diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 03b7dbf0fe1..2a3dc7f481c 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -3,7 +3,13 @@ FreeBSD maintainer's guide to OpenSSH-portable ============================================== -[needs rewriting for svn] +XXX +XXX this needs a complete rewrite +XXX svn merge from vendor branch, resolve conflicts manually +XXX (see FREEBSD-tricks for tips on how to reduce conflicts) +XXX run freebsd-configure.sh to generate config.h and krb5_config.h +XXX svn diff Makefile.in to see if the Makefiles need adjusting +XXX 0) Make sure your mail spool has plenty of free space. It'll fill up pretty fast once you're done with this checklist. @@ -116,7 +122,7 @@ B) Re-commit everything on repoman (you *did* use a test repo for This port was brought to you by (in no particular order) DARPA, NAI -Labs, ThinkSec, Nescafé, the Aberlour Glenlivet Distillery Co., +Labs, ThinkSec, NescafĂ©, the Aberlour Glenlivet Distillery Co., Suzanne Vega, and a Sanford's #69 Deluxe Marker. -- des@FreeBSD.org diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index cc3d1e7fa46..ad1d8524e10 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -157,7 +157,7 @@ /* #undef GLOB_HAS_GL_STATV */ /* Define this if you want GSSAPI support in the version 2 protocol */ -#define GSSAPI 1 +/* #undef GSSAPI */ /* Define if you want to use shadow password expire field */ /* #undef HAS_SHADOW_EXPIRE */ @@ -271,7 +271,7 @@ /* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE', and to 0 if you don't. */ -#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1 +/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */ /* Define to 1 if you have the declaration of `howmany', and to 0 if you don't. */ @@ -535,10 +535,10 @@ /* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */ /* Define to 1 if you have the header file. */ -#define HAVE_GSSAPI_GSSAPI_H 1 +/* #undef HAVE_GSSAPI_GSSAPI_H */ /* Define to 1 if you have the header file. */ -#define HAVE_GSSAPI_GSSAPI_KRB5_H 1 +/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_GSSAPI_H */ @@ -601,13 +601,13 @@ #define HAVE_ISBLANK 1 /* Define to 1 if you have the `krb5_cc_new_unique' function. */ -#define HAVE_KRB5_CC_NEW_UNIQUE 1 +/* #undef HAVE_KRB5_CC_NEW_UNIQUE */ /* Define to 1 if you have the `krb5_free_error_message' function. */ -#define HAVE_KRB5_FREE_ERROR_MESSAGE 1 +/* #undef HAVE_KRB5_FREE_ERROR_MESSAGE */ /* Define to 1 if you have the `krb5_get_error_message' function. */ -#define HAVE_KRB5_GET_ERROR_MESSAGE 1 +/* #undef HAVE_KRB5_GET_ERROR_MESSAGE */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LASTLOG_H */ @@ -1310,7 +1310,7 @@ #define HAVE___func__ 1 /* Define this if you are using the Heimdal version of Kerberos V5 */ -#define HEIMDAL 1 +/* #undef HEIMDAL */ /* Define if you need to use IP address instead of hostname in $DISPLAY */ /* #undef IPADDR_IN_DISPLAY */ @@ -1322,7 +1322,7 @@ /* #undef IP_TOS_IS_BROKEN */ /* Define if you want Kerberos 5 support */ -#define KRB5 1 +/* #undef KRB5 */ /* Define if pututxline updates lastlog too */ /* #undef LASTLOG_WRITE_PUTUTXLINE */ diff --git a/crypto/openssh/freebsd-configure.sh b/crypto/openssh/freebsd-configure.sh new file mode 100755 index 00000000000..800488041cb --- /dev/null +++ b/crypto/openssh/freebsd-configure.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +configure_args=" + --prefix=/usr + --sysconfdir=/etc/ssh + --with-pam + --with-tcp-wrappers + --with-libedit + --with-ssl-engine + --without-xauth +" + +set -e + +# generate config.h with krb5 and stash it +sh configure $configure_args --with-kerberos5 +mv config.log config.log.orig +mv config.h config.h.orig + +# generate config.h without krb5 +sh configure $configure_args --without-kerberos5 + +# extract the difference +echo '/* $Free''BSD$ */' > krb5_config.h +diff -u config.h.orig config.h | + sed -n '/^-#define/s/^-//p' | + grep -Ff /dev/stdin config.h.orig >> krb5_config.h diff --git a/crypto/openssh/krb5_config.h b/crypto/openssh/krb5_config.h new file mode 100644 index 00000000000..af1f80bb599 --- /dev/null +++ b/crypto/openssh/krb5_config.h @@ -0,0 +1,11 @@ +/* $FreeBSD$ */ +#define GSSAPI 1 +#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1 +#define HAVE_GSSAPI_GSSAPI_H 1 +#define HAVE_GSSAPI_GSSAPI_KRB5_H 1 +#define HAVE_GSSAPI_H 1 +#define HAVE_KRB5_CC_NEW_UNIQUE 1 +#define HAVE_KRB5_FREE_ERROR_MESSAGE 1 +#define HAVE_KRB5_GET_ERROR_MESSAGE 1 +#define HEIMDAL 1 +#define KRB5 1 diff --git a/crypto/openssh/ssh-gss.h b/crypto/openssh/ssh-gss.h index 077e13ce4b9..3fcc2d14057 100644 --- a/crypto/openssh/ssh-gss.h +++ b/crypto/openssh/ssh-gss.h @@ -28,10 +28,10 @@ #ifdef GSSAPI -#ifdef HAVE_GSSAPI_H -#include -#elif defined(HAVE_GSSAPI_GSSAPI_H) +#if defined(HAVE_GSSAPI_GSSAPI_H) #include +#elif defined(HAVE_GSSAPI_H) +#include #endif #ifdef KRB5 diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 4bc1bd5603d..12b559e44ba 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -88,10 +88,10 @@ __RCSID("$FreeBSD$"); #ifdef __FreeBSD__ #include -#if defined(GSSAPI) && defined(HAVE_GSSAPI_H) -#include -#elif defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H) +#if defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H) #include +#elif defined(GSSAPI) && defined(HAVE_GSSAPI_H) +#include #endif #endif diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 387272b3562..5536f66e630 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -39,7 +39,7 @@ USEPRIVATELIB+= ldns CFLAGS+= -I${SSHDIR} -include ssh_namespace.h .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL +CFLAGS+= -include krb5_config.h DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCOM_ERR} ${LIBMD} ${LIBROKEN} LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken .endif @@ -58,3 +58,6 @@ LDADD+= -lcrypto -lcrypt -lz .PATH: ${SSHDIR} ${SSHDIR}/openbsd-compat ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h +.if ${MK_KERBEROS_SUPPORT} != "no" +${OBJS} ${POBJS} ${SOBJS}: krb5_config.h +.endif diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index 459d21f386a..4a464297019 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -27,7 +27,7 @@ USEPRIVATELIB+= ldns .endif .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL +CFLAGS+= -include krb5_config.h DPADD+= ${LIBGSSAPI} LDADD+= -lgssapi .endif @@ -48,3 +48,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" .PATH: ${SSHDIR} ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h +.if ${MK_KERBEROS_SUPPORT} != "no" +${OBJS} ${POBJS} ${SOBJS}: krb5_config.h +.endif diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index daba994df52..587eb673b36 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -42,8 +42,7 @@ LDADD+= -lbsm .endif .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \ - -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 +CFLAGS+= -include krb5_config.h DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \ ${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC} LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \ @@ -66,3 +65,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" .PATH: ${SSHDIR} ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h +.if ${MK_KERBEROS_SUPPORT} != "no" +${OBJS} ${POBJS} ${SOBJS}: krb5_config.h +.endif