forked from rpms/openssh
- fix gssapi auth with explicit selinux role requested (#427303) - patch by
Nalin Dahyabhai
This commit is contained in:
Tomáš Mráz
parent
3457e3e00f
commit
993dd1a3db
34
openssh-4.7p1-gssapi-role.patch
Normal file
34
openssh-4.7p1-gssapi-role.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
Written-by: Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
Reviewed-by: Tomas Mraz <tmraz@redhat.com>
|
||||||
|
--- auth2-gss.c 2008-01-02 16:34:03.000000000 -0500
|
||||||
|
+++ auth2-gss.c 2008-01-02 16:33:19.000000000 -0500
|
||||||
|
@@ -258,6 +258,7 @@
|
||||||
|
Authctxt *authctxt = ctxt;
|
||||||
|
Gssctxt *gssctxt;
|
||||||
|
int authenticated = 0;
|
||||||
|
+ char *micuser;
|
||||||
|
Buffer b;
|
||||||
|
gss_buffer_desc mic, gssbuf;
|
||||||
|
u_int len;
|
||||||
|
@@ -270,7 +271,11 @@
|
||||||
|
mic.value = packet_get_string(&len);
|
||||||
|
mic.length = len;
|
||||||
|
|
||||||
|
- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
|
||||||
|
+ if (authctxt->role && (strlen(authctxt->role) > 0))
|
||||||
|
+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
|
||||||
|
+ else
|
||||||
|
+ micuser = authctxt->user;
|
||||||
|
+ ssh_gssapi_buildmic(&b, micuser, authctxt->service,
|
||||||
|
"gssapi-with-mic");
|
||||||
|
|
||||||
|
gssbuf.value = buffer_ptr(&b);
|
||||||
|
@@ -285,6 +290,8 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
buffer_free(&b);
|
||||||
|
+ if (micuser != authctxt->user)
|
||||||
|
+ xfree(micuser);
|
||||||
|
xfree(mic.value);
|
||||||
|
|
||||||
|
authctxt->postponed = 0;
|
||||||
@ -63,7 +63,7 @@
|
|||||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: 4.7p1
|
Version: 4.7p1
|
||||||
Release: 6%{?dist}%{?rescue_rel}
|
Release: 7%{?dist}%{?rescue_rel}
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
||||||
@ -96,6 +96,7 @@ Patch49: openssh-4.3p2-gssapi-canohost.patch
|
|||||||
Patch51: openssh-4.7p1-nss-keys.patch
|
Patch51: openssh-4.7p1-nss-keys.patch
|
||||||
Patch52: openssh-4.7p1-sftp-drain-acks.patch
|
Patch52: openssh-4.7p1-sftp-drain-acks.patch
|
||||||
Patch53: openssh-4.7p1-revert-wsize.patch
|
Patch53: openssh-4.7p1-revert-wsize.patch
|
||||||
|
Patch54: openssh-4.7p1-gssapi-role.patch
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
@ -230,6 +231,7 @@ an X11 passphrase dialog for OpenSSH.
|
|||||||
%patch51 -p1 -b .nss-keys
|
%patch51 -p1 -b .nss-keys
|
||||||
%patch52 -p1 -b .drain-acks
|
%patch52 -p1 -b .drain-acks
|
||||||
%patch53 -p1 -b .revert-wsize
|
%patch53 -p1 -b .revert-wsize
|
||||||
|
%patch54 -p0 -b .gssapi-role
|
||||||
|
|
||||||
autoreconf
|
autoreconf
|
||||||
|
|
||||||
@ -480,6 +482,10 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 3 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-7
|
||||||
|
- fix gssapi auth with explicit selinux role requested (#427303) - patch
|
||||||
|
by Nalin Dahyabhai
|
||||||
|
|
||||||
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
|
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
|
||||||
- explicitly source krb5-devel profile script
|
- explicitly source krb5-devel profile script
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user