* New upstream release (closes: #453367).

  - CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
    creation of an untrusted cookie fails; found and fixed by Jan Pechanec
    (closes: #444738).
  - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
    installations are unchanged.
  - The SSH channel window size has been increased, and both ssh(1)
    sshd(8) now send window updates more aggressively. These improves
    performance on high-BDP (Bandwidth Delay Product) networks.
  - ssh(1) and sshd(8) now preserve MAC contexts between packets, which
    saves 2 hash calls per packet and results in 12-16% speedup for
    arcfour256/hmac-md5.
  - A new MAC algorithm has been added, UMAC-64 (RFC4418) as
    "umac-64@openssh.com". UMAC-64 has been measured to be approximately
    20% faster than HMAC-MD5.
  - Failure to establish a ssh(1) TunnelForward is now treated as a fatal
    error when the ExitOnForwardFailure option is set.
  - ssh(1) returns a sensible exit status if the control master goes away
    without passing the full exit status.
  - When using a ProxyCommand in ssh(1), set the outgoing hostname with
    gethostname(2), allowing hostbased authentication to work.
  - Make scp(1) skip FIFOs rather than hanging (closes: #246774).
  - Encode non-printing characters in scp(1) filenames. These could cause
    copies to be aborted with a "protocol error".
  - Handle SIGINT in sshd(8) privilege separation child process to ensure
    that wtmp and lastlog records are correctly updated.
  - Report GSSAPI mechanism in errors, for libraries that support multiple
    mechanisms.
  - Improve documentation for ssh-add(1)'s -d option.
  - Rearrange and tidy GSSAPI code, removing server-only code being linked
    into the client.
  - Delay execution of ssh(1)'s LocalCommand until after all forwardings
    have been established.
  - In scp(1), do not truncate non-regular files.
  - Improve exit message from ControlMaster clients.
  - Prevent sftp-server(8) from reading until it runs out of buffer space,
    whereupon it would exit with a fatal error (closes: #365541).
  - pam_end() was not being called if authentication failed
    (closes: #405041).
  - Manual page datestamps updated (closes: #433181).

1 files changed, 49 insertions, 51 deletions

diff --git a/gss-serv.c b/gss-serv.c
index 841d8bb2f..e157ec515 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
@@ -29,6 +29,7 @@
 #ifdef GSSAPI
 
 #include <sys/types.h>
+#include <sys/param.h>
 
 #include <stdarg.h>
 #include <string.h>
@@ -68,6 +69,53 @@ ssh_gssapi_mech* supported_mechs[]= {
         &gssapi_null_mech,
 };
 
+
+/*
+ * Acquire credentials for a server running on the current host.
+ * Requires that the context structure contains a valid OID
+ */
+
+/* Returns a GSSAPI error code */
+/* Privileged (called from ssh_gssapi_server_ctx) */
+static OM_uint32
+ssh_gssapi_acquire_cred(Gssctxt *ctx)
+{
+        OM_uint32 status;
+        char lname[MAXHOSTNAMELEN];
+        gss_OID_set oidset;
+
+        gss_create_empty_oid_set(&status, &oidset);
+        gss_add_oid_set_member(&status, ctx->oid, &oidset);
+
+        if (gethostname(lname, MAXHOSTNAMELEN)) {
+                gss_release_oid_set(&status, &oidset);
+                return (-1);
+        }
+
+        if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
+                gss_release_oid_set(&status, &oidset);
+                return (ctx->major);
+        }
+
+        if ((ctx->major = gss_acquire_cred(&ctx->minor,
+            ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
+                ssh_gssapi_error(ctx);
+
+        gss_release_oid_set(&status, &oidset);
+        return (ctx->major);
+}
+
+/* Privileged */
+OM_uint32
+ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
+{
+        if (*ctx)
+                ssh_gssapi_delete_ctx(ctx);
+        ssh_gssapi_build_ctx(ctx);
+        ssh_gssapi_set_oid(*ctx, oid);
+        return (ssh_gssapi_acquire_cred(*ctx));
+}
+
 /* Unprivileged */
 char *
 ssh_gssapi_server_mechanisms() {
@@ -115,56 +163,6 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
         gss_release_oid_set(&min_status, &supported);
 }
 
-OM_uint32
-ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
-{
-        if (*ctx)
-                ssh_gssapi_delete_ctx(ctx);
-        ssh_gssapi_build_ctx(ctx);
-        ssh_gssapi_set_oid(*ctx, oid);
-        return (ssh_gssapi_acquire_cred(*ctx));
-}
-
-/* Acquire credentials for a server running on the current host.
- * Requires that the context structure contains a valid OID
- */
-
-/* Returns a GSSAPI error code */
-OM_uint32
-ssh_gssapi_acquire_cred(Gssctxt *ctx)
-{
-        OM_uint32 status;
-        char lname[MAXHOSTNAMELEN];
-        gss_OID_set oidset;
-
-        if (options.gss_strict_acceptor) {
-                gss_create_empty_oid_set(&status, &oidset);
-                gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
-                if (gethostname(lname, MAXHOSTNAMELEN)) {
-                        gss_release_oid_set(&status, &oidset);
-                        return (-1);
-                }
-
-                if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-                        gss_release_oid_set(&status, &oidset);
-                        return (ctx->major);
-                }
-
-                if ((ctx->major = gss_acquire_cred(&ctx->minor,
-                    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, 
-                    NULL, NULL)))
-                        ssh_gssapi_error(ctx);
-
-                gss_release_oid_set(&status, &oidset);
-                return (ctx->major);
-        } else {
-                ctx->name = GSS_C_NO_NAME;
-                ctx->creds = GSS_C_NO_CREDENTIAL;
-        }
-        return GSS_S_COMPLETE;
-}
-
 
 /* Wrapper around accept_sec_context
  * Requires that the context contains: