upstream/oracle/userland-gate: comparison components/openssh/patches/010-gss_store

equal deleted inserted replaced

-:a93a51a16131
+:a2310ec32635
 # To store the credentials a standardized GSS-API function gss_store_cred() is
 # used instead of gss_krb5_copy_ccache(), because (unlike MIT Kerberos
 # libgssapi_krb5) Solaris Kerberos libgss does not have Kerberos mechanism
 # directly built in the library and this function is not directly accessible.
 #
 # The patch is implemented as Solaris-specific using USE_GSS_STORE_CRED
 # and GSSAPI_STORECREDS_NEEDS_RUID macros.
 #
-diff -ur old/config.h.in new/config.h.in
+--- orig/config.h.in	Fri Mar 21 11:42:17 2014
---- old/config.h.in	2012-04-19 22:03:32.000000000 -0700
++++ new/config.h.in	Fri Mar 21 11:46:26 2014
-+++ new/config.h.in	2014-03-12 06:47:38.667166593 -0700
+@@ -1616,6 +1616,12 @@
-@@ -1465,6 +1465,12 @@
 /* Use btmp to log bad logins */
 #undef USE_BTMP
 +/* Store delegated credentials in default cred. store using gss_store_cred */
 +#undef USE_GSS_STORE_CRED
 +#undef GSSAPI_STORECREDS_NEEDS_RUID
 +
 /* Use libedit for sftp */
 #undef USE_LIBEDIT
-diff -ur old/configure new/configure
+--- orig/configure	Fri Mar 21 11:42:24 2014
---- old/configure	2014-03-12 04:01:33.320409426 -0700
++++ new/configure	Fri Mar 21 11:49:51 2014
-+++ new/configure	2014-03-12 06:47:48.510155481 -0700
+@@ -7797,6 +7797,9 @@
-@@ -7201,6 +7201,9 @@
 fi
-+	$as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h
++        $as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h
-+	$as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h
++        $as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h
 +
+	TEST_SHELL=$SHELL	# let configure find us a capable shell
+	;;
+*-*-sunos4*)
+--- orig/configure.ac	Fri Mar 21 11:42:28 2014
++++ new/configure.ac	Fri Mar 21 16:32:28 2014
+@@ -866,6 +866,8 @@
+		],
+	)
+	TEST_SHELL=$SHELL	# let configure find us a capable shell
++        AC_DEFINE([USE_GSS_STORE_CRED])
++        AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID])
 	;;
 *-*-sunos4*)
 	CPPFLAGS="$CPPFLAGS -DSUNOS4"
-diff -ur old/configure.ac new/configure.ac
+--- orig/gss-serv-krb5.c	Fri Mar 21 11:42:46 2014
---- old/configure.ac	2014-03-12 04:01:33.310743659 -0700
++++ new/gss-serv-krb5.c	Fri Mar 21 11:54:48 2014
-+++ new/configure.ac	2014-03-12 06:47:59.218730468 -0700
+@@ -109,7 +109,7 @@
-@@ -802,6 +802,8 @@
+	return retval;
-			SP_MSG="yes" ], )
-		],
-	)
-+	AC_DEFINE([USE_GSS_STORE_CRED])
-+	AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID])
-	;;
-*-*-sunos4*)
-	CPPFLAGS="$CPPFLAGS -DSUNOS4"
-diff -ur old/gss-serv-krb5.c new/gss-serv-krb5.c
---- old/gss-serv-krb5.c	2006-08-31 22:38:36.000000000 -0700
-+++ new/gss-serv-krb5.c	2014-03-17 06:25:36.218227736 -0700
-@@ -109,6 +109,7 @@
 }
+-
 +#ifndef USE_GSS_STORE_CRED
 /* This writes out any forwarded credentials from the structure populated
 * during userauth. Called after we have setuid to the user */
-@@ -183,6 +184,7 @@
+@@ -195,6 +195,7 @@
 	return;
 }
-+#endif	/* #ifndef USE_GSS_STORE_CRED */
++#endif /* #ifndef USE_GSS_STORE_CRED */
 ssh_gssapi_mech gssapi_kerberos_mech = {
 	"toWM5Slw5Ew8Mqkay+al2g==",
-@@ -191,7 +193,11 @@
+@@ -203,7 +204,11 @@
 	NULL,
 	&ssh_gssapi_krb5_userok,
 	NULL,
 +#ifdef USE_GSS_STORE_CRED
 +	NULL
 	&ssh_gssapi_krb5_storecreds
 +#endif
 };
 #endif /* KRB5 */
-diff -ur old/gss-serv.c new/gss-serv.c
+--- orig/gss-serv.c	Fri Mar 21 11:42:53 2014
---- old/gss-serv.c	2011-08-05 13:16:46.000000000 -0700
++++ new/gss-serv.c	Fri Mar 21 15:59:43 2014
-+++ new/gss-serv.c	2014-03-12 05:55:42.368676287 -0700
+@@ -292,6 +292,9 @@
-@@ -292,22 +292,66 @@
 void
 ssh_gssapi_cleanup_creds(void)
 {
 +#ifdef USE_GSS_STORE_CRED
 +	debug("removing gssapi cred file not implemented");
 +#else
 	if (gssapi_client.store.filename != NULL) {
 		/* Unlink probably isn't sufficient */
 		debug("removing gssapi cred file\"%s\"",
+@@ -298,6 +301,7 @@
 		    gssapi_client.store.filename);
 		unlink(gssapi_client.store.filename);
 	}
 +#endif /* USE_GSS_STORE_CRED */
 }
 /* As user */
+@@ -304,10 +308,50 @@
 void
 ssh_gssapi_storecreds(void)
 {
 +#ifdef USE_GSS_STORE_CRED
 +	OM_uint32 maj_status, min_status;
 		debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism");
 +#endif	/* #ifdef USE_GSS_STORE_CRED */
 }
 /* This allows GSSAPI methods to do things to the childs environment based
-diff -ur old/servconf.c new/servconf.c
+--- orig/servconf.c	Fri Mar 21 11:43:02 2014
---- old/servconf.c	2014-03-12 04:01:33.343205265 -0700
++++ new/servconf.c	Fri Mar 21 16:02:54 2014
-+++ new/servconf.c	2014-03-12 04:01:33.400368192 -0700
+@@ -409,7 +409,11 @@
-@@ -386,7 +386,11 @@
 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
 #ifdef GSSAPI
 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
 +#ifdef USE_GSS_STORE_CRED
 +	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-+#else	/* USE_GSS_STORE_CRED*/
++#else /* USE_GSS_STORE_CRED */
 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-+#endif	/* USE_GSS_STORE_CRED*/
++#endif /* USE_GSS_STORE_CRED */
 #else
 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-diff -ur old/sshd.c new/sshd.c
+--- orig/sshd.c	Fri Mar 21 11:43:08 2014
---- old/sshd.c	2014-03-12 04:01:33.321603394 -0700
++++ new/sshd.c	Mon Mar 24 15:05:30 2014
-+++ new/sshd.c	2014-03-12 06:48:16.296909610 -0700
+@@ -2126,9 +2126,23 @@
-@@ -2041,9 +2041,23 @@
 #ifdef GSSAPI
 	if (options.gss_authentication) {
 +#ifdef GSSAPI_STORECREDS_NEEDS_RUID
 +		if (setreuid(authctxt->pw->pw_uid, -1) != 0) {

changeset 1796	a2310ec32635
parent 1786	d2b02f72138c
child 5025	bdd7dc7d2af4