen, slen; + char *cdots, *sdots; xdr_free(xdr_generic_ret, &ret); @@ -1612,14 +1607,22 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) if (ret.code != 0) errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", - (ret.api_version == KADM5_API_VERSION_1 ? - "kadm5_init (V1)" : "kadm5_init"), - client_name.value, - (ret.code == 0) ? "success" : errmsg, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), - rqstp->rq_cred.oa_flavor); + else + errmsg = "success"; + + clen = client_name.length; + trunc_name(&clen, &cdots); + slen = service_name.length; + trunc_name(&slen, &sdots); + krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, " + "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d", + (ret.api_version == KADM5_API_VERSION_1 ? + "kadm5_init (V1)" : "kadm5_init"), + clen, client_name.value, cdots, errmsg, + clen, client_name.value, cdots, + slen, service_name.value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), + rqstp->rq_cred.oa_flavor); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 7b9e1b573..334fea1bc 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -491,28 +491,38 @@ tgt_again: newtransited = 1; } if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) { + unsigned int tlen; + char *tdots; + errcode = krb5_check_transited_list (kdc_context, &enc_tkt_reply.transited.tr_contents, krb5_princ_realm (kdc_context, header_ticket->enc_part2->client), krb5_princ_realm (kdc_context, request->server)); + tlen = enc_tkt_reply.transited.tr_contents.length; + tdots = tlen > 125 ? "..." : ""; + tlen = tlen > 125 ? 125 : tlen; + if (errcode == 0) { setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED); } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT) krb5_klog_syslog (LOG_INFO, - "bad realm transit path from '%s' to '%s' via '%.*s'", + "bad realm transit path from '%s' to '%s' " + "via '%.*s%s'", cname ? cname : "", sname ? sname : "", - enc_tkt_reply.transited.tr_contents.length, - enc_tkt_reply.transited.tr_contents.data); + tlen, + enc_tkt_reply.transited.tr_contents.data, + tdots); else { char *emsg = krb5_get_error_message(kdc_context, errcode); krb5_klog_syslog (LOG_ERR, - "unexpected error checking transit from '%s' to '%s' via '%.*s': %s", + "unexpected error checking transit from " + "'%s' to '%s' via '%.*s%s': %s", cname ? cname : "", sname ? sname : "", - enc_tkt_reply.transited.tr_contents.length, + tlen, enc_tkt_reply.transited.tr_contents.data, - emsg); + tdots, emsg); krb5_free_error_message(kdc_context, emsg); } } else @@ -542,6 +552,9 @@ tgt_again: if (!krb5_principal_compare(kdc_context, request->server, client2)) { if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp))) tmp = 0; + if (tmp != NULL) + limit_string(tmp); + krb5_klog_syslog(LOG_INFO, "TGS_REQ %s: 2ND_TKT_MISMATCH: " "authtime %d, %s for %s, 2nd tkt client %s", @@ -816,6 +829,7 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server, krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing alternate TGT"); } else { + limit_string(sname); krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing TGT %s", sname); free(sname); diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 071555bd9..e2e29bef7 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -404,6 +404,7 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno) krb5_db_free_principal(kdc_context, &server, nprincs); if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) { + limit_string(sname); krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'", sname); free(sname); diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index 24d845162..820242ca7 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -45,7 +45,7 @@ #include #endif /* HAVE_STDARG_H */ -#define KRB5_KLOG_MAX_ERRMSG_SIZE 1024 +#define KRB5_KLOG_MAX_ERRMSG_SIZE 2048 #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 256 #endif /* MAXHOSTNAMELEN */ @@ -261,7 +261,9 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list #endif /* HAVE_SYSLOG */ /* Now format the actual message */ -#if HAVE_VSPRINTF +#if HAVE_VSNPRINTF + vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap); +#elif HAVE_VSPRINTF vsprintf(cp, actual_format, ap); #else /* HAVE_VSPRINTF */ sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1], @@ -850,7 +852,9 @@ klog_vsyslog(int priority, const char *format, va_list arglist) syslogp = &outbuf[strlen(outbuf)]; /* Now format the actual message */ -#ifdef HAVE_VSPRINTF +#ifdef HAVE_VSNPRINTF + vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist); +#elif HAVE_VSPRINTF vsprintf(syslogp, format, arglist); #else /* HAVE_VSPRINTF */ sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1], -- 2.26.2