rpms/openssh/F-12 openssh-4.3p2-gssapi-canohost.patch, 1.1, 1.2 openssh.spec, 1.171, 1.172
Jan F. Chadima
jfch2222 at fedoraproject.org
Mon Nov 2 12:56:26 UTC 2009
- Previous message: rpms/ipmitool/devel ipmitool-1.8.10-ipmievd-condrestart.patch, NONE, 1.1 ipmitool.spec, 1.6, 1.7
- Next message: rpms/xfce4-power-manager/devel .cvsignore, 1.14, 1.15 sources, 1.14, 1.15 xfce4-power-manager.spec, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29262
Modified Files:
openssh-4.3p2-gssapi-canohost.patch openssh.spec
Log Message:
Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy
openssh-4.3p2-gssapi-canohost.patch:
sshconnect2.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
Index: openssh-4.3p2-gssapi-canohost.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh-4.3p2-gssapi-canohost.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- openssh-4.3p2-gssapi-canohost.patch 30 Nov 2006 10:50:12 -0000 1.1
+++ openssh-4.3p2-gssapi-canohost.patch 2 Nov 2009 12:56:25 -0000 1.2
@@ -1,22 +1,20 @@
-Symptom: intermittent errors on GSSAPI authentication vs
-machines on DNS loadbalancer, stupid client message "Generic Error",
-server-side debug complains about unknown principal.
-
-Comes from the fact that we resolve the generic DNS name once for
-the connection, then again for getting the GSSAPI/Kerberos service
-ticket. So the service ticket may be for a different host, if
-the DNS alias switches in between the two resolves.
---- openssh-4.3p2/sshconnect2.c.gss-canohost 2006-11-28 21:58:03.000000000 +0100
-+++ openssh-4.3p2/sshconnect2.c 2006-11-30 11:33:14.000000000 +0100
-@@ -485,6 +485,7 @@
+diff -up openssh-5.3p1/sshconnect2.c.canohost openssh-5.3p1/sshconnect2.c
+--- openssh-5.3p1/sshconnect2.c.canohost 2009-03-05 14:58:22.000000000 +0100
++++ openssh-5.3p1/sshconnect2.c 2009-11-02 11:55:00.000000000 +0100
+@@ -542,6 +542,12 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
-+ const char* remotehost = get_canonical_hostname(1);
++ char* remotehost = NULL;
++ const char* canonicalhost = get_canonical_hostname(1);
++ if ( strcmp( canonicalhost, "UNKNOWN" ) == 0 )
++ remotehost = authctxt->host;
++ else
++ remotehost = canonicalhost;
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */
-@@ -497,7 +498,7 @@
+@@ -554,7 +560,7 @@ userauth_gssapi(Authctxt *authctxt)
/* My DER encoding requires length<128 */
if (gss_supported->elements[mech].length < 128 &&
ssh_gssapi_check_mechanism(&gssctxt,
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh.spec,v
retrieving revision 1.171
retrieving revision 1.172
diff -u -p -r1.171 -r1.172
--- openssh.spec 29 Oct 2009 12:19:37 -0000 1.171
+++ openssh.spec 2 Nov 2009 12:56:26 -0000 1.172
@@ -63,7 +63,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.2p1
-Release: 30%{?dist}%{?rescue_rel}
+Release: 31%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -466,6 +466,9 @@ fi
%endif
%changelog
+* Mon Nov 2 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-31
+- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
+
* Thu Oct 29 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-30
- Modify the init script to prevent it to hang during generating the keys (#515145)
- Previous message: rpms/ipmitool/devel ipmitool-1.8.10-ipmievd-condrestart.patch, NONE, 1.1 ipmitool.spec, 1.6, 1.7
- Next message: rpms/xfce4-power-manager/devel .cvsignore, 1.14, 1.15 sources, 1.14, 1.15 xfce4-power-manager.spec, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list