Dump missing GSS options from client configuration
This commit is contained in:
parent
03264b16f7
commit
3ae9c1b0c1
@ -223,10 +223,19 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c
|
||||
if (options->password_authentication == -1)
|
||||
options->password_authentication = 1;
|
||||
if (options->kbd_interactive_authentication == -1)
|
||||
diff -up openssh-7.0p1/readconf.h.gsskexalg openssh-7.0p1/readconf.h
|
||||
--- openssh-7.0p1/readconf.h.gsskexalg 2015-08-19 12:28:38.026518955 +0200
|
||||
+++ openssh-7.0p1/readconf.h 2015-08-19 12:28:38.079518836 +0200
|
||||
@@ -51,6 +51,7 @@ typedef struct {
|
||||
@@ -2651,6 +2671,8 @@ dump_client_config(Options *o, const cha
|
||||
dump_cfg_string(oGssClientIdentity, o->gss_client_identity);
|
||||
dump_cfg_string(oGssServerIdentity, o->gss_client_identity);
|
||||
dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey);
|
||||
+ dump_cfg_string(oKexAlgorithms, o->gss_kex_algorithms ?
|
||||
+ o->gss_kex_algorithms : GSS_KEX_DEFAULT_KEX);
|
||||
#endif /* GSSAPI */
|
||||
dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
|
||||
dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
|
||||
diff -up openssh-7.9p1/readconf.h.gsskexalg openssh-7.9p1/readconf.h
|
||||
--- openssh-7.9p1/readconf.h.gsskexalg 2018-11-14 09:20:06.616350574 +0100
|
||||
+++ openssh-7.9p1/readconf.h 2018-11-14 09:20:06.647350828 +0100
|
||||
@@ -46,6 +46,7 @@ typedef struct {
|
||||
int gss_renewal_rekey; /* Credential renewal forces rekey */
|
||||
char *gss_client_identity; /* Principal to initiate GSSAPI with */
|
||||
char *gss_server_identity; /* GSSAPI target principal */
|
||||
|
@ -2069,9 +2069,22 @@ diff -up openssh/readconf.c.gsskex openssh/readconf.c
|
||||
if (options->password_authentication == -1)
|
||||
options->password_authentication = 1;
|
||||
if (options->kbd_interactive_authentication == -1)
|
||||
diff -up openssh/readconf.h.gsskex openssh/readconf.h
|
||||
--- openssh/readconf.h.gsskex 2018-08-20 07:57:29.000000000 +0200
|
||||
+++ openssh/readconf.h 2018-08-22 11:47:33.314216481 +0200
|
||||
@@ -2603,7 +2645,12 @@ dump_client_config(Options *o, const cha
|
||||
dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
|
||||
#ifdef GSSAPI
|
||||
dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
|
||||
+ dump_cfg_fmtint(oGssKeyEx, o->gss_keyex);
|
||||
dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds);
|
||||
+ dump_cfg_fmtint(oGssTrustDns, o->gss_trust_dns);
|
||||
+ dump_cfg_string(oGssClientIdentity, o->gss_client_identity);
|
||||
+ dump_cfg_string(oGssServerIdentity, o->gss_client_identity);
|
||||
+ dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey);
|
||||
#endif /* GSSAPI */
|
||||
dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
|
||||
dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
|
||||
diff -up openssh-7.9p1/readconf.h.gsskex openssh-7.9p1/readconf.h
|
||||
--- openssh-7.9p1/readconf.h.gsskex 2018-10-17 02:01:20.000000000 +0200
|
||||
+++ openssh-7.9p1/readconf.h 2018-11-14 09:14:06.277379857 +0100
|
||||
@@ -40,7 +40,12 @@ typedef struct {
|
||||
int challenge_response_authentication;
|
||||
/* Try S/Key or TIS, authentication. */
|
||||
@ -2468,7 +2481,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
|
||||
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
|
||||
fatal("%s: kex_names_cat", __func__);
|
||||
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
|
||||
@@ -194,6 +337,17 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
@@ -194,6 +339,16 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
order_hostkeyalgs(host, hostaddr, port));
|
||||
}
|
||||
|
||||
@ -2479,14 +2492,13 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
|
||||
+ orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
|
||||
+ xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||
+ "%s,null", orig);
|
||||
+ free(gss);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (options.rekey_limit || options.rekey_interval)
|
||||
packet_set_rekey_limits(options.rekey_limit,
|
||||
options.rekey_interval);
|
||||
@@ -214,11 +368,31 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
@@ -214,16 +369,46 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
|
||||
# endif
|
||||
#endif
|
||||
@ -2518,7 +2530,22 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
|
||||
ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);
|
||||
|
||||
/* remove ext-info from the KEX proposals for rekeying */
|
||||
@@ -314,6 +488,7 @@ int input_gssapi_token(int type, u_int32
|
||||
myproposal[PROPOSAL_KEX_ALGS] =
|
||||
compat_kex_proposal(options.kex_algorithms);
|
||||
+#ifdef GSSAPI
|
||||
+ /* repair myproposal after it was crumpled by the */
|
||||
+ /* ext-info removal above */
|
||||
+ if (gss) {
|
||||
+ orig = myproposal[PROPOSAL_KEX_ALGS];
|
||||
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
|
||||
+ "%s,%s", gss, orig);
|
||||
+ free(gss);
|
||||
+ }
|
||||
+#endif
|
||||
if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
|
||||
fatal("kex_prop2buf: %s", ssh_err(r));
|
||||
|
||||
@@ -314,6 +499,7 @@ int input_gssapi_token(int type, u_int32
|
||||
int input_gssapi_hash(int type, u_int32_t, struct ssh *);
|
||||
int input_gssapi_error(int, u_int32_t, struct ssh *);
|
||||
int input_gssapi_errtok(int, u_int32_t, struct ssh *);
|
||||
@ -2876,30 +2903,3 @@ diff -up openssh/sshkey.h.gsskex openssh/sshkey.h
|
||||
KEY_UNSPEC
|
||||
};
|
||||
|
||||
--- openssh/sshconnect2.c.orig 2017-01-04 19:47:10.000000000 +0100
|
||||
+++ openssh/sshconnect2.c 2017-01-05 04:13:08.977425272 +0100
|
||||
@@ -344,7 +344,6 @@
|
||||
orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
|
||||
xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||
"%s,null", orig);
|
||||
- free(gss);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -398,6 +397,16 @@
|
||||
/* remove ext-info from the KEX proposals for rekeying */
|
||||
myproposal[PROPOSAL_KEX_ALGS] =
|
||||
compat_kex_proposal(options.kex_algorithms);
|
||||
+#ifdef GSSAPI
|
||||
+ /* repair myproposal after it was crumpled by the */
|
||||
+ /* ext-info removal above */
|
||||
+ if (gss) {
|
||||
+ orig = myproposal[PROPOSAL_KEX_ALGS];
|
||||
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
|
||||
+ "%s,%s", gss, orig);
|
||||
+ free(gss);
|
||||
+ }
|
||||
+#endif
|
||||
if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
|
||||
fatal("kex_prop2buf: %s", ssh_err(r));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user