rpms/openssh/devel openssh-4.3p2-gssapi-canohost.patch, 1.1, 1.2 openssh.spec, 1.176, 1.177
Jan F. Chadima
jfch2222 at fedoraproject.org
Mon Nov 2 11:29:50 UTC 2009
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2465
Modified Files:
openssh-4.3p2-gssapi-canohost.patch openssh.spec
Log Message:
Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy
openssh-4.3p2-gssapi-canohost.patch:
sshconnect2.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
Index: openssh-4.3p2-gssapi-canohost.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-4.3p2-gssapi-canohost.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- openssh-4.3p2-gssapi-canohost.patch 30 Nov 2006 10:50:12 -0000 1.1
+++ openssh-4.3p2-gssapi-canohost.patch 2 Nov 2009 11:29:47 -0000 1.2
@@ -1,22 +1,20 @@
-Symptom: intermittent errors on GSSAPI authentication vs
-machines on DNS loadbalancer, stupid client message "Generic Error",
-server-side debug complains about unknown principal.
-
-Comes from the fact that we resolve the generic DNS name once for
-the connection, then again for getting the GSSAPI/Kerberos service
-ticket. So the service ticket may be for a different host, if
-the DNS alias switches in between the two resolves.
---- openssh-4.3p2/sshconnect2.c.gss-canohost 2006-11-28 21:58:03.000000000 +0100
-+++ openssh-4.3p2/sshconnect2.c 2006-11-30 11:33:14.000000000 +0100
-@@ -485,6 +485,7 @@
+diff -up openssh-5.3p1/sshconnect2.c.canohost openssh-5.3p1/sshconnect2.c
+--- openssh-5.3p1/sshconnect2.c.canohost 2009-03-05 14:58:22.000000000 +0100
++++ openssh-5.3p1/sshconnect2.c 2009-11-02 11:55:00.000000000 +0100
+@@ -542,6 +542,12 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
-+ const char* remotehost = get_canonical_hostname(1);
++ char* remotehost = NULL;
++ const char* canonicalhost = get_canonical_hostname(1);
++ if ( strcmp( canonicalhost, "UNKNOWN" ) == 0 )
++ remotehost = authctxt->host;
++ else
++ remotehost = canonicalhost;
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */
-@@ -497,7 +498,7 @@
+@@ -554,7 +560,7 @@ userauth_gssapi(Authctxt *authctxt)
/* My DER encoding requires length<128 */
if (gss_supported->elements[mech].length < 128 &&
ssh_gssapi_check_mechanism(&gssctxt,
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.176
retrieving revision 1.177
diff -u -p -r1.176 -r1.177
--- openssh.spec 29 Oct 2009 09:30:48 -0000 1.176
+++ openssh.spec 2 Nov 2009 11:29:48 -0000 1.177
@@ -69,7 +69,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.3p1
-Release: 6%{?dist}%{?rescue_rel}
+Release: 7%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#URL1: http://pamsshauth.sourceforge.net
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -521,6 +521,9 @@ fi
%endif
%changelog
+* Mon Nov 2 2009 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-7
+- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
+
* Thu Oct 29 2009 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-6
- Modify the init script to prevent it to hang during generating the keys (#515145)
More information about the fedora-extras-commits
mailing list