From d5eca3a18dd64586574f6e8c13d6886948b9ce69 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 23 Dec 2006 10:08:45 +0000 Subject: * Make GSSAPICleanupCreds a compatibility alias for GSSAPICleanupCredentials. Mark GSSUseSessionCCache and GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate away from them on upgrade. --- debian/changelog | 4 ++++ debian/openssh-server.postinst | 32 +++++++++++++++++++++++++++----- servconf.c | 4 ++++ 3 files changed, 35 insertions(+), 5 deletions(-) diff --git a/debian/changelog b/debian/changelog index 08bc4b453..611a9ef0c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,10 @@ openssh (1:4.3p2-8) UNRELEASED; urgency=low [ Colin Watson ] * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't sufficient to replace conffiles (closes: #402804). + * Make GSSAPICleanupCreds a compatibility alias for + GSSAPICleanupCredentials. Mark GSSUseSessionCCache and + GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate + away from them on upgrade. * debconf template translations: - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528). diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 4e91098df..ee660165e 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst @@ -72,10 +72,23 @@ set_config_option() { } -remove_obsolete_gssapi() { - grep -qi '^[ ]*GSSAPINoMICAuthentication' /etc/ssh/sshd_config \ - || return 0 - perl -pe 's/^(\s*GSSAPINoMICAuthentication)/\#$1/i' \ +disable_config_option() { + option="$1" + + value="$(get_config_option "$option")" + [ "$value" ] || return 0 + + perl -le ' + $option = $ARGV[0]; + while () { + chomp; + (my $match = $_) =~ s/\s+/ /g; + # TODO: actually only one "=" allowed after option + if ($match =~ s/^(\s*\Q$option\E[[:space:]=]+.*)/#$1/i) { + $_ = $match; + } + print; + }' \ < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new @@ -83,6 +96,13 @@ remove_obsolete_gssapi() { } +remove_obsolete_gssapi() { + disable_config_option GSSAPINoMICAuthentication + disable_config_option GSSUseSessionCCache + disable_config_option GSSAPIUseSessionCredCache +} + + host_keys_required() { hostkeys="$(get_config_option HostKey)" if [ "$hostkeys" ]; then @@ -202,7 +222,9 @@ create_sshdconfig() { fi # Remove obsolete GSSAPI options. - remove_obsolete_gssapi + if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then + remove_obsolete_gssapi + fi return 0 fi diff --git a/servconf.c b/servconf.c index 219a0300f..60febff99 100644 --- a/servconf.c +++ b/servconf.c @@ -333,11 +333,15 @@ static struct { { "gssapiauthentication", sGssAuthentication }, { "gssapikeyexchange", sGssKeyEx }, { "gssapicleanupcredentials", sGssCleanupCreds }, + { "gssapicleanupcreds", sGssCleanupCreds }, #else { "gssapiauthentication", sUnsupported }, { "gssapikeyexchange", sUnsupported }, { "gssapicleanupcredentials", sUnsupported }, + { "gssapicleanupcreds", sUnsupported }, #endif + { "gssusesessionccache", sUnsupported }, + { "gssapiusesessioncredcache", sUnsupported }, { "passwordauthentication", sPasswordAuthentication }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication }, -- cgit v1.2.3