Commit Graph

507 Commits

Author SHA1 Message Date
ru
623da62a5a mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
ru
0579c777d9 Fix cross-building, etc:
1.  To cross-build, one now needs to set TARGET_ARCH, and not the
    MACHINE_ARCH.  MACHINE_ARCH should never be changed manually!

2.  Initialize DESTDIR= explicitly for bootstrap-tools, build-tools,
    and cross-tools stages.  This fixes broken header and library
    dependencies problem.  We build them in the host environment,
    and obviously want them to depend on host headers and libraries.
    The problem with broken header dependencies for bootstrap-tools
    and cross-tools was already partially solved (see BOOTSTRAPPING
    tests in bsd.prog.mk and bsd.lib.mk), but it was still there for
    build-tools if the user ran "make world DESTDIR=/foo".  Also,
    for all of these stages, the library dependencies were broken
    because of how bsd.libnames.mk define DPADD members.

    We still provide a glue to install bootstrap- and cross-tools
    under the ${WORLDTMP}.

    Removed PATH overrides for bootstrap-, build-, and cross-tools
    stages.  There is just no reason why we would need to override
    it, and the hacks to clean up the ${WORLDTMP} in the -DNOCLEAN
    case are no longer needed with fixes from this step.

    That is, we now never use ${WORLDTMP} headers and libraries,
    and we don't use any ${WORLDTMP} installed binaries during
    these stages.  Again, these stages depend solely on the host
    environment, including compiler, headers, and libraries.

3.  Moved "miniperl" back from cross-tools (it has nothing to do
    with a cross-compiler) to build-tools where it belongs.  The
    change from step 1 let to do this.  Also, to make this work,
    build-tools targets of "cc_tools" and "miniperl" were modified
    to call "depend".  Here follow the detailed explanations.

    There are two categories of build tools, for now.  In the first
    category there are "cc_tools" and "miniperl".  They occupy the
    whole (sub)directory, and nothing needs to be done in this
    subdirectory later during the "all" stage.  They are also
    constructed using system makefiles.  We must build the .depend
    early in the build-tools stage because:

    1)  They use (and depend on) the host environment.

    2)  If we don't do this in build-tools, the "depend" stage of
        buildworld will do this for us; wrong library and header
        dependencies will be recorded (DESTDIR=${WORLDTMP}) and,
        what's worse, the "all" stage may then clobber the
        build-architecture format tools (that we built in the
        build-tools stage) with the target-architecture format
        ones, breaking cross build.

    In the second category there are all other build-tools.  They
    share their directory with the "main" module that needs them
    in the "all" stage, and they don't show up themselves in the
    .depend file.  The portion of this fix was already committed
    in gnu/usr.bin/cc/cc_tools/Makefile,v 1.52.

4.  "libperl" is no longer a build tool, and "miniperl" is the
    stand-alone application.  I had to make this change because
    build-tools and "all" stages share the same object directory.
    Without this change, if we cross compile, libperl.a is first
    built for the build architecture during the build-tools stage
    (for the purposes of immediate linkage with "miniperl").
    Later on, the "all" stage sees this library as up-to-date,
    and doesn't rebuild it.  The effect is that the wrong format
    static libperl library is installed with installworld.

5.  Fixed "includes" to install secure/lib/libtelnet headers if
    required.

Reviewed by:	bde
2001-09-29 13:17:54 +00:00
bde
da8bd69c9b Fixed world breakage in rev.1.13. -lpam must never be used directly since
it doesn't work for static linkage.
2001-08-29 07:07:48 +00:00
markm
e909686930 Diff reduce all the crypto telnet Makefiles. 2001-08-20 12:32:45 +00:00
ru
d896280a89 mdoc(7) police: s/NetBSD/.Nx/ where appropriate. 2001-08-13 17:00:36 +00:00
ru
f858dca3dc mdoc(7) police: join split punctuation to macro calls. 2001-08-10 17:35:21 +00:00
bde
7f2b2ff935 Link to libcipher in the usual way. `bdes' depended on a nonexistent
library.  This only worked because of the undocmented feature of make(1)
that targets named foo.a are always up to date.

Fixed some style bugs.
2001-08-03 22:28:25 +00:00
markm
18d8718070 Revamp and diff-reduce the various secure telnets. Make sure that
Kerberos5 has _a_ telnet (which is not currently K5 enabled).
Incorporate BDE's static linking fixes.
2001-08-03 16:03:26 +00:00
bde
150ca138e2 Fixed world breakage when NOSHARED=yes. libmp now depends on libcrypto,
so it must be linked before libcrypto to work right.
2001-07-30 14:36:19 +00:00
ru
e3b0021e39 Added missing DPADD and CLEANFILES. 2001-07-12 09:17:51 +00:00
ru
7cef49ff86 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
kris
950055e75f Remove stale file. 2001-07-04 21:27:10 +00:00
green
fdb0c1688a Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
kris
f4381ef2b9 Update for OpenSSL 0.9.6a
MFC after:	2 weeks
2001-05-20 03:43:14 +00:00
bde
a968ca96b6 Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the libraries necessary for static linkage.

Fixed missing ${LIBPAM} in DPADD.

Fixed some style bugs in DPADD and LDADD.
2001-05-09 14:30:49 +00:00
bde
5e17943e7b Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the lbraries necessary for static linkage.

Fixed new and old bugs in DPADD.  ${LIBPAM} was missing, and the
library order was different from that in LDADD so `make checkdpadd'
reported a non-bug.
2001-05-09 14:23:54 +00:00
nsayer
ce2648b0d2 Add PAM support to SRA authentication. Cribbed mostly from ftpd. This
doesn't solve the problem of root being allowed to log in, but that sort
of thing is something PAM should be doing anyway.
2001-05-07 20:38:39 +00:00
green
ab3de8f5d9 Update to OpenSSH 2.9. Somehow this missed getting committed yesterday. 2001-05-04 23:55:18 +00:00
green
1ac8002a8a Don't build with Kerberos 5 support for now. I'll fix this soon,
but I don't want to break Kerberos 5 users' worlds too much in the
meantime.
2001-05-04 05:07:43 +00:00
green
a0c1c483e2 Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new
programs are now included: sftp(1) and ssh-keyscan(1).
2001-05-04 04:21:25 +00:00
green
a20f39c976 Add the new version.c to libssh. 2001-05-03 00:45:03 +00:00
nsayer
66051d03dc Reactivate SRA.
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
ru
f0b3302aff Merged src/lib/libtelnet rev.1.9 (fixed removing of obsolete shared
library: wrong library directory, wrong library extension and wrong
comment).  This is mainly of historical interest, if any.  The library
that gets removed is aout.

Also, backout the beforeinstall -> afterinstall change in rev.1.20
that was required to install proper telnet.h into /usr/include/arpa.
The actual problem is in <bsd.lib.mk>, and I am going to fix it.
2001-03-28 12:15:22 +00:00
ru
98c6ecb383 Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.
Approved by:	markm
2001-03-28 12:08:22 +00:00
ru
ffbd5f978d secure/ build fixes:
- TELNETOBJDIR is gone.  `buildworld' already installs libtelnet.a
  in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.

- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
  New LIBSSH is introduced for libssh.a (an internal static lib).
  Previously, build without prior `obj' was broken; SSH modules
  always looked for libssh.a in ${.OBJDIR}.  Also, the dependancies
  on the libssh.a were missing.

- libtelnet/ did not install the crypto version of telnet.h into
  /usr/include/arpa.

- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.

Reviewed by:	markm

- MAN[1-9] -> MAN.
2001-03-26 14:53:33 +00:00
assar
214d8eb038 disable SRA
this impacts negatively to POLA since once autologin is enabled,
telnet will prompt for a password using getpass() and thus not allow
the usual signal characters or C-]
2001-03-23 19:38:21 +00:00
kris
0bc879dab3 Attempt to fix the problem with -j builds, and du-uglify the asm code
generation and assembly targets.

Help from:	bde, obrien
2001-03-14 10:10:11 +00:00
markm
10da321446 Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from:	Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by:	Paul Herman <pherman@frenchfries.net>
2001-03-11 16:05:43 +00:00
kris
3fd8acfffe MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6 2001-03-08 07:57:49 +00:00
kris
6d34e037b2 Install the des.h link under ${DESTDIR}. Fixes buildworld.
Submitted by:   Christian Weisgerber <naddy@mips.inka.de>
2001-03-04 23:14:50 +00:00
kris
bbfa402ef9 Clean up the installation of the compatibility libdes header/library
symlinks

Pointed out by:	bde
2001-03-04 06:51:51 +00:00
kris
35583224c7 Don't override CPUTYPE (actually this predates the <bsd.cpu.mk> use of
CPUTYPE, and I forgot I used it here already)

Pointed out by:	bde
2001-03-04 05:51:43 +00:00
ru
3e8d7346e8 setlocale(3) has been fixed to match POSIX standard:
LC_ALL takes precedence over other LC_* envariables.
2001-03-02 16:52:14 +00:00
kris
2e1d246fb0 Update the list of OpenSSL manpages (now contains many more describing
libssl, for example), and hide it behind a make.conf option,
WANT_OPENSSL_MANPAGES, instead of having it commented out.  We still can't
install these by default because of clobbering of a number of system
manpages with the same name, but they're there for people who want them.
2001-02-25 21:42:12 +00:00
kris
0a9dc4546f Add back a missing file from the no-asm case
Submitted by:	gallatin
2001-02-20 01:50:25 +00:00
kris
43aab12cf4 Remove a remnant of my attempt to get alpha asm code working. OpenSSL
does include code for the alpha, but as far as I can tell, it is
non-functional (e.g. it's not even compiled by the native openssl build on
the alpha).

Noticed by:	gallatin
2001-02-19 23:31:53 +00:00
kris
337d7ba539 Introduce support for using OpenSSL ASM optimizations. This is done
through the use of a new build directive, MACHINE_CPU, which contains a
list of the CPU generations/features for which optimizations are desired.
This feature will be extended to cover the ports tree in the future.

Currently OpenSSL provides optimizations for i386, i586 and i686-class
CPUs. Currently it has not been tested on an i386 or i486.

Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not
defined (namely, the lowest common denominator CPU we support for each
architecture).  Currently this is i386 for the i386 architecture and ev4
for the alpha.  sys.mk also sets the variable as a last resort for
consistency with MACHINE_ARCH and bootstrapping from very old versions of
make.

Benchmarks show a significant speed increase even in the i386 case, with
additional improvements for i586 and i686 systems.  For maximum performance
define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.

Based on a patch submitted by:  Mike Silbersack <silby@silby.com>
Reviewed by:    current
2001-02-19 03:59:05 +00:00
nectar
550de2dad0 Define HAVE_PAM_GETENVLIST for build. Now environmental variables set
by PAM modules will be exported (correctly).
2001-02-08 21:16:34 +00:00
bde
99cef5f18b Fixed missing include of <unistd.h> and wrong prototype for setkey(). 2001-02-06 01:17:59 +00:00
ben
15b24a1b98 Add .Lb libcipher
PR:		24434
Submitted by:	Bill Cheswick <ches@bell-labs.com>
2001-01-24 14:27:30 +00:00
ru
a2560551a0 man(7) -> mdoc(7). 2001-01-16 15:28:12 +00:00
peter
117ae0dab3 Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes.  There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before.  If this is
  not called, it tries to heuristically figure out the hash format, and
  if all else fails, it uses the optional auth.conf entry to chose the
  overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
  having the source it in some countries, so preserve the "secure/*"
  division.  You can still build a des-free libcrypt library if you want
  to badly enough.  This should not be a problem in the US or exporting
  from the US as freebsd.org had notified BXA some time ago.  That makes
  this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5.  This
  is to try and minimize POLA across buildworld where folk may suddenly
  be activating des-crypt()-hash support.  Since the des hash may not
  always be present, it seemed sensible to make the stronger md5 algorithm
  the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)
2000-12-28 10:32:02 +00:00
green
41efee08a3 Update for OpenSSH 2.3.0. 2000-12-05 03:01:33 +00:00
ru
c1f9fd4116 Fixed a typo from the last commit.
Submitted by:	Mike Heffner <mheffner@vt.edu>
2000-11-15 07:45:23 +00:00
kris
1bb5251fa5 Correct some fallout from the semi-automated way I updated the makefile.
Submitted by:	roberto
2000-11-14 22:12:02 +00:00
green
dd707cf4f4 Disable /usr/bin/ssh being setuid root by default. Let the variable
ENABLE_SUID_SSH being defined reenable it for those that want it.

This follows discussion favoring the change from September.  It
is not usually necessary to be setuid root, possibly less safe,
and less convenient (cannot use $HOSTALIASES, for example).

Submitted by:	jedgar
2000-11-14 04:42:25 +00:00
kris
1925c689bb Update for OpenSSL 0.9.6 2000-11-13 02:21:38 +00:00
gshapiro
a98dcfa204 Fix up the build for the STARTTLS version of sendmail (again). This method
mimics that of tcpdump in that for normal builds, sendmail will only be
built once.  For 'make release', it is built once for the bin dist and
once for the crypto dist.  This method also removes the need for two separate
Makefiles (which could become out of sync).

Suggested by: bde
Assisted by: kris
2000-10-24 16:04:56 +00:00
gshapiro
a76b72fb58 Do not override BINDIR settings from subdirectory Makefiles.
Submitted by:	bde
2000-10-13 16:57:03 +00:00
gshapiro
dd28ff57d0 ../Makefile.inc was clobbering BINDIR so sendmail was being installed in
/usr/sbin/ instead of /usr/libexec/sendmail/

Submitted by:	bde
2000-10-13 16:51:05 +00:00
gshapiro
6b50bced2c Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSL 2000-10-13 03:21:37 +00:00
gshapiro
c87c01266a Given that sendmail's STARTTLS support requires OpenSSL and the bootstrap
issues that brings, build the non-TLS version of sendmail in
src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail.
This allows the TLS version to be part of the secure distribution when
building a release.
2000-10-13 03:20:43 +00:00
gshapiro
9feaadf365 Remove STARTTLS support as it breaks builds without crypto installed.
Waiting to hear back regarding the best way to do this.
2000-10-12 17:04:32 +00:00
peter
fcb6e94f11 With apoligies to Greg Shapiro, fix the world. The previous commit
lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than
appending to them with +=.
2000-10-11 12:19:42 +00:00
gshapiro
e0b2de2c8f Style fixes 2000-10-11 05:04:21 +00:00
gshapiro
e5336b1b20 NOCRYPT imples NO_OPENSSL.
Still need to solve the distribution problem.

Submitted by:	kris
2000-10-11 03:35:32 +00:00
gshapiro
a8f95eb1e9 Build sendmail with STARTTLS support unless NO_OPENSSL is set. 2000-10-10 18:15:41 +00:00
kris
e785331769 Overhaul of the build-time include file generation. Don't break in evp.h
if bootstrapping from a system on which the openssl headers are not
already present.
2000-09-17 06:45:27 +00:00
gshapiro
1f7ac54fbd Give users a way to alter the sendmail (and related utilities) build
environment so they can enable functionality such as SASL, LDAP, Hesiod.
2000-09-17 00:41:33 +00:00
kris
8d2aad5ae9 Only build sftp-server conditionally 2000-09-16 22:43:00 +00:00
ache
ec0b442175 Add sftp-server 2000-09-15 01:04:32 +00:00
gshapiro
07746c099a Allow users to add libraries for sendmail (e.g. Cyrus SASL)
Obtained from:	Sergei Vyshenski <svysh@pn.sinp.msu.ru>
2000-09-13 04:16:16 +00:00
kris
f9e92409b4 Update for OpenSSH 2.2.0 2000-09-10 09:43:29 +00:00
kris
e4a753d311 Nuke RSAREF support from orbit.
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
kris
28c07215c2 ``Anyone is now free to rub two primes together for their own gratification''
-- Unknown

Now that the RSA algorithm is released into the public domain, build
librsaintl by default unless NO_RSAINTL is set in make.conf.

The native OpenSSL implementation of RSA is much faster, doesn't have
an artificial keysize limitation, has 30% fewer calories and tastes great!
2000-09-06 23:46:50 +00:00
kris
868b20c6a8 Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
was using this feature.
2000-09-02 07:32:05 +00:00
green
37ca913ab7 Make the temporary file _evp.h instead of evp.h to not conflict with
the real evp.h.

Reported by:	markm
2000-08-24 19:06:55 +00:00
ache
c0ebc50c76 Add missing quotes around xauth path 2000-08-23 19:14:48 +00:00
green
3226a5dc26 Generate a new evp.h at build-time instead of install-time to properly
support NFS(ro) installworlds.
2000-08-23 11:41:01 +00:00
kris
aba57a02e8 Respect X11BASE to derive the location of xauth(1)
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00
green
67c40ef892 Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter
2000-08-22 02:15:54 +00:00
gshapiro
34bd54827a Turn on support for IPv6 2000-08-14 02:36:29 +00:00
gshapiro
eec2af9031 Get rid of the /etc/aliases -> /etc/mail/aliases hack. /etc/mail/aliases
now exists in the distribution.
2000-08-13 08:36:40 +00:00
gshapiro
002ef51d6e The rest of the changes needed to support the new version of sendmail (8.11.0).
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
2000-08-12 22:39:25 +00:00
green
11f08cadc6 Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by
getting rid of the check for NO_IDEA (in evp.h) completely if it's
installed without MAKE_IDEA=YES.
2000-08-04 04:25:59 +00:00
kris
509680f8f3 Install the openssl(1) manpage with an MLINK from ssl(8) to at least put
something in the location where OpenSSH likes to point.
2000-08-03 05:29:04 +00:00
kris
b6b7791276 Don't build sshd if NO_OPENSSL defined.
Submitted by:	stephen@math.missouri.edu
2000-07-30 22:25:54 +00:00
kris
9cf81bab1e Don't build crypto-enabled telnetd if NO_OPENSSL is defined, since it
attempts to link against libcrypto.
2000-07-25 01:11:17 +00:00
markm
1840dc9bdf WITH_IDEA --> MAKE_IDEA fix. 2000-07-16 12:20:28 +00:00
peter
e2062d0bd5 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
peter
b9b09beff7 Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using
MAKE_foo for things like MAKE_KERBEROS etc.  Use that.  I managed to
confuse myself last time and made make.conf different to the code. ;-(

Reported by:  Jun Kuriyama <kuriyama@FreeBSD.org>
2000-07-14 09:18:21 +00:00
peter
07b679d7be Argh. Cut/paste transcription error. Fix syntax of previous commit. 2000-07-03 06:26:30 +00:00
peter
5e51a5bb2d USA_RESIDENT is forced to YES or NO at the start of Makefile.inc1
Use that to be the final arbiter of whether or not to build the
librsaintl.so plugin for openssl/openssh.  Add a magic WANT_RSAINTL flag
to force building even if USA_RESIDENT=YES.
2000-07-03 06:24:23 +00:00
markm
2fe0472e39 MFI. This is a documentation-only, diffreducing patch, that if
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
2000-06-24 06:50:58 +00:00
kris
4b9e219ff8 Link explicitly against -lmd. I'm not sure what was pulling this in
on -current, but it doesnt do it on -stable.
2000-06-11 05:30:52 +00:00
kris
de18291bd3 Add a new file to SRCS 2000-06-03 10:04:31 +00:00
obrien
b448bd5eed /dev/urandom is the default random device, so no use in stateing it here.
Also simplify the conditionals a little.
2000-05-15 23:29:03 +00:00
obrien
56b2127f5c This version is slightly better than rev 1.10. There are still missing
dependencies for openssl/*.h.  I cannot reproduce any critical race
conditions with this revision.
2000-05-15 17:28:06 +00:00
obrien
20bcb4fdbc Use unadorned `mkdir -p', removing the "test ... ||".
There are sometimes problems with "&&" and "||" in the `make -j' case, as
it appears multiple processes may process parts of the execution line.
2000-05-15 16:52:57 +00:00
kris
45c7889547 Update for OpenSSH 2.1 2000-05-15 05:26:50 +00:00
kris
922c39a5a6 Use the C locale for running date(1).
Submitted by:	ache
2000-04-20 07:26:46 +00:00
kris
ec2fce6561 Update for OpenSSL 0.9.5a and clean up a bit. 2000-04-13 07:37:35 +00:00
kris
4e4529727e Update for OpenSSL 0.9.5a and clean up a bit.
Take responsibility for this makefile again :-)
2000-04-13 07:37:26 +00:00
obrien
bbbb5181e6 * Fix dependancies so that ``make depend'' is not required.
* Some style fixes

Approved by:	kris
2000-04-11 09:27:24 +00:00
obrien
e872f9007a * Fix dependancies so that ``make depend'' is not required.
* Some style fixes

Approved by:	kris
2000-04-11 08:28:47 +00:00
kris
4d1e096b22 Add libcrypto to LDADD. This fixes problems seen with e.g. apache-modssl
Submitted by:	Jim Bloom <bloom@acm.org>
2000-04-04 07:31:01 +00:00
kris
2325c37f86 Missed a fix for the new openssh; this fixes make world. 2000-03-26 21:17:11 +00:00
kris
f2ad2382fd Update for latest OpenSSH 2000-03-26 07:54:12 +00:00
kris
0d170b1596 Add a new function stub to libcrypto() which resolves to a symbol in
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
2000-03-13 09:55:53 +00:00
markm
eeb8008dd3 Make LOGIN_CAP work properly.
Submitted by:	ache
2000-03-09 14:54:00 +00:00
kris
0d1f47825b Buildworld fixes for NO_OPENSSH and NO_OPENSSL
Approved by:	jkh
2000-03-09 06:29:05 +00:00
kris
c56608d1a8 Build a shared library too - ports expect it.
Reviewed by:	peter
Approved by:	jkh
2000-03-07 20:55:55 +00:00
peter
edd585d0c1 Merge from internat.freebsd.org; cleanup stray rsaref glue code reference 2000-03-05 14:20:57 +00:00
jhay
9e73fea413 MFI: Make ssh and sshd link in the krb5 part of make release.
Reviewed by:	markm
2000-03-03 20:34:05 +00:00
kris
1064439c50 Resurrect the old libdes manpages (after a repo copy) until we have better
ones.
2000-03-02 06:06:35 +00:00
peter
c01fb7a6e5 Merge from internat.freebsd.org: add libcrypto to librsaUSA's symbol search
path so that ERR_load_strings() is found in certain circumstances
involving dlopen().  eg: main program dlopened foo.so which is linked
against libcrypto.  If libcrypto then dlopens librsaUSA.so, then it's
search path doens't find libcrypto (!).  One "fix" is to force
modules (eg main opening foo.so) to use the RTLD_GLOBAL flag, the other
is to explicitly declare dependencies (as done here).
2000-03-02 05:22:46 +00:00
markm
13286e4af4 MFI: stupid typo of mine. 2000-02-29 09:56:11 +00:00
kris
fb49122cc2 Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt
symlinks. The name is against my better judgement, but I defer to ancient
tradition here because I'm a nice guy.

Reviewed by:	-current
2000-02-29 05:47:52 +00:00
markm
b401a071dd New distribution names. 2000-02-28 19:25:34 +00:00
markm
3750b037a1 New distribution name. 2000-02-28 19:24:33 +00:00
peter
58c2a78aa2 Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.
2000-02-26 13:13:03 +00:00
peter
3e7de8aad5 Merge from internat.freebsd.org; deal with -DRSAref the same way as
libcrypto - not that it means much on the US code tree.
2000-02-25 14:15:31 +00:00
peter
2649bf3728 Merge from internat.freebsd.org; make RSAREF=YES work correctly, although
this is not very useful as the US repo is missing bits.
2000-02-25 14:08:35 +00:00
peter
9f02798cbf Create a stub libRSAglue for bsd.port.mk's sake 2000-02-25 09:47:17 +00:00
peter
47e3d89f30 Don't pull in libRSAglue for the rsaref case. Since this is linked
dynamically by default, we use the dlopen() calls to load librsaref.so
on US code trees.
2000-02-25 08:21:35 +00:00
peter
fe21c9e7b5 Fold libRSAglue into libcrypto so we don't have to special-case
all the builds.  There is still no actual RSA implementation code
in libcrypto or src/* on US code trees.
2000-02-25 08:18:43 +00:00
peter
153f059ef0 Sync with internat; delete a trailing space 2000-02-25 05:35:37 +00:00
markm
60d4791e24 Remove port components not needed in 4.n+
Submitted by:	Half the freaking planet....
2000-02-24 22:39:24 +00:00
markm
7ba9efa321 libdes is OBE 2000-02-24 19:08:24 +00:00
markm
ef025b40ab Build everything properly. This means:
o Don't b uild libdes.

o Crypto is now housed in libcrypto (with a compatability symlink to
  libdes)

o RSA may depend on RSAREF at your locale.

o OpenSSH is now a part of the base system.
2000-02-24 18:59:34 +00:00
markm
e2eb488588 Add the OpenSSH userland-building Makefiles. 2000-02-24 17:00:55 +00:00
markm
fd6da7cf96 Freefall/Internat diff reducer. 2000-02-24 10:37:29 +00:00
markm
6f148d13ec Freefall/Internat diff reducer. 2000-02-24 10:21:56 +00:00
markm
3b9684411f Freefall/Internat diff reducer. 2000-02-24 10:06:57 +00:00
markm
95d086535d Diff reducer. Comes from Internat. 2000-02-24 09:52:37 +00:00
markm
785e71a1db Remove useless whitespace.
Part of big commit OK'ed by: JKH
2000-02-24 09:48:58 +00:00
kris
85bfffb077 Back out the previous commit - it broke world and was not approved.
I don't know what I was thinking committing without approval - sorry.
2000-02-14 08:09:52 +00:00
kris
f7d8edf2df Link dynamically, not statically. 2000-02-13 00:53:12 +00:00
kris
e47db973e2 Add NO_OPENSSL knob to turn off building of openssl
Requested by:   wollman
2000-01-30 04:12:49 +00:00
kris
4a0df206ce Add NO_OPENSSL knob to turn off building of openssl
Requested by:	wollman
2000-01-30 04:11:37 +00:00
shin
ce15efb7c0 another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
2000-01-27 09:28:38 +00:00
kris
6dea110be6 Don't search for libraries in ${LOCALBASE}. This should fix the problems
people were seeing with conflicts with the openssl port.
2000-01-20 07:29:01 +00:00
kris
720968f83d Activate librsaglue 2000-01-20 07:27:49 +00:00
kris
c14f52207d Move the rsaref gunk to libRSAglue where ports expect it. 2000-01-20 07:27:38 +00:00
kris
3698c50454 Build infrastructure for libRSAglue, required for compatability with
ports even though it doesn't seem to do anything which requires it
to be separate from libcrypto.
2000-01-20 07:24:40 +00:00
kris
fb35998cf9 The wrong version of the file was committed previously which explains the
problems seen here.
2000-01-16 21:00:06 +00:00
kris
c4ff3eee89 Turn back on openssl building. 2000-01-16 05:25:26 +00:00
kris
dc0cb3b9c0 Turn back on libcrypto and libssl building. 2000-01-16 05:24:47 +00:00
kris
e34db3169c *** empty log message *** 2000-01-16 05:19:27 +00:00
kris
980132129f Add MAINTAINER tag so people don't feel the need to randomly frob with this. 2000-01-16 02:20:03 +00:00
green
3404ef4464 We cannot have libcrypto, and therefore OpenSSL at all, without RSA.
If you need examples of breakage, I'm ready to provide more than a
few.
2000-01-15 18:02:10 +00:00
kris
e64b093666 Connect OpenSSL to the build. 2000-01-14 08:01:51 +00:00
kris
fdd71b0f8f Build infrastructure for OpenSSL 2000-01-14 05:49:29 +00:00
kris
07fe4126ec Really really remove SHA-1 support. 2000-01-09 21:22:48 +00:00
markm
21fa5046a3 Routines needed by new kerberos. 2000-01-09 10:09:40 +00:00
jkh
5c1350ecfe Remove the SHA stuff properly. 2000-01-08 03:01:13 +00:00
peter
37d997842b Since /etc/sendmail.cf got moved to /etc/mail/sendmail.cf, a 'make world'
would leave you with a broken sendmail and local mail loss.
This evil hack moves sendmail.cf from the old location to the new one (if
required) at install time.
1999-12-29 18:56:55 +00:00
peter
fa91ef53d7 Install sendmail in it's new location. 1999-12-29 18:40:56 +00:00
markm
3a481b8c57 RIP xntpd. 1999-12-22 19:15:02 +00:00
peter
d82c29ef6e I missed the LDADD/DPADD for -lmd in the secure cases. :-(
Pointed out by: marcel
1999-12-19 16:50:33 +00:00
peter
bf11704e75 Revert -lmd changes now that libcrypt doesn't expose this binutils/ld
bug any more.
1999-12-18 16:42:33 +00:00
marcel
539b0dd3ef Add libmd to DPADD and LDADD. 1999-12-17 11:45:28 +00:00
markm
ca616e7d07 Dont build telenet if we are going for kerberised telnet; this just
jumps all over kerberised telnet otherwise.
1999-10-12 19:48:05 +00:00
markm
e22fcdae42 Make telnet with SRA work.
Submitted by:	Nick Sayer
1999-10-07 19:47:09 +00:00
markm
227027e997 Colour me stupid. This is a better way of using the macros. 1999-09-21 22:13:07 +00:00
markm
6274ea174b Do this the same way as Internat to reduce diffs. 1999-09-21 17:57:09 +00:00
dt
ef28ba9c14 Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons.
Revert the major number back to 2.

libcrypt only export one function, before the recent changes and now:
char *crypt(const char *key, const char *salt);
The prototype didn't changed. Internal representation of `char' and `char *'
didn't changed. Therefore, there is no reason to change the version number.
1999-09-21 17:52:05 +00:00
peter
ba51272c69 Restore SONAME setting, otherwise libdescrypt.so.3 doesn't end up with
a special SONAME of libcrypt.so.3 and the runtime symlink doesn't work.
1999-09-21 14:47:36 +00:00
markm
351e996436 Make this completely dependant on the exportable libcrypt, to avoid
duplication of effort. Also a large cleanup of the code, inspired
by Brandon Gillespie.
1999-09-20 12:40:06 +00:00
markm
9f3127941e libdes is bmaked and built from src/crypto/... now. 1999-09-19 18:49:58 +00:00
markm
69cafd82fe This commit was generated by cvs2svn to compensate for changes in r50894,
which included commits to RCS files with non-trunk default branches.
1999-09-04 12:45:43 +00:00
markm
e095a266c2 Vendor import EAY's LIBSSL to fix comments, etc. 1999-09-04 12:45:43 +00:00
markm
1a22a0acb5 Drat. Import this into the right place. Pass me the pointy hat. 1999-09-01 19:59:25 +00:00
markm
3083434d3d This commit was generated by cvs2svn to compensate for changes in r50760,
which included commits to RCS files with non-trunk default branches.
1999-09-01 19:59:25 +00:00
peter
c81dbb3c98 $Header$ -> $FreeBSD$ 1999-08-28 05:11:36 +00:00
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
markm
a5725ec4c6 Claim ownership 1999-08-17 13:39:28 +00:00
mpp
88125b8f60 Various man page cleanup:
- Be consistent with section names as outlined in mdoc(7).
- Other misc mdoc cleanup.
1999-08-15 10:01:15 +00:00
kris
ea91b6aa9b Typo in comment. 1999-04-25 13:14:36 +00:00
markm
76ab29871c Enable tcp_wrapper support by default. 1999-03-28 10:55:03 +00:00
peter
82ea36d410 MaxHeaderLines is now MaxHeadersLength (in bytes) 1999-02-07 09:48:52 +00:00
peter
29bfcbeb8a Support 'O MaxHeaderLines=' to override the default header count and line
length limits.  The configuration keyword is: confMAX_HEADER_LINES
1999-01-24 07:54:30 +00:00
markm
b8535c2b1b Fix symlinking. Without the -f "force" option, the wrong version
can be found.
Submitted by:   Bruce
1999-01-24 07:51:33 +00:00
markm
41b93516e8 The new crypt code breaks "make world". Back it out. 1999-01-23 08:26:11 +00:00
brandon
b4d96f03d3 Removed from the secure/lib/libcrypt area, because of the rewrite to how
the Makefile handles des support by just including the single .c file.

Reviewed by:	Mark Murray
1999-01-21 13:51:49 +00:00
peter
893c597778 Update for 8.9.2 (new file, control.c)
Also, turn on support for the MaxMimeHeaderLength option in sendmail.cf.
1999-01-12 12:47:54 +00:00
obrien
0337d32241 Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:14 +00:00
jb
fb46650fbf BINFORMAT -> OBJFORMAT ready for E-day. Untested 'cause I'm outside
the US and not allowed to see this. I kept my eyes closed. 8-)
1998-08-31 00:35:10 +00:00
peter
08eeb8ebf0 Connect up sendmail-8.9.1 1998-08-04 15:24:04 +00:00
markm
ad57db7eef Staticise a variable.
PR:		4722
Submitted by:	Karl Denninger
1997-10-08 07:02:48 +00:00
jkh
418d0a6a92 Changes to support full make parallelism (-j<n>) in the world
target.
Reviewed by:	<many different folks>
Submitted by:	Nickolay N. Dudorov" <nnd@nnd.itfs.nsk.su>
1997-10-05 09:40:24 +00:00
peter
088ca8113e Teach libdescrypt about elf builds. 1997-09-05 12:21:22 +00:00
peter
4968036f61 Revert $FreeBSD$ to $Id$ 1997-02-22 14:40:44 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
wosch
71f5160702 Sort cross references. 1997-01-13 00:25:51 +00:00
markm
524bda369e Secure telnet is now in eBones. 1996-11-07 14:42:57 +00:00
markm
fc40bcb55d Remove references to TELNET*. 1996-11-07 14:41:20 +00:00
peter
c927066f54 Fold sendmail-8.8.2 changes into files that have been touched.
(^!&@$#&^! delete !!@^@^ trailing !@^&#$!& whitespace!!!)
1996-10-24 05:07:25 +00:00
peter
31060e30d7 cmp -s || install -c --> install -C 1996-08-30 04:07:04 +00:00
peter
7e745e3e6f Same as non-secure telnetd, add support for ``-P altlogin'' to specify
an alternate /usr/bin/login type program to be run.
1996-08-13 07:53:54 +00:00
markm
1070b2b72f Next version from the author - from SSLeay.0.6.3 1996-08-10 17:19:16 +00:00
markm
cdfd2e2ba7 This commit was generated by cvs2svn to compensate for changes in r17497,
which included commits to RCS files with non-trunk default branches.
1996-08-10 17:19:16 +00:00
markm
ef4c4e0df7 Some breakeages sneaked in. This fixes them.
(this relates to a name change in a library that was not properly backed
up by the author)
Reported by: too mant :-(
1996-07-30 21:09:48 +00:00
markm
ff1df96f3b Merge, remove rubbish and bump the MAJOR.MINOR to 3.0 1996-07-29 18:01:42 +00:00
markm
9b57620710 Rats. Just when a piece of code is nice and stable, the author has to
release an upgrade.
1996-07-29 17:54:40 +00:00
markm
342f431b66 This commit was generated by cvs2svn to compensate for changes in r17330,
which included commits to RCS files with non-trunk default branches.
1996-07-29 17:54:40 +00:00
markm
fe9c66faf4 Mrege conflicts etc. 1996-07-28 08:23:19 +00:00
markm
5313ba6bbe Latest libdes from Eric Young. Mainly code beautification. 1996-07-28 08:18:06 +00:00
markm
ac895ecc7b This commit was generated by cvs2svn to compensate for changes in r17315,
which included commits to RCS files with non-trunk default branches.
1996-07-28 08:18:06 +00:00
jkh
5903193fb7 Add necessary item to CLEANFILES 1996-07-27 22:16:19 +00:00
jkh
8eb37231d4 Bring in my changes for removing the pestilent obj links (unless you
really want them) from /usr/src.  This is the final version of the
patches, incorporating the feedback I've received from -current.
1996-06-24 04:26:21 +00:00
nate
87afb7f371 Bring in a change that got lost when we spammed over the CVS repository
to fix the mega-commits spamming.

pst         96/05/29 20:09:25

  Modified:    secure/usr.bin/telnet  Makefile main.c
  Log:
  Remove obsolete SOCKSv4 support

Submitted by:	pst
Obtained from:  A mirrored CVS repository that will disappear next SUP
1996-06-05 22:48:04 +00:00
ache
573902ba60 Localize time 1996-05-07 19:05:10 +00:00
markm
c489d65b82 Add extra targets a' la' eBones/Makefile for release/Makefile.
(bootstrap etc)
1996-05-04 08:32:07 +00:00
markm
d2848b10f6 Add randomness from /dev/random if it is available. 1996-05-04 07:25:54 +00:00
pst
d73d5ee489 Add support for socks 1996-04-23 05:18:43 +00:00
pst
ce274bb1f0 typo shmrsh -> smrsh 1996-04-22 20:30:09 +00:00
pst
6ba3b3888d Enable proper installation of sendmail restricted shell smrsh(8).
This program is a wrapper for the prog mailer in sendmail.  It does shell
meta character masking and restricts the list of executables to those found
in /usr/libexec/sm.bin.

The default sendmail.cf file does not use this tool, however you can enable
it by either changing /bin/sh to /usr/libexec/smrsh or adding the line
FEATURE(smrsh) into your sendmail .mc file and rebuilding your .cf file.

For more info, RTFMP.
1996-04-21 19:48:07 +00:00
markm
71735d6644 Split libcrypt and libcipher man pages. 1996-04-13 08:18:24 +00:00
markm
4d98cdc072 Split the libcrypt and libcipher man pages. 1996-04-13 08:03:24 +00:00
mpp
217959f2b8 Install crypt.3 so that libcipher will install if /usr/share/man
has been blown away.  Previously it depended on an existing
crypt.3 to be present for the man page links to install properly.
1996-04-09 17:20:33 +00:00
markm
73546c6080 Comment out the NOPROFILE=yes to make this orthogonal with the rest of our
libs.
1996-03-17 15:43:32 +00:00
markm
135587ee97 Big clean-up job. Remove ancient and never-to-be used stuff.
The look much more like BSD Makefiles now.
1996-03-11 16:17:58 +00:00
markm
164d339617 Fix typo #ifdef -> .if defined().
Tidy uo this file a bit.
1996-03-11 06:22:50 +00:00
markm
93e818aea7 Fix typo - -des -> -ldes 1996-03-10 21:15:00 +00:00
ache
fd4a236df2 Sense MAKE_EBONES, DESTDIR
SRCS, DPADD cleanup
1996-03-09 13:39:00 +00:00
ache
14fe133184 Sense MAKE_EBONES, DESTDIR
SRCS cleanup
DPADD cleanup
1996-03-09 13:36:34 +00:00
ache
beb2bbfb7a Sense MAKE_EBONES, DESTDIR
SRCS cleanup
DPADD cleanup
1996-03-09 13:26:21 +00:00
jkh
10255f12e4 Add back missing crypt.3 man page. 1996-02-21 08:15:08 +00:00
mpp
0796408d4a Another round of man page cleanups.
Down to only about 100 items left to cleanup! :-)
1996-02-12 04:57:03 +00:00
markm
a329e20c69 Add the new libdes to the build 1996-02-11 08:46:59 +00:00
markm
463582428c Rats. Forgot to `cvs add' this. 1996-02-10 23:49:27 +00:00
markm
1f82e254e3 iImport a FreeBSD Makefile, BSD-ise the header and correct a typo. As the
interface has changed a bit (there are more rentry points), the
shared library has been bumped to libdes.so.2.1.
1996-02-10 15:54:48 +00:00
markm
ac42567227 This is the long-awaited new DES library. Over the next couple of days
will be properly built into the system.
1996-02-10 15:32:26 +00:00
markm
654d720840 This commit was generated by cvs2svn to compensate for changes in r14009,
which included commits to RCS files with non-trunk default branches.
1996-02-10 15:32:26 +00:00
mpp
6e83fbce86 Correct some manual page cross reference errors. E.g. su is a section
one man page, not section eight.  This is the first round of such changes
and only fixes man pages in manual section one.
1996-02-02 00:26:12 +00:00
peter
c3f352d4ad This commit was generated by cvs2svn to compensate for changes in r13122,
which included commits to RCS files with non-trunk default branches.
1995-12-30 19:02:48 +00:00
peter
ab124e78b0 recording cvs-1.6 file death 1995-12-30 19:02:48 +00:00
ache
2c2755e311 Pick correct library dir whenever obj exists or not 1995-12-21 17:57:16 +00:00
markm
923a80ce6b Dual personality crypt(3). This crypt will choose its encryption algorithm
(DES or MD5) based on the type of salt used. Salt beginning with "$1$"
indicates MD5.
1995-12-16 09:14:12 +00:00
peter
1686d8abf9 *GULP* cvs remove the uncomfortably large list of files that are no longer
part of sendmail 8.7.2...
1995-12-02 20:58:10 +00:00
peter
c860a459a3 Re-disable the cf/cf SUBDIR - we were not building it before anyway.
The Makefile down there does not handle the obj dir well..
1995-12-02 18:36:12 +00:00
peter
cd51f07d81 Import Sendmail-8.7.2 as discussed on -current.
The conflict merge will happen shortly after.
1995-12-02 17:30:23 +00:00
ache
b3c2c5a150 Remove LD_NOSTD_PATH unsetenv, it isn't exist anymore 1995-10-24 06:52:36 +00:00
ache
ad266c215d Fix original patch error with ! before strncmp
Zap only needed LD_* variables
1995-10-20 22:17:35 +00:00
ache
c0765b5449 Don't allow LD_* env. variables to be tricked
Submitted by: Sam Hartman <hartmans@mit.edu>
1995-10-20 17:16:58 +00:00
gibbs
651cbee0db Remove MAKE_EBONES conditionals. They were originally placed here because
of missing functionality in our libkrb which is no longer a problem.
1995-10-11 00:04:09 +00:00
ache
c0bde4017e Remove duplicated targets which now build from main tree
if available and allowed
1995-09-29 20:23:09 +00:00
gibbs
8d7d06f373 Add TELNETOBJDIR and CRYPTOBJDIR for use in LDADD entries. This makes
secure reference the libraries that were just build instead of in /usr/lib.
1995-09-16 03:04:10 +00:00
gibbs
958c14faa7 Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES. 1995-09-14 21:29:21 +00:00
gibbs
684e425bda Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES.
Fix up some of the des calls to be compatible with eBones.
1995-09-14 21:29:08 +00:00
dg
1ae004d611 sys_term.c: killed sleep(1) as this should no longer be a problem with
the move of startslave().
telnetd.c: fix bug introduced with the move of startslave()...the number
of arguments was wrong and "level" and "user_name" had to be made globals.
1995-09-11 21:02:02 +00:00
pst
14ad5aa657 Move erase cleanup outside linemode conditional 1995-09-06 02:03:36 +00:00
pst
8693020356 Avoid race condition with telnet options processing (login: prompt lost).
Submitted by:	John Capo & Peter Wemm
1995-09-05 19:31:06 +00:00
pst
b68227ec08 Set erase character for login: prompt.
Submitted by:	Peter Wemm & John Capo
1995-09-05 19:30:05 +00:00
pst
059d76f5fe Do NOT compile with -DKLUDGELINEMODE...hoses many telnet clients 1995-08-28 17:55:08 +00:00
peter
47235a8c6f Import Sendmail v8.6.12, onto the CSRG(!) branch.
A seperate commit to fix the conflicts wil follow.
1995-08-17 04:39:13 +00:00
ache
f87a14f2ec Comment out LDADD+=-ldescrypt, it is not yet active due to
missng defines for krb4encpwd and rsaencpwd and missing rsa library too.
1995-08-05 19:10:25 +00:00
ache
25dcf9aae3 Change default banner to FreeBSD, properly ifdefed by __FreeBSD__
Reviewed by:
Submitted by:
Obtained from:
1995-08-04 00:12:08 +00:00
markm
96fd43c32a After pst and ache fixed secure telnet, it was still not in the main
makefiles. This puts it in.

PLEASE NOTE - YOU WILL NEED TO BUILD AND INSTALL THE libtelnet IN secure/
Reviewed by:
Submitted by:
Obtained from:
1995-07-29 12:49:25 +00:00