From: Daria Brashear <shadow@your-file-system.com>
Date: Wed, 8 Jul 2015 18:11:33 +0000 (-0400)
Subject: bos: Use crypt for commands where spoofing could be a risk
X-Git-Tag: upstream/1.6.13^2~5
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=eea466507af6320c35e3e8dc751da60a52b15a23;p=packages%2Fo%2Fopenafs.git

bos: Use crypt for commands where spoofing could be a risk

bos defaults to not requiring crypt in a lot of cases, instead using clear.

As the simplest way to secure the channel is to enable crypt, do so.

FIXES 131782 (CVE-2015-3283)

(cherry picked from commit 62926630a82b8635d1cb1514b852f9f7a2609311)

Change-Id: Ib9e2514c4d14a77eead69677da1dabf86e526ebc
---

diff --git a/src/bozo/bos.c b/src/bozo/bos.c
index 930604987..b65961d08 100644
--- a/src/bozo/bos.c
+++ b/src/bozo/bos.c
@@ -199,7 +199,7 @@ SetAuth(struct cmd_syndesc *as, void *arock)
     afs_int32 flag;
     char *tp;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     tp = as->parms[1].items->data;
     if (strcmp(tp, "on") == 0)
 	flag = 0;		/* auth req.: noauthflag is false */
@@ -264,7 +264,7 @@ Prune(struct cmd_syndesc *as, void *arock)
     struct rx_connection *tconn;
     afs_int32 flags;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     flags = 0;
     if (as->parms[1].items)
 	flags |= BOZO_PRUNEBAK;
@@ -286,7 +286,7 @@ Exec(struct cmd_syndesc *as, void *arock)
     struct rx_connection *tconn;
     afs_int32 code;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     code = BOZO_Exec(tconn, as->parms[1].items->data);
     if (code)
 	printf("bos: failed to execute command (%s)\n", em(code));
@@ -352,7 +352,7 @@ UnInstall(struct cmd_syndesc *as, void *arock)
     struct cmd_item *ti;
     struct rx_connection *tconn;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     if (!as->parms[1].items) {
 	printf("bos: no files to uninstall\n");
 	return 1;
@@ -411,7 +411,7 @@ Install(struct cmd_syndesc *as, void *arock)
     struct rx_call *tcall;
     char destDir[256];
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     if (!as->parms[1].items) {
 	printf("bos: no files to install\n");
 	return 1;
@@ -463,7 +463,7 @@ Shutdown(struct cmd_syndesc *as, void *arock)
     afs_int32 code;
     struct cmd_item *ti;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     if (as->parms[1].items == 0) {
 	code = BOZO_ShutdownAll(tconn);
 	if (code)
@@ -570,7 +570,7 @@ SetRestartCmd(struct cmd_syndesc *as, void *arock)
     struct rx_connection *tconn;
 
     count = 0;
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     if (as->parms[2].items) {
 	count++;
 	type = 1;
@@ -607,7 +607,7 @@ Startup(struct cmd_syndesc *as, void *arock)
     afs_int32 code;
     struct cmd_item *ti;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     if (as->parms[1].items == 0) {
 	code = BOZO_StartupAll(tconn);
 	if (code)
@@ -630,7 +630,7 @@ Restart(struct cmd_syndesc *as, void *arock)
     afs_int32 code;
     struct cmd_item *ti;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     if (as->parms[2].items) {
 	/* this is really a rebozo command */
 	if (as->parms[1].items) {
@@ -674,7 +674,7 @@ SetCellName(struct cmd_syndesc *as, void *arock)
     struct rx_connection *tconn;
     afs_int32 code;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     code = BOZO_SetCellName(tconn, as->parms[1].items->data);
     if (code)
 	printf("bos: failed to set cell (%s)\n", em(code));
@@ -689,7 +689,7 @@ AddHost(struct cmd_syndesc *as, void *arock)
     struct cmd_item *ti;
     char name[MAXHOSTCHARS];
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (ti = as->parms[1].items; ti; ti = ti->next) {
 	if (as->parms[2].items) {
 	    if (strlen(ti->data) > MAXHOSTCHARS - 3) {
@@ -715,7 +715,7 @@ RemoveHost(struct cmd_syndesc *as, void *arock)
     afs_int32 code;
     struct cmd_item *ti;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (ti = as->parms[1].items; ti; ti = ti->next) {
 	code = BOZO_DeleteCellHost(tconn, ti->data);
 	if (code)
@@ -839,7 +839,7 @@ RemoveKey(struct cmd_syndesc *as, void *arock)
     afs_int32 temp;
     struct cmd_item *ti;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (ti = as->parms[1].items; ti; ti = ti->next) {
 	temp = atoi(ti->data);
 	code = BOZO_DeleteKey(tconn, temp);
@@ -901,7 +901,7 @@ AddSUser(struct cmd_syndesc *as, void *arock)
     struct cmd_item *ti;
 
     failed = 0;
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (ti = as->parms[1].items; ti; ti = ti->next) {
 	code = BOZO_AddSUser(tconn, ti->data);
 	if (code) {
@@ -921,7 +921,7 @@ RemoveSUser(struct cmd_syndesc *as, void *arock)
     int failed;
 
     failed = 0;
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (ti = as->parms[1].items; ti; ti = ti->next) {
 	code = BOZO_DeleteSUser(tconn, ti->data);
 	if (code) {
@@ -1020,7 +1020,7 @@ CreateServer(struct cmd_syndesc *as, void *arock)
     int i;
     char *type, *name, *notifier = NONOTIFIER;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (i = 0; i < 6; i++)
 	parms[i] = "";
     for (i = 0, ti = as->parms[3].items; (ti && i < 6); ti = ti->next, i++) {
@@ -1050,7 +1050,7 @@ DeleteServer(struct cmd_syndesc *as, void *arock)
     struct cmd_item *ti;
 
     code = 0;
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (ti = as->parms[1].items; ti; ti = ti->next) {
 	code = BOZO_DeleteBnode(tconn, ti->data);
 	if (code) {
@@ -1072,7 +1072,7 @@ StartServer(struct cmd_syndesc *as, void *arock)
     struct cmd_item *ti;
 
     code = 0;
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (ti = as->parms[1].items; ti; ti = ti->next) {
 	code = BOZO_SetStatus(tconn, ti->data, BSTAT_NORMAL);
 	if (code)
@@ -1090,7 +1090,7 @@ StopServer(struct cmd_syndesc *as, void *arock)
     struct cmd_item *ti;
 
     code = 0;
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     for (ti = as->parms[1].items; ti; ti = ti->next) {
 	code = BOZO_SetStatus(tconn, ti->data, BSTAT_SHUTDOWN);
 	if (code)
@@ -1355,7 +1355,7 @@ GetLogCmd(struct cmd_syndesc *as, void *arock)
     int error;
 
     printf("Fetching log file '%s'...\n", as->parms[1].items->data);
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     tcall = rx_NewCall(tconn);
     code = StartBOZO_GetLog(tcall, as->parms[1].items->data);
     if (code) {
@@ -1433,7 +1433,7 @@ SalvageCmd(struct cmd_syndesc *as, void *arock)
     memset(&mrafsParm, 0, sizeof(mrafsParm));
 
     /* parm 0 is machine name, 1 is partition, 2 is volume, 3 is -all flag */
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
 
     tp = &tname[0];
 
@@ -1848,7 +1848,7 @@ SetRestrict(struct cmd_syndesc *as, void *arock)
     struct rx_connection *tconn;
     afs_int32 code, val;
 
-    tconn = GetConn(as, 0);
+    tconn = GetConn(as, 1);
     util_GetInt32(as->parms[1].items->data, &val);
     code = BOZO_SetRestrictedMode(tconn, val);
     if (code)