diff options
Diffstat (limited to 'debian/patches/gssapi.patch')
| -rw-r--r-- | debian/patches/gssapi.patch | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index e39239fbd..778c23023 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
| @@ -364,7 +364,7 @@ Index: b/clientloop.c | |||
| 364 | /* import options */ | 364 | /* import options */ |
| 365 | extern Options options; | 365 | extern Options options; |
| 366 | 366 | ||
| 367 | @@ -1431,6 +1435,15 @@ | 367 | @@ -1483,6 +1487,15 @@ |
| 368 | /* Do channel operations unless rekeying in progress. */ | 368 | /* Do channel operations unless rekeying in progress. */ |
| 369 | if (!rekeying) { | 369 | if (!rekeying) { |
| 370 | channel_after_select(readset, writeset); | 370 | channel_after_select(readset, writeset); |
| @@ -1918,9 +1918,9 @@ Index: b/key.c | |||
| 1918 | =================================================================== | 1918 | =================================================================== |
| 1919 | --- a/key.c | 1919 | --- a/key.c |
| 1920 | +++ b/key.c | 1920 | +++ b/key.c |
| 1921 | @@ -982,6 +982,8 @@ | 1921 | @@ -1020,6 +1020,8 @@ |
| 1922 | return KEY_RSA_CERT; | 1922 | return KEY_RSA_CERT; |
| 1923 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { | 1923 | } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { |
| 1924 | return KEY_DSA_CERT; | 1924 | return KEY_DSA_CERT; |
| 1925 | + } else if (strcmp(name, "null") == 0) { | 1925 | + } else if (strcmp(name, "null") == 0) { |
| 1926 | + return KEY_NULL; | 1926 | + return KEY_NULL; |
| @@ -1931,10 +1931,10 @@ Index: b/key.h | |||
| 1931 | =================================================================== | 1931 | =================================================================== |
| 1932 | --- a/key.h | 1932 | --- a/key.h |
| 1933 | +++ b/key.h | 1933 | +++ b/key.h |
| 1934 | @@ -37,6 +37,7 @@ | 1934 | @@ -39,6 +39,7 @@ |
| 1935 | KEY_DSA, | ||
| 1936 | KEY_RSA_CERT, | ||
| 1937 | KEY_DSA_CERT, | 1935 | KEY_DSA_CERT, |
| 1936 | KEY_RSA_CERT_V00, | ||
| 1937 | KEY_DSA_CERT_V00, | ||
| 1938 | + KEY_NULL, | 1938 | + KEY_NULL, |
| 1939 | KEY_UNSPEC | 1939 | KEY_UNSPEC |
| 1940 | }; | 1940 | }; |
| @@ -2239,9 +2239,9 @@ Index: b/readconf.c | |||
| 2239 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 2239 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
| 2240 | + oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | 2240 | + oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, |
| 2241 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 2241 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
| 2242 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 2242 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
| 2243 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 2243 | oHashKnownHosts, |
| 2244 | @@ -164,10 +165,18 @@ | 2244 | @@ -166,10 +167,18 @@ |
| 2245 | { "afstokenpassing", oUnsupported }, | 2245 | { "afstokenpassing", oUnsupported }, |
| 2246 | #if defined(GSSAPI) | 2246 | #if defined(GSSAPI) |
| 2247 | { "gssapiauthentication", oGssAuthentication }, | 2247 | { "gssapiauthentication", oGssAuthentication }, |
| @@ -2260,7 +2260,7 @@ Index: b/readconf.c | |||
| 2260 | #endif | 2260 | #endif |
| 2261 | { "fallbacktorsh", oDeprecated }, | 2261 | { "fallbacktorsh", oDeprecated }, |
| 2262 | { "usersh", oDeprecated }, | 2262 | { "usersh", oDeprecated }, |
| 2263 | @@ -456,10 +465,26 @@ | 2263 | @@ -474,10 +483,26 @@ |
| 2264 | intptr = &options->gss_authentication; | 2264 | intptr = &options->gss_authentication; |
| 2265 | goto parse_flag; | 2265 | goto parse_flag; |
| 2266 | 2266 | ||
| @@ -2287,7 +2287,7 @@ Index: b/readconf.c | |||
| 2287 | case oBatchMode: | 2287 | case oBatchMode: |
| 2288 | intptr = &options->batch_mode; | 2288 | intptr = &options->batch_mode; |
| 2289 | goto parse_flag; | 2289 | goto parse_flag; |
| 2290 | @@ -1015,7 +1040,11 @@ | 2290 | @@ -1058,7 +1083,11 @@ |
| 2291 | options->pubkey_authentication = -1; | 2291 | options->pubkey_authentication = -1; |
| 2292 | options->challenge_response_authentication = -1; | 2292 | options->challenge_response_authentication = -1; |
| 2293 | options->gss_authentication = -1; | 2293 | options->gss_authentication = -1; |
| @@ -2299,7 +2299,7 @@ Index: b/readconf.c | |||
| 2299 | options->password_authentication = -1; | 2299 | options->password_authentication = -1; |
| 2300 | options->kbd_interactive_authentication = -1; | 2300 | options->kbd_interactive_authentication = -1; |
| 2301 | options->kbd_interactive_devices = NULL; | 2301 | options->kbd_interactive_devices = NULL; |
| 2302 | @@ -1107,8 +1136,14 @@ | 2302 | @@ -1156,8 +1185,14 @@ |
| 2303 | options->challenge_response_authentication = 1; | 2303 | options->challenge_response_authentication = 1; |
| 2304 | if (options->gss_authentication == -1) | 2304 | if (options->gss_authentication == -1) |
| 2305 | options->gss_authentication = 0; | 2305 | options->gss_authentication = 0; |
| @@ -2318,7 +2318,7 @@ Index: b/readconf.h | |||
| 2318 | =================================================================== | 2318 | =================================================================== |
| 2319 | --- a/readconf.h | 2319 | --- a/readconf.h |
| 2320 | +++ b/readconf.h | 2320 | +++ b/readconf.h |
| 2321 | @@ -44,7 +44,11 @@ | 2321 | @@ -46,7 +46,11 @@ |
| 2322 | int challenge_response_authentication; | 2322 | int challenge_response_authentication; |
| 2323 | /* Try S/Key or TIS, authentication. */ | 2323 | /* Try S/Key or TIS, authentication. */ |
| 2324 | int gss_authentication; /* Try GSS authentication */ | 2324 | int gss_authentication; /* Try GSS authentication */ |
| @@ -2345,7 +2345,7 @@ Index: b/servconf.c | |||
| 2345 | options->password_authentication = -1; | 2345 | options->password_authentication = -1; |
| 2346 | options->kbd_interactive_authentication = -1; | 2346 | options->kbd_interactive_authentication = -1; |
| 2347 | options->challenge_response_authentication = -1; | 2347 | options->challenge_response_authentication = -1; |
| 2348 | @@ -214,8 +217,14 @@ | 2348 | @@ -215,8 +218,14 @@ |
| 2349 | options->kerberos_get_afs_token = 0; | 2349 | options->kerberos_get_afs_token = 0; |
| 2350 | if (options->gss_authentication == -1) | 2350 | if (options->gss_authentication == -1) |
| 2351 | options->gss_authentication = 0; | 2351 | options->gss_authentication = 0; |
| @@ -2360,7 +2360,7 @@ Index: b/servconf.c | |||
| 2360 | if (options->password_authentication == -1) | 2360 | if (options->password_authentication == -1) |
| 2361 | options->password_authentication = 1; | 2361 | options->password_authentication = 1; |
| 2362 | if (options->kbd_interactive_authentication == -1) | 2362 | if (options->kbd_interactive_authentication == -1) |
| 2363 | @@ -306,7 +315,9 @@ | 2363 | @@ -307,7 +316,9 @@ |
| 2364 | sBanner, sUseDNS, sHostbasedAuthentication, | 2364 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 2365 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 2365 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 2366 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 2366 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| @@ -2371,7 +2371,7 @@ Index: b/servconf.c | |||
| 2371 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 2371 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 2372 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 2372 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 2373 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 2373 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| 2374 | @@ -369,9 +380,15 @@ | 2374 | @@ -370,9 +381,15 @@ |
| 2375 | #ifdef GSSAPI | 2375 | #ifdef GSSAPI |
| 2376 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 2376 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 2377 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 2377 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| @@ -2387,7 +2387,7 @@ Index: b/servconf.c | |||
| 2387 | #endif | 2387 | #endif |
| 2388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 2388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 2389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 2389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 2390 | @@ -924,10 +941,22 @@ | 2390 | @@ -926,10 +943,22 @@ |
| 2391 | intptr = &options->gss_authentication; | 2391 | intptr = &options->gss_authentication; |
| 2392 | goto parse_flag; | 2392 | goto parse_flag; |
| 2393 | 2393 | ||
| @@ -2543,7 +2543,7 @@ Index: b/ssh_config.5 | |||
| 2543 | =================================================================== | 2543 | =================================================================== |
| 2544 | --- a/ssh_config.5 | 2544 | --- a/ssh_config.5 |
| 2545 | +++ b/ssh_config.5 | 2545 | +++ b/ssh_config.5 |
| 2546 | @@ -478,11 +478,38 @@ | 2546 | @@ -509,11 +509,38 @@ |
| 2547 | The default is | 2547 | The default is |
| 2548 | .Dq no . | 2548 | .Dq no . |
| 2549 | Note that this option applies to protocol version 2 only. | 2549 | Note that this option applies to protocol version 2 only. |
| @@ -2794,7 +2794,7 @@ Index: b/sshd.c | |||
| 2794 | #ifdef LIBWRAP | 2794 | #ifdef LIBWRAP |
| 2795 | #include <tcpd.h> | 2795 | #include <tcpd.h> |
| 2796 | #include <syslog.h> | 2796 | #include <syslog.h> |
| 2797 | @@ -1577,10 +1581,13 @@ | 2797 | @@ -1586,10 +1590,13 @@ |
| 2798 | logit("Disabling protocol version 1. Could not load host key"); | 2798 | logit("Disabling protocol version 1. Could not load host key"); |
| 2799 | options.protocol &= ~SSH_PROTO_1; | 2799 | options.protocol &= ~SSH_PROTO_1; |
| 2800 | } | 2800 | } |
| @@ -2808,7 +2808,7 @@ Index: b/sshd.c | |||
| 2808 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 2808 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
| 2809 | logit("sshd: no hostkeys available -- exiting."); | 2809 | logit("sshd: no hostkeys available -- exiting."); |
| 2810 | exit(1); | 2810 | exit(1); |
| 2811 | @@ -1909,6 +1916,60 @@ | 2811 | @@ -1918,6 +1925,60 @@ |
| 2812 | /* Log the connection. */ | 2812 | /* Log the connection. */ |
| 2813 | verbose("Connection from %.500s port %d", remote_ip, remote_port); | 2813 | verbose("Connection from %.500s port %d", remote_ip, remote_port); |
| 2814 | 2814 | ||
| @@ -2869,7 +2869,7 @@ Index: b/sshd.c | |||
| 2869 | /* | 2869 | /* |
| 2870 | * We don't want to listen forever unless the other side | 2870 | * We don't want to listen forever unless the other side |
| 2871 | * successfully authenticates itself. So we set up an alarm which is | 2871 | * successfully authenticates itself. So we set up an alarm which is |
| 2872 | @@ -2287,12 +2348,61 @@ | 2872 | @@ -2296,12 +2357,61 @@ |
| 2873 | 2873 | ||
| 2874 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2874 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
| 2875 | 2875 | ||
| @@ -2948,7 +2948,7 @@ Index: b/sshd_config.5 | |||
| 2948 | =================================================================== | 2948 | =================================================================== |
| 2949 | --- a/sshd_config.5 | 2949 | --- a/sshd_config.5 |
| 2950 | +++ b/sshd_config.5 | 2950 | +++ b/sshd_config.5 |
| 2951 | @@ -379,12 +379,40 @@ | 2951 | @@ -424,12 +424,40 @@ |
| 2952 | The default is | 2952 | The default is |
| 2953 | .Dq no . | 2953 | .Dq no . |
| 2954 | Note that this option applies to protocol version 2 only. | 2954 | Note that this option applies to protocol version 2 only. |