diff options
| author | Colin Watson <cjwatson@debian.org> | 2016-01-04 13:43:57 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2016-01-04 13:45:10 +0000 |
| commit | 3782b4ad3e4eae51a99fd3cc4a6e401d117636a2 (patch) | |
| tree | d53f1c0addcfd6df3e63cbdd7a8ca52112b1c9b4 /debian/patches/gssapi.patch | |
| parent | f9c35cbf21fa84501c5786923b4d200523977802 (diff) | |
| parent | 1f715c783abc11e805d9fd8af4847c3514fcb296 (diff) | |
Allow authenticating as root using gssapi-keyex even with "PermitRootLogin prohibit-password" (closes: #809695).
Diffstat (limited to 'debian/patches/gssapi.patch')
| -rw-r--r-- | debian/patches/gssapi.patch | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index 4ab9ca373..2c8d04268 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 09c4d9b7d41ab3c9973f07e0109e931f57c59c43 Mon Sep 17 00:00:00 2001 | 1 | From d6cfd64ea0a567d88152270a94be6bb2a78daeb9 Mon Sep 17 00:00:00 2001 |
| 2 | From: Simon Wilkinson <simon@sxw.org.uk> | 2 | From: Simon Wilkinson <simon@sxw.org.uk> |
| 3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 |
| 4 | Subject: GSSAPI key exchange support | 4 | Subject: GSSAPI key exchange support |
| @@ -17,13 +17,14 @@ have it merged into the main openssh package rather than having separate | |||
| 17 | security history. | 17 | security history. |
| 18 | 18 | ||
| 19 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 | 19 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 |
| 20 | Last-Updated: 2015-11-29 | 20 | Last-Updated: 2016-01-04 |
| 21 | 21 | ||
| 22 | Patch-Name: gssapi.patch | 22 | Patch-Name: gssapi.patch |
| 23 | --- | 23 | --- |
| 24 | ChangeLog.gssapi | 113 +++++++++++++++++++ | 24 | ChangeLog.gssapi | 113 +++++++++++++++++++ |
| 25 | Makefile.in | 5 +- | 25 | Makefile.in | 5 +- |
| 26 | auth-krb5.c | 17 ++- | 26 | auth-krb5.c | 17 ++- |
| 27 | auth.c | 3 +- | ||
| 27 | auth2-gss.c | 48 +++++++- | 28 | auth2-gss.c | 48 +++++++- |
| 28 | auth2.c | 2 + | 29 | auth2.c | 2 + |
| 29 | clientloop.c | 13 +++ | 30 | clientloop.c | 13 +++ |
| @@ -53,7 +54,7 @@ Patch-Name: gssapi.patch | |||
| 53 | sshd_config.5 | 11 ++ | 54 | sshd_config.5 | 11 ++ |
| 54 | sshkey.c | 3 +- | 55 | sshkey.c | 3 +- |
| 55 | sshkey.h | 1 + | 56 | sshkey.h | 1 + |
| 56 | 32 files changed, 1957 insertions(+), 46 deletions(-) | 57 | 33 files changed, 1959 insertions(+), 47 deletions(-) |
| 57 | create mode 100644 ChangeLog.gssapi | 58 | create mode 100644 ChangeLog.gssapi |
| 58 | create mode 100644 kexgssc.c | 59 | create mode 100644 kexgssc.c |
| 59 | create mode 100644 kexgsss.c | 60 | create mode 100644 kexgsss.c |
| @@ -251,6 +252,20 @@ index 0089b18..ec47869 100644 | |||
| 251 | 252 | ||
| 252 | return (krb5_cc_resolve(ctx, ccname, ccache)); | 253 | return (krb5_cc_resolve(ctx, ccname, ccache)); |
| 253 | } | 254 | } |
| 255 | diff --git a/auth.c b/auth.c | ||
| 256 | index 214c2c7..bd6a026 100644 | ||
| 257 | --- a/auth.c | ||
| 258 | +++ b/auth.c | ||
| 259 | @@ -354,7 +354,8 @@ auth_root_allowed(const char *method) | ||
| 260 | case PERMIT_NO_PASSWD: | ||
| 261 | if (strcmp(method, "publickey") == 0 || | ||
| 262 | strcmp(method, "hostbased") == 0 || | ||
| 263 | - strcmp(method, "gssapi-with-mic") == 0) | ||
| 264 | + strcmp(method, "gssapi-with-mic") == 0 || | ||
| 265 | + strcmp(method, "gssapi-keyex") == 0) | ||
| 266 | return 1; | ||
| 267 | break; | ||
| 268 | case PERMIT_FORCED_ONLY: | ||
| 254 | diff --git a/auth2-gss.c b/auth2-gss.c | 269 | diff --git a/auth2-gss.c b/auth2-gss.c |
| 255 | index 1ca8357..3b5036d 100644 | 270 | index 1ca8357..3b5036d 100644 |
| 256 | --- a/auth2-gss.c | 271 | --- a/auth2-gss.c |