[openssh] Add chunk missed in the new upstream merge.
Tomáš Mráz
tmraz at fedoraproject.org
Fri Sep 9 16:06:43 UTC 2011
commit fc87f2dceddc09e6b5bee8669d98e591ae288837
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Sep 9 18:06:02 2011 +0200
Add chunk missed in the new upstream merge.
openssh-5.9p1-akc.patch | 78 +++++++++++++++++++++++++++--------------------
1 files changed, 45 insertions(+), 33 deletions(-)
---
diff --git a/openssh-5.9p1-akc.patch b/openssh-5.9p1-akc.patch
index 175e1b5..0abc256 100644
--- a/openssh-5.9p1-akc.patch
+++ b/openssh-5.9p1-akc.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c
---- openssh-5.9p0/auth2-pubkey.c.akc 2011-09-05 14:26:19.008627855 +0200
-+++ openssh-5.9p0/auth2-pubkey.c 2011-09-05 14:26:21.125500355 +0200
+diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
+--- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-09 17:26:31.000000000 +0200
++++ openssh-5.9p1/auth2-pubkey.c 2011-09-09 17:28:15.000000000 +0200
@@ -27,6 +27,7 @@
#include <sys/types.h>
@@ -47,7 +47,7 @@ diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c
key_free(found);
if (!found_key)
debug2("key not found");
-@@ -452,7 +439,179 @@ user_cert_trusted_ca(struct passwd *pw,
+@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw,
return ret;
}
@@ -228,9 +228,21 @@ diff -up openssh-5.9p0/auth2-pubkey.c.akc openssh-5.9p0/auth2-pubkey.c
int
user_key_allowed(struct passwd *pw, Key *key)
{
-diff -up openssh-5.9p0/configure.ac.akc openssh-5.9p0/configure.ac
---- openssh-5.9p0/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200
-+++ openssh-5.9p0/configure.ac 2011-09-05 14:26:21.227601590 +0200
+ u_int success, i;
+ char *file;
+
++#ifdef WITH_AUTHORIZED_KEYS_COMMAND
++ success = user_key_via_command_allowed2(pw, key);
++ if (success > 0)
++ return success;
++#endif
++
+ if (auth_key_is_revoked(key))
+ return 0;
+ if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
+diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
+--- openssh-5.9p1/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200
++++ openssh-5.9p1/configure.ac 2011-09-09 17:26:31.000000000 +0200
@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
esac ]
)
@@ -258,10 +270,10 @@ diff -up openssh-5.9p0/configure.ac.akc openssh-5.9p0/configure.ac
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
-diff -up openssh-5.9p0/servconf.c.akc openssh-5.9p0/servconf.c
---- openssh-5.9p0/servconf.c.akc 2011-09-05 14:26:08.430440620 +0200
-+++ openssh-5.9p0/servconf.c 2011-09-05 14:26:21.386571209 +0200
-@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
+diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
+--- openssh-5.9p1/servconf.c.akc 2011-09-09 17:26:30.000000000 +0200
++++ openssh-5.9p1/servconf.c 2011-09-09 17:26:31.000000000 +0200
+@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
@@ -331,9 +343,9 @@ diff -up openssh-5.9p0/servconf.c.akc openssh-5.9p0/servconf.c
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
-diff -up openssh-5.9p0/servconf.h.akc openssh-5.9p0/servconf.h
---- openssh-5.9p0/servconf.h.akc 2011-09-05 14:26:08.536478884 +0200
-+++ openssh-5.9p0/servconf.h 2011-09-05 14:26:21.513500639 +0200
+diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
+--- openssh-5.9p1/servconf.h.akc 2011-09-09 17:26:30.000000000 +0200
++++ openssh-5.9p1/servconf.h 2011-09-09 17:26:31.000000000 +0200
@@ -174,6 +174,8 @@ typedef struct {
char *revoked_keys_file;
char *trusted_user_ca_keys;
@@ -343,9 +355,22 @@ diff -up openssh-5.9p0/servconf.h.akc openssh-5.9p0/servconf.h
} ServerOptions;
/*
-diff -up openssh-5.9p0/sshd_config.0.akc openssh-5.9p0/sshd_config.0
---- openssh-5.9p0/sshd_config.0.akc 2011-08-29 16:30:02.000000000 +0200
-+++ openssh-5.9p0/sshd_config.0 2011-09-05 14:26:21.880500451 +0200
+diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
+--- openssh-5.9p1/sshd_config.akc 2011-09-09 17:26:30.000000000 +0200
++++ openssh-5.9p1/sshd_config 2011-09-09 17:26:31.000000000 +0200
+@@ -49,6 +49,9 @@
+ # but this is overridden so installations will only check .ssh/authorized_keys
+ AuthorizedKeysFile .ssh/authorized_keys
+
++#AuthorizedKeysCommand none
++#AuthorizedKeysCommandRunAs nobody
++
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
+ # similar for protocol version 2
+diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
+--- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200
++++ openssh-5.9p1/sshd_config.0 2011-09-09 17:26:31.000000000 +0200
@@ -71,6 +71,23 @@ DESCRIPTION
See PATTERNS in ssh_config(5) for more information on patterns.
@@ -380,9 +405,9 @@ diff -up openssh-5.9p0/sshd_config.0.akc openssh-5.9p0/sshd_config.0
Banner, ChrootDirectory, ForceCommand, GatewayPorts,
GSSAPIAuthentication, HostbasedAuthentication,
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
-diff -up openssh-5.9p0/sshd_config.5.akc openssh-5.9p0/sshd_config.5
---- openssh-5.9p0/sshd_config.5.akc 2011-09-05 14:26:08.750503994 +0200
-+++ openssh-5.9p0/sshd_config.5 2011-09-05 14:26:21.987502513 +0200
+diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
+--- openssh-5.9p1/sshd_config.5.akc 2011-09-09 17:26:30.000000000 +0200
++++ openssh-5.9p1/sshd_config.5 2011-09-09 17:26:31.000000000 +0200
@@ -706,6 +706,8 @@ Available keywords are
.Cm AllowAgentForwarding ,
.Cm AllowTcpForwarding ,
@@ -421,16 +446,3 @@ diff -up openssh-5.9p0/sshd_config.5.akc openssh-5.9p0/sshd_config.5
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
-diff -up openssh-5.9p0/sshd_config.akc openssh-5.9p0/sshd_config
---- openssh-5.9p0/sshd_config.akc 2011-09-05 14:26:08.000000000 +0200
-+++ openssh-5.9p0/sshd_config 2011-09-05 14:45:21.135479100 +0200
-@@ -49,6 +49,9 @@
- # but this is overridden so installations will only check .ssh/authorized_keys
- AuthorizedKeysFile .ssh/authorized_keys
-
-+#AuthorizedKeysCommand none
-+#AuthorizedKeysCommandRunAs nobody
-+
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
- # similar for protocol version 2
More information about the scm-commits
mailing list