diff options
| author | jwise <jwise> | 2003-07-24 21:01:23 +0000 |
|---|---|---|
| committer | jwise <jwise> | 2003-07-24 21:01:23 +0000 |
| commit | 29ac8565d5708131276b7f69192e058d54a2bfb7 (patch) | |
| tree | e275710919d97b345bc118f15f64c654e76140db /security/openssh+gssapi | |
| parent | 688b668f30da1a52721bd749b002cf0cc635de82 (diff) | |
| download | pkgsrc-29ac8565d5708131276b7f69192e058d54a2bfb7.tar.gz | |
Import package for openssh+gssapi, which is openssh-3.6.1p2 with version
20030430 of the GSSAPI patches from
http://www.sxw.org.uk/computing/patches/openssh.html
. From the site:
The patches on this page are concerned with adding support for
authenticating users via their Kerberos credentials, and allowing
authenticated users to forward their credentials to a remote
machine over ssh.
These patches are against various versions of the OpenSSH portable
code. SSH has both a legacy protocol version 1, and a newer,
protocol version 2 (which is being standardised in the IETF).
Techniques exist for performing Kerberos authentication over both
protocols, and GSSAPI authentication over protocol version 2.
In this package standard ssh support for kerberos versions 4 and 5 is kept
for version 1 of the ssh protocol (openssh does not support kerberos 4 in
ssh protocol version 2).
These patches, which provide a much more thorough implementation of kerberos
5 support than that shipped with openssh, are pkg'ed here with an eye toward
evaluation of their usefullness for inclusion in the base os.
Diffstat (limited to 'security/openssh+gssapi')
| -rw-r--r-- | security/openssh+gssapi/DESCR | 14 | ||||
| -rw-r--r-- | security/openssh+gssapi/INSTALL | 36 | ||||
| -rw-r--r-- | security/openssh+gssapi/MESSAGE | 17 | ||||
| -rw-r--r-- | security/openssh+gssapi/MESSAGE.pam | 9 | ||||
| -rw-r--r-- | security/openssh+gssapi/MESSAGE.urandom | 8 | ||||
| -rw-r--r-- | security/openssh+gssapi/Makefile | 163 | ||||
| -rw-r--r-- | security/openssh+gssapi/Makefile.intree | 55 | ||||
| -rw-r--r-- | security/openssh+gssapi/PLIST | 30 | ||||
| -rw-r--r-- | security/openssh+gssapi/PLIST.pam | 2 | ||||
| -rw-r--r-- | security/openssh+gssapi/PLIST.prng | 3 | ||||
| -rw-r--r-- | security/openssh+gssapi/distinfo | 9 | ||||
| -rw-r--r-- | security/openssh+gssapi/files/sshd.sh | 105 | ||||
| -rw-r--r-- | security/openssh+gssapi/patches/patch-aa | 34 | ||||
| -rw-r--r-- | security/openssh+gssapi/patches/patch-ab | 34 | ||||
| -rw-r--r-- | security/openssh+gssapi/patches/patch-ah | 22 |
15 files changed, 541 insertions, 0 deletions
diff --git a/security/openssh+gssapi/DESCR b/security/openssh+gssapi/DESCR new file mode 100644 index 00000000000..764ae7f0903 --- /dev/null +++ b/security/openssh+gssapi/DESCR @@ -0,0 +1,14 @@ +OpenSSH is based on the last free version of Tatu Ylonen's SSH with +all patent-encumbered algorithms removed (to external libraries), all +known security bugs fixed, new features reintroduced and many other +clean-ups. More information about SSH itself can be found in the file +README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck, +Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. + +This port consists of the re-introduction of autoconf support, PAM +support (for Linux and Solaris), EGD[1] support, SOCKS support (using +the Dante [6] libraries and replacements for OpenBSD library functions +that are (regrettably) absent from other unices. This port has been +best tested on Linux, Solaris, HPUX, NetBSD and Irix. Support for AIX, +SCO, NeXT and other Unices is underway. This version actively tracks +changes in the OpenBSD CVS repository. diff --git a/security/openssh+gssapi/INSTALL b/security/openssh+gssapi/INSTALL new file mode 100644 index 00000000000..f930e443924 --- /dev/null +++ b/security/openssh+gssapi/INSTALL @@ -0,0 +1,36 @@ +# $NetBSD: INSTALL,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ + +DIRS="/etc /etc/ssh ${PKG_PREFIX}/etc ${PKG_PREFIX}/etc/ssh" +FILES="sshd.conf sshd_config" + +if [ "${STAGE}" != "POST-INSTALL" ]; then + exit 0 +fi + +for dir in $DIRS; do + if [ "@PKG_SYSCONFDIR@" != "$dir" ]; then + for file in $FILES; do + path=$dir/$file + if [ -f $path ]; then + ${CAT} <<EOF +=========================================================================== + + *===* NOTICE *===* + +WARNING: previous configuration file $path found. + +The config files for ${PKGNAME} must be located in: + + @PKG_SYSCONFDIR@ + +You will need to ensure your configuration files and/or keys are +placed in the correct directory before using ${PKGNAME}. + +=========================================================================== +EOF + + exit + fi + done + fi +done diff --git a/security/openssh+gssapi/MESSAGE b/security/openssh+gssapi/MESSAGE new file mode 100644 index 00000000000..482f771c674 --- /dev/null +++ b/security/openssh+gssapi/MESSAGE @@ -0,0 +1,17 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ + + *===* NOTICE *===* + +If you have existing config files for OpenSSH located at /etc/ssh.conf +and /etc/sshd.conf, then you will have to copy them: + + /etc/ssh.conf --> ${PKG_SYSCONFDIR}/ssh_config + /etc/sshd.conf --> ${PKG_SYSCONFDIR}/sshd_config + +The `${OPENSSH_USER}' user and `${OPENSSH_GROUP}' group used for +privilege separation have been created if they did not already exist. +For security reasons, UsePrivilegeSeparation has to be yes +(the default value). + +=========================================================================== diff --git a/security/openssh+gssapi/MESSAGE.pam b/security/openssh+gssapi/MESSAGE.pam new file mode 100644 index 00000000000..65185d65a13 --- /dev/null +++ b/security/openssh+gssapi/MESSAGE.pam @@ -0,0 +1,9 @@ +=========================================================================== +$NetBSD: MESSAGE.pam,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ + +To authenticate for SSH using PAM, add the contents of the file: + + ${EGDIR}/sshd.pam + +to your PAM configuration file. +=========================================================================== diff --git a/security/openssh+gssapi/MESSAGE.urandom b/security/openssh+gssapi/MESSAGE.urandom new file mode 100644 index 00000000000..6c3f593d0ae --- /dev/null +++ b/security/openssh+gssapi/MESSAGE.urandom @@ -0,0 +1,8 @@ +=========================================================================== +$NetBSD: MESSAGE.urandom,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ + +You will need a working /dev/urandom. Please make sure you have a kernel +compiled from a config file containing the line: + + pseudo-device rnd +=========================================================================== diff --git a/security/openssh+gssapi/Makefile b/security/openssh+gssapi/Makefile new file mode 100644 index 00000000000..8d1834809f6 --- /dev/null +++ b/security/openssh+gssapi/Makefile @@ -0,0 +1,163 @@ +# $NetBSD: Makefile,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ + +DISTNAME= openssh-3.6.1p2 +PKGNAME= openssh+gssapi-3.6.1.2.20030430 +SVR4_PKGNAME= ossh +CATEGORIES= security +MASTER_SITES= ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD/OpenSSH/portable/ \ + ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ + http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \ + ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ + ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ + ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/ +PATCH_SITES= http://www.sxw.org.uk/computing/patches/ +PATCHFILES= openssh-3.6.1p2-gssapi-20030430.diff +PATCH_DIST_STRIP= -p1 + +# Don't delete the last entry -- it's there if the pkgsrc version is not +# up-to-date and the mirrors already removed the old distfile. + +MAINTAINER= jwise@NetBSD.org +HOMEPAGE= http://www.openssh.com/ +COMMENT= Open Source Secure shell client and server (remote login program) + +CONFLICTS= sftp-[0-9]* +CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* ssh2-[0-9]* +CONFLICTS+= openssh-[0-9]* + +USE_PERL5= build + +# 0.9.5a can be used, with blowfish support broken. so require 0.9.6. +USE_OPENSSL_VERSION= ${OPENSSL_VERSION_096} + +CRYPTO= yes + +# retain the following line, for IPv6-ready pkgsrc webpage +BUILD_DEFS+= USE_INET6 +#BUILD_DEFS+= KERBEROS + +.include "../../mk/bsd.prefs.mk" + +INSTALL_TARGET= install-nokeys +PLIST_SRC= # empty +MESSAGE_SRC= ${.CURDIR}/MESSAGE + +PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}:${OPENSSH_UID}:sshd\\ privsep:${OPENSSH_CHROOT}:${NOLOGIN} +PKG_GROUPS= ${OPENSSH_GROUP}:${OPENSSH_GID} + +SSH_PID_DIR= /var/run # default directory for PID files + +PKG_SYSCONFSUBDIR= ssh +MANDIR= man +RCD_SCRIPTS_EGDIR= etc/rc.d + +PLIST_SUBST+= MANDIR=${MANDIR} +PLIST_SUBST+= RCD_SCRIPTS_EGDIR=${RCD_SCRIPTS_EGDIR} + +USE_BUILDLINK2= yes +USE_PKGINSTALL= yes +GNU_CONFIGURE= yes +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} +CONFIGURE_ARGS+= --mandir=${PREFIX}/${MANDIR} +CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR} +CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE} +CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers} +CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT} +CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER} +CONFIGURE_ARGS+= --with-kerberos5=/usr +CONFIGURE_ARGS+= --with-kerberos4=/usr + +CPPFLAGS+= -I/usr/include/krb5 -I/usr/include/kerberosIV + +# XXX: PAM authentication causes memory faults, and I haven't tracked down +# XXX: why yet. For the moment, disable PAM authentication. +# +#.if defined(USE_PAM) +#.include "../../security/PAM/buildlink2.mk" +#CONFIGURE_ARGS+= --with-pam +#PLIST_SRC+= ${.CURDIR}/PLIST.pam +#MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam +#.endif + +.if (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS") +. include "../../security/skey/buildlink2.mk" +CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey} +.elif ${OPSYS} == "NetBSD" +# XXX: NetBSD has 4 args (4: sslen) to skeychallenge instead of 3 +#CONFIGURE_ARGS+= --with-skey=/usr +CONFIGURE_ARGS+= --without-skey +.else +CONFIGURE_ARGS+= --without-skey +.endif + +.if defined(KERBEROS) +PKG_USE_KERBEROS= yes +CONFIGURE_ARGS+= --with-kerberos4=/usr +LDFLAGS+= -lkrb -lcom_err -lroken -ldes +.endif + +LD= ${CC} + +# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending +# on if it's part of the X11 distribution, or if it's installed from pkgsrc +# (security/ssh-askpass). +# +.if exists(${X11BASE}/bin/ssh-askpass) +ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass +.else +ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass +.endif +CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM} +MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM} + +CONFS= ssh_config sshd_config +SUPPS= moduli + +.if exists(/dev/urandom) +MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom +.else +CONFIGURE_ARGS+= --without-random +CONFS+= ssh_prng_cmds +PLIST_SRC+= ${.CURDIR}/PLIST.prng +.endif + +EGDIR= ${PREFIX}/share/examples/openssh +CONF_FILES= # empty +.for FILE in ${CONFS} +CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} +.endfor +SUPPORT_FILES= # empty +.for FILE in ${SUPPS} +SUPPORT_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} +.endfor +OWN_DIRS= ${OPENSSH_CHROOT} +RCD_SCRIPTS= sshd + +PLIST_SRC+= ${.CURDIR}/PLIST +FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR} +MESSAGE_SUBST+= EGDIR=${EGDIR} +MESSAGE_SUBST+= OPENSSH_USER=${OPENSSH_USER} +MESSAGE_SUBST+= OPENSSH_GROUP=${OPENSSH_GROUP} + +.if defined(UPDATE_INTREE_OPENSSH) +. include "Makefile.intree" +.endif + +pre-configure: + cd ${WRKSRC} && ${AUTORECONF} + +post-install: + ${INSTALL_DATA_DIR} ${EGDIR} + cd ${WRKSRC}; for file in ${CONFS} ${SUPPS}; do \ + ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \ + done +#.if defined(USE_PAM) +# ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam +#.endif + +.include "../../devel/zlib/buildlink2.mk" +.include "../../security/openssl/buildlink2.mk" +.include "../../security/tcp_wrappers/buildlink2.mk" +.include "../../mk/autoconf.mk" + +.include "../../mk/bsd.pkg.mk" diff --git a/security/openssh+gssapi/Makefile.intree b/security/openssh+gssapi/Makefile.intree new file mode 100644 index 00000000000..83c6df0edea --- /dev/null +++ b/security/openssh+gssapi/Makefile.intree @@ -0,0 +1,55 @@ +# $NetBSD: Makefile.intree,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ + +.include "../../mk/bsd.prefs.mk" + +_UPDATE_INTREE_OPENSSH?= NO +.if ${OPSYS} == "NetBSD" +. for PATTERN in 1.5 1.5.* +. if ${OS_VERSION:M${PATTERN}} +_UPDATE_INTREE_OPENSSH= YES +PKG_SYSCONFSUBDIR:= # empty +. endif +. endfor +. for PATTERN in 1.6* +. if ${OS_VERSION:M${PATTERN}} +_UPDATE_INTREE_OPENSSH= YES +PKG_SYSCONFSUBDIR:= ssh +. endif +. endfor +.endif + +# We would like to require an in-tree OpenSSL that is at least 0.9.5a, but the +# openssl buildlink2.mk forces at least 0.9.6f, which makes +# UPDATE_INTREE_OPENSSH useless for anything before 1.6* +# +# USE_OPENSSL_VERSION:= ${OPENSSL_VERSION_095A} +.include "../../security/openssl/buildlink2.mk" +.if ${_NEED_OPENSSL} == "YES" +_UPDATE_INTREE_OPENSSH= NO +PKG_FAIL_REASON= "OpenSSL>=0.9.6f in the base distribution is required." +.endif + +.if ${_UPDATE_INTREE_OPENSSH} == "YES" +NO_MTREE= yes +NO_PKG_REGISTER= yes +NO_PACKAGE= No package registration is done +MANCOMPRESSED_IF_MANZ= yes +LOCALBASE:= /usr +PKG_SYSCONFBASE:= /etc +MANDIR:= share/man +RCD_SCRIPTS_EGDIR:= share/examples/openssh +.else +PKG_FAIL_REASON?= "Unable to update in-tree OpenSSH for ${OPSYS}-${OS_VERSION}." +.endif + +real-tarball: + ${GREP} -v "^@" ${PLIST} | ${SED} -e "s,^,${PREFIX}/," | ${SORT} \ + > ${WRKDIR}/MANIFEST + ${GTAR} zcvpf ${PKGNAME}-intree-${OPSYS}-${OS_VERSION}.tgz \ + `${CAT} ${WRKDIR}/MANIFEST` + +tarball: + @${ECHO_MSG} "${_PKGSRC_IN}> Tarballing ${PKGNAME}" + ${_PKG_SILENT}${_PKG_DEBUG} \ + realtarget="real-tarball"; action="tarball"; \ + ${_SU_TARGET} diff --git a/security/openssh+gssapi/PLIST b/security/openssh+gssapi/PLIST new file mode 100644 index 00000000000..ce179a879ef --- /dev/null +++ b/security/openssh+gssapi/PLIST @@ -0,0 +1,30 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ +bin/scp +bin/sftp +bin/slogin +bin/ssh +bin/ssh-add +bin/ssh-agent +bin/ssh-keygen +bin/ssh-keyscan +${RCD_SCRIPTS_EGDIR}/sshd +libexec/sftp-server +libexec/ssh-keysign +${MANDIR}/man1/scp.1 +${MANDIR}/man1/sftp.1 +${MANDIR}/man1/slogin.1 +${MANDIR}/man1/ssh-add.1 +${MANDIR}/man1/ssh-agent.1 +${MANDIR}/man1/ssh-keygen.1 +${MANDIR}/man1/ssh-keyscan.1 +${MANDIR}/man1/ssh.1 +${MANDIR}/man5/ssh_config.5 +${MANDIR}/man5/sshd_config.5 +${MANDIR}/man8/sftp-server.8 +${MANDIR}/man8/ssh-keysign.8 +${MANDIR}/man8/sshd.8 +sbin/sshd +share/examples/openssh/moduli +share/examples/openssh/ssh_config +share/examples/openssh/sshd_config +@dirrm share/examples/openssh diff --git a/security/openssh+gssapi/PLIST.pam b/security/openssh+gssapi/PLIST.pam new file mode 100644 index 00000000000..51a30ff1f77 --- /dev/null +++ b/security/openssh+gssapi/PLIST.pam @@ -0,0 +1,2 @@ +@comment $NetBSD: PLIST.pam,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ +share/examples/openssh/sshd.pam diff --git a/security/openssh+gssapi/PLIST.prng b/security/openssh+gssapi/PLIST.prng new file mode 100644 index 00000000000..16c1a2cb120 --- /dev/null +++ b/security/openssh+gssapi/PLIST.prng @@ -0,0 +1,3 @@ +@comment $NetBSD: PLIST.prng,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ +libexec/ssh-rand-helper +share/examples/openssh/ssh_prng_cmds diff --git a/security/openssh+gssapi/distinfo b/security/openssh+gssapi/distinfo new file mode 100644 index 00000000000..897244dfa7b --- /dev/null +++ b/security/openssh+gssapi/distinfo @@ -0,0 +1,9 @@ +$NetBSD: distinfo,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ + +SHA1 (openssh-3.6.1p2.tar.gz) = dafe5b6ee2c8ced12c2ee8961530b4e51c2f0bcf +Size (openssh-3.6.1p2.tar.gz) = 879629 bytes +SHA1 (openssh-3.6.1p2-gssapi-20030430.diff) = a938638ad7d861e4f55ef5f8410acfdaac8a9e57 +Size (openssh-3.6.1p2-gssapi-20030430.diff) = 121077 bytes +SHA1 (patch-aa) = 20abe6938aba07ab7b6c7eab5d24a303f0cd2298 +SHA1 (patch-ab) = 1069fe256b7925fcf404781ef14e5c492f52c21e +SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506 diff --git a/security/openssh+gssapi/files/sshd.sh b/security/openssh+gssapi/files/sshd.sh new file mode 100644 index 00000000000..b33955a6e31 --- /dev/null +++ b/security/openssh+gssapi/files/sshd.sh @@ -0,0 +1,105 @@ +#!@RCD_SCRIPTS_SHELL@ +# +# $NetBSD: sshd.sh,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ +# +# PROVIDE: sshd +# REQUIRE: DAEMON LOGIN + +if [ -f /etc/rc.subr ] +then + . /etc/rc.subr +fi + +name="sshd" +rcvar=$name +command="@PREFIX@/sbin/${name}" +keygen_command="@PREFIX@/bin/ssh-keygen" +pidfile="@SSH_PID_DIR@/${name}.pid" +required_files="@PKG_SYSCONFDIR@/sshd_config" +extra_commands="keygen reload" + +sshd_keygen() +{ + ( + umask 022 + if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then + @ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key" + @ECHO@ "Skipping protocol version 1 RSA Key Generation" + else + ${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N '' + fi + + if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then + @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key" + @ECHO@ "Skipping protocol version 2 DSA Key Generation" + else + ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N '' + fi + + if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then + @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key" + @ECHO@ "Skipping protocol version 2 RSA Key Generation" + else + ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N '' + fi + ) +} + +sshd_precmd() +{ + if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \ + ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \ + ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then + if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] + then + run_rc_command keygen + else + eval ${keygen_cmd} + fi + fi +} + +keygen_cmd=sshd_keygen +start_precmd=sshd_precmd + +if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] +then + load_rc_config $name + run_rc_command "$1" +else + case ${1:-start} in + start) + if [ -x ${command} -a -f ${required_files} ] + then + @ECHO@ "Starting ${name}." + eval ${start_precmd} + eval ${command} ${sshd_flags} ${command_args} + fi + ;; + stop) + if [ -f ${pidfile} ]; then + pid=`@HEAD@ -1 ${pidfile}` + @ECHO@ "Stopping ${name}." + kill -TERM ${pid} + else + @ECHO@ "${name} not running?" + fi + ;; + restart) + ( $0 stop ) + sleep 1 + $0 start + ;; + status) + if [ -f ${pidfile} ]; then + pid=`@HEAD@ -1 ${pidfile}` + @ECHO@ "${name} is running as pid ${pid}." + else + @ECHO@ "${name} is not running." + fi + ;; + keygen) + eval ${keygen_cmd} + ;; + esac +fi diff --git a/security/openssh+gssapi/patches/patch-aa b/security/openssh+gssapi/patches/patch-aa new file mode 100644 index 00000000000..a505c8d77c1 --- /dev/null +++ b/security/openssh+gssapi/patches/patch-aa @@ -0,0 +1,34 @@ +$NetBSD: patch-aa,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ + +--- configure.orig Tue Apr 29 02:37:28 2003 ++++ configure Tue Jun 10 13:38:01 2003 +@@ -4939,6 +4939,9 @@ + ;; + esac + ++# pkgsrc handles any rpath settings this package needs ++need_dash_r= ++ + # Allow user to specify flags + + # Check whether --with-cflags or --without-cflags was given. +@@ -7030,6 +7033,10 @@ + cat >>conftest.$ac_ext <<_ACEOF + /* end confdefs.h. */ + ++#ifdef HAVE_SYS_CDEFS_H ++#include <sys/cdefs.h> ++#endif ++#include <stdio.h> + #include <tcpd.h> + int deny_severity = 0, allow_severity = 0; + +@@ -19123,7 +19130,7 @@ + echo " User binaries: $B" + echo " System binaries: $C" + echo " Configuration files: $D" +-echo " Askpass program: $E" ++echo " Askpass program: ${ASKPASS_PROGRAM}" + echo " Manual pages: $F" + echo " PID file: $G" + echo " Privilege separation chroot path: $H" diff --git a/security/openssh+gssapi/patches/patch-ab b/security/openssh+gssapi/patches/patch-ab new file mode 100644 index 00000000000..78af9066543 --- /dev/null +++ b/security/openssh+gssapi/patches/patch-ab @@ -0,0 +1,34 @@ +$NetBSD: patch-ab,v 1.1.1.1 2003/07/24 21:01:24 jwise Exp $ + +--- configure.ac.orig Thu Sep 26 00:38:47 2002 ++++ configure.ac +@@ -341,6 +341,9 @@ mips-sony-bsd|mips-sony-newsos4) + ;; + esac + ++# pkgsrc handles any rpath settings this package needs ++need_dash_r= ++ + # Allow user to specify flags + AC_ARG_WITH(cflags, + [ --with-cflags Specify additional flags to pass to compiler], +@@ -575,6 +578,10 @@ AC_ARG_WITH(tcp-wrappers, + AC_MSG_CHECKING(for libwrap) + AC_TRY_LINK( + [ ++#ifdef HAVE_SYS_CDEFS_H ++#include <sys/cdefs.h> ++#endif ++#include <stdio.h> + #include <tcpd.h> + int deny_severity = 0, allow_severity = 0; + ], +@@ -2449,7 +2456,7 @@ echo "OpenSSH has been configured with t + echo " User binaries: $B" + echo " System binaries: $C" + echo " Configuration files: $D" +-echo " Askpass program: $E" ++echo " Askpass program: ${ASKPASS_PROGRAM}" + echo " Manual pages: $F" + echo " PID file: $G" + echo " Privilege separation chroot path: $H" diff --git a/security/openssh+gssapi/patches/patch-ah b/security/openssh+gssapi/patches/patch-ah new file mode 100644 index 00000000000..195dd6ba600 --- /dev/null +++ b/security/openssh+gssapi/patches/patch-ah @@ -0,0 +1,22 @@ +$NetBSD: patch-ah,v 1.1.1.1 2003/07/24 21:01:24 jwise Exp $ + +--- Makefile.in.orig Fri Jun 21 10:38:53 2002 ++++ Makefile.in Tue Jun 25 10:50:44 2002 +@@ -21,7 +21,7 @@ + DESTDIR= + VPATH=@srcdir@ + SSH_PROGRAM=@bindir@/ssh +-ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass ++#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass + SFTP_SERVER=$(libexecdir)/sftp-server + SSH_KEYSIGN=$(libexecdir)/ssh-keysign + RAND_HELPER=$(libexecdir)/ssh-rand-helper +@@ -203,7 +203,7 @@ + scard-install: + (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) + +-install-files: scard-install ++install-files: + $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) |