rpms
/
openssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Apply GSSAPI key exchange methods in client offered list (#1261414)

This commit is contained in:
Jakub Jelen 2015-09-23 14:16:43 +02:00
parent 76d20b5d73
commit a78d20aea9
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssh-6.6p1-gsskex.patch
View File

@ -2290,7 +2290,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
+ if (options.gss_keyex) { + if (options.gss_keyex) {
+ /* Add the GSSAPI mechanisms currently supported on this + /* Add the GSSAPI mechanisms currently supported on this
+ * client to the key exchange algorithm proposal */ + * client to the key exchange algorithm proposal */
+ orig = myproposal[PROPOSAL_KEX_ALGS]; + orig = options.kex_algorithms;
+ +
+ if (options.gss_trust_dns) + if (options.gss_trust_dns)
+ gss_host = (char *)get_canonical_hostname(1); + gss_host = (char *)get_canonical_hostname(1);
@ -2300,7 +2300,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
+ gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity); + gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
+ if (gss) { + if (gss) {
+ debug("Offering GSSAPI proposal: %s", gss); + debug("Offering GSSAPI proposal: %s", gss);
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS], + xasprintf(&options.kex_algorithms,
+ "%s,%s", gss, orig); + "%s,%s", gss, orig);
+ } + }
+ } + }

8
openssh-6.7p1-fips.patch
View File

@ -460,7 +460,7 @@ diff -up openssh-6.9p1/sshconnect2.c.fips openssh-6.9p1/sshconnect2.c
if (options.gss_keyex) { if (options.gss_keyex) {
- /* Add the GSSAPI mechanisms currently supported on this - /* Add the GSSAPI mechanisms currently supported on this
- * client to the key exchange algorithm proposal */ - * client to the key exchange algorithm proposal */
- orig = myproposal[PROPOSAL_KEX_ALGS]; - orig = options.kex_algorithms;
- -
- if (options.gss_trust_dns) - if (options.gss_trust_dns)
- gss_host = (char *)get_canonical_hostname(1); - gss_host = (char *)get_canonical_hostname(1);
@ -471,7 +471,7 @@ diff -up openssh-6.9p1/sshconnect2.c.fips openssh-6.9p1/sshconnect2.c
- options.gss_client_identity, options.gss_kex_algorithms); - options.gss_client_identity, options.gss_kex_algorithms);
- if (gss) { - if (gss) {
- debug("Offering GSSAPI proposal: %s", gss); - debug("Offering GSSAPI proposal: %s", gss);
- xasprintf(&myproposal[PROPOSAL_KEX_ALGS], - xasprintf(&options.kex_algorithms,
- "%s,%s", gss, orig); - "%s,%s", gss, orig);
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode"); + logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode");
@ -479,7 +479,7 @@ diff -up openssh-6.9p1/sshconnect2.c.fips openssh-6.9p1/sshconnect2.c
+ } else { + } else {
+ /* Add the GSSAPI mechanisms currently supported on this + /* Add the GSSAPI mechanisms currently supported on this
+ * client to the key exchange algorithm proposal */ + * client to the key exchange algorithm proposal */
+ orig = myproposal[PROPOSAL_KEX_ALGS]; + orig = options.kex_algorithms;
+ +
+ if (options.gss_trust_dns) + if (options.gss_trust_dns)
+ gss_host = (char *)get_canonical_hostname(1); + gss_host = (char *)get_canonical_hostname(1);
@ -490,7 +490,7 @@ diff -up openssh-6.9p1/sshconnect2.c.fips openssh-6.9p1/sshconnect2.c
+ options.gss_client_identity, options.gss_kex_algorithms); + options.gss_client_identity, options.gss_kex_algorithms);
+ if (gss) { + if (gss) {
+ debug("Offering GSSAPI proposal: %s", gss); + debug("Offering GSSAPI proposal: %s", gss);
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS], + xasprintf(&options.kex_algorithms,
+ "%s,%s", gss, orig); + "%s,%s", gss, orig);
+ } + }
} }

2
openssh-6.9p1-gssKexAlgorithms.patch
View File

@ -362,7 +362,7 @@ diff -up openssh-6.9p1/sshconnect2.c.gsskexalg openssh-6.9p1/sshconnect2.c
+ options.gss_client_identity, options.gss_kex_algorithms); + options.gss_client_identity, options.gss_kex_algorithms);
if (gss) { if (gss) {
debug("Offering GSSAPI proposal: %s", gss); debug("Offering GSSAPI proposal: %s", gss);
xasprintf(&myproposal[PROPOSAL_KEX_ALGS], xasprintf(&options.kex_algorithms,
diff -up openssh-6.9p1/sshd_config.5.gsskexalg openssh-6.9p1/sshd_config.5 diff -up openssh-6.9p1/sshd_config.5.gsskexalg openssh-6.9p1/sshd_config.5
--- openssh-6.9p1/sshd_config.5.gsskexalg 2015-08-20 11:54:50.517693747 +0200 --- openssh-6.9p1/sshd_config.5.gsskexalg 2015-08-20 11:54:50.517693747 +0200
+++ openssh-6.9p1/sshd_config.5 2015-08-20 11:54:50.529693724 +0200 +++ openssh-6.9p1/sshd_config.5 2015-08-20 11:54:50.529693724 +0200