rpms
/
openssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix gssapi canohost patch (#863350)

This commit is contained in:
Petr Lautrbach 2012-10-31 16:48:51 +01:00
parent 20d52ca62c
commit 5c5980005f
3 changed files with 22 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
openssh-5.8p1-gssapi-canohost.patch
View File

@ -1,24 +0,0 @@
diff -up openssh-5.8p1/sshconnect2.c.canohost openssh-5.8p1/sshconnect2.c
--- openssh-5.8p1/sshconnect2.c.canohost 2011-02-14 15:15:15.000000000 +0100
+++ openssh-5.8p1/sshconnect2.c 2011-02-14 15:21:45.000000000 +0100
@@ -697,14 +697,17 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
- const char *gss_host;
+ const char *gss_host = NULL;
if (options.gss_server_identity)
gss_host = options.gss_server_identity;
else if (options.gss_trust_dns)
gss_host = get_canonical_hostname(1);
- else
- gss_host = authctxt->host;
+ else {
+ gss_host = get_canonical_hostname(1);
+ if ( strcmp( gss_host, "UNKNOWN" ) == 0 )
+ gss_host = authctxt->host;
+ }
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */

21
openssh-5.9p1-gssapi-canohost.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up openssh-5.9p1/sshconnect2.c.canohost openssh-5.9p1/sshconnect2.c
--- openssh-5.9p1/sshconnect2.c.canohost 2012-10-31 16:42:37.598288999 +0100
+++ openssh-5.9p1/sshconnect2.c 2012-10-31 16:47:40.963288964 +0100
@@ -699,12 +699,15 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
- const char *gss_host;
+ const char *gss_host = NULL;
if (options.gss_server_identity)
gss_host = options.gss_server_identity;
- else if (options.gss_trust_dns)
+ else if (options.gss_trust_dns) {
gss_host = get_canonical_hostname(1);
+ if ( strcmp( gss_host, "UNKNOWN" ) == 0 )
+ gss_host = authctxt->host;
+ }
else
gss_host = authctxt->host;

3
openssh.spec
View File

@ -209,8 +209,7 @@ Patch800: openssh-5.9p1-gsskex.patch
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Patch801: openssh-5.8p2-force_krb.patch
#?
Patch900: openssh-5.8p1-gssapi-canohost.patch
Patch900: openssh-5.9p1-gssapi-canohost.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Patch901: openssh-5.9p1-kuserok.patch
#---