Cache supported OIDS for GSSAPI kex (#1395288)
This commit is contained in:
parent
dd8e5419eb
commit
4189cebf7a
@ -82,12 +82,13 @@ diff -up openssh-7.0p1/gss-genr.c.gsskexalg openssh-7.0p1/gss-genr.c
|
|||||||
diff -up openssh-7.0p1/gss-serv.c.gsskexalg openssh-7.0p1/gss-serv.c
|
diff -up openssh-7.0p1/gss-serv.c.gsskexalg openssh-7.0p1/gss-serv.c
|
||||||
--- openssh-7.0p1/gss-serv.c.gsskexalg 2015-08-19 12:28:38.024518959 +0200
|
--- openssh-7.0p1/gss-serv.c.gsskexalg 2015-08-19 12:28:38.024518959 +0200
|
||||||
+++ openssh-7.0p1/gss-serv.c 2015-08-19 12:28:38.078518839 +0200
|
+++ openssh-7.0p1/gss-serv.c 2015-08-19 12:28:38.078518839 +0200
|
||||||
@@ -150,7 +150,7 @@ ssh_gssapi_server_mechanisms() {
|
@@ -149,7 +149,8 @@ ssh_gssapi_server_mechanisms() {
|
||||||
|
if (supported_oids == NULL)
|
||||||
ssh_gssapi_supported_oids(&supported);
|
ssh_gssapi_prepare_supported_oids();
|
||||||
return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
|
return (ssh_gssapi_kex_mechs(supported_oids,
|
||||||
- NULL, NULL));
|
- &ssh_gssapi_server_check_mech, NULL, NULL));
|
||||||
+ NULL, NULL, options.gss_kex_algorithms));
|
+ &ssh_gssapi_server_check_mech, NULL, NULL,
|
||||||
|
+ options.gss_kex_algorithms));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Unprivileged */
|
/* Unprivileged */
|
||||||
|
@ -546,17 +546,16 @@ diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c
|
|||||||
|
|
||||||
#ifdef KRB5
|
#ifdef KRB5
|
||||||
extern ssh_gssapi_mech gssapi_kerberos_mech;
|
extern ssh_gssapi_mech gssapi_kerberos_mech;
|
||||||
@@ -142,6 +144,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
|
@@ -142,6 +144,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Unprivileged */
|
/* Unprivileged */
|
||||||
+char *
|
+char *
|
||||||
+ssh_gssapi_server_mechanisms() {
|
+ssh_gssapi_server_mechanisms() {
|
||||||
+ gss_OID_set supported;
|
+ if (supported_oids == NULL)
|
||||||
+
|
+ ssh_gssapi_prepare_supported_oids();
|
||||||
+ ssh_gssapi_supported_oids(&supported);
|
+ return (ssh_gssapi_kex_mechs(supported_oids,
|
||||||
+ return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
|
+ &ssh_gssapi_server_check_mech, NULL, NULL));
|
||||||
+ NULL, NULL));
|
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+/* Unprivileged */
|
+/* Unprivileged */
|
||||||
@ -2489,6 +2488,15 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
|
|||||||
diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c
|
diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c
|
||||||
--- openssh-7.2p1/sshd.c.gsskex 2016-02-19 10:01:04.860969328 +0100
|
--- openssh-7.2p1/sshd.c.gsskex 2016-02-19 10:01:04.860969328 +0100
|
||||||
+++ openssh-7.2p1/sshd.c 2016-02-19 10:01:04.872969321 +0100
|
+++ openssh-7.2p1/sshd.c 2016-02-19 10:01:04.872969321 +0100
|
||||||
|
@@ -547,7 +547,7 @@ privsep_preauth_child(void)
|
||||||
|
|
||||||
|
#ifdef GSSAPI
|
||||||
|
/* Cache supported mechanism OIDs for later use */
|
||||||
|
- if (options.gss_authentication)
|
||||||
|
+ if (options.gss_authentication || options.gss_keyex)
|
||||||
|
ssh_gssapi_prepare_supported_oids();
|
||||||
|
#endif
|
||||||
|
|
||||||
@@ -974,8 +974,9 @@ notify_hostkeys(struct ssh *ssh)
|
@@ -974,8 +974,9 @@ notify_hostkeys(struct ssh *ssh)
|
||||||
}
|
}
|
||||||
debug3("%s: sent %d hostkeys", __func__, nkeys);
|
debug3("%s: sent %d hostkeys", __func__, nkeys);
|
||||||
|
Loading…
Reference in New Issue
Block a user