packages: openssh/openssh-blacklist.diff, openssh/openssh.spec, openssh/ope...
arekm
arekm at pld-linux.org
Sun Sep 11 08:47:59 CEST 2011
Author: arekm Date: Sun Sep 11 06:47:59 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 1; replace lpk patch with maintained fedora ldap patch
---- Files affected:
packages/openssh:
openssh-blacklist.diff (1.9 -> 1.10) , openssh.spec (1.365 -> 1.366) , openssh-5.9p1-ldap-fixes.patch (NONE -> 1.1) (NEW), openssh-5.9p1-ldap.patch (NONE -> 1.1) (NEW), openssh-lpk.patch (1.7 -> NONE) (REMOVED)
---- Diffs:
================================================================
Index: packages/openssh/openssh-blacklist.diff
diff -u packages/openssh/openssh-blacklist.diff:1.9 packages/openssh/openssh-blacklist.diff:1.10
--- packages/openssh/openssh-blacklist.diff:1.9 Tue Sep 6 19:58:54 2011
+++ packages/openssh/openssh-blacklist.diff Sun Sep 11 08:47:53 2011
@@ -120,8 +120,8 @@
INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-vulnkey$(EXEEXT)
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
@@ -129,10 +129,10 @@
audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
roaming_common.o roaming_serv.o ldapauth.o
--MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
--MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
-+MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out ssh-vulnkey.1.out
-+MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 ssh-vulnkey.1
+-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
+-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
++MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out ssh-vulnkey.1.out
++MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5 ssh-vulnkey.1
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
================================================================
Index: packages/openssh/openssh.spec
diff -u packages/openssh/openssh.spec:1.365 packages/openssh/openssh.spec:1.366
--- packages/openssh/openssh.spec:1.365 Tue Sep 6 19:58:54 2011
+++ packages/openssh/openssh.spec Sun Sep 11 08:47:53 2011
@@ -30,7 +30,7 @@
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
Version: 5.9p1
-Release: 0.1
+Release: 1
Epoch: 2
License: BSD
Group: Applications/Networking
@@ -49,9 +49,10 @@
Patch0: %{name}-no_libnsl.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
-# http://code.google.com/p/openssh-lpk/
-Patch4: %{name}-lpk.patch
-Patch5: %{name}-config.patch
+# http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
+Patch4: %{name}-5.9p1-ldap.patch
+Patch5: %{name}-5.9p1-ldap-fixes.patch
+Patch6: %{name}-config.patch
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
Patch9: %{name}-5.2p1-hpn13v6.diff
@@ -495,6 +496,7 @@
%patch3 -p1
%{?with_ldap:%patch4 -p1}
%patch5 -p1
+%patch6 -p1
%{?with_hpn:%patch9 -p1}
%patch10 -p1
%patch11 -p1
@@ -521,6 +523,7 @@
cp /usr/share/automake/config.sub .
%{__aclocal}
%{__autoconf}
+%{__autoheader}
CPPFLAGS="-DCHROOT"
%configure \
PERL=%{__perl} \
@@ -531,8 +534,7 @@
%{?with_libedit:--with-libedit} \
--with-4in6 \
--with-tcp-wrappers \
- %{?with_ldap:--with-libs="-lldap -llber"} \
- %{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
+ %{?with_ldap:--with-ldap} \
%{?with_kerberos5:--with-kerberos5=/usr} \
--with-privsep-path=%{_privsepdir} \
--with-pid-dir=%{_localstatedir}/run \
@@ -714,14 +716,19 @@
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
%attr(755,root,root) %{_libexecdir}/ssh-keysign
+%attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
+%attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%{_mandir}/man8/ssh-keysign.8*
+%{_mandir}/man8/ssh-ldap-helper.8*
%{_mandir}/man8/ssh-pkcs11-helper.8*
%{_mandir}/man5/sshd_config.5*
+%{_mandir}/man5/ssh-ldap.conf.5*
%{_mandir}/man5/moduli.5*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ldap.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
%attr(640,root,root) %{_sysconfdir}/moduli
%attr(754,root,root) /etc/rc.d/init.d/sshd
@@ -755,6 +762,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.366 2011/09/11 06:47:53 arekm
+- rel 1; replace lpk patch with maintained fedora ldap patch
+
Revision 1.365 2011/09/06 17:58:54 arekm
- up to 5.9p1 (lpk patch needs update; builds --without ldap only for now)
================================================================
Index: packages/openssh/openssh-5.9p1-ldap-fixes.patch
diff -u /dev/null packages/openssh/openssh-5.9p1-ldap-fixes.patch:1.1
--- /dev/null Sun Sep 11 08:47:59 2011
+++ packages/openssh/openssh-5.9p1-ldap-fixes.patch Sun Sep 11 08:47:53 2011
@@ -0,0 +1,25 @@
+diff -ur openssh-5.9p1.org/ldap-helper.c openssh-5.9p1/ldap-helper.c
+--- openssh-5.9p1.org/ldap-helper.c 2011-09-11 08:44:20.526555802 +0200
++++ openssh-5.9p1/ldap-helper.c 2011-09-11 08:43:11.328426660 +0200
+@@ -62,6 +62,8 @@
+ int
+ main(int ac, char **av)
+ {
++ extern char *optarg;
++ extern int optind;
+ int opt;
+ FILE *outfile = NULL;
+
+diff -ur openssh-5.9p1.org/Makefile.in openssh-5.9p1/Makefile.in
+--- openssh-5.9p1.org/Makefile.in 2011-09-11 08:44:20.543222823 +0200
++++ openssh-5.9p1/Makefile.in 2011-09-11 08:43:11.348427083 +0200
+@@ -165,7 +165,7 @@
+ $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lssh -lopenbsd-compat $(LIBS)
+
+ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
+- $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
++ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
+ $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+
================================================================
Index: packages/openssh/openssh-5.9p1-ldap.patch
diff -u /dev/null packages/openssh/openssh-5.9p1-ldap.patch:1.1
--- /dev/null Sun Sep 11 08:47:59 2011
+++ packages/openssh/openssh-5.9p1-ldap.patch Sun Sep 11 08:47:53 2011
@@ -0,0 +1,2596 @@
+diff -up openssh-5.9p0/HOWTO.ldap-keys.ldap openssh-5.9p0/HOWTO.ldap-keys
+--- openssh-5.9p0/HOWTO.ldap-keys.ldap 2011-08-30 15:57:12.449212853 +0200
++++ openssh-5.9p0/HOWTO.ldap-keys 2011-08-30 15:57:12.453101662 +0200
+@@ -0,0 +1,108 @@
++
++HOW TO START
++
++1) configure LDAP server
++ * Use LDAP server documentation
++2) add appropriate LDAP schema
++ * For OpenLDAP or SunONE Use attached schema, otherwise you have to create it.
++ * LDAP user entry
++ User entry:
++ - attached to the 'ldapPublicKey' objectclass
++ - attached to the 'posixAccount' objectclass
++ - with a filled 'sshPublicKey' attribute
++3) insert users into LDAP
++ * Use LDAP Tree management tool as useful
++ * Entry in the LDAP server must respect 'posixAccount' and 'ldapPublicKey' which are defined in core.schema and the additionnal lpk.schema.
++ * Example:
++ dn: uid=captain,ou=commanders,dc=enterprise,dc=universe
++ objectclass: top
++ objectclass: person
++ objectclass: organizationalPerson
++ objectclass: posixAccount
++ objectclass: ldapPublicKey
++ description: Jonathan Archer
++ userPassword: Porthos
++ cn: onathan Archer
++ sn: onathan Archer
++ uid: captain
++ uidNumber: 1001
++ gidNumber: 1001
++ homeDirectory: /home/captain
++ sshPublicKey: ssh-rss AAAAB3.... =captain at universe
++ sshPublicKey: command="kill -9 1" ssh-rss AAAAM5...
++4) on the ssh side set in sshd_config
++ * Set up the backend
++ AuthorizedKeysCommand "/usr/libexec/openssh/ssh-ldap-wrapper"
++ AuthorizedKeysCommandRunAs <appropriate user to run LDAP>
++ * Do not forget to set
++ PubkeyAuthentication yes
++ * Swith off unnecessary auth methods
++5) confugure ldap.conf
++ * Default ldap.conf is placed in /etc/ssh
++ * The configuration style is the same as other ldap based aplications
++6) if necessary edit ssh-ldap-wrapper
++ * There is a possibility to change ldap.conf location
++ * There are some debug options
++ * Example
++ /usr/libexec/openssh -s -f /etc/ldap.conf -w -d >> /tmp/ldapdebuglog.txt
++
++HOW TO MIGRATE FROM LPK
++
++1) goto HOW TO START 4) .... the ldap schema is the same
++
++2) convert the group requests to the appropriate LDAP requests
++
++HOW TO SOLVE PROBLEMS
++
++1) use debug in sshd
++ * /usr/sbin/sshd -d -d -d -d
++2) use debug in ssh-ldap-helper
++ * ssh-ldap-helper -d -d -d -d -s <username>
++3) use tcpdump ... other ldap client etc.
++
++ADVANTAGES
++
++1) Blocking an user account can be done directly from LDAP (if sshd is using PubkeyAuthentication + AuthorizedKeysCommand with ldap only).
++
++DISADVANTAGES
++
++1) LDAP must be well configured, getting the public key of some user is not a problem, but if anonymous LDAP
++ allows write to users dn, somebody could replace some user's public key by his own and impersonate some
++ of your users in all your server farm -- be VERY CAREFUL.
++2) With incomplete PKI the MITM attack when sshd is requesting the public key, could lead to a compromise of your servers allowing login
++ as the impersonated user.
++3) If LDAP server is down there may be no fallback on passwd auth.
++
++MISC.
++
++1) todo
++ * Possibility to reuse the ssh-ldap-helper.
++ * Tune the LDAP part to accept all possible LDAP configurations.
++
++2) differences from original lpk
++ * No LDAP code in sshd.
++ * Support for various LDAP platforms and configurations.
++ * LDAP is configured in separate ldap.conf file.
++
++3) docs/link
++ * http://pacsec.jp/core05/psj05-barisani-en.pdf
++ * http://fritz.potsdam.edu/projects/openssh-lpk/
++ * http://fritz.potsdam.edu/projects/sshgate/
++ * http://dev.inversepath.com/trac/openssh-lpk
++ * http://lam.sf.net/ ( http://lam.sourceforge.net/documentation/supportedSchemas.htm )
++
++4) contributors/ideas/greets
++ - Eric AUGE <eau at phear.org>
++ - Andrea Barisani <andrea at inversepath.com>
++ - Falk Siemonsmeier.
++ - Jacob Rief.
++ - Michael Durchgraf.
++ - frederic peters.
++ - Finlay dobbie.
++ - Stefan Fisher.
++ - Robin H. Johnson.
++ - Adrian Bridgett.
++
++5) Author
++ Jan F. Chadima <jchadima at redhat.com>
++
+diff -up openssh-5.9p0/Makefile.in.ldap openssh-5.9p0/Makefile.in
+--- openssh-5.9p0/Makefile.in.ldap 2011-08-30 15:57:01.693024742 +0200
++++ openssh-5.9p0/Makefile.in 2011-08-30 16:00:02.478212295 +0200
+@@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
+ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
+ SFTP_SERVER=$(libexecdir)/sftp-server
+ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
++SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
++SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
+ SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
+ PRIVSEP_PATH=@PRIVSEP_PATH@
+ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+@@ -58,8 +60,9 @@ XAUTH_PATH=@XAUTH_PATH@
+ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
+ EXEEXT=@EXEEXT@
+ MANFMT=@MANFMT@
++INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
+
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
+
+ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
+@@ -92,8 +95,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ roaming_common.o roaming_serv.o \
+ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
+
+-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
++MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
++MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
+ MANTYPE = @MANTYPE@
+
+ CONFIGFILES=sshd_config.out ssh_config.out moduli.out
+@@ -161,6 +164,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
+ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
+ $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
++ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
++ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
++
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
+ $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+
+@@ -256,6 +262,10 @@ install-files:
+ $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+ $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
++ if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
++ $(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
++ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
++ fi
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+@@ -272,6 +282,10 @@ install-files:
+ $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
++ if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
++ $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
++ $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
++ fi
+ -rm -f $(DESTDIR)$(bindir)/slogin
+ ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+@@ -301,6 +315,13 @@ install-sysconf:
+ else \
+ echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
+ fi
++ if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
++ if [ ! -f $(DESTDIR)$(sysconfdir)/ldap.conf ]; then \
++ $(INSTALL) -m 644 ldap.conf $(DESTDIR)$(sysconfdir)/ldap.conf; \
++ else \
++ echo "$(DESTDIR)$(sysconfdir)/ldap.conf already exists, install will not overwrite"; \
++ fi ; \
++ fi
+
+ host-key: ssh-keygen$(EXEEXT)
+ @if [ -z "$(DESTDIR)" ] ; then \
+@@ -358,6 +379,8 @@ uninstall:
+ -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
++ -rm -f $(DESTDIR)$(SSH_LDAP_HELPER)$(EXEEXT)
++ -rm -f $(DESTDIR)$(SSH_LDAP_WRAPPER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
+@@ -369,6 +392,7 @@ uninstall:
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
++ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+
+ tests interop-tests: $(TARGETS)
+diff -up openssh-5.9p0/configure.ac.ldap openssh-5.9p0/configure.ac
+--- openssh-5.9p0/configure.ac.ldap 2011-08-30 15:57:11.297032991 +0200
++++ openssh-5.9p0/configure.ac 2011-08-30 15:57:12.664024959 +0200
+@@ -1433,6 +1433,106 @@ AC_ARG_WITH(authorized-keys-command,
+ ]
+ )
+
++# Check whether user wants LDAP support
++LDAP_MSG="no"
++INSTALL_SSH_LDAP_HELPER=""
++AC_ARG_WITH(ldap,
++ [ --with-ldap[[=PATH]] Enable LDAP pubkey support (optionally in PATH)],
++ [
++ if test "x$withval" != "xno" ; then
++
++ INSTALL_SSH_LDAP_HELPER="yes"
++ CPPFLAGS="$CPPFLAGS -DLDAP_DEPRECATED"
++
++ if test "x$withval" != "xyes" ; then
++ CPPFLAGS="$CPPFLAGS -I${withval}/include"
++ LDFLAGS="$LDFLAGS -L${withval}/lib"
++ fi
++
++ AC_DEFINE([WITH_LDAP_PUBKEY], 1, [Enable LDAP pubkey support])
++ LDAP_MSG="yes"
++
++ AC_CHECK_HEADERS(lber.h)
++ AC_CHECK_HEADERS(ldap.h, , AC_MSG_ERROR(could not locate <ldap.h>))
++ AC_CHECK_HEADERS(ldap_ssl.h)
++
++ AC_ARG_WITH(ldap-lib,
++ [ --with-ldap-lib=type select ldap library [auto|netscape5|netscape4|netscape3|umich|openldap]])
++
++ if test -z "$with_ldap_lib"; then
++ with_ldap_lib=auto
++ fi
++
++ if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then
++ AC_CHECK_LIB(lber, main, LIBS="-llber $LIBS" found_ldap_lib=yes)
++ AC_CHECK_LIB(ldap, main, LIBS="-lldap $LIBS" found_ldap_lib=yes)
++ fi
++
++ if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \); then
++ AC_CHECK_LIB(ldap50, main, LIBS="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBS" found_ldap_lib=yes)
++ fi
++
++ if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape4 \); then
++ AC_CHECK_LIB(ldapssl41, main, LIBS="-lldapssl41 -lplc3 -lplds3 -lnspr3 $LIBS" found_ldap_lib=yes)
++ if test -z "$found_ldap_lib"; then
++ AC_CHECK_LIB(ldapssl40, main, LIBS="-lldapssl40 $LIBS" found_ldap_lib=yes)
++ fi
++ if test -z "$found_ldap_lib"; then
++ AC_CHECK_LIB(ldap41, main, LIBS="-lldap41 $LIBS" found_ldap_lib=yes)
++ fi
++ if test -z "$found_ldap_lib"; then
++ AC_CHECK_LIB(ldap40, main, LIBS="-lldap40 $LIBS" found_ldap_lib=yes)
++ fi
++ fi
++
++ if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape3 \); then
++ AC_CHECK_LIB(ldapssl30, main, LIBS="-lldapssl30 $LIBS" found_ldap_lib=yes)
++ fi
++
++ if test -z "$found_ldap_lib"; then
++ AC_MSG_ERROR(could not locate a valid LDAP library)
++ fi
++
++ AC_MSG_CHECKING([for working LDAP support])
++ AC_TRY_COMPILE(
++ [#include <sys/types.h>
++ #include <ldap.h>],
++ [(void)ldap_init(0, 0);],
++ [AC_MSG_RESULT(yes)],
++ [
++ AC_MSG_RESULT(no)
++ AC_MSG_ERROR([** Incomplete or missing ldap libraries **])
++ ])
++ AC_CHECK_FUNCS( \
++ ldap_init \
++ ldap_get_lderrno \
++ ldap_set_lderrno \
++ ldap_parse_result \
++ ldap_memfree \
++ ldap_controls_free \
++ ldap_set_option \
++ ldap_get_option \
++ ldapssl_init \
++ ldap_start_tls_s \
++ ldap_pvt_tls_set_option \
++ ldap_initialize \
++ )
++ AC_CHECK_FUNCS(ldap_set_rebind_proc,
++ AC_MSG_CHECKING([number arguments of ldap_set_rebind_proc])
++ AC_TRY_COMPILE(
++ [#include <lber.h>
++ #include <ldap.h>],
++ [ldap_set_rebind_proc(0, 0, 0);],
++ [ac_cv_ldap_set_rebind_proc=3],
++ [ac_cv_ldap_set_rebind_proc=2])
++ AC_MSG_RESULT($ac_cv_ldap_set_rebind_proc)
++ AC_DEFINE(LDAP_SET_REBIND_PROC_ARGS, $ac_cv_ldap_set_rebind_proc, [number arguments of ldap_set_rebind_proc])
++ )
++ fi
++ ]
++)
++AC_SUBST(INSTALL_SSH_LDAP_HELPER)
++
+ dnl Checks for library functions. Please keep in alphabetical order
+ AC_CHECK_FUNCS([ \
+ arc4random \
+diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c
+--- openssh-5.9p0/ldap-helper.c.ldap 2011-08-30 15:57:12.754025033 +0200
++++ openssh-5.9p0/ldap-helper.c 2011-08-30 15:57:12.759025510 +0200
+@@ -0,0 +1,155 @@
++/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
++/*
++ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "ldapincludes.h"
++#include "log.h"
++#include "misc.h"
++#include "xmalloc.h"
++#include "ldapconf.h"
++#include "ldapbody.h"
++#include <string.h>
++#include <unistd.h>
++
++static int config_debug = 0;
++int config_exclusive_config_file = 0;
++static char *config_file_name = "/etc/ssh/ldap.conf";
++static char *config_single_user = NULL;
++static int config_verbose = SYSLOG_LEVEL_VERBOSE;
++int config_warning_config_file = 0;
++extern char *__progname;
++
++static void
++usage(void)
++{
++ fprintf(stderr, "usage: %s [options]\n",
++ __progname);
++ fprintf(stderr, "Options:\n");
++ fprintf(stderr, " -d Output the log messages to stderr.\n");
++ fprintf(stderr, " -e Check the config file for unknown commands.\n");
++ fprintf(stderr, " -f file Use alternate config file (default is /etc/ssh/ldap.conf).\n");
++ fprintf(stderr, " -s user Do not demonize, send the user's key to stdout.\n");
++ fprintf(stderr, " -v Increase verbosity of the debug output (implies -d).\n");
++ fprintf(stderr, " -w Warn on unknown commands in the config file.\n");
++ exit(1);
++}
++
++/*
++ * Main program for the ssh pka ldap agent.
++ */
++
++int
++main(int ac, char **av)
++{
++ int opt;
++ FILE *outfile = NULL;
++
++ __progname = ssh_get_progname(av[0]);
++
++ log_init(__progname, SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
++
++ /*
++ * Initialize option structure to indicate that no values have been
++ * set.
++ */
++ initialize_options();
++
++ /* Parse command-line arguments. */
++ while ((opt = getopt(ac, av, "def:s:vw")) != -1) {
++ switch (opt) {
++ case 'd':
++ config_debug = 1;
++ break;
++
++ case 'e':
++ config_exclusive_config_file = 1;
++ config_warning_config_file = 1;
++ break;
++
++ case 'f':
++ config_file_name = optarg;
++ break;
++
++ case 's':
++ config_single_user = optarg;
++ outfile = fdopen (dup (fileno (stdout)), "w");
++ break;
++
++ case 'v':
++ config_debug = 1;
++ if (config_verbose < SYSLOG_LEVEL_DEBUG3)
++ config_verbose++;
++ break;
++
++ case 'w':
++ config_warning_config_file = 1;
++ break;
++
++ case '?':
++ default:
++ usage();
++ break;
++ }
++ }
++
++ /* Initialize loging */
++ log_init(__progname, config_verbose, SYSLOG_FACILITY_AUTH, config_debug);
++
++ if (ac != optind)
++ fatal ("illegal extra parameter %s", av[1]);
++
++ /* Ensure that fds 0 and 2 are open or directed to /dev/null */
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssh/openssh-blacklist.diff?r1=1.9&r2=1.10&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssh/openssh.spec?r1=1.365&r2=1.366&f=u
More information about the pld-cvs-commit
mailing list