rpms/openssh
6
0
Fork 2
Code Issues Pull Requests Releases Activity

Add chunk missed in the new upstream merge.

Browse Source
This commit is contained in:
Tomas Mraz 2011-09-09 18:06:02 +02:00
parent 3b545be5d7
commit fc87f2dced
1 changed files with 45 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
openssh-5.9p1-akc.patch
View File

@ -1,6 +1,6 @@
diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
--- openssh-5.9p0/auth2-pubkey.c.akc 2011-09-05 14:26:19.008627855 +0200 --- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-09 17:26:31.000000000 +0200
+++ openssh-5.9p0/auth2-pubkey.c 2011-09-05 14:26:21.125500355 +0200 +++ openssh-5.9p1/auth2-pubkey.c 2011-09-09 17:28:15.000000000 +0200
@@ -27,6 +27,7 @@ @@ -27,6 +27,7 @@
#include <sys/types.h> #include <sys/types.h>
@ -47,7 +47,7 @@ diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c
key_free(found); key_free(found);
if (!found_key) if (!found_key)
debug2("key not found"); debug2("key not found");
@@ -452,7 +439,179 @@ user_cert_trusted_ca(struct passwd *pw, @@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw,
return ret; return ret;
} }
@ -228,9 +228,21 @@ diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c
int int
user_key_allowed(struct passwd *pw, Key *key) user_key_allowed(struct passwd *pw, Key *key)
{ {
diff -up openssh-5.9p0/configure.ac.akc openssh-5.9p0/configure.ac u_int success, i;
--- openssh-5.9p0/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200 char *file;
+++ openssh-5.9p0/configure.ac 2011-09-05 14:26:21.227601590 +0200
+#ifdef WITH_AUTHORIZED_KEYS_COMMAND
+ success = user_key_via_command_allowed2(pw, key);
+ if (success > 0)
+ return success;
+#endif
+
if (auth_key_is_revoked(key))
return 0;
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
--- openssh-5.9p1/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200
+++ openssh-5.9p1/configure.ac 2011-09-09 17:26:31.000000000 +0200
@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit], @@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
esac ] esac ]
) )
@ -258,10 +270,10 @@ diff -up openssh-5.9p0/configure.ac.akc openssh-5.9p0/configure.ac
echo " MD5 password support: $MD5_MSG" echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG" echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG" echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.9p0/servconf.c.akc openssh-5.9p0/servconf.c diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
--- openssh-5.9p0/servconf.c.akc 2011-09-05 14:26:08.430440620 +0200 --- openssh-5.9p1/servconf.c.akc 2011-09-09 17:26:30.000000000 +0200
+++ openssh-5.9p0/servconf.c 2011-09-05 14:26:21.386571209 +0200 +++ openssh-5.9p1/servconf.c 2011-09-09 17:26:31.000000000 +0200
@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions @@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1; options->num_permitted_opens = -1;
options->adm_forced_command = NULL; options->adm_forced_command = NULL;
options->chroot_directory = NULL; options->chroot_directory = NULL;
@ -331,9 +343,9 @@ diff -up openssh-5.9p0/servconf.c.akc openssh-5.9p0/servconf.c
/* string arguments requiring a lookup */ /* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level)); dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.9p0/servconf.h.akc openssh-5.9p0/servconf.h diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
--- openssh-5.9p0/servconf.h.akc 2011-09-05 14:26:08.536478884 +0200 --- openssh-5.9p1/servconf.h.akc 2011-09-09 17:26:30.000000000 +0200
+++ openssh-5.9p0/servconf.h 2011-09-05 14:26:21.513500639 +0200 +++ openssh-5.9p1/servconf.h 2011-09-09 17:26:31.000000000 +0200
@@ -174,6 +174,8 @@ typedef struct { @@ -174,6 +174,8 @@ typedef struct {
char *revoked_keys_file; char *revoked_keys_file;
char *trusted_user_ca_keys; char *trusted_user_ca_keys;
@ -343,9 +355,22 @@ diff -up openssh-5.9p0/servconf.h.akc openssh-5.9p0/servconf.h
} ServerOptions; } ServerOptions;
/* /*
diff -up openssh-5.9p0/sshd_config.0.akc openssh-5.9p0/sshd_config.0 diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
--- openssh-5.9p0/sshd_config.0.akc 2011-08-29 16:30:02.000000000 +0200 --- openssh-5.9p1/sshd_config.akc 2011-09-09 17:26:30.000000000 +0200
+++ openssh-5.9p0/sshd_config.0 2011-09-05 14:26:21.880500451 +0200 +++ openssh-5.9p1/sshd_config 2011-09-09 17:26:31.000000000 +0200
@@ -49,6 +49,9 @@
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandRunAs nobody
+
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
--- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200
+++ openssh-5.9p1/sshd_config.0 2011-09-09 17:26:31.000000000 +0200
@@ -71,6 +71,23 @@ DESCRIPTION @@ -71,6 +71,23 @@ DESCRIPTION
See PATTERNS in ssh_config(5) for more information on patterns. See PATTERNS in ssh_config(5) for more information on patterns.
@ -380,9 +405,9 @@ diff -up openssh-5.9p0/sshd_config.0.akc openssh-5.9p0/sshd_config.0
Banner, ChrootDirectory, ForceCommand, GatewayPorts, Banner, ChrootDirectory, ForceCommand, GatewayPorts,
GSSAPIAuthentication, HostbasedAuthentication, GSSAPIAuthentication, HostbasedAuthentication,
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication, HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
diff -up openssh-5.9p0/sshd_config.5.akc openssh-5.9p0/sshd_config.5 diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
--- openssh-5.9p0/sshd_config.5.akc 2011-09-05 14:26:08.750503994 +0200 --- openssh-5.9p1/sshd_config.5.akc 2011-09-09 17:26:30.000000000 +0200
+++ openssh-5.9p0/sshd_config.5 2011-09-05 14:26:21.987502513 +0200 +++ openssh-5.9p1/sshd_config.5 2011-09-09 17:26:31.000000000 +0200
@@ -706,6 +706,8 @@ Available keywords are @@ -706,6 +706,8 @@ Available keywords are
.Cm AllowAgentForwarding , .Cm AllowAgentForwarding ,
.Cm AllowTcpForwarding , .Cm AllowTcpForwarding ,
@ -421,16 +446,3 @@ diff -up openssh-5.9p0/sshd_config.5.akc openssh-5.9p0/sshd_config.5
.It Cm RhostsRSAAuthentication .It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed. with successful RSA host authentication is allowed.
diff -up openssh-5.9p0/sshd_config.akc openssh-5.9p0/sshd_config
--- openssh-5.9p0/sshd_config.akc 2011-09-05 14:26:08.000000000 +0200
+++ openssh-5.9p0/sshd_config 2011-09-05 14:45:21.135479100 +0200
@@ -49,6 +49,9 @@
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandRunAs nobody
+
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2