PSARC/2015/427 Old SunSSH Gss* Option Names in OpenSSH
authorTomas Kuthan <tomas.kuthan@oracle.com>
Thu, 29 Oct 2015 02:40:10 -0700
changeset 5027 c71f34180df2
parent 5026 12114fad0da4
child 5028 db8ff415ba49
PSARC/2015/427 Old SunSSH Gss* Option Names in OpenSSH 21919790 add GSSKeyEx as an alias to GSSAPIKeyExchange in OpenSSH
components/openssh/patches/008-deprecate_sunssh_opt.patch
components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch
components/openssh/patches/023-gsskex.patch
--- a/components/openssh/patches/008-deprecate_sunssh_opt.patch	Thu Oct 29 02:40:10 2015 -0700
+++ b/components/openssh/patches/008-deprecate_sunssh_opt.patch	Thu Oct 29 02:40:10 2015 -0700
@@ -6,10 +6,26 @@
 # changed from deprecated to supported. Since this is for Solaris only, we will
 # not contribute back this change to the upstream community.
 #
---- old/readconf.c	2014-01-17 05:03:57.000000000 -0800
-+++ new/readconf.c	2014-11-22 04:15:00.066981692 -0800
[email protected]@ -268,6 +268,24 @@ static struct {
- 	{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c
++++ new/readconf.c
[email protected]@ -192,10 +192,14 @@ static struct {
+ 	{ "afstokenpassing", oUnsupported },
+ #if defined(GSSAPI)
+ 	{ "gssapiauthentication", oGssAuthentication },
++	{ "gssauthentication", oGssAuthentication },                /* alias */
+ 	{ "gssapidelegatecredentials", oGssDelegateCreds },
++	{ "gssdelegatecreds", oGssDelegateCreds },                  /* alias */
+ #else
+ 	{ "gssapiauthentication", oUnsupported },
++	{ "gssauthentication", oUnsupported },
+ 	{ "gssapidelegatecredentials", oUnsupported },
++	{ "gssdelegatecreds", oUnsupported },
+ #endif
+ 	{ "fallbacktorsh", oDeprecated },
+ 	{ "usersh", oDeprecated },
[email protected]@ -279,6 +283,24 @@ static struct {
+ 	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
  	{ "ignoreunknown", oIgnoreUnknown },
  
 +#ifdef DEPRECATE_SUNSSH_OPT
--- a/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch	Thu Oct 29 02:40:10 2015 -0700
+++ b/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch	Thu Oct 29 02:40:10 2015 -0700
@@ -13,9 +13,26 @@
 # This is a Solaris specific change to ease the transition and will not be
 # offered upstream.
 #
---- orig/servconf.c	Tue Jul 21 16:34:07 2015
-+++ new/servconf.c	Tue Jul 21 17:00:39 2015
[email protected]@ -567,6 +567,29 @@
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
[email protected]@ -518,6 +518,7 @@ static struct {
+ 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
+ #ifdef GSSAPI
+ 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
++	{ "gssauthentication", sGssAuthentication, SSHCFG_ALL },   /* alias */
+ #ifdef USE_GSS_STORE_CRED
+ 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ #else /* USE_GSS_STORE_CRED */
[email protected]@ -526,6 +527,7 @@ static struct {
+ 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+ #else
+ 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
++	{ "gssauthentication", sUnsupported, SSHCFG_ALL },          /* alias */
+ 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ 	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+ #endif
[email protected]@ -592,6 +594,30 @@ static struct {
  	{ "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
  	{ "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
  #endif
@@ -41,6 +58,7 @@
 +	{ "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL },
 +	{ "usefips140", sDeprecated, SSHCFG_ALL},
 +	{ "gssapistoredelegatedcredentials", sDeprecated, SSHCFG_ALL },
++	{ "gssstoredelegcreds", sDeprecated, SSHCFG_ALL },
 +#endif
  	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
  	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
--- a/components/openssh/patches/023-gsskex.patch	Thu Oct 29 02:40:10 2015 -0700
+++ b/components/openssh/patches/023-gsskex.patch	Thu Oct 29 02:40:10 2015 -0700
@@ -731,19 +731,23 @@
  	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
  	oSendEnv, oControlPath, oControlMaster, oControlPersist,
  	oHashKnownHosts,
[email protected]@ -196,9 +197,11 @@ static struct {
- #if defined(GSSAPI)
- 	{ "gssapiauthentication", oGssAuthentication },
[email protected]@ -198,11 +199,15 @@ static struct {
+ 	{ "gssauthentication", oGssAuthentication },                /* alias */
  	{ "gssapidelegatecredentials", oGssDelegateCreds },
+ 	{ "gssdelegatecreds", oGssDelegateCreds },                  /* alias */
 +	{ "gssapikeyexchange", oGssKeyEx },
++	{ "gsskeyex", oGssKeyEx },                                  /* alias */
  #else
  	{ "gssapiauthentication", oUnsupported },
+ 	{ "gssauthentication", oUnsupported },
  	{ "gssapidelegatecredentials", oUnsupported },
+ 	{ "gssdelegatecreds", oUnsupported },
 +	{ "gssapikeyexchange", oUnsupported },
++	{ "gsskeyex", oUnsupported },
  #endif
  	{ "fallbacktorsh", oDeprecated },
  	{ "usersh", oDeprecated },
[email protected]@ -929,6 +932,10 @@ parse_time:
[email protected]@ -933,6 +938,10 @@ parse_time:
  		intptr = &options->gss_authentication;
  		goto parse_flag;
  
@@ -754,7 +758,7 @@
  	case oGssDelegateCreds:
  		intptr = &options->gss_deleg_creds;
  		goto parse_flag;
[email protected]@ -1643,6 +1650,7 @@ initialize_options(Options * options)
[email protected]@ -1647,6 +1656,7 @@ initialize_options(Options * options)
  	options->pubkey_authentication = -1;
  	options->challenge_response_authentication = -1;
  	options->gss_authentication = -1;
@@ -762,7 +766,7 @@
  	options->gss_deleg_creds = -1;
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
[email protected]@ -1782,6 +1790,12 @@ fill_default_options(Options * options)
[email protected]@ -1786,6 +1796,12 @@ fill_default_options(Options * options)
  #else
  		options->gss_authentication = 0;
  #endif
@@ -818,23 +822,25 @@
  	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
  	sAcceptEnv, sPermitTunnel,
  	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
[email protected]@ -518,6 +526,7 @@ static struct {
- 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
[email protected]@ -519,6 +527,8 @@ static struct {
  #ifdef GSSAPI
  	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+ 	{ "gssauthentication", sGssAuthentication, SSHCFG_ALL },   /* alias */
 +	{ "gssapikeyexchange", sGssKeyEx, SSHCFG_ALL },
++	{ "gsskeyex", sGssKeyEx, SSHCFG_ALL },                     /* alias */
  #ifdef USE_GSS_STORE_CRED
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
  #else /* USE_GSS_STORE_CRED */
[email protected]@ -526,6 +535,7 @@ static struct {
- 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
[email protected]@ -528,6 +538,8 @@ static struct {
  #else
  	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
-+	{ "gssapikeyexchange", sUnsupported, SSHCFG_ALL },
+ 	{ "gssauthentication", sUnsupported, SSHCFG_ALL },          /* alias */
++	{ "gssapikeyexchange", sUnsupported,, SSHCFG_ALL },
++	{ "gsskeyex", sUnsupported,, SSHCFG_ALL },
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
  	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
  #endif
[email protected]@ -1309,6 +1319,10 @@ process_server_config_line(ServerOptions
[email protected]@ -1311,6 +1323,10 @@ process_server_config_line(ServerOptions
  		intptr = &options->gss_authentication;
  		goto parse_flag;
  
@@ -845,7 +851,7 @@
  	case sGssCleanupCreds:
  		intptr = &options->gss_cleanup_creds;
  		goto parse_flag;
[email protected]@ -2355,6 +2369,7 @@ dump_config(ServerOptions *o)
[email protected]@ -2357,6 +2373,7 @@ dump_config(ServerOptions *o)
  #endif
  #ifdef GSSAPI
  	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);