Add missing gsskeyex authentication method

Related: RHEL-42635 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-08-28 10:49:04 +02:00 · 2024-08-28 10:49:04 +02:00 · fc550bd771
commit fc550bd771
parent 78bb33ab57
2 changed files with 51 additions and 0 deletions
--- a/openssh-9.8p1-gsskeyex-authmethod.patch
+++ b/openssh-9.8p1-gsskeyex-authmethod.patch
@ -0,0 +1,47 @@
+diff --color -ruNp a/auth2-gss.c b/auth2-gss.c
+--- a/auth2-gss.c	2024-08-26 16:41:44.853553353 +0200
+++ b/auth2-gss.c	2024-08-26 16:57:07.478155469 +0200
+@@ -51,6 +51,7 @@
+ #define SSH_GSSAPI_MAX_MECHS	2048
+ 
+ extern ServerOptions options;
+extern struct authmethod_cfg methodcfg_gsskeyex;
+ extern struct authmethod_cfg methodcfg_gssapi;
+ 
+ static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh);
+@@ -375,12 +376,6 @@ input_gssapi_mic(int type, u_int32_t ple
+ 	return 0;
+ }
+ 
+-struct authmethod_cfg methodcfg_gsskeyex = {
+-	"gssapi-keyex",
+-	NULL,
+-	&options.gss_authentication
+-};
+-
+ Authmethod method_gsskeyex = {
+ 	&methodcfg_gsskeyex,
+ 	userauth_gsskeyex,
+diff --color -ruNp a/auth2-methods.c b/auth2-methods.c
+--- a/auth2-methods.c	2024-08-26 16:41:44.794552226 +0200
+++ b/auth2-methods.c	2024-08-26 16:57:17.047338002 +0200
+@@ -50,6 +50,11 @@ struct authmethod_cfg methodcfg_pubkey =
+ 	&options.pubkey_authentication
+ };
+ #ifdef GSSAPI
+struct authmethod_cfg methodcfg_gsskeyex = {
+	"gssapi-keyex",
+	NULL,
+	&options.gss_authentication
+};
+ struct authmethod_cfg methodcfg_gssapi = {
+ 	"gssapi-with-mic",
+ 	NULL,
+@@ -76,6 +81,7 @@ static struct authmethod_cfg *authmethod
+ 	&methodcfg_none,
+ 	&methodcfg_pubkey,
+ #ifdef GSSAPI
+	&methodcfg_gsskeyex,
+ 	&methodcfg_gssapi,
+ #endif
+ 	&methodcfg_passwd,
--- a/openssh.spec
+++ b/openssh.spec
@ -203,6 +203,7 @@ Patch1014: openssh-8.7p1-nohostsha1proof.patch
 Patch1015: openssh-9.6p1-pam-rhost.patch

 Patch1016: openssh-9.8p1-gsskex-regression.patch
+Patch1017: openssh-9.8p1-gsskeyex-authmethod.patch

 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
 Requires: /sbin/nologin
@ -382,6 +383,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
 %patch -P 100 -p1 -b .coverity

 %patch -P 1016 -p1 -b .gss-regression
+%patch -P 1017 -p1 -b .gsskeyex-authmethod

 autoreconf

@ -660,6 +662,8 @@ test -f %{sysconfig_anaconda} && \
 * Mon Aug 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-5
 - Restore GSS connectivity when no hostkeys are present
  Related: RHEL-42635
+- Add missing gsskeyex authentication method
+  Related: RHEL-42635

 * Fri Aug 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-4
 - Address SAST scan issues