network/openssh-krb5: Added (Kerberos-enabled OpenSSH)

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
This commit is contained in:
Leigh Wedding 2011-12-16 08:47:57 -06:00 committed by Niels Horn
parent 382b791d69
commit 96ba3e010e
6 changed files with 247 additions and 0 deletions

View file

@ -0,0 +1,14 @@
openssh-krb5 (Secure Shell daemon and clients - with Kerberos)
ssh (Secure Shell) is a program for logging into a remote machine and
for executing commands on a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.
This package builds openssh with Kerberos support, and it does not
conflict with the stock Slackware package (in fact, that package needs
to stay, as this depends on other files contained in it).
You will need to start /etc/rc.d/rc.sshd.krb5 during boot.
This requires krb5.

View file

@ -0,0 +1,26 @@
config() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
# If there's no config file by that name, mv it over:
if [ ! -r $OLD ]; then
mv $NEW $OLD
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
# toss the redundant copy
rm $NEW
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
preserve_perms() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
if [ -e $OLD ]; then
cp -a $OLD ${NEW}.incoming
cat $NEW > ${NEW}.incoming
mv ${NEW}.incoming $NEW
fi
config $NEW
}
preserve_perms etc/rc.d/rc.sshd.krb5.new

View file

@ -0,0 +1,125 @@
#!/bin/sh
# Copyright 2000 BSDi, Inc. Concord, CA, USA
# Copyright 2001, 2002, 2003, 2004 Slackware Linux, Inc. Concord, CA, USA
# Copyright 2006, 2007, 2008, 2009, 2010 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# Modified by Leigh Wedding <leigh.wedding@telstra.com> to build with
# Kerberos support. Note: requires MIT Kerberos to be installed. Generated
# package also relies in standard Slackware openssh package being installed.
# Generated package does not overwrite or interfere with the standard
# Slackware openssh package.
PRGNAM=openssh-krb5
SRCNAM=openssh
VERSION=${VERSION:-5.9p1}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) ARCH=i486 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
fi
CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
if [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
elif [ "$ARCH" = "arm" ]; then
SLKCFLAGS="-O2 -march=armv4 -mtune=xscale"
elif [ "$ARCH" = "armel" ]; then
SLKCFLAGS="-O2 -march=armv4t"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $SRCNAM-$VERSION
tar xvf $CWD/$SRCNAM-$VERSION.tar.gz
cd $SRCNAM-$VERSION
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr/kerberos \
--mandir=/usr/kerberos/man \
--sysconfdir=/etc/ssh \
--without-pam \
--with-md5-passwords \
--with-tcp-wrappers \
--with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/kerberos/bin \
--with-ipv4-default \
--with-privsep-path=/var/empty \
--with-privsep-user=sshd \
--with-kerberos5=/usr/kerberos
--build=$ARCH-slackware-linux
make
make install DESTDIR=$PKG
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | \
grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
# Remove un-needed stuff
rm -r $PKG/usr/kerberos/man/ $PKG/etc/ssh $PKG/var
rm -f $PKG/usr/kerberos/bin/ssh-{keyscan,keygen,agent,add}
#for i in ssh-keyscan ssh-keygen ssh-agent ssh-add; do
# find $PKG -name ${i}\* -exec rm {} \;
#done
# Rename programs with .krb5 extension so we don't interfere with native
for i in ssh scp sftp; do
mv $PKG/usr/kerberos/bin/$i $PKG/usr/kerberos/bin/$i.krb5
done
# Add init script
mkdir -p $PKG/etc/rc.d
cat $CWD/rc.sshd.krb5 > $PKG/etc/rc.d/rc.sshd.krb5.new
chmod 0755 $PKG/etc/rc.d/rc.sshd.krb5.new
mkdir -p $PKG/install
cat $CWD/doinst.sh > $PKG/install/doinst.sh
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD.${PKGTYPE:-tgz}

View file

@ -0,0 +1,10 @@
PRGNAM="openssh-krb5"
VERSION="5.9p1"
HOMEPAGE="http://www.openssh.com/"
DOWNLOAD="http://slackware.osuosl.org/slackware-13.37/patches/source/openssh/openssh-5.9p1.tar.gz"
MD5SUM="afe17eee7e98d3b8550cc349834a85d0"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
MAINTAINER="Leigh Wedding"
EMAIL="leigh.wedding@telstra.com"
APPROVED="rworkman"

View file

@ -0,0 +1,53 @@
#!/bin/sh
# Start/stop/restart the secure shell server:
sshd_start() {
# Create host keys if needed.
if [ ! -r /etc/ssh/ssh_host_key ]; then
/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
fi
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
fi
/usr/kerberos/sbin/sshd
}
sshd_stop() {
killall sshd
}
sshd_restart() {
if [ -r /var/run/sshd.pid ]; then
echo "WARNING: killing listener process only. To kill every sshd process, you must"
echo " use 'rc.sshd stop'. 'rc.sshd restart' kills only the parent sshd to"
echo " allow an admin logged in through sshd to use 'rc.sshd restart' without"
echo " being cut off. If sshd has been upgraded, new connections will now"
echo " use the new version, which should be a safe enough approach."
kill `cat /var/run/sshd.pid`
else
echo "WARNING: There does not appear to be a parent instance of sshd running."
echo " If you really want to kill all running instances of sshd (including"
echo " any sessions currently in use), run '/etc/rc.d/rc.sshd stop' instead."
exit 1
fi
sleep 1
sshd_start
}
case "$1" in
'start')
sshd_start
;;
'stop')
sshd_stop
;;
'restart')
sshd_restart
;;
*)
echo "usage $0 start|stop|restart"
esac

View file

@ -0,0 +1,19 @@
# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|' on
# the right side marks the last column you can put a character in. You must make
# exactly 11 lines for the formatting to be correct. It's also customary to
# leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
openssh-krb5: openssh-krb5 (Secure Shell daemon and clients - with Kerberos)
openssh-krb5:
openssh-krb5: ssh (Secure Shell) is a program for logging into a remote machine and
openssh-krb5: for executing commands on a remote machine. It is intended to replace
openssh-krb5: rlogin and rsh, and provide secure encrypted communications between
openssh-krb5: two untrusted hosts over an insecure network. sshd (SSH Daemon) is
openssh-krb5: the daemon program for ssh. OpenSSH is based on the last free version
openssh-krb5: of Tatu Ylonen's SSH, further enhanced and cleaned up by Aaron
openssh-krb5: Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and
openssh-krb5: Dug Song. It has a homepage at http://www.openssh.com/
openssh-krb5: