From 186bf3858e983334d798efbb09933e3060916515 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Jun 24 2016 10:07:22 +0000 Subject: UseLogin yes is not supported in Fedora --- diff --git a/openssh-6.6p1-log-usepam-no.patch b/openssh-6.6p1-log-usepam-no.patch deleted file mode 100644 index bd3048c..0000000 --- a/openssh-6.6p1-log-usepam-no.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff --git a/sshd.c b/sshd.c -index a7b8b6a..24ab272 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -1620,6 +1620,10 @@ main(int ac, char **av) - parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, - &cfg, NULL); - -+ /* 'UsePAM no' is not supported in Fedora */ -+ if (! options.use_pam) -+ logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems."); -+ - seed_rng(); - - /* Fill in default values for those options not explicitly set. */ -diff --git a/sshd_config b/sshd_config -index 36cb27a..c1b7c03 100644 ---- a/sshd_config -+++ b/sshd_config -@@ -101,6 +101,8 @@ GSSAPICleanupCredentials no - # If you just want the PAM account and session checks to run without - # PAM authentication, then enable this but set PasswordAuthentication - # and ChallengeResponseAuthentication to 'no'. -+# WARNING: 'UsePAM no' is not supported in Fedora and may cause several -+# problems. - UsePAM yes - - #AllowAgentForwarding yes diff --git a/openssh-7.2p2-UsePAM-UseLogin-warning.patch b/openssh-7.2p2-UsePAM-UseLogin-warning.patch new file mode 100644 index 0000000..bf1999b --- /dev/null +++ b/openssh-7.2p2-UsePAM-UseLogin-warning.patch @@ -0,0 +1,39 @@ +diff --git a/sshd.c b/sshd.c +--- a/sshd.c ++++ b/sshd.c +@@ -1701,6 +1701,14 @@ main(int ac, char **av) + parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, + &cfg, NULL); + ++ /* 'UseLogin yes' is not supported in Fedora */ ++ if (options.use_login) ++ logit("WARNING: 'UseLogin yes' is not supported in Fedora and may cause several problems."); ++ ++ /* 'UsePAM no' is not supported in Fedora */ ++ if (! options.use_pam) ++ logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems."); ++ + seed_rng(); + + /* Fill in default values for those options not explicitly set. */ +diff --git a/sshd_config b/sshd_config +--- a/sshd_config ++++ b/sshd_config +@@ -101,6 +101,8 @@ GSSAPICleanupCredentials no + # If you just want the PAM account and session checks to run without + # PAM authentication, then enable this but set PasswordAuthentication + # and ChallengeResponseAuthentication to 'no'. ++# WARNING: 'UsePAM no' is not supported in Fedora and may cause several ++# problems. + UsePAM yes + + #AllowAgentForwarding yes +@@ -113,6 +115,8 @@ X11Forwarding yes + #PrintMotd yes + #PrintLastLog yes + #TCPKeepAlive yes ++# WARNING: 'UseLogin yes' is not supported in Fedora and may cause several ++# problems. + #UseLogin no + #UsePrivilegeSeparation sandbox + #PermitUserEnvironment no diff --git a/openssh.spec b/openssh.spec index 58de984..aa6db67 100644 --- a/openssh.spec +++ b/openssh.spec @@ -159,7 +159,7 @@ Patch708: openssh-6.6p1-entropy.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX) Patch709: openssh-6.2p1-vendor.patch # warn users for unsupported UsePAM=no (#757545) -Patch711: openssh-6.6p1-log-usepam-no.patch +Patch711: openssh-7.2p2-UsePAM-UseLogin-warning.patch # make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL Patch712: openssh-6.3p1-ctr-evp-fast.patch # add cavs test binary for the aes-ctr