forked from rpms/openssh
rebase to openssh-6.2p1 (#924727)
ACSS was removed from upstream sources
This commit is contained in:
parent
811ec1dd36
commit
8a29dedfa7
1
.gitignore
vendored
1
.gitignore
vendored
@ -8,3 +8,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
|
|||||||
/pam_ssh_agent_auth-0.9.3.tar.bz2
|
/pam_ssh_agent_auth-0.9.3.tar.bz2
|
||||||
/openssh-6.0p1-noacss.tar.bz2
|
/openssh-6.0p1-noacss.tar.bz2
|
||||||
/openssh-6.1p1-noacss.tar.bz2
|
/openssh-6.1p1-noacss.tar.bz2
|
||||||
|
/openssh-6.2p1.tar.gz
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-6.0p1/audit-bsm.c.audit1 openssh-6.0p1/audit-bsm.c
|
diff -up openssh-6.2p1/audit-bsm.c.audit1 openssh-6.2p1/audit-bsm.c
|
||||||
--- openssh-6.0p1/audit-bsm.c.audit1 2012-02-24 00:40:43.000000000 +0100
|
--- openssh-6.2p1/audit-bsm.c.audit1 2012-02-24 00:40:43.000000000 +0100
|
||||||
+++ openssh-6.0p1/audit-bsm.c 2012-08-06 20:33:24.416382804 +0200
|
+++ openssh-6.2p1/audit-bsm.c 2013-03-25 17:18:30.934758118 +0100
|
||||||
@@ -375,10 +375,23 @@ audit_connection_from(const char *host,
|
@@ -375,10 +375,23 @@ audit_connection_from(const char *host,
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -26,9 +26,9 @@ diff -up openssh-6.0p1/audit-bsm.c.audit1 openssh-6.0p1/audit-bsm.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
diff -up openssh-6.0p1/audit.c.audit1 openssh-6.0p1/audit.c
|
diff -up openssh-6.2p1/audit.c.audit1 openssh-6.2p1/audit.c
|
||||||
--- openssh-6.0p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100
|
--- openssh-6.2p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||||
+++ openssh-6.0p1/audit.c 2012-08-06 20:33:24.417382801 +0200
|
+++ openssh-6.2p1/audit.c 2013-03-25 17:18:30.934758118 +0100
|
||||||
@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
|
@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,9 +79,9 @@ diff -up openssh-6.0p1/audit.c.audit1 openssh-6.0p1/audit.c
|
|||||||
+
|
+
|
||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-6.0p1/audit.h.audit1 openssh-6.0p1/audit.h
|
diff -up openssh-6.2p1/audit.h.audit1 openssh-6.2p1/audit.h
|
||||||
--- openssh-6.0p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100
|
--- openssh-6.2p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||||
+++ openssh-6.0p1/audit.h 2012-08-06 20:33:24.417382801 +0200
|
+++ openssh-6.2p1/audit.h 2013-03-25 17:18:30.934758118 +0100
|
||||||
@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
|
@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
|
||||||
|
|
||||||
void audit_connection_from(const char *, int);
|
void audit_connection_from(const char *, int);
|
||||||
@ -95,9 +95,9 @@ diff -up openssh-6.0p1/audit.h.audit1 openssh-6.0p1/audit.h
|
|||||||
ssh_audit_event_t audit_classify_auth(const char *);
|
ssh_audit_event_t audit_classify_auth(const char *);
|
||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-6.0p1/audit-linux.c.audit1 openssh-6.0p1/audit-linux.c
|
diff -up openssh-6.2p1/audit-linux.c.audit1 openssh-6.2p1/audit-linux.c
|
||||||
--- openssh-6.0p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100
|
--- openssh-6.2p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||||
+++ openssh-6.0p1/audit-linux.c 2012-08-06 20:33:24.416382804 +0200
|
+++ openssh-6.2p1/audit-linux.c 2013-03-25 17:18:30.934758118 +0100
|
||||||
@@ -35,13 +35,20 @@
|
@@ -35,13 +35,20 @@
|
||||||
|
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
@ -313,9 +313,9 @@ diff -up openssh-6.0p1/audit-linux.c.audit1 openssh-6.0p1/audit-linux.c
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
diff -up openssh-6.0p1/monitor.c.audit1 openssh-6.0p1/monitor.c
|
diff -up openssh-6.2p1/monitor.c.audit1 openssh-6.2p1/monitor.c
|
||||||
--- openssh-6.0p1/monitor.c.audit1 2012-08-06 20:33:24.410382828 +0200
|
--- openssh-6.2p1/monitor.c.audit1 2013-03-25 17:18:30.913757986 +0100
|
||||||
+++ openssh-6.0p1/monitor.c 2012-08-06 20:33:24.418382797 +0200
|
+++ openssh-6.2p1/monitor.c 2013-03-25 17:18:30.935758124 +0100
|
||||||
@@ -185,6 +185,7 @@ int mm_answer_gss_checkmic(int, Buffer *
|
@@ -185,6 +185,7 @@ int mm_answer_gss_checkmic(int, Buffer *
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
int mm_answer_audit_event(int, Buffer *);
|
int mm_answer_audit_event(int, Buffer *);
|
||||||
@ -340,7 +340,7 @@ diff -up openssh-6.0p1/monitor.c.audit1 openssh-6.0p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -1427,6 +1430,12 @@ mm_session_close(Session *s)
|
@@ -1433,6 +1436,12 @@ mm_session_close(Session *s)
|
||||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
||||||
session_pty_cleanup2(s);
|
session_pty_cleanup2(s);
|
||||||
}
|
}
|
||||||
@ -353,7 +353,7 @@ diff -up openssh-6.0p1/monitor.c.audit1 openssh-6.0p1/monitor.c
|
|||||||
session_unused(s->self);
|
session_unused(s->self);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1751,11 +1760,44 @@ mm_answer_audit_command(int socket, Buff
|
@@ -1755,11 +1764,44 @@ mm_answer_audit_command(int socket, Buff
|
||||||
{
|
{
|
||||||
u_int len;
|
u_int len;
|
||||||
char *cmd;
|
char *cmd;
|
||||||
@ -399,21 +399,24 @@ diff -up openssh-6.0p1/monitor.c.audit1 openssh-6.0p1/monitor.c
|
|||||||
xfree(cmd);
|
xfree(cmd);
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
diff -up openssh-6.0p1/monitor.h.audit1 openssh-6.0p1/monitor.h
|
diff -up openssh-6.2p1/monitor.h.audit1 openssh-6.2p1/monitor.h
|
||||||
--- openssh-6.0p1/monitor.h.audit1 2011-06-20 06:42:23.000000000 +0200
|
--- openssh-6.2p1/monitor.h.audit1 2013-03-25 17:18:30.935758124 +0100
|
||||||
+++ openssh-6.0p1/monitor.h 2012-08-06 20:33:24.418382797 +0200
|
+++ openssh-6.2p1/monitor.h 2013-03-25 17:24:53.474078078 +0100
|
||||||
@@ -60,6 +60,7 @@ enum monitor_reqtype {
|
@@ -68,7 +68,9 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
|
MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107,
|
||||||
MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
|
MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109,
|
||||||
MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
|
MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
|
||||||
+ MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
|
- MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
|
||||||
MONITOR_REQ_TERM,
|
+ MONITOR_REQ_AUDIT_EVENT = 112,
|
||||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
+ MONITOR_REQ_AUDIT_COMMAND = 114, MONITOR_ANS_AUDIT_COMMAND = 115,
|
||||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
+ MONITOR_REQ_AUDIT_END_COMMAND = 116
|
||||||
diff -up openssh-6.0p1/monitor_wrap.c.audit1 openssh-6.0p1/monitor_wrap.c
|
|
||||||
--- openssh-6.0p1/monitor_wrap.c.audit1 2012-08-06 20:33:24.384382930 +0200
|
};
|
||||||
+++ openssh-6.0p1/monitor_wrap.c 2012-08-06 20:33:24.419382793 +0200
|
|
||||||
@@ -1188,10 +1188,11 @@ mm_audit_event(ssh_audit_event_t event)
|
diff -up openssh-6.2p1/monitor_wrap.c.audit1 openssh-6.2p1/monitor_wrap.c
|
||||||
|
--- openssh-6.2p1/monitor_wrap.c.audit1 2013-03-25 17:18:30.913757986 +0100
|
||||||
|
+++ openssh-6.2p1/monitor_wrap.c 2013-03-25 17:18:30.936758131 +0100
|
||||||
|
@@ -1189,10 +1189,11 @@ mm_audit_event(ssh_audit_event_t event)
|
||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -426,7 +429,7 @@ diff -up openssh-6.0p1/monitor_wrap.c.audit1 openssh-6.0p1/monitor_wrap.c
|
|||||||
|
|
||||||
debug3("%s entering command %s", __func__, command);
|
debug3("%s entering command %s", __func__, command);
|
||||||
|
|
||||||
@@ -1199,6 +1200,26 @@ mm_audit_run_command(const char *command
|
@@ -1200,6 +1201,26 @@ mm_audit_run_command(const char *command
|
||||||
buffer_put_cstring(&m, command);
|
buffer_put_cstring(&m, command);
|
||||||
|
|
||||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
|
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
|
||||||
@ -453,9 +456,9 @@ diff -up openssh-6.0p1/monitor_wrap.c.audit1 openssh-6.0p1/monitor_wrap.c
|
|||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
}
|
}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-6.0p1/monitor_wrap.h.audit1 openssh-6.0p1/monitor_wrap.h
|
diff -up openssh-6.2p1/monitor_wrap.h.audit1 openssh-6.2p1/monitor_wrap.h
|
||||||
--- openssh-6.0p1/monitor_wrap.h.audit1 2011-06-20 06:42:23.000000000 +0200
|
--- openssh-6.2p1/monitor_wrap.h.audit1 2011-06-20 06:42:23.000000000 +0200
|
||||||
+++ openssh-6.0p1/monitor_wrap.h 2012-08-06 20:33:24.419382793 +0200
|
+++ openssh-6.2p1/monitor_wrap.h 2013-03-25 17:18:30.936758131 +0100
|
||||||
@@ -74,7 +74,8 @@ void mm_sshpam_free_ctx(void *);
|
@@ -74,7 +74,8 @@ void mm_sshpam_free_ctx(void *);
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
#include "audit.h"
|
#include "audit.h"
|
||||||
@ -466,10 +469,10 @@ diff -up openssh-6.0p1/monitor_wrap.h.audit1 openssh-6.0p1/monitor_wrap.h
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
diff -up openssh-6.2p1/session.c.audit1 openssh-6.2p1/session.c
|
||||||
--- openssh-6.0p1/session.c.audit1 2011-11-04 00:55:24.000000000 +0100
|
--- openssh-6.2p1/session.c.audit1 2013-03-15 01:22:37.000000000 +0100
|
||||||
+++ openssh-6.0p1/session.c 2012-08-06 20:33:24.420382789 +0200
|
+++ openssh-6.2p1/session.c 2013-03-25 17:18:30.937758137 +0100
|
||||||
@@ -742,6 +742,14 @@ do_exec_pty(Session *s, const char *comm
|
@@ -745,6 +745,14 @@ do_exec_pty(Session *s, const char *comm
|
||||||
/* Parent. Close the slave side of the pseudo tty. */
|
/* Parent. Close the slave side of the pseudo tty. */
|
||||||
close(ttyfd);
|
close(ttyfd);
|
||||||
|
|
||||||
@ -484,7 +487,7 @@ diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
|||||||
/* Enter interactive session. */
|
/* Enter interactive session. */
|
||||||
s->ptymaster = ptymaster;
|
s->ptymaster = ptymaster;
|
||||||
packet_set_interactive(1,
|
packet_set_interactive(1,
|
||||||
@@ -813,15 +821,19 @@ do_exec(Session *s, const char *command)
|
@@ -816,15 +824,19 @@ do_exec(Session *s, const char *command)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
@ -506,7 +509,7 @@ diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
|||||||
#endif
|
#endif
|
||||||
if (s->ttyfd != -1)
|
if (s->ttyfd != -1)
|
||||||
ret = do_exec_pty(s, command);
|
ret = do_exec_pty(s, command);
|
||||||
@@ -1848,6 +1860,7 @@ session_unused(int id)
|
@@ -1856,6 +1868,7 @@ session_unused(int id)
|
||||||
sessions[id].ttyfd = -1;
|
sessions[id].ttyfd = -1;
|
||||||
sessions[id].ptymaster = -1;
|
sessions[id].ptymaster = -1;
|
||||||
sessions[id].x11_chanids = NULL;
|
sessions[id].x11_chanids = NULL;
|
||||||
@ -514,7 +517,7 @@ diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
|||||||
sessions[id].next_unused = sessions_first_unused;
|
sessions[id].next_unused = sessions_first_unused;
|
||||||
sessions_first_unused = id;
|
sessions_first_unused = id;
|
||||||
}
|
}
|
||||||
@@ -1930,6 +1943,19 @@ session_open(Authctxt *authctxt, int cha
|
@@ -1938,6 +1951,19 @@ session_open(Authctxt *authctxt, int cha
|
||||||
}
|
}
|
||||||
|
|
||||||
Session *
|
Session *
|
||||||
@ -534,7 +537,7 @@ diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
|||||||
session_by_tty(char *tty)
|
session_by_tty(char *tty)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
@@ -2455,6 +2481,30 @@ session_exit_message(Session *s, int sta
|
@@ -2463,6 +2489,30 @@ session_exit_message(Session *s, int sta
|
||||||
chan_write_failed(c);
|
chan_write_failed(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -565,7 +568,7 @@ diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
|||||||
void
|
void
|
||||||
session_close(Session *s)
|
session_close(Session *s)
|
||||||
{
|
{
|
||||||
@@ -2463,6 +2513,10 @@ session_close(Session *s)
|
@@ -2471,6 +2521,10 @@ session_close(Session *s)
|
||||||
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
|
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
|
||||||
if (s->ttyfd != -1)
|
if (s->ttyfd != -1)
|
||||||
session_pty_cleanup(s);
|
session_pty_cleanup(s);
|
||||||
@ -576,7 +579,7 @@ diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
|||||||
if (s->term)
|
if (s->term)
|
||||||
xfree(s->term);
|
xfree(s->term);
|
||||||
if (s->display)
|
if (s->display)
|
||||||
@@ -2682,6 +2736,15 @@ do_authenticated2(Authctxt *authctxt)
|
@@ -2690,6 +2744,15 @@ do_authenticated2(Authctxt *authctxt)
|
||||||
server_loop2(authctxt);
|
server_loop2(authctxt);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -592,16 +595,16 @@ diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
|||||||
void
|
void
|
||||||
do_cleanup(Authctxt *authctxt)
|
do_cleanup(Authctxt *authctxt)
|
||||||
{
|
{
|
||||||
@@ -2730,5 +2793,5 @@ do_cleanup(Authctxt *authctxt)
|
@@ -2738,5 +2801,5 @@ do_cleanup(Authctxt *authctxt)
|
||||||
* or if running in monitor.
|
* or if running in monitor.
|
||||||
*/
|
*/
|
||||||
if (!use_privsep || mm_is_monitor())
|
if (!use_privsep || mm_is_monitor())
|
||||||
- session_destroy_all(session_pty_cleanup2);
|
- session_destroy_all(session_pty_cleanup2);
|
||||||
+ session_destroy_all(do_cleanup_one_session);
|
+ session_destroy_all(do_cleanup_one_session);
|
||||||
}
|
}
|
||||||
diff -up openssh-6.0p1/session.h.audit1 openssh-6.0p1/session.h
|
diff -up openssh-6.2p1/session.h.audit1 openssh-6.2p1/session.h
|
||||||
--- openssh-6.0p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200
|
--- openssh-6.2p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200
|
||||||
+++ openssh-6.0p1/session.h 2012-08-06 20:33:24.420382789 +0200
|
+++ openssh-6.2p1/session.h 2013-03-25 17:18:30.937758137 +0100
|
||||||
@@ -60,6 +60,12 @@ struct Session {
|
@@ -60,6 +60,12 @@ struct Session {
|
||||||
char *name;
|
char *name;
|
||||||
char *val;
|
char *val;
|
||||||
@ -626,10 +629,10 @@ diff -up openssh-6.0p1/session.h.audit1 openssh-6.0p1/session.h
|
|||||||
Session *session_by_tty(char *);
|
Session *session_by_tty(char *);
|
||||||
void session_close(Session *);
|
void session_close(Session *);
|
||||||
void do_setusercontext(struct passwd *);
|
void do_setusercontext(struct passwd *);
|
||||||
diff -up openssh-6.0p1/sshd.c.audit1 openssh-6.0p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.audit1 openssh-6.2p1/sshd.c
|
||||||
--- openssh-6.0p1/sshd.c.audit1 2012-08-06 20:33:24.392382898 +0200
|
--- openssh-6.2p1/sshd.c.audit1 2013-03-25 17:18:30.919758024 +0100
|
||||||
+++ openssh-6.0p1/sshd.c 2012-08-06 20:33:24.421382785 +0200
|
+++ openssh-6.2p1/sshd.c 2013-03-25 17:18:30.937758137 +0100
|
||||||
@@ -2381,7 +2381,8 @@ cleanup_exit(int i)
|
@@ -2409,7 +2409,8 @@ cleanup_exit(int i)
|
||||||
}
|
}
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
|
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
|
@ -1,19 +1,7 @@
|
|||||||
diff -up openssh-5.9p1/Makefile.in.audit3 openssh-5.9p1/Makefile.in
|
diff -up openssh-6.2p1/audit-bsm.c.audit3 openssh-6.2p1/audit-bsm.c
|
||||||
--- openssh-5.9p1/Makefile.in.audit3 2011-08-05 22:15:18.000000000 +0200
|
--- openssh-6.2p1/audit-bsm.c.audit3 2013-03-25 17:30:41.329102631 +0100
|
||||||
+++ openssh-5.9p1/Makefile.in 2011-09-14 07:05:58.337520327 +0200
|
+++ openssh-6.2p1/audit-bsm.c 2013-03-25 17:30:41.338102682 +0100
|
||||||
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
@@ -473,4 +473,16 @@ audit_event(ssh_audit_event_t event)
|
||||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
|
||||||
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
|
||||||
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \
|
|
||||||
- schnorr.o ssh-pkcs11.o
|
|
||||||
+ schnorr.o ssh-pkcs11.o auditstub.o
|
|
||||||
|
|
||||||
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
|
||||||
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
|
|
||||||
diff -up openssh-5.9p1/audit-bsm.c.audit3 openssh-5.9p1/audit-bsm.c
|
|
||||||
--- openssh-5.9p1/audit-bsm.c.audit3 2011-09-14 07:05:56.719459048 +0200
|
|
||||||
+++ openssh-5.9p1/audit-bsm.c 2011-09-14 07:05:58.430520147 +0200
|
|
||||||
@@ -396,4 +396,16 @@ audit_event(ssh_audit_event_t event)
|
|
||||||
debug("%s: unhandled event %d", __func__, event);
|
debug("%s: unhandled event %d", __func__, event);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -30,9 +18,88 @@ diff -up openssh-5.9p1/audit-bsm.c.audit3 openssh-5.9p1/audit-bsm.c
|
|||||||
+ /* not implemented */
|
+ /* not implemented */
|
||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-5.9p1/audit-linux.c.audit3 openssh-5.9p1/audit-linux.c
|
diff -up openssh-6.2p1/audit.c.audit3 openssh-6.2p1/audit.c
|
||||||
--- openssh-5.9p1/audit-linux.c.audit3 2011-09-14 07:05:56.820460613 +0200
|
--- openssh-6.2p1/audit.c.audit3 2013-03-25 17:30:41.330102636 +0100
|
||||||
+++ openssh-5.9p1/audit-linux.c 2011-09-14 07:07:29.651459660 +0200
|
+++ openssh-6.2p1/audit.c 2013-03-25 17:30:41.339102688 +0100
|
||||||
|
@@ -28,6 +28,7 @@
|
||||||
|
|
||||||
|
#include <stdarg.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
|
|
||||||
|
@@ -36,6 +37,8 @@
|
||||||
|
#include "key.h"
|
||||||
|
#include "hostfile.h"
|
||||||
|
#include "auth.h"
|
||||||
|
+#include "ssh-gss.h"
|
||||||
|
+#include "monitor_wrap.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -128,6 +131,18 @@ audit_key(int host_user, int *rv, const
|
||||||
|
xfree(fp);
|
||||||
|
}
|
||||||
|
|
||||||
|
+void
|
||||||
|
+audit_unsupported(int what)
|
||||||
|
+{
|
||||||
|
+ PRIVSEP(audit_unsupported_body(what));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+audit_kex(int ctos, char *enc, char *mac, char *comp)
|
||||||
|
+{
|
||||||
|
+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
# ifndef CUSTOM_SSH_AUDIT_EVENTS
|
||||||
|
/*
|
||||||
|
* Null implementations of audit functions.
|
||||||
|
@@ -238,5 +253,26 @@ audit_keyusage(int host_user, const char
|
||||||
|
host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
|
||||||
|
key_fingerprint_prefix(), fp, rv);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * This will be called when the protocol negotiation fails.
|
||||||
|
+ */
|
||||||
|
+void
|
||||||
|
+audit_unsupported_body(int what)
|
||||||
|
+{
|
||||||
|
+ debug("audit unsupported protocol euid %d type %d", geteuid(), what);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * This will be called on succesfull protocol negotiation.
|
||||||
|
+ */
|
||||||
|
+void
|
||||||
|
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
|
||||||
|
+ uid_t uid)
|
||||||
|
+{
|
||||||
|
+ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u",
|
||||||
|
+ (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
|
||||||
|
+ (unsigned)uid);
|
||||||
|
+}
|
||||||
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
|
diff -up openssh-6.2p1/audit.h.audit3 openssh-6.2p1/audit.h
|
||||||
|
--- openssh-6.2p1/audit.h.audit3 2013-03-25 17:30:41.330102636 +0100
|
||||||
|
+++ openssh-6.2p1/audit.h 2013-03-25 17:30:41.339102688 +0100
|
||||||
|
@@ -58,5 +58,9 @@ void audit_end_command(int, const char
|
||||||
|
ssh_audit_event_t audit_classify_auth(const char *);
|
||||||
|
int audit_keyusage(int, const char *, unsigned, char *, int);
|
||||||
|
void audit_key(int, int *, const Key *);
|
||||||
|
+void audit_unsupported(int);
|
||||||
|
+void audit_kex(int, char *, char *, char *);
|
||||||
|
+void audit_unsupported_body(int);
|
||||||
|
+void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
||||||
|
|
||||||
|
#endif /* _SSH_AUDIT_H */
|
||||||
|
diff -up openssh-6.2p1/audit-linux.c.audit3 openssh-6.2p1/audit-linux.c
|
||||||
|
--- openssh-6.2p1/audit-linux.c.audit3 2013-03-25 17:30:41.331102642 +0100
|
||||||
|
+++ openssh-6.2p1/audit-linux.c 2013-03-25 17:30:41.339102688 +0100
|
||||||
@@ -40,6 +40,8 @@
|
@@ -40,6 +40,8 @@
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
@ -103,88 +170,9 @@ diff -up openssh-5.9p1/audit-linux.c.audit3 openssh-5.9p1/audit-linux.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-5.9p1/audit.c.audit3 openssh-5.9p1/audit.c
|
diff -up openssh-6.2p1/auditstub.c.audit3 openssh-6.2p1/auditstub.c
|
||||||
--- openssh-5.9p1/audit.c.audit3 2011-09-14 07:05:56.937585272 +0200
|
--- openssh-6.2p1/auditstub.c.audit3 2013-03-25 17:30:41.340102694 +0100
|
||||||
+++ openssh-5.9p1/audit.c 2011-09-14 07:05:58.646521393 +0200
|
+++ openssh-6.2p1/auditstub.c 2013-03-25 17:30:41.340102694 +0100
|
||||||
@@ -28,6 +28,7 @@
|
|
||||||
|
|
||||||
#include <stdarg.h>
|
|
||||||
#include <string.h>
|
|
||||||
+#include <unistd.h>
|
|
||||||
|
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
|
||||||
|
|
||||||
@@ -36,6 +37,8 @@
|
|
||||||
#include "key.h"
|
|
||||||
#include "hostfile.h"
|
|
||||||
#include "auth.h"
|
|
||||||
+#include "ssh-gss.h"
|
|
||||||
+#include "monitor_wrap.h"
|
|
||||||
#include "xmalloc.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -128,6 +131,18 @@ audit_key(int host_user, int *rv, const
|
|
||||||
xfree(fp);
|
|
||||||
}
|
|
||||||
|
|
||||||
+void
|
|
||||||
+audit_unsupported(int what)
|
|
||||||
+{
|
|
||||||
+ PRIVSEP(audit_unsupported_body(what));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+audit_kex(int ctos, char *enc, char *mac, char *comp)
|
|
||||||
+{
|
|
||||||
+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
# ifndef CUSTOM_SSH_AUDIT_EVENTS
|
|
||||||
/*
|
|
||||||
* Null implementations of audit functions.
|
|
||||||
@@ -238,5 +253,26 @@ audit_keyusage(int host_user, const char
|
|
||||||
host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
|
|
||||||
key_fingerprint_prefix(), fp, rv);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * This will be called when the protocol negotiation fails.
|
|
||||||
+ */
|
|
||||||
+void
|
|
||||||
+audit_unsupported_body(int what)
|
|
||||||
+{
|
|
||||||
+ debug("audit unsupported protocol euid %d type %d", geteuid(), what);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * This will be called on succesfull protocol negotiation.
|
|
||||||
+ */
|
|
||||||
+void
|
|
||||||
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
|
|
||||||
+ uid_t uid)
|
|
||||||
+{
|
|
||||||
+ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u",
|
|
||||||
+ (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
|
|
||||||
+ (unsigned)uid);
|
|
||||||
+}
|
|
||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
|
||||||
diff -up openssh-5.9p1/audit.h.audit3 openssh-5.9p1/audit.h
|
|
||||||
--- openssh-5.9p1/audit.h.audit3 2011-09-14 07:05:57.391522394 +0200
|
|
||||||
+++ openssh-5.9p1/audit.h 2011-09-14 07:05:58.766586362 +0200
|
|
||||||
@@ -58,5 +58,9 @@ void audit_end_command(int, const char
|
|
||||||
ssh_audit_event_t audit_classify_auth(const char *);
|
|
||||||
int audit_keyusage(int, const char *, unsigned, char *, int);
|
|
||||||
void audit_key(int, int *, const Key *);
|
|
||||||
+void audit_unsupported(int);
|
|
||||||
+void audit_kex(int, char *, char *, char *);
|
|
||||||
+void audit_unsupported_body(int);
|
|
||||||
+void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
|
||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
|
||||||
diff -up openssh-5.9p1/auditstub.c.audit3 openssh-5.9p1/auditstub.c
|
|
||||||
--- openssh-5.9p1/auditstub.c.audit3 2011-09-14 07:05:58.866461077 +0200
|
|
||||||
+++ openssh-5.9p1/auditstub.c 2011-09-14 07:05:58.870569033 +0200
|
|
||||||
@@ -0,0 +1,39 @@
|
@@ -0,0 +1,39 @@
|
||||||
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */
|
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */
|
||||||
+
|
+
|
||||||
@ -225,30 +213,32 @@ diff -up openssh-5.9p1/auditstub.c.audit3 openssh-5.9p1/auditstub.c
|
|||||||
+{
|
+{
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff -up openssh-5.9p1/cipher.c.audit3 openssh-5.9p1/cipher.c
|
diff -up openssh-6.2p1/cipher.c.audit3 openssh-6.2p1/cipher.c
|
||||||
--- openssh-5.9p1/cipher.c.audit3 2011-09-07 15:05:09.000000000 +0200
|
--- openssh-6.2p1/cipher.c.audit3 2013-03-25 17:30:41.340102694 +0100
|
||||||
+++ openssh-5.9p1/cipher.c 2011-09-14 07:05:58.955582581 +0200
|
+++ openssh-6.2p1/cipher.c 2013-03-25 17:32:33.117743548 +0100
|
||||||
@@ -60,15 +60,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX
|
@@ -58,17 +58,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi
|
||||||
extern const EVP_CIPHER *evp_aes_128_ctr(void);
|
extern const EVP_CIPHER *evp_ssh1_3des(void);
|
||||||
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
|
||||||
|
|
||||||
-struct Cipher {
|
-struct Cipher {
|
||||||
- char *name;
|
- char *name;
|
||||||
- int number; /* for ssh1 only */
|
- int number; /* for ssh1 only */
|
||||||
- u_int block_size;
|
- u_int block_size;
|
||||||
- u_int key_len;
|
- u_int key_len;
|
||||||
|
- u_int iv_len; /* defaults to block_size */
|
||||||
|
- u_int auth_len;
|
||||||
- u_int discard_len;
|
- u_int discard_len;
|
||||||
- u_int cbc_mode;
|
- u_int cbc_mode;
|
||||||
- const EVP_CIPHER *(*evptype)(void);
|
- const EVP_CIPHER *(*evptype)(void);
|
||||||
-} ciphers[] = {
|
-} ciphers[] = {
|
||||||
+struct Cipher ciphers[] = {
|
+struct Cipher ciphers[] = {
|
||||||
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
|
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
|
||||||
{ "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
|
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
|
||||||
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
|
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
|
||||||
diff -up openssh-5.9p1/cipher.h.audit3 openssh-5.9p1/cipher.h
|
diff -up openssh-6.2p1/cipher.h.audit3 openssh-6.2p1/cipher.h
|
||||||
--- openssh-5.9p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100
|
--- openssh-6.2p1/cipher.h.audit3 2013-03-25 17:30:41.341102699 +0100
|
||||||
+++ openssh-5.9p1/cipher.h 2011-09-14 07:05:59.063459363 +0200
|
+++ openssh-6.2p1/cipher.h 2013-03-25 17:32:45.338813408 +0100
|
||||||
@@ -61,7 +61,16 @@
|
@@ -61,7 +61,18 @@
|
||||||
typedef struct Cipher Cipher;
|
typedef struct Cipher Cipher;
|
||||||
typedef struct CipherContext CipherContext;
|
typedef struct CipherContext CipherContext;
|
||||||
|
|
||||||
@ -258,6 +248,8 @@ diff -up openssh-5.9p1/cipher.h.audit3 openssh-5.9p1/cipher.h
|
|||||||
+ int number; /* for ssh1 only */
|
+ int number; /* for ssh1 only */
|
||||||
+ u_int block_size;
|
+ u_int block_size;
|
||||||
+ u_int key_len;
|
+ u_int key_len;
|
||||||
|
+ u_int iv_len; /* defaults to block_size */
|
||||||
|
+ u_int auth_len;
|
||||||
+ u_int discard_len;
|
+ u_int discard_len;
|
||||||
+ u_int cbc_mode;
|
+ u_int cbc_mode;
|
||||||
+ const EVP_CIPHER *(*evptype)(void);
|
+ const EVP_CIPHER *(*evptype)(void);
|
||||||
@ -265,10 +257,10 @@ diff -up openssh-5.9p1/cipher.h.audit3 openssh-5.9p1/cipher.h
|
|||||||
+
|
+
|
||||||
struct CipherContext {
|
struct CipherContext {
|
||||||
int plaintext;
|
int plaintext;
|
||||||
EVP_CIPHER_CTX evp;
|
int encrypt;
|
||||||
diff -up openssh-5.9p1/kex.c.audit3 openssh-5.9p1/kex.c
|
diff -up openssh-6.2p1/kex.c.audit3 openssh-6.2p1/kex.c
|
||||||
--- openssh-5.9p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200
|
--- openssh-6.2p1/kex.c.audit3 2013-01-09 06:12:19.000000000 +0100
|
||||||
+++ openssh-5.9p1/kex.c 2011-09-14 07:05:59.171457800 +0200
|
+++ openssh-6.2p1/kex.c 2013-03-25 17:33:40.352129450 +0100
|
||||||
@@ -49,6 +49,7 @@
|
@@ -49,6 +49,7 @@
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "monitor.h"
|
#include "monitor.h"
|
||||||
@ -277,7 +269,7 @@ diff -up openssh-5.9p1/kex.c.audit3 openssh-5.9p1/kex.c
|
|||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||||
# if defined(HAVE_EVP_SHA256)
|
# if defined(HAVE_EVP_SHA256)
|
||||||
@@ -286,9 +287,13 @@ static void
|
@@ -296,9 +297,13 @@ static void
|
||||||
choose_enc(Enc *enc, char *client, char *server)
|
choose_enc(Enc *enc, char *client, char *server)
|
||||||
{
|
{
|
||||||
char *name = match_list(client, server, NULL);
|
char *name = match_list(client, server, NULL);
|
||||||
@ -292,7 +284,7 @@ diff -up openssh-5.9p1/kex.c.audit3 openssh-5.9p1/kex.c
|
|||||||
if ((enc->cipher = cipher_by_name(name)) == NULL)
|
if ((enc->cipher = cipher_by_name(name)) == NULL)
|
||||||
fatal("matching cipher is not supported: %s", name);
|
fatal("matching cipher is not supported: %s", name);
|
||||||
enc->name = name;
|
enc->name = name;
|
||||||
@@ -303,9 +308,13 @@ static void
|
@@ -314,9 +319,13 @@ static void
|
||||||
choose_mac(Mac *mac, char *client, char *server)
|
choose_mac(Mac *mac, char *client, char *server)
|
||||||
{
|
{
|
||||||
char *name = match_list(client, server, NULL);
|
char *name = match_list(client, server, NULL);
|
||||||
@ -307,7 +299,7 @@ diff -up openssh-5.9p1/kex.c.audit3 openssh-5.9p1/kex.c
|
|||||||
if (mac_setup(mac, name) < 0)
|
if (mac_setup(mac, name) < 0)
|
||||||
fatal("unsupported mac %s", name);
|
fatal("unsupported mac %s", name);
|
||||||
/* truncate the key */
|
/* truncate the key */
|
||||||
@@ -320,8 +329,12 @@ static void
|
@@ -331,8 +340,12 @@ static void
|
||||||
choose_comp(Comp *comp, char *client, char *server)
|
choose_comp(Comp *comp, char *client, char *server)
|
||||||
{
|
{
|
||||||
char *name = match_list(client, server, NULL);
|
char *name = match_list(client, server, NULL);
|
||||||
@ -321,9 +313,9 @@ diff -up openssh-5.9p1/kex.c.audit3 openssh-5.9p1/kex.c
|
|||||||
if (strcmp(name, "zlib@openssh.com") == 0) {
|
if (strcmp(name, "zlib@openssh.com") == 0) {
|
||||||
comp->type = COMP_DELAYED;
|
comp->type = COMP_DELAYED;
|
||||||
} else if (strcmp(name, "zlib") == 0) {
|
} else if (strcmp(name, "zlib") == 0) {
|
||||||
@@ -446,6 +459,9 @@ kex_choose_conf(Kex *kex)
|
@@ -460,6 +473,9 @@ kex_choose_conf(Kex *kex)
|
||||||
newkeys->enc.name,
|
newkeys->enc.name,
|
||||||
newkeys->mac.name,
|
authlen == 0 ? newkeys->mac.name : "<implicit>",
|
||||||
newkeys->comp.name);
|
newkeys->comp.name);
|
||||||
+#ifdef SSH_AUDIT_EVENTS
|
+#ifdef SSH_AUDIT_EVENTS
|
||||||
+ audit_kex(ctos, newkeys->enc.name, newkeys->mac.name, newkeys->comp.name);
|
+ audit_kex(ctos, newkeys->enc.name, newkeys->mac.name, newkeys->comp.name);
|
||||||
@ -331,9 +323,21 @@ diff -up openssh-5.9p1/kex.c.audit3 openssh-5.9p1/kex.c
|
|||||||
}
|
}
|
||||||
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
|
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
|
||||||
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||||
diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
|
diff -up openssh-6.2p1/Makefile.in.audit3 openssh-6.2p1/Makefile.in
|
||||||
--- openssh-5.9p1/monitor.c.audit3 2011-09-14 07:05:57.952459820 +0200
|
--- openssh-6.2p1/Makefile.in.audit3 2013-03-25 17:30:41.337102676 +0100
|
||||||
+++ openssh-5.9p1/monitor.c 2011-09-14 07:05:59.272520466 +0200
|
+++ openssh-6.2p1/Makefile.in 2013-03-25 17:33:18.833004685 +0100
|
||||||
|
@@ -73,7 +73,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
|
||||||
|
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
||||||
|
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
||||||
|
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
|
||||||
|
- jpake.o schnorr.o ssh-pkcs11.o krl.o
|
||||||
|
+ jpake.o schnorr.o ssh-pkcs11.o krl.o auditstub.o
|
||||||
|
|
||||||
|
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||||
|
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
|
||||||
|
diff -up openssh-6.2p1/monitor.c.audit3 openssh-6.2p1/monitor.c
|
||||||
|
--- openssh-6.2p1/monitor.c.audit3 2013-03-25 17:30:41.333102653 +0100
|
||||||
|
+++ openssh-6.2p1/monitor.c 2013-03-25 17:30:41.344102717 +0100
|
||||||
@@ -97,6 +97,7 @@
|
@@ -97,6 +97,7 @@
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "jpake.h"
|
#include "jpake.h"
|
||||||
@ -342,7 +346,7 @@ diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
|
|||||||
|
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
static Gssctxt *gsscontext = NULL;
|
static Gssctxt *gsscontext = NULL;
|
||||||
@@ -187,6 +188,8 @@ int mm_answer_gss_checkmic(int, Buffer *
|
@@ -186,6 +187,8 @@ int mm_answer_gss_checkmic(int, Buffer *
|
||||||
int mm_answer_audit_event(int, Buffer *);
|
int mm_answer_audit_event(int, Buffer *);
|
||||||
int mm_answer_audit_command(int, Buffer *);
|
int mm_answer_audit_command(int, Buffer *);
|
||||||
int mm_answer_audit_end_command(int, Buffer *);
|
int mm_answer_audit_end_command(int, Buffer *);
|
||||||
@ -360,7 +364,7 @@ diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
#ifdef BSD_AUTH
|
#ifdef BSD_AUTH
|
||||||
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
||||||
@@ -275,6 +280,8 @@ struct mon_table mon_dispatch_postauth20
|
@@ -274,6 +279,8 @@ struct mon_table mon_dispatch_postauth20
|
||||||
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
||||||
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
|
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
|
||||||
{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
|
{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
|
||||||
@ -369,7 +373,7 @@ diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -306,6 +313,8 @@ struct mon_table mon_dispatch_proto15[]
|
@@ -305,6 +312,8 @@ struct mon_table mon_dispatch_proto15[]
|
||||||
#endif
|
#endif
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
||||||
@ -378,7 +382,7 @@ diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -318,6 +327,8 @@ struct mon_table mon_dispatch_postauth15
|
@@ -317,6 +326,8 @@ struct mon_table mon_dispatch_postauth15
|
||||||
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
||||||
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
|
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
|
||||||
{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
|
{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
|
||||||
@ -387,7 +391,7 @@ diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -2383,3 +2394,47 @@ mm_answer_jpake_check_confirm(int sock,
|
@@ -2397,3 +2408,47 @@ mm_answer_jpake_check_confirm(int sock,
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* JPAKE */
|
#endif /* JPAKE */
|
||||||
@ -435,22 +439,24 @@ diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+#endif /* SSH_AUDIT_EVENTS */
|
+#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p1/monitor.h.audit3 openssh-5.9p1/monitor.h
|
diff -up openssh-6.2p1/monitor.h.audit3 openssh-6.2p1/monitor.h
|
||||||
--- openssh-5.9p1/monitor.h.audit3 2011-09-14 07:05:55.510580908 +0200
|
--- openssh-6.2p1/monitor.h.audit3 2013-03-25 17:30:41.345102722 +0100
|
||||||
+++ openssh-5.9p1/monitor.h 2011-09-14 07:05:59.378647273 +0200
|
+++ openssh-6.2p1/monitor.h 2013-03-25 17:31:57.314538661 +0100
|
||||||
@@ -61,6 +61,8 @@ enum monitor_reqtype {
|
@@ -70,7 +70,9 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
|
MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
|
||||||
MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
|
MONITOR_REQ_AUDIT_EVENT = 112,
|
||||||
MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
|
MONITOR_REQ_AUDIT_COMMAND = 114, MONITOR_ANS_AUDIT_COMMAND = 115,
|
||||||
+ MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
- MONITOR_REQ_AUDIT_END_COMMAND = 116
|
||||||
+ MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
+ MONITOR_REQ_AUDIT_END_COMMAND = 116,
|
||||||
MONITOR_REQ_TERM,
|
+ MONITOR_REQ_AUDIT_UNSUPPORTED = 118, MONITOR_ANS_AUDIT_UNSUPPORTED = 119,
|
||||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
+ MONITOR_REQ_AUDIT_KEX = 120, MONITOR_ANS_AUDIT_KEX = 121
|
||||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
|
||||||
diff -up openssh-5.9p1/monitor_wrap.c.audit3 openssh-5.9p1/monitor_wrap.c
|
};
|
||||||
--- openssh-5.9p1/monitor_wrap.c.audit3 2011-09-14 07:05:58.059501118 +0200
|
|
||||||
+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 07:05:59.511503364 +0200
|
diff -up openssh-6.2p1/monitor_wrap.c.audit3 openssh-6.2p1/monitor_wrap.c
|
||||||
@@ -1505,3 +1505,41 @@ mm_jpake_check_confirm(const BIGNUM *k,
|
--- openssh-6.2p1/monitor_wrap.c.audit3 2013-03-25 17:30:41.334102659 +0100
|
||||||
|
+++ openssh-6.2p1/monitor_wrap.c 2013-03-25 17:30:41.346102728 +0100
|
||||||
|
@@ -1486,3 +1486,41 @@ mm_jpake_check_confirm(const BIGNUM *k,
|
||||||
return success;
|
return success;
|
||||||
}
|
}
|
||||||
#endif /* JPAKE */
|
#endif /* JPAKE */
|
||||||
@ -492,10 +498,10 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit3 openssh-5.9p1/monitor_wrap.c
|
|||||||
+ buffer_free(&m);
|
+ buffer_free(&m);
|
||||||
+}
|
+}
|
||||||
+#endif /* SSH_AUDIT_EVENTS */
|
+#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p1/monitor_wrap.h.audit3 openssh-5.9p1/monitor_wrap.h
|
diff -up openssh-6.2p1/monitor_wrap.h.audit3 openssh-6.2p1/monitor_wrap.h
|
||||||
--- openssh-5.9p1/monitor_wrap.h.audit3 2011-09-14 07:05:58.171521245 +0200
|
--- openssh-6.2p1/monitor_wrap.h.audit3 2013-03-25 17:30:41.334102659 +0100
|
||||||
+++ openssh-5.9p1/monitor_wrap.h 2011-09-14 07:05:59.624646515 +0200
|
+++ openssh-6.2p1/monitor_wrap.h 2013-03-25 17:30:41.346102728 +0100
|
||||||
@@ -78,6 +78,8 @@ void mm_sshpam_free_ctx(void *);
|
@@ -77,6 +77,8 @@ void mm_sshpam_free_ctx(void *);
|
||||||
void mm_audit_event(ssh_audit_event_t);
|
void mm_audit_event(ssh_audit_event_t);
|
||||||
int mm_audit_run_command(const char *);
|
int mm_audit_run_command(const char *);
|
||||||
void mm_audit_end_command(int, const char *);
|
void mm_audit_end_command(int, const char *);
|
||||||
@ -504,9 +510,9 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit3 openssh-5.9p1/monitor_wrap.h
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-5.9p1/sshd.c.audit3 openssh-5.9p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.audit3 openssh-6.2p1/sshd.c
|
||||||
--- openssh-5.9p1/sshd.c.audit3 2011-09-14 07:05:56.554583874 +0200
|
--- openssh-6.2p1/sshd.c.audit3 2013-03-25 17:30:41.326102613 +0100
|
||||||
+++ openssh-5.9p1/sshd.c 2011-09-14 07:05:59.828466112 +0200
|
+++ openssh-6.2p1/sshd.c 2013-03-25 17:30:41.348102740 +0100
|
||||||
@@ -118,6 +118,7 @@
|
@@ -118,6 +118,7 @@
|
||||||
#endif
|
#endif
|
||||||
#include "monitor_wrap.h"
|
#include "monitor_wrap.h"
|
||||||
@ -515,7 +521,7 @@ diff -up openssh-5.9p1/sshd.c.audit3 openssh-5.9p1/sshd.c
|
|||||||
#include "ssh-sandbox.h"
|
#include "ssh-sandbox.h"
|
||||||
#include "version.h"
|
#include "version.h"
|
||||||
|
|
||||||
@@ -2209,6 +2210,10 @@ do_ssh1_kex(void)
|
@@ -2241,6 +2242,10 @@ do_ssh1_kex(void)
|
||||||
if (cookie[i] != packet_get_char())
|
if (cookie[i] != packet_get_char())
|
||||||
packet_disconnect("IP Spoofing check bytes do not match.");
|
packet_disconnect("IP Spoofing check bytes do not match.");
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-6.1p1/audit-bsm.c.audit4 openssh-6.1p1/audit-bsm.c
|
diff -up openssh-6.2p1/audit-bsm.c.audit4 openssh-6.2p1/audit-bsm.c
|
||||||
--- openssh-6.1p1/audit-bsm.c.audit4 2012-11-28 14:20:38.990185823 +0100
|
--- openssh-6.2p1/audit-bsm.c.audit4 2013-03-25 17:34:16.034337746 +0100
|
||||||
+++ openssh-6.1p1/audit-bsm.c 2012-11-28 14:20:38.995185800 +0100
|
+++ openssh-6.2p1/audit-bsm.c 2013-03-25 17:34:16.042337793 +0100
|
||||||
@@ -485,4 +485,10 @@ audit_kex_body(int ctos, char *enc, char
|
@@ -485,4 +485,10 @@ audit_kex_body(int ctos, char *enc, char
|
||||||
{
|
{
|
||||||
/* not implemented */
|
/* not implemented */
|
||||||
@ -12,9 +12,9 @@ diff -up openssh-6.1p1/audit-bsm.c.audit4 openssh-6.1p1/audit-bsm.c
|
|||||||
+ /* not implemented */
|
+ /* not implemented */
|
||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-6.1p1/audit.c.audit4 openssh-6.1p1/audit.c
|
diff -up openssh-6.2p1/audit.c.audit4 openssh-6.2p1/audit.c
|
||||||
--- openssh-6.1p1/audit.c.audit4 2012-11-28 14:20:38.990185823 +0100
|
--- openssh-6.2p1/audit.c.audit4 2013-03-25 17:34:16.035337752 +0100
|
||||||
+++ openssh-6.1p1/audit.c 2012-11-28 14:20:38.995185800 +0100
|
+++ openssh-6.2p1/audit.c 2013-03-25 17:34:16.042337793 +0100
|
||||||
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
|
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
|
||||||
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
||||||
}
|
}
|
||||||
@ -44,9 +44,9 @@ diff -up openssh-6.1p1/audit.c.audit4 openssh-6.1p1/audit.c
|
|||||||
+}
|
+}
|
||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-6.1p1/audit.h.audit4 openssh-6.1p1/audit.h
|
diff -up openssh-6.2p1/audit.h.audit4 openssh-6.2p1/audit.h
|
||||||
--- openssh-6.1p1/audit.h.audit4 2012-11-28 14:20:38.990185823 +0100
|
--- openssh-6.2p1/audit.h.audit4 2013-03-25 17:34:16.035337752 +0100
|
||||||
+++ openssh-6.1p1/audit.h 2012-11-28 14:20:38.995185800 +0100
|
+++ openssh-6.2p1/audit.h 2013-03-25 17:34:16.043337799 +0100
|
||||||
@@ -62,5 +62,7 @@ void audit_unsupported(int);
|
@@ -62,5 +62,7 @@ void audit_unsupported(int);
|
||||||
void audit_kex(int, char *, char *, char *);
|
void audit_kex(int, char *, char *, char *);
|
||||||
void audit_unsupported_body(int);
|
void audit_unsupported_body(int);
|
||||||
@ -55,9 +55,9 @@ diff -up openssh-6.1p1/audit.h.audit4 openssh-6.1p1/audit.h
|
|||||||
+void audit_session_key_free_body(int ctos, pid_t, uid_t);
|
+void audit_session_key_free_body(int ctos, pid_t, uid_t);
|
||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-6.1p1/audit-linux.c.audit4 openssh-6.1p1/audit-linux.c
|
diff -up openssh-6.2p1/audit-linux.c.audit4 openssh-6.2p1/audit-linux.c
|
||||||
--- openssh-6.1p1/audit-linux.c.audit4 2012-11-28 14:20:38.990185823 +0100
|
--- openssh-6.2p1/audit-linux.c.audit4 2013-03-25 17:34:16.035337752 +0100
|
||||||
+++ openssh-6.1p1/audit-linux.c 2012-11-28 14:20:38.995185800 +0100
|
+++ openssh-6.2p1/audit-linux.c 2013-03-25 17:34:16.043337799 +0100
|
||||||
@@ -294,6 +294,8 @@ audit_unsupported_body(int what)
|
@@ -294,6 +294,8 @@ audit_unsupported_body(int what)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -108,9 +108,9 @@ diff -up openssh-6.1p1/audit-linux.c.audit4 openssh-6.1p1/audit-linux.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-6.1p1/auditstub.c.audit4 openssh-6.1p1/auditstub.c
|
diff -up openssh-6.2p1/auditstub.c.audit4 openssh-6.2p1/auditstub.c
|
||||||
--- openssh-6.1p1/auditstub.c.audit4 2012-11-28 14:20:38.990185823 +0100
|
--- openssh-6.2p1/auditstub.c.audit4 2013-03-25 17:34:16.035337752 +0100
|
||||||
+++ openssh-6.1p1/auditstub.c 2012-11-28 14:20:38.995185800 +0100
|
+++ openssh-6.2p1/auditstub.c 2013-03-25 17:34:16.043337799 +0100
|
||||||
@@ -27,6 +27,8 @@
|
@@ -27,6 +27,8 @@
|
||||||
* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
|
* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
|
||||||
*/
|
*/
|
||||||
@ -133,10 +133,10 @@ diff -up openssh-6.1p1/auditstub.c.audit4 openssh-6.1p1/auditstub.c
|
|||||||
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
|
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
|
||||||
+{
|
+{
|
||||||
+}
|
+}
|
||||||
diff -up openssh-6.1p1/kex.c.audit4 openssh-6.1p1/kex.c
|
diff -up openssh-6.2p1/kex.c.audit4 openssh-6.2p1/kex.c
|
||||||
--- openssh-6.1p1/kex.c.audit4 2012-11-28 14:20:38.991185818 +0100
|
--- openssh-6.2p1/kex.c.audit4 2013-03-25 17:34:16.036337758 +0100
|
||||||
+++ openssh-6.1p1/kex.c 2012-11-28 14:20:38.995185800 +0100
|
+++ openssh-6.2p1/kex.c 2013-03-25 17:34:16.044337804 +0100
|
||||||
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
|
@@ -640,3 +640,34 @@ dump_digest(char *msg, u_char *digest, i
|
||||||
fprintf(stderr, "\n");
|
fprintf(stderr, "\n");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -171,10 +171,10 @@ diff -up openssh-6.1p1/kex.c.audit4 openssh-6.1p1/kex.c
|
|||||||
+ memset(&newkeys->comp, 0, sizeof(newkeys->comp));
|
+ memset(&newkeys->comp, 0, sizeof(newkeys->comp));
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/kex.h.audit4 openssh-6.1p1/kex.h
|
diff -up openssh-6.2p1/kex.h.audit4 openssh-6.2p1/kex.h
|
||||||
--- openssh-6.1p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
|
--- openssh-6.2p1/kex.h.audit4 2013-01-09 06:12:19.000000000 +0100
|
||||||
+++ openssh-6.1p1/kex.h 2012-11-28 14:20:38.996185795 +0100
|
+++ openssh-6.2p1/kex.h 2013-03-25 17:34:16.044337804 +0100
|
||||||
@@ -156,6 +156,8 @@ void kexgex_server(Kex *);
|
@@ -158,6 +158,8 @@ void kexgex_server(Kex *);
|
||||||
void kexecdh_client(Kex *);
|
void kexecdh_client(Kex *);
|
||||||
void kexecdh_server(Kex *);
|
void kexecdh_server(Kex *);
|
||||||
|
|
||||||
@ -183,10 +183,10 @@ diff -up openssh-6.1p1/kex.h.audit4 openssh-6.1p1/kex.h
|
|||||||
void
|
void
|
||||||
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
|
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
|
||||||
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||||
diff -up openssh-6.1p1/mac.c.audit4 openssh-6.1p1/mac.c
|
diff -up openssh-6.2p1/mac.c.audit4 openssh-6.2p1/mac.c
|
||||||
--- openssh-6.1p1/mac.c.audit4 2012-06-30 00:34:59.000000000 +0200
|
--- openssh-6.2p1/mac.c.audit4 2012-12-12 01:00:37.000000000 +0100
|
||||||
+++ openssh-6.1p1/mac.c 2012-11-28 14:20:38.996185795 +0100
|
+++ openssh-6.2p1/mac.c 2013-03-25 17:34:16.044337804 +0100
|
||||||
@@ -169,6 +169,20 @@ mac_clear(Mac *mac)
|
@@ -199,6 +199,20 @@ mac_clear(Mac *mac)
|
||||||
mac->umac_ctx = NULL;
|
mac->umac_ctx = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -207,17 +207,17 @@ diff -up openssh-6.1p1/mac.c.audit4 openssh-6.1p1/mac.c
|
|||||||
/* XXX copied from ciphers_valid */
|
/* XXX copied from ciphers_valid */
|
||||||
#define MAC_SEP ","
|
#define MAC_SEP ","
|
||||||
int
|
int
|
||||||
diff -up openssh-6.1p1/mac.h.audit4 openssh-6.1p1/mac.h
|
diff -up openssh-6.2p1/mac.h.audit4 openssh-6.2p1/mac.h
|
||||||
--- openssh-6.1p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
--- openssh-6.2p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
||||||
+++ openssh-6.1p1/mac.h 2012-11-28 14:20:38.996185795 +0100
|
+++ openssh-6.2p1/mac.h 2013-03-25 17:34:16.045337810 +0100
|
||||||
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
|
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
|
||||||
int mac_init(Mac *);
|
int mac_init(Mac *);
|
||||||
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
||||||
void mac_clear(Mac *);
|
void mac_clear(Mac *);
|
||||||
+void mac_destroy(Mac *);
|
+void mac_destroy(Mac *);
|
||||||
diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
diff -up openssh-6.2p1/monitor.c.audit4 openssh-6.2p1/monitor.c
|
||||||
--- openssh-6.1p1/monitor.c.audit4 2012-11-28 14:20:38.992185813 +0100
|
--- openssh-6.2p1/monitor.c.audit4 2013-03-25 17:34:16.037337763 +0100
|
||||||
+++ openssh-6.1p1/monitor.c 2012-11-28 17:02:17.677045093 +0100
|
+++ openssh-6.2p1/monitor.c 2013-03-25 17:34:16.046337816 +0100
|
||||||
@@ -189,6 +189,7 @@ int mm_answer_audit_command(int, Buffer
|
@@ -189,6 +189,7 @@ int mm_answer_audit_command(int, Buffer
|
||||||
int mm_answer_audit_end_command(int, Buffer *);
|
int mm_answer_audit_end_command(int, Buffer *);
|
||||||
int mm_answer_audit_unsupported_body(int, Buffer *);
|
int mm_answer_audit_unsupported_body(int, Buffer *);
|
||||||
@ -226,7 +226,7 @@ diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int monitor_read_log(struct monitor *);
|
static int monitor_read_log(struct monitor *);
|
||||||
@@ -241,6 +242,7 @@ struct mon_table mon_dispatch_proto20[]
|
@@ -242,6 +243,7 @@ struct mon_table mon_dispatch_proto20[]
|
||||||
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
||||||
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
||||||
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
||||||
@ -234,7 +234,7 @@ diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
#ifdef BSD_AUTH
|
#ifdef BSD_AUTH
|
||||||
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
||||||
@@ -280,6 +282,7 @@ struct mon_table mon_dispatch_postauth20
|
@@ -281,6 +283,7 @@ struct mon_table mon_dispatch_postauth20
|
||||||
{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
|
{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
|
||||||
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
||||||
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
||||||
@ -242,7 +242,7 @@ diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -313,6 +316,7 @@ struct mon_table mon_dispatch_proto15[]
|
@@ -314,6 +317,7 @@ struct mon_table mon_dispatch_proto15[]
|
||||||
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
||||||
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
||||||
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
||||||
@ -250,7 +250,7 @@ diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -327,6 +331,7 @@ struct mon_table mon_dispatch_postauth15
|
@@ -328,6 +332,7 @@ struct mon_table mon_dispatch_postauth15
|
||||||
{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
|
{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
|
||||||
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
||||||
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
||||||
@ -258,18 +258,7 @@ diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -448,10 +453,6 @@ monitor_child_preauth(Authctxt *_authctx
|
@@ -1957,11 +1962,13 @@ mm_get_keystate(struct monitor *pmonitor
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* Drain any buffered messages from the child */
|
|
||||||
- while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
|
|
||||||
- ;
|
|
||||||
-
|
|
||||||
if (!authctxt->valid)
|
|
||||||
fatal("%s: authenticated invalid user", __func__);
|
|
||||||
if (strcmp(auth_method, "unknown") == 0)
|
|
||||||
@@ -1950,11 +1951,13 @@ mm_get_keystate(struct monitor *pmonitor
|
|
||||||
|
|
||||||
blob = buffer_get_string(&m, &bloblen);
|
blob = buffer_get_string(&m, &bloblen);
|
||||||
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
|
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
|
||||||
@ -283,7 +272,7 @@ diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
|||||||
xfree(blob);
|
xfree(blob);
|
||||||
|
|
||||||
/* Now get sequence numbers for the packets */
|
/* Now get sequence numbers for the packets */
|
||||||
@@ -2000,6 +2003,21 @@ mm_get_keystate(struct monitor *pmonitor
|
@@ -2007,6 +2014,21 @@ mm_get_keystate(struct monitor *pmonitor
|
||||||
}
|
}
|
||||||
|
|
||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
@ -305,7 +294,7 @@ diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -2444,4 +2462,22 @@ mm_answer_audit_kex_body(int sock, Buffe
|
@@ -2451,4 +2473,22 @@ mm_answer_audit_kex_body(int sock, Buffe
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -328,21 +317,23 @@ diff -up openssh-6.1p1/monitor.c.audit4 openssh-6.1p1/monitor.c
|
|||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-6.1p1/monitor.h.audit4 openssh-6.1p1/monitor.h
|
diff -up openssh-6.2p1/monitor.h.audit4 openssh-6.2p1/monitor.h
|
||||||
--- openssh-6.1p1/monitor.h.audit4 2012-11-28 14:20:38.992185813 +0100
|
--- openssh-6.2p1/monitor.h.audit4 2013-03-25 17:34:16.046337816 +0100
|
||||||
+++ openssh-6.1p1/monitor.h 2012-11-28 14:20:38.997185790 +0100
|
+++ openssh-6.2p1/monitor.h 2013-03-25 17:35:01.408602217 +0100
|
||||||
@@ -63,6 +63,7 @@ enum monitor_reqtype {
|
@@ -72,7 +72,8 @@ enum monitor_reqtype {
|
||||||
MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
|
MONITOR_REQ_AUDIT_COMMAND = 114, MONITOR_ANS_AUDIT_COMMAND = 115,
|
||||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
MONITOR_REQ_AUDIT_END_COMMAND = 116,
|
||||||
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
MONITOR_REQ_AUDIT_UNSUPPORTED = 118, MONITOR_ANS_AUDIT_UNSUPPORTED = 119,
|
||||||
+ MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
|
- MONITOR_REQ_AUDIT_KEX = 120, MONITOR_ANS_AUDIT_KEX = 121
|
||||||
MONITOR_REQ_TERM,
|
+ MONITOR_REQ_AUDIT_KEX = 120, MONITOR_ANS_AUDIT_KEX = 121,
|
||||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
+ MONITOR_REQ_AUDIT_SESSION_KEY_FREE = 122, MONITOR_ANS_AUDIT_SESSION_KEY_FREE = 123
|
||||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
|
||||||
diff -up openssh-6.1p1/monitor_wrap.c.audit4 openssh-6.1p1/monitor_wrap.c
|
};
|
||||||
--- openssh-6.1p1/monitor_wrap.c.audit4 2012-11-28 14:20:38.992185813 +0100
|
|
||||||
+++ openssh-6.1p1/monitor_wrap.c 2012-11-28 14:20:38.997185790 +0100
|
diff -up openssh-6.2p1/monitor_wrap.c.audit4 openssh-6.2p1/monitor_wrap.c
|
||||||
@@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor
|
--- openssh-6.2p1/monitor_wrap.c.audit4 2013-03-25 17:34:16.038337769 +0100
|
||||||
|
+++ openssh-6.2p1/monitor_wrap.c 2013-03-25 17:34:16.047337822 +0100
|
||||||
|
@@ -654,12 +654,14 @@ mm_send_keystate(struct monitor *monitor
|
||||||
fatal("%s: conversion of newkeys failed", __func__);
|
fatal("%s: conversion of newkeys failed", __func__);
|
||||||
|
|
||||||
buffer_put_string(&m, blob, bloblen);
|
buffer_put_string(&m, blob, bloblen);
|
||||||
@ -357,7 +348,7 @@ diff -up openssh-6.1p1/monitor_wrap.c.audit4 openssh-6.1p1/monitor_wrap.c
|
|||||||
xfree(blob);
|
xfree(blob);
|
||||||
|
|
||||||
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
|
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
|
||||||
@@ -1522,4 +1524,19 @@ mm_audit_kex_body(int ctos, char *cipher
|
@@ -1523,4 +1525,19 @@ mm_audit_kex_body(int ctos, char *cipher
|
||||||
|
|
||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
}
|
}
|
||||||
@ -377,9 +368,9 @@ diff -up openssh-6.1p1/monitor_wrap.c.audit4 openssh-6.1p1/monitor_wrap.c
|
|||||||
+ buffer_free(&m);
|
+ buffer_free(&m);
|
||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-6.1p1/monitor_wrap.h.audit4 openssh-6.1p1/monitor_wrap.h
|
diff -up openssh-6.2p1/monitor_wrap.h.audit4 openssh-6.2p1/monitor_wrap.h
|
||||||
--- openssh-6.1p1/monitor_wrap.h.audit4 2012-11-28 14:20:38.992185813 +0100
|
--- openssh-6.2p1/monitor_wrap.h.audit4 2013-03-25 17:34:16.039337775 +0100
|
||||||
+++ openssh-6.1p1/monitor_wrap.h 2012-11-28 14:20:38.997185790 +0100
|
+++ openssh-6.2p1/monitor_wrap.h 2013-03-25 17:34:16.047337822 +0100
|
||||||
@@ -79,6 +79,7 @@ int mm_audit_run_command(const char *);
|
@@ -79,6 +79,7 @@ int mm_audit_run_command(const char *);
|
||||||
void mm_audit_end_command(int, const char *);
|
void mm_audit_end_command(int, const char *);
|
||||||
void mm_audit_unsupported_body(int);
|
void mm_audit_unsupported_body(int);
|
||||||
@ -388,9 +379,9 @@ diff -up openssh-6.1p1/monitor_wrap.h.audit4 openssh-6.1p1/monitor_wrap.h
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-6.1p1/packet.c.audit4 openssh-6.1p1/packet.c
|
diff -up openssh-6.2p1/packet.c.audit4 openssh-6.2p1/packet.c
|
||||||
--- openssh-6.1p1/packet.c.audit4 2012-11-28 14:20:38.973185902 +0100
|
--- openssh-6.2p1/packet.c.audit4 2013-03-25 17:34:16.014337629 +0100
|
||||||
+++ openssh-6.1p1/packet.c 2012-11-28 14:20:38.998185785 +0100
|
+++ openssh-6.2p1/packet.c 2013-03-25 17:42:26.519176337 +0100
|
||||||
@@ -60,6 +60,7 @@
|
@@ -60,6 +60,7 @@
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
|
|
||||||
@ -472,7 +463,7 @@ diff -up openssh-6.1p1/packet.c.audit4 openssh-6.1p1/packet.c
|
|||||||
void
|
void
|
||||||
set_newkeys(int mode)
|
set_newkeys(int mode)
|
||||||
{
|
{
|
||||||
@@ -754,18 +782,9 @@ set_newkeys(int mode)
|
@@ -754,21 +782,9 @@ set_newkeys(int mode)
|
||||||
}
|
}
|
||||||
if (active_state->newkeys[mode] != NULL) {
|
if (active_state->newkeys[mode] != NULL) {
|
||||||
debug("set_newkeys: rekeying");
|
debug("set_newkeys: rekeying");
|
||||||
@ -482,6 +473,9 @@ diff -up openssh-6.1p1/packet.c.audit4 openssh-6.1p1/packet.c
|
|||||||
- mac = &active_state->newkeys[mode]->mac;
|
- mac = &active_state->newkeys[mode]->mac;
|
||||||
- comp = &active_state->newkeys[mode]->comp;
|
- comp = &active_state->newkeys[mode]->comp;
|
||||||
- mac_clear(mac);
|
- mac_clear(mac);
|
||||||
|
- memset(enc->iv, 0, enc->iv_len);
|
||||||
|
- memset(enc->key, 0, enc->key_len);
|
||||||
|
- memset(mac->key, 0, mac->key_len);
|
||||||
- xfree(enc->name);
|
- xfree(enc->name);
|
||||||
- xfree(enc->iv);
|
- xfree(enc->iv);
|
||||||
- xfree(enc->key);
|
- xfree(enc->key);
|
||||||
@ -493,7 +487,7 @@ diff -up openssh-6.1p1/packet.c.audit4 openssh-6.1p1/packet.c
|
|||||||
}
|
}
|
||||||
active_state->newkeys[mode] = kex_get_newkeys(mode);
|
active_state->newkeys[mode] = kex_get_newkeys(mode);
|
||||||
if (active_state->newkeys[mode] == NULL)
|
if (active_state->newkeys[mode] == NULL)
|
||||||
@@ -1921,6 +1940,47 @@ packet_get_newkeys(int mode)
|
@@ -1971,6 +1987,47 @@ packet_get_newkeys(int mode)
|
||||||
return (void *)active_state->newkeys[mode];
|
return (void *)active_state->newkeys[mode];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -541,7 +535,7 @@ diff -up openssh-6.1p1/packet.c.audit4 openssh-6.1p1/packet.c
|
|||||||
/*
|
/*
|
||||||
* Save the state for the real connection, and use a separate state when
|
* Save the state for the real connection, and use a separate state when
|
||||||
* resuming a suspended connection.
|
* resuming a suspended connection.
|
||||||
@@ -1928,18 +1988,12 @@ packet_get_newkeys(int mode)
|
@@ -1978,18 +2035,12 @@ packet_get_newkeys(int mode)
|
||||||
void
|
void
|
||||||
packet_backup_state(void)
|
packet_backup_state(void)
|
||||||
{
|
{
|
||||||
@ -561,7 +555,7 @@ diff -up openssh-6.1p1/packet.c.audit4 openssh-6.1p1/packet.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1956,9 +2010,7 @@ packet_restore_state(void)
|
@@ -2006,9 +2057,7 @@ packet_restore_state(void)
|
||||||
backup_state = active_state;
|
backup_state = active_state;
|
||||||
active_state = tmp;
|
active_state = tmp;
|
||||||
active_state->connection_in = backup_state->connection_in;
|
active_state->connection_in = backup_state->connection_in;
|
||||||
@ -571,7 +565,7 @@ diff -up openssh-6.1p1/packet.c.audit4 openssh-6.1p1/packet.c
|
|||||||
len = buffer_len(&backup_state->input);
|
len = buffer_len(&backup_state->input);
|
||||||
if (len > 0) {
|
if (len > 0) {
|
||||||
buf = buffer_ptr(&backup_state->input);
|
buf = buffer_ptr(&backup_state->input);
|
||||||
@@ -1966,4 +2018,10 @@ packet_restore_state(void)
|
@@ -2016,4 +2065,10 @@ packet_restore_state(void)
|
||||||
buffer_clear(&backup_state->input);
|
buffer_clear(&backup_state->input);
|
||||||
add_recv_bytes(len);
|
add_recv_bytes(len);
|
||||||
}
|
}
|
||||||
@ -582,19 +576,19 @@ diff -up openssh-6.1p1/packet.c.audit4 openssh-6.1p1/packet.c
|
|||||||
+ backup_state = NULL;
|
+ backup_state = NULL;
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/packet.h.audit4 openssh-6.1p1/packet.h
|
diff -up openssh-6.2p1/packet.h.audit4 openssh-6.2p1/packet.h
|
||||||
--- openssh-6.1p1/packet.h.audit4 2012-02-10 22:19:21.000000000 +0100
|
--- openssh-6.2p1/packet.h.audit4 2012-02-10 22:19:21.000000000 +0100
|
||||||
+++ openssh-6.1p1/packet.h 2012-11-28 14:20:38.998185785 +0100
|
+++ openssh-6.2p1/packet.h 2013-03-25 17:34:16.049337834 +0100
|
||||||
@@ -123,4 +123,5 @@ void packet_restore_state(void);
|
@@ -123,4 +123,5 @@ void packet_restore_state(void);
|
||||||
void *packet_get_input(void);
|
void *packet_get_input(void);
|
||||||
void *packet_get_output(void);
|
void *packet_get_output(void);
|
||||||
|
|
||||||
+void packet_destroy_all(int, int);
|
+void packet_destroy_all(int, int);
|
||||||
#endif /* PACKET_H */
|
#endif /* PACKET_H */
|
||||||
diff -up openssh-6.1p1/session.c.audit4 openssh-6.1p1/session.c
|
diff -up openssh-6.2p1/session.c.audit4 openssh-6.2p1/session.c
|
||||||
--- openssh-6.1p1/session.c.audit4 2012-11-28 14:20:38.983185855 +0100
|
--- openssh-6.2p1/session.c.audit4 2013-03-25 17:34:16.023337682 +0100
|
||||||
+++ openssh-6.1p1/session.c 2012-11-28 14:20:38.998185785 +0100
|
+++ openssh-6.2p1/session.c 2013-03-25 17:34:16.050337839 +0100
|
||||||
@@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command
|
@@ -1642,6 +1642,9 @@ do_child(Session *s, const char *command
|
||||||
|
|
||||||
/* remove hostkey from the child's memory */
|
/* remove hostkey from the child's memory */
|
||||||
destroy_sensitive_data();
|
destroy_sensitive_data();
|
||||||
@ -604,10 +598,10 @@ diff -up openssh-6.1p1/session.c.audit4 openssh-6.1p1/session.c
|
|||||||
|
|
||||||
/* Force a password change */
|
/* Force a password change */
|
||||||
if (s->authctxt->force_pwchange) {
|
if (s->authctxt->force_pwchange) {
|
||||||
diff -up openssh-6.1p1/sshd.c.audit4 openssh-6.1p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.audit4 openssh-6.2p1/sshd.c
|
||||||
--- openssh-6.1p1/sshd.c.audit4 2012-11-28 14:20:38.993185808 +0100
|
--- openssh-6.2p1/sshd.c.audit4 2013-03-25 17:34:16.039337775 +0100
|
||||||
+++ openssh-6.1p1/sshd.c 2012-11-28 14:20:38.999185780 +0100
|
+++ openssh-6.2p1/sshd.c 2013-03-25 17:34:16.050337839 +0100
|
||||||
@@ -692,6 +692,8 @@ privsep_preauth(Authctxt *authctxt)
|
@@ -701,6 +701,8 @@ privsep_preauth(Authctxt *authctxt)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -616,7 +610,7 @@ diff -up openssh-6.1p1/sshd.c.audit4 openssh-6.1p1/sshd.c
|
|||||||
static void
|
static void
|
||||||
privsep_postauth(Authctxt *authctxt)
|
privsep_postauth(Authctxt *authctxt)
|
||||||
{
|
{
|
||||||
@@ -716,6 +718,10 @@ privsep_postauth(Authctxt *authctxt)
|
@@ -725,6 +727,10 @@ privsep_postauth(Authctxt *authctxt)
|
||||||
else if (pmonitor->m_pid != 0) {
|
else if (pmonitor->m_pid != 0) {
|
||||||
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
|
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
|
||||||
buffer_clear(&loginmsg);
|
buffer_clear(&loginmsg);
|
||||||
@ -627,7 +621,7 @@ diff -up openssh-6.1p1/sshd.c.audit4 openssh-6.1p1/sshd.c
|
|||||||
monitor_child_postauth(pmonitor);
|
monitor_child_postauth(pmonitor);
|
||||||
|
|
||||||
/* NEVERREACHED */
|
/* NEVERREACHED */
|
||||||
@@ -2016,6 +2022,7 @@ main(int ac, char **av)
|
@@ -2033,6 +2039,7 @@ main(int ac, char **av)
|
||||||
*/
|
*/
|
||||||
if (use_privsep) {
|
if (use_privsep) {
|
||||||
mm_send_keystate(pmonitor);
|
mm_send_keystate(pmonitor);
|
||||||
@ -635,7 +629,7 @@ diff -up openssh-6.1p1/sshd.c.audit4 openssh-6.1p1/sshd.c
|
|||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2068,6 +2075,8 @@ main(int ac, char **av)
|
@@ -2085,6 +2092,8 @@ main(int ac, char **av)
|
||||||
do_authenticated(authctxt);
|
do_authenticated(authctxt);
|
||||||
|
|
||||||
/* The connection has been terminated. */
|
/* The connection has been terminated. */
|
||||||
@ -644,7 +638,7 @@ diff -up openssh-6.1p1/sshd.c.audit4 openssh-6.1p1/sshd.c
|
|||||||
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
|
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
|
||||||
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
|
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
|
||||||
verbose("Transferred: sent %llu, received %llu bytes",
|
verbose("Transferred: sent %llu, received %llu bytes",
|
||||||
@@ -2385,6 +2394,16 @@ do_ssh2_kex(void)
|
@@ -2402,6 +2411,16 @@ do_ssh2_kex(void)
|
||||||
void
|
void
|
||||||
cleanup_exit(int i)
|
cleanup_exit(int i)
|
||||||
{
|
{
|
||||||
@ -661,7 +655,7 @@ diff -up openssh-6.1p1/sshd.c.audit4 openssh-6.1p1/sshd.c
|
|||||||
if (the_authctxt) {
|
if (the_authctxt) {
|
||||||
do_cleanup(the_authctxt);
|
do_cleanup(the_authctxt);
|
||||||
if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
|
if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
|
||||||
@@ -2395,6 +2414,8 @@ cleanup_exit(int i)
|
@@ -2412,6 +2431,8 @@ cleanup_exit(int i)
|
||||||
pmonitor->m_pid, strerror(errno));
|
pmonitor->m_pid, strerror(errno));
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-6.0p1/audit-bsm.c.audit5 openssh-6.0p1/audit-bsm.c
|
diff -up openssh-6.2p1/audit-bsm.c.audit5 openssh-6.2p1/audit-bsm.c
|
||||||
--- openssh-6.0p1/audit-bsm.c.audit5 2012-08-06 20:37:50.036345216 +0200
|
--- openssh-6.2p1/audit-bsm.c.audit5 2013-03-25 17:43:27.495526587 +0100
|
||||||
+++ openssh-6.0p1/audit-bsm.c 2012-08-06 20:37:50.046345177 +0200
|
+++ openssh-6.2p1/audit-bsm.c 2013-03-25 17:43:27.502526627 +0100
|
||||||
@@ -491,4 +491,22 @@ audit_session_key_free_body(int ctos, pi
|
@@ -491,4 +491,22 @@ audit_session_key_free_body(int ctos, pi
|
||||||
{
|
{
|
||||||
/* not implemented */
|
/* not implemented */
|
||||||
@ -24,9 +24,9 @@ diff -up openssh-6.0p1/audit-bsm.c.audit5 openssh-6.0p1/audit-bsm.c
|
|||||||
+ /* not implemented */
|
+ /* not implemented */
|
||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-6.0p1/audit.c.audit5 openssh-6.0p1/audit.c
|
diff -up openssh-6.2p1/audit.c.audit5 openssh-6.2p1/audit.c
|
||||||
--- openssh-6.0p1/audit.c.audit5 2012-08-06 20:37:50.036345216 +0200
|
--- openssh-6.2p1/audit.c.audit5 2013-03-25 17:43:27.495526587 +0100
|
||||||
+++ openssh-6.0p1/audit.c 2012-08-06 20:37:50.047345173 +0200
|
+++ openssh-6.2p1/audit.c 2013-03-25 17:43:27.502526627 +0100
|
||||||
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
|
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
|
||||||
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
||||||
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
||||||
@ -52,9 +52,9 @@ diff -up openssh-6.0p1/audit.c.audit5 openssh-6.0p1/audit.c
|
|||||||
+}
|
+}
|
||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-6.0p1/audit.h.audit5 openssh-6.0p1/audit.h
|
diff -up openssh-6.2p1/audit.h.audit5 openssh-6.2p1/audit.h
|
||||||
--- openssh-6.0p1/audit.h.audit5 2012-08-06 20:37:50.037345212 +0200
|
--- openssh-6.2p1/audit.h.audit5 2013-03-25 17:43:27.496526593 +0100
|
||||||
+++ openssh-6.0p1/audit.h 2012-08-06 20:37:50.047345173 +0200
|
+++ openssh-6.2p1/audit.h 2013-03-25 17:43:27.502526627 +0100
|
||||||
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
|
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
|
||||||
};
|
};
|
||||||
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
||||||
@ -72,9 +72,9 @@ diff -up openssh-6.0p1/audit.h.audit5 openssh-6.0p1/audit.h
|
|||||||
+void audit_generate_ephemeral_server_key(const char *);
|
+void audit_generate_ephemeral_server_key(const char *);
|
||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-6.0p1/audit-linux.c.audit5 openssh-6.0p1/audit-linux.c
|
diff -up openssh-6.2p1/audit-linux.c.audit5 openssh-6.2p1/audit-linux.c
|
||||||
--- openssh-6.0p1/audit-linux.c.audit5 2012-08-06 20:37:50.037345212 +0200
|
--- openssh-6.2p1/audit-linux.c.audit5 2013-03-25 17:43:27.496526593 +0100
|
||||||
+++ openssh-6.0p1/audit-linux.c 2012-08-06 20:37:50.046345177 +0200
|
+++ openssh-6.2p1/audit-linux.c 2013-03-25 17:43:27.503526633 +0100
|
||||||
@@ -356,4 +356,50 @@ audit_session_key_free_body(int ctos, pi
|
@@ -356,4 +356,50 @@ audit_session_key_free_body(int ctos, pi
|
||||||
error("cannot write into audit");
|
error("cannot write into audit");
|
||||||
}
|
}
|
||||||
@ -126,10 +126,10 @@ diff -up openssh-6.0p1/audit-linux.c.audit5 openssh-6.0p1/audit-linux.c
|
|||||||
+ error("cannot write into audit");
|
+ error("cannot write into audit");
|
||||||
+}
|
+}
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-6.0p1/key.c.audit5 openssh-6.0p1/key.c
|
diff -up openssh-6.2p1/key.c.audit5 openssh-6.2p1/key.c
|
||||||
--- openssh-6.0p1/key.c.audit5 2012-08-06 20:37:49.992345388 +0200
|
--- openssh-6.2p1/key.c.audit5 2013-03-25 17:43:27.465526415 +0100
|
||||||
+++ openssh-6.0p1/key.c 2012-08-06 20:37:50.048345169 +0200
|
+++ openssh-6.2p1/key.c 2013-03-25 17:43:27.503526633 +0100
|
||||||
@@ -1794,6 +1794,30 @@ key_demote(const Key *k)
|
@@ -1809,6 +1809,30 @@ key_demote(const Key *k)
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -160,10 +160,10 @@ diff -up openssh-6.0p1/key.c.audit5 openssh-6.0p1/key.c
|
|||||||
key_is_cert(const Key *k)
|
key_is_cert(const Key *k)
|
||||||
{
|
{
|
||||||
if (k == NULL)
|
if (k == NULL)
|
||||||
diff -up openssh-6.0p1/key.h.audit5 openssh-6.0p1/key.h
|
diff -up openssh-6.2p1/key.h.audit5 openssh-6.2p1/key.h
|
||||||
--- openssh-6.0p1/key.h.audit5 2012-08-06 20:37:49.993345384 +0200
|
--- openssh-6.2p1/key.h.audit5 2013-03-25 17:43:27.465526415 +0100
|
||||||
+++ openssh-6.0p1/key.h 2012-08-06 20:37:50.049345165 +0200
|
+++ openssh-6.2p1/key.h 2013-03-25 17:43:27.503526633 +0100
|
||||||
@@ -109,6 +109,7 @@ Key *key_generate(int, u_int);
|
@@ -110,6 +110,7 @@ Key *key_generate(int, u_int);
|
||||||
Key *key_from_private(const Key *);
|
Key *key_from_private(const Key *);
|
||||||
int key_type_from_name(char *);
|
int key_type_from_name(char *);
|
||||||
int key_is_cert(const Key *);
|
int key_is_cert(const Key *);
|
||||||
@ -171,9 +171,9 @@ diff -up openssh-6.0p1/key.h.audit5 openssh-6.0p1/key.h
|
|||||||
int key_type_plain(int);
|
int key_type_plain(int);
|
||||||
int key_to_certified(Key *, int);
|
int key_to_certified(Key *, int);
|
||||||
int key_drop_cert(Key *);
|
int key_drop_cert(Key *);
|
||||||
diff -up openssh-6.0p1/monitor.c.audit5 openssh-6.0p1/monitor.c
|
diff -up openssh-6.2p1/monitor.c.audit5 openssh-6.2p1/monitor.c
|
||||||
--- openssh-6.0p1/monitor.c.audit5 2012-08-06 20:37:50.040345200 +0200
|
--- openssh-6.2p1/monitor.c.audit5 2013-03-25 17:43:27.497526599 +0100
|
||||||
+++ openssh-6.0p1/monitor.c 2012-08-06 20:37:50.049345165 +0200
|
+++ openssh-6.2p1/monitor.c 2013-03-25 17:43:27.504526639 +0100
|
||||||
@@ -114,6 +114,8 @@ extern Buffer auth_debug;
|
@@ -114,6 +114,8 @@ extern Buffer auth_debug;
|
||||||
extern int auth_debug_init;
|
extern int auth_debug_init;
|
||||||
extern Buffer loginmsg;
|
extern Buffer loginmsg;
|
||||||
@ -223,7 +223,7 @@ diff -up openssh-6.0p1/monitor.c.audit5 openssh-6.0p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -1744,6 +1751,8 @@ mm_answer_term(int sock, Buffer *req)
|
@@ -1752,6 +1759,8 @@ mm_answer_term(int sock, Buffer *req)
|
||||||
sshpam_cleanup();
|
sshpam_cleanup();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -232,7 +232,7 @@ diff -up openssh-6.0p1/monitor.c.audit5 openssh-6.0p1/monitor.c
|
|||||||
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
||||||
if (errno != EINTR)
|
if (errno != EINTR)
|
||||||
exit(1);
|
exit(1);
|
||||||
@@ -2485,4 +2494,25 @@ mm_answer_audit_session_key_free_body(in
|
@@ -2491,4 +2500,25 @@ mm_answer_audit_session_key_free_body(in
|
||||||
mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
|
mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -258,21 +258,23 @@ diff -up openssh-6.0p1/monitor.c.audit5 openssh-6.0p1/monitor.c
|
|||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-6.0p1/monitor.h.audit5 openssh-6.0p1/monitor.h
|
diff -up openssh-6.2p1/monitor.h.audit5 openssh-6.2p1/monitor.h
|
||||||
--- openssh-6.0p1/monitor.h.audit5 2012-08-06 20:37:50.040345200 +0200
|
--- openssh-6.2p1/monitor.h.audit5 2013-03-25 17:43:27.504526639 +0100
|
||||||
+++ openssh-6.0p1/monitor.h 2012-08-06 20:37:50.050345161 +0200
|
+++ openssh-6.2p1/monitor.h 2013-03-25 17:44:08.717763090 +0100
|
||||||
@@ -64,6 +64,7 @@ enum monitor_reqtype {
|
@@ -73,7 +73,8 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
MONITOR_REQ_AUDIT_END_COMMAND = 116,
|
||||||
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
MONITOR_REQ_AUDIT_UNSUPPORTED = 118, MONITOR_ANS_AUDIT_UNSUPPORTED = 119,
|
||||||
MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
|
MONITOR_REQ_AUDIT_KEX = 120, MONITOR_ANS_AUDIT_KEX = 121,
|
||||||
+ MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MONITOR_ANS_AUDIT_SERVER_KEY_FREE,
|
- MONITOR_REQ_AUDIT_SESSION_KEY_FREE = 122, MONITOR_ANS_AUDIT_SESSION_KEY_FREE = 123
|
||||||
MONITOR_REQ_TERM,
|
+ MONITOR_REQ_AUDIT_SESSION_KEY_FREE = 122, MONITOR_ANS_AUDIT_SESSION_KEY_FREE = 123,
|
||||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
+ MONITOR_REQ_AUDIT_SERVER_KEY_FREE = 124, MONITOR_ANS_AUDIT_SERVER_KEY_FREE = 125
|
||||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
|
||||||
diff -up openssh-6.0p1/monitor_wrap.c.audit5 openssh-6.0p1/monitor_wrap.c
|
};
|
||||||
--- openssh-6.0p1/monitor_wrap.c.audit5 2012-08-06 20:37:50.041345196 +0200
|
|
||||||
+++ openssh-6.0p1/monitor_wrap.c 2012-08-06 20:37:50.050345161 +0200
|
diff -up openssh-6.2p1/monitor_wrap.c.audit5 openssh-6.2p1/monitor_wrap.c
|
||||||
@@ -1539,4 +1539,20 @@ mm_audit_session_key_free_body(int ctos,
|
--- openssh-6.2p1/monitor_wrap.c.audit5 2013-03-25 17:43:27.498526604 +0100
|
||||||
|
+++ openssh-6.2p1/monitor_wrap.c 2013-03-25 17:43:27.505526645 +0100
|
||||||
|
@@ -1540,4 +1540,20 @@ mm_audit_session_key_free_body(int ctos,
|
||||||
&m);
|
&m);
|
||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
}
|
}
|
||||||
@ -293,9 +295,9 @@ diff -up openssh-6.0p1/monitor_wrap.c.audit5 openssh-6.0p1/monitor_wrap.c
|
|||||||
+ buffer_free(&m);
|
+ buffer_free(&m);
|
||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-6.0p1/monitor_wrap.h.audit5 openssh-6.0p1/monitor_wrap.h
|
diff -up openssh-6.2p1/monitor_wrap.h.audit5 openssh-6.2p1/monitor_wrap.h
|
||||||
--- openssh-6.0p1/monitor_wrap.h.audit5 2012-08-06 20:37:50.041345196 +0200
|
--- openssh-6.2p1/monitor_wrap.h.audit5 2013-03-25 17:43:27.498526604 +0100
|
||||||
+++ openssh-6.0p1/monitor_wrap.h 2012-08-06 20:37:50.051345157 +0200
|
+++ openssh-6.2p1/monitor_wrap.h 2013-03-25 17:43:27.505526645 +0100
|
||||||
@@ -80,6 +80,7 @@ void mm_audit_end_command(int, const cha
|
@@ -80,6 +80,7 @@ void mm_audit_end_command(int, const cha
|
||||||
void mm_audit_unsupported_body(int);
|
void mm_audit_unsupported_body(int);
|
||||||
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
||||||
@ -304,9 +306,9 @@ diff -up openssh-6.0p1/monitor_wrap.h.audit5 openssh-6.0p1/monitor_wrap.h
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-6.0p1/session.c.audit5 openssh-6.0p1/session.c
|
diff -up openssh-6.2p1/session.c.audit5 openssh-6.2p1/session.c
|
||||||
--- openssh-6.0p1/session.c.audit5 2012-08-06 20:37:50.043345189 +0200
|
--- openssh-6.2p1/session.c.audit5 2013-03-25 17:43:27.499526610 +0100
|
||||||
+++ openssh-6.0p1/session.c 2012-08-06 20:37:50.052345153 +0200
|
+++ openssh-6.2p1/session.c 2013-03-25 17:43:27.506526650 +0100
|
||||||
@@ -136,7 +136,7 @@ extern int log_stderr;
|
@@ -136,7 +136,7 @@ extern int log_stderr;
|
||||||
extern int debug_flag;
|
extern int debug_flag;
|
||||||
extern u_int utmp_len;
|
extern u_int utmp_len;
|
||||||
@ -316,7 +318,7 @@ diff -up openssh-6.0p1/session.c.audit5 openssh-6.0p1/session.c
|
|||||||
extern Buffer loginmsg;
|
extern Buffer loginmsg;
|
||||||
|
|
||||||
/* original command from peer. */
|
/* original command from peer. */
|
||||||
@@ -1633,7 +1633,7 @@ do_child(Session *s, const char *command
|
@@ -1641,7 +1641,7 @@ do_child(Session *s, const char *command
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
|
||||||
/* remove hostkey from the child's memory */
|
/* remove hostkey from the child's memory */
|
||||||
@ -325,9 +327,9 @@ diff -up openssh-6.0p1/session.c.audit5 openssh-6.0p1/session.c
|
|||||||
/* Don't audit this - both us and the parent would be talking to the
|
/* Don't audit this - both us and the parent would be talking to the
|
||||||
monitor over a single socket, with no synchronization. */
|
monitor over a single socket, with no synchronization. */
|
||||||
packet_destroy_all(0, 1);
|
packet_destroy_all(0, 1);
|
||||||
diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.audit5 openssh-6.2p1/sshd.c
|
||||||
--- openssh-6.0p1/sshd.c.audit5 2012-08-06 20:37:50.044345185 +0200
|
--- openssh-6.2p1/sshd.c.audit5 2013-03-25 17:43:27.500526616 +0100
|
||||||
+++ openssh-6.0p1/sshd.c 2012-08-06 20:37:50.053345149 +0200
|
+++ openssh-6.2p1/sshd.c 2013-03-25 17:43:27.506526650 +0100
|
||||||
@@ -255,7 +255,7 @@ Buffer loginmsg;
|
@@ -255,7 +255,7 @@ Buffer loginmsg;
|
||||||
struct passwd *privsep_pw = NULL;
|
struct passwd *privsep_pw = NULL;
|
||||||
|
|
||||||
@ -353,7 +355,7 @@ diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
|||||||
static void
|
static void
|
||||||
close_startup_pipes(void)
|
close_startup_pipes(void)
|
||||||
{
|
{
|
||||||
@@ -534,22 +543,47 @@ sshd_exchange_identification(int sock_in
|
@@ -545,22 +554,47 @@ sshd_exchange_identification(int sock_in
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -404,7 +406,7 @@ diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
|||||||
key_free(sensitive_data.host_certificates[i]);
|
key_free(sensitive_data.host_certificates[i]);
|
||||||
sensitive_data.host_certificates[i] = NULL;
|
sensitive_data.host_certificates[i] = NULL;
|
||||||
}
|
}
|
||||||
@@ -563,6 +597,8 @@ void
|
@@ -574,6 +608,8 @@ void
|
||||||
demote_sensitive_data(void)
|
demote_sensitive_data(void)
|
||||||
{
|
{
|
||||||
Key *tmp;
|
Key *tmp;
|
||||||
@ -413,7 +415,7 @@ diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
|||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (sensitive_data.server_key) {
|
if (sensitive_data.server_key) {
|
||||||
@@ -571,13 +607,27 @@ demote_sensitive_data(void)
|
@@ -582,13 +618,27 @@ demote_sensitive_data(void)
|
||||||
sensitive_data.server_key = tmp;
|
sensitive_data.server_key = tmp;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -441,7 +443,7 @@ diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
|||||||
}
|
}
|
||||||
/* Certs do not need demotion */
|
/* Certs do not need demotion */
|
||||||
}
|
}
|
||||||
@@ -1149,6 +1199,7 @@ server_accept_loop(int *sock_in, int *so
|
@@ -1160,6 +1210,7 @@ server_accept_loop(int *sock_in, int *so
|
||||||
if (received_sigterm) {
|
if (received_sigterm) {
|
||||||
logit("Received signal %d; terminating.",
|
logit("Received signal %d; terminating.",
|
||||||
(int) received_sigterm);
|
(int) received_sigterm);
|
||||||
@ -449,7 +451,7 @@ diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
|||||||
close_listen_socks();
|
close_listen_socks();
|
||||||
unlink(options.pid_file);
|
unlink(options.pid_file);
|
||||||
exit(received_sigterm == SIGTERM ? 0 : 255);
|
exit(received_sigterm == SIGTERM ? 0 : 255);
|
||||||
@@ -2054,7 +2105,7 @@ main(int ac, char **av)
|
@@ -2082,7 +2133,7 @@ main(int ac, char **av)
|
||||||
privsep_postauth(authctxt);
|
privsep_postauth(authctxt);
|
||||||
/* the monitor process [priv] will not return */
|
/* the monitor process [priv] will not return */
|
||||||
if (!compat20)
|
if (!compat20)
|
||||||
@ -458,7 +460,7 @@ diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
packet_set_timeout(options.client_alive_interval,
|
packet_set_timeout(options.client_alive_interval,
|
||||||
@@ -2065,6 +2116,7 @@ main(int ac, char **av)
|
@@ -2093,6 +2144,7 @@ main(int ac, char **av)
|
||||||
|
|
||||||
/* The connection has been terminated. */
|
/* The connection has been terminated. */
|
||||||
packet_destroy_all(1, 1);
|
packet_destroy_all(1, 1);
|
||||||
@ -466,7 +468,7 @@ diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
|||||||
|
|
||||||
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
|
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
|
||||||
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
|
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
|
||||||
@@ -2293,7 +2345,7 @@ do_ssh1_kex(void)
|
@@ -2321,7 +2373,7 @@ do_ssh1_kex(void)
|
||||||
session_id[i] = session_key[i] ^ session_key[i + 16];
|
session_id[i] = session_key[i] ^ session_key[i + 16];
|
||||||
}
|
}
|
||||||
/* Destroy the private and public keys. No longer. */
|
/* Destroy the private and public keys. No longer. */
|
||||||
@ -475,7 +477,7 @@ diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
|||||||
|
|
||||||
if (use_privsep)
|
if (use_privsep)
|
||||||
mm_ssh1_session_id(session_id);
|
mm_ssh1_session_id(session_id);
|
||||||
@@ -2404,6 +2456,8 @@ cleanup_exit(int i)
|
@@ -2432,6 +2484,8 @@ cleanup_exit(int i)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
|
is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-6.1p1/auth-pam.c.coverity openssh-6.1p1/auth-pam.c
|
diff -up openssh-6.2p1/auth-pam.c.coverity openssh-6.2p1/auth-pam.c
|
||||||
--- openssh-6.1p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200
|
--- openssh-6.2p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200
|
||||||
+++ openssh-6.1p1/auth-pam.c 2012-09-14 21:16:41.264906486 +0200
|
+++ openssh-6.2p1/auth-pam.c 2013-03-22 09:49:37.341595458 +0100
|
||||||
@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void *
|
@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void *
|
||||||
if (sshpam_thread_status != -1)
|
if (sshpam_thread_status != -1)
|
||||||
return (sshpam_thread_status);
|
return (sshpam_thread_status);
|
||||||
@ -15,30 +15,9 @@ diff -up openssh-6.1p1/auth-pam.c.coverity openssh-6.1p1/auth-pam.c
|
|||||||
return (status);
|
return (status);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
diff -up openssh-6.1p1/clientloop.c.coverity openssh-6.1p1/clientloop.c
|
diff -up openssh-6.2p1/channels.c.coverity openssh-6.2p1/channels.c
|
||||||
--- openssh-6.1p1/clientloop.c.coverity 2012-06-20 14:31:27.000000000 +0200
|
--- openssh-6.2p1/channels.c.coverity 2012-12-02 23:50:55.000000000 +0100
|
||||||
+++ openssh-6.1p1/clientloop.c 2012-09-14 21:16:41.267906501 +0200
|
+++ openssh-6.2p1/channels.c 2013-03-22 09:49:37.344595444 +0100
|
||||||
@@ -2006,14 +2006,15 @@ client_input_global_request(int type, u_
|
|
||||||
char *rtype;
|
|
||||||
int want_reply;
|
|
||||||
int success = 0;
|
|
||||||
+/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
|
|
||||||
|
|
||||||
rtype = packet_get_string(NULL);
|
|
||||||
want_reply = packet_get_char();
|
|
||||||
debug("client_input_global_request: rtype %s want_reply %d",
|
|
||||||
rtype, want_reply);
|
|
||||||
if (want_reply) {
|
|
||||||
- packet_start(success ?
|
|
||||||
- SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
|
|
||||||
+ packet_start(/*success ?
|
|
||||||
+ SSH2_MSG_REQUEST_SUCCESS :*/ SSH2_MSG_REQUEST_FAILURE);
|
|
||||||
packet_send();
|
|
||||||
packet_write_wait();
|
|
||||||
}
|
|
||||||
diff -up openssh-6.1p1/channels.c.coverity openssh-6.1p1/channels.c
|
|
||||||
--- openssh-6.1p1/channels.c.coverity 2012-04-23 10:21:05.000000000 +0200
|
|
||||||
+++ openssh-6.1p1/channels.c 2012-09-14 21:16:41.272906528 +0200
|
|
||||||
@@ -232,11 +232,11 @@ channel_register_fds(Channel *c, int rfd
|
@@ -232,11 +232,11 @@ channel_register_fds(Channel *c, int rfd
|
||||||
channel_max_fd = MAX(channel_max_fd, wfd);
|
channel_max_fd = MAX(channel_max_fd, wfd);
|
||||||
channel_max_fd = MAX(channel_max_fd, efd);
|
channel_max_fd = MAX(channel_max_fd, efd);
|
||||||
@ -69,9 +48,30 @@ diff -up openssh-6.1p1/channels.c.coverity openssh-6.1p1/channels.c
|
|||||||
set_nonblock(efd);
|
set_nonblock(efd);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
diff -up openssh-6.1p1/key.c.coverity openssh-6.1p1/key.c
|
diff -up openssh-6.2p1/clientloop.c.coverity openssh-6.2p1/clientloop.c
|
||||||
--- openssh-6.1p1/key.c.coverity 2012-06-30 12:05:02.000000000 +0200
|
--- openssh-6.2p1/clientloop.c.coverity 2013-01-09 05:55:51.000000000 +0100
|
||||||
+++ openssh-6.1p1/key.c 2012-09-14 21:16:41.274906537 +0200
|
+++ openssh-6.2p1/clientloop.c 2013-03-22 09:49:37.342595453 +0100
|
||||||
|
@@ -2061,14 +2061,15 @@ client_input_global_request(int type, u_
|
||||||
|
char *rtype;
|
||||||
|
int want_reply;
|
||||||
|
int success = 0;
|
||||||
|
+/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
|
||||||
|
|
||||||
|
rtype = packet_get_string(NULL);
|
||||||
|
want_reply = packet_get_char();
|
||||||
|
debug("client_input_global_request: rtype %s want_reply %d",
|
||||||
|
rtype, want_reply);
|
||||||
|
if (want_reply) {
|
||||||
|
- packet_start(success ?
|
||||||
|
- SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
|
||||||
|
+ packet_start(/*success ?
|
||||||
|
+ SSH2_MSG_REQUEST_SUCCESS :*/ SSH2_MSG_REQUEST_FAILURE);
|
||||||
|
packet_send();
|
||||||
|
packet_write_wait();
|
||||||
|
}
|
||||||
|
diff -up openssh-6.2p1/key.c.coverity openssh-6.2p1/key.c
|
||||||
|
--- openssh-6.2p1/key.c.coverity 2013-01-18 01:44:05.000000000 +0100
|
||||||
|
+++ openssh-6.2p1/key.c 2013-03-22 09:49:37.345595440 +0100
|
||||||
@@ -808,8 +808,10 @@ key_read(Key *ret, char **cpp)
|
@@ -808,8 +808,10 @@ key_read(Key *ret, char **cpp)
|
||||||
success = 1;
|
success = 1;
|
||||||
/*XXXX*/
|
/*XXXX*/
|
||||||
@ -83,19 +83,19 @@ diff -up openssh-6.1p1/key.c.coverity openssh-6.1p1/key.c
|
|||||||
/* advance cp: skip whitespace and data */
|
/* advance cp: skip whitespace and data */
|
||||||
while (*cp == ' ' || *cp == '\t')
|
while (*cp == ' ' || *cp == '\t')
|
||||||
cp++;
|
cp++;
|
||||||
diff -up openssh-6.1p1/monitor.c.coverity openssh-6.1p1/monitor.c
|
diff -up openssh-6.2p1/monitor.c.coverity openssh-6.2p1/monitor.c
|
||||||
--- openssh-6.1p1/monitor.c.coverity 2012-06-30 00:33:17.000000000 +0200
|
--- openssh-6.2p1/monitor.c.coverity 2012-12-12 00:44:39.000000000 +0100
|
||||||
+++ openssh-6.1p1/monitor.c 2012-09-14 21:16:41.277906552 +0200
|
+++ openssh-6.2p1/monitor.c 2013-03-22 12:19:55.189921353 +0100
|
||||||
@@ -420,7 +420,7 @@ monitor_child_preauth(Authctxt *_authctx
|
@@ -449,7 +449,7 @@ monitor_child_preauth(Authctxt *_authctx
|
||||||
}
|
mm_get_keystate(pmonitor);
|
||||||
|
|
||||||
/* Drain any buffered messages from the child */
|
/* Drain any buffered messages from the child */
|
||||||
- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
|
- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
|
||||||
+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
|
+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
|
||||||
;
|
;
|
||||||
|
|
||||||
if (!authctxt->valid)
|
close(pmonitor->m_sendfd);
|
||||||
@@ -1159,6 +1159,10 @@ mm_answer_keyallowed(int sock, Buffer *m
|
@@ -1194,6 +1194,10 @@ mm_answer_keyallowed(int sock, Buffer *m
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -106,7 +106,7 @@ diff -up openssh-6.1p1/monitor.c.coverity openssh-6.1p1/monitor.c
|
|||||||
if (key != NULL)
|
if (key != NULL)
|
||||||
key_free(key);
|
key_free(key);
|
||||||
|
|
||||||
@@ -1180,9 +1184,6 @@ mm_answer_keyallowed(int sock, Buffer *m
|
@@ -1216,9 +1220,6 @@ mm_answer_keyallowed(int sock, Buffer *m
|
||||||
xfree(chost);
|
xfree(chost);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -116,10 +116,10 @@ diff -up openssh-6.1p1/monitor.c.coverity openssh-6.1p1/monitor.c
|
|||||||
buffer_clear(m);
|
buffer_clear(m);
|
||||||
buffer_put_int(m, allowed);
|
buffer_put_int(m, allowed);
|
||||||
buffer_put_int(m, forced_command != NULL);
|
buffer_put_int(m, forced_command != NULL);
|
||||||
diff -up openssh-6.1p1/monitor_wrap.c.coverity openssh-6.1p1/monitor_wrap.c
|
diff -up openssh-6.2p1/monitor_wrap.c.coverity openssh-6.2p1/monitor_wrap.c
|
||||||
--- openssh-6.1p1/monitor_wrap.c.coverity 2011-06-20 06:42:23.000000000 +0200
|
--- openssh-6.2p1/monitor_wrap.c.coverity 2013-01-09 06:12:19.000000000 +0100
|
||||||
+++ openssh-6.1p1/monitor_wrap.c 2012-09-14 21:16:41.280906568 +0200
|
+++ openssh-6.2p1/monitor_wrap.c 2013-03-22 09:49:37.347595431 +0100
|
||||||
@@ -707,10 +707,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
|
@@ -708,10 +708,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
|
||||||
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
|
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
|
||||||
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
|
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
|
||||||
error("%s: cannot allocate fds for pty", __func__);
|
error("%s: cannot allocate fds for pty", __func__);
|
||||||
@ -133,9 +133,9 @@ diff -up openssh-6.1p1/monitor_wrap.c.coverity openssh-6.1p1/monitor_wrap.c
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
close(tmp1);
|
close(tmp1);
|
||||||
diff -up openssh-6.1p1/openbsd-compat/bindresvport.c.coverity openssh-6.1p1/openbsd-compat/bindresvport.c
|
diff -up openssh-6.2p1/openbsd-compat/bindresvport.c.coverity openssh-6.2p1/openbsd-compat/bindresvport.c
|
||||||
--- openssh-6.1p1/openbsd-compat/bindresvport.c.coverity 2010-12-03 00:50:26.000000000 +0100
|
--- openssh-6.2p1/openbsd-compat/bindresvport.c.coverity 2010-12-03 00:50:26.000000000 +0100
|
||||||
+++ openssh-6.1p1/openbsd-compat/bindresvport.c 2012-09-14 21:16:41.281906573 +0200
|
+++ openssh-6.2p1/openbsd-compat/bindresvport.c 2013-03-22 09:49:37.347595431 +0100
|
||||||
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
|
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
|
||||||
struct sockaddr_in6 *in6;
|
struct sockaddr_in6 *in6;
|
||||||
u_int16_t *portp;
|
u_int16_t *portp;
|
||||||
@ -145,10 +145,10 @@ diff -up openssh-6.1p1/openbsd-compat/bindresvport.c.coverity openssh-6.1p1/open
|
|||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (sa == NULL) {
|
if (sa == NULL) {
|
||||||
diff -up openssh-6.1p1/packet.c.coverity openssh-6.1p1/packet.c
|
diff -up openssh-6.2p1/packet.c.coverity openssh-6.2p1/packet.c
|
||||||
--- openssh-6.1p1/packet.c.coverity 2012-03-09 00:28:07.000000000 +0100
|
--- openssh-6.2p1/packet.c.coverity 2013-02-12 01:03:59.000000000 +0100
|
||||||
+++ openssh-6.1p1/packet.c 2012-09-14 21:16:41.284906588 +0200
|
+++ openssh-6.2p1/packet.c 2013-03-22 09:49:37.348595426 +0100
|
||||||
@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
|
@@ -1192,6 +1192,7 @@ packet_read_poll1(void)
|
||||||
case DEATTACK_DETECTED:
|
case DEATTACK_DETECTED:
|
||||||
packet_disconnect("crc32 compensation attack: "
|
packet_disconnect("crc32 compensation attack: "
|
||||||
"network attack detected");
|
"network attack detected");
|
||||||
@ -156,7 +156,7 @@ diff -up openssh-6.1p1/packet.c.coverity openssh-6.1p1/packet.c
|
|||||||
case DEATTACK_DOS_DETECTED:
|
case DEATTACK_DOS_DETECTED:
|
||||||
packet_disconnect("deattack denial of "
|
packet_disconnect("deattack denial of "
|
||||||
"service detected");
|
"service detected");
|
||||||
@@ -1678,7 +1679,7 @@ void
|
@@ -1728,7 +1729,7 @@ void
|
||||||
packet_write_wait(void)
|
packet_write_wait(void)
|
||||||
{
|
{
|
||||||
fd_set *setp;
|
fd_set *setp;
|
||||||
@ -165,9 +165,9 @@ diff -up openssh-6.1p1/packet.c.coverity openssh-6.1p1/packet.c
|
|||||||
struct timeval start, timeout, *timeoutp = NULL;
|
struct timeval start, timeout, *timeoutp = NULL;
|
||||||
|
|
||||||
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
|
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
|
||||||
diff -up openssh-6.1p1/progressmeter.c.coverity openssh-6.1p1/progressmeter.c
|
diff -up openssh-6.2p1/progressmeter.c.coverity openssh-6.2p1/progressmeter.c
|
||||||
--- openssh-6.1p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200
|
--- openssh-6.2p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200
|
||||||
+++ openssh-6.1p1/progressmeter.c 2012-09-14 21:16:41.285906593 +0200
|
+++ openssh-6.2p1/progressmeter.c 2013-03-22 09:49:37.349595422 +0100
|
||||||
@@ -65,7 +65,7 @@ static void update_progress_meter(int);
|
@@ -65,7 +65,7 @@ static void update_progress_meter(int);
|
||||||
|
|
||||||
static time_t start; /* start progress */
|
static time_t start; /* start progress */
|
||||||
@ -186,9 +186,9 @@ diff -up openssh-6.1p1/progressmeter.c.coverity openssh-6.1p1/progressmeter.c
|
|||||||
{
|
{
|
||||||
start = last_update = time(NULL);
|
start = last_update = time(NULL);
|
||||||
file = f;
|
file = f;
|
||||||
diff -up openssh-6.1p1/progressmeter.h.coverity openssh-6.1p1/progressmeter.h
|
diff -up openssh-6.2p1/progressmeter.h.coverity openssh-6.2p1/progressmeter.h
|
||||||
--- openssh-6.1p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200
|
--- openssh-6.2p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200
|
||||||
+++ openssh-6.1p1/progressmeter.h 2012-09-14 21:16:41.286906598 +0200
|
+++ openssh-6.2p1/progressmeter.h 2013-03-22 09:49:37.349595422 +0100
|
||||||
@@ -23,5 +23,5 @@
|
@@ -23,5 +23,5 @@
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
@ -196,9 +196,9 @@ diff -up openssh-6.1p1/progressmeter.h.coverity openssh-6.1p1/progressmeter.h
|
|||||||
-void start_progress_meter(char *, off_t, off_t *);
|
-void start_progress_meter(char *, off_t, off_t *);
|
||||||
+void start_progress_meter(const char *, off_t, off_t *);
|
+void start_progress_meter(const char *, off_t, off_t *);
|
||||||
void stop_progress_meter(void);
|
void stop_progress_meter(void);
|
||||||
diff -up openssh-6.1p1/scp.c.coverity openssh-6.1p1/scp.c
|
diff -up openssh-6.2p1/scp.c.coverity openssh-6.2p1/scp.c
|
||||||
--- openssh-6.1p1/scp.c.coverity 2011-09-22 13:38:01.000000000 +0200
|
--- openssh-6.2p1/scp.c.coverity 2013-03-20 02:55:15.000000000 +0100
|
||||||
+++ openssh-6.1p1/scp.c 2012-09-14 21:16:41.288906608 +0200
|
+++ openssh-6.2p1/scp.c 2013-03-22 09:49:37.349595422 +0100
|
||||||
@@ -155,7 +155,7 @@ killchild(int signo)
|
@@ -155,7 +155,7 @@ killchild(int signo)
|
||||||
{
|
{
|
||||||
if (do_cmd_pid > 1) {
|
if (do_cmd_pid > 1) {
|
||||||
@ -208,10 +208,10 @@ diff -up openssh-6.1p1/scp.c.coverity openssh-6.1p1/scp.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (signo)
|
if (signo)
|
||||||
diff -up openssh-6.1p1/servconf.c.coverity openssh-6.1p1/servconf.c
|
diff -up openssh-6.2p1/servconf.c.coverity openssh-6.2p1/servconf.c
|
||||||
--- openssh-6.1p1/servconf.c.coverity 2012-07-31 04:22:38.000000000 +0200
|
--- openssh-6.2p1/servconf.c.coverity 2013-02-12 01:02:08.000000000 +0100
|
||||||
+++ openssh-6.1p1/servconf.c 2012-09-14 21:16:41.291906623 +0200
|
+++ openssh-6.2p1/servconf.c 2013-03-22 09:49:37.350595418 +0100
|
||||||
@@ -1249,7 +1249,7 @@ process_server_config_line(ServerOptions
|
@@ -1268,7 +1268,7 @@ process_server_config_line(ServerOptions
|
||||||
fatal("%s line %d: Missing subsystem name.",
|
fatal("%s line %d: Missing subsystem name.",
|
||||||
filename, linenum);
|
filename, linenum);
|
||||||
if (!*activep) {
|
if (!*activep) {
|
||||||
@ -220,7 +220,7 @@ diff -up openssh-6.1p1/servconf.c.coverity openssh-6.1p1/servconf.c
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
for (i = 0; i < options->num_subsystems; i++)
|
for (i = 0; i < options->num_subsystems; i++)
|
||||||
@@ -1340,8 +1340,9 @@ process_server_config_line(ServerOptions
|
@@ -1359,8 +1359,9 @@ process_server_config_line(ServerOptions
|
||||||
if (*activep && *charptr == NULL) {
|
if (*activep && *charptr == NULL) {
|
||||||
*charptr = tilde_expand_filename(arg, getuid());
|
*charptr = tilde_expand_filename(arg, getuid());
|
||||||
/* increase optional counter */
|
/* increase optional counter */
|
||||||
@ -232,9 +232,9 @@ diff -up openssh-6.1p1/servconf.c.coverity openssh-6.1p1/servconf.c
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
diff -up openssh-6.1p1/serverloop.c.coverity openssh-6.1p1/serverloop.c
|
diff -up openssh-6.2p1/serverloop.c.coverity openssh-6.2p1/serverloop.c
|
||||||
--- openssh-6.1p1/serverloop.c.coverity 2012-06-20 14:31:27.000000000 +0200
|
--- openssh-6.2p1/serverloop.c.coverity 2012-12-07 03:07:47.000000000 +0100
|
||||||
+++ openssh-6.1p1/serverloop.c 2012-09-14 21:16:41.294906638 +0200
|
+++ openssh-6.2p1/serverloop.c 2013-03-22 09:49:37.351595413 +0100
|
||||||
@@ -147,13 +147,13 @@ notify_setup(void)
|
@@ -147,13 +147,13 @@ notify_setup(void)
|
||||||
static void
|
static void
|
||||||
notify_parent(void)
|
notify_parent(void)
|
||||||
@ -335,7 +335,7 @@ diff -up openssh-6.1p1/serverloop.c.coverity openssh-6.1p1/serverloop.c
|
|||||||
pty_change_window_size(fdin, row, col, xpixel, ypixel);
|
pty_change_window_size(fdin, row, col, xpixel, ypixel);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -996,7 +996,7 @@ server_request_tun(void)
|
@@ -1003,7 +1003,7 @@ server_request_tun(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
tun = packet_get_int();
|
tun = packet_get_int();
|
||||||
@ -344,10 +344,10 @@ diff -up openssh-6.1p1/serverloop.c.coverity openssh-6.1p1/serverloop.c
|
|||||||
if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
|
if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
|
||||||
goto done;
|
goto done;
|
||||||
tun = forced_tun_device;
|
tun = forced_tun_device;
|
||||||
diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
diff -up openssh-6.2p1/sftp.c.coverity openssh-6.2p1/sftp.c
|
||||||
--- openssh-6.1p1/sftp.c.coverity 2012-06-30 00:33:32.000000000 +0200
|
--- openssh-6.2p1/sftp.c.coverity 2013-02-22 23:12:24.000000000 +0100
|
||||||
+++ openssh-6.1p1/sftp.c 2012-09-14 21:16:41.297906653 +0200
|
+++ openssh-6.2p1/sftp.c 2013-03-22 09:49:37.352595409 +0100
|
||||||
@@ -206,7 +206,7 @@ killchild(int signo)
|
@@ -202,7 +202,7 @@ killchild(int signo)
|
||||||
{
|
{
|
||||||
if (sshpid > 1) {
|
if (sshpid > 1) {
|
||||||
kill(sshpid, SIGTERM);
|
kill(sshpid, SIGTERM);
|
||||||
@ -356,7 +356,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
_exit(1);
|
_exit(1);
|
||||||
@@ -316,7 +316,7 @@ local_do_ls(const char *args)
|
@@ -312,7 +312,7 @@ local_do_ls(const char *args)
|
||||||
|
|
||||||
/* Strip one path (usually the pwd) from the start of another */
|
/* Strip one path (usually the pwd) from the start of another */
|
||||||
static char *
|
static char *
|
||||||
@ -365,7 +365,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
{
|
{
|
||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
@@ -334,7 +334,7 @@ path_strip(char *path, char *strip)
|
@@ -330,7 +330,7 @@ path_strip(char *path, char *strip)
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *
|
static char *
|
||||||
@ -374,7 +374,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
{
|
{
|
||||||
char *abs_str;
|
char *abs_str;
|
||||||
|
|
||||||
@@ -482,7 +482,7 @@ parse_df_flags(const char *cmd, char **a
|
@@ -478,7 +478,7 @@ parse_df_flags(const char *cmd, char **a
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -383,7 +383,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
{
|
{
|
||||||
struct stat sb;
|
struct stat sb;
|
||||||
|
|
||||||
@@ -494,7 +494,7 @@ is_dir(char *path)
|
@@ -490,7 +490,7 @@ is_dir(char *path)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -392,7 +392,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
{
|
{
|
||||||
Attrib *a;
|
Attrib *a;
|
||||||
|
|
||||||
@@ -508,7 +508,7 @@ remote_is_dir(struct sftp_conn *conn, ch
|
@@ -504,7 +504,7 @@ remote_is_dir(struct sftp_conn *conn, ch
|
||||||
|
|
||||||
/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
|
/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
|
||||||
static int
|
static int
|
||||||
@ -401,7 +401,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
{
|
{
|
||||||
size_t l = strlen(pathname);
|
size_t l = strlen(pathname);
|
||||||
|
|
||||||
@@ -516,7 +516,7 @@ pathname_is_dir(char *pathname)
|
@@ -512,7 +512,7 @@ pathname_is_dir(char *pathname)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -410,7 +410,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
int pflag, int rflag)
|
int pflag, int rflag)
|
||||||
{
|
{
|
||||||
char *abs_src = NULL;
|
char *abs_src = NULL;
|
||||||
@@ -590,7 +590,7 @@ out:
|
@@ -586,7 +586,7 @@ out:
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -419,7 +419,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
int pflag, int rflag)
|
int pflag, int rflag)
|
||||||
{
|
{
|
||||||
char *tmp_dst = NULL;
|
char *tmp_dst = NULL;
|
||||||
@@ -695,7 +695,7 @@ sdirent_comp(const void *aa, const void
|
@@ -691,7 +691,7 @@ sdirent_comp(const void *aa, const void
|
||||||
|
|
||||||
/* sftp ls.1 replacement for directories */
|
/* sftp ls.1 replacement for directories */
|
||||||
static int
|
static int
|
||||||
@ -428,7 +428,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
{
|
{
|
||||||
int n;
|
int n;
|
||||||
u_int c = 1, colspace = 0, columns = 1;
|
u_int c = 1, colspace = 0, columns = 1;
|
||||||
@@ -780,7 +780,7 @@ do_ls_dir(struct sftp_conn *conn, char *
|
@@ -776,7 +776,7 @@ do_ls_dir(struct sftp_conn *conn, char *
|
||||||
|
|
||||||
/* sftp ls.1 replacement which handles path globs */
|
/* sftp ls.1 replacement which handles path globs */
|
||||||
static int
|
static int
|
||||||
@ -437,7 +437,7 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
int lflag)
|
int lflag)
|
||||||
{
|
{
|
||||||
char *fname, *lname;
|
char *fname, *lname;
|
||||||
@@ -861,7 +861,7 @@ do_globbed_ls(struct sftp_conn *conn, ch
|
@@ -857,7 +857,7 @@ do_globbed_ls(struct sftp_conn *conn, ch
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -446,9 +446,9 @@ diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c
|
|||||||
{
|
{
|
||||||
struct sftp_statvfs st;
|
struct sftp_statvfs st;
|
||||||
char s_used[FMT_SCALED_STRSIZE];
|
char s_used[FMT_SCALED_STRSIZE];
|
||||||
diff -up openssh-6.1p1/sftp-client.c.coverity openssh-6.1p1/sftp-client.c
|
diff -up openssh-6.2p1/sftp-client.c.coverity openssh-6.2p1/sftp-client.c
|
||||||
--- openssh-6.1p1/sftp-client.c.coverity 2012-07-02 14:15:39.000000000 +0200
|
--- openssh-6.2p1/sftp-client.c.coverity 2012-07-02 14:15:39.000000000 +0200
|
||||||
+++ openssh-6.1p1/sftp-client.c 2012-09-14 21:18:16.891332281 +0200
|
+++ openssh-6.2p1/sftp-client.c 2013-03-22 09:49:37.353595404 +0100
|
||||||
@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
|
@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -656,9 +656,9 @@ diff -up openssh-6.1p1/sftp-client.c.coverity openssh-6.1p1/sftp-client.c
|
|||||||
{
|
{
|
||||||
char *ret;
|
char *ret;
|
||||||
size_t len = strlen(p1) + strlen(p2) + 2;
|
size_t len = strlen(p1) + strlen(p2) + 2;
|
||||||
diff -up openssh-6.1p1/sftp-client.h.coverity openssh-6.1p1/sftp-client.h
|
diff -up openssh-6.2p1/sftp-client.h.coverity openssh-6.2p1/sftp-client.h
|
||||||
--- openssh-6.1p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100
|
--- openssh-6.2p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100
|
||||||
+++ openssh-6.1p1/sftp-client.h 2012-09-14 21:16:41.301906674 +0200
|
+++ openssh-6.2p1/sftp-client.h 2013-03-22 09:49:37.353595404 +0100
|
||||||
@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
|
@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
|
||||||
u_int sftp_proto_version(struct sftp_conn *);
|
u_int sftp_proto_version(struct sftp_conn *);
|
||||||
|
|
||||||
@ -756,9 +756,9 @@ diff -up openssh-6.1p1/sftp-client.h.coverity openssh-6.1p1/sftp-client.h
|
|||||||
+char *path_append(const char *, const char *);
|
+char *path_append(const char *, const char *);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
diff -up openssh-6.1p1/ssh-agent.c.coverity openssh-6.1p1/ssh-agent.c
|
diff -up openssh-6.2p1/ssh-agent.c.coverity openssh-6.2p1/ssh-agent.c
|
||||||
--- openssh-6.1p1/ssh-agent.c.coverity 2011-06-03 06:14:16.000000000 +0200
|
--- openssh-6.2p1/ssh-agent.c.coverity 2011-06-03 06:14:16.000000000 +0200
|
||||||
+++ openssh-6.1p1/ssh-agent.c 2012-09-14 21:16:41.303906683 +0200
|
+++ openssh-6.2p1/ssh-agent.c 2013-03-22 09:49:37.354595400 +0100
|
||||||
@@ -1147,8 +1147,8 @@ main(int ac, char **av)
|
@@ -1147,8 +1147,8 @@ main(int ac, char **av)
|
||||||
sanitise_stdfd();
|
sanitise_stdfd();
|
||||||
|
|
||||||
@ -770,10 +770,10 @@ diff -up openssh-6.1p1/ssh-agent.c.coverity openssh-6.1p1/ssh-agent.c
|
|||||||
|
|
||||||
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
|
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
|
||||||
/* Disable ptrace on Linux without sgid bit */
|
/* Disable ptrace on Linux without sgid bit */
|
||||||
diff -up openssh-6.1p1/sshd.c.coverity openssh-6.1p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.coverity openssh-6.2p1/sshd.c
|
||||||
--- openssh-6.1p1/sshd.c.coverity 2012-07-31 04:21:34.000000000 +0200
|
--- openssh-6.2p1/sshd.c.coverity 2013-02-12 01:04:48.000000000 +0100
|
||||||
+++ openssh-6.1p1/sshd.c 2012-09-14 21:16:41.307906705 +0200
|
+++ openssh-6.2p1/sshd.c 2013-03-22 09:49:37.355595396 +0100
|
||||||
@@ -682,8 +682,10 @@ privsep_preauth(Authctxt *authctxt)
|
@@ -691,8 +691,10 @@ privsep_preauth(Authctxt *authctxt)
|
||||||
if (getuid() == 0 || geteuid() == 0)
|
if (getuid() == 0 || geteuid() == 0)
|
||||||
privsep_preauth_child();
|
privsep_preauth_child();
|
||||||
setproctitle("%s", "[net]");
|
setproctitle("%s", "[net]");
|
||||||
@ -785,7 +785,7 @@ diff -up openssh-6.1p1/sshd.c.coverity openssh-6.1p1/sshd.c
|
|||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -1311,6 +1313,9 @@ server_accept_loop(int *sock_in, int *so
|
@@ -1320,6 +1322,9 @@ server_accept_loop(int *sock_in, int *so
|
||||||
if (num_listen_socks < 0)
|
if (num_listen_socks < 0)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -795,7 +795,7 @@ diff -up openssh-6.1p1/sshd.c.coverity openssh-6.1p1/sshd.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1768,7 +1773,7 @@ main(int ac, char **av)
|
@@ -1806,7 +1811,7 @@ main(int ac, char **av)
|
||||||
|
|
||||||
/* Chdir to the root directory so that the current disk can be
|
/* Chdir to the root directory so that the current disk can be
|
||||||
unmounted if desired. */
|
unmounted if desired. */
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.9p1/ctr-cavstest.c.ctr-cavs openssh-5.9p1/ctr-cavstest.c
|
diff -up openssh-6.2p1/ctr-cavstest.c.ctr-cavs openssh-6.2p1/ctr-cavstest.c
|
||||||
--- openssh-5.9p1/ctr-cavstest.c.ctr-cavs 2012-01-13 15:59:06.584283289 +0100
|
--- openssh-6.2p1/ctr-cavstest.c.ctr-cavs 2013-03-25 21:35:52.512586671 +0100
|
||||||
+++ openssh-5.9p1/ctr-cavstest.c 2012-01-13 18:21:33.791941027 +0100
|
+++ openssh-6.2p1/ctr-cavstest.c 2013-03-25 21:35:52.512586671 +0100
|
||||||
@@ -0,0 +1,208 @@
|
@@ -0,0 +1,208 @@
|
||||||
+/*
|
+/*
|
||||||
+ *
|
+ *
|
||||||
@ -194,7 +194,7 @@ diff -up openssh-5.9p1/ctr-cavstest.c.ctr-cavs openssh-5.9p1/ctr-cavstest.c
|
|||||||
+ return 2;
|
+ return 2;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ cipher_crypt(&cc, outdata, data, datalen);
|
+ cipher_crypt(&cc, outdata, data, datalen, 0, 0);
|
||||||
+
|
+
|
||||||
+ xfree(data);
|
+ xfree(data);
|
||||||
+
|
+
|
||||||
@ -210,9 +210,9 @@ diff -up openssh-5.9p1/ctr-cavstest.c.ctr-cavs openssh-5.9p1/ctr-cavstest.c
|
|||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff -up openssh-5.9p1/Makefile.in.ctr-cavs openssh-5.9p1/Makefile.in
|
diff -up openssh-6.2p1/Makefile.in.ctr-cavs openssh-6.2p1/Makefile.in
|
||||||
--- openssh-5.9p1/Makefile.in.ctr-cavs 2012-01-13 15:59:06.539282357 +0100
|
--- openssh-6.2p1/Makefile.in.ctr-cavs 2013-03-25 21:35:52.451586280 +0100
|
||||||
+++ openssh-5.9p1/Makefile.in 2012-01-13 15:59:06.588283373 +0100
|
+++ openssh-6.2p1/Makefile.in 2013-03-25 21:37:14.956114584 +0100
|
||||||
@@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
@@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||||
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
||||||
SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
|
SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
|
||||||
@ -221,16 +221,16 @@ diff -up openssh-5.9p1/Makefile.in.ctr-cavs openssh-5.9p1/Makefile.in
|
|||||||
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
||||||
PRIVSEP_PATH=@PRIVSEP_PATH@
|
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||||
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||||
@@ -63,7 +64,7 @@ EXEEXT=@EXEEXT@
|
@@ -65,7 +66,7 @@ EXEEXT=@EXEEXT@
|
||||||
MANFMT=@MANFMT@
|
MANFMT=@MANFMT@
|
||||||
INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
|
INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
|
||||||
|
|
||||||
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
|
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
|
||||||
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
|
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
|
||||||
|
|
||||||
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
||||||
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
|
canohost.o channels.o cipher.o cipher-aes.o \
|
||||||
@@ -171,6 +172,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
|
@@ -174,6 +175,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
|
||||||
ssh-keycat$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keycat.o
|
ssh-keycat$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keycat.o
|
||||||
$(LD) -o $@ ssh-keycat.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(SSHDLIBS)
|
$(LD) -o $@ ssh-keycat.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(SSHDLIBS)
|
||||||
|
|
||||||
@ -240,7 +240,7 @@ diff -up openssh-5.9p1/Makefile.in.ctr-cavs openssh-5.9p1/Makefile.in
|
|||||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||||
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
|
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
|
||||||
|
|
||||||
@@ -271,6 +275,7 @@ install-files:
|
@@ -281,6 +285,7 @@ install-files:
|
||||||
$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
|
$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
|
||||||
fi
|
fi
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-6.0p1/entropy.c.entropy openssh-6.0p1/entropy.c
|
diff -up openssh-6.2p1/entropy.c.entropy openssh-6.2p1/entropy.c
|
||||||
--- openssh-6.0p1/entropy.c.entropy 2012-08-06 20:51:59.131033413 +0200
|
--- openssh-6.2p1/entropy.c.entropy 2013-03-25 19:31:42.737611051 +0100
|
||||||
+++ openssh-6.0p1/entropy.c 2012-08-06 20:51:59.171033257 +0200
|
+++ openssh-6.2p1/entropy.c 2013-03-25 19:31:42.797611433 +0100
|
||||||
@@ -237,6 +237,9 @@ seed_rng(void)
|
@@ -237,6 +237,9 @@ seed_rng(void)
|
||||||
memset(buf, '\0', sizeof(buf));
|
memset(buf, '\0', sizeof(buf));
|
||||||
|
|
||||||
@ -11,21 +11,21 @@ diff -up openssh-6.0p1/entropy.c.entropy openssh-6.0p1/entropy.c
|
|||||||
if (RAND_status() != 1)
|
if (RAND_status() != 1)
|
||||||
fatal("PRNG is not seeded");
|
fatal("PRNG is not seeded");
|
||||||
}
|
}
|
||||||
diff -up openssh-6.0p1/openbsd-compat/Makefile.in.entropy openssh-6.0p1/openbsd-compat/Makefile.in
|
diff -up openssh-6.2p1/openbsd-compat/Makefile.in.entropy openssh-6.2p1/openbsd-compat/Makefile.in
|
||||||
--- openssh-6.0p1/openbsd-compat/Makefile.in.entropy 2012-08-06 20:51:59.100033534 +0200
|
--- openssh-6.2p1/openbsd-compat/Makefile.in.entropy 2013-03-25 19:31:42.798611440 +0100
|
||||||
+++ openssh-6.0p1/openbsd-compat/Makefile.in 2012-08-06 20:51:59.171033257 +0200
|
+++ openssh-6.2p1/openbsd-compat/Makefile.in 2013-03-25 19:33:02.042116876 +0100
|
||||||
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
|
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
|
||||||
|
|
||||||
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||||
|
|
||||||
-PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
|
-PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
|
||||||
+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
|
+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
|
||||||
|
|
||||||
.c.o:
|
.c.o:
|
||||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||||
diff -up openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.0p1/openbsd-compat/port-linux-prng.c
|
diff -up openssh-6.2p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.2p1/openbsd-compat/port-linux-prng.c
|
||||||
--- openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy 2012-08-06 20:51:59.171033257 +0200
|
--- openssh-6.2p1/openbsd-compat/port-linux-prng.c.entropy 2013-03-25 19:31:42.798611440 +0100
|
||||||
+++ openssh-6.0p1/openbsd-compat/port-linux-prng.c 2012-08-06 20:51:59.171033257 +0200
|
+++ openssh-6.2p1/openbsd-compat/port-linux-prng.c 2013-03-25 19:31:42.798611440 +0100
|
||||||
@@ -0,0 +1,59 @@
|
@@ -0,0 +1,59 @@
|
||||||
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
|
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
|
||||||
+
|
+
|
||||||
@ -86,37 +86,10 @@ diff -up openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.0p1/op
|
|||||||
+ fatal ("EOF reading %s", random);
|
+ fatal ("EOF reading %s", random);
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
diff -up openssh-6.0p1/ssh.1.entropy openssh-6.0p1/ssh.1
|
diff -up openssh-6.2p1/ssh-add.0.entropy openssh-6.2p1/ssh-add.0
|
||||||
--- openssh-6.0p1/ssh.1.entropy 2012-08-06 20:51:59.139033382 +0200
|
--- openssh-6.2p1/ssh-add.0.entropy 2013-03-22 00:38:29.000000000 +0100
|
||||||
+++ openssh-6.0p1/ssh.1 2012-08-06 20:51:59.174033245 +0200
|
+++ openssh-6.2p1/ssh-add.0 2013-03-25 19:31:42.799611446 +0100
|
||||||
@@ -1269,6 +1269,23 @@ For more information, see the
|
@@ -82,6 +82,16 @@ ENVIRONMENT
|
||||||
.Cm PermitUserEnvironment
|
|
||||||
option in
|
|
||||||
.Xr sshd_config 5 .
|
|
||||||
+.Sh ENVIRONMENT
|
|
||||||
+.Bl -tag -width Ds -compact
|
|
||||||
+.It Ev SSH_USE_STRONG_RNG
|
|
||||||
+The reseeding of the OpenSSL random generator is usually done from
|
|
||||||
+.Cm /dev/urandom .
|
|
||||||
+If the
|
|
||||||
+.Cm SSH_USE_STRONG_RNG
|
|
||||||
+environment variable is set to value other than
|
|
||||||
+.Cm 0
|
|
||||||
+the OpenSSL random generator is reseeded from
|
|
||||||
+.Cm /dev/random .
|
|
||||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
|
||||||
+Minimum is 6 bytes.
|
|
||||||
+This setting is not recommended on the computers without the hardware
|
|
||||||
+random generator because insufficient entropy causes the connection to
|
|
||||||
+be blocked until enough entropy is available.
|
|
||||||
+.El
|
|
||||||
.Sh FILES
|
|
||||||
.Bl -tag -width Ds -compact
|
|
||||||
.It Pa ~/.rhosts
|
|
||||||
diff -up openssh-6.1p1/ssh-add.0.entropy openssh-6.1p1/ssh-add.0
|
|
||||||
--- openssh-6.1p1/ssh-add.0.entropy 2012-11-12 13:11:42.717393364 +0100
|
|
||||||
+++ openssh-6.1p1/ssh-add.0 2012-11-12 13:12:46.288108790 +0100
|
|
||||||
@@ -81,6 +81,16 @@ ENVIRONMENT
|
|
||||||
Identifies the path of a UNIX-domain socket used to communicate
|
Identifies the path of a UNIX-domain socket used to communicate
|
||||||
with the agent.
|
with the agent.
|
||||||
|
|
||||||
@ -133,9 +106,9 @@ diff -up openssh-6.1p1/ssh-add.0.entropy openssh-6.1p1/ssh-add.0
|
|||||||
FILES
|
FILES
|
||||||
~/.ssh/identity
|
~/.ssh/identity
|
||||||
Contains the protocol version 1 RSA authentication identity of
|
Contains the protocol version 1 RSA authentication identity of
|
||||||
diff -up openssh-6.1p1/ssh-add.1.entropy openssh-6.1p1/ssh-add.1
|
diff -up openssh-6.2p1/ssh-add.1.entropy openssh-6.2p1/ssh-add.1
|
||||||
--- openssh-6.1p1/ssh-add.1.entropy 2011-10-18 07:06:33.000000000 +0200
|
--- openssh-6.2p1/ssh-add.1.entropy 2012-12-07 03:06:13.000000000 +0100
|
||||||
+++ openssh-6.1p1/ssh-add.1 2012-11-12 13:11:24.711476108 +0100
|
+++ openssh-6.2p1/ssh-add.1 2013-03-25 19:31:42.799611446 +0100
|
||||||
@@ -160,6 +160,20 @@ to make this work.)
|
@@ -160,6 +160,20 @@ to make this work.)
|
||||||
Identifies the path of a
|
Identifies the path of a
|
||||||
.Ux Ns -domain
|
.Ux Ns -domain
|
||||||
@ -157,10 +130,9 @@ diff -up openssh-6.1p1/ssh-add.1.entropy openssh-6.1p1/ssh-add.1
|
|||||||
.El
|
.El
|
||||||
.Sh FILES
|
.Sh FILES
|
||||||
.Bl -tag -width Ds
|
.Bl -tag -width Ds
|
||||||
.It Pa ~/.ssh/identity
|
diff -up openssh-6.2p1/ssh-agent.1.entropy openssh-6.2p1/ssh-agent.1
|
||||||
diff -up openssh-6.0p1/ssh-agent.1.entropy openssh-6.0p1/ssh-agent.1
|
--- openssh-6.2p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100
|
||||||
--- openssh-6.0p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100
|
+++ openssh-6.2p1/ssh-agent.1 2013-03-25 19:31:42.800611452 +0100
|
||||||
+++ openssh-6.0p1/ssh-agent.1 2012-08-06 20:51:59.172033253 +0200
|
|
||||||
@@ -198,6 +198,24 @@ sockets used to contain the connection t
|
@@ -198,6 +198,24 @@ sockets used to contain the connection t
|
||||||
These sockets should only be readable by the owner.
|
These sockets should only be readable by the owner.
|
||||||
The sockets should get automatically removed when the agent exits.
|
The sockets should get automatically removed when the agent exits.
|
||||||
@ -186,10 +158,10 @@ diff -up openssh-6.0p1/ssh-agent.1.entropy openssh-6.0p1/ssh-agent.1
|
|||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr ssh 1 ,
|
.Xr ssh 1 ,
|
||||||
.Xr ssh-add 1 ,
|
.Xr ssh-add 1 ,
|
||||||
diff -up openssh-6.0p1/sshd.8.entropy openssh-6.0p1/sshd.8
|
diff -up openssh-6.2p1/sshd.8.entropy openssh-6.2p1/sshd.8
|
||||||
--- openssh-6.0p1/sshd.8.entropy 2012-08-06 20:51:59.139033382 +0200
|
--- openssh-6.2p1/sshd.8.entropy 2013-03-25 19:31:42.752611146 +0100
|
||||||
+++ openssh-6.0p1/sshd.8 2012-08-06 20:51:59.174033245 +0200
|
+++ openssh-6.2p1/sshd.8 2013-03-25 19:31:42.800611452 +0100
|
||||||
@@ -943,6 +943,24 @@ concurrently for different ports, this c
|
@@ -945,6 +945,24 @@ concurrently for different ports, this c
|
||||||
started last).
|
started last).
|
||||||
The content of this file is not sensitive; it can be world-readable.
|
The content of this file is not sensitive; it can be world-readable.
|
||||||
.El
|
.El
|
||||||
@ -214,10 +186,10 @@ diff -up openssh-6.0p1/sshd.8.entropy openssh-6.0p1/sshd.8
|
|||||||
.Sh IPV6
|
.Sh IPV6
|
||||||
IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
|
IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
diff -up openssh-6.0p1/ssh-keygen.1.entropy openssh-6.0p1/ssh-keygen.1
|
diff -up openssh-6.2p1/ssh-keygen.1.entropy openssh-6.2p1/ssh-keygen.1
|
||||||
--- openssh-6.0p1/ssh-keygen.1.entropy 2011-10-18 07:05:21.000000000 +0200
|
--- openssh-6.2p1/ssh-keygen.1.entropy 2013-01-20 12:35:06.000000000 +0100
|
||||||
+++ openssh-6.0p1/ssh-keygen.1 2012-08-06 20:51:59.173033249 +0200
|
+++ openssh-6.2p1/ssh-keygen.1 2013-03-25 19:31:42.801611459 +0100
|
||||||
@@ -675,6 +675,24 @@ Contains Diffie-Hellman groups used for
|
@@ -806,6 +806,24 @@ Contains Diffie-Hellman groups used for
|
||||||
The file format is described in
|
The file format is described in
|
||||||
.Xr moduli 5 .
|
.Xr moduli 5 .
|
||||||
.El
|
.El
|
||||||
@ -242,9 +214,9 @@ diff -up openssh-6.0p1/ssh-keygen.1.entropy openssh-6.0p1/ssh-keygen.1
|
|||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr ssh 1 ,
|
.Xr ssh 1 ,
|
||||||
.Xr ssh-add 1 ,
|
.Xr ssh-add 1 ,
|
||||||
diff -up openssh-6.0p1/ssh-keysign.8.entropy openssh-6.0p1/ssh-keysign.8
|
diff -up openssh-6.2p1/ssh-keysign.8.entropy openssh-6.2p1/ssh-keysign.8
|
||||||
--- openssh-6.0p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200
|
--- openssh-6.2p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200
|
||||||
+++ openssh-6.0p1/ssh-keysign.8 2012-08-06 20:51:59.173033249 +0200
|
+++ openssh-6.2p1/ssh-keysign.8 2013-03-25 19:31:42.801611459 +0100
|
||||||
@@ -78,6 +78,24 @@ must be set-uid root if host-based authe
|
@@ -78,6 +78,24 @@ must be set-uid root if host-based authe
|
||||||
If these files exist they are assumed to contain public certificate
|
If these files exist they are assumed to contain public certificate
|
||||||
information corresponding with the private keys above.
|
information corresponding with the private keys above.
|
||||||
@ -270,3 +242,30 @@ diff -up openssh-6.0p1/ssh-keysign.8.entropy openssh-6.0p1/ssh-keysign.8
|
|||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr ssh 1 ,
|
.Xr ssh 1 ,
|
||||||
.Xr ssh-keygen 1 ,
|
.Xr ssh-keygen 1 ,
|
||||||
|
diff -up openssh-6.2p1/ssh.1.entropy openssh-6.2p1/ssh.1
|
||||||
|
--- openssh-6.2p1/ssh.1.entropy 2013-03-25 19:31:42.752611146 +0100
|
||||||
|
+++ openssh-6.2p1/ssh.1 2013-03-25 19:31:42.799611446 +0100
|
||||||
|
@@ -1277,6 +1277,23 @@ For more information, see the
|
||||||
|
.Cm PermitUserEnvironment
|
||||||
|
option in
|
||||||
|
.Xr sshd_config 5 .
|
||||||
|
+.Sh ENVIRONMENT
|
||||||
|
+.Bl -tag -width Ds -compact
|
||||||
|
+.It Ev SSH_USE_STRONG_RNG
|
||||||
|
+The reseeding of the OpenSSL random generator is usually done from
|
||||||
|
+.Cm /dev/urandom .
|
||||||
|
+If the
|
||||||
|
+.Cm SSH_USE_STRONG_RNG
|
||||||
|
+environment variable is set to value other than
|
||||||
|
+.Cm 0
|
||||||
|
+the OpenSSL random generator is reseeded from
|
||||||
|
+.Cm /dev/random .
|
||||||
|
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||||
|
+Minimum is 6 bytes.
|
||||||
|
+This setting is not recommended on the computers without the hardware
|
||||||
|
+random generator because insufficient entropy causes the connection to
|
||||||
|
+be blocked until enough entropy is available.
|
||||||
|
+.El
|
||||||
|
.Sh FILES
|
||||||
|
.Bl -tag -width Ds -compact
|
||||||
|
.It Pa ~/.rhosts
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.8p1/auth2-hostbased.c.fingerprint openssh-5.8p1/auth2-hostbased.c
|
diff -up openssh-6.2p1/auth2-hostbased.c.fingerprint openssh-6.2p1/auth2-hostbased.c
|
||||||
--- openssh-5.8p1/auth2-hostbased.c.fingerprint 2010-08-05 05:04:50.000000000 +0200
|
--- openssh-6.2p1/auth2-hostbased.c.fingerprint 2010-08-05 05:04:50.000000000 +0200
|
||||||
+++ openssh-5.8p1/auth2-hostbased.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/auth2-hostbased.c 2013-03-22 12:20:49.009685008 +0100
|
||||||
@@ -196,16 +196,18 @@ hostbased_key_allowed(struct passwd *pw,
|
@@ -196,16 +196,18 @@ hostbased_key_allowed(struct passwd *pw,
|
||||||
|
|
||||||
if (host_status == HOST_OK) {
|
if (host_status == HOST_OK) {
|
||||||
@ -27,10 +27,10 @@ diff -up openssh-5.8p1/auth2-hostbased.c.fingerprint openssh-5.8p1/auth2-hostbas
|
|||||||
}
|
}
|
||||||
xfree(fp);
|
xfree(fp);
|
||||||
}
|
}
|
||||||
diff -up openssh-5.8p1/auth2-pubkey.c.fingerprint openssh-5.8p1/auth2-pubkey.c
|
diff -up openssh-6.2p1/auth2-pubkey.c.fingerprint openssh-6.2p1/auth2-pubkey.c
|
||||||
--- openssh-5.8p1/auth2-pubkey.c.fingerprint 2010-12-01 01:50:14.000000000 +0100
|
--- openssh-6.2p1/auth2-pubkey.c.fingerprint 2013-02-15 00:28:56.000000000 +0100
|
||||||
+++ openssh-5.8p1/auth2-pubkey.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/auth2-pubkey.c 2013-03-22 12:20:49.009685008 +0100
|
||||||
@@ -319,10 +319,10 @@ user_key_allowed2(struct passwd *pw, Key
|
@@ -317,10 +317,10 @@ check_authkeys_file(FILE *f, char *file,
|
||||||
continue;
|
continue;
|
||||||
if (!key_is_cert_authority)
|
if (!key_is_cert_authority)
|
||||||
continue;
|
continue;
|
||||||
@ -45,7 +45,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.fingerprint openssh-5.8p1/auth2-pubkey.c
|
|||||||
/*
|
/*
|
||||||
* If the user has specified a list of principals as
|
* If the user has specified a list of principals as
|
||||||
* a key option, then prefer that list to matching
|
* a key option, then prefer that list to matching
|
||||||
@@ -362,9 +362,9 @@ user_key_allowed2(struct passwd *pw, Key
|
@@ -360,9 +360,9 @@ check_authkeys_file(FILE *f, char *file,
|
||||||
found_key = 1;
|
found_key = 1;
|
||||||
debug("matching key found: file %s, line %lu",
|
debug("matching key found: file %s, line %lu",
|
||||||
file, linenum);
|
file, linenum);
|
||||||
@ -58,7 +58,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.fingerprint openssh-5.8p1/auth2-pubkey.c
|
|||||||
xfree(fp);
|
xfree(fp);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -388,13 +388,13 @@ user_cert_trusted_ca(struct passwd *pw,
|
@@ -384,13 +384,13 @@ user_cert_trusted_ca(struct passwd *pw,
|
||||||
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
|
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
@ -76,12 +76,12 @@ diff -up openssh-5.8p1/auth2-pubkey.c.fingerprint openssh-5.8p1/auth2-pubkey.c
|
|||||||
options.trusted_user_ca_keys);
|
options.trusted_user_ca_keys);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
diff -up openssh-5.8p1/auth.c.fingerprint openssh-5.8p1/auth.c
|
diff -up openssh-6.2p1/auth.c.fingerprint openssh-6.2p1/auth.c
|
||||||
--- openssh-5.8p1/auth.c.fingerprint 2010-12-01 02:21:51.000000000 +0100
|
--- openssh-6.2p1/auth.c.fingerprint 2013-03-12 01:31:05.000000000 +0100
|
||||||
+++ openssh-5.8p1/auth.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/auth.c 2013-03-22 12:22:32.515230386 +0100
|
||||||
@@ -639,9 +639,10 @@ auth_key_is_revoked(Key *key)
|
@@ -663,9 +663,10 @@ auth_key_is_revoked(Key *key)
|
||||||
return 1;
|
|
||||||
case 1:
|
case 1:
|
||||||
|
revoked:
|
||||||
/* Key revoked */
|
/* Key revoked */
|
||||||
- key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
- key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
||||||
+ key_fp = key_selected_fingerprint(key, SSH_FP_HEX);
|
+ key_fp = key_selected_fingerprint(key, SSH_FP_HEX);
|
||||||
@ -92,10 +92,10 @@ diff -up openssh-5.8p1/auth.c.fingerprint openssh-5.8p1/auth.c
|
|||||||
xfree(key_fp);
|
xfree(key_fp);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
diff -up openssh-5.8p1/auth-rsa.c.fingerprint openssh-5.8p1/auth-rsa.c
|
diff -up openssh-6.2p1/auth-rsa.c.fingerprint openssh-6.2p1/auth-rsa.c
|
||||||
--- openssh-5.8p1/auth-rsa.c.fingerprint 2010-12-04 23:01:47.000000000 +0100
|
--- openssh-6.2p1/auth-rsa.c.fingerprint 2012-10-30 22:58:59.000000000 +0100
|
||||||
+++ openssh-5.8p1/auth-rsa.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/auth-rsa.c 2013-03-22 12:20:49.011684999 +0100
|
||||||
@@ -318,9 +318,9 @@ auth_rsa(Authctxt *authctxt, BIGNUM *cli
|
@@ -328,9 +328,9 @@ auth_rsa(Authctxt *authctxt, BIGNUM *cli
|
||||||
* options; this will be reset if the options cause the
|
* options; this will be reset if the options cause the
|
||||||
* authentication to be rejected.
|
* authentication to be rejected.
|
||||||
*/
|
*/
|
||||||
@ -108,10 +108,10 @@ diff -up openssh-5.8p1/auth-rsa.c.fingerprint openssh-5.8p1/auth-rsa.c
|
|||||||
xfree(fp);
|
xfree(fp);
|
||||||
key_free(key);
|
key_free(key);
|
||||||
|
|
||||||
diff -up openssh-5.8p1/key.c.fingerprint openssh-5.8p1/key.c
|
diff -up openssh-6.2p1/key.c.fingerprint openssh-6.2p1/key.c
|
||||||
--- openssh-5.8p1/key.c.fingerprint 2011-02-04 01:48:34.000000000 +0100
|
--- openssh-6.2p1/key.c.fingerprint 2013-03-22 12:20:48.971685175 +0100
|
||||||
+++ openssh-5.8p1/key.c 2011-02-25 09:18:16.000000000 +0100
|
+++ openssh-6.2p1/key.c 2013-03-22 12:20:49.012684995 +0100
|
||||||
@@ -594,6 +594,34 @@ key_fingerprint(Key *k, enum fp_type dgs
|
@@ -599,6 +599,34 @@ key_fingerprint(Key *k, enum fp_type dgs
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -146,23 +146,23 @@ diff -up openssh-5.8p1/key.c.fingerprint openssh-5.8p1/key.c
|
|||||||
/*
|
/*
|
||||||
* Reads a multiple-precision integer in decimal from the buffer, and advances
|
* Reads a multiple-precision integer in decimal from the buffer, and advances
|
||||||
* the pointer. The integer must already be initialized. This function is
|
* the pointer. The integer must already be initialized. This function is
|
||||||
diff -up openssh-5.8p1/key.h.fingerprint openssh-5.8p1/key.h
|
diff -up openssh-6.2p1/key.h.fingerprint openssh-6.2p1/key.h
|
||||||
--- openssh-5.8p1/key.h.fingerprint 2010-11-05 00:19:49.000000000 +0100
|
--- openssh-6.2p1/key.h.fingerprint 2013-01-18 01:44:05.000000000 +0100
|
||||||
+++ openssh-5.8p1/key.h 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/key.h 2013-03-22 12:23:35.308954528 +0100
|
||||||
@@ -96,6 +96,9 @@ int key_equal_public(const Key *, cons
|
@@ -97,6 +97,9 @@ int key_equal_public(const Key *, cons
|
||||||
int key_equal(const Key *, const Key *);
|
int key_equal(const Key *, const Key *);
|
||||||
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
|
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
|
||||||
u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *);
|
u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
|
||||||
+enum fp_type key_fingerprint_selection(void);
|
+enum fp_type key_fingerprint_selection(void);
|
||||||
+char *key_selected_fingerprint(Key *, enum fp_rep);
|
+char *key_selected_fingerprint(Key *, enum fp_rep);
|
||||||
+char *key_fingerprint_prefix(void);
|
+char *key_fingerprint_prefix(void);
|
||||||
const char *key_type(const Key *);
|
const char *key_type(const Key *);
|
||||||
const char *key_cert_type(const Key *);
|
const char *key_cert_type(const Key *);
|
||||||
int key_write(const Key *, FILE *);
|
int key_write(const Key *, FILE *);
|
||||||
diff -up openssh-5.8p1/ssh-add.c.fingerprint openssh-5.8p1/ssh-add.c
|
diff -up openssh-6.2p1/ssh-add.c.fingerprint openssh-6.2p1/ssh-add.c
|
||||||
--- openssh-5.8p1/ssh-add.c.fingerprint 2010-11-11 04:17:02.000000000 +0100
|
--- openssh-6.2p1/ssh-add.c.fingerprint 2012-12-07 03:07:03.000000000 +0100
|
||||||
+++ openssh-5.8p1/ssh-add.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/ssh-add.c 2013-03-22 12:20:49.029684920 +0100
|
||||||
@@ -280,10 +280,10 @@ list_identities(AuthenticationConnection
|
@@ -326,10 +326,10 @@ list_identities(AuthenticationConnection
|
||||||
key = ssh_get_next_identity(ac, &comment, version)) {
|
key = ssh_get_next_identity(ac, &comment, version)) {
|
||||||
had_identities = 1;
|
had_identities = 1;
|
||||||
if (do_fp) {
|
if (do_fp) {
|
||||||
@ -177,9 +177,9 @@ diff -up openssh-5.8p1/ssh-add.c.fingerprint openssh-5.8p1/ssh-add.c
|
|||||||
xfree(fp);
|
xfree(fp);
|
||||||
} else {
|
} else {
|
||||||
if (!key_write(key, stdout))
|
if (!key_write(key, stdout))
|
||||||
diff -up openssh-5.8p1/ssh-agent.c.fingerprint openssh-5.8p1/ssh-agent.c
|
diff -up openssh-6.2p1/ssh-agent.c.fingerprint openssh-6.2p1/ssh-agent.c
|
||||||
--- openssh-5.8p1/ssh-agent.c.fingerprint 2010-12-01 01:50:35.000000000 +0100
|
--- openssh-6.2p1/ssh-agent.c.fingerprint 2013-03-22 12:20:48.979685140 +0100
|
||||||
+++ openssh-5.8p1/ssh-agent.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/ssh-agent.c 2013-03-22 12:20:49.030684916 +0100
|
||||||
@@ -199,9 +199,9 @@ confirm_key(Identity *id)
|
@@ -199,9 +199,9 @@ confirm_key(Identity *id)
|
||||||
char *p;
|
char *p;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
@ -193,10 +193,10 @@ diff -up openssh-5.8p1/ssh-agent.c.fingerprint openssh-5.8p1/ssh-agent.c
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
xfree(p);
|
xfree(p);
|
||||||
|
|
||||||
diff -up openssh-5.8p1/sshconnect2.c.fingerprint openssh-5.8p1/sshconnect2.c
|
diff -up openssh-6.2p1/sshconnect2.c.fingerprint openssh-6.2p1/sshconnect2.c
|
||||||
--- openssh-5.8p1/sshconnect2.c.fingerprint 2010-12-01 02:21:51.000000000 +0100
|
--- openssh-6.2p1/sshconnect2.c.fingerprint 2013-03-20 02:55:15.000000000 +0100
|
||||||
+++ openssh-5.8p1/sshconnect2.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/sshconnect2.c 2013-03-22 12:20:49.031684912 +0100
|
||||||
@@ -590,8 +590,9 @@ input_userauth_pk_ok(int type, u_int32_t
|
@@ -592,8 +592,9 @@ input_userauth_pk_ok(int type, u_int32_t
|
||||||
key->type, pktype);
|
key->type, pktype);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -208,7 +208,7 @@ diff -up openssh-5.8p1/sshconnect2.c.fingerprint openssh-5.8p1/sshconnect2.c
|
|||||||
xfree(fp);
|
xfree(fp);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1203,8 +1204,9 @@ sign_and_send_pubkey(Authctxt *authctxt,
|
@@ -1205,8 +1206,9 @@ sign_and_send_pubkey(Authctxt *authctxt,
|
||||||
int have_sig = 1;
|
int have_sig = 1;
|
||||||
char *fp;
|
char *fp;
|
||||||
|
|
||||||
@ -220,10 +220,10 @@ diff -up openssh-5.8p1/sshconnect2.c.fingerprint openssh-5.8p1/sshconnect2.c
|
|||||||
xfree(fp);
|
xfree(fp);
|
||||||
|
|
||||||
if (key_to_blob(id->key, &blob, &bloblen) == 0) {
|
if (key_to_blob(id->key, &blob, &bloblen) == 0) {
|
||||||
diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c
|
diff -up openssh-6.2p1/sshconnect.c.fingerprint openssh-6.2p1/sshconnect.c
|
||||||
--- openssh-5.8p1/sshconnect.c.fingerprint 2011-01-16 13:17:59.000000000 +0100
|
--- openssh-6.2p1/sshconnect.c.fingerprint 2012-09-17 05:25:44.000000000 +0200
|
||||||
+++ openssh-5.8p1/sshconnect.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/sshconnect.c 2013-03-22 12:20:49.032684907 +0100
|
||||||
@@ -798,10 +798,10 @@ check_host_key(char *hostname, struct so
|
@@ -824,10 +824,10 @@ check_host_key(char *hostname, struct so
|
||||||
"key for IP address '%.128s' to the list "
|
"key for IP address '%.128s' to the list "
|
||||||
"of known hosts.", type, ip);
|
"of known hosts.", type, ip);
|
||||||
} else if (options.visual_host_key) {
|
} else if (options.visual_host_key) {
|
||||||
@ -238,7 +238,7 @@ diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c
|
|||||||
xfree(ra);
|
xfree(ra);
|
||||||
xfree(fp);
|
xfree(fp);
|
||||||
}
|
}
|
||||||
@@ -838,9 +838,8 @@ check_host_key(char *hostname, struct so
|
@@ -865,9 +865,8 @@ check_host_key(char *hostname, struct so
|
||||||
else
|
else
|
||||||
snprintf(msg1, sizeof(msg1), ".");
|
snprintf(msg1, sizeof(msg1), ".");
|
||||||
/* The default */
|
/* The default */
|
||||||
@ -250,7 +250,7 @@ diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c
|
|||||||
msg2[0] = '\0';
|
msg2[0] = '\0';
|
||||||
if (options.verify_host_key_dns) {
|
if (options.verify_host_key_dns) {
|
||||||
if (matching_host_key_dns)
|
if (matching_host_key_dns)
|
||||||
@@ -855,10 +854,11 @@ check_host_key(char *hostname, struct so
|
@@ -882,10 +881,11 @@ check_host_key(char *hostname, struct so
|
||||||
snprintf(msg, sizeof(msg),
|
snprintf(msg, sizeof(msg),
|
||||||
"The authenticity of host '%.200s (%s)' can't be "
|
"The authenticity of host '%.200s (%s)' can't be "
|
||||||
"established%s\n"
|
"established%s\n"
|
||||||
@ -264,7 +264,7 @@ diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c
|
|||||||
options.visual_host_key ? "\n" : "",
|
options.visual_host_key ? "\n" : "",
|
||||||
options.visual_host_key ? ra : "",
|
options.visual_host_key ? ra : "",
|
||||||
msg2);
|
msg2);
|
||||||
@@ -1104,8 +1104,9 @@ verify_host_key(char *host, struct socka
|
@@ -1130,8 +1130,9 @@ verify_host_key(char *host, struct socka
|
||||||
int flags = 0;
|
int flags = 0;
|
||||||
char *fp;
|
char *fp;
|
||||||
|
|
||||||
@ -276,7 +276,7 @@ diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c
|
|||||||
xfree(fp);
|
xfree(fp);
|
||||||
|
|
||||||
/* XXX certs are not yet supported for DNS */
|
/* XXX certs are not yet supported for DNS */
|
||||||
@@ -1214,14 +1215,15 @@ show_other_keys(struct hostkeys *hostkey
|
@@ -1232,14 +1233,15 @@ show_other_keys(struct hostkeys *hostkey
|
||||||
continue;
|
continue;
|
||||||
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
|
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
|
||||||
continue;
|
continue;
|
||||||
@ -296,7 +296,7 @@ diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c
|
|||||||
if (options.visual_host_key)
|
if (options.visual_host_key)
|
||||||
logit("%s", ra);
|
logit("%s", ra);
|
||||||
xfree(ra);
|
xfree(ra);
|
||||||
@@ -1236,7 +1238,7 @@ warn_changed_key(Key *host_key)
|
@@ -1254,7 +1256,7 @@ warn_changed_key(Key *host_key)
|
||||||
{
|
{
|
||||||
char *fp;
|
char *fp;
|
||||||
|
|
||||||
@ -305,7 +305,7 @@ diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c
|
|||||||
|
|
||||||
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
|
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
|
||||||
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
|
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
|
||||||
@@ -1244,8 +1246,8 @@ warn_changed_key(Key *host_key)
|
@@ -1262,8 +1264,8 @@ warn_changed_key(Key *host_key)
|
||||||
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
|
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
|
||||||
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
|
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
|
||||||
error("It is also possible that a host key has just been changed.");
|
error("It is also possible that a host key has just been changed.");
|
||||||
@ -316,10 +316,10 @@ diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c
|
|||||||
error("Please contact your system administrator.");
|
error("Please contact your system administrator.");
|
||||||
|
|
||||||
xfree(fp);
|
xfree(fp);
|
||||||
diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c
|
diff -up openssh-6.2p1/ssh-keygen.c.fingerprint openssh-6.2p1/ssh-keygen.c
|
||||||
--- openssh-5.8p1/ssh-keygen.c.fingerprint 2011-01-11 07:20:31.000000000 +0100
|
--- openssh-6.2p1/ssh-keygen.c.fingerprint 2013-02-12 01:03:36.000000000 +0100
|
||||||
+++ openssh-5.8p1/ssh-keygen.c 2011-02-25 09:17:18.000000000 +0100
|
+++ openssh-6.2p1/ssh-keygen.c 2013-03-22 12:20:49.033684903 +0100
|
||||||
@@ -714,13 +714,14 @@ do_fingerprint(struct passwd *pw)
|
@@ -767,13 +767,14 @@ do_fingerprint(struct passwd *pw)
|
||||||
{
|
{
|
||||||
FILE *f;
|
FILE *f;
|
||||||
Key *public;
|
Key *public;
|
||||||
@ -336,7 +336,7 @@ diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c
|
|||||||
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
|
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
|
||||||
|
|
||||||
if (!have_identity)
|
if (!have_identity)
|
||||||
@@ -732,8 +733,8 @@ do_fingerprint(struct passwd *pw)
|
@@ -785,8 +786,8 @@ do_fingerprint(struct passwd *pw)
|
||||||
public = key_load_public(identity_file, &comment);
|
public = key_load_public(identity_file, &comment);
|
||||||
if (public != NULL) {
|
if (public != NULL) {
|
||||||
fp = key_fingerprint(public, fptype, rep);
|
fp = key_fingerprint(public, fptype, rep);
|
||||||
@ -347,7 +347,7 @@ diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c
|
|||||||
key_type(public));
|
key_type(public));
|
||||||
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
||||||
printf("%s\n", ra);
|
printf("%s\n", ra);
|
||||||
@@ -798,8 +799,8 @@ do_fingerprint(struct passwd *pw)
|
@@ -851,8 +852,8 @@ do_fingerprint(struct passwd *pw)
|
||||||
}
|
}
|
||||||
comment = *cp ? cp : comment;
|
comment = *cp ? cp : comment;
|
||||||
fp = key_fingerprint(public, fptype, rep);
|
fp = key_fingerprint(public, fptype, rep);
|
||||||
@ -358,7 +358,7 @@ diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c
|
|||||||
comment ? comment : "no comment", key_type(public));
|
comment ? comment : "no comment", key_type(public));
|
||||||
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
||||||
printf("%s\n", ra);
|
printf("%s\n", ra);
|
||||||
@@ -823,13 +824,15 @@ printhost(FILE *f, const char *name, Key
|
@@ -970,13 +971,15 @@ printhost(FILE *f, const char *name, Key
|
||||||
if (print_fingerprint) {
|
if (print_fingerprint) {
|
||||||
enum fp_rep rep;
|
enum fp_rep rep;
|
||||||
enum fp_type fptype;
|
enum fp_type fptype;
|
||||||
@ -378,7 +378,7 @@ diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c
|
|||||||
key_type(public));
|
key_type(public));
|
||||||
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
||||||
printf("%s\n", ra);
|
printf("%s\n", ra);
|
||||||
@@ -1695,16 +1698,17 @@ do_show_cert(struct passwd *pw)
|
@@ -1854,16 +1857,17 @@ do_show_cert(struct passwd *pw)
|
||||||
fatal("%s is not a certificate", identity_file);
|
fatal("%s is not a certificate", identity_file);
|
||||||
v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00;
|
v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00;
|
||||||
|
|
||||||
@ -402,7 +402,7 @@ diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c
|
|||||||
printf(" Key ID: \"%s\"\n", key->cert->key_id);
|
printf(" Key ID: \"%s\"\n", key->cert->key_id);
|
||||||
if (!v00) {
|
if (!v00) {
|
||||||
printf(" Serial: %llu\n",
|
printf(" Serial: %llu\n",
|
||||||
@@ -2249,13 +2253,12 @@ passphrase_again:
|
@@ -2651,13 +2655,12 @@ passphrase_again:
|
||||||
fclose(f);
|
fclose(f);
|
||||||
|
|
||||||
if (!quiet) {
|
if (!quiet) {
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.9p1/authfile.c.fips openssh-5.9p1/authfile.c
|
diff -up openssh-6.2p1/authfile.c.fips openssh-6.2p1/authfile.c
|
||||||
--- openssh-5.9p1/authfile.c.fips 2012-07-17 20:57:35.078155160 +0200
|
--- openssh-6.2p1/authfile.c.fips 2013-03-27 13:14:49.164683482 +0100
|
||||||
+++ openssh-5.9p1/authfile.c 2012-07-17 20:57:35.086155338 +0200
|
+++ openssh-6.2p1/authfile.c 2013-03-27 13:14:49.177683431 +0100
|
||||||
@@ -148,8 +148,14 @@ key_private_rsa1_to_blob(Key *key, Buffe
|
@@ -148,8 +148,14 @@ key_private_rsa1_to_blob(Key *key, Buffe
|
||||||
/* Allocate space for the private part of the key in the buffer. */
|
/* Allocate space for the private part of the key in the buffer. */
|
||||||
cp = buffer_append_space(&encrypted, buffer_len(&buffer));
|
cp = buffer_append_space(&encrypted, buffer_len(&buffer));
|
||||||
@ -16,7 +16,7 @@ diff -up openssh-5.9p1/authfile.c.fips openssh-5.9p1/authfile.c
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
cipher_crypt(&ciphercontext, cp,
|
cipher_crypt(&ciphercontext, cp,
|
||||||
buffer_ptr(&buffer), buffer_len(&buffer));
|
buffer_ptr(&buffer), buffer_len(&buffer), 0, 0);
|
||||||
cipher_cleanup(&ciphercontext);
|
cipher_cleanup(&ciphercontext);
|
||||||
@@ -472,8 +478,13 @@ key_parse_private_rsa1(Buffer *blob, con
|
@@ -472,8 +478,13 @@ key_parse_private_rsa1(Buffer *blob, con
|
||||||
cp = buffer_append_space(&decrypted, buffer_len(©));
|
cp = buffer_append_space(&decrypted, buffer_len(©));
|
||||||
@ -32,11 +32,11 @@ diff -up openssh-5.9p1/authfile.c.fips openssh-5.9p1/authfile.c
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
cipher_crypt(&ciphercontext, cp,
|
cipher_crypt(&ciphercontext, cp,
|
||||||
buffer_ptr(©), buffer_len(©));
|
buffer_ptr(©), buffer_len(©), 0, 0);
|
||||||
cipher_cleanup(&ciphercontext);
|
cipher_cleanup(&ciphercontext);
|
||||||
diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
|
diff -up openssh-6.2p1/cipher.c.fips openssh-6.2p1/cipher.c
|
||||||
--- openssh-5.9p1/cipher.c.fips 2012-07-17 20:57:34.988153164 +0200
|
--- openssh-6.2p1/cipher.c.fips 2013-03-27 13:14:49.087683788 +0100
|
||||||
+++ openssh-5.9p1/cipher.c 2012-07-17 20:57:35.086155338 +0200
|
+++ openssh-6.2p1/cipher.c 2013-03-27 13:14:49.177683431 +0100
|
||||||
@@ -40,6 +40,7 @@
|
@@ -40,6 +40,7 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
@ -45,30 +45,35 @@ diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
|
|||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
@@ -86,6 +87,22 @@ struct Cipher ciphers[] = {
|
@@ -89,6 +90,27 @@ struct Cipher ciphers[] = {
|
||||||
{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
|
{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
+struct Cipher fips_ciphers[] = {
|
+struct Cipher fips_ciphers[] = {
|
||||||
+ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
|
+ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
|
||||||
+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
|
+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
|
||||||
+
|
+
|
||||||
+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
|
+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
|
||||||
+ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
|
+ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
|
||||||
+ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
|
+ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
|
||||||
+ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
|
+ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
|
||||||
+ { "rijndael-cbc@lysator.liu.se",
|
+ { "rijndael-cbc@lysator.liu.se",
|
||||||
+ SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
|
+ SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
|
||||||
+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
|
+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
|
||||||
+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
|
+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_128_ctr },
|
||||||
+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
|
+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_128_ctr },
|
||||||
+ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
|
+#ifdef OPENSSL_HAVE_EVPGCM
|
||||||
|
+ { "aes128-gcm@openssh.com",
|
||||||
|
+ SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
|
||||||
|
+ { "aes256-gcm@openssh.com",
|
||||||
|
+ SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
|
||||||
|
+#endif
|
||||||
|
+ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, NULL }
|
||||||
+};
|
+};
|
||||||
+
|
|
||||||
/*--*/
|
/*--*/
|
||||||
|
|
||||||
u_int
|
u_int
|
||||||
@@ -128,7 +145,7 @@ Cipher *
|
@@ -143,7 +165,7 @@ Cipher *
|
||||||
cipher_by_name(const char *name)
|
cipher_by_name(const char *name)
|
||||||
{
|
{
|
||||||
Cipher *c;
|
Cipher *c;
|
||||||
@ -77,7 +82,7 @@ diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
|
|||||||
if (strcmp(c->name, name) == 0)
|
if (strcmp(c->name, name) == 0)
|
||||||
return c;
|
return c;
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -138,7 +155,7 @@ Cipher *
|
@@ -153,7 +175,7 @@ Cipher *
|
||||||
cipher_by_number(int id)
|
cipher_by_number(int id)
|
||||||
{
|
{
|
||||||
Cipher *c;
|
Cipher *c;
|
||||||
@ -86,7 +91,7 @@ diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
|
|||||||
if (c->number == id)
|
if (c->number == id)
|
||||||
return c;
|
return c;
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -182,7 +199,7 @@ cipher_number(const char *name)
|
@@ -197,7 +219,7 @@ cipher_number(const char *name)
|
||||||
Cipher *c;
|
Cipher *c;
|
||||||
if (name == NULL)
|
if (name == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
@ -95,7 +100,7 @@ diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
|
|||||||
if (strcasecmp(c->name, name) == 0)
|
if (strcasecmp(c->name, name) == 0)
|
||||||
return c->number;
|
return c->number;
|
||||||
return -1;
|
return -1;
|
||||||
@@ -289,14 +306,15 @@ cipher_cleanup(CipherContext *cc)
|
@@ -356,14 +378,15 @@ cipher_cleanup(CipherContext *cc)
|
||||||
* passphrase and using the resulting 16 bytes as the key.
|
* passphrase and using the resulting 16 bytes as the key.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -113,7 +118,7 @@ diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
|
|||||||
MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
|
MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
|
||||||
MD5_Final(digest, &md);
|
MD5_Final(digest, &md);
|
||||||
|
|
||||||
@@ -304,6 +322,7 @@ cipher_set_key_string(CipherContext *cc,
|
@@ -371,6 +394,7 @@ cipher_set_key_string(CipherContext *cc,
|
||||||
|
|
||||||
memset(digest, 0, sizeof(digest));
|
memset(digest, 0, sizeof(digest));
|
||||||
memset(&md, 0, sizeof(md));
|
memset(&md, 0, sizeof(md));
|
||||||
@ -121,10 +126,10 @@ diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
diff -up openssh-5.9p1/cipher-ctr.c.fips openssh-5.9p1/cipher-ctr.c
|
diff -up openssh-6.2p1/cipher-ctr.c.fips openssh-6.2p1/cipher-ctr.c
|
||||||
--- openssh-5.9p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200
|
--- openssh-6.2p1/cipher-ctr.c.fips 2013-01-20 12:31:30.000000000 +0100
|
||||||
+++ openssh-5.9p1/cipher-ctr.c 2012-07-17 20:57:35.086155338 +0200
|
+++ openssh-6.2p1/cipher-ctr.c 2013-03-27 13:14:49.177683431 +0100
|
||||||
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
|
@@ -138,7 +138,8 @@ evp_aes_128_ctr(void)
|
||||||
aes_ctr.do_cipher = ssh_aes_ctr;
|
aes_ctr.do_cipher = ssh_aes_ctr;
|
||||||
#ifndef SSH_OLD_EVP
|
#ifndef SSH_OLD_EVP
|
||||||
aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
|
aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
|
||||||
@ -134,21 +139,21 @@ diff -up openssh-5.9p1/cipher-ctr.c.fips openssh-5.9p1/cipher-ctr.c
|
|||||||
#endif
|
#endif
|
||||||
return (&aes_ctr);
|
return (&aes_ctr);
|
||||||
}
|
}
|
||||||
diff -up openssh-5.9p1/cipher.h.fips openssh-5.9p1/cipher.h
|
diff -up openssh-6.2p1/cipher.h.fips openssh-6.2p1/cipher.h
|
||||||
--- openssh-5.9p1/cipher.h.fips 2012-07-17 20:57:34.989153186 +0200
|
--- openssh-6.2p1/cipher.h.fips 2013-03-27 13:14:49.088683784 +0100
|
||||||
+++ openssh-5.9p1/cipher.h 2012-07-17 20:57:35.087155360 +0200
|
+++ openssh-6.2p1/cipher.h 2013-03-27 13:14:49.177683431 +0100
|
||||||
@@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe
|
@@ -91,7 +91,7 @@ void cipher_init(CipherContext *, Ciphe
|
||||||
const u_char *, u_int, int);
|
void cipher_crypt(CipherContext *, u_char *, const u_char *,
|
||||||
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
|
u_int, u_int, u_int);
|
||||||
void cipher_cleanup(CipherContext *);
|
void cipher_cleanup(CipherContext *);
|
||||||
-void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
|
-void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
|
||||||
+int cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
|
+int cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
|
||||||
u_int cipher_blocksize(const Cipher *);
|
u_int cipher_blocksize(const Cipher *);
|
||||||
u_int cipher_keylen(const Cipher *);
|
u_int cipher_keylen(const Cipher *);
|
||||||
u_int cipher_is_cbc(const Cipher *);
|
u_int cipher_authlen(const Cipher *);
|
||||||
diff -up openssh-5.9p1/key.c.fips openssh-5.9p1/key.c
|
diff -up openssh-6.2p1/key.c.fips openssh-6.2p1/key.c
|
||||||
--- openssh-5.9p1/key.c.fips 2012-07-17 20:57:35.007153585 +0200
|
--- openssh-6.2p1/key.c.fips 2013-03-27 13:14:49.100683736 +0100
|
||||||
+++ openssh-5.9p1/key.c 2012-07-17 20:57:35.087155360 +0200
|
+++ openssh-6.2p1/key.c 2013-03-27 13:14:49.178683427 +0100
|
||||||
@@ -40,6 +40,7 @@
|
@@ -40,6 +40,7 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
@ -157,7 +162,7 @@ diff -up openssh-5.9p1/key.c.fips openssh-5.9p1/key.c
|
|||||||
#include <openbsd-compat/openssl-compat.h>
|
#include <openbsd-compat/openssl-compat.h>
|
||||||
|
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
@@ -602,9 +603,13 @@ key_fingerprint_selection(void)
|
@@ -607,9 +608,13 @@ key_fingerprint_selection(void)
|
||||||
char *env;
|
char *env;
|
||||||
|
|
||||||
if (!rv_defined) {
|
if (!rv_defined) {
|
||||||
@ -174,9 +179,9 @@ diff -up openssh-5.9p1/key.c.fips openssh-5.9p1/key.c
|
|||||||
rv_defined = 1;
|
rv_defined = 1;
|
||||||
}
|
}
|
||||||
return rv;
|
return rv;
|
||||||
diff -up openssh-5.9p1/mac.c.fips openssh-5.9p1/mac.c
|
diff -up openssh-6.2p1/mac.c.fips openssh-6.2p1/mac.c
|
||||||
--- openssh-5.9p1/mac.c.fips 2012-07-17 20:57:34.996153341 +0200
|
--- openssh-6.2p1/mac.c.fips 2013-03-27 13:14:49.093683764 +0100
|
||||||
+++ openssh-5.9p1/mac.c 2012-07-17 20:58:35.584497499 +0200
|
+++ openssh-6.2p1/mac.c 2013-03-27 13:16:33.524266158 +0100
|
||||||
@@ -28,6 +28,7 @@
|
@@ -28,6 +28,7 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
@ -185,32 +190,35 @@ diff -up openssh-5.9p1/mac.c.fips openssh-5.9p1/mac.c
|
|||||||
|
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
@@ -47,14 +48,14 @@
|
@@ -50,7 +51,7 @@
|
||||||
#define SSH_EVP 1 /* OpenSSL EVP-based MAC */
|
|
||||||
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
|
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
|
||||||
|
#define SSH_UMAC128 3
|
||||||
|
|
||||||
-struct {
|
-struct {
|
||||||
+struct Macs {
|
+struct Macs {
|
||||||
char *name;
|
char *name;
|
||||||
int type;
|
int type;
|
||||||
const EVP_MD * (*mdfunc)(void);
|
const EVP_MD * (*mdfunc)(void);
|
||||||
int truncatebits; /* truncate digest if != 0 */
|
@@ -58,7 +59,9 @@ struct {
|
||||||
int key_len; /* just for UMAC */
|
int key_len; /* just for UMAC */
|
||||||
int len; /* just for UMAC */
|
int len; /* just for UMAC */
|
||||||
|
int etm; /* Encrypt-then-MAC */
|
||||||
-} macs[] = {
|
-} macs[] = {
|
||||||
+} all_macs[] = {
|
+};
|
||||||
{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 },
|
+
|
||||||
{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 },
|
+struct Macs all_macs[] = {
|
||||||
#ifdef HAVE_EVP_SHA256
|
/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
|
||||||
@@ -71,9 +72,19 @@ struct {
|
{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
|
||||||
{ NULL, 0, NULL, 0, -1, -1 }
|
{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 },
|
||||||
|
@@ -89,9 +92,19 @@ struct {
|
||||||
|
{ NULL, 0, NULL, 0, 0, 0, 0 }
|
||||||
};
|
};
|
||||||
|
|
||||||
+struct Macs fips_macs[] = {
|
+struct Macs fips_macs[] = {
|
||||||
+ { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 },
|
+ { "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
|
||||||
+#ifdef HAVE_EVP_SHA256
|
+#ifdef HAVE_EVP_SHA256
|
||||||
+ { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 },
|
+ { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, 0, 0, 0 },
|
||||||
+ { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 },
|
+ { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, 0, 0, 0 },
|
||||||
+#endif
|
+#endif
|
||||||
+ { NULL, 0, NULL, 0, -1, -1 }
|
+ { NULL, 0, NULL, 0, -1, -1 }
|
||||||
+};
|
+};
|
||||||
@ -222,7 +230,7 @@ diff -up openssh-5.9p1/mac.c.fips openssh-5.9p1/mac.c
|
|||||||
int evp_len;
|
int evp_len;
|
||||||
mac->type = macs[which].type;
|
mac->type = macs[which].type;
|
||||||
if (mac->type == SSH_EVP) {
|
if (mac->type == SSH_EVP) {
|
||||||
@@ -94,6 +105,7 @@ int
|
@@ -113,6 +126,7 @@ int
|
||||||
mac_setup(Mac *mac, char *name)
|
mac_setup(Mac *mac, char *name)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
@ -230,19 +238,19 @@ diff -up openssh-5.9p1/mac.c.fips openssh-5.9p1/mac.c
|
|||||||
|
|
||||||
for (i = 0; macs[i].name; i++) {
|
for (i = 0; macs[i].name; i++) {
|
||||||
if (strcmp(name, macs[i].name) == 0) {
|
if (strcmp(name, macs[i].name) == 0) {
|
||||||
diff -up openssh-5.9p1/Makefile.in.fips openssh-5.9p1/Makefile.in
|
diff -up openssh-6.2p1/Makefile.in.fips openssh-6.2p1/Makefile.in
|
||||||
--- openssh-5.9p1/Makefile.in.fips 2012-07-17 20:57:35.069154962 +0200
|
--- openssh-6.2p1/Makefile.in.fips 2013-03-27 13:14:49.155683518 +0100
|
||||||
+++ openssh-5.9p1/Makefile.in 2012-07-17 20:57:35.086155338 +0200
|
+++ openssh-6.2p1/Makefile.in 2013-03-27 13:14:49.178683427 +0100
|
||||||
@@ -142,25 +142,25 @@ libssh.a: $(LIBSSH_OBJS)
|
@@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS)
|
||||||
$(RANLIB) $@
|
$(RANLIB) $@
|
||||||
|
|
||||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||||
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
|
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
|
||||||
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS)
|
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS)
|
||||||
|
|
||||||
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
||||||
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
|
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
|
||||||
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
|
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
|
||||||
|
|
||||||
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
||||||
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||||
@ -265,7 +273,7 @@ diff -up openssh-5.9p1/Makefile.in.fips openssh-5.9p1/Makefile.in
|
|||||||
|
|
||||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
||||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||||
@@ -172,7 +172,7 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) libssh
|
@@ -175,7 +175,7 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) libssh
|
||||||
$(LD) -o $@ ssh-keycat.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(SSHDLIBS)
|
$(LD) -o $@ ssh-keycat.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(SSHDLIBS)
|
||||||
|
|
||||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||||
@ -274,10 +282,10 @@ diff -up openssh-5.9p1/Makefile.in.fips openssh-5.9p1/Makefile.in
|
|||||||
|
|
||||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
||||||
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||||
diff -up openssh-5.9p1/myproposal.h.fips openssh-5.9p1/myproposal.h
|
diff -up openssh-6.2p1/myproposal.h.fips openssh-6.2p1/myproposal.h
|
||||||
--- openssh-5.9p1/myproposal.h.fips 2011-08-17 02:29:03.000000000 +0200
|
--- openssh-6.2p1/myproposal.h.fips 2013-01-09 06:12:19.000000000 +0100
|
||||||
+++ openssh-5.9p1/myproposal.h 2012-07-17 21:01:12.685982807 +0200
|
+++ openssh-6.2p1/myproposal.h 2013-03-27 13:14:49.178683427 +0100
|
||||||
@@ -97,6 +97,19 @@
|
@@ -106,6 +106,19 @@
|
||||||
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
||||||
#define KEX_DEFAULT_LANG ""
|
#define KEX_DEFAULT_LANG ""
|
||||||
|
|
||||||
@ -297,9 +305,9 @@ diff -up openssh-5.9p1/myproposal.h.fips openssh-5.9p1/myproposal.h
|
|||||||
|
|
||||||
static char *myproposal[PROPOSAL_MAX] = {
|
static char *myproposal[PROPOSAL_MAX] = {
|
||||||
KEX_DEFAULT_KEX,
|
KEX_DEFAULT_KEX,
|
||||||
diff -up openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p1/openbsd-compat/bsd-arc4random.c
|
diff -up openssh-6.2p1/openbsd-compat/bsd-arc4random.c.fips openssh-6.2p1/openbsd-compat/bsd-arc4random.c
|
||||||
--- openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
|
--- openssh-6.2p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
|
||||||
+++ openssh-5.9p1/openbsd-compat/bsd-arc4random.c 2012-07-17 20:57:35.087155360 +0200
|
+++ openssh-6.2p1/openbsd-compat/bsd-arc4random.c 2013-03-27 13:14:49.179683423 +0100
|
||||||
@@ -37,25 +37,18 @@
|
@@ -37,25 +37,18 @@
|
||||||
#define REKEY_BYTES (1 << 24)
|
#define REKEY_BYTES (1 << 24)
|
||||||
|
|
||||||
@ -355,9 +363,9 @@ diff -up openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p1/openbs
|
|||||||
}
|
}
|
||||||
#endif /* !HAVE_ARC4RANDOM */
|
#endif /* !HAVE_ARC4RANDOM */
|
||||||
|
|
||||||
diff -up openssh-5.9p1/ssh.c.fips openssh-5.9p1/ssh.c
|
diff -up openssh-6.2p1/ssh.c.fips openssh-6.2p1/ssh.c
|
||||||
--- openssh-5.9p1/ssh.c.fips 2011-08-05 22:18:16.000000000 +0200
|
--- openssh-6.2p1/ssh.c.fips 2012-07-06 05:45:01.000000000 +0200
|
||||||
+++ openssh-5.9p1/ssh.c 2012-07-17 20:57:35.088155382 +0200
|
+++ openssh-6.2p1/ssh.c 2013-03-27 13:14:49.179683423 +0100
|
||||||
@@ -73,6 +73,8 @@
|
@@ -73,6 +73,8 @@
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
@ -388,7 +396,7 @@ diff -up openssh-5.9p1/ssh.c.fips openssh-5.9p1/ssh.c
|
|||||||
options.protocol = SSH_PROTO_1;
|
options.protocol = SSH_PROTO_1;
|
||||||
break;
|
break;
|
||||||
case '2':
|
case '2':
|
||||||
@@ -630,7 +639,6 @@ main(int ac, char **av)
|
@@ -632,7 +641,6 @@ main(int ac, char **av)
|
||||||
if (!host)
|
if (!host)
|
||||||
usage();
|
usage();
|
||||||
|
|
||||||
@ -396,7 +404,7 @@ diff -up openssh-5.9p1/ssh.c.fips openssh-5.9p1/ssh.c
|
|||||||
ERR_load_crypto_strings();
|
ERR_load_crypto_strings();
|
||||||
|
|
||||||
/* Initialize the command to execute on remote host. */
|
/* Initialize the command to execute on remote host. */
|
||||||
@@ -721,6 +729,10 @@ main(int ac, char **av)
|
@@ -722,6 +730,10 @@ main(int ac, char **av)
|
||||||
|
|
||||||
seed_rng();
|
seed_rng();
|
||||||
|
|
||||||
@ -407,7 +415,7 @@ diff -up openssh-5.9p1/ssh.c.fips openssh-5.9p1/ssh.c
|
|||||||
if (options.user == NULL)
|
if (options.user == NULL)
|
||||||
options.user = xstrdup(pw->pw_name);
|
options.user = xstrdup(pw->pw_name);
|
||||||
|
|
||||||
@@ -789,6 +801,12 @@ main(int ac, char **av)
|
@@ -790,6 +802,12 @@ main(int ac, char **av)
|
||||||
|
|
||||||
timeout_ms = options.connection_timeout * 1000;
|
timeout_ms = options.connection_timeout * 1000;
|
||||||
|
|
||||||
@ -420,9 +428,9 @@ diff -up openssh-5.9p1/ssh.c.fips openssh-5.9p1/ssh.c
|
|||||||
/* Open a connection to the remote host. */
|
/* Open a connection to the remote host. */
|
||||||
if (ssh_connect(host, &hostaddr, options.port,
|
if (ssh_connect(host, &hostaddr, options.port,
|
||||||
options.address_family, options.connection_attempts, &timeout_ms,
|
options.address_family, options.connection_attempts, &timeout_ms,
|
||||||
diff -up openssh-5.9p1/sshconnect2.c.fips openssh-5.9p1/sshconnect2.c
|
diff -up openssh-6.2p1/sshconnect2.c.fips openssh-6.2p1/sshconnect2.c
|
||||||
--- openssh-5.9p1/sshconnect2.c.fips 2012-07-17 20:57:34.955152432 +0200
|
--- openssh-6.2p1/sshconnect2.c.fips 2013-03-27 13:14:49.066683871 +0100
|
||||||
+++ openssh-5.9p1/sshconnect2.c 2012-07-17 20:57:35.088155382 +0200
|
+++ openssh-6.2p1/sshconnect2.c 2013-03-27 13:14:49.179683423 +0100
|
||||||
@@ -44,6 +44,8 @@
|
@@ -44,6 +44,8 @@
|
||||||
#include <vis.h>
|
#include <vis.h>
|
||||||
#endif
|
#endif
|
||||||
@ -455,9 +463,9 @@ diff -up openssh-5.9p1/sshconnect2.c.fips openssh-5.9p1/sshconnect2.c
|
|||||||
if (options.hostkeyalgorithms != NULL)
|
if (options.hostkeyalgorithms != NULL)
|
||||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
||||||
options.hostkeyalgorithms;
|
options.hostkeyalgorithms;
|
||||||
diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.fips openssh-6.2p1/sshd.c
|
||||||
--- openssh-5.9p1/sshd.c.fips 2012-07-17 20:57:35.049154517 +0200
|
--- openssh-6.2p1/sshd.c.fips 2013-03-27 13:14:49.146683554 +0100
|
||||||
+++ openssh-5.9p1/sshd.c 2012-07-17 20:57:35.089155405 +0200
|
+++ openssh-6.2p1/sshd.c 2013-03-27 13:14:49.180683419 +0100
|
||||||
@@ -76,6 +76,8 @@
|
@@ -76,6 +76,8 @@
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
@ -467,7 +475,7 @@ diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
|
|||||||
#include "openbsd-compat/openssl-compat.h"
|
#include "openbsd-compat/openssl-compat.h"
|
||||||
|
|
||||||
#ifdef HAVE_SECUREWARE
|
#ifdef HAVE_SECUREWARE
|
||||||
@@ -1395,6 +1397,11 @@ main(int ac, char **av)
|
@@ -1423,6 +1425,11 @@ main(int ac, char **av)
|
||||||
#endif
|
#endif
|
||||||
__progname = ssh_get_progname(av[0]);
|
__progname = ssh_get_progname(av[0]);
|
||||||
|
|
||||||
@ -479,7 +487,7 @@ diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
|
|||||||
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
|
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
|
||||||
saved_argc = ac;
|
saved_argc = ac;
|
||||||
rexec_argc = ac;
|
rexec_argc = ac;
|
||||||
@@ -1554,8 +1561,6 @@ main(int ac, char **av)
|
@@ -1571,8 +1578,6 @@ main(int ac, char **av)
|
||||||
else
|
else
|
||||||
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
|
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
|
||||||
|
|
||||||
@ -488,7 +496,7 @@ diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
|
|||||||
/*
|
/*
|
||||||
* Force logging to stderr until we have loaded the private host
|
* Force logging to stderr until we have loaded the private host
|
||||||
* key (unless started from inetd)
|
* key (unless started from inetd)
|
||||||
@@ -1673,6 +1678,10 @@ main(int ac, char **av)
|
@@ -1715,6 +1720,10 @@ main(int ac, char **av)
|
||||||
debug("private host key: #%d type %d %s", i, key->type,
|
debug("private host key: #%d type %d %s", i, key->type,
|
||||||
key_type(key));
|
key_type(key));
|
||||||
}
|
}
|
||||||
@ -499,7 +507,7 @@ diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
|
|||||||
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
|
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
|
||||||
logit("Disabling protocol version 1. Could not load host key");
|
logit("Disabling protocol version 1. Could not load host key");
|
||||||
options.protocol &= ~SSH_PROTO_1;
|
options.protocol &= ~SSH_PROTO_1;
|
||||||
@@ -1837,6 +1846,10 @@ main(int ac, char **av)
|
@@ -1878,6 +1887,10 @@ main(int ac, char **av)
|
||||||
/* Initialize the random number generator. */
|
/* Initialize the random number generator. */
|
||||||
arc4random_stir();
|
arc4random_stir();
|
||||||
|
|
||||||
@ -510,7 +518,7 @@ diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
|
|||||||
/* Chdir to the root directory so that the current disk can be
|
/* Chdir to the root directory so that the current disk can be
|
||||||
unmounted if desired. */
|
unmounted if desired. */
|
||||||
(void) chdir("/");
|
(void) chdir("/");
|
||||||
@@ -2379,6 +2392,9 @@ do_ssh2_kex(void)
|
@@ -2420,6 +2433,9 @@ do_ssh2_kex(void)
|
||||||
if (options.ciphers != NULL) {
|
if (options.ciphers != NULL) {
|
||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
||||||
@ -520,7 +528,7 @@ diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
|
|||||||
}
|
}
|
||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||||
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
||||||
@@ -2388,6 +2404,9 @@ do_ssh2_kex(void)
|
@@ -2429,6 +2445,9 @@ do_ssh2_kex(void)
|
||||||
if (options.macs != NULL) {
|
if (options.macs != NULL) {
|
||||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.8p2/gss-serv-krb5.c.force_krb openssh-5.8p2/gss-serv-krb5.c
|
diff -up openssh-6.2p1/gss-serv-krb5.c.force_krb openssh-6.2p1/gss-serv-krb5.c
|
||||||
--- openssh-5.8p2/gss-serv-krb5.c.force_krb 2006-09-01 07:38:36.000000000 +0200
|
--- openssh-6.2p1/gss-serv-krb5.c.force_krb 2013-03-25 20:04:53.807817333 +0100
|
||||||
+++ openssh-5.8p2/gss-serv-krb5.c 2011-05-19 03:41:45.801109545 +0200
|
+++ openssh-6.2p1/gss-serv-krb5.c 2013-03-25 20:04:53.818817403 +0100
|
||||||
@@ -32,7 +32,9 @@
|
@@ -32,7 +32,9 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
@ -216,10 +216,10 @@ diff -up openssh-5.8p2/gss-serv-krb5.c.force_krb openssh-5.8p2/gss-serv-krb5.c
|
|||||||
|
|
||||||
/* This writes out any forwarded credentials from the structure populated
|
/* This writes out any forwarded credentials from the structure populated
|
||||||
* during userauth. Called after we have setuid to the user */
|
* during userauth. Called after we have setuid to the user */
|
||||||
diff -up openssh-5.8p2/session.c.force_krb openssh-5.8p2/session.c
|
diff -up openssh-6.2p1/session.c.force_krb openssh-6.2p1/session.c
|
||||||
--- openssh-5.8p2/session.c.force_krb 2011-05-19 03:41:41.000000000 +0200
|
--- openssh-6.2p1/session.c.force_krb 2013-03-25 20:04:53.724816810 +0100
|
||||||
+++ openssh-5.8p2/session.c 2011-05-19 03:43:32.437173662 +0200
|
+++ openssh-6.2p1/session.c 2013-03-25 20:04:53.818817403 +0100
|
||||||
@@ -820,6 +820,29 @@ do_exec(Session *s, const char *command)
|
@@ -823,6 +823,29 @@ do_exec(Session *s, const char *command)
|
||||||
debug("Forced command (key option) '%.900s'", command);
|
debug("Forced command (key option) '%.900s'", command);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -249,9 +249,9 @@ diff -up openssh-5.8p2/session.c.force_krb openssh-5.8p2/session.c
|
|||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
if (s->command != NULL || s->command_handle != -1)
|
if (s->command != NULL || s->command_handle != -1)
|
||||||
fatal("do_exec: command already set");
|
fatal("do_exec: command already set");
|
||||||
diff -up openssh-5.8p2/sshd.8.force_krb openssh-5.8p2/sshd.8
|
diff -up openssh-6.2p1/sshd.8.force_krb openssh-6.2p1/sshd.8
|
||||||
--- openssh-5.8p2/sshd.8.force_krb 2011-05-19 03:41:30.582114401 +0200
|
--- openssh-6.2p1/sshd.8.force_krb 2013-03-25 20:04:53.787817207 +0100
|
||||||
+++ openssh-5.8p2/sshd.8 2011-05-19 03:41:46.159106308 +0200
|
+++ openssh-6.2p1/sshd.8 2013-03-25 20:04:53.819817409 +0100
|
||||||
@@ -323,6 +323,7 @@ Finally, the server and the client enter
|
@@ -323,6 +323,7 @@ Finally, the server and the client enter
|
||||||
The client tries to authenticate itself using
|
The client tries to authenticate itself using
|
||||||
host-based authentication,
|
host-based authentication,
|
||||||
@ -273,13 +273,13 @@ diff -up openssh-5.8p2/sshd.8.force_krb openssh-5.8p2/sshd.8
|
|||||||
.It Pa ~/.ssh/
|
.It Pa ~/.ssh/
|
||||||
This directory is the default location for all user-specific configuration
|
This directory is the default location for all user-specific configuration
|
||||||
and authentication information.
|
and authentication information.
|
||||||
diff -up openssh-5.8p2/ssh-gss.h.force_krb openssh-5.8p2/ssh-gss.h
|
diff -up openssh-6.2p1/ssh-gss.h.force_krb openssh-6.2p1/ssh-gss.h
|
||||||
--- openssh-5.8p2/ssh-gss.h.force_krb 2007-06-12 15:40:39.000000000 +0200
|
--- openssh-6.2p1/ssh-gss.h.force_krb 2013-03-25 20:04:53.819817409 +0100
|
||||||
+++ openssh-5.8p2/ssh-gss.h 2011-05-19 03:41:46.302234118 +0200
|
+++ openssh-6.2p1/ssh-gss.h 2013-03-25 20:05:26.463023197 +0100
|
||||||
@@ -48,6 +48,10 @@
|
@@ -49,6 +49,10 @@
|
||||||
#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
|
# endif /* !HAVE_DECL_GSS_C_NT_... */
|
||||||
#endif /* GSS_C_NT_... */
|
|
||||||
#endif /* !HEIMDAL */
|
# endif /* !HEIMDAL */
|
||||||
+
|
+
|
||||||
+/* .k5users support */
|
+/* .k5users support */
|
||||||
+extern char **k5users_allowed_cmds;
|
+extern char **k5users_allowed_cmds;
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-6.1p1/auth2.c.gsskex openssh-6.1p1/auth2.c
|
diff -up openssh-6.2p1/auth2.c.gsskex openssh-6.2p1/auth2.c
|
||||||
--- openssh-6.1p1/auth2.c.gsskex 2012-11-30 13:58:08.871298935 +0100
|
--- openssh-6.2p1/auth2.c.gsskex 2013-03-27 13:19:11.062624591 +0100
|
||||||
+++ openssh-6.1p1/auth2.c 2012-11-30 13:58:08.946298649 +0100
|
+++ openssh-6.2p1/auth2.c 2013-03-27 13:19:11.140624271 +0100
|
||||||
@@ -69,6 +69,7 @@ extern Authmethod method_passwd;
|
@@ -69,6 +69,7 @@ extern Authmethod method_passwd;
|
||||||
extern Authmethod method_kbdint;
|
extern Authmethod method_kbdint;
|
||||||
extern Authmethod method_hostbased;
|
extern Authmethod method_hostbased;
|
||||||
@ -17,9 +17,9 @@ diff -up openssh-6.1p1/auth2.c.gsskex openssh-6.1p1/auth2.c
|
|||||||
&method_gssapi,
|
&method_gssapi,
|
||||||
#endif
|
#endif
|
||||||
#ifdef JPAKE
|
#ifdef JPAKE
|
||||||
diff -up openssh-6.1p1/auth2-gss.c.gsskex openssh-6.1p1/auth2-gss.c
|
diff -up openssh-6.2p1/auth2-gss.c.gsskex openssh-6.2p1/auth2-gss.c
|
||||||
--- openssh-6.1p1/auth2-gss.c.gsskex 2012-11-30 13:58:08.871298935 +0100
|
--- openssh-6.2p1/auth2-gss.c.gsskex 2013-03-27 13:19:11.062624591 +0100
|
||||||
+++ openssh-6.1p1/auth2-gss.c 2012-11-30 13:59:19.622985133 +0100
|
+++ openssh-6.2p1/auth2-gss.c 2013-03-27 13:19:11.141624267 +0100
|
||||||
@@ -52,6 +52,40 @@ static void input_gssapi_mic(int type, u
|
@@ -52,6 +52,40 @@ static void input_gssapi_mic(int type, u
|
||||||
static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
|
static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
|
||||||
static void input_gssapi_errtok(int, u_int32_t, void *);
|
static void input_gssapi_errtok(int, u_int32_t, void *);
|
||||||
@ -94,9 +94,9 @@ diff -up openssh-6.1p1/auth2-gss.c.gsskex openssh-6.1p1/auth2-gss.c
|
|||||||
Authmethod method_gssapi = {
|
Authmethod method_gssapi = {
|
||||||
"gssapi-with-mic",
|
"gssapi-with-mic",
|
||||||
userauth_gssapi,
|
userauth_gssapi,
|
||||||
diff -up openssh-6.1p1/auth-krb5.c.gsskex openssh-6.1p1/auth-krb5.c
|
diff -up openssh-6.2p1/auth-krb5.c.gsskex openssh-6.2p1/auth-krb5.c
|
||||||
--- openssh-6.1p1/auth-krb5.c.gsskex 2012-04-26 01:52:15.000000000 +0200
|
--- openssh-6.2p1/auth-krb5.c.gsskex 2012-04-26 01:52:15.000000000 +0200
|
||||||
+++ openssh-6.1p1/auth-krb5.c 2012-11-30 13:58:08.947298647 +0100
|
+++ openssh-6.2p1/auth-krb5.c 2013-03-27 13:19:11.140624271 +0100
|
||||||
@@ -50,6 +50,7 @@
|
@@ -50,6 +50,7 @@
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
@ -203,9 +203,9 @@ diff -up openssh-6.1p1/auth-krb5.c.gsskex openssh-6.1p1/auth-krb5.c
|
|||||||
|
|
||||||
return (krb5_cc_resolve(ctx, ccname, ccache));
|
return (krb5_cc_resolve(ctx, ccname, ccache));
|
||||||
}
|
}
|
||||||
diff -up openssh-6.1p1/ChangeLog.gssapi.gsskex openssh-6.1p1/ChangeLog.gssapi
|
diff -up openssh-6.2p1/ChangeLog.gssapi.gsskex openssh-6.2p1/ChangeLog.gssapi
|
||||||
--- openssh-6.1p1/ChangeLog.gssapi.gsskex 2012-11-30 13:58:08.947298647 +0100
|
--- openssh-6.2p1/ChangeLog.gssapi.gsskex 2013-03-27 13:19:11.143624259 +0100
|
||||||
+++ openssh-6.1p1/ChangeLog.gssapi 2012-11-30 13:58:08.947298647 +0100
|
+++ openssh-6.2p1/ChangeLog.gssapi 2013-03-27 13:19:11.143624259 +0100
|
||||||
@@ -0,0 +1,113 @@
|
@@ -0,0 +1,113 @@
|
||||||
+20110101
|
+20110101
|
||||||
+ - Finally update for OpenSSH 5.6p1
|
+ - Finally update for OpenSSH 5.6p1
|
||||||
@ -320,9 +320,9 @@ diff -up openssh-6.1p1/ChangeLog.gssapi.gsskex openssh-6.1p1/ChangeLog.gssapi
|
|||||||
+ add support for GssapiTrustDns option for gssapi-with-mic
|
+ add support for GssapiTrustDns option for gssapi-with-mic
|
||||||
+ (from jbasney AT ncsa.uiuc.edu)
|
+ (from jbasney AT ncsa.uiuc.edu)
|
||||||
+ <gssapi-with-mic support is Bugzilla #1008>
|
+ <gssapi-with-mic support is Bugzilla #1008>
|
||||||
diff -up openssh-6.1p1/clientloop.c.gsskex openssh-6.1p1/clientloop.c
|
diff -up openssh-6.2p1/clientloop.c.gsskex openssh-6.2p1/clientloop.c
|
||||||
--- openssh-6.1p1/clientloop.c.gsskex 2012-11-30 13:58:08.781299279 +0100
|
--- openssh-6.2p1/clientloop.c.gsskex 2013-03-27 13:19:11.001624842 +0100
|
||||||
+++ openssh-6.1p1/clientloop.c 2012-11-30 13:58:08.948298644 +0100
|
+++ openssh-6.2p1/clientloop.c 2013-03-27 13:19:11.141624267 +0100
|
||||||
@@ -111,6 +111,10 @@
|
@@ -111,6 +111,10 @@
|
||||||
#include "msg.h"
|
#include "msg.h"
|
||||||
#include "roaming.h"
|
#include "roaming.h"
|
||||||
@ -334,7 +334,7 @@ diff -up openssh-6.1p1/clientloop.c.gsskex openssh-6.1p1/clientloop.c
|
|||||||
/* import options */
|
/* import options */
|
||||||
extern Options options;
|
extern Options options;
|
||||||
|
|
||||||
@@ -1544,6 +1548,15 @@ client_loop(int have_pty, int escape_cha
|
@@ -1599,6 +1603,15 @@ client_loop(int have_pty, int escape_cha
|
||||||
/* Do channel operations unless rekeying in progress. */
|
/* Do channel operations unless rekeying in progress. */
|
||||||
if (!rekeying) {
|
if (!rekeying) {
|
||||||
channel_after_select(readset, writeset);
|
channel_after_select(readset, writeset);
|
||||||
@ -350,10 +350,10 @@ diff -up openssh-6.1p1/clientloop.c.gsskex openssh-6.1p1/clientloop.c
|
|||||||
if (need_rekeying || packet_need_rekeying()) {
|
if (need_rekeying || packet_need_rekeying()) {
|
||||||
debug("need rekeying");
|
debug("need rekeying");
|
||||||
xxx_kex->done = 0;
|
xxx_kex->done = 0;
|
||||||
diff -up openssh-6.1p1/configure.ac.gsskex openssh-6.1p1/configure.ac
|
diff -up openssh-6.2p1/configure.ac.gsskex openssh-6.2p1/configure.ac
|
||||||
--- openssh-6.1p1/configure.ac.gsskex 2012-11-30 13:58:08.934298697 +0100
|
--- openssh-6.2p1/configure.ac.gsskex 2013-03-27 13:19:11.128624320 +0100
|
||||||
+++ openssh-6.1p1/configure.ac 2012-11-30 13:58:08.949298640 +0100
|
+++ openssh-6.2p1/configure.ac 2013-03-27 13:19:11.142624263 +0100
|
||||||
@@ -545,6 +545,30 @@ main() { if (NSVersionOfRunTimeLibrary("
|
@@ -533,6 +533,30 @@ main() { if (NSVersionOfRunTimeLibrary("
|
||||||
[Use tunnel device compatibility to OpenBSD])
|
[Use tunnel device compatibility to OpenBSD])
|
||||||
AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
|
AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
|
||||||
[Prepend the address family to IP tunnel traffic])
|
[Prepend the address family to IP tunnel traffic])
|
||||||
@ -384,9 +384,9 @@ diff -up openssh-6.1p1/configure.ac.gsskex openssh-6.1p1/configure.ac
|
|||||||
m4_pattern_allow([AU_IPv])
|
m4_pattern_allow([AU_IPv])
|
||||||
AC_CHECK_DECL([AU_IPv4], [],
|
AC_CHECK_DECL([AU_IPv4], [],
|
||||||
AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
|
AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
|
||||||
diff -up openssh-6.1p1/gss-genr.c.gsskex openssh-6.1p1/gss-genr.c
|
diff -up openssh-6.2p1/gss-genr.c.gsskex openssh-6.2p1/gss-genr.c
|
||||||
--- openssh-6.1p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200
|
--- openssh-6.2p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200
|
||||||
+++ openssh-6.1p1/gss-genr.c 2012-11-30 13:58:08.949298640 +0100
|
+++ openssh-6.2p1/gss-genr.c 2013-03-27 13:19:11.142624263 +0100
|
||||||
@@ -1,7 +1,7 @@
|
@@ -1,7 +1,7 @@
|
||||||
/* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */
|
/* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */
|
||||||
|
|
||||||
@ -734,9 +734,9 @@ diff -up openssh-6.1p1/gss-genr.c.gsskex openssh-6.1p1/gss-genr.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
#endif /* GSSAPI */
|
#endif /* GSSAPI */
|
||||||
diff -up openssh-6.1p1/gss-serv.c.gsskex openssh-6.1p1/gss-serv.c
|
diff -up openssh-6.2p1/gss-serv.c.gsskex openssh-6.2p1/gss-serv.c
|
||||||
--- openssh-6.1p1/gss-serv.c.gsskex 2011-08-05 22:16:46.000000000 +0200
|
--- openssh-6.2p1/gss-serv.c.gsskex 2011-08-05 22:16:46.000000000 +0200
|
||||||
+++ openssh-6.1p1/gss-serv.c 2012-11-30 13:58:08.949298640 +0100
|
+++ openssh-6.2p1/gss-serv.c 2013-03-27 13:19:11.142624263 +0100
|
||||||
@@ -45,15 +45,20 @@
|
@@ -45,15 +45,20 @@
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "session.h"
|
#include "session.h"
|
||||||
@ -1075,9 +1075,9 @@ diff -up openssh-6.1p1/gss-serv.c.gsskex openssh-6.1p1/gss-serv.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
diff -up openssh-6.1p1/gss-serv-krb5.c.gsskex openssh-6.1p1/gss-serv-krb5.c
|
diff -up openssh-6.2p1/gss-serv-krb5.c.gsskex openssh-6.2p1/gss-serv-krb5.c
|
||||||
--- openssh-6.1p1/gss-serv-krb5.c.gsskex 2006-09-01 07:38:36.000000000 +0200
|
--- openssh-6.2p1/gss-serv-krb5.c.gsskex 2006-09-01 07:38:36.000000000 +0200
|
||||||
+++ openssh-6.1p1/gss-serv-krb5.c 2012-11-30 13:58:08.949298640 +0100
|
+++ openssh-6.2p1/gss-serv-krb5.c 2013-03-27 13:19:11.143624259 +0100
|
||||||
@@ -1,7 +1,7 @@
|
@@ -1,7 +1,7 @@
|
||||||
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||||
|
|
||||||
@ -1200,9 +1200,9 @@ diff -up openssh-6.1p1/gss-serv-krb5.c.gsskex openssh-6.1p1/gss-serv-krb5.c
|
|||||||
};
|
};
|
||||||
|
|
||||||
#endif /* KRB5 */
|
#endif /* KRB5 */
|
||||||
diff -up openssh-6.1p1/kex.c.gsskex openssh-6.1p1/kex.c
|
diff -up openssh-6.2p1/kex.c.gsskex openssh-6.2p1/kex.c
|
||||||
--- openssh-6.1p1/kex.c.gsskex 2012-11-30 13:58:08.820299131 +0100
|
--- openssh-6.2p1/kex.c.gsskex 2013-03-27 13:19:11.039624686 +0100
|
||||||
+++ openssh-6.1p1/kex.c 2012-11-30 13:58:08.950298635 +0100
|
+++ openssh-6.2p1/kex.c 2013-03-27 13:19:11.143624259 +0100
|
||||||
@@ -51,6 +51,10 @@
|
@@ -51,6 +51,10 @@
|
||||||
#include "roaming.h"
|
#include "roaming.h"
|
||||||
#include "audit.h"
|
#include "audit.h"
|
||||||
@ -1214,7 +1214,7 @@ diff -up openssh-6.1p1/kex.c.gsskex openssh-6.1p1/kex.c
|
|||||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||||
# if defined(HAVE_EVP_SHA256)
|
# if defined(HAVE_EVP_SHA256)
|
||||||
# define evp_ssh_sha256 EVP_sha256
|
# define evp_ssh_sha256 EVP_sha256
|
||||||
@@ -371,6 +375,20 @@ choose_kex(Kex *k, char *client, char *s
|
@@ -382,6 +386,20 @@ choose_kex(Kex *k, char *client, char *s
|
||||||
k->kex_type = KEX_ECDH_SHA2;
|
k->kex_type = KEX_ECDH_SHA2;
|
||||||
k->evp_md = kex_ecdh_name_to_evpmd(k->name);
|
k->evp_md = kex_ecdh_name_to_evpmd(k->name);
|
||||||
#endif
|
#endif
|
||||||
@ -1235,9 +1235,9 @@ diff -up openssh-6.1p1/kex.c.gsskex openssh-6.1p1/kex.c
|
|||||||
} else
|
} else
|
||||||
fatal("bad kex alg %s", k->name);
|
fatal("bad kex alg %s", k->name);
|
||||||
}
|
}
|
||||||
diff -up openssh-6.1p1/kexgssc.c.gsskex openssh-6.1p1/kexgssc.c
|
diff -up openssh-6.2p1/kexgssc.c.gsskex openssh-6.2p1/kexgssc.c
|
||||||
--- openssh-6.1p1/kexgssc.c.gsskex 2012-11-30 13:58:08.950298635 +0100
|
--- openssh-6.2p1/kexgssc.c.gsskex 2013-03-27 13:19:11.143624259 +0100
|
||||||
+++ openssh-6.1p1/kexgssc.c 2012-11-30 13:58:08.950298635 +0100
|
+++ openssh-6.2p1/kexgssc.c 2013-03-27 13:19:11.143624259 +0100
|
||||||
@@ -0,0 +1,334 @@
|
@@ -0,0 +1,334 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||||
@ -1573,9 +1573,9 @@ diff -up openssh-6.1p1/kexgssc.c.gsskex openssh-6.1p1/kexgssc.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+#endif /* GSSAPI */
|
+#endif /* GSSAPI */
|
||||||
diff -up openssh-6.1p1/kexgsss.c.gsskex openssh-6.1p1/kexgsss.c
|
diff -up openssh-6.2p1/kexgsss.c.gsskex openssh-6.2p1/kexgsss.c
|
||||||
--- openssh-6.1p1/kexgsss.c.gsskex 2012-11-30 13:58:08.950298635 +0100
|
--- openssh-6.2p1/kexgsss.c.gsskex 2013-03-27 13:19:11.144624254 +0100
|
||||||
+++ openssh-6.1p1/kexgsss.c 2012-11-30 13:58:08.950298635 +0100
|
+++ openssh-6.2p1/kexgsss.c 2013-03-27 13:19:11.144624254 +0100
|
||||||
@@ -0,0 +1,288 @@
|
@@ -0,0 +1,288 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||||
@ -1865,9 +1865,9 @@ diff -up openssh-6.1p1/kexgsss.c.gsskex openssh-6.1p1/kexgsss.c
|
|||||||
+ ssh_gssapi_rekey_creds();
|
+ ssh_gssapi_rekey_creds();
|
||||||
+}
|
+}
|
||||||
+#endif /* GSSAPI */
|
+#endif /* GSSAPI */
|
||||||
diff -up openssh-6.1p1/kex.h.gsskex openssh-6.1p1/kex.h
|
diff -up openssh-6.2p1/kex.h.gsskex openssh-6.2p1/kex.h
|
||||||
--- openssh-6.1p1/kex.h.gsskex 2012-11-30 13:58:08.820299131 +0100
|
--- openssh-6.2p1/kex.h.gsskex 2013-03-27 13:19:11.039624686 +0100
|
||||||
+++ openssh-6.1p1/kex.h 2012-11-30 13:58:08.950298635 +0100
|
+++ openssh-6.2p1/kex.h 2013-03-27 13:19:11.144624254 +0100
|
||||||
@@ -73,6 +73,9 @@ enum kex_exchange {
|
@@ -73,6 +73,9 @@ enum kex_exchange {
|
||||||
KEX_DH_GEX_SHA1,
|
KEX_DH_GEX_SHA1,
|
||||||
KEX_DH_GEX_SHA256,
|
KEX_DH_GEX_SHA256,
|
||||||
@ -1878,7 +1878,7 @@ diff -up openssh-6.1p1/kex.h.gsskex openssh-6.1p1/kex.h
|
|||||||
KEX_MAX
|
KEX_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -129,6 +132,12 @@ struct Kex {
|
@@ -131,6 +134,12 @@ struct Kex {
|
||||||
sig_atomic_t done;
|
sig_atomic_t done;
|
||||||
int flags;
|
int flags;
|
||||||
const EVP_MD *evp_md;
|
const EVP_MD *evp_md;
|
||||||
@ -1891,7 +1891,7 @@ diff -up openssh-6.1p1/kex.h.gsskex openssh-6.1p1/kex.h
|
|||||||
char *client_version_string;
|
char *client_version_string;
|
||||||
char *server_version_string;
|
char *server_version_string;
|
||||||
int (*verify_host_key)(Key *);
|
int (*verify_host_key)(Key *);
|
||||||
@@ -156,6 +165,11 @@ void kexgex_server(Kex *);
|
@@ -158,6 +167,11 @@ void kexgex_server(Kex *);
|
||||||
void kexecdh_client(Kex *);
|
void kexecdh_client(Kex *);
|
||||||
void kexecdh_server(Kex *);
|
void kexecdh_server(Kex *);
|
||||||
|
|
||||||
@ -1903,9 +1903,9 @@ diff -up openssh-6.1p1/kex.h.gsskex openssh-6.1p1/kex.h
|
|||||||
void newkeys_destroy(Newkeys *newkeys);
|
void newkeys_destroy(Newkeys *newkeys);
|
||||||
|
|
||||||
void
|
void
|
||||||
diff -up openssh-6.1p1/key.c.gsskex openssh-6.1p1/key.c
|
diff -up openssh-6.2p1/key.c.gsskex openssh-6.2p1/key.c
|
||||||
--- openssh-6.1p1/key.c.gsskex 2012-11-30 13:58:08.912298779 +0100
|
--- openssh-6.2p1/key.c.gsskex 2013-03-27 13:19:11.102624427 +0100
|
||||||
+++ openssh-6.1p1/key.c 2012-11-30 13:58:08.951298630 +0100
|
+++ openssh-6.2p1/key.c 2013-03-27 13:19:11.144624254 +0100
|
||||||
@@ -1011,6 +1011,8 @@ key_ssh_name_from_type_nid(int type, int
|
@@ -1011,6 +1011,8 @@ key_ssh_name_from_type_nid(int type, int
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -1924,9 +1924,9 @@ diff -up openssh-6.1p1/key.c.gsskex openssh-6.1p1/key.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
debug2("key_type_from_name: unknown key type '%s'", name);
|
debug2("key_type_from_name: unknown key type '%s'", name);
|
||||||
diff -up openssh-6.1p1/key.h.gsskex openssh-6.1p1/key.h
|
diff -up openssh-6.2p1/key.h.gsskex openssh-6.2p1/key.h
|
||||||
--- openssh-6.1p1/key.h.gsskex 2012-11-30 13:58:08.827299104 +0100
|
--- openssh-6.2p1/key.h.gsskex 2013-03-27 13:19:11.046624657 +0100
|
||||||
+++ openssh-6.1p1/key.h 2012-11-30 13:58:08.951298630 +0100
|
+++ openssh-6.2p1/key.h 2013-03-27 13:19:11.145624250 +0100
|
||||||
@@ -44,6 +44,7 @@ enum types {
|
@@ -44,6 +44,7 @@ enum types {
|
||||||
KEY_ECDSA_CERT,
|
KEY_ECDSA_CERT,
|
||||||
KEY_RSA_CERT_V00,
|
KEY_RSA_CERT_V00,
|
||||||
@ -1935,18 +1935,18 @@ diff -up openssh-6.1p1/key.h.gsskex openssh-6.1p1/key.h
|
|||||||
KEY_UNSPEC
|
KEY_UNSPEC
|
||||||
};
|
};
|
||||||
enum fp_type {
|
enum fp_type {
|
||||||
diff -up openssh-6.1p1/Makefile.in.gsskex openssh-6.1p1/Makefile.in
|
diff -up openssh-6.2p1/Makefile.in.gsskex openssh-6.2p1/Makefile.in
|
||||||
--- openssh-6.1p1/Makefile.in.gsskex 2012-11-30 13:58:08.945298652 +0100
|
--- openssh-6.2p1/Makefile.in.gsskex 2013-03-27 13:19:11.138624279 +0100
|
||||||
+++ openssh-6.1p1/Makefile.in 2012-11-30 13:58:08.951298630 +0100
|
+++ openssh-6.2p1/Makefile.in 2013-03-27 13:19:11.145624250 +0100
|
||||||
@@ -75,6 +75,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
@@ -77,6 +77,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
|
||||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
||||||
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
||||||
+ kexgssc.o \
|
+ kexgssc.o \
|
||||||
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \
|
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
|
||||||
schnorr.o ssh-pkcs11.o auditstub.o
|
jpake.o schnorr.o ssh-pkcs11.o krl.o auditstub.o
|
||||||
|
|
||||||
@@ -91,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
@@ -93,7 +94,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
||||||
auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
|
auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
|
||||||
monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
|
monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
|
||||||
auth-krb5.o \
|
auth-krb5.o \
|
||||||
@ -1955,9 +1955,9 @@ diff -up openssh-6.1p1/Makefile.in.gsskex openssh-6.1p1/Makefile.in
|
|||||||
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
|
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
|
||||||
sftp-server.o sftp-common.o \
|
sftp-server.o sftp-common.o \
|
||||||
roaming_common.o roaming_serv.o \
|
roaming_common.o roaming_serv.o \
|
||||||
diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
diff -up openssh-6.2p1/monitor.c.gsskex openssh-6.2p1/monitor.c
|
||||||
--- openssh-6.1p1/monitor.c.gsskex 2012-11-30 13:58:08.873298927 +0100
|
--- openssh-6.2p1/monitor.c.gsskex 2013-03-27 13:19:11.063624587 +0100
|
||||||
+++ openssh-6.1p1/monitor.c 2012-11-30 13:58:08.952298626 +0100
|
+++ openssh-6.2p1/monitor.c 2013-03-27 13:19:11.145624250 +0100
|
||||||
@@ -186,6 +186,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
|
@@ -186,6 +186,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
|
||||||
int mm_answer_gss_accept_ctx(int, Buffer *);
|
int mm_answer_gss_accept_ctx(int, Buffer *);
|
||||||
int mm_answer_gss_userok(int, Buffer *);
|
int mm_answer_gss_userok(int, Buffer *);
|
||||||
@ -1999,7 +1999,7 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
} else {
|
} else {
|
||||||
mon_dispatch = mon_dispatch_proto15;
|
mon_dispatch = mon_dispatch_proto15;
|
||||||
|
|
||||||
@@ -516,6 +529,10 @@ monitor_child_postauth(struct monitor *p
|
@@ -519,6 +532,10 @@ monitor_child_postauth(struct monitor *p
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
|
||||||
@ -2010,7 +2010,7 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
} else {
|
} else {
|
||||||
mon_dispatch = mon_dispatch_postauth15;
|
mon_dispatch = mon_dispatch_postauth15;
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
|
||||||
@@ -1948,6 +1965,13 @@ mm_get_kex(Buffer *m)
|
@@ -1950,6 +1967,13 @@ mm_get_kex(Buffer *m)
|
||||||
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
|
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
|
||||||
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
|
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
|
||||||
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
|
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
|
||||||
@ -2024,7 +2024,7 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
kex->server = 1;
|
kex->server = 1;
|
||||||
kex->hostkey_type = buffer_get_int(m);
|
kex->hostkey_type = buffer_get_int(m);
|
||||||
kex->kex_type = buffer_get_int(m);
|
kex->kex_type = buffer_get_int(m);
|
||||||
@@ -2171,6 +2195,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
|
@@ -2173,6 +2197,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
|
||||||
OM_uint32 major;
|
OM_uint32 major;
|
||||||
u_int len;
|
u_int len;
|
||||||
|
|
||||||
@ -2034,7 +2034,7 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
goid.elements = buffer_get_string(m, &len);
|
goid.elements = buffer_get_string(m, &len);
|
||||||
goid.length = len;
|
goid.length = len;
|
||||||
|
|
||||||
@@ -2198,6 +2225,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
|
@@ -2200,6 +2227,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
|
||||||
OM_uint32 flags = 0; /* GSI needs this */
|
OM_uint32 flags = 0; /* GSI needs this */
|
||||||
u_int len;
|
u_int len;
|
||||||
|
|
||||||
@ -2044,7 +2044,7 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
in.value = buffer_get_string(m, &len);
|
in.value = buffer_get_string(m, &len);
|
||||||
in.length = len;
|
in.length = len;
|
||||||
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
|
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
|
||||||
@@ -2215,6 +2245,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
|
@@ -2217,6 +2247,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
|
||||||
@ -2052,7 +2052,7 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
}
|
}
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
@@ -2226,6 +2257,9 @@ mm_answer_gss_checkmic(int sock, Buffer
|
@@ -2228,6 +2259,9 @@ mm_answer_gss_checkmic(int sock, Buffer
|
||||||
OM_uint32 ret;
|
OM_uint32 ret;
|
||||||
u_int len;
|
u_int len;
|
||||||
|
|
||||||
@ -2062,7 +2062,7 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
gssbuf.value = buffer_get_string(m, &len);
|
gssbuf.value = buffer_get_string(m, &len);
|
||||||
gssbuf.length = len;
|
gssbuf.length = len;
|
||||||
mic.value = buffer_get_string(m, &len);
|
mic.value = buffer_get_string(m, &len);
|
||||||
@@ -2252,7 +2286,11 @@ mm_answer_gss_userok(int sock, Buffer *m
|
@@ -2254,7 +2288,11 @@ mm_answer_gss_userok(int sock, Buffer *m
|
||||||
{
|
{
|
||||||
int authenticated;
|
int authenticated;
|
||||||
|
|
||||||
@ -2075,7 +2075,7 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
|
|
||||||
buffer_clear(m);
|
buffer_clear(m);
|
||||||
buffer_put_int(m, authenticated);
|
buffer_put_int(m, authenticated);
|
||||||
@@ -2265,6 +2303,74 @@ mm_answer_gss_userok(int sock, Buffer *m
|
@@ -2267,6 +2305,74 @@ mm_answer_gss_userok(int sock, Buffer *m
|
||||||
/* Monitor loop will terminate if authenticated */
|
/* Monitor loop will terminate if authenticated */
|
||||||
return (authenticated);
|
return (authenticated);
|
||||||
}
|
}
|
||||||
@ -2150,22 +2150,22 @@ diff -up openssh-6.1p1/monitor.c.gsskex openssh-6.1p1/monitor.c
|
|||||||
#endif /* GSSAPI */
|
#endif /* GSSAPI */
|
||||||
|
|
||||||
#ifdef JPAKE
|
#ifdef JPAKE
|
||||||
diff -up openssh-6.1p1/monitor.h.gsskex openssh-6.1p1/monitor.h
|
diff -up openssh-6.2p1/monitor.h.gsskex openssh-6.2p1/monitor.h
|
||||||
--- openssh-6.1p1/monitor.h.gsskex 2012-11-30 13:58:08.873298927 +0100
|
--- openssh-6.2p1/monitor.h.gsskex 2013-03-27 13:19:11.063624587 +0100
|
||||||
+++ openssh-6.1p1/monitor.h 2012-11-30 13:58:08.952298626 +0100
|
+++ openssh-6.2p1/monitor.h 2013-03-27 13:19:11.146624246 +0100
|
||||||
@@ -56,6 +56,8 @@ enum monitor_reqtype {
|
@@ -64,6 +64,8 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
|
#ifdef WITH_SELINUX
|
||||||
MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
|
MONITOR_REQ_AUTHROLE = 80,
|
||||||
MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC,
|
#endif
|
||||||
+ MONITOR_REQ_GSSSIGN, MONITOR_ANS_GSSSIGN,
|
+ MONITOR_REQ_GSSSIGN = 82, MONITOR_ANS_GSSSIGN = 83,
|
||||||
+ MONITOR_REQ_GSSUPCREDS, MONITOR_ANS_GSSUPCREDS,
|
+ MONITOR_REQ_GSSUPCREDS = 84, MONITOR_ANS_GSSUPCREDS = 85,
|
||||||
MONITOR_REQ_PAM_START,
|
|
||||||
MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
|
MONITOR_REQ_PAM_START = 100,
|
||||||
MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
|
MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
|
||||||
diff -up openssh-6.1p1/monitor_wrap.c.gsskex openssh-6.1p1/monitor_wrap.c
|
diff -up openssh-6.2p1/monitor_wrap.c.gsskex openssh-6.2p1/monitor_wrap.c
|
||||||
--- openssh-6.1p1/monitor_wrap.c.gsskex 2012-11-30 13:58:08.873298927 +0100
|
--- openssh-6.2p1/monitor_wrap.c.gsskex 2013-03-27 13:19:11.064624583 +0100
|
||||||
+++ openssh-6.1p1/monitor_wrap.c 2012-11-30 13:58:08.952298626 +0100
|
+++ openssh-6.2p1/monitor_wrap.c 2013-03-27 13:19:11.146624246 +0100
|
||||||
@@ -1326,7 +1326,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
|
@@ -1327,7 +1327,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -2174,7 +2174,7 @@ diff -up openssh-6.1p1/monitor_wrap.c.gsskex openssh-6.1p1/monitor_wrap.c
|
|||||||
{
|
{
|
||||||
Buffer m;
|
Buffer m;
|
||||||
int authenticated = 0;
|
int authenticated = 0;
|
||||||
@@ -1343,6 +1343,51 @@ mm_ssh_gssapi_userok(char *user)
|
@@ -1344,6 +1344,51 @@ mm_ssh_gssapi_userok(char *user)
|
||||||
debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
|
debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
|
||||||
return (authenticated);
|
return (authenticated);
|
||||||
}
|
}
|
||||||
@ -2226,9 +2226,9 @@ diff -up openssh-6.1p1/monitor_wrap.c.gsskex openssh-6.1p1/monitor_wrap.c
|
|||||||
#endif /* GSSAPI */
|
#endif /* GSSAPI */
|
||||||
|
|
||||||
#ifdef JPAKE
|
#ifdef JPAKE
|
||||||
diff -up openssh-6.1p1/monitor_wrap.h.gsskex openssh-6.1p1/monitor_wrap.h
|
diff -up openssh-6.2p1/monitor_wrap.h.gsskex openssh-6.2p1/monitor_wrap.h
|
||||||
--- openssh-6.1p1/monitor_wrap.h.gsskex 2012-11-30 13:58:08.874298923 +0100
|
--- openssh-6.2p1/monitor_wrap.h.gsskex 2013-03-27 13:19:11.064624583 +0100
|
||||||
+++ openssh-6.1p1/monitor_wrap.h 2012-11-30 13:58:08.953298623 +0100
|
+++ openssh-6.2p1/monitor_wrap.h 2013-03-27 13:19:11.146624246 +0100
|
||||||
@@ -62,8 +62,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K
|
@@ -62,8 +62,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K
|
||||||
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
|
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
|
||||||
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
|
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
|
||||||
@ -2241,9 +2241,9 @@ diff -up openssh-6.1p1/monitor_wrap.h.gsskex openssh-6.1p1/monitor_wrap.h
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
diff -up openssh-6.1p1/readconf.c.gsskex openssh-6.1p1/readconf.c
|
diff -up openssh-6.2p1/readconf.c.gsskex openssh-6.2p1/readconf.c
|
||||||
--- openssh-6.1p1/readconf.c.gsskex 2011-10-02 09:59:03.000000000 +0200
|
--- openssh-6.2p1/readconf.c.gsskex 2011-10-02 09:59:03.000000000 +0200
|
||||||
+++ openssh-6.1p1/readconf.c 2012-11-30 13:58:08.953298623 +0100
|
+++ openssh-6.2p1/readconf.c 2013-03-27 13:19:11.147624242 +0100
|
||||||
@@ -129,6 +129,8 @@ typedef enum {
|
@@ -129,6 +129,8 @@ typedef enum {
|
||||||
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
|
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
|
||||||
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
|
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
|
||||||
@ -2332,9 +2332,9 @@ diff -up openssh-6.1p1/readconf.c.gsskex openssh-6.1p1/readconf.c
|
|||||||
if (options->password_authentication == -1)
|
if (options->password_authentication == -1)
|
||||||
options->password_authentication = 1;
|
options->password_authentication = 1;
|
||||||
if (options->kbd_interactive_authentication == -1)
|
if (options->kbd_interactive_authentication == -1)
|
||||||
diff -up openssh-6.1p1/readconf.h.gsskex openssh-6.1p1/readconf.h
|
diff -up openssh-6.2p1/readconf.h.gsskex openssh-6.2p1/readconf.h
|
||||||
--- openssh-6.1p1/readconf.h.gsskex 2011-10-02 09:59:03.000000000 +0200
|
--- openssh-6.2p1/readconf.h.gsskex 2011-10-02 09:59:03.000000000 +0200
|
||||||
+++ openssh-6.1p1/readconf.h 2012-11-30 13:58:08.953298623 +0100
|
+++ openssh-6.2p1/readconf.h 2013-03-27 13:19:11.147624242 +0100
|
||||||
@@ -48,7 +48,12 @@ typedef struct {
|
@@ -48,7 +48,12 @@ typedef struct {
|
||||||
int challenge_response_authentication;
|
int challenge_response_authentication;
|
||||||
/* Try S/Key or TIS, authentication. */
|
/* Try S/Key or TIS, authentication. */
|
||||||
@ -2348,9 +2348,9 @@ diff -up openssh-6.1p1/readconf.h.gsskex openssh-6.1p1/readconf.h
|
|||||||
int password_authentication; /* Try password
|
int password_authentication; /* Try password
|
||||||
* authentication. */
|
* authentication. */
|
||||||
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
|
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
|
||||||
diff -up openssh-6.1p1/servconf.c.gsskex openssh-6.1p1/servconf.c
|
diff -up openssh-6.2p1/servconf.c.gsskex openssh-6.2p1/servconf.c
|
||||||
--- openssh-6.1p1/servconf.c.gsskex 2012-11-30 13:58:08.935298693 +0100
|
--- openssh-6.2p1/servconf.c.gsskex 2013-03-27 13:19:11.128624320 +0100
|
||||||
+++ openssh-6.1p1/servconf.c 2012-11-30 13:58:08.954298621 +0100
|
+++ openssh-6.2p1/servconf.c 2013-03-27 13:19:11.147624242 +0100
|
||||||
@@ -102,7 +102,10 @@ initialize_server_options(ServerOptions
|
@@ -102,7 +102,10 @@ initialize_server_options(ServerOptions
|
||||||
options->kerberos_ticket_cleanup = -1;
|
options->kerberos_ticket_cleanup = -1;
|
||||||
options->kerberos_get_afs_token = -1;
|
options->kerberos_get_afs_token = -1;
|
||||||
@ -2409,7 +2409,7 @@ diff -up openssh-6.1p1/servconf.c.gsskex openssh-6.1p1/servconf.c
|
|||||||
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
|
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
|
||||||
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
|
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
|
||||||
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
|
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
|
||||||
@@ -1046,10 +1067,22 @@ process_server_config_line(ServerOptions
|
@@ -1054,10 +1075,22 @@ process_server_config_line(ServerOptions
|
||||||
intptr = &options->gss_authentication;
|
intptr = &options->gss_authentication;
|
||||||
goto parse_flag;
|
goto parse_flag;
|
||||||
|
|
||||||
@ -2432,7 +2432,7 @@ diff -up openssh-6.1p1/servconf.c.gsskex openssh-6.1p1/servconf.c
|
|||||||
case sPasswordAuthentication:
|
case sPasswordAuthentication:
|
||||||
intptr = &options->password_authentication;
|
intptr = &options->password_authentication;
|
||||||
goto parse_flag;
|
goto parse_flag;
|
||||||
@@ -1929,6 +1962,9 @@ dump_config(ServerOptions *o)
|
@@ -1938,6 +1971,9 @@ dump_config(ServerOptions *o)
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
|
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
|
||||||
dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
|
dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
|
||||||
@ -2442,10 +2442,10 @@ diff -up openssh-6.1p1/servconf.c.gsskex openssh-6.1p1/servconf.c
|
|||||||
#endif
|
#endif
|
||||||
#ifdef JPAKE
|
#ifdef JPAKE
|
||||||
dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
|
dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
|
||||||
diff -up openssh-6.1p1/servconf.h.gsskex openssh-6.1p1/servconf.h
|
diff -up openssh-6.2p1/servconf.h.gsskex openssh-6.2p1/servconf.h
|
||||||
--- openssh-6.1p1/servconf.h.gsskex 2012-11-30 13:58:08.935298693 +0100
|
--- openssh-6.2p1/servconf.h.gsskex 2013-03-27 13:19:11.128624320 +0100
|
||||||
+++ openssh-6.1p1/servconf.h 2012-11-30 13:58:08.954298621 +0100
|
+++ openssh-6.2p1/servconf.h 2013-03-27 13:19:11.147624242 +0100
|
||||||
@@ -104,7 +104,10 @@ typedef struct {
|
@@ -110,7 +110,10 @@ typedef struct {
|
||||||
int kerberos_get_afs_token; /* If true, try to get AFS token if
|
int kerberos_get_afs_token; /* If true, try to get AFS token if
|
||||||
* authenticated with Kerberos. */
|
* authenticated with Kerberos. */
|
||||||
int gss_authentication; /* If true, permit GSSAPI authentication */
|
int gss_authentication; /* If true, permit GSSAPI authentication */
|
||||||
@ -2456,10 +2456,10 @@ diff -up openssh-6.1p1/servconf.h.gsskex openssh-6.1p1/servconf.h
|
|||||||
int password_authentication; /* If true, permit password
|
int password_authentication; /* If true, permit password
|
||||||
* authentication. */
|
* authentication. */
|
||||||
int kbd_interactive_authentication; /* If true, permit */
|
int kbd_interactive_authentication; /* If true, permit */
|
||||||
diff -up openssh-6.1p1/ssh_config.5.gsskex openssh-6.1p1/ssh_config.5
|
diff -up openssh-6.2p1/ssh_config.5.gsskex openssh-6.2p1/ssh_config.5
|
||||||
--- openssh-6.1p1/ssh_config.5.gsskex 2012-07-02 10:53:38.000000000 +0200
|
--- openssh-6.2p1/ssh_config.5.gsskex 2013-01-09 06:12:19.000000000 +0100
|
||||||
+++ openssh-6.1p1/ssh_config.5 2012-11-30 13:58:08.954298621 +0100
|
+++ openssh-6.2p1/ssh_config.5 2013-03-27 13:19:11.148624238 +0100
|
||||||
@@ -527,11 +527,43 @@ Specifies whether user authentication ba
|
@@ -530,11 +530,43 @@ Specifies whether user authentication ba
|
||||||
The default is
|
The default is
|
||||||
.Dq no .
|
.Dq no .
|
||||||
Note that this option applies to protocol version 2 only.
|
Note that this option applies to protocol version 2 only.
|
||||||
@ -2504,9 +2504,9 @@ diff -up openssh-6.1p1/ssh_config.5.gsskex openssh-6.1p1/ssh_config.5
|
|||||||
.It Cm HashKnownHosts
|
.It Cm HashKnownHosts
|
||||||
Indicates that
|
Indicates that
|
||||||
.Xr ssh 1
|
.Xr ssh 1
|
||||||
diff -up openssh-6.1p1/ssh_config.gsskex openssh-6.1p1/ssh_config
|
diff -up openssh-6.2p1/ssh_config.gsskex openssh-6.2p1/ssh_config
|
||||||
--- openssh-6.1p1/ssh_config.gsskex 2012-11-30 13:58:08.927298724 +0100
|
--- openssh-6.2p1/ssh_config.gsskex 2013-03-27 13:19:11.120624353 +0100
|
||||||
+++ openssh-6.1p1/ssh_config 2012-11-30 13:58:08.954298621 +0100
|
+++ openssh-6.2p1/ssh_config 2013-03-27 13:19:11.148624238 +0100
|
||||||
@@ -26,6 +26,8 @@
|
@@ -26,6 +26,8 @@
|
||||||
# HostbasedAuthentication no
|
# HostbasedAuthentication no
|
||||||
# GSSAPIAuthentication no
|
# GSSAPIAuthentication no
|
||||||
@ -2516,9 +2516,9 @@ diff -up openssh-6.1p1/ssh_config.gsskex openssh-6.1p1/ssh_config
|
|||||||
# BatchMode no
|
# BatchMode no
|
||||||
# CheckHostIP yes
|
# CheckHostIP yes
|
||||||
# AddressFamily any
|
# AddressFamily any
|
||||||
diff -up openssh-6.1p1/sshconnect2.c.gsskex openssh-6.1p1/sshconnect2.c
|
diff -up openssh-6.2p1/sshconnect2.c.gsskex openssh-6.2p1/sshconnect2.c
|
||||||
--- openssh-6.1p1/sshconnect2.c.gsskex 2012-11-30 13:58:08.913298775 +0100
|
--- openssh-6.2p1/sshconnect2.c.gsskex 2013-03-27 13:19:11.104624419 +0100
|
||||||
+++ openssh-6.1p1/sshconnect2.c 2012-11-30 13:58:08.955298617 +0100
|
+++ openssh-6.2p1/sshconnect2.c 2013-03-27 13:19:11.149624234 +0100
|
||||||
@@ -162,9 +162,34 @@ ssh_kex2(char *host, struct sockaddr *ho
|
@@ -162,9 +162,34 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||||
{
|
{
|
||||||
Kex *kex;
|
Kex *kex;
|
||||||
@ -2603,7 +2603,7 @@ diff -up openssh-6.1p1/sshconnect2.c.gsskex openssh-6.1p1/sshconnect2.c
|
|||||||
xxx_kex = kex;
|
xxx_kex = kex;
|
||||||
|
|
||||||
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
|
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
|
||||||
@@ -315,6 +371,7 @@ void input_gssapi_token(int type, u_int3
|
@@ -316,6 +372,7 @@ void input_gssapi_token(int type, u_int3
|
||||||
void input_gssapi_hash(int type, u_int32_t, void *);
|
void input_gssapi_hash(int type, u_int32_t, void *);
|
||||||
void input_gssapi_error(int, u_int32_t, void *);
|
void input_gssapi_error(int, u_int32_t, void *);
|
||||||
void input_gssapi_errtok(int, u_int32_t, void *);
|
void input_gssapi_errtok(int, u_int32_t, void *);
|
||||||
@ -2611,7 +2611,7 @@ diff -up openssh-6.1p1/sshconnect2.c.gsskex openssh-6.1p1/sshconnect2.c
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
void userauth(Authctxt *, char *);
|
void userauth(Authctxt *, char *);
|
||||||
@@ -330,6 +387,11 @@ static char *authmethods_get(void);
|
@@ -331,6 +388,11 @@ static char *authmethods_get(void);
|
||||||
|
|
||||||
Authmethod authmethods[] = {
|
Authmethod authmethods[] = {
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
@ -2623,7 +2623,7 @@ diff -up openssh-6.1p1/sshconnect2.c.gsskex openssh-6.1p1/sshconnect2.c
|
|||||||
{"gssapi-with-mic",
|
{"gssapi-with-mic",
|
||||||
userauth_gssapi,
|
userauth_gssapi,
|
||||||
NULL,
|
NULL,
|
||||||
@@ -637,19 +699,31 @@ userauth_gssapi(Authctxt *authctxt)
|
@@ -638,19 +700,31 @@ userauth_gssapi(Authctxt *authctxt)
|
||||||
static u_int mech = 0;
|
static u_int mech = 0;
|
||||||
OM_uint32 min;
|
OM_uint32 min;
|
||||||
int ok = 0;
|
int ok = 0;
|
||||||
@ -2657,7 +2657,7 @@ diff -up openssh-6.1p1/sshconnect2.c.gsskex openssh-6.1p1/sshconnect2.c
|
|||||||
ok = 1; /* Mechanism works */
|
ok = 1; /* Mechanism works */
|
||||||
} else {
|
} else {
|
||||||
mech++;
|
mech++;
|
||||||
@@ -746,8 +820,8 @@ input_gssapi_response(int type, u_int32_
|
@@ -747,8 +821,8 @@ input_gssapi_response(int type, u_int32_
|
||||||
{
|
{
|
||||||
Authctxt *authctxt = ctxt;
|
Authctxt *authctxt = ctxt;
|
||||||
Gssctxt *gssctxt;
|
Gssctxt *gssctxt;
|
||||||
@ -2668,7 +2668,7 @@ diff -up openssh-6.1p1/sshconnect2.c.gsskex openssh-6.1p1/sshconnect2.c
|
|||||||
|
|
||||||
if (authctxt == NULL)
|
if (authctxt == NULL)
|
||||||
fatal("input_gssapi_response: no authentication context");
|
fatal("input_gssapi_response: no authentication context");
|
||||||
@@ -857,6 +931,48 @@ input_gssapi_error(int type, u_int32_t p
|
@@ -858,6 +932,48 @@ input_gssapi_error(int type, u_int32_t p
|
||||||
xfree(msg);
|
xfree(msg);
|
||||||
xfree(lang);
|
xfree(lang);
|
||||||
}
|
}
|
||||||
@ -2717,9 +2717,9 @@ diff -up openssh-6.1p1/sshconnect2.c.gsskex openssh-6.1p1/sshconnect2.c
|
|||||||
#endif /* GSSAPI */
|
#endif /* GSSAPI */
|
||||||
|
|
||||||
int
|
int
|
||||||
diff -up openssh-6.1p1/sshd.c.gsskex openssh-6.1p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.gsskex openssh-6.2p1/sshd.c
|
||||||
--- openssh-6.1p1/sshd.c.gsskex 2012-11-30 13:58:08.940298674 +0100
|
--- openssh-6.2p1/sshd.c.gsskex 2013-03-27 13:19:11.133624300 +0100
|
||||||
+++ openssh-6.1p1/sshd.c 2012-11-30 13:58:08.955298617 +0100
|
+++ openssh-6.2p1/sshd.c 2013-03-27 13:19:11.149624234 +0100
|
||||||
@@ -124,6 +124,10 @@
|
@@ -124,6 +124,10 @@
|
||||||
#include "ssh-sandbox.h"
|
#include "ssh-sandbox.h"
|
||||||
#include "version.h"
|
#include "version.h"
|
||||||
@ -2731,7 +2731,7 @@ diff -up openssh-6.1p1/sshd.c.gsskex openssh-6.1p1/sshd.c
|
|||||||
#ifdef LIBWRAP
|
#ifdef LIBWRAP
|
||||||
#include <tcpd.h>
|
#include <tcpd.h>
|
||||||
#include <syslog.h>
|
#include <syslog.h>
|
||||||
@@ -1723,10 +1727,13 @@ main(int ac, char **av)
|
@@ -1733,10 +1737,13 @@ main(int ac, char **av)
|
||||||
logit("Disabling protocol version 1. Could not load host key");
|
logit("Disabling protocol version 1. Could not load host key");
|
||||||
options.protocol &= ~SSH_PROTO_1;
|
options.protocol &= ~SSH_PROTO_1;
|
||||||
}
|
}
|
||||||
@ -2745,7 +2745,7 @@ diff -up openssh-6.1p1/sshd.c.gsskex openssh-6.1p1/sshd.c
|
|||||||
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
|
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
|
||||||
logit("sshd: no hostkeys available -- exiting.");
|
logit("sshd: no hostkeys available -- exiting.");
|
||||||
exit(1);
|
exit(1);
|
||||||
@@ -2058,6 +2065,60 @@ main(int ac, char **av)
|
@@ -2068,6 +2075,60 @@ main(int ac, char **av)
|
||||||
/* Log the connection. */
|
/* Log the connection. */
|
||||||
verbose("Connection from %.500s port %d", remote_ip, remote_port);
|
verbose("Connection from %.500s port %d", remote_ip, remote_port);
|
||||||
|
|
||||||
@ -2806,7 +2806,7 @@ diff -up openssh-6.1p1/sshd.c.gsskex openssh-6.1p1/sshd.c
|
|||||||
/*
|
/*
|
||||||
* We don't want to listen forever unless the other side
|
* We don't want to listen forever unless the other side
|
||||||
* successfully authenticates itself. So we set up an alarm which is
|
* successfully authenticates itself. So we set up an alarm which is
|
||||||
@@ -2456,6 +2517,48 @@ do_ssh2_kex(void)
|
@@ -2466,6 +2527,48 @@ do_ssh2_kex(void)
|
||||||
|
|
||||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
||||||
|
|
||||||
@ -2855,7 +2855,7 @@ diff -up openssh-6.1p1/sshd.c.gsskex openssh-6.1p1/sshd.c
|
|||||||
/* start key exchange */
|
/* start key exchange */
|
||||||
kex = kex_setup(myproposal);
|
kex = kex_setup(myproposal);
|
||||||
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
|
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
|
||||||
@@ -2463,6 +2566,13 @@ do_ssh2_kex(void)
|
@@ -2473,6 +2576,13 @@ do_ssh2_kex(void)
|
||||||
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
|
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
|
||||||
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
|
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
|
||||||
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
|
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
|
||||||
@ -2869,10 +2869,10 @@ diff -up openssh-6.1p1/sshd.c.gsskex openssh-6.1p1/sshd.c
|
|||||||
kex->server = 1;
|
kex->server = 1;
|
||||||
kex->client_version_string=client_version_string;
|
kex->client_version_string=client_version_string;
|
||||||
kex->server_version_string=server_version_string;
|
kex->server_version_string=server_version_string;
|
||||||
diff -up openssh-6.1p1/sshd_config.5.gsskex openssh-6.1p1/sshd_config.5
|
diff -up openssh-6.2p1/sshd_config.5.gsskex openssh-6.2p1/sshd_config.5
|
||||||
--- openssh-6.1p1/sshd_config.5.gsskex 2012-11-30 13:58:08.935298693 +0100
|
--- openssh-6.2p1/sshd_config.5.gsskex 2013-03-27 13:19:11.129624316 +0100
|
||||||
+++ openssh-6.1p1/sshd_config.5 2012-11-30 13:58:08.956298613 +0100
|
+++ openssh-6.2p1/sshd_config.5 2013-03-27 13:19:11.150624230 +0100
|
||||||
@@ -462,12 +462,40 @@ Specifies whether user authentication ba
|
@@ -481,12 +481,40 @@ Specifies whether user authentication ba
|
||||||
The default is
|
The default is
|
||||||
.Dq no .
|
.Dq no .
|
||||||
Note that this option applies to protocol version 2 only.
|
Note that this option applies to protocol version 2 only.
|
||||||
@ -2913,9 +2913,9 @@ diff -up openssh-6.1p1/sshd_config.5.gsskex openssh-6.1p1/sshd_config.5
|
|||||||
.It Cm HostbasedAuthentication
|
.It Cm HostbasedAuthentication
|
||||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||||
with successful public key client host authentication is allowed
|
with successful public key client host authentication is allowed
|
||||||
diff -up openssh-6.1p1/sshd_config.gsskex openssh-6.1p1/sshd_config
|
diff -up openssh-6.2p1/sshd_config.gsskex openssh-6.2p1/sshd_config
|
||||||
--- openssh-6.1p1/sshd_config.gsskex 2012-11-30 13:58:08.940298674 +0100
|
--- openssh-6.2p1/sshd_config.gsskex 2013-03-27 13:19:11.133624300 +0100
|
||||||
+++ openssh-6.1p1/sshd_config 2012-11-30 13:58:08.956298613 +0100
|
+++ openssh-6.2p1/sshd_config 2013-03-27 13:19:11.150624230 +0100
|
||||||
@@ -89,6 +89,8 @@ ChallengeResponseAuthentication no
|
@@ -89,6 +89,8 @@ ChallengeResponseAuthentication no
|
||||||
GSSAPIAuthentication yes
|
GSSAPIAuthentication yes
|
||||||
#GSSAPICleanupCredentials yes
|
#GSSAPICleanupCredentials yes
|
||||||
@ -2925,9 +2925,9 @@ diff -up openssh-6.1p1/sshd_config.gsskex openssh-6.1p1/sshd_config
|
|||||||
|
|
||||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||||
# and session processing. If this is enabled, PAM authentication will
|
# and session processing. If this is enabled, PAM authentication will
|
||||||
diff -up openssh-6.1p1/ssh-gss.h.gsskex openssh-6.1p1/ssh-gss.h
|
diff -up openssh-6.2p1/ssh-gss.h.gsskex openssh-6.2p1/ssh-gss.h
|
||||||
--- openssh-6.1p1/ssh-gss.h.gsskex 2007-06-12 15:40:39.000000000 +0200
|
--- openssh-6.2p1/ssh-gss.h.gsskex 2013-02-25 01:24:44.000000000 +0100
|
||||||
+++ openssh-6.1p1/ssh-gss.h 2012-11-30 13:58:08.956298613 +0100
|
+++ openssh-6.2p1/ssh-gss.h 2013-03-27 13:19:11.150624230 +0100
|
||||||
@@ -1,6 +1,6 @@
|
@@ -1,6 +1,6 @@
|
||||||
/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
|
/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
@ -2936,7 +2936,7 @@ diff -up openssh-6.1p1/ssh-gss.h.gsskex openssh-6.1p1/ssh-gss.h
|
|||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@@ -60,10 +60,22 @@
|
@@ -61,10 +61,22 @@
|
||||||
|
|
||||||
#define SSH_GSS_OIDTYPE 0x06
|
#define SSH_GSS_OIDTYPE 0x06
|
||||||
|
|
||||||
@ -2959,7 +2959,7 @@ diff -up openssh-6.1p1/ssh-gss.h.gsskex openssh-6.1p1/ssh-gss.h
|
|||||||
void *data;
|
void *data;
|
||||||
} ssh_gssapi_ccache;
|
} ssh_gssapi_ccache;
|
||||||
|
|
||||||
@@ -71,8 +83,11 @@ typedef struct {
|
@@ -72,8 +84,11 @@ typedef struct {
|
||||||
gss_buffer_desc displayname;
|
gss_buffer_desc displayname;
|
||||||
gss_buffer_desc exportedname;
|
gss_buffer_desc exportedname;
|
||||||
gss_cred_id_t creds;
|
gss_cred_id_t creds;
|
||||||
@ -2971,7 +2971,7 @@ diff -up openssh-6.1p1/ssh-gss.h.gsskex openssh-6.1p1/ssh-gss.h
|
|||||||
} ssh_gssapi_client;
|
} ssh_gssapi_client;
|
||||||
|
|
||||||
typedef struct ssh_gssapi_mech_struct {
|
typedef struct ssh_gssapi_mech_struct {
|
||||||
@@ -83,6 +98,7 @@ typedef struct ssh_gssapi_mech_struct {
|
@@ -84,6 +99,7 @@ typedef struct ssh_gssapi_mech_struct {
|
||||||
int (*userok) (ssh_gssapi_client *, char *);
|
int (*userok) (ssh_gssapi_client *, char *);
|
||||||
int (*localname) (ssh_gssapi_client *, char **);
|
int (*localname) (ssh_gssapi_client *, char **);
|
||||||
void (*storecreds) (ssh_gssapi_client *);
|
void (*storecreds) (ssh_gssapi_client *);
|
||||||
@ -2979,7 +2979,7 @@ diff -up openssh-6.1p1/ssh-gss.h.gsskex openssh-6.1p1/ssh-gss.h
|
|||||||
} ssh_gssapi_mech;
|
} ssh_gssapi_mech;
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
@@ -93,10 +109,11 @@ typedef struct {
|
@@ -94,10 +110,11 @@ typedef struct {
|
||||||
gss_OID oid; /* client */
|
gss_OID oid; /* client */
|
||||||
gss_cred_id_t creds; /* server */
|
gss_cred_id_t creds; /* server */
|
||||||
gss_name_t client; /* server */
|
gss_name_t client; /* server */
|
||||||
@ -2992,7 +2992,7 @@ diff -up openssh-6.1p1/ssh-gss.h.gsskex openssh-6.1p1/ssh-gss.h
|
|||||||
|
|
||||||
int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
|
int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
|
||||||
void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
|
void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
|
||||||
@@ -116,16 +133,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
|
@@ -117,16 +134,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
|
||||||
void ssh_gssapi_delete_ctx(Gssctxt **);
|
void ssh_gssapi_delete_ctx(Gssctxt **);
|
||||||
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
|
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
|
||||||
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
|
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
|
@ -1,7 +1,7 @@
|
|||||||
diff -up openssh-6.1p1/auth2-pubkey.c.keycat openssh-6.1p1/auth2-pubkey.c
|
diff -up openssh-6.2p1/auth2-pubkey.c.keycat openssh-6.2p1/auth2-pubkey.c
|
||||||
--- openssh-6.1p1/auth2-pubkey.c.keycat 2013-02-14 17:39:21.000000000 +0100
|
--- openssh-6.2p1/auth2-pubkey.c.keycat 2013-03-25 21:34:17.779978851 +0100
|
||||||
+++ openssh-6.1p1/auth2-pubkey.c 2013-02-14 17:40:42.600050510 +0100
|
+++ openssh-6.2p1/auth2-pubkey.c 2013-03-25 21:34:17.798978973 +0100
|
||||||
@@ -571,6 +571,14 @@ user_key_command_allowed2(struct passwd
|
@@ -573,6 +573,14 @@ user_key_command_allowed2(struct passwd
|
||||||
_exit(1);
|
_exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -16,9 +16,9 @@ diff -up openssh-6.1p1/auth2-pubkey.c.keycat openssh-6.1p1/auth2-pubkey.c
|
|||||||
execl(options.authorized_keys_command,
|
execl(options.authorized_keys_command,
|
||||||
options.authorized_keys_command, user_pw->pw_name, NULL);
|
options.authorized_keys_command, user_pw->pw_name, NULL);
|
||||||
|
|
||||||
diff -up openssh-6.1p1/HOWTO.ssh-keycat.keycat openssh-6.1p1/HOWTO.ssh-keycat
|
diff -up openssh-6.2p1/HOWTO.ssh-keycat.keycat openssh-6.2p1/HOWTO.ssh-keycat
|
||||||
--- openssh-6.1p1/HOWTO.ssh-keycat.keycat 2013-02-14 17:39:21.148382013 +0100
|
--- openssh-6.2p1/HOWTO.ssh-keycat.keycat 2013-03-25 21:34:17.798978973 +0100
|
||||||
+++ openssh-6.1p1/HOWTO.ssh-keycat 2013-02-14 17:39:21.148382013 +0100
|
+++ openssh-6.2p1/HOWTO.ssh-keycat 2013-03-25 21:34:17.798978973 +0100
|
||||||
@@ -0,0 +1,12 @@
|
@@ -0,0 +1,12 @@
|
||||||
+The ssh-keycat retrieves the content of the ~/.ssh/authorized_keys
|
+The ssh-keycat retrieves the content of the ~/.ssh/authorized_keys
|
||||||
+of an user in any environment. This includes environments with
|
+of an user in any environment. This includes environments with
|
||||||
@ -32,9 +32,9 @@ diff -up openssh-6.1p1/HOWTO.ssh-keycat.keycat openssh-6.1p1/HOWTO.ssh-keycat
|
|||||||
+ PubkeyAuthentication yes
|
+ PubkeyAuthentication yes
|
||||||
+
|
+
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/Makefile.in.keycat openssh-6.1p1/Makefile.in
|
diff -up openssh-6.2p1/Makefile.in.keycat openssh-6.2p1/Makefile.in
|
||||||
--- openssh-6.1p1/Makefile.in.keycat 2013-02-14 17:39:21.143382033 +0100
|
--- openssh-6.2p1/Makefile.in.keycat 2013-03-25 21:34:17.793978941 +0100
|
||||||
+++ openssh-6.1p1/Makefile.in 2013-02-14 17:39:21.148382013 +0100
|
+++ openssh-6.2p1/Makefile.in 2013-03-25 21:35:48.282559562 +0100
|
||||||
@@ -27,6 +27,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
|
@@ -27,6 +27,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
|
||||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||||
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
||||||
@ -43,16 +43,16 @@ diff -up openssh-6.1p1/Makefile.in.keycat openssh-6.1p1/Makefile.in
|
|||||||
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
||||||
PRIVSEP_PATH=@PRIVSEP_PATH@
|
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||||
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||||
@@ -62,7 +63,7 @@ EXEEXT=@EXEEXT@
|
@@ -64,7 +65,7 @@ EXEEXT=@EXEEXT@
|
||||||
MANFMT=@MANFMT@
|
MANFMT=@MANFMT@
|
||||||
INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
|
INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
|
||||||
|
|
||||||
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
|
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
|
||||||
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
|
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
|
||||||
|
|
||||||
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
||||||
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
|
canohost.o channels.o cipher.o cipher-aes.o \
|
||||||
@@ -168,6 +169,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
|
@@ -170,6 +171,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
|
||||||
ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
|
ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
|
||||||
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
||||||
|
|
||||||
@ -62,7 +62,7 @@ diff -up openssh-6.1p1/Makefile.in.keycat openssh-6.1p1/Makefile.in
|
|||||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||||
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||||
|
|
||||||
@@ -267,6 +271,7 @@ install-files:
|
@@ -276,6 +280,7 @@ install-files:
|
||||||
$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
|
$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
|
||||||
$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
|
$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
|
||||||
fi
|
fi
|
||||||
@ -70,9 +70,9 @@ diff -up openssh-6.1p1/Makefile.in.keycat openssh-6.1p1/Makefile.in
|
|||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||||
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||||
diff -up openssh-6.1p1/openbsd-compat/port-linux.c.keycat openssh-6.1p1/openbsd-compat/port-linux.c
|
diff -up openssh-6.2p1/openbsd-compat/port-linux.c.keycat openssh-6.2p1/openbsd-compat/port-linux.c
|
||||||
--- openssh-6.1p1/openbsd-compat/port-linux.c.keycat 2013-02-14 17:39:21.126382101 +0100
|
--- openssh-6.2p1/openbsd-compat/port-linux.c.keycat 2013-03-25 21:34:17.785978890 +0100
|
||||||
+++ openssh-6.1p1/openbsd-compat/port-linux.c 2013-02-14 17:39:21.149382009 +0100
|
+++ openssh-6.2p1/openbsd-compat/port-linux.c 2013-03-25 21:34:17.800978986 +0100
|
||||||
@@ -315,7 +315,7 @@ ssh_selinux_getctxbyname(char *pwname,
|
@@ -315,7 +315,7 @@ ssh_selinux_getctxbyname(char *pwname,
|
||||||
|
|
||||||
/* Setup environment variables for pam_selinux */
|
/* Setup environment variables for pam_selinux */
|
||||||
@ -127,9 +127,9 @@ diff -up openssh-6.1p1/openbsd-compat/port-linux.c.keycat openssh-6.1p1/openbsd-
|
|||||||
/* Set the execution context to the default for the specified user */
|
/* Set the execution context to the default for the specified user */
|
||||||
void
|
void
|
||||||
ssh_selinux_setup_exec_context(char *pwname)
|
ssh_selinux_setup_exec_context(char *pwname)
|
||||||
diff -up openssh-6.1p1/ssh-keycat.c.keycat openssh-6.1p1/ssh-keycat.c
|
diff -up openssh-6.2p1/ssh-keycat.c.keycat openssh-6.2p1/ssh-keycat.c
|
||||||
--- openssh-6.1p1/ssh-keycat.c.keycat 2013-02-14 17:39:21.149382009 +0100
|
--- openssh-6.2p1/ssh-keycat.c.keycat 2013-03-25 21:34:17.800978986 +0100
|
||||||
+++ openssh-6.1p1/ssh-keycat.c 2013-02-14 17:39:21.149382009 +0100
|
+++ openssh-6.2p1/ssh-keycat.c 2013-03-25 21:34:17.800978986 +0100
|
||||||
@@ -0,0 +1,238 @@
|
@@ -0,0 +1,238 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Redistribution and use in source and binary forms, with or without
|
+ * Redistribution and use in source and binary forms, with or without
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-6.1p1/auth-krb5.c.kuserok openssh-6.1p1/auth-krb5.c
|
diff -up openssh-6.2p1/auth-krb5.c.kuserok openssh-6.2p1/auth-krb5.c
|
||||||
--- openssh-6.1p1/auth-krb5.c.kuserok 2012-09-14 21:08:16.941496194 +0200
|
--- openssh-6.2p1/auth-krb5.c.kuserok 2013-03-25 20:06:51.295558062 +0100
|
||||||
+++ openssh-6.1p1/auth-krb5.c 2012-09-14 21:08:17.063496896 +0200
|
+++ openssh-6.2p1/auth-krb5.c 2013-03-25 20:06:51.318558207 +0100
|
||||||
@@ -55,6 +55,20 @@
|
@@ -55,6 +55,20 @@
|
||||||
|
|
||||||
extern ServerOptions options;
|
extern ServerOptions options;
|
||||||
@ -31,9 +31,9 @@ diff -up openssh-6.1p1/auth-krb5.c.kuserok openssh-6.1p1/auth-krb5.c
|
|||||||
problem = -1;
|
problem = -1;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
diff -up openssh-6.1p1/gss-serv-krb5.c.kuserok openssh-6.1p1/gss-serv-krb5.c
|
diff -up openssh-6.2p1/gss-serv-krb5.c.kuserok openssh-6.2p1/gss-serv-krb5.c
|
||||||
--- openssh-6.1p1/gss-serv-krb5.c.kuserok 2012-09-14 21:08:17.019496642 +0200
|
--- openssh-6.2p1/gss-serv-krb5.c.kuserok 2013-03-25 20:06:51.311558163 +0100
|
||||||
+++ openssh-6.1p1/gss-serv-krb5.c 2012-09-14 21:08:17.065496906 +0200
|
+++ openssh-6.2p1/gss-serv-krb5.c 2013-03-25 20:06:51.319558214 +0100
|
||||||
@@ -68,6 +68,7 @@ static int ssh_gssapi_krb5_cmdok(krb5_pr
|
@@ -68,6 +68,7 @@ static int ssh_gssapi_krb5_cmdok(krb5_pr
|
||||||
int);
|
int);
|
||||||
|
|
||||||
@ -51,10 +51,10 @@ diff -up openssh-6.1p1/gss-serv-krb5.c.kuserok openssh-6.1p1/gss-serv-krb5.c
|
|||||||
retval = 1;
|
retval = 1;
|
||||||
logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
|
logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
|
||||||
luser, (char *)client->displayname.value);
|
luser, (char *)client->displayname.value);
|
||||||
diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c
|
diff -up openssh-6.2p1/servconf.c.kuserok openssh-6.2p1/servconf.c
|
||||||
--- openssh-6.1p1/servconf.c.kuserok 2012-09-14 21:08:16.989496471 +0200
|
--- openssh-6.2p1/servconf.c.kuserok 2013-03-25 20:06:51.305558125 +0100
|
||||||
+++ openssh-6.1p1/servconf.c 2012-09-14 21:09:30.864868698 +0200
|
+++ openssh-6.2p1/servconf.c 2013-03-25 20:06:51.319558214 +0100
|
||||||
@@ -152,6 +152,7 @@ initialize_server_options(ServerOptions
|
@@ -150,6 +150,7 @@ initialize_server_options(ServerOptions
|
||||||
options->ip_qos_interactive = -1;
|
options->ip_qos_interactive = -1;
|
||||||
options->ip_qos_bulk = -1;
|
options->ip_qos_bulk = -1;
|
||||||
options->version_addendum = NULL;
|
options->version_addendum = NULL;
|
||||||
@ -62,7 +62,7 @@ diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@@ -301,6 +302,8 @@ fill_default_server_options(ServerOption
|
@@ -299,6 +300,8 @@ fill_default_server_options(ServerOption
|
||||||
options->version_addendum = xstrdup("");
|
options->version_addendum = xstrdup("");
|
||||||
if (options->show_patchlevel == -1)
|
if (options->show_patchlevel == -1)
|
||||||
options->show_patchlevel = 0;
|
options->show_patchlevel = 0;
|
||||||
@ -71,7 +71,7 @@ diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c
|
|||||||
|
|
||||||
/* Turn privilege separation on by default */
|
/* Turn privilege separation on by default */
|
||||||
if (use_privsep == -1)
|
if (use_privsep == -1)
|
||||||
@@ -327,7 +330,7 @@ typedef enum {
|
@@ -325,7 +328,7 @@ typedef enum {
|
||||||
sPermitRootLogin, sLogFacility, sLogLevel,
|
sPermitRootLogin, sLogFacility, sLogLevel,
|
||||||
sRhostsRSAAuthentication, sRSAAuthentication,
|
sRhostsRSAAuthentication, sRSAAuthentication,
|
||||||
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
|
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
|
||||||
@ -80,7 +80,7 @@ diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c
|
|||||||
sKerberosTgtPassing, sChallengeResponseAuthentication,
|
sKerberosTgtPassing, sChallengeResponseAuthentication,
|
||||||
sPasswordAuthentication, sKbdInteractiveAuthentication,
|
sPasswordAuthentication, sKbdInteractiveAuthentication,
|
||||||
sListenAddress, sAddressFamily,
|
sListenAddress, sAddressFamily,
|
||||||
@@ -399,11 +402,13 @@ static struct {
|
@@ -397,11 +400,13 @@ static struct {
|
||||||
#else
|
#else
|
||||||
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
|
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
|
||||||
#endif
|
#endif
|
||||||
@ -94,7 +94,7 @@ diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c
|
|||||||
#endif
|
#endif
|
||||||
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
|
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
|
||||||
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
|
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
|
||||||
@@ -1486,6 +1491,10 @@ process_server_config_line(ServerOptions
|
@@ -1460,6 +1465,10 @@ process_server_config_line(ServerOptions
|
||||||
*activep = value;
|
*activep = value;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -105,7 +105,7 @@ diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c
|
|||||||
case sPermitOpen:
|
case sPermitOpen:
|
||||||
arg = strdelim(&cp);
|
arg = strdelim(&cp);
|
||||||
if (!arg || *arg == '\0')
|
if (!arg || *arg == '\0')
|
||||||
@@ -1769,6 +1778,7 @@ copy_set_server_options(ServerOptions *d
|
@@ -1761,6 +1770,7 @@ copy_set_server_options(ServerOptions *d
|
||||||
M_CP_INTOPT(max_authtries);
|
M_CP_INTOPT(max_authtries);
|
||||||
M_CP_INTOPT(ip_qos_interactive);
|
M_CP_INTOPT(ip_qos_interactive);
|
||||||
M_CP_INTOPT(ip_qos_bulk);
|
M_CP_INTOPT(ip_qos_bulk);
|
||||||
@ -113,7 +113,7 @@ diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c
|
|||||||
|
|
||||||
/* See comment in servconf.h */
|
/* See comment in servconf.h */
|
||||||
COPY_MATCH_STRING_OPTS();
|
COPY_MATCH_STRING_OPTS();
|
||||||
@@ -2005,6 +2015,7 @@ dump_config(ServerOptions *o)
|
@@ -1999,6 +2009,7 @@ dump_config(ServerOptions *o)
|
||||||
dump_cfg_fmtint(sUseDNS, o->use_dns);
|
dump_cfg_fmtint(sUseDNS, o->use_dns);
|
||||||
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
|
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
|
||||||
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
||||||
@ -121,10 +121,10 @@ diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c
|
|||||||
|
|
||||||
/* string arguments */
|
/* string arguments */
|
||||||
dump_cfg_string(sPidFile, o->pid_file);
|
dump_cfg_string(sPidFile, o->pid_file);
|
||||||
diff -up openssh-6.1p1/servconf.h.kuserok openssh-6.1p1/servconf.h
|
diff -up openssh-6.2p1/servconf.h.kuserok openssh-6.2p1/servconf.h
|
||||||
--- openssh-6.1p1/servconf.h.kuserok 2012-09-14 21:08:16.990496476 +0200
|
--- openssh-6.2p1/servconf.h.kuserok 2013-03-25 20:06:51.305558125 +0100
|
||||||
+++ openssh-6.1p1/servconf.h 2012-09-14 21:08:17.071496942 +0200
|
+++ openssh-6.2p1/servconf.h 2013-03-25 20:06:51.320558220 +0100
|
||||||
@@ -169,6 +169,7 @@ typedef struct {
|
@@ -173,6 +173,7 @@ typedef struct {
|
||||||
|
|
||||||
int num_permitted_opens;
|
int num_permitted_opens;
|
||||||
|
|
||||||
@ -132,10 +132,10 @@ diff -up openssh-6.1p1/servconf.h.kuserok openssh-6.1p1/servconf.h
|
|||||||
char *chroot_directory;
|
char *chroot_directory;
|
||||||
char *revoked_keys_file;
|
char *revoked_keys_file;
|
||||||
char *trusted_user_ca_keys;
|
char *trusted_user_ca_keys;
|
||||||
diff -up openssh-6.1p1/sshd_config.kuserok openssh-6.1p1/sshd_config
|
diff -up openssh-6.2p1/sshd_config.kuserok openssh-6.2p1/sshd_config
|
||||||
--- openssh-6.1p1/sshd_config.kuserok 2012-09-14 21:08:17.002496545 +0200
|
--- openssh-6.2p1/sshd_config.kuserok 2013-03-25 20:06:51.308558144 +0100
|
||||||
+++ openssh-6.1p1/sshd_config 2012-09-14 21:08:17.074496957 +0200
|
+++ openssh-6.2p1/sshd_config 2013-03-25 20:06:51.320558220 +0100
|
||||||
@@ -79,6 +79,7 @@ ChallengeResponseAuthentication no
|
@@ -83,6 +83,7 @@ ChallengeResponseAuthentication no
|
||||||
#KerberosOrLocalPasswd yes
|
#KerberosOrLocalPasswd yes
|
||||||
#KerberosTicketCleanup yes
|
#KerberosTicketCleanup yes
|
||||||
#KerberosGetAFSToken no
|
#KerberosGetAFSToken no
|
||||||
@ -143,10 +143,10 @@ diff -up openssh-6.1p1/sshd_config.kuserok openssh-6.1p1/sshd_config
|
|||||||
|
|
||||||
# GSSAPI options
|
# GSSAPI options
|
||||||
#GSSAPIAuthentication no
|
#GSSAPIAuthentication no
|
||||||
diff -up openssh-6.1p1/sshd_config.5.kuserok openssh-6.1p1/sshd_config.5
|
diff -up openssh-6.2p1/sshd_config.5.kuserok openssh-6.2p1/sshd_config.5
|
||||||
--- openssh-6.1p1/sshd_config.5.kuserok 2012-09-14 21:08:17.004496556 +0200
|
--- openssh-6.2p1/sshd_config.5.kuserok 2013-03-25 20:06:51.308558144 +0100
|
||||||
+++ openssh-6.1p1/sshd_config.5 2012-09-14 21:08:17.073496952 +0200
|
+++ openssh-6.2p1/sshd_config.5 2013-03-25 20:08:34.249207272 +0100
|
||||||
@@ -618,6 +618,10 @@ Specifies whether to automatically destr
|
@@ -660,6 +660,10 @@ Specifies whether to automatically destr
|
||||||
file on logout.
|
file on logout.
|
||||||
The default is
|
The default is
|
||||||
.Dq yes .
|
.Dq yes .
|
||||||
@ -157,11 +157,11 @@ diff -up openssh-6.1p1/sshd_config.5.kuserok openssh-6.1p1/sshd_config.5
|
|||||||
.It Cm KexAlgorithms
|
.It Cm KexAlgorithms
|
||||||
Specifies the available KEX (Key Exchange) algorithms.
|
Specifies the available KEX (Key Exchange) algorithms.
|
||||||
Multiple algorithms must be comma-separated.
|
Multiple algorithms must be comma-separated.
|
||||||
@@ -767,6 +771,7 @@ Available keywords are
|
@@ -819,6 +823,7 @@ Available keywords are
|
||||||
.Cm HostbasedUsesNameFromPacketOnly ,
|
.Cm HostbasedUsesNameFromPacketOnly ,
|
||||||
.Cm KbdInteractiveAuthentication ,
|
.Cm KbdInteractiveAuthentication ,
|
||||||
.Cm KerberosAuthentication ,
|
.Cm KerberosAuthentication ,
|
||||||
+.Cm KerberosUseKuserok ,
|
+.Cm KerberosUseKuserok ,
|
||||||
.Cm MaxAuthTries ,
|
.Cm MaxAuthTries ,
|
||||||
.Cm MaxSessions ,
|
.Cm MaxSessions ,
|
||||||
.Cm PubkeyAuthentication ,
|
.Cm PasswordAuthentication ,
|
@ -1,7 +1,7 @@
|
|||||||
diff -up openssh-6.1p1/configure.ac.ldap openssh-6.1p1/configure.ac
|
diff -up openssh-6.2p1/configure.ac.ldap openssh-6.2p1/configure.ac
|
||||||
--- openssh-6.1p1/configure.ac.ldap 2012-07-06 03:49:29.000000000 +0200
|
--- openssh-6.2p1/configure.ac.ldap 2013-03-20 02:55:15.000000000 +0100
|
||||||
+++ openssh-6.1p1/configure.ac 2012-11-01 13:35:14.830280116 +0100
|
+++ openssh-6.2p1/configure.ac 2013-03-25 21:27:15.888248071 +0100
|
||||||
@@ -1512,6 +1512,106 @@ AC_ARG_WITH([audit],
|
@@ -1509,6 +1509,106 @@ AC_ARG_WITH([audit],
|
||||||
esac ]
|
esac ]
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -108,9 +108,9 @@ diff -up openssh-6.1p1/configure.ac.ldap openssh-6.1p1/configure.ac
|
|||||||
dnl Checks for library functions. Please keep in alphabetical order
|
dnl Checks for library functions. Please keep in alphabetical order
|
||||||
AC_CHECK_FUNCS([ \
|
AC_CHECK_FUNCS([ \
|
||||||
arc4random \
|
arc4random \
|
||||||
diff -up openssh-6.1p1/HOWTO.ldap-keys.ldap openssh-6.1p1/HOWTO.ldap-keys
|
diff -up openssh-6.2p1/HOWTO.ldap-keys.ldap openssh-6.2p1/HOWTO.ldap-keys
|
||||||
--- openssh-6.1p1/HOWTO.ldap-keys.ldap 2012-11-01 12:57:17.915280385 +0100
|
--- openssh-6.2p1/HOWTO.ldap-keys.ldap 2013-03-25 21:27:15.889248078 +0100
|
||||||
+++ openssh-6.1p1/HOWTO.ldap-keys 2012-11-01 12:57:17.915280385 +0100
|
+++ openssh-6.2p1/HOWTO.ldap-keys 2013-03-25 21:27:15.889248078 +0100
|
||||||
@@ -0,0 +1,108 @@
|
@@ -0,0 +1,108 @@
|
||||||
+
|
+
|
||||||
+HOW TO START
|
+HOW TO START
|
||||||
@ -220,9 +220,9 @@ diff -up openssh-6.1p1/HOWTO.ldap-keys.ldap openssh-6.1p1/HOWTO.ldap-keys
|
|||||||
+5) Author
|
+5) Author
|
||||||
+ Jan F. Chadima <jchadima@redhat.com>
|
+ Jan F. Chadima <jchadima@redhat.com>
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/ldapbody.c.ldap openssh-6.1p1/ldapbody.c
|
diff -up openssh-6.2p1/ldapbody.c.ldap openssh-6.2p1/ldapbody.c
|
||||||
--- openssh-6.1p1/ldapbody.c.ldap 2012-11-01 12:57:17.916280385 +0100
|
--- openssh-6.2p1/ldapbody.c.ldap 2013-03-25 21:27:15.889248078 +0100
|
||||||
+++ openssh-6.1p1/ldapbody.c 2012-11-01 12:57:17.916280385 +0100
|
+++ openssh-6.2p1/ldapbody.c 2013-03-25 21:27:15.889248078 +0100
|
||||||
@@ -0,0 +1,494 @@
|
@@ -0,0 +1,494 @@
|
||||||
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -718,9 +718,9 @@ diff -up openssh-6.1p1/ldapbody.c.ldap openssh-6.1p1/ldapbody.c
|
|||||||
+ return;
|
+ return;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/ldapbody.h.ldap openssh-6.1p1/ldapbody.h
|
diff -up openssh-6.2p1/ldapbody.h.ldap openssh-6.2p1/ldapbody.h
|
||||||
--- openssh-6.1p1/ldapbody.h.ldap 2012-11-01 12:57:17.916280385 +0100
|
--- openssh-6.2p1/ldapbody.h.ldap 2013-03-25 21:27:15.889248078 +0100
|
||||||
+++ openssh-6.1p1/ldapbody.h 2012-11-01 12:57:17.916280385 +0100
|
+++ openssh-6.2p1/ldapbody.h 2013-03-25 21:27:15.889248078 +0100
|
||||||
@@ -0,0 +1,37 @@
|
@@ -0,0 +1,37 @@
|
||||||
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -759,9 +759,9 @@ diff -up openssh-6.1p1/ldapbody.h.ldap openssh-6.1p1/ldapbody.h
|
|||||||
+
|
+
|
||||||
+#endif /* LDAPBODY_H */
|
+#endif /* LDAPBODY_H */
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/ldapconf.c.ldap openssh-6.1p1/ldapconf.c
|
diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
|
||||||
--- openssh-6.1p1/ldapconf.c.ldap 2012-11-01 12:57:17.917280385 +0100
|
--- openssh-6.2p1/ldapconf.c.ldap 2013-03-25 21:27:15.890248084 +0100
|
||||||
+++ openssh-6.1p1/ldapconf.c 2012-11-01 12:57:17.917280385 +0100
|
+++ openssh-6.2p1/ldapconf.c 2013-03-25 21:27:15.890248084 +0100
|
||||||
@@ -0,0 +1,682 @@
|
@@ -0,0 +1,682 @@
|
||||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1445,9 +1445,9 @@ diff -up openssh-6.1p1/ldapconf.c.ldap openssh-6.1p1/ldapconf.c
|
|||||||
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
|
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/ldapconf.h.ldap openssh-6.1p1/ldapconf.h
|
diff -up openssh-6.2p1/ldapconf.h.ldap openssh-6.2p1/ldapconf.h
|
||||||
--- openssh-6.1p1/ldapconf.h.ldap 2012-11-01 12:57:17.918280385 +0100
|
--- openssh-6.2p1/ldapconf.h.ldap 2013-03-25 21:27:15.891248091 +0100
|
||||||
+++ openssh-6.1p1/ldapconf.h 2012-11-01 12:57:17.918280385 +0100
|
+++ openssh-6.2p1/ldapconf.h 2013-03-25 21:27:15.891248091 +0100
|
||||||
@@ -0,0 +1,71 @@
|
@@ -0,0 +1,71 @@
|
||||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1520,9 +1520,9 @@ diff -up openssh-6.1p1/ldapconf.h.ldap openssh-6.1p1/ldapconf.h
|
|||||||
+void dump_config(void);
|
+void dump_config(void);
|
||||||
+
|
+
|
||||||
+#endif /* LDAPCONF_H */
|
+#endif /* LDAPCONF_H */
|
||||||
diff -up openssh-6.1p1/ldap.conf.ldap openssh-6.1p1/ldap.conf
|
diff -up openssh-6.2p1/ldap.conf.ldap openssh-6.2p1/ldap.conf
|
||||||
--- openssh-6.1p1/ldap.conf.ldap 2012-11-01 12:57:17.918280385 +0100
|
--- openssh-6.2p1/ldap.conf.ldap 2013-03-25 21:27:15.891248091 +0100
|
||||||
+++ openssh-6.1p1/ldap.conf 2012-11-01 12:57:17.918280385 +0100
|
+++ openssh-6.2p1/ldap.conf 2013-03-25 21:27:15.891248091 +0100
|
||||||
@@ -0,0 +1,88 @@
|
@@ -0,0 +1,88 @@
|
||||||
+# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
|
+# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
|
||||||
+#
|
+#
|
||||||
@ -1612,9 +1612,9 @@ diff -up openssh-6.1p1/ldap.conf.ldap openssh-6.1p1/ldap.conf
|
|||||||
+#tls_cert
|
+#tls_cert
|
||||||
+#tls_key
|
+#tls_key
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/ldap-helper.c.ldap openssh-6.1p1/ldap-helper.c
|
diff -up openssh-6.2p1/ldap-helper.c.ldap openssh-6.2p1/ldap-helper.c
|
||||||
--- openssh-6.1p1/ldap-helper.c.ldap 2012-11-01 12:57:17.919280385 +0100
|
--- openssh-6.2p1/ldap-helper.c.ldap 2013-03-25 21:27:15.892248097 +0100
|
||||||
+++ openssh-6.1p1/ldap-helper.c 2012-11-01 12:57:17.919280385 +0100
|
+++ openssh-6.2p1/ldap-helper.c 2013-03-25 21:27:15.892248097 +0100
|
||||||
@@ -0,0 +1,155 @@
|
@@ -0,0 +1,155 @@
|
||||||
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1771,9 +1771,9 @@ diff -up openssh-6.1p1/ldap-helper.c.ldap openssh-6.1p1/ldap-helper.c
|
|||||||
+void *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
|
+void *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
|
||||||
+void buffer_put_string(Buffer *b, const void *f, u_int l) {}
|
+void buffer_put_string(Buffer *b, const void *f, u_int l) {}
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/ldap-helper.h.ldap openssh-6.1p1/ldap-helper.h
|
diff -up openssh-6.2p1/ldap-helper.h.ldap openssh-6.2p1/ldap-helper.h
|
||||||
--- openssh-6.1p1/ldap-helper.h.ldap 2012-11-01 12:57:17.919280385 +0100
|
--- openssh-6.2p1/ldap-helper.h.ldap 2013-03-25 21:27:15.892248097 +0100
|
||||||
+++ openssh-6.1p1/ldap-helper.h 2012-11-01 12:57:17.919280385 +0100
|
+++ openssh-6.2p1/ldap-helper.h 2013-03-25 21:27:15.892248097 +0100
|
||||||
@@ -0,0 +1,32 @@
|
@@ -0,0 +1,32 @@
|
||||||
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1807,9 +1807,9 @@ diff -up openssh-6.1p1/ldap-helper.h.ldap openssh-6.1p1/ldap-helper.h
|
|||||||
+extern int config_warning_config_file;
|
+extern int config_warning_config_file;
|
||||||
+
|
+
|
||||||
+#endif /* LDAP_HELPER_H */
|
+#endif /* LDAP_HELPER_H */
|
||||||
diff -up openssh-6.1p1/ldapincludes.h.ldap openssh-6.1p1/ldapincludes.h
|
diff -up openssh-6.2p1/ldapincludes.h.ldap openssh-6.2p1/ldapincludes.h
|
||||||
--- openssh-6.1p1/ldapincludes.h.ldap 2012-11-01 12:57:17.920280385 +0100
|
--- openssh-6.2p1/ldapincludes.h.ldap 2013-03-25 21:27:15.892248097 +0100
|
||||||
+++ openssh-6.1p1/ldapincludes.h 2012-11-01 12:57:17.920280385 +0100
|
+++ openssh-6.2p1/ldapincludes.h 2013-03-25 21:27:15.892248097 +0100
|
||||||
@@ -0,0 +1,41 @@
|
@@ -0,0 +1,41 @@
|
||||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1852,9 +1852,9 @@ diff -up openssh-6.1p1/ldapincludes.h.ldap openssh-6.1p1/ldapincludes.h
|
|||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
+#endif /* LDAPINCLUDES_H */
|
+#endif /* LDAPINCLUDES_H */
|
||||||
diff -up openssh-6.1p1/ldapmisc.c.ldap openssh-6.1p1/ldapmisc.c
|
diff -up openssh-6.2p1/ldapmisc.c.ldap openssh-6.2p1/ldapmisc.c
|
||||||
--- openssh-6.1p1/ldapmisc.c.ldap 2012-11-01 12:57:17.920280385 +0100
|
--- openssh-6.2p1/ldapmisc.c.ldap 2013-03-25 21:27:15.893248104 +0100
|
||||||
+++ openssh-6.1p1/ldapmisc.c 2012-11-01 12:57:17.920280385 +0100
|
+++ openssh-6.2p1/ldapmisc.c 2013-03-25 21:27:15.893248104 +0100
|
||||||
@@ -0,0 +1,79 @@
|
@@ -0,0 +1,79 @@
|
||||||
+
|
+
|
||||||
+#include "ldapincludes.h"
|
+#include "ldapincludes.h"
|
||||||
@ -1935,9 +1935,9 @@ diff -up openssh-6.1p1/ldapmisc.c.ldap openssh-6.1p1/ldapmisc.c
|
|||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/ldapmisc.h.ldap openssh-6.1p1/ldapmisc.h
|
diff -up openssh-6.2p1/ldapmisc.h.ldap openssh-6.2p1/ldapmisc.h
|
||||||
--- openssh-6.1p1/ldapmisc.h.ldap 2012-11-01 12:57:17.921280385 +0100
|
--- openssh-6.2p1/ldapmisc.h.ldap 2013-03-25 21:27:15.893248104 +0100
|
||||||
+++ openssh-6.1p1/ldapmisc.h 2012-11-01 12:57:17.921280385 +0100
|
+++ openssh-6.2p1/ldapmisc.h 2013-03-25 21:27:15.893248104 +0100
|
||||||
@@ -0,0 +1,35 @@
|
@@ -0,0 +1,35 @@
|
||||||
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1974,9 +1974,9 @@ diff -up openssh-6.1p1/ldapmisc.h.ldap openssh-6.1p1/ldapmisc.h
|
|||||||
+
|
+
|
||||||
+#endif /* LDAPMISC_H */
|
+#endif /* LDAPMISC_H */
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
|
||||||
--- openssh-6.1p1/Makefile.in.ldap 2012-11-01 12:57:17.750280385 +0100
|
--- openssh-6.2p1/Makefile.in.ldap 2013-03-25 21:27:15.850247822 +0100
|
||||||
+++ openssh-6.1p1/Makefile.in 2012-11-01 12:57:17.922280385 +0100
|
+++ openssh-6.2p1/Makefile.in 2013-03-25 21:27:57.356518817 +0100
|
||||||
@@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
|
@@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
|
||||||
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
|
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
|
||||||
SFTP_SERVER=$(libexecdir)/sftp-server
|
SFTP_SERVER=$(libexecdir)/sftp-server
|
||||||
@ -1986,7 +1986,7 @@ diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
|||||||
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
||||||
PRIVSEP_PATH=@PRIVSEP_PATH@
|
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||||
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||||
@@ -58,8 +60,9 @@ XAUTH_PATH=@XAUTH_PATH@
|
@@ -60,8 +62,9 @@ XAUTH_PATH=@XAUTH_PATH@
|
||||||
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
|
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
|
||||||
EXEEXT=@EXEEXT@
|
EXEEXT=@EXEEXT@
|
||||||
MANFMT=@MANFMT@
|
MANFMT=@MANFMT@
|
||||||
@ -1995,9 +1995,9 @@ diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
|||||||
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
|
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
|
||||||
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
|
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
|
||||||
|
|
||||||
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
||||||
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
|
canohost.o channels.o cipher.o cipher-aes.o \
|
||||||
@@ -93,8 +96,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
@@ -95,8 +98,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
||||||
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
|
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
|
||||||
sandbox-seccomp-filter.o
|
sandbox-seccomp-filter.o
|
||||||
|
|
||||||
@ -2008,7 +2008,7 @@ diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
|||||||
MANTYPE = @MANTYPE@
|
MANTYPE = @MANTYPE@
|
||||||
|
|
||||||
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
|
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
|
||||||
@@ -162,6 +165,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
|
@@ -164,6 +167,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
|
||||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
||||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||||
|
|
||||||
@ -2018,7 +2018,7 @@ diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
|||||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||||
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||||
|
|
||||||
@@ -257,6 +263,10 @@ install-files:
|
@@ -266,6 +272,10 @@ install-files:
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
|
||||||
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||||
@ -2029,7 +2029,7 @@ diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
|||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||||
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||||
@@ -273,6 +283,10 @@ install-files:
|
@@ -282,6 +292,10 @@ install-files:
|
||||||
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
||||||
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
||||||
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
||||||
@ -2040,7 +2040,7 @@ diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
|||||||
-rm -f $(DESTDIR)$(bindir)/slogin
|
-rm -f $(DESTDIR)$(bindir)/slogin
|
||||||
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
|
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
|
||||||
@@ -302,6 +316,13 @@ install-sysconf:
|
@@ -311,6 +325,13 @@ install-sysconf:
|
||||||
else \
|
else \
|
||||||
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
|
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
|
||||||
fi
|
fi
|
||||||
@ -2054,7 +2054,7 @@ diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
|||||||
|
|
||||||
host-key: ssh-keygen$(EXEEXT)
|
host-key: ssh-keygen$(EXEEXT)
|
||||||
@if [ -z "$(DESTDIR)" ] ; then \
|
@if [ -z "$(DESTDIR)" ] ; then \
|
||||||
@@ -359,6 +380,8 @@ uninstall:
|
@@ -368,6 +389,8 @@ uninstall:
|
||||||
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||||
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||||
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||||
@ -2063,17 +2063,17 @@ diff -up openssh-6.1p1/Makefile.in.ldap openssh-6.1p1/Makefile.in
|
|||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
||||||
@@ -370,6 +393,7 @@ uninstall:
|
@@ -379,6 +402,7 @@ uninstall:
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
||||||
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
|
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
|
||||||
|
|
||||||
tests interop-tests: $(TARGETS)
|
regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
|
||||||
diff -up openssh-6.1p1/openssh-lpk-openldap.schema.ldap openssh-6.1p1/openssh-lpk-openldap.schema
|
diff -up openssh-6.2p1/openssh-lpk-openldap.schema.ldap openssh-6.2p1/openssh-lpk-openldap.schema
|
||||||
--- openssh-6.1p1/openssh-lpk-openldap.schema.ldap 2012-11-01 12:57:17.922280385 +0100
|
--- openssh-6.2p1/openssh-lpk-openldap.schema.ldap 2013-03-25 21:27:15.894248110 +0100
|
||||||
+++ openssh-6.1p1/openssh-lpk-openldap.schema 2012-11-01 12:57:17.922280385 +0100
|
+++ openssh-6.2p1/openssh-lpk-openldap.schema 2013-03-25 21:27:15.894248110 +0100
|
||||||
@@ -0,0 +1,21 @@
|
@@ -0,0 +1,21 @@
|
||||||
+#
|
+#
|
||||||
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
||||||
@ -2096,9 +2096,9 @@ diff -up openssh-6.1p1/openssh-lpk-openldap.schema.ldap openssh-6.1p1/openssh-lp
|
|||||||
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||||
+ MUST ( sshPublicKey $ uid )
|
+ MUST ( sshPublicKey $ uid )
|
||||||
+ )
|
+ )
|
||||||
diff -up openssh-6.1p1/openssh-lpk-sun.schema.ldap openssh-6.1p1/openssh-lpk-sun.schema
|
diff -up openssh-6.2p1/openssh-lpk-sun.schema.ldap openssh-6.2p1/openssh-lpk-sun.schema
|
||||||
--- openssh-6.1p1/openssh-lpk-sun.schema.ldap 2012-11-01 12:57:17.922280385 +0100
|
--- openssh-6.2p1/openssh-lpk-sun.schema.ldap 2013-03-25 21:27:15.894248110 +0100
|
||||||
+++ openssh-6.1p1/openssh-lpk-sun.schema 2012-11-01 12:57:17.922280385 +0100
|
+++ openssh-6.2p1/openssh-lpk-sun.schema 2013-03-25 21:27:15.894248110 +0100
|
||||||
@@ -0,0 +1,23 @@
|
@@ -0,0 +1,23 @@
|
||||||
+#
|
+#
|
||||||
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
||||||
@ -2123,9 +2123,9 @@ diff -up openssh-6.1p1/openssh-lpk-sun.schema.ldap openssh-6.1p1/openssh-lpk-sun
|
|||||||
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||||
+ MUST ( sshPublicKey $ uid )
|
+ MUST ( sshPublicKey $ uid )
|
||||||
+ )
|
+ )
|
||||||
diff -up openssh-6.1p1/ssh-ldap.conf.5.ldap openssh-6.1p1/ssh-ldap.conf.5
|
diff -up openssh-6.2p1/ssh-ldap.conf.5.ldap openssh-6.2p1/ssh-ldap.conf.5
|
||||||
--- openssh-6.1p1/ssh-ldap.conf.5.ldap 2012-11-01 12:57:17.923280385 +0100
|
--- openssh-6.2p1/ssh-ldap.conf.5.ldap 2013-03-25 21:27:15.895248117 +0100
|
||||||
+++ openssh-6.1p1/ssh-ldap.conf.5 2012-11-01 12:57:17.923280385 +0100
|
+++ openssh-6.2p1/ssh-ldap.conf.5 2013-03-25 21:27:15.895248117 +0100
|
||||||
@@ -0,0 +1,376 @@
|
@@ -0,0 +1,376 @@
|
||||||
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
|
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
|
||||||
+.\"
|
+.\"
|
||||||
@ -2503,9 +2503,9 @@ diff -up openssh-6.1p1/ssh-ldap.conf.5.ldap openssh-6.1p1/ssh-ldap.conf.5
|
|||||||
+OpenSSH 5.5 + PKA-LDAP .
|
+OpenSSH 5.5 + PKA-LDAP .
|
||||||
+.Sh AUTHORS
|
+.Sh AUTHORS
|
||||||
+.An Jan F. Chadima Aq jchadima@redhat.com
|
+.An Jan F. Chadima Aq jchadima@redhat.com
|
||||||
diff -up openssh-6.1p1/ssh-ldap-helper.8.ldap openssh-6.1p1/ssh-ldap-helper.8
|
diff -up openssh-6.2p1/ssh-ldap-helper.8.ldap openssh-6.2p1/ssh-ldap-helper.8
|
||||||
--- openssh-6.1p1/ssh-ldap-helper.8.ldap 2012-11-01 12:57:17.924280385 +0100
|
--- openssh-6.2p1/ssh-ldap-helper.8.ldap 2013-03-25 21:27:15.895248117 +0100
|
||||||
+++ openssh-6.1p1/ssh-ldap-helper.8 2012-11-01 12:57:17.924280385 +0100
|
+++ openssh-6.2p1/ssh-ldap-helper.8 2013-03-25 21:27:15.895248117 +0100
|
||||||
@@ -0,0 +1,79 @@
|
@@ -0,0 +1,79 @@
|
||||||
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
|
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
|
||||||
+.\"
|
+.\"
|
||||||
@ -2586,9 +2586,9 @@ diff -up openssh-6.1p1/ssh-ldap-helper.8.ldap openssh-6.1p1/ssh-ldap-helper.8
|
|||||||
+OpenSSH 5.5 + PKA-LDAP .
|
+OpenSSH 5.5 + PKA-LDAP .
|
||||||
+.Sh AUTHORS
|
+.Sh AUTHORS
|
||||||
+.An Jan F. Chadima Aq jchadima@redhat.com
|
+.An Jan F. Chadima Aq jchadima@redhat.com
|
||||||
diff -up openssh-6.1p1/ssh-ldap-wrapper.ldap openssh-6.1p1/ssh-ldap-wrapper
|
diff -up openssh-6.2p1/ssh-ldap-wrapper.ldap openssh-6.2p1/ssh-ldap-wrapper
|
||||||
--- openssh-6.1p1/ssh-ldap-wrapper.ldap 2012-11-01 12:57:17.924280385 +0100
|
--- openssh-6.2p1/ssh-ldap-wrapper.ldap 2013-03-25 21:27:15.896248124 +0100
|
||||||
+++ openssh-6.1p1/ssh-ldap-wrapper 2012-11-01 12:57:17.924280385 +0100
|
+++ openssh-6.2p1/ssh-ldap-wrapper 2013-03-25 21:27:15.896248124 +0100
|
||||||
@@ -0,0 +1,4 @@
|
@@ -0,0 +1,4 @@
|
||||||
+#!/bin/sh
|
+#!/bin/sh
|
||||||
+
|
+
|
@ -1,7 +1,44 @@
|
|||||||
diff -up openssh-6.1p1/auth1.c.role-mls openssh-6.1p1/auth1.c
|
diff -up openssh-6.2p1/auth.h.role-mls openssh-6.2p1/auth.h
|
||||||
--- openssh-6.1p1/auth1.c.role-mls 2012-11-28 17:06:43.657990103 +0100
|
--- openssh-6.2p1/auth.h.role-mls 2013-03-25 17:47:00.565746862 +0100
|
||||||
+++ openssh-6.1p1/auth1.c 2012-11-28 17:06:43.699989959 +0100
|
+++ openssh-6.2p1/auth.h 2013-03-25 17:47:00.602747073 +0100
|
||||||
@@ -384,6 +384,9 @@ do_authentication(Authctxt *authctxt)
|
@@ -59,6 +59,9 @@ struct Authctxt {
|
||||||
|
char *service;
|
||||||
|
struct passwd *pw; /* set if 'valid' */
|
||||||
|
char *style;
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ char *role;
|
||||||
|
+#endif
|
||||||
|
void *kbdintctxt;
|
||||||
|
void *jpake_ctx;
|
||||||
|
#ifdef BSD_AUTH
|
||||||
|
diff -up openssh-6.2p1/auth-pam.c.role-mls openssh-6.2p1/auth-pam.c
|
||||||
|
--- openssh-6.2p1/auth-pam.c.role-mls 2013-03-25 17:47:00.535746690 +0100
|
||||||
|
+++ openssh-6.2p1/auth-pam.c 2013-03-25 17:47:00.602747073 +0100
|
||||||
|
@@ -1074,7 +1074,7 @@ is_pam_session_open(void)
|
||||||
|
* during the ssh authentication process.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
-do_pam_putenv(char *name, char *value)
|
||||||
|
+do_pam_putenv(char *name, const char *value)
|
||||||
|
{
|
||||||
|
int ret = 1;
|
||||||
|
#ifdef HAVE_PAM_PUTENV
|
||||||
|
diff -up openssh-6.2p1/auth-pam.h.role-mls openssh-6.2p1/auth-pam.h
|
||||||
|
--- openssh-6.2p1/auth-pam.h.role-mls 2004-09-11 14:17:26.000000000 +0200
|
||||||
|
+++ openssh-6.2p1/auth-pam.h 2013-03-25 17:47:00.602747073 +0100
|
||||||
|
@@ -38,7 +38,7 @@ void do_pam_session(void);
|
||||||
|
void do_pam_set_tty(const char *);
|
||||||
|
void do_pam_setcred(int );
|
||||||
|
void do_pam_chauthtok(void);
|
||||||
|
-int do_pam_putenv(char *, char *);
|
||||||
|
+int do_pam_putenv(char *, const char *);
|
||||||
|
char ** fetch_pam_environment(void);
|
||||||
|
char ** fetch_pam_child_environment(void);
|
||||||
|
void free_pam_environment(char **);
|
||||||
|
diff -up openssh-6.2p1/auth1.c.role-mls openssh-6.2p1/auth1.c
|
||||||
|
--- openssh-6.2p1/auth1.c.role-mls 2012-12-02 23:53:20.000000000 +0100
|
||||||
|
+++ openssh-6.2p1/auth1.c 2013-03-25 17:47:00.600747062 +0100
|
||||||
|
@@ -386,6 +386,9 @@ do_authentication(Authctxt *authctxt)
|
||||||
{
|
{
|
||||||
u_int ulen;
|
u_int ulen;
|
||||||
char *user, *style = NULL;
|
char *user, *style = NULL;
|
||||||
@ -11,7 +48,7 @@ diff -up openssh-6.1p1/auth1.c.role-mls openssh-6.1p1/auth1.c
|
|||||||
|
|
||||||
/* Get the name of the user that we wish to log in as. */
|
/* Get the name of the user that we wish to log in as. */
|
||||||
packet_read_expect(SSH_CMSG_USER);
|
packet_read_expect(SSH_CMSG_USER);
|
||||||
@@ -392,11 +395,24 @@ do_authentication(Authctxt *authctxt)
|
@@ -394,11 +397,24 @@ do_authentication(Authctxt *authctxt)
|
||||||
user = packet_get_cstring(&ulen);
|
user = packet_get_cstring(&ulen);
|
||||||
packet_check_eom();
|
packet_check_eom();
|
||||||
|
|
||||||
@ -36,9 +73,9 @@ diff -up openssh-6.1p1/auth1.c.role-mls openssh-6.1p1/auth1.c
|
|||||||
|
|
||||||
/* Verify that the user is a valid user. */
|
/* Verify that the user is a valid user. */
|
||||||
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
|
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
|
||||||
diff -up openssh-6.1p1/auth2.c.role-mls openssh-6.1p1/auth2.c
|
diff -up openssh-6.2p1/auth2.c.role-mls openssh-6.2p1/auth2.c
|
||||||
--- openssh-6.1p1/auth2.c.role-mls 2012-11-28 17:06:43.661990089 +0100
|
--- openssh-6.2p1/auth2.c.role-mls 2013-03-25 17:47:00.556746810 +0100
|
||||||
+++ openssh-6.1p1/auth2.c 2012-11-28 17:11:09.058916613 +0100
|
+++ openssh-6.2p1/auth2.c 2013-03-25 17:47:00.600747062 +0100
|
||||||
@@ -218,6 +218,9 @@ input_userauth_request(int type, u_int32
|
@@ -218,6 +218,9 @@ input_userauth_request(int type, u_int32
|
||||||
Authctxt *authctxt = ctxt;
|
Authctxt *authctxt = ctxt;
|
||||||
Authmethod *m = NULL;
|
Authmethod *m = NULL;
|
||||||
@ -78,9 +115,9 @@ diff -up openssh-6.1p1/auth2.c.role-mls openssh-6.1p1/auth2.c
|
|||||||
userauth_banner();
|
userauth_banner();
|
||||||
if (auth2_setup_methods_lists(authctxt) != 0)
|
if (auth2_setup_methods_lists(authctxt) != 0)
|
||||||
packet_disconnect("no authentication methods enabled");
|
packet_disconnect("no authentication methods enabled");
|
||||||
diff -up openssh-6.1p1/auth2-gss.c.role-mls openssh-6.1p1/auth2-gss.c
|
diff -up openssh-6.2p1/auth2-gss.c.role-mls openssh-6.2p1/auth2-gss.c
|
||||||
--- openssh-6.1p1/auth2-gss.c.role-mls 2011-05-05 06:04:11.000000000 +0200
|
--- openssh-6.2p1/auth2-gss.c.role-mls 2012-12-02 23:53:20.000000000 +0100
|
||||||
+++ openssh-6.1p1/auth2-gss.c 2012-11-28 17:06:43.700989956 +0100
|
+++ openssh-6.2p1/auth2-gss.c 2013-03-25 17:47:00.601747067 +0100
|
||||||
@@ -260,6 +260,7 @@ input_gssapi_mic(int type, u_int32_t ple
|
@@ -260,6 +260,7 @@ input_gssapi_mic(int type, u_int32_t ple
|
||||||
Authctxt *authctxt = ctxt;
|
Authctxt *authctxt = ctxt;
|
||||||
Gssctxt *gssctxt;
|
Gssctxt *gssctxt;
|
||||||
@ -113,9 +150,9 @@ diff -up openssh-6.1p1/auth2-gss.c.role-mls openssh-6.1p1/auth2-gss.c
|
|||||||
xfree(mic.value);
|
xfree(mic.value);
|
||||||
|
|
||||||
authctxt->postponed = 0;
|
authctxt->postponed = 0;
|
||||||
diff -up openssh-6.1p1/auth2-hostbased.c.role-mls openssh-6.1p1/auth2-hostbased.c
|
diff -up openssh-6.2p1/auth2-hostbased.c.role-mls openssh-6.2p1/auth2-hostbased.c
|
||||||
--- openssh-6.1p1/auth2-hostbased.c.role-mls 2012-11-28 17:06:43.669990062 +0100
|
--- openssh-6.2p1/auth2-hostbased.c.role-mls 2013-03-25 17:47:00.565746862 +0100
|
||||||
+++ openssh-6.1p1/auth2-hostbased.c 2012-11-28 17:06:43.700989956 +0100
|
+++ openssh-6.2p1/auth2-hostbased.c 2013-03-25 17:47:00.601747067 +0100
|
||||||
@@ -106,7 +106,15 @@ userauth_hostbased(Authctxt *authctxt)
|
@@ -106,7 +106,15 @@ userauth_hostbased(Authctxt *authctxt)
|
||||||
buffer_put_string(&b, session_id2, session_id2_len);
|
buffer_put_string(&b, session_id2, session_id2_len);
|
||||||
/* reconstruct packet */
|
/* reconstruct packet */
|
||||||
@ -133,10 +170,10 @@ diff -up openssh-6.1p1/auth2-hostbased.c.role-mls openssh-6.1p1/auth2-hostbased.
|
|||||||
buffer_put_cstring(&b, service);
|
buffer_put_cstring(&b, service);
|
||||||
buffer_put_cstring(&b, "hostbased");
|
buffer_put_cstring(&b, "hostbased");
|
||||||
buffer_put_string(&b, pkalg, alen);
|
buffer_put_string(&b, pkalg, alen);
|
||||||
diff -up openssh-6.1p1/auth2-pubkey.c.role-mls openssh-6.1p1/auth2-pubkey.c
|
diff -up openssh-6.2p1/auth2-pubkey.c.role-mls openssh-6.2p1/auth2-pubkey.c
|
||||||
--- openssh-6.1p1/auth2-pubkey.c.role-mls 2012-11-28 17:06:43.669990062 +0100
|
--- openssh-6.2p1/auth2-pubkey.c.role-mls 2013-03-25 17:47:00.565746862 +0100
|
||||||
+++ openssh-6.1p1/auth2-pubkey.c 2012-11-28 17:06:43.700989956 +0100
|
+++ openssh-6.2p1/auth2-pubkey.c 2013-03-25 17:47:00.601747067 +0100
|
||||||
@@ -121,7 +121,15 @@ userauth_pubkey(Authctxt *authctxt)
|
@@ -127,7 +127,15 @@ userauth_pubkey(Authctxt *authctxt)
|
||||||
}
|
}
|
||||||
/* reconstruct packet */
|
/* reconstruct packet */
|
||||||
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
||||||
@ -153,46 +190,9 @@ diff -up openssh-6.1p1/auth2-pubkey.c.role-mls openssh-6.1p1/auth2-pubkey.c
|
|||||||
buffer_put_cstring(&b,
|
buffer_put_cstring(&b,
|
||||||
datafellows & SSH_BUG_PKSERVICE ?
|
datafellows & SSH_BUG_PKSERVICE ?
|
||||||
"ssh-userauth" :
|
"ssh-userauth" :
|
||||||
diff -up openssh-6.1p1/auth.h.role-mls openssh-6.1p1/auth.h
|
diff -up openssh-6.2p1/misc.c.role-mls openssh-6.2p1/misc.c
|
||||||
--- openssh-6.1p1/auth.h.role-mls 2012-11-28 17:06:43.669990062 +0100
|
--- openssh-6.2p1/misc.c.role-mls 2011-09-22 13:34:36.000000000 +0200
|
||||||
+++ openssh-6.1p1/auth.h 2012-11-28 17:06:43.699989959 +0100
|
+++ openssh-6.2p1/misc.c 2013-03-25 17:47:00.603747079 +0100
|
||||||
@@ -59,6 +59,9 @@ struct Authctxt {
|
|
||||||
char *service;
|
|
||||||
struct passwd *pw; /* set if 'valid' */
|
|
||||||
char *style;
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ char *role;
|
|
||||||
+#endif
|
|
||||||
void *kbdintctxt;
|
|
||||||
void *jpake_ctx;
|
|
||||||
#ifdef BSD_AUTH
|
|
||||||
diff -up openssh-6.1p1/auth-pam.c.role-mls openssh-6.1p1/auth-pam.c
|
|
||||||
--- openssh-6.1p1/auth-pam.c.role-mls 2012-11-28 17:06:43.638990168 +0100
|
|
||||||
+++ openssh-6.1p1/auth-pam.c 2012-11-28 17:06:43.699989959 +0100
|
|
||||||
@@ -1074,7 +1074,7 @@ is_pam_session_open(void)
|
|
||||||
* during the ssh authentication process.
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
-do_pam_putenv(char *name, char *value)
|
|
||||||
+do_pam_putenv(char *name, const char *value)
|
|
||||||
{
|
|
||||||
int ret = 1;
|
|
||||||
#ifdef HAVE_PAM_PUTENV
|
|
||||||
diff -up openssh-6.1p1/auth-pam.h.role-mls openssh-6.1p1/auth-pam.h
|
|
||||||
--- openssh-6.1p1/auth-pam.h.role-mls 2004-09-11 14:17:26.000000000 +0200
|
|
||||||
+++ openssh-6.1p1/auth-pam.h 2012-11-28 17:06:43.699989959 +0100
|
|
||||||
@@ -38,7 +38,7 @@ void do_pam_session(void);
|
|
||||||
void do_pam_set_tty(const char *);
|
|
||||||
void do_pam_setcred(int );
|
|
||||||
void do_pam_chauthtok(void);
|
|
||||||
-int do_pam_putenv(char *, char *);
|
|
||||||
+int do_pam_putenv(char *, const char *);
|
|
||||||
char ** fetch_pam_environment(void);
|
|
||||||
char ** fetch_pam_child_environment(void);
|
|
||||||
void free_pam_environment(char **);
|
|
||||||
diff -up openssh-6.1p1/misc.c.role-mls openssh-6.1p1/misc.c
|
|
||||||
--- openssh-6.1p1/misc.c.role-mls 2011-09-22 13:34:36.000000000 +0200
|
|
||||||
+++ openssh-6.1p1/misc.c 2012-11-28 17:06:43.701989952 +0100
|
|
||||||
@@ -427,6 +427,7 @@ char *
|
@@ -427,6 +427,7 @@ char *
|
||||||
colon(char *cp)
|
colon(char *cp)
|
||||||
{
|
{
|
||||||
@ -215,9 +215,9 @@ diff -up openssh-6.1p1/misc.c.role-mls openssh-6.1p1/misc.c
|
|||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
diff -up openssh-6.2p1/monitor.c.role-mls openssh-6.2p1/monitor.c
|
||||||
--- openssh-6.1p1/monitor.c.role-mls 2012-11-28 17:06:43.686990004 +0100
|
--- openssh-6.2p1/monitor.c.role-mls 2013-03-25 17:47:00.587746987 +0100
|
||||||
+++ openssh-6.1p1/monitor.c 2012-11-28 17:06:43.701989952 +0100
|
+++ openssh-6.2p1/monitor.c 2013-03-25 17:47:00.604747085 +0100
|
||||||
@@ -148,6 +148,9 @@ int mm_answer_sign(int, Buffer *);
|
@@ -148,6 +148,9 @@ int mm_answer_sign(int, Buffer *);
|
||||||
int mm_answer_pwnamallow(int, Buffer *);
|
int mm_answer_pwnamallow(int, Buffer *);
|
||||||
int mm_answer_auth2_read_banner(int, Buffer *);
|
int mm_answer_auth2_read_banner(int, Buffer *);
|
||||||
@ -228,7 +228,7 @@ diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
|||||||
int mm_answer_authpassword(int, Buffer *);
|
int mm_answer_authpassword(int, Buffer *);
|
||||||
int mm_answer_bsdauthquery(int, Buffer *);
|
int mm_answer_bsdauthquery(int, Buffer *);
|
||||||
int mm_answer_bsdauthrespond(int, Buffer *);
|
int mm_answer_bsdauthrespond(int, Buffer *);
|
||||||
@@ -231,6 +234,9 @@ struct mon_table mon_dispatch_proto20[]
|
@@ -232,6 +235,9 @@ struct mon_table mon_dispatch_proto20[]
|
||||||
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
|
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
|
||||||
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
|
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
|
||||||
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
|
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
|
||||||
@ -238,7 +238,7 @@ diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
|||||||
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
|
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
|
||||||
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
|
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
@@ -838,6 +844,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
|
@@ -846,6 +852,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
|
||||||
else {
|
else {
|
||||||
/* Allow service/style information on the auth context */
|
/* Allow service/style information on the auth context */
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
|
||||||
@ -248,7 +248,7 @@ diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
|||||||
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
|
||||||
}
|
}
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
@@ -881,6 +890,25 @@ mm_answer_authserv(int sock, Buffer *m)
|
@@ -889,6 +898,25 @@ mm_answer_authserv(int sock, Buffer *m)
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -274,7 +274,7 @@ diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
|||||||
int
|
int
|
||||||
mm_answer_authpassword(int sock, Buffer *m)
|
mm_answer_authpassword(int sock, Buffer *m)
|
||||||
{
|
{
|
||||||
@@ -1251,7 +1279,7 @@ static int
|
@@ -1262,7 +1290,7 @@ static int
|
||||||
monitor_valid_userblob(u_char *data, u_int datalen)
|
monitor_valid_userblob(u_char *data, u_int datalen)
|
||||||
{
|
{
|
||||||
Buffer b;
|
Buffer b;
|
||||||
@ -283,7 +283,7 @@ diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
|||||||
u_int len;
|
u_int len;
|
||||||
int fail = 0;
|
int fail = 0;
|
||||||
|
|
||||||
@@ -1277,6 +1305,8 @@ monitor_valid_userblob(u_char *data, u_i
|
@@ -1288,6 +1316,8 @@ monitor_valid_userblob(u_char *data, u_i
|
||||||
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
|
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
|
||||||
fail++;
|
fail++;
|
||||||
p = buffer_get_string(&b, NULL);
|
p = buffer_get_string(&b, NULL);
|
||||||
@ -292,7 +292,7 @@ diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
|||||||
if (strcmp(authctxt->user, p) != 0) {
|
if (strcmp(authctxt->user, p) != 0) {
|
||||||
logit("wrong user name passed to monitor: expected %s != %.100s",
|
logit("wrong user name passed to monitor: expected %s != %.100s",
|
||||||
authctxt->user, p);
|
authctxt->user, p);
|
||||||
@@ -1308,7 +1338,7 @@ monitor_valid_hostbasedblob(u_char *data
|
@@ -1319,7 +1349,7 @@ monitor_valid_hostbasedblob(u_char *data
|
||||||
char *chost)
|
char *chost)
|
||||||
{
|
{
|
||||||
Buffer b;
|
Buffer b;
|
||||||
@ -301,7 +301,7 @@ diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
|||||||
u_int len;
|
u_int len;
|
||||||
int fail = 0;
|
int fail = 0;
|
||||||
|
|
||||||
@@ -1325,6 +1355,8 @@ monitor_valid_hostbasedblob(u_char *data
|
@@ -1336,6 +1366,8 @@ monitor_valid_hostbasedblob(u_char *data
|
||||||
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
|
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
|
||||||
fail++;
|
fail++;
|
||||||
p = buffer_get_string(&b, NULL);
|
p = buffer_get_string(&b, NULL);
|
||||||
@ -310,22 +310,22 @@ diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c
|
|||||||
if (strcmp(authctxt->user, p) != 0) {
|
if (strcmp(authctxt->user, p) != 0) {
|
||||||
logit("wrong user name passed to monitor: expected %s != %.100s",
|
logit("wrong user name passed to monitor: expected %s != %.100s",
|
||||||
authctxt->user, p);
|
authctxt->user, p);
|
||||||
diff -up openssh-6.1p1/monitor.h.role-mls openssh-6.1p1/monitor.h
|
diff -up openssh-6.2p1/monitor.h.role-mls openssh-6.2p1/monitor.h
|
||||||
--- openssh-6.1p1/monitor.h.role-mls 2012-11-28 17:06:43.686990004 +0100
|
--- openssh-6.2p1/monitor.h.role-mls 2013-03-25 17:47:00.605747090 +0100
|
||||||
+++ openssh-6.1p1/monitor.h 2012-11-28 17:06:43.701989952 +0100
|
+++ openssh-6.2p1/monitor.h 2013-03-25 17:50:00.824775483 +0100
|
||||||
@@ -31,6 +31,9 @@
|
@@ -61,6 +61,9 @@ enum monitor_reqtype {
|
||||||
enum monitor_reqtype {
|
MONITOR_REQ_JPAKE_STEP2 = 56, MONITOR_ANS_JPAKE_STEP2 = 57,
|
||||||
MONITOR_REQ_MODULI, MONITOR_ANS_MODULI,
|
MONITOR_REQ_JPAKE_KEY_CONFIRM = 58, MONITOR_ANS_JPAKE_KEY_CONFIRM = 59,
|
||||||
MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
|
MONITOR_REQ_JPAKE_CHECK_CONFIRM = 60, MONITOR_ANS_JPAKE_CHECK_CONFIRM = 61,
|
||||||
+#ifdef WITH_SELINUX
|
+#ifdef WITH_SELINUX
|
||||||
+ MONITOR_REQ_AUTHROLE,
|
+ MONITOR_REQ_AUTHROLE = 80,
|
||||||
+#endif
|
+#endif
|
||||||
MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
|
|
||||||
MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
|
MONITOR_REQ_PAM_START = 100,
|
||||||
MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
|
MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
|
||||||
diff -up openssh-6.1p1/monitor_wrap.c.role-mls openssh-6.1p1/monitor_wrap.c
|
diff -up openssh-6.2p1/monitor_wrap.c.role-mls openssh-6.2p1/monitor_wrap.c
|
||||||
--- openssh-6.1p1/monitor_wrap.c.role-mls 2012-11-28 17:06:43.686990004 +0100
|
--- openssh-6.2p1/monitor_wrap.c.role-mls 2013-03-25 17:47:00.588746993 +0100
|
||||||
+++ openssh-6.1p1/monitor_wrap.c 2012-11-28 17:06:43.702989948 +0100
|
+++ openssh-6.2p1/monitor_wrap.c 2013-03-25 17:47:00.605747090 +0100
|
||||||
@@ -336,6 +336,25 @@ mm_inform_authserv(char *service, char *
|
@@ -336,6 +336,25 @@ mm_inform_authserv(char *service, char *
|
||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
}
|
}
|
||||||
@ -352,9 +352,9 @@ diff -up openssh-6.1p1/monitor_wrap.c.role-mls openssh-6.1p1/monitor_wrap.c
|
|||||||
/* Do the password authentication */
|
/* Do the password authentication */
|
||||||
int
|
int
|
||||||
mm_auth_password(Authctxt *authctxt, char *password)
|
mm_auth_password(Authctxt *authctxt, char *password)
|
||||||
diff -up openssh-6.1p1/monitor_wrap.h.role-mls openssh-6.1p1/monitor_wrap.h
|
diff -up openssh-6.2p1/monitor_wrap.h.role-mls openssh-6.2p1/monitor_wrap.h
|
||||||
--- openssh-6.1p1/monitor_wrap.h.role-mls 2012-11-28 17:06:43.686990004 +0100
|
--- openssh-6.2p1/monitor_wrap.h.role-mls 2013-03-25 17:47:00.588746993 +0100
|
||||||
+++ openssh-6.1p1/monitor_wrap.h 2012-11-28 17:06:43.702989948 +0100
|
+++ openssh-6.2p1/monitor_wrap.h 2013-03-25 17:47:00.605747090 +0100
|
||||||
@@ -42,6 +42,9 @@ int mm_is_monitor(void);
|
@@ -42,6 +42,9 @@ int mm_is_monitor(void);
|
||||||
DH *mm_choose_dh(int, int, int);
|
DH *mm_choose_dh(int, int, int);
|
||||||
int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
|
int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
|
||||||
@ -365,21 +365,21 @@ diff -up openssh-6.1p1/monitor_wrap.h.role-mls openssh-6.1p1/monitor_wrap.h
|
|||||||
struct passwd *mm_getpwnamallow(const char *);
|
struct passwd *mm_getpwnamallow(const char *);
|
||||||
char *mm_auth2_read_banner(void);
|
char *mm_auth2_read_banner(void);
|
||||||
int mm_auth_password(struct Authctxt *, char *);
|
int mm_auth_password(struct Authctxt *, char *);
|
||||||
diff -up openssh-6.1p1/openbsd-compat/Makefile.in.role-mls openssh-6.1p1/openbsd-compat/Makefile.in
|
diff -up openssh-6.2p1/openbsd-compat/Makefile.in.role-mls openssh-6.2p1/openbsd-compat/Makefile.in
|
||||||
--- openssh-6.1p1/openbsd-compat/Makefile.in.role-mls 2011-11-04 01:25:25.000000000 +0100
|
--- openssh-6.2p1/openbsd-compat/Makefile.in.role-mls 2013-03-25 17:47:00.606747096 +0100
|
||||||
+++ openssh-6.1p1/openbsd-compat/Makefile.in 2012-11-28 17:06:43.702989948 +0100
|
+++ openssh-6.2p1/openbsd-compat/Makefile.in 2013-03-25 17:50:36.024979473 +0100
|
||||||
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
|
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
|
||||||
|
|
||||||
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||||
|
|
||||||
-PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
|
-PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
|
||||||
+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
|
+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
|
||||||
|
|
||||||
.c.o:
|
.c.o:
|
||||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||||
diff -up openssh-6.1p1/openbsd-compat/port-linux.c.role-mls openssh-6.1p1/openbsd-compat/port-linux.c
|
diff -up openssh-6.2p1/openbsd-compat/port-linux.c.role-mls openssh-6.2p1/openbsd-compat/port-linux.c
|
||||||
--- openssh-6.1p1/openbsd-compat/port-linux.c.role-mls 2012-03-09 00:25:18.000000000 +0100
|
--- openssh-6.2p1/openbsd-compat/port-linux.c.role-mls 2012-03-09 00:25:18.000000000 +0100
|
||||||
+++ openssh-6.1p1/openbsd-compat/port-linux.c 2012-11-28 17:06:43.702989948 +0100
|
+++ openssh-6.2p1/openbsd-compat/port-linux.c 2013-03-25 17:47:00.606747096 +0100
|
||||||
@@ -31,68 +31,271 @@
|
@@ -31,68 +31,271 @@
|
||||||
|
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
@ -840,9 +840,9 @@ diff -up openssh-6.1p1/openbsd-compat/port-linux.c.role-mls openssh-6.1p1/openbs
|
|||||||
#endif /* WITH_SELINUX */
|
#endif /* WITH_SELINUX */
|
||||||
|
|
||||||
#ifdef LINUX_OOM_ADJUST
|
#ifdef LINUX_OOM_ADJUST
|
||||||
diff -up openssh-6.1p1/openbsd-compat/port-linux_part_2.c.role-mls openssh-6.1p1/openbsd-compat/port-linux_part_2.c
|
diff -up openssh-6.2p1/openbsd-compat/port-linux_part_2.c.role-mls openssh-6.2p1/openbsd-compat/port-linux_part_2.c
|
||||||
--- openssh-6.1p1/openbsd-compat/port-linux_part_2.c.role-mls 2012-11-28 17:06:43.703989944 +0100
|
--- openssh-6.2p1/openbsd-compat/port-linux_part_2.c.role-mls 2013-03-25 17:47:00.607747102 +0100
|
||||||
+++ openssh-6.1p1/openbsd-compat/port-linux_part_2.c 2012-11-28 17:06:43.703989944 +0100
|
+++ openssh-6.2p1/openbsd-compat/port-linux_part_2.c 2013-03-25 17:47:00.607747102 +0100
|
||||||
@@ -0,0 +1,75 @@
|
@@ -0,0 +1,75 @@
|
||||||
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
|
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
|
||||||
+
|
+
|
||||||
@ -919,10 +919,10 @@ diff -up openssh-6.1p1/openbsd-compat/port-linux_part_2.c.role-mls openssh-6.1p1
|
|||||||
+#endif /* WITH_SELINUX */
|
+#endif /* WITH_SELINUX */
|
||||||
+
|
+
|
||||||
+#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */
|
+#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */
|
||||||
diff -up openssh-6.1p1/sshd.c.role-mls openssh-6.1p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.role-mls openssh-6.2p1/sshd.c
|
||||||
--- openssh-6.1p1/sshd.c.role-mls 2012-11-28 17:06:43.688989996 +0100
|
--- openssh-6.2p1/sshd.c.role-mls 2013-03-25 17:47:00.589746999 +0100
|
||||||
+++ openssh-6.1p1/sshd.c 2012-11-28 17:06:43.703989944 +0100
|
+++ openssh-6.2p1/sshd.c 2013-03-25 17:47:00.607747102 +0100
|
||||||
@@ -2101,6 +2101,9 @@ main(int ac, char **av)
|
@@ -2118,6 +2118,9 @@ main(int ac, char **av)
|
||||||
restore_uid();
|
restore_uid();
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
@ -1,7 +1,7 @@
|
|||||||
diff -up openssh-6.1p1/configure.ac.vendor openssh-6.1p1/configure.ac
|
diff -up openssh-6.2p1/configure.ac.vendor openssh-6.2p1/configure.ac
|
||||||
--- openssh-6.1p1/configure.ac.vendor 2012-09-14 20:36:49.153085211 +0200
|
--- openssh-6.2p1/configure.ac.vendor 2013-03-25 19:34:01.277495179 +0100
|
||||||
+++ openssh-6.1p1/configure.ac 2012-09-14 20:36:49.559088133 +0200
|
+++ openssh-6.2p1/configure.ac 2013-03-25 19:34:01.377495818 +0100
|
||||||
@@ -4303,6 +4303,12 @@ AC_ARG_WITH([lastlog],
|
@@ -4420,6 +4420,12 @@ AC_ARG_WITH([lastlog],
|
||||||
fi
|
fi
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
@ -14,7 +14,7 @@ diff -up openssh-6.1p1/configure.ac.vendor openssh-6.1p1/configure.ac
|
|||||||
|
|
||||||
dnl lastlog, [uw]tmpx? detection
|
dnl lastlog, [uw]tmpx? detection
|
||||||
dnl NOTE: set the paths in the platform section to avoid the
|
dnl NOTE: set the paths in the platform section to avoid the
|
||||||
@@ -4529,6 +4535,7 @@ echo " Translate v4 in v6 hack
|
@@ -4681,6 +4687,7 @@ echo " Translate v4 in v6 hack
|
||||||
echo " BSD Auth support: $BSD_AUTH_MSG"
|
echo " BSD Auth support: $BSD_AUTH_MSG"
|
||||||
echo " Random number source: $RAND_MSG"
|
echo " Random number source: $RAND_MSG"
|
||||||
echo " Privsep sandbox style: $SANDBOX_STYLE"
|
echo " Privsep sandbox style: $SANDBOX_STYLE"
|
||||||
@ -22,9 +22,9 @@ diff -up openssh-6.1p1/configure.ac.vendor openssh-6.1p1/configure.ac
|
|||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
|
diff -up openssh-6.2p1/servconf.c.vendor openssh-6.2p1/servconf.c
|
||||||
--- openssh-6.1p1/servconf.c.vendor 2012-09-14 20:36:49.124085002 +0200
|
--- openssh-6.2p1/servconf.c.vendor 2013-03-25 19:34:01.197494668 +0100
|
||||||
+++ openssh-6.1p1/servconf.c 2012-09-14 20:50:34.995972516 +0200
|
+++ openssh-6.2p1/servconf.c 2013-03-25 19:34:01.379495831 +0100
|
||||||
@@ -128,6 +128,7 @@ initialize_server_options(ServerOptions
|
@@ -128,6 +128,7 @@ initialize_server_options(ServerOptions
|
||||||
options->max_authtries = -1;
|
options->max_authtries = -1;
|
||||||
options->max_sessions = -1;
|
options->max_sessions = -1;
|
||||||
@ -33,7 +33,7 @@ diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
|
|||||||
options->use_dns = -1;
|
options->use_dns = -1;
|
||||||
options->client_alive_interval = -1;
|
options->client_alive_interval = -1;
|
||||||
options->client_alive_count_max = -1;
|
options->client_alive_count_max = -1;
|
||||||
@@ -289,6 +290,9 @@ fill_default_server_options(ServerOption
|
@@ -287,6 +288,9 @@ fill_default_server_options(ServerOption
|
||||||
options->ip_qos_bulk = IPTOS_THROUGHPUT;
|
options->ip_qos_bulk = IPTOS_THROUGHPUT;
|
||||||
if (options->version_addendum == NULL)
|
if (options->version_addendum == NULL)
|
||||||
options->version_addendum = xstrdup("");
|
options->version_addendum = xstrdup("");
|
||||||
@ -43,7 +43,7 @@ diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
|
|||||||
/* Turn privilege separation on by default */
|
/* Turn privilege separation on by default */
|
||||||
if (use_privsep == -1)
|
if (use_privsep == -1)
|
||||||
use_privsep = PRIVSEP_NOSANDBOX;
|
use_privsep = PRIVSEP_NOSANDBOX;
|
||||||
@@ -326,7 +330,7 @@ typedef enum {
|
@@ -324,7 +328,7 @@ typedef enum {
|
||||||
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
|
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
|
||||||
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
|
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
|
||||||
sMaxStartups, sMaxAuthTries, sMaxSessions,
|
sMaxStartups, sMaxAuthTries, sMaxSessions,
|
||||||
@ -52,7 +52,7 @@ diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
|
|||||||
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
||||||
sClientAliveCountMax, sAuthorizedKeysFile,
|
sClientAliveCountMax, sAuthorizedKeysFile,
|
||||||
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
|
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
|
||||||
@@ -441,6 +445,7 @@ static struct {
|
@@ -439,6 +443,7 @@ static struct {
|
||||||
{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
|
{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
|
||||||
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
|
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
|
||||||
{ "banner", sBanner, SSHCFG_ALL },
|
{ "banner", sBanner, SSHCFG_ALL },
|
||||||
@ -60,7 +60,7 @@ diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
|
|||||||
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
|
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
|
||||||
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
|
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
|
||||||
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
|
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
|
||||||
@@ -1162,6 +1167,10 @@ process_server_config_line(ServerOptions
|
@@ -1163,6 +1168,10 @@ process_server_config_line(ServerOptions
|
||||||
multistate_ptr = multistate_privsep;
|
multistate_ptr = multistate_privsep;
|
||||||
goto parse_multistate;
|
goto parse_multistate;
|
||||||
|
|
||||||
@ -71,7 +71,7 @@ diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
|
|||||||
case sAllowUsers:
|
case sAllowUsers:
|
||||||
while ((arg = strdelim(&cp)) && *arg != '\0') {
|
while ((arg = strdelim(&cp)) && *arg != '\0') {
|
||||||
if (options->num_allow_users >= MAX_ALLOW_USERS)
|
if (options->num_allow_users >= MAX_ALLOW_USERS)
|
||||||
@@ -1956,6 +1965,7 @@ dump_config(ServerOptions *o)
|
@@ -1950,6 +1959,7 @@ dump_config(ServerOptions *o)
|
||||||
dump_cfg_fmtint(sUseLogin, o->use_login);
|
dump_cfg_fmtint(sUseLogin, o->use_login);
|
||||||
dump_cfg_fmtint(sCompression, o->compression);
|
dump_cfg_fmtint(sCompression, o->compression);
|
||||||
dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
|
dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
|
||||||
@ -79,10 +79,10 @@ diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
|
|||||||
dump_cfg_fmtint(sUseDNS, o->use_dns);
|
dump_cfg_fmtint(sUseDNS, o->use_dns);
|
||||||
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
|
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
|
||||||
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
||||||
diff -up openssh-6.1p1/servconf.h.vendor openssh-6.1p1/servconf.h
|
diff -up openssh-6.2p1/servconf.h.vendor openssh-6.2p1/servconf.h
|
||||||
--- openssh-6.1p1/servconf.h.vendor 2012-09-14 20:36:49.125085009 +0200
|
--- openssh-6.2p1/servconf.h.vendor 2013-01-09 05:56:45.000000000 +0100
|
||||||
+++ openssh-6.1p1/servconf.h 2012-09-14 20:36:49.564088168 +0200
|
+++ openssh-6.2p1/servconf.h 2013-03-25 19:34:01.379495831 +0100
|
||||||
@@ -140,6 +140,7 @@ typedef struct {
|
@@ -147,6 +147,7 @@ typedef struct {
|
||||||
int max_authtries;
|
int max_authtries;
|
||||||
int max_sessions;
|
int max_sessions;
|
||||||
char *banner; /* SSH-2 banner message */
|
char *banner; /* SSH-2 banner message */
|
||||||
@ -90,21 +90,21 @@ diff -up openssh-6.1p1/servconf.h.vendor openssh-6.1p1/servconf.h
|
|||||||
int use_dns;
|
int use_dns;
|
||||||
int client_alive_interval; /*
|
int client_alive_interval; /*
|
||||||
* poke the client this often to
|
* poke the client this often to
|
||||||
diff -up openssh-6.1p1/sshd_config.vendor openssh-6.1p1/sshd_config
|
diff -up openssh-6.2p1/sshd_config.vendor openssh-6.2p1/sshd_config
|
||||||
--- openssh-6.1p1/sshd_config.vendor 2012-09-14 20:36:49.507087759 +0200
|
--- openssh-6.2p1/sshd_config.vendor 2013-03-25 19:34:01.380495837 +0100
|
||||||
+++ openssh-6.1p1/sshd_config 2012-09-14 20:36:49.565088175 +0200
|
+++ openssh-6.2p1/sshd_config 2013-03-25 19:44:43.471296362 +0100
|
||||||
@@ -114,6 +114,7 @@ UsePrivilegeSeparation sandbox # Defaul
|
@@ -118,6 +118,7 @@ UsePrivilegeSeparation sandbox # Defaul
|
||||||
#Compression delayed
|
#Compression delayed
|
||||||
#ClientAliveInterval 0
|
#ClientAliveInterval 0
|
||||||
#ClientAliveCountMax 3
|
#ClientAliveCountMax 3
|
||||||
+#ShowPatchLevel no
|
+#ShowPatchLevel no
|
||||||
#UseDNS yes
|
#UseDNS yes
|
||||||
#PidFile /var/run/sshd.pid
|
#PidFile /var/run/sshd.pid
|
||||||
#MaxStartups 10
|
#MaxStartups 10:30:100
|
||||||
diff -up openssh-6.1p1/sshd_config.0.vendor openssh-6.1p1/sshd_config.0
|
diff -up openssh-6.2p1/sshd_config.0.vendor openssh-6.2p1/sshd_config.0
|
||||||
--- openssh-6.1p1/sshd_config.0.vendor 2012-09-14 20:36:49.510087780 +0200
|
--- openssh-6.2p1/sshd_config.0.vendor 2013-03-25 19:34:01.361495716 +0100
|
||||||
+++ openssh-6.1p1/sshd_config.0 2012-09-14 20:36:49.567088190 +0200
|
+++ openssh-6.2p1/sshd_config.0 2013-03-25 19:34:01.381495844 +0100
|
||||||
@@ -558,6 +558,11 @@ DESCRIPTION
|
@@ -595,6 +595,11 @@ DESCRIPTION
|
||||||
Defines the number of bits in the ephemeral protocol version 1
|
Defines the number of bits in the ephemeral protocol version 1
|
||||||
server key. The minimum value is 512, and the default is 1024.
|
server key. The minimum value is 512, and the default is 1024.
|
||||||
|
|
||||||
@ -116,10 +116,10 @@ diff -up openssh-6.1p1/sshd_config.0.vendor openssh-6.1p1/sshd_config.0
|
|||||||
StrictModes
|
StrictModes
|
||||||
Specifies whether sshd(8) should check file modes and ownership
|
Specifies whether sshd(8) should check file modes and ownership
|
||||||
of the user's files and home directory before accepting login.
|
of the user's files and home directory before accepting login.
|
||||||
diff -up openssh-6.1p1/sshd_config.5.vendor openssh-6.1p1/sshd_config.5
|
diff -up openssh-6.2p1/sshd_config.5.vendor openssh-6.2p1/sshd_config.5
|
||||||
--- openssh-6.1p1/sshd_config.5.vendor 2012-09-14 20:36:49.512087794 +0200
|
--- openssh-6.2p1/sshd_config.5.vendor 2013-03-25 19:34:01.362495722 +0100
|
||||||
+++ openssh-6.1p1/sshd_config.5 2012-09-14 20:36:49.568088198 +0200
|
+++ openssh-6.2p1/sshd_config.5 2013-03-25 19:34:01.382495850 +0100
|
||||||
@@ -978,6 +978,14 @@ This option applies to protocol version
|
@@ -1019,6 +1019,14 @@ This option applies to protocol version
|
||||||
.It Cm ServerKeyBits
|
.It Cm ServerKeyBits
|
||||||
Defines the number of bits in the ephemeral protocol version 1 server key.
|
Defines the number of bits in the ephemeral protocol version 1 server key.
|
||||||
The minimum value is 512, and the default is 1024.
|
The minimum value is 512, and the default is 1024.
|
||||||
@ -134,10 +134,10 @@ diff -up openssh-6.1p1/sshd_config.5.vendor openssh-6.1p1/sshd_config.5
|
|||||||
.It Cm StrictModes
|
.It Cm StrictModes
|
||||||
Specifies whether
|
Specifies whether
|
||||||
.Xr sshd 8
|
.Xr sshd 8
|
||||||
diff -up openssh-6.1p1/sshd.c.vendor openssh-6.1p1/sshd.c
|
diff -up openssh-6.2p1/sshd.c.vendor openssh-6.2p1/sshd.c
|
||||||
--- openssh-6.1p1/sshd.c.vendor 2012-09-14 20:36:49.399086981 +0200
|
--- openssh-6.2p1/sshd.c.vendor 2013-03-25 19:34:01.332495531 +0100
|
||||||
+++ openssh-6.1p1/sshd.c 2012-09-14 20:47:30.696088744 +0200
|
+++ openssh-6.2p1/sshd.c 2013-03-25 19:44:11.864112092 +0100
|
||||||
@@ -433,7 +433,7 @@ sshd_exchange_identification(int sock_in
|
@@ -442,7 +442,7 @@ sshd_exchange_identification(int sock_in
|
||||||
}
|
}
|
||||||
|
|
||||||
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
|
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
|
||||||
@ -146,13 +146,13 @@ diff -up openssh-6.1p1/sshd.c.vendor openssh-6.1p1/sshd.c
|
|||||||
*options.version_addendum == '\0' ? "" : " ",
|
*options.version_addendum == '\0' ? "" : " ",
|
||||||
options.version_addendum, newline);
|
options.version_addendum, newline);
|
||||||
|
|
||||||
@@ -1635,7 +1635,8 @@ main(int ac, char **av)
|
@@ -1675,7 +1675,8 @@ main(int ac, char **av)
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
- debug("sshd version %.100s", SSH_RELEASE);
|
- debug("sshd version %s, %s", SSH_VERSION,
|
||||||
+ debug("sshd version %.100s",
|
+ debug("sshd version %s, %s",
|
||||||
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);
|
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
|
||||||
|
SSLeay_version(SSLEAY_VERSION));
|
||||||
|
|
||||||
/* Store privilege separation user for later use if required. */
|
/* Store privilege separation user for later use if required. */
|
||||||
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
|
|
@ -1,21 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Remove the ACSS implementation from OpenSSH, and disable its use so that the
|
|
||||||
# rest of the package can still be built.
|
|
||||||
#
|
|
||||||
> acss.c
|
|
||||||
patch -sp0 << EOF
|
|
||||||
--- cipher.c.orig 2005-07-17 09:02:10.000000000 +0200
|
|
||||||
+++ cipher.c 2005-09-06 14:52:06.000000000 +0200
|
|
||||||
@@ -45,6 +45,9 @@
|
|
||||||
|
|
||||||
/* compatibility with old or broken OpenSSL versions */
|
|
||||||
#include "openbsd-compat/openssl-compat.h"
|
|
||||||
+#undef USE_CIPHER_ACSS
|
|
||||||
+#undef EVP_acss
|
|
||||||
+#define EVP_acss NULL
|
|
||||||
|
|
||||||
extern const EVP_CIPHER *evp_ssh1_bf(void);
|
|
||||||
extern const EVP_CIPHER *evp_ssh1_3des(void);
|
|
||||||
EOF
|
|
||||||
echo "Well done."
|
|
59
openssh.spec
59
openssh.spec
@ -66,10 +66,10 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%define openssh_ver 6.1p1
|
%define openssh_ver 6.2p1
|
||||||
%define openssh_rel 7
|
%define openssh_rel 1
|
||||||
%define pam_ssh_agent_ver 0.9.3
|
%define pam_ssh_agent_ver 0.9.3
|
||||||
%define pam_ssh_agent_rel 3
|
%define pam_ssh_agent_rel 4
|
||||||
|
|
||||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
@ -82,8 +82,7 @@ URL: http://www.openssh.com/portable.html
|
|||||||
# This package differs from the upstream OpenSSH tarball in that
|
# This package differs from the upstream OpenSSH tarball in that
|
||||||
# the ACSS cipher is removed by running openssh-nukeacss.sh in
|
# the ACSS cipher is removed by running openssh-nukeacss.sh in
|
||||||
# the unpacked source directory.
|
# the unpacked source directory.
|
||||||
Source0: openssh-%{version}-noacss.tar.bz2
|
Source0: openssh-%{version}.tar.gz
|
||||||
Source1: openssh-nukeacss.sh
|
|
||||||
Source2: sshd.pam
|
Source2: sshd.pam
|
||||||
Source3: sshd.init
|
Source3: sshd.init
|
||||||
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
|
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
|
||||||
@ -100,9 +99,9 @@ Source13: sshd-keygen
|
|||||||
Patch0: openssh-5.9p1-wIm.patch
|
Patch0: openssh-5.9p1-wIm.patch
|
||||||
|
|
||||||
#?
|
#?
|
||||||
Patch100: openssh-6.1p1-coverity.patch
|
Patch100: openssh-6.2p1-coverity.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
|
||||||
Patch101: openssh-5.8p1-fingerprint.patch
|
Patch101: openssh-6.2p1-fingerprint.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894
|
||||||
#https://bugzilla.redhat.com/show_bug.cgi?id=735889
|
#https://bugzilla.redhat.com/show_bug.cgi?id=735889
|
||||||
Patch102: openssh-5.8p1-getaddrinfo.patch
|
Patch102: openssh-5.8p1-getaddrinfo.patch
|
||||||
@ -114,15 +113,15 @@ Patch104: openssh-6.1p1-authenticationmethods.patch
|
|||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
||||||
Patch200: openssh-5.8p1-audit0.patch
|
Patch200: openssh-5.8p1-audit0.patch
|
||||||
# -"-
|
# -"-
|
||||||
Patch201: openssh-6.0p1-audit1.patch
|
Patch201: openssh-6.2p1-audit1.patch
|
||||||
# -"-
|
# -"-
|
||||||
Patch202: openssh-5.9p1-audit2.patch
|
Patch202: openssh-5.9p1-audit2.patch
|
||||||
# -"-
|
# -"-
|
||||||
Patch203: openssh-5.9p1-audit3.patch
|
Patch203: openssh-6.2p1-audit3.patch
|
||||||
# -"-
|
# -"-
|
||||||
Patch204: openssh-6.1p1-audit4.patch
|
Patch204: openssh-6.2p1-audit4.patch
|
||||||
# -"-
|
# -"-
|
||||||
Patch205: openssh-6.0p1-audit5.patch
|
Patch205: openssh-6.2p1-audit5.patch
|
||||||
|
|
||||||
# --- pam_ssh-agent ---
|
# --- pam_ssh-agent ---
|
||||||
# make it build reusing the openssh sources
|
# make it build reusing the openssh sources
|
||||||
@ -132,7 +131,7 @@ Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch
|
|||||||
# explicitly make pam callbacks visible
|
# explicitly make pam callbacks visible
|
||||||
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
|
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
||||||
Patch400: openssh-6.1p1-role-mls.patch
|
Patch400: openssh-6.2p1-role-mls.patch
|
||||||
#?
|
#?
|
||||||
#Patch402: openssh-5.9p1-sftp-chroot.patch
|
#Patch402: openssh-5.9p1-sftp-chroot.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1940
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1940
|
||||||
@ -143,9 +142,9 @@ Patch404: openssh-6.1p1-privsep-selinux.patch
|
|||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1663
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1663
|
||||||
Patch500: openssh-6.1p1-akc.patch
|
Patch500: openssh-6.1p1-akc.patch
|
||||||
#?-- unwanted child :(
|
#?-- unwanted child :(
|
||||||
Patch501: openssh-6.0p1-ldap.patch
|
Patch501: openssh-6.2p1-ldap.patch
|
||||||
#?
|
#?
|
||||||
Patch502: openssh-5.9p1-keycat.patch
|
Patch502: openssh-6.2p1-keycat.patch
|
||||||
|
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1668
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1668
|
||||||
#Patch600: openssh-5.9p1-keygen.patch
|
#Patch600: openssh-5.9p1-keygen.patch
|
||||||
@ -169,7 +168,7 @@ Patch608: openssh-6.1p1-askpass-ld.patch
|
|||||||
Patch609: openssh-5.5p1-x11.patch
|
Patch609: openssh-5.5p1-x11.patch
|
||||||
|
|
||||||
#?
|
#?
|
||||||
Patch700: openssh-5.9p1-fips.patch
|
Patch700: openssh-6.2p1-fips.patch
|
||||||
#?
|
#?
|
||||||
Patch701: openssh-5.6p1-exit-deadlock.patch
|
Patch701: openssh-5.6p1-exit-deadlock.patch
|
||||||
#?
|
#?
|
||||||
@ -185,9 +184,9 @@ Patch706: openssh-5.8p1-localdomain.patch
|
|||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
|
||||||
Patch707: openssh-6.1p1-redhat.patch
|
Patch707: openssh-6.1p1-redhat.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
|
||||||
Patch708: openssh-6.0p1-entropy.patch
|
Patch708: openssh-6.2p1-entropy.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
|
||||||
Patch709: openssh-6.1p1-vendor.patch
|
Patch709: openssh-6.2p1-vendor.patch
|
||||||
#?
|
#?
|
||||||
Patch710: openssh-5.9p1-copy-id-restorecon.patch
|
Patch710: openssh-5.9p1-copy-id-restorecon.patch
|
||||||
# warn users for unsupported UsePAM=no (#757545)
|
# warn users for unsupported UsePAM=no (#757545)
|
||||||
@ -195,17 +194,17 @@ Patch711: openssh-6.1p1-log-usepam-no.patch
|
|||||||
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
|
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
|
||||||
Patch712: openssh-5.9p1-ctr-evp-fast.patch
|
Patch712: openssh-5.9p1-ctr-evp-fast.patch
|
||||||
# add cavs test binary for the aes-ctr
|
# add cavs test binary for the aes-ctr
|
||||||
Patch713: openssh-5.9p1-ctr-cavstest.patch
|
Patch713: openssh-6.2p1-ctr-cavstest.patch
|
||||||
|
|
||||||
|
|
||||||
#http://www.sxw.org.uk/computing/patches/openssh.html
|
#http://www.sxw.org.uk/computing/patches/openssh.html
|
||||||
#changed cache storage type - #848228
|
#changed cache storage type - #848228
|
||||||
Patch800: openssh-6.1p1-gsskex.patch
|
Patch800: openssh-6.2p1-gsskex.patch
|
||||||
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
|
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
|
||||||
Patch801: openssh-5.8p2-force_krb.patch
|
Patch801: openssh-6.2p1-force_krb.patch
|
||||||
Patch900: openssh-6.1p1-gssapi-canohost.patch
|
Patch900: openssh-6.1p1-gssapi-canohost.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
|
||||||
Patch901: openssh-6.1p1-kuserok.patch
|
Patch901: openssh-6.2p1-kuserok.patch
|
||||||
#https://bugzilla.redhat.com/show_bug.cgi?id=841065
|
#https://bugzilla.redhat.com/show_bug.cgi?id=841065
|
||||||
Patch902: openssh-6.1p1-man-moduli.patch
|
Patch902: openssh-6.1p1-man-moduli.patch
|
||||||
# obsolete RequiredAuthentications options
|
# obsolete RequiredAuthentications options
|
||||||
@ -393,7 +392,7 @@ The module is most useful for su and sudo service stacks.
|
|||||||
%patch101 -p1 -b .fingerprint
|
%patch101 -p1 -b .fingerprint
|
||||||
%patch102 -p1 -b .getaddrinfo
|
%patch102 -p1 -b .getaddrinfo
|
||||||
%patch103 -p1 -b .packet
|
%patch103 -p1 -b .packet
|
||||||
%patch104 -p1 -b .authenticationmethods
|
# %patch104 -p1 -b .authenticationmethods
|
||||||
|
|
||||||
%patch200 -p1 -b .audit0
|
%patch200 -p1 -b .audit0
|
||||||
%patch201 -p1 -b .audit1
|
%patch201 -p1 -b .audit1
|
||||||
@ -414,18 +413,18 @@ popd
|
|||||||
|
|
||||||
%if %{WITH_SELINUX}
|
%if %{WITH_SELINUX}
|
||||||
%patch400 -p1 -b .role-mls
|
%patch400 -p1 -b .role-mls
|
||||||
#%patch402 -p1 -b .sftp-chroot
|
# %patch402 -p1 -b .sftp-chroot
|
||||||
#%patch403 -p1 -b .sesandbox
|
# %patch403 -p1 -b .sesandbox
|
||||||
%patch404 -p1 -b .privsep-selinux
|
%patch404 -p1 -b .privsep-selinux
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%patch500 -p1 -b .akc
|
# %patch500 -p1 -b .akc
|
||||||
%if %{ldap}
|
%if %{ldap}
|
||||||
%patch501 -p1 -b .ldap
|
%patch501 -p1 -b .ldap
|
||||||
%endif
|
%endif
|
||||||
%patch502 -p1 -b .keycat
|
%patch502 -p1 -b .keycat
|
||||||
|
|
||||||
#%patch600 -p1 -b .keygen
|
# %patch600 -p1 -b .keygen
|
||||||
%patch601 -p1 -b .ip-opts
|
%patch601 -p1 -b .ip-opts
|
||||||
%patch602 -p1 -b .randclean
|
%patch602 -p1 -b .randclean
|
||||||
%patch603 -p1 -b .glob
|
%patch603 -p1 -b .glob
|
||||||
@ -446,7 +445,7 @@ popd
|
|||||||
%patch707 -p1 -b .redhat
|
%patch707 -p1 -b .redhat
|
||||||
%patch708 -p1 -b .entropy
|
%patch708 -p1 -b .entropy
|
||||||
%patch709 -p1 -b .vendor
|
%patch709 -p1 -b .vendor
|
||||||
%patch710 -p1 -b .restorecon
|
# %patch710 -p1 -b .restorecon
|
||||||
%patch711 -p1 -b .log-usepam-no
|
%patch711 -p1 -b .log-usepam-no
|
||||||
%patch712 -p1 -b .evp-ctr
|
%patch712 -p1 -b .evp-ctr
|
||||||
%patch713 -p1 -b .ctr-cavs
|
%patch713 -p1 -b .ctr-cavs
|
||||||
@ -456,9 +455,9 @@ popd
|
|||||||
|
|
||||||
%patch900 -p1 -b .canohost
|
%patch900 -p1 -b .canohost
|
||||||
%patch901 -p1 -b .kuserok
|
%patch901 -p1 -b .kuserok
|
||||||
%patch902 -p1 -b .man-moduli
|
# %patch902 -p1 -b .man-moduli
|
||||||
%patch903 -p1 -b .required-authentication
|
# %patch903 -p1 -b .required-authentication
|
||||||
%patch904 -p1 -b .max-startups
|
# %patch904 -p1 -b .max-startups
|
||||||
|
|
||||||
%if 0
|
%if 0
|
||||||
# Nothing here yet
|
# Nothing here yet
|
||||||
|
Loading…
Reference in New Issue
Block a user