Add chunk missed in the new upstream merge.
This commit is contained in:
Tomas Mraz
parent
3b545be5d7
commit
fc87f2dced
|
|
@ -1,6 +1,6 @@
|
|||
diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c
|
||||
--- openssh-5.9p0/auth2-pubkey.c.akc 2011-09-05 14:26:19.008627855 +0200
|
||||
+++ openssh-5.9p0/auth2-pubkey.c 2011-09-05 14:26:21.125500355 +0200
|
||||
diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
|
||||
--- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-09 17:26:31.000000000 +0200
|
||||
+++ openssh-5.9p1/auth2-pubkey.c 2011-09-09 17:28:15.000000000 +0200
|
||||
@@ -27,6 +27,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
|
|
@ -47,7 +47,7 @@ diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c
|
|||
key_free(found);
|
||||
if (!found_key)
|
||||
debug2("key not found");
|
||||
@@ -452,7 +439,179 @@ user_cert_trusted_ca(struct passwd *pw,
|
||||
@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw,
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -228,9 +228,21 @@ diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c
|
|||
int
|
||||
user_key_allowed(struct passwd *pw, Key *key)
|
||||
{
|
||||
diff -up openssh-5.9p0/configure.ac.akc openssh-5.9p0/configure.ac
|
||||
--- openssh-5.9p0/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200
|
||||
+++ openssh-5.9p0/configure.ac 2011-09-05 14:26:21.227601590 +0200
|
||||
u_int success, i;
|
||||
char *file;
|
||||
|
||||
+#ifdef WITH_AUTHORIZED_KEYS_COMMAND
|
||||
+ success = user_key_via_command_allowed2(pw, key);
|
||||
+ if (success > 0)
|
||||
+ return success;
|
||||
+#endif
|
||||
+
|
||||
if (auth_key_is_revoked(key))
|
||||
return 0;
|
||||
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
|
||||
diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
|
||||
--- openssh-5.9p1/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200
|
||||
+++ openssh-5.9p1/configure.ac 2011-09-09 17:26:31.000000000 +0200
|
||||
@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
|
||||
esac ]
|
||||
)
|
||||
|
|
@ -258,10 +270,10 @@ diff -up openssh-5.9p0/configure.ac.akc openssh-5.9p0/configure.ac
|
|||
echo " MD5 password support: $MD5_MSG"
|
||||
echo " libedit support: $LIBEDIT_MSG"
|
||||
echo " Solaris process contract support: $SPC_MSG"
|
||||
diff -up openssh-5.9p0/servconf.c.akc openssh-5.9p0/servconf.c
|
||||
--- openssh-5.9p0/servconf.c.akc 2011-09-05 14:26:08.430440620 +0200
|
||||
+++ openssh-5.9p0/servconf.c 2011-09-05 14:26:21.386571209 +0200
|
||||
@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
|
||||
diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
|
||||
--- openssh-5.9p1/servconf.c.akc 2011-09-09 17:26:30.000000000 +0200
|
||||
+++ openssh-5.9p1/servconf.c 2011-09-09 17:26:31.000000000 +0200
|
||||
@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
|
||||
options->num_permitted_opens = -1;
|
||||
options->adm_forced_command = NULL;
|
||||
options->chroot_directory = NULL;
|
||||
|
|
@ -331,9 +343,9 @@ diff -up openssh-5.9p0/servconf.c.akc openssh-5.9p0/servconf.c
|
|||
|
||||
/* string arguments requiring a lookup */
|
||||
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
|
||||
diff -up openssh-5.9p0/servconf.h.akc openssh-5.9p0/servconf.h
|
||||
--- openssh-5.9p0/servconf.h.akc 2011-09-05 14:26:08.536478884 +0200
|
||||
+++ openssh-5.9p0/servconf.h 2011-09-05 14:26:21.513500639 +0200
|
||||
diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
|
||||
--- openssh-5.9p1/servconf.h.akc 2011-09-09 17:26:30.000000000 +0200
|
||||
+++ openssh-5.9p1/servconf.h 2011-09-09 17:26:31.000000000 +0200
|
||||
@@ -174,6 +174,8 @@ typedef struct {
|
||||
char *revoked_keys_file;
|
||||
char *trusted_user_ca_keys;
|
||||
|
|
@ -343,9 +355,22 @@ diff -up openssh-5.9p0/servconf.h.akc openssh-5.9p0/servconf.h
|
|||
} ServerOptions;
|
||||
|
||||
/*
|
||||
diff -up openssh-5.9p0/sshd_config.0.akc openssh-5.9p0/sshd_config.0
|
||||
--- openssh-5.9p0/sshd_config.0.akc 2011-08-29 16:30:02.000000000 +0200
|
||||
+++ openssh-5.9p0/sshd_config.0 2011-09-05 14:26:21.880500451 +0200
|
||||
diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
|
||||
--- openssh-5.9p1/sshd_config.akc 2011-09-09 17:26:30.000000000 +0200
|
||||
+++ openssh-5.9p1/sshd_config 2011-09-09 17:26:31.000000000 +0200
|
||||
@@ -49,6 +49,9 @@
|
||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
+#AuthorizedKeysCommand none
|
||||
+#AuthorizedKeysCommandRunAs nobody
|
||||
+
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
#RhostsRSAAuthentication no
|
||||
# similar for protocol version 2
|
||||
diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
|
||||
--- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200
|
||||
+++ openssh-5.9p1/sshd_config.0 2011-09-09 17:26:31.000000000 +0200
|
||||
@@ -71,6 +71,23 @@ DESCRIPTION
|
||||
|
||||
See PATTERNS in ssh_config(5) for more information on patterns.
|
||||
|
|
@ -380,9 +405,9 @@ diff -up openssh-5.9p0/sshd_config.0.akc openssh-5.9p0/sshd_config.0
|
|||
Banner, ChrootDirectory, ForceCommand, GatewayPorts,
|
||||
GSSAPIAuthentication, HostbasedAuthentication,
|
||||
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
|
||||
diff -up openssh-5.9p0/sshd_config.5.akc openssh-5.9p0/sshd_config.5
|
||||
--- openssh-5.9p0/sshd_config.5.akc 2011-09-05 14:26:08.750503994 +0200
|
||||
+++ openssh-5.9p0/sshd_config.5 2011-09-05 14:26:21.987502513 +0200
|
||||
diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
|
||||
--- openssh-5.9p1/sshd_config.5.akc 2011-09-09 17:26:30.000000000 +0200
|
||||
+++ openssh-5.9p1/sshd_config.5 2011-09-09 17:26:31.000000000 +0200
|
||||
@@ -706,6 +706,8 @@ Available keywords are
|
||||
.Cm AllowAgentForwarding ,
|
||||
.Cm AllowTcpForwarding ,
|
||||
|
|
@ -421,16 +446,3 @@ diff -up openssh-5.9p0/sshd_config.5.akc openssh-5.9p0/sshd_config.5
|
|||
.It Cm RhostsRSAAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
with successful RSA host authentication is allowed.
|
||||
diff -up openssh-5.9p0/sshd_config.akc openssh-5.9p0/sshd_config
|
||||
--- openssh-5.9p0/sshd_config.akc 2011-09-05 14:26:08.000000000 +0200
|
||||
+++ openssh-5.9p0/sshd_config 2011-09-05 14:45:21.135479100 +0200
|
||||
@@ -49,6 +49,9 @@
|
||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
+#AuthorizedKeysCommand none
|
||||
+#AuthorizedKeysCommandRunAs nobody
|
||||
+
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
#RhostsRSAAuthentication no
|
||||
# similar for protocol version 2
|
||||
|
|
|
|||
Loading…
Reference in New Issue