From 96ba3e010ec77a2d96ab314aa3f95fabf2afa46b Mon Sep 17 00:00:00 2001 From: Leigh Wedding Date: Fri, 16 Dec 2011 08:47:57 -0600 Subject: network/openssh-krb5: Added (Kerberos-enabled OpenSSH) Signed-off-by: Robby Workman --- network/openssh-krb5/README | 14 +++ network/openssh-krb5/doinst.sh | 26 ++++++ network/openssh-krb5/openssh-krb5.SlackBuild | 125 +++++++++++++++++++++++++++ network/openssh-krb5/openssh-krb5.info | 10 +++ network/openssh-krb5/rc.sshd.krb5 | 53 ++++++++++++ network/openssh-krb5/slack-desc | 19 ++++ 6 files changed, 247 insertions(+) create mode 100644 network/openssh-krb5/README create mode 100644 network/openssh-krb5/doinst.sh create mode 100644 network/openssh-krb5/openssh-krb5.SlackBuild create mode 100644 network/openssh-krb5/openssh-krb5.info create mode 100644 network/openssh-krb5/rc.sshd.krb5 create mode 100644 network/openssh-krb5/slack-desc diff --git a/network/openssh-krb5/README b/network/openssh-krb5/README new file mode 100644 index 0000000000..019f2a476a --- /dev/null +++ b/network/openssh-krb5/README @@ -0,0 +1,14 @@ +openssh-krb5 (Secure Shell daemon and clients - with Kerberos) + +ssh (Secure Shell) is a program for logging into a remote machine and +for executing commands on a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. + +This package builds openssh with Kerberos support, and it does not +conflict with the stock Slackware package (in fact, that package needs +to stay, as this depends on other files contained in it). + +You will need to start /etc/rc.d/rc.sshd.krb5 during boot. + +This requires krb5. diff --git a/network/openssh-krb5/doinst.sh b/network/openssh-krb5/doinst.sh new file mode 100644 index 0000000000..18db6dbc1e --- /dev/null +++ b/network/openssh-krb5/doinst.sh @@ -0,0 +1,26 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.sshd.krb5.new + diff --git a/network/openssh-krb5/openssh-krb5.SlackBuild b/network/openssh-krb5/openssh-krb5.SlackBuild new file mode 100644 index 0000000000..a8f24e83ce --- /dev/null +++ b/network/openssh-krb5/openssh-krb5.SlackBuild @@ -0,0 +1,125 @@ +#!/bin/sh + +# Copyright 2000 BSDi, Inc. Concord, CA, USA +# Copyright 2001, 2002, 2003, 2004 Slackware Linux, Inc. Concord, CA, USA +# Copyright 2006, 2007, 2008, 2009, 2010 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Modified by Leigh Wedding to build with +# Kerberos support. Note: requires MIT Kerberos to be installed. Generated +# package also relies in standard Slackware openssh package being installed. +# Generated package does not overwrite or interfere with the standard +# Slackware openssh package. + +PRGNAM=openssh-krb5 +SRCNAM=openssh +VERSION=${VERSION:-5.9p1} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "arm" ]; then + SLKCFLAGS="-O2 -march=armv4 -mtune=xscale" +elif [ "$ARCH" = "armel" ]; then + SLKCFLAGS="-O2 -march=armv4t" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $SRCNAM-$VERSION +tar xvf $CWD/$SRCNAM-$VERSION.tar.gz +cd $SRCNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr/kerberos \ + --mandir=/usr/kerberos/man \ + --sysconfdir=/etc/ssh \ + --without-pam \ + --with-md5-passwords \ + --with-tcp-wrappers \ + --with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/kerberos/bin \ + --with-ipv4-default \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-kerberos5=/usr/kerberos + --build=$ARCH-slackware-linux + +make +make install DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | \ + grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +# Remove un-needed stuff +rm -r $PKG/usr/kerberos/man/ $PKG/etc/ssh $PKG/var +rm -f $PKG/usr/kerberos/bin/ssh-{keyscan,keygen,agent,add} +#for i in ssh-keyscan ssh-keygen ssh-agent ssh-add; do +# find $PKG -name ${i}\* -exec rm {} \; +#done + +# Rename programs with .krb5 extension so we don't interfere with native +for i in ssh scp sftp; do + mv $PKG/usr/kerberos/bin/$i $PKG/usr/kerberos/bin/$i.krb5 +done + +# Add init script +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.sshd.krb5 > $PKG/etc/rc.d/rc.sshd.krb5.new +chmod 0755 $PKG/etc/rc.d/rc.sshd.krb5.new + +mkdir -p $PKG/install +cat $CWD/doinst.sh > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD.${PKGTYPE:-tgz} + diff --git a/network/openssh-krb5/openssh-krb5.info b/network/openssh-krb5/openssh-krb5.info new file mode 100644 index 0000000000..419e202fab --- /dev/null +++ b/network/openssh-krb5/openssh-krb5.info @@ -0,0 +1,10 @@ +PRGNAM="openssh-krb5" +VERSION="5.9p1" +HOMEPAGE="http://www.openssh.com/" +DOWNLOAD="http://slackware.osuosl.org/slackware-13.37/patches/source/openssh/openssh-5.9p1.tar.gz" +MD5SUM="afe17eee7e98d3b8550cc349834a85d0" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="Leigh Wedding" +EMAIL="leigh.wedding@telstra.com" +APPROVED="rworkman" diff --git a/network/openssh-krb5/rc.sshd.krb5 b/network/openssh-krb5/rc.sshd.krb5 new file mode 100644 index 0000000000..4f795d1150 --- /dev/null +++ b/network/openssh-krb5/rc.sshd.krb5 @@ -0,0 +1,53 @@ +#!/bin/sh +# Start/stop/restart the secure shell server: + +sshd_start() { + # Create host keys if needed. + if [ ! -r /etc/ssh/ssh_host_key ]; then + /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' + fi + if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then + /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' + fi + if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then + /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' + fi + /usr/kerberos/sbin/sshd +} + +sshd_stop() { + killall sshd +} + +sshd_restart() { + if [ -r /var/run/sshd.pid ]; then + echo "WARNING: killing listener process only. To kill every sshd process, you must" + echo " use 'rc.sshd stop'. 'rc.sshd restart' kills only the parent sshd to" + echo " allow an admin logged in through sshd to use 'rc.sshd restart' without" + echo " being cut off. If sshd has been upgraded, new connections will now" + echo " use the new version, which should be a safe enough approach." + kill `cat /var/run/sshd.pid` + else + echo "WARNING: There does not appear to be a parent instance of sshd running." + echo " If you really want to kill all running instances of sshd (including" + echo " any sessions currently in use), run '/etc/rc.d/rc.sshd stop' instead." + exit 1 + fi + sleep 1 + sshd_start +} + +case "$1" in +'start') + sshd_start + ;; +'stop') + sshd_stop + ;; +'restart') + sshd_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac + diff --git a/network/openssh-krb5/slack-desc b/network/openssh-krb5/slack-desc new file mode 100644 index 0000000000..bcdb0b83fb --- /dev/null +++ b/network/openssh-krb5/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +openssh-krb5: openssh-krb5 (Secure Shell daemon and clients - with Kerberos) +openssh-krb5: +openssh-krb5: ssh (Secure Shell) is a program for logging into a remote machine and +openssh-krb5: for executing commands on a remote machine. It is intended to replace +openssh-krb5: rlogin and rsh, and provide secure encrypted communications between +openssh-krb5: two untrusted hosts over an insecure network. sshd (SSH Daemon) is +openssh-krb5: the daemon program for ssh. OpenSSH is based on the last free version +openssh-krb5: of Tatu Ylonen's SSH, further enhanced and cleaned up by Aaron +openssh-krb5: Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and +openssh-krb5: Dug Song. It has a homepage at http://www.openssh.com/ +openssh-krb5: -- cgit v1.2.3