summaryrefslogtreecommitdiff
path: root/debian/patches/gssapi.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/gssapi.patch')
-rw-r--r--debian/patches/gssapi.patch44
1 files changed, 22 insertions, 22 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index e39239fbd..778c23023 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -364,7 +364,7 @@ Index: b/clientloop.c
364 /* import options */ 364 /* import options */
365 extern Options options; 365 extern Options options;
366 366
367@@ -1431,6 +1435,15 @@ 367@@ -1483,6 +1487,15 @@
368 /* Do channel operations unless rekeying in progress. */ 368 /* Do channel operations unless rekeying in progress. */
369 if (!rekeying) { 369 if (!rekeying) {
370 channel_after_select(readset, writeset); 370 channel_after_select(readset, writeset);
@@ -1918,9 +1918,9 @@ Index: b/key.c
1918=================================================================== 1918===================================================================
1919--- a/key.c 1919--- a/key.c
1920+++ b/key.c 1920+++ b/key.c
1921@@ -982,6 +982,8 @@ 1921@@ -1020,6 +1020,8 @@
1922 return KEY_RSA_CERT; 1922 return KEY_RSA_CERT;
1923 } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { 1923 } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
1924 return KEY_DSA_CERT; 1924 return KEY_DSA_CERT;
1925+ } else if (strcmp(name, "null") == 0) { 1925+ } else if (strcmp(name, "null") == 0) {
1926+ return KEY_NULL; 1926+ return KEY_NULL;
@@ -1931,10 +1931,10 @@ Index: b/key.h
1931=================================================================== 1931===================================================================
1932--- a/key.h 1932--- a/key.h
1933+++ b/key.h 1933+++ b/key.h
1934@@ -37,6 +37,7 @@ 1934@@ -39,6 +39,7 @@
1935 KEY_DSA,
1936 KEY_RSA_CERT,
1937 KEY_DSA_CERT, 1935 KEY_DSA_CERT,
1936 KEY_RSA_CERT_V00,
1937 KEY_DSA_CERT_V00,
1938+ KEY_NULL, 1938+ KEY_NULL,
1939 KEY_UNSPEC 1939 KEY_UNSPEC
1940 }; 1940 };
@@ -2239,9 +2239,9 @@ Index: b/readconf.c
2239 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 2239 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
2240+ oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, 2240+ oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
2241 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 2241 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
2242 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 2242 oSendEnv, oControlPath, oControlMaster, oControlPersist,
2243 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 2243 oHashKnownHosts,
2244@@ -164,10 +165,18 @@ 2244@@ -166,10 +167,18 @@
2245 { "afstokenpassing", oUnsupported }, 2245 { "afstokenpassing", oUnsupported },
2246 #if defined(GSSAPI) 2246 #if defined(GSSAPI)
2247 { "gssapiauthentication", oGssAuthentication }, 2247 { "gssapiauthentication", oGssAuthentication },
@@ -2260,7 +2260,7 @@ Index: b/readconf.c
2260 #endif 2260 #endif
2261 { "fallbacktorsh", oDeprecated }, 2261 { "fallbacktorsh", oDeprecated },
2262 { "usersh", oDeprecated }, 2262 { "usersh", oDeprecated },
2263@@ -456,10 +465,26 @@ 2263@@ -474,10 +483,26 @@
2264 intptr = &options->gss_authentication; 2264 intptr = &options->gss_authentication;
2265 goto parse_flag; 2265 goto parse_flag;
2266 2266
@@ -2287,7 +2287,7 @@ Index: b/readconf.c
2287 case oBatchMode: 2287 case oBatchMode:
2288 intptr = &options->batch_mode; 2288 intptr = &options->batch_mode;
2289 goto parse_flag; 2289 goto parse_flag;
2290@@ -1015,7 +1040,11 @@ 2290@@ -1058,7 +1083,11 @@
2291 options->pubkey_authentication = -1; 2291 options->pubkey_authentication = -1;
2292 options->challenge_response_authentication = -1; 2292 options->challenge_response_authentication = -1;
2293 options->gss_authentication = -1; 2293 options->gss_authentication = -1;
@@ -2299,7 +2299,7 @@ Index: b/readconf.c
2299 options->password_authentication = -1; 2299 options->password_authentication = -1;
2300 options->kbd_interactive_authentication = -1; 2300 options->kbd_interactive_authentication = -1;
2301 options->kbd_interactive_devices = NULL; 2301 options->kbd_interactive_devices = NULL;
2302@@ -1107,8 +1136,14 @@ 2302@@ -1156,8 +1185,14 @@
2303 options->challenge_response_authentication = 1; 2303 options->challenge_response_authentication = 1;
2304 if (options->gss_authentication == -1) 2304 if (options->gss_authentication == -1)
2305 options->gss_authentication = 0; 2305 options->gss_authentication = 0;
@@ -2318,7 +2318,7 @@ Index: b/readconf.h
2318=================================================================== 2318===================================================================
2319--- a/readconf.h 2319--- a/readconf.h
2320+++ b/readconf.h 2320+++ b/readconf.h
2321@@ -44,7 +44,11 @@ 2321@@ -46,7 +46,11 @@
2322 int challenge_response_authentication; 2322 int challenge_response_authentication;
2323 /* Try S/Key or TIS, authentication. */ 2323 /* Try S/Key or TIS, authentication. */
2324 int gss_authentication; /* Try GSS authentication */ 2324 int gss_authentication; /* Try GSS authentication */
@@ -2345,7 +2345,7 @@ Index: b/servconf.c
2345 options->password_authentication = -1; 2345 options->password_authentication = -1;
2346 options->kbd_interactive_authentication = -1; 2346 options->kbd_interactive_authentication = -1;
2347 options->challenge_response_authentication = -1; 2347 options->challenge_response_authentication = -1;
2348@@ -214,8 +217,14 @@ 2348@@ -215,8 +218,14 @@
2349 options->kerberos_get_afs_token = 0; 2349 options->kerberos_get_afs_token = 0;
2350 if (options->gss_authentication == -1) 2350 if (options->gss_authentication == -1)
2351 options->gss_authentication = 0; 2351 options->gss_authentication = 0;
@@ -2360,7 +2360,7 @@ Index: b/servconf.c
2360 if (options->password_authentication == -1) 2360 if (options->password_authentication == -1)
2361 options->password_authentication = 1; 2361 options->password_authentication = 1;
2362 if (options->kbd_interactive_authentication == -1) 2362 if (options->kbd_interactive_authentication == -1)
2363@@ -306,7 +315,9 @@ 2363@@ -307,7 +316,9 @@
2364 sBanner, sUseDNS, sHostbasedAuthentication, 2364 sBanner, sUseDNS, sHostbasedAuthentication,
2365 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 2365 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
2366 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 2366 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
@@ -2371,7 +2371,7 @@ Index: b/servconf.c
2371 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 2371 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
2372 sUsePrivilegeSeparation, sAllowAgentForwarding, 2372 sUsePrivilegeSeparation, sAllowAgentForwarding,
2373 sZeroKnowledgePasswordAuthentication, sHostCertificate, 2373 sZeroKnowledgePasswordAuthentication, sHostCertificate,
2374@@ -369,9 +380,15 @@ 2374@@ -370,9 +381,15 @@
2375 #ifdef GSSAPI 2375 #ifdef GSSAPI
2376 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 2376 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
2377 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 2377 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2387,7 +2387,7 @@ Index: b/servconf.c
2387 #endif 2387 #endif
2388 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 2388 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
2389 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 2389 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
2390@@ -924,10 +941,22 @@ 2390@@ -926,10 +943,22 @@
2391 intptr = &options->gss_authentication; 2391 intptr = &options->gss_authentication;
2392 goto parse_flag; 2392 goto parse_flag;
2393 2393
@@ -2543,7 +2543,7 @@ Index: b/ssh_config.5
2543=================================================================== 2543===================================================================
2544--- a/ssh_config.5 2544--- a/ssh_config.5
2545+++ b/ssh_config.5 2545+++ b/ssh_config.5
2546@@ -478,11 +478,38 @@ 2546@@ -509,11 +509,38 @@
2547 The default is 2547 The default is
2548 .Dq no . 2548 .Dq no .
2549 Note that this option applies to protocol version 2 only. 2549 Note that this option applies to protocol version 2 only.
@@ -2794,7 +2794,7 @@ Index: b/sshd.c
2794 #ifdef LIBWRAP 2794 #ifdef LIBWRAP
2795 #include <tcpd.h> 2795 #include <tcpd.h>
2796 #include <syslog.h> 2796 #include <syslog.h>
2797@@ -1577,10 +1581,13 @@ 2797@@ -1586,10 +1590,13 @@
2798 logit("Disabling protocol version 1. Could not load host key"); 2798 logit("Disabling protocol version 1. Could not load host key");
2799 options.protocol &= ~SSH_PROTO_1; 2799 options.protocol &= ~SSH_PROTO_1;
2800 } 2800 }
@@ -2808,7 +2808,7 @@ Index: b/sshd.c
2808 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { 2808 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
2809 logit("sshd: no hostkeys available -- exiting."); 2809 logit("sshd: no hostkeys available -- exiting.");
2810 exit(1); 2810 exit(1);
2811@@ -1909,6 +1916,60 @@ 2811@@ -1918,6 +1925,60 @@
2812 /* Log the connection. */ 2812 /* Log the connection. */
2813 verbose("Connection from %.500s port %d", remote_ip, remote_port); 2813 verbose("Connection from %.500s port %d", remote_ip, remote_port);
2814 2814
@@ -2869,7 +2869,7 @@ Index: b/sshd.c
2869 /* 2869 /*
2870 * We don't want to listen forever unless the other side 2870 * We don't want to listen forever unless the other side
2871 * successfully authenticates itself. So we set up an alarm which is 2871 * successfully authenticates itself. So we set up an alarm which is
2872@@ -2287,12 +2348,61 @@ 2872@@ -2296,12 +2357,61 @@
2873 2873
2874 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); 2874 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
2875 2875
@@ -2948,7 +2948,7 @@ Index: b/sshd_config.5
2948=================================================================== 2948===================================================================
2949--- a/sshd_config.5 2949--- a/sshd_config.5
2950+++ b/sshd_config.5 2950+++ b/sshd_config.5
2951@@ -379,12 +379,40 @@ 2951@@ -424,12 +424,40 @@
2952 The default is 2952 The default is
2953 .Dq no . 2953 .Dq no .
2954 Note that this option applies to protocol version 2 only. 2954 Note that this option applies to protocol version 2 only.