Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch
branchs11-update
changeset 3946 b1e0e68de63b
child 4401 85f919ec3274
child 4503 bf30d46ab06e
equal deleted inserted replaced
3942:dd80f8602a0d 3946:b1e0e68de63b 
       
     1 #
 
       
     2 # Originally we planned to only deprecate client config (ssh_config) options 
       
     3 # and leave it up to system administrators to remove all SunSSH specific
 
       
     4 # server config (sshd_config) options. In internal testing we have discovered,
 
       
     5 # that this would bring too much trouble to the said administrators.
 
       
     6 # The probability of these options appearing in existing sshd_config files
 
       
     7 # is higher than initially though, because some of the options have been in
 
       
     8 # default sshd_config file for very long time. Also the consequence of
 
       
     9 # unknown server option is harsh - ssh service goes to maintenance mode
 
       
    10 # possible rendering the instance not accessible. For this reason we will
 
       
    11 # deprecate SunSSH specific sshd_config options too.
 
       
    12 #
 
       
    13 # This is a Solaris specific change to ease the transition and will not be
 
       
    14 # offered upstream.
 
       
    15 #
 
       
    16 diff -ur old/servconf.c new/servconf.c
 
       
    17 --- old/servconf.c	2014-10-29 07:27:34.549410967 -0700
 
       
    18 +++ new/servconf.c	2014-10-29 07:27:58.775996557 -0700
 
       
    19 @@ -516,6 +516,28 @@
 
       
    20          { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
 
       
    21          { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
 
       
    22  #endif
 
       
    23 +#ifdef DEPRECATE_SUNSSH_OPT
 
       
    24 +	/*
 
       
    25 +	 * On Solaris, to make the transition from SunSSH to OpenSSH as smooth
 
       
    26 +	 * as possible, we will deprecate SunSSH-only options in OpenSSH.
 
       
    27 +	 * Therefore on a system having one of the following options in
 
       
    28 +	 * /etc/ssh/sshd_config, change to OpenSSH will not result in service
 
       
    29 +	 * network/ssh going to maintenance. Instead, a warning will be printed
 
       
    30 +	 * to /var/svc/log/network-ssh:default.log. Note that
 
       
    31 +	 * this is an interim enhancement to OpenSSH to make the transition
 
       
    32 +	 * smoother.  If a deprecated SunSSH-only option is migrated to OpenSSH
 
       
    33 +	 * later, then it will be changed from deprecated to supported.
 
       
    34 +	 */
 
       
    35 +	{ "maxauthtrieslog", sDeprecated, SSHCFG_GLOBAL },
 
       
    36 +	{ "lookupclienthostnames", sDeprecated, SSHCFG_GLOBAL },
 
       
    37 +	{ "useopensslengine", sDeprecated, SSHCFG_GLOBAL },
 
       
    38 +	{ "preuserauthhook", sDeprecated, SSHCFG_ALL},
 
       
    39 +	{ "kmfpolicydatabase", sDeprecated, SSHCFG_GLOBAL },
 
       
    40 +	{ "kmfpolicyname", sDeprecated, SSHCFG_GLOBAL },
 
       
    41 +	{ "trustedanchorkeystore", sDeprecated, SSHCFG_GLOBAL },
 
       
    42 +	{ "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL },
 
       
    43 +	{ "usefips140", sDeprecated, SSHCFG_ALL},
 
       
    44 +#endif
 
       
    45  	{ NULL, sBadOption, 0 }
 
       
    46  };
 
       
    47
upstream/oracle/userland-gate