Upgrade to openssh-5.6p1
This commit is contained in:
Jan F. Chadima
parent
98ba34ae05
commit
1b8a267cb9
@ -1,13 +0,0 @@
|
||||
--- openssh-4.0p1/channels.c.exit-deadlock 2005-03-01 11:24:33.000000000 +0100
|
||||
+++ openssh-4.0p1/channels.c 2005-04-05 22:25:15.197226237 +0200
|
||||
@@ -1403,6 +1403,10 @@
|
||||
u_int dlen;
|
||||
int len;
|
||||
|
||||
+ if(c->wfd != -1 && buffer_len(&c->output) > 0 && c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
||||
+ debug("channel %d: forcing write", c->self);
|
||||
+ FD_SET(c->wfd, writeset);
|
||||
+ }
|
||||
/* Send buffered output data to the socket. */
|
||||
if (c->wfd != -1 &&
|
||||
FD_ISSET(c->wfd, writeset) &&
|
||||
@ -1,24 +0,0 @@
|
||||
diff -up openssh-5.3p1/auth1.c.skip-initial openssh-5.3p1/auth1.c
|
||||
--- openssh-5.3p1/auth1.c.skip-initial 2009-03-08 01:40:28.000000000 +0100
|
||||
+++ openssh-5.3p1/auth1.c 2009-10-02 13:55:00.000000000 +0200
|
||||
@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt)
|
||||
authctxt->valid ? "" : "invalid user ", authctxt->user);
|
||||
|
||||
/* If the user has no password, accept authentication immediately. */
|
||||
- if (options.password_authentication &&
|
||||
+ if (options.permit_empty_passwd && options.password_authentication &&
|
||||
#ifdef KRB5
|
||||
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
|
||||
#endif
|
||||
diff -up openssh-5.3p1/auth2-none.c.skip-initial openssh-5.3p1/auth2-none.c
|
||||
--- openssh-5.3p1/auth2-none.c.skip-initial 2009-03-08 01:40:28.000000000 +0100
|
||||
+++ openssh-5.3p1/auth2-none.c 2009-10-02 13:56:21.000000000 +0200
|
||||
@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
|
||||
{
|
||||
none_enabled = 0;
|
||||
packet_check_eom();
|
||||
- if (options.password_authentication)
|
||||
+ if (options.permit_empty_passwd && options.password_authentication)
|
||||
return (PRIVSEP(auth_password(authctxt, "")));
|
||||
return (0);
|
||||
}
|
||||
@ -1,30 +0,0 @@
|
||||
diff -up openssh-5.5p1/ssh-keygen.c.staterr openssh-5.5p1/ssh-keygen.c
|
||||
--- openssh-5.5p1/ssh-keygen.c.staterr 2010-05-04 09:01:14.000000000 +0200
|
||||
+++ openssh-5.5p1/ssh-keygen.c 2010-05-04 09:03:32.000000000 +0200
|
||||
@@ -1831,13 +1831,19 @@ main(int argc, char **argv)
|
||||
ask_filename(pw, "Enter file in which to save the key");
|
||||
|
||||
/* Create ~/.ssh directory if it doesn't already exist. */
|
||||
- snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
|
||||
- if (strstr(identity_file, dotsshdir) != NULL &&
|
||||
- stat(dotsshdir, &st) < 0) {
|
||||
- if (mkdir(dotsshdir, 0700) < 0)
|
||||
- error("Could not create directory '%s'.", dotsshdir);
|
||||
- else if (!quiet)
|
||||
- printf("Created directory '%s'.\n", dotsshdir);
|
||||
+ snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
|
||||
+ pw->pw_dir, _PATH_SSH_USER_DIR);
|
||||
+ if (strstr(identity_file, dotsshdir) != NULL) {
|
||||
+ if (stat(dotsshdir, &st) < 0) {
|
||||
+ if (errno != ENOENT) {
|
||||
+ error("Could not stat %s: %s", dotsshdir,
|
||||
+ strerror(errno));
|
||||
+ } else if (mkdir(dotsshdir, 0700) < 0) {
|
||||
+ error("Could not create directory '%s': %s",
|
||||
+ dotsshdir, strerror(errno));
|
||||
+ } else if (!quiet)
|
||||
+ printf("Created directory '%s'.\n", dotsshdir);
|
||||
+ }
|
||||
}
|
||||
/* If the file already exists, ask the user to confirm. */
|
||||
if (!overwrite && stat(identity_file, &st) >= 0) {
|
||||
@ -1,171 +0,0 @@
|
||||
diff -up openssh-5.5p1/channels.c.stderr openssh-5.5p1/channels.c
|
||||
--- openssh-5.5p1/channels.c.stderr 2010-06-23 15:20:30.000000000 +0200
|
||||
+++ openssh-5.5p1/channels.c 2010-06-23 15:23:06.000000000 +0200
|
||||
@@ -838,8 +838,9 @@ channel_pre_open(Channel *c, fd_set *rea
|
||||
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
|
||||
buffer_len(&c->extended) > 0)
|
||||
FD_SET(c->efd, writeset);
|
||||
- else if (!(c->flags & CHAN_EOF_SENT) &&
|
||||
- c->extended_usage == CHAN_EXTENDED_READ &&
|
||||
+ else if (c->efd != -1 && !(c->flags & CHAN_EOF_SENT) &&
|
||||
+ (c->extended_usage == CHAN_EXTENDED_READ ||
|
||||
+ c->extended_usage == CHAN_EXTENDED_IGNORE) &&
|
||||
buffer_len(&c->extended) < c->remote_window)
|
||||
FD_SET(c->efd, readset);
|
||||
}
|
||||
@@ -1759,7 +1760,9 @@ channel_handle_efd(Channel *c, fd_set *r
|
||||
buffer_consume(&c->extended, len);
|
||||
c->local_consumed += len;
|
||||
}
|
||||
- } else if (c->extended_usage == CHAN_EXTENDED_READ &&
|
||||
+ } else if (c->efd != -1 &&
|
||||
+ (c->extended_usage == CHAN_EXTENDED_READ ||
|
||||
+ c->extended_usage == CHAN_EXTENDED_IGNORE) &&
|
||||
(c->detach_close || FD_ISSET(c->efd, readset))) {
|
||||
len = read(c->efd, buf, sizeof(buf));
|
||||
debug2("channel %d: read %d from efd %d",
|
||||
@@ -1772,7 +1775,11 @@ channel_handle_efd(Channel *c, fd_set *r
|
||||
c->self, c->efd);
|
||||
channel_close_fd(&c->efd);
|
||||
} else {
|
||||
- buffer_append(&c->extended, buf, len);
|
||||
+ if (c->extended_usage == CHAN_EXTENDED_IGNORE) {
|
||||
+ debug3("channel %d: discard efd",
|
||||
+ c->self);
|
||||
+ } else
|
||||
+ buffer_append(&c->extended, buf, len);
|
||||
}
|
||||
}
|
||||
}
|
||||
diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
|
||||
--- openssh-5.5p1/session.c.stderr 2010-06-23 15:20:29.000000000 +0200
|
||||
+++ openssh-5.5p1/session.c 2010-06-23 15:23:55.000000000 +0200
|
||||
@@ -47,6 +47,7 @@
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <errno.h>
|
||||
+#include <fcntl.h>
|
||||
#include <grp.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
#include <paths.h>
|
||||
@@ -104,7 +105,7 @@
|
||||
/* func */
|
||||
|
||||
Session *session_new(void);
|
||||
-void session_set_fds(Session *, int, int, int, int);
|
||||
+void session_set_fds(Session *, int, int, int, int, int);
|
||||
void session_pty_cleanup(Session *);
|
||||
void session_proctitle(Session *);
|
||||
int session_setup_x11fwd(Session *);
|
||||
@@ -443,10 +444,14 @@ int
|
||||
do_exec_no_pty(Session *s, const char *command)
|
||||
{
|
||||
pid_t pid;
|
||||
+ int ignore_fderr = 0;
|
||||
|
||||
#ifdef USE_PIPES
|
||||
int pin[2], pout[2], perr[2];
|
||||
|
||||
+ if (s == NULL)
|
||||
+ fatal("do_exec_no_pty: no session");
|
||||
+
|
||||
/* Allocate pipes for communicating with the program. */
|
||||
if (pipe(pin) < 0) {
|
||||
error("%s: pipe in: %.100s", __func__, strerror(errno));
|
||||
@@ -459,32 +464,38 @@ do_exec_no_pty(Session *s, const char *c
|
||||
return -1;
|
||||
}
|
||||
if (pipe(perr) < 0) {
|
||||
- error("%s: pipe err: %.100s", __func__, strerror(errno));
|
||||
+ error("%s: pipe err: %.100s", __func__,
|
||||
+ strerror(errno));
|
||||
close(pin[0]);
|
||||
close(pin[1]);
|
||||
close(pout[0]);
|
||||
close(pout[1]);
|
||||
return -1;
|
||||
}
|
||||
+ if (s->is_subsystem)
|
||||
+ ignore_fderr = 1;
|
||||
#else
|
||||
int inout[2], err[2];
|
||||
|
||||
+ if (s == NULL)
|
||||
+ fatal("do_exec_no_pty: no session");
|
||||
+
|
||||
/* Uses socket pairs to communicate with the program. */
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {
|
||||
error("%s: socketpair #1: %.100s", __func__, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
|
||||
- error("%s: socketpair #2: %.100s", __func__, strerror(errno));
|
||||
+ error("%s: socketpair #2: %.100s", __func__,
|
||||
+ strerror(errno));
|
||||
close(inout[0]);
|
||||
close(inout[1]);
|
||||
return -1;
|
||||
}
|
||||
+ if (s->is_subsystem)
|
||||
+ ignore_fderr = 1;
|
||||
#endif
|
||||
|
||||
- if (s == NULL)
|
||||
- fatal("do_exec_no_pty: no session");
|
||||
-
|
||||
session_proctitle(s);
|
||||
|
||||
/* Fork the child. */
|
||||
@@ -595,11 +606,7 @@ do_exec_no_pty(Session *s, const char *c
|
||||
close(perr[1]);
|
||||
|
||||
if (compat20) {
|
||||
- if (s->is_subsystem) {
|
||||
- close(perr[0]);
|
||||
- perr[0] = -1;
|
||||
- }
|
||||
- session_set_fds(s, pin[1], pout[0], perr[0], 0);
|
||||
+ session_set_fds(s, pin[1], pout[0], perr[0], ignore_fderr, 0);
|
||||
} else {
|
||||
/* Enter the interactive session. */
|
||||
server_loop(pid, pin[1], pout[0], perr[0]);
|
||||
@@ -615,10 +622,7 @@ do_exec_no_pty(Session *s, const char *c
|
||||
* handle the case that fdin and fdout are the same.
|
||||
*/
|
||||
if (compat20) {
|
||||
- session_set_fds(s, inout[1], inout[1],
|
||||
- s->is_subsystem ? -1 : err[1], 0);
|
||||
- if (s->is_subsystem)
|
||||
- close(err[1]);
|
||||
+ session_set_fds(s, inout[1], inout[1], err[1], ignore_fderr, 0);
|
||||
} else {
|
||||
server_loop(pid, inout[1], inout[1], err[1]);
|
||||
/* server_loop has closed inout[1] and err[1]. */
|
||||
@@ -740,7 +744,7 @@ do_exec_pty(Session *s, const char *comm
|
||||
s->ptymaster = ptymaster;
|
||||
packet_set_interactive(1);
|
||||
if (compat20) {
|
||||
- session_set_fds(s, ptyfd, fdout, -1, 1);
|
||||
+ session_set_fds(s, ptyfd, fdout, -1, 1, 1);
|
||||
} else {
|
||||
server_loop(pid, ptyfd, fdout, -1);
|
||||
/* server_loop _has_ closed ptyfd and fdout. */
|
||||
@@ -2321,7 +2325,8 @@ session_input_channel_req(Channel *c, co
|
||||
}
|
||||
|
||||
void
|
||||
-session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty)
|
||||
+session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
|
||||
+ int is_tty)
|
||||
{
|
||||
if (!compat20)
|
||||
fatal("session_set_fds: called for proto != 2.0");
|
||||
@@ -2333,7 +2338,7 @@ session_set_fds(Session *s, int fdin, in
|
||||
fatal("no channel for session %d", s->self);
|
||||
channel_set_fds(s->chanid,
|
||||
fdout, fdin, fderr,
|
||||
- fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
|
||||
+ ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
|
||||
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
|
||||
--- openssh-5.5p1.orig/auth2-pubkey.c 2010-03-21 14:51:21.000000000 -0400
|
||||
+++ openssh-5.5p1/auth2-pubkey.c 2010-07-03 20:23:43.000000000 -0400
|
||||
diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
|
||||
--- openssh-5.6p1/auth2-pubkey.c.akc 2010-08-23 12:15:42.000000000 +0200
|
||||
+++ openssh-5.6p1/auth2-pubkey.c 2010-08-23 12:15:42.000000000 +0200
|
||||
@@ -27,6 +27,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -9,7 +9,7 @@ diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <pwd.h>
|
||||
@@ -178,27 +178,15 @@
|
||||
@@ -264,27 +265,15 @@ match_principals_file(char *file, struct
|
||||
|
||||
/* return 1 if user allows given key */
|
||||
static int
|
||||
@ -38,7 +38,7 @@ diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
|
||||
found_key = 0;
|
||||
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
|
||||
|
||||
@@ -273,8 +261,6 @@
|
||||
@@ -377,8 +366,6 @@ user_key_allowed2(struct passwd *pw, Key
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -47,7 +47,7 @@ diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
|
||||
key_free(found);
|
||||
if (!found_key)
|
||||
debug2("key not found");
|
||||
@@ -321,13 +307,191 @@
|
||||
@@ -440,13 +427,191 @@ user_cert_trusted_ca(struct passwd *pw,
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -240,10 +240,10 @@ diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
|
||||
if (auth_key_is_revoked(key))
|
||||
return 0;
|
||||
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
|
||||
diff -ruN openssh-5.5p1.orig/configure.ac openssh-5.5p1/configure.ac
|
||||
--- openssh-5.5p1.orig/configure.ac 2010-04-10 08:58:01.000000000 -0400
|
||||
+++ openssh-5.5p1/configure.ac 2010-07-03 19:57:42.000000000 -0400
|
||||
@@ -1346,6 +1346,18 @@
|
||||
diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
|
||||
--- openssh-5.6p1/configure.ac.akc 2010-08-23 12:15:42.000000000 +0200
|
||||
+++ openssh-5.6p1/configure.ac 2010-08-23 12:15:42.000000000 +0200
|
||||
@@ -1346,6 +1346,18 @@ AC_ARG_WITH(audit,
|
||||
esac ]
|
||||
)
|
||||
|
||||
@ -262,7 +262,7 @@ diff -ruN openssh-5.5p1.orig/configure.ac openssh-5.5p1/configure.ac
|
||||
dnl Checks for library functions. Please keep in alphabetical order
|
||||
AC_CHECK_FUNCS( \
|
||||
arc4random \
|
||||
@@ -4181,6 +4193,7 @@
|
||||
@@ -4209,6 +4221,7 @@ echo " Linux audit support
|
||||
echo " Smartcard support: $SCARD_MSG"
|
||||
echo " S/KEY support: $SKEY_MSG"
|
||||
echo " TCP Wrappers support: $TCPW_MSG"
|
||||
@ -270,10 +270,10 @@ diff -ruN openssh-5.5p1.orig/configure.ac openssh-5.5p1/configure.ac
|
||||
echo " MD5 password support: $MD5_MSG"
|
||||
echo " libedit support: $LIBEDIT_MSG"
|
||||
echo " Solaris process contract support: $SPC_MSG"
|
||||
diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
|
||||
--- openssh-5.5p1.orig/servconf.c 2010-03-25 19:40:04.000000000 -0400
|
||||
+++ openssh-5.5p1/servconf.c 2010-07-03 19:59:07.000000000 -0400
|
||||
@@ -128,6 +128,8 @@
|
||||
diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
|
||||
--- openssh-5.6p1/servconf.c.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.c 2010-08-23 12:22:22.000000000 +0200
|
||||
@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions
|
||||
options->num_permitted_opens = -1;
|
||||
options->adm_forced_command = NULL;
|
||||
options->chroot_directory = NULL;
|
||||
@ -282,18 +282,18 @@ diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
|
||||
options->zero_knowledge_password_authentication = -1;
|
||||
options->revoked_keys_file = NULL;
|
||||
options->trusted_user_ca_keys = NULL;
|
||||
@@ -311,6 +313,7 @@
|
||||
@@ -316,6 +318,7 @@ typedef enum {
|
||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||
sZeroKnowledgePasswordAuthentication, sHostCertificate,
|
||||
sRevokedKeys, sTrustedUserCAKeys,
|
||||
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
|
||||
+ sAuthorizedKeysCommand, sAuthorizedKeysCommandRunAs,
|
||||
sDeprecated, sUnsupported
|
||||
} ServerOpCodes;
|
||||
|
||||
@@ -432,6 +435,13 @@
|
||||
{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
|
||||
@@ -439,6 +442,13 @@ static struct {
|
||||
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
|
||||
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
|
||||
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
|
||||
+#ifdef WITH_AUTHORIZED_KEYS_COMMAND
|
||||
+ { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
|
||||
+ { "authorizedkeyscommandrunas", sAuthorizedKeysCommandRunAs, SSHCFG_ALL },
|
||||
@ -304,7 +304,7 @@ diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
|
||||
{ NULL, sBadOption, 0 }
|
||||
};
|
||||
|
||||
@@ -1345,6 +1355,20 @@
|
||||
@@ -1360,6 +1370,20 @@ process_server_config_line(ServerOptions
|
||||
charptr = &options->revoked_keys_file;
|
||||
goto parse_filename;
|
||||
|
||||
@ -325,7 +325,7 @@ diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
|
||||
case sDeprecated:
|
||||
logit("%s line %d: Deprecated option %s",
|
||||
filename, linenum, arg);
|
||||
@@ -1438,6 +1462,8 @@
|
||||
@@ -1453,6 +1477,8 @@ copy_set_server_options(ServerOptions *d
|
||||
M_CP_INTOPT(gss_authentication);
|
||||
M_CP_INTOPT(rsa_authentication);
|
||||
M_CP_INTOPT(pubkey_authentication);
|
||||
@ -333,54 +333,42 @@ diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
|
||||
+ M_CP_STROPT(authorized_keys_command_runas);
|
||||
M_CP_INTOPT(kerberos_authentication);
|
||||
M_CP_INTOPT(hostbased_authentication);
|
||||
M_CP_INTOPT(kbd_interactive_authentication);
|
||||
@@ -1682,6 +1708,8 @@
|
||||
dump_cfg_string(sChrootDirectory, o->chroot_directory);
|
||||
dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
|
||||
M_CP_INTOPT(hostbased_uses_name_from_packet_only);
|
||||
@@ -1705,6 +1731,8 @@ dump_config(ServerOptions *o)
|
||||
dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
|
||||
dump_cfg_string(sAuthorizedPrincipalsFile,
|
||||
o->authorized_principals_file);
|
||||
+ dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
|
||||
+ dump_cfg_string(sAuthorizedKeysCommandRunAs, o->authorized_keys_command_runas);
|
||||
|
||||
/* string arguments requiring a lookup */
|
||||
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
|
||||
diff -ruN openssh-5.5p1.orig/servconf.h openssh-5.5p1/servconf.h
|
||||
--- openssh-5.5p1.orig/servconf.h 2010-03-04 05:53:35.000000000 -0500
|
||||
+++ openssh-5.5p1/servconf.h 2010-07-03 19:57:42.000000000 -0400
|
||||
@@ -156,6 +156,8 @@
|
||||
char *chroot_directory;
|
||||
diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
|
||||
--- openssh-5.6p1/servconf.h.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.h 2010-08-23 12:17:58.000000000 +0200
|
||||
@@ -158,6 +158,8 @@ typedef struct {
|
||||
char *revoked_keys_file;
|
||||
char *trusted_user_ca_keys;
|
||||
char *authorized_principals_file;
|
||||
+ char *authorized_keys_command;
|
||||
+ char *authorized_keys_command_runas;
|
||||
} ServerOptions;
|
||||
|
||||
void initialize_server_options(ServerOptions *);
|
||||
diff -ruN openssh-5.5p1.orig/sshd_config openssh-5.5p1/sshd_config
|
||||
--- openssh-5.5p1.orig/sshd_config 2009-10-11 06:51:09.000000000 -0400
|
||||
+++ openssh-5.5p1/sshd_config 2010-07-03 19:57:42.000000000 -0400
|
||||
@@ -44,6 +44,8 @@
|
||||
#RSAAuthentication yes
|
||||
#PubkeyAuthentication yes
|
||||
#AuthorizedKeysFile .ssh/authorized_keys
|
||||
+#AuthorizedKeysCommand none
|
||||
+#AuthorizedKeysCommandRunAs nobody
|
||||
diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
|
||||
--- openssh-5.6p1/sshd_config.0.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.0 2010-08-23 12:25:18.000000000 +0200
|
||||
@@ -374,7 +374,8 @@ DESCRIPTION
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
#RhostsRSAAuthentication no
|
||||
diff -ruN openssh-5.5p1.orig/sshd_config.0 openssh-5.5p1/sshd_config.0
|
||||
--- openssh-5.5p1.orig/sshd_config.0 2010-04-15 20:17:12.000000000 -0400
|
||||
+++ openssh-5.5p1/sshd_config.0 2010-07-03 19:57:42.000000000 -0400
|
||||
@@ -352,7 +352,8 @@
|
||||
KbdInteractiveAuthentication, KerberosAuthentication,
|
||||
MaxAuthTries, MaxSessions, PasswordAuthentication,
|
||||
PermitEmptyPasswords, PermitOpen, PermitRootLogin,
|
||||
- PubkeyAuthentication, RhostsRSAAuthentication, RSAAuthentication,
|
||||
+ PubkeyAuthentication, AuthorizedKeysCommand, AuthorizedKeysCommandRunAs,
|
||||
+ RhostsRSAAuthentication, RSAAuthentication,
|
||||
X11DisplayOffset, X11Forwarding and X11UseLocalHost.
|
||||
|
||||
MaxAuthTries
|
||||
@@ -467,6 +468,23 @@
|
||||
Only a subset of keywords may be used on the lines following a
|
||||
Match keyword. Available keywords are AllowAgentForwarding,
|
||||
- AllowTcpForwarding, AuthorizedKeysFile, AuthorizedPrincipalsFile,
|
||||
+ AllowTcpForwarding, AuthorizedKeysFile, AuthorizedKeysCommand,
|
||||
+ AuthorizedKeysCommandRunAs, AuthorizedPrincipalsFile,
|
||||
Banner, ChrootDirectory, ForceCommand, GatewayPorts,
|
||||
GSSAPIAuthentication, HostbasedAuthentication,
|
||||
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
|
||||
@@ -496,6 +497,23 @@ DESCRIPTION
|
||||
this file is not readable, then public key authentication will be
|
||||
refused for all users.
|
||||
|
||||
@ -404,20 +392,27 @@ diff -ruN openssh-5.5p1.orig/sshd_config.0 openssh-5.5p1/sshd_config.0
|
||||
RhostsRSAAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication to-
|
||||
gether with successful RSA host authentication is allowed. The
|
||||
diff -ruN openssh-5.5p1.orig/sshd_config.5 openssh-5.5p1/sshd_config.5
|
||||
--- openssh-5.5p1.orig/sshd_config.5 2010-03-04 18:41:45.000000000 -0500
|
||||
+++ openssh-5.5p1/sshd_config.5 2010-07-03 19:57:42.000000000 -0400
|
||||
@@ -618,6 +618,9 @@
|
||||
diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
|
||||
--- openssh-5.6p1/sshd_config.5.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.5 2010-08-23 12:25:46.000000000 +0200
|
||||
@@ -654,6 +654,8 @@ Available keywords are
|
||||
.Cm AllowAgentForwarding ,
|
||||
.Cm AllowTcpForwarding ,
|
||||
.Cm AuthorizedKeysFile ,
|
||||
+.Cm AuthorizedKeysCommand ,
|
||||
+.Cm AuthorizedKeysCommandRunAs ,
|
||||
.Cm AuthorizedPrincipalsFile ,
|
||||
.Cm Banner ,
|
||||
.Cm ChrootDirectory ,
|
||||
@@ -666,6 +668,7 @@ Available keywords are
|
||||
.Cm KerberosAuthentication ,
|
||||
.Cm MaxAuthTries ,
|
||||
.Cm MaxSessions ,
|
||||
+.Cm PubkeyAuthentication ,
|
||||
+.Cm AuthorizedKeysCommand ,
|
||||
+.Cm AuthorizedKeysCommandRunAs ,
|
||||
.Cm PasswordAuthentication ,
|
||||
.Cm PermitEmptyPasswords ,
|
||||
.Cm PermitOpen ,
|
||||
@@ -819,6 +822,20 @@
|
||||
@@ -868,6 +871,20 @@ Specifies a list of revoked public keys.
|
||||
Keys listed in this file will be refused for public key authentication.
|
||||
Note that if this file is not readable, then public key authentication will
|
||||
be refused for all users.
|
||||
@ -438,3 +433,15 @@ diff -ruN openssh-5.5p1.orig/sshd_config.5 openssh-5.5p1/sshd_config.5
|
||||
.It Cm RhostsRSAAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
with successful RSA host authentication is allowed.
|
||||
diff -up openssh-5.6p1/sshd_config.akc openssh-5.6p1/sshd_config
|
||||
--- openssh-5.6p1/sshd_config.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config 2010-08-23 12:15:42.000000000 +0200
|
||||
@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
|
||||
#RSAAuthentication yes
|
||||
#PubkeyAuthentication yes
|
||||
#AuthorizedKeysFile .ssh/authorized_keys
|
||||
+#AuthorizedKeysCommand none
|
||||
+#AuthorizedKeysCommandRunAs nobody
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
#RhostsRSAAuthentication no
|
||||
14
openssh-5.6p1-exit-deadlock.patch
Normal file
14
openssh-5.6p1-exit-deadlock.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff -up openssh-5.6p1/channels.c.exit-deadlock openssh-5.6p1/channels.c
|
||||
--- openssh-5.6p1/channels.c.exit-deadlock 2010-08-05 15:09:48.000000000 +0200
|
||||
+++ openssh-5.6p1/channels.c 2010-08-23 12:41:43.000000000 +0200
|
||||
@@ -1647,6 +1647,10 @@ channel_handle_wfd(Channel *c, fd_set *r
|
||||
u_int dlen, olen = 0;
|
||||
int len;
|
||||
|
||||
+ if(c->wfd != -1 && buffer_len(&c->output) > 0 && c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
||||
+ debug("channel %d: forcing write", c->self);
|
||||
+ FD_SET(c->wfd, writeset);
|
||||
+ }
|
||||
/* Send buffered output data to the socket. */
|
||||
if (c->wfd != -1 &&
|
||||
FD_ISSET(c->wfd, writeset) &&
|
||||
@ -1,7 +1,7 @@
|
||||
diff -up openssh-5.5p1/auth2-pubkey.c.fips openssh-5.5p1/auth2-pubkey.c
|
||||
--- openssh-5.5p1/auth2-pubkey.c.fips 2010-04-16 08:46:47.000000000 +0200
|
||||
+++ openssh-5.5p1/auth2-pubkey.c 2010-04-16 08:46:48.000000000 +0200
|
||||
@@ -35,6 +35,7 @@
|
||||
diff -up openssh-5.6p1/auth2-pubkey.c.fips openssh-5.6p1/auth2-pubkey.c
|
||||
--- openssh-5.6p1/auth2-pubkey.c.fips 2010-08-23 12:43:40.000000000 +0200
|
||||
+++ openssh-5.6p1/auth2-pubkey.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
@ -9,7 +9,7 @@ diff -up openssh-5.5p1/auth2-pubkey.c.fips openssh-5.5p1/auth2-pubkey.c
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
@@ -274,7 +275,7 @@ user_key_allowed2(struct passwd *pw, Key
|
||||
@@ -359,7 +360,7 @@ user_search_key_in_file(FILE *f, char *f
|
||||
found_key = 1;
|
||||
debug("matching key found: file %s, line %lu",
|
||||
file, linenum);
|
||||
@ -18,9 +18,9 @@ diff -up openssh-5.5p1/auth2-pubkey.c.fips openssh-5.5p1/auth2-pubkey.c
|
||||
verbose("Found matching %s key: %s",
|
||||
key_type(found), fp);
|
||||
xfree(fp);
|
||||
diff -up openssh-5.5p1/authfile.c.fips openssh-5.5p1/authfile.c
|
||||
--- openssh-5.5p1/authfile.c.fips 2010-03-04 11:53:35.000000000 +0100
|
||||
+++ openssh-5.5p1/authfile.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/authfile.c.fips openssh-5.6p1/authfile.c
|
||||
--- openssh-5.6p1/authfile.c.fips 2010-08-05 05:05:16.000000000 +0200
|
||||
+++ openssh-5.6p1/authfile.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -146,8 +146,14 @@ key_save_private_rsa1(Key *key, const ch
|
||||
/* Allocate space for the private part of the key in the buffer. */
|
||||
cp = buffer_append_space(&encrypted, buffer_len(&buffer));
|
||||
@ -55,9 +55,9 @@ diff -up openssh-5.5p1/authfile.c.fips openssh-5.5p1/authfile.c
|
||||
cipher_crypt(&ciphercontext, cp,
|
||||
buffer_ptr(&buffer), buffer_len(&buffer));
|
||||
cipher_cleanup(&ciphercontext);
|
||||
diff -up openssh-5.5p1/cipher.c.fips openssh-5.5p1/cipher.c
|
||||
--- openssh-5.5p1/cipher.c.fips 2010-04-16 08:34:06.000000000 +0200
|
||||
+++ openssh-5.5p1/cipher.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/cipher.c.fips openssh-5.6p1/cipher.c
|
||||
--- openssh-5.6p1/cipher.c.fips 2010-08-23 09:49:50.000000000 +0200
|
||||
+++ openssh-5.6p1/cipher.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -40,6 +40,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
@ -142,9 +142,9 @@ diff -up openssh-5.5p1/cipher.c.fips openssh-5.5p1/cipher.c
|
||||
}
|
||||
|
||||
/*
|
||||
diff -up openssh-5.5p1/cipher-ctr.c.fips openssh-5.5p1/cipher-ctr.c
|
||||
--- openssh-5.5p1/cipher-ctr.c.fips 2007-06-14 15:21:33.000000000 +0200
|
||||
+++ openssh-5.5p1/cipher-ctr.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/cipher-ctr.c.fips openssh-5.6p1/cipher-ctr.c
|
||||
--- openssh-5.6p1/cipher-ctr.c.fips 2007-06-14 15:21:33.000000000 +0200
|
||||
+++ openssh-5.6p1/cipher-ctr.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
|
||||
aes_ctr.do_cipher = ssh_aes_ctr;
|
||||
#ifndef SSH_OLD_EVP
|
||||
@ -155,9 +155,9 @@ diff -up openssh-5.5p1/cipher-ctr.c.fips openssh-5.5p1/cipher-ctr.c
|
||||
#endif
|
||||
return (&aes_ctr);
|
||||
}
|
||||
diff -up openssh-5.5p1/cipher.h.fips openssh-5.5p1/cipher.h
|
||||
--- openssh-5.5p1/cipher.h.fips 2009-01-28 06:38:41.000000000 +0100
|
||||
+++ openssh-5.5p1/cipher.h 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/cipher.h.fips openssh-5.6p1/cipher.h
|
||||
--- openssh-5.6p1/cipher.h.fips 2009-01-28 06:38:41.000000000 +0100
|
||||
+++ openssh-5.6p1/cipher.h 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -78,7 +78,7 @@ void cipher_init(CipherContext *, Ciphe
|
||||
const u_char *, u_int, int);
|
||||
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
|
||||
@ -167,9 +167,9 @@ diff -up openssh-5.5p1/cipher.h.fips openssh-5.5p1/cipher.h
|
||||
u_int cipher_blocksize(const Cipher *);
|
||||
u_int cipher_keylen(const Cipher *);
|
||||
u_int cipher_is_cbc(const Cipher *);
|
||||
diff -up openssh-5.5p1/mac.c.fips openssh-5.5p1/mac.c
|
||||
--- openssh-5.5p1/mac.c.fips 2008-06-13 02:58:50.000000000 +0200
|
||||
+++ openssh-5.5p1/mac.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/mac.c.fips openssh-5.6p1/mac.c
|
||||
--- openssh-5.6p1/mac.c.fips 2008-06-13 02:58:50.000000000 +0200
|
||||
+++ openssh-5.6p1/mac.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
@ -219,10 +219,10 @@ diff -up openssh-5.5p1/mac.c.fips openssh-5.5p1/mac.c
|
||||
|
||||
for (i = 0; macs[i].name; i++) {
|
||||
if (strcmp(name, macs[i].name) == 0) {
|
||||
diff -up openssh-5.5p1/Makefile.in.fips openssh-5.5p1/Makefile.in
|
||||
--- openssh-5.5p1/Makefile.in.fips 2010-03-13 22:41:34.000000000 +0100
|
||||
+++ openssh-5.5p1/Makefile.in 2010-04-16 09:48:16.000000000 +0200
|
||||
@@ -141,25 +141,25 @@
|
||||
diff -up openssh-5.6p1/Makefile.in.fips openssh-5.6p1/Makefile.in
|
||||
--- openssh-5.6p1/Makefile.in.fips 2010-08-23 12:43:40.000000000 +0200
|
||||
+++ openssh-5.6p1/Makefile.in 2010-08-23 12:46:24.000000000 +0200
|
||||
@@ -141,25 +141,25 @@ libssh.a: $(LIBSSH_OBJS)
|
||||
$(RANLIB) $@
|
||||
|
||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||
@ -253,8 +253,8 @@ diff -up openssh-5.5p1/Makefile.in.fips openssh-5.5p1/Makefile.in
|
||||
+ $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
||||
|
||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
@@ -168,7 +168,7 @@
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
@@ -168,7 +168,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
|
||||
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
||||
|
||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||
@ -263,10 +263,10 @@ diff -up openssh-5.5p1/Makefile.in.fips openssh-5.5p1/Makefile.in
|
||||
|
||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
||||
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
diff -up openssh-5.5p1/myproposal.h.fips openssh-5.5p1/myproposal.h
|
||||
--- openssh-5.5p1/myproposal.h.fips 2010-02-26 21:55:05.000000000 +0100
|
||||
+++ openssh-5.5p1/myproposal.h 2010-04-16 08:46:49.000000000 +0200
|
||||
@@ -55,7 +55,12 @@
|
||||
diff -up openssh-5.6p1/myproposal.h.fips openssh-5.6p1/myproposal.h
|
||||
--- openssh-5.6p1/myproposal.h.fips 2010-04-16 07:56:22.000000000 +0200
|
||||
+++ openssh-5.6p1/myproposal.h 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -58,7 +58,12 @@
|
||||
"hmac-sha1-96,hmac-md5-96"
|
||||
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
||||
#define KEX_DEFAULT_LANG ""
|
||||
@ -280,9 +280,9 @@ diff -up openssh-5.5p1/myproposal.h.fips openssh-5.5p1/myproposal.h
|
||||
|
||||
static char *myproposal[PROPOSAL_MAX] = {
|
||||
KEX_DEFAULT_KEX,
|
||||
diff -up openssh-5.5p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.5p1/openbsd-compat/bsd-arc4random.c
|
||||
--- openssh-5.5p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
|
||||
+++ openssh-5.5p1/openbsd-compat/bsd-arc4random.c 2010-04-16 09:17:30.000000000 +0200
|
||||
diff -up openssh-5.6p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.6p1/openbsd-compat/bsd-arc4random.c
|
||||
--- openssh-5.6p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
|
||||
+++ openssh-5.6p1/openbsd-compat/bsd-arc4random.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -39,6 +39,7 @@
|
||||
static int rc4_ready = 0;
|
||||
static RC4_KEY rc4;
|
||||
@ -324,9 +324,9 @@ diff -up openssh-5.5p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.5p1/openbs
|
||||
#endif /* !HAVE_ARC4RANDOM */
|
||||
|
||||
#ifndef HAVE_ARC4RANDOM_BUF
|
||||
diff -up openssh-5.5p1/ssh-add.c.fips openssh-5.5p1/ssh-add.c
|
||||
--- openssh-5.5p1/ssh-add.c.fips 2010-03-03 00:25:42.000000000 +0100
|
||||
+++ openssh-5.5p1/ssh-add.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-add.c.fips openssh-5.6p1/ssh-add.c
|
||||
--- openssh-5.6p1/ssh-add.c.fips 2010-05-21 06:56:47.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-add.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -42,6 +42,7 @@
|
||||
#include <sys/param.h>
|
||||
|
||||
@ -335,7 +335,7 @@ diff -up openssh-5.5p1/ssh-add.c.fips openssh-5.5p1/ssh-add.c
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
#include <fcntl.h>
|
||||
@@ -269,7 +270,7 @@ list_identities(AuthenticationConnection
|
||||
@@ -277,7 +278,7 @@ list_identities(AuthenticationConnection
|
||||
key = ssh_get_next_identity(ac, &comment, version)) {
|
||||
had_identities = 1;
|
||||
if (do_fp) {
|
||||
@ -344,9 +344,9 @@ diff -up openssh-5.5p1/ssh-add.c.fips openssh-5.5p1/ssh-add.c
|
||||
SSH_FP_HEX);
|
||||
printf("%d %s %s (%s)\n",
|
||||
key_size(key), fp, comment, key_type(key));
|
||||
diff -up openssh-5.5p1/ssh-agent.c.fips openssh-5.5p1/ssh-agent.c
|
||||
--- openssh-5.5p1/ssh-agent.c.fips 2010-02-26 21:55:06.000000000 +0100
|
||||
+++ openssh-5.5p1/ssh-agent.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-agent.c.fips openssh-5.6p1/ssh-agent.c
|
||||
--- openssh-5.6p1/ssh-agent.c.fips 2010-04-16 07:56:22.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-agent.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -51,6 +51,7 @@
|
||||
|
||||
#include <openssl/evp.h>
|
||||
@ -368,9 +368,9 @@ diff -up openssh-5.5p1/ssh-agent.c.fips openssh-5.5p1/ssh-agent.c
|
||||
ret = 0;
|
||||
xfree(p);
|
||||
|
||||
diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
|
||||
--- openssh-5.5p1/ssh.c.fips 2010-02-26 21:55:06.000000000 +0100
|
||||
+++ openssh-5.5p1/ssh.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh.c.fips openssh-5.6p1/ssh.c
|
||||
--- openssh-5.6p1/ssh.c.fips 2010-08-16 17:59:31.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -72,6 +72,8 @@
|
||||
|
||||
#include <openssl/evp.h>
|
||||
@ -380,7 +380,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@@ -225,6 +227,10 @@ main(int ac, char **av)
|
||||
@@ -235,6 +237,10 @@ main(int ac, char **av)
|
||||
sanitise_stdfd();
|
||||
|
||||
__progname = ssh_get_progname(av[0]);
|
||||
@ -391,7 +391,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
|
||||
init_rng();
|
||||
|
||||
/*
|
||||
@@ -285,6 +291,9 @@ main(int ac, char **av)
|
||||
@@ -301,6 +307,9 @@ main(int ac, char **av)
|
||||
"ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
|
||||
switch (opt) {
|
||||
case '1':
|
||||
@ -401,7 +401,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
|
||||
options.protocol = SSH_PROTO_1;
|
||||
break;
|
||||
case '2':
|
||||
@@ -581,7 +590,6 @@ main(int ac, char **av)
|
||||
@@ -599,7 +608,6 @@ main(int ac, char **av)
|
||||
if (!host)
|
||||
usage();
|
||||
|
||||
@ -409,7 +409,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
/* Initialize the command to execute on remote host. */
|
||||
@@ -667,6 +675,10 @@ main(int ac, char **av)
|
||||
@@ -685,6 +693,10 @@ main(int ac, char **av)
|
||||
|
||||
seed_rng();
|
||||
|
||||
@ -420,7 +420,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
|
||||
if (options.user == NULL)
|
||||
options.user = xstrdup(pw->pw_name);
|
||||
|
||||
@@ -733,6 +745,12 @@ main(int ac, char **av)
|
||||
@@ -752,6 +764,12 @@ main(int ac, char **av)
|
||||
|
||||
timeout_ms = options.connection_timeout * 1000;
|
||||
|
||||
@ -433,9 +433,9 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
|
||||
/* Open a connection to the remote host. */
|
||||
if (ssh_connect(host, &hostaddr, options.port,
|
||||
options.address_family, options.connection_attempts, &timeout_ms,
|
||||
diff -up openssh-5.5p1/sshconnect2.c.fips openssh-5.5p1/sshconnect2.c
|
||||
--- openssh-5.5p1/sshconnect2.c.fips 2010-04-16 08:46:48.000000000 +0200
|
||||
+++ openssh-5.5p1/sshconnect2.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/sshconnect2.c.fips openssh-5.6p1/sshconnect2.c
|
||||
--- openssh-5.6p1/sshconnect2.c.fips 2010-08-23 12:43:41.000000000 +0200
|
||||
+++ openssh-5.6p1/sshconnect2.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -44,6 +44,8 @@
|
||||
#include <vis.h>
|
||||
#endif
|
||||
@ -479,9 +479,9 @@ diff -up openssh-5.5p1/sshconnect2.c.fips openssh-5.5p1/sshconnect2.c
|
||||
xfree(fp);
|
||||
|
||||
/*
|
||||
diff -up openssh-5.5p1/sshconnect.c.fips openssh-5.5p1/sshconnect.c
|
||||
--- openssh-5.5p1/sshconnect.c.fips 2010-03-04 11:53:36.000000000 +0100
|
||||
+++ openssh-5.5p1/sshconnect.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/sshconnect.c.fips openssh-5.6p1/sshconnect.c
|
||||
--- openssh-5.6p1/sshconnect.c.fips 2010-04-18 00:08:21.000000000 +0200
|
||||
+++ openssh-5.6p1/sshconnect.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -40,6 +40,8 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
@ -568,9 +568,9 @@ diff -up openssh-5.5p1/sshconnect.c.fips openssh-5.5p1/sshconnect.c
|
||||
error("Please contact your system administrator.");
|
||||
|
||||
xfree(fp);
|
||||
diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
|
||||
--- openssh-5.5p1/sshd.c.fips 2010-04-16 08:46:48.000000000 +0200
|
||||
+++ openssh-5.5p1/sshd.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c
|
||||
--- openssh-5.6p1/sshd.c.fips 2010-08-23 12:43:40.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -76,6 +76,8 @@
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/md5.h>
|
||||
@ -580,7 +580,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
#ifdef HAVE_SECUREWARE
|
||||
@@ -1298,6 +1300,12 @@ main(int ac, char **av)
|
||||
@@ -1307,6 +1309,12 @@ main(int ac, char **av)
|
||||
(void)set_auth_parameters(ac, av);
|
||||
#endif
|
||||
__progname = ssh_get_progname(av[0]);
|
||||
@ -593,7 +593,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
|
||||
init_rng();
|
||||
|
||||
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
|
||||
@@ -1459,8 +1467,6 @@ main(int ac, char **av)
|
||||
@@ -1468,8 +1476,6 @@ main(int ac, char **av)
|
||||
else
|
||||
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
|
||||
|
||||
@ -602,7 +602,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
|
||||
/*
|
||||
* Force logging to stderr until we have loaded the private host
|
||||
* key (unless started from inetd)
|
||||
@@ -1578,6 +1584,10 @@ main(int ac, char **av)
|
||||
@@ -1587,6 +1593,10 @@ main(int ac, char **av)
|
||||
debug("private host key: #%d type %d %s", i, key->type,
|
||||
key_type(key));
|
||||
}
|
||||
@ -613,7 +613,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
|
||||
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
|
||||
logit("Disabling protocol version 1. Could not load host key");
|
||||
options.protocol &= ~SSH_PROTO_1;
|
||||
@@ -1742,6 +1752,10 @@ main(int ac, char **av)
|
||||
@@ -1751,6 +1761,10 @@ main(int ac, char **av)
|
||||
/* Initialize the random number generator. */
|
||||
arc4random_stir();
|
||||
|
||||
@ -624,7 +624,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
|
||||
/* Chdir to the root directory so that the current disk can be
|
||||
unmounted if desired. */
|
||||
chdir("/");
|
||||
@@ -2275,6 +2289,9 @@ do_ssh2_kex(void)
|
||||
@@ -2284,6 +2298,9 @@ do_ssh2_kex(void)
|
||||
if (options.ciphers != NULL) {
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
||||
@ -634,7 +634,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
|
||||
}
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
||||
@@ -2284,6 +2301,9 @@ do_ssh2_kex(void)
|
||||
@@ -2293,6 +2310,9 @@ do_ssh2_kex(void)
|
||||
if (options.macs != NULL) {
|
||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||
@ -644,9 +644,9 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
|
||||
}
|
||||
if (options.compression == COMP_NONE) {
|
||||
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
||||
diff -up openssh-5.5p1/ssh-keygen.c.fips openssh-5.5p1/ssh-keygen.c
|
||||
--- openssh-5.5p1/ssh-keygen.c.fips 2010-03-21 19:58:24.000000000 +0100
|
||||
+++ openssh-5.5p1/ssh-keygen.c 2010-04-16 08:46:49.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-keygen.c.fips openssh-5.6p1/ssh-keygen.c
|
||||
--- openssh-5.6p1/ssh-keygen.c.fips 2010-08-23 12:43:40.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-keygen.c 2010-08-23 12:43:41.000000000 +0200
|
||||
@@ -21,6 +21,7 @@
|
||||
|
||||
#include <openssl/evp.h>
|
||||
@ -655,7 +655,7 @@ diff -up openssh-5.5p1/ssh-keygen.c.fips openssh-5.5p1/ssh-keygen.c
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
#include <errno.h>
|
||||
@@ -527,7 +528,7 @@ do_fingerprint(struct passwd *pw)
|
||||
@@ -692,7 +693,7 @@ do_fingerprint(struct passwd *pw)
|
||||
enum fp_type fptype;
|
||||
struct stat st;
|
||||
|
||||
@ -664,7 +664,7 @@ diff -up openssh-5.5p1/ssh-keygen.c.fips openssh-5.5p1/ssh-keygen.c
|
||||
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
|
||||
|
||||
if (!have_identity)
|
||||
@@ -1916,14 +1917,15 @@ passphrase_again:
|
||||
@@ -2209,14 +2210,15 @@ passphrase_again:
|
||||
fclose(f);
|
||||
|
||||
if (!quiet) {
|
||||
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.5p1/auth2.c.gsskex openssh-5.5p1/auth2.c
|
||||
--- openssh-5.5p1/auth2.c.gsskex 2010-05-13 15:59:50.000000000 +0200
|
||||
+++ openssh-5.5p1/auth2.c 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/auth2.c.gsskex openssh-5.6p1/auth2.c
|
||||
--- openssh-5.6p1/auth2.c.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/auth2.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -69,6 +69,7 @@ extern Authmethod method_passwd;
|
||||
extern Authmethod method_kbdint;
|
||||
extern Authmethod method_hostbased;
|
||||
@ -35,9 +35,9 @@ diff -up openssh-5.5p1/auth2.c.gsskex openssh-5.5p1/auth2.c
|
||||
authctxt->failures++;
|
||||
if (authctxt->failures >= options.max_authtries) {
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
diff -up openssh-5.5p1/auth2-gss.c.gsskex openssh-5.5p1/auth2-gss.c
|
||||
--- openssh-5.5p1/auth2-gss.c.gsskex 2010-05-13 15:59:50.000000000 +0200
|
||||
+++ openssh-5.5p1/auth2-gss.c 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/auth2-gss.c.gsskex openssh-5.6p1/auth2-gss.c
|
||||
--- openssh-5.6p1/auth2-gss.c.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/auth2-gss.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -1,7 +1,7 @@
|
||||
/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
|
||||
|
||||
@ -137,9 +137,9 @@ diff -up openssh-5.5p1/auth2-gss.c.gsskex openssh-5.5p1/auth2-gss.c
|
||||
Authmethod method_gssapi = {
|
||||
"gssapi-with-mic",
|
||||
userauth_gssapi,
|
||||
diff -up openssh-5.5p1/auth.h.gsskex openssh-5.5p1/auth.h
|
||||
--- openssh-5.5p1/auth.h.gsskex 2010-05-13 15:59:50.000000000 +0200
|
||||
+++ openssh-5.5p1/auth.h 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/auth.h.gsskex openssh-5.6p1/auth.h
|
||||
--- openssh-5.6p1/auth.h.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/auth.h 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -53,6 +53,7 @@ struct Authctxt {
|
||||
int valid; /* user exists and is allowed to login */
|
||||
int attempt;
|
||||
@ -148,9 +148,9 @@ diff -up openssh-5.5p1/auth.h.gsskex openssh-5.5p1/auth.h
|
||||
int force_pwchange;
|
||||
char *user; /* username sent by the client */
|
||||
char *service;
|
||||
diff -up openssh-5.5p1/auth-krb5.c.gsskex openssh-5.5p1/auth-krb5.c
|
||||
--- openssh-5.5p1/auth-krb5.c.gsskex 2009-12-21 00:49:22.000000000 +0100
|
||||
+++ openssh-5.5p1/auth-krb5.c 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/auth-krb5.c.gsskex openssh-5.6p1/auth-krb5.c
|
||||
--- openssh-5.6p1/auth-krb5.c.gsskex 2009-12-21 00:49:22.000000000 +0100
|
||||
+++ openssh-5.6p1/auth-krb5.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -170,8 +170,13 @@ auth_krb5_password(Authctxt *authctxt, c
|
||||
|
||||
len = strlen(authctxt->krb5_ticket_file) + 6;
|
||||
@ -198,9 +198,9 @@ diff -up openssh-5.5p1/auth-krb5.c.gsskex openssh-5.5p1/auth-krb5.c
|
||||
|
||||
return (krb5_cc_resolve(ctx, ccname, ccache));
|
||||
}
|
||||
diff -up openssh-5.5p1/ChangeLog.gssapi.gsskex openssh-5.5p1/ChangeLog.gssapi
|
||||
--- openssh-5.5p1/ChangeLog.gssapi.gsskex 2010-05-13 15:59:58.000000000 +0200
|
||||
+++ openssh-5.5p1/ChangeLog.gssapi 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/ChangeLog.gssapi.gsskex openssh-5.6p1/ChangeLog.gssapi
|
||||
--- openssh-5.6p1/ChangeLog.gssapi.gsskex 2010-08-23 12:51:58.000000000 +0200
|
||||
+++ openssh-5.6p1/ChangeLog.gssapi 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -0,0 +1,95 @@
|
||||
+20090615
|
||||
+ - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
|
||||
@ -297,9 +297,9 @@ diff -up openssh-5.5p1/ChangeLog.gssapi.gsskex openssh-5.5p1/ChangeLog.gssapi
|
||||
+ add support for GssapiTrustDns option for gssapi-with-mic
|
||||
+ (from jbasney AT ncsa.uiuc.edu)
|
||||
+ <gssapi-with-mic support is Bugzilla #1008>
|
||||
diff -up openssh-5.5p1/clientloop.c.gsskex openssh-5.5p1/clientloop.c
|
||||
--- openssh-5.5p1/clientloop.c.gsskex 2010-03-21 19:54:02.000000000 +0100
|
||||
+++ openssh-5.5p1/clientloop.c 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/clientloop.c.gsskex openssh-5.6p1/clientloop.c
|
||||
--- openssh-5.6p1/clientloop.c.gsskex 2010-08-03 08:04:46.000000000 +0200
|
||||
+++ openssh-5.6p1/clientloop.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -111,6 +111,10 @@
|
||||
#include "msg.h"
|
||||
#include "roaming.h"
|
||||
@ -311,7 +311,7 @@ diff -up openssh-5.5p1/clientloop.c.gsskex openssh-5.5p1/clientloop.c
|
||||
/* import options */
|
||||
extern Options options;
|
||||
|
||||
@@ -1431,6 +1435,13 @@ client_loop(int have_pty, int escape_cha
|
||||
@@ -1483,6 +1487,13 @@ client_loop(int have_pty, int escape_cha
|
||||
/* Do channel operations unless rekeying in progress. */
|
||||
if (!rekeying) {
|
||||
channel_after_select(readset, writeset);
|
||||
@ -325,9 +325,9 @@ diff -up openssh-5.5p1/clientloop.c.gsskex openssh-5.5p1/clientloop.c
|
||||
if (need_rekeying || packet_need_rekeying()) {
|
||||
debug("need rekeying");
|
||||
xxx_kex->done = 0;
|
||||
diff -up openssh-5.5p1/configure.ac.gsskex openssh-5.5p1/configure.ac
|
||||
--- openssh-5.5p1/configure.ac.gsskex 2010-05-13 15:59:52.000000000 +0200
|
||||
+++ openssh-5.5p1/configure.ac 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/configure.ac.gsskex openssh-5.6p1/configure.ac
|
||||
--- openssh-5.6p1/configure.ac.gsskex 2010-08-23 12:51:57.000000000 +0200
|
||||
+++ openssh-5.6p1/configure.ac 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -477,6 +477,30 @@ main() { if (NSVersionOfRunTimeLibrary("
|
||||
[Use tunnel device compatibility to OpenBSD])
|
||||
AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
|
||||
@ -359,9 +359,9 @@ diff -up openssh-5.5p1/configure.ac.gsskex openssh-5.5p1/configure.ac
|
||||
m4_pattern_allow(AU_IPv)
|
||||
AC_CHECK_DECL(AU_IPv4, [],
|
||||
AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
|
||||
diff -up openssh-5.5p1/gss-genr.c.gsskex openssh-5.5p1/gss-genr.c
|
||||
--- openssh-5.5p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200
|
||||
+++ openssh-5.5p1/gss-genr.c 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/gss-genr.c.gsskex openssh-5.6p1/gss-genr.c
|
||||
--- openssh-5.6p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200
|
||||
+++ openssh-5.6p1/gss-genr.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -39,12 +39,167 @@
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
@ -700,9 +700,9 @@ diff -up openssh-5.5p1/gss-genr.c.gsskex openssh-5.5p1/gss-genr.c
|
||||
+}
|
||||
+
|
||||
#endif /* GSSAPI */
|
||||
diff -up openssh-5.5p1/gss-serv.c.gsskex openssh-5.5p1/gss-serv.c
|
||||
--- openssh-5.5p1/gss-serv.c.gsskex 2008-05-19 07:05:07.000000000 +0200
|
||||
+++ openssh-5.5p1/gss-serv.c 2010-05-13 15:59:58.000000000 +0200
|
||||
diff -up openssh-5.6p1/gss-serv.c.gsskex openssh-5.6p1/gss-serv.c
|
||||
--- openssh-5.6p1/gss-serv.c.gsskex 2008-05-19 07:05:07.000000000 +0200
|
||||
+++ openssh-5.6p1/gss-serv.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -1,7 +1,7 @@
|
||||
/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
|
||||
|
||||
@ -1016,9 +1016,9 @@ diff -up openssh-5.5p1/gss-serv.c.gsskex openssh-5.5p1/gss-serv.c
|
||||
}
|
||||
|
||||
#endif
|
||||
diff -up openssh-5.5p1/gss-serv-krb5.c.gsskex openssh-5.5p1/gss-serv-krb5.c
|
||||
--- openssh-5.5p1/gss-serv-krb5.c.gsskex 2006-09-01 07:38:36.000000000 +0200
|
||||
+++ openssh-5.5p1/gss-serv-krb5.c 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c
|
||||
--- openssh-5.6p1/gss-serv-krb5.c.gsskex 2006-09-01 07:38:36.000000000 +0200
|
||||
+++ openssh-5.6p1/gss-serv-krb5.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -1,7 +1,7 @@
|
||||
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
@ -1139,9 +1139,9 @@ diff -up openssh-5.5p1/gss-serv-krb5.c.gsskex openssh-5.5p1/gss-serv-krb5.c
|
||||
};
|
||||
|
||||
#endif /* KRB5 */
|
||||
diff -up openssh-5.5p1/kex.c.gsskex openssh-5.5p1/kex.c
|
||||
--- openssh-5.5p1/kex.c.gsskex 2010-01-08 06:50:41.000000000 +0100
|
||||
+++ openssh-5.5p1/kex.c 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/kex.c.gsskex openssh-5.6p1/kex.c
|
||||
--- openssh-5.6p1/kex.c.gsskex 2010-01-08 06:50:41.000000000 +0100
|
||||
+++ openssh-5.6p1/kex.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -50,6 +50,10 @@
|
||||
#include "monitor.h"
|
||||
#include "roaming.h"
|
||||
@ -1174,9 +1174,9 @@ diff -up openssh-5.5p1/kex.c.gsskex openssh-5.5p1/kex.c
|
||||
} else
|
||||
fatal("bad kex alg %s", k->name);
|
||||
}
|
||||
diff -up openssh-5.5p1/kexgssc.c.gsskex openssh-5.5p1/kexgssc.c
|
||||
--- openssh-5.5p1/kexgssc.c.gsskex 2010-05-13 15:59:59.000000000 +0200
|
||||
+++ openssh-5.5p1/kexgssc.c 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/kexgssc.c.gsskex openssh-5.6p1/kexgssc.c
|
||||
--- openssh-5.6p1/kexgssc.c.gsskex 2010-08-23 12:51:58.000000000 +0200
|
||||
+++ openssh-5.6p1/kexgssc.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -0,0 +1,334 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||
@ -1512,9 +1512,9 @@ diff -up openssh-5.5p1/kexgssc.c.gsskex openssh-5.5p1/kexgssc.c
|
||||
+}
|
||||
+
|
||||
+#endif /* GSSAPI */
|
||||
diff -up openssh-5.5p1/kexgsss.c.gsskex openssh-5.5p1/kexgsss.c
|
||||
--- openssh-5.5p1/kexgsss.c.gsskex 2010-05-13 15:59:59.000000000 +0200
|
||||
+++ openssh-5.5p1/kexgsss.c 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/kexgsss.c.gsskex openssh-5.6p1/kexgsss.c
|
||||
--- openssh-5.6p1/kexgsss.c.gsskex 2010-08-23 12:51:58.000000000 +0200
|
||||
+++ openssh-5.6p1/kexgsss.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -0,0 +1,288 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||
@ -1804,9 +1804,9 @@ diff -up openssh-5.5p1/kexgsss.c.gsskex openssh-5.5p1/kexgsss.c
|
||||
+ ssh_gssapi_rekey_creds();
|
||||
+}
|
||||
+#endif /* GSSAPI */
|
||||
diff -up openssh-5.5p1/kex.h.gsskex openssh-5.5p1/kex.h
|
||||
--- openssh-5.5p1/kex.h.gsskex 2010-02-26 21:55:05.000000000 +0100
|
||||
+++ openssh-5.5p1/kex.h 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/kex.h.gsskex openssh-5.6p1/kex.h
|
||||
--- openssh-5.6p1/kex.h.gsskex 2010-02-26 21:55:05.000000000 +0100
|
||||
+++ openssh-5.6p1/kex.h 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -67,6 +67,9 @@ enum kex_exchange {
|
||||
KEX_DH_GRP14_SHA1,
|
||||
KEX_DH_GEX_SHA1,
|
||||
@ -1842,32 +1842,32 @@ diff -up openssh-5.5p1/kex.h.gsskex openssh-5.5p1/kex.h
|
||||
void
|
||||
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
|
||||
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||
diff -up openssh-5.5p1/key.c.gsskex openssh-5.5p1/key.c
|
||||
--- openssh-5.5p1/key.c.gsskex 2010-03-21 19:58:24.000000000 +0100
|
||||
+++ openssh-5.5p1/key.c 2010-05-13 15:59:59.000000000 +0200
|
||||
@@ -982,6 +982,8 @@ key_type_from_name(char *name)
|
||||
diff -up openssh-5.6p1/key.c.gsskex openssh-5.6p1/key.c
|
||||
--- openssh-5.6p1/key.c.gsskex 2010-07-16 05:58:37.000000000 +0200
|
||||
+++ openssh-5.6p1/key.c 2010-08-23 12:56:03.000000000 +0200
|
||||
@@ -1020,6 +1020,8 @@ key_type_from_name(char *name)
|
||||
return KEY_RSA_CERT;
|
||||
} else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
|
||||
} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
|
||||
return KEY_DSA_CERT;
|
||||
+ } else if (strcmp(name, "null") == 0) {
|
||||
+ return KEY_NULL;
|
||||
}
|
||||
debug2("key_type_from_name: unknown key type '%s'", name);
|
||||
return KEY_UNSPEC;
|
||||
diff -up openssh-5.5p1/key.h.gsskex openssh-5.5p1/key.h
|
||||
--- openssh-5.5p1/key.h.gsskex 2010-03-21 19:58:24.000000000 +0100
|
||||
+++ openssh-5.5p1/key.h 2010-05-13 15:59:59.000000000 +0200
|
||||
@@ -37,6 +37,7 @@ enum types {
|
||||
KEY_DSA,
|
||||
KEY_RSA_CERT,
|
||||
diff -up openssh-5.6p1/key.h.gsskex openssh-5.6p1/key.h
|
||||
--- openssh-5.6p1/key.h.gsskex 2010-04-16 07:56:22.000000000 +0200
|
||||
+++ openssh-5.6p1/key.h 2010-08-23 12:56:32.000000000 +0200
|
||||
@@ -39,6 +39,7 @@ enum types {
|
||||
KEY_DSA_CERT,
|
||||
KEY_RSA_CERT_V00,
|
||||
KEY_DSA_CERT_V00,
|
||||
+ KEY_NULL,
|
||||
KEY_UNSPEC
|
||||
};
|
||||
enum fp_type {
|
||||
diff -up openssh-5.5p1/Makefile.in.gsskex openssh-5.5p1/Makefile.in
|
||||
--- openssh-5.5p1/Makefile.in.gsskex 2010-05-13 15:59:57.000000000 +0200
|
||||
+++ openssh-5.5p1/Makefile.in 2010-05-13 16:01:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/Makefile.in.gsskex openssh-5.6p1/Makefile.in
|
||||
--- openssh-5.6p1/Makefile.in.gsskex 2010-08-23 12:51:58.000000000 +0200
|
||||
+++ openssh-5.6p1/Makefile.in 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -76,11 +76,11 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||
kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \
|
||||
@ -1891,9 +1891,9 @@ diff -up openssh-5.5p1/Makefile.in.gsskex openssh-5.5p1/Makefile.in
|
||||
|
||||
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
|
||||
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
|
||||
diff -up openssh-5.5p1/monitor.c.gsskex openssh-5.5p1/monitor.c
|
||||
--- openssh-5.5p1/monitor.c.gsskex 2010-05-13 15:59:50.000000000 +0200
|
||||
+++ openssh-5.5p1/monitor.c 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c
|
||||
--- openssh-5.6p1/monitor.c.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/monitor.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -175,6 +175,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
|
||||
int mm_answer_gss_accept_ctx(int, Buffer *);
|
||||
int mm_answer_gss_userok(int, Buffer *);
|
||||
@ -2086,9 +2086,9 @@ diff -up openssh-5.5p1/monitor.c.gsskex openssh-5.5p1/monitor.c
|
||||
#endif /* GSSAPI */
|
||||
|
||||
#ifdef JPAKE
|
||||
diff -up openssh-5.5p1/monitor.h.gsskex openssh-5.5p1/monitor.h
|
||||
--- openssh-5.5p1/monitor.h.gsskex 2010-05-13 15:59:50.000000000 +0200
|
||||
+++ openssh-5.5p1/monitor.h 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/monitor.h.gsskex openssh-5.6p1/monitor.h
|
||||
--- openssh-5.6p1/monitor.h.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/monitor.h 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -56,6 +56,8 @@ enum monitor_reqtype {
|
||||
MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
|
||||
MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
|
||||
@ -2098,9 +2098,9 @@ diff -up openssh-5.5p1/monitor.h.gsskex openssh-5.5p1/monitor.h
|
||||
MONITOR_REQ_PAM_START,
|
||||
MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
|
||||
MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
|
||||
diff -up openssh-5.5p1/monitor_wrap.c.gsskex openssh-5.5p1/monitor_wrap.c
|
||||
--- openssh-5.5p1/monitor_wrap.c.gsskex 2010-05-13 15:59:51.000000000 +0200
|
||||
+++ openssh-5.5p1/monitor_wrap.c 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/monitor_wrap.c.gsskex openssh-5.6p1/monitor_wrap.c
|
||||
--- openssh-5.6p1/monitor_wrap.c.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/monitor_wrap.c 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -1250,7 +1250,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
|
||||
}
|
||||
|
||||
@ -2162,9 +2162,9 @@ diff -up openssh-5.5p1/monitor_wrap.c.gsskex openssh-5.5p1/monitor_wrap.c
|
||||
#endif /* GSSAPI */
|
||||
|
||||
#ifdef JPAKE
|
||||
diff -up openssh-5.5p1/monitor_wrap.h.gsskex openssh-5.5p1/monitor_wrap.h
|
||||
--- openssh-5.5p1/monitor_wrap.h.gsskex 2010-05-13 15:59:51.000000000 +0200
|
||||
+++ openssh-5.5p1/monitor_wrap.h 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/monitor_wrap.h.gsskex openssh-5.6p1/monitor_wrap.h
|
||||
--- openssh-5.6p1/monitor_wrap.h.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/monitor_wrap.h 2010-08-23 12:51:58.000000000 +0200
|
||||
@@ -60,8 +60,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K
|
||||
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
|
||||
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
|
||||
@ -2177,18 +2177,18 @@ diff -up openssh-5.5p1/monitor_wrap.h.gsskex openssh-5.5p1/monitor_wrap.h
|
||||
#endif
|
||||
|
||||
#ifdef USE_PAM
|
||||
diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
|
||||
--- openssh-5.5p1/readconf.c.gsskex 2010-02-11 23:21:03.000000000 +0100
|
||||
+++ openssh-5.5p1/readconf.c 2010-05-13 15:59:59.000000000 +0200
|
||||
diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c
|
||||
--- openssh-5.6p1/readconf.c.gsskex 2010-08-03 08:04:46.000000000 +0200
|
||||
+++ openssh-5.6p1/readconf.c 2010-08-23 12:57:26.000000000 +0200
|
||||
@@ -127,6 +127,7 @@ typedef enum {
|
||||
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
|
||||
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
|
||||
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
|
||||
+ oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
|
||||
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
|
||||
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
|
||||
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
|
||||
@@ -164,10 +165,18 @@ static struct {
|
||||
oSendEnv, oControlPath, oControlMaster, oControlPersist,
|
||||
oHashKnownHosts,
|
||||
@@ -166,10 +167,18 @@ static struct {
|
||||
{ "afstokenpassing", oUnsupported },
|
||||
#if defined(GSSAPI)
|
||||
{ "gssapiauthentication", oGssAuthentication },
|
||||
@ -2207,7 +2207,7 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
|
||||
#endif
|
||||
{ "fallbacktorsh", oDeprecated },
|
||||
{ "usersh", oDeprecated },
|
||||
@@ -456,10 +465,26 @@ parse_flag:
|
||||
@@ -474,10 +483,26 @@ parse_flag:
|
||||
intptr = &options->gss_authentication;
|
||||
goto parse_flag;
|
||||
|
||||
@ -2234,7 +2234,7 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
|
||||
case oBatchMode:
|
||||
intptr = &options->batch_mode;
|
||||
goto parse_flag;
|
||||
@@ -1015,7 +1040,11 @@ initialize_options(Options * options)
|
||||
@@ -1058,7 +1083,11 @@ initialize_options(Options * options)
|
||||
options->pubkey_authentication = -1;
|
||||
options->challenge_response_authentication = -1;
|
||||
options->gss_authentication = -1;
|
||||
@ -2246,7 +2246,7 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
|
||||
options->password_authentication = -1;
|
||||
options->kbd_interactive_authentication = -1;
|
||||
options->kbd_interactive_devices = NULL;
|
||||
@@ -1107,8 +1136,14 @@ fill_default_options(Options * options)
|
||||
@@ -1156,8 +1185,14 @@ fill_default_options(Options * options)
|
||||
options->challenge_response_authentication = 1;
|
||||
if (options->gss_authentication == -1)
|
||||
options->gss_authentication = 0;
|
||||
@ -2261,10 +2261,10 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
|
||||
if (options->password_authentication == -1)
|
||||
options->password_authentication = 1;
|
||||
if (options->kbd_interactive_authentication == -1)
|
||||
diff -up openssh-5.5p1/readconf.h.gsskex openssh-5.5p1/readconf.h
|
||||
--- openssh-5.5p1/readconf.h.gsskex 2010-02-11 23:21:03.000000000 +0100
|
||||
+++ openssh-5.5p1/readconf.h 2010-05-13 16:00:00.000000000 +0200
|
||||
@@ -44,7 +44,11 @@ typedef struct {
|
||||
diff -up openssh-5.6p1/readconf.h.gsskex openssh-5.6p1/readconf.h
|
||||
--- openssh-5.6p1/readconf.h.gsskex 2010-08-03 08:04:46.000000000 +0200
|
||||
+++ openssh-5.6p1/readconf.h 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -46,7 +46,11 @@ typedef struct {
|
||||
int challenge_response_authentication;
|
||||
/* Try S/Key or TIS, authentication. */
|
||||
int gss_authentication; /* Try GSS authentication */
|
||||
@ -2276,9 +2276,9 @@ diff -up openssh-5.5p1/readconf.h.gsskex openssh-5.5p1/readconf.h
|
||||
int password_authentication; /* Try password
|
||||
* authentication. */
|
||||
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
|
||||
diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
|
||||
--- openssh-5.5p1/servconf.c.gsskex 2010-05-13 15:59:54.000000000 +0200
|
||||
+++ openssh-5.5p1/servconf.c 2010-05-13 16:00:00.000000000 +0200
|
||||
diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c
|
||||
--- openssh-5.6p1/servconf.c.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.c 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -93,7 +93,10 @@ initialize_server_options(ServerOptions
|
||||
options->kerberos_ticket_cleanup = -1;
|
||||
options->kerberos_get_afs_token = -1;
|
||||
@ -2290,7 +2290,7 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
|
||||
options->password_authentication = -1;
|
||||
options->kbd_interactive_authentication = -1;
|
||||
options->challenge_response_authentication = -1;
|
||||
@@ -217,8 +220,14 @@ fill_default_server_options(ServerOption
|
||||
@@ -218,8 +221,14 @@ fill_default_server_options(ServerOption
|
||||
options->kerberos_get_afs_token = 0;
|
||||
if (options->gss_authentication == -1)
|
||||
options->gss_authentication = 0;
|
||||
@ -2305,7 +2305,7 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
|
||||
if (options->password_authentication == -1)
|
||||
options->password_authentication = 1;
|
||||
if (options->kbd_interactive_authentication == -1)
|
||||
@@ -312,7 +321,9 @@ typedef enum {
|
||||
@@ -313,7 +322,9 @@ typedef enum {
|
||||
sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
|
||||
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
||||
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
|
||||
@ -2316,7 +2316,7 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
|
||||
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
|
||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||
sZeroKnowledgePasswordAuthentication, sHostCertificate,
|
||||
@@ -376,9 +387,15 @@ static struct {
|
||||
@@ -377,9 +388,15 @@ static struct {
|
||||
#ifdef GSSAPI
|
||||
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
|
||||
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
|
||||
@ -2332,7 +2332,7 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
|
||||
#endif
|
||||
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
|
||||
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
|
||||
@@ -939,10 +956,22 @@ process_server_config_line(ServerOptions
|
||||
@@ -941,10 +958,22 @@ process_server_config_line(ServerOptions
|
||||
intptr = &options->gss_authentication;
|
||||
goto parse_flag;
|
||||
|
||||
@ -2355,9 +2355,9 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
|
||||
case sPasswordAuthentication:
|
||||
intptr = &options->password_authentication;
|
||||
goto parse_flag;
|
||||
diff -up openssh-5.5p1/servconf.h.gsskex openssh-5.5p1/servconf.h
|
||||
--- openssh-5.5p1/servconf.h.gsskex 2010-05-13 15:59:54.000000000 +0200
|
||||
+++ openssh-5.5p1/servconf.h 2010-05-13 16:00:00.000000000 +0200
|
||||
diff -up openssh-5.6p1/servconf.h.gsskex openssh-5.6p1/servconf.h
|
||||
--- openssh-5.6p1/servconf.h.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.h 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -94,7 +94,10 @@ typedef struct {
|
||||
int kerberos_get_afs_token; /* If true, try to get AFS token if
|
||||
* authenticated with Kerberos. */
|
||||
@ -2369,10 +2369,10 @@ diff -up openssh-5.5p1/servconf.h.gsskex openssh-5.5p1/servconf.h
|
||||
int password_authentication; /* If true, permit password
|
||||
* authentication. */
|
||||
int kbd_interactive_authentication; /* If true, permit */
|
||||
diff -up openssh-5.5p1/ssh_config.5.gsskex openssh-5.5p1/ssh_config.5
|
||||
--- openssh-5.5p1/ssh_config.5.gsskex 2010-03-26 02:09:13.000000000 +0100
|
||||
+++ openssh-5.5p1/ssh_config.5 2010-05-13 16:00:00.000000000 +0200
|
||||
@@ -478,11 +478,38 @@ Specifies whether user authentication ba
|
||||
diff -up openssh-5.6p1/ssh_config.5.gsskex openssh-5.6p1/ssh_config.5
|
||||
--- openssh-5.6p1/ssh_config.5.gsskex 2010-08-05 05:03:13.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh_config.5 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -509,11 +509,38 @@ Specifies whether user authentication ba
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that this option applies to protocol version 2 only.
|
||||
@ -2412,9 +2412,9 @@ diff -up openssh-5.5p1/ssh_config.5.gsskex openssh-5.5p1/ssh_config.5
|
||||
.It Cm HashKnownHosts
|
||||
Indicates that
|
||||
.Xr ssh 1
|
||||
diff -up openssh-5.5p1/ssh_config.gsskex openssh-5.5p1/ssh_config
|
||||
--- openssh-5.5p1/ssh_config.gsskex 2010-05-13 15:59:48.000000000 +0200
|
||||
+++ openssh-5.5p1/ssh_config 2010-05-13 16:00:00.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh_config.gsskex openssh-5.6p1/ssh_config
|
||||
--- openssh-5.6p1/ssh_config.gsskex 2010-08-23 12:51:55.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh_config 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -26,6 +26,8 @@
|
||||
# HostbasedAuthentication no
|
||||
# GSSAPIAuthentication no
|
||||
@ -2424,9 +2424,9 @@ diff -up openssh-5.5p1/ssh_config.gsskex openssh-5.5p1/ssh_config
|
||||
# BatchMode no
|
||||
# CheckHostIP yes
|
||||
# AddressFamily any
|
||||
diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
|
||||
--- openssh-5.5p1/sshconnect2.c.gsskex 2010-05-13 15:59:57.000000000 +0200
|
||||
+++ openssh-5.5p1/sshconnect2.c 2010-05-13 16:00:00.000000000 +0200
|
||||
diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c
|
||||
--- openssh-5.6p1/sshconnect2.c.gsskex 2010-08-23 12:51:58.000000000 +0200
|
||||
+++ openssh-5.6p1/sshconnect2.c 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -108,9 +108,34 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
{
|
||||
Kex *kex;
|
||||
@ -2624,9 +2624,9 @@ diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
|
||||
#endif /* GSSAPI */
|
||||
|
||||
int
|
||||
diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
|
||||
--- openssh-5.5p1/sshd.c.gsskex 2010-05-13 15:59:57.000000000 +0200
|
||||
+++ openssh-5.5p1/sshd.c 2010-05-13 16:00:00.000000000 +0200
|
||||
diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c
|
||||
--- openssh-5.6p1/sshd.c.gsskex 2010-08-23 12:51:58.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd.c 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -129,6 +129,10 @@ int allow_severity;
|
||||
int deny_severity;
|
||||
#endif /* LIBWRAP */
|
||||
@ -2638,7 +2638,7 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
|
||||
#ifndef O_NOCTTY
|
||||
#define O_NOCTTY 0
|
||||
#endif
|
||||
@@ -1592,10 +1596,13 @@ main(int ac, char **av)
|
||||
@@ -1601,10 +1605,13 @@ main(int ac, char **av)
|
||||
logit("Disabling protocol version 1. Could not load host key");
|
||||
options.protocol &= ~SSH_PROTO_1;
|
||||
}
|
||||
@ -2652,7 +2652,7 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
|
||||
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
|
||||
logit("sshd: no hostkeys available -- exiting.");
|
||||
exit(1);
|
||||
@@ -1928,6 +1935,60 @@ main(int ac, char **av)
|
||||
@@ -1937,6 +1944,60 @@ main(int ac, char **av)
|
||||
/* Log the connection. */
|
||||
verbose("Connection from %.500s port %d", remote_ip, remote_port);
|
||||
|
||||
@ -2713,7 +2713,7 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
|
||||
/*
|
||||
* We don't want to listen forever unless the other side
|
||||
* successfully authenticates itself. So we set up an alarm which is
|
||||
@@ -2315,12 +2376,61 @@ do_ssh2_kex(void)
|
||||
@@ -2324,12 +2385,61 @@ do_ssh2_kex(void)
|
||||
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
||||
|
||||
@ -2775,10 +2775,10 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
|
||||
kex->server = 1;
|
||||
kex->client_version_string=client_version_string;
|
||||
kex->server_version_string=server_version_string;
|
||||
diff -up openssh-5.5p1/sshd_config.5.gsskex openssh-5.5p1/sshd_config.5
|
||||
--- openssh-5.5p1/sshd_config.5.gsskex 2010-05-13 15:59:54.000000000 +0200
|
||||
+++ openssh-5.5p1/sshd_config.5 2010-05-13 16:00:00.000000000 +0200
|
||||
@@ -379,12 +379,40 @@ Specifies whether user authentication ba
|
||||
diff -up openssh-5.6p1/sshd_config.5.gsskex openssh-5.6p1/sshd_config.5
|
||||
--- openssh-5.6p1/sshd_config.5.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.5 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -424,12 +424,40 @@ Specifies whether user authentication ba
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that this option applies to protocol version 2 only.
|
||||
@ -2819,9 +2819,9 @@ diff -up openssh-5.5p1/sshd_config.5.gsskex openssh-5.5p1/sshd_config.5
|
||||
.It Cm HostbasedAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
with successful public key client host authentication is allowed
|
||||
diff -up openssh-5.5p1/sshd_config.gsskex openssh-5.5p1/sshd_config
|
||||
--- openssh-5.5p1/sshd_config.gsskex 2010-05-13 15:59:54.000000000 +0200
|
||||
+++ openssh-5.5p1/sshd_config 2010-05-13 16:00:00.000000000 +0200
|
||||
diff -up openssh-5.6p1/sshd_config.gsskex openssh-5.6p1/sshd_config
|
||||
--- openssh-5.6p1/sshd_config.gsskex 2010-08-23 12:51:56.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -78,6 +78,8 @@ ChallengeResponseAuthentication no
|
||||
GSSAPIAuthentication yes
|
||||
#GSSAPICleanupCredentials yes
|
||||
@ -2831,9 +2831,9 @@ diff -up openssh-5.5p1/sshd_config.gsskex openssh-5.5p1/sshd_config
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
diff -up openssh-5.5p1/ssh-gss.h.gsskex openssh-5.5p1/ssh-gss.h
|
||||
--- openssh-5.5p1/ssh-gss.h.gsskex 2007-06-12 15:40:39.000000000 +0200
|
||||
+++ openssh-5.5p1/ssh-gss.h 2010-05-13 16:00:00.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-gss.h.gsskex openssh-5.6p1/ssh-gss.h
|
||||
--- openssh-5.6p1/ssh-gss.h.gsskex 2007-06-12 15:40:39.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-gss.h 2010-08-23 12:51:59.000000000 +0200
|
||||
@@ -1,6 +1,6 @@
|
||||
/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
|
||||
/*
|
||||
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
|
||||
--- openssh-5.5p1/ssh-keygen.0.keygen 2010-04-16 02:17:11.000000000 +0200
|
||||
+++ openssh-5.5p1/ssh-keygen.0 2010-05-04 08:19:22.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-keygen.0.keygen openssh-5.6p1/ssh-keygen.0
|
||||
--- openssh-5.6p1/ssh-keygen.0.keygen 2010-08-22 16:30:03.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-keygen.0 2010-08-23 12:37:19.000000000 +0200
|
||||
@@ -4,7 +4,7 @@ NAME
|
||||
ssh-keygen - authentication key generation, management and conversion
|
||||
|
||||
@ -9,8 +9,8 @@ diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
|
||||
+ ssh-keygen [-q] [-o] [-b bits] -t type [-N new_passphrase] [-C comment]
|
||||
[-f output_keyfile]
|
||||
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
|
||||
ssh-keygen -i [-f input_keyfile]
|
||||
@@ -222,6 +222,8 @@ DESCRIPTION
|
||||
ssh-keygen -i [-m key_format] [-f input_keyfile]
|
||||
@@ -232,6 +232,8 @@ DESCRIPTION
|
||||
|
||||
-q Silence ssh-keygen. Used by /etc/rc when creating a new key.
|
||||
|
||||
@ -19,18 +19,18 @@ diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
|
||||
-R hostname
|
||||
Removes all keys belonging to hostname from a known_hosts file.
|
||||
This option is useful to delete hashed hosts (see the -H option
|
||||
diff -up openssh-5.5p1/ssh-keygen.1.keygen openssh-5.5p1/ssh-keygen.1
|
||||
--- openssh-5.5p1/ssh-keygen.1.keygen 2010-03-21 19:57:49.000000000 +0100
|
||||
+++ openssh-5.5p1/ssh-keygen.1 2010-05-04 08:19:22.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-keygen.1.keygen openssh-5.6p1/ssh-keygen.1
|
||||
--- openssh-5.6p1/ssh-keygen.1.keygen 2010-08-05 05:05:32.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-keygen.1 2010-08-23 12:36:25.000000000 +0200
|
||||
@@ -47,6 +47,7 @@
|
||||
.Nm ssh-keygen
|
||||
.Bk -words
|
||||
.Nm ssh-keygen
|
||||
.Op Fl q
|
||||
+.Op Fl o
|
||||
.Op Fl b Ar bits
|
||||
.Fl t Ar type
|
||||
.Op Fl N Ar new_passphrase
|
||||
@@ -370,6 +371,8 @@ Silence
|
||||
@@ -397,6 +398,8 @@ Silence
|
||||
Used by
|
||||
.Pa /etc/rc
|
||||
when creating a new key.
|
||||
@ -39,9 +39,9 @@ diff -up openssh-5.5p1/ssh-keygen.1.keygen openssh-5.5p1/ssh-keygen.1
|
||||
.It Fl R Ar hostname
|
||||
Removes all keys belonging to
|
||||
.Ar hostname
|
||||
diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
|
||||
--- openssh-5.5p1/ssh-keygen.c.keygen 2010-03-21 19:58:24.000000000 +0100
|
||||
+++ openssh-5.5p1/ssh-keygen.c 2010-05-04 08:22:22.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-keygen.c.keygen openssh-5.6p1/ssh-keygen.c
|
||||
--- openssh-5.6p1/ssh-keygen.c.keygen 2010-08-05 05:05:32.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-keygen.c 2010-08-23 12:34:40.000000000 +0200
|
||||
@@ -72,6 +72,7 @@ int change_passphrase = 0;
|
||||
int change_comment = 0;
|
||||
|
||||
@ -50,16 +50,16 @@ diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
|
||||
|
||||
int log_level = SYSLOG_LEVEL_INFO;
|
||||
|
||||
@@ -1540,7 +1541,7 @@ main(int argc, char **argv)
|
||||
@@ -1798,7 +1799,7 @@ main(int argc, char **argv)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:N:n:"
|
||||
+ while ((opt = getopt(argc, argv, "degiqopclBHLhvxXyF:b:f:t:D:I:P:N:n:"
|
||||
"O:C:r:g:R:T:G:M:S:s:a:V:W:")) != -1) {
|
||||
- while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
|
||||
+ while ((opt = getopt(argc, argv, "degiqopclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
|
||||
"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
|
||||
switch (opt) {
|
||||
case 'b':
|
||||
@@ -1605,6 +1606,9 @@ main(int argc, char **argv)
|
||||
@@ -1878,6 +1879,9 @@ main(int argc, char **argv)
|
||||
case 'q':
|
||||
quiet = 1;
|
||||
break;
|
||||
@ -69,8 +69,8 @@ diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
|
||||
case 'e':
|
||||
case 'x':
|
||||
/* export key */
|
||||
@@ -1835,7 +1839,7 @@ main(int argc, char **argv)
|
||||
printf("Created directory '%s'.\n", dotsshdir);
|
||||
@@ -2124,7 +2128,7 @@ main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
/* If the file already exists, ask the user to confirm. */
|
||||
- if (stat(identity_file, &st) >= 0) {
|
||||
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.5p1/auth-krb5.c.kuserok openssh-5.5p1/auth-krb5.c
|
||||
--- openssh-5.5p1/auth-krb5.c.kuserok 2010-07-07 13:12:01.000000000 +0200
|
||||
+++ openssh-5.5p1/auth-krb5.c 2010-07-07 13:12:03.000000000 +0200
|
||||
diff -up openssh-5.6p1/auth-krb5.c.kuserok openssh-5.6p1/auth-krb5.c
|
||||
--- openssh-5.6p1/auth-krb5.c.kuserok 2010-08-23 13:01:19.000000000 +0200
|
||||
+++ openssh-5.6p1/auth-krb5.c 2010-08-23 13:01:21.000000000 +0200
|
||||
@@ -146,9 +146,11 @@ auth_krb5_password(Authctxt *authctxt, c
|
||||
if (problem)
|
||||
goto out;
|
||||
@ -16,18 +16,18 @@ diff -up openssh-5.5p1/auth-krb5.c.kuserok openssh-5.5p1/auth-krb5.c
|
||||
}
|
||||
|
||||
problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
|
||||
diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
|
||||
--- openssh-5.5p1/servconf.c.kuserok 2010-07-07 13:12:02.000000000 +0200
|
||||
+++ openssh-5.5p1/servconf.c 2010-07-07 13:12:04.000000000 +0200
|
||||
@@ -137,6 +137,7 @@ initialize_server_options(ServerOptions
|
||||
options->zero_knowledge_password_authentication = -1;
|
||||
diff -up openssh-5.6p1/servconf.c.kuserok openssh-5.6p1/servconf.c
|
||||
--- openssh-5.6p1/servconf.c.kuserok 2010-08-23 13:01:20.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.c 2010-08-23 13:02:14.000000000 +0200
|
||||
@@ -138,6 +138,7 @@ initialize_server_options(ServerOptions
|
||||
options->revoked_keys_file = NULL;
|
||||
options->trusted_user_ca_keys = NULL;
|
||||
options->authorized_principals_file = NULL;
|
||||
+ options->use_kuserok = -1;
|
||||
}
|
||||
|
||||
void
|
||||
@@ -285,6 +286,8 @@ fill_default_server_options(ServerOption
|
||||
@@ -286,6 +287,8 @@ fill_default_server_options(ServerOption
|
||||
if (use_privsep == -1)
|
||||
use_privsep = 1;
|
||||
|
||||
@ -36,7 +36,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
|
||||
#ifndef HAVE_MMAP
|
||||
if (use_privsep && options->compression == 1) {
|
||||
error("This platform does not support both privilege "
|
||||
@@ -306,7 +309,7 @@ typedef enum {
|
||||
@@ -307,7 +310,7 @@ typedef enum {
|
||||
sPermitRootLogin, sLogFacility, sLogLevel,
|
||||
sRhostsRSAAuthentication, sRSAAuthentication,
|
||||
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
|
||||
@ -45,7 +45,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
|
||||
sKerberosTgtPassing, sChallengeResponseAuthentication,
|
||||
sPasswordAuthentication, sKbdInteractiveAuthentication,
|
||||
sListenAddress, sAddressFamily,
|
||||
@@ -376,11 +379,13 @@ static struct {
|
||||
@@ -377,11 +380,13 @@ static struct {
|
||||
#else
|
||||
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
|
||||
#endif
|
||||
@ -59,7 +59,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
|
||||
#endif
|
||||
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
|
||||
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
|
||||
@@ -1335,6 +1340,10 @@ process_server_config_line(ServerOptions
|
||||
@@ -1341,6 +1346,10 @@ process_server_config_line(ServerOptions
|
||||
*activep = value;
|
||||
break;
|
||||
|
||||
@ -70,7 +70,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
|
||||
case sPermitOpen:
|
||||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
@@ -1517,6 +1526,7 @@ copy_set_server_options(ServerOptions *d
|
||||
@@ -1525,6 +1534,7 @@ copy_set_server_options(ServerOptions *d
|
||||
M_CP_INTOPT(x11_use_localhost);
|
||||
M_CP_INTOPT(max_sessions);
|
||||
M_CP_INTOPT(max_authtries);
|
||||
@ -78,7 +78,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
|
||||
|
||||
M_CP_STROPT(banner);
|
||||
if (preauth)
|
||||
@@ -1734,6 +1744,7 @@ dump_config(ServerOptions *o)
|
||||
@@ -1745,6 +1755,7 @@ dump_config(ServerOptions *o)
|
||||
dump_cfg_fmtint(sUseDNS, o->use_dns);
|
||||
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
|
||||
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
||||
@ -86,9 +86,9 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
|
||||
|
||||
/* string arguments */
|
||||
dump_cfg_string(sPidFile, o->pid_file);
|
||||
diff -up openssh-5.5p1/servconf.h.kuserok openssh-5.5p1/servconf.h
|
||||
--- openssh-5.5p1/servconf.h.kuserok 2010-07-07 13:12:02.000000000 +0200
|
||||
+++ openssh-5.5p1/servconf.h 2010-07-07 13:12:04.000000000 +0200
|
||||
diff -up openssh-5.6p1/servconf.h.kuserok openssh-5.6p1/servconf.h
|
||||
--- openssh-5.6p1/servconf.h.kuserok 2010-08-23 13:01:20.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.h 2010-08-23 13:01:21.000000000 +0200
|
||||
@@ -157,6 +157,7 @@ typedef struct {
|
||||
|
||||
int num_permitted_opens;
|
||||
@ -97,10 +97,10 @@ diff -up openssh-5.5p1/servconf.h.kuserok openssh-5.5p1/servconf.h
|
||||
char *chroot_directory;
|
||||
char *revoked_keys_file;
|
||||
char *trusted_user_ca_keys;
|
||||
diff -up openssh-5.5p1/sshd_config.5.kuserok openssh-5.5p1/sshd_config.5
|
||||
--- openssh-5.5p1/sshd_config.5.kuserok 2010-07-07 13:12:03.000000000 +0200
|
||||
+++ openssh-5.5p1/sshd_config.5 2010-07-07 13:21:02.000000000 +0200
|
||||
@@ -519,6 +519,10 @@ Specifies whether to automatically destr
|
||||
diff -up openssh-5.6p1/sshd_config.5.kuserok openssh-5.6p1/sshd_config.5
|
||||
--- openssh-5.6p1/sshd_config.5.kuserok 2010-08-23 13:01:21.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.5 2010-08-23 13:03:15.000000000 +0200
|
||||
@@ -564,6 +564,10 @@ Specifies whether to automatically destr
|
||||
file on logout.
|
||||
The default is
|
||||
.Dq yes .
|
||||
@ -111,17 +111,17 @@ diff -up openssh-5.5p1/sshd_config.5.kuserok openssh-5.5p1/sshd_config.5
|
||||
.It Cm KeyRegenerationInterval
|
||||
In protocol version 1, the ephemeral server key is automatically regenerated
|
||||
after this many seconds (if it has been used).
|
||||
@@ -644,6 +648,7 @@ Available keywords are
|
||||
.Cm HostbasedAuthentication ,
|
||||
@@ -694,6 +698,7 @@ Available keywords are
|
||||
.Cm HostbasedUsesNameFromPacketOnly ,
|
||||
.Cm KbdInteractiveAuthentication ,
|
||||
.Cm KerberosAuthentication ,
|
||||
+.Cm KerberosUseKuserok ,
|
||||
.Cm MaxAuthTries ,
|
||||
.Cm MaxSessions ,
|
||||
.Cm PubkeyAuthentication ,
|
||||
diff -up openssh-5.5p1/sshd_config.kuserok openssh-5.5p1/sshd_config
|
||||
--- openssh-5.5p1/sshd_config.kuserok 2010-07-07 13:12:03.000000000 +0200
|
||||
+++ openssh-5.5p1/sshd_config 2010-07-07 13:12:04.000000000 +0200
|
||||
diff -up openssh-5.6p1/sshd_config.kuserok openssh-5.6p1/sshd_config
|
||||
--- openssh-5.6p1/sshd_config.kuserok 2010-08-23 13:01:21.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config 2010-08-23 13:01:21.000000000 +0200
|
||||
@@ -72,6 +72,7 @@ ChallengeResponseAuthentication no
|
||||
#KerberosOrLocalPasswd yes
|
||||
#KerberosTicketCleanup yes
|
||||
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.5p1/configure.ac.ldap openssh-5.5p1/configure.ac
|
||||
--- openssh-5.5p1/configure.ac.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/configure.ac 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/configure.ac.ldap openssh-5.6p1/configure.ac
|
||||
--- openssh-5.6p1/configure.ac.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/configure.ac 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -1358,6 +1358,106 @@ AC_ARG_WITH(authorized-keys-command,
|
||||
]
|
||||
)
|
||||
@ -108,9 +108,9 @@ diff -up openssh-5.5p1/configure.ac.ldap openssh-5.5p1/configure.ac
|
||||
dnl Checks for library functions. Please keep in alphabetical order
|
||||
AC_CHECK_FUNCS( \
|
||||
arc4random \
|
||||
diff -up openssh-5.5p1/ldapbody.c.ldap openssh-5.5p1/ldapbody.c
|
||||
--- openssh-5.5p1/ldapbody.c.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldapbody.c 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldapbody.c.ldap openssh-5.6p1/ldapbody.c
|
||||
--- openssh-5.6p1/ldapbody.c.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldapbody.c 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,494 @@
|
||||
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
@ -606,9 +606,9 @@ diff -up openssh-5.5p1/ldapbody.c.ldap openssh-5.5p1/ldapbody.c
|
||||
+ return;
|
||||
+}
|
||||
+
|
||||
diff -up openssh-5.5p1/ldapbody.h.ldap openssh-5.5p1/ldapbody.h
|
||||
--- openssh-5.5p1/ldapbody.h.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldapbody.h 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldapbody.h.ldap openssh-5.6p1/ldapbody.h
|
||||
--- openssh-5.6p1/ldapbody.h.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldapbody.h 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,37 @@
|
||||
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
@ -647,9 +647,9 @@ diff -up openssh-5.5p1/ldapbody.h.ldap openssh-5.5p1/ldapbody.h
|
||||
+
|
||||
+#endif /* LDAPBODY_H */
|
||||
+
|
||||
diff -up openssh-5.5p1/ldapconf.c.ldap openssh-5.5p1/ldapconf.c
|
||||
--- openssh-5.5p1/ldapconf.c.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldapconf.c 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldapconf.c.ldap openssh-5.6p1/ldapconf.c
|
||||
--- openssh-5.6p1/ldapconf.c.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldapconf.c 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,682 @@
|
||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
@ -1333,9 +1333,9 @@ diff -up openssh-5.5p1/ldapconf.c.ldap openssh-5.5p1/ldapconf.c
|
||||
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
|
||||
+}
|
||||
+
|
||||
diff -up openssh-5.5p1/ldapconf.h.ldap openssh-5.5p1/ldapconf.h
|
||||
--- openssh-5.5p1/ldapconf.h.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldapconf.h 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldapconf.h.ldap openssh-5.6p1/ldapconf.h
|
||||
--- openssh-5.6p1/ldapconf.h.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldapconf.h 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,71 @@
|
||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
@ -1408,9 +1408,9 @@ diff -up openssh-5.5p1/ldapconf.h.ldap openssh-5.5p1/ldapconf.h
|
||||
+void dump_config(void);
|
||||
+
|
||||
+#endif /* LDAPCONF_H */
|
||||
diff -up openssh-5.5p1/ldap.conf.ldap openssh-5.5p1/ldap.conf
|
||||
--- openssh-5.5p1/ldap.conf.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldap.conf 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldap.conf.ldap openssh-5.6p1/ldap.conf
|
||||
--- openssh-5.6p1/ldap.conf.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldap.conf 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,88 @@
|
||||
+# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
|
||||
+#
|
||||
@ -1500,9 +1500,9 @@ diff -up openssh-5.5p1/ldap.conf.ldap openssh-5.5p1/ldap.conf
|
||||
+#tls_cert
|
||||
+#tls_key
|
||||
+
|
||||
diff -up openssh-5.5p1/ldap-helper.c.ldap openssh-5.5p1/ldap-helper.c
|
||||
--- openssh-5.5p1/ldap-helper.c.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldap-helper.c 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldap-helper.c.ldap openssh-5.6p1/ldap-helper.c
|
||||
--- openssh-5.6p1/ldap-helper.c.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldap-helper.c 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,154 @@
|
||||
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
@ -1658,9 +1658,9 @@ diff -up openssh-5.5p1/ldap-helper.c.ldap openssh-5.5p1/ldap-helper.c
|
||||
+void *buffer_get_string(Buffer *b, u_int *l) {}
|
||||
+void buffer_put_string(Buffer *b, const void *f, u_int l) {}
|
||||
+
|
||||
diff -up openssh-5.5p1/ldap-helper.h.ldap openssh-5.5p1/ldap-helper.h
|
||||
--- openssh-5.5p1/ldap-helper.h.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldap-helper.h 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldap-helper.h.ldap openssh-5.6p1/ldap-helper.h
|
||||
--- openssh-5.6p1/ldap-helper.h.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldap-helper.h 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,32 @@
|
||||
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
@ -1694,9 +1694,9 @@ diff -up openssh-5.5p1/ldap-helper.h.ldap openssh-5.5p1/ldap-helper.h
|
||||
+extern int config_warning_config_file;
|
||||
+
|
||||
+#endif /* LDAP_HELPER_H */
|
||||
diff -up openssh-5.5p1/ldapincludes.h.ldap openssh-5.5p1/ldapincludes.h
|
||||
--- openssh-5.5p1/ldapincludes.h.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldapincludes.h 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldapincludes.h.ldap openssh-5.6p1/ldapincludes.h
|
||||
--- openssh-5.6p1/ldapincludes.h.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldapincludes.h 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,41 @@
|
||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
@ -1739,9 +1739,9 @@ diff -up openssh-5.5p1/ldapincludes.h.ldap openssh-5.5p1/ldapincludes.h
|
||||
+#endif
|
||||
+
|
||||
+#endif /* LDAPINCLUDES_H */
|
||||
diff -up openssh-5.5p1/ldapmisc.c.ldap openssh-5.5p1/ldapmisc.c
|
||||
--- openssh-5.5p1/ldapmisc.c.ldap 2010-07-07 14:36:34.000000000 +0200
|
||||
+++ openssh-5.5p1/ldapmisc.c 2010-07-07 14:36:34.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldapmisc.c.ldap openssh-5.6p1/ldapmisc.c
|
||||
--- openssh-5.6p1/ldapmisc.c.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldapmisc.c 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,79 @@
|
||||
+
|
||||
+#include "ldapincludes.h"
|
||||
@ -1822,9 +1822,9 @@ diff -up openssh-5.5p1/ldapmisc.c.ldap openssh-5.5p1/ldapmisc.c
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
diff -up openssh-5.5p1/ldapmisc.h.ldap openssh-5.5p1/ldapmisc.h
|
||||
--- openssh-5.5p1/ldapmisc.h.ldap 2010-07-07 14:36:35.000000000 +0200
|
||||
+++ openssh-5.5p1/ldapmisc.h 2010-07-07 14:36:35.000000000 +0200
|
||||
diff -up openssh-5.6p1/ldapmisc.h.ldap openssh-5.6p1/ldapmisc.h
|
||||
--- openssh-5.6p1/ldapmisc.h.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ldapmisc.h 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,35 @@
|
||||
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
@ -1861,9 +1861,9 @@ diff -up openssh-5.5p1/ldapmisc.h.ldap openssh-5.5p1/ldapmisc.h
|
||||
+
|
||||
+#endif /* LDAPMISC_H */
|
||||
+
|
||||
diff -up openssh-5.5p1/lpk-user-example.txt.ldap openssh-5.5p1/lpk-user-example.txt
|
||||
--- openssh-5.5p1/lpk-user-example.txt.ldap 2010-07-07 14:36:35.000000000 +0200
|
||||
+++ openssh-5.5p1/lpk-user-example.txt 2010-07-07 14:36:35.000000000 +0200
|
||||
diff -up openssh-5.6p1/lpk-user-example.txt.ldap openssh-5.6p1/lpk-user-example.txt
|
||||
--- openssh-5.6p1/lpk-user-example.txt.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/lpk-user-example.txt 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,117 @@
|
||||
+
|
||||
+Post to ML -> User Made Quick Install Doc.
|
||||
@ -1982,9 +1982,9 @@ diff -up openssh-5.5p1/lpk-user-example.txt.ldap openssh-5.5p1/lpk-user-example.
|
||||
+puTTY). Login should succeed.
|
||||
+
|
||||
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
diff -up openssh-5.5p1/Makefile.in.ldap openssh-5.5p1/Makefile.in
|
||||
--- openssh-5.5p1/Makefile.in.ldap 2010-03-13 22:41:34.000000000 +0100
|
||||
+++ openssh-5.5p1/Makefile.in 2010-07-07 14:36:35.000000000 +0200
|
||||
diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in
|
||||
--- openssh-5.6p1/Makefile.in.ldap 2010-05-12 08:51:39.000000000 +0200
|
||||
+++ openssh-5.6p1/Makefile.in 2010-08-23 12:29:24.000000000 +0200
|
||||
@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
|
||||
SFTP_SERVER=$(libexecdir)/sftp-server
|
||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||
@ -2004,26 +2004,9 @@ diff -up openssh-5.5p1/Makefile.in.ldap openssh-5.5p1/Makefile.in
|
||||
|
||||
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
||||
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
|
||||
@@ -74,11 +76,11 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||
kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \
|
||||
entropy.o gss-genr.o umac.o jpake.o schnorr.o \
|
||||
- ssh-pkcs11.o
|
||||
+ ssh-pkcs11.o
|
||||
|
||||
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
|
||||
- roaming_common.o roaming_client.o
|
||||
+ roaming_common.o roaming_client.o
|
||||
|
||||
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
|
||||
sshpty.o sshlogin.o servconf.o serverloop.o \
|
||||
@@ -91,10 +93,10 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
||||
auth2-gss.o gss-serv.o gss-serv-krb5.o \
|
||||
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
|
||||
@@ -93,8 +95,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
||||
audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
|
||||
- roaming_common.o roaming_serv.o
|
||||
+ roaming_common.o roaming_serv.o
|
||||
roaming_common.o roaming_serv.o
|
||||
|
||||
-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
|
||||
-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
|
||||
@ -2034,7 +2017,7 @@ diff -up openssh-5.5p1/Makefile.in.ldap openssh-5.5p1/Makefile.in
|
||||
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
|
||||
@@ -162,6 +164,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
|
||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
+ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
|
||||
+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
||||
@ -2085,9 +2068,9 @@ diff -up openssh-5.5p1/Makefile.in.ldap openssh-5.5p1/Makefile.in
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
|
||||
|
||||
tests interop-tests: $(TARGETS)
|
||||
diff -up openssh-5.5p1/openssh-lpk-openldap.schema.ldap openssh-5.5p1/openssh-lpk-openldap.schema
|
||||
--- openssh-5.5p1/openssh-lpk-openldap.schema.ldap 2010-07-07 14:36:35.000000000 +0200
|
||||
+++ openssh-5.5p1/openssh-lpk-openldap.schema 2010-07-07 14:36:35.000000000 +0200
|
||||
diff -up openssh-5.6p1/openssh-lpk-openldap.schema.ldap openssh-5.6p1/openssh-lpk-openldap.schema
|
||||
--- openssh-5.6p1/openssh-lpk-openldap.schema.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/openssh-lpk-openldap.schema 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,21 @@
|
||||
+#
|
||||
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
||||
@ -2110,9 +2093,9 @@ diff -up openssh-5.5p1/openssh-lpk-openldap.schema.ldap openssh-5.5p1/openssh-lp
|
||||
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||
+ MUST ( sshPublicKey $ uid )
|
||||
+ )
|
||||
diff -up openssh-5.5p1/openssh-lpk-sun.schema.ldap openssh-5.5p1/openssh-lpk-sun.schema
|
||||
--- openssh-5.5p1/openssh-lpk-sun.schema.ldap 2010-07-07 14:36:35.000000000 +0200
|
||||
+++ openssh-5.5p1/openssh-lpk-sun.schema 2010-07-07 14:36:35.000000000 +0200
|
||||
diff -up openssh-5.6p1/openssh-lpk-sun.schema.ldap openssh-5.6p1/openssh-lpk-sun.schema
|
||||
--- openssh-5.6p1/openssh-lpk-sun.schema.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/openssh-lpk-sun.schema 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,23 @@
|
||||
+#
|
||||
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
||||
@ -2137,9 +2120,9 @@ diff -up openssh-5.5p1/openssh-lpk-sun.schema.ldap openssh-5.5p1/openssh-lpk-sun
|
||||
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||
+ MUST ( sshPublicKey $ uid )
|
||||
+ )
|
||||
diff -up openssh-5.5p1/README.lpk.ldap openssh-5.5p1/README.lpk
|
||||
--- openssh-5.5p1/README.lpk.ldap 2010-07-07 14:36:35.000000000 +0200
|
||||
+++ openssh-5.5p1/README.lpk 2010-07-07 14:36:35.000000000 +0200
|
||||
diff -up openssh-5.6p1/README.lpk.ldap openssh-5.6p1/README.lpk
|
||||
--- openssh-5.6p1/README.lpk.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/README.lpk 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,274 @@
|
||||
+OpenSSH LDAP PUBLIC KEY PATCH
|
||||
+Copyright (c) 2003 Eric AUGE (eau@phear.org)
|
||||
@ -2415,9 +2398,9 @@ diff -up openssh-5.5p1/README.lpk.ldap openssh-5.5p1/README.lpk
|
||||
+- CONTACT :
|
||||
+ Jan F. Chadima <jchadima@redhat.com>
|
||||
+
|
||||
diff -up openssh-5.5p1/ssh-ldap.conf.5.ldap openssh-5.5p1/ssh-ldap.conf.5
|
||||
--- openssh-5.5p1/ssh-ldap.conf.5.ldap 2010-07-07 14:36:35.000000000 +0200
|
||||
+++ openssh-5.5p1/ssh-ldap.conf.5 2010-07-07 14:36:35.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-ldap.conf.5.ldap openssh-5.6p1/ssh-ldap.conf.5
|
||||
--- openssh-5.6p1/ssh-ldap.conf.5.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-ldap.conf.5 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,373 @@
|
||||
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
|
||||
+.\"
|
||||
@ -2792,9 +2775,9 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.ldap openssh-5.5p1/ssh-ldap.conf.5
|
||||
+OpenSSH 5.5 + PKA-LDAP .
|
||||
+.Sh AUTHORS
|
||||
+.An Jan F. Chadima Aq jchadima@redhat.com
|
||||
diff -up openssh-5.5p1/ssh-ldap-helper.8.ldap openssh-5.5p1/ssh-ldap-helper.8
|
||||
--- openssh-5.5p1/ssh-ldap-helper.8.ldap 2010-07-07 14:36:35.000000000 +0200
|
||||
+++ openssh-5.5p1/ssh-ldap-helper.8 2010-07-07 14:36:35.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh-ldap-helper.8.ldap openssh-5.6p1/ssh-ldap-helper.8
|
||||
--- openssh-5.6p1/ssh-ldap-helper.8.ldap 2010-08-23 12:28:11.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh-ldap-helper.8 2010-08-23 12:28:11.000000000 +0200
|
||||
@@ -0,0 +1,78 @@
|
||||
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
|
||||
+.\"
|
||||
@ -1,7 +1,7 @@
|
||||
diff -up openssh-5.4p1/configure.ac.mls openssh-5.4p1/configure.ac
|
||||
--- openssh-5.4p1/configure.ac.mls 2010-03-01 15:24:27.000000000 +0100
|
||||
+++ openssh-5.4p1/configure.ac 2010-03-01 15:24:28.000000000 +0100
|
||||
@@ -3360,6 +3360,7 @@ AC_ARG_WITH(selinux,
|
||||
diff -up openssh-5.6p1/configure.ac.mls openssh-5.6p1/configure.ac
|
||||
--- openssh-5.6p1/configure.ac.mls 2010-08-23 12:11:36.000000000 +0200
|
||||
+++ openssh-5.6p1/configure.ac 2010-08-23 12:11:36.000000000 +0200
|
||||
@@ -3390,6 +3390,7 @@ AC_ARG_WITH(selinux,
|
||||
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
|
||||
LIBS="$LIBS $LIBSELINUX"
|
||||
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
|
||||
@ -9,23 +9,21 @@ diff -up openssh-5.4p1/configure.ac.mls openssh-5.4p1/configure.ac
|
||||
LIBS="$save_LIBS"
|
||||
fi ]
|
||||
)
|
||||
diff -up openssh-5.4p1/misc.c.mls openssh-5.4p1/misc.c
|
||||
--- openssh-5.4p1/misc.c.mls 2010-01-10 00:31:12.000000000 +0100
|
||||
+++ openssh-5.4p1/misc.c 2010-03-01 15:24:28.000000000 +0100
|
||||
@@ -423,6 +423,7 @@ char *
|
||||
diff -up openssh-5.6p1/misc.c.mls openssh-5.6p1/misc.c
|
||||
--- openssh-5.6p1/misc.c.mls 2010-08-03 08:05:05.000000000 +0200
|
||||
+++ openssh-5.6p1/misc.c 2010-08-23 12:14:16.000000000 +0200
|
||||
@@ -424,6 +424,7 @@ char *
|
||||
colon(char *cp)
|
||||
{
|
||||
int flag = 0;
|
||||
+ int start = 1;
|
||||
|
||||
if (*cp == ':') /* Leading colon is part of file name. */
|
||||
return (0);
|
||||
@@ -436,8 +437,13 @@ colon(char *cp)
|
||||
return (cp+1);
|
||||
if (*cp == ':' && !flag)
|
||||
return NULL;
|
||||
@@ -439,6 +440,13 @@ colon(char *cp)
|
||||
return (cp);
|
||||
- if (*cp == '/')
|
||||
- return (0);
|
||||
if (*cp == '/')
|
||||
return NULL;
|
||||
+ if (start) {
|
||||
+ /* Slash on beginning or after dots only denotes file name. */
|
||||
+ if (*cp == '/')
|
||||
@ -34,11 +32,11 @@ diff -up openssh-5.4p1/misc.c.mls openssh-5.4p1/misc.c
|
||||
+ start = 0;
|
||||
+ }
|
||||
}
|
||||
return (0);
|
||||
return NULL;
|
||||
}
|
||||
diff -up openssh-5.4p1/openbsd-compat/port-linux.c.mls openssh-5.4p1/openbsd-compat/port-linux.c
|
||||
--- openssh-5.4p1/openbsd-compat/port-linux.c.mls 2010-03-01 15:24:27.000000000 +0100
|
||||
+++ openssh-5.4p1/openbsd-compat/port-linux.c 2010-03-01 15:25:50.000000000 +0100
|
||||
diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-compat/port-linux.c
|
||||
--- openssh-5.6p1/openbsd-compat/port-linux.c.mls 2010-08-23 12:11:36.000000000 +0200
|
||||
+++ openssh-5.6p1/openbsd-compat/port-linux.c 2010-08-23 12:11:37.000000000 +0200
|
||||
@@ -35,13 +35,24 @@
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
@ -417,10 +415,10 @@ diff -up openssh-5.4p1/openbsd-compat/port-linux.c.mls openssh-5.4p1/openbsd-com
|
||||
|
||||
/* XXX: should these calls fatal() upon failure in enforcing mode? */
|
||||
|
||||
diff -up openssh-5.4p1/sshd.c.mls openssh-5.4p1/sshd.c
|
||||
--- openssh-5.4p1/sshd.c.mls 2010-03-01 15:24:27.000000000 +0100
|
||||
+++ openssh-5.4p1/sshd.c 2010-03-01 15:24:28.000000000 +0100
|
||||
@@ -1987,6 +1987,9 @@ main(int ac, char **av)
|
||||
diff -up openssh-5.6p1/sshd.c.mls openssh-5.6p1/sshd.c
|
||||
--- openssh-5.6p1/sshd.c.mls 2010-08-23 12:11:36.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd.c 2010-08-23 12:11:37.000000000 +0200
|
||||
@@ -1997,6 +1997,9 @@ main(int ac, char **av)
|
||||
restore_uid();
|
||||
}
|
||||
#endif
|
||||
@ -1,19 +1,19 @@
|
||||
diff -up openssh-5.3p1/contrib/ssh-copy-id.selabel openssh-5.3p1/contrib/ssh-copy-id
|
||||
--- openssh-5.3p1/contrib/ssh-copy-id.selabel 2009-01-21 10:29:21.000000000 +0100
|
||||
+++ openssh-5.3p1/contrib/ssh-copy-id 2009-10-02 14:21:54.000000000 +0200
|
||||
@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] ||
|
||||
exit 1
|
||||
fi
|
||||
diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
|
||||
--- openssh-5.6p1/contrib/ssh-copy-id.selabel 2010-08-10 05:36:09.000000000 +0200
|
||||
+++ openssh-5.6p1/contrib/ssh-copy-id 2010-08-23 12:50:20.000000000 +0200
|
||||
@@ -41,7 +41,7 @@ fi
|
||||
# strip any trailing colon
|
||||
host=`echo $1 | sed 's/:$//'`
|
||||
|
||||
-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
|
||||
+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1
|
||||
-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
|
||||
+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1
|
||||
|
||||
cat <<EOF
|
||||
Now try logging into the machine, with "ssh '$1'", and check in:
|
||||
diff -up openssh-5.3p1/Makefile.in.selabel openssh-5.3p1/Makefile.in
|
||||
--- openssh-5.3p1/Makefile.in.selabel 2009-10-02 14:21:54.000000000 +0200
|
||||
+++ openssh-5.3p1/Makefile.in 2009-10-02 14:23:23.000000000 +0200
|
||||
@@ -136,7 +136,7 @@ libssh.a: $(LIBSSH_OBJS)
|
||||
Now try logging into the machine, with "ssh '$host'", and check in:
|
||||
diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
|
||||
--- openssh-5.6p1/Makefile.in.selabel 2010-08-23 12:47:39.000000000 +0200
|
||||
+++ openssh-5.6p1/Makefile.in 2010-08-23 12:47:39.000000000 +0200
|
||||
@@ -141,7 +141,7 @@ libssh.a: $(LIBSSH_OBJS)
|
||||
$(RANLIB) $@
|
||||
|
||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||
@ -22,9 +22,9 @@ diff -up openssh-5.3p1/Makefile.in.selabel openssh-5.3p1/Makefile.in
|
||||
|
||||
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
||||
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
|
||||
diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
|
||||
--- openssh-5.3p1/ssh.c.selabel 2009-10-02 14:21:54.000000000 +0200
|
||||
+++ openssh-5.3p1/ssh.c 2009-10-02 14:21:54.000000000 +0200
|
||||
diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
|
||||
--- openssh-5.6p1/ssh.c.selabel 2010-08-23 12:47:39.000000000 +0200
|
||||
+++ openssh-5.6p1/ssh.c 2010-08-23 12:47:39.000000000 +0200
|
||||
@@ -74,6 +74,7 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/fips.h>
|
||||
@ -33,7 +33,7 @@ diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@@ -792,10 +793,15 @@ main(int ac, char **av)
|
||||
@@ -848,10 +849,15 @@ main(int ac, char **av)
|
||||
*/
|
||||
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
|
||||
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
|
||||
29
openssh.spec
29
openssh.spec
@ -73,7 +73,7 @@
|
||||
%define openssh_ver 5.6p1
|
||||
%define openssh_rel 1
|
||||
%define pam_ssh_agent_ver 0.9.2
|
||||
%define pam_ssh_agent_rel 26
|
||||
%define pam_ssh_agent_rel 27
|
||||
|
||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
@ -94,44 +94,38 @@ Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/p
|
||||
Source5: pam_ssh_agent-rmheaders
|
||||
|
||||
Patch0: openssh-5.4p1-redhat.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1638
|
||||
Patch2: openssh-5.3p1-skip-initial.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
|
||||
Patch4: openssh-5.2p1-vendor.patch
|
||||
Patch10: pam_ssh_agent_auth-0.9-build.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641
|
||||
Patch12: openssh-5.4p1-selinux.patch
|
||||
Patch13: openssh-5.5p1-mls.patch
|
||||
Patch13: openssh-5.6p1-mls.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
||||
Patch16: openssh-5.3p1-audit.patch
|
||||
Patch18: openssh-5.4p1-pam_selinux.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1663
|
||||
Patch20: openssh-5.5p1-authorized-keys-command.patch
|
||||
Patch21: openssh-5.5p1-ldap.patch
|
||||
Patch20: openssh-5.6p1-authorized-keys-command.patch
|
||||
Patch21: openssh-5.6p1-ldap.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1668
|
||||
Patch23: openssh-5.5p1-keygen.patch
|
||||
Patch23: openssh-5.6p1-keygen.patch
|
||||
Patch24: openssh-4.3p1-fromto-remote.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1636
|
||||
Patch27: openssh-5.1p1-log-in-chroot.patch
|
||||
Patch30: openssh-4.0p1-exit-deadlock.patch
|
||||
Patch30: openssh-5.6p1-exit-deadlock.patch
|
||||
Patch35: openssh-5.1p1-askpass-progress.patch
|
||||
Patch38: openssh-4.3p2-askpass-grab-info.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
|
||||
Patch44: openssh-5.2p1-allow-ip-opts.patch
|
||||
Patch49: openssh-4.3p2-gssapi-canohost.patch
|
||||
Patch62: openssh-5.1p1-scp-manpage.patch
|
||||
Patch65: openssh-5.5p1-fips.patch
|
||||
Patch65: openssh-5.6p1-fips.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1614
|
||||
Patch69: openssh-5.3p1-selabel.patch
|
||||
Patch69: openssh-5.6p1-selabel.patch
|
||||
Patch71: openssh-5.2p1-edns.patch
|
||||
Patch73: openssh-5.5p1-gsskex.patch
|
||||
Patch73: openssh-5.6p1-gsskex.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1701
|
||||
Patch74: openssh-5.3p1-randclean.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1740
|
||||
Patch76: openssh-5.5p1-staterr.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1750
|
||||
Patch77: openssh-5.5p1-stderr.patch
|
||||
Patch78: openssh-5.5p1-kuserok.patch
|
||||
Patch78: openssh-5.6p1-kuserok.patch
|
||||
Patch79: openssh-5.5p1-x11.patch
|
||||
|
||||
License: BSD
|
||||
@ -268,7 +262,6 @@ The module is most useful for su and sudo service stacks.
|
||||
%prep
|
||||
%setup -q -a 4
|
||||
%patch0 -p1 -b .redhat
|
||||
%patch2 -p1 -b .skip-initial
|
||||
%patch4 -p1 -b .vendor
|
||||
|
||||
%if %{pam_ssh_agent}
|
||||
@ -303,8 +296,6 @@ popd
|
||||
%patch71 -p1 -b .edns
|
||||
%patch73 -p1 -b .gsskex
|
||||
%patch74 -p1 -b .randclean
|
||||
%patch76 -p1 -b .staterr
|
||||
%patch77 -p1 -b .stderr
|
||||
%patch78 -p1 -b .kuserok
|
||||
%patch79 -p1 -b .x11
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user