rpms
/
openssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix gssapi canohost patch (#863350)

This commit is contained in:
Petr Lautrbach 2012-10-30 11:06:45 +01:00
parent af2ebf77dc
commit 52c8eca4d9
3 changed files with 22 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
openssh-5.8p1-gssapi-canohost.patch
View File

@ -1,24 +0,0 @@
diff -up openssh-5.8p1/sshconnect2.c.canohost openssh-5.8p1/sshconnect2.c
--- openssh-5.8p1/sshconnect2.c.canohost 2011-02-14 15:15:15.000000000 +0100
+++ openssh-5.8p1/sshconnect2.c 2011-02-14 15:21:45.000000000 +0100
@@ -697,14 +697,17 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
- const char *gss_host;
+ const char *gss_host = NULL;
if (options.gss_server_identity)
gss_host = options.gss_server_identity;
else if (options.gss_trust_dns)
gss_host = get_canonical_hostname(1);
- else
- gss_host = authctxt->host;
+ else {
+ gss_host = get_canonical_hostname(1);
+ if ( strcmp( gss_host, "UNKNOWN" ) == 0 )
+ gss_host = authctxt->host;
+ }
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */

21
openssh-6.1p1-gssapi-canohost.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up openssh-6.1p1/sshconnect2.c.canohost openssh-6.1p1/sshconnect2.c
--- openssh-6.1p1/sshconnect2.c.canohost 2012-10-30 10:52:59.593301692 +0100
+++ openssh-6.1p1/sshconnect2.c 2012-10-30 11:01:12.870301632 +0100
@@ -699,12 +699,15 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
- const char *gss_host;
+ const char *gss_host = NULL;
if (options.gss_server_identity)
gss_host = options.gss_server_identity;
- else if (options.gss_trust_dns)
+ else if (options.gss_trust_dns) {
gss_host = get_canonical_hostname(1);
+ if ( strcmp( gss_host, "UNKNOWN" ) == 0 )
+ gss_host = authctxt->host;
+ }
else
gss_host = authctxt->host;

4
openssh.spec
View File

@ -204,9 +204,7 @@ Patch713: openssh-5.9p1-ctr-cavstest.patch
Patch800: openssh-6.1p1-gsskex.patch
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Patch801: openssh-5.8p2-force_krb.patch
#?
Patch900: openssh-5.8p1-gssapi-canohost.patch
Patch900: openssh-6.1p1-gssapi-canohost.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Patch901: openssh-6.1p1-kuserok.patch
#---