diff --git a/Makefile.inc1 b/Makefile.inc1 index e6c9b49eefa..9128d1d8ee7 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -3379,8 +3379,8 @@ secure/lib/libssh__L: lib/libldns__L .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" .if ${MK_MITKRB5} != "no" -secure/lib/libssh__L: lib/libgssapi__L krb5/lib/krb5__L \ - krb5/util/et__L lib/libmd__L krb5/util/support__L +secure/lib/libssh__L: krb5/lib/gssapi__L krb5/lib/krb5__L \ + krb5/lib/crypto__L krb5/util/et__L lib/libmd__L krb5/util/support__L .else secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libkrb5__L \ kerberos5/lib/libhx509__L kerberos5/lib/libasn1__L lib/libcom_err__L \ @@ -3437,8 +3437,10 @@ kerberos5/lib/libheimipcc__L: kerberos5/lib/libroken__L kerberos5/lib/libheimbas lib/libsqlite3__L: lib/libthr__L .if ${MK_GSSAPI} != "no" +.if ${MK_MITKRB5} == "no" _lib_libgssapi= lib/libgssapi .endif +.endif .if ${MK_KERBEROS} != "no" .if ${MK_MITKRB5} != "no" diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index 86a449c80a7..2f63bbea5a4 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -51,6 +51,12 @@ # xargs -n1 | sort | uniq -d; # done +# 20250807: Replace lib/libgssapi with krb5/lib/gssapi +OLD_FILES+=usr/include/gssapi_krb5/gssapi/gssapi.h +OLD_DIRS+=usr/include/gssapi_krb5/gssapi +OLD_DIRS+=usr/include/gssapi_krb5 +OLD_FILES+=etc/gssapi/qop + # 20250802: libutil bumped to 10 OLD_LIBS+=lib/libutil.so.9 diff --git a/etc/gss-krb5/Makefile b/etc/gss-krb5/Makefile index 301a8e074e8..8886ed35e28 100644 --- a/etc/gss-krb5/Makefile +++ b/etc/gss-krb5/Makefile @@ -1,4 +1,4 @@ -FILES= mech qop +FILES= mech NO_OBJ= FILESDIR= /etc/gss diff --git a/etc/gss-krb5/qop b/etc/gss-krb5/qop deleted file mode 100644 index 7d5b6b8f33d..00000000000 --- a/etc/gss-krb5/qop +++ /dev/null @@ -1 +0,0 @@ -GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 kerberosv5 diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index 0e9f739425a..28c4d91ac1c 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -258,10 +258,6 @@ .. gssapi .. - gssapi_krb5 - gssapi - .. - .. gssrpc .. infiniband diff --git a/include/Makefile b/include/Makefile index af7ef233794..2792d594a88 100644 --- a/include/Makefile +++ b/include/Makefile @@ -293,7 +293,7 @@ LSUBSUBDIRS+= netgraph/bluetooth/include LSUBDIRS+= fs/cuse .endif -.if ${MK_GSSAPI} != "no" +.if ${MK_GSSAPI} != "no" && ${MK_MITKRB5} == "no" SUBDIR+= gssapi INCS+= gssapi.h .endif diff --git a/krb5/include/Makefile b/krb5/include/Makefile index 699211b9c3c..64c5d39b867 100644 --- a/krb5/include/Makefile +++ b/krb5/include/Makefile @@ -17,13 +17,12 @@ SUBDIR= krb5 gssrpc gssapi SUBDIR_PARALLEL= -INCSGROUPS= INCS - INCSDIR= ${INCLUDEDIR} .PATH: ${KRB5_DIR}/include -INCS= kdb.h \ +INCS= gssapi.h \ + kdb.h \ krad.h \ krb5.h diff --git a/krb5/include/gssapi/Makefile b/krb5/include/gssapi/Makefile index 4959bf78944..b181187e9d9 100644 --- a/krb5/include/gssapi/Makefile +++ b/krb5/include/gssapi/Makefile @@ -15,16 +15,11 @@ INCSGROUPS= INCS GSSAPI_KRB5 INCSDIR= ${INCLUDEDIR}/gssapi -GSSAPI_KRB5DIR= ${INCLUDEDIR}/gssapi_krb5 -INCS= gssapi_alloc.h \ +INCS= gssapi.h \ + gssapi_alloc.h \ gssapi_ext.h \ gssapi_generic.h \ gssapi_krb5.h -# This gssapi header file is only needed should an app need -# to build using the MIT KRB5 GSSAPI library. - -GSSAPI_KRB5= gssapi.h - .include diff --git a/krb5/lib/gssapi/generic/Makefile.inc b/krb5/lib/gssapi/generic/Makefile.inc index 9de18079a34..ef76172655d 100644 --- a/krb5/lib/gssapi/generic/Makefile.inc +++ b/krb5/lib/gssapi/generic/Makefile.inc @@ -36,7 +36,7 @@ SRCS+= disp_com_err_status.c \ INCSGROUPS= GSSAPI_INCS GSSAPI_INCS= gssapi.h INCS+= ${GENI} -GSSAPI_INCSDIR= ${INCLUDEDIR}/gssapi_krb5/gssapi +GSSAPI_INCSDIR= ${INCLUDEDIR}/gssapi CLEANFILES+= gssapi.h ${GGEN} ${GGENI} diff --git a/lib/Makefile b/lib/Makefile index e5139b312a7..9447cc4551c 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -137,7 +137,9 @@ SUBDIR_DEPEND_libdevstat= libkvm SUBDIR_DEPEND_libdpv= libfigpar ncurses libutil SUBDIR_DEPEND_libedit= ncurses SUBDIR_DEPEND_libgeom= libexpat libsbuf +.if ${MK_MITKRB5} == "no" SUBDIR_DEPEND_librpcsec_gss= libgssapi +.endif SUBDIR_DEPEND_libmagic= libz SUBDIR_DEPEND_libmemstat= libkvm SUBDIR_DEPEND_libpam= libcrypt ${_libradius} librpcsvc libtacplus libutil ${_libypclnt} ${_libcom_err} @@ -176,7 +178,10 @@ SUBDIR.${MK_DIALOG}+= libdpv libfigpar SUBDIR.${MK_FDT}+= libfdt SUBDIR.${MK_FILE}+= libmagic SUBDIR.${MK_GPIO}+= libgpio -SUBDIR.${MK_GSSAPI}+= libgssapi librpcsec_gss +.if ${MK_MITKRB5} == "no" +SUBDIR.${MK_GSSAPI}+= libgssapi +.endif +SUBDIR.${MK_GSSAPI}+= librpcsec_gss SUBDIR.${MK_ICONV}+= libiconv_modules .if ${MK_MITKRB5} == "no" SUBDIR.${MK_KERBEROS_SUPPORT}+= libcom_err diff --git a/lib/librpcsec_gss/Makefile b/lib/librpcsec_gss/Makefile index a29d9780c1a..eebc975acbd 100644 --- a/lib/librpcsec_gss/Makefile +++ b/lib/librpcsec_gss/Makefile @@ -1,10 +1,16 @@ +.include + PACKAGE=lib${LIB} LIB= rpcsec_gss SHLIB_MAJOR= 1 SRCS+= rpcsec_gss.c rpcsec_gss_prot.c rpcsec_gss_conf.c rpcsec_gss_misc.c \ svc_rpcsec_gss.c +.if ${MK_MITKRB5} == "no" LIBADD= gssapi +.else +LIBADD= gssapi_krb5 +.endif VERSION_DEF= ${SRCTOP}/lib/libc/Versions.def SYMBOL_MAPS= ${.CURDIR}/Symbol.map diff --git a/secure/libexec/sshd-session/Makefile b/secure/libexec/sshd-session/Makefile index 8841cace523..37e099794bd 100644 --- a/secure/libexec/sshd-session/Makefile +++ b/secure/libexec/sshd-session/Makefile @@ -39,15 +39,14 @@ LDFLAGS+=-L${LIBBLACKLISTDIR} .endif .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" -LIBADD+= gssapi_krb5 gssapi krb5 .if ${MK_MITKRB5} != "no" +LIBADD+= gssapi_krb5 krb5 .include "../../krb5/Makefile.inc" CFLAGS+= -I${KRB5_DIR}/include \ -I${KRB5_SRCTOP}/include \ - -I${KRB5_OBJTOP}/lib \ - -I${KRB5_DIR}/lib/gssapi/generic \ - -I${KRB5_DIR}/lib/gssapi/krb5 \ - -I${KRB5_DIR}/lib/gssapi/mechglue + -I${KRB5_OBJTOP}/lib +.else +LIBADD+= gssapi_krb5 gssapi krb5 .endif .endif diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index acb1fd4eaa2..a4f36d0fe2d 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -18,7 +18,11 @@ SRCS+= gss-genr.c LIBADD= ssh .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" +.if ${MK_MITKRB5} == "no" LIBADD+= gssapi +.else +LIBADD+= gssapi_krb5 +.endif .endif LIBADD+= crypto diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index e6913cd9d0d..f37dfe1c1b3 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -19,7 +19,11 @@ moduli: .MADE LIBADD= ssh util .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" +.if ${MK_MITKRB5} == "no" LIBADD+= gssapi_krb5 gssapi krb5 +.else +LIBADD+= gssapi_krb5 krb5 +.endif .endif .if ${MK_TCP_WRAPPERS} != "no" diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index 283a99496b9..9ca043e7733 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -472,7 +472,11 @@ _DP_ncursesw= tinfow _DP_formw= ncursesw _DP_nvpair= spl _DP_panelw= ncursesw +.if ${MK_MITKRB5} == "no" _DP_rpcsec_gss= gssapi +.else +_DP_rpcsec_gss= gssapi_krb5 +.endif _DP_smb= kiconv _DP_ulog= md _DP_fifolog= z diff --git a/tools/build/mk/OptionalObsoleteFiles.inc b/tools/build/mk/OptionalObsoleteFiles.inc index aa6d04f1cc4..8e5ac7fa2a6 100644 --- a/tools/build/mk/OptionalObsoleteFiles.inc +++ b/tools/build/mk/OptionalObsoleteFiles.inc @@ -4836,6 +4836,7 @@ OLD_FILES+=usr/share/man/man8/sserver.8.gz .else .if ${MK_MITKRB5} != "no" # Remove Heimdal because we want MIT KRB5 but not Heimdal +OLD_FILES+=etc/gss/qop OLD_FILES+=etc/rc.d/ipropd_master OLD_FILES+=etc/rc.d/ipropd_slave OLD_FILES+=usr/bin/asn1_compile @@ -4921,6 +4922,8 @@ OLD_LIBS+=usr/lib/libasn1.so.11 OLD_FILES+=usr/lib/libasn1_p.a OLD_LIBS+=usr/lib/libcom_err.so.5 OLD_FILES+=usr/lib/libcom_err_p.a +OLD_LIBS+=usr/lib/libgssapi.a +OLD_LIBS+=usr/lib/libgssapi.so.10 OLD_LIBS+=usr/lib/libgssapi_krb5.so.10 OLD_FILES+=usr/lib/libgssapi_krb5_p.a OLD_FILES+=usr/lib/libgssapi_mech.a diff --git a/usr.sbin/gssd/Makefile b/usr.sbin/gssd/Makefile index 569e2c7e18f..336a1b49f69 100644 --- a/usr.sbin/gssd/Makefile +++ b/usr.sbin/gssd/Makefile @@ -9,15 +9,14 @@ SRCS= gssd.c gssd.h gssd_svc.c gssd_xdr.c gssd_prot.c CFLAGS+= -I. WARNS?= 1 -LIBADD= gssapi .if ${MK_KERBEROS_SUPPORT} != "no" .if ${MK_MITKRB5} != "no" # MIT KRB5 -LIBADD+= krb5 k5crypto krb5profile krb5support +LIBADD+= gssapi_krb5 krb5 k5crypto krb5profile krb5support CFLAGS+= -DMK_MITKRB5=yes .else # Heimdal -LIBADD+= krb5 roken +LIBADD+= gssapi krb5 roken .endif .else CFLAGS+= -DWITHOUT_KERBEROS diff --git a/usr.sbin/gssd/gssd.c b/usr.sbin/gssd/gssd.c index 94eb6ca575c..2a3af05496c 100644 --- a/usr.sbin/gssd/gssd.c +++ b/usr.sbin/gssd/gssd.c @@ -53,6 +53,9 @@ #include #include #include +#ifdef MK_MITKRB5 +#include +#endif #include #include