Date: Tue, 19 Jul 2005 15:50:15 +0400 From: Michael Bushkov <bushman@rsu.ru> To: ports@freebsd.org Subject: openssh-portable and nsswitch integration Message-ID: <42DCE8F7.9080405@rsu.ru>
next in thread | raw e-mail | index | archive | help
Hello! I'm working on openssh and nsswitch integration in FreeBSD during the Google Summer of Code program. The patch is completed. Here is the approach, that I've used to integrate openssh and nsswitch. The idea is to replace system-wide known-hosts file with nsswitch source. After examining openssh port, I've found 2 basic functions, which handle the known-hosts files (hostfile.h): HostStatus check_host_in_hostfile(const char *, const char *, const Key *, Key *, int *); int lookup_key_in_hostfile_by_type(const char *, const char *, int, Key *, int *); As far as I know, all other routines, that deal with these files are seem to be built on top of these 2 functions. So I've implemented another 2 functions: HostStatus nsswitch_check_host(const char *, const Key *, Key *); int nsswitch_lookup_key_by_type(const char *, int, Key *); They are used instead of previous 2 in all places, where system-wide known-hosts file was accessed. And they dispatch the calls to the nsswitch subsystem. Nsswitch 'files' module has the same functionality as the previous 2 functions, but users will be able to store their public keys in LDAP, for example. Besides any other source can be implemented as the pluggable nsswitch module. OpenSSH now checks the nsswitch source and then the user files. In ssh client the files module will take the system files path from the Options structure. And in the sshd (in case of hostbased authentication), it will use the default values. I hope this approach is applicable. I've prepared the updated port version in the perforce repository: //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/ The only problem is with the configure script. I've modified the configure.ac file to check for nsdispatch functions - so thath the port can work on earlier system versions. So, I've rebuilt the configure script. But the diff output for this file is about 500k. Can I add USE_AUTOCONF directive to the Makefile? After this question is clear, I can submit the port patch, I guess. With best regards, Michael Bushkov Rostov State University
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42DCE8F7.9080405>