Commit Graph

71 Commits

Author SHA1 Message Date
christos 85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
christos 2d51080a2d Do not attempt to generate moduli from moduli.c using the shuttle
suffix rule.  This can happen if moduli.c is newer than moduli.
Reported by Hisashi T Fujinaka.
2006-02-15 15:51:37 +00:00
christos d3b0b4d68a PR/30750: Mark Davies: ssh gives bogus complaint when gssapi authentication
fails. The problem was that different ssh programs were compiled with different
cpp flags. In particular, ssh-keysign was affected. Move all the CPPFLAGS
to Makefile.inc. Note that I am not moving the library portion of the defines
because we don't want to link everything with all the libraries.
2005-08-18 00:19:28 +00:00
christos 0d20a48365 remove -static. 2005-07-29 01:19:20 +00:00
christos ab388e3703 sftp now uses libedit. 2005-04-23 16:54:09 +00:00
christos 192c2eccf6 Add -lcrypt where -lcrypto is specified. 2005-03-09 03:11:22 +00:00
he 5152518685 Add -lcrypt to link lines for applications using -lkrb5, so that they
link successfully when MKPIC=no, as is always the case for our ports
which do not support shared libraries.

Discussed with thorpej and christos.
2005-03-04 20:44:55 +00:00
he 8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
christos 0f037c7626 - Add depency ob ligssapi and the required c-file(s).
- Reorder libkafs so its possible to build w/o kerberos4
From Love.
2005-02-13 22:48:01 +00:00
christos 1b9aa59ad8 Add depency on libgssapi and add the required c-file(s)
From Love.
2005-02-13 22:44:07 +00:00
christos d578cd9dc7 Add a couple of HAVE_'s 2005-02-13 19:15:43 +00:00
christos 15b0d355be Only need the PAM hooks for sshd. Now it compiles, PAM portion untested. 2005-02-13 18:15:05 +00:00
christos cea75c91ac Add PAM glue [unused] 2005-02-13 06:07:54 +00:00
christos 573119d831 Update for OpenSSH-3.9 2005-02-13 06:07:21 +00:00
lukem 4d41fe6044 Style/consistency cleanup:
* libcrypto & libz are provided by ../Makefile.inc
* <bsd.own.mk> isn't required by most of these
* be consistent in the layout
2005-01-03 06:05:50 +00:00
lukem ecfeee924b Use the public libssh that's now available. 2005-01-03 06:04:08 +00:00
lukem b817247988 Use MKPRIVATELIB=yes instead of providing an empty libinstall:: target and
setting NOLINT, NOPIC, NOPROFILE (etc)
2004-05-23 02:24:50 +00:00
lukem ee04d88971 Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.

XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.
2004-05-16 09:53:09 +00:00
dyoung 4758291178 Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no)
and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist
complained of missing files.

* move kerberos- and kerberos 4-only files into new flists,
  distrib/sets/lists/*/krb.*

* make the flist generators grok MKKERBEROS{,4} variables

* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no.
  9 out of 10 experts agree that it is ludicrous to build w/
  KERBEROS4 and w/o KERBEROS5.

* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.

* omit some Kerberos-only subdirectories from the build as
  MKKERBEROS{,4} indicate

(I acknowledge the sentiment that flists are the wrong way to go,
and that the makefiles should produce the metalog directly.  That
sounds to me like the right way to go, but I am not prepared to do
revamp all the makefiles.  While my approach is expedient, it fits
painlessly within the current build architecture until we are
delivered from flist purgatory, and it does not postpone our
delivery. Fair enough?)
2003-12-11 09:46:26 +00:00
lha afad8d1f7c libkrb depends on libdes, patch in private mail from
Harold Gutch logix at foobar franken de
2003-08-23 23:03:42 +00:00
itojun 88ec7d3792 bring back krb4 support, just to suppress unwanted noise from other developers.
note that official openssh distribution have already dropped kerberosIV support,
therefore maintenance cost needs to be paid by us.  and have no intent to help.
2003-07-24 15:31:52 +00:00
itojun 0abe0bddb0 forgot to remove -lkafs. from rafal 2003-07-23 08:00:52 +00:00
itojun 8556dff80c remove KRB4 and AFS support. sync w/ openssh main tree 2003-07-23 03:52:16 +00:00
itojun 25ad1ea430 UPPORT_UTMP{,X} outside of .if KERBEROS. PR 22202 2003-07-21 03:37:43 +00:00
itojun 56d0ea03cf >implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
>server interops with commercial client; ok jakob@ djm@

markus@openbsd
2003-05-14 18:22:07 +00:00
itojun e7e7c84a6a sync w/ 3.6.1 2003-04-03 06:21:31 +00:00
itojun ef7d24574a upgrade to openssh 3.5. major changes include:
- krb4/5 support for privsep (krb5 diff was already applied)

includes fake implementaation of getpeereid() from openssh-portable, which
does nothing useful - need improvement.
2002-10-01 14:07:26 +00:00
lukem 5d4973fe97 makefile delint. use NETBSDSRCDIR as appropriate 2002-09-18 14:00:33 +00:00
lukem 09ccdda836 rcsid fix 2002-09-18 13:50:52 +00:00
simonb cb9c117389 Don't set BINOWN if using the default BINMODE. 2002-08-02 04:05:13 +00:00
christos 0b56b322c8 Add utmpx support. 2002-07-28 23:43:12 +00:00
itojun 412f69af85 re-enable ssh-keysign's sbit. sync w/openbsd 2002-07-03 14:23:49 +00:00
itojun 968294e218 >make ssh-keysign read /etc/ssh/ssh_config
>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@

sync w/openbsd
2002-07-03 14:23:13 +00:00
itojun 124313224f install ssh-keysign non-setuid for the moment.
(HostbasedAuthentication does not work for a while)
2002-07-01 06:19:22 +00:00
itojun de7e3177b2 tidy up makefiles 2002-06-24 06:11:11 +00:00
itojun 82659024b5 make sure to install ssh-keysign as setuid root 2002-06-24 05:52:29 +00:00
itojun 3ea946f134 sync with openssh 3.3.
local mods included to make it compile with openssl 0.9.6d.
2002-06-24 05:48:24 +00:00
lukem 244b762de1 Complete the conversion back to the OpenSSH default configuration files of
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.
2002-04-29 08:23:34 +00:00
itojun 34b40b030e sync with openssh 3.2 as of 2002/4/22.
- privilege separation
- afs/kerberos auth security issue fixed
2002-04-22 07:59:35 +00:00
thorpej 9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
itojun 0a2445c3b6 move sshd config files to /etc/ssh 2002-03-11 04:57:55 +00:00
itojun af34a358ff sync w/ 3.1 as of 2002/3/8. configuration file directory is still /etc
(openbsd usr.bin/ssh is using /etc/ssh)
2002-03-08 02:00:50 +00:00
lukem 670a900e30 use ${INSTALL_FILE} as appropriate 2002-02-09 09:14:32 +00:00
lukem b0b0a32ad7 Set NOxxx= before <bsd.own.mk> is pulled in (even indirectly).
Otherwise the appropriate MKxxx=no won't be defined .
2001-12-12 12:24:19 +00:00
tv 8e6f7afb5b MKfoo=no -> NOfoo 2001-12-12 01:48:43 +00:00
itojun ba613513e8 sync with openssh 2.9.9 around 9/27. 2001-09-27 03:24:01 +00:00
itojun 69d60502fe upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh).
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
  into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
2001-06-23 19:37:38 +00:00
wiz 4b1c5f37c5 On note by kleink: Add primes.5 to crypto/dist/ssh instead of share/man/man5. 2001-06-15 12:51:58 +00:00
itojun 2160ac71db install /etc/primes for ssh 2001-05-26 23:27:13 +00:00
itojun f4532f2487 upgrade to openssh (openbsd usr.bin/ssh) 2.9, around 5/15/2001. 2001-05-15 15:26:07 +00:00