[openssh] fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)
Petr Lautrbach
plautrba at fedoraproject.org
Wed Nov 12 16:39:26 UTC 2014
commit 57666dc3be7d7568947e2bfcace171766915c85f
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Wed Nov 12 17:02:36 2014 +0100
fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)
openssh-6.6p1-gsskex.patch | 26 ++++++++++++++++----------
1 files changed, 16 insertions(+), 10 deletions(-)
---
diff --git a/openssh-6.6p1-gsskex.patch b/openssh-6.6p1-gsskex.patch
index 90e84d2..826acd4 100644
--- a/openssh-6.6p1-gsskex.patch
+++ b/openssh-6.6p1-gsskex.patch
@@ -1741,7 +1741,13 @@ index 229fada..aa70945 100644
#endif
#ifdef SSH_AUDIT_EVENTS
-@@ -258,6 +260,12 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -253,11 +255,18 @@ struct mon_table mon_dispatch_proto20[] = {
+ {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
+ {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+ {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
++ {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
+ #endif
+ {0, 0, NULL}
};
struct mon_table mon_dispatch_postauth20[] = {
@@ -1754,7 +1760,7 @@ index 229fada..aa70945 100644
{MONITOR_REQ_MODULI, 0, mm_answer_moduli},
{MONITOR_REQ_SIGN, 0, mm_answer_sign},
{MONITOR_REQ_PTY, 0, mm_answer_pty},
-@@ -366,6 +374,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+@@ -366,6 +375,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
/* Permit requests for moduli and signatures */
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -1765,7 +1771,7 @@ index 229fada..aa70945 100644
} else {
mon_dispatch = mon_dispatch_proto15;
-@@ -471,6 +483,10 @@ monitor_child_postauth(struct monitor *pmonitor)
+@@ -471,6 +484,10 @@ monitor_child_postauth(struct monitor *pmonitor)
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -1776,7 +1782,7 @@ index 229fada..aa70945 100644
} else {
mon_dispatch = mon_dispatch_postauth15;
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
-@@ -1866,6 +1882,13 @@ mm_get_kex(Buffer *m)
+@@ -1866,6 +1883,13 @@ mm_get_kex(Buffer *m)
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -1790,7 +1796,7 @@ index 229fada..aa70945 100644
kex->server = 1;
kex->hostkey_type = buffer_get_int(m);
kex->kex_type = buffer_get_int(m);
-@@ -2073,6 +2096,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
+@@ -2073,6 +2097,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
OM_uint32 major;
u_int len;
@@ -1800,7 +1806,7 @@ index 229fada..aa70945 100644
goid.elements = buffer_get_string(m, &len);
goid.length = len;
-@@ -2100,6 +2126,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -2100,6 +2127,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
OM_uint32 flags = 0; /* GSI needs this */
u_int len;
@@ -1810,7 +1816,7 @@ index 229fada..aa70945 100644
in.value = buffer_get_string(m, &len);
in.length = len;
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
-@@ -2117,6 +2146,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -2117,6 +2147,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -1818,7 +1824,7 @@ index 229fada..aa70945 100644
}
return (0);
}
-@@ -2128,6 +2158,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
+@@ -2128,6 +2159,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
OM_uint32 ret;
u_int len;
@@ -1828,7 +1834,7 @@ index 229fada..aa70945 100644
gssbuf.value = buffer_get_string(m, &len);
gssbuf.length = len;
mic.value = buffer_get_string(m, &len);
-@@ -2154,7 +2187,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -2154,7 +2188,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
{
int authenticated;
@@ -1841,7 +1847,7 @@ index 229fada..aa70945 100644
buffer_clear(m);
buffer_put_int(m, authenticated);
-@@ -2167,5 +2204,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -2167,5 +2205,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
/* Monitor loop will terminate if authenticated */
return (authenticated);
}
More information about the scm-commits
mailing list