forked from rpms/openssh
fix AuthorizedKeysCommand option and adopt latest upstream changes
This commit is contained in:
parent
d2b3b9a27e
commit
c9e43cd2f8
@ -1,9 +1,9 @@
|
|||||||
diff -up openssh-6.1p1/auth2-pubkey.c.keycat openssh-6.1p1/auth2-pubkey.c
|
diff -up openssh-6.1p1/auth2-pubkey.c.keycat openssh-6.1p1/auth2-pubkey.c
|
||||||
--- openssh-6.1p1/auth2-pubkey.c.keycat 2012-11-01 13:37:59.000000000 +0100
|
--- openssh-6.1p1/auth2-pubkey.c.keycat 2013-02-14 17:39:21.000000000 +0100
|
||||||
+++ openssh-6.1p1/auth2-pubkey.c 2012-11-01 14:03:47.402279914 +0100
|
+++ openssh-6.1p1/auth2-pubkey.c 2013-02-14 17:40:42.600050510 +0100
|
||||||
@@ -564,6 +564,14 @@ user_key_command_allowed2(struct passwd
|
@@ -571,6 +571,14 @@ user_key_command_allowed2(struct passwd
|
||||||
|
_exit(1);
|
||||||
}
|
}
|
||||||
closefrom(STDERR_FILENO + 1);
|
|
||||||
|
|
||||||
+#ifdef WITH_SELINUX
|
+#ifdef WITH_SELINUX
|
||||||
+ if (ssh_selinux_setup_env_variables() < 0) {
|
+ if (ssh_selinux_setup_env_variables() < 0) {
|
||||||
@ -14,11 +14,11 @@ diff -up openssh-6.1p1/auth2-pubkey.c.keycat openssh-6.1p1/auth2-pubkey.c
|
|||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
execl(options.authorized_keys_command,
|
execl(options.authorized_keys_command,
|
||||||
options.authorized_keys_command, pw->pw_name, NULL);
|
options.authorized_keys_command, user_pw->pw_name, NULL);
|
||||||
|
|
||||||
diff -up openssh-6.1p1/HOWTO.ssh-keycat.keycat openssh-6.1p1/HOWTO.ssh-keycat
|
diff -up openssh-6.1p1/HOWTO.ssh-keycat.keycat openssh-6.1p1/HOWTO.ssh-keycat
|
||||||
--- openssh-6.1p1/HOWTO.ssh-keycat.keycat 2012-11-01 13:37:59.417280097 +0100
|
--- openssh-6.1p1/HOWTO.ssh-keycat.keycat 2013-02-14 17:39:21.148382013 +0100
|
||||||
+++ openssh-6.1p1/HOWTO.ssh-keycat 2012-11-01 13:37:59.417280097 +0100
|
+++ openssh-6.1p1/HOWTO.ssh-keycat 2013-02-14 17:39:21.148382013 +0100
|
||||||
@@ -0,0 +1,12 @@
|
@@ -0,0 +1,12 @@
|
||||||
+The ssh-keycat retrieves the content of the ~/.ssh/authorized_keys
|
+The ssh-keycat retrieves the content of the ~/.ssh/authorized_keys
|
||||||
+of an user in any environment. This includes environments with
|
+of an user in any environment. This includes environments with
|
||||||
@ -33,8 +33,8 @@ diff -up openssh-6.1p1/HOWTO.ssh-keycat.keycat openssh-6.1p1/HOWTO.ssh-keycat
|
|||||||
+
|
+
|
||||||
+
|
+
|
||||||
diff -up openssh-6.1p1/Makefile.in.keycat openssh-6.1p1/Makefile.in
|
diff -up openssh-6.1p1/Makefile.in.keycat openssh-6.1p1/Makefile.in
|
||||||
--- openssh-6.1p1/Makefile.in.keycat 2012-11-01 13:37:59.413280097 +0100
|
--- openssh-6.1p1/Makefile.in.keycat 2013-02-14 17:39:21.143382033 +0100
|
||||||
+++ openssh-6.1p1/Makefile.in 2012-11-01 13:37:59.418280097 +0100
|
+++ openssh-6.1p1/Makefile.in 2013-02-14 17:39:21.148382013 +0100
|
||||||
@@ -27,6 +27,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
|
@@ -27,6 +27,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
|
||||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||||
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
||||||
@ -71,8 +71,8 @@ diff -up openssh-6.1p1/Makefile.in.keycat openssh-6.1p1/Makefile.in
|
|||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||||
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||||
diff -up openssh-6.1p1/openbsd-compat/port-linux.c.keycat openssh-6.1p1/openbsd-compat/port-linux.c
|
diff -up openssh-6.1p1/openbsd-compat/port-linux.c.keycat openssh-6.1p1/openbsd-compat/port-linux.c
|
||||||
--- openssh-6.1p1/openbsd-compat/port-linux.c.keycat 2012-11-01 13:37:59.367280097 +0100
|
--- openssh-6.1p1/openbsd-compat/port-linux.c.keycat 2013-02-14 17:39:21.126382101 +0100
|
||||||
+++ openssh-6.1p1/openbsd-compat/port-linux.c 2012-11-01 13:37:59.419280097 +0100
|
+++ openssh-6.1p1/openbsd-compat/port-linux.c 2013-02-14 17:39:21.149382009 +0100
|
||||||
@@ -315,7 +315,7 @@ ssh_selinux_getctxbyname(char *pwname,
|
@@ -315,7 +315,7 @@ ssh_selinux_getctxbyname(char *pwname,
|
||||||
|
|
||||||
/* Setup environment variables for pam_selinux */
|
/* Setup environment variables for pam_selinux */
|
||||||
@ -128,8 +128,8 @@ diff -up openssh-6.1p1/openbsd-compat/port-linux.c.keycat openssh-6.1p1/openbsd-
|
|||||||
void
|
void
|
||||||
ssh_selinux_setup_exec_context(char *pwname)
|
ssh_selinux_setup_exec_context(char *pwname)
|
||||||
diff -up openssh-6.1p1/ssh-keycat.c.keycat openssh-6.1p1/ssh-keycat.c
|
diff -up openssh-6.1p1/ssh-keycat.c.keycat openssh-6.1p1/ssh-keycat.c
|
||||||
--- openssh-6.1p1/ssh-keycat.c.keycat 2012-11-01 13:37:59.420280097 +0100
|
--- openssh-6.1p1/ssh-keycat.c.keycat 2013-02-14 17:39:21.149382009 +0100
|
||||||
+++ openssh-6.1p1/ssh-keycat.c 2012-11-01 13:37:59.420280097 +0100
|
+++ openssh-6.1p1/ssh-keycat.c 2013-02-14 17:39:21.149382009 +0100
|
||||||
@@ -0,0 +1,238 @@
|
@@ -0,0 +1,238 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Redistribution and use in source and binary forms, with or without
|
+ * Redistribution and use in source and binary forms, with or without
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
||||||
--- openssh-6.1p1/auth2-pubkey.c.akc 2012-11-28 17:12:43.238524384 +0100
|
--- openssh-6.1p1/auth2-pubkey.c.akc 2013-02-14 17:46:45.259546968 +0100
|
||||||
+++ openssh-6.1p1/auth2-pubkey.c 2012-11-28 17:12:43.263524297 +0100
|
+++ openssh-6.1p1/auth2-pubkey.c 2013-02-14 17:48:19.072137541 +0100
|
||||||
@@ -27,9 +27,13 @@
|
@@ -27,9 +27,13 @@
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
@ -71,7 +71,7 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
key_free(found);
|
key_free(found);
|
||||||
if (!found_key)
|
if (!found_key)
|
||||||
debug2("key not found");
|
debug2("key not found");
|
||||||
@@ -453,7 +446,173 @@ user_cert_trusted_ca(struct passwd *pw,
|
@@ -453,7 +446,180 @@ user_cert_trusted_ca(struct passwd *pw,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -112,45 +112,48 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
+ struct stat st;
|
+ struct stat st;
|
||||||
+ int status, devnull, p[2], i;
|
+ int status, devnull, p[2], i;
|
||||||
+ pid_t pid;
|
+ pid_t pid;
|
||||||
+ char errmsg[512];
|
+ char *username, errmsg[512];
|
||||||
+
|
+
|
||||||
+ if (options.authorized_keys_command == NULL ||
|
+ if (options.authorized_keys_command == NULL ||
|
||||||
+ options.authorized_keys_command[0] != '/')
|
+ options.authorized_keys_command[0] != '/')
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+
|
+
|
||||||
+ /* If no user specified to run commands the default to target user */
|
+ if (options.authorized_keys_command_user == NULL) {
|
||||||
+ if (options.authorized_keys_command_user == NULL)
|
+ error("No user for AuthorizedKeysCommand specified, skipping");
|
||||||
+ pw = user_pw;
|
+ return 0;
|
||||||
+ else {
|
|
||||||
+ pw = getpwnam(options.authorized_keys_command_user);
|
|
||||||
+ if (pw == NULL) {
|
|
||||||
+ error("AuthorizedKeyCommandUser \"%s\" not found: %s",
|
|
||||||
+ options.authorized_keys_command, strerror(errno));
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
|
+ username = percent_expand(options.authorized_keys_command_user,
|
||||||
|
+ "u", user_pw->pw_name, (char *)NULL);
|
||||||
|
+ pw = getpwnam(username);
|
||||||
|
+ if (pw == NULL) {
|
||||||
|
+ error("AuthorizedKeyCommandUser \"%s\" not found: %s",
|
||||||
|
+ username, strerror(errno));
|
||||||
|
+ free(username);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ free(username);
|
||||||
|
+
|
||||||
+ temporarily_use_uid(pw);
|
+ temporarily_use_uid(pw);
|
||||||
|
+
|
||||||
+ if (stat(options.authorized_keys_command, &st) < 0) {
|
+ if (stat(options.authorized_keys_command, &st) < 0) {
|
||||||
+ error("Could not stat AuthorizedKeysCommand \"%s\": %s",
|
+ error("Could not stat AuthorizedKeysCommand \"%s\": %s",
|
||||||
+ options.authorized_keys_command, strerror(errno));
|
+ options.authorized_keys_command, strerror(errno));
|
||||||
+ goto out;
|
+ goto out;
|
||||||
+ }
|
+ }
|
||||||
+
|
|
||||||
+ if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0,
|
+ if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0,
|
||||||
+ errmsg, sizeof(errmsg)) != 0) {
|
+ errmsg, sizeof(errmsg)) != 0) {
|
||||||
+ error("Unsafe AuthorizedKeysCommand: %s", errmsg);
|
+ error("Unsafe AuthorizedKeysCommand: %s", errmsg);
|
||||||
+ goto out;
|
+ goto out;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ /* open the pipe and read the keys */
|
|
||||||
+ if (pipe(p) != 0) {
|
+ if (pipe(p) != 0) {
|
||||||
+ error("%s: pipe: %s", __func__, strerror(errno));
|
+ error("%s: pipe: %s", __func__, strerror(errno));
|
||||||
+ goto out;
|
+ goto out;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ debug3("Running AuthorizedKeysCommand: \"%s\" as \"%s\"",
|
+ debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"",
|
||||||
+ options.authorized_keys_command, pw->pw_name);
|
+ options.authorized_keys_command, user_pw->pw_name, pw->pw_name);
|
||||||
+
|
+
|
||||||
+ /*
|
+ /*
|
||||||
+ * Don't want to call this in the child, where it can fatal() and
|
+ * Don't want to call this in the child, where it can fatal() and
|
||||||
@ -168,6 +171,19 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
+ for (i = 0; i < NSIG; i++)
|
+ for (i = 0; i < NSIG; i++)
|
||||||
+ signal(i, SIG_DFL);
|
+ signal(i, SIG_DFL);
|
||||||
+
|
+
|
||||||
|
+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
||||||
|
+ error("%s: open %s: %s", __func__, _PATH_DEVNULL,
|
||||||
|
+ strerror(errno));
|
||||||
|
+ _exit(1);
|
||||||
|
+ }
|
||||||
|
+ /* Keep stderr around a while longer to catch errors */
|
||||||
|
+ if (dup2(devnull, STDIN_FILENO) == -1 ||
|
||||||
|
+ dup2(p[1], STDOUT_FILENO) == -1) {
|
||||||
|
+ error("%s: dup2: %s", __func__, strerror(errno));
|
||||||
|
+ _exit(1);
|
||||||
|
+ }
|
||||||
|
+ closefrom(STDERR_FILENO + 1);
|
||||||
|
+
|
||||||
+ /* Don't use permanently_set_uid() here to avoid fatal() */
|
+ /* Don't use permanently_set_uid() here to avoid fatal() */
|
||||||
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
|
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
|
||||||
+ error("setresgid %u: %s", (u_int)pw->pw_gid,
|
+ error("setresgid %u: %s", (u_int)pw->pw_gid,
|
||||||
@ -179,23 +195,14 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
+ strerror(errno));
|
+ strerror(errno));
|
||||||
+ _exit(1);
|
+ _exit(1);
|
||||||
+ }
|
+ }
|
||||||
+
|
+ /* stdin is pointed to /dev/null at this point */
|
||||||
+ close(p[0]);
|
+ if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
|
||||||
+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
|
||||||
+ error("%s: open %s: %s", __func__, _PATH_DEVNULL,
|
|
||||||
+ strerror(errno));
|
|
||||||
+ _exit(1);
|
|
||||||
+ }
|
|
||||||
+ if (dup2(devnull, STDIN_FILENO) == -1 ||
|
|
||||||
+ dup2(p[1], STDOUT_FILENO) == -1 ||
|
|
||||||
+ dup2(devnull, STDERR_FILENO) == -1) {
|
|
||||||
+ error("%s: dup2: %s", __func__, strerror(errno));
|
+ error("%s: dup2: %s", __func__, strerror(errno));
|
||||||
+ _exit(1);
|
+ _exit(1);
|
||||||
+ }
|
+ }
|
||||||
+ closefrom(STDERR_FILENO + 1);
|
|
||||||
+
|
+
|
||||||
+ execl(options.authorized_keys_command,
|
+ execl(options.authorized_keys_command,
|
||||||
+ options.authorized_keys_command, pw->pw_name, NULL);
|
+ options.authorized_keys_command, user_pw->pw_name, NULL);
|
||||||
+
|
+
|
||||||
+ error("AuthorizedKeysCommand %s exec failed: %s",
|
+ error("AuthorizedKeysCommand %s exec failed: %s",
|
||||||
+ options.authorized_keys_command, strerror(errno));
|
+ options.authorized_keys_command, strerror(errno));
|
||||||
@ -203,7 +210,7 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
+ default: /* parent */
|
+ default: /* parent */
|
||||||
+ break;
|
+ break;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ temporarily_use_uid(pw);
|
+ temporarily_use_uid(pw);
|
||||||
+
|
+
|
||||||
+ close(p[1]);
|
+ close(p[1]);
|
||||||
@ -211,6 +218,7 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
+ error("%s: fdopen: %s", __func__, strerror(errno));
|
+ error("%s: fdopen: %s", __func__, strerror(errno));
|
||||||
+ close(p[0]);
|
+ close(p[0]);
|
||||||
+ /* Don't leave zombie child */
|
+ /* Don't leave zombie child */
|
||||||
|
+ kill(pid, SIGTERM);
|
||||||
+ while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
|
+ while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
|
||||||
+ ;
|
+ ;
|
||||||
+ goto out;
|
+ goto out;
|
||||||
@ -236,7 +244,6 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
+ found_key = ok;
|
+ found_key = ok;
|
||||||
+ out:
|
+ out:
|
||||||
+ restore_uid();
|
+ restore_uid();
|
||||||
+
|
|
||||||
+ return found_key;
|
+ return found_key;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
@ -246,7 +253,7 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
int
|
int
|
||||||
user_key_allowed(struct passwd *pw, Key *key)
|
user_key_allowed(struct passwd *pw, Key *key)
|
||||||
{
|
{
|
||||||
@@ -469,6 +628,10 @@ user_key_allowed(struct passwd *pw, Key
|
@@ -469,9 +635,17 @@ user_key_allowed(struct passwd *pw, Key
|
||||||
if (success)
|
if (success)
|
||||||
return success;
|
return success;
|
||||||
|
|
||||||
@ -255,12 +262,19 @@ diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c
|
|||||||
+ return success;
|
+ return success;
|
||||||
+
|
+
|
||||||
for (i = 0; !success && i < options.num_authkeys_files; i++) {
|
for (i = 0; !success && i < options.num_authkeys_files; i++) {
|
||||||
|
+
|
||||||
|
+ if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
|
||||||
|
+ continue;
|
||||||
file = expand_authorized_keys(
|
file = expand_authorized_keys(
|
||||||
options.authorized_keys_files[i], pw);
|
options.authorized_keys_files[i], pw);
|
||||||
|
+
|
||||||
|
success = user_key_allowed2(pw, key, file);
|
||||||
|
xfree(file);
|
||||||
|
}
|
||||||
diff -up openssh-6.1p1/auth.c.akc openssh-6.1p1/auth.c
|
diff -up openssh-6.1p1/auth.c.akc openssh-6.1p1/auth.c
|
||||||
--- openssh-6.1p1/auth.c.akc 2012-11-28 17:12:43.187524558 +0100
|
--- openssh-6.1p1/auth.c.akc 2013-02-14 17:46:45.189547274 +0100
|
||||||
+++ openssh-6.1p1/auth.c 2012-11-28 17:12:43.263524297 +0100
|
+++ openssh-6.1p1/auth.c 2013-02-14 17:46:45.273546907 +0100
|
||||||
@@ -411,39 +411,41 @@ check_key_in_hostfiles(struct passwd *pw
|
@@ -415,39 +415,41 @@ check_key_in_hostfiles(struct passwd *pw
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -315,7 +329,7 @@ diff -up openssh-6.1p1/auth.c.akc openssh-6.1p1/auth.c
|
|||||||
snprintf(err, errlen, "bad ownership or modes for file %s",
|
snprintf(err, errlen, "bad ownership or modes for file %s",
|
||||||
buf);
|
buf);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -479,6 +481,31 @@ secure_filename(FILE *f, const char *fil
|
@@ -483,6 +485,31 @@ secure_filename(FILE *f, const char *fil
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -348,8 +362,8 @@ diff -up openssh-6.1p1/auth.c.akc openssh-6.1p1/auth.c
|
|||||||
auth_openfile(const char *file, struct passwd *pw, int strict_modes,
|
auth_openfile(const char *file, struct passwd *pw, int strict_modes,
|
||||||
int log_missing, char *file_type)
|
int log_missing, char *file_type)
|
||||||
diff -up openssh-6.1p1/auth.h.akc openssh-6.1p1/auth.h
|
diff -up openssh-6.1p1/auth.h.akc openssh-6.1p1/auth.h
|
||||||
--- openssh-6.1p1/auth.h.akc 2012-11-28 17:12:43.239524381 +0100
|
--- openssh-6.1p1/auth.h.akc 2013-02-14 17:46:45.259546968 +0100
|
||||||
+++ openssh-6.1p1/auth.h 2012-11-28 17:12:43.263524297 +0100
|
+++ openssh-6.1p1/auth.h 2013-02-14 17:46:45.274546903 +0100
|
||||||
@@ -125,6 +125,10 @@ int auth_rhosts_rsa_key_allowed(struct
|
@@ -125,6 +125,10 @@ int auth_rhosts_rsa_key_allowed(struct
|
||||||
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
|
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
|
||||||
int user_key_allowed(struct passwd *, Key *);
|
int user_key_allowed(struct passwd *, Key *);
|
||||||
@ -362,8 +376,8 @@ diff -up openssh-6.1p1/auth.h.akc openssh-6.1p1/auth.h
|
|||||||
int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
|
int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
|
||||||
int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
|
int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
|
||||||
diff -up openssh-6.1p1/servconf.c.akc openssh-6.1p1/servconf.c
|
diff -up openssh-6.1p1/servconf.c.akc openssh-6.1p1/servconf.c
|
||||||
--- openssh-6.1p1/servconf.c.akc 2012-11-28 17:12:43.198524521 +0100
|
--- openssh-6.1p1/servconf.c.akc 2013-02-14 17:46:45.193547257 +0100
|
||||||
+++ openssh-6.1p1/servconf.c 2012-11-28 17:14:50.314005026 +0100
|
+++ openssh-6.1p1/servconf.c 2013-02-14 17:46:45.274546903 +0100
|
||||||
@@ -137,6 +137,8 @@ initialize_server_options(ServerOptions
|
@@ -137,6 +137,8 @@ initialize_server_options(ServerOptions
|
||||||
options->num_permitted_opens = -1;
|
options->num_permitted_opens = -1;
|
||||||
options->adm_forced_command = NULL;
|
options->adm_forced_command = NULL;
|
||||||
@ -437,8 +451,8 @@ diff -up openssh-6.1p1/servconf.c.akc openssh-6.1p1/servconf.c
|
|||||||
/* string arguments requiring a lookup */
|
/* string arguments requiring a lookup */
|
||||||
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
|
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
|
||||||
diff -up openssh-6.1p1/servconf.h.akc openssh-6.1p1/servconf.h
|
diff -up openssh-6.1p1/servconf.h.akc openssh-6.1p1/servconf.h
|
||||||
--- openssh-6.1p1/servconf.h.akc 2012-11-28 17:12:43.000000000 +0100
|
--- openssh-6.1p1/servconf.h.akc 2013-02-14 17:46:45.194547252 +0100
|
||||||
+++ openssh-6.1p1/servconf.h 2012-11-28 17:18:41.217055157 +0100
|
+++ openssh-6.1p1/servconf.h 2013-02-14 17:46:45.275546898 +0100
|
||||||
@@ -167,6 +167,8 @@ typedef struct {
|
@@ -167,6 +167,8 @@ typedef struct {
|
||||||
char *revoked_keys_file;
|
char *revoked_keys_file;
|
||||||
char *trusted_user_ca_keys;
|
char *trusted_user_ca_keys;
|
||||||
@ -449,8 +463,8 @@ diff -up openssh-6.1p1/servconf.h.akc openssh-6.1p1/servconf.h
|
|||||||
char *version_addendum; /* Appended to SSH banner */
|
char *version_addendum; /* Appended to SSH banner */
|
||||||
|
|
||||||
diff -up openssh-6.1p1/sshd.c.akc openssh-6.1p1/sshd.c
|
diff -up openssh-6.1p1/sshd.c.akc openssh-6.1p1/sshd.c
|
||||||
--- openssh-6.1p1/sshd.c.akc 2012-11-28 17:12:43.245524360 +0100
|
--- openssh-6.1p1/sshd.c.akc 2013-02-14 17:46:45.270546920 +0100
|
||||||
+++ openssh-6.1p1/sshd.c 2012-11-28 17:12:43.265524291 +0100
|
+++ openssh-6.1p1/sshd.c 2013-02-14 17:46:45.276546894 +0100
|
||||||
@@ -366,9 +366,20 @@ main_sigchld_handler(int sig)
|
@@ -366,9 +366,20 @@ main_sigchld_handler(int sig)
|
||||||
static void
|
static void
|
||||||
grace_alarm_handler(int sig)
|
grace_alarm_handler(int sig)
|
||||||
@ -474,7 +488,7 @@ diff -up openssh-6.1p1/sshd.c.akc openssh-6.1p1/sshd.c
|
|||||||
}
|
}
|
||||||
diff -up openssh-6.1p1/sshd_config.0.akc openssh-6.1p1/sshd_config.0
|
diff -up openssh-6.1p1/sshd_config.0.akc openssh-6.1p1/sshd_config.0
|
||||||
--- openssh-6.1p1/sshd_config.0.akc 2012-08-29 02:53:04.000000000 +0200
|
--- openssh-6.1p1/sshd_config.0.akc 2012-08-29 02:53:04.000000000 +0200
|
||||||
+++ openssh-6.1p1/sshd_config.0 2012-11-28 17:12:43.265524291 +0100
|
+++ openssh-6.1p1/sshd_config.0 2013-02-14 17:46:45.276546894 +0100
|
||||||
@@ -71,6 +71,23 @@ DESCRIPTION
|
@@ -71,6 +71,23 @@ DESCRIPTION
|
||||||
|
|
||||||
See PATTERNS in ssh_config(5) for more information on patterns.
|
See PATTERNS in ssh_config(5) for more information on patterns.
|
||||||
@ -510,8 +524,8 @@ diff -up openssh-6.1p1/sshd_config.0.akc openssh-6.1p1/sshd_config.0
|
|||||||
GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication,
|
GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication,
|
||||||
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
|
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
|
||||||
diff -up openssh-6.1p1/sshd_config.5.akc openssh-6.1p1/sshd_config.5
|
diff -up openssh-6.1p1/sshd_config.5.akc openssh-6.1p1/sshd_config.5
|
||||||
--- openssh-6.1p1/sshd_config.5.akc 2012-11-28 17:12:43.199524517 +0100
|
--- openssh-6.1p1/sshd_config.5.akc 2013-02-14 17:46:45.195547248 +0100
|
||||||
+++ openssh-6.1p1/sshd_config.5 2012-11-28 17:16:23.736624980 +0100
|
+++ openssh-6.1p1/sshd_config.5 2013-02-14 17:46:45.277546890 +0100
|
||||||
@@ -173,6 +173,20 @@ Note that each authentication method lis
|
@@ -173,6 +173,20 @@ Note that each authentication method lis
|
||||||
in the configuration.
|
in the configuration.
|
||||||
The default is not to require multiple authentication; successful completion
|
The default is not to require multiple authentication; successful completion
|
||||||
@ -552,7 +566,7 @@ diff -up openssh-6.1p1/sshd_config.5.akc openssh-6.1p1/sshd_config.5
|
|||||||
.Cm PermitOpen ,
|
.Cm PermitOpen ,
|
||||||
diff -up openssh-6.1p1/sshd_config.akc openssh-6.1p1/sshd_config
|
diff -up openssh-6.1p1/sshd_config.akc openssh-6.1p1/sshd_config
|
||||||
--- openssh-6.1p1/sshd_config.akc 2012-07-31 04:21:34.000000000 +0200
|
--- openssh-6.1p1/sshd_config.akc 2012-07-31 04:21:34.000000000 +0200
|
||||||
+++ openssh-6.1p1/sshd_config 2012-11-28 17:12:43.265524291 +0100
|
+++ openssh-6.1p1/sshd_config 2013-02-14 17:46:45.277546890 +0100
|
||||||
@@ -49,6 +49,9 @@
|
@@ -49,6 +49,9 @@
|
||||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
# but this is overridden so installations will only check .ssh/authorized_keys
|
||||||
AuthorizedKeysFile .ssh/authorized_keys
|
AuthorizedKeysFile .ssh/authorized_keys
|
||||||
|
Loading…
Reference in New Issue
Block a user