summaryrefslogtreecommitdiff
path: root/debian/patches/gssapi.patch
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-03-19 16:40:50 +0000
committerColin Watson <cjwatson@debian.org>2014-03-19 16:40:55 +0000
commit2491df1666864ce27a0becff4c85fec7d6ff38ff (patch)
tree7cad7ef6746abf36393594fb9abb0113b7b8793f /debian/patches/gssapi.patch
parentd563b20ec274b25929677424e4673eb23774b335 (diff)
parent6dbd954a28d3fc2631f1c0b42c23452e1e493e6f (diff)
Apply various warning-suppression and regression-test fixes to gssapi.patch from Damien Miller.
Diffstat (limited to 'debian/patches/gssapi.patch')
-rw-r--r--debian/patches/gssapi.patch75
1 files changed, 43 insertions, 32 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 3f6fccfff..90a21db99 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
1From cd404114ded78fc51d5d9cbd458d55c9b2f67daa Mon Sep 17 00:00:00 2001 1From 429c595dbaff7f7c2b3a53fe4235211f6d788025 Mon Sep 17 00:00:00 2001
2From: Simon Wilkinson <simon@sxw.org.uk> 2From: Simon Wilkinson <simon@sxw.org.uk>
3Date: Sun, 9 Feb 2014 16:09:48 +0000 3Date: Sun, 9 Feb 2014 16:09:48 +0000
4Subject: GSSAPI key exchange support 4Subject: GSSAPI key exchange support
@@ -17,7 +17,7 @@ have it merged into the main openssh package rather than having separate
17security history. 17security history.
18 18
19Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 19Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
20Last-Updated: 2014-02-10 20Last-Updated: 2014-03-19
21 21
22Patch-Name: gssapi.patch 22Patch-Name: gssapi.patch
23--- 23---
@@ -30,14 +30,14 @@ Patch-Name: gssapi.patch
30 config.h.in | 6 + 30 config.h.in | 6 +
31 configure | 57 ++++++++++ 31 configure | 57 ++++++++++
32 configure.ac | 24 ++++ 32 configure.ac | 24 ++++
33 gss-genr.c | 276 ++++++++++++++++++++++++++++++++++++++++++++- 33 gss-genr.c | 275 ++++++++++++++++++++++++++++++++++++++++++++-
34 gss-serv-krb5.c | 84 +++++++++++++- 34 gss-serv-krb5.c | 85 ++++++++++++--
35 gss-serv.c | 221 +++++++++++++++++++++++++++++++----- 35 gss-serv.c | 221 +++++++++++++++++++++++++++++++-----
36 kex.c | 16 +++ 36 kex.c | 16 +++
37 kex.h | 14 +++ 37 kex.h | 14 +++
38 kexgssc.c | 333 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 38 kexgssc.c | 332 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
39 kexgsss.c | 289 +++++++++++++++++++++++++++++++++++++++++++++++ 39 kexgsss.c | 289 ++++++++++++++++++++++++++++++++++++++++++++++++
40 key.c | 1 + 40 key.c | 3 +-
41 key.h | 1 + 41 key.h | 1 +
42 monitor.c | 108 +++++++++++++++++- 42 monitor.c | 108 +++++++++++++++++-
43 monitor.h | 3 + 43 monitor.h | 3 +
@@ -47,14 +47,14 @@ Patch-Name: gssapi.patch
47 readconf.h | 5 + 47 readconf.h | 5 +
48 servconf.c | 38 ++++++- 48 servconf.c | 38 ++++++-
49 servconf.h | 3 + 49 servconf.h | 3 +
50 ssh-gss.h | 39 ++++++- 50 ssh-gss.h | 41 ++++++-
51 ssh_config | 2 + 51 ssh_config | 2 +
52 ssh_config.5 | 34 +++++- 52 ssh_config.5 | 34 +++++-
53 sshconnect2.c | 124 ++++++++++++++++++++- 53 sshconnect2.c | 124 ++++++++++++++++++++-
54 sshd.c | 110 ++++++++++++++++++ 54 sshd.c | 110 ++++++++++++++++++
55 sshd_config | 2 + 55 sshd_config | 2 +
56 sshd_config.5 | 28 +++++ 56 sshd_config.5 | 28 +++++
57 33 files changed, 2050 insertions(+), 57 deletions(-) 57 33 files changed, 2051 insertions(+), 59 deletions(-)
58 create mode 100644 ChangeLog.gssapi 58 create mode 100644 ChangeLog.gssapi
59 create mode 100644 kexgssc.c 59 create mode 100644 kexgssc.c
60 create mode 100644 kexgsss.c 60 create mode 100644 kexgsss.c
@@ -358,7 +358,7 @@ index f0cab8c..6ed8f04 100644
358 #endif 358 #endif
359 #ifdef JPAKE 359 #ifdef JPAKE
360diff --git a/clientloop.c b/clientloop.c 360diff --git a/clientloop.c b/clientloop.c
361index f30c8b6..6d02b0b 100644 361index f30c8b6..cc23e35 100644
362--- a/clientloop.c 362--- a/clientloop.c
363+++ b/clientloop.c 363+++ b/clientloop.c
364@@ -111,6 +111,10 @@ 364@@ -111,6 +111,10 @@
@@ -379,7 +379,7 @@ index f30c8b6..6d02b0b 100644
379+ 379+
380+#ifdef GSSAPI 380+#ifdef GSSAPI
381+ if (options.gss_renewal_rekey && 381+ if (options.gss_renewal_rekey &&
382+ ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { 382+ ssh_gssapi_credentials_updated(NULL)) {
383+ debug("credentials updated - forcing rekey"); 383+ debug("credentials updated - forcing rekey");
384+ need_rekeying = 1; 384+ need_rekeying = 1;
385+ } 385+ }
@@ -516,7 +516,7 @@ index dfd32cd..90eebf5 100644
516 AC_CHECK_DECL([AU_IPv4], [], 516 AC_CHECK_DECL([AU_IPv4], [],
517 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 517 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
518diff --git a/gss-genr.c b/gss-genr.c 518diff --git a/gss-genr.c b/gss-genr.c
519index b39281b..b7d1b7d 100644 519index b39281b..1e569ad 100644
520--- a/gss-genr.c 520--- a/gss-genr.c
521+++ b/gss-genr.c 521+++ b/gss-genr.c
522@@ -1,7 +1,7 @@ 522@@ -1,7 +1,7 @@
@@ -557,7 +557,7 @@ index b39281b..b7d1b7d 100644
557+static ssh_gss_kex_mapping *gss_enc2oid = NULL; 557+static ssh_gss_kex_mapping *gss_enc2oid = NULL;
558+ 558+
559+int 559+int
560+ssh_gssapi_oid_table_ok() { 560+ssh_gssapi_oid_table_ok(void) {
561+ return (gss_enc2oid != NULL); 561+ return (gss_enc2oid != NULL);
562+} 562+}
563+ 563+
@@ -797,7 +797,7 @@ index b39281b..b7d1b7d 100644
797 if (!GSS_ERROR(major)) { 797 if (!GSS_ERROR(major)) {
798 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 798 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
799 NULL); 799 NULL);
800@@ -272,10 +483,67 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) 800@@ -272,10 +483,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
801 GSS_C_NO_BUFFER); 801 GSS_C_NO_BUFFER);
802 } 802 }
803 803
@@ -817,7 +817,6 @@ index b39281b..b7d1b7d 100644
817+ static OM_uint32 last_call = 0; 817+ static OM_uint32 last_call = 0;
818+ OM_uint32 lifetime, now, major, minor; 818+ OM_uint32 lifetime, now, major, minor;
819+ int equal; 819+ int equal;
820+ gss_cred_usage_t usage = GSS_C_INITIATE;
821+ 820+
822+ now = time(NULL); 821+ now = time(NULL);
823+ 822+
@@ -867,7 +866,7 @@ index b39281b..b7d1b7d 100644
867+ 866+
868 #endif /* GSSAPI */ 867 #endif /* GSSAPI */
869diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c 868diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
870index 759fa10..959a77e 100644 869index 759fa10..e678a27 100644
871--- a/gss-serv-krb5.c 870--- a/gss-serv-krb5.c
872+++ b/gss-serv-krb5.c 871+++ b/gss-serv-krb5.c
873@@ -1,7 +1,7 @@ 872@@ -1,7 +1,7 @@
@@ -879,15 +878,17 @@ index 759fa10..959a77e 100644
879 * 878 *
880 * Redistribution and use in source and binary forms, with or without 879 * Redistribution and use in source and binary forms, with or without
881 * modification, are permitted provided that the following conditions 880 * modification, are permitted provided that the following conditions
882@@ -122,6 +122,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) 881@@ -120,8 +120,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
882 krb5_error_code problem;
883 krb5_principal princ;
883 OM_uint32 maj_status, min_status; 884 OM_uint32 maj_status, min_status;
884 int len; 885- int len;
885 const char *errmsg; 886 const char *errmsg;
886+ const char *new_ccname; 887+ const char *new_ccname;
887 888
888 if (client->creds == NULL) { 889 if (client->creds == NULL) {
889 debug("No credentials stored"); 890 debug("No credentials stored");
890@@ -180,11 +181,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) 891@@ -180,11 +180,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
891 return; 892 return;
892 } 893 }
893 894
@@ -908,7 +909,7 @@ index 759fa10..959a77e 100644
908 909
909 #ifdef USE_PAM 910 #ifdef USE_PAM
910 if (options.use_pam) 911 if (options.use_pam)
911@@ -196,6 +202,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) 912@@ -196,6 +201,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
912 return; 913 return;
913 } 914 }
914 915
@@ -980,7 +981,7 @@ index 759fa10..959a77e 100644
980 ssh_gssapi_mech gssapi_kerberos_mech = { 981 ssh_gssapi_mech gssapi_kerberos_mech = {
981 "toWM5Slw5Ew8Mqkay+al2g==", 982 "toWM5Slw5Ew8Mqkay+al2g==",
982 "Kerberos", 983 "Kerberos",
983@@ -203,7 +274,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = { 984@@ -203,7 +273,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
984 NULL, 985 NULL,
985 &ssh_gssapi_krb5_userok, 986 &ssh_gssapi_krb5_userok,
986 NULL, 987 NULL,
@@ -991,7 +992,7 @@ index 759fa10..959a77e 100644
991 992
992 #endif /* KRB5 */ 993 #endif /* KRB5 */
993diff --git a/gss-serv.c b/gss-serv.c 994diff --git a/gss-serv.c b/gss-serv.c
994index 95348e2..97f366f 100644 995index 95348e2..feb1ed7 100644
995--- a/gss-serv.c 996--- a/gss-serv.c
996+++ b/gss-serv.c 997+++ b/gss-serv.c
997@@ -1,7 +1,7 @@ 998@@ -1,7 +1,7 @@
@@ -1079,7 +1080,7 @@ index 95348e2..97f366f 100644
1079 1080
1080 /* Unprivileged */ 1081 /* Unprivileged */
1081+char * 1082+char *
1082+ssh_gssapi_server_mechanisms() { 1083+ssh_gssapi_server_mechanisms(void) {
1083+ gss_OID_set supported; 1084+ gss_OID_set supported;
1084+ 1085+
1085+ ssh_gssapi_supported_oids(&supported); 1086+ ssh_gssapi_supported_oids(&supported);
@@ -1240,7 +1241,7 @@ index 95348e2..97f366f 100644
1240 1241
1241- return (ctx->major); 1242- return (ctx->major);
1242+void 1243+void
1243+ssh_gssapi_rekey_creds() { 1244+ssh_gssapi_rekey_creds(void) {
1244+ int ok; 1245+ int ok;
1245+ int ret; 1246+ int ret;
1246+#ifdef USE_PAM 1247+#ifdef USE_PAM
@@ -1390,10 +1391,10 @@ index 1aa3ec2..8fbcb2b 100644
1390 BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); 1391 BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
1391diff --git a/kexgssc.c b/kexgssc.c 1392diff --git a/kexgssc.c b/kexgssc.c
1392new file mode 100644 1393new file mode 100644
1393index 0000000..14f5598 1394index 0000000..92a31c5
1394--- /dev/null 1395--- /dev/null
1395+++ b/kexgssc.c 1396+++ b/kexgssc.c
1396@@ -0,0 +1,333 @@ 1397@@ -0,0 +1,332 @@
1397+/* 1398+/*
1398+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. 1399+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
1399+ * 1400+ *
@@ -1457,7 +1458,6 @@ index 0000000..14f5598
1457+ u_char *serverhostkey = NULL; 1458+ u_char *serverhostkey = NULL;
1458+ u_char *empty = ""; 1459+ u_char *empty = "";
1459+ char *msg; 1460+ char *msg;
1460+ char *lang;
1461+ int type = 0; 1461+ int type = 0;
1462+ int first = 1; 1462+ int first = 1;
1463+ int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX; 1463+ int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
@@ -1616,7 +1616,7 @@ index 0000000..14f5598
1616+ maj_status = packet_get_int(); 1616+ maj_status = packet_get_int();
1617+ min_status = packet_get_int(); 1617+ min_status = packet_get_int();
1618+ msg = packet_get_string(NULL); 1618+ msg = packet_get_string(NULL);
1619+ lang = packet_get_string(NULL); 1619+ (void) packet_get_string_ptr(NULL);
1620+ fatal("GSSAPI Error: \n%.400s",msg); 1620+ fatal("GSSAPI Error: \n%.400s",msg);
1621+ default: 1621+ default:
1622+ packet_disconnect("Protocol error: didn't expect packet type %d", 1622+ packet_disconnect("Protocol error: didn't expect packet type %d",
@@ -2023,7 +2023,7 @@ index 0000000..8095259
2023+} 2023+}
2024+#endif /* GSSAPI */ 2024+#endif /* GSSAPI */
2025diff --git a/key.c b/key.c 2025diff --git a/key.c b/key.c
2026index 9142338..3867eb3 100644 2026index 9142338..7ac844c 100644
2027--- a/key.c 2027--- a/key.c
2028+++ b/key.c 2028+++ b/key.c
2029@@ -985,6 +985,7 @@ static const struct keytype keytypes[] = { 2029@@ -985,6 +985,7 @@ static const struct keytype keytypes[] = {
@@ -2034,6 +2034,15 @@ index 9142338..3867eb3 100644
2034 { NULL, NULL, -1, -1, 0 } 2034 { NULL, NULL, -1, -1, 0 }
2035 }; 2035 };
2036 2036
2037@@ -1063,7 +1064,7 @@ key_alg_list(int certs_only, int plain_only)
2038 const struct keytype *kt;
2039
2040 for (kt = keytypes; kt->type != -1; kt++) {
2041- if (kt->name == NULL)
2042+ if (kt->name == NULL || kt->type == KEY_NULL)
2043 continue;
2044 if ((certs_only && !kt->cert) || (plain_only && kt->cert))
2045 continue;
2037diff --git a/key.h b/key.h 2046diff --git a/key.h b/key.h
2038index d8ad13d..c8aeba2 100644 2047index d8ad13d..c8aeba2 100644
2039--- a/key.h 2048--- a/key.h
@@ -2558,7 +2567,7 @@ index 8812c5a..eba76ee 100644
2558 * authentication. */ 2567 * authentication. */
2559 int kbd_interactive_authentication; /* If true, permit */ 2568 int kbd_interactive_authentication; /* If true, permit */
2560diff --git a/ssh-gss.h b/ssh-gss.h 2569diff --git a/ssh-gss.h b/ssh-gss.h
2561index 077e13c..bc6e8f9 100644 2570index 077e13c..885e481 100644
2562--- a/ssh-gss.h 2571--- a/ssh-gss.h
2563+++ b/ssh-gss.h 2572+++ b/ssh-gss.h
2564@@ -1,6 +1,6 @@ 2573@@ -1,6 +1,6 @@
@@ -2625,7 +2634,7 @@ index 077e13c..bc6e8f9 100644
2625 2634
2626 int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); 2635 int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
2627 void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); 2636 void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
2628@@ -117,16 +134,30 @@ void ssh_gssapi_build_ctx(Gssctxt **); 2637@@ -117,16 +134,32 @@ void ssh_gssapi_build_ctx(Gssctxt **);
2629 void ssh_gssapi_delete_ctx(Gssctxt **); 2638 void ssh_gssapi_delete_ctx(Gssctxt **);
2630 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); 2639 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
2631 void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); 2640 void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
@@ -2652,9 +2661,11 @@ index 077e13c..bc6e8f9 100644
2652 void ssh_gssapi_storecreds(void); 2661 void ssh_gssapi_storecreds(void);
2653 2662
2654+char *ssh_gssapi_server_mechanisms(void); 2663+char *ssh_gssapi_server_mechanisms(void);
2655+int ssh_gssapi_oid_table_ok(); 2664+int ssh_gssapi_oid_table_ok(void);
2656+ 2665+
2657+int ssh_gssapi_update_creds(ssh_gssapi_ccache *store); 2666+int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
2667+void ssh_gssapi_rekey_creds(void);
2668+
2658 #endif /* GSSAPI */ 2669 #endif /* GSSAPI */
2659 2670
2660 #endif /* _SSH_GSS_H */ 2671 #endif /* _SSH_GSS_H */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 09:42:39 +0000