PSARC/2015/427 Old SunSSH Gss* Option Names in OpenSSH
21919790 add GSSKeyEx as an alias to GSSAPIKeyExchange in OpenSSH
--- a/components/openssh/patches/008-deprecate_sunssh_opt.patch Thu Oct 29 02:40:10 2015 -0700
+++ b/components/openssh/patches/008-deprecate_sunssh_opt.patch Thu Oct 29 02:40:10 2015 -0700
@@ -6,10 +6,26 @@
# changed from deprecated to supported. Since this is for Solaris only, we will
# not contribute back this change to the upstream community.
#
---- old/readconf.c 2014-01-17 05:03:57.000000000 -0800
-+++ new/readconf.c 2014-11-22 04:15:00.066981692 -0800
-@@ -268,6 +268,24 @@ static struct {
- { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c
++++ new/readconf.c
+@@ -192,10 +192,14 @@ static struct {
+ { "afstokenpassing", oUnsupported },
+ #if defined(GSSAPI)
+ { "gssapiauthentication", oGssAuthentication },
++ { "gssauthentication", oGssAuthentication }, /* alias */
+ { "gssapidelegatecredentials", oGssDelegateCreds },
++ { "gssdelegatecreds", oGssDelegateCreds }, /* alias */
+ #else
+ { "gssapiauthentication", oUnsupported },
++ { "gssauthentication", oUnsupported },
+ { "gssapidelegatecredentials", oUnsupported },
++ { "gssdelegatecreds", oUnsupported },
+ #endif
+ { "fallbacktorsh", oDeprecated },
+ { "usersh", oDeprecated },
+@@ -279,6 +283,24 @@ static struct {
+ { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
{ "ignoreunknown", oIgnoreUnknown },
+#ifdef DEPRECATE_SUNSSH_OPT
--- a/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch Thu Oct 29 02:40:10 2015 -0700
+++ b/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch Thu Oct 29 02:40:10 2015 -0700
@@ -13,9 +13,26 @@
# This is a Solaris specific change to ease the transition and will not be
# offered upstream.
#
---- orig/servconf.c Tue Jul 21 16:34:07 2015
-+++ new/servconf.c Tue Jul 21 17:00:39 2015
-@@ -567,6 +567,29 @@
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
+@@ -518,6 +518,7 @@ static struct {
+ { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
+ #ifdef GSSAPI
+ { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
++ { "gssauthentication", sGssAuthentication, SSHCFG_ALL }, /* alias */
+ #ifdef USE_GSS_STORE_CRED
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ #else /* USE_GSS_STORE_CRED */
+@@ -526,6 +527,7 @@ static struct {
+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+ #else
+ { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
++ { "gssauthentication", sUnsupported, SSHCFG_ALL }, /* alias */
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+ #endif
+@@ -592,6 +594,30 @@ static struct {
{ "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
{ "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
#endif
@@ -41,6 +58,7 @@
+ { "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL },
+ { "usefips140", sDeprecated, SSHCFG_ALL},
+ { "gssapistoredelegatedcredentials", sDeprecated, SSHCFG_ALL },
++ { "gssstoredelegcreds", sDeprecated, SSHCFG_ALL },
+#endif
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
--- a/components/openssh/patches/023-gsskex.patch Thu Oct 29 02:40:10 2015 -0700
+++ b/components/openssh/patches/023-gsskex.patch Thu Oct 29 02:40:10 2015 -0700
@@ -731,19 +731,23 @@
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
-@@ -196,9 +197,11 @@ static struct {
- #if defined(GSSAPI)
- { "gssapiauthentication", oGssAuthentication },
+@@ -198,11 +199,15 @@ static struct {
+ { "gssauthentication", oGssAuthentication }, /* alias */
{ "gssapidelegatecredentials", oGssDelegateCreds },
+ { "gssdelegatecreds", oGssDelegateCreds }, /* alias */
+ { "gssapikeyexchange", oGssKeyEx },
++ { "gsskeyex", oGssKeyEx }, /* alias */
#else
{ "gssapiauthentication", oUnsupported },
+ { "gssauthentication", oUnsupported },
{ "gssapidelegatecredentials", oUnsupported },
+ { "gssdelegatecreds", oUnsupported },
+ { "gssapikeyexchange", oUnsupported },
++ { "gsskeyex", oUnsupported },
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
-@@ -929,6 +932,10 @@ parse_time:
+@@ -933,6 +938,10 @@ parse_time:
intptr = &options->gss_authentication;
goto parse_flag;
@@ -754,7 +758,7 @@
case oGssDelegateCreds:
intptr = &options->gss_deleg_creds;
goto parse_flag;
-@@ -1643,6 +1650,7 @@ initialize_options(Options * options)
+@@ -1647,6 +1656,7 @@ initialize_options(Options * options)
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
@@ -762,7 +766,7 @@
options->gss_deleg_creds = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
-@@ -1782,6 +1790,12 @@ fill_default_options(Options * options)
+@@ -1786,6 +1796,12 @@ fill_default_options(Options * options)
#else
options->gss_authentication = 0;
#endif
@@ -818,23 +822,25 @@
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
-@@ -518,6 +526,7 @@ static struct {
- { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
+@@ -519,6 +527,8 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+ { "gssauthentication", sGssAuthentication, SSHCFG_ALL }, /* alias */
+ { "gssapikeyexchange", sGssKeyEx, SSHCFG_ALL },
++ { "gsskeyex", sGssKeyEx, SSHCFG_ALL }, /* alias */
#ifdef USE_GSS_STORE_CRED
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
#else /* USE_GSS_STORE_CRED */
-@@ -526,6 +535,7 @@ static struct {
- { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+@@ -528,6 +538,8 @@ static struct {
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
-+ { "gssapikeyexchange", sUnsupported, SSHCFG_ALL },
+ { "gssauthentication", sUnsupported, SSHCFG_ALL }, /* alias */
++ { "gssapikeyexchange", sUnsupported,, SSHCFG_ALL },
++ { "gsskeyex", sUnsupported,, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
#endif
-@@ -1309,6 +1319,10 @@ process_server_config_line(ServerOptions
+@@ -1311,6 +1323,10 @@ process_server_config_line(ServerOptions
intptr = &options->gss_authentication;
goto parse_flag;
@@ -845,7 +851,7 @@
case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds;
goto parse_flag;
-@@ -2355,6 +2369,7 @@ dump_config(ServerOptions *o)
+@@ -2357,6 +2373,7 @@ dump_config(ServerOptions *o)
#endif
#ifdef GSSAPI
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);