rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Add missing gsskeyex authentication method

Browse Source 
Related: RHEL-42635

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
Zoltan Fridrich 2024-08-28 10:49:04 +02:00
parent 78bb33ab57
commit fc550bd771
2 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
openssh-9.8p1-gsskeyex-authmethod.patch Normal file
View File

@ -0,0 +1,47 @@
diff --color -ruNp a/auth2-gss.c b/auth2-gss.c
--- a/auth2-gss.c 2024-08-26 16:41:44.853553353 +0200
+++ b/auth2-gss.c 2024-08-26 16:57:07.478155469 +0200
@@ -51,6 +51,7 @@
#define SSH_GSSAPI_MAX_MECHS 2048
extern ServerOptions options;
+extern struct authmethod_cfg methodcfg_gsskeyex;
extern struct authmethod_cfg methodcfg_gssapi;
static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh);
@@ -375,12 +376,6 @@ input_gssapi_mic(int type, u_int32_t ple
return 0;
}
-struct authmethod_cfg methodcfg_gsskeyex = {
- "gssapi-keyex",
- NULL,
- &options.gss_authentication
-};
-
Authmethod method_gsskeyex = {
&methodcfg_gsskeyex,
userauth_gsskeyex,
diff --color -ruNp a/auth2-methods.c b/auth2-methods.c
--- a/auth2-methods.c 2024-08-26 16:41:44.794552226 +0200
+++ b/auth2-methods.c 2024-08-26 16:57:17.047338002 +0200
@@ -50,6 +50,11 @@ struct authmethod_cfg methodcfg_pubkey =
&options.pubkey_authentication
};
#ifdef GSSAPI
+struct authmethod_cfg methodcfg_gsskeyex = {
+ "gssapi-keyex",
+ NULL,
+ &options.gss_authentication
+};
struct authmethod_cfg methodcfg_gssapi = {
"gssapi-with-mic",
NULL,
@@ -76,6 +81,7 @@ static struct authmethod_cfg *authmethod
&methodcfg_none,
&methodcfg_pubkey,
#ifdef GSSAPI
+ &methodcfg_gsskeyex,
&methodcfg_gssapi,
#endif
&methodcfg_passwd,

4
openssh.spec
View File

@ -203,6 +203,7 @@ Patch1014: openssh-8.7p1-nohostsha1proof.patch
Patch1015: openssh-9.6p1-pam-rhost.patch Patch1015: openssh-9.6p1-pam-rhost.patch
Patch1016: openssh-9.8p1-gsskex-regression.patch Patch1016: openssh-9.8p1-gsskex-regression.patch
Patch1017: openssh-9.8p1-gsskeyex-authmethod.patch
License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
Requires: /sbin/nologin Requires: /sbin/nologin
@ -382,6 +383,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
%patch -P 100 -p1 -b .coverity %patch -P 100 -p1 -b .coverity
%patch -P 1016 -p1 -b .gss-regression %patch -P 1016 -p1 -b .gss-regression
%patch -P 1017 -p1 -b .gsskeyex-authmethod
autoreconf autoreconf
@ -660,6 +662,8 @@ test -f %{sysconfig_anaconda} && \
* Mon Aug 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-5 * Mon Aug 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-5
- Restore GSS connectivity when no hostkeys are present - Restore GSS connectivity when no hostkeys are present
Related: RHEL-42635 Related: RHEL-42635
- Add missing gsskeyex authentication method
Related: RHEL-42635
* Fri Aug 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-4 * Fri Aug 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-4
- Address SAST scan issues - Address SAST scan issues