git: 70371c7959df - main - openssh: Support building with MIT KRB5

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Cy Schubert <cy_at_FreeBSD.org>
Date: Mon, 16 Jun 2025 02:51:49 UTC
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=70371c7959df8bcba9b5ee62d976c1e74991e0a9

commit 70371c7959df8bcba9b5ee62d976c1e74991e0a9
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2025-06-10 19:46:35 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2025-06-16 02:49:36 +0000

    openssh: Support building with MIT KRB5
    
    Remove HEIMDAL=1 from openssh/krb5_config.h and move the definition
    to the Makefile in order to control whether we're building under
    Heimdal or MIT.
    
    Add MIT KRB5 LIBS and INCLUDES to the openssh build.
    
    Sponsored by:           The FreeBSD Foundation
    Reviewed by:            markj
    Differential revision:  https://reviews.freebsd.org/D50782
---
 crypto/openssh/krb5_config.h         | 1 -
 secure/libexec/sshd-session/Makefile | 9 +++++++++
 secure/ssh.mk                        | 4 ++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/crypto/openssh/krb5_config.h b/crypto/openssh/krb5_config.h
index 2a6d35fbe3fd..e27774a7e0aa 100644
--- a/crypto/openssh/krb5_config.h
+++ b/crypto/openssh/krb5_config.h
@@ -6,5 +6,4 @@
 #define HAVE_KRB5_CC_NEW_UNIQUE 1
 #define HAVE_KRB5_FREE_ERROR_MESSAGE 1
 #define HAVE_KRB5_GET_ERROR_MESSAGE 1
-#define HEIMDAL 1
 #define KRB5 1
diff --git a/secure/libexec/sshd-session/Makefile b/secure/libexec/sshd-session/Makefile
index e9e106fe90bd..8841cace5239 100644
--- a/secure/libexec/sshd-session/Makefile
+++ b/secure/libexec/sshd-session/Makefile
@@ -40,6 +40,15 @@ LDFLAGS+=-L${LIBBLACKLISTDIR}
 
 .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no"
 LIBADD+=	gssapi_krb5 gssapi krb5
+.if ${MK_MITKRB5} != "no"
+.include "../../krb5/Makefile.inc"
+CFLAGS+=	-I${KRB5_DIR}/include \
+		-I${KRB5_SRCTOP}/include \
+		-I${KRB5_OBJTOP}/lib \
+		-I${KRB5_DIR}/lib/gssapi/generic \
+		-I${KRB5_DIR}/lib/gssapi/krb5 \
+		-I${KRB5_DIR}/lib/gssapi/mechglue
+.endif
 .endif
 
 .if ${MK_TCP_WRAPPERS} != "no"
diff --git a/secure/ssh.mk b/secure/ssh.mk
index 84d9a7f57032..bb6dd9b748e4 100644
--- a/secure/ssh.mk
+++ b/secure/ssh.mk
@@ -11,6 +11,10 @@ CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
 
 .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no"
 CFLAGS+= -include krb5_config.h
+.if ${MK_MITKRB5} == "no"
+CFLAGS+= -DHEIMDAL=1
+.endif
+
 .endif
 
 CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE:U/usr/local}/bin/xauth\"