blob: 56a29e19dc61ee9cb259d6a4b2e353b71e3b5a0d [file] [log] [blame]
From 7ad08649a223a4cd61e67d8334a147f55c79399d Mon Sep 17 00:00:00 2001
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Date: Mon, 25 Mar 2019 23:46:59 +0000
Subject: [PATCH] Fix compilation with NO_GSSAPI.
This is a fairly shallow patch, which removes the UI and interactions
with external libraries. Some other machinery (which is dead code in
this configuration) is left in place.
Adapted by me from a patch by Jeroen Roovers.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 7ad08649a22
config.c | 4 ++++
settings.c | 12 ++++++++++--
ssh.c | 16 +++++++++++++++-
ssh2transport.c | 3 +--
ssh2userauth.c | 8 ++++++--
sshserver.c | 13 ++++++++++++-
6 files changed, 48 insertions(+), 8 deletions(-)
diff --git a/config.c b/config.c
index 9c299feecc21..6528a9696584 100644
--- a/config.c
+++ b/config.c
@@ -2442,10 +2442,12 @@ void setup_config_box(struct controlbox *b, bool midsession,
HELPCTX(ssh_kexlist),
kexlist_handler, P(NULL));
c->listbox.height = KEX_MAX;
+#ifndef NO_GSSAPI
ctrl_checkbox(s, "Attempt GSSAPI key exchange",
'k', HELPCTX(ssh_gssapi),
conf_checkbox_handler,
I(CONF_try_gssapi_kex));
+#endif
s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
"Options controlling key re-exchange");
@@ -2455,11 +2457,13 @@ void setup_config_box(struct controlbox *b, bool midsession,
conf_editbox_handler,
I(CONF_ssh_rekey_time),
I(-1));
+#ifndef NO_GSSAPI
ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20,
HELPCTX(ssh_kex_repeat),
conf_editbox_handler,
I(CONF_gssapirekey),
I(-1));
+#endif
ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20,
HELPCTX(ssh_kex_repeat),
conf_editbox_handler,
diff --git a/settings.c b/settings.c
index 8d56302677d9..54f5ab7b2919 100644
--- a/settings.c
+++ b/settings.c
@@ -592,21 +592,25 @@ void save_open_settings(settings_w *sesskey, Conf *conf)
write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression));
write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent));
write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd));
+#ifndef NO_GSSAPI
write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd));
+#endif
write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username));
wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
+#ifndef NO_GSSAPI
write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));
+#endif
write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));
write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth));
write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner));
write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth));
write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth));
+#ifndef NO_GSSAPI
write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth));
write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex));
-#ifndef NO_GSSAPI
wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom));
#endif
@@ -937,7 +941,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
gppb(sesskey, "TryAgent", true, conf, CONF_tryagent);
gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd);
gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username);
+#ifndef NO_GSSAPI
gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd);
+#endif
gprefs(sesskey, "Cipher", "\0",
ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
{
@@ -990,7 +996,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
hknames, HK_MAX, conf, CONF_ssh_hklist);
gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
+#ifndef NO_GSSAPI
gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey);
+#endif
gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
{
/* SSH-2 only by default */
@@ -1007,9 +1015,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner);
gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth);
gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth);
+#ifndef NO_GSSAPI
gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth);
gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex);
-#ifndef NO_GSSAPI
gprefs(sesskey, "GSSLibs", "\0",
gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom);
diff --git a/ssh.c b/ssh.c
index e35ebc64e2b5..e8ad61b8085d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -50,7 +50,9 @@ struct Ssh {
ssh_sharing_state *connshare;
bool attempting_connshare;
+#ifndef NO_GSSAPI
struct ssh_connection_shared_gss_state gss_state;
+#endif
char *savedhost;
int savedport;
@@ -252,10 +254,18 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
conf_get_bool(ssh->conf, CONF_tryagent), username,
conf_get_bool(ssh->conf, CONF_change_username),
conf_get_bool(ssh->conf, CONF_try_ki_auth),
+#ifndef NO_GSSAPI
conf_get_bool(ssh->conf, CONF_try_gssapi_auth),
conf_get_bool(ssh->conf, CONF_try_gssapi_kex),
conf_get_bool(ssh->conf, CONF_gssapifwd),
- &ssh->gss_state);
+ &ssh->gss_state
+#else
+ false,
+ false,
+ false,
+ NULL
+#endif
+ );
ssh_connect_ppl(ssh, userauth_layer);
transport_child_layer = userauth_layer;
@@ -267,7 +277,11 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
ssh->fullhostname,
ssh_verstring_get_local(old_bpp),
ssh_verstring_get_remote(old_bpp),
+#ifndef NO_GSSAPI
&ssh->gss_state,
+#else
+ NULL,
+#endif
&ssh->stats, transport_child_layer, false);
ssh_connect_ppl(ssh, ssh->base_layer);
diff --git a/ssh2transport.c b/ssh2transport.c
index 8640d89d4be4..5e8955a0275f 100644
--- a/ssh2transport.c
+++ b/ssh2transport.c
@@ -1781,6 +1781,7 @@ static void ssh2_transport_gss_update(struct ssh2_transport_state *s,
if (mins > 0 && s->gss_ctxt_lifetime <= mins * 60)
s->gss_status |= GSS_CTXT_EXPIRES;
}
+#endif /* NO_GSSAPI */
ptrlen ssh2_transport_get_session_id(PacketProtocolLayer *ppl)
{
@@ -1805,8 +1806,6 @@ void ssh2_transport_notify_auth_done(PacketProtocolLayer *ppl)
queue_idempotent_callback(&s->ppl.ic_process_queue);
}
-#endif /* NO_GSSAPI */
-
static bool ssh2_transport_get_specials(
PacketProtocolLayer *ppl, add_special_fn_t add_special, void *ctx)
{
diff --git a/ssh2userauth.c b/ssh2userauth.c
index fc4139230557..7f5a129295ab 100644
--- a/ssh2userauth.c
+++ b/ssh2userauth.c
@@ -613,8 +613,10 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
* Scan it for method identifiers we know about.
*/
bool srv_pubkey = false, srv_passwd = false;
- bool srv_keyb_inter = false, srv_gssapi = false;
- bool srv_gssapi_keyex_auth = false;
+ bool srv_keyb_inter = false;
+#ifndef NO_GSSAPI
+ bool srv_gssapi = false, srv_gssapi_keyex_auth = false;
+#endif
for (ptrlen method; get_commasep_word(&methods, &method) ;) {
if (ptrlen_eq_string(method, "publickey"))
@@ -623,10 +625,12 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
srv_passwd = true;
else if (ptrlen_eq_string(method, "keyboard-interactive"))
srv_keyb_inter = true;
+#ifndef NO_GSSAPI
else if (ptrlen_eq_string(method, "gssapi-with-mic"))
srv_gssapi = true;
else if (ptrlen_eq_string(method, "gssapi-keyex"))
srv_gssapi_keyex_auth = true;
+#endif
}
/*
diff --git a/sshserver.c b/sshserver.c
index 5f6e7ddeeaec..5c34bb356757 100644
--- a/sshserver.c
+++ b/sshserver.c
@@ -50,7 +50,9 @@ struct server {
PacketProtocolLayer *base_layer;
ConnectionLayer *cl;
+#ifndef NO_GSSAPI
struct ssh_connection_shared_gss_state gss_state;
+#endif
};
static void ssh_server_free_callback(void *vsrv);
@@ -245,9 +247,11 @@ Plug *ssh_server_plug(
bufchain_init(&srv->out_raw);
bufchain_init(&srv->dummy_user_input);
+#ifndef NO_GSSAPI
/* FIXME: replace with sensible */
srv->gss_state.libs = snew(struct ssh_gss_liblist);
srv->gss_state.libs->nlibraries = 0;
+#endif
return &srv->plug;
}
@@ -297,7 +301,9 @@ static void ssh_server_free_callback(void *vsrv)
conf_free(srv->conf);
log_free(srv->logctx);
+#ifndef NO_GSSAPI
sfree(srv->gss_state.libs); /* FIXME: replace with sensible */
+#endif
sfree(srv);
@@ -442,7 +448,12 @@ static void server_got_ssh_version(struct ssh_version_receiver *rcv,
srv->conf, NULL, 0, NULL,
ssh_verstring_get_remote(old_bpp),
ssh_verstring_get_local(old_bpp),
- &srv->gss_state, &srv->stats, transport_child_layer, true);
+#ifndef NO_GSSAPI
+ &srv->gss_state,
+#else
+ NULL,
+#endif
+ &srv->stats, transport_child_layer, true);
ssh2_transport_provide_hostkeys(
srv->base_layer, srv->hostkeys, srv->nhostkeys);
if (userauth_layer)
--
2.20.1