Commit Graph

60 Commits

Author SHA1 Message Date
christos
15b0d355be Only need the PAM hooks for sshd. Now it compiles, PAM portion untested. 2005-02-13 18:15:05 +00:00
christos
cea75c91ac Add PAM glue [unused] 2005-02-13 06:07:54 +00:00
christos
573119d831 Update for OpenSSH-3.9 2005-02-13 06:07:21 +00:00
lukem
4d41fe6044 Style/consistency cleanup:
* libcrypto & libz are provided by ../Makefile.inc
* <bsd.own.mk> isn't required by most of these
* be consistent in the layout
2005-01-03 06:05:50 +00:00
lukem
ecfeee924b Use the public libssh that's now available. 2005-01-03 06:04:08 +00:00
lukem
b817247988 Use MKPRIVATELIB=yes instead of providing an empty libinstall:: target and
setting NOLINT, NOPIC, NOPROFILE (etc)
2004-05-23 02:24:50 +00:00
lukem
ee04d88971 Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.

XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.
2004-05-16 09:53:09 +00:00
dyoung
4758291178 Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no)
and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist
complained of missing files.

* move kerberos- and kerberos 4-only files into new flists,
  distrib/sets/lists/*/krb.*

* make the flist generators grok MKKERBEROS{,4} variables

* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no.
  9 out of 10 experts agree that it is ludicrous to build w/
  KERBEROS4 and w/o KERBEROS5.

* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.

* omit some Kerberos-only subdirectories from the build as
  MKKERBEROS{,4} indicate

(I acknowledge the sentiment that flists are the wrong way to go,
and that the makefiles should produce the metalog directly.  That
sounds to me like the right way to go, but I am not prepared to do
revamp all the makefiles.  While my approach is expedient, it fits
painlessly within the current build architecture until we are
delivered from flist purgatory, and it does not postpone our
delivery. Fair enough?)
2003-12-11 09:46:26 +00:00
lha
afad8d1f7c libkrb depends on libdes, patch in private mail from
Harold Gutch logix at foobar franken de
2003-08-23 23:03:42 +00:00
itojun
88ec7d3792 bring back krb4 support, just to suppress unwanted noise from other developers.
note that official openssh distribution have already dropped kerberosIV support,
therefore maintenance cost needs to be paid by us.  and have no intent to help.
2003-07-24 15:31:52 +00:00
itojun
0abe0bddb0 forgot to remove -lkafs. from rafal 2003-07-23 08:00:52 +00:00
itojun
8556dff80c remove KRB4 and AFS support. sync w/ openssh main tree 2003-07-23 03:52:16 +00:00
itojun
25ad1ea430 UPPORT_UTMP{,X} outside of .if KERBEROS. PR 22202 2003-07-21 03:37:43 +00:00
itojun
56d0ea03cf >implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
>server interops with commercial client; ok jakob@ djm@

markus@openbsd
2003-05-14 18:22:07 +00:00
itojun
e7e7c84a6a sync w/ 3.6.1 2003-04-03 06:21:31 +00:00
itojun
ef7d24574a upgrade to openssh 3.5. major changes include:
- krb4/5 support for privsep (krb5 diff was already applied)

includes fake implementaation of getpeereid() from openssh-portable, which
does nothing useful - need improvement.
2002-10-01 14:07:26 +00:00
lukem
5d4973fe97 makefile delint. use NETBSDSRCDIR as appropriate 2002-09-18 14:00:33 +00:00
lukem
09ccdda836 rcsid fix 2002-09-18 13:50:52 +00:00
simonb
cb9c117389 Don't set BINOWN if using the default BINMODE. 2002-08-02 04:05:13 +00:00
christos
0b56b322c8 Add utmpx support. 2002-07-28 23:43:12 +00:00
itojun
412f69af85 re-enable ssh-keysign's sbit. sync w/openbsd 2002-07-03 14:23:49 +00:00
itojun
968294e218 >make ssh-keysign read /etc/ssh/ssh_config
>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@

sync w/openbsd
2002-07-03 14:23:13 +00:00
itojun
124313224f install ssh-keysign non-setuid for the moment.
(HostbasedAuthentication does not work for a while)
2002-07-01 06:19:22 +00:00
itojun
de7e3177b2 tidy up makefiles 2002-06-24 06:11:11 +00:00
itojun
82659024b5 make sure to install ssh-keysign as setuid root 2002-06-24 05:52:29 +00:00
itojun
3ea946f134 sync with openssh 3.3.
local mods included to make it compile with openssl 0.9.6d.
2002-06-24 05:48:24 +00:00
lukem
244b762de1 Complete the conversion back to the OpenSSH default configuration files of
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.
2002-04-29 08:23:34 +00:00
itojun
34b40b030e sync with openssh 3.2 as of 2002/4/22.
- privilege separation
- afs/kerberos auth security issue fixed
2002-04-22 07:59:35 +00:00
thorpej
9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
itojun
0a2445c3b6 move sshd config files to /etc/ssh 2002-03-11 04:57:55 +00:00
itojun
af34a358ff sync w/ 3.1 as of 2002/3/8. configuration file directory is still /etc
(openbsd usr.bin/ssh is using /etc/ssh)
2002-03-08 02:00:50 +00:00
lukem
670a900e30 use ${INSTALL_FILE} as appropriate 2002-02-09 09:14:32 +00:00
lukem
b0b0a32ad7 Set NOxxx= before <bsd.own.mk> is pulled in (even indirectly).
Otherwise the appropriate MKxxx=no won't be defined .
2001-12-12 12:24:19 +00:00
tv
8e6f7afb5b MKfoo=no -> NOfoo 2001-12-12 01:48:43 +00:00
itojun
ba613513e8 sync with openssh 2.9.9 around 9/27. 2001-09-27 03:24:01 +00:00
itojun
69d60502fe upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh).
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
  into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
2001-06-23 19:37:38 +00:00
wiz
4b1c5f37c5 On note by kleink: Add primes.5 to crypto/dist/ssh instead of share/man/man5. 2001-06-15 12:51:58 +00:00
itojun
2160ac71db install /etc/primes for ssh 2001-05-26 23:27:13 +00:00
itojun
f4532f2487 upgrade to openssh (openbsd usr.bin/ssh) 2.9, around 5/15/2001. 2001-05-15 15:26:07 +00:00
itojun
235b9f0c2f upgrade to openssh 2.5.4 (2001/4/10).
major behavior changes: (made in openssh master tree - openbsd usr.bin/ssh)
- ssh(1) now defaults to ssh protocol version 2.
  if you want version 1 to take precedence, use /etc/ssh.conf to override.
- config change: ~/.ssh/id_rsa[12] is now ~/.ssh/id_rsa (changed 4/3)
- forced client rekey for protocol version 2 (~R)
- swap gid when uid swaps.
- ListenAddress syntax can take [foo]:port for IPv6 numerics.
- "ssh -D 1080" allows us to use ssh tunnel as SOCKS4 proxy.
2001-04-10 08:07:54 +00:00
ad
f85c698f44 Link against libcrypt in order to make MD5 passwords work. 2001-04-01 15:11:05 +00:00
itojun
37da3c3c3c sync with openssh 2.5.2 (from openbsd usr.bin/ssh, not from portable). 2001-03-19 20:03:24 +00:00
assar
e625c71295 add krb5 support to ssh/sshd. based on code initially from Daniel Kouril <kouril@informatics.muni.cz> and Björn Grönvall <bg@sics.se> 2001-03-04 00:41:27 +00:00
itojun
531a3ed838 sync with 2/14.
openssh changes:
- SIGWINCH propagated correctly
- mitigate SSH1 traffic analysis
- sprintf -> snprintf and lots of other cleanups
netbsd local changes:
- include OpenBSD RCSID into binary again, which helps us diagnose later.
2001-02-14 01:06:48 +00:00
itojun
1f5cfca3e6 sync crypto/dist/ssh with re-importorted tree. try to minimize diffs
with openssh tree to ease future upgrade.  re-do local changes, including:
- prototype pedants
- IgnoreRootRhosts
- login.conf user validation
some of the local changes that weren't used are omitted for now.  we may
need to revisit those afterwards.

it adds "sftp".
2001-02-07 17:05:31 +00:00
itojun
a0f7a7d829 crypto/dist/ssh: resolve conflicts with 2.3.0/20010105.
usr.bin/ssh: add ssh-keyscan and sftp-server into SUBDIR.
2001-01-14 05:22:31 +00:00
lukem
443a19e035 convert to using .WAIT 2001-01-09 03:13:39 +00:00
sommerfeld
64cf1af58d Let src/usr.bin build with recursive parallel make..
- add .WAIT and .NOTPARALLEL in a few places
 - change ${MAKE} print-objdir to ${PRINTOBJDIR}
 - convert other ad-hoc forms to use ${PRINTOBJDIR}
2000-12-30 14:54:39 +00:00
garbled
bd7a6d88d2 Hunted down another make -> ${MAKE}.... 2000-10-28 15:36:58 +00:00
tv
45fc6b59ae Remove INSTALLFLAGS=-fschg. This will break a "make install" phase where
the binary may have been installed already, i.e. a install without
UPDATE=1 (done so that everything gets reinstalled).  The schg flag is not
unsettable, even by root, at securelevel 1.

A flag like this should be set by mtree, not install.
2000-10-17 23:51:24 +00:00