From owner-freebsd-ports@FreeBSD.ORG Tue Jul 19 11:48:14 2005 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 62A8316A41C for ; Tue, 19 Jul 2005 11:48:14 +0000 (GMT) (envelope-from bushman@rsu.ru) Received: from mail.r61.net (asterix.rsu.ru [195.208.245.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id B320E43D46 for ; Tue, 19 Jul 2005 11:48:13 +0000 (GMT) (envelope-from bushman@rsu.ru) Received: from [195.208.252.82] (stinger.cc.rsu.ru [195.208.252.82]) by mail.r61.net (8.13.4/8.13.4) with ESMTP id j6JBm5u2048484 for ; Tue, 19 Jul 2005 15:48:05 +0400 (MSD) (envelope-from bushman@rsu.ru) Message-ID: <42DCE8F7.9080405@rsu.ru> Date: Tue, 19 Jul 2005 15:50:15 +0400 From: Michael Bushkov User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ports@freebsd.org Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.85.1, clamav-milter version 0.85 on asterix.rsu.ru X-Virus-Status: Clean X-Spam-Status: No, score=-5.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.0.4 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on asterix.rsu.ru Cc: Subject: openssh-portable and nsswitch integration X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 11:48:14 -0000 Hello! I'm working on openssh and nsswitch integration in FreeBSD during the Google Summer of Code program. The patch is completed. Here is the approach, that I've used to integrate openssh and nsswitch. The idea is to replace system-wide known-hosts file with nsswitch source. After examining openssh port, I've found 2 basic functions, which handle the known-hosts files (hostfile.h): HostStatus check_host_in_hostfile(const char *, const char *, const Key *, Key *, int *); int lookup_key_in_hostfile_by_type(const char *, const char *, int, Key *, int *); As far as I know, all other routines, that deal with these files are seem to be built on top of these 2 functions. So I've implemented another 2 functions: HostStatus nsswitch_check_host(const char *, const Key *, Key *); int nsswitch_lookup_key_by_type(const char *, int, Key *); They are used instead of previous 2 in all places, where system-wide known-hosts file was accessed. And they dispatch the calls to the nsswitch subsystem. Nsswitch 'files' module has the same functionality as the previous 2 functions, but users will be able to store their public keys in LDAP, for example. Besides any other source can be implemented as the pluggable nsswitch module. OpenSSH now checks the nsswitch source and then the user files. In ssh client the files module will take the system files path from the Options structure. And in the sshd (in case of hostbased authentication), it will use the default values. I hope this approach is applicable. I've prepared the updated port version in the perforce repository: //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/ The only problem is with the configure script. I've modified the configure.ac file to check for nsdispatch functions - so thath the port can work on earlier system versions. So, I've rebuilt the configure script. But the diff output for this file is about 500k. Can I add USE_AUTOCONF directive to the Makefile? After this question is clear, I can submit the port patch, I guess. With best regards, Michael Bushkov Rostov State University