summaryrefslogtreecommitdiff
path: root/security/openssh+gssapi
diff options
context:
space:
mode:
authorjwise <jwise@pkgsrc.org>2003-07-24 21:01:23 +0000
committerjwise <jwise@pkgsrc.org>2003-07-24 21:01:23 +0000
commit98496d7188696ad39022b88be034b72f50dee5a4 (patch)
treee275710919d97b345bc118f15f64c654e76140db /security/openssh+gssapi
parent84c75770e36c08cacd2268ceddd6def79afd1879 (diff)
downloadpkgsrc-98496d7188696ad39022b88be034b72f50dee5a4.tar.gz
Import package for openssh+gssapi, which is openssh-3.6.1p2 with version
20030430 of the GSSAPI patches from http://www.sxw.org.uk/computing/patches/openssh.html . From the site: The patches on this page are concerned with adding support for authenticating users via their Kerberos credentials, and allowing authenticated users to forward their credentials to a remote machine over ssh. These patches are against various versions of the OpenSSH portable code. SSH has both a legacy protocol version 1, and a newer, protocol version 2 (which is being standardised in the IETF). Techniques exist for performing Kerberos authentication over both protocols, and GSSAPI authentication over protocol version 2. In this package standard ssh support for kerberos versions 4 and 5 is kept for version 1 of the ssh protocol (openssh does not support kerberos 4 in ssh protocol version 2). These patches, which provide a much more thorough implementation of kerberos 5 support than that shipped with openssh, are pkg'ed here with an eye toward evaluation of their usefullness for inclusion in the base os.
Diffstat (limited to 'security/openssh+gssapi')
-rw-r--r--security/openssh+gssapi/DESCR14
-rw-r--r--security/openssh+gssapi/INSTALL36
-rw-r--r--security/openssh+gssapi/MESSAGE17
-rw-r--r--security/openssh+gssapi/MESSAGE.pam9
-rw-r--r--security/openssh+gssapi/MESSAGE.urandom8
-rw-r--r--security/openssh+gssapi/Makefile163
-rw-r--r--security/openssh+gssapi/Makefile.intree55
-rw-r--r--security/openssh+gssapi/PLIST30
-rw-r--r--security/openssh+gssapi/PLIST.pam2
-rw-r--r--security/openssh+gssapi/PLIST.prng3
-rw-r--r--security/openssh+gssapi/distinfo9
-rw-r--r--security/openssh+gssapi/files/sshd.sh105
-rw-r--r--security/openssh+gssapi/patches/patch-aa34
-rw-r--r--security/openssh+gssapi/patches/patch-ab34
-rw-r--r--security/openssh+gssapi/patches/patch-ah22
15 files changed, 541 insertions, 0 deletions
diff --git a/security/openssh+gssapi/DESCR b/security/openssh+gssapi/DESCR
new file mode 100644
index 00000000000..764ae7f0903
--- /dev/null
+++ b/security/openssh+gssapi/DESCR
@@ -0,0 +1,14 @@
+OpenSSH is based on the last free version of Tatu Ylonen's SSH with
+all patent-encumbered algorithms removed (to external libraries), all
+known security bugs fixed, new features reintroduced and many other
+clean-ups. More information about SSH itself can be found in the file
+README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
+Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.
+
+This port consists of the re-introduction of autoconf support, PAM
+support (for Linux and Solaris), EGD[1] support, SOCKS support (using
+the Dante [6] libraries and replacements for OpenBSD library functions
+that are (regrettably) absent from other unices. This port has been
+best tested on Linux, Solaris, HPUX, NetBSD and Irix. Support for AIX,
+SCO, NeXT and other Unices is underway. This version actively tracks
+changes in the OpenBSD CVS repository.
diff --git a/security/openssh+gssapi/INSTALL b/security/openssh+gssapi/INSTALL
new file mode 100644
index 00000000000..f930e443924
--- /dev/null
+++ b/security/openssh+gssapi/INSTALL
@@ -0,0 +1,36 @@
+# $NetBSD: INSTALL,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+
+DIRS="/etc /etc/ssh ${PKG_PREFIX}/etc ${PKG_PREFIX}/etc/ssh"
+FILES="sshd.conf sshd_config"
+
+if [ "${STAGE}" != "POST-INSTALL" ]; then
+ exit 0
+fi
+
+for dir in $DIRS; do
+ if [ "@PKG_SYSCONFDIR@" != "$dir" ]; then
+ for file in $FILES; do
+ path=$dir/$file
+ if [ -f $path ]; then
+ ${CAT} <<EOF
+===========================================================================
+
+ *===* NOTICE *===*
+
+WARNING: previous configuration file $path found.
+
+The config files for ${PKGNAME} must be located in:
+
+ @PKG_SYSCONFDIR@
+
+You will need to ensure your configuration files and/or keys are
+placed in the correct directory before using ${PKGNAME}.
+
+===========================================================================
+EOF
+
+ exit
+ fi
+ done
+ fi
+done
diff --git a/security/openssh+gssapi/MESSAGE b/security/openssh+gssapi/MESSAGE
new file mode 100644
index 00000000000..482f771c674
--- /dev/null
+++ b/security/openssh+gssapi/MESSAGE
@@ -0,0 +1,17 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+
+ *===* NOTICE *===*
+
+If you have existing config files for OpenSSH located at /etc/ssh.conf
+and /etc/sshd.conf, then you will have to copy them:
+
+ /etc/ssh.conf --> ${PKG_SYSCONFDIR}/ssh_config
+ /etc/sshd.conf --> ${PKG_SYSCONFDIR}/sshd_config
+
+The `${OPENSSH_USER}' user and `${OPENSSH_GROUP}' group used for
+privilege separation have been created if they did not already exist.
+For security reasons, UsePrivilegeSeparation has to be yes
+(the default value).
+
+===========================================================================
diff --git a/security/openssh+gssapi/MESSAGE.pam b/security/openssh+gssapi/MESSAGE.pam
new file mode 100644
index 00000000000..65185d65a13
--- /dev/null
+++ b/security/openssh+gssapi/MESSAGE.pam
@@ -0,0 +1,9 @@
+===========================================================================
+$NetBSD: MESSAGE.pam,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+
+To authenticate for SSH using PAM, add the contents of the file:
+
+ ${EGDIR}/sshd.pam
+
+to your PAM configuration file.
+===========================================================================
diff --git a/security/openssh+gssapi/MESSAGE.urandom b/security/openssh+gssapi/MESSAGE.urandom
new file mode 100644
index 00000000000..6c3f593d0ae
--- /dev/null
+++ b/security/openssh+gssapi/MESSAGE.urandom
@@ -0,0 +1,8 @@
+===========================================================================
+$NetBSD: MESSAGE.urandom,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+
+You will need a working /dev/urandom. Please make sure you have a kernel
+compiled from a config file containing the line:
+
+ pseudo-device rnd
+===========================================================================
diff --git a/security/openssh+gssapi/Makefile b/security/openssh+gssapi/Makefile
new file mode 100644
index 00000000000..8d1834809f6
--- /dev/null
+++ b/security/openssh+gssapi/Makefile
@@ -0,0 +1,163 @@
+# $NetBSD: Makefile,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+
+DISTNAME= openssh-3.6.1p2
+PKGNAME= openssh+gssapi-3.6.1.2.20030430
+SVR4_PKGNAME= ossh
+CATEGORIES= security
+MASTER_SITES= ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD/OpenSSH/portable/ \
+ ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
+ http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \
+ ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
+ ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
+ ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/
+PATCH_SITES= http://www.sxw.org.uk/computing/patches/
+PATCHFILES= openssh-3.6.1p2-gssapi-20030430.diff
+PATCH_DIST_STRIP= -p1
+
+# Don't delete the last entry -- it's there if the pkgsrc version is not
+# up-to-date and the mirrors already removed the old distfile.
+
+MAINTAINER= jwise@NetBSD.org
+HOMEPAGE= http://www.openssh.com/
+COMMENT= Open Source Secure shell client and server (remote login program)
+
+CONFLICTS= sftp-[0-9]*
+CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* ssh2-[0-9]*
+CONFLICTS+= openssh-[0-9]*
+
+USE_PERL5= build
+
+# 0.9.5a can be used, with blowfish support broken. so require 0.9.6.
+USE_OPENSSL_VERSION= ${OPENSSL_VERSION_096}
+
+CRYPTO= yes
+
+# retain the following line, for IPv6-ready pkgsrc webpage
+BUILD_DEFS+= USE_INET6
+#BUILD_DEFS+= KERBEROS
+
+.include "../../mk/bsd.prefs.mk"
+
+INSTALL_TARGET= install-nokeys
+PLIST_SRC= # empty
+MESSAGE_SRC= ${.CURDIR}/MESSAGE
+
+PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}:${OPENSSH_UID}:sshd\\ privsep:${OPENSSH_CHROOT}:${NOLOGIN}
+PKG_GROUPS= ${OPENSSH_GROUP}:${OPENSSH_GID}
+
+SSH_PID_DIR= /var/run # default directory for PID files
+
+PKG_SYSCONFSUBDIR= ssh
+MANDIR= man
+RCD_SCRIPTS_EGDIR= etc/rc.d
+
+PLIST_SUBST+= MANDIR=${MANDIR}
+PLIST_SUBST+= RCD_SCRIPTS_EGDIR=${RCD_SCRIPTS_EGDIR}
+
+USE_BUILDLINK2= yes
+USE_PKGINSTALL= yes
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
+CONFIGURE_ARGS+= --mandir=${PREFIX}/${MANDIR}
+CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR}
+CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE}
+CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
+CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT}
+CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER}
+CONFIGURE_ARGS+= --with-kerberos5=/usr
+CONFIGURE_ARGS+= --with-kerberos4=/usr
+
+CPPFLAGS+= -I/usr/include/krb5 -I/usr/include/kerberosIV
+
+# XXX: PAM authentication causes memory faults, and I haven't tracked down
+# XXX: why yet. For the moment, disable PAM authentication.
+#
+#.if defined(USE_PAM)
+#.include "../../security/PAM/buildlink2.mk"
+#CONFIGURE_ARGS+= --with-pam
+#PLIST_SRC+= ${.CURDIR}/PLIST.pam
+#MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam
+#.endif
+
+.if (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
+. include "../../security/skey/buildlink2.mk"
+CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
+.elif ${OPSYS} == "NetBSD"
+# XXX: NetBSD has 4 args (4: sslen) to skeychallenge instead of 3
+#CONFIGURE_ARGS+= --with-skey=/usr
+CONFIGURE_ARGS+= --without-skey
+.else
+CONFIGURE_ARGS+= --without-skey
+.endif
+
+.if defined(KERBEROS)
+PKG_USE_KERBEROS= yes
+CONFIGURE_ARGS+= --with-kerberos4=/usr
+LDFLAGS+= -lkrb -lcom_err -lroken -ldes
+.endif
+
+LD= ${CC}
+
+# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
+# on if it's part of the X11 distribution, or if it's installed from pkgsrc
+# (security/ssh-askpass).
+#
+.if exists(${X11BASE}/bin/ssh-askpass)
+ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
+.else
+ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass
+.endif
+CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM}
+MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM}
+
+CONFS= ssh_config sshd_config
+SUPPS= moduli
+
+.if exists(/dev/urandom)
+MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom
+.else
+CONFIGURE_ARGS+= --without-random
+CONFS+= ssh_prng_cmds
+PLIST_SRC+= ${.CURDIR}/PLIST.prng
+.endif
+
+EGDIR= ${PREFIX}/share/examples/openssh
+CONF_FILES= # empty
+.for FILE in ${CONFS}
+CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
+.endfor
+SUPPORT_FILES= # empty
+.for FILE in ${SUPPS}
+SUPPORT_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
+.endfor
+OWN_DIRS= ${OPENSSH_CHROOT}
+RCD_SCRIPTS= sshd
+
+PLIST_SRC+= ${.CURDIR}/PLIST
+FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR}
+MESSAGE_SUBST+= EGDIR=${EGDIR}
+MESSAGE_SUBST+= OPENSSH_USER=${OPENSSH_USER}
+MESSAGE_SUBST+= OPENSSH_GROUP=${OPENSSH_GROUP}
+
+.if defined(UPDATE_INTREE_OPENSSH)
+. include "Makefile.intree"
+.endif
+
+pre-configure:
+ cd ${WRKSRC} && ${AUTORECONF}
+
+post-install:
+ ${INSTALL_DATA_DIR} ${EGDIR}
+ cd ${WRKSRC}; for file in ${CONFS} ${SUPPS}; do \
+ ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \
+ done
+#.if defined(USE_PAM)
+# ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam
+#.endif
+
+.include "../../devel/zlib/buildlink2.mk"
+.include "../../security/openssl/buildlink2.mk"
+.include "../../security/tcp_wrappers/buildlink2.mk"
+.include "../../mk/autoconf.mk"
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/openssh+gssapi/Makefile.intree b/security/openssh+gssapi/Makefile.intree
new file mode 100644
index 00000000000..83c6df0edea
--- /dev/null
+++ b/security/openssh+gssapi/Makefile.intree
@@ -0,0 +1,55 @@
+# $NetBSD: Makefile.intree,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+
+.include "../../mk/bsd.prefs.mk"
+
+_UPDATE_INTREE_OPENSSH?= NO
+.if ${OPSYS} == "NetBSD"
+. for PATTERN in 1.5 1.5.*
+. if ${OS_VERSION:M${PATTERN}}
+_UPDATE_INTREE_OPENSSH= YES
+PKG_SYSCONFSUBDIR:= # empty
+. endif
+. endfor
+. for PATTERN in 1.6*
+. if ${OS_VERSION:M${PATTERN}}
+_UPDATE_INTREE_OPENSSH= YES
+PKG_SYSCONFSUBDIR:= ssh
+. endif
+. endfor
+.endif
+
+# We would like to require an in-tree OpenSSL that is at least 0.9.5a, but the
+# openssl buildlink2.mk forces at least 0.9.6f, which makes
+# UPDATE_INTREE_OPENSSH useless for anything before 1.6*
+#
+# USE_OPENSSL_VERSION:= ${OPENSSL_VERSION_095A}
+.include "../../security/openssl/buildlink2.mk"
+.if ${_NEED_OPENSSL} == "YES"
+_UPDATE_INTREE_OPENSSH= NO
+PKG_FAIL_REASON= "OpenSSL>=0.9.6f in the base distribution is required."
+.endif
+
+.if ${_UPDATE_INTREE_OPENSSH} == "YES"
+NO_MTREE= yes
+NO_PKG_REGISTER= yes
+NO_PACKAGE= No package registration is done
+MANCOMPRESSED_IF_MANZ= yes
+LOCALBASE:= /usr
+PKG_SYSCONFBASE:= /etc
+MANDIR:= share/man
+RCD_SCRIPTS_EGDIR:= share/examples/openssh
+.else
+PKG_FAIL_REASON?= "Unable to update in-tree OpenSSH for ${OPSYS}-${OS_VERSION}."
+.endif
+
+real-tarball:
+ ${GREP} -v "^@" ${PLIST} | ${SED} -e "s,^,${PREFIX}/," | ${SORT} \
+ > ${WRKDIR}/MANIFEST
+ ${GTAR} zcvpf ${PKGNAME}-intree-${OPSYS}-${OS_VERSION}.tgz \
+ `${CAT} ${WRKDIR}/MANIFEST`
+
+tarball:
+ @${ECHO_MSG} "${_PKGSRC_IN}> Tarballing ${PKGNAME}"
+ ${_PKG_SILENT}${_PKG_DEBUG} \
+ realtarget="real-tarball"; action="tarball"; \
+ ${_SU_TARGET}
diff --git a/security/openssh+gssapi/PLIST b/security/openssh+gssapi/PLIST
new file mode 100644
index 00000000000..ce179a879ef
--- /dev/null
+++ b/security/openssh+gssapi/PLIST
@@ -0,0 +1,30 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+bin/scp
+bin/sftp
+bin/slogin
+bin/ssh
+bin/ssh-add
+bin/ssh-agent
+bin/ssh-keygen
+bin/ssh-keyscan
+${RCD_SCRIPTS_EGDIR}/sshd
+libexec/sftp-server
+libexec/ssh-keysign
+${MANDIR}/man1/scp.1
+${MANDIR}/man1/sftp.1
+${MANDIR}/man1/slogin.1
+${MANDIR}/man1/ssh-add.1
+${MANDIR}/man1/ssh-agent.1
+${MANDIR}/man1/ssh-keygen.1
+${MANDIR}/man1/ssh-keyscan.1
+${MANDIR}/man1/ssh.1
+${MANDIR}/man5/ssh_config.5
+${MANDIR}/man5/sshd_config.5
+${MANDIR}/man8/sftp-server.8
+${MANDIR}/man8/ssh-keysign.8
+${MANDIR}/man8/sshd.8
+sbin/sshd
+share/examples/openssh/moduli
+share/examples/openssh/ssh_config
+share/examples/openssh/sshd_config
+@dirrm share/examples/openssh
diff --git a/security/openssh+gssapi/PLIST.pam b/security/openssh+gssapi/PLIST.pam
new file mode 100644
index 00000000000..51a30ff1f77
--- /dev/null
+++ b/security/openssh+gssapi/PLIST.pam
@@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST.pam,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+share/examples/openssh/sshd.pam
diff --git a/security/openssh+gssapi/PLIST.prng b/security/openssh+gssapi/PLIST.prng
new file mode 100644
index 00000000000..16c1a2cb120
--- /dev/null
+++ b/security/openssh+gssapi/PLIST.prng
@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST.prng,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+libexec/ssh-rand-helper
+share/examples/openssh/ssh_prng_cmds
diff --git a/security/openssh+gssapi/distinfo b/security/openssh+gssapi/distinfo
new file mode 100644
index 00000000000..897244dfa7b
--- /dev/null
+++ b/security/openssh+gssapi/distinfo
@@ -0,0 +1,9 @@
+$NetBSD: distinfo,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+
+SHA1 (openssh-3.6.1p2.tar.gz) = dafe5b6ee2c8ced12c2ee8961530b4e51c2f0bcf
+Size (openssh-3.6.1p2.tar.gz) = 879629 bytes
+SHA1 (openssh-3.6.1p2-gssapi-20030430.diff) = a938638ad7d861e4f55ef5f8410acfdaac8a9e57
+Size (openssh-3.6.1p2-gssapi-20030430.diff) = 121077 bytes
+SHA1 (patch-aa) = 20abe6938aba07ab7b6c7eab5d24a303f0cd2298
+SHA1 (patch-ab) = 1069fe256b7925fcf404781ef14e5c492f52c21e
+SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506
diff --git a/security/openssh+gssapi/files/sshd.sh b/security/openssh+gssapi/files/sshd.sh
new file mode 100644
index 00000000000..b33955a6e31
--- /dev/null
+++ b/security/openssh+gssapi/files/sshd.sh
@@ -0,0 +1,105 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: sshd.sh,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+#
+# PROVIDE: sshd
+# REQUIRE: DAEMON LOGIN
+
+if [ -f /etc/rc.subr ]
+then
+ . /etc/rc.subr
+fi
+
+name="sshd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+keygen_command="@PREFIX@/bin/ssh-keygen"
+pidfile="@SSH_PID_DIR@/${name}.pid"
+required_files="@PKG_SYSCONFDIR@/sshd_config"
+extra_commands="keygen reload"
+
+sshd_keygen()
+{
+ (
+ umask 022
+ if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then
+ @ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key"
+ @ECHO@ "Skipping protocol version 1 RSA Key Generation"
+ else
+ ${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N ''
+ fi
+
+ if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then
+ @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key"
+ @ECHO@ "Skipping protocol version 2 DSA Key Generation"
+ else
+ ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N ''
+ fi
+
+ if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
+ @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key"
+ @ECHO@ "Skipping protocol version 2 RSA Key Generation"
+ else
+ ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N ''
+ fi
+ )
+}
+
+sshd_precmd()
+{
+ if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \
+ ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \
+ ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
+ if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
+ then
+ run_rc_command keygen
+ else
+ eval ${keygen_cmd}
+ fi
+ fi
+}
+
+keygen_cmd=sshd_keygen
+start_precmd=sshd_precmd
+
+if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
+then
+ load_rc_config $name
+ run_rc_command "$1"
+else
+ case ${1:-start} in
+ start)
+ if [ -x ${command} -a -f ${required_files} ]
+ then
+ @ECHO@ "Starting ${name}."
+ eval ${start_precmd}
+ eval ${command} ${sshd_flags} ${command_args}
+ fi
+ ;;
+ stop)
+ if [ -f ${pidfile} ]; then
+ pid=`@HEAD@ -1 ${pidfile}`
+ @ECHO@ "Stopping ${name}."
+ kill -TERM ${pid}
+ else
+ @ECHO@ "${name} not running?"
+ fi
+ ;;
+ restart)
+ ( $0 stop )
+ sleep 1
+ $0 start
+ ;;
+ status)
+ if [ -f ${pidfile} ]; then
+ pid=`@HEAD@ -1 ${pidfile}`
+ @ECHO@ "${name} is running as pid ${pid}."
+ else
+ @ECHO@ "${name} is not running."
+ fi
+ ;;
+ keygen)
+ eval ${keygen_cmd}
+ ;;
+ esac
+fi
diff --git a/security/openssh+gssapi/patches/patch-aa b/security/openssh+gssapi/patches/patch-aa
new file mode 100644
index 00000000000..a505c8d77c1
--- /dev/null
+++ b/security/openssh+gssapi/patches/patch-aa
@@ -0,0 +1,34 @@
+$NetBSD: patch-aa,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
+
+--- configure.orig Tue Apr 29 02:37:28 2003
++++ configure Tue Jun 10 13:38:01 2003
+@@ -4939,6 +4939,9 @@
+ ;;
+ esac
+
++# pkgsrc handles any rpath settings this package needs
++need_dash_r=
++
+ # Allow user to specify flags
+
+ # Check whether --with-cflags or --without-cflags was given.
+@@ -7030,6 +7033,10 @@
+ cat >>conftest.$ac_ext <<_ACEOF
+ /* end confdefs.h. */
+
++#ifdef HAVE_SYS_CDEFS_H
++#include <sys/cdefs.h>
++#endif
++#include <stdio.h>
+ #include <tcpd.h>
+ int deny_severity = 0, allow_severity = 0;
+
+@@ -19123,7 +19130,7 @@
+ echo " User binaries: $B"
+ echo " System binaries: $C"
+ echo " Configuration files: $D"
+-echo " Askpass program: $E"
++echo " Askpass program: ${ASKPASS_PROGRAM}"
+ echo " Manual pages: $F"
+ echo " PID file: $G"
+ echo " Privilege separation chroot path: $H"
diff --git a/security/openssh+gssapi/patches/patch-ab b/security/openssh+gssapi/patches/patch-ab
new file mode 100644
index 00000000000..78af9066543
--- /dev/null
+++ b/security/openssh+gssapi/patches/patch-ab
@@ -0,0 +1,34 @@
+$NetBSD: patch-ab,v 1.1.1.1 2003/07/24 21:01:24 jwise Exp $
+
+--- configure.ac.orig Thu Sep 26 00:38:47 2002
++++ configure.ac
+@@ -341,6 +341,9 @@ mips-sony-bsd|mips-sony-newsos4)
+ ;;
+ esac
+
++# pkgsrc handles any rpath settings this package needs
++need_dash_r=
++
+ # Allow user to specify flags
+ AC_ARG_WITH(cflags,
+ [ --with-cflags Specify additional flags to pass to compiler],
+@@ -575,6 +578,10 @@ AC_ARG_WITH(tcp-wrappers,
+ AC_MSG_CHECKING(for libwrap)
+ AC_TRY_LINK(
+ [
++#ifdef HAVE_SYS_CDEFS_H
++#include <sys/cdefs.h>
++#endif
++#include <stdio.h>
+ #include <tcpd.h>
+ int deny_severity = 0, allow_severity = 0;
+ ],
+@@ -2449,7 +2456,7 @@ echo "OpenSSH has been configured with t
+ echo " User binaries: $B"
+ echo " System binaries: $C"
+ echo " Configuration files: $D"
+-echo " Askpass program: $E"
++echo " Askpass program: ${ASKPASS_PROGRAM}"
+ echo " Manual pages: $F"
+ echo " PID file: $G"
+ echo " Privilege separation chroot path: $H"
diff --git a/security/openssh+gssapi/patches/patch-ah b/security/openssh+gssapi/patches/patch-ah
new file mode 100644
index 00000000000..195dd6ba600
--- /dev/null
+++ b/security/openssh+gssapi/patches/patch-ah
@@ -0,0 +1,22 @@
+$NetBSD: patch-ah,v 1.1.1.1 2003/07/24 21:01:24 jwise Exp $
+
+--- Makefile.in.orig Fri Jun 21 10:38:53 2002
++++ Makefile.in Tue Jun 25 10:50:44 2002
+@@ -21,7 +21,7 @@
+ DESTDIR=
+ VPATH=@srcdir@
+ SSH_PROGRAM=@bindir@/ssh
+-ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
++#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
+ SFTP_SERVER=$(libexecdir)/sftp-server
+ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+ RAND_HELPER=$(libexecdir)/ssh-rand-helper
+@@ -203,7 +203,7 @@
+ scard-install:
+ (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
+
+-install-files: scard-install
++install-files:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)