diff --git a/openssh-5.9p1-akc.patch b/openssh-5.9p1-akc.patch index 175e1b5..0abc256 100644 --- a/openssh-5.9p1-akc.patch +++ b/openssh-5.9p1-akc.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c ---- openssh-5.9p0/auth2-pubkey.c.akc 2011-09-05 14:26:19.008627855 +0200 -+++ openssh-5.9p0/auth2-pubkey.c 2011-09-05 14:26:21.125500355 +0200 +diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c +--- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-09 17:26:31.000000000 +0200 ++++ openssh-5.9p1/auth2-pubkey.c 2011-09-09 17:28:15.000000000 +0200 @@ -27,6 +27,7 @@ #include @@ -47,7 +47,7 @@ diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c key_free(found); if (!found_key) debug2("key not found"); -@@ -452,7 +439,179 @@ user_cert_trusted_ca(struct passwd *pw, +@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw, return ret; } @@ -228,9 +228,21 @@ diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c int user_key_allowed(struct passwd *pw, Key *key) { -diff -up openssh-5.9p0/configure.ac.akc openssh-5.9p0/configure.ac ---- openssh-5.9p0/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200 -+++ openssh-5.9p0/configure.ac 2011-09-05 14:26:21.227601590 +0200 + u_int success, i; + char *file; + ++#ifdef WITH_AUTHORIZED_KEYS_COMMAND ++ success = user_key_via_command_allowed2(pw, key); ++ if (success > 0) ++ return success; ++#endif ++ + if (auth_key_is_revoked(key)) + return 0; + if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) +diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac +--- openssh-5.9p1/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200 ++++ openssh-5.9p1/configure.ac 2011-09-09 17:26:31.000000000 +0200 @@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit], esac ] ) @@ -258,10 +270,10 @@ diff -up openssh-5.9p0/configure.ac.akc openssh-5.9p0/configure.ac echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" -diff -up openssh-5.9p0/servconf.c.akc openssh-5.9p0/servconf.c ---- openssh-5.9p0/servconf.c.akc 2011-09-05 14:26:08.430440620 +0200 -+++ openssh-5.9p0/servconf.c 2011-09-05 14:26:21.386571209 +0200 -@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions +diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c +--- openssh-5.9p1/servconf.c.akc 2011-09-09 17:26:30.000000000 +0200 ++++ openssh-5.9p1/servconf.c 2011-09-09 17:26:31.000000000 +0200 +@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions options->num_permitted_opens = -1; options->adm_forced_command = NULL; options->chroot_directory = NULL; @@ -331,9 +343,9 @@ diff -up openssh-5.9p0/servconf.c.akc openssh-5.9p0/servconf.c /* string arguments requiring a lookup */ dump_cfg_string(sLogLevel, log_level_name(o->log_level)); -diff -up openssh-5.9p0/servconf.h.akc openssh-5.9p0/servconf.h ---- openssh-5.9p0/servconf.h.akc 2011-09-05 14:26:08.536478884 +0200 -+++ openssh-5.9p0/servconf.h 2011-09-05 14:26:21.513500639 +0200 +diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h +--- openssh-5.9p1/servconf.h.akc 2011-09-09 17:26:30.000000000 +0200 ++++ openssh-5.9p1/servconf.h 2011-09-09 17:26:31.000000000 +0200 @@ -174,6 +174,8 @@ typedef struct { char *revoked_keys_file; char *trusted_user_ca_keys; @@ -343,9 +355,22 @@ diff -up openssh-5.9p0/servconf.h.akc openssh-5.9p0/servconf.h } ServerOptions; /* -diff -up openssh-5.9p0/sshd_config.0.akc openssh-5.9p0/sshd_config.0 ---- openssh-5.9p0/sshd_config.0.akc 2011-08-29 16:30:02.000000000 +0200 -+++ openssh-5.9p0/sshd_config.0 2011-09-05 14:26:21.880500451 +0200 +diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config +--- openssh-5.9p1/sshd_config.akc 2011-09-09 17:26:30.000000000 +0200 ++++ openssh-5.9p1/sshd_config 2011-09-09 17:26:31.000000000 +0200 +@@ -49,6 +49,9 @@ + # but this is overridden so installations will only check .ssh/authorized_keys + AuthorizedKeysFile .ssh/authorized_keys + ++#AuthorizedKeysCommand none ++#AuthorizedKeysCommandRunAs nobody ++ + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts + #RhostsRSAAuthentication no + # similar for protocol version 2 +diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0 +--- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200 ++++ openssh-5.9p1/sshd_config.0 2011-09-09 17:26:31.000000000 +0200 @@ -71,6 +71,23 @@ DESCRIPTION See PATTERNS in ssh_config(5) for more information on patterns. @@ -380,9 +405,9 @@ diff -up openssh-5.9p0/sshd_config.0.akc openssh-5.9p0/sshd_config.0 Banner, ChrootDirectory, ForceCommand, GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication, -diff -up openssh-5.9p0/sshd_config.5.akc openssh-5.9p0/sshd_config.5 ---- openssh-5.9p0/sshd_config.5.akc 2011-09-05 14:26:08.750503994 +0200 -+++ openssh-5.9p0/sshd_config.5 2011-09-05 14:26:21.987502513 +0200 +diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5 +--- openssh-5.9p1/sshd_config.5.akc 2011-09-09 17:26:30.000000000 +0200 ++++ openssh-5.9p1/sshd_config.5 2011-09-09 17:26:31.000000000 +0200 @@ -706,6 +706,8 @@ Available keywords are .Cm AllowAgentForwarding , .Cm AllowTcpForwarding , @@ -421,16 +446,3 @@ diff -up openssh-5.9p0/sshd_config.5.akc openssh-5.9p0/sshd_config.5 .It Cm RhostsRSAAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is allowed. -diff -up openssh-5.9p0/sshd_config.akc openssh-5.9p0/sshd_config ---- openssh-5.9p0/sshd_config.akc 2011-09-05 14:26:08.000000000 +0200 -+++ openssh-5.9p0/sshd_config 2011-09-05 14:45:21.135479100 +0200 -@@ -49,6 +49,9 @@ - # but this is overridden so installations will only check .ssh/authorized_keys - AuthorizedKeysFile .ssh/authorized_keys - -+#AuthorizedKeysCommand none -+#AuthorizedKeysCommandRunAs nobody -+ - # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts - #RhostsRSAAuthentication no - # similar for protocol version 2