rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

- fix gssapi auth with explicit selinux role requested (#427303) - patch by

Browse Source 
Nalin Dahyabhai
This commit is contained in:
Tomáš Mráz 2008-01-03 17:45:59 +00:00
parent 3457e3e00f
commit 993dd1a3db
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
openssh-4.7p1-gssapi-role.patch Normal file
View File

@ -0,0 +1,34 @@
Written-by: Nalin Dahyabhai <nalin@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@redhat.com>
--- auth2-gss.c 2008-01-02 16:34:03.000000000 -0500
+++ auth2-gss.c 2008-01-02 16:33:19.000000000 -0500
@@ -258,6 +258,7 @@
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
int authenticated = 0;
+ char *micuser;
Buffer b;
gss_buffer_desc mic, gssbuf;
u_int len;
@@ -270,7 +271,11 @@
mic.value = packet_get_string(&len);
mic.length = len;
- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
+ if (authctxt->role && (strlen(authctxt->role) > 0))
+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
+ else
+ micuser = authctxt->user;
+ ssh_gssapi_buildmic(&b, micuser, authctxt->service,
"gssapi-with-mic");
gssbuf.value = buffer_ptr(&b);
@@ -285,6 +290,8 @@
}
buffer_free(&b);
+ if (micuser != authctxt->user)
+ xfree(micuser);
xfree(mic.value);
authctxt->postponed = 0;

8
openssh.spec
View File

@ -63,7 +63,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
Name: openssh Name: openssh
Version: 4.7p1 Version: 4.7p1
Release: 6%{?dist}%{?rescue_rel} Release: 7%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@ -96,6 +96,7 @@ Patch49: openssh-4.3p2-gssapi-canohost.patch
Patch51: openssh-4.7p1-nss-keys.patch Patch51: openssh-4.7p1-nss-keys.patch
Patch52: openssh-4.7p1-sftp-drain-acks.patch Patch52: openssh-4.7p1-sftp-drain-acks.patch
Patch53: openssh-4.7p1-revert-wsize.patch Patch53: openssh-4.7p1-revert-wsize.patch
Patch54: openssh-4.7p1-gssapi-role.patch
License: BSD License: BSD
Group: Applications/Internet Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -230,6 +231,7 @@ an X11 passphrase dialog for OpenSSH.
%patch51 -p1 -b .nss-keys %patch51 -p1 -b .nss-keys
%patch52 -p1 -b .drain-acks %patch52 -p1 -b .drain-acks
%patch53 -p1 -b .revert-wsize %patch53 -p1 -b .revert-wsize
%patch54 -p0 -b .gssapi-role
autoreconf autoreconf
@ -480,6 +482,10 @@ fi
%endif %endif
%changelog %changelog
* Thu Jan 3 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-7
- fix gssapi auth with explicit selinux role requested (#427303) - patch
by Nalin Dahyabhai
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6 * Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
- explicitly source krb5-devel profile script - explicitly source krb5-devel profile script