-diff -up openssh-5.9p0/HOWTO.ldap-keys.ldap openssh-5.9p0/HOWTO.ldap-keys
---- openssh-5.9p0/HOWTO.ldap-keys.ldap 2011-08-30 15:57:12.449212853 +0200
-+++ openssh-5.9p0/HOWTO.ldap-keys 2011-08-30 15:57:12.453101662 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/HOWTO.ldap-keys openssh-8.4p1/HOWTO.ldap-keys
+--- openssh-8.4p1.org/HOWTO.ldap-keys 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/HOWTO.ldap-keys 2021-03-01 11:29:31.277623165 +0100
@@ -0,0 +1,108 @@
+
+HOW TO START
+ sshPublicKey: command="kill -9 1" ssh-rss AAAAM5...
+4) on the ssh side set in sshd_config
+ * Set up the backend
-+ AuthorizedKeysCommand "/usr/libexec/openssh/ssh-ldap-wrapper"
-+ AuthorizedKeysCommandRunAs <appropriate user to run LDAP>
++ AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
++ AuthorizedKeysCommandUser <appropriate user to run LDAP>
+ * Do not forget to set
+ PubkeyAuthentication yes
+ * Swith off unnecessary auth methods
+5) Author
+ Jan F. Chadima <jchadima@redhat.com>
+
-diff -up openssh-5.9p0/Makefile.in.ldap openssh-5.9p0/Makefile.in
---- openssh-5.9p0/Makefile.in.ldap 2011-08-30 15:57:01.693024742 +0200
-+++ openssh-5.9p0/Makefile.in 2011-08-30 16:00:02.478212295 +0200
-@@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
+diff -urNp -x '*.orig' openssh-8.4p1.org/Makefile.in openssh-8.4p1/Makefile.in
+--- openssh-8.4p1.org/Makefile.in 2020-09-27 09:25:01.000000000 +0200
++++ openssh-8.4p1/Makefile.in 2021-03-01 11:29:31.280956671 +0100
+@@ -23,6 +23,8 @@ SSH_PROGRAM=@bindir@/ssh
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
+SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
+ SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
- SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
-@@ -58,8 +60,9 @@ XAUTH_PATH=@XAUTH_PATH@
- LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
+@@ -63,10 +65,11 @@ LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDF
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
+ MKDIR_P=@MKDIR_P@
+INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
+ .SUFFIXES: .lo
- LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
- canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
-@@ -92,8 +95,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
- roaming_common.o roaming_serv.o \
- sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT)
--MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
--MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
-+MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
-+MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
+ XMSS_OBJS=\
+ ssh-xmss.o \
+@@ -150,8 +153,8 @@ SFTPSERVER_OBJS=sftp-common.o sftp-serve
+
+ SFTP_OBJS= sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
+
+-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out
+-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5
++MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
++MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -161,6 +164,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
- ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
- $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+@@ -230,6 +233,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
+ ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
+ $(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2)
+ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
- $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
+ $(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-@@ -256,6 +262,10 @@ install-files:
- $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+@@ -395,6 +401,10 @@ install-files:
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
+ if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
-+ $(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
-+ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
++ $(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
++ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
+ fi
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-@@ -272,6 +282,10 @@ install-files:
- $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+@@ -412,6 +422,10 @@ install-files:
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ $(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
+ if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
-+ $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
-+ $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
++ $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
++ $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
+ fi
- -rm -f $(DESTDIR)$(bindir)/slogin
- ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-@@ -301,6 +315,13 @@ install-sysconf:
+
+ install-sysconf:
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)
+@@ -435,6 +449,13 @@ install-sysconf:
else \
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
fi
host-key: ssh-keygen$(EXEEXT)
@if [ -z "$(DESTDIR)" ] ; then \
-@@ -358,6 +379,8 @@ uninstall:
- -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+@@ -473,6 +494,8 @@ uninstall:
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_LDAP_HELPER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_LDAP_WRAPPER)$(EXEEXT)
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -369,6 +392,7 @@ uninstall:
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+@@ -485,6 +508,7 @@ uninstall:
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
- tests interop-tests: $(TARGETS)
-diff -up openssh-5.9p0/configure.ac.ldap openssh-5.9p0/configure.ac
---- openssh-5.9p0/configure.ac.ldap 2011-08-30 15:57:11.297032991 +0200
-+++ openssh-5.9p0/configure.ac 2011-08-30 15:57:12.664024959 +0200
-@@ -1433,6 +1433,106 @@ AC_ARG_WITH(authorized-keys-command,
- ]
- )
+ regress-prep:
+ $(MKDIR_P) `pwd`/regress/unittests/test_helper
+diff -urNp -x '*.orig' openssh-8.4p1.org/configure.ac openssh-8.4p1/configure.ac
+--- openssh-8.4p1.org/configure.ac 2021-03-01 11:29:31.004275724 +0100
++++ openssh-8.4p1/configure.ac 2021-03-01 11:29:31.277623165 +0100
+@@ -1763,6 +1763,106 @@ AC_COMPILE_IFELSE(
+ CFLAGS="$SAVED_CFLAGS"
+ AC_SUBST([PICFLAG])
+# Check whether user wants LDAP support
+LDAP_MSG="no"
+
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS([ \
- arc4random \
-diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c
---- openssh-5.9p0/ldap-helper.c.ldap 2011-08-30 15:57:12.754025033 +0200
-+++ openssh-5.9p0/ldap-helper.c 2011-08-30 15:57:12.759025510 +0200
+ Blowfish_initstate \
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldap-helper.c openssh-8.4p1/ldap-helper.c
+--- openssh-8.4p1.org/ldap-helper.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldap-helper.c 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,155 @@
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+}
+
+/* Ugly hack */
-+void *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
-+void buffer_put_string(Buffer *b, const void *f, u_int l) {}
++void *buffer_get_string(struct sshbuf *b, u_int *l) { return NULL; }
++void buffer_put_string(struct sshbuf *b, const void *f, u_int l) {}
+
-diff -up openssh-5.9p0/ldap-helper.h.ldap openssh-5.9p0/ldap-helper.h
---- openssh-5.9p0/ldap-helper.h.ldap 2011-08-30 15:57:12.835024792 +0200
-+++ openssh-5.9p0/ldap-helper.h 2011-08-30 15:57:12.839024637 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldap-helper.h openssh-8.4p1/ldap-helper.h
+--- openssh-8.4p1.org/ldap-helper.h 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldap-helper.h 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,32 @@
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+extern int config_warning_config_file;
+
+#endif /* LDAP_HELPER_H */
-diff -up openssh-5.9p0/ldap.conf.ldap openssh-5.9p0/ldap.conf
---- openssh-5.9p0/ldap.conf.ldap 2011-08-30 15:57:12.929026186 +0200
-+++ openssh-5.9p0/ldap.conf 2011-08-30 15:57:12.933024937 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldap.conf openssh-8.4p1/ldap.conf
+--- openssh-8.4p1.org/ldap.conf 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldap.conf 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,88 @@
-+# $Id$
++# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
+#
+# This is the example configuration file for the OpenSSH
+# LDAP backend
+#tls_cert
+#tls_key
+
-diff -up openssh-5.9p0/ldapbody.c.ldap openssh-5.9p0/ldapbody.c
---- openssh-5.9p0/ldapbody.c.ldap 2011-08-30 15:57:13.005024661 +0200
-+++ openssh-5.9p0/ldapbody.c 2011-08-30 15:57:13.011024848 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldapbody.c openssh-8.4p1/ldapbody.c
+--- openssh-8.4p1.org/ldapbody.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldapbody.c 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,494 @@
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+#include <stdio.h>
+#include <unistd.h>
+
-+#define LDAPSEARCH_FORMAT "(&(objectclass=posixAccount)(objectclass=ldapPublicKey)(uid=%s)%s)"
++#define LDAPSEARCH_FORMAT "(&(objectclass=%s)(objectclass=ldapPublicKey)(uid=%s)%s)"
+#define PUBKEYATTR "sshPublicKey"
+#define LDAP_LOGFILE "%s/ldap.%d"
+
+ }
+
+ /* build filter for LDAP request */
-+ bufflen = strlen (LDAPSEARCH_FORMAT) + strlen (user);
++ bufflen = strlen (LDAPSEARCH_FORMAT) + strlen(options.account_class) + strlen (user);
+ if (options.ssh_filter != NULL)
+ bufflen += strlen (options.ssh_filter);
+ buffer = xmalloc (bufflen);
-+ snprintf(buffer, bufflen, LDAPSEARCH_FORMAT, user, (options.ssh_filter != NULL) ? options.ssh_filter : NULL);
++ snprintf(buffer, bufflen, LDAPSEARCH_FORMAT, options.account_class, user, (options.ssh_filter != NULL) ? options.ssh_filter : NULL);
+ buffer[bufflen - 1] = 0;
+
+ debug3 ("LDAP search scope = %d %s", options.scope, buffer);
+ return;
+}
+
-diff -up openssh-5.9p0/ldapbody.h.ldap openssh-5.9p0/ldapbody.h
---- openssh-5.9p0/ldapbody.h.ldap 2011-08-30 15:57:13.087150596 +0200
-+++ openssh-5.9p0/ldapbody.h 2011-08-30 15:57:13.091149461 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldapbody.h openssh-8.4p1/ldapbody.h
+--- openssh-8.4p1.org/ldapbody.h 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldapbody.h 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,37 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+
+#endif /* LDAPBODY_H */
+
-diff -up openssh-5.9p0/ldapconf.c.ldap openssh-5.9p0/ldapconf.c
---- openssh-5.9p0/ldapconf.c.ldap 2011-08-30 15:57:13.164036922 +0200
-+++ openssh-5.9p0/ldapconf.c 2011-08-30 15:57:13.171065499 +0200
-@@ -0,0 +1,682 @@
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldapconf.c openssh-8.4p1/ldapconf.c
+--- openssh-8.4p1.org/ldapconf.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldapconf.c 2021-03-01 11:29:31.280956671 +0100
+@@ -0,0 +1,691 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
+ lRestart, lTLS_CheckPeer, lTLS_CaCertFile,
+ lTLS_CaCertDir, lTLS_Ciphers, lTLS_Cert, lTLS_Key,
+ lTLS_RandFile, lLogDir, lDebug, lSSH_Filter,
-+ lDeprecated, lUnsupported
++ lAccountClass, lDeprecated, lUnsupported
+} OpCodes;
+
+/* Textual representations of the tokens. */
+ { "LogDir", lLogDir },
+ { "Debug", lDebug },
+ { "SSH_Filter", lSSH_Filter },
++ { "AccountClass", lAccountClass },
+ { NULL, lBadOption }
+};
+
+ xstringptr = &options.ssh_filter;
+ goto parse_xstring;
+
++ case lAccountClass:
++ charptr = &options.account_class;
++ goto parse_string;
++
+ case lDeprecated:
+ debug("%s line %d: Deprecated option \"%s\"",
+ filename, linenum, keyword);
+ options.logdir = NULL;
+ options.debug = -1;
+ options.ssh_filter = NULL;
++ options.account_class = NULL;
+}
+
+/*
+ len = snprintf (options.uri, MAXURILEN, "ldap%s://%s:%d",
+ (options.ssl == 0) ? "" : "s", options.host, options.port);
+ options.uri[MAXURILEN - 1] = 0;
-+ options.uri = xrealloc (options.uri, len + 1, 1);
++ options.uri = xreallocarray (options.uri, len + 1, 1);
+ }
+ if (options.binddn == NULL)
+ options.binddn = "";
+ options.debug = 0;
+ if (options.ssh_filter == NULL)
+ options.ssh_filter = "";
++ if (options.account_class == NULL)
++ options.account_class = "posixAccount";
+}
+
+static const char *
+ dump_cfg_string(lLogDir, options.logdir);
+ dump_cfg_int(lDebug, options.debug);
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
++ dump_cfg_string(lAccountClass, options.logdir);
+}
+
-diff -up openssh-5.9p0/ldapconf.h.ldap openssh-5.9p0/ldapconf.h
---- openssh-5.9p0/ldapconf.h.ldap 2011-08-30 15:57:13.265149057 +0200
-+++ openssh-5.9p0/ldapconf.h 2011-08-30 15:57:13.271153923 +0200
-@@ -0,0 +1,71 @@
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldapconf.h openssh-8.4p1/ldapconf.h
+--- openssh-8.4p1.org/ldapconf.h 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldapconf.h 2021-03-01 11:29:31.280956671 +0100
+@@ -0,0 +1,72 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
+ char *logdir;
+ int debug;
+ char *ssh_filter;
++ char *account_class;
+} Options;
+
+extern Options options;
+void dump_config(void);
+
+#endif /* LDAPCONF_H */
-diff -up openssh-5.9p0/ldapincludes.h.ldap openssh-5.9p0/ldapincludes.h
---- openssh-5.9p0/ldapincludes.h.ldap 2011-08-30 15:57:13.344023601 +0200
-+++ openssh-5.9p0/ldapincludes.h 2011-08-30 15:57:13.348024596 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldapincludes.h openssh-8.4p1/ldapincludes.h
+--- openssh-8.4p1.org/ldapincludes.h 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldapincludes.h 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,41 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+#endif
+
+#endif /* LDAPINCLUDES_H */
-diff -up openssh-5.9p0/ldapmisc.c.ldap openssh-5.9p0/ldapmisc.c
---- openssh-5.9p0/ldapmisc.c.ldap 2011-08-30 15:57:13.429148896 +0200
-+++ openssh-5.9p0/ldapmisc.c 2011-08-30 15:57:13.433150396 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldapmisc.c openssh-8.4p1/ldapmisc.c
+--- openssh-8.4p1.org/ldapmisc.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldapmisc.c 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,79 @@
+
+#include "ldapincludes.h"
+}
+#endif
+
-diff -up openssh-5.9p0/ldapmisc.h.ldap openssh-5.9p0/ldapmisc.h
---- openssh-5.9p0/ldapmisc.h.ldap 2011-08-30 15:57:13.531150853 +0200
-+++ openssh-5.9p0/ldapmisc.h 2011-08-30 15:57:13.537153831 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ldapmisc.h openssh-8.4p1/ldapmisc.h
+--- openssh-8.4p1.org/ldapmisc.h 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ldapmisc.h 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,35 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+
+#endif /* LDAPMISC_H */
+
-diff -up openssh-5.9p0/openssh-lpk-openldap.schema.ldap openssh-5.9p0/openssh-lpk-openldap.schema
---- openssh-5.9p0/openssh-lpk-openldap.schema.ldap 2011-08-30 15:57:13.607025841 +0200
-+++ openssh-5.9p0/openssh-lpk-openldap.schema 2011-08-30 15:57:13.612150461 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/openssh-lpk-openldap.schema openssh-8.4p1/openssh-lpk-openldap.schema
+--- openssh-8.4p1.org/openssh-lpk-openldap.schema 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/openssh-lpk-openldap.schema 2021-03-01 11:29:31.280956671 +0100
@@ -0,0 +1,21 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
+ MUST ( sshPublicKey $ uid )
+ )
-diff -up openssh-5.9p0/openssh-lpk-sun.schema.ldap openssh-5.9p0/openssh-lpk-sun.schema
---- openssh-5.9p0/openssh-lpk-sun.schema.ldap 2011-08-30 15:57:13.696025724 +0200
-+++ openssh-5.9p0/openssh-lpk-sun.schema 2011-08-30 15:57:13.699024704 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/openssh-lpk-sun.schema openssh-8.4p1/openssh-lpk-sun.schema
+--- openssh-8.4p1.org/openssh-lpk-sun.schema 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/openssh-lpk-sun.schema 2021-03-01 11:29:31.284290176 +0100
@@ -0,0 +1,23 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
+ MUST ( sshPublicKey $ uid )
+ )
-diff -up openssh-5.9p0/ssh-ldap-helper.8.ldap openssh-5.9p0/ssh-ldap-helper.8
---- openssh-5.9p0/ssh-ldap-helper.8.ldap 2011-08-30 15:57:13.772026539 +0200
-+++ openssh-5.9p0/ssh-ldap-helper.8 2011-08-30 15:57:13.778026299 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ssh-ldap-helper.8 openssh-8.4p1/ssh-ldap-helper.8
+--- openssh-8.4p1.org/ssh-ldap-helper.8 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ssh-ldap-helper.8 2021-03-01 11:29:31.284290176 +0100
@@ -0,0 +1,79 @@
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\"
+OpenSSH 5.5 + PKA-LDAP .
+.Sh AUTHORS
+.An Jan F. Chadima Aq jchadima@redhat.com
-diff -up openssh-5.9p0/ssh-ldap-wrapper.ldap openssh-5.9p0/ssh-ldap-wrapper
---- openssh-5.9p0/ssh-ldap-wrapper.ldap 2011-08-30 15:57:13.854024986 +0200
-+++ openssh-5.9p0/ssh-ldap-wrapper 2011-08-30 15:57:13.858149926 +0200
+diff -urNp -x '*.orig' openssh-8.4p1.org/ssh-ldap-wrapper openssh-8.4p1/ssh-ldap-wrapper
+--- openssh-8.4p1.org/ssh-ldap-wrapper 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ssh-ldap-wrapper 2021-03-01 11:29:31.284290176 +0100
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+exec /usr/libexec/openssh/ssh-ldap-helper -s "$1"
+
-diff -up openssh-5.9p0/ssh-ldap.conf.5.ldap openssh-5.9p0/ssh-ldap.conf.5
---- openssh-5.9p0/ssh-ldap.conf.5.ldap 2011-08-30 15:57:13.934151066 +0200
-+++ openssh-5.9p0/ssh-ldap.conf.5 2011-08-30 15:57:13.942024641 +0200
-@@ -0,0 +1,376 @@
+diff -urNp -x '*.orig' openssh-8.4p1.org/ssh-ldap.conf.5 openssh-8.4p1/ssh-ldap.conf.5
+--- openssh-8.4p1.org/ssh-ldap.conf.5 1970-01-01 01:00:00.000000000 +0100
++++ openssh-8.4p1/ssh-ldap.conf.5 2021-03-01 11:29:31.284290176 +0100
+@@ -0,0 +1,379 @@
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\"
+.\" Copyright (c) 2010 Jan F. Chadima. All rights reserved.
+.It Cm SSH_Filter
+Specifies the user filter applied on the LDAP serch.
+The default is no filter.
++.It Cm AccountClass
++Specifies the LDAP class used to find user accounts.
++The default is posixAccount.
+.El
+.Sh FILES
+.Bl -tag -width Ds