source: branches/fc13-dev/server/common/patches/openssh-5.0p1-multihomed.patch @ 1626

Last change on this file since 1626 was 1626, checked in by ezyang, 14 years ago
Update SSH multihomed patch for F13, remove old 4.5p1 multihomed patch.
File size: 2.1 KB

  • openssh-5.0p1 

    # OpenSSH multihomed patch
#
# Anders Kaseorg <andersk@mit.edu>
# ported from 4.5 to 5.0 by Joe Presbrey <presbrey@mit.edu>
diff -ur openssh-5.0p1.orig/gss-serv.c openssh-5.0p1/gss-serv.c
    old new  
    8383ssh_gssapi_acquire_cred(Gssctxt *ctx)
    8484{
    8585        OM_uint32 status;
    86         char lname[MAXHOSTNAMELEN];
    8786        gss_OID_set oidset;
    8887
    8988        if (options.gss_strict_acceptor) {
    9089                gss_create_empty_oid_set(&status, &oidset);
    9190                gss_add_oid_set_member(&status, ctx->oid, &oidset);
    9291
    93                 if (gethostname(lname, MAXHOSTNAMELEN)) {
    94                         gss_release_oid_set(&status, &oidset);
    95                         return (-1);
    96                 }
    97 
    98                 if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
    99                         gss_release_oid_set(&status, &oidset);
    100                         return (ctx->major);
    101                 }
    102 
    10392                if ((ctx->major = gss_acquire_cred(&ctx->minor,
    10493                    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
    10594                    NULL, NULL)))
     
    102102{
    103103        OM_uint32 status;
    104104        gss_OID mech;
     105        gss_name_t acceptor_name = GSS_C_NO_NAME;
     106        gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER;
    105107
    106108        ctx->major = gss_accept_sec_context(&ctx->minor,
    107109            &ctx->context, ctx->creds, recv_tok,
     
    116118        else
    117119                debug("Got no client credentials");
    118120
     121        ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL);
     122
     123        if (GSS_ERROR(ctx->major)) {
     124                ssh_gssapi_error(ctx);
     125        } else {
     126                ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL);
     127
     128                if (GSS_ERROR(ctx->major)) {
     129                        ssh_gssapi_error(ctx);
     130                } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) {
     131                        debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value);
     132                        ctx->major = GSS_S_BAD_NAME;
     133                }
     134        }
     135        gss_release_buffer(&status, &acceptor_name_buffer);
     136        gss_release_name(&status, &acceptor_name);
    119137        status = ctx->major;
    120138
    121139        /* Now, if we're complete and we have the right flags, then
Note: See TracBrowser for help on using the repository browser.