# HG changeset patch # User Tomas Kuthan # Date 1446111610 25200 # Node ID c71f34180df2a0d90bbba4c5a79605e6ead8fcb0 # Parent 12114fad0da4a5fbc2ba412f3cb0acf2e19441f3 PSARC/2015/427 Old SunSSH Gss* Option Names in OpenSSH 21919790 add GSSKeyEx as an alias to GSSAPIKeyExchange in OpenSSH diff -r 12114fad0da4 -r c71f34180df2 components/openssh/patches/008-deprecate_sunssh_opt.patch --- a/components/openssh/patches/008-deprecate_sunssh_opt.patch Thu Oct 29 02:40:10 2015 -0700 +++ b/components/openssh/patches/008-deprecate_sunssh_opt.patch Thu Oct 29 02:40:10 2015 -0700 @@ -6,10 +6,26 @@ # changed from deprecated to supported. Since this is for Solaris only, we will # not contribute back this change to the upstream community. # ---- old/readconf.c 2014-01-17 05:03:57.000000000 -0800 -+++ new/readconf.c 2014-11-22 04:15:00.066981692 -0800 -@@ -268,6 +268,24 @@ static struct { - { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, +diff -pur old/readconf.c new/readconf.c +--- old/readconf.c ++++ new/readconf.c +@@ -192,10 +192,14 @@ static struct { + { "afstokenpassing", oUnsupported }, + #if defined(GSSAPI) + { "gssapiauthentication", oGssAuthentication }, ++ { "gssauthentication", oGssAuthentication }, /* alias */ + { "gssapidelegatecredentials", oGssDelegateCreds }, ++ { "gssdelegatecreds", oGssDelegateCreds }, /* alias */ + #else + { "gssapiauthentication", oUnsupported }, ++ { "gssauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, ++ { "gssdelegatecreds", oUnsupported }, + #endif + { "fallbacktorsh", oDeprecated }, + { "usersh", oDeprecated }, +@@ -279,6 +283,24 @@ static struct { + { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, { "ignoreunknown", oIgnoreUnknown }, +#ifdef DEPRECATE_SUNSSH_OPT diff -r 12114fad0da4 -r c71f34180df2 components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch --- a/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch Thu Oct 29 02:40:10 2015 -0700 +++ b/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch Thu Oct 29 02:40:10 2015 -0700 @@ -13,9 +13,26 @@ # This is a Solaris specific change to ease the transition and will not be # offered upstream. # ---- orig/servconf.c Tue Jul 21 16:34:07 2015 -+++ new/servconf.c Tue Jul 21 17:00:39 2015 -@@ -567,6 +567,29 @@ +diff -pur old/servconf.c new/servconf.c +--- old/servconf.c ++++ new/servconf.c +@@ -518,6 +518,7 @@ static struct { + { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, + #ifdef GSSAPI + { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, ++ { "gssauthentication", sGssAuthentication, SSHCFG_ALL }, /* alias */ + #ifdef USE_GSS_STORE_CRED + { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, + #else /* USE_GSS_STORE_CRED */ +@@ -526,6 +527,7 @@ static struct { + { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, + #else + { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, ++ { "gssauthentication", sUnsupported, SSHCFG_ALL }, /* alias */ + { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, + { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, + #endif +@@ -592,6 +594,30 @@ static struct { { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL }, { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL }, #endif @@ -41,6 +58,7 @@ + { "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL }, + { "usefips140", sDeprecated, SSHCFG_ALL}, + { "gssapistoredelegatedcredentials", sDeprecated, SSHCFG_ALL }, ++ { "gssstoredelegcreds", sDeprecated, SSHCFG_ALL }, +#endif { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, diff -r 12114fad0da4 -r c71f34180df2 components/openssh/patches/023-gsskex.patch --- a/components/openssh/patches/023-gsskex.patch Thu Oct 29 02:40:10 2015 -0700 +++ b/components/openssh/patches/023-gsskex.patch Thu Oct 29 02:40:10 2015 -0700 @@ -731,19 +731,23 @@ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, -@@ -196,9 +197,11 @@ static struct { - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, +@@ -198,11 +199,15 @@ static struct { + { "gssauthentication", oGssAuthentication }, /* alias */ { "gssapidelegatecredentials", oGssDelegateCreds }, + { "gssdelegatecreds", oGssDelegateCreds }, /* alias */ + { "gssapikeyexchange", oGssKeyEx }, ++ { "gsskeyex", oGssKeyEx }, /* alias */ #else { "gssapiauthentication", oUnsupported }, + { "gssauthentication", oUnsupported }, { "gssapidelegatecredentials", oUnsupported }, + { "gssdelegatecreds", oUnsupported }, + { "gssapikeyexchange", oUnsupported }, ++ { "gsskeyex", oUnsupported }, #endif { "fallbacktorsh", oDeprecated }, { "usersh", oDeprecated }, -@@ -929,6 +932,10 @@ parse_time: +@@ -933,6 +938,10 @@ parse_time: intptr = &options->gss_authentication; goto parse_flag; @@ -754,7 +758,7 @@ case oGssDelegateCreds: intptr = &options->gss_deleg_creds; goto parse_flag; -@@ -1643,6 +1650,7 @@ initialize_options(Options * options) +@@ -1647,6 +1656,7 @@ initialize_options(Options * options) options->pubkey_authentication = -1; options->challenge_response_authentication = -1; options->gss_authentication = -1; @@ -762,7 +766,7 @@ options->gss_deleg_creds = -1; options->password_authentication = -1; options->kbd_interactive_authentication = -1; -@@ -1782,6 +1790,12 @@ fill_default_options(Options * options) +@@ -1786,6 +1796,12 @@ fill_default_options(Options * options) #else options->gss_authentication = 0; #endif @@ -818,23 +822,25 @@ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, -@@ -518,6 +526,7 @@ static struct { - { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, +@@ -519,6 +527,8 @@ static struct { #ifdef GSSAPI { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, + { "gssauthentication", sGssAuthentication, SSHCFG_ALL }, /* alias */ + { "gssapikeyexchange", sGssKeyEx, SSHCFG_ALL }, ++ { "gsskeyex", sGssKeyEx, SSHCFG_ALL }, /* alias */ #ifdef USE_GSS_STORE_CRED { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, #else /* USE_GSS_STORE_CRED */ -@@ -526,6 +535,7 @@ static struct { - { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, +@@ -528,6 +538,8 @@ static struct { #else { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, -+ { "gssapikeyexchange", sUnsupported, SSHCFG_ALL }, + { "gssauthentication", sUnsupported, SSHCFG_ALL }, /* alias */ ++ { "gssapikeyexchange", sUnsupported,, SSHCFG_ALL }, ++ { "gsskeyex", sUnsupported,, SSHCFG_ALL }, { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, #endif -@@ -1309,6 +1319,10 @@ process_server_config_line(ServerOptions +@@ -1311,6 +1323,10 @@ process_server_config_line(ServerOptions intptr = &options->gss_authentication; goto parse_flag; @@ -845,7 +851,7 @@ case sGssCleanupCreds: intptr = &options->gss_cleanup_creds; goto parse_flag; -@@ -2355,6 +2369,7 @@ dump_config(ServerOptions *o) +@@ -2357,6 +2373,7 @@ dump_config(ServerOptions *o) #endif #ifdef GSSAPI dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);