Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/005-openssh_krb5_build_fix.patch
changeset 4503 bf30d46ab06e
parent 4498 ce7fc2376fb0
child 4505 66ff214a993c 
--- a/components/openssh/patches/005-openssh_krb5_build_fix.patch	Wed Jun 17 14:55:22 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,102 +0,0 @@
-#
-# This is to work around an unresloved symbol problem with the Kerberos
-# build option. Unlike MIT Kerberos, the gss_krb5_copy_ccache() function
-# is not supported on Solaris, because it violates API abstraction. This
-# workaround disables delegated credentials storing on server side.
-#
-# The long term goal is to replace Solaris Kerberos libraries with MIT Kerberos
-# delivered from Userland gate (The Solaris MIT Kerberos Drop in Project).
-# After that, function gss_krb5_copy_ccache() will be available in Solaris and
-# the delegating credentials functionality will be made available using the
-# upstream code.
-#
---- orig/auth2-gss.c	Fri Mar 21 10:41:03 2014
-+++ new/auth2-gss.c	Fri Mar 21 11:13:57 2014
-@@ -47,6 +47,10 @@
- 
- extern ServerOptions options;
- 
-+#ifdef KRB5_BUILD_FIX
-+        extern gss_OID_set g_supported;
-+#endif
-+
- static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
- static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
- static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
-@@ -77,7 +81,13 @@
- 		return (0);
- 	}
- 
-+#ifdef KRB5_BUILD_FIX
-+	/* use value obtained in privileged parent */
-+	supported = g_supported;
-+#else
- 	ssh_gssapi_supported_oids(&supported);
-+#endif
-+
- 	do {
- 		mechs--;
- 
---- orig/configure	Fri Mar 21 10:41:03 2014
-+++ new/configure	Fri Mar 21 11:02:11 2014
-@@ -16634,6 +16634,12 @@
- 				{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
- $as_echo "no" >&6; }
- 			fi
-+
-+			# Oracle Solaris
-+			# OpenSSH is mixed-up gssapi AND krb5 aplication
-+			K5CFLAGS="$K5CFLAGS `$KRB5CONF --cflags krb5`"
-+			K5LIBS="$K5LIBS `$KRB5CONF --libs krb5`"
-+
- 			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
- $as_echo_n "checking whether we are using Heimdal... " >&6; }
- 			cat confdefs.h - <<_ACEOF >conftest.$ac_ext
---- orig/sshd.c	Fri Mar 21 10:41:03 2014
-+++ new/sshd.c	Fri Mar 21 11:09:30 2014
-@@ -259,6 +259,11 @@
- /* Unprivileged user */
- struct passwd *privsep_pw = NULL;
- 
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+/* Temporary storing supported GSS mechs */
-+gss_OID_set g_supported;
-+#endif
-+
- /* Prototypes for various functions defined later in this file. */
- void destroy_sensitive_data(void);
- void demote_sensitive_data(void);
-@@ -1407,6 +1412,10 @@
- 	av = saved_argv;
- #endif
- 
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+	OM_uint32 ms;
-+#endif
-+
- 	if (geteuid() == 0 && setgroups(0, NULL) == -1)
- 		debug("setgroups(): %.200s", strerror(errno));
- 
-@@ -2083,6 +2092,11 @@
- 	buffer_init(&loginmsg);
- 	auth_debug_reset();
- 
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+	/* collect gss mechs for later use in privsep child */
-+	ssh_gssapi_supported_oids(&g_supported);
-+#endif
-+
- 	if (use_privsep) {
- 		if (privsep_preauth(authctxt) == 1)
- 			goto authenticated;
-@@ -2120,6 +2134,10 @@
- 		startup_pipe = -1;
- 	}
- 
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+	gss_release_oid_set(&ms, &g_supported);
-+#endif 
-+
- #ifdef SSH_AUDIT_EVENTS
- 	audit_event(SSH_AUTH_SUCCESS);
- #endif
upstream/oracle/userland-gate