| From 7ad08649a223a4cd61e67d8334a147f55c79399d Mon Sep 17 00:00:00 2001 |
| From: Jacob Nevins <jacobn@chiark.greenend.org.uk> |
| Date: Mon, 25 Mar 2019 23:46:59 +0000 |
| Subject: [PATCH] Fix compilation with NO_GSSAPI. |
| |
| This is a fairly shallow patch, which removes the UI and interactions |
| with external libraries. Some other machinery (which is dead code in |
| this configuration) is left in place. |
| |
| Adapted by me from a patch by Jeroen Roovers. |
| |
| Signed-off-by: Baruch Siach <baruch@tkos.co.il> |
| --- |
| Upstream status: commit 7ad08649a22 |
| |
| config.c | 4 ++++ |
| settings.c | 12 ++++++++++-- |
| ssh.c | 16 +++++++++++++++- |
| ssh2transport.c | 3 +-- |
| ssh2userauth.c | 8 ++++++-- |
| sshserver.c | 13 ++++++++++++- |
| 6 files changed, 48 insertions(+), 8 deletions(-) |
| |
| diff --git a/config.c b/config.c |
| index 9c299feecc21..6528a9696584 100644 |
| --- a/config.c |
| +++ b/config.c |
| @@ -2442,10 +2442,12 @@ void setup_config_box(struct controlbox *b, bool midsession, |
| HELPCTX(ssh_kexlist), |
| kexlist_handler, P(NULL)); |
| c->listbox.height = KEX_MAX; |
| +#ifndef NO_GSSAPI |
| ctrl_checkbox(s, "Attempt GSSAPI key exchange", |
| 'k', HELPCTX(ssh_gssapi), |
| conf_checkbox_handler, |
| I(CONF_try_gssapi_kex)); |
| +#endif |
| |
| s = ctrl_getset(b, "Connection/SSH/Kex", "repeat", |
| "Options controlling key re-exchange"); |
| @@ -2455,11 +2457,13 @@ void setup_config_box(struct controlbox *b, bool midsession, |
| conf_editbox_handler, |
| I(CONF_ssh_rekey_time), |
| I(-1)); |
| +#ifndef NO_GSSAPI |
| ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20, |
| HELPCTX(ssh_kex_repeat), |
| conf_editbox_handler, |
| I(CONF_gssapirekey), |
| I(-1)); |
| +#endif |
| ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20, |
| HELPCTX(ssh_kex_repeat), |
| conf_editbox_handler, |
| diff --git a/settings.c b/settings.c |
| index 8d56302677d9..54f5ab7b2919 100644 |
| --- a/settings.c |
| +++ b/settings.c |
| @@ -592,21 +592,25 @@ void save_open_settings(settings_w *sesskey, Conf *conf) |
| write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression)); |
| write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent)); |
| write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd)); |
| +#ifndef NO_GSSAPI |
| write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd)); |
| +#endif |
| write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username)); |
| wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); |
| wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist); |
| wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist); |
| write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time)); |
| +#ifndef NO_GSSAPI |
| write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey)); |
| +#endif |
| write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data)); |
| write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth)); |
| write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner)); |
| write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth)); |
| write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth)); |
| +#ifndef NO_GSSAPI |
| write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth)); |
| write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex)); |
| -#ifndef NO_GSSAPI |
| wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist); |
| write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom)); |
| #endif |
| @@ -937,7 +941,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf) |
| gppb(sesskey, "TryAgent", true, conf, CONF_tryagent); |
| gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd); |
| gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username); |
| +#ifndef NO_GSSAPI |
| gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd); |
| +#endif |
| gprefs(sesskey, "Cipher", "\0", |
| ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); |
| { |
| @@ -990,7 +996,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf) |
| gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN", |
| hknames, HK_MAX, conf, CONF_ssh_hklist); |
| gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time); |
| +#ifndef NO_GSSAPI |
| gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey); |
| +#endif |
| gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data); |
| { |
| /* SSH-2 only by default */ |
| @@ -1007,9 +1015,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf) |
| gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner); |
| gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth); |
| gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth); |
| +#ifndef NO_GSSAPI |
| gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth); |
| gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex); |
| -#ifndef NO_GSSAPI |
| gprefs(sesskey, "GSSLibs", "\0", |
| gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist); |
| gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom); |
| diff --git a/ssh.c b/ssh.c |
| index e35ebc64e2b5..e8ad61b8085d 100644 |
| --- a/ssh.c |
| +++ b/ssh.c |
| @@ -50,7 +50,9 @@ struct Ssh { |
| ssh_sharing_state *connshare; |
| bool attempting_connshare; |
| |
| +#ifndef NO_GSSAPI |
| struct ssh_connection_shared_gss_state gss_state; |
| +#endif |
| |
| char *savedhost; |
| int savedport; |
| @@ -252,10 +254,18 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv, |
| conf_get_bool(ssh->conf, CONF_tryagent), username, |
| conf_get_bool(ssh->conf, CONF_change_username), |
| conf_get_bool(ssh->conf, CONF_try_ki_auth), |
| +#ifndef NO_GSSAPI |
| conf_get_bool(ssh->conf, CONF_try_gssapi_auth), |
| conf_get_bool(ssh->conf, CONF_try_gssapi_kex), |
| conf_get_bool(ssh->conf, CONF_gssapifwd), |
| - &ssh->gss_state); |
| + &ssh->gss_state |
| +#else |
| + false, |
| + false, |
| + false, |
| + NULL |
| +#endif |
| + ); |
| ssh_connect_ppl(ssh, userauth_layer); |
| transport_child_layer = userauth_layer; |
| |
| @@ -267,7 +277,11 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv, |
| ssh->fullhostname, |
| ssh_verstring_get_local(old_bpp), |
| ssh_verstring_get_remote(old_bpp), |
| +#ifndef NO_GSSAPI |
| &ssh->gss_state, |
| +#else |
| + NULL, |
| +#endif |
| &ssh->stats, transport_child_layer, false); |
| ssh_connect_ppl(ssh, ssh->base_layer); |
| |
| diff --git a/ssh2transport.c b/ssh2transport.c |
| index 8640d89d4be4..5e8955a0275f 100644 |
| --- a/ssh2transport.c |
| +++ b/ssh2transport.c |
| @@ -1781,6 +1781,7 @@ static void ssh2_transport_gss_update(struct ssh2_transport_state *s, |
| if (mins > 0 && s->gss_ctxt_lifetime <= mins * 60) |
| s->gss_status |= GSS_CTXT_EXPIRES; |
| } |
| +#endif /* NO_GSSAPI */ |
| |
| ptrlen ssh2_transport_get_session_id(PacketProtocolLayer *ppl) |
| { |
| @@ -1805,8 +1806,6 @@ void ssh2_transport_notify_auth_done(PacketProtocolLayer *ppl) |
| queue_idempotent_callback(&s->ppl.ic_process_queue); |
| } |
| |
| -#endif /* NO_GSSAPI */ |
| - |
| static bool ssh2_transport_get_specials( |
| PacketProtocolLayer *ppl, add_special_fn_t add_special, void *ctx) |
| { |
| diff --git a/ssh2userauth.c b/ssh2userauth.c |
| index fc4139230557..7f5a129295ab 100644 |
| --- a/ssh2userauth.c |
| +++ b/ssh2userauth.c |
| @@ -613,8 +613,10 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) |
| * Scan it for method identifiers we know about. |
| */ |
| bool srv_pubkey = false, srv_passwd = false; |
| - bool srv_keyb_inter = false, srv_gssapi = false; |
| - bool srv_gssapi_keyex_auth = false; |
| + bool srv_keyb_inter = false; |
| +#ifndef NO_GSSAPI |
| + bool srv_gssapi = false, srv_gssapi_keyex_auth = false; |
| +#endif |
| |
| for (ptrlen method; get_commasep_word(&methods, &method) ;) { |
| if (ptrlen_eq_string(method, "publickey")) |
| @@ -623,10 +625,12 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) |
| srv_passwd = true; |
| else if (ptrlen_eq_string(method, "keyboard-interactive")) |
| srv_keyb_inter = true; |
| +#ifndef NO_GSSAPI |
| else if (ptrlen_eq_string(method, "gssapi-with-mic")) |
| srv_gssapi = true; |
| else if (ptrlen_eq_string(method, "gssapi-keyex")) |
| srv_gssapi_keyex_auth = true; |
| +#endif |
| } |
| |
| /* |
| diff --git a/sshserver.c b/sshserver.c |
| index 5f6e7ddeeaec..5c34bb356757 100644 |
| --- a/sshserver.c |
| +++ b/sshserver.c |
| @@ -50,7 +50,9 @@ struct server { |
| PacketProtocolLayer *base_layer; |
| ConnectionLayer *cl; |
| |
| +#ifndef NO_GSSAPI |
| struct ssh_connection_shared_gss_state gss_state; |
| +#endif |
| }; |
| |
| static void ssh_server_free_callback(void *vsrv); |
| @@ -245,9 +247,11 @@ Plug *ssh_server_plug( |
| bufchain_init(&srv->out_raw); |
| bufchain_init(&srv->dummy_user_input); |
| |
| +#ifndef NO_GSSAPI |
| /* FIXME: replace with sensible */ |
| srv->gss_state.libs = snew(struct ssh_gss_liblist); |
| srv->gss_state.libs->nlibraries = 0; |
| +#endif |
| |
| return &srv->plug; |
| } |
| @@ -297,7 +301,9 @@ static void ssh_server_free_callback(void *vsrv) |
| conf_free(srv->conf); |
| log_free(srv->logctx); |
| |
| +#ifndef NO_GSSAPI |
| sfree(srv->gss_state.libs); /* FIXME: replace with sensible */ |
| +#endif |
| |
| sfree(srv); |
| |
| @@ -442,7 +448,12 @@ static void server_got_ssh_version(struct ssh_version_receiver *rcv, |
| srv->conf, NULL, 0, NULL, |
| ssh_verstring_get_remote(old_bpp), |
| ssh_verstring_get_local(old_bpp), |
| - &srv->gss_state, &srv->stats, transport_child_layer, true); |
| +#ifndef NO_GSSAPI |
| + &srv->gss_state, |
| +#else |
| + NULL, |
| +#endif |
| + &srv->stats, transport_child_layer, true); |
| ssh2_transport_provide_hostkeys( |
| srv->base_layer, srv->hostkeys, srv->nhostkeys); |
| if (userauth_layer) |
| -- |
| 2.20.1 |
| |