source:
branches/fc13-dev/server/common/patches/openssh-5.0p1-multihomed.patch
@
1626
Last change on this file since 1626 was 1626, checked in by ezyang, 14 years ago | |
---|---|
File size: 2.1 KB |
-
openssh-5.0p1
# OpenSSH multihomed patch # # Anders Kaseorg <andersk@mit.edu> # ported from 4.5 to 5.0 by Joe Presbrey <presbrey@mit.edu> diff -ur openssh-5.0p1.orig/gss-serv.c openssh-5.0p1/gss-serv.c
old new 83 83 ssh_gssapi_acquire_cred(Gssctxt *ctx) 84 84 { 85 85 OM_uint32 status; 86 char lname[MAXHOSTNAMELEN];87 86 gss_OID_set oidset; 88 87 89 88 if (options.gss_strict_acceptor) { 90 89 gss_create_empty_oid_set(&status, &oidset); 91 90 gss_add_oid_set_member(&status, ctx->oid, &oidset); 92 91 93 if (gethostname(lname, MAXHOSTNAMELEN)) {94 gss_release_oid_set(&status, &oidset);95 return (-1);96 }97 98 if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {99 gss_release_oid_set(&status, &oidset);100 return (ctx->major);101 }102 103 92 if ((ctx->major = gss_acquire_cred(&ctx->minor, 104 93 ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, 105 94 NULL, NULL))) … … 102 102 { 103 103 OM_uint32 status; 104 104 gss_OID mech; 105 gss_name_t acceptor_name = GSS_C_NO_NAME; 106 gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER; 105 107 106 108 ctx->major = gss_accept_sec_context(&ctx->minor, 107 109 &ctx->context, ctx->creds, recv_tok, … … 116 118 else 117 119 debug("Got no client credentials"); 118 120 121 ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL); 122 123 if (GSS_ERROR(ctx->major)) { 124 ssh_gssapi_error(ctx); 125 } else { 126 ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL); 127 128 if (GSS_ERROR(ctx->major)) { 129 ssh_gssapi_error(ctx); 130 } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) { 131 debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value); 132 ctx->major = GSS_S_BAD_NAME; 133 } 134 } 135 gss_release_buffer(&status, &acceptor_name_buffer); 136 gss_release_name(&status, &acceptor_name); 119 137 status = ctx->major; 120 138 121 139 /* Now, if we're complete and we have the right flags, then
Note: See TracBrowser
for help on using the repository browser.