[openssh] fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)

Petr Lautrbach plautrba at fedoraproject.org
Wed Nov 12 16:39:26 UTC 2014 

commit 57666dc3be7d7568947e2bfcace171766915c85f
Author: Petr Lautrbach <plautrba at redhat.com>
Date:   Wed Nov 12 17:02:36 2014 +0100

    fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)

 openssh-6.6p1-gsskex.patch |   26 ++++++++++++++++----------
 1 files changed, 16 insertions(+), 10 deletions(-)
---
diff --git a/openssh-6.6p1-gsskex.patch b/openssh-6.6p1-gsskex.patch
index 90e84d2..826acd4 100644
--- a/openssh-6.6p1-gsskex.patch
+++ b/openssh-6.6p1-gsskex.patch
@@ -1741,7 +1741,13 @@ index 229fada..aa70945 100644
  #endif
  
  #ifdef SSH_AUDIT_EVENTS
-@@ -258,6 +260,12 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -253,11 +255,18 @@ struct mon_table mon_dispatch_proto20[] = {
+     {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
+     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+     {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
++    {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
+ #endif
+     {0, 0, NULL}
  };
  
  struct mon_table mon_dispatch_postauth20[] = {
@@ -1754,7 +1760,7 @@ index 229fada..aa70945 100644
      {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
      {MONITOR_REQ_SIGN, 0, mm_answer_sign},
      {MONITOR_REQ_PTY, 0, mm_answer_pty},
-@@ -366,6 +374,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+@@ -366,6 +375,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
  		/* Permit requests for moduli and signatures */
  		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -1765,7 +1771,7 @@ index 229fada..aa70945 100644
  	} else {
  		mon_dispatch = mon_dispatch_proto15;
  
-@@ -471,6 +483,10 @@ monitor_child_postauth(struct monitor *pmonitor)
+@@ -471,6 +484,10 @@ monitor_child_postauth(struct monitor *pmonitor)
  		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -1776,7 +1782,7 @@ index 229fada..aa70945 100644
  	} else {
  		mon_dispatch = mon_dispatch_postauth15;
  		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
-@@ -1866,6 +1882,13 @@ mm_get_kex(Buffer *m)
+@@ -1866,6 +1883,13 @@ mm_get_kex(Buffer *m)
  	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
  	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
  	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -1790,7 +1796,7 @@ index 229fada..aa70945 100644
  	kex->server = 1;
  	kex->hostkey_type = buffer_get_int(m);
  	kex->kex_type = buffer_get_int(m);
-@@ -2073,6 +2096,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
+@@ -2073,6 +2097,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
  	OM_uint32 major;
  	u_int len;
  
@@ -1800,7 +1806,7 @@ index 229fada..aa70945 100644
  	goid.elements = buffer_get_string(m, &len);
  	goid.length = len;
  
-@@ -2100,6 +2126,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -2100,6 +2127,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
  	OM_uint32 flags = 0; /* GSI needs this */
  	u_int len;
  
@@ -1810,7 +1816,7 @@ index 229fada..aa70945 100644
  	in.value = buffer_get_string(m, &len);
  	in.length = len;
  	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
-@@ -2117,6 +2146,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -2117,6 +2147,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -1818,7 +1824,7 @@ index 229fada..aa70945 100644
  	}
  	return (0);
  }
-@@ -2128,6 +2158,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
+@@ -2128,6 +2159,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
  	OM_uint32 ret;
  	u_int len;
  
@@ -1828,7 +1834,7 @@ index 229fada..aa70945 100644
  	gssbuf.value = buffer_get_string(m, &len);
  	gssbuf.length = len;
  	mic.value = buffer_get_string(m, &len);
-@@ -2154,7 +2187,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -2154,7 +2188,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
  {
  	int authenticated;
  
@@ -1841,7 +1847,7 @@ index 229fada..aa70945 100644
  
  	buffer_clear(m);
  	buffer_put_int(m, authenticated);
-@@ -2167,5 +2204,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -2167,5 +2205,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
  	/* Monitor loop will terminate if authenticated */
  	return (authenticated);
  }

More information about the scm-commits mailing list