diff options
Diffstat (limited to 'net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch')
-rw-r--r-- | net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch | 127 |
1 files changed, 0 insertions, 127 deletions
diff --git a/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch b/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch deleted file mode 100644 index c81ae5cb..00000000 --- a/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,127 +0,0 @@ -http://bugs.gentoo.org/165444 -https://bugzilla.mindrot.org/show_bug.cgi?id=1008 - -Index: readconf.c -=================================================================== -RCS file: /cvs/openssh/readconf.c,v -retrieving revision 1.135 -diff -u -r1.135 readconf.c ---- readconf.c 5 Aug 2006 02:39:40 -0000 1.135 -+++ readconf.c 19 Aug 2006 11:59:52 -0000 -@@ -126,6 +126,7 @@ - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, - oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, -@@ -163,9 +164,11 @@ - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - #else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, -@@ -444,6 +447,10 @@ - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1010,6 +1017,7 @@ - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1100,6 +1108,8 @@ - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -Index: readconf.h -=================================================================== -RCS file: /cvs/openssh/readconf.h,v -retrieving revision 1.63 -diff -u -r1.63 readconf.h ---- readconf.h 5 Aug 2006 02:39:40 -0000 1.63 -+++ readconf.h 19 Aug 2006 11:59:52 -0000 -@@ -45,6 +45,7 @@ - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -Index: ssh_config.5 -=================================================================== -RCS file: /cvs/openssh/ssh_config.5,v -retrieving revision 1.97 -diff -u -r1.97 ssh_config.5 ---- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97 -+++ ssh_config.5 19 Aug 2006 11:59:53 -0000 -@@ -483,7 +483,16 @@ - Forward (delegate) credentials to the server. - The default is - .Dq no . --Note that this option applies to protocol version 2 only. -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -Index: sshconnect2.c -=================================================================== -RCS file: /cvs/openssh/sshconnect2.c,v -retrieving revision 1.151 -diff -u -r1.151 sshconnect2.c ---- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151 -+++ sshconnect2.c 19 Aug 2006 11:59:53 -0000 -@@ -499,6 +499,12 @@ - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) -+ gss_host = get_canonical_hostname(1); -+ else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -511,7 +517,7 @@ - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; |