Commit Graph

488 Commits

Author SHA1 Message Date
markm
ee63e7dc15 Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
markm
06bd19ebb1 We no longer have a separate kerberos distribution. Its now just
part of the regular security dist.
2003-04-30 17:46:24 +00:00
ru
807a352217 The including makefile's directory is tried first for .include "...". 2003-04-30 07:54:39 +00:00
ru
4e8be68394 Most things depend on !defined(NO_OPENSSL); make it look so. 2003-04-30 07:51:51 +00:00
ru
026dd985be NOSECURE is implied by NOCRYPT, meaning if the latter is defined
we won't be here.
2003-04-30 07:34:14 +00:00
des
97c8ef8dd1 Remove Kerberos IV shims. 2003-04-23 17:26:01 +00:00
des
ea5dc58e56 Update for 3.6.1p1; also remove Kerberos IV shims. 2003-04-23 17:25:47 +00:00
bde
b290b293cf Silence `make -s' (echo -> ${ECHO}). 2003-04-13 14:13:28 +00:00
ru
17f3ff85b3 libtelnet depends on OpenSSL.
PR:	50507
2003-04-01 12:50:40 +00:00
charnier
ed068996dc The .Nm utility 2003-03-24 16:09:07 +00:00
obrien
351221da0d Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f'
doesn't need to be prefixed with '-'.  Keep the pointy hat for myself
for not reading the code closely.
2003-03-11 17:19:37 +00:00
obrien
84a73cfb24 Don't error out the build if removing a "stale" symlink fails.
Pointy hat for breaking my installworld:	nectar
2003-03-10 19:43:56 +00:00
mtm
215e222a66 Fix mixed up arguments passed to a locally defined err(int, char *)
function.

Approved by:	markm (mentor)
Submitted by:	till toenges <tt@mail.isis.de>
PR:		bin/48963
2003-03-07 16:00:55 +00:00
ru
165c565db3 Handle includes the normal way.
Reviewed by:	markm
Approved by:	nectar
2003-02-27 23:07:26 +00:00
nectar
490f7849d9 Regenerate man pages after import of OpenSSL 0.9.7a. 2003-02-19 23:30:52 +00:00
nectar
b59b6bc887 LIBDIR/INCLUDEDIR do not include DESTDIR.
Reported by:	Andrzej Tobola <san@iem.pw.edu.pl>
2003-02-18 17:29:04 +00:00
nectar
f1000a6283 Follow-up to previous commit: we had a des.h symlink, too. Remove
that.
2003-02-18 16:07:33 +00:00
nectar
f671b30fa6 Previously, libcrypto contained symbols that were identical to EAY
libdes, and functionally close enough so that we created symlinks
(libdes -> libcrypto) to help older applications.  With the import of
OpenSSL 0.9.7, this is no longer true and we no longer install these
symlinks.  However, systems that are upgraded may have these symlinks,
which could cause non-obvious breakage at build-time.  Therefore, blow
any old symlinks away in the `afterinstall' target.
2003-02-18 14:23:11 +00:00
nectar
90c5cfa574 Correct path for finding asm-generating files. 2003-02-14 12:25:00 +00:00
nectar
b36647ffe0 Install the OpenSSL man pages in /usr/share/openssl/man
and remove the WANT_OPENSSL_MANPAGES knob.
2003-02-10 19:57:56 +00:00
nectar
aa5fb3b42f Do not define OPENSSL_NO_KRB5 here in CFLAGS. It is handled in
opensslconf.h.

Reminded by:	reports from des, obrien
2003-02-09 14:59:56 +00:00
nectar
c2f3a5547f Re-add WANT_OPENSSL_MANPAGES knob.
Noticed by:	ru
2003-01-31 11:30:38 +00:00
nectar
637cc179f5 Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
 interfaces that the former implemented but the latter did not.  Because
 some software in the base system still depended upon these interfaces,
 we simply included them in our libcrypto (rnd_keys.c).

Now, finally get around to removing the dependencies on these
interfaces.  There were basically two cases:

  des_new_random_key -- This is just a wrapper for des_random_key, and
     these calls were replaced.

  des_init_random_number_generator et. al. -- A few functions were used
     by the application to seed libdes's PRNG.  These are not necessary
     when using libcrypto, as OpenSSL internally seeds the PRNG from
     /dev/random.  These calls were simply removed.

Again, some of the Kerberos 4 files have been taken off the vendor
branch.  I do not expect there to be future imports of KTH Kerberos 4.
2003-01-29 18:14:29 +00:00
nectar
28586b8dce Re-add WANT_OPENSSL_MANPAGES knob. 2003-01-29 13:35:40 +00:00
peter
1cdf5f0a55 Hopefully fix world for folks not compiling IDEA (the default).
NO_IDEA is now spelled OPENSSL_NO_IDEA.  Update the bmake glue accordingly
or the IDEA references are not stripped from <openssl/evp.h>
2003-01-29 02:19:15 +00:00
nectar
cc3760c973 Force OPENSSL_NO_KRB5. OpenSSL's current implementation of RFC 2712
can only be built with MIT Kerberos.

If we didn't define this here, then SSL-using applications would have
to define OPENSSL_NO_KRB5 themselves in order to build.
2003-01-29 01:06:15 +00:00
markm
ecacd12edb Update for OpenSSL 0.9.7. No assembler code at the moment. This
will follow.
2003-01-28 22:58:14 +00:00
des
5a36cfc6d3 ia64 and sparc64 both have libc_r now. 2003-01-09 08:36:05 +00:00
des
4db7824c37 Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need.
Use pthreads for PAM if the platform supports it and the user asked for it
(by setting OPENSSH_USE_POSIX_THREADS)

Sponsored by:	DARPA, NAI Labs
2002-12-14 13:54:57 +00:00
kris
22dd80b806 Remove myself as maintainer of openssl; I no longer have enough time to
devote to it.
2002-11-21 08:48:08 +00:00
ru
d07178d31f DON'T EVER PUT THIS BACK!
Pointy hat to:	obrien
2002-11-08 12:47:51 +00:00
obrien
afccab5282 Style sync with rest of FreeBSD. 2002-11-06 22:54:58 +00:00
des
da156e9602 Update for OpenSSH 3.5p1. 2002-10-29 10:18:00 +00:00
markm
1244ddc10e Don't lint contrib'ed sources, even if the builder has asked for linting.
Its Just Too Noisy.
2002-09-25 09:58:00 +00:00
ru
b003f2381f Bandaid for a broken world. The real fix is somewhat more
complicated and will be sent for a review.
2002-09-20 12:33:19 +00:00
ru
38695c19fd Added the missing dependencies for openssl/ headers. 2002-09-19 13:24:27 +00:00
nectar
84a4209b10 Use uint32_t' instead of unsigned long', since the code assumes 32-bit
arithmetic.

Reviewed by:	make test

The fact that bdes(1) didn't work was
Reported by:	Fred Clift <fclift@verio.net>
2002-08-24 02:53:23 +00:00
nectar
60918054e9 Update list of installed manual pages after regenerating them. 2002-07-30 14:47:24 +00:00
nectar
9b12eca4b2 This commit was generated by cvs2svn to compensate for changes in r100946,
which included commits to RCS files with non-trunk default branches.
2002-07-30 14:34:51 +00:00
nectar
3b5892151d Import the regenerated OpenSSL man pages after import of OpenSSL 0.9.6e. 2002-07-30 14:34:51 +00:00
nectar
edc9b2ee92 Update to match reality (i.e. reference libcrypto headers and
libraries, not the no-longer-existent libdes).
2002-07-30 12:53:15 +00:00
ru
c441264fcd s,/usr/include,${INCLUDEDIR}, 2002-07-22 10:59:22 +00:00
ru
8f8470b6a7 Removed the (never used) help-distribute target from here.
(Similar targets were once used during the release building
process for kerberosIV and kerberos5.)
2002-07-11 13:31:52 +00:00
des
a651b056f9 ssh-keysign(8) belongs in /usr/libexec, not in /usr/bin, and needs to be
setuid so ssh(1) doesn't have to be.

Pointy hat to:	des
Submitted by:	Katsuyuki TATEISHI <katsu@iec.hiroshima-u.ac.jp>
2002-07-05 08:39:09 +00:00
des
43b9533418 Switch over to 3.4p1. 2002-06-29 12:16:50 +00:00
des
513df53f59 No guts, no glory. Switch to OpenSSH-portable.
Sponsored by:	DARPA, NAI Labs
2002-06-25 19:10:09 +00:00
des
9720b176d2 My previous style commits weren't entirely right. Fix some bugs I
introduced, and a few more I hadn't yet fixed.

Submitted by:	bde
2002-06-24 12:32:30 +00:00
des
a2f0c70ddc Previous commit made no sense. 2002-06-24 10:17:26 +00:00
des
c053249a36 Fix style and unbreal static build. 2002-06-24 10:16:38 +00:00
des
107ff84363 Install the new man pages. 2002-06-23 21:43:43 +00:00
des
8577d3fa57 Update Makefiles for OpenSSH 3.3. 2002-06-23 16:09:29 +00:00
ru
25fe20626e Make NO_OPENSSL actually imply NO_OPENSSH, as documented in make.conf(5). 2002-06-21 08:54:03 +00:00
obrien
d29a2e20ce for OpenSSL 0.9.5a 2002-05-15 09:17:27 +00:00
markm
8082500a64 Build using pregenerated manpages; don't use perl to translate .pod's.
The translated .pod's have already been committed.
2002-05-14 19:39:00 +00:00
markm
aeefd5b3e2 As the perl-generated assembler files have been committed, add the
perl-generated (.pod) manual pages too. This is another nail in the
perl5 coffin (for base perl, not the port or the language in general).
2002-05-14 16:06:50 +00:00
markm
c5a2874435 This commit was generated by cvs2svn to compensate for changes in r96593,
which included commits to RCS files with non-trunk default branches.
2002-05-14 16:06:50 +00:00
ru
bc2e1305d8 Removed now unused INTERNALSTATICLIB.
INTERNALLIB now implies NOPIC and NOPROFILE.
Removed gratuitous NOMAN.
2002-05-13 11:09:07 +00:00
ru
59049318b6 Added new bsd.incs.mk which handles installing of header files
via INCS.  Implemented INCSLINKS (equivalent to SYMLINKS) to
handle symlinking include files.  Allow for multiple groups of
include files to be installed, with the powerful INCSGROUPS knob.
Documentation to follow.

Added standard `includes' and `incsinstall' targets, use them
in Makefile.inc1.  Headers from the following makefiles were
not installed before (during `includes' in Makefile.inc1):

	kerberos5/lib/libtelnet/Makefile
	lib/libbz2/Makefile
	lib/libdevinfo/Makefile
	lib/libform/Makefile
	lib/libisc/Makefile
	lib/libmenu/Makefile
	lib/libmilter/Makefile
	lib/libpanel/Makefile

Replaced all `beforeinstall' targets for installing includes
with the INCS stuff.

Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS,
and for compatibility with NetBSD.  Similarly for INCOWN, INCGRP,
and INCMODE.

Consistently use INCLUDEDIR instead of /usr/include.

gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes
were only lightly tested due to the missing contrib/libstdc++-v3.
I fully tested the pre-WIP_GCC31 version of this patch with the
contrib/libstdc++.295 stuff.

These changes have been tested on i386 with the -DNO_WERROR "make
world" and "make release".
2002-05-12 16:01:00 +00:00
peter
afb49cba0d Pre-generate the optimized x86 crypto code and check it in rather than
depending on perl at build time.  Makefile.asm is a helper for after the
next import.

With my cvs@ hat on, the relatively small repo cost of this is acceptable,
especially given that we have other (much bigger) things like
lib*.so.gz.uu checked in under src/lib/compat/*.

Reviewed by:	kris (maintainer)
2002-05-03 00:14:39 +00:00
ru
8ad1c2807b Milestone #1 in cross-arch make releases.
Do not install games and profiled libraries to the ${CHROOTDIR}
with the initial installworld.

Eliminate the need in the second installworld.  For that, make sure
_everything_ is built in the "world" environment, using the right
tool chain.

Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1.  Split the
buildworld process into stages, and skip some stages when
SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5
dists).

Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running
makewhatis(1) at the end of installworld (used when making crypto,
krb4, and krb5 dists).

In release/scripts/doFS.sh, ensure that the correct boot blocks are
used.

Moved the creation of the "crypto" dist from release.5 to
release.2.

In release.3 and doMFSKERN, build kernels in the "world"
environment.  KERNELS now means "additional" kernels, GENERIC is
always built.

Ensure we build crunched binaries in the "world" environment.
Obfuscate release/Makefile some more (WMAKEENV) to achieve this.

Inline createBOOTMFS target.

Use already built GENERIC kernel modules to augment mfsfd's
/stand/modules.  GC doMODULES as such.

Assorted fixes:

Get rid of the "afterdistribute" target by moving the single use
of it from sys/Makefile to etc/Makefile's "distribute".

Makefile.inc1: apparently "etc" no longer needs to be last for
"distribute" to succeed.

gnu/usr.bin/perl/library/Makefile.inc: do not override the
"install" and "distribute" targets, do it the "canonical" way.

release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and
catpages appear in the right dists.  Note that because Perl does
not respect the MANBUILDCAT (and NOMAN), this results in a loss of
/usr/share/perl/man/cat* empty directories.  This will be fixed
soon.

Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it
means "make KerberosIV"), as documented in the make.conf(5)
manpage.  Most of the userland makefiles did not test it for "YES"
anyway.

XXX Should specialized kerberized libpam versions be included into
the krb4 and krb5 dists?  (libpam.a would be incorrect anyway if
both krb4 and krb5 dists were choosen.)

Make sure "games" dist is made before "catpages", otherwise games
catpages settle in the wrong dist.

Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
2002-04-26 17:55:27 +00:00
ru
ba95eb1f7b The library itself does not depend on Kerberos bits.
Otherwise, we would have broken krb4 and krb5 dists.
2002-04-23 11:33:29 +00:00
ru
065ea04bd8 Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation.  Reduces diffs to OpenSSH.)

Reviewed by:	bde
2002-03-26 12:52:28 +00:00
des
34976224b3 Install headers with -C. Ideally, these Makefiles should not need to
override the beforeinstall target at all, but this has proven difficult
to achieve.
2002-03-23 18:01:01 +00:00
des
cb58035239 Use PAM instead of S/Key (or OPIE) for SSH2.
Sponsored by:	DARPA, NAI Labs
2002-03-21 12:18:27 +00:00
des
f75907434e Don't forget auth-skey.c. 2002-03-18 16:17:57 +00:00
des
8b705f089a Adjust for OpenSSH 3.1.
Sponsored by:	DARPA, NAI Labs
2002-03-18 10:20:33 +00:00
bde
1a8580a68d Fixed some style bugs. Mainly, don't use ${.ALLSRC} in implicit rules.
This change should have been in rev.1.37.
2002-03-17 09:53:21 +00:00
markm
a3e7599d8a Use NO_PERL as well as NOPERL. The latter is going to (eventually) go. 2002-03-16 15:12:13 +00:00
markm
ff64831dcf No functional change, but big code cleanup. WARNS, lint(1) and style(9). 2002-03-06 17:18:09 +00:00
mike
bcee06d42c o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
  source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
  Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
  POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
  and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
  complexities associated with having MD (asm and inline) versions, and
  having to prevent exposure of these functions in other headers that
  happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
  third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on:	alpha, i386
Reviewed by:	bde, jake, tmm
2002-02-18 20:35:27 +00:00
ru
b2c3dc0715 Now that cross-tools ld(1) has been fixed to look for dynamic
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by:	markm
2002-02-08 13:42:58 +00:00
kris
0e1bb965cc Set WFORMAT=0, overlooked in previous commits to libexec/.
Reported by:	jhay
2002-02-06 11:07:55 +00:00
kris
666d94f4b0 Update list of manpages 2002-01-27 03:36:57 +00:00
ru
c9d8bf8608 Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:54:17 +00:00
markm
7f33af3e59 Clean up makefiles, and turn on WARNS=2. Take into account the telnet
#if cleanup.
2001-11-30 21:10:58 +00:00
jake
1219f1b4ae Opensslconf for sparc64. Just a copy of the alpha one for now.
Approved by:	kkenn (maintainer)
2001-11-18 20:58:19 +00:00
markm
e4bbd42f9e Install libssh and libssh_pic. These are needed when building
statically, and when building things (like login(8)) standalone.
libssh_pic is needed for libpam and modules.

Requested by:	peter
2001-10-30 19:45:00 +00:00
peter
563a6becf9 __FBSDID() (second half of src/lib/libcrypt changes) 2001-10-23 10:23:32 +00:00
peter
e8dd921f5d Argh! Shoot me! (add closing */ after $FreeBSD$ ) 2001-10-22 09:54:17 +00:00
peter
5a17b5695a Add an ia64 configuration. This is not likely to be optimal, but does
compile and seems to work.  We should run configure after everything
else is self hosting to test the speeds of the various options.
2001-10-10 19:07:31 +00:00
peter
5c6420034e Sync this file up with its i386 brother. This appears to have been missed
when 0.9.5a was imported.

Approved by:	kris
2001-10-09 01:28:15 +00:00
ru
623da62a5a mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
ru
0579c777d9 Fix cross-building, etc:
1.  To cross-build, one now needs to set TARGET_ARCH, and not the
    MACHINE_ARCH.  MACHINE_ARCH should never be changed manually!

2.  Initialize DESTDIR= explicitly for bootstrap-tools, build-tools,
    and cross-tools stages.  This fixes broken header and library
    dependencies problem.  We build them in the host environment,
    and obviously want them to depend on host headers and libraries.
    The problem with broken header dependencies for bootstrap-tools
    and cross-tools was already partially solved (see BOOTSTRAPPING
    tests in bsd.prog.mk and bsd.lib.mk), but it was still there for
    build-tools if the user ran "make world DESTDIR=/foo".  Also,
    for all of these stages, the library dependencies were broken
    because of how bsd.libnames.mk define DPADD members.

    We still provide a glue to install bootstrap- and cross-tools
    under the ${WORLDTMP}.

    Removed PATH overrides for bootstrap-, build-, and cross-tools
    stages.  There is just no reason why we would need to override
    it, and the hacks to clean up the ${WORLDTMP} in the -DNOCLEAN
    case are no longer needed with fixes from this step.

    That is, we now never use ${WORLDTMP} headers and libraries,
    and we don't use any ${WORLDTMP} installed binaries during
    these stages.  Again, these stages depend solely on the host
    environment, including compiler, headers, and libraries.

3.  Moved "miniperl" back from cross-tools (it has nothing to do
    with a cross-compiler) to build-tools where it belongs.  The
    change from step 1 let to do this.  Also, to make this work,
    build-tools targets of "cc_tools" and "miniperl" were modified
    to call "depend".  Here follow the detailed explanations.

    There are two categories of build tools, for now.  In the first
    category there are "cc_tools" and "miniperl".  They occupy the
    whole (sub)directory, and nothing needs to be done in this
    subdirectory later during the "all" stage.  They are also
    constructed using system makefiles.  We must build the .depend
    early in the build-tools stage because:

    1)  They use (and depend on) the host environment.

    2)  If we don't do this in build-tools, the "depend" stage of
        buildworld will do this for us; wrong library and header
        dependencies will be recorded (DESTDIR=${WORLDTMP}) and,
        what's worse, the "all" stage may then clobber the
        build-architecture format tools (that we built in the
        build-tools stage) with the target-architecture format
        ones, breaking cross build.

    In the second category there are all other build-tools.  They
    share their directory with the "main" module that needs them
    in the "all" stage, and they don't show up themselves in the
    .depend file.  The portion of this fix was already committed
    in gnu/usr.bin/cc/cc_tools/Makefile,v 1.52.

4.  "libperl" is no longer a build tool, and "miniperl" is the
    stand-alone application.  I had to make this change because
    build-tools and "all" stages share the same object directory.
    Without this change, if we cross compile, libperl.a is first
    built for the build architecture during the build-tools stage
    (for the purposes of immediate linkage with "miniperl").
    Later on, the "all" stage sees this library as up-to-date,
    and doesn't rebuild it.  The effect is that the wrong format
    static libperl library is installed with installworld.

5.  Fixed "includes" to install secure/lib/libtelnet headers if
    required.

Reviewed by:	bde
2001-09-29 13:17:54 +00:00
bde
da8bd69c9b Fixed world breakage in rev.1.13. -lpam must never be used directly since
it doesn't work for static linkage.
2001-08-29 07:07:48 +00:00
markm
e909686930 Diff reduce all the crypto telnet Makefiles. 2001-08-20 12:32:45 +00:00
ru
d896280a89 mdoc(7) police: s/NetBSD/.Nx/ where appropriate. 2001-08-13 17:00:36 +00:00
ru
f858dca3dc mdoc(7) police: join split punctuation to macro calls. 2001-08-10 17:35:21 +00:00
bde
7f2b2ff935 Link to libcipher in the usual way. `bdes' depended on a nonexistent
library.  This only worked because of the undocmented feature of make(1)
that targets named foo.a are always up to date.

Fixed some style bugs.
2001-08-03 22:28:25 +00:00
markm
18d8718070 Revamp and diff-reduce the various secure telnets. Make sure that
Kerberos5 has _a_ telnet (which is not currently K5 enabled).
Incorporate BDE's static linking fixes.
2001-08-03 16:03:26 +00:00
bde
150ca138e2 Fixed world breakage when NOSHARED=yes. libmp now depends on libcrypto,
so it must be linked before libcrypto to work right.
2001-07-30 14:36:19 +00:00
ru
e3b0021e39 Added missing DPADD and CLEANFILES. 2001-07-12 09:17:51 +00:00
ru
7cef49ff86 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
kris
950055e75f Remove stale file. 2001-07-04 21:27:10 +00:00
green
fdb0c1688a Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
kris
f4381ef2b9 Update for OpenSSL 0.9.6a
MFC after:	2 weeks
2001-05-20 03:43:14 +00:00
bde
a968ca96b6 Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the libraries necessary for static linkage.

Fixed missing ${LIBPAM} in DPADD.

Fixed some style bugs in DPADD and LDADD.
2001-05-09 14:30:49 +00:00
bde
5e17943e7b Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the lbraries necessary for static linkage.

Fixed new and old bugs in DPADD.  ${LIBPAM} was missing, and the
library order was different from that in LDADD so `make checkdpadd'
reported a non-bug.
2001-05-09 14:23:54 +00:00
nsayer
ce2648b0d2 Add PAM support to SRA authentication. Cribbed mostly from ftpd. This
doesn't solve the problem of root being allowed to log in, but that sort
of thing is something PAM should be doing anyway.
2001-05-07 20:38:39 +00:00
green
ab3de8f5d9 Update to OpenSSH 2.9. Somehow this missed getting committed yesterday. 2001-05-04 23:55:18 +00:00
green
1ac8002a8a Don't build with Kerberos 5 support for now. I'll fix this soon,
but I don't want to break Kerberos 5 users' worlds too much in the
meantime.
2001-05-04 05:07:43 +00:00
green
a0c1c483e2 Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new
programs are now included: sftp(1) and ssh-keyscan(1).
2001-05-04 04:21:25 +00:00
green
a20f39c976 Add the new version.c to libssh. 2001-05-03 00:45:03 +00:00
nsayer
66051d03dc Reactivate SRA.
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
ru
f0b3302aff Merged src/lib/libtelnet rev.1.9 (fixed removing of obsolete shared
library: wrong library directory, wrong library extension and wrong
comment).  This is mainly of historical interest, if any.  The library
that gets removed is aout.

Also, backout the beforeinstall -> afterinstall change in rev.1.20
that was required to install proper telnet.h into /usr/include/arpa.
The actual problem is in <bsd.lib.mk>, and I am going to fix it.
2001-03-28 12:15:22 +00:00
ru
98c6ecb383 Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.
Approved by:	markm
2001-03-28 12:08:22 +00:00
ru
ffbd5f978d secure/ build fixes:
- TELNETOBJDIR is gone.  `buildworld' already installs libtelnet.a
  in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.

- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
  New LIBSSH is introduced for libssh.a (an internal static lib).
  Previously, build without prior `obj' was broken; SSH modules
  always looked for libssh.a in ${.OBJDIR}.  Also, the dependancies
  on the libssh.a were missing.

- libtelnet/ did not install the crypto version of telnet.h into
  /usr/include/arpa.

- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.

Reviewed by:	markm

- MAN[1-9] -> MAN.
2001-03-26 14:53:33 +00:00
assar
214d8eb038 disable SRA
this impacts negatively to POLA since once autologin is enabled,
telnet will prompt for a password using getpass() and thus not allow
the usual signal characters or C-]
2001-03-23 19:38:21 +00:00
kris
0bc879dab3 Attempt to fix the problem with -j builds, and du-uglify the asm code
generation and assembly targets.

Help from:	bde, obrien
2001-03-14 10:10:11 +00:00
markm
10da321446 Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from:	Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by:	Paul Herman <pherman@frenchfries.net>
2001-03-11 16:05:43 +00:00
kris
3fd8acfffe MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6 2001-03-08 07:57:49 +00:00
kris
6d34e037b2 Install the des.h link under ${DESTDIR}. Fixes buildworld.
Submitted by:   Christian Weisgerber <naddy@mips.inka.de>
2001-03-04 23:14:50 +00:00
kris
bbfa402ef9 Clean up the installation of the compatibility libdes header/library
symlinks

Pointed out by:	bde
2001-03-04 06:51:51 +00:00
kris
35583224c7 Don't override CPUTYPE (actually this predates the <bsd.cpu.mk> use of
CPUTYPE, and I forgot I used it here already)

Pointed out by:	bde
2001-03-04 05:51:43 +00:00
ru
3e8d7346e8 setlocale(3) has been fixed to match POSIX standard:
LC_ALL takes precedence over other LC_* envariables.
2001-03-02 16:52:14 +00:00
kris
2e1d246fb0 Update the list of OpenSSL manpages (now contains many more describing
libssl, for example), and hide it behind a make.conf option,
WANT_OPENSSL_MANPAGES, instead of having it commented out.  We still can't
install these by default because of clobbering of a number of system
manpages with the same name, but they're there for people who want them.
2001-02-25 21:42:12 +00:00
kris
0a9dc4546f Add back a missing file from the no-asm case
Submitted by:	gallatin
2001-02-20 01:50:25 +00:00
kris
43aab12cf4 Remove a remnant of my attempt to get alpha asm code working. OpenSSL
does include code for the alpha, but as far as I can tell, it is
non-functional (e.g. it's not even compiled by the native openssl build on
the alpha).

Noticed by:	gallatin
2001-02-19 23:31:53 +00:00
kris
337d7ba539 Introduce support for using OpenSSL ASM optimizations. This is done
through the use of a new build directive, MACHINE_CPU, which contains a
list of the CPU generations/features for which optimizations are desired.
This feature will be extended to cover the ports tree in the future.

Currently OpenSSL provides optimizations for i386, i586 and i686-class
CPUs. Currently it has not been tested on an i386 or i486.

Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not
defined (namely, the lowest common denominator CPU we support for each
architecture).  Currently this is i386 for the i386 architecture and ev4
for the alpha.  sys.mk also sets the variable as a last resort for
consistency with MACHINE_ARCH and bootstrapping from very old versions of
make.

Benchmarks show a significant speed increase even in the i386 case, with
additional improvements for i586 and i686 systems.  For maximum performance
define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.

Based on a patch submitted by:  Mike Silbersack <silby@silby.com>
Reviewed by:    current
2001-02-19 03:59:05 +00:00
nectar
550de2dad0 Define HAVE_PAM_GETENVLIST for build. Now environmental variables set
by PAM modules will be exported (correctly).
2001-02-08 21:16:34 +00:00
bde
99cef5f18b Fixed missing include of <unistd.h> and wrong prototype for setkey(). 2001-02-06 01:17:59 +00:00
ben
15b24a1b98 Add .Lb libcipher
PR:		24434
Submitted by:	Bill Cheswick <ches@bell-labs.com>
2001-01-24 14:27:30 +00:00
ru
a2560551a0 man(7) -> mdoc(7). 2001-01-16 15:28:12 +00:00
peter
117ae0dab3 Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes.  There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before.  If this is
  not called, it tries to heuristically figure out the hash format, and
  if all else fails, it uses the optional auth.conf entry to chose the
  overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
  having the source it in some countries, so preserve the "secure/*"
  division.  You can still build a des-free libcrypt library if you want
  to badly enough.  This should not be a problem in the US or exporting
  from the US as freebsd.org had notified BXA some time ago.  That makes
  this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5.  This
  is to try and minimize POLA across buildworld where folk may suddenly
  be activating des-crypt()-hash support.  Since the des hash may not
  always be present, it seemed sensible to make the stronger md5 algorithm
  the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)
2000-12-28 10:32:02 +00:00
green
41efee08a3 Update for OpenSSH 2.3.0. 2000-12-05 03:01:33 +00:00
ru
c1f9fd4116 Fixed a typo from the last commit.
Submitted by:	Mike Heffner <mheffner@vt.edu>
2000-11-15 07:45:23 +00:00
kris
1bb5251fa5 Correct some fallout from the semi-automated way I updated the makefile.
Submitted by:	roberto
2000-11-14 22:12:02 +00:00
green
dd707cf4f4 Disable /usr/bin/ssh being setuid root by default. Let the variable
ENABLE_SUID_SSH being defined reenable it for those that want it.

This follows discussion favoring the change from September.  It
is not usually necessary to be setuid root, possibly less safe,
and less convenient (cannot use $HOSTALIASES, for example).

Submitted by:	jedgar
2000-11-14 04:42:25 +00:00
kris
1925c689bb Update for OpenSSL 0.9.6 2000-11-13 02:21:38 +00:00
gshapiro
a98dcfa204 Fix up the build for the STARTTLS version of sendmail (again). This method
mimics that of tcpdump in that for normal builds, sendmail will only be
built once.  For 'make release', it is built once for the bin dist and
once for the crypto dist.  This method also removes the need for two separate
Makefiles (which could become out of sync).

Suggested by: bde
Assisted by: kris
2000-10-24 16:04:56 +00:00
gshapiro
a76b72fb58 Do not override BINDIR settings from subdirectory Makefiles.
Submitted by:	bde
2000-10-13 16:57:03 +00:00
gshapiro
dd28ff57d0 ../Makefile.inc was clobbering BINDIR so sendmail was being installed in
/usr/sbin/ instead of /usr/libexec/sendmail/

Submitted by:	bde
2000-10-13 16:51:05 +00:00
gshapiro
6b50bced2c Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSL 2000-10-13 03:21:37 +00:00
gshapiro
c87c01266a Given that sendmail's STARTTLS support requires OpenSSL and the bootstrap
issues that brings, build the non-TLS version of sendmail in
src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail.
This allows the TLS version to be part of the secure distribution when
building a release.
2000-10-13 03:20:43 +00:00
gshapiro
9feaadf365 Remove STARTTLS support as it breaks builds without crypto installed.
Waiting to hear back regarding the best way to do this.
2000-10-12 17:04:32 +00:00
peter
fcb6e94f11 With apoligies to Greg Shapiro, fix the world. The previous commit
lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than
appending to them with +=.
2000-10-11 12:19:42 +00:00
gshapiro
e0b2de2c8f Style fixes 2000-10-11 05:04:21 +00:00
gshapiro
e5336b1b20 NOCRYPT imples NO_OPENSSL.
Still need to solve the distribution problem.

Submitted by:	kris
2000-10-11 03:35:32 +00:00
gshapiro
a8f95eb1e9 Build sendmail with STARTTLS support unless NO_OPENSSL is set. 2000-10-10 18:15:41 +00:00
kris
e785331769 Overhaul of the build-time include file generation. Don't break in evp.h
if bootstrapping from a system on which the openssl headers are not
already present.
2000-09-17 06:45:27 +00:00
gshapiro
1f7ac54fbd Give users a way to alter the sendmail (and related utilities) build
environment so they can enable functionality such as SASL, LDAP, Hesiod.
2000-09-17 00:41:33 +00:00
kris
8d2aad5ae9 Only build sftp-server conditionally 2000-09-16 22:43:00 +00:00
ache
ec0b442175 Add sftp-server 2000-09-15 01:04:32 +00:00
gshapiro
07746c099a Allow users to add libraries for sendmail (e.g. Cyrus SASL)
Obtained from:	Sergei Vyshenski <svysh@pn.sinp.msu.ru>
2000-09-13 04:16:16 +00:00
kris
f9e92409b4 Update for OpenSSH 2.2.0 2000-09-10 09:43:29 +00:00
kris
e4a753d311 Nuke RSAREF support from orbit.
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
kris
28c07215c2 ``Anyone is now free to rub two primes together for their own gratification''
-- Unknown

Now that the RSA algorithm is released into the public domain, build
librsaintl by default unless NO_RSAINTL is set in make.conf.

The native OpenSSL implementation of RSA is much faster, doesn't have
an artificial keysize limitation, has 30% fewer calories and tastes great!
2000-09-06 23:46:50 +00:00
kris
868b20c6a8 Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
was using this feature.
2000-09-02 07:32:05 +00:00
green
37ca913ab7 Make the temporary file _evp.h instead of evp.h to not conflict with
the real evp.h.

Reported by:	markm
2000-08-24 19:06:55 +00:00
ache
c0ebc50c76 Add missing quotes around xauth path 2000-08-23 19:14:48 +00:00
green
3226a5dc26 Generate a new evp.h at build-time instead of install-time to properly
support NFS(ro) installworlds.
2000-08-23 11:41:01 +00:00