| Move things around so hpn applies cleanly when using X509. |
| |
| Forward-Ported-from: files/openssh-4.9_p1-x509-hpn-glue.patch |
| Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> |
| |
| diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/Makefile.in openssh-5.1p1+x509-hpn-glue/Makefile.in |
| --- openssh-5.1p1+x509/Makefile.in 2008-08-23 14:12:53.000000000 -0700 |
| +++ openssh-5.1p1+x509-hpn-glue/Makefile.in 2008-08-23 14:13:51.000000000 -0700 |
| @@ -44,11 +44,12 @@ |
| CC=@CC@ |
| LD=@LD@ |
| CFLAGS=@CFLAGS@ |
| -CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ |
| +CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ |
| LIBS=@LIBS@ |
| SSHDLIBS=@SSHDLIBS@ |
| LIBEDIT=@LIBEDIT@ |
| LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ |
| +CPPFLAGS += @LDAP_CPPFLAGS@ |
| AR=@AR@ |
| AWK=@AWK@ |
| RANLIB=@RANLIB@ |
| diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/servconf.c openssh-5.1p1+x509-hpn-glue/servconf.c |
| --- openssh-5.1p1+x509/servconf.c 2008-08-23 14:12:53.000000000 -0700 |
| +++ openssh-5.1p1+x509-hpn-glue/servconf.c 2008-08-23 14:23:56.000000000 -0700 |
| @@ -108,6 +108,17 @@ |
| options->log_level = SYSLOG_LEVEL_NOT_SET; |
| options->rhosts_rsa_authentication = -1; |
| options->hostbased_authentication = -1; |
| + options->hostbased_algorithms = NULL; |
| + options->pubkey_algorithms = NULL; |
| + ssh_x509flags_initialize(&options->x509flags, 1); |
| +#ifndef SSH_X509STORE_DISABLED |
| + ssh_x509store_initialize(&options->ca); |
| +#endif /*ndef SSH_X509STORE_DISABLED*/ |
| +#ifdef SSH_OCSP_ENABLED |
| + options->va.type = -1; |
| + options->va.certificate_file = NULL; |
| + options->va.responder_url = NULL; |
| +#endif /*def SSH_OCSP_ENABLED*/ |
| options->hostbased_uses_name_from_packet_only = -1; |
| options->rsa_authentication = -1; |
| options->pubkey_authentication = -1; |
| @@ -151,18 +162,6 @@ |
| options->num_permitted_opens = -1; |
| options->adm_forced_command = NULL; |
| options->chroot_directory = NULL; |
| - |
| - options->hostbased_algorithms = NULL; |
| - options->pubkey_algorithms = NULL; |
| - ssh_x509flags_initialize(&options->x509flags, 1); |
| -#ifndef SSH_X509STORE_DISABLED |
| - ssh_x509store_initialize(&options->ca); |
| -#endif /*ndef SSH_X509STORE_DISABLED*/ |
| -#ifdef SSH_OCSP_ENABLED |
| - options->va.type = -1; |
| - options->va.certificate_file = NULL; |
| - options->va.responder_url = NULL; |
| -#endif /*def SSH_OCSP_ENABLED*/ |
| } |
| |
| void |
| @@ -338,6 +337,16 @@ |
| /* Portable-specific options */ |
| sUsePAM, |
| /* Standard Options */ |
| + sHostbasedAlgorithms, |
| + sPubkeyAlgorithms, |
| + sX509KeyAlgorithm, |
| + sAllowedClientCertPurpose, |
| + sKeyAllowSelfIssued, sMandatoryCRL, |
| + sCACertificateFile, sCACertificatePath, |
| + sCARevocationFile, sCARevocationPath, |
| + sCAldapVersion, sCAldapURL, |
| + sVAType, sVACertificateFile, |
| + sVAOCSPResponderURL, |
| sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
| sPermitRootLogin, sLogFacility, sLogLevel, |
| sRhostsRSAAuthentication, sRSAAuthentication, |
| @@ -360,16 +369,6 @@ |
| sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, |
| sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| sUsePrivilegeSeparation, sAllowAgentForwarding, |
| - sHostbasedAlgorithms, |
| - sPubkeyAlgorithms, |
| - sX509KeyAlgorithm, |
| - sAllowedClientCertPurpose, |
| - sKeyAllowSelfIssued, sMandatoryCRL, |
| - sCACertificateFile, sCACertificatePath, |
| - sCARevocationFile, sCARevocationPath, |
| - sCAldapVersion, sCAldapURL, |
| - sVAType, sVACertificateFile, |
| - sVAOCSPResponderURL, |
| sDeprecated, sUnsupported |
| } ServerOpCodes; |
| |