[gsi-openssh/f17] Based on openssh-5.9p1-27.fc17

[Mattias Ellert]

commit 738668249a1098fdccfeefc476c6fec92ff8c9a5
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Thu Nov 1 11:11:36 2012 +0100

    Based on openssh-5.9p1-27.fc17

 gsi-openssh.spec                    |   12 +++++++-----
 openssh-5.8p1-gssapi-canohost.patch |   24 ------------------------
 openssh-5.9p1-gsissh.patch          |    2 +-
 openssh-5.9p1-gssapi-canohost.patch |   21 +++++++++++++++++++++
 4 files changed, 29 insertions(+), 30 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index b80cdcd..4acc5ee 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -32,7 +32,7 @@
 %global nologin 1
 
 %global openssh_ver 5.9p1
-%global openssh_rel 7
+%global openssh_rel 8
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
@@ -154,8 +154,7 @@ Patch800: openssh-5.9p1-gsskex.patch
 #http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
 Patch801: openssh-5.8p2-force_krb.patch
 
-#?
-Patch900: openssh-5.8p1-gssapi-canohost.patch
+Patch900: openssh-5.9p1-gssapi-canohost.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1780
 Patch901: openssh-5.9p1-kuserok.patch
 #---
@@ -373,8 +372,8 @@ fi
 	--libexecdir=%{_libexecdir}/gsissh \
 	--datadir=%{_datadir}/gsissh \
 	--with-tcp-wrappers \
-	--with-default-path=/usr/local/bin:/bin:/usr/bin \
-	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+	--with-default-path=/usr/local/bin:/usr/bin \
+	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
 	--with-privsep-path=%{_var}/empty/gsisshd \
 	--enable-vendor-patchlevel="FC-%{version}-%{release}" \
 	--disable-strip \
@@ -551,6 +550,9 @@ fi
 %attr(0644,root,root) %{_unitdir}/gsisshd.service
 
 %changelog
+* Thu Nov 01 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-8
+- Based on openssh-5.9p1-27.fc17
+
 * Mon Aug 13 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-7
 - Based on openssh-5.9p1-26.fc17
 
diff --git a/openssh-5.9p1-gsissh.patch b/openssh-5.9p1-gsissh.patch
index 745255d..e947dfe 100644
--- a/openssh-5.9p1-gsissh.patch
+++ b/openssh-5.9p1-gsissh.patch
@@ -2068,7 +2068,7 @@ diff -Nur openssh-5.9p1.orig/sshconnect2.c openssh-5.9p1/sshconnect2.c
 +
  	if (options.gss_server_identity)
  		gss_host = options.gss_server_identity;
- 	else if (options.gss_trust_dns)
+ 	else if (options.gss_trust_dns) {
 @@ -935,6 +940,15 @@
  	xfree(lang);
  }
diff --git a/openssh-5.9p1-gssapi-canohost.patch b/openssh-5.9p1-gssapi-canohost.patch
new file mode 100644
index 0000000..3252582
--- /dev/null
+++ b/openssh-5.9p1-gssapi-canohost.patch
@@ -0,0 +1,21 @@
+diff -up openssh-5.9p1/sshconnect2.c.canohost openssh-5.9p1/sshconnect2.c
+--- openssh-5.9p1/sshconnect2.c.canohost	2012-10-31 16:42:37.598288999 +0100
++++ openssh-5.9p1/sshconnect2.c	2012-10-31 16:47:40.963288964 +0100
+@@ -699,12 +699,15 @@ userauth_gssapi(Authctxt *authctxt)
+ 	static u_int mech = 0;
+ 	OM_uint32 min;
+ 	int ok = 0;
+-	const char *gss_host;
++	const char *gss_host = NULL;
+ 
+ 	if (options.gss_server_identity)
+ 		gss_host = options.gss_server_identity;
+-	else if (options.gss_trust_dns)
++	else if (options.gss_trust_dns) {
+ 		gss_host = get_canonical_hostname(1);
++		if ( strcmp( gss_host, "UNKNOWN" )  == 0 )
++			gss_host = authctxt->host;
++	}
+ 	else
+ 		gss_host = authctxt->host;
+