Allow gss-keyex root login when without-password is set (#2456)

Reported upstream, but applicable also for our gss-keyex patch: https://bugzilla.mindrot.org/show_bug.cgi?id=2456
2015-09-24 11:23:38 +02:00 · 2015-09-24 11:23:38 +02:00 · bf69b47630
commit bf69b47630
parent 6bf47e3d35
1 changed files with 12 additions and 0 deletions
--- a/openssh-6.6p1-gsskex.patch
+++ b/openssh-6.6p1-gsskex.patch
@ -2730,3 +2730,15 @@ diff -up openssh-7.1p1/sshkey.h.gsskex openssh-7.1p1/sshkey.h
 	KEY_UNSPEC
 };
 
+diff --git a/auth.c b/auth.c
+index 4d1fbbe..5db39c4 100644
+--- a/auth.c
+++ b/auth.c
+@@ -354,6 +354,7 @@ auth_root_allowed(const char *method)
+ 	case PERMIT_NO_PASSWD:
+ 		if (strcmp(method, "publickey") == 0 ||
+ 		    strcmp(method, "hostbased") == 0 ||
+		    strcmp(method, "gssapi-keyex") == 0 ||
+ 		    strcmp(method, "gssapi-with-mic") == 0)
+ 			return 1;
+ 		break;