diff options
author | Colin Watson <cjwatson@debian.org> | 2006-12-23 10:08:45 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2006-12-23 10:08:45 +0000 |
commit | d5eca3a18dd64586574f6e8c13d6886948b9ce69 (patch) | |
tree | 1193800b387d0f4055e44c8008239407b7604c55 | |
parent | 1b81099552312dda35f809f920117879d6e2bfbf (diff) |
* Make GSSAPICleanupCreds a compatibility alias for
GSSAPICleanupCredentials. Mark GSSUseSessionCCache and
GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate
away from them on upgrade.
-rw-r--r-- | debian/changelog | 4 | ||||
-rw-r--r-- | debian/openssh-server.postinst | 32 | ||||
-rw-r--r-- | servconf.c | 4 |
3 files changed, 35 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index 08bc4b453..611a9ef0c 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -8,6 +8,10 @@ openssh (1:4.3p2-8) UNRELEASED; urgency=low | |||
8 | [ Colin Watson ] | 8 | [ Colin Watson ] |
9 | * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't | 9 | * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't |
10 | sufficient to replace conffiles (closes: #402804). | 10 | sufficient to replace conffiles (closes: #402804). |
11 | * Make GSSAPICleanupCreds a compatibility alias for | ||
12 | GSSAPICleanupCredentials. Mark GSSUseSessionCCache and | ||
13 | GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate | ||
14 | away from them on upgrade. | ||
11 | * debconf template translations: | 15 | * debconf template translations: |
12 | - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528). | 16 | - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528). |
13 | 17 | ||
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 4e91098df..ee660165e 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
@@ -72,10 +72,23 @@ set_config_option() { | |||
72 | } | 72 | } |
73 | 73 | ||
74 | 74 | ||
75 | remove_obsolete_gssapi() { | 75 | disable_config_option() { |
76 | grep -qi '^[ ]*GSSAPINoMICAuthentication' /etc/ssh/sshd_config \ | 76 | option="$1" |
77 | || return 0 | 77 | |
78 | perl -pe 's/^(\s*GSSAPINoMICAuthentication)/\#$1/i' \ | 78 | value="$(get_config_option "$option")" |
79 | [ "$value" ] || return 0 | ||
80 | |||
81 | perl -le ' | ||
82 | $option = $ARGV[0]; | ||
83 | while (<STDIN>) { | ||
84 | chomp; | ||
85 | (my $match = $_) =~ s/\s+/ /g; | ||
86 | # TODO: actually only one "=" allowed after option | ||
87 | if ($match =~ s/^(\s*\Q$option\E[[:space:]=]+.*)/#$1/i) { | ||
88 | $_ = $match; | ||
89 | } | ||
90 | print; | ||
91 | }' \ | ||
79 | < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | 92 | < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new |
80 | chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new | 93 | chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new |
81 | chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new | 94 | chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new |
@@ -83,6 +96,13 @@ remove_obsolete_gssapi() { | |||
83 | } | 96 | } |
84 | 97 | ||
85 | 98 | ||
99 | remove_obsolete_gssapi() { | ||
100 | disable_config_option GSSAPINoMICAuthentication | ||
101 | disable_config_option GSSUseSessionCCache | ||
102 | disable_config_option GSSAPIUseSessionCredCache | ||
103 | } | ||
104 | |||
105 | |||
86 | host_keys_required() { | 106 | host_keys_required() { |
87 | hostkeys="$(get_config_option HostKey)" | 107 | hostkeys="$(get_config_option HostKey)" |
88 | if [ "$hostkeys" ]; then | 108 | if [ "$hostkeys" ]; then |
@@ -202,7 +222,9 @@ create_sshdconfig() { | |||
202 | fi | 222 | fi |
203 | 223 | ||
204 | # Remove obsolete GSSAPI options. | 224 | # Remove obsolete GSSAPI options. |
205 | remove_obsolete_gssapi | 225 | if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then |
226 | remove_obsolete_gssapi | ||
227 | fi | ||
206 | 228 | ||
207 | return 0 | 229 | return 0 |
208 | fi | 230 | fi |
diff --git a/servconf.c b/servconf.c index 219a0300f..60febff99 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -333,11 +333,15 @@ static struct { | |||
333 | { "gssapiauthentication", sGssAuthentication }, | 333 | { "gssapiauthentication", sGssAuthentication }, |
334 | { "gssapikeyexchange", sGssKeyEx }, | 334 | { "gssapikeyexchange", sGssKeyEx }, |
335 | { "gssapicleanupcredentials", sGssCleanupCreds }, | 335 | { "gssapicleanupcredentials", sGssCleanupCreds }, |
336 | { "gssapicleanupcreds", sGssCleanupCreds }, | ||
336 | #else | 337 | #else |
337 | { "gssapiauthentication", sUnsupported }, | 338 | { "gssapiauthentication", sUnsupported }, |
338 | { "gssapikeyexchange", sUnsupported }, | 339 | { "gssapikeyexchange", sUnsupported }, |
339 | { "gssapicleanupcredentials", sUnsupported }, | 340 | { "gssapicleanupcredentials", sUnsupported }, |
341 | { "gssapicleanupcreds", sUnsupported }, | ||
340 | #endif | 342 | #endif |
343 | { "gssusesessionccache", sUnsupported }, | ||
344 | { "gssapiusesessioncredcache", sUnsupported }, | ||
341 | { "passwordauthentication", sPasswordAuthentication }, | 345 | { "passwordauthentication", sPasswordAuthentication }, |
342 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, | 346 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
343 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, | 347 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, |