1 files changed, 0 insertions, 115 deletions
diff --git a/debian/patches/old-gssapi.patch b/debian/patches/old-gssapi.patch
deleted file mode 100644
index 1ef689331..000000000
--- a/debian/patches/old-gssapi.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-Description: Interoperate with old GSSAPI authentication method
- ssh-krb5 << 3.8.1p1-1 servers used a slightly different version.
- .
- Forwarded to Simon Wilkinson for inclusion in the GSSAPI patch.
-Author: "Aaron M. Ucko" <ucko@debian.org>
-Bug-Debian: http://bugs.debian.org/328388
-Forwarded: yes
-Last-Updated: 2010-03-01
-Index: b/sshconnect2.c
-===================================================================
--- a/sshconnect2.c
-+++ b/sshconnect2.c
-@@ -314,6 +314,11 @@
-                NULL,
-                &options.gss_authentication,
-                NULL},
-+       {"gssapi",
-+               userauth_gssapi,
-+               NULL,
-+               &options.gss_authentication,
-+               NULL},
- #endif
-        {"hostbased",
-                userauth_hostbased,
-@@ -601,6 +606,7 @@
-        OM_uint32 min;
-        int ok = 0;
-        const char *gss_host;
-+       int old_gssapi_method;
- 
-        if (options.gss_trust_dns)
-                gss_host = get_canonical_hostname(1);
-@@ -639,13 +645,25 @@
-        packet_put_cstring(authctxt->service);
-        packet_put_cstring(authctxt->method->name);
- 
-       packet_put_int(1);
-+       old_gssapi_method = !strcmp(authctxt->method->name, "gssapi");
-+
-+       /* Versions of Debian ssh-krb5 prior to 3.8.1p1-1 don't expect
-+        * tagged OIDs.  As such we include both tagged and untagged oids
-+        * for the old gssapi method.
-+        * We only include tagged oids for the new gssapi-with-mic method.
-+        */
-+       packet_put_int(old_gssapi_method ? 2 : 1);
- 
-        packet_put_int((gss_supported->elements[mech].length) + 2);
-        packet_put_char(SSH_GSS_OIDTYPE);
-        packet_put_char(gss_supported->elements[mech].length);
-        packet_put_raw(gss_supported->elements[mech].elements,
-            gss_supported->elements[mech].length);
-+       if (old_gssapi_method) {
-+               packet_put_int(gss_supported->elements[mech].length);
-+               packet_put_raw(gss_supported->elements[mech].elements,
-+                              gss_supported->elements[mech].length);
-+       }
- 
-        packet_send();
- 
-@@ -685,8 +703,10 @@
-        }
- 
-        if (status == GSS_S_COMPLETE) {
-+               int old_gssapi_method = !strcmp(authctxt->method->name,
-+                                               "gssapi");
-                /* send either complete or MIC, depending on mechanism */
-               if (!(flags & GSS_C_INTEG_FLAG)) {
-+               if (old_gssapi_method || !(flags & GSS_C_INTEG_FLAG)) {
-                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
-                        packet_send();
-                } else {
-@@ -720,7 +740,7 @@
-        Authctxt *authctxt = ctxt;
-        Gssctxt *gssctxt;
-        u_int oidlen;
-       u_char *oidv;
-+       u_char *oidv, *oidv_free;
- 
-        if (authctxt == NULL)
-                fatal("input_gssapi_response: no authentication context");
-@@ -728,22 +748,28 @@
- 
-        /* Setup our OID */
-        oidv = packet_get_string(&oidlen);
-+       oidv_free = oidv;
- 
-        if (oidlen <= 2 ||
-            oidv[0] != SSH_GSS_OIDTYPE ||
-            oidv[1] != oidlen - 2) {
-               xfree(oidv);
-                debug("Badly encoded mechanism OID received");
-               userauth(authctxt, NULL);
-               return;
-+               if (oidlen < 2) {
-+                       xfree(oidv_free);
-+                       userauth(authctxt, NULL);
-+                       return;
-+               }
-+       } else {
-+               oidlen -= 2;
-+               oidv += 2;
-        }
- 
-       if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
-+       if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen))
-                fatal("Server returned different OID than expected");
- 
-        packet_check_eom();
- 
-       xfree(oidv);
-+       xfree(oidv_free);
- 
-        if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
-                /* Start again with next method on list */

diff --git a/debian/patches/old-gssapi.patch b/debian/patches/old-gssapi.patch deleted file mode 100644 index 1ef689331..000000000 --- a/debian/patches/old-gssapi.patch +++ /dev/null
@@ -1,115 +0,0 @@
1	Description: Interoperate with old GSSAPI authentication method
2	ssh-krb5 << 3.8.1p1-1 servers used a slightly different version.
3	.
4	Forwarded to Simon Wilkinson for inclusion in the GSSAPI patch.
5	Author: "Aaron M. Ucko" <ucko@debian.org>
6	Bug-Debian: http://bugs.debian.org/328388
7	Forwarded: yes
8	Last-Updated: 2010-03-01
9
10	Index: b/sshconnect2.c
11	===================================================================
12	--- a/sshconnect2.c
13	+++ b/sshconnect2.c
14	@@ -314,6 +314,11 @@
15	NULL,
16	&options.gss_authentication,
17	NULL},
18	+ {"gssapi",
19	+ userauth_gssapi,
20	+ NULL,
21	+ &options.gss_authentication,
22	+ NULL},
23	#endif
24	{"hostbased",
25	userauth_hostbased,
26	@@ -601,6 +606,7 @@
27	OM_uint32 min;
28	int ok = 0;
29	const char *gss_host;
30	+ int old_gssapi_method;
31
32	if (options.gss_trust_dns)
33	gss_host = get_canonical_hostname(1);
34	@@ -639,13 +645,25 @@
35	packet_put_cstring(authctxt->service);
36	packet_put_cstring(authctxt->method->name);
37
38	- packet_put_int(1);
39	+ old_gssapi_method = !strcmp(authctxt->method->name, "gssapi");
40	+
41	+ /* Versions of Debian ssh-krb5 prior to 3.8.1p1-1 don't expect
42	+ * tagged OIDs. As such we include both tagged and untagged oids
43	+ * for the old gssapi method.
44	+ * We only include tagged oids for the new gssapi-with-mic method.
45	+ */
46	+ packet_put_int(old_gssapi_method ? 2 : 1);
47
48	packet_put_int((gss_supported->elements[mech].length) + 2);
49	packet_put_char(SSH_GSS_OIDTYPE);
50	packet_put_char(gss_supported->elements[mech].length);
51	packet_put_raw(gss_supported->elements[mech].elements,
52	gss_supported->elements[mech].length);
53	+ if (old_gssapi_method) {
54	+ packet_put_int(gss_supported->elements[mech].length);
55	+ packet_put_raw(gss_supported->elements[mech].elements,
56	+ gss_supported->elements[mech].length);
57	+ }
58
59	packet_send();
60
61	@@ -685,8 +703,10 @@
62	}
63
64	if (status == GSS_S_COMPLETE) {
65	+ int old_gssapi_method = !strcmp(authctxt->method->name,
66	+ "gssapi");
67	/* send either complete or MIC, depending on mechanism */
68	- if (!(flags & GSS_C_INTEG_FLAG)) {
69	+ if (old_gssapi_method \|\| !(flags & GSS_C_INTEG_FLAG)) {
70	packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
71	packet_send();
72	} else {
73	@@ -720,7 +740,7 @@
74	Authctxt *authctxt = ctxt;
75	Gssctxt *gssctxt;
76	u_int oidlen;
77	- u_char *oidv;
78	+ u_char oidv, oidv_free;
79
80	if (authctxt == NULL)
81	fatal("input_gssapi_response: no authentication context");
82	@@ -728,22 +748,28 @@
83
84	/* Setup our OID */
85	oidv = packet_get_string(&oidlen);
86	+ oidv_free = oidv;
87
88	if (oidlen <= 2 \|\|
89	oidv[0] != SSH_GSS_OIDTYPE \|\|
90	oidv[1] != oidlen - 2) {
91	- xfree(oidv);
92	debug("Badly encoded mechanism OID received");
93	- userauth(authctxt, NULL);
94	- return;
95	+ if (oidlen < 2) {
96	+ xfree(oidv_free);
97	+ userauth(authctxt, NULL);
98	+ return;
99	+ }
100	+ } else {
101	+ oidlen -= 2;
102	+ oidv += 2;
103	}
104
105	- if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
106	+ if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen))
107	fatal("Server returned different OID than expected");
108
109	packet_check_eom();
110
111	- xfree(oidv);
112	+ xfree(oidv_free);
113
114	if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
115	/* Start again with next method on list */