Commit Graph

157 Commits

Author SHA1 Message Date
dfr
ea3d7030c0 Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.

Sponsored by:	Isilon Systems
Reviewed by:	alfred
2008-08-06 14:02:05 +00:00
marius
3807b1c27a Add roken.h to SRCS. This fixes the compilation of slc during a
buildworld on a host running a world built with WITHOUT_KERBEROS
defined.
2008-06-18 21:20:50 +00:00
dfr
5bf9c97013 Add the hx509 error table. 2008-05-15 08:53:31 +00:00
dfr
a3e613640d Add manpage links to krb5_principal.3. 2008-05-11 10:32:37 +00:00
dfr
a7865e4ffe Don't try to make links to manpages that no longer exist. Fixes installworld
Submitted by: phk
2008-05-11 08:27:17 +00:00
dfr
4f251e2f8c Update magic sed script for heimdal-1.1 2008-05-09 13:27:20 +00:00
dfr
72cd8a18af Update heimdal_version.
Pointed out by: antoine@
2008-05-08 13:11:34 +00:00
dfr
be0348cb75 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
kensmith
55889a3fe4 While checking over the libraries for 7.0-REL Kris found the following
libraries had not had their versions bumped relative to 6.3-REL but
had indeed been changed.  We need to bump their version so they can be
properly added to the compat6x port:

	libasn1.so.8 libgssapi.so.8 libhdb.so.8 libkadm5clnt.so.8
	libkadm5srv.so.8 libkafs5.so.8 libkrb5.so.8 libobjc.so.2

MFC After:	1 day
2007-11-20 04:20:32 +00:00
peter
225a92541b Remove _FREEFALL_CONFIG hacks 2007-10-18 19:42:50 +00:00
kan
20a6c9830c Fix generator glue to only expose extern struct units %s_units[] is
struct units defintition it known. The above construct is treated
as an incorrect C by GCC 4.2 otherwise.
2007-05-19 03:29:37 +00:00
yar
5be077d625 Kerberos/Heimdal doesn't really depend on the INET6 macro.
In the Heimdal distro, only kerberized telnet refers to INET6,
but we don't build it, we use contrib/telnet linked with the
Kerberos libs instead.

Tested with:	cmp(1)
2006-07-28 06:33:27 +00:00
ume
2d16d1ab8e Bump library majro version for gethostbyaddr(3). 2006-05-21 15:15:21 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
ru
38ea5a1166 NO_MAN is not needed here. 2006-03-16 15:18:17 +00:00
dfr
d9cbcb50b5 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
ru
e6c93861cb Apply the .PHONY attribute to the ../make*/make* targets. This
causes them to be recreated (if needed) early, when doing "make
depend" here, before generating headers that depend on them.
This should fix breakages often seen while doing incremental
(NO_CLEAN) cross-builds.
2005-11-10 21:03:58 +00:00
kensmith
f97f77429f Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
kensmith
28b7f562fc This is sort of an MFS. Peter made these changes to the RELENG_*
branches but missed HEAD.  This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).

From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync.  For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root

The Makefile tweaks will be MFC-ed, the rest is already done.

MFC after:      3 days
Approved by:    re (dwhite)
2005-07-07 14:16:38 +00:00
des
2bb8de20fe Remove kludges intended to support src trees with partial obj trees.
Discussed with:	ru
2005-06-10 06:12:53 +00:00
imp
66c4f5f8b4 Cope with the (unwise?) incompatible changes with make by adding
a comment before defined(SRCS).
2005-04-18 22:03:21 +00:00
nectar
3341256644 Update Heimdal 0.6.1 -> 0.6.3. 2005-02-24 22:24:24 +00:00
ru
74176cc161 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
ru
cec60429bb Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
ru
f0fbc30e0d Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk.  The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by:	oliver
2004-11-03 18:01:21 +00:00
cperciva
e629b37603 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
nectar
e745908f35 Update version strings for Heimdal: 0.6 -> 0.6.1 2004-04-13 16:41:00 +00:00
nectar
2727e5bef6 Hookup `arcfour.c' to the build (missed during upgrade to heimdal 0.6.1). 2004-04-04 03:31:05 +00:00
ru
ad7b0104a3 style.Makefile(5).
OK'ed by:	nectar
2004-02-05 18:51:52 +00:00
ru
c991ea760e Try harder to pick up the correct print_version.c. The old version
works before bsd.dep.mk,v 1.44, whether .depend file exists or not,
but the contents of .depend file is wrong.  With bsd.dep.mk,v 1.44,
the contents of .depend file is always broken, and build without a
.depend file is broken too.  With this change it works reliably in
all cases.  Ugh.
2004-02-05 18:49:35 +00:00
ru
d8d438a5ea Unbreak build with OpenLDAP.
Forgotten by:	mr
2004-02-04 16:42:36 +00:00
ru
70146d9d56 Put libraries in the link order.
Reported by:	lorder(1) (modified to work with libraries)
2004-02-04 10:23:09 +00:00
ru
32fc0033c6 Take signal.c out of sources.
Reviewed by:	nectar
2004-02-03 09:32:11 +00:00
ru
4da7385f67 Put generated headers into SRCS so that we pick them up even if
"make depend" was not run.
2004-02-03 09:21:37 +00:00
ru
291c8ffa96 asn1_compile needs roken.h. 2004-02-01 09:30:02 +00:00
ru
ad18fb995c Overhaul of kerberos5/ makefiles. Most significant changes are:
- Dropped support for standalone builds, this was only partially
  supported anyway, and required so much magic in makefiles that
  made life dangerous (e.g., by using the custom yacc rules).

- Got rid of .OBJDIR in makefiles -- makes building of individual
  files possible again.

- Made the .x.c transformations -j safe.

- Reprogrammed LDADD to fix static build of some utilities that
  was broken.

- Fixed LDFLAGS and DPADD in the WITH_OPENLDAP case -- positively
  affects the contents of .depend files.

- Removed redundant .h's from SRCS, only kept those that are
  generated.

- libkrb5/ INCS were bogusly installed again with libgssapi/.

- Made build-tools real tools with their own makefiles in
  separate directories.  This allows us to properly track
  their dependencies, etc.

- Faster build, 21% less of makefile code!

Approved by:	nectar
Reviewed by:	markm
Silence on:	arch
2004-01-31 08:15:57 +00:00
mr
91983f91e1 add hprop to the build and add LDAP mods to hprop.
add kadmind.8

Submitted by:	Alex Deiter <tiamat@komi.mts.ru>
2004-01-30 11:06:48 +00:00
ru
87d16f5dc7 Fixed "make clean". 2004-01-15 10:02:34 +00:00
nectar
492b28d48b Set RPATH when the Kerberos KDC is linked with the LDAP backend
(`WITH_OPENLDAP').  Previously, the KDC could fail to start if it was
invoked before `ldconfig'.

This solution was chosen rather than adding an `ldconfig' dependency
to `kerberos' in rcNG, because it is more robust and there is no
guarantee that the LDAP libraries will be in ldconfig's path anyway.

Problem reported by:	Sean McNeil <sean@mcneil.com>
2003-12-17 16:13:10 +00:00
markm
f703361585 No need for two copies of this file; there is already a distribution
copy in src/crypto/heimdal/...

Reported by:	ru
2003-11-17 14:59:06 +00:00
nectar
fb970e56ae The header files hdb_asn1.h, hdb_err.h, and kadm5_err.h are generated,
and must be installed from ${.OBJDIR}.

Pointy hat:	nectar
2003-10-10 13:12:35 +00:00
nectar
7bb550b541 Build and install the verify_krb5_conf(8) utility, which checks
krb5.conf(5) for obvious errors.
2003-10-09 19:54:03 +00:00
nectar
dffa529904 Install Kerberos- and GSSAPI-related man pages. 2003-10-09 19:51:13 +00:00
nectar
41639ef8ff Install additional headers for Kerberos (libkafs, libkadm5*, and
libhdb).
2003-10-09 19:50:00 +00:00
nectar
9d50fa1c54 Update build infrastructure for Heimdal 0.6. 2003-10-09 19:48:47 +00:00
markm
76ba46a85a Try a lot harder to get dependancies right. This involves some ugly
looking ${.OBJDIR} work that has the up-side of actually working
in upgrade and make -jN cases.

This needs to be revisited further, and it is conceivable that
the ${.OBJDIR} stuff can be simplified, but the sheer number of
edge cases and other causes make this Hard(tm). For now, this works.
2003-07-27 16:49:10 +00:00
markm
0d4044b1e6 Try a lot harder to get dependancies right. This involves some ugly
looking ${.OBJDIR} work that has the up-side of actually working
in upgrade and make -jN cases.

This needs to be revisited further, and it is conceivable that
the ${.OBJDIR} stuff can be simplified, but the sheer number of
edge cases and other causes make this Hard(tm). For now, this works.
2003-07-27 13:17:31 +00:00
markm
522acafcec Big fixup of the makefiles. Sort out the dependancies so that "make"
without "make depend" works, "make -j N" works, and lists of source
files are made vertical to reduce future diffs.
2003-07-18 13:21:58 +00:00
markm
d6aec2b6d6 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
ru
495eff2a20 Fixed "make checkdpadd".
OK'ed by:	markm
2003-07-02 23:46:39 +00:00