forked from rpms/openssh
		
	Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD
This commit is contained in:
		
							parent
							
								
									776bac932c
								
							
						
					
					
						commit
						6323f67e20
					
				| @ -1,6 +1,6 @@ | ||||
| diff -up openssh-5.3p1/authfd.c.nss-keys openssh-5.3p1/authfd.c
 | ||||
| --- openssh-5.3p1/authfd.c.nss-keys	2006-09-01 07:38:36.000000000 +0200
 | ||||
| +++ openssh-5.3p1/authfd.c	2009-11-24 14:18:12.000000000 +0100
 | ||||
| +++ openssh-5.3p1/authfd.c	2009-11-27 13:43:00.000000000 +0100
 | ||||
| @@ -626,6 +626,45 @@ ssh_update_card(AuthenticationConnection
 | ||||
|  	return decode_reply(type); | ||||
|  } | ||||
| @ -49,7 +49,7 @@ diff -up openssh-5.3p1/authfd.c.nss-keys openssh-5.3p1/authfd.c | ||||
|   * by normal applications. | ||||
| diff -up openssh-5.3p1/authfd.h.nss-keys openssh-5.3p1/authfd.h
 | ||||
| --- openssh-5.3p1/authfd.h.nss-keys	2006-08-05 04:39:39.000000000 +0200
 | ||||
| +++ openssh-5.3p1/authfd.h	2009-11-24 14:18:12.000000000 +0100
 | ||||
| +++ openssh-5.3p1/authfd.h	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -49,6 +49,12 @@
 | ||||
|  #define SSH2_AGENTC_ADD_ID_CONSTRAINED		25 | ||||
|  #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 | ||||
| @ -73,9 +73,9 @@ diff -up openssh-5.3p1/authfd.h.nss-keys openssh-5.3p1/authfd.h | ||||
|  int | ||||
|  ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], | ||||
| diff -up openssh-5.3p1/configure.ac.nss-keys openssh-5.3p1/configure.ac
 | ||||
| --- openssh-5.3p1/configure.ac.nss-keys	2009-11-24 14:18:05.000000000 +0100
 | ||||
| +++ openssh-5.3p1/configure.ac	2009-11-24 14:18:12.000000000 +0100
 | ||||
| @@ -3526,6 +3526,20 @@ AC_ARG_WITH(kerberos5,
 | ||||
| --- openssh-5.3p1/configure.ac.nss-keys	2009-11-27 13:42:57.000000000 +0100
 | ||||
| +++ openssh-5.3p1/configure.ac	2009-11-27 13:48:44.000000000 +0100
 | ||||
| @@ -3526,6 +3526,21 @@ AC_ARG_WITH(kerberos5,
 | ||||
|  	] | ||||
|  ) | ||||
|   | ||||
| @ -89,6 +89,7 @@ diff -up openssh-5.3p1/configure.ac.nss-keys openssh-5.3p1/configure.ac | ||||
| +		CPPFLAGS="$CPPFLAGS -I/usr/include/nss3 -I/usr/include/nspr4"
 | ||||
| +		AC_CHECK_HEADERS(pk11pub.h)
 | ||||
| +		LIBS="$LIBS -lnss3"
 | ||||
| +		AC_CHECK_DECLS([SEC_ERROR_LOCKED_PASSWORD], [], [], [#include <secerr.h>])
 | ||||
| +	fi
 | ||||
| +	])
 | ||||
| +AC_SUBST(LIBNSS)
 | ||||
| @ -96,7 +97,7 @@ diff -up openssh-5.3p1/configure.ac.nss-keys openssh-5.3p1/configure.ac | ||||
|  # Looking for programs, paths and files | ||||
|   | ||||
|  PRIVSEP_PATH=/var/empty | ||||
| @@ -4253,6 +4267,7 @@ echo "              TCP Wrappers support
 | ||||
| @@ -4253,6 +4269,7 @@ echo "              TCP Wrappers support
 | ||||
|  echo "              MD5 password support: $MD5_MSG" | ||||
|  echo "                   libedit support: $LIBEDIT_MSG" | ||||
|  echo "  Solaris process contract support: $SPC_MSG" | ||||
| @ -106,7 +107,7 @@ diff -up openssh-5.3p1/configure.ac.nss-keys openssh-5.3p1/configure.ac | ||||
|  echo "                  BSD Auth support: $BSD_AUTH_MSG" | ||||
| diff -up openssh-5.3p1/key.c.nss-keys openssh-5.3p1/key.c
 | ||||
| --- openssh-5.3p1/key.c.nss-keys	2008-11-03 09:24:17.000000000 +0100
 | ||||
| +++ openssh-5.3p1/key.c	2009-11-24 14:18:12.000000000 +0100
 | ||||
| +++ openssh-5.3p1/key.c	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -96,6 +96,54 @@ key_new(int type)
 | ||||
|  	return k; | ||||
|  } | ||||
| @ -184,7 +185,7 @@ diff -up openssh-5.3p1/key.c.nss-keys openssh-5.3p1/key.c | ||||
|   | ||||
| diff -up openssh-5.3p1/key.h.nss-keys openssh-5.3p1/key.h
 | ||||
| --- openssh-5.3p1/key.h.nss-keys	2008-06-12 20:40:35.000000000 +0200
 | ||||
| +++ openssh-5.3p1/key.h	2009-11-24 14:18:12.000000000 +0100
 | ||||
| +++ openssh-5.3p1/key.h	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -29,11 +29,17 @@
 | ||||
|  #include <openssl/rsa.h> | ||||
|  #include <openssl/dsa.h> | ||||
| @ -236,7 +237,7 @@ diff -up openssh-5.3p1/key.h.nss-keys openssh-5.3p1/key.h | ||||
|  int		 key_equal(const Key *, const Key *); | ||||
| diff -up openssh-5.3p1/Makefile.in.nss-keys openssh-5.3p1/Makefile.in
 | ||||
| --- openssh-5.3p1/Makefile.in.nss-keys	2009-08-28 02:47:38.000000000 +0200
 | ||||
| +++ openssh-5.3p1/Makefile.in	2009-11-24 14:18:12.000000000 +0100
 | ||||
| +++ openssh-5.3p1/Makefile.in	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
 | ||||
|  	atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ | ||||
|  	monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ | ||||
| @ -247,9 +248,9 @@ diff -up openssh-5.3p1/Makefile.in.nss-keys openssh-5.3p1/Makefile.in | ||||
|  SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | ||||
|  	sshconnect.o sshconnect1.o sshconnect2.o mux.o \ | ||||
| diff -up /dev/null openssh-5.3p1/nsskeys.c
 | ||||
| --- /dev/null	2009-11-18 14:38:34.628561123 +0100
 | ||||
| +++ openssh-5.3p1/nsskeys.c	2009-11-24 14:30:23.000000000 +0100
 | ||||
| @@ -0,0 +1,442 @@
 | ||||
| --- /dev/null	2009-11-27 11:08:21.619709673 +0100
 | ||||
| +++ openssh-5.3p1/nsskeys.c	2009-11-27 13:45:42.000000000 +0100
 | ||||
| @@ -0,0 +1,443 @@
 | ||||
| +/*
 | ||||
| + * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 | ||||
| + * Copyright (c) 2007 Red Hat, Inc. All rights reserved.
 | ||||
| @ -531,11 +532,12 @@ diff -up /dev/null openssh-5.3p1/nsskeys.c | ||||
| +		case SEC_ERROR_BAD_DATA:
 | ||||
| +			debug2("Invalid passphrase, try again...");
 | ||||
| +			break;
 | ||||
| +//This nss error is currently undefined
 | ||||
| +//		case SEC_ERROR_LOCKED_PASSWORD:
 | ||||
| +//			error("Unable to authenticate, token passphrase is locked");
 | ||||
| +//			quit = 1;
 | ||||
| +//			break;
 | ||||
| +#if HAVE_SEC_ERROR_LOCKED_PASSWORD
 | ||||
| +		case SEC_ERROR_LOCKED_PASSWORD:
 | ||||
| +			error("Unable to authenticate, token passphrase is locked");
 | ||||
| +			quit = 1;
 | ||||
| +			break;
 | ||||
| +#endif
 | ||||
| +		default:
 | ||||
| +			error("Failure while authenticating against token");
 | ||||
| +			quit = 1;
 | ||||
| @ -693,8 +695,8 @@ diff -up /dev/null openssh-5.3p1/nsskeys.c | ||||
| +
 | ||||
| +#endif /* HAVE_LIBNSS */
 | ||||
| diff -up /dev/null openssh-5.3p1/nsskeys.h
 | ||||
| --- /dev/null	2009-11-18 14:38:34.628561123 +0100
 | ||||
| +++ openssh-5.3p1/nsskeys.h	2009-11-24 14:18:13.000000000 +0100
 | ||||
| --- /dev/null	2009-11-27 11:08:21.619709673 +0100
 | ||||
| +++ openssh-5.3p1/nsskeys.h	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -0,0 +1,39 @@
 | ||||
| +/*
 | ||||
| + * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 | ||||
| @ -737,7 +739,7 @@ diff -up /dev/null openssh-5.3p1/nsskeys.h | ||||
| +#endif
 | ||||
| diff -up openssh-5.3p1/readconf.c.nss-keys openssh-5.3p1/readconf.c
 | ||||
| --- openssh-5.3p1/readconf.c.nss-keys	2009-07-05 23:12:27.000000000 +0200
 | ||||
| +++ openssh-5.3p1/readconf.c	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/readconf.c	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -124,6 +124,7 @@ typedef enum {
 | ||||
|  	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | ||||
|  	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | ||||
| @ -812,7 +814,7 @@ diff -up openssh-5.3p1/readconf.c.nss-keys openssh-5.3p1/readconf.c | ||||
|  	if (options->rekey_limit == -1) | ||||
| diff -up openssh-5.3p1/readconf.h.nss-keys openssh-5.3p1/readconf.h
 | ||||
| --- openssh-5.3p1/readconf.h.nss-keys	2009-07-05 23:12:27.000000000 +0200
 | ||||
| +++ openssh-5.3p1/readconf.h	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/readconf.h	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -85,6 +85,10 @@ typedef struct {
 | ||||
|  	char   *preferred_authentications; | ||||
|  	char   *bind_address;	/* local socket address for connection to sshd */ | ||||
| @ -826,7 +828,7 @@ diff -up openssh-5.3p1/readconf.h.nss-keys openssh-5.3p1/readconf.h | ||||
|  	int     num_identity_files;	/* Number of files for RSA/DSA identities. */ | ||||
| diff -up openssh-5.3p1/ssh-add.c.nss-keys openssh-5.3p1/ssh-add.c
 | ||||
| --- openssh-5.3p1/ssh-add.c.nss-keys	2008-02-28 09:13:52.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh-add.c	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh-add.c	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -44,6 +44,14 @@
 | ||||
|  #include <openssl/evp.h> | ||||
|  #include "openbsd-compat/openssl-compat.h" | ||||
| @ -1066,7 +1068,7 @@ diff -up openssh-5.3p1/ssh-add.c.nss-keys openssh-5.3p1/ssh-add.c | ||||
|  		struct passwd *pw; | ||||
| diff -up openssh-5.3p1/ssh-agent.c.nss-keys openssh-5.3p1/ssh-agent.c
 | ||||
| --- openssh-5.3p1/ssh-agent.c.nss-keys	2009-06-21 09:50:15.000000000 +0200
 | ||||
| +++ openssh-5.3p1/ssh-agent.c	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh-agent.c	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -80,6 +80,10 @@
 | ||||
|  #include "scard.h" | ||||
|  #endif | ||||
| @ -1211,7 +1213,7 @@ diff -up openssh-5.3p1/ssh-agent.c.nss-keys openssh-5.3p1/ssh-agent.c | ||||
|  		error("Unknown message %d", type); | ||||
| diff -up openssh-5.3p1/ssh.c.nss-keys openssh-5.3p1/ssh.c
 | ||||
| --- openssh-5.3p1/ssh.c.nss-keys	2009-07-05 23:16:56.000000000 +0200
 | ||||
| +++ openssh-5.3p1/ssh.c	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh.c	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -105,6 +105,9 @@
 | ||||
|  #ifdef SMARTCARD | ||||
|  #include "scard.h" | ||||
| @ -1267,7 +1269,7 @@ diff -up openssh-5.3p1/ssh.c.nss-keys openssh-5.3p1/ssh.c | ||||
|  	pwname = xstrdup(pw->pw_name); | ||||
| diff -up openssh-5.3p1/ssh-dss.c.nss-keys openssh-5.3p1/ssh-dss.c
 | ||||
| --- openssh-5.3p1/ssh-dss.c.nss-keys	2006-11-07 13:14:42.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh-dss.c	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh-dss.c	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -39,6 +39,10 @@
 | ||||
|  #include "log.h" | ||||
|  #include "key.h" | ||||
| @ -1327,7 +1329,7 @@ diff -up openssh-5.3p1/ssh-dss.c.nss-keys openssh-5.3p1/ssh-dss.c | ||||
|  			*lenp = SIGBLOB_LEN; | ||||
| diff -up openssh-5.3p1/ssh.h.nss-keys openssh-5.3p1/ssh.h
 | ||||
| --- openssh-5.3p1/ssh.h.nss-keys	2006-08-05 04:39:41.000000000 +0200
 | ||||
| +++ openssh-5.3p1/ssh.h	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh.h	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -28,6 +28,12 @@
 | ||||
|  #define SSH_MAX_IDENTITY_FILES		100 | ||||
|   | ||||
| @ -1343,7 +1345,7 @@ diff -up openssh-5.3p1/ssh.h.nss-keys openssh-5.3p1/ssh.h | ||||
|   * some room for options and comments. | ||||
| diff -up openssh-5.3p1/ssh-keygen.c.nss-keys openssh-5.3p1/ssh-keygen.c
 | ||||
| --- openssh-5.3p1/ssh-keygen.c.nss-keys	2009-06-22 08:11:07.000000000 +0200
 | ||||
| +++ openssh-5.3p1/ssh-keygen.c	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh-keygen.c	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -53,6 +53,11 @@
 | ||||
|  #include "scard.h" | ||||
|  #endif | ||||
| @ -1447,7 +1449,7 @@ diff -up openssh-5.3p1/ssh-keygen.c.nss-keys openssh-5.3p1/ssh-keygen.c | ||||
|  		if (download) | ||||
| diff -up openssh-5.3p1/ssh-rsa.c.nss-keys openssh-5.3p1/ssh-rsa.c
 | ||||
| --- openssh-5.3p1/ssh-rsa.c.nss-keys	2006-09-01 07:38:37.000000000 +0200
 | ||||
| +++ openssh-5.3p1/ssh-rsa.c	2009-11-24 14:18:13.000000000 +0100
 | ||||
| +++ openssh-5.3p1/ssh-rsa.c	2009-11-27 13:43:01.000000000 +0100
 | ||||
| @@ -32,6 +32,10 @@
 | ||||
|  #include "compat.h" | ||||
|  #include "ssh.h" | ||||
|  | ||||
| @ -69,7 +69,7 @@ | ||||
| Summary: An open source implementation of SSH protocol versions 1 and 2 | ||||
| Name: openssh | ||||
| Version: 5.3p1 | ||||
| Release: 10%{?dist}%{?rescue_rel} | ||||
| Release: 11%{?dist}%{?rescue_rel} | ||||
| URL: http://www.openssh.com/portable.html | ||||
| #URL1: http://pamsshauth.sourceforge.net | ||||
| #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz | ||||
| @ -525,6 +525,9 @@ fi | ||||
| %endif | ||||
| 
 | ||||
| %changelog | ||||
| * Fri Nov 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-11 | ||||
| - Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD (#537411) | ||||
| 
 | ||||
| * Tue Nov 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-10 | ||||
| - Update NSS key patch (#537411, #356451) | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user