Index: branches/fc13-dev/server/common/patches/openssh-5.0p1-multihomed.patch =================================================================== --- branches/fc13-dev/server/common/patches/openssh-5.0p1-multihomed.patch (revision 1626) +++ (revision ) @@ -1,63 +1,0 @@ -# OpenSSH multihomed patch -# -# Anders Kaseorg -# ported from 4.5 to 5.0 by Joe Presbrey -diff -ur openssh-5.0p1.orig/gss-serv.c openssh-5.0p1/gss-serv.c ---- openssh-5.0p1.orig/gss-serv.c 2008-05-20 00:00:00.000000000 -0400 -+++ openssh-5.0p1/gss-serv.c 2008-05-20 00:00:00.000000000 -0400 -@@ -83,23 +83,12 @@ - ssh_gssapi_acquire_cred(Gssctxt *ctx) - { - OM_uint32 status; -- char lname[MAXHOSTNAMELEN]; - gss_OID_set oidset; - - if (options.gss_strict_acceptor) { - gss_create_empty_oid_set(&status, &oidset); - gss_add_oid_set_member(&status, ctx->oid, &oidset); - -- if (gethostname(lname, MAXHOSTNAMELEN)) { -- gss_release_oid_set(&status, &oidset); -- return (-1); -- } -- -- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { -- gss_release_oid_set(&status, &oidset); -- return (ctx->major); -- } -- - if ((ctx->major = gss_acquire_cred(&ctx->minor, - ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, - NULL, NULL))) -@@ -102,6 +102,8 @@ - { - OM_uint32 status; - gss_OID mech; -+ gss_name_t acceptor_name = GSS_C_NO_NAME; -+ gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER; - - ctx->major = gss_accept_sec_context(&ctx->minor, - &ctx->context, ctx->creds, recv_tok, -@@ -116,6 +118,22 @@ - else - debug("Got no client credentials"); - -+ ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL); -+ -+ if (GSS_ERROR(ctx->major)) { -+ ssh_gssapi_error(ctx); -+ } else { -+ ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL); -+ -+ if (GSS_ERROR(ctx->major)) { -+ ssh_gssapi_error(ctx); -+ } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) { -+ debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value); -+ ctx->major = GSS_S_BAD_NAME; -+ } -+ } -+ gss_release_buffer(&status, &acceptor_name_buffer); -+ gss_release_name(&status, &acceptor_name); - status = ctx->major; - - /* Now, if we're complete and we have the right flags, then Index: branches/fc13-dev/server/fedora/config/etc/ssh/sshd_config =================================================================== --- branches/fc13-dev/server/fedora/config/etc/ssh/sshd_config (revision 1626) +++ branches/fc13-dev/server/fedora/config/etc/ssh/sshd_config (revision 1627) @@ -5,4 +5,5 @@ GSSAPIAuthentication yes GSSAPICleanupCredentials yes +GSSAPIStrictAcceptorCheck no UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES Index: branches/fc13-dev/server/fedora/specs/openssh.spec.patch =================================================================== --- branches/fc13-dev/server/fedora/specs/openssh.spec.patch (revision 1626) +++ branches/fc13-dev/server/fedora/specs/openssh.spec.patch (revision 1627) @@ -10,9 +10,8 @@ #URL1: http://pamsshagentauth.sourceforge.net #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz -@@ -88,6 +88,8 @@ +@@ -88,6 +88,7 @@ Source3: sshd.init Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2 Source5: pam_ssh_agent-rmheaders -+Patch1000: openssh-5.0p1-multihomed.patch +Patch1001: openssh-4.7p1-gssapi-name-in-env.patch Patch0: openssh-5.4p1-redhat.patch @@ -27,9 +26,8 @@ %package askpass Summary: A passphrase dialog for OpenSSH and X -@@ -267,6 +270,9 @@ +@@ -267,6 +270,8 @@ %patch75 -p1 -b .dso %patch76 -p1 -b .bz595935 -+%patch1000 -p1 -b .multihomed +%patch1001 -p1 -b .gssapi-env +