summaryrefslogtreecommitdiff
path: root/debian/patches/gssapi.patch
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-04-03 08:20:28 +0100
committerColin Watson <cjwatson@debian.org>2018-04-03 08:57:25 +0100
commita0b2dce9bf518f561bbb5070c0fb0c38f49035dd (patch)
tree24298b823e93d4e6efe13f48f1512707ebd625f8 /debian/patches/gssapi.patch
parent9d4942dc192b6f1888c9ab73a512dd9b197b956c (diff)
parent76aa43d2298f322f0371b74462418d0461537131 (diff)
New upstream release (7.7p1)
Diffstat (limited to 'debian/patches/gssapi.patch')
-rw-r--r--debian/patches/gssapi.patch152
1 files changed, 76 insertions, 76 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 0726a5020..a67ebced0 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
1From 4e70490950e5c5134df48848affaf73685bf0284 Mon Sep 17 00:00:00 2001 1From cb427e23bf78d65407c78d868c4ef525dbfaa68f Mon Sep 17 00:00:00 2001
2From: Simon Wilkinson <simon@sxw.org.uk> 2From: Simon Wilkinson <simon@sxw.org.uk>
3Date: Sun, 9 Feb 2014 16:09:48 +0000 3Date: Sun, 9 Feb 2014 16:09:48 +0000
4Subject: GSSAPI key exchange support 4Subject: GSSAPI key exchange support
@@ -181,10 +181,10 @@ index 00000000..f117a336
181+ (from jbasney AT ncsa.uiuc.edu) 181+ (from jbasney AT ncsa.uiuc.edu)
182+ <gssapi-with-mic support is Bugzilla #1008> 182+ <gssapi-with-mic support is Bugzilla #1008>
183diff --git a/Makefile.in b/Makefile.in 183diff --git a/Makefile.in b/Makefile.in
184index c52ce191..f6e9fe4c 100644 184index 04e1c8e5..6f3f042b 100644
185--- a/Makefile.in 185--- a/Makefile.in
186+++ b/Makefile.in 186+++ b/Makefile.in
187@@ -92,6 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ 187@@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
188 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ 188 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
189 kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ 189 kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
190 kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ 190 kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
@@ -192,7 +192,7 @@ index c52ce191..f6e9fe4c 100644
192 platform-pledge.o platform-tracing.o platform-misc.o 192 platform-pledge.o platform-tracing.o platform-misc.o
193 193
194 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ 194 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
195@@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ 195@@ -113,7 +114,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
196 auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ 196 auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
197 auth2-none.o auth2-passwd.o auth2-pubkey.o \ 197 auth2-none.o auth2-passwd.o auth2-pubkey.o \
198 monitor.o monitor_wrap.o auth-krb5.o \ 198 monitor.o monitor_wrap.o auth-krb5.o \
@@ -253,10 +253,10 @@ index a5a81ed2..38e7fee2 100644
253 return (krb5_cc_resolve(ctx, ccname, ccache)); 253 return (krb5_cc_resolve(ctx, ccname, ccache));
254 } 254 }
255diff --git a/auth.c b/auth.c 255diff --git a/auth.c b/auth.c
256index a4490617..6aec3605 100644 256index 63366768..76d586e3 100644
257--- a/auth.c 257--- a/auth.c
258+++ b/auth.c 258+++ b/auth.c
259@@ -395,7 +395,8 @@ auth_root_allowed(const char *method) 259@@ -396,7 +396,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
260 case PERMIT_NO_PASSWD: 260 case PERMIT_NO_PASSWD:
261 if (strcmp(method, "publickey") == 0 || 261 if (strcmp(method, "publickey") == 0 ||
262 strcmp(method, "hostbased") == 0 || 262 strcmp(method, "hostbased") == 0 ||
@@ -266,7 +266,7 @@ index a4490617..6aec3605 100644
266 return 1; 266 return 1;
267 break; 267 break;
268 case PERMIT_FORCED_ONLY: 268 case PERMIT_FORCED_ONLY:
269@@ -727,99 +728,6 @@ fakepw(void) 269@@ -728,99 +729,6 @@ fakepw(void)
270 return (&fake); 270 return (&fake);
271 } 271 }
272 272
@@ -455,7 +455,7 @@ index 589283b7..fd411d3a 100644
455 "gssapi-with-mic", 455 "gssapi-with-mic",
456 userauth_gssapi, 456 userauth_gssapi,
457diff --git a/auth2.c b/auth2.c 457diff --git a/auth2.c b/auth2.c
458index 862e0996..54070e3a 100644 458index e0034229..c34f58c4 100644
459--- a/auth2.c 459--- a/auth2.c
460+++ b/auth2.c 460+++ b/auth2.c
461@@ -72,6 +72,7 @@ extern Authmethod method_passwd; 461@@ -72,6 +72,7 @@ extern Authmethod method_passwd;
@@ -593,7 +593,7 @@ index 26d62855..0cadc9f1 100644
593 int get_peer_port(int); 593 int get_peer_port(int);
594 char *get_local_ipaddr(int); 594 char *get_local_ipaddr(int);
595diff --git a/clientloop.c b/clientloop.c 595diff --git a/clientloop.c b/clientloop.c
596index 791d336e..0010b833 100644 596index 7bcf22e3..ef803e98 100644
597--- a/clientloop.c 597--- a/clientloop.c
598+++ b/clientloop.c 598+++ b/clientloop.c
599@@ -112,6 +112,10 @@ 599@@ -112,6 +112,10 @@
@@ -607,7 +607,7 @@ index 791d336e..0010b833 100644
607 /* import options */ 607 /* import options */
608 extern Options options; 608 extern Options options;
609 609
610@@ -1349,9 +1353,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, 610@@ -1335,9 +1339,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
611 break; 611 break;
612 612
613 /* Do channel operations unless rekeying in progress. */ 613 /* Do channel operations unless rekeying in progress. */
@@ -628,10 +628,10 @@ index 791d336e..0010b833 100644
628 client_process_net_input(readset); 628 client_process_net_input(readset);
629 629
630diff --git a/config.h.in b/config.h.in 630diff --git a/config.h.in b/config.h.in
631index 63fc548b..0b244fd5 100644 631index 57208740..4c9545c7 100644
632--- a/config.h.in 632--- a/config.h.in
633+++ b/config.h.in 633+++ b/config.h.in
634@@ -1696,6 +1696,9 @@ 634@@ -1746,6 +1746,9 @@
635 /* Use btmp to log bad logins */ 635 /* Use btmp to log bad logins */
636 #undef USE_BTMP 636 #undef USE_BTMP
637 637
@@ -641,7 +641,7 @@ index 63fc548b..0b244fd5 100644
641 /* Use libedit for sftp */ 641 /* Use libedit for sftp */
642 #undef USE_LIBEDIT 642 #undef USE_LIBEDIT
643 643
644@@ -1711,6 +1714,9 @@ 644@@ -1761,6 +1764,9 @@
645 /* Use PIPES instead of a socketpair() */ 645 /* Use PIPES instead of a socketpair() */
646 #undef USE_PIPES 646 #undef USE_PIPES
647 647
@@ -652,10 +652,10 @@ index 63fc548b..0b244fd5 100644
652 #undef USE_SOLARIS_PRIVS 652 #undef USE_SOLARIS_PRIVS
653 653
654diff --git a/configure.ac b/configure.ac 654diff --git a/configure.ac b/configure.ac
655index 889f5063..84bfad8c 100644 655index 663062be..1cd5eab6 100644
656--- a/configure.ac 656--- a/configure.ac
657+++ b/configure.ac 657+++ b/configure.ac
658@@ -621,6 +621,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 658@@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
659 [Use tunnel device compatibility to OpenBSD]) 659 [Use tunnel device compatibility to OpenBSD])
660 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 660 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
661 [Prepend the address family to IP tunnel traffic]) 661 [Prepend the address family to IP tunnel traffic])
@@ -1435,7 +1435,7 @@ index 6cae720e..967c6cfb 100644
1435 1435
1436 /* Privileged */ 1436 /* Privileged */
1437diff --git a/kex.c b/kex.c 1437diff --git a/kex.c b/kex.c
1438index d5d5a9da..bb1bd661 100644 1438index 15ea28b0..6cc2935f 100644
1439--- a/kex.c 1439--- a/kex.c
1440+++ b/kex.c 1440+++ b/kex.c
1441@@ -54,6 +54,10 @@ 1441@@ -54,6 +54,10 @@
@@ -1475,7 +1475,7 @@ index d5d5a9da..bb1bd661 100644
1475 return NULL; 1475 return NULL;
1476 } 1476 }
1477 1477
1478@@ -601,6 +617,9 @@ kex_free(struct kex *kex) 1478@@ -599,6 +615,9 @@ kex_free(struct kex *kex)
1479 sshbuf_free(kex->peer); 1479 sshbuf_free(kex->peer);
1480 sshbuf_free(kex->my); 1480 sshbuf_free(kex->my);
1481 free(kex->session_id); 1481 free(kex->session_id);
@@ -2170,10 +2170,10 @@ index 00000000..38ca082b
2170+} 2170+}
2171+#endif /* GSSAPI */ 2171+#endif /* GSSAPI */
2172diff --git a/monitor.c b/monitor.c 2172diff --git a/monitor.c b/monitor.c
2173index f517da48..cabfeb8a 100644 2173index c68e1b0d..868fb0d2 100644
2174--- a/monitor.c 2174--- a/monitor.c
2175+++ b/monitor.c 2175+++ b/monitor.c
2176@@ -157,6 +157,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *); 2176@@ -158,6 +158,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
2177 int mm_answer_gss_accept_ctx(int, Buffer *); 2177 int mm_answer_gss_accept_ctx(int, Buffer *);
2178 int mm_answer_gss_userok(int, Buffer *); 2178 int mm_answer_gss_userok(int, Buffer *);
2179 int mm_answer_gss_checkmic(int, Buffer *); 2179 int mm_answer_gss_checkmic(int, Buffer *);
@@ -2182,7 +2182,7 @@ index f517da48..cabfeb8a 100644
2182 #endif 2182 #endif
2183 2183
2184 #ifdef SSH_AUDIT_EVENTS 2184 #ifdef SSH_AUDIT_EVENTS
2185@@ -230,11 +232,18 @@ struct mon_table mon_dispatch_proto20[] = { 2185@@ -232,11 +234,18 @@ struct mon_table mon_dispatch_proto20[] = {
2186 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, 2186 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
2187 {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, 2187 {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
2188 {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, 2188 {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
@@ -2201,7 +2201,7 @@ index f517da48..cabfeb8a 100644
2201 #ifdef WITH_OPENSSL 2201 #ifdef WITH_OPENSSL
2202 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 2202 {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
2203 #endif 2203 #endif
2204@@ -302,6 +311,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) 2204@@ -306,6 +315,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
2205 /* Permit requests for moduli and signatures */ 2205 /* Permit requests for moduli and signatures */
2206 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 2206 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
2207 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 2207 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -2212,7 +2212,7 @@ index f517da48..cabfeb8a 100644
2212 2212
2213 /* The first few requests do not require asynchronous access */ 2213 /* The first few requests do not require asynchronous access */
2214 while (!authenticated) { 2214 while (!authenticated) {
2215@@ -408,6 +421,10 @@ monitor_child_postauth(struct monitor *pmonitor) 2215@@ -415,6 +428,10 @@ monitor_child_postauth(struct monitor *pmonitor)
2216 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 2216 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
2217 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 2217 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
2218 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 2218 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -2221,9 +2221,9 @@ index f517da48..cabfeb8a 100644
2221+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); 2221+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
2222+#endif 2222+#endif
2223 2223
2224 if (!no_pty_flag) { 2224 if (auth_opts->permit_pty_flag) {
2225 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 2225 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
2226@@ -1626,6 +1643,13 @@ monitor_apply_keystate(struct monitor *pmonitor) 2226@@ -1652,6 +1669,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
2227 # endif 2227 # endif
2228 #endif /* WITH_OPENSSL */ 2228 #endif /* WITH_OPENSSL */
2229 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 2229 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -2237,7 +2237,7 @@ index f517da48..cabfeb8a 100644
2237 kex->load_host_public_key=&get_hostkey_public_by_type; 2237 kex->load_host_public_key=&get_hostkey_public_by_type;
2238 kex->load_host_private_key=&get_hostkey_private_by_type; 2238 kex->load_host_private_key=&get_hostkey_private_by_type;
2239 kex->host_key_index=&get_hostkey_index; 2239 kex->host_key_index=&get_hostkey_index;
2240@@ -1714,8 +1738,8 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) 2240@@ -1740,8 +1764,8 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
2241 OM_uint32 major; 2241 OM_uint32 major;
2242 u_int len; 2242 u_int len;
2243 2243
@@ -2248,7 +2248,7 @@ index f517da48..cabfeb8a 100644
2248 2248
2249 goid.elements = buffer_get_string(m, &len); 2249 goid.elements = buffer_get_string(m, &len);
2250 goid.length = len; 2250 goid.length = len;
2251@@ -1744,8 +1768,8 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) 2251@@ -1770,8 +1794,8 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
2252 OM_uint32 flags = 0; /* GSI needs this */ 2252 OM_uint32 flags = 0; /* GSI needs this */
2253 u_int len; 2253 u_int len;
2254 2254
@@ -2259,7 +2259,7 @@ index f517da48..cabfeb8a 100644
2259 2259
2260 in.value = buffer_get_string(m, &len); 2260 in.value = buffer_get_string(m, &len);
2261 in.length = len; 2261 in.length = len;
2262@@ -1764,6 +1788,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) 2262@@ -1790,6 +1814,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
2263 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2263 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
2264 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2264 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
2265 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2265 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2267,7 +2267,7 @@ index f517da48..cabfeb8a 100644
2267 } 2267 }
2268 return (0); 2268 return (0);
2269 } 2269 }
2270@@ -1775,8 +1800,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m) 2270@@ -1801,8 +1826,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
2271 OM_uint32 ret; 2271 OM_uint32 ret;
2272 u_int len; 2272 u_int len;
2273 2273
@@ -2278,7 +2278,7 @@ index f517da48..cabfeb8a 100644
2278 2278
2279 gssbuf.value = buffer_get_string(m, &len); 2279 gssbuf.value = buffer_get_string(m, &len);
2280 gssbuf.length = len; 2280 gssbuf.length = len;
2281@@ -1805,10 +1830,11 @@ mm_answer_gss_userok(int sock, Buffer *m) 2281@@ -1831,10 +1856,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
2282 int authenticated; 2282 int authenticated;
2283 const char *displayname; 2283 const char *displayname;
2284 2284
@@ -2293,7 +2293,7 @@ index f517da48..cabfeb8a 100644
2293 2293
2294 buffer_clear(m); 2294 buffer_clear(m);
2295 buffer_put_int(m, authenticated); 2295 buffer_put_int(m, authenticated);
2296@@ -1824,5 +1850,76 @@ mm_answer_gss_userok(int sock, Buffer *m) 2296@@ -1850,5 +1876,76 @@ mm_answer_gss_userok(int sock, Buffer *m)
2297 /* Monitor loop will terminate if authenticated */ 2297 /* Monitor loop will terminate if authenticated */
2298 return (authenticated); 2298 return (authenticated);
2299 } 2299 }
@@ -2385,10 +2385,10 @@ index d68f6745..ec41404c 100644
2385 2385
2386 struct monitor { 2386 struct monitor {
2387diff --git a/monitor_wrap.c b/monitor_wrap.c 2387diff --git a/monitor_wrap.c b/monitor_wrap.c
2388index 69212aaf..0e171a6a 100644 2388index 9666bda4..e749efc1 100644
2389--- a/monitor_wrap.c 2389--- a/monitor_wrap.c
2390+++ b/monitor_wrap.c 2390+++ b/monitor_wrap.c
2391@@ -937,7 +937,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) 2391@@ -943,7 +943,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
2392 } 2392 }
2393 2393
2394 int 2394 int
@@ -2397,7 +2397,7 @@ index 69212aaf..0e171a6a 100644
2397 { 2397 {
2398 Buffer m; 2398 Buffer m;
2399 int authenticated = 0; 2399 int authenticated = 0;
2400@@ -954,5 +954,50 @@ mm_ssh_gssapi_userok(char *user) 2400@@ -960,5 +960,50 @@ mm_ssh_gssapi_userok(char *user)
2401 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); 2401 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
2402 return (authenticated); 2402 return (authenticated);
2403 } 2403 }
@@ -2449,10 +2449,10 @@ index 69212aaf..0e171a6a 100644
2449 #endif /* GSSAPI */ 2449 #endif /* GSSAPI */
2450 2450
2451diff --git a/monitor_wrap.h b/monitor_wrap.h 2451diff --git a/monitor_wrap.h b/monitor_wrap.h
2452index 9e032d20..7b2e8945 100644 2452index 76233270..0970d1f8 100644
2453--- a/monitor_wrap.h 2453--- a/monitor_wrap.h
2454+++ b/monitor_wrap.h 2454+++ b/monitor_wrap.h
2455@@ -57,8 +57,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, 2455@@ -60,8 +60,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
2456 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); 2456 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
2457 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, 2457 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
2458 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); 2458 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
@@ -2465,7 +2465,7 @@ index 9e032d20..7b2e8945 100644
2465 2465
2466 #ifdef USE_PAM 2466 #ifdef USE_PAM
2467diff --git a/readconf.c b/readconf.c 2467diff --git a/readconf.c b/readconf.c
2468index f63894f9..99e03ee1 100644 2468index 88051db5..c8e79299 100644
2469--- a/readconf.c 2469--- a/readconf.c
2470+++ b/readconf.c 2470+++ b/readconf.c
2471@@ -160,6 +160,8 @@ typedef enum { 2471@@ -160,6 +160,8 @@ typedef enum {
@@ -2498,7 +2498,7 @@ index f63894f9..99e03ee1 100644
2498 #endif 2498 #endif
2499 #ifdef ENABLE_PKCS11 2499 #ifdef ENABLE_PKCS11
2500 { "smartcarddevice", oPKCS11Provider }, 2500 { "smartcarddevice", oPKCS11Provider },
2501@@ -976,10 +988,30 @@ parse_time: 2501@@ -950,10 +962,30 @@ parse_time:
2502 intptr = &options->gss_authentication; 2502 intptr = &options->gss_authentication;
2503 goto parse_flag; 2503 goto parse_flag;
2504 2504
@@ -2529,7 +2529,7 @@ index f63894f9..99e03ee1 100644
2529 case oBatchMode: 2529 case oBatchMode:
2530 intptr = &options->batch_mode; 2530 intptr = &options->batch_mode;
2531 goto parse_flag; 2531 goto parse_flag;
2532@@ -1790,7 +1822,12 @@ initialize_options(Options * options) 2532@@ -1765,7 +1797,12 @@ initialize_options(Options * options)
2533 options->pubkey_authentication = -1; 2533 options->pubkey_authentication = -1;
2534 options->challenge_response_authentication = -1; 2534 options->challenge_response_authentication = -1;
2535 options->gss_authentication = -1; 2535 options->gss_authentication = -1;
@@ -2542,7 +2542,7 @@ index f63894f9..99e03ee1 100644
2542 options->password_authentication = -1; 2542 options->password_authentication = -1;
2543 options->kbd_interactive_authentication = -1; 2543 options->kbd_interactive_authentication = -1;
2544 options->kbd_interactive_devices = NULL; 2544 options->kbd_interactive_devices = NULL;
2545@@ -1930,8 +1967,14 @@ fill_default_options(Options * options) 2545@@ -1906,8 +1943,14 @@ fill_default_options(Options * options)
2546 options->challenge_response_authentication = 1; 2546 options->challenge_response_authentication = 1;
2547 if (options->gss_authentication == -1) 2547 if (options->gss_authentication == -1)
2548 options->gss_authentication = 0; 2548 options->gss_authentication = 0;
@@ -2558,7 +2558,7 @@ index f63894f9..99e03ee1 100644
2558 options->password_authentication = 1; 2558 options->password_authentication = 1;
2559 if (options->kbd_interactive_authentication == -1) 2559 if (options->kbd_interactive_authentication == -1)
2560diff --git a/readconf.h b/readconf.h 2560diff --git a/readconf.h b/readconf.h
2561index 22fe5c18..d61161a8 100644 2561index f4d9e2b2..f469daaf 100644
2562--- a/readconf.h 2562--- a/readconf.h
2563+++ b/readconf.h 2563+++ b/readconf.h
2564@@ -42,7 +42,12 @@ typedef struct { 2564@@ -42,7 +42,12 @@ typedef struct {
@@ -2575,10 +2575,10 @@ index 22fe5c18..d61161a8 100644
2575 * authentication. */ 2575 * authentication. */
2576 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 2576 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
2577diff --git a/servconf.c b/servconf.c 2577diff --git a/servconf.c b/servconf.c
2578index 2c321a4a..8ba74517 100644 2578index 0f0d0906..cbbea05b 100644
2579--- a/servconf.c 2579--- a/servconf.c
2580+++ b/servconf.c 2580+++ b/servconf.c
2581@@ -113,8 +113,10 @@ initialize_server_options(ServerOptions *options) 2581@@ -123,8 +123,10 @@ initialize_server_options(ServerOptions *options)
2582 options->kerberos_ticket_cleanup = -1; 2582 options->kerberos_ticket_cleanup = -1;
2583 options->kerberos_get_afs_token = -1; 2583 options->kerberos_get_afs_token = -1;
2584 options->gss_authentication=-1; 2584 options->gss_authentication=-1;
@@ -2589,7 +2589,7 @@ index 2c321a4a..8ba74517 100644
2589 options->password_authentication = -1; 2589 options->password_authentication = -1;
2590 options->kbd_interactive_authentication = -1; 2590 options->kbd_interactive_authentication = -1;
2591 options->challenge_response_authentication = -1; 2591 options->challenge_response_authentication = -1;
2592@@ -268,10 +270,14 @@ fill_default_server_options(ServerOptions *options) 2592@@ -315,10 +317,14 @@ fill_default_server_options(ServerOptions *options)
2593 options->kerberos_get_afs_token = 0; 2593 options->kerberos_get_afs_token = 0;
2594 if (options->gss_authentication == -1) 2594 if (options->gss_authentication == -1)
2595 options->gss_authentication = 0; 2595 options->gss_authentication = 0;
@@ -2604,7 +2604,7 @@ index 2c321a4a..8ba74517 100644
2604 if (options->password_authentication == -1) 2604 if (options->password_authentication == -1)
2605 options->password_authentication = 1; 2605 options->password_authentication = 1;
2606 if (options->kbd_interactive_authentication == -1) 2606 if (options->kbd_interactive_authentication == -1)
2607@@ -410,6 +416,7 @@ typedef enum { 2607@@ -461,6 +467,7 @@ typedef enum {
2608 sHostKeyAlgorithms, 2608 sHostKeyAlgorithms,
2609 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 2609 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
2610 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 2610 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@@ -2612,7 +2612,7 @@ index 2c321a4a..8ba74517 100644
2612 sAcceptEnv, sPermitTunnel, 2612 sAcceptEnv, sPermitTunnel,
2613 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 2613 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
2614 sUsePrivilegeSeparation, sAllowAgentForwarding, 2614 sUsePrivilegeSeparation, sAllowAgentForwarding,
2615@@ -484,12 +491,20 @@ static struct { 2615@@ -535,12 +542,20 @@ static struct {
2616 #ifdef GSSAPI 2616 #ifdef GSSAPI
2617 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 2617 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
2618 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 2618 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2633,7 +2633,7 @@ index 2c321a4a..8ba74517 100644
2633 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 2633 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
2634 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 2634 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
2635 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 2635 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
2636@@ -1253,6 +1268,10 @@ process_server_config_line(ServerOptions *options, char *line, 2636@@ -1407,6 +1422,10 @@ process_server_config_line(ServerOptions *options, char *line,
2637 intptr = &options->gss_authentication; 2637 intptr = &options->gss_authentication;
2638 goto parse_flag; 2638 goto parse_flag;
2639 2639
@@ -2644,7 +2644,7 @@ index 2c321a4a..8ba74517 100644
2644 case sGssCleanupCreds: 2644 case sGssCleanupCreds:
2645 intptr = &options->gss_cleanup_creds; 2645 intptr = &options->gss_cleanup_creds;
2646 goto parse_flag; 2646 goto parse_flag;
2647@@ -1261,6 +1280,10 @@ process_server_config_line(ServerOptions *options, char *line, 2647@@ -1415,6 +1434,10 @@ process_server_config_line(ServerOptions *options, char *line,
2648 intptr = &options->gss_strict_acceptor; 2648 intptr = &options->gss_strict_acceptor;
2649 goto parse_flag; 2649 goto parse_flag;
2650 2650
@@ -2655,7 +2655,7 @@ index 2c321a4a..8ba74517 100644
2655 case sPasswordAuthentication: 2655 case sPasswordAuthentication:
2656 intptr = &options->password_authentication; 2656 intptr = &options->password_authentication;
2657 goto parse_flag; 2657 goto parse_flag;
2658@@ -2301,7 +2324,10 @@ dump_config(ServerOptions *o) 2658@@ -2453,7 +2476,10 @@ dump_config(ServerOptions *o)
2659 #endif 2659 #endif
2660 #ifdef GSSAPI 2660 #ifdef GSSAPI
2661 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2661 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2667,10 +2667,10 @@ index 2c321a4a..8ba74517 100644
2667 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2667 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2668 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2668 dump_cfg_fmtint(sKbdInteractiveAuthentication,
2669diff --git a/servconf.h b/servconf.h 2669diff --git a/servconf.h b/servconf.h
2670index 1dca702e..641e93c8 100644 2670index 37a0fb1a..5dfc9bc0 100644
2671--- a/servconf.h 2671--- a/servconf.h
2672+++ b/servconf.h 2672+++ b/servconf.h
2673@@ -119,8 +119,10 @@ typedef struct { 2673@@ -130,8 +130,10 @@ typedef struct {
2674 int kerberos_get_afs_token; /* If true, try to get AFS token if 2674 int kerberos_get_afs_token; /* If true, try to get AFS token if
2675 * authenticated with Kerberos. */ 2675 * authenticated with Kerberos. */
2676 int gss_authentication; /* If true, permit GSSAPI authentication */ 2676 int gss_authentication; /* If true, permit GSSAPI authentication */
@@ -2799,10 +2799,10 @@ index c12f5ef5..bcb9f153 100644
2799 # CheckHostIP yes 2799 # CheckHostIP yes
2800 # AddressFamily any 2800 # AddressFamily any
2801diff --git a/ssh_config.5 b/ssh_config.5 2801diff --git a/ssh_config.5 b/ssh_config.5
2802index eab8dd01..9a06a757 100644 2802index 71705cab..66826aa7 100644
2803--- a/ssh_config.5 2803--- a/ssh_config.5
2804+++ b/ssh_config.5 2804+++ b/ssh_config.5
2805@@ -720,10 +720,42 @@ The default is 2805@@ -727,10 +727,42 @@ The default is
2806 Specifies whether user authentication based on GSSAPI is allowed. 2806 Specifies whether user authentication based on GSSAPI is allowed.
2807 The default is 2807 The default is
2808 .Cm no . 2808 .Cm no .
@@ -2846,7 +2846,7 @@ index eab8dd01..9a06a757 100644
2846 Indicates that 2846 Indicates that
2847 .Xr ssh 1 2847 .Xr ssh 1
2848diff --git a/sshconnect2.c b/sshconnect2.c 2848diff --git a/sshconnect2.c b/sshconnect2.c
2849index be9397e4..c22477f5 100644 2849index 1f4a74cf..83562c68 100644
2850--- a/sshconnect2.c 2850--- a/sshconnect2.c
2851+++ b/sshconnect2.c 2851+++ b/sshconnect2.c
2852@@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) 2852@@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
@@ -2959,7 +2959,7 @@ index be9397e4..c22477f5 100644
2959 {"gssapi-with-mic", 2959 {"gssapi-with-mic",
2960 userauth_gssapi, 2960 userauth_gssapi,
2961 NULL, 2961 NULL,
2962@@ -654,25 +720,40 @@ userauth_gssapi(Authctxt *authctxt) 2962@@ -643,25 +709,40 @@ userauth_gssapi(Authctxt *authctxt)
2963 static u_int mech = 0; 2963 static u_int mech = 0;
2964 OM_uint32 min; 2964 OM_uint32 min;
2965 int ok = 0; 2965 int ok = 0;
@@ -3002,7 +3002,7 @@ index be9397e4..c22477f5 100644
3002 if (!ok) 3002 if (!ok)
3003 return 0; 3003 return 0;
3004 3004
3005@@ -763,8 +844,8 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) 3005@@ -752,8 +833,8 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
3006 { 3006 {
3007 Authctxt *authctxt = ssh->authctxt; 3007 Authctxt *authctxt = ssh->authctxt;
3008 Gssctxt *gssctxt; 3008 Gssctxt *gssctxt;
@@ -3013,7 +3013,7 @@ index be9397e4..c22477f5 100644
3013 3013
3014 if (authctxt == NULL) 3014 if (authctxt == NULL)
3015 fatal("input_gssapi_response: no authentication context"); 3015 fatal("input_gssapi_response: no authentication context");
3016@@ -877,6 +958,48 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) 3016@@ -866,6 +947,48 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
3017 free(lang); 3017 free(lang);
3018 return 0; 3018 return 0;
3019 } 3019 }
@@ -3063,10 +3063,10 @@ index be9397e4..c22477f5 100644
3063 3063
3064 int 3064 int
3065diff --git a/sshd.c b/sshd.c 3065diff --git a/sshd.c b/sshd.c
3066index 51a1aaf6..45e50fac 100644 3066index fd95b681..e88185ef 100644
3067--- a/sshd.c 3067--- a/sshd.c
3068+++ b/sshd.c 3068+++ b/sshd.c
3069@@ -122,6 +122,10 @@ 3069@@ -123,6 +123,10 @@
3070 #include "version.h" 3070 #include "version.h"
3071 #include "ssherr.h" 3071 #include "ssherr.h"
3072 3072
@@ -3077,7 +3077,7 @@ index 51a1aaf6..45e50fac 100644
3077 /* Re-exec fds */ 3077 /* Re-exec fds */
3078 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) 3078 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
3079 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) 3079 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
3080@@ -529,7 +533,7 @@ privsep_preauth_child(void) 3080@@ -531,7 +535,7 @@ privsep_preauth_child(void)
3081 3081
3082 #ifdef GSSAPI 3082 #ifdef GSSAPI
3083 /* Cache supported mechanism OIDs for later use */ 3083 /* Cache supported mechanism OIDs for later use */
@@ -3086,7 +3086,7 @@ index 51a1aaf6..45e50fac 100644
3086 ssh_gssapi_prepare_supported_oids(); 3086 ssh_gssapi_prepare_supported_oids();
3087 #endif 3087 #endif
3088 3088
3089@@ -1708,10 +1712,13 @@ main(int ac, char **av) 3089@@ -1753,10 +1757,13 @@ main(int ac, char **av)
3090 key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); 3090 key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp);
3091 free(fp); 3091 free(fp);
3092 } 3092 }
@@ -3100,8 +3100,8 @@ index 51a1aaf6..45e50fac 100644
3100 3100
3101 /* 3101 /*
3102 * Load certificates. They are stored in an array at identical 3102 * Load certificates. They are stored in an array at identical
3103@@ -1987,6 +1994,60 @@ main(int ac, char **av) 3103@@ -2047,6 +2054,60 @@ main(int ac, char **av)
3104 remote_ip, remote_port, laddr, ssh_local_port(ssh)); 3104 rdomain == NULL ? "" : "\"");
3105 free(laddr); 3105 free(laddr);
3106 3106
3107+#ifdef USE_SECURITY_SESSION_API 3107+#ifdef USE_SECURITY_SESSION_API
@@ -3161,7 +3161,7 @@ index 51a1aaf6..45e50fac 100644
3161 /* 3161 /*
3162 * We don't want to listen forever unless the other side 3162 * We don't want to listen forever unless the other side
3163 * successfully authenticates itself. So we set up an alarm which is 3163 * successfully authenticates itself. So we set up an alarm which is
3164@@ -2170,6 +2231,48 @@ do_ssh2_kex(void) 3164@@ -2234,6 +2295,48 @@ do_ssh2_kex(void)
3165 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 3165 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
3166 list_hostkey_types()); 3166 list_hostkey_types());
3167 3167
@@ -3210,7 +3210,7 @@ index 51a1aaf6..45e50fac 100644
3210 /* start key exchange */ 3210 /* start key exchange */
3211 if ((r = kex_setup(active_state, myproposal)) != 0) 3211 if ((r = kex_setup(active_state, myproposal)) != 0)
3212 fatal("kex_setup: %s", ssh_err(r)); 3212 fatal("kex_setup: %s", ssh_err(r));
3213@@ -2187,6 +2290,13 @@ do_ssh2_kex(void) 3213@@ -2251,6 +2354,13 @@ do_ssh2_kex(void)
3214 # endif 3214 # endif
3215 #endif 3215 #endif
3216 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 3216 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -3225,10 +3225,10 @@ index 51a1aaf6..45e50fac 100644
3225 kex->client_version_string=client_version_string; 3225 kex->client_version_string=client_version_string;
3226 kex->server_version_string=server_version_string; 3226 kex->server_version_string=server_version_string;
3227diff --git a/sshd_config b/sshd_config 3227diff --git a/sshd_config b/sshd_config
3228index 4eb2e02e..c01dd656 100644 3228index 3109d5d7..86263d71 100644
3229--- a/sshd_config 3229--- a/sshd_config
3230+++ b/sshd_config 3230+++ b/sshd_config
3231@@ -70,6 +70,8 @@ AuthorizedKeysFile .ssh/authorized_keys 3231@@ -69,6 +69,8 @@ AuthorizedKeysFile .ssh/authorized_keys
3232 # GSSAPI options 3232 # GSSAPI options
3233 #GSSAPIAuthentication no 3233 #GSSAPIAuthentication no
3234 #GSSAPICleanupCredentials yes 3234 #GSSAPICleanupCredentials yes
@@ -3238,10 +3238,10 @@ index 4eb2e02e..c01dd656 100644
3238 # Set this to 'yes' to enable PAM authentication, account processing, 3238 # Set this to 'yes' to enable PAM authentication, account processing,
3239 # and session processing. If this is enabled, PAM authentication will 3239 # and session processing. If this is enabled, PAM authentication will
3240diff --git a/sshd_config.5 b/sshd_config.5 3240diff --git a/sshd_config.5 b/sshd_config.5
3241index 251b7467..0dbcb8da 100644 3241index e3c7c393..c4a3f3cb 100644
3242--- a/sshd_config.5 3242--- a/sshd_config.5
3243+++ b/sshd_config.5 3243+++ b/sshd_config.5
3244@@ -635,6 +635,11 @@ The default is 3244@@ -636,6 +636,11 @@ The default is
3245 Specifies whether user authentication based on GSSAPI is allowed. 3245 Specifies whether user authentication based on GSSAPI is allowed.
3246 The default is 3246 The default is
3247 .Cm no . 3247 .Cm no .
@@ -3253,7 +3253,7 @@ index 251b7467..0dbcb8da 100644
3253 .It Cm GSSAPICleanupCredentials 3253 .It Cm GSSAPICleanupCredentials
3254 Specifies whether to automatically destroy the user's credentials cache 3254 Specifies whether to automatically destroy the user's credentials cache
3255 on logout. 3255 on logout.
3256@@ -654,6 +659,11 @@ machine's default store. 3256@@ -655,6 +660,11 @@ machine's default store.
3257 This facility is provided to assist with operation on multi homed machines. 3257 This facility is provided to assist with operation on multi homed machines.
3258 The default is 3258 The default is
3259 .Cm yes . 3259 .Cm yes .
@@ -3266,10 +3266,10 @@ index 251b7467..0dbcb8da 100644
3266 Specifies the key types that will be accepted for hostbased authentication 3266 Specifies the key types that will be accepted for hostbased authentication
3267 as a comma-separated pattern list. 3267 as a comma-separated pattern list.
3268diff --git a/sshkey.c b/sshkey.c 3268diff --git a/sshkey.c b/sshkey.c
3269index e91c54f5..c2cf0e03 100644 3269index 7712fba2..08887286 100644
3270--- a/sshkey.c 3270--- a/sshkey.c
3271+++ b/sshkey.c 3271+++ b/sshkey.c
3272@@ -112,6 +112,7 @@ static const struct keytype keytypes[] = { 3272@@ -122,6 +122,7 @@ static const struct keytype keytypes[] = {
3273 # endif /* OPENSSL_HAS_NISTP521 */ 3273 # endif /* OPENSSL_HAS_NISTP521 */
3274 # endif /* OPENSSL_HAS_ECC */ 3274 # endif /* OPENSSL_HAS_ECC */
3275 #endif /* WITH_OPENSSL */ 3275 #endif /* WITH_OPENSSL */
@@ -3277,7 +3277,7 @@ index e91c54f5..c2cf0e03 100644
3277 { NULL, NULL, -1, -1, 0, 0 } 3277 { NULL, NULL, -1, -1, 0, 0 }
3278 }; 3278 };
3279 3279
3280@@ -200,7 +201,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) 3280@@ -210,7 +211,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
3281 const struct keytype *kt; 3281 const struct keytype *kt;
3282 3282
3283 for (kt = keytypes; kt->type != -1; kt++) { 3283 for (kt = keytypes; kt->type != -1; kt++) {
@@ -3287,13 +3287,13 @@ index e91c54f5..c2cf0e03 100644
3287 if (!include_sigonly && kt->sigonly) 3287 if (!include_sigonly && kt->sigonly)
3288 continue; 3288 continue;
3289diff --git a/sshkey.h b/sshkey.h 3289diff --git a/sshkey.h b/sshkey.h
3290index 9093eac5..b5d020cb 100644 3290index 155cd45a..4e89049f 100644
3291--- a/sshkey.h 3291--- a/sshkey.h
3292+++ b/sshkey.h 3292+++ b/sshkey.h
3293@@ -61,6 +61,7 @@ enum sshkey_types { 3293@@ -63,6 +63,7 @@ enum sshkey_types {
3294 KEY_DSA_CERT,
3295 KEY_ECDSA_CERT,
3296 KEY_ED25519_CERT, 3294 KEY_ED25519_CERT,
3295 KEY_XMSS,
3296 KEY_XMSS_CERT,
3297+ KEY_NULL, 3297+ KEY_NULL,
3298 KEY_UNSPEC 3298 KEY_UNSPEC
3299 }; 3299 };
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 09:26:25 +0000