Commit Graph

95 Commits

Author SHA1 Message Date
Will Andrews
93e8837937 Fix incremental builds involving non-root users with read-only source files.
This is a followup commit to r271771.

MFC after:	1 month
2014-09-18 14:50:21 +00:00
Baptiste Daroussin
d029c3aa25 Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
Ed Maste
79aae9e1c2 Fix installworld failure when kerberos source files have new timestamps
If a kerberos .hx source file is newer than the .h copy, but the content
is the same, then during buildworld the "cmp -s || cp" command in the
.hx.h rule would do nothing, leaving the .h copy with the older
timestamp.  During installworld the rule would again be invoked, causing
a failure as neither cmp or cp would exist in the temporary path.

As the underlying issue should be resolved by r262209, unconditionally
copy the file.

No objection:	peter@
Tested by:	gjb@
Sponsored by:	The FreeBSD Foundation
2014-04-22 20:37:07 +00:00
Peter Wemm
93c4e6d498 Revert my commit in r261253; the real problem was tackled in r262209. 2014-02-20 20:53:29 +00:00
Peter Wemm
f0258c45f2 Really (I think) fix the sporadic heimdal build failures with high -j
levels. The root of the problem was that make was attempting to run up
to three concurrent asn1_compile commands to produce the three outputs
that it was declared to produce.  The failure was caused when the
asn1_compiles were started out of sync and a later one was truncating
the files that another thread was trying to copy.  In reality it is
supposed to be run exactly once and all three outputs are produced in
one pass.

Use the same hack as for the parent's Makefile.inc for the compile_et
multi-output rule.
2014-02-19 07:09:14 +00:00
Peter Wemm
a5e863c951 Speculatively replace a cp with a cat for gathering data on a
sporadic parallel build failure in the FreeBSD cluster on many-core
systems with ZFS.  cp uses mmap in this scenario, cat does not.
2014-01-28 22:23:39 +00:00
Ulrich Spörlein
3abde52372 Try and fix the dependency/bootstrap issues in kerberos5
libkafs5 needs a header from libkrb5, it includes this from
${.OBJDIR}/mumble, this used to work fine as long as you happen to have
a krb_err.h in your base system, this doesn't work for bootstrapping or
using a cross-compiler with a different sysroot. This is just a
best-effort bandaid, sufficient parallelism can still break it.

Fix a SRCS override that dropped krb5_err.h.

Discussed with:	stas
2013-12-23 14:23:17 +00:00
Dag-Erling Smørgrav
0d410def34 Clean up the Kerberos build by turning libheimipcc and libheimipcs into
private shared libraries, instead of hacked-together archives of PIC
objects.  This makes it possible to build a static libkrb5 that works.

Reviewed by:	stas
Approved by:	re (gjb)
2013-09-10 18:40:43 +00:00
Rick Macklem
4fb6bc364f Fix the getpwnam_r() call in the pname_to_uid() kerberos library function so
that it handles the ERANGE error return case. Without this fix, authentication
of users for certain system setups could fail unexpectedly.

Reported by:	Elias Martenson (lokedhs@gmail.com)
Tested by:	Elias Martenson (earlier version)
MFC after:	2 weeks
2013-05-02 12:52:49 +00:00
Brooks Davis
b97ce46687 Only try to install one link at each path.
Don't install verify_krb5_conf.8.  It is installed in
kerberos5/usr.bin/verify_krb5_conf.
2013-01-23 23:49:35 +00:00
David E. O'Brien
b5ae8dbaa5 Centralize the specification of the krb5 build tools. 2012-06-01 21:26:28 +00:00
David E. O'Brien
614304eccc * Remove headers from SRCS that are not generated
(and are in /usr/src/crypto/heimdal/).

* Avoid race conditions with 'make -j<N>'.
2012-05-30 22:21:25 +00:00
Stanislav Sedov
72c3f707a4 - Add a "real" symbol version map to libasn1. The upstream version
of the version map just exported all the symbols, which caused a
  binutils bug being triggered when ld fails to link two objects, one
  of which exports a versioned version of the symbol, and another --
  unversioned. [1]
- Also add version map for libkafs5.

Submitted by:	jchandra@ (based on)
2012-04-08 04:22:09 +00:00
Juli Mallett
84db023ec1 Assume a big-endian default on MIPS and drop the "eb" suffix from MACHINE_ARCH.
This makes our naming scheme more closely match other systems and the
expectations of much third-party software.  MIPS builds which are little-endian
should require and exhibit no changes.  Big-endian TARGET_ARCHes must be
changed:
	From:		To:
	mipseb		mips
	mipsn32eb	mipsn32
	mips64eb	mips64

An entry has been added to UPDATING and some foot-shooting protection (complete
with warnings which should become errors in the near future) to the top-level
base system Makefile.
2012-03-29 02:54:35 +00:00
Stanislav Sedov
ba5e340b5f - Apply binutils workaround on mips.mips as well. Though this TARGET_ARCH
is deprecated, tinderbox uses it.
2012-03-24 00:42:38 +00:00
Stanislav Sedov
ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
Hajimu UMEMOTO
782ed6d3d7 - Make heimdal buildable with WITH_OPENLDAP defined, again.
- Our heimdal uses the deprecated OpenLDAP functions.
2011-12-05 16:38:52 +00:00
Stanislav Sedov
611ff617cf - Add missing interdependencies to kerberos libraries. Some of the
kerberos libraries were not linked properly (missing dependencies),
  which causes 3rd party applications linking to fail when --as-needed
  ld flag is used.  I also added the --no-undefined ld(1) flag to make
  sure that there're no missing dependencies.

MFC after:	3 days
2011-09-27 07:14:12 +00:00
Alexander Nedotsukov
e62aa473c5 Link GSS mechanics modules against libgssapi so they will not fail due
unresolved symbol errors when in turn libgssapi was loaded with RTLD_LOCAL
flag set (which is the default).

Reviewed by:	dfr, jhb
MFC after:	3 days
2009-10-12 17:10:51 +00:00
Xin LI
ebd972d211 Disconnect closefrom.c as we have it as a system call. 2009-06-16 00:09:06 +00:00
Doug Rabson
8f55a568f6 Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.

Sponsored by:	Isilon Systems
Reviewed by:	alfred
2008-08-06 14:02:05 +00:00
Doug Rabson
ebe306f11c Add the hx509 error table. 2008-05-15 08:53:31 +00:00
Doug Rabson
1f95816c41 Add manpage links to krb5_principal.3. 2008-05-11 10:32:37 +00:00
Doug Rabson
ed62b7f321 Don't try to make links to manpages that no longer exist. Fixes installworld
Submitted by: phk
2008-05-11 08:27:17 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
Ken Smith
c0bb7d9461 While checking over the libraries for 7.0-REL Kris found the following
libraries had not had their versions bumped relative to 6.3-REL but
had indeed been changed.  We need to bump their version so they can be
properly added to the compat6x port:

	libasn1.so.8 libgssapi.so.8 libhdb.so.8 libkadm5clnt.so.8
	libkadm5srv.so.8 libkafs5.so.8 libkrb5.so.8 libobjc.so.2

MFC After:	1 day
2007-11-20 04:20:32 +00:00
Hajimu UMEMOTO
794063c03f Bump library majro version for gethostbyaddr(3). 2006-05-21 15:15:21 +00:00
Ruslan Ermilov
d1e9def254 NO_MAN is not needed here. 2006-03-16 15:18:17 +00:00
Doug Rabson
c0b9f4fe65 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
Ken Smith
a84020c2b9 Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
Jacques Vidrine
7ca39a7ff1 Update Heimdal 0.6.1 -> 0.6.3. 2005-02-24 22:24:24 +00:00
Jacques Vidrine
f5d642e66f Hookup `arcfour.c' to the build (missed during upgrade to heimdal 0.6.1). 2004-04-04 03:31:05 +00:00
Ruslan Ermilov
86751859b5 style.Makefile(5).
OK'ed by:	nectar
2004-02-05 18:51:52 +00:00
Ruslan Ermilov
51088c9b7b Take signal.c out of sources.
Reviewed by:	nectar
2004-02-03 09:32:11 +00:00
Ruslan Ermilov
95756ea357 Put generated headers into SRCS so that we pick them up even if
"make depend" was not run.
2004-02-03 09:21:37 +00:00
Ruslan Ermilov
11bf3600e8 Overhaul of kerberos5/ makefiles. Most significant changes are:
- Dropped support for standalone builds, this was only partially
  supported anyway, and required so much magic in makefiles that
  made life dangerous (e.g., by using the custom yacc rules).

- Got rid of .OBJDIR in makefiles -- makes building of individual
  files possible again.

- Made the .x.c transformations -j safe.

- Reprogrammed LDADD to fix static build of some utilities that
  was broken.

- Fixed LDFLAGS and DPADD in the WITH_OPENLDAP case -- positively
  affects the contents of .depend files.

- Removed redundant .h's from SRCS, only kept those that are
  generated.

- libkrb5/ INCS were bogusly installed again with libgssapi/.

- Made build-tools real tools with their own makefiles in
  separate directories.  This allows us to properly track
  their dependencies, etc.

- Faster build, 21% less of makefile code!

Approved by:	nectar
Reviewed by:	markm
Silence on:	arch
2004-01-31 08:15:57 +00:00
Ruslan Ermilov
92b3ea67b9 Fixed "make clean". 2004-01-15 10:02:34 +00:00
Jacques Vidrine
cbe10a2a89 The header files hdb_asn1.h, hdb_err.h, and kadm5_err.h are generated,
and must be installed from ${.OBJDIR}.

Pointy hat:	nectar
2003-10-10 13:12:35 +00:00
Jacques Vidrine
1bd6253ee0 Install Kerberos- and GSSAPI-related man pages. 2003-10-09 19:51:13 +00:00
Jacques Vidrine
23b1827ab3 Install additional headers for Kerberos (libkafs, libkadm5*, and
libhdb).
2003-10-09 19:50:00 +00:00
Jacques Vidrine
f0a7f80d65 Update build infrastructure for Heimdal 0.6. 2003-10-09 19:48:47 +00:00
Mark Murray
3296cb154d Try a lot harder to get dependancies right. This involves some ugly
looking ${.OBJDIR} work that has the up-side of actually working
in upgrade and make -jN cases.

This needs to be revisited further, and it is conceivable that
the ${.OBJDIR} stuff can be simplified, but the sheer number of
edge cases and other causes make this Hard(tm). For now, this works.
2003-07-27 16:49:10 +00:00
Mark Murray
f5eb4a6a5e Try a lot harder to get dependancies right. This involves some ugly
looking ${.OBJDIR} work that has the up-side of actually working
in upgrade and make -jN cases.

This needs to be revisited further, and it is conceivable that
the ${.OBJDIR} stuff can be simplified, but the sheer number of
edge cases and other causes make this Hard(tm). For now, this works.
2003-07-27 13:17:31 +00:00
Mark Murray
069b88eb3a Big fixup of the makefiles. Sort out the dependancies so that "make"
without "make depend" works, "make -j N" works, and lists of source
files are made vertical to reduce future diffs.
2003-07-18 13:21:58 +00:00
Mark Murray
4afa371832 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
Michael Reifenberger
bdf5603500 Add (optional, default off) support to kerberos5 for supporting openldap.
Tests with openldap20 where successful whereas openldap21 didn't like
the way hdb-ldap accessed openldap (doesn't like non-bind access).
To activate the support put a USE_OPENLDAP=yes in your make.conf.
The OPENLDAPBASE is also optional and points to /usr/local as default.

Approved by:	markm
MFC after:	2 weeks
2003-06-18 09:11:34 +00:00
Warner Losh
30aaff1192 Migrate to a new way of dealing with building from old revisions of
FreeBSD.  This method attempts to centralize all the necessary hacks
or work arounds in one of two places in the tree (src/Makefile.inc1
and src/tools/build).  We build a small compatibility library
(libbuild.a) as well as selectively installing necessary include
files.  We then include this directory when building host binaries.

This removes all the past release compatibilty hacks from various
places in the tree.  We still build on tip of stable and current.  I
will work with those that want to support more, although I anticipate
it will just work.

Many thanks to ru@, obrien@ and jhb@ for providing valuable input at
various stage of implementation, as well as for working together to
positively effect a change for the better.
2003-04-05 20:30:30 +00:00
Mark Murray
53056489db Post KerberosIV de-orbit: Clean up Kerberos5. We dont need KerberosIV
compatiblity mode anymore. Rename the k5foo utils to kfoo (after
repo-copy).
2003-03-09 21:56:55 +00:00
Jacques Vidrine
81d1ffee08 Unbreak Kerberos 5 authentication in telnet.
(Credential forwarding is still broken.)

PR:	bin/45397
2003-03-06 13:41:53 +00:00
Ruslan Ermilov
40c6b893d8 Take __FreeBSD_version into account when BOOTSTRAPPING. 2002-11-13 13:49:29 +00:00