Index: server/common/patches/openssh-4.5p1-multihomed.patch =================================================================== --- server/common/patches/openssh-4.5p1-multihomed.patch (revision 437) +++ server/common/patches/openssh-4.5p1-multihomed.patch (revision 437) @@ -0,0 +1,61 @@ +diff -ur openssh-4.5p1.orig/gss-genr.c openssh-4.5p1/gss-genr.c +--- openssh-4.5p1.orig/gss-genr.c 2006-08-29 21:08:04.000000000 -0400 ++++ openssh-4.5p1/gss-genr.c 2007-09-10 16:19:50.000000000 -0400 +@@ -235,22 +235,11 @@ + ssh_gssapi_acquire_cred(Gssctxt *ctx) + { + OM_uint32 status; +- char lname[MAXHOSTNAMELEN]; + gss_OID_set oidset; + + gss_create_empty_oid_set(&status, &oidset); + gss_add_oid_set_member(&status, ctx->oid, &oidset); + +- if (gethostname(lname, MAXHOSTNAMELEN)) { +- gss_release_oid_set(&status, &oidset); +- return (-1); +- } +- +- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { +- gss_release_oid_set(&status, &oidset); +- return (ctx->major); +- } +- + if ((ctx->major = gss_acquire_cred(&ctx->minor, + ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) + ssh_gssapi_error(ctx); +diff -ur openssh-4.5p1.orig/gss-serv.c openssh-4.5p1/gss-serv.c +--- openssh-4.5p1.orig/gss-serv.c 2006-09-01 01:38:36.000000000 -0400 ++++ openssh-4.5p1/gss-serv.c 2007-09-10 16:19:50.000000000 -0400 +@@ -102,6 +102,8 @@ + { + OM_uint32 status; + gss_OID mech; ++ gss_name_t acceptor_name = GSS_C_NO_NAME; ++ gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER; + + ctx->major = gss_accept_sec_context(&ctx->minor, + &ctx->context, ctx->creds, recv_tok, +@@ -116,6 +118,22 @@ + else + debug("Got no client credentials"); + ++ ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL); ++ ++ if (GSS_ERROR(ctx->major)) { ++ ssh_gssapi_error(ctx); ++ } else { ++ ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL); ++ ++ if (GSS_ERROR(ctx->major)) { ++ ssh_gssapi_error(ctx); ++ } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) { ++ debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value); ++ ctx->major = GSS_S_BAD_NAME; ++ } ++ } ++ gss_release_buffer(&status, &acceptor_name_buffer); ++ gss_release_name(&status, &acceptor_name); + status = ctx->major; + + /* Now, if we're complete and we have the right flags, then Index: server/fedora/Makefile =================================================================== --- server/fedora/Makefile (revision 436) +++ server/fedora/Makefile (revision 437) @@ -19,5 +19,5 @@ # See /COPYRIGHT in this repository for more information. -upstream = openafs krb5 httpd mit-zephyr +upstream = openafs krb5 httpd mit-zephyr openssh oursrc = execsys tokensys accountadm httpdmods logview sql-signup allsrc = $(upstream) $(oursrc) @@ -150,12 +150,13 @@ # The following packages are needed for our packages -# basic deps: kernel-devel through krb5-workstation -# oursrc: hesinfo -# httpdmods: httpd-devel -# httpd: xmlto through distcache-devel -# krb5: bison through texinfo keyutils-libs-devel -# openafs: pam-devel through automake -# mit-zephyr: readline-devel hesiod.i386 libXt.i386 compat-readline43 +basic-deps = kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation +oursrc-deps = hesinfo +httpdmods-deps = httpd-devel +httpd-deps = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel +krb5-deps = bison ncurses-devel texinfo keyutils-libs-devel +openafs-deps = pam-devel automake +mit-zephyr-deps = readline-devel hesiod.i386 libXt.i386 #compat-readline43 +openssh-deps = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth install-deps: - yum -y install kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation hesinfo httpd-devel xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel bison ncurses-devel texinfo keyutils-libs-devel pam-devel automake readline-devel hesiod.i386 libXt.i386 + yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(mit-zephyr-deps) $(openssh-deps) rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/core/6/i386/os/Fedora/RPMS/compat-readline43-4.3-3.i386.rpm Index: server/fedora/specs/openssh.spec.patch =================================================================== --- server/fedora/specs/openssh.spec.patch (revision 437) +++ server/fedora/specs/openssh.spec.patch (revision 437) @@ -0,0 +1,18 @@ +--- openssh.spec.orig 2007-03-20 05:13:40.000000000 -0400 ++++ openssh.spec 2007-10-01 21:16:51.000000000 -0400 +@@ -90,6 +90,7 @@ + Patch48: openssh-4.3p2-pam-session.patch + Patch49: openssh-4.3p2-gssapi-canohost.patch + Patch50: openssh-4.5p1-mls.patch ++Patch1000: openssh-4.5p1-multihomed.patch + License: BSD + Group: Applications/Internet + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +@@ -217,6 +218,7 @@ + %patch48 -p1 -b .pam-sesssion + %patch49 -p1 -b .canohost + %patch50 -p1 -b .mls ++%patch1000 -p1 -b .multihomed + + autoreconf +