Jacques Vidrine
18ae4e64cf
Define HAVE_PAM_GETENVLIST for build. Now environmental variables set
...
by PAM modules will be exported (correctly).
2001-02-08 21:16:34 +00:00
Bruce Evans
0be3a10c91
Fixed missing include of <unistd.h> and wrong prototype for setkey().
2001-02-06 01:17:59 +00:00
Ben Smithurst
48cd1cfb63
Add .Lb libcipher
...
PR: 24434
Submitted by: Bill Cheswick <ches@bell-labs.com>
2001-01-24 14:27:30 +00:00
Ruslan Ermilov
e9f98cd047
man(7) -> mdoc(7).
2001-01-16 15:28:12 +00:00
Peter Wemm
9886bcdf93
Merge into a single US-exportable libcrypt, which only provides
...
one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.
Reviewed-by: jkh
(flame-proof suit on)
2000-12-28 10:32:02 +00:00
Brian Feldman
94193b581b
Update for OpenSSH 2.3.0.
2000-12-05 03:01:33 +00:00
Ruslan Ermilov
2b7f803bd3
Fixed a typo from the last commit.
...
Submitted by: Mike Heffner <mheffner@vt.edu>
2000-11-15 07:45:23 +00:00
Kris Kennaway
326df993d7
Correct some fallout from the semi-automated way I updated the makefile.
...
Submitted by: roberto
2000-11-14 22:12:02 +00:00
Brian Feldman
087815f8bc
Disable /usr/bin/ssh being setuid root by default. Let the variable
...
ENABLE_SUID_SSH being defined reenable it for those that want it.
This follows discussion favoring the change from September. It
is not usually necessary to be setuid root, possibly less safe,
and less convenient (cannot use $HOSTALIASES, for example).
Submitted by: jedgar
2000-11-14 04:42:25 +00:00
Kris Kennaway
95200624a6
Update for OpenSSL 0.9.6
2000-11-13 02:21:38 +00:00
Gregory Neil Shapiro
85e427cc94
Fix up the build for the STARTTLS version of sendmail (again). This method
...
mimics that of tcpdump in that for normal builds, sendmail will only be
built once. For 'make release', it is built once for the bin dist and
once for the crypto dist. This method also removes the need for two separate
Makefiles (which could become out of sync).
Suggested by: bde
Assisted by: kris
2000-10-24 16:04:56 +00:00
Gregory Neil Shapiro
e11cbdb767
Do not override BINDIR settings from subdirectory Makefiles.
...
Submitted by: bde
2000-10-13 16:57:03 +00:00
Gregory Neil Shapiro
1e503e9884
../Makefile.inc was clobbering BINDIR so sendmail was being installed in
...
/usr/sbin/ instead of /usr/libexec/sendmail/
Submitted by: bde
2000-10-13 16:51:05 +00:00
Gregory Neil Shapiro
c1f12b17ff
Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSL
2000-10-13 03:21:37 +00:00
Gregory Neil Shapiro
fa54144cce
Given that sendmail's STARTTLS support requires OpenSSL and the bootstrap
...
issues that brings, build the non-TLS version of sendmail in
src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail.
This allows the TLS version to be part of the secure distribution when
building a release.
2000-10-13 03:20:43 +00:00
Gregory Neil Shapiro
cec19acfbc
Remove STARTTLS support as it breaks builds without crypto installed.
...
Waiting to hear back regarding the best way to do this.
2000-10-12 17:04:32 +00:00
Peter Wemm
0a69c17a48
With apoligies to Greg Shapiro, fix the world. The previous commit
...
lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than
appending to them with +=.
2000-10-11 12:19:42 +00:00
Gregory Neil Shapiro
c6cc60252d
Style fixes
2000-10-11 05:04:21 +00:00
Gregory Neil Shapiro
79c8873163
NOCRYPT imples NO_OPENSSL.
...
Still need to solve the distribution problem.
Submitted by: kris
2000-10-11 03:35:32 +00:00
Gregory Neil Shapiro
0c2b976cf8
Build sendmail with STARTTLS support unless NO_OPENSSL is set.
2000-10-10 18:15:41 +00:00
Kris Kennaway
b5a1cc3a5c
Overhaul of the build-time include file generation. Don't break in evp.h
...
if bootstrapping from a system on which the openssl headers are not
already present.
2000-09-17 06:45:27 +00:00
Gregory Neil Shapiro
cf1fec423a
Give users a way to alter the sendmail (and related utilities) build
...
environment so they can enable functionality such as SASL, LDAP, Hesiod.
2000-09-17 00:41:33 +00:00
Kris Kennaway
65c9b74cc6
Only build sftp-server conditionally
2000-09-16 22:43:00 +00:00
Andrey A. Chernov
89cdeb294d
Add sftp-server
2000-09-15 01:04:32 +00:00
Gregory Neil Shapiro
da69ece541
Allow users to add libraries for sendmail (e.g. Cyrus SASL)
...
Obtained from: Sergei Vyshenski <svysh@pn.sinp.msu.ru>
2000-09-13 04:16:16 +00:00
Kris Kennaway
2f538dadf7
Update for OpenSSH 2.2.0
2000-09-10 09:43:29 +00:00
Kris Kennaway
690a362571
Nuke RSAREF support from orbit.
...
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
Kris Kennaway
e1f99b045c
``Anyone is now free to rub two primes together for their own gratification''
...
-- Unknown
Now that the RSA algorithm is released into the public domain, build
librsaintl by default unless NO_RSAINTL is set in make.conf.
The native OpenSSL implementation of RSA is much faster, doesn't have
an artificial keysize limitation, has 30% fewer calories and tastes great!
2000-09-06 23:46:50 +00:00
Kris Kennaway
939c32909c
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
...
was using this feature.
2000-09-02 07:32:05 +00:00
Brian Feldman
dd62c1ebeb
Make the temporary file _evp.h instead of evp.h to not conflict with
...
the real evp.h.
Reported by: markm
2000-08-24 19:06:55 +00:00
Andrey A. Chernov
0305cfcec6
Add missing quotes around xauth path
2000-08-23 19:14:48 +00:00
Brian Feldman
4eb207a1ae
Generate a new evp.h at build-time instead of install-time to properly
...
support NFS(ro) installworlds.
2000-08-23 11:41:01 +00:00
Kris Kennaway
4d858ef441
Respect X11BASE to derive the location of xauth(1)
...
PR: 17818
Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00
Brian Feldman
04c9749ff0
Add working and easy crypt(3)-switching. Yes, we need a whole new API
...
for crypt(3) by now. In any case:
Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).
The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)
Reviewed by: peter
2000-08-22 02:15:54 +00:00
Gregory Neil Shapiro
d0b3252609
Turn on support for IPv6
2000-08-14 02:36:29 +00:00
Gregory Neil Shapiro
478c940682
Get rid of the /etc/aliases -> /etc/mail/aliases hack. /etc/mail/aliases
...
now exists in the distribution.
2000-08-13 08:36:40 +00:00
Gregory Neil Shapiro
88c75941e6
The rest of the changes needed to support the new version of sendmail (8.11.0).
...
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
2000-08-12 22:39:25 +00:00
Brian Feldman
314844b39a
Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by
...
getting rid of the check for NO_IDEA (in evp.h) completely if it's
installed without MAKE_IDEA=YES.
2000-08-04 04:25:59 +00:00
Kris Kennaway
283cfe50ae
Install the openssl(1) manpage with an MLINK from ssl(8) to at least put
...
something in the location where OpenSSH likes to point.
2000-08-03 05:29:04 +00:00
Kris Kennaway
b682213c87
Don't build sshd if NO_OPENSSL defined.
...
Submitted by: stephen@math.missouri.edu
2000-07-30 22:25:54 +00:00
Kris Kennaway
abe829c0e3
Don't build crypto-enabled telnetd if NO_OPENSSL is defined, since it
...
attempts to link against libcrypto.
2000-07-25 01:11:17 +00:00
Mark Murray
1200a0a6e4
WITH_IDEA --> MAKE_IDEA fix.
2000-07-16 12:20:28 +00:00
Peter Wemm
ecece7e319
Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
2000-07-16 05:48:49 +00:00
Peter Wemm
97e8e70bd1
Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using
...
MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to
confuse myself last time and made make.conf different to the code. ;-(
Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>
2000-07-14 09:18:21 +00:00
Peter Wemm
8e7cbb3c91
Argh. Cut/paste transcription error. Fix syntax of previous commit.
2000-07-03 06:26:30 +00:00
Peter Wemm
86c9b3ab20
USA_RESIDENT is forced to YES or NO at the start of Makefile.inc1
...
Use that to be the final arbiter of whether or not to build the
librsaintl.so plugin for openssl/openssh. Add a magic WANT_RSAINTL flag
to force building even if USA_RESIDENT=YES.
2000-07-03 06:24:23 +00:00
Mark Murray
ce09ad5098
MFI. This is a documentation-only, diffreducing patch, that if
...
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
2000-06-24 06:50:58 +00:00
Kris Kennaway
957dc12dec
Link explicitly against -lmd. I'm not sure what was pulling this in
...
on -current, but it doesnt do it on -stable.
2000-06-11 05:30:52 +00:00
Kris Kennaway
d52b295063
Add a new file to SRCS
2000-06-03 10:04:31 +00:00
David E. O'Brien
14a8a54168
/dev/urandom is the default random device, so no use in stateing it here.
...
Also simplify the conditionals a little.
2000-05-15 23:29:03 +00:00
David E. O'Brien
f254f0ac49
This version is slightly better than rev 1.10. There are still missing
...
dependencies for openssl/*.h. I cannot reproduce any critical race
conditions with this revision.
2000-05-15 17:28:06 +00:00
David E. O'Brien
f80c5c4a34
Use unadorned `mkdir -p', removing the "test ... ||".
...
There are sometimes problems with "&&" and "||" in the `make -j' case, as
it appears multiple processes may process parts of the execution line.
2000-05-15 16:52:57 +00:00
Kris Kennaway
4fc9354419
Update for OpenSSH 2.1
2000-05-15 05:26:50 +00:00
Kris Kennaway
0ae5a27cf8
Use the C locale for running date(1).
...
Submitted by: ache
2000-04-20 07:26:46 +00:00
Kris Kennaway
9ccbd450e8
Update for OpenSSL 0.9.5a and clean up a bit.
2000-04-13 07:37:35 +00:00
Kris Kennaway
a7aaf459e7
Update for OpenSSL 0.9.5a and clean up a bit.
...
Take responsibility for this makefile again :-)
2000-04-13 07:37:26 +00:00
David E. O'Brien
63bfdbdb0a
* Fix dependancies so that ``make depend'' is not required.
...
* Some style fixes
Approved by: kris
2000-04-11 09:27:24 +00:00
David E. O'Brien
2461ce422b
* Fix dependancies so that ``make depend'' is not required.
...
* Some style fixes
Approved by: kris
2000-04-11 08:28:47 +00:00
Kris Kennaway
aad873b098
Add libcrypto to LDADD. This fixes problems seen with e.g. apache-modssl
...
Submitted by: Jim Bloom <bloom@acm.org>
2000-04-04 07:31:01 +00:00
Kris Kennaway
fcd9d76716
Missed a fix for the new openssh; this fixes make world.
2000-03-26 21:17:11 +00:00
Kris Kennaway
1ef4beca5f
Update for latest OpenSSH
2000-03-26 07:54:12 +00:00
Kris Kennaway
9fd4066575
Add a new function stub to libcrypto() which resolves to a symbol in
...
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.
This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'
This is a 4.0-RELEASE candidate.
2000-03-13 09:55:53 +00:00
Mark Murray
283073b4e6
Make LOGIN_CAP work properly.
...
Submitted by: ache
2000-03-09 14:54:00 +00:00
Kris Kennaway
bb49f794f5
Buildworld fixes for NO_OPENSSH and NO_OPENSSL
...
Approved by: jkh
2000-03-09 06:29:05 +00:00
Kris Kennaway
d7d9ad4214
Build a shared library too - ports expect it.
...
Reviewed by: peter
Approved by: jkh
2000-03-07 20:55:55 +00:00
Peter Wemm
5a0a2ee966
Merge from internat.freebsd.org; cleanup stray rsaref glue code reference
2000-03-05 14:20:57 +00:00
John Hay
aa77fdaa47
MFI: Make ssh and sshd link in the krb5 part of make release.
...
Reviewed by: markm
2000-03-03 20:34:05 +00:00
Kris Kennaway
a5ee11a77a
Resurrect the old libdes manpages (after a repo copy) until we have better
...
ones.
2000-03-02 06:06:35 +00:00
Peter Wemm
3187486c8a
Merge from internat.freebsd.org: add libcrypto to librsaUSA's symbol search
...
path so that ERR_load_strings() is found in certain circumstances
involving dlopen(). eg: main program dlopened foo.so which is linked
against libcrypto. If libcrypto then dlopens librsaUSA.so, then it's
search path doens't find libcrypto (!). One "fix" is to force
modules (eg main opening foo.so) to use the RTLD_GLOBAL flag, the other
is to explicitly declare dependencies (as done here).
2000-03-02 05:22:46 +00:00
Mark Murray
87afaaf75a
MFI: stupid typo of mine.
2000-02-29 09:56:11 +00:00
Kris Kennaway
06f13592e1
Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt
...
symlinks. The name is against my better judgement, but I defer to ancient
tradition here because I'm a nice guy.
Reviewed by: -current
2000-02-29 05:47:52 +00:00
Mark Murray
e1eaf14cd7
New distribution names.
2000-02-28 19:25:34 +00:00
Mark Murray
c62e13f4cf
New distribution name.
2000-02-28 19:24:33 +00:00
Peter Wemm
9fa5f5fd96
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
...
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
2000-02-26 13:13:03 +00:00
Peter Wemm
42a75d55f1
Merge from internat.freebsd.org; deal with -DRSAref the same way as
...
libcrypto - not that it means much on the US code tree.
2000-02-25 14:15:31 +00:00
Peter Wemm
cfd62b902e
Merge from internat.freebsd.org; make RSAREF=YES work correctly, although
...
this is not very useful as the US repo is missing bits.
2000-02-25 14:08:35 +00:00
Peter Wemm
6681286022
Create a stub libRSAglue for bsd.port.mk's sake
2000-02-25 09:47:17 +00:00
Peter Wemm
8df7a1fa29
Don't pull in libRSAglue for the rsaref case. Since this is linked
...
dynamically by default, we use the dlopen() calls to load librsaref.so
on US code trees.
2000-02-25 08:21:35 +00:00
Peter Wemm
07a0979e84
Fold libRSAglue into libcrypto so we don't have to special-case
...
all the builds. There is still no actual RSA implementation code
in libcrypto or src/* on US code trees.
2000-02-25 08:18:43 +00:00
Peter Wemm
08c0f1c7dd
Sync with internat; delete a trailing space
2000-02-25 05:35:37 +00:00
Mark Murray
51a4536595
Remove port components not needed in 4.n+
...
Submitted by: Half the freaking planet....
2000-02-24 22:39:24 +00:00
Mark Murray
b87f0bc988
libdes is OBE
2000-02-24 19:08:24 +00:00
Mark Murray
c9f2d5f483
Build everything properly. This means:
...
o Don't b uild libdes.
o Crypto is now housed in libcrypto (with a compatability symlink to
libdes)
o RSA may depend on RSAREF at your locale.
o OpenSSH is now a part of the base system.
2000-02-24 18:59:34 +00:00
Mark Murray
c23e256eef
Add the OpenSSH userland-building Makefiles.
2000-02-24 17:00:55 +00:00
Mark Murray
228c5a5af7
Freefall/Internat diff reducer.
2000-02-24 10:37:29 +00:00
Mark Murray
22dcf83566
Freefall/Internat diff reducer.
2000-02-24 10:21:56 +00:00
Mark Murray
1b87af6b57
Freefall/Internat diff reducer.
2000-02-24 10:06:57 +00:00
Mark Murray
97dacfda2b
Diff reducer. Comes from Internat.
2000-02-24 09:52:37 +00:00
Mark Murray
4486a1f099
Remove useless whitespace.
...
Part of big commit OK'ed by: JKH
2000-02-24 09:48:58 +00:00
Kris Kennaway
0c7304fede
Back out the previous commit - it broke world and was not approved.
...
I don't know what I was thinking committing without approval - sorry.
2000-02-14 08:09:52 +00:00
Kris Kennaway
b0ba1374bc
Link dynamically, not statically.
2000-02-13 00:53:12 +00:00
Kris Kennaway
8c52579a78
Add NO_OPENSSL knob to turn off building of openssl
...
Requested by: wollman
2000-01-30 04:12:49 +00:00
Kris Kennaway
c6680962bf
Add NO_OPENSSL knob to turn off building of openssl
...
Requested by: wollman
2000-01-30 04:11:37 +00:00
Yoshinobu Inoue
4dd8b5ab79
another tcp apps IPv6 updates.(should be make world safe)
...
ftp, telnet, ftpd, faithd
also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
2000-01-27 09:28:38 +00:00
Kris Kennaway
a5c3c93893
Don't search for libraries in ${LOCALBASE}. This should fix the problems
...
people were seeing with conflicts with the openssl port.
2000-01-20 07:29:01 +00:00
Kris Kennaway
04c111ac5f
Activate librsaglue
2000-01-20 07:27:49 +00:00
Kris Kennaway
486bbb25ef
Move the rsaref gunk to libRSAglue where ports expect it.
2000-01-20 07:27:38 +00:00
Kris Kennaway
5afe765e66
Build infrastructure for libRSAglue, required for compatability with
...
ports even though it doesn't seem to do anything which requires it
to be separate from libcrypto.
2000-01-20 07:24:40 +00:00
Kris Kennaway
e36de8f1b1
The wrong version of the file was committed previously which explains the
...
problems seen here.
2000-01-16 21:00:06 +00:00
Kris Kennaway
f9992f30fc
Turn back on openssl building.
2000-01-16 05:25:26 +00:00