rpms/openssh/F-12 openssh-4.3p2-gssapi-canohost.patch, 1.1, 1.2 openssh.spec, 1.171, 1.172

Mon Nov 2 12:56:26 UTC 2009

Author: jfch2222

Update of /cvs/pkgs/rpms/openssh/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29262

Modified Files:
	openssh-4.3p2-gssapi-canohost.patch openssh.spec 
Log Message:
Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy


openssh-4.3p2-gssapi-canohost.patch:
 sshconnect2.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Index: openssh-4.3p2-gssapi-canohost.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh-4.3p2-gssapi-canohost.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2

--- openssh-4.3p2-gssapi-canohost.patch	30 Nov 2006 10:50:12 -0000	1.1
+++ openssh-4.3p2-gssapi-canohost.patch	2 Nov 2009 12:56:25 -0000	1.2
@@ -1,22 +1,20 @@
-Symptom: intermittent errors on GSSAPI authentication vs 
-machines on DNS loadbalancer, stupid client message "Generic Error",
-server-side debug complains about unknown principal.
-
-Comes from the fact that we resolve the generic DNS name once for
-the connection, then again for getting the GSSAPI/Kerberos service
-ticket. So the service ticket may be for a different host, if
-the DNS alias switches in between the two resolves.
---- openssh-4.3p2/sshconnect2.c.gss-canohost	2006-11-28 21:58:03.000000000 +0100
-+++ openssh-4.3p2/sshconnect2.c	2006-11-30 11:33:14.000000000 +0100
-@@ -485,6 +485,7 @@
+diff -up openssh-5.3p1/sshconnect2.c.canohost openssh-5.3p1/sshconnect2.c
+--- openssh-5.3p1/sshconnect2.c.canohost	2009-03-05 14:58:22.000000000 +0100
++++ openssh-5.3p1/sshconnect2.c	2009-11-02 11:55:00.000000000 +0100
+@@ -542,6 +542,12 @@ userauth_gssapi(Authctxt *authctxt)
  	static u_int mech = 0;
  	OM_uint32 min;
  	int ok = 0;
-+	const char* remotehost = get_canonical_hostname(1);
++	char* remotehost = NULL;
++	const char* canonicalhost = get_canonical_hostname(1);
++	if ( strcmp( canonicalhost, "UNKNOWN" )  == 0 )
++		remotehost = authctxt->host;
++	else
++		remotehost = canonicalhost;
  
  	/* Try one GSSAPI method at a time, rather than sending them all at
  	 * once. */
-@@ -497,7 +498,7 @@
+@@ -554,7 +560,7 @@ userauth_gssapi(Authctxt *authctxt)
  		/* My DER encoding requires length<128 */
  		if (gss_supported->elements[mech].length < 128 &&
  		    ssh_gssapi_check_mechanism(&gssctxt, 


Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh.spec,v
retrieving revision 1.171
retrieving revision 1.172
diff -u -p -r1.171 -r1.172
--- openssh.spec	29 Oct 2009 12:19:37 -0000	1.171
+++ openssh.spec	2 Nov 2009 12:56:26 -0000	1.172
@@ -63,7 +63,7 @@
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 5.2p1
-Release: 30%{?dist}%{?rescue_rel}
+Release: 31%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -466,6 +466,9 @@ fi
 %endif
 
 %changelog
+* Mon Nov  2 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-31
+- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
+
 * Thu Oct 29 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-30
 - Modify the init script to prevent it to hang during generating the keys (#515145)
 


