From nobody Mon Jun 16 02:51:49 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bLDzp5CRWz5yN0g;
	Mon, 16 Jun 2025 02:51:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bLDzp2B6Sz3Rsv;
	Mon, 16 Jun 2025 02:51:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1750042310;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=jLvg5I8xgolSJpKtvxpwZrW9BLuUlDWENK5Sd/MK3wc=;
	b=kZSthWjxEsE6//HRj4UDtBK5oU9QSASQzgOInF6dh7LRIbIVaHiyW5Umyg3puliWoiIutp
	g6Fpmnk0COWX8Kbr1dfNJmOJYyJWEzqD4TYeKcApbXWMG6Pi9YePWbMEsloGZWCPK3sfCB
	oCyEooeJ61in9oMDEUC05SmhmD3wYbKVI6K8/edgqOffGKGrfoFEXdco5zqelUFdQ1xyIb
	ap9YQd58j+lcwtd2tbuH2LUjhdtTrMeyljWWGaQO6wFyMEHkARsTm29xCw+QJDNRLQ1gBi
	B9M209T1XHU0xPOGB6WDW+Wc67tgd327LFeiF1RldFoa4JiKjLTC4s0RItQnWQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1750042310;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=jLvg5I8xgolSJpKtvxpwZrW9BLuUlDWENK5Sd/MK3wc=;
	b=gIa68W5TuotuTm6s8lcyvZ93dTctlMX0oMH4g66Ea86kIYT7FGd6apXrE8O/VFik5AOAGW
	iGBXHuX8fzQRX1sTXfh/+wtZamWoWpHXNM2cLJUNrLNgH9U7zkhwF8d1K066HeiBLLxTUy
	P0vD8qUsKQQQpdRe5+fzMMy4kh3f/7NMgycufbztPTVS6Nq7FV7YqOfUdAoL4KeE3hpyek
	I0MHdTJ4s7ezgRsvZZdefbsdSUouw7CqM6bl27r+4f8fChJn1GkAlJmUFGkeJTHrdEprFV
	9I6Ee2S/wa30p+BPTGeTEaXc/bF4UijTKR3tvpwdiwfAfbkWjfiTRvQvLYEuow==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750042310; a=rsa-sha256; cv=none;
	b=mTIzUNlKCQAbvXhCPcraum8MpV+fegYsUAvMV2/z4Fx2IzIePUU+knzz6CNv87SHjEBtHX
	1izkxPUlpJk2YTSSHBPWyx1aFuGFOWFcD3PjLCVi1l4DKjpdDVfStkyrJgeMkBReuHH/bp
	mEqfl20VdijDq/DCEZlz2yXDVmjZzNRu74ZqI96StwehYMCo7XA3qdh7HJoj6EFuiQBXcL
	MP8Z4MhZkMNgR+5Yet7qIv3OItlZ//QBIHvI17LIipJuLWFP0gw9nOoWr1ACIJlsv+gJoX
	hroJe3YwrZnpvaeCIRuIKQM+M6Ltu4U+n+wKRvIeHMmeTxCDVp5sEVSaw9dOMg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bLDzp0hgDzgR2;
	Mon, 16 Jun 2025 02:51:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55G2pnP9062941;
	Mon, 16 Jun 2025 02:51:49 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55G2pnEN062938;
	Mon, 16 Jun 2025 02:51:49 GMT
	(envelope-from git)
Date: Mon, 16 Jun 2025 02:51:49 GMT
Message-Id: <202506160251.55G2pnEN062938@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Cy Schubert <cy@FreeBSD.org>
Subject: git: 70371c7959df - main - openssh: Support building with
  MIT KRB5
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cy
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 70371c7959df8bcba9b5ee62d976c1e74991e0a9
Auto-Submitted: auto-generated

The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=70371c7959df8bcba9b5ee62d976c1e74991e0a9

commit 70371c7959df8bcba9b5ee62d976c1e74991e0a9
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2025-06-10 19:46:35 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2025-06-16 02:49:36 +0000

    openssh: Support building with MIT KRB5
    
    Remove HEIMDAL=1 from openssh/krb5_config.h and move the definition
    to the Makefile in order to control whether we're building under
    Heimdal or MIT.
    
    Add MIT KRB5 LIBS and INCLUDES to the openssh build.
    
    Sponsored by:           The FreeBSD Foundation
    Reviewed by:            markj
    Differential revision:  https://reviews.freebsd.org/D50782
---
 crypto/openssh/krb5_config.h         | 1 -
 secure/libexec/sshd-session/Makefile | 9 +++++++++
 secure/ssh.mk                        | 4 ++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/crypto/openssh/krb5_config.h b/crypto/openssh/krb5_config.h
index 2a6d35fbe3fd..e27774a7e0aa 100644
--- a/crypto/openssh/krb5_config.h
+++ b/crypto/openssh/krb5_config.h
@@ -6,5 +6,4 @@
 #define HAVE_KRB5_CC_NEW_UNIQUE 1
 #define HAVE_KRB5_FREE_ERROR_MESSAGE 1
 #define HAVE_KRB5_GET_ERROR_MESSAGE 1
-#define HEIMDAL 1
 #define KRB5 1
diff --git a/secure/libexec/sshd-session/Makefile b/secure/libexec/sshd-session/Makefile
index e9e106fe90bd..8841cace5239 100644
--- a/secure/libexec/sshd-session/Makefile
+++ b/secure/libexec/sshd-session/Makefile
@@ -40,6 +40,15 @@ LDFLAGS+=-L${LIBBLACKLISTDIR}
 
 .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no"
 LIBADD+=	gssapi_krb5 gssapi krb5
+.if ${MK_MITKRB5} != "no"
+.include "../../krb5/Makefile.inc"
+CFLAGS+=	-I${KRB5_DIR}/include \
+		-I${KRB5_SRCTOP}/include \
+		-I${KRB5_OBJTOP}/lib \
+		-I${KRB5_DIR}/lib/gssapi/generic \
+		-I${KRB5_DIR}/lib/gssapi/krb5 \
+		-I${KRB5_DIR}/lib/gssapi/mechglue
+.endif
 .endif
 
 .if ${MK_TCP_WRAPPERS} != "no"
diff --git a/secure/ssh.mk b/secure/ssh.mk
index 84d9a7f57032..bb6dd9b748e4 100644
--- a/secure/ssh.mk
+++ b/secure/ssh.mk
@@ -11,6 +11,10 @@ CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
 
 .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no"
 CFLAGS+= -include krb5_config.h
+.if ${MK_MITKRB5} == "no"
+CFLAGS+= -DHEIMDAL=1
+.endif
+
 .endif
 
 CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE:U/usr/local}/bin/xauth\"