--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/005-openssh_krb5_build_fix.patch Fri Mar 13 17:05:08 2015 -0700
@@ -0,0 +1,102 @@
+#
+# This is to work around an unresloved symbol problem with the Kerberos
+# build option. Unlike MIT Kerberos, the gss_krb5_copy_ccache() function
+# is not supported on Solaris, because it violates API abstraction. This
+# workaround disables delegated credentials storing on server side.
+#
+# The long term goal is to replace Solaris Kerberos libraries with MIT Kerberos
+# delivered from Userland gate (The Solaris MIT Kerberos Drop in Project).
+# After that, function gss_krb5_copy_ccache() will be available in Solaris and
+# the delegating credentials functionality will be made available using the
+# upstream code.
+#
+--- orig/auth2-gss.c Fri Mar 21 10:41:03 2014
++++ new/auth2-gss.c Fri Mar 21 11:13:57 2014
+@@ -47,6 +47,10 @@
+
+ extern ServerOptions options;
+
++#ifdef KRB5_BUILD_FIX
++ extern gss_OID_set g_supported;
++#endif
++
+ static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
+ static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
+ static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+@@ -77,7 +81,13 @@
+ return (0);
+ }
+
++#ifdef KRB5_BUILD_FIX
++ /* use value obtained in privileged parent */
++ supported = g_supported;
++#else
+ ssh_gssapi_supported_oids(&supported);
++#endif
++
+ do {
+ mechs--;
+
+--- orig/configure Fri Mar 21 10:41:03 2014
++++ new/configure Fri Mar 21 11:02:11 2014
+@@ -16634,6 +16634,12 @@
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ $as_echo "no" >&6; }
+ fi
++
++ # Oracle Solaris
++ # OpenSSH is mixed-up gssapi AND krb5 aplication
++ K5CFLAGS="$K5CFLAGS `$KRB5CONF --cflags krb5`"
++ K5LIBS="$K5LIBS `$KRB5CONF --libs krb5`"
++
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+ $as_echo_n "checking whether we are using Heimdal... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+--- orig/sshd.c Fri Mar 21 10:41:03 2014
++++ new/sshd.c Fri Mar 21 11:09:30 2014
+@@ -259,6 +259,11 @@
+ /* Unprivileged user */
+ struct passwd *privsep_pw = NULL;
+
++#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
++/* Temporary storing supported GSS mechs */
++gss_OID_set g_supported;
++#endif
++
+ /* Prototypes for various functions defined later in this file. */
+ void destroy_sensitive_data(void);
+ void demote_sensitive_data(void);
+@@ -1407,6 +1412,10 @@
+ av = saved_argv;
+ #endif
+
++#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
++ OM_uint32 ms;
++#endif
++
+ if (geteuid() == 0 && setgroups(0, NULL) == -1)
+ debug("setgroups(): %.200s", strerror(errno));
+
+@@ -2083,6 +2092,11 @@
+ buffer_init(&loginmsg);
+ auth_debug_reset();
+
++#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
++ /* collect gss mechs for later use in privsep child */
++ ssh_gssapi_supported_oids(&g_supported);
++#endif
++
+ if (use_privsep) {
+ if (privsep_preauth(authctxt) == 1)
+ goto authenticated;
+@@ -2120,6 +2134,10 @@
+ startup_pipe = -1;
+ }
+
++#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
++ gss_release_oid_set(&ms, &g_supported);
++#endif
++
+ #ifdef SSH_AUDIT_EVENTS
+ audit_event(SSH_AUTH_SUCCESS);
+ #endif