update from Simon's openssh-4.3p2-gsskex-20060223.patch

author jbasney <jbasney>

Tue, 7 Mar 2006 19:04:23 +0000 (19:04 +0000)

committer jbasney <jbasney>

Tue, 7 Mar 2006 19:04:23 +0000 (19:04 +0000)
author jbasney <jbasney>
Tue, 7 Mar 2006 19:04:23 +0000 (19:04 +0000)
committer jbasney <jbasney>
Tue, 7 Mar 2006 19:04:23 +0000 (19:04 +0000)
diff --git a/openssh/auth-krb5.c b/openssh/auth-krb5.c

index fc85b8800de3b59e9957249204f5727a3c0f6a23..bc37675a2486879b5ffdbe6e78556cca0dff092d 100644 (file)
--- a/openssh/auth-krb5.c
+++ b/openssh/auth-krb5.c
@@ -226,7 +226,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
  
         ret = snprintf(ccname, sizeof(ccname),
             cctemplate, geteuid());
-       if (ret == -1 || ret >= (int) sizeof(ccname))
+       if (ret < 0 || (size_t)ret >= sizeof(ccname))
                 return ENOMEM;
  
  #ifndef USE_CCAPI
diff --git a/openssh/configure.ac b/openssh/configure.ac

index e398114f636f118d433f8a452ad2d7992ca033d0..3db1158469917e48cf9d7b5d6409c8bcbdf339c0 100644 (file)
--- a/openssh/configure.ac
+++ b/openssh/configure.ac
@@ -222,30 +222,30 @@ case "$host" in
         AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
                 [Define if your resolver libs need this for getrrsetbyname])
-       AC_MSG_CHECKING(if we have the Security Authorization Session API)
-       AC_TRY_COMPILE([#include <Security/AuthSession.h>],
-               [SessionCreate(0, 0);],
-               [ac_cv_use_security_session_api="yes"
-                AC_DEFINE(USE_SECURITY_SESSION_API, 1,
-                       [platform has a Security Authorization Session API])
-                LIBS="$LIBS -framework Security"
-                AC_MSG_RESULT(yes)],
-               [ac_cv_use_security_session_api="no"
-                AC_MSG_RESULT(no)])
-       AC_MSG_CHECKING(if we have an in-memory credentials cache)
-       AC_TRY_COMPILE(
-               [#include <Kerberos/Kerberos.h>],
-               [cc_context_t c;
-                (void) cc_initialize (&c, 0, NULL, NULL);],
-               [AC_DEFINE(USE_CCAPI, 1,
+       AC_MSG_CHECKING(if we have the Security Authorization Session API)
+       AC_TRY_COMPILE([#include <Security/AuthSession.h>],
+               [SessionCreate(0, 0);],
+               [ac_cv_use_security_session_api="yes"
+                AC_DEFINE(USE_SECURITY_SESSION_API, 1, 
+                       [platform has the Security Authorization Session API])
+                LIBS="$LIBS -framework Security"
+                AC_MSG_RESULT(yes)],
+               [ac_cv_use_security_session_api="no"
+                AC_MSG_RESULT(no)])
+       AC_MSG_CHECKING(if we have an in-memory credentials cache)
+       AC_TRY_COMPILE(
+               [#include <Kerberos/Kerberos.h>],
+               [cc_context_t c;
+                (void) cc_initialize (&c, 0, NULL, NULL);],
+               [AC_DEFINE(USE_CCAPI, 1, 
                         [platform uses an in-memory credentials cache])
-                LIBS="$LIBS -framework Security"
-                AC_MSG_RESULT(yes)
-                if test "x$ac_cv_use_security_session_api" = "xno"; then
-                       AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
-               fi],
-               [AC_MSG_RESULT(no)]
-       )
+                LIBS="$LIBS -framework Security"
+                AC_MSG_RESULT(yes)
+                if test "x$ac_cv_use_security_session_api" = "xno"; then
+                       AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
+               fi],
+               [AC_MSG_RESULT(no)]
+       )
         ;;
  *-*-hpux*)
         # first we define all of the options common to all HP-UX releases
diff --git a/openssh/gss-serv.c b/openssh/gss-serv.c

index 79f8970e2efc2a26a6e17a726e22c0af912a13d1..5a69d6657aa66d277282eb8f87abd319f6aefcb1 100644 (file)
--- a/openssh/gss-serv.c
+++ b/openssh/gss-serv.c
@@ -72,7 +72,7 @@ ssh_gssapi_mech* supported_mechs[]= {
  static int limited = 0;
  #endif
  
-/* Unpriviledged */
+/* Unprivileged */
  char *
  ssh_gssapi_server_mechanisms() {
         gss_OID_set     supported;
@@ -82,19 +82,19 @@ ssh_gssapi_server_mechanisms() {
             NULL));
  }
  
-/* Unpriviledged */
+/* Unprivileged */
  int
  ssh_gssapi_server_check_mech(gss_OID oid, void *data) {
-        Gssctxt * ctx = NULL;
+       Gssctxt * ctx = NULL;
         int res;
-
+ 
         res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid)));
         ssh_gssapi_delete_ctx(&ctx);
  
         return (res);
  }
  
-/* Unpriviledged */
+/* Unprivileged */
  void
  ssh_gssapi_supported_oids(gss_OID_set *oidset)
  {
diff --git a/openssh/kex.c b/openssh/kex.c

index 407eec34aa5045acef6af44f00f366cbd4bf1c34..59327f038516adf67056d4e7c8e4219cedfc31f9 100644 (file)
--- a/openssh/kex.c
+++ b/openssh/kex.c
@@ -310,7 +310,7 @@ choose_kex(Kex *k, char *client, char *server)
             sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) {
                 k->kex_type = KEX_GSS_GEX_SHA1;
                 k->evp_md = EVP_sha1();
-       } else if (strncmp(k->name, KEX_GSS_GRP1_SHA1_ID, 
+       } else if (strncmp(k->name, KEX_GSS_GRP1_SHA1_ID,
             sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) {
                 k->kex_type = KEX_GSS_GRP1_SHA1;
                 k->evp_md = EVP_sha1();
diff --git a/openssh/kex.h b/openssh/kex.h

index 9d1823e1701b5124c2297197f24330f2a6bb558e..aef11dce2f83947cd5072ee659ca5561633ecff4 100644 (file)
--- a/openssh/kex.h
+++ b/openssh/kex.h
@@ -123,7 +123,7 @@ struct Kex {
         int     flags;
         const EVP_MD *evp_md;
  #ifdef GSSAPI
-       int     gss_deleg_creds;
+       int     gss_deleg_creds;
         int     gss_trust_dns;
         char    *gss_host;
  #endif
diff --git a/openssh/servconf.c b/openssh/servconf.c

index 43e5812088c3b41806c30f084c7432aea744953a..adc8aa9d817dc62a6b80a30ddc510f1471a63cde 100644 (file)
--- a/openssh/servconf.c
+++ b/openssh/servconf.c
@@ -284,8 +284,8 @@ typedef enum {
         sBanner, sUseDNS, sHostbasedAuthentication,
         sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
         sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
-       sGssKeyEx,
-       sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+       sGssAuthentication, sGssKeyEx, sGssCleanupCreds, 
+       sAcceptEnv, sPermitTunnel,
         sUsePrivilegeSeparation,
         sDeprecated, sUnsupported
  } ServerOpCodes;
diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c

index 0e3a7c0f4d16ab6ae545e32b2afbd231b7144b43..0485095ae901bf9d1844b962f83ea2e37779993d 100644 (file)
--- a/openssh/sshconnect2.c
+++ b/openssh/sshconnect2.c
@@ -174,9 +174,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
         kex->client_version_string=client_version_string;
         kex->server_version_string=server_version_string;
         kex->verify_host_key=&verify_host_key_callback;
-#ifdef GSSAPI
-       kex->options.gss_deleg_creds=options.gss_deleg_creds;
-#endif
  
  #ifdef GSSAPI
         kex->gss_deleg_creds = options.gss_deleg_creds;
author	jbasney <jbasney>
	Tue, 7 Mar 2006 19:04:23 +0000 (19:04 +0000)
committer	jbasney <jbasney>
	Tue, 7 Mar 2006 19:04:23 +0000 (19:04 +0000)
openssh/auth-krb5.c		patch \| blob \| blame \| history
openssh/configure.ac		patch \| blob \| blame \| history
openssh/gss-serv.c		patch \| blob \| blame \| history
openssh/kex.c		patch \| blob \| blame \| history
openssh/kex.h		patch \| blob \| blame \| history
openssh/servconf.c		patch \| blob \| blame \| history
openssh/sshconnect2.c		patch \| blob \| blame \| history