upstream: when compiled with GSSAPI support, cache supported method

OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether GSSAPI authentication is enabled in the main config. This avoids sandbox violations for configurations that enable GSSAPI auth later, e.g. Match user djm GSSAPIAuthentication yes bz#2107; ok dtucker@ OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
author: djm@openbsd.org <djm@openbsd.org> 2018-09-21 12:23:17 +0000
committer: Damien Miller <djm@mindrot.org> 2018-09-21 22:49:27 +1000
commit: cb24d9fcc901429d77211f274031653476864ec6 (patch)
tree: 349d00192245c48a16b794a02f1caeb62d3456eb
parent: bbc8af72ba68da014d4de6e21a85eb5123384226 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/sshd.c b/sshd.c
index 98beb1ed5..ba26287ba 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.514 2018/08/13 02:41:05 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.516 2018/09/21 12:23:17 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -536,8 +536,7 @@ privsep_preauth_child(void)
 #ifdef GSSAPI
        /* Cache supported mechanism OIDs for later use */
-        if (options.gss_authentication)
+        ssh_gssapi_prepare_supported_oids();
-                ssh_gssapi_prepare_supported_oids();
 #endif
        reseed_prngs();
author	djm@openbsd.org <djm@openbsd.org>	2018-09-21 12:23:17 +0000
committer	Damien Miller <djm@mindrot.org>	2018-09-21 22:49:27 +1000
commit	cb24d9fcc901429d77211f274031653476864ec6 (patch)
tree	349d00192245c48a16b794a02f1caeb62d3456eb
parent	bbc8af72ba68da014d4de6e21a85eb5123384226 (diff)