Accepting request 644397 from home:pmonrealgonzalez:branches:network
* openssh-7.7p1-cavstest-ctr.patch * openssh-7.7p1-ldap.patch OBS-URL: https://build.opensuse.org/request/show/644397 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=161
This commit is contained in:
parent
b21be4c6b4
commit
5f87526504
@ -7,7 +7,7 @@ Index: openssh-7.9p1/Makefile.in
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.9p1.orig/Makefile.in
|
--- openssh-7.9p1.orig/Makefile.in
|
||||||
+++ openssh-7.9p1/Makefile.in
|
+++ openssh-7.9p1/Makefile.in
|
||||||
@@ -110,6 +110,8 @@ LIBSSH_OBJS += fips.o
|
@@ -111,6 +111,8 @@ LIBSSH_OBJS += fips.o
|
||||||
|
|
||||||
LIBSSH_OBJS += kexgssc.o kexgsss.o
|
LIBSSH_OBJS += kexgssc.o kexgsss.o
|
||||||
|
|
||||||
@ -97,7 +97,7 @@ Index: openssh-7.9p1/audit-linux.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.9p1.orig/audit-linux.c
|
--- openssh-7.9p1.orig/audit-linux.c
|
||||||
+++ openssh-7.9p1/audit-linux.c
|
+++ openssh-7.9p1/audit-linux.c
|
||||||
@@ -33,27 +33,40 @@
|
@@ -33,27 +33,41 @@
|
||||||
|
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "audit.h"
|
#include "audit.h"
|
||||||
@ -106,6 +106,7 @@ Index: openssh-7.9p1/audit-linux.c
|
|||||||
+#include "auth.h"
|
+#include "auth.h"
|
||||||
+#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */
|
+#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */
|
||||||
+#include "servconf.h"
|
+#include "servconf.h"
|
||||||
|
+#include "ssherr.h"
|
||||||
#include "canohost.h"
|
#include "canohost.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
-
|
-
|
||||||
@ -146,7 +147,7 @@ Index: openssh-7.9p1/audit-linux.c
|
|||||||
saved_errno = errno;
|
saved_errno = errno;
|
||||||
close(audit_fd);
|
close(audit_fd);
|
||||||
|
|
||||||
@@ -65,9 +78,96 @@ linux_audit_record_event(int uid, const
|
@@ -65,9 +79,96 @@ linux_audit_record_event(int uid, const
|
||||||
rc = 0;
|
rc = 0;
|
||||||
errno = saved_errno;
|
errno = saved_errno;
|
||||||
|
|
||||||
@ -244,7 +245,7 @@ Index: openssh-7.9p1/audit-linux.c
|
|||||||
/* Below is the sshd audit API code */
|
/* Below is the sshd audit API code */
|
||||||
|
|
||||||
void
|
void
|
||||||
@@ -76,24 +176,55 @@ audit_connection_from(const char *host,
|
@@ -76,24 +177,55 @@ audit_connection_from(const char *host,
|
||||||
/* not implemented */
|
/* not implemented */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -306,7 +307,7 @@ Index: openssh-7.9p1/audit-linux.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@@ -102,25 +233,155 @@ audit_event(ssh_audit_event_t event)
|
@@ -102,25 +234,155 @@ audit_event(ssh_audit_event_t event)
|
||||||
struct ssh *ssh = active_state; /* XXX */
|
struct ssh *ssh = active_state; /* XXX */
|
||||||
|
|
||||||
switch(event) {
|
switch(event) {
|
||||||
@ -1308,32 +1309,15 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1906,19 +1988,19 @@ mm_answer_gss_sign(int socket, struct ss
|
@@ -1909,7 +1991,7 @@ mm_answer_gss_sign(int socket, struct ss
|
||||||
int r;
|
fatal("In GSSAPI monitor when GSSAPI is disabled");
|
||||||
|
|
||||||
if (!options.gss_authentication && !options.gss_keyex)
|
|
||||||
- fatal("In GSSAPI monitor when GSSAPI is disabled");
|
|
||||||
+ fatal("In GSSAPI monitor when GSSAPI is disabled");
|
|
||||||
|
|
||||||
if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
|
if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
|
||||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
|
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
if (data.length != 20)
|
if (data.length != 20)
|
||||||
- fatal("%s: data length incorrect: %d", __func__,
|
fatal("%s: data length incorrect: %d", __func__,
|
||||||
- (int) data.length);
|
(int) data.length);
|
||||||
+ fatal("%s: data length incorrect: %d", __func__,
|
|
||||||
+ (int) data.length);
|
|
||||||
|
|
||||||
/* Save the session ID on the first time around */
|
|
||||||
if (session_id2_len == 0) {
|
|
||||||
- session_id2_len = data.length;
|
|
||||||
- session_id2 = xmalloc(session_id2_len);
|
|
||||||
- memcpy(session_id2, data.value, session_id2_len);
|
|
||||||
+ session_id2_len = data.length;
|
|
||||||
+ session_id2 = xmalloc(session_id2_len);
|
|
||||||
+ memcpy(session_id2, data.value, session_id2_len);
|
|
||||||
}
|
|
||||||
major = ssh_gssapi_sign(gsscontext, &data, &hash);
|
|
||||||
|
|
||||||
@@ -1966,3 +2048,102 @@ mm_answer_gss_updatecreds(int socket, st
|
@@ -1966,3 +2048,102 @@ mm_answer_gss_updatecreds(int socket, st
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2211,11 +2195,23 @@ Index: openssh-7.9p1/sshd.c
|
|||||||
audit_event(SSH_CONNECTION_ABANDON);
|
audit_event(SSH_CONNECTION_ABANDON);
|
||||||
#endif
|
#endif
|
||||||
_exit(i);
|
_exit(i);
|
||||||
|
Index: openssh-7.9p1/sshkey.h
|
||||||
|
===================================================================
|
||||||
|
--- openssh-7.9p1.orig/sshkey.h
|
||||||
|
+++ openssh-7.9p1/sshkey.h
|
||||||
|
@@ -147,6 +147,7 @@ u_int sshkey_size(const struct sshkey
|
||||||
|
int sshkey_generate(int type, u_int bits, struct sshkey **keyp);
|
||||||
|
int sshkey_from_private(const struct sshkey *, struct sshkey **);
|
||||||
|
int sshkey_type_from_name(const char *);
|
||||||
|
+int sshkey_is_private(const struct sshkey *);
|
||||||
|
int sshkey_is_cert(const struct sshkey *);
|
||||||
|
int sshkey_type_is_cert(int);
|
||||||
|
int sshkey_type_plain(int);
|
||||||
Index: openssh-7.9p1/sshkey.c
|
Index: openssh-7.9p1/sshkey.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.9p1.orig/sshkey.c
|
--- openssh-7.9p1.orig/sshkey.c
|
||||||
+++ openssh-7.9p1/sshkey.c
|
+++ openssh-7.9p1/sshkey.c
|
||||||
@@ -331,6 +331,32 @@ sshkey_type_is_valid_ca(int type)
|
@@ -331,6 +331,38 @@ sshkey_type_is_valid_ca(int type)
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -2224,11 +2220,17 @@ Index: openssh-7.9p1/sshkey.c
|
|||||||
+ switch (k->type) {
|
+ switch (k->type) {
|
||||||
+#ifdef WITH_OPENSSL
|
+#ifdef WITH_OPENSSL
|
||||||
+ case KEY_RSA_CERT:
|
+ case KEY_RSA_CERT:
|
||||||
+ case KEY_RSA:
|
+ case KEY_RSA: {
|
||||||
+ return k->rsa->d != NULL;
|
+ const BIGNUM *d;
|
||||||
|
+ RSA_get0_key(k->rsa, NULL, NULL, &d);
|
||||||
|
+ return d != NULL;
|
||||||
|
+ }
|
||||||
+ case KEY_DSA_CERT:
|
+ case KEY_DSA_CERT:
|
||||||
+ case KEY_DSA:
|
+ case KEY_DSA: {
|
||||||
+ return k->dsa->priv_key != NULL;
|
+ const BIGNUM *priv_key;
|
||||||
|
+ DSA_get0_key(k->dsa, NULL, &priv_key);
|
||||||
|
+ return priv_key != NULL;
|
||||||
|
+ }
|
||||||
+#ifdef OPENSSL_HAS_ECC
|
+#ifdef OPENSSL_HAS_ECC
|
||||||
+ case KEY_ECDSA_CERT:
|
+ case KEY_ECDSA_CERT:
|
||||||
+ case KEY_ECDSA:
|
+ case KEY_ECDSA:
|
||||||
@ -2248,15 +2250,3 @@ Index: openssh-7.9p1/sshkey.c
|
|||||||
sshkey_is_cert(const struct sshkey *k)
|
sshkey_is_cert(const struct sshkey *k)
|
||||||
{
|
{
|
||||||
if (k == NULL)
|
if (k == NULL)
|
||||||
Index: openssh-7.9p1/sshkey.h
|
|
||||||
===================================================================
|
|
||||||
--- openssh-7.9p1.orig/sshkey.h
|
|
||||||
+++ openssh-7.9p1/sshkey.h
|
|
||||||
@@ -147,6 +147,7 @@ u_int sshkey_size(const struct sshkey
|
|
||||||
int sshkey_generate(int type, u_int bits, struct sshkey **keyp);
|
|
||||||
int sshkey_from_private(const struct sshkey *, struct sshkey **);
|
|
||||||
int sshkey_type_from_name(const char *);
|
|
||||||
+int sshkey_is_private(const struct sshkey *);
|
|
||||||
int sshkey_is_cert(const struct sshkey *);
|
|
||||||
int sshkey_type_is_cert(int);
|
|
||||||
int sshkey_type_plain(int);
|
|
||||||
|
@ -2,15 +2,11 @@
|
|||||||
# Parent cc1022edba2c5eeb0facba08468f65afc2466b63
|
# Parent cc1022edba2c5eeb0facba08468f65afc2466b63
|
||||||
CAVS test for OpenSSH's own CTR encryption mode implementation
|
CAVS test for OpenSSH's own CTR encryption mode implementation
|
||||||
|
|
||||||
diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
|
Index: openssh-7.9p1/Makefile.in
|
||||||
--- openssh-7.7p1/Makefile.in
|
===================================================================
|
||||||
+++ openssh-7.7p1/Makefile.in
|
--- openssh-7.9p1.orig/Makefile.in
|
||||||
@@ -19,16 +19,17 @@ top_srcdir=@top_srcdir@
|
+++ openssh-7.9p1/Makefile.in
|
||||||
|
@@ -24,6 +24,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
|
||||||
DESTDIR=
|
|
||||||
VPATH=@srcdir@
|
|
||||||
SSH_PROGRAM=@bindir@/ssh
|
|
||||||
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
|
|
||||||
SFTP_SERVER=$(libexecdir)/sftp-server
|
SFTP_SERVER=$(libexecdir)/sftp-server
|
||||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||||
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
||||||
@ -18,17 +14,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
|
|||||||
PRIVSEP_PATH=@PRIVSEP_PATH@
|
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||||
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||||
STRIP_OPT=@STRIP_OPT@
|
STRIP_OPT=@STRIP_OPT@
|
||||||
TEST_SHELL=@TEST_SHELL@
|
@@ -62,6 +63,8 @@ MKDIR_P=@MKDIR_P@
|
||||||
|
|
||||||
PATHS= -DSSHDIR=\"$(sysconfdir)\" \
|
|
||||||
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
|
|
||||||
-D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
|
|
||||||
@@ -57,16 +58,18 @@ ENT=@ENT@
|
|
||||||
XAUTH_PATH=@XAUTH_PATH@
|
|
||||||
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
|
|
||||||
EXEEXT=@EXEEXT@
|
|
||||||
MANFMT=@MANFMT@
|
|
||||||
MKDIR_P=@MKDIR_P@
|
|
||||||
|
|
||||||
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
|
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
|
||||||
|
|
||||||
@ -37,17 +23,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
|
|||||||
XMSS_OBJS=\
|
XMSS_OBJS=\
|
||||||
ssh-xmss.o \
|
ssh-xmss.o \
|
||||||
sshkey-xmss.o \
|
sshkey-xmss.o \
|
||||||
xmss_commons.o \
|
@@ -204,6 +207,10 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libss
|
||||||
xmss_fast.o \
|
|
||||||
xmss_hash.o \
|
|
||||||
xmss_hash_address.o \
|
|
||||||
xmss_wots.o
|
|
||||||
@@ -199,16 +202,20 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libss
|
|
||||||
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
|
||||||
|
|
||||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
|
||||||
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
|
||||||
|
|
||||||
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
|
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
|
||||||
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
|
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
|
||||||
|
|
||||||
@ -58,17 +34,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
|
|||||||
# test driver for the loginrec code - not built by default
|
# test driver for the loginrec code - not built by default
|
||||||
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
|
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
|
||||||
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
|
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
|
||||||
|
@@ -348,6 +355,7 @@ install-files:
|
||||||
$(MANPAGES): $(MANPAGES_IN)
|
|
||||||
if test "$(MANTYPE)" = "cat"; then \
|
|
||||||
manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \
|
|
||||||
else \
|
|
||||||
@@ -339,16 +346,17 @@ install-files:
|
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
|
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
|
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
|
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
|
|
||||||
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||||
@ -76,15 +42,10 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
|
|||||||
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||||
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
||||||
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
||||||
$(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
|
Index: openssh-7.9p1/cavstest-ctr.c
|
||||||
$(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
|
===================================================================
|
||||||
$(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
|
|
||||||
$(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
|
|
||||||
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
|
|
||||||
diff --git a/openssh-7.7p1/cavstest-ctr.c b/openssh-7.7p1/cavstest-ctr.c
|
|
||||||
new file mode 100644
|
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.7p1/cavstest-ctr.c
|
+++ openssh-7.9p1/cavstest-ctr.c
|
||||||
@@ -0,0 +1,214 @@
|
@@ -0,0 +1,214 @@
|
||||||
+/*
|
+/*
|
||||||
+ *
|
+ *
|
||||||
@ -238,7 +199,7 @@ new file mode 100644
|
|||||||
+ usage();
|
+ usage();
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ SSLeay_add_all_algorithms();
|
+ OpenSSL_add_all_algorithms();
|
||||||
+
|
+
|
||||||
+ c = cipher_by_name(algo);
|
+ c = cipher_by_name(algo);
|
||||||
+ if (c == NULL) {
|
+ if (c == NULL) {
|
||||||
@ -300,15 +261,11 @@ new file mode 100644
|
|||||||
+ printf("\n");
|
+ printf("\n");
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
diff --git a/openssh-7.7p1/cipher.c b/openssh-7.7p1/cipher.c
|
Index: openssh-7.9p1/cipher.c
|
||||||
--- openssh-7.7p1/cipher.c
|
===================================================================
|
||||||
+++ openssh-7.7p1/cipher.c
|
--- openssh-7.9p1.orig/cipher.c
|
||||||
@@ -49,25 +49,16 @@
|
+++ openssh-7.9p1/cipher.c
|
||||||
#include "ssherr.h"
|
@@ -54,15 +54,6 @@
|
||||||
#include "digest.h"
|
|
||||||
|
|
||||||
#include "openbsd-compat/openssl-compat.h"
|
|
||||||
|
|
||||||
#include "fips.h"
|
#include "fips.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
|
||||||
@ -324,20 +281,11 @@ diff --git a/openssh-7.7p1/cipher.c b/openssh-7.7p1/cipher.c
|
|||||||
struct sshcipher {
|
struct sshcipher {
|
||||||
char *name;
|
char *name;
|
||||||
u_int block_size;
|
u_int block_size;
|
||||||
u_int key_len;
|
Index: openssh-7.9p1/cipher.h
|
||||||
u_int iv_len; /* defaults to block_size */
|
===================================================================
|
||||||
u_int auth_len;
|
--- openssh-7.9p1.orig/cipher.h
|
||||||
u_int flags;
|
+++ openssh-7.9p1/cipher.h
|
||||||
#define CFLAG_CBC (1<<0)
|
@@ -46,7 +46,15 @@
|
||||||
diff --git a/openssh-7.7p1/cipher.h b/openssh-7.7p1/cipher.h
|
|
||||||
--- openssh-7.7p1/cipher.h
|
|
||||||
+++ openssh-7.7p1/cipher.h
|
|
||||||
@@ -41,17 +41,25 @@
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include "cipher-chachapoly.h"
|
|
||||||
#include "cipher-aesctr.h"
|
|
||||||
|
|
||||||
#define CIPHER_ENCRYPT 1
|
|
||||||
#define CIPHER_DECRYPT 0
|
#define CIPHER_DECRYPT 0
|
||||||
|
|
||||||
struct sshcipher;
|
struct sshcipher;
|
||||||
@ -354,8 +302,3 @@ diff --git a/openssh-7.7p1/cipher.h b/openssh-7.7p1/cipher.h
|
|||||||
|
|
||||||
const struct sshcipher *cipher_by_name(const char *);
|
const struct sshcipher *cipher_by_name(const char *);
|
||||||
const char *cipher_warning_message(const struct sshcipher_ctx *);
|
const char *cipher_warning_message(const struct sshcipher_ctx *);
|
||||||
int ciphers_valid(const char *);
|
|
||||||
char *cipher_alg_list(char, int);
|
|
||||||
int cipher_init(struct sshcipher_ctx **, const struct sshcipher *,
|
|
||||||
const u_char *, u_int, const u_char *, u_int, int);
|
|
||||||
int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *,
|
|
||||||
|
@ -753,7 +753,7 @@ Index: openssh-7.9p1/readconf.c
|
|||||||
KEX_DEFAULT_PK_ALG, all_key) != 0)
|
KEX_DEFAULT_PK_ALG, all_key) != 0)
|
||||||
fatal("%s: kex_assemble_names failed", __func__);
|
fatal("%s: kex_assemble_names failed", __func__);
|
||||||
free(all_key);
|
free(all_key);
|
||||||
+ filter_fips_algorithms(options);
|
+ filter_fips_algorithms(o);
|
||||||
|
|
||||||
/* Most interesting options first: user, host, port */
|
/* Most interesting options first: user, host, port */
|
||||||
dump_cfg_string(oUser, o->user);
|
dump_cfg_string(oUser, o->user);
|
||||||
|
@ -5,7 +5,12 @@ Index: openssh-7.9p1/Makefile.in
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.9p1.orig/Makefile.in
|
--- openssh-7.9p1.orig/Makefile.in
|
||||||
+++ openssh-7.9p1/Makefile.in
|
+++ openssh-7.9p1/Makefile.in
|
||||||
@@ -108,6 +108,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
|
@@ -104,10 +104,13 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
|
||||||
|
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
|
||||||
|
kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
|
||||||
|
kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
|
||||||
|
+ kexgssc.o \
|
||||||
|
platform-pledge.o platform-tracing.o platform-misc.o
|
||||||
|
|
||||||
LIBSSH_OBJS += fips.o
|
LIBSSH_OBJS += fips.o
|
||||||
|
|
||||||
@ -14,6 +19,15 @@ Index: openssh-7.9p1/Makefile.in
|
|||||||
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||||
sshconnect.o sshconnect2.o mux.o
|
sshconnect.o sshconnect2.o mux.o
|
||||||
|
|
||||||
|
@@ -119,7 +122,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
||||||
|
auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
|
||||||
|
auth2-none.o auth2-passwd.o auth2-pubkey.o \
|
||||||
|
monitor.o monitor_wrap.o auth-krb5.o \
|
||||||
|
- auth2-gss.o gss-serv.o gss-serv-krb5.o \
|
||||||
|
+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
|
||||||
|
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
|
||||||
|
sftp-server.o sftp-common.o \
|
||||||
|
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
|
||||||
Index: openssh-7.9p1/auth-krb5.c
|
Index: openssh-7.9p1/auth-krb5.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.9p1.orig/auth-krb5.c
|
--- openssh-7.9p1.orig/auth-krb5.c
|
||||||
@ -129,7 +143,7 @@ Index: openssh-7.9p1/auth2-gss.c
|
|||||||
* We only support those mechanisms that we know about (ie ones that we know
|
* We only support those mechanisms that we know about (ie ones that we know
|
||||||
* how to check local user kuserok and the like)
|
* how to check local user kuserok and the like)
|
||||||
*/
|
*/
|
||||||
@@ -260,7 +299,8 @@ input_gssapi_exchange_complete(int type,
|
@@ -260,7 +302,8 @@ input_gssapi_exchange_complete(int type,
|
||||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||||
fatal("%s: %s", __func__, ssh_err(r));
|
fatal("%s: %s", __func__, ssh_err(r));
|
||||||
|
|
||||||
@ -139,7 +153,7 @@ Index: openssh-7.9p1/auth2-gss.c
|
|||||||
|
|
||||||
if ((!use_privsep || mm_is_monitor()) &&
|
if ((!use_privsep || mm_is_monitor()) &&
|
||||||
(displayname = ssh_gssapi_displayname()) != NULL)
|
(displayname = ssh_gssapi_displayname()) != NULL)
|
||||||
@@ -306,7 +346,8 @@ input_gssapi_mic(int type, u_int32_t ple
|
@@ -306,7 +349,8 @@ input_gssapi_mic(int type, u_int32_t ple
|
||||||
gssbuf.length = sshbuf_len(b);
|
gssbuf.length = sshbuf_len(b);
|
||||||
|
|
||||||
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
|
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
|
||||||
@ -149,7 +163,7 @@ Index: openssh-7.9p1/auth2-gss.c
|
|||||||
else
|
else
|
||||||
logit("GSSAPI MIC check failed");
|
logit("GSSAPI MIC check failed");
|
||||||
|
|
||||||
@@ -326,6 +367,12 @@ input_gssapi_mic(int type, u_int32_t ple
|
@@ -326,6 +370,12 @@ input_gssapi_mic(int type, u_int32_t ple
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -296,7 +310,7 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.9p1.orig/gss-genr.c
|
--- openssh-7.9p1.orig/gss-genr.c
|
||||||
+++ openssh-7.9p1/gss-genr.c
|
+++ openssh-7.9p1/gss-genr.c
|
||||||
@@ -41,12 +41,169 @@
|
@@ -41,12 +41,174 @@
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
@ -359,7 +373,7 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
+ u_char digest[EVP_MAX_MD_SIZE];
|
+ u_char digest[EVP_MAX_MD_SIZE];
|
||||||
+ char deroid[2];
|
+ char deroid[2];
|
||||||
+ const EVP_MD *evp_md = EVP_md5();
|
+ const EVP_MD *evp_md = EVP_md5();
|
||||||
+ EVP_MD_CTX md;
|
+ EVP_MD_CTX *md;
|
||||||
+
|
+
|
||||||
+ if (gss_enc2oid != NULL) {
|
+ if (gss_enc2oid != NULL) {
|
||||||
+ for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
|
+ for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
|
||||||
@ -373,6 +387,7 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
+ if ((buf = sshbuf_new()) == NULL)
|
+ if ((buf = sshbuf_new()) == NULL)
|
||||||
+ fatal("%s: sshbuf_new failed", __func__);
|
+ fatal("%s: sshbuf_new failed", __func__);
|
||||||
+
|
+
|
||||||
|
+ md = EVP_MD_CTX_new();
|
||||||
+ oidpos = 0;
|
+ oidpos = 0;
|
||||||
+ for (i = 0; i < gss_supported->count; i++) {
|
+ for (i = 0; i < gss_supported->count; i++) {
|
||||||
+ if (gss_supported->elements[i].length < 128 &&
|
+ if (gss_supported->elements[i].length < 128 &&
|
||||||
@ -381,36 +396,40 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
+ deroid[0] = SSH_GSS_OIDTYPE;
|
+ deroid[0] = SSH_GSS_OIDTYPE;
|
||||||
+ deroid[1] = gss_supported->elements[i].length;
|
+ deroid[1] = gss_supported->elements[i].length;
|
||||||
+
|
+
|
||||||
+ EVP_DigestInit(&md, evp_md);
|
+ EVP_DigestInit(md, evp_md);
|
||||||
+ EVP_DigestUpdate(&md, deroid, 2);
|
+ EVP_DigestUpdate(md, deroid, 2);
|
||||||
+ EVP_DigestUpdate(&md,
|
+ EVP_DigestUpdate(md,
|
||||||
+ gss_supported->elements[i].elements,
|
+ gss_supported->elements[i].elements,
|
||||||
+ gss_supported->elements[i].length);
|
+ gss_supported->elements[i].length);
|
||||||
+ EVP_DigestFinal(&md, digest, NULL);
|
+ EVP_DigestFinal(md, digest, NULL);
|
||||||
+
|
+
|
||||||
+ encoded = xmalloc(EVP_MD_size(evp_md) * 2);
|
+ encoded = xmalloc(EVP_MD_size(evp_md) * 2);
|
||||||
+ enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
|
+ enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
|
||||||
+ encoded, EVP_MD_size(evp_md) * 2);
|
+ encoded, EVP_MD_size(evp_md) * 2);
|
||||||
+
|
+
|
||||||
+ cp = strncpy(s, kex, strlen(kex));
|
+ if (oidpos != 0)
|
||||||
+ for ((p = strsep(&cp, ",")); p && *p != '\0';
|
|
||||||
+ (p = strsep(&cp, ","))) {
|
|
||||||
+ if (sshbuf_len(buf) != 0)
|
|
||||||
+ if ((r = sshbuf_put_u8(buf, ',')) != 0)
|
+ if ((r = sshbuf_put_u8(buf, ',')) != 0)
|
||||||
+ fatal("%s: buffer error: %s",
|
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
+ __func__, ssh_err(r));
|
+
|
||||||
+ if ((r = sshbuf_put(buf, p, strlen(p))) != 0 ||
|
+ if ((r = sshbuf_put(buf, KEX_GSS_GEX_SHA1_ID,
|
||||||
|
+ sizeof(KEX_GSS_GEX_SHA1_ID) - 1)) != 0 ||
|
||||||
|
+ (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
|
||||||
|
+ (r = sshbuf_put_u8(buf, ',')) != 0 ||
|
||||||
|
+ (r = sshbuf_put(buf, KEX_GSS_GRP1_SHA1_ID,
|
||||||
|
+ sizeof(KEX_GSS_GRP1_SHA1_ID) - 1)) != 0 ||
|
||||||
|
+ (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
|
||||||
|
+ (r = sshbuf_put_u8(buf, ',')) != 0 ||
|
||||||
|
+ (r = sshbuf_put(buf, KEX_GSS_GRP14_SHA1_ID,
|
||||||
|
+ sizeof(KEX_GSS_GRP14_SHA1_ID) - 1)) != 0 ||
|
||||||
+ (r = sshbuf_put(buf, encoded, enclen)) != 0)
|
+ (r = sshbuf_put(buf, encoded, enclen)) != 0)
|
||||||
+ fatal("%s: buffer error: %s",
|
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
+ __func__, ssh_err(r));
|
|
||||||
+ }
|
|
||||||
+
|
+
|
||||||
+ gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
|
+ gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
|
||||||
+ gss_enc2oid[oidpos].encoded = encoded;
|
+ gss_enc2oid[oidpos].encoded = encoded;
|
||||||
+ oidpos++;
|
+ oidpos++;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+ free(s);
|
+ EVP_MD_CTX_free(md);
|
||||||
+ gss_enc2oid[oidpos].oid = NULL;
|
+ gss_enc2oid[oidpos].oid = NULL;
|
||||||
+ gss_enc2oid[oidpos].encoded = NULL;
|
+ gss_enc2oid[oidpos].encoded = NULL;
|
||||||
+
|
+
|
||||||
@ -466,7 +485,7 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
/* sshbuf_get for gss_buffer_desc */
|
/* sshbuf_get for gss_buffer_desc */
|
||||||
int
|
int
|
||||||
ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
|
ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
|
||||||
@@ -218,7 +375,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de
|
@@ -218,7 +381,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx->major = gss_init_sec_context(&ctx->minor,
|
ctx->major = gss_init_sec_context(&ctx->minor,
|
||||||
@ -475,7 +494,7 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
|
GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
|
||||||
0, NULL, recv_tok, NULL, send_tok, flags, NULL);
|
0, NULL, recv_tok, NULL, send_tok, flags, NULL);
|
||||||
|
|
||||||
@@ -248,8 +405,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
|
@@ -248,8 +411,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
|
||||||
}
|
}
|
||||||
|
|
||||||
OM_uint32
|
OM_uint32
|
||||||
@ -518,7 +537,7 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
|
if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
|
||||||
GSS_C_QOP_DEFAULT, buffer, hash)))
|
GSS_C_QOP_DEFAULT, buffer, hash)))
|
||||||
ssh_gssapi_error(ctx);
|
ssh_gssapi_error(ctx);
|
||||||
@@ -257,6 +448,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
|
@@ -257,6 +454,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
|
||||||
return (ctx->major);
|
return (ctx->major);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -538,7 +557,7 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
void
|
void
|
||||||
ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
|
ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
|
||||||
const char *context)
|
const char *context)
|
||||||
@@ -273,22 +477,31 @@ ssh_gssapi_buildmic(struct sshbuf *b, co
|
@@ -273,22 +483,31 @@ ssh_gssapi_buildmic(struct sshbuf *b, co
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -573,7 +592,7 @@ Index: openssh-7.9p1/gss-genr.c
|
|||||||
NULL);
|
NULL);
|
||||||
gss_release_buffer(&minor, &token);
|
gss_release_buffer(&minor, &token);
|
||||||
if ((*ctx)->context != GSS_C_NO_CONTEXT)
|
if ((*ctx)->context != GSS_C_NO_CONTEXT)
|
||||||
@@ -296,10 +509,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
|
@@ -296,10 +515,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
|
||||||
GSS_C_NO_BUFFER);
|
GSS_C_NO_BUFFER);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -654,7 +673,7 @@ Index: openssh-7.9p1/gss-serv-krb5.c
|
|||||||
const char *errmsg;
|
const char *errmsg;
|
||||||
|
|
||||||
if (client->creds == NULL) {
|
if (client->creds == NULL) {
|
||||||
@@ -180,11 +180,26 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
|
@@ -180,11 +180,23 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -668,7 +687,6 @@ Index: openssh-7.9p1/gss-serv-krb5.c
|
|||||||
- snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
|
- snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
|
||||||
+#ifdef USE_CCAPI
|
+#ifdef USE_CCAPI
|
||||||
+ xasprintf(&client->store.envval, "API:%s", new_ccname);
|
+ xasprintf(&client->store.envval, "API:%s", new_ccname);
|
||||||
+ client->store.filename = NULL;
|
|
||||||
+#else
|
+#else
|
||||||
+ if (new_ccname[0] == ':')
|
+ if (new_ccname[0] == ':')
|
||||||
+ new_ccname++;
|
+ new_ccname++;
|
||||||
@ -679,8 +697,6 @@ Index: openssh-7.9p1/gss-serv-krb5.c
|
|||||||
+ if (p)
|
+ if (p)
|
||||||
+ *p = '\0';
|
+ *p = '\0';
|
||||||
+ }
|
+ }
|
||||||
+ if ((strcmp(new_cctype, "FILE") == 0) || (strcmp(new_cctype, "DIR") == 0))
|
|
||||||
+ client->store.filename = xstrdup(new_ccname);
|
|
||||||
+#endif
|
+#endif
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
@ -1152,7 +1168,7 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.9p1/kexgssc.c
|
+++ openssh-7.9p1/kexgssc.c
|
||||||
@@ -0,0 +1,348 @@
|
@@ -0,0 +1,346 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||||
+ *
|
+ *
|
||||||
@ -1216,13 +1232,12 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
+ BIGNUM *shared_secret = NULL;
|
+ BIGNUM *shared_secret = NULL;
|
||||||
+ BIGNUM *p = NULL;
|
+ BIGNUM *p = NULL;
|
||||||
+ BIGNUM *g = NULL;
|
+ BIGNUM *g = NULL;
|
||||||
|
+ const BIGNUM *pub_key, *p1, *g1;
|
||||||
+ u_char *kbuf;
|
+ u_char *kbuf;
|
||||||
+ u_char *serverhostkey = NULL;
|
+ u_char *serverhostkey = NULL;
|
||||||
+ u_char *empty = "";
|
+ u_char *empty = "";
|
||||||
+ char *msg;
|
+ char *msg;
|
||||||
+ /* TODO
|
|
||||||
+ char *lang;
|
+ char *lang;
|
||||||
+ */
|
|
||||||
+ int type = 0;
|
+ int type = 0;
|
||||||
+ int first = 1;
|
+ int first = 1;
|
||||||
+ int nbits = 0, min = fips_dh_grp_min(), max = DH_GRP_MAX;
|
+ int nbits = 0, min = fips_dh_grp_min(), max = DH_GRP_MAX;
|
||||||
@ -1279,8 +1294,9 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
+ fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type);
|
+ fatal("%s: Unexpected KEX type %d", __func__, ssh->kex->kex_type);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ /* Step 1 - e is dh->pub_key */
|
+ /* Step 1 - e is pub_key */
|
||||||
+ dh_gen_key(dh, ssh->kex->we_need * 8);
|
+ dh_gen_key(dh, ssh->kex->we_need * 8);
|
||||||
|
+ DH_get0_key(dh, &pub_key, NULL);
|
||||||
+
|
+
|
||||||
+ /* This is f, we initialise it now to make life easier */
|
+ /* This is f, we initialise it now to make life easier */
|
||||||
+ dh_server_pub = BN_new();
|
+ dh_server_pub = BN_new();
|
||||||
@ -1328,7 +1344,7 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
+ packet_start(SSH2_MSG_KEXGSS_INIT);
|
+ packet_start(SSH2_MSG_KEXGSS_INIT);
|
||||||
+ packet_put_string(send_tok.value,
|
+ packet_put_string(send_tok.value,
|
||||||
+ send_tok.length);
|
+ send_tok.length);
|
||||||
+ packet_put_bignum2(dh->pub_key);
|
+ packet_put_bignum2((BIGNUM *)pub_key);
|
||||||
+ first = 0;
|
+ first = 0;
|
||||||
+ } else {
|
+ } else {
|
||||||
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
|
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
|
||||||
@ -1383,9 +1399,7 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
+ maj_status = packet_get_int();
|
+ maj_status = packet_get_int();
|
||||||
+ min_status = packet_get_int();
|
+ min_status = packet_get_int();
|
||||||
+ msg = packet_get_string(NULL);
|
+ msg = packet_get_string(NULL);
|
||||||
+ /* TODO
|
|
||||||
+ lang = packet_get_string(NULL);
|
+ lang = packet_get_string(NULL);
|
||||||
+ */
|
|
||||||
+ fatal("GSSAPI Error: \n%.400s",msg);
|
+ fatal("GSSAPI Error: \n%.400s",msg);
|
||||||
+ default:
|
+ default:
|
||||||
+ packet_disconnect("Protocol error: didn't expect packet type %d",
|
+ packet_disconnect("Protocol error: didn't expect packet type %d",
|
||||||
@ -1415,7 +1429,7 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
+ klen = DH_size(dh);
|
+ klen = DH_size(dh);
|
||||||
+ kbuf = xmalloc(klen);
|
+ kbuf = xmalloc(klen);
|
||||||
+ kout = DH_compute_key(kbuf, dh_server_pub, dh);
|
+ kout = DH_compute_key(kbuf, dh_server_pub, dh);
|
||||||
+ if ((int)kout < 0)
|
+ if (kout < 0)
|
||||||
+ fatal("DH_compute_key: failed");
|
+ fatal("DH_compute_key: failed");
|
||||||
+
|
+
|
||||||
+ shared_secret = BN_new();
|
+ shared_secret = BN_new();
|
||||||
@ -1439,13 +1453,14 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
+ sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
|
+ sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
|
||||||
+ sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
|
+ sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
|
||||||
+ (serverhostkey ? serverhostkey : empty), slen,
|
+ (serverhostkey ? serverhostkey : empty), slen,
|
||||||
+ dh->pub_key, /* e */
|
+ pub_key, /* e */
|
||||||
+ dh_server_pub, /* f */
|
+ dh_server_pub, /* f */
|
||||||
+ shared_secret, /* K */
|
+ shared_secret, /* K */
|
||||||
+ hash, &hashlen
|
+ hash, &hashlen
|
||||||
+ );
|
+ );
|
||||||
+ break;
|
+ break;
|
||||||
+ case KEX_GSS_GEX_SHA1:
|
+ case KEX_GSS_GEX_SHA1:
|
||||||
|
+ DH_get0_pqg(dh, &p1, NULL, &g1);
|
||||||
+ kexgex_hash(
|
+ kexgex_hash(
|
||||||
+ ssh->kex->hash_alg,
|
+ ssh->kex->hash_alg,
|
||||||
+ ssh->kex->client_version_string,
|
+ ssh->kex->client_version_string,
|
||||||
@ -1454,8 +1469,8 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
+ sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
|
+ sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
|
||||||
+ (serverhostkey ? serverhostkey : empty), slen,
|
+ (serverhostkey ? serverhostkey : empty), slen,
|
||||||
+ min, nbits, max,
|
+ min, nbits, max,
|
||||||
+ dh->p, dh->g,
|
+ p, g,
|
||||||
+ dh->pub_key,
|
+ pub_key,
|
||||||
+ dh_server_pub,
|
+ dh_server_pub,
|
||||||
+ shared_secret,
|
+ shared_secret,
|
||||||
+ hash, &hashlen
|
+ hash, &hashlen
|
||||||
@ -1494,7 +1509,6 @@ Index: openssh-7.9p1/kexgssc.c
|
|||||||
+ else
|
+ else
|
||||||
+ ssh_gssapi_delete_ctx(&ctxt);
|
+ ssh_gssapi_delete_ctx(&ctxt);
|
||||||
+
|
+
|
||||||
+ /* TODO: check kex_derive_keys_bn return value */
|
|
||||||
+ kex_derive_keys_bn(ssh, hash, hashlen, shared_secret);
|
+ kex_derive_keys_bn(ssh, hash, hashlen, shared_secret);
|
||||||
+ BN_clear_free(shared_secret);
|
+ BN_clear_free(shared_secret);
|
||||||
+ return kex_send_newkeys(ssh);
|
+ return kex_send_newkeys(ssh);
|
||||||
@ -1505,7 +1519,7 @@ Index: openssh-7.9p1/kexgsss.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.9p1/kexgsss.c
|
+++ openssh-7.9p1/kexgsss.c
|
||||||
@@ -0,0 +1,307 @@
|
@@ -0,0 +1,308 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||||
+ *
|
+ *
|
||||||
@ -1586,6 +1600,7 @@ Index: openssh-7.9p1/kexgsss.c
|
|||||||
+ char *mechs;
|
+ char *mechs;
|
||||||
+ u_char hash[SSH_DIGEST_MAX_LENGTH];
|
+ u_char hash[SSH_DIGEST_MAX_LENGTH];
|
||||||
+ size_t hashlen;
|
+ size_t hashlen;
|
||||||
|
+ const BIGNUM *p, *g, *pub_key;
|
||||||
+
|
+
|
||||||
+ /* Initialise GSSAPI */
|
+ /* Initialise GSSAPI */
|
||||||
+
|
+
|
||||||
@ -1638,9 +1653,10 @@ Index: openssh-7.9p1/kexgsss.c
|
|||||||
+ if (dh == NULL)
|
+ if (dh == NULL)
|
||||||
+ packet_disconnect("Protocol error: no matching group found");
|
+ packet_disconnect("Protocol error: no matching group found");
|
||||||
+
|
+
|
||||||
|
+ DH_set0_pqg(dh, &p, NULL, &g);
|
||||||
+ packet_start(SSH2_MSG_KEXGSS_GROUP);
|
+ packet_start(SSH2_MSG_KEXGSS_GROUP);
|
||||||
+ packet_put_bignum2(dh->p);
|
+ packet_put_bignum2((BIGNUM *)p);
|
||||||
+ packet_put_bignum2(dh->g);
|
+ packet_put_bignum2((BIGNUM *)g);
|
||||||
+ packet_send();
|
+ packet_send();
|
||||||
+
|
+
|
||||||
+ packet_write_wait();
|
+ packet_write_wait();
|
||||||
@ -1701,7 +1717,7 @@ Index: openssh-7.9p1/kexgsss.c
|
|||||||
+ if (GSS_ERROR(maj_status)) {
|
+ if (GSS_ERROR(maj_status)) {
|
||||||
+ if (send_tok.length > 0) {
|
+ if (send_tok.length > 0) {
|
||||||
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
|
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
|
||||||
+ packet_put_string(send_tok.value, send_tok.length);
|
+ packet_put_string((char *)send_tok.value, send_tok.length);
|
||||||
+ packet_send();
|
+ packet_send();
|
||||||
+ }
|
+ }
|
||||||
+ fatal("accept_ctx died");
|
+ fatal("accept_ctx died");
|
||||||
@ -1732,17 +1748,17 @@ Index: openssh-7.9p1/kexgsss.c
|
|||||||
+ memset(kbuf, 0, klen);
|
+ memset(kbuf, 0, klen);
|
||||||
+ free(kbuf);
|
+ free(kbuf);
|
||||||
+
|
+
|
||||||
|
+ DH_get0_key(dh, &pub_key, NULL);
|
||||||
+ hashlen = sizeof(hash);
|
+ hashlen = sizeof(hash);
|
||||||
+ switch (ssh->kex->kex_type) {
|
+ switch (ssh->kex->kex_type) {
|
||||||
+ case KEX_GSS_GRP1_SHA1:
|
+ case KEX_GSS_GRP1_SHA1:
|
||||||
+ case KEX_GSS_GRP14_SHA1:
|
+ case KEX_GSS_GRP14_SHA1:
|
||||||
+ kex_dh_hash(
|
+ kex_dh_hash(ssh->kex->hash_alg,
|
||||||
+ ssh->kex->hash_alg,
|
|
||||||
+ ssh->kex->client_version_string, ssh->kex->server_version_string,
|
+ ssh->kex->client_version_string, ssh->kex->server_version_string,
|
||||||
+ sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
|
+ sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
|
||||||
+ sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
|
+ sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
|
||||||
+ NULL, 0, /* Change this if we start sending host keys */
|
+ NULL, 0, /* Change this if we start sending host keys */
|
||||||
+ dh_client_pub, dh->pub_key, shared_secret,
|
+ dh_client_pub, pub_key, shared_secret,
|
||||||
+ hash, &hashlen
|
+ hash, &hashlen
|
||||||
+ );
|
+ );
|
||||||
+ break;
|
+ break;
|
||||||
@ -1754,9 +1770,9 @@ Index: openssh-7.9p1/kexgsss.c
|
|||||||
+ sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
|
+ sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
|
||||||
+ NULL, 0,
|
+ NULL, 0,
|
||||||
+ cmin, nbits, cmax,
|
+ cmin, nbits, cmax,
|
||||||
+ dh->p, dh->g,
|
+ p, g,
|
||||||
+ dh_client_pub,
|
+ dh_client_pub,
|
||||||
+ dh->pub_key,
|
+ pub_key,
|
||||||
+ shared_secret,
|
+ shared_secret,
|
||||||
+ hash, &hashlen
|
+ hash, &hashlen
|
||||||
+ );
|
+ );
|
||||||
@ -1780,12 +1796,12 @@ Index: openssh-7.9p1/kexgsss.c
|
|||||||
+ fatal("Couldn't get MIC");
|
+ fatal("Couldn't get MIC");
|
||||||
+
|
+
|
||||||
+ packet_start(SSH2_MSG_KEXGSS_COMPLETE);
|
+ packet_start(SSH2_MSG_KEXGSS_COMPLETE);
|
||||||
+ packet_put_bignum2(dh->pub_key);
|
+ packet_put_bignum2(pub_key);
|
||||||
+ packet_put_string(msg_tok.value,msg_tok.length);
|
+ packet_put_string(msg_tok.value,msg_tok.length);
|
||||||
+
|
+
|
||||||
+ if (send_tok.length != 0) {
|
+ if (send_tok.length != 0) {
|
||||||
+ packet_put_char(1); /* true */
|
+ packet_put_char(1); /* true */
|
||||||
+ packet_put_string(send_tok.value, send_tok.length);
|
+ packet_put_string((char *)send_tok.value, send_tok.length);
|
||||||
+ } else {
|
+ } else {
|
||||||
+ packet_put_char(0); /* false */
|
+ packet_put_char(0); /* false */
|
||||||
+ }
|
+ }
|
||||||
@ -1801,7 +1817,6 @@ Index: openssh-7.9p1/kexgsss.c
|
|||||||
+
|
+
|
||||||
+ DH_free(dh);
|
+ DH_free(dh);
|
||||||
+
|
+
|
||||||
+ /* TODO: check kex_derive_keys_bn return value */
|
|
||||||
+ kex_derive_keys_bn(ssh, hash, hashlen, shared_secret);
|
+ kex_derive_keys_bn(ssh, hash, hashlen, shared_secret);
|
||||||
+ BN_clear_free(shared_secret);
|
+ BN_clear_free(shared_secret);
|
||||||
+ kex_send_newkeys(ssh);
|
+ kex_send_newkeys(ssh);
|
||||||
@ -2941,7 +2956,7 @@ Index: openssh-7.9p1/sshconnect2.c
|
|||||||
#endif /* GSSAPI */
|
#endif /* GSSAPI */
|
||||||
|
|
||||||
int
|
int
|
||||||
@@ -1473,8 +1713,8 @@ key_type_allowed_by_config(struct sshkey
|
@@ -1473,8 +1716,8 @@ key_type_allowed_by_config(struct sshkey
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* try keys in the following order:
|
* try keys in the following order:
|
||||||
|
@ -10,10 +10,10 @@
|
|||||||
# internal versions. ssh-keyconverter consequently fails to link as it lacks
|
# internal versions. ssh-keyconverter consequently fails to link as it lacks
|
||||||
# the proper flags, and libopenbsd-compat doesn't contain the b64_* functions)
|
# the proper flags, and libopenbsd-compat doesn't contain the b64_* functions)
|
||||||
|
|
||||||
Index: openssh-7.8p1/HOWTO.ldap-keys
|
Index: openssh-7.9p1/HOWTO.ldap-keys
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/HOWTO.ldap-keys
|
+++ openssh-7.9p1/HOWTO.ldap-keys
|
||||||
@@ -0,0 +1,108 @@
|
@@ -0,0 +1,108 @@
|
||||||
+
|
+
|
||||||
+HOW TO START
|
+HOW TO START
|
||||||
@ -123,10 +123,10 @@ Index: openssh-7.8p1/HOWTO.ldap-keys
|
|||||||
+ - frederic peters.
|
+ - frederic peters.
|
||||||
+ - Finlay dobbie.
|
+ - Finlay dobbie.
|
||||||
+ - Stefan Fisher.
|
+ - Stefan Fisher.
|
||||||
Index: openssh-7.8p1/Makefile.in
|
Index: openssh-7.9p1/Makefile.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.8p1.orig/Makefile.in
|
--- openssh-7.9p1.orig/Makefile.in
|
||||||
+++ openssh-7.8p1/Makefile.in
|
+++ openssh-7.9p1/Makefile.in
|
||||||
@@ -24,6 +24,8 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
|
@@ -24,6 +24,8 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
|
||||||
SFTP_SERVER=$(libexecdir)/sftp-server
|
SFTP_SERVER=$(libexecdir)/sftp-server
|
||||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||||
@ -146,7 +146,7 @@ Index: openssh-7.8p1/Makefile.in
|
|||||||
XMSS_OBJS=\
|
XMSS_OBJS=\
|
||||||
ssh-xmss.o \
|
ssh-xmss.o \
|
||||||
sshkey-xmss.o \
|
sshkey-xmss.o \
|
||||||
@@ -132,8 +137,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
@@ -130,8 +135,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
|
||||||
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
|
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
|
||||||
sandbox-solaris.o uidswap.o
|
sandbox-solaris.o uidswap.o
|
||||||
|
|
||||||
@ -157,7 +157,7 @@ Index: openssh-7.8p1/Makefile.in
|
|||||||
MANTYPE = @MANTYPE@
|
MANTYPE = @MANTYPE@
|
||||||
|
|
||||||
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
|
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
|
||||||
@@ -208,6 +213,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
|
@@ -206,6 +211,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
|
||||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
|
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
|
||||||
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||||
|
|
||||||
@ -167,7 +167,7 @@ Index: openssh-7.8p1/Makefile.in
|
|||||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
||||||
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||||
|
|
||||||
@@ -363,6 +371,10 @@ install-files:
|
@@ -361,6 +369,10 @@ install-files:
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
|
||||||
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||||
@ -178,7 +178,7 @@ Index: openssh-7.8p1/Makefile.in
|
|||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||||
$(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT)
|
$(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT)
|
||||||
@@ -381,6 +393,10 @@ install-files:
|
@@ -379,6 +391,10 @@ install-files:
|
||||||
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
||||||
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
||||||
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
||||||
@ -189,7 +189,7 @@ Index: openssh-7.8p1/Makefile.in
|
|||||||
|
|
||||||
install-sysconf:
|
install-sysconf:
|
||||||
$(MKDIR_P) $(DESTDIR)$(sysconfdir)
|
$(MKDIR_P) $(DESTDIR)$(sysconfdir)
|
||||||
@@ -404,6 +420,13 @@ install-sysconf:
|
@@ -402,6 +418,13 @@ install-sysconf:
|
||||||
else \
|
else \
|
||||||
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
|
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
|
||||||
fi
|
fi
|
||||||
@ -203,7 +203,7 @@ Index: openssh-7.8p1/Makefile.in
|
|||||||
|
|
||||||
host-key: ssh-keygen$(EXEEXT)
|
host-key: ssh-keygen$(EXEEXT)
|
||||||
@if [ -z "$(DESTDIR)" ] ; then \
|
@if [ -z "$(DESTDIR)" ] ; then \
|
||||||
@@ -441,6 +464,8 @@ uninstall:
|
@@ -439,6 +462,8 @@ uninstall:
|
||||||
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||||
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||||
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||||
@ -212,7 +212,7 @@ Index: openssh-7.8p1/Makefile.in
|
|||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
||||||
@@ -452,6 +477,7 @@ uninstall:
|
@@ -450,6 +475,7 @@ uninstall:
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
||||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
||||||
@ -220,11 +220,11 @@ Index: openssh-7.8p1/Makefile.in
|
|||||||
|
|
||||||
regress-prep:
|
regress-prep:
|
||||||
$(MKDIR_P) `pwd`/regress/unittests/test_helper
|
$(MKDIR_P) `pwd`/regress/unittests/test_helper
|
||||||
Index: openssh-7.8p1/configure.ac
|
Index: openssh-7.9p1/configure.ac
|
||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.8p1.orig/configure.ac
|
--- openssh-7.9p1.orig/configure.ac
|
||||||
+++ openssh-7.8p1/configure.ac
|
+++ openssh-7.9p1/configure.ac
|
||||||
@@ -1680,6 +1680,106 @@ AC_ARG_WITH([audit],
|
@@ -1671,6 +1671,106 @@ AC_ARG_WITH([audit],
|
||||||
esac ]
|
esac ]
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -331,10 +331,10 @@ Index: openssh-7.8p1/configure.ac
|
|||||||
AC_ARG_WITH([pie],
|
AC_ARG_WITH([pie],
|
||||||
[ --with-pie Build Position Independent Executables if possible], [
|
[ --with-pie Build Position Independent Executables if possible], [
|
||||||
if test "x$withval" = "xno"; then
|
if test "x$withval" = "xno"; then
|
||||||
Index: openssh-7.8p1/ldap-helper.c
|
Index: openssh-7.9p1/ldap-helper.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldap-helper.c
|
+++ openssh-7.9p1/ldap-helper.c
|
||||||
@@ -0,0 +1,155 @@
|
@@ -0,0 +1,155 @@
|
||||||
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -491,10 +491,10 @@ Index: openssh-7.8p1/ldap-helper.c
|
|||||||
+void *buffer_get_string(struct sshbuf *b, u_int *l) { return NULL; }
|
+void *buffer_get_string(struct sshbuf *b, u_int *l) { return NULL; }
|
||||||
+void buffer_put_string(struct sshbuf *b, const void *f, u_int l) {}
|
+void buffer_put_string(struct sshbuf *b, const void *f, u_int l) {}
|
||||||
+
|
+
|
||||||
Index: openssh-7.8p1/ldap-helper.h
|
Index: openssh-7.9p1/ldap-helper.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldap-helper.h
|
+++ openssh-7.9p1/ldap-helper.h
|
||||||
@@ -0,0 +1,32 @@
|
@@ -0,0 +1,32 @@
|
||||||
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -528,10 +528,10 @@ Index: openssh-7.8p1/ldap-helper.h
|
|||||||
+extern int config_warning_config_file;
|
+extern int config_warning_config_file;
|
||||||
+
|
+
|
||||||
+#endif /* LDAP_HELPER_H */
|
+#endif /* LDAP_HELPER_H */
|
||||||
Index: openssh-7.8p1/ldap.conf
|
Index: openssh-7.9p1/ldap.conf
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldap.conf
|
+++ openssh-7.9p1/ldap.conf
|
||||||
@@ -0,0 +1,88 @@
|
@@ -0,0 +1,88 @@
|
||||||
+# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
|
+# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
|
||||||
+#
|
+#
|
||||||
@ -621,10 +621,10 @@ Index: openssh-7.8p1/ldap.conf
|
|||||||
+#tls_cert
|
+#tls_cert
|
||||||
+#tls_key
|
+#tls_key
|
||||||
+
|
+
|
||||||
Index: openssh-7.8p1/ldapbody.c
|
Index: openssh-7.9p1/ldapbody.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldapbody.c
|
+++ openssh-7.9p1/ldapbody.c
|
||||||
@@ -0,0 +1,494 @@
|
@@ -0,0 +1,494 @@
|
||||||
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1120,10 +1120,10 @@ Index: openssh-7.8p1/ldapbody.c
|
|||||||
+ return;
|
+ return;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
Index: openssh-7.8p1/ldapbody.h
|
Index: openssh-7.9p1/ldapbody.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldapbody.h
|
+++ openssh-7.9p1/ldapbody.h
|
||||||
@@ -0,0 +1,37 @@
|
@@ -0,0 +1,37 @@
|
||||||
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1162,10 +1162,10 @@ Index: openssh-7.8p1/ldapbody.h
|
|||||||
+
|
+
|
||||||
+#endif /* LDAPBODY_H */
|
+#endif /* LDAPBODY_H */
|
||||||
+
|
+
|
||||||
Index: openssh-7.8p1/ldapconf.c
|
Index: openssh-7.9p1/ldapconf.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldapconf.c
|
+++ openssh-7.9p1/ldapconf.c
|
||||||
@@ -0,0 +1,711 @@
|
@@ -0,0 +1,711 @@
|
||||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1878,10 +1878,10 @@ Index: openssh-7.8p1/ldapconf.c
|
|||||||
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
|
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
Index: openssh-7.8p1/ldapconf.h
|
Index: openssh-7.9p1/ldapconf.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldapconf.h
|
+++ openssh-7.9p1/ldapconf.h
|
||||||
@@ -0,0 +1,71 @@
|
@@ -0,0 +1,71 @@
|
||||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -1954,10 +1954,10 @@ Index: openssh-7.8p1/ldapconf.h
|
|||||||
+void dump_config(void);
|
+void dump_config(void);
|
||||||
+
|
+
|
||||||
+#endif /* LDAPCONF_H */
|
+#endif /* LDAPCONF_H */
|
||||||
Index: openssh-7.8p1/ldapincludes.h
|
Index: openssh-7.9p1/ldapincludes.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldapincludes.h
|
+++ openssh-7.9p1/ldapincludes.h
|
||||||
@@ -0,0 +1,41 @@
|
@@ -0,0 +1,41 @@
|
||||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -2000,10 +2000,10 @@ Index: openssh-7.8p1/ldapincludes.h
|
|||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
+#endif /* LDAPINCLUDES_H */
|
+#endif /* LDAPINCLUDES_H */
|
||||||
Index: openssh-7.8p1/ldapmisc.c
|
Index: openssh-7.9p1/ldapmisc.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldapmisc.c
|
+++ openssh-7.9p1/ldapmisc.c
|
||||||
@@ -0,0 +1,79 @@
|
@@ -0,0 +1,79 @@
|
||||||
+
|
+
|
||||||
+#include "ldapincludes.h"
|
+#include "ldapincludes.h"
|
||||||
@ -2084,10 +2084,10 @@ Index: openssh-7.8p1/ldapmisc.c
|
|||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
Index: openssh-7.8p1/ldapmisc.h
|
Index: openssh-7.9p1/ldapmisc.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ldapmisc.h
|
+++ openssh-7.9p1/ldapmisc.h
|
||||||
@@ -0,0 +1,35 @@
|
@@ -0,0 +1,35 @@
|
||||||
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||||
+/*
|
+/*
|
||||||
@ -2124,10 +2124,10 @@ Index: openssh-7.8p1/ldapmisc.h
|
|||||||
+
|
+
|
||||||
+#endif /* LDAPMISC_H */
|
+#endif /* LDAPMISC_H */
|
||||||
+
|
+
|
||||||
Index: openssh-7.8p1/openbsd-compat/base64.c
|
Index: openssh-7.9p1/openbsd-compat/base64.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.8p1.orig/openbsd-compat/base64.c
|
--- openssh-7.9p1.orig/openbsd-compat/base64.c
|
||||||
+++ openssh-7.8p1/openbsd-compat/base64.c
|
+++ openssh-7.9p1/openbsd-compat/base64.c
|
||||||
@@ -46,7 +46,7 @@
|
@@ -46,7 +46,7 @@
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
@ -2155,10 +2155,10 @@ Index: openssh-7.8p1/openbsd-compat/base64.c
|
|||||||
|
|
||||||
/* skips all whitespace anywhere.
|
/* skips all whitespace anywhere.
|
||||||
converts characters, four at a time, starting at (or after)
|
converts characters, four at a time, starting at (or after)
|
||||||
Index: openssh-7.8p1/openbsd-compat/base64.h
|
Index: openssh-7.9p1/openbsd-compat/base64.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- openssh-7.8p1.orig/openbsd-compat/base64.h
|
--- openssh-7.9p1.orig/openbsd-compat/base64.h
|
||||||
+++ openssh-7.8p1/openbsd-compat/base64.h
|
+++ openssh-7.9p1/openbsd-compat/base64.h
|
||||||
@@ -45,16 +45,16 @@
|
@@ -45,16 +45,16 @@
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
@ -2180,10 +2180,10 @@ Index: openssh-7.8p1/openbsd-compat/base64.h
|
|||||||
int b64_pton(char const *src, u_char *target, size_t targsize);
|
int b64_pton(char const *src, u_char *target, size_t targsize);
|
||||||
# endif /* !HAVE_B64_PTON */
|
# endif /* !HAVE_B64_PTON */
|
||||||
# define __b64_pton(a,b,c) b64_pton(a,b,c)
|
# define __b64_pton(a,b,c) b64_pton(a,b,c)
|
||||||
Index: openssh-7.8p1/openssh-lpk-openldap.schema
|
Index: openssh-7.9p1/openssh-lpk-openldap.schema
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/openssh-lpk-openldap.schema
|
+++ openssh-7.9p1/openssh-lpk-openldap.schema
|
||||||
@@ -0,0 +1,21 @@
|
@@ -0,0 +1,21 @@
|
||||||
+#
|
+#
|
||||||
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
||||||
@ -2206,10 +2206,10 @@ Index: openssh-7.8p1/openssh-lpk-openldap.schema
|
|||||||
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||||
+ MUST ( sshPublicKey $ uid )
|
+ MUST ( sshPublicKey $ uid )
|
||||||
+ )
|
+ )
|
||||||
Index: openssh-7.8p1/openssh-lpk-sun.schema
|
Index: openssh-7.9p1/openssh-lpk-sun.schema
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/openssh-lpk-sun.schema
|
+++ openssh-7.9p1/openssh-lpk-sun.schema
|
||||||
@@ -0,0 +1,23 @@
|
@@ -0,0 +1,23 @@
|
||||||
+#
|
+#
|
||||||
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
|
||||||
@ -2234,10 +2234,10 @@ Index: openssh-7.8p1/openssh-lpk-sun.schema
|
|||||||
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||||
+ MUST ( sshPublicKey $ uid )
|
+ MUST ( sshPublicKey $ uid )
|
||||||
+ )
|
+ )
|
||||||
Index: openssh-7.8p1/ssh-ldap-helper.8
|
Index: openssh-7.9p1/ssh-ldap-helper.8
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ssh-ldap-helper.8
|
+++ openssh-7.9p1/ssh-ldap-helper.8
|
||||||
@@ -0,0 +1,79 @@
|
@@ -0,0 +1,79 @@
|
||||||
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
|
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
|
||||||
+.\"
|
+.\"
|
||||||
@ -2318,19 +2318,19 @@ Index: openssh-7.8p1/ssh-ldap-helper.8
|
|||||||
+OpenSSH 5.5 + PKA-LDAP .
|
+OpenSSH 5.5 + PKA-LDAP .
|
||||||
+.Sh AUTHORS
|
+.Sh AUTHORS
|
||||||
+.An Jan F. Chadima Aq jchadima@redhat.com
|
+.An Jan F. Chadima Aq jchadima@redhat.com
|
||||||
Index: openssh-7.8p1/ssh-ldap-wrapper
|
Index: openssh-7.9p1/ssh-ldap-wrapper
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ssh-ldap-wrapper
|
+++ openssh-7.9p1/ssh-ldap-wrapper
|
||||||
@@ -0,0 +1,4 @@
|
@@ -0,0 +1,4 @@
|
||||||
+#!/bin/sh
|
+#!/bin/sh
|
||||||
+
|
+
|
||||||
+exec @LIBEXECDIR@/ssh-ldap-helper -s "$1"
|
+exec @LIBEXECDIR@/ssh-ldap-helper -s "$1"
|
||||||
+
|
+
|
||||||
Index: openssh-7.8p1/ssh-ldap.conf.5
|
Index: openssh-7.9p1/ssh-ldap.conf.5
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ openssh-7.8p1/ssh-ldap.conf.5
|
+++ openssh-7.9p1/ssh-ldap.conf.5
|
||||||
@@ -0,0 +1,376 @@
|
@@ -0,0 +1,376 @@
|
||||||
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
|
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
|
||||||
+.\"
|
+.\"
|
||||||
|
@ -41,6 +41,8 @@ Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com
|
|||||||
* openssh-7.7p1-fips.patch
|
* openssh-7.7p1-fips.patch
|
||||||
* openssh-7.7p1-gssapi_key_exchange.patch
|
* openssh-7.7p1-gssapi_key_exchange.patch
|
||||||
* openssh-7.7p1-seccomp_ipc_flock.patch
|
* openssh-7.7p1-seccomp_ipc_flock.patch
|
||||||
|
* openssh-7.7p1-cavstest-ctr.patch
|
||||||
|
* openssh-7.7p1-ldap.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 19 13:22:10 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
Fri Oct 19 13:22:10 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||||||
|
Loading…
Reference in New Issue
Block a user