Cache supported OIDS for GSSAPI kex (#1395288)

2017-01-02 14:42:38 +01:00 · 2017-01-02 14:42:38 +01:00 · 4189cebf7a
commit 4189cebf7a
parent dd8e5419eb
2 changed files with 21 additions and 12 deletions
--- a/openssh-7.0p1-gssKexAlgorithms.patch
+++ b/openssh-7.0p1-gssKexAlgorithms.patch
@ -82,12 +82,13 @@ diff -up openssh-7.0p1/gss-genr.c.gsskexalg openssh-7.0p1/gss-genr.c
 diff -up openssh-7.0p1/gss-serv.c.gsskexalg openssh-7.0p1/gss-serv.c
 --- openssh-7.0p1/gss-serv.c.gsskexalg	2015-08-19 12:28:38.024518959 +0200
 +++ openssh-7.0p1/gss-serv.c	2015-08-19 12:28:38.078518839 +0200
-@@ -150,7 +150,7 @@ ssh_gssapi_server_mechanisms() {
- 
- 	ssh_gssapi_supported_oids(&supported);
- 	return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
-	    NULL, NULL));
-+	    NULL, NULL, options.gss_kex_algorithms));
+@@ -149,7 +149,8 @@ ssh_gssapi_server_mechanisms() {
+ 	if (supported_oids == NULL)
+ 		ssh_gssapi_prepare_supported_oids();
+ 	return (ssh_gssapi_kex_mechs(supported_oids,
+-	    &ssh_gssapi_server_check_mech, NULL, NULL));
+	    &ssh_gssapi_server_check_mech, NULL, NULL,
+	    options.gss_kex_algorithms));
 }
 
 /* Unprivileged */
--- a/openssh-7.2p1-gsskex.patch
+++ b/openssh-7.2p1-gsskex.patch
@ -546,17 +546,16 @@ diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c
 
 #ifdef KRB5
 extern ssh_gssapi_mech gssapi_kerberos_mech;
-@@ -142,6 +144,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
+@@ -142,6 +144,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
 }
 
 /* Unprivileged */
 +char *
 +ssh_gssapi_server_mechanisms() {
-+	gss_OID_set	supported;
-+
-+	ssh_gssapi_supported_oids(&supported);
-+	return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
-+	    NULL, NULL));
+	if (supported_oids == NULL)
+		ssh_gssapi_prepare_supported_oids();
+	return (ssh_gssapi_kex_mechs(supported_oids,
+	    &ssh_gssapi_server_check_mech, NULL, NULL));
 +}
 +
 +/* Unprivileged */
@ -2489,6 +2488,15 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
 diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c
 --- openssh-7.2p1/sshd.c.gsskex	2016-02-19 10:01:04.860969328 +0100
 +++ openssh-7.2p1/sshd.c	2016-02-19 10:01:04.872969321 +0100
+@@ -547,7 +547,7 @@ privsep_preauth_child(void)
+ 
+ #ifdef GSSAPI
+ 	/* Cache supported mechanism OIDs for later use */
+-	if (options.gss_authentication)
+	if (options.gss_authentication || options.gss_keyex)
+ 		ssh_gssapi_prepare_supported_oids();
+ #endif
+ 
@@ -974,8 +974,9 @@ notify_hostkeys(struct ssh *ssh)
 	}
 	debug3("%s: sent %d hostkeys", __func__, nkeys);