Patch to make sshd work on multihomed systems

Steven Michaud smichaud at pobox.com
Fri Oct 31 09:14:13 EST 2003


Someone pointed out (thanks!) that I made a careless mistake in my
patch.  Here's a corrected version.  And sorry for the confusion!

diff -u -r src.old/auth-krb5.c src/auth-krb5.c
--- src.old/auth-krb5.c	Thu Oct 30 16:05:59 2003
+++ src/auth-krb5.c	Thu Oct 30 16:05:57 2003
@@ -34,6 +34,7 @@
 #include "ssh1.h"
 #include "packet.h"
 #include "xmalloc.h"
+#include "canohost.h"
 #include "log.h"
 #include "servconf.h"
 #include "uidswap.h"
@@ -71,12 +72,23 @@
 #endif
 	krb5_error_code problem;
 	krb5_ccache ccache = NULL;
+	char localname[MAXHOSTNAMELEN];
+	char *socketname;

 	if (authctxt->pw == NULL)
 		return (0);

 	temporarily_use_uid(authctxt->pw);

+	socketname = get_local_name(packet_get_connection_in());
+	if (socketname) {
+		strlcpy(localname, socketname, MAXHOSTNAMELEN);
+		xfree(socketname);
+	} else if (gethostname(localname, MAXHOSTNAMELEN)) {
+		problem = -1;
+		goto out;
+	}
+
 	problem = krb5_init(authctxt);
 	if (problem)
 		goto out;
@@ -123,7 +135,7 @@
 	if (problem)
 		goto out;

-	problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
+	problem = krb5_sname_to_principal(authctxt->krb5_ctx, localname, NULL,
 	    KRB5_NT_SRV_HST, &server);
 	if (problem)
 		goto out;
diff -u -r src.old/gss-genr.c src/gss-genr.c
--- src.old/gss-genr.c	Thu Oct 30 16:05:59 2003
+++ src/gss-genr.c	Thu Oct 30 16:05:58 2003
@@ -30,6 +30,7 @@

 #include "xmalloc.h"
 #include "bufaux.h"
+#include "canohost.h"
 #include "compat.h"
 #include "log.h"
 #include "monitor_wrap.h"
@@ -226,12 +227,18 @@
 	OM_uint32 status;
 	char lname[MAXHOSTNAMELEN];
 	gss_OID_set oidset;
+	char *pname;

 	gss_create_empty_oid_set(&status, &oidset);
 	gss_add_oid_set_member(&status, ctx->oid, &oidset);

-	if (gethostname(lname, MAXHOSTNAMELEN))
+	pname = get_local_name(packet_get_connection_in());
+	if (pname) {
+		strlcpy(lname, pname, MAXHOSTNAMELEN);
+		xfree(pname);
+	} else if (gethostname(lname, MAXHOSTNAMELEN)) {
 		return (-1);
+	}

 	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname)))
 		return (ctx->major);
diff -u -r src.old/session.c src/session.c
--- src.old/session.c	Thu Oct 30 16:06:00 2003
+++ src/session.c	Thu Oct 30 16:05:58 2003
@@ -2060,6 +2060,7 @@
 	struct stat st;
 	char display[512], auth_display[512];
 	char hostname[MAXHOSTNAMELEN];
+	char *pname;

 	if (no_x11_forwarding_flag) {
 		packet_send_debug("X11 forwarding disabled in user configuration file.");
@@ -2091,8 +2092,13 @@
 	}

 	/* Set up a suitable value for the DISPLAY variable. */
-	if (gethostname(hostname, sizeof(hostname)) < 0)
+	pname = get_local_name(packet_get_connection_in());
+	if (pname) {
+		strlcpy(hostname, pname, sizeof(hostname));
+		xfree(pname);
+	} else if (gethostname(hostname, sizeof(hostname))) {
 		fatal("gethostname: %.100s", strerror(errno));
+	}
 	/*
 	 * auth_display must be used as the displayname when the
 	 * authorization entry is added with xauth(1).  This will be




More information about the openssh-unix-dev mailing list