diff options
Diffstat (limited to 'debian/patches/gssapi.patch')
| -rw-r--r-- | debian/patches/gssapi.patch | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index 57def8057..7196d16b6 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 40ab38b3f501f3e21662f0294eef06789605c5f8 Mon Sep 17 00:00:00 2001 | 1 | From 48fbb156bdc676fb6ba6817770e4e971fbf85b1f Mon Sep 17 00:00:00 2001 |
| 2 | From: Simon Wilkinson <simon@sxw.org.uk> | 2 | From: Simon Wilkinson <simon@sxw.org.uk> |
| 3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 |
| 4 | Subject: GSSAPI key exchange support | 4 | Subject: GSSAPI key exchange support |
| @@ -17,7 +17,7 @@ have it merged into the main openssh package rather than having separate | |||
| 17 | security history. | 17 | security history. |
| 18 | 18 | ||
| 19 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 | 19 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 |
| 20 | Last-Updated: 2016-12-28 | 20 | Last-Updated: 2017-01-16 |
| 21 | 21 | ||
| 22 | Patch-Name: gssapi.patch | 22 | Patch-Name: gssapi.patch |
| 23 | --- | 23 | --- |
| @@ -50,13 +50,13 @@ Patch-Name: gssapi.patch | |||
| 50 | ssh-gss.h | 41 ++++++- | 50 | ssh-gss.h | 41 ++++++- |
| 51 | ssh_config | 2 + | 51 | ssh_config | 2 + |
| 52 | ssh_config.5 | 32 ++++++ | 52 | ssh_config.5 | 32 ++++++ |
| 53 | sshconnect2.c | 122 +++++++++++++++++++- | 53 | sshconnect2.c | 131 ++++++++++++++++++++- |
| 54 | sshd.c | 112 +++++++++++++++++- | 54 | sshd.c | 112 +++++++++++++++++- |
| 55 | sshd_config | 2 + | 55 | sshd_config | 2 + |
| 56 | sshd_config.5 | 10 ++ | 56 | sshd_config.5 | 10 ++ |
| 57 | sshkey.c | 3 +- | 57 | sshkey.c | 3 +- |
| 58 | sshkey.h | 1 + | 58 | sshkey.h | 1 + |
| 59 | 35 files changed, 2053 insertions(+), 148 deletions(-) | 59 | 35 files changed, 2062 insertions(+), 148 deletions(-) |
| 60 | create mode 100644 ChangeLog.gssapi | 60 | create mode 100644 ChangeLog.gssapi |
| 61 | create mode 100644 kexgssc.c | 61 | create mode 100644 kexgssc.c |
| 62 | create mode 100644 kexgsss.c | 62 | create mode 100644 kexgsss.c |
| @@ -2843,7 +2843,7 @@ index 591365f3..a7703fc7 100644 | |||
| 2843 | Indicates that | 2843 | Indicates that |
| 2844 | .Xr ssh 1 | 2844 | .Xr ssh 1 |
| 2845 | diff --git a/sshconnect2.c b/sshconnect2.c | 2845 | diff --git a/sshconnect2.c b/sshconnect2.c |
| 2846 | index 103a2b36..d534e619 100644 | 2846 | index 103a2b36..c35a0bd5 100644 |
| 2847 | --- a/sshconnect2.c | 2847 | --- a/sshconnect2.c |
| 2848 | +++ b/sshconnect2.c | 2848 | +++ b/sshconnect2.c |
| 2849 | @@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2849 | @@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
| @@ -2858,7 +2858,7 @@ index 103a2b36..d534e619 100644 | |||
| 2858 | xxx_host = host; | 2858 | xxx_host = host; |
| 2859 | xxx_hostaddr = hostaddr; | 2859 | xxx_hostaddr = hostaddr; |
| 2860 | 2860 | ||
| 2861 | @@ -192,6 +197,36 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2861 | @@ -192,6 +197,35 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
| 2862 | order_hostkeyalgs(host, hostaddr, port)); | 2862 | order_hostkeyalgs(host, hostaddr, port)); |
| 2863 | } | 2863 | } |
| 2864 | 2864 | ||
| @@ -2887,7 +2887,6 @@ index 103a2b36..d534e619 100644 | |||
| 2887 | + orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; | 2887 | + orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; |
| 2888 | + xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], | 2888 | + xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], |
| 2889 | + "%s,null", orig); | 2889 | + "%s,null", orig); |
| 2890 | + free(gss); | ||
| 2891 | + } | 2890 | + } |
| 2892 | + } | 2891 | + } |
| 2893 | +#endif | 2892 | +#endif |
| @@ -2895,7 +2894,7 @@ index 103a2b36..d534e619 100644 | |||
| 2895 | if (options.rekey_limit || options.rekey_interval) | 2894 | if (options.rekey_limit || options.rekey_interval) |
| 2896 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | 2895 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
| 2897 | (time_t)options.rekey_interval); | 2896 | (time_t)options.rekey_interval); |
| 2898 | @@ -213,10 +248,26 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2897 | @@ -213,15 +247,41 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
| 2899 | # endif | 2898 | # endif |
| 2900 | #endif | 2899 | #endif |
| 2901 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; | 2900 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; |
| @@ -2922,7 +2921,22 @@ index 103a2b36..d534e619 100644 | |||
| 2922 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); | 2921 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); |
| 2923 | 2922 | ||
| 2924 | /* remove ext-info from the KEX proposals for rekeying */ | 2923 | /* remove ext-info from the KEX proposals for rekeying */ |
| 2925 | @@ -311,6 +362,7 @@ int input_gssapi_token(int type, u_int32_t, void *); | 2924 | myproposal[PROPOSAL_KEX_ALGS] = |
| 2925 | compat_kex_proposal(options.kex_algorithms); | ||
| 2926 | +#ifdef GSSAPI | ||
| 2927 | + /* repair myproposal after it was crumpled by the */ | ||
| 2928 | + /* ext-info removal above */ | ||
| 2929 | + if (gss) { | ||
| 2930 | + orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
| 2931 | + xasprintf(&myproposal[PROPOSAL_KEX_ALGS], | ||
| 2932 | + "%s,%s", gss, orig); | ||
| 2933 | + free(gss); | ||
| 2934 | + } | ||
| 2935 | +#endif | ||
| 2936 | if ((r = kex_prop2buf(kex->my, myproposal)) != 0) | ||
| 2937 | fatal("kex_prop2buf: %s", ssh_err(r)); | ||
| 2938 | |||
| 2939 | @@ -311,6 +371,7 @@ int input_gssapi_token(int type, u_int32_t, void *); | ||
| 2926 | int input_gssapi_hash(int type, u_int32_t, void *); | 2940 | int input_gssapi_hash(int type, u_int32_t, void *); |
| 2927 | int input_gssapi_error(int, u_int32_t, void *); | 2941 | int input_gssapi_error(int, u_int32_t, void *); |
| 2928 | int input_gssapi_errtok(int, u_int32_t, void *); | 2942 | int input_gssapi_errtok(int, u_int32_t, void *); |
| @@ -2930,7 +2944,7 @@ index 103a2b36..d534e619 100644 | |||
| 2930 | #endif | 2944 | #endif |
| 2931 | 2945 | ||
| 2932 | void userauth(Authctxt *, char *); | 2946 | void userauth(Authctxt *, char *); |
| 2933 | @@ -327,6 +379,11 @@ static char *authmethods_get(void); | 2947 | @@ -327,6 +388,11 @@ static char *authmethods_get(void); |
| 2934 | 2948 | ||
| 2935 | Authmethod authmethods[] = { | 2949 | Authmethod authmethods[] = { |
| 2936 | #ifdef GSSAPI | 2950 | #ifdef GSSAPI |
| @@ -2942,7 +2956,7 @@ index 103a2b36..d534e619 100644 | |||
| 2942 | {"gssapi-with-mic", | 2956 | {"gssapi-with-mic", |
| 2943 | userauth_gssapi, | 2957 | userauth_gssapi, |
| 2944 | NULL, | 2958 | NULL, |
| 2945 | @@ -652,25 +709,40 @@ userauth_gssapi(Authctxt *authctxt) | 2959 | @@ -652,25 +718,40 @@ userauth_gssapi(Authctxt *authctxt) |
| 2946 | static u_int mech = 0; | 2960 | static u_int mech = 0; |
| 2947 | OM_uint32 min; | 2961 | OM_uint32 min; |
| 2948 | int ok = 0; | 2962 | int ok = 0; |
| @@ -2985,7 +2999,7 @@ index 103a2b36..d534e619 100644 | |||
| 2985 | if (!ok) | 2999 | if (!ok) |
| 2986 | return 0; | 3000 | return 0; |
| 2987 | 3001 | ||
| 2988 | @@ -761,8 +833,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | 3002 | @@ -761,8 +842,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) |
| 2989 | { | 3003 | { |
| 2990 | Authctxt *authctxt = ctxt; | 3004 | Authctxt *authctxt = ctxt; |
| 2991 | Gssctxt *gssctxt; | 3005 | Gssctxt *gssctxt; |
| @@ -2996,7 +3010,7 @@ index 103a2b36..d534e619 100644 | |||
| 2996 | 3010 | ||
| 2997 | if (authctxt == NULL) | 3011 | if (authctxt == NULL) |
| 2998 | fatal("input_gssapi_response: no authentication context"); | 3012 | fatal("input_gssapi_response: no authentication context"); |
| 2999 | @@ -875,6 +947,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) | 3013 | @@ -875,6 +956,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) |
| 3000 | free(lang); | 3014 | free(lang); |
| 3001 | return 0; | 3015 | return 0; |
| 3002 | } | 3016 | } |