source: server/common/patches/openssh-4.5p1-multihomed.patch @ 866

Last change on this file since 866 was 437, checked in by andersk, 16 years ago
Add OpenSSH multihomed patch (derived from asedeno) to enable ssh to any scripts server.
File size: 2.1 KB
  • openssh-4.5p1

    diff -ur openssh-4.5p1.orig/gss-genr.c openssh-4.5p1/gss-genr.c
    old new  
    235235ssh_gssapi_acquire_cred(Gssctxt *ctx)
    236236{
    237237        OM_uint32 status;
    238         char lname[MAXHOSTNAMELEN];
    239238        gss_OID_set oidset;
    240239
    241240        gss_create_empty_oid_set(&status, &oidset);
    242241        gss_add_oid_set_member(&status, ctx->oid, &oidset);
    243242
    244         if (gethostname(lname, MAXHOSTNAMELEN)) {
    245                 gss_release_oid_set(&status, &oidset);
    246                 return (-1);
    247         }
    248 
    249         if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
    250                 gss_release_oid_set(&status, &oidset);
    251                 return (ctx->major);
    252         }
    253 
    254243        if ((ctx->major = gss_acquire_cred(&ctx->minor,
    255244            ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
    256245                ssh_gssapi_error(ctx);
  • openssh-4.5p1

    diff -ur openssh-4.5p1.orig/gss-serv.c openssh-4.5p1/gss-serv.c
    old new  
    102102{
    103103        OM_uint32 status;
    104104        gss_OID mech;
     105        gss_name_t acceptor_name = GSS_C_NO_NAME;
     106        gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER;
    105107
    106108        ctx->major = gss_accept_sec_context(&ctx->minor,
    107109            &ctx->context, ctx->creds, recv_tok,
     
    116118        else
    117119                debug("Got no client credentials");
    118120
     121        ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL);
     122
     123        if (GSS_ERROR(ctx->major)) {
     124                ssh_gssapi_error(ctx);
     125        } else {
     126                ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL);
     127
     128                if (GSS_ERROR(ctx->major)) {
     129                        ssh_gssapi_error(ctx);
     130                } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) {
     131                        debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value);
     132                        ctx->major = GSS_S_BAD_NAME;
     133                }
     134        }
     135        gss_release_buffer(&status, &acceptor_name_buffer);
     136        gss_release_name(&status, &acceptor_name);
    119137        status = ctx->major;
    120138
    121139        /* Now, if we're complete and we have the right flags, then
Note: See TracBrowser for help on using the repository browser.