rpms/openssh
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Apply GSSAPI key exchange methods in client offered list (#1261414)

Browse Source
This commit is contained in:
Jakub Jelen 2015-09-23 14:16:43 +02:00
parent c6ba7b1e09
commit 9a804fa266
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssh-6.6p1-gsskex.patch
View File

@ -2290,7 +2290,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
+ if (options.gss_keyex) {
+ /* Add the GSSAPI mechanisms currently supported on this
+ * client to the key exchange algorithm proposal */
+ orig = myproposal[PROPOSAL_KEX_ALGS];
+ orig = options.kex_algorithms;
+
+ if (options.gss_trust_dns)
+ gss_host = (char *)get_canonical_hostname(1);
@ -2300,7 +2300,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
+ gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
+ if (gss) {
+ debug("Offering GSSAPI proposal: %s", gss);
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+ xasprintf(&options.kex_algorithms,
+ "%s,%s", gss, orig);
+ }
+ }

8
openssh-6.7p1-fips.patch
View File

@ -492,7 +492,7 @@ diff -up openssh-7.0p1/sshconnect2.c.fips openssh-7.0p1/sshconnect2.c
if (options.gss_keyex) {
- /* Add the GSSAPI mechanisms currently supported on this
- * client to the key exchange algorithm proposal */
- orig = myproposal[PROPOSAL_KEX_ALGS];
- orig = options.kex_algorithms;
-
- if (options.gss_trust_dns)
- gss_host = (char *)get_canonical_hostname(1);
@ -503,7 +503,7 @@ diff -up openssh-7.0p1/sshconnect2.c.fips openssh-7.0p1/sshconnect2.c
- options.gss_client_identity, options.gss_kex_algorithms);
- if (gss) {
- debug("Offering GSSAPI proposal: %s", gss);
- xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
- xasprintf(&options.kex_algorithms,
- "%s,%s", gss, orig);
+ if (FIPS_mode()) {
+ logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode");
@ -511,7 +511,7 @@ diff -up openssh-7.0p1/sshconnect2.c.fips openssh-7.0p1/sshconnect2.c
+ } else {
+ /* Add the GSSAPI mechanisms currently supported on this
+ * client to the key exchange algorithm proposal */
+ orig = myproposal[PROPOSAL_KEX_ALGS];
+ orig = options.kex_algorithms;
+
+ if (options.gss_trust_dns)
+ gss_host = (char *)get_canonical_hostname(1);
@ -522,7 +522,7 @@ diff -up openssh-7.0p1/sshconnect2.c.fips openssh-7.0p1/sshconnect2.c
+ options.gss_client_identity, options.gss_kex_algorithms);
+ if (gss) {
+ debug("Offering GSSAPI proposal: %s", gss);
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+ xasprintf(&options.kex_algorithms,
+ "%s,%s", gss, orig);
+ }
}

2
openssh-7.0p1-gssKexAlgorithms.patch
View File

@ -362,7 +362,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskexalg openssh-7.0p1/sshconnect2.c
+ options.gss_client_identity, options.gss_kex_algorithms);
if (gss) {
debug("Offering GSSAPI proposal: %s", gss);
xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
xasprintf(&options.kex_algorithms,
diff -up openssh-7.0p1/sshd_config.5.gsskexalg openssh-7.0p1/sshd_config.5
--- openssh-7.0p1/sshd_config.5.gsskexalg 2015-08-19 12:28:38.082518830 +0200
+++ openssh-7.0p1/sshd_config.5 2015-08-19 12:36:25.121471501 +0200