rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)

Browse Source
This commit is contained in:
Petr Lautrbach 2014-11-12 17:02:36 +01:00
parent a1e1ac2bfc
commit 57666dc3be
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
openssh-6.6p1-gsskex.patch
View File

@ -1741,7 +1741,13 @@ index 229fada..aa70945 100644
#endif #endif
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
@@ -258,6 +260,12 @@ struct mon_table mon_dispatch_proto20[] = { @@ -253,11 +255,18 @@ struct mon_table mon_dispatch_proto20[] = {
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
+ {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
#endif
{0, 0, NULL}
}; };
struct mon_table mon_dispatch_postauth20[] = { struct mon_table mon_dispatch_postauth20[] = {
@ -1754,7 +1760,7 @@ index 229fada..aa70945 100644
{MONITOR_REQ_MODULI, 0, mm_answer_moduli}, {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
{MONITOR_REQ_SIGN, 0, mm_answer_sign}, {MONITOR_REQ_SIGN, 0, mm_answer_sign},
{MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTY, 0, mm_answer_pty},
@@ -366,6 +374,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) @@ -366,6 +375,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
/* Permit requests for moduli and signatures */ /* Permit requests for moduli and signatures */
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@ -1765,7 +1771,7 @@ index 229fada..aa70945 100644
} else { } else {
mon_dispatch = mon_dispatch_proto15; mon_dispatch = mon_dispatch_proto15;
@@ -471,6 +483,10 @@ monitor_child_postauth(struct monitor *pmonitor) @@ -471,6 +484,10 @@ monitor_child_postauth(struct monitor *pmonitor)
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@ -1776,7 +1782,7 @@ index 229fada..aa70945 100644
} else { } else {
mon_dispatch = mon_dispatch_postauth15; mon_dispatch = mon_dispatch_postauth15;
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -1866,6 +1882,13 @@ mm_get_kex(Buffer *m) @@ -1866,6 +1883,13 @@ mm_get_kex(Buffer *m)
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@ -1790,7 +1796,7 @@ index 229fada..aa70945 100644
kex->server = 1; kex->server = 1;
kex->hostkey_type = buffer_get_int(m); kex->hostkey_type = buffer_get_int(m);
kex->kex_type = buffer_get_int(m); kex->kex_type = buffer_get_int(m);
@@ -2073,6 +2096,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) @@ -2073,6 +2097,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
OM_uint32 major; OM_uint32 major;
u_int len; u_int len;
@ -1800,7 +1806,7 @@ index 229fada..aa70945 100644
goid.elements = buffer_get_string(m, &len); goid.elements = buffer_get_string(m, &len);
goid.length = len; goid.length = len;
@@ -2100,6 +2126,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) @@ -2100,6 +2127,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
OM_uint32 flags = 0; /* GSI needs this */ OM_uint32 flags = 0; /* GSI needs this */
u_int len; u_int len;
@ -1810,7 +1816,7 @@ index 229fada..aa70945 100644
in.value = buffer_get_string(m, &len); in.value = buffer_get_string(m, &len);
in.length = len; in.length = len;
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
@@ -2117,6 +2146,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) @@ -2117,6 +2147,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@ -1818,7 +1824,7 @@ index 229fada..aa70945 100644
} }
return (0); return (0);
} }
@@ -2128,6 +2158,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) @@ -2128,6 +2159,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
OM_uint32 ret; OM_uint32 ret;
u_int len; u_int len;
@ -1828,7 +1834,7 @@ index 229fada..aa70945 100644
gssbuf.value = buffer_get_string(m, &len); gssbuf.value = buffer_get_string(m, &len);
gssbuf.length = len; gssbuf.length = len;
mic.value = buffer_get_string(m, &len); mic.value = buffer_get_string(m, &len);
@@ -2154,7 +2187,11 @@ mm_answer_gss_userok(int sock, Buffer *m) @@ -2154,7 +2188,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
{ {
int authenticated; int authenticated;
@ -1841,7 +1847,7 @@ index 229fada..aa70945 100644
buffer_clear(m); buffer_clear(m);
buffer_put_int(m, authenticated); buffer_put_int(m, authenticated);
@@ -2167,5 +2204,73 @@ mm_answer_gss_userok(int sock, Buffer *m) @@ -2167,5 +2205,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
/* Monitor loop will terminate if authenticated */ /* Monitor loop will terminate if authenticated */
return (authenticated); return (authenticated);
} }