source: server/common/patches/openssh-5.0p1-multihomed.patch @ 816

Last change on this file since 816 was 760, checked in by presbrey, 17 years ago
Update build system for Fedora 9
File size: 2.0 KB
RevLine 
[760]1# OpenSSH multihomed patch
2#
3# Anders Kaseorg <andersk@mit.edu>
4# ported from 4.5 to 5.0 by Joe Presbrey <presbrey@mit.edu>
5diff -ur openssh-5.0p1.orig/gss-serv.c openssh-5.0p1/gss-serv.c
6--- openssh-5.0p1.orig/gss-serv.c       2008-05-20 00:00:00.000000000 -0400
7+++ openssh-5.0p1/gss-serv.c    2008-05-20 00:00:00.000000000 -0400
8@@ -77,22 +77,11 @@
9 ssh_gssapi_acquire_cred(Gssctxt *ctx)
10 {
11        OM_uint32 status;
12-       char lname[MAXHOSTNAMELEN];
13        gss_OID_set oidset;
14 
15        gss_create_empty_oid_set(&status, &oidset);
16        gss_add_oid_set_member(&status, ctx->oid, &oidset);
17 
18-       if (gethostname(lname, MAXHOSTNAMELEN)) {
19-               gss_release_oid_set(&status, &oidset);
20-               return (-1);
21-       }
22-
23-       if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
24-               gss_release_oid_set(&status, &oidset);
25-               return (ctx->major);
26-       }
27-
28        if ((ctx->major = gss_acquire_cred(&ctx->minor,
29            ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
30                ssh_gssapi_error(ctx);
31@@ -102,6 +102,8 @@
32 {
33        OM_uint32 status;
34        gss_OID mech;
35+       gss_name_t acceptor_name = GSS_C_NO_NAME;
36+       gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER;
37 
38        ctx->major = gss_accept_sec_context(&ctx->minor,
39            &ctx->context, ctx->creds, recv_tok,
40@@ -116,6 +118,22 @@
41        else
42                debug("Got no client credentials");
43 
44+       ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL);
45+
46+       if (GSS_ERROR(ctx->major)) {
47+               ssh_gssapi_error(ctx);
48+       } else {
49+               ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL);
50+
51+               if (GSS_ERROR(ctx->major)) {
52+                       ssh_gssapi_error(ctx);
53+               } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) {
54+                       debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value);
55+                       ctx->major = GSS_S_BAD_NAME;
56+               }
57+       }
58+       gss_release_buffer(&status, &acceptor_name_buffer);
59+       gss_release_name(&status, &acceptor_name);
60        status = ctx->major;
61 
62        /* Now, if we're complete and we have the right flags, then
Note: See TracBrowser for help on using the repository browser.