From 537c9914ce77dccf1b2bd66541094f55e0658910 Mon Sep 17 00:00:00 2001 From: MeenaRenganathan22 Date: Thu, 16 Feb 2023 06:21:09 -0800 Subject: [PATCH 1/7] Updating the CMakeLists.txt to include the latest changes in the KRB5 submodule --- contrib/krb5-cmake/CMakeLists.txt | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/contrib/krb5-cmake/CMakeLists.txt b/contrib/krb5-cmake/CMakeLists.txt index ceaa270ad85..be016bb0082 100644 --- a/contrib/krb5-cmake/CMakeLists.txt +++ b/contrib/krb5-cmake/CMakeLists.txt @@ -183,7 +183,6 @@ set(ALL_SRCS "${KRB5_SOURCE_DIR}/lib/crypto/krb/block_size.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/string_to_key.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/verify_checksum.c" - "${KRB5_SOURCE_DIR}/lib/crypto/krb/crypto_libinit.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/derive.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/random_to_key.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/verify_checksum_iov.c" @@ -217,9 +216,7 @@ set(ALL_SRCS "${KRB5_SOURCE_DIR}/lib/crypto/krb/s2k_rc4.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/valid_cksumtype.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/nfold.c" - "${KRB5_SOURCE_DIR}/lib/crypto/krb/prng_fortuna.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/encrypt_length.c" - "${KRB5_SOURCE_DIR}/lib/crypto/krb/cmac.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/keyblocks.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/prf_rc4.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/s2k_pbkdf2.c" @@ -228,11 +225,11 @@ set(ALL_SRCS "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/rc4.c" "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des3.c" #"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c" + "${KRB5_SOURCE_DIR}/lib/crypto/openssl/cmac.c" "${KRB5_SOURCE_DIR}/lib/crypto/openssl/sha256.c" "${KRB5_SOURCE_DIR}/lib/crypto/openssl/hmac.c" + "${KRB5_SOURCE_DIR}/lib/crypto/openssl/kdf.c" "${KRB5_SOURCE_DIR}/lib/crypto/openssl/pbkdf2.c" - "${KRB5_SOURCE_DIR}/lib/crypto/openssl/init.c" - "${KRB5_SOURCE_DIR}/lib/crypto/openssl/stubs.c" # "${KRB5_SOURCE_DIR}/lib/crypto/openssl/hash_provider/hash_crc32.c" "${KRB5_SOURCE_DIR}/lib/crypto/openssl/hash_provider/hash_evp.c" "${KRB5_SOURCE_DIR}/lib/crypto/openssl/des/des_keys.c" @@ -312,7 +309,6 @@ set(ALL_SRCS "${KRB5_SOURCE_DIR}/lib/krb5/krb/allow_weak.c" "${KRB5_SOURCE_DIR}/lib/krb5/krb/mk_rep.c" "${KRB5_SOURCE_DIR}/lib/krb5/krb/mk_priv.c" - "${KRB5_SOURCE_DIR}/lib/krb5/krb/s4u_authdata.c" "${KRB5_SOURCE_DIR}/lib/krb5/krb/preauth_otp.c" "${KRB5_SOURCE_DIR}/lib/krb5/krb/init_keyblock.c" "${KRB5_SOURCE_DIR}/lib/krb5/krb/ser_addr.c" @@ -688,6 +684,15 @@ target_include_directories(_krb5 PRIVATE target_compile_definitions(_krb5 PRIVATE KRB5_PRIVATE + K5_OPENSSL_DES + K5_OPENSSL_SHA1 + K5_OPENSSL_SHA2 + K5_OPENSSL_HMAC + K5_OPENSSL_RC4 + K5_OPENSSL_MD4 + K5_OPENSSL_MD5 + K5_OPENSSL_AES + K5_OPENSSL_DES_KEY_PARITY _GSS_STATIC_LINK=1 KRB5_DEPRECATED=1 LOCALEDIR="/usr/local/share/locale" From fdde8de47c2a6958e67df9246418cdbe77554d61 Mon Sep 17 00:00:00 2001 From: MeenaRenganathan22 Date: Fri, 17 Feb 2023 07:45:13 -0800 Subject: [PATCH 2/7] Updated the krb5 submodule reference to branch CVE_Fix in ClibMouse/krb5 --- contrib/krb5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/krb5 b/contrib/krb5 index f8262a1b548..220ed8fa13f 160000 --- a/contrib/krb5 +++ b/contrib/krb5 @@ -1 +1 @@ -Subproject commit f8262a1b548eb29d97e059260042036255d07f8d +Subproject commit 220ed8fa13fabe98d2b10bc0ac8f59ad8706861e From ebcd00e1c5128649bc632cb9fb86b9e3e9ecd91c Mon Sep 17 00:00:00 2001 From: MeenaRenganathan22 Date: Fri, 24 Feb 2023 13:31:40 -0800 Subject: [PATCH 3/7] Changes to reflect the latest submodule and corresponding CMakeLists.txt --- contrib/krb5 | 2 +- contrib/krb5-cmake/CMakeLists.txt | 12 +++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/contrib/krb5 b/contrib/krb5 index 220ed8fa13f..b854ad57912 160000 --- a/contrib/krb5 +++ b/contrib/krb5 @@ -1 +1 @@ -Subproject commit 220ed8fa13fabe98d2b10bc0ac8f59ad8706861e +Subproject commit b854ad57912fc2ef21cbe9a69622777d551d3266 diff --git a/contrib/krb5-cmake/CMakeLists.txt b/contrib/krb5-cmake/CMakeLists.txt index be016bb0082..93b90c15201 100644 --- a/contrib/krb5-cmake/CMakeLists.txt +++ b/contrib/krb5-cmake/CMakeLists.txt @@ -160,6 +160,8 @@ set(ALL_SRCS # "${KRB5_SOURCE_DIR}/lib/gssapi/spnego/negoex_trace.c" + "${KRB5_SOURCE_DIR}/lib/crypto/builtin/kdf.c" + "${KRB5_SOURCE_DIR}/lib/crypto/builtin/cmac.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/prng.c" "${KRB5_SOURCE_DIR}/lib/crypto/krb/enc_dk_cmac.c" # "${KRB5_SOURCE_DIR}/lib/crypto/krb/crc32.c" @@ -684,15 +686,7 @@ target_include_directories(_krb5 PRIVATE target_compile_definitions(_krb5 PRIVATE KRB5_PRIVATE - K5_OPENSSL_DES - K5_OPENSSL_SHA1 - K5_OPENSSL_SHA2 - K5_OPENSSL_HMAC - K5_OPENSSL_RC4 - K5_OPENSSL_MD4 - K5_OPENSSL_MD5 - K5_OPENSSL_AES - K5_OPENSSL_DES_KEY_PARITY + CRYPTO_OPENSSL _GSS_STATIC_LINK=1 KRB5_DEPRECATED=1 LOCALEDIR="/usr/local/share/locale" From a17edd224a7620dac4b0ed5d9743c371a1d62bd3 Mon Sep 17 00:00:00 2001 From: MeenaRenganathan22 Date: Mon, 27 Feb 2023 05:49:28 -0800 Subject: [PATCH 4/7] Updated the krb5 submodule reference --- contrib/krb5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/krb5 b/contrib/krb5 index b854ad57912..b23ef0fa4cc 160000 --- a/contrib/krb5 +++ b/contrib/krb5 @@ -1 +1 @@ -Subproject commit b854ad57912fc2ef21cbe9a69622777d551d3266 +Subproject commit b23ef0fa4cca9369afd909ac9659696455fefbd2 From ed5b19f5f8b03249f757615584c39996697b0fb1 Mon Sep 17 00:00:00 2001 From: MeenaRenganathan22 Date: Wed, 8 Mar 2023 06:11:17 -0800 Subject: [PATCH 5/7] Fixed the integration test failures related with HDFS and KAFKA --- tests/integration/test_storage_kerberized_hdfs/secrets/krb.conf | 1 + tests/integration/test_storage_kerberized_kafka/secrets/krb.conf | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/integration/test_storage_kerberized_hdfs/secrets/krb.conf b/tests/integration/test_storage_kerberized_hdfs/secrets/krb.conf index b43a54b4dc5..dffdcaebe81 100644 --- a/tests/integration/test_storage_kerberized_hdfs/secrets/krb.conf +++ b/tests/integration/test_storage_kerberized_hdfs/secrets/krb.conf @@ -9,6 +9,7 @@ dns_lookup_kdc = false ticket_lifetime = 5s forwardable = true + rdns = false default_tgs_enctypes = des3-hmac-sha1 default_tkt_enctypes = des3-hmac-sha1 permitted_enctypes = des3-hmac-sha1 diff --git a/tests/integration/test_storage_kerberized_kafka/secrets/krb.conf b/tests/integration/test_storage_kerberized_kafka/secrets/krb.conf index 1efdf510f22..bda73a285cf 100644 --- a/tests/integration/test_storage_kerberized_kafka/secrets/krb.conf +++ b/tests/integration/test_storage_kerberized_kafka/secrets/krb.conf @@ -10,6 +10,7 @@ ticket_lifetime = 15s renew_lifetime = 15s forwardable = true + rdns = false [realms] TEST.CLICKHOUSE.TECH = { From 65890de50c89120ea876f73743d6daae5d43204b Mon Sep 17 00:00:00 2001 From: MeenaRenganathan22 Date: Fri, 10 Mar 2023 09:05:25 -0800 Subject: [PATCH 6/7] Updating the submodule to the new PR#9 --- contrib/krb5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/krb5 b/contrib/krb5 index b23ef0fa4cc..02346f7b240 160000 --- a/contrib/krb5 +++ b/contrib/krb5 @@ -1 +1 @@ -Subproject commit b23ef0fa4cca9369afd909ac9659696455fefbd2 +Subproject commit 02346f7b240fc10a1fc8bf1ae4eaad9150fa9f7d From 91625184a3aabfe6ea2a9fc517a818c4c65c5b34 Mon Sep 17 00:00:00 2001 From: MeenaRenganathan22 Date: Tue, 14 Mar 2023 06:23:22 -0700 Subject: [PATCH 7/7] Updated the krb5 submodule reference --- contrib/krb5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/krb5 b/contrib/krb5 index 02346f7b240..9453aec0d50 160000 --- a/contrib/krb5 +++ b/contrib/krb5 @@ -1 +1 @@ -Subproject commit 02346f7b240fc10a1fc8bf1ae4eaad9150fa9f7d +Subproject commit 9453aec0d50e5aff9b189051611b321b40935d02