omnios-build New build/openssh/patches/0013-SunSSH-compat-default-config-values.patch

   1 From 6286276c8442faf6514f8f8a6ba5993193fb28bb Mon Sep 17 00:00:00 2001
   2 From: oracle <solaris@oracle.com>
   3 Date: Mon, 3 Aug 2015 14:36:22 -0700
   4 Subject: [PATCH 13/36] SunSSH compat default config values
   5 
   6 #
   7 # Some options in OpenSSH have different default values from those in SunSSH.
   8 # To make the transition smoother from SunSSH to OpenSSH, we change default
   9 # values for the following options to be as same as those in SunSSH.
  10 #
  11 #   GSSAPIAuthentication (for both server and client)
  12 #   X11Forwarding        (for server)
  13 #   ForwardX11Trusted    (for client)
  14 #
  15 # This is for Solaris only, we will not contribute back these changes to the
  16 # upstream.
  17 #
  18 ---
  19  readconf.c    | 8 ++++++++
  20  servconf.c    | 8 ++++++++
  21  ssh_config.4  | 8 ++++----
  22  sshd_config.4 | 8 ++++----
  23  4 files changed, 24 insertions(+), 8 deletions(-)
  24 
  25 diff --git a/readconf.c b/readconf.c
  26 index d0f4068..db37809 100644
  27 --- a/readconf.c
  28 +++ b/readconf.c
  29 @@ -1751,7 +1751,11 @@ fill_default_options(Options * options)
  30         if (options->forward_x11 == -1)
  31                 options->forward_x11 = 0;
  32         if (options->forward_x11_trusted == -1)
  33 +#ifdef OPTION_DEFAULT_VALUE
  34 +               options->forward_x11_trusted = 1;
  35 +#else
  36                 options->forward_x11_trusted = 0;
  37 +#endif
  38         if (options->forward_x11_timeout == -1)
  39                 options->forward_x11_timeout = 1200;
  40         if (options->exit_on_forward_failure == -1)
  41 @@ -1773,7 +1777,11 @@ fill_default_options(Options * options)
  42         if (options->challenge_response_authentication == -1)
  43                 options->challenge_response_authentication = 1;
  44         if (options->gss_authentication == -1)
  45 +#ifdef OPTION_DEFAULT_VALUE
  46 +               options->gss_authentication = 1;
  47 +#else
  48                 options->gss_authentication = 0;
  49 +#endif
  50         if (options->gss_deleg_creds == -1)
  51                 options->gss_deleg_creds = 0;
  52         if (options->password_authentication == -1)
  53 diff --git a/servconf.c b/servconf.c
  54 index d0ca777..dab8945 100644
  55 --- a/servconf.c
  56 +++ b/servconf.c
  57 @@ -251,7 +251,11 @@ fill_default_server_options(ServerOptions *options)
  58         if (options->print_lastlog == -1)
  59                 options->print_lastlog = 1;
  60         if (options->x11_forwarding == -1)
  61 +#ifdef OPTION_DEFAULT_VALUE
  62 +               options->x11_forwarding = 1;
  63 +#else
  64                 options->x11_forwarding = 0;
  65 +#endif
  66         if (options->x11_display_offset == -1)
  67                 options->x11_display_offset = 10;
  68         if (options->x11_use_localhost == -1)
  69 @@ -291,7 +295,11 @@ fill_default_server_options(ServerOptions *options)
  70         if (options->kerberos_get_afs_token == -1)
  71                 options->kerberos_get_afs_token = 0;
  72         if (options->gss_authentication == -1)
  73 +#ifdef OPTION_DEFAULT_VALUE
  74 +               options->gss_authentication = 1;
  75 +#else
  76                 options->gss_authentication = 0;
  77 +#endif
  78         if (options->gss_cleanup_creds == -1)
  79                 options->gss_cleanup_creds = 1;
  80         if (options->gss_strict_acceptor == -1)
  81 diff --git a/ssh_config.4 b/ssh_config.4
  82 index 6325b3a..720451e 100644
  83 --- a/ssh_config.4
  84 +++ b/ssh_config.4
  85 @@ -724,8 +724,8 @@ Furthermore, the
  86  token used for the session will be set to expire after 20 minutes.
  87  Remote clients will be refused access after this time.
  88  .Pp
  89 -The default is
  90 -.Dq no .
  91 +The default on Solaris is
  92 +.Dq yes .
  93  .Pp
  94  See the X11 SECURITY extension specification for full details on
  95  the restrictions imposed on untrusted clients.
  96 @@ -754,8 +754,8 @@ The default is
  97  .Pa /etc/ssh/ssh_known_hosts2 .
  98  .It Cm GSSAPIAuthentication
  99  Specifies whether user authentication based on GSSAPI is allowed.
 100 -The default is
 101 -.Dq no .
 102 +The default on Solaris is
 103 +.Dq yes .
 104  Note that this option applies to protocol version 2 only.
 105  .It Cm GSSAPIDelegateCredentials
 106  Forward (delegate) credentials to the server.
 107 diff --git a/sshd_config.4 b/sshd_config.4
 108 index 263175b..03c5b52 100644
 109 --- a/sshd_config.4
 110 +++ b/sshd_config.4
 111 @@ -618,8 +618,8 @@ The default is
 112  .Dq no .
 113  .It Cm GSSAPIAuthentication
 114  Specifies whether user authentication based on GSSAPI is allowed.
 115 -The default is
 116 -.Dq no .
 117 +The default on Solaris is
 118 +.Dq yes .
 119  Note that this option applies to protocol version 2 only.
 120  .It Cm GSSAPICleanupCredentials
 121  Specifies whether to automatically destroy the user's credentials cache
 122 @@ -1623,8 +1623,8 @@ The argument must be
 123  .Dq yes
 124  or
 125  .Dq no .
 126 -The default is
 127 -.Dq no .
 128 +The default on Solaris is
 129 +.Dq yes .
 130  .Pp
 131  When X11 forwarding is enabled, there may be additional exposure to
 132  the server and to client displays if the
 133 -- 
 134 2.5.4 (Apple Git-61)
 135