Merge gssapi-keyex and gssapi-auth

Signed-off-by: Norbert Pocs <npocs@redhat.com>

openssh-8.0p1-gssapi-keyex.patch

@@ -2611,6 +2611,23 @@ index 2ce89fe9..ebf76c7f 100644
  
  	/* The first few requests do not require asynchronous access */
  	while (!authenticated) {
+@@ -376,8 +376,15 @@ monitor_child_preauth(struct ssh *ssh, s
+ 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
+ 			auth_log(ssh, authenticated, partial,
+ 			    auth_method, auth_submethod);
+-			if (!partial && !authenticated)
++			if (!partial && !authenticated) {
++#ifdef GSSAPI
++				/* If gssapi-with-mic failed, MONITOR_REQ_GSSCHECKMIC is disabled.
++				 * We have to reenable it to try again for gssapi-keyex */
++				if (strcmp(auth_method, "gssapi-with-mic") == 0 && options.gss_keyex)
++					monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
++#endif
+ 				authctxt->failures++;
++			}
+ 			if (authenticated || partial) {
+ 				auth2_update_session_info(authctxt,
+ 				    auth_method, auth_submethod);
 @@ -406,6 +419,10 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
  	monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
  	monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);

openssh-8.7p1-gssapi-auth.patch

@@ -1,20 +0,0 @@
-diff --color -rup a/monitor.c b/monitor.c
---- a/monitor.c	2022-07-11 15:11:28.146863144 +0200
-+++ b/monitor.c	2022-07-11 15:15:35.726655877 +0200
-@@ -376,8 +376,15 @@ monitor_child_preauth(struct ssh *ssh, s
- 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
- 			auth_log(ssh, authenticated, partial,
- 			    auth_method, auth_submethod);
--			if (!partial && !authenticated)
-+			if (!partial && !authenticated) {
-+#ifdef GSSAPI
-+				/* If gssapi-with-mic failed, MONITOR_REQ_GSSCHECKMIC is disabled.
-+				 * We have to reenable it to try again for gssapi-keyex */
-+				if (strcmp(auth_method, "gssapi-with-mic") == 0 && options.gss_keyex)
-+					monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
-+#endif
- 				authctxt->failures++;
-+			}
- 			if (authenticated || partial) {
- 				auth2_update_session_info(authctxt,
- 				    auth_method, auth_submethod);

openssh.spec

@@ -137,6 +137,10 @@ Patch711: openssh-7.8p1-UsePAM-warning.patch
 
 # GSSAPI Key Exchange (RFC 4462 + RFC 8732)
 # from https://github.com/openssh-gsskex/openssh-gsskex/tree/fedora/master
+# and
+# Reenable MONITOR_REQ_GSSCHECKMIC after gssapi-with-mic failures
+# upstream MR:
+# https://github.com/openssh-gsskex/openssh-gsskex/pull/21
 Patch800: openssh-8.0p1-gssapi-keyex.patch
 #http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
 Patch801: openssh-6.6p1-force_krb.patch
@@ -215,10 +219,6 @@ Patch984: openssh-8.7p1-ibmca.patch
 # upstream bug:
 # https://bugzilla.mindrot.org/show_bug.cgi?id=3455
 Patch1002: openssh-8.7p1-ssh-manpage.patch
-# Reenable MONITOR_REQ_GSSCHECKMIC after gssapi-with-mic failures
-# upstream MR:
-# https://github.com/openssh-gsskex/openssh-gsskex/pull/21
-Patch1004: openssh-8.7p1-gssapi-auth.patch
 
 # Don't propose disallowed algorithms during hostkey negotiation
 # upstream MR:
@@ -424,7 +424,6 @@ popd
 %patch -P 700 -p1 -b .fips
 
 %patch -P 1002 -p1 -b .ssh-manpage
-%patch -P 1004 -p1 -b .gssapi-auth
 
 %patch -P 1006 -p1 -b .negotiate-supported-algs