[packages/openssh] - updated kuserok patch
baggins
baggins at pld-linux.org
Wed Feb 5 21:23:18 CET 2014
commit 1258860925e899f721e07c6b1f6ca3747192d78f
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Wed Feb 5 21:23:08 2014 +0100
- updated kuserok patch
openssh-kuserok.patch | 18 +++++++++---------
openssh.spec | 3 +--
2 files changed, 10 insertions(+), 11 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index efd5688..fc5e449 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -543,8 +543,7 @@ openldap-a.
%patch11 -p1
# do we really need to drag this old/obsolete patch?
#%patch12 -p1
-# code changed in upstream, needs baggins verification
-#%patch13 -p1
+%patch13 -p1
%patch14 -p1
%{!?with_ldap:%patch15 -p1}
diff --git a/openssh-kuserok.patch b/openssh-kuserok.patch
index 4d5388b..c221dce 100644
--- a/openssh-kuserok.patch
+++ b/openssh-kuserok.patch
@@ -26,11 +26,11 @@ diff -up openssh-5.8p1/auth-krb5.c.kuserok openssh-5.8p1/auth-krb5.c
if (problem)
goto out;
-- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
-+ if (!ssh_krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
+- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
++ if (!ssh_krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
+ authctxt->pw->pw_name)) {
problem = -1;
goto out;
- }
diff -up openssh-5.8p1/gss-serv-krb5.c.kuserok openssh-5.8p1/gss-serv-krb5.c
--- openssh-5.8p1/gss-serv-krb5.c.kuserok 2006-09-01 07:38:36.000000000 +0200
+++ openssh-5.8p1/gss-serv-krb5.c 2011-02-14 09:15:12.000000000 +0100
@@ -43,7 +43,7 @@ diff -up openssh-5.8p1/gss-serv-krb5.c.kuserok openssh-5.8p1/gss-serv-krb5.c
/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
@@ -97,7 +98,7 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client
- krb5_get_err_text(krb_context, retval));
+ krb5_free_error_message(krb_context, errmsg);
return 0;
}
- if (krb5_kuserok(krb_context, princ, name)) {
@@ -61,10 +61,10 @@ diff -up openssh-5.8p1/servconf.c.kuserok openssh-5.8p1/servconf.c
+ options->use_kuserok = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
- options->zero_knowledge_password_authentication = -1;
+ options->authorized_keys_command = NULL;
@@ -291,6 +292,8 @@ fill_default_server_options(ServerOption
if (use_privsep == -1)
- use_privsep = 1;
+ use_privsep = PRIVSEP_NOSANDBOX;
+ if (options->use_kuserok == -1)
+ options->use_kuserok = 1;
@@ -111,8 +111,8 @@ diff -up openssh-5.8p1/servconf.c.kuserok openssh-5.8p1/servconf.c
M_CP_INTOPT(rekey_interval);
+ M_CP_INTOPT(use_kuserok);
- M_CP_STROPT(banner);
- if (preauth)
+ /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
+ #define M_CP_STROPT(n) do {\
@@ -1764,6 +1774,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
@@ -153,7 +153,7 @@ diff -up openssh-5.8p1/sshd_config.5.kuserok openssh-5.8p1/sshd_config.5
+.Cm KerberosUseKuserok ,
.Cm MaxAuthTries ,
.Cm MaxSessions ,
- .Cm PubkeyAuthentication ,
+ .Cm PasswordAuthentication ,
diff -up openssh-5.8p1/sshd_config.kuserok openssh-5.8p1/sshd_config
--- openssh-5.8p1/sshd_config.kuserok 2011-02-14 09:15:12.000000000 +0100
+++ openssh-5.8p1/sshd_config 2011-02-14 09:15:12.000000000 +0100
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/1258860925e899f721e07c6b1f6ca3747192d78f
More information about the pld-cvs-commit
mailing list