mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-27 03:11:52 +01:00
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius)
This commit is contained in:
parent
d83a410e24
commit
0085282b6a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=255829
@ -3,7 +3,13 @@
|
||||
FreeBSD maintainer's guide to OpenSSH-portable
|
||||
==============================================
|
||||
|
||||
[needs rewriting for svn]
|
||||
XXX
|
||||
XXX this needs a complete rewrite
|
||||
XXX svn merge from vendor branch, resolve conflicts manually
|
||||
XXX (see FREEBSD-tricks for tips on how to reduce conflicts)
|
||||
XXX run freebsd-configure.sh to generate config.h and krb5_config.h
|
||||
XXX svn diff Makefile.in to see if the Makefiles need adjusting
|
||||
XXX
|
||||
|
||||
0) Make sure your mail spool has plenty of free space. It'll fill up
|
||||
pretty fast once you're done with this checklist.
|
||||
@ -116,7 +122,7 @@ B) Re-commit everything on repoman (you *did* use a test repo for
|
||||
|
||||
|
||||
This port was brought to you by (in no particular order) DARPA, NAI
|
||||
Labs, ThinkSec, Nescafé, the Aberlour Glenlivet Distillery Co.,
|
||||
Labs, ThinkSec, Nescafé, the Aberlour Glenlivet Distillery Co.,
|
||||
Suzanne Vega, and a Sanford's #69 Deluxe Marker.
|
||||
|
||||
-- des@FreeBSD.org
|
||||
|
@ -157,7 +157,7 @@
|
||||
/* #undef GLOB_HAS_GL_STATV */
|
||||
|
||||
/* Define this if you want GSSAPI support in the version 2 protocol */
|
||||
#define GSSAPI 1
|
||||
/* #undef GSSAPI */
|
||||
|
||||
/* Define if you want to use shadow password expire field */
|
||||
/* #undef HAS_SHADOW_EXPIRE */
|
||||
@ -271,7 +271,7 @@
|
||||
|
||||
/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
|
||||
and to 0 if you don't. */
|
||||
#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1
|
||||
/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */
|
||||
|
||||
/* Define to 1 if you have the declaration of `howmany', and to 0 if you
|
||||
don't. */
|
||||
@ -535,10 +535,10 @@
|
||||
/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */
|
||||
|
||||
/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
|
||||
#define HAVE_GSSAPI_GSSAPI_H 1
|
||||
/* #undef HAVE_GSSAPI_GSSAPI_H */
|
||||
|
||||
/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
|
||||
#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
|
||||
/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */
|
||||
|
||||
/* Define to 1 if you have the <gssapi.h> header file. */
|
||||
/* #undef HAVE_GSSAPI_H */
|
||||
@ -601,13 +601,13 @@
|
||||
#define HAVE_ISBLANK 1
|
||||
|
||||
/* Define to 1 if you have the `krb5_cc_new_unique' function. */
|
||||
#define HAVE_KRB5_CC_NEW_UNIQUE 1
|
||||
/* #undef HAVE_KRB5_CC_NEW_UNIQUE */
|
||||
|
||||
/* Define to 1 if you have the `krb5_free_error_message' function. */
|
||||
#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
|
||||
/* #undef HAVE_KRB5_FREE_ERROR_MESSAGE */
|
||||
|
||||
/* Define to 1 if you have the `krb5_get_error_message' function. */
|
||||
#define HAVE_KRB5_GET_ERROR_MESSAGE 1
|
||||
/* #undef HAVE_KRB5_GET_ERROR_MESSAGE */
|
||||
|
||||
/* Define to 1 if you have the <lastlog.h> header file. */
|
||||
/* #undef HAVE_LASTLOG_H */
|
||||
@ -1310,7 +1310,7 @@
|
||||
#define HAVE___func__ 1
|
||||
|
||||
/* Define this if you are using the Heimdal version of Kerberos V5 */
|
||||
#define HEIMDAL 1
|
||||
/* #undef HEIMDAL */
|
||||
|
||||
/* Define if you need to use IP address instead of hostname in $DISPLAY */
|
||||
/* #undef IPADDR_IN_DISPLAY */
|
||||
@ -1322,7 +1322,7 @@
|
||||
/* #undef IP_TOS_IS_BROKEN */
|
||||
|
||||
/* Define if you want Kerberos 5 support */
|
||||
#define KRB5 1
|
||||
/* #undef KRB5 */
|
||||
|
||||
/* Define if pututxline updates lastlog too */
|
||||
/* #undef LASTLOG_WRITE_PUTUTXLINE */
|
||||
|
30
crypto/openssh/freebsd-configure.sh
Executable file
30
crypto/openssh/freebsd-configure.sh
Executable file
@ -0,0 +1,30 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
configure_args="
|
||||
--prefix=/usr
|
||||
--sysconfdir=/etc/ssh
|
||||
--with-pam
|
||||
--with-tcp-wrappers
|
||||
--with-libedit
|
||||
--with-ssl-engine
|
||||
--without-xauth
|
||||
"
|
||||
|
||||
set -e
|
||||
|
||||
# generate config.h with krb5 and stash it
|
||||
sh configure $configure_args --with-kerberos5
|
||||
mv config.log config.log.orig
|
||||
mv config.h config.h.orig
|
||||
|
||||
# generate config.h without krb5
|
||||
sh configure $configure_args --without-kerberos5
|
||||
|
||||
# extract the difference
|
||||
echo '/* $Free''BSD$ */' > krb5_config.h
|
||||
diff -u config.h.orig config.h |
|
||||
sed -n '/^-#define/s/^-//p' |
|
||||
grep -Ff /dev/stdin config.h.orig >> krb5_config.h
|
11
crypto/openssh/krb5_config.h
Normal file
11
crypto/openssh/krb5_config.h
Normal file
@ -0,0 +1,11 @@
|
||||
/* $FreeBSD$ */
|
||||
#define GSSAPI 1
|
||||
#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1
|
||||
#define HAVE_GSSAPI_GSSAPI_H 1
|
||||
#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
|
||||
#define HAVE_GSSAPI_H 1
|
||||
#define HAVE_KRB5_CC_NEW_UNIQUE 1
|
||||
#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
|
||||
#define HAVE_KRB5_GET_ERROR_MESSAGE 1
|
||||
#define HEIMDAL 1
|
||||
#define KRB5 1
|
@ -28,10 +28,10 @@
|
||||
|
||||
#ifdef GSSAPI
|
||||
|
||||
#ifdef HAVE_GSSAPI_H
|
||||
#include <gssapi.h>
|
||||
#elif defined(HAVE_GSSAPI_GSSAPI_H)
|
||||
#if defined(HAVE_GSSAPI_GSSAPI_H)
|
||||
#include <gssapi/gssapi.h>
|
||||
#elif defined(HAVE_GSSAPI_H)
|
||||
#include <gssapi.h>
|
||||
#endif
|
||||
|
||||
#ifdef KRB5
|
||||
|
@ -88,10 +88,10 @@ __RCSID("$FreeBSD$");
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
#include <resolv.h>
|
||||
#if defined(GSSAPI) && defined(HAVE_GSSAPI_H)
|
||||
#include <gssapi.h>
|
||||
#elif defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H)
|
||||
#if defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H)
|
||||
#include <gssapi/gssapi.h>
|
||||
#elif defined(GSSAPI) && defined(HAVE_GSSAPI_H)
|
||||
#include <gssapi.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -39,7 +39,7 @@ USEPRIVATELIB+= ldns
|
||||
CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
|
||||
|
||||
.if ${MK_KERBEROS_SUPPORT} != "no"
|
||||
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
|
||||
CFLAGS+= -include krb5_config.h
|
||||
DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCOM_ERR} ${LIBMD} ${LIBROKEN}
|
||||
LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken
|
||||
.endif
|
||||
@ -58,3 +58,6 @@ LDADD+= -lcrypto -lcrypt -lz
|
||||
.PATH: ${SSHDIR} ${SSHDIR}/openbsd-compat
|
||||
|
||||
${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
|
||||
.if ${MK_KERBEROS_SUPPORT} != "no"
|
||||
${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
|
||||
.endif
|
||||
|
@ -27,7 +27,7 @@ USEPRIVATELIB+= ldns
|
||||
.endif
|
||||
|
||||
.if ${MK_KERBEROS_SUPPORT} != "no"
|
||||
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
|
||||
CFLAGS+= -include krb5_config.h
|
||||
DPADD+= ${LIBGSSAPI}
|
||||
LDADD+= -lgssapi
|
||||
.endif
|
||||
@ -48,3 +48,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
|
||||
.PATH: ${SSHDIR}
|
||||
|
||||
${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
|
||||
.if ${MK_KERBEROS_SUPPORT} != "no"
|
||||
${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
|
||||
.endif
|
||||
|
@ -42,8 +42,7 @@ LDADD+= -lbsm
|
||||
.endif
|
||||
|
||||
.if ${MK_KERBEROS_SUPPORT} != "no"
|
||||
CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \
|
||||
-DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1
|
||||
CFLAGS+= -include krb5_config.h
|
||||
DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \
|
||||
${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC}
|
||||
LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \
|
||||
@ -66,3 +65,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
|
||||
.PATH: ${SSHDIR}
|
||||
|
||||
${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
|
||||
.if ${MK_KERBEROS_SUPPORT} != "no"
|
||||
${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
|
||||
.endif
|
||||
|
Loading…
Reference in New Issue
Block a user