rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Honor GSSAPIServerIdentity for GSSAPI Key Exchange (#1637167)

Browse Source
This commit is contained in:
Jakub Jelen 2018-10-17 13:04:00 +02:00
parent 6666c19414
commit e8876f1b1f
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openssh-7.7p1-fips.patch
View File

@ -528,7 +528,7 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
maxlen = strlen(avail) + 1; maxlen = strlen(avail) + 1;
first = xmalloc(maxlen); first = xmalloc(maxlen);
last = xmalloc(maxlen); last = xmalloc(maxlen);
@@ -290,21 +293,26 @@ ssh_kex2(char *host, struct sockaddr *ho @@ -290,23 +293,28 @@ ssh_kex2(char *host, struct sockaddr *ho
#ifdef GSSAPI #ifdef GSSAPI
if (options.gss_keyex) { if (options.gss_keyex) {
@ -536,7 +536,9 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
- * client to the key exchange algorithm proposal */ - * client to the key exchange algorithm proposal */
- orig = options.kex_algorithms; - orig = options.kex_algorithms;
- -
- if (options.gss_trust_dns) - if (options.gss_server_identity)
- gss_host = options.gss_server_identity;
- else if (options.gss_trust_dns)
- gss_host = (char *)get_canonical_hostname(active_state, 1); - gss_host = (char *)get_canonical_hostname(active_state, 1);
- else - else
- gss_host = host; - gss_host = host;
@ -555,7 +557,9 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
+ * client to the key exchange algorithm proposal */ + * client to the key exchange algorithm proposal */
+ orig = options.kex_algorithms; + orig = options.kex_algorithms;
+ +
+ if (options.gss_trust_dns) + if (options.gss_server_identity)
+ gss_host = options.gss_server_identity;
+ else if (options.gss_trust_dns)
+ gss_host = (char *)get_canonical_hostname(active_state, 1); + gss_host = (char *)get_canonical_hostname(active_state, 1);
+ else + else
+ gss_host = host; + gss_host = host;

6
openssh-7.8p1-gsskex.patch
View File

@ -2431,7 +2431,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
/* /*
* SSH2 key exchange * SSH2 key exchange
*/ */
@@ -162,9 +280,34 @@ ssh_kex2(char *host, struct sockaddr *ho @@ -162,9 +280,36 @@ ssh_kex2(char *host, struct sockaddr *ho
struct kex *kex; struct kex *kex;
int r; int r;
@ -2449,7 +2449,9 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
+ * client to the key exchange algorithm proposal */ + * client to the key exchange algorithm proposal */
+ orig = options.kex_algorithms; + orig = options.kex_algorithms;
+ +
+ if (options.gss_trust_dns) + if (options.gss_server_identity)
+ gss_host = options.gss_server_identity;
+ else if (options.gss_trust_dns)
+ gss_host = (char *)get_canonical_hostname(active_state, 1); + gss_host = (char *)get_canonical_hostname(active_state, 1);
+ else + else
+ gss_host = host; + gss_host = host;