Dump missing GSS options from client configuration

openssh-7.0p1-gssKexAlgorithms.patch

@@ -223,10 +223,19 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c
  	if (options->password_authentication == -1)
  		options->password_authentication = 1;
  	if (options->kbd_interactive_authentication == -1)
-diff -up openssh-7.0p1/readconf.h.gsskexalg openssh-7.0p1/readconf.h
+@@ -2651,6 +2671,8 @@ dump_client_config(Options *o, const cha
---- openssh-7.0p1/readconf.h.gsskexalg	2015-08-19 12:28:38.026518955 +0200
+ 	dump_cfg_string(oGssClientIdentity, o->gss_client_identity);
-+++ openssh-7.0p1/readconf.h	2015-08-19 12:28:38.079518836 +0200
+ 	dump_cfg_string(oGssServerIdentity, o->gss_client_identity);
-@@ -51,6 +51,7 @@ typedef struct {
+ 	dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey);
++	dump_cfg_string(oKexAlgorithms, o->gss_kex_algorithms ?
++		o->gss_kex_algorithms : GSS_KEX_DEFAULT_KEX);
+ #endif /* GSSAPI */
+ 	dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
+ 	dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
+diff -up openssh-7.9p1/readconf.h.gsskexalg openssh-7.9p1/readconf.h
+--- openssh-7.9p1/readconf.h.gsskexalg	2018-11-14 09:20:06.616350574 +0100
++++ openssh-7.9p1/readconf.h	2018-11-14 09:20:06.647350828 +0100
+@@ -46,6 +46,7 @@ typedef struct {
  	int	gss_renewal_rekey;	/* Credential renewal forces rekey */
  	char    *gss_client_identity;   /* Principal to initiate GSSAPI with */
  	char    *gss_server_identity;   /* GSSAPI target principal */

openssh-7.8p1-gsskex.patch

@@ -2069,9 +2069,22 @@ diff -up openssh/readconf.c.gsskex openssh/readconf.c
  	if (options->password_authentication == -1)
  		options->password_authentication = 1;
  	if (options->kbd_interactive_authentication == -1)
-diff -up openssh/readconf.h.gsskex openssh/readconf.h
+@@ -2603,7 +2645,12 @@ dump_client_config(Options *o, const cha
---- openssh/readconf.h.gsskex	2018-08-20 07:57:29.000000000 +0200
+ 	dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
-+++ openssh/readconf.h	2018-08-22 11:47:33.314216481 +0200
+ #ifdef GSSAPI
+ 	dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
++	dump_cfg_fmtint(oGssKeyEx, o->gss_keyex);
+ 	dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds);
++	dump_cfg_fmtint(oGssTrustDns, o->gss_trust_dns);
++	dump_cfg_string(oGssClientIdentity, o->gss_client_identity);
++	dump_cfg_string(oGssServerIdentity, o->gss_client_identity);
++	dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey);
+ #endif /* GSSAPI */
+ 	dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
+ 	dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
+diff -up openssh-7.9p1/readconf.h.gsskex openssh-7.9p1/readconf.h
+--- openssh-7.9p1/readconf.h.gsskex	2018-10-17 02:01:20.000000000 +0200
++++ openssh-7.9p1/readconf.h	2018-11-14 09:14:06.277379857 +0100
 @@ -40,7 +40,12 @@ typedef struct {
  	int     challenge_response_authentication;
  					/* Try S/Key or TIS, authentication. */
@@ -2468,7 +2481,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
  	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
  		fatal("%s: kex_names_cat", __func__);
  	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
-@@ -194,6 +337,17 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -194,6 +339,16 @@ ssh_kex2(char *host, struct sockaddr *ho
  		    order_hostkeyalgs(host, hostaddr, port));
  	}
  
@@ -2479,14 +2492,13 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
 +		orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
 +		xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
 +		    "%s,null", orig);
-+		free(gss);
 +	}
 +#endif
 +
  	if (options.rekey_limit || options.rekey_interval)
  		packet_set_rekey_limits(options.rekey_limit,
  		    options.rekey_interval);
-@@ -214,11 +368,31 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -214,16 +369,46 @@ ssh_kex2(char *host, struct sockaddr *ho
  	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
  # endif
  #endif
@@ -2518,7 +2530,22 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
  	ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);
  
  	/* remove ext-info from the KEX proposals for rekeying */
-@@ -314,6 +488,7 @@ int	input_gssapi_token(int type, u_int32
+ 	myproposal[PROPOSAL_KEX_ALGS] =
+ 	    compat_kex_proposal(options.kex_algorithms);
++#ifdef GSSAPI
++	/* repair myproposal after it was crumpled by the */
++	/* ext-info removal above */
++	if (gss) {
++		orig = myproposal[PROPOSAL_KEX_ALGS];
++		xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
++		    "%s,%s", gss, orig);
++		free(gss);
++	}
++#endif
+ 	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
+ 		fatal("kex_prop2buf: %s", ssh_err(r));
+ 
+@@ -314,6 +499,7 @@ int	input_gssapi_token(int type, u_int32
  int	input_gssapi_hash(int type, u_int32_t, struct ssh *);
  int	input_gssapi_error(int, u_int32_t, struct ssh *);
  int	input_gssapi_errtok(int, u_int32_t, struct ssh *);
@@ -2876,30 +2903,3 @@ diff -up openssh/sshkey.h.gsskex openssh/sshkey.h
  	KEY_UNSPEC
  };
  
---- openssh/sshconnect2.c.orig  2017-01-04 19:47:10.000000000 +0100
-+++ openssh/sshconnect2.c       2017-01-05 04:13:08.977425272 +0100
-@@ -344,7 +344,6 @@
- 		orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
- 		xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
- 		    "%s,null", orig);
--		free(gss);
- 	}
- #endif
- 
-@@ -398,6 +397,16 @@
- 	/* remove ext-info from the KEX proposals for rekeying */
- 	myproposal[PROPOSAL_KEX_ALGS] =
- 	    compat_kex_proposal(options.kex_algorithms);
-+#ifdef GSSAPI
-+	/* repair myproposal after it was crumpled by the */
-+	/* ext-info removal above */
-+	if (gss) {
-+		orig = myproposal[PROPOSAL_KEX_ALGS];
-+		xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
-+		    "%s,%s", gss, orig);
-+		free(gss);
-+	}
-+#endif
- 	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
- 		fatal("kex_prop2buf: %s", ssh_err(r));
-