35 Commits

Author SHA1 Message Date
stefanf
a49e78a185 The variable `ROOTKEY' has internal linkage in keyserv.c, don't declare it as
extern here.
2005-02-10 09:09:18 +00:00
cperciva
e629b37603 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
stefanf
1b3274a8a0 Remove spurious semicolons. Outside of functions they are actually errors but
GCC doesn't warn about them without -pedantic.

Approved by:	das (mentor)
PR:		56649
Reviewed by:	md5
2004-05-16 22:08:17 +00:00
ru
cecc8b3a72 Put chkey(1), newkey(8), and keyserv(8) into the crypto distribution. 2004-01-18 09:29:47 +00:00
kris
adf3acbf08 Use arc4random() instead of random() when generating the master key.
MFC after:	1 week
2003-02-18 01:35:58 +00:00
ache
1893511c05 Use sranddev()/srandomdev() for FreeBSD 2003-02-11 01:56:40 +00:00
peter
a51c9b6627 Initiate deorbit burn for the i386-only a.out related support. Moves are
under way to move the remnants of the a.out toolchain to ports.  As the
comment in src/Makefile said, this stuff is deprecated and one should not
expect this to remain beyond 4.0-REL.  It has already lasted WAY beyond
that.

Notable exceptions:
gcc - I have not touched the a.out generation stuff there.
ldd/ldconfig - still have some code to interface with a.out rtld.
old as/ld/etc - I have not removed these yet, pending their move to ports.
some includes - necessary for ldd/ldconfig for now.

Tested on: i386 (extensively), alpha
2002-09-17 01:49:00 +00:00
ru
ce971426f4 mdoc(7) police: Removed redundant .Ns calls. 2002-08-13 16:07:28 +00:00
alfred
83a53d0868 Port to TI/RPC and/or IPV6.
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-07-15 18:51:57 +00:00
charnier
d2168fe021 The .Nm utility 2002-07-14 14:47:15 +00:00
jmallett
2912bfd6c3 Use libcrypto.so.2 instead of .1, since we have it now. It should enable
DES for keyserv again.

Submitted by:	mbr

Kill a stray __P while I'm here.
2002-07-09 20:08:19 +00:00
des
e48f76df85 Spell void * as void * rather than caddr_t. This is complicated by the
fact that caddr_t is often misspelled as char *.

Sponsored by:	DARPA, NAI Labs
2002-04-28 15:18:50 +00:00
alfred
6a036e317e Readded the svc_create() and the registering of the local transport,
now it is fixed. This should get us a working keyserv again, since
it depends on local transport for key exchange.

Since we do not have any KEYFILE name hardcoded anymore, set the
umask that way that the keyserver socket can be created with with
the appropriate permissions.

Re-add the accidently removed signal(SIGPIPE, SIG_IGN); to the code
which makes sense to avoid SIGPIPE when a disconnect on rpc socket
occurs.

Submitted by: mbr
2002-02-06 19:15:34 +00:00
bde
ecad780070 Fixed bitrot in DPADD in previous commit. 2001-07-30 11:18:09 +00:00
dd
a12e9377b2 Enable the new libmp in the build, and disable libgmp and its
henchmen.
2001-07-29 08:58:22 +00:00
obrien
9c97c8f02d Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
dd
911ca14c87 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
dd
7894e59b7f Nuke unused variables. 2001-06-24 23:41:57 +00:00
ru
afd506414e - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
alfred
281af9370c Hopefully fix some of the bugs in passing credentials over UNIX domain sockets.
Make struct cmessage visible from socket.h (about 4 places were
defining it for themselves which wasn't good)

Make __rpc_get_local_uid() useable and give it prototype that's
visible.

Fix some issues with printing out usernames from rpcbind and keyserv.
2001-03-22 04:31:30 +00:00
ru
f10dc9aca1 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
alfred
f67e4a8fc7 Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

  Bring in required TLI library routines to support this.

  Since we don't support TLI we've essentially copied what NetBSD
  has done, adding a thin layer to emulate direct the TLI calls
  into BSD socket calls.

  This is mostly from Sun's tirpc release that was made in 1994,
  however some fixes were backported from the 1999 release (supposedly
  only made available after this porting effort was underway).

  The submitter has agreed to continue on and bring us up to the
  1999 release.

  Several key features are introduced with this update:
    Client calls are thread safe. (1999 code has server side thread
    safe)
    Updated, a more modern interface.

  Many userland updates were done to bring the code up to par with
  the recent RPC API.

  There is an update to the pthreads library, a function
  pthread_main_np() was added to emulate a function of Sun's threads
  library.

  While we're at it, bring in NetBSD's lockd, it's been far too
  long of a wait.

  New rpcbind(8) replaces portmap(8) (supporting communication over
  an authenticated Unix-domain socket, and by default only allowing
  set and unset requests over that channel). It's much more secure
  than the old portmapper.

  Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
  to support TI-RPC and to support IPV6.

  Umount(8) is also fixed to unmount pathnames longer than 80 chars,
  which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
ru
66cd8f698e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00
ru
71e2293ad4 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
markm
4dfdc66cab Use libcrypto instead of libdes. 2000-02-24 21:10:28 +00:00
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
nik
559bbb333e Add $Id$, to make it simpler for members of the translation teams to
track.

The Id line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;

     .\"    $Id$
     .\"

If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.

Approved by:            bde
1999-07-12 20:12:29 +00:00
jkoshy
815bb405cd Remove irrelevant section.
PR:		8286
Submitted-by:	yohta@bres.tsukuba.ac.jp
1998-10-13 08:14:31 +00:00
wpaul
71a9e7d996 Apply patch from Stefan Esser to close PR #7941: add code to handle
dynamic loading of libdes on ELF systems. The patch looks correct to
me.
1998-09-16 01:50:04 +00:00
bde
19d2c7b61e Fixed the usual dependency bugs. This Makefile accidentally usually
worked for `make -j9', but failed for `make -j4'.
1998-05-09 13:32:37 +00:00
bde
40ee54fd84 Fixed DPADD. 1997-12-16 17:43:33 +00:00
charnier
a816a4029a Use err(3). Put includes in alphabetical order.
Rewrote man page in mdoc format.
Document -v and -p flags.
1997-09-23 06:36:27 +00:00
jdp
a3a4d0ec6d Correct the section number in the cross-reference for the publickey
file.
1997-06-17 20:24:33 +00:00
wpaul
8a67f91ff9 Work around a bug (deficiency?) in the libdes Secure RPC compat interface.
The way Secure RPC is set up, the ecb_crypt() routine is expected to
be able to encrypt a buffer of any size up to 8192 bytes. However, the
des_ecb_encrypt() routine in libdes only encrypts 8 bytes (64 bits) at a
time. The rpc_enc.c module should compensate for this by calling
des_ecb_encrypt() repeatedly until it has encrypted the entire supplied
buffer, but it does not do this.

As a workaround, keyserv now handles this itself: if we're using DES
encryption, and the caller requested ECB mode, keyserv will do the right
thing.

Also changed all references to 'rc4' into 'arcfour' just in case some
litigious bastard from RSA is watching.

Note that I discovered and fixed this problem while trying to get
a part of NIS+ working: rpc.nisd signs directory objects with a 16-byte
MD5 digest that is encrypted with ecb_crypt(). Previously, only the
first 8 bytes of the digest were being properly encrypted, which caused
the Sun nis_cachemgr to reject the signatures as invalid. I failed to
notice this before since Secure RPC usually never has to encrypt more
than 8 bytes of data during normal operations.
1997-06-17 18:03:52 +00:00
wpaul
7467e74fd1 This commit was generated by cvs2svn to compensate for changes in r26234,
which included commits to RCS files with non-trunk default branches.
1997-05-28 15:44:22 +00:00