Commit Graph

89 Commits

Author SHA1 Message Date
pjd
1073fb03ac Please welcome casperd daemon. It (and its services) will be responsible for
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.

Start with the following services:
- system.dns - provides API compatible to:
	- gethostbyname(3),
	- gethostbyname2(3),
	- gethostbyaddr(3),
	- getaddrinfo(3),
	- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.

Sponsored by:	The FreeBSD Foundation
2013-12-02 08:21:28 +00:00
jmmv
a1626fee63 Build and install the atf tests.
Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:33:41 +00:00
jmmv
627bb4f0bd Subsume the functionality of MK_ATF into MK_TESTS.
There is no reason to keep the two knobs separate: if tests are
enabled, the ATF libraries are required; and if tests are disabled,
the ATF libraries are not necessary.  Keeping the two just serves
to complicate the build.

Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:24:47 +00:00
des
1fb35847da By popular demand, move freebsd-version(1) from /libexec to /bin.
Approved by:	re (gjb)
2013-10-09 20:47:20 +00:00
des
8984ced46c Introduce the /libexec/freebsd-version script, which is intended to be
used by auditing tools to determine the userland patch level when it
differs from what `uname -r` reports.  This can happen when the system
is kept up-to-date using freebsd-update and the last SA did not touch
the kernel, or when a new kernel has been installed but the system has
not yet rebooted.

Approved by:	re (glebius)
2013-10-07 10:26:38 +00:00
marcel
8412efbea8 Add ATF to the build. This is may be a bit rought around the egdes,
but committing it helps to get everyone on the same page and makes
sure we make progress.

Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.

Credits follow:

Submitted by:	Garrett Cooper <yanegomi@gmail.com>
Sponsored by:	Isilon Systems
Based on work by:	keramida@
Thanks to:	gnn@, mdf@, mlaier@, sjg@
Special thanks to:	keramida@
2012-10-22 01:18:41 +00:00
ed
879c7d2730 Add a new library: libulog.
One of the things I really want to do, is to get rid of the limitations
of our current utmp(5) mechanism:

- It only allows 8 byte TTY device names.
- The hostname only allows 16 bytes of storage.

I'm not a big fan of <utmpx.h>, but I think we should at least try to
add parts of it. Unfortunately we cannot implement <utmpx.h>, because we
miss various fields, such as ut_id, ut_pid, etc. The API provided by
libulog shares some similarities with <utmpx.h>, so it shouldn't be too
hard to port these applications eventually. In most simple cases, it
should just be a matter of removing the ulog_ prefix everywhere.

As a bonus, it also implements a function called ulog_login_pseudo(),
which allows unprivileged applications to write log entries, provided
they have a valid file descriptor to a pseudo-terminal master device.

libulog will allow a smoother transition to a new file format by adding
a library interface to deal with utmp/wtmp/lastlog files. I initially
thought about adding the functionality to libutil, but because I'm not
planning on keeping this library around forever, we'd better keep it
separated.

Next items on the todo list:

1. Port applications in the base system (and ports) to libulog, instead
   of letting them use <utmp.h>.
2. Remove <utmp.h>, implement <utmpx.h> and reimplement this library on
   top.
3. Port as many applications as possible back to <utmpx.h>.
2009-12-03 15:48:24 +00:00
remko
dcd2780b1c Do the first step in removing lukemftpd from the base system. Disconnect
it from the build.

If you are using the FTP daemon, please consider using the port ftp/tnftpd
which is the same FTP server, but newer and might have more/better
functionality.

This results in us providing only one ftp daemon by default.

Reviewed by:	bz
Approved by:	imp (mentor, implicit)
MFC after:	3 days
Silence from:	obrien
2009-09-03 16:34:20 +00:00
dougb
8af28beff7 Per the man page:
The makekey utility has been deprecated and will be removed in a future
release of FreeBSD.

Actually removing it was approved back on 10/29/2007 by re (kensmith) but
I dropped the ball on actually removing it. It's doubtful that it's become
more relevant/useful in the intervening time.
2009-05-26 00:07:02 +00:00
sam
9c3d2ffcdf add new build knobs and jigger some existing controls to improve
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd

Reviewed by:	various (posted to arch)
MFC after:	1 month
2008-09-21 22:02:26 +00:00
ed
126d9ed063 Remove the now unneeded pt_chown utility.
Before we had a posix_openpt() that allocated PTY's with proper
permissions in place, we used this set-uid utility to change the
ownership of PTY slave devices to the real user ID of the process. This
utility was used to implement grantpt().

In my first designs of the MPSAFE TTY layer, I replaced this by adding
an ioctl() called TIOCGRANTPT, which was used to change the ownership.
I left the pt_chown utility, because older C libraries needed it to work
properly.

After some discussions back in June I changed the PTY code to set
permissions properly upon creation. Fortunately the previous grantpt()
implementation changed permissions by hand when pt_chown is not
installed, which always succeeds. This means grantpt() still works
properly, even though the set-uid utility is missing.

I've done tests with FreeBSD 5.2.1, FreeBSD 6.3 and FreeBSD 7.0 jails.
All of them still work if I remove pt_chown.

Reviewed by:	philip (ex-mentor)
2008-08-24 10:01:22 +00:00
yar
64d3637d56 Add a hackish knob to skip rtld, NO_RTLD. In conjunction with
src/Makefile.inc1 rev. 1.590, it can allow installing a world
cross-built for a different arch over the live system.  The procedure
is more or less as follows:

	cp -R /rescue /rescue.old
	make installkernel TARGET_ARCH=foo
	make -DNO_RTLD installworld TARGET_ARCH=foo
	     ^^^^^^^^^
	PATH=/rescue.old
	chflags noschg /libexec/ld-elf.so.1
	cp /usr/obj/foo/usr/src/libexec/rtld/ld-elf.so.1 /libexec
	chflags schg /libexec/ld-elf.so.1
	<ditto for ld-elf32.so.1 if installing for amd64>
	reboot
2007-10-31 11:19:32 +00:00
mlaier
83807ec50d Link pf 4.1 to the build:
- move ftp-proxy from libexec to usr.sbin
 - add tftp-proxy
 - new altq mtag link

Approved by:	re (kensmith)
2007-07-03 12:46:08 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
nectar
a23214e059 Remove rexecd(8), a server that implements a particularly insecure
method of executing commands remotely.  There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat.  It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
2005-06-10 20:52:36 +00:00
obrien
06fef1a964 Enable lukemftpd for 6.0-RELEASE. 2005-05-16 17:12:23 +00:00
ru
860c6fe96a Install rlogind(8). Pointy hat is available on request. 2005-03-03 15:59:32 +00:00
trhodes
792676bbc2 Wrap BSD r* commands in NO_RCMDS.
Change NO_RCMDNS to NO_RCMDS and do the switch in bsd.compat.mk.

Discussed with: ru, nectar
2005-03-02 11:53:22 +00:00
ru
8f0a058ccf The only user of this utility (share/man/man0) was removed 2+ years ago. 2005-02-09 19:50:45 +00:00
ru
74176cc161 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
bz
4b83c5852a Add knob NO_NIS (fka NO_YP_LIBC) and make world compileable when set.
If turned on  no NIS support and related programs will be built.

Lost parts rediscovered by:	Danny Braniss <danny at cs.huji.ac.il>
PR:		bin/68303
No objections:	des, gshapiro, nectar
Reviewed by:	ru
Approved by:	rwatson (mentor)
MFC after:	2 weeks
2004-11-13 20:40:32 +00:00
des
a4c12f8006 Switch from BIND 8 to BIND 9.
Submitted by:	(in part) dougb@, trhodes@
Reviewed by:	dougb@, trhodes@, re@
MFC after:	5 days
2004-09-21 19:01:48 +00:00
obrien
536504fc3c Commit a crude hack so we get sparc64 snapshots working again with a
stable ld.so.  We need to revisit the rtld-elf/sparc64/rtld_start.S
rev. 1.5 and rtld-elf/sparc64/rtld_machdep.h rev. 1.5, which was
suppose to allow stock Binutils 2.13 (and later) to be used.
2004-06-17 16:08:20 +00:00
obrien
0ac1bd72be Fall out from Binutils 2.15: don't bulid the ld.so on Sparc64. 2004-06-17 03:04:24 +00:00
mlaier
6be47b725d Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by:	bms(mentor)
2004-03-08 22:03:29 +00:00
ru
6593bb80ea - Build things in pure dictionary order (see sort(1)).
- Unify the conditional assignments section so that architectural
  exclusions come first, then options and !options, sorted by the
  option name, also in directory order, then architecture specific
  sections, sorted by the architecture name, with i386 being a
  traditional exception.

Prodded by:	bde
2004-01-16 15:23:19 +00:00
markm
d6aec2b6d6 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
peter
469c0a1ad7 Do not exclude amd64 from rtld-elf builds.
Approved by:  re  (safe amd64 support commits)
2003-05-24 17:38:45 +00:00
des
e5d2d778eb Retire the useless NOSECURE knob.
Approved by:	re (scottl)
2003-05-19 15:52:01 +00:00
markm
64cd7ea15d Allow a NOPIC "make world" to complete.
OK'ed by:	re(scottl)
2003-05-11 18:48:29 +00:00
peter
10cba42d09 Exclude rtld-elf for amd64. More porting is still needed.
Approved by:  re (scottl)
2003-05-08 06:37:12 +00:00
markm
ee63e7dc15 Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
ru
0deec148ba Build non-crypto telnet(1) and telnetd(8) if NO_OPENSSL is defined.
Submitted by:	Marius Strobl <marius@alchemy.franken.de>
2003-05-01 19:38:15 +00:00
ru
13592a9888 Don't clobber Kerberos5 telnet(1) and telnetd(8) with non-crypto versions. 2003-04-30 07:24:35 +00:00
imp
2bde9db9c2 Add back # accidentally deleted in 1.54 2003-04-27 06:16:52 +00:00
imp
733bde7ebe This is no longer needed after tw is gone.
Approved by: re@ (scottl)
2003-04-27 05:43:42 +00:00
jmallett
a33543dd92 Implement POSIX grantpt(3) functionality, and add a pt_chown utility (akin
to Solaris, it is in /usr/libexec) to perform the handing over of tty nodes
to the user being granted the pty.

Submitted by:	Ryan Younce <ryany@pobox.com>
Reviewed by:	security-officer@, standards@, mike@
2003-01-02 20:44:41 +00:00
obrien
5a20d2febf [DAIVD O'BRIEN's OPINION]
Head off what I think is an abuse of the TRB, and disable lukemftpd.
2002-11-12 17:31:12 +00:00
mike
f7bc6d5b05 Hook rpc.rstatd back up to the build now that it compiles. 2002-10-02 18:37:11 +00:00
jhb
0f8f579414 Unhook rpc.rstatd from the build until it actually compiles. 2002-10-02 16:14:16 +00:00
peter
a51c9b6627 Initiate deorbit burn for the i386-only a.out related support. Moves are
under way to move the remnants of the a.out toolchain to ports.  As the
comment in src/Makefile said, this stuff is deprecated and one should not
expect this to remain beyond 4.0-REL.  It has already lasted WAY beyond
that.

Notable exceptions:
gcc - I have not touched the a.out generation stuff there.
ldd/ldconfig - still have some code to interface with a.out rtld.
old as/ld/etc - I have not removed these yet, pending their move to ports.
some includes - necessary for ldd/ldconfig for now.

Tested on: i386 (extensively), alpha
2002-09-17 01:49:00 +00:00
dwmalone
374c5261af Add tcpd to the build - though we don't need to for inetd, someone might
want it for some other service-running program.

Approved by:	markm
MFC after:	1 week
2002-08-13 14:03:40 +00:00
obrien
590885c10f Add lukemftpd to the mix. 2002-02-27 18:37:21 +00:00
kris
269b821fe5 Migrate uucpd to ports as well.
Noticed by:	ru
2001-10-01 07:53:13 +00:00
ru
543d496983 Do not build (and install) both secure/ and standard versions
of libtelnet, telnetd, and telnet.  This only worked because
secure/ was listed late in SUBDIR in Makefile.inc1.

Reviewed by:	markm
2001-03-26 12:49:05 +00:00
dougb
ed0bc299d0 Add a system to save entropy from /dev/random periodically so that
it can be used to reseed at boot time. This will greatly increase
the chances that there will be sufficient entropy available at
boot time to prevent long delays.

For /etc/rc, remove the vmstat and iostat runs from the attempt
to provide some cheesy randomness if the files fail, since
those programs are dynamically linked, and ldd seems to want
some randomness to do its magic.

Guidance and parameters for this project were provided by
Mark Murray, based on the requirements of the Yarrow
algorithm. Some helpful suggestions for implementation
(including the tip about iostat and vmstat) were provided
by Sheldon Hearn. All blame for problems or mistakes is
mine of course.
2001-01-11 13:01:20 +00:00
dan
47ea23cc27 Wrap uucpd behind the NOUUCP knob.
Noticed by: Doug Barton
2000-03-24 18:21:09 +00:00
peter
513abb8c9a Reactivate named-xfer 1999-11-30 06:23:04 +00:00
peter
dc618593bd Move named and associated tools into a seperate makefile section and
disable them pending an import and cleanup of bind 8.2.2.p5.
1999-11-30 02:18:13 +00:00
brian
62d5fe5265 Enable pppoed 1999-11-21 23:39:51 +00:00