diff options
| author | des <des@FreeBSD.org> | 2013-09-23 20:35:54 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2013-09-23 20:35:54 +0000 |
| commit | 476b7e3d43eadb9adc07587cb47ade03d7fc6f22 (patch) | |
| tree | 204a4783390b9e2cd41aa93420dec26e049d2dba | |
| parent | 6d86a0080bfdac11278fa40273e50920072f74df (diff) | |
| download | FreeBSD-src-476b7e3d43eadb9adc07587cb47ade03d7fc6f22.zip FreeBSD-src-476b7e3d43eadb9adc07587cb47ade03d7fc6f22.tar.gz | |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.
Approved by: re (marius)
| -rw-r--r-- | crypto/openssh/FREEBSD-upgrade | 10 | ||||
| -rw-r--r-- | crypto/openssh/config.h | 18 | ||||
| -rwxr-xr-x | crypto/openssh/freebsd-configure.sh | 30 | ||||
| -rw-r--r-- | crypto/openssh/krb5_config.h | 11 | ||||
| -rw-r--r-- | crypto/openssh/ssh-gss.h | 6 | ||||
| -rw-r--r-- | crypto/openssh/sshd.c | 6 | ||||
| -rw-r--r-- | secure/lib/libssh/Makefile | 5 | ||||
| -rw-r--r-- | secure/usr.bin/ssh/Makefile | 5 | ||||
| -rw-r--r-- | secure/usr.sbin/sshd/Makefile | 6 |
9 files changed, 76 insertions, 21 deletions
diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 03b7dbf..2a3dc7f 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -3,7 +3,13 @@ FreeBSD maintainer's guide to OpenSSH-portable ============================================== -[needs rewriting for svn] +XXX +XXX this needs a complete rewrite +XXX svn merge from vendor branch, resolve conflicts manually +XXX (see FREEBSD-tricks for tips on how to reduce conflicts) +XXX run freebsd-configure.sh to generate config.h and krb5_config.h +XXX svn diff Makefile.in to see if the Makefiles need adjusting +XXX 0) Make sure your mail spool has plenty of free space. It'll fill up pretty fast once you're done with this checklist. @@ -116,7 +122,7 @@ B) Re-commit everything on repoman (you *did* use a test repo for This port was brought to you by (in no particular order) DARPA, NAI -Labs, ThinkSec, Nescafé, the Aberlour Glenlivet Distillery Co., +Labs, ThinkSec, NescafĂ©, the Aberlour Glenlivet Distillery Co., Suzanne Vega, and a Sanford's #69 Deluxe Marker. -- des@FreeBSD.org diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index cc3d1e7..ad1d852 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -157,7 +157,7 @@ /* #undef GLOB_HAS_GL_STATV */ /* Define this if you want GSSAPI support in the version 2 protocol */ -#define GSSAPI 1 +/* #undef GSSAPI */ /* Define if you want to use shadow password expire field */ /* #undef HAS_SHADOW_EXPIRE */ @@ -271,7 +271,7 @@ /* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE', and to 0 if you don't. */ -#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1 +/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */ /* Define to 1 if you have the declaration of `howmany', and to 0 if you don't. */ @@ -535,10 +535,10 @@ /* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */ /* Define to 1 if you have the <gssapi/gssapi.h> header file. */ -#define HAVE_GSSAPI_GSSAPI_H 1 +/* #undef HAVE_GSSAPI_GSSAPI_H */ /* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */ -#define HAVE_GSSAPI_GSSAPI_KRB5_H 1 +/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */ /* Define to 1 if you have the <gssapi.h> header file. */ /* #undef HAVE_GSSAPI_H */ @@ -601,13 +601,13 @@ #define HAVE_ISBLANK 1 /* Define to 1 if you have the `krb5_cc_new_unique' function. */ -#define HAVE_KRB5_CC_NEW_UNIQUE 1 +/* #undef HAVE_KRB5_CC_NEW_UNIQUE */ /* Define to 1 if you have the `krb5_free_error_message' function. */ -#define HAVE_KRB5_FREE_ERROR_MESSAGE 1 +/* #undef HAVE_KRB5_FREE_ERROR_MESSAGE */ /* Define to 1 if you have the `krb5_get_error_message' function. */ -#define HAVE_KRB5_GET_ERROR_MESSAGE 1 +/* #undef HAVE_KRB5_GET_ERROR_MESSAGE */ /* Define to 1 if you have the <lastlog.h> header file. */ /* #undef HAVE_LASTLOG_H */ @@ -1310,7 +1310,7 @@ #define HAVE___func__ 1 /* Define this if you are using the Heimdal version of Kerberos V5 */ -#define HEIMDAL 1 +/* #undef HEIMDAL */ /* Define if you need to use IP address instead of hostname in $DISPLAY */ /* #undef IPADDR_IN_DISPLAY */ @@ -1322,7 +1322,7 @@ /* #undef IP_TOS_IS_BROKEN */ /* Define if you want Kerberos 5 support */ -#define KRB5 1 +/* #undef KRB5 */ /* Define if pututxline updates lastlog too */ /* #undef LASTLOG_WRITE_PUTUTXLINE */ diff --git a/crypto/openssh/freebsd-configure.sh b/crypto/openssh/freebsd-configure.sh new file mode 100755 index 0000000..8004880 --- /dev/null +++ b/crypto/openssh/freebsd-configure.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +configure_args=" + --prefix=/usr + --sysconfdir=/etc/ssh + --with-pam + --with-tcp-wrappers + --with-libedit + --with-ssl-engine + --without-xauth +" + +set -e + +# generate config.h with krb5 and stash it +sh configure $configure_args --with-kerberos5 +mv config.log config.log.orig +mv config.h config.h.orig + +# generate config.h without krb5 +sh configure $configure_args --without-kerberos5 + +# extract the difference +echo '/* $Free''BSD$ */' > krb5_config.h +diff -u config.h.orig config.h | + sed -n '/^-#define/s/^-//p' | + grep -Ff /dev/stdin config.h.orig >> krb5_config.h diff --git a/crypto/openssh/krb5_config.h b/crypto/openssh/krb5_config.h new file mode 100644 index 0000000..af1f80b --- /dev/null +++ b/crypto/openssh/krb5_config.h @@ -0,0 +1,11 @@ +/* $FreeBSD$ */ +#define GSSAPI 1 +#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1 +#define HAVE_GSSAPI_GSSAPI_H 1 +#define HAVE_GSSAPI_GSSAPI_KRB5_H 1 +#define HAVE_GSSAPI_H 1 +#define HAVE_KRB5_CC_NEW_UNIQUE 1 +#define HAVE_KRB5_FREE_ERROR_MESSAGE 1 +#define HAVE_KRB5_GET_ERROR_MESSAGE 1 +#define HEIMDAL 1 +#define KRB5 1 diff --git a/crypto/openssh/ssh-gss.h b/crypto/openssh/ssh-gss.h index 077e13c..3fcc2d1 100644 --- a/crypto/openssh/ssh-gss.h +++ b/crypto/openssh/ssh-gss.h @@ -28,10 +28,10 @@ #ifdef GSSAPI -#ifdef HAVE_GSSAPI_H -#include <gssapi.h> -#elif defined(HAVE_GSSAPI_GSSAPI_H) +#if defined(HAVE_GSSAPI_GSSAPI_H) #include <gssapi/gssapi.h> +#elif defined(HAVE_GSSAPI_H) +#include <gssapi.h> #endif #ifdef KRB5 diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 4bc1bd5..12b559e 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -88,10 +88,10 @@ __RCSID("$FreeBSD$"); #ifdef __FreeBSD__ #include <resolv.h> -#if defined(GSSAPI) && defined(HAVE_GSSAPI_H) -#include <gssapi.h> -#elif defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H) +#if defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H) #include <gssapi/gssapi.h> +#elif defined(GSSAPI) && defined(HAVE_GSSAPI_H) +#include <gssapi.h> #endif #endif diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 387272b..5536f66 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -39,7 +39,7 @@ USEPRIVATELIB+= ldns CFLAGS+= -I${SSHDIR} -include ssh_namespace.h .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL +CFLAGS+= -include krb5_config.h DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCOM_ERR} ${LIBMD} ${LIBROKEN} LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken .endif @@ -58,3 +58,6 @@ LDADD+= -lcrypto -lcrypt -lz .PATH: ${SSHDIR} ${SSHDIR}/openbsd-compat ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h +.if ${MK_KERBEROS_SUPPORT} != "no" +${OBJS} ${POBJS} ${SOBJS}: krb5_config.h +.endif diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index 459d21f..4a46429 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -27,7 +27,7 @@ USEPRIVATELIB+= ldns .endif .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL +CFLAGS+= -include krb5_config.h DPADD+= ${LIBGSSAPI} LDADD+= -lgssapi .endif @@ -48,3 +48,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" .PATH: ${SSHDIR} ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h +.if ${MK_KERBEROS_SUPPORT} != "no" +${OBJS} ${POBJS} ${SOBJS}: krb5_config.h +.endif diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index daba994..587eb67 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -42,8 +42,7 @@ LDADD+= -lbsm .endif .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \ - -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 +CFLAGS+= -include krb5_config.h DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \ ${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC} LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \ @@ -66,3 +65,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" .PATH: ${SSHDIR} ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h +.if ${MK_KERBEROS_SUPPORT} != "no" +${OBJS} ${POBJS} ${SOBJS}: krb5_config.h +.endif |
