diff options
| author | Colin Watson <cjwatson@debian.org> | 2017-08-28 12:14:23 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2017-08-28 12:15:42 +0100 |
| commit | 305960d0d6d1d9bc0edc3393383fd5f60e69dec4 (patch) | |
| tree | c7d5abc0f998a53446e0a15524c08bfb93f9627b /debian/patches/gssapi.patch | |
| parent | e1c5c61f519b8ef0c210c7949789cfb33ad0cf13 (diff) | |
| parent | 375f99251da3754666750fe1ed63575ba909f397 (diff) | |
Apply patches from https://bugzilla.mindrot.org/show_bug.cgi?id=2752 to allow some extra syscalls for crypto cards on s390x (LP: #1686618).
Diffstat (limited to 'debian/patches/gssapi.patch')
| -rw-r--r-- | debian/patches/gssapi.patch | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index c74926dc6..deddbcb80 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
| @@ -266,10 +266,11 @@ index 6ee6116d..c6390687 100644 | |||
| 266 | return 1; | 266 | return 1; |
| 267 | break; | 267 | break; |
| 268 | case PERMIT_FORCED_ONLY: | 268 | case PERMIT_FORCED_ONLY: |
| 269 | @@ -795,99 +796,6 @@ fakepw(void) | 269 | @@ -794,99 +795,6 @@ fakepw(void) |
| 270 | return (&fake); | ||
| 270 | } | 271 | } |
| 271 | 272 | ||
| 272 | /* | 273 | -/* |
| 273 | - * Returns the remote DNS hostname as a string. The returned string must not | 274 | - * Returns the remote DNS hostname as a string. The returned string must not |
| 274 | - * be freed. NB. this will usually trigger a DNS query the first time it is | 275 | - * be freed. NB. this will usually trigger a DNS query the first time it is |
| 275 | - * called. | 276 | - * called. |
| @@ -362,10 +363,9 @@ index 6ee6116d..c6390687 100644 | |||
| 362 | - return strdup(name); | 363 | - return strdup(name); |
| 363 | -} | 364 | -} |
| 364 | - | 365 | - |
| 365 | -/* | 366 | /* |
| 366 | * Return the canonical name of the host in the other side of the current | 367 | * Return the canonical name of the host in the other side of the current |
| 367 | * connection. The host name is cached, so it is efficient to call this | 368 | * connection. The host name is cached, so it is efficient to call this |
| 368 | * several times. | ||
| 369 | diff --git a/auth2-gss.c b/auth2-gss.c | 369 | diff --git a/auth2-gss.c b/auth2-gss.c |
| 370 | index 1ca83577..3b5036df 100644 | 370 | index 1ca83577..3b5036df 100644 |
| 371 | --- a/auth2-gss.c | 371 | --- a/auth2-gss.c |
| @@ -875,10 +875,11 @@ index 62559ed9..0b3ae073 100644 | |||
| 875 | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, | 875 | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, |
| 876 | 0, NULL, recv_tok, NULL, send_tok, flags, NULL); | 876 | 0, NULL, recv_tok, NULL, send_tok, flags, NULL); |
| 877 | 877 | ||
| 878 | @@ -228,8 +383,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) | 878 | @@ -227,9 +382,43 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) |
| 879 | return (ctx->major); | ||
| 879 | } | 880 | } |
| 880 | 881 | ||
| 881 | OM_uint32 | 882 | +OM_uint32 |
| 882 | +ssh_gssapi_client_identity(Gssctxt *ctx, const char *name) | 883 | +ssh_gssapi_client_identity(Gssctxt *ctx, const char *name) |
| 883 | +{ | 884 | +{ |
| 884 | + gss_buffer_desc gssbuf; | 885 | + gss_buffer_desc gssbuf; |
| @@ -909,7 +910,7 @@ index 62559ed9..0b3ae073 100644 | |||
| 909 | + return(ctx->major); | 910 | + return(ctx->major); |
| 910 | +} | 911 | +} |
| 911 | + | 912 | + |
| 912 | +OM_uint32 | 913 | OM_uint32 |
| 913 | ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) | 914 | ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) |
| 914 | { | 915 | { |
| 915 | + if (ctx == NULL) | 916 | + if (ctx == NULL) |
| @@ -1199,10 +1200,11 @@ index 53993d67..2e27cbf9 100644 | |||
| 1199 | 1200 | ||
| 1200 | #ifdef KRB5 | 1201 | #ifdef KRB5 |
| 1201 | extern ssh_gssapi_mech gssapi_kerberos_mech; | 1202 | extern ssh_gssapi_mech gssapi_kerberos_mech; |
| 1202 | @@ -142,6 +147,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | 1203 | @@ -141,6 +146,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) |
| 1204 | return (ssh_gssapi_acquire_cred(*ctx)); | ||
| 1203 | } | 1205 | } |
| 1204 | 1206 | ||
| 1205 | /* Unprivileged */ | 1207 | +/* Unprivileged */ |
| 1206 | +char * | 1208 | +char * |
| 1207 | +ssh_gssapi_server_mechanisms(void) { | 1209 | +ssh_gssapi_server_mechanisms(void) { |
| 1208 | + if (supported_oids == NULL) | 1210 | + if (supported_oids == NULL) |
| @@ -1224,10 +1226,9 @@ index 53993d67..2e27cbf9 100644 | |||
| 1224 | + return (res); | 1226 | + return (res); |
| 1225 | +} | 1227 | +} |
| 1226 | + | 1228 | + |
| 1227 | +/* Unprivileged */ | 1229 | /* Unprivileged */ |
| 1228 | void | 1230 | void |
| 1229 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 1231 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
| 1230 | { | ||
| 1231 | @@ -151,7 +178,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | 1232 | @@ -151,7 +178,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) |
| 1232 | gss_OID_set supported; | 1233 | gss_OID_set supported; |
| 1233 | 1234 | ||