Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/005-openssh_krb5_build_fix.patch
author Huie-Ying Lee <huieying.lee@oracle.com>
Thu, 27 Mar 2014 19:40:44 -0700
changeset 1796 a2310ec32635
parent 1783 d716b9b5961b
permissions -rw-r--r--
PSARC 2014/078 OpenSSH 6.5 18205826 upgrade OpenSSH to 6.5p1 18268681 openssh has non-existent /usr/local/lib in its runpath 18435439 problem in UTILITY/OPENSSH
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     1
 
#
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     2
 
# This is to work around an unresloved symbol problem with the Kerberos
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     3
 
# build option. Unlike MIT Kerberos, the gss_krb5_copy_ccache() function
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     4
 
# is not supported on Solaris, because it violates API abstraction. This
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
     5
 
# workaround disables delegated credentials storing on server side.
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     6
 
#
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     7
 
# The long term goal is to replace Solaris Kerberos libraries with MIT Kerberos
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
     8
 
# delivered from Userland gate (The Solaris MIT Kerberos Drop in Project).
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     9
 
# After that, function gss_krb5_copy_ccache() will be available in Solaris and
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    10
 
# the delegating credentials functionality will be made available using the
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    11
 
# upstream code.
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    12
 
#
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    13
 
--- orig/auth2-gss.c	Fri Mar 21 10:41:03 2014
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    14
 
+++ new/auth2-gss.c	Fri Mar 21 11:13:57 2014
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    15
 
@@ -47,6 +47,10 @@
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    16
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    17
 
 extern ServerOptions options;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    18
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    19
 
+#ifdef KRB5_BUILD_FIX
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    20
 
+        extern gss_OID_set g_supported;
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    21
 
+#endif
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    22
 
+
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    23
 
 static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    24
 
 static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    25
 
 static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    26
 
@@ -77,7 +81,13 @@
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    27
 
 		return (0);
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    28
 
 	}
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    29
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    30
 
+#ifdef KRB5_BUILD_FIX
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    31
 
+	/* use value obtained in privileged parent */
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    32
 
+	supported = g_supported;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    33
 
+#else
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    34
 
 	ssh_gssapi_supported_oids(&supported);
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    35
 
+#endif
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    36
 
+
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    37
 
 	do {
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    38
 
 		mechs--;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    39
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    40
 
--- orig/configure	Fri Mar 21 10:41:03 2014
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    41
 
+++ new/configure	Fri Mar 21 11:02:11 2014
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    42
 
@@ -16634,6 +16634,12 @@
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    43
 
 				{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    44
 
 $as_echo "no" >&6; }
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    45
 
 			fi
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    46
 
+
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    47
 
+			# Oracle Solaris
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    48
 
+			# OpenSSH is mixed-up gssapi AND krb5 aplication
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    49
 
+			K5CFLAGS="$K5CFLAGS `$KRB5CONF --cflags krb5`"
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    50
 
+			K5LIBS="$K5LIBS `$KRB5CONF --libs krb5`"
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    51
 
+
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    52
 
 			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    53
 
 $as_echo_n "checking whether we are using Heimdal... " >&6; }
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    54
 
 			cat confdefs.h - <<_ACEOF >conftest.$ac_ext
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    55
 
--- orig/sshd.c	Fri Mar 21 10:41:03 2014
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    56
 
+++ new/sshd.c	Fri Mar 21 11:09:30 2014
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    57
 
@@ -259,6 +259,11 @@
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    58
 
 /* Unprivileged user */
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    59
 
 struct passwd *privsep_pw = NULL;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    60
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    61
 
+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    62
 
+/* Temporary storing supported GSS mechs */
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    63
 
+gss_OID_set g_supported;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    64
 
+#endif
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    65
 
+
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    66
 
 /* Prototypes for various functions defined later in this file. */
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    67
 
 void destroy_sensitive_data(void);
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    68
 
 void demote_sensitive_data(void);
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    69
 
@@ -1407,6 +1412,10 @@
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    70
 
 	av = saved_argv;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    71
 
 #endif
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    72
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    73
 
+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    74
 
+	OM_uint32 ms;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    75
 
+#endif
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    76
 
+
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    77
 
 	if (geteuid() == 0 && setgroups(0, NULL) == -1)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    78
 
 		debug("setgroups(): %.200s", strerror(errno));
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    79
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    80
 
@@ -2083,6 +2092,11 @@
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    81
 
 	buffer_init(&loginmsg);
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    82
 
 	auth_debug_reset();
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    83
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    84
 
+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    85
 
+	/* collect gss mechs for later use in privsep child */
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    86
 
+	ssh_gssapi_supported_oids(&g_supported);
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    87
 
+#endif
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    88
 
+
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    89
 
 	if (use_privsep) {
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    90
 
 		if (privsep_preauth(authctxt) == 1)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    91
 
 			goto authenticated;
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    92
 
@@ -2120,6 +2134,10 @@
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    93
 
 		startup_pipe = -1;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    94
 
 	}
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    95
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    96
 
+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    97
 
+	gss_release_oid_set(&ms, &g_supported);
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    98
 
+#endif
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
    99
 
+
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   100
 
 #ifdef SSH_AUDIT_EVENTS
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   101
 
 	audit_event(SSH_AUTH_SUCCESS);
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents: 1783
diff changeset 
   102
 
 #endif
upstream/oracle/userland-gate