source: server/common/patches/openssh-4.5p1-multihomed.patch @ 584

Last change on this file since 584 was 437, checked in by andersk, 18 years ago
Add OpenSSH multihomed patch (derived from asedeno) to enable ssh to any scripts server.
File size: 2.1 KB
RevLine 
[437]1diff -ur openssh-4.5p1.orig/gss-genr.c openssh-4.5p1/gss-genr.c
2--- openssh-4.5p1.orig/gss-genr.c       2006-08-29 21:08:04.000000000 -0400
3+++ openssh-4.5p1/gss-genr.c    2007-09-10 16:19:50.000000000 -0400
4@@ -235,22 +235,11 @@
5 ssh_gssapi_acquire_cred(Gssctxt *ctx)
6 {
7        OM_uint32 status;
8-       char lname[MAXHOSTNAMELEN];
9        gss_OID_set oidset;
10 
11        gss_create_empty_oid_set(&status, &oidset);
12        gss_add_oid_set_member(&status, ctx->oid, &oidset);
13 
14-       if (gethostname(lname, MAXHOSTNAMELEN)) {
15-               gss_release_oid_set(&status, &oidset);
16-               return (-1);
17-       }
18-
19-       if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
20-               gss_release_oid_set(&status, &oidset);
21-               return (ctx->major);
22-       }
23-
24        if ((ctx->major = gss_acquire_cred(&ctx->minor,
25            ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
26                ssh_gssapi_error(ctx);
27diff -ur openssh-4.5p1.orig/gss-serv.c openssh-4.5p1/gss-serv.c
28--- openssh-4.5p1.orig/gss-serv.c       2006-09-01 01:38:36.000000000 -0400
29+++ openssh-4.5p1/gss-serv.c    2007-09-10 16:19:50.000000000 -0400
30@@ -102,6 +102,8 @@
31 {
32        OM_uint32 status;
33        gss_OID mech;
34+       gss_name_t acceptor_name = GSS_C_NO_NAME;
35+       gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER;
36 
37        ctx->major = gss_accept_sec_context(&ctx->minor,
38            &ctx->context, ctx->creds, recv_tok,
39@@ -116,6 +118,22 @@
40        else
41                debug("Got no client credentials");
42 
43+       ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL);
44+
45+       if (GSS_ERROR(ctx->major)) {
46+               ssh_gssapi_error(ctx);
47+       } else {
48+               ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL);
49+
50+               if (GSS_ERROR(ctx->major)) {
51+                       ssh_gssapi_error(ctx);
52+               } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) {
53+                       debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value);
54+                       ctx->major = GSS_S_BAD_NAME;
55+               }
56+       }
57+       gss_release_buffer(&status, &acceptor_name_buffer);
58+       gss_release_name(&status, &acceptor_name);
59        status = ctx->major;
60 
61        /* Now, if we're complete and we have the right flags, then
Note: See TracBrowser for help on using the repository browser.