Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/051-GSSAPIStrictAcceptorCheck_yes.patch
author Tomas Kuthan <tomas.kuthan@oracle.com>
Wed, 11 Jan 2017 12:12:15 -0800
changeset 7560 9732971b7855
permissions -rw-r--r--
23227315 sshd offers GSS-API key exchange despite having no keytab 25135484 auth_root_allowed: clasify 'gssapi-keyex' method as passwordless
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
7560
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     1
 
#
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     2
 
# GSSAPIStrictAcceptorCheck should default to yes as documented
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     3
 
#
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     4
 
# When GSSAPIStrictAcceptorCheck is not explicitely specified in sshd_config,
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     5
 
# the default value should be yes. It is documented in sshd_config(5) this
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     6
 
# way and it preserves original behavior.
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     7
 
#
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     8
 
# Also GSSAPIStrictAcceptorCheck=no interacts poorly with GSSAPIKeyExchange,
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     9
 
# where it make the server willing to negotiate GSS-API key exchange, although
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    10
 
# no keytab was provided.
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    11
 
#
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    12
 
# Patch source: in-house
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    13
 
# Reported upstream:
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    14
 
# https://bugzilla.mindrot.org/show_bug.cgi?id=2637
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    15
 
#
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    16
 
diff -pur old/servconf.c new/servconf.c
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    17
 
--- old/servconf.c
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    18
 
+++ new/servconf.c
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    19
 
@@ -323,7 +323,7 @@ fill_default_server_options(ServerOption
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    20
 
 	if (options->gss_cleanup_creds == -1)
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    21
 
 		options->gss_cleanup_creds = 1;
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    22
 
 	if (options->gss_strict_acceptor == -1)
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    23
 
-		options->gss_strict_acceptor = 0;
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    24
 
+		options->gss_strict_acceptor = 1;
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    25
 
 	if (options->password_authentication == -1)
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    26
 
 		options->password_authentication = 1;
9732971b7855 23227315 sshd offers GSS-API key exchange despite having no keytab
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    27
 
 	if (options->kbd_interactive_authentication == -1)
upstream/oracle/userland-gate