summaryrefslogtreecommitdiffstats
path: root/kerberos5
Commit message (Collapse)AuthorAgeFilesLines
* Add a ${CP} alias for copying files in the build.will2015-01-164-8/+8
| | | | | | | | | | | | | | Some users build FreeBSD as non-root in Perforce workspaces. By default, Perforce sets files read-only unless they're explicitly being edited. As a result, the -f argument must be used to cp in order to override the read-only flag when copying source files to object directories. Bare use of 'cp' should be avoided in the future. Update all current users of 'cp' in the src tree. Reviewed by: emaste MFC after: 1 week Sponsored by: Spectra Logic
* Remove GNU texinfo from base along with all info pages.bapt2015-01-022-7/+1
| | | | | | | | | To be able to info pages consider installing texinfo from ports print/texinfo or via pkg: pkg install texinfo Differential Revision: https://reviews.freebsd.org/D1409 Reviewed by: emaste, imp (previous version) Relnotes: yes
* Remove now useless USEPRIVATELIBbapt2014-11-251-1/+0
|
* Convert kerberos to LIBADD and reduce overlinking of the kerberos binaries andbapt2014-11-2547-150/+70
| | | | libraries
* Fix incremental builds involving non-root users with read-only source files.will2014-09-181-2/+2
| | | | | | This is a followup commit to r271771. MFC after: 1 month
* Revert r267233 for now. PIE support needs to be reworked.bdrewery2014-08-1928-56/+0
| | | | | | | | | | | | | | | | | | | | | | | | 1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other build-only utility libraries. 2. Another 40% is fixed by generating _pic.a variants of various libraries. 3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR) where it never would work anyhow, such as csu or loader. This suggests there may be better ways of adding support to the tree. Many of these cases can be fixed such that -fPIE will work but there is really no reason to have it in those cases. 4. Some of the uses are working around hacks done to some Makefiles that are really building libraries but have been using bsd.prog.mk because the code is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have been needed. We likely do want to enable PIE by default (opt-out) for non-tree consumers (such as ports). For in-tree though we probably want to only enable PIE (opt-in) for common attack targets such as remote service daemons and setuid utilities. This is also a great performance compromise since ASLR is expected to reduce performance. As such it does not make sense to enable it in all utilities such as ls(1) that have little benefit to having it enabled. Reported by: kib
* Rework privatelib/internallibbapt2014-08-063-3/+3
| | | | | | | | | | | | | | Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste
* Replace all uses of libncurses and libtermcap with their wide characterbrooks2014-07-171-2/+2
| | | | | | | | | | variants. This allows usable file system images (i.e. those with both a shell and an editor) to be created with only one copy of the curses library. Exp-run: antoine PR: 189842 Discussed with: bapt Sponsored by: DARPA, AFRL
* In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.bdrewery2014-06-0828-0/+56
| | | | | | | | | | | | | | | | This is currently an opt-in build flag. Once ASLR support is ready and stable it should changed to opt-out and be enabled by default along with ASLR. Each application Makefile uses opt-out to ensure that ASLR will be enabled by default in new directories when the system is compiled with PIE/ASLR. [2] Mark known build failures as NO_PIE for now. The only known runtime failure was rtld. [1] http://www.bsdcan.org/2014/schedule/events/452.en.html Submitted by: Shawn Webb <lattera@gmail.com> Discussed between: des@ and Shawn Webb [2]
* Use src.opts.mk in preference to bsd.own.mk except where we need stuffimp2014-05-061-1/+1
| | | | from the latter.
* Use MK_OPENLDAP in preference to WITH_OPENLDAP and make it a defaultimp2014-04-241-1/+3
| | | | | NO option to match the opt-in nature of the historical nature of this option.
* Fix installworld failure when kerberos source files have new timestampsemaste2014-04-224-8/+8
| | | | | | | | | | | | | | | If a kerberos .hx source file is newer than the .h copy, but the content is the same, then during buildworld the "cmp -s || cp" command in the .hx.h rule would do nothing, leaving the .h copy with the older timestamp. During installworld the rule would again be invoked, causing a failure as neither cmp or cp would exist in the temporary path. As the underlying issue should be resolved by r262209, unconditionally copy the file. No objection: peter@ Tested by: gjb@ Sponsored by: The FreeBSD Foundation
* NO_MAN= has been deprecated in favor of MAN= for some time, go aheadimp2014-04-137-7/+7
| | | | | | and finish the job. ncurses is now the only Makefile in the tree that uses it since it wasn't a simple mechanical change, and will be addressed in a future commit.
* use MK_KERBEROS=no in preference to WITHOUT_KERBEROSimp2014-04-051-5/+5
|
* Revert my commit in r261253; the real problem was tackled in r262209.peter2014-02-204-8/+8
|
* Really (I think) fix the sporadic heimdal build failures with high -jpeter2014-02-194-0/+14
| | | | | | | | | | | | | levels. The root of the problem was that make was attempting to run up to three concurrent asn1_compile commands to produce the three outputs that it was declared to produce. The failure was caused when the asn1_compiles were started out of sync and a later one was truncating the files that another thread was trying to copy. In reality it is supposed to be run exactly once and all three outputs are produced in one pass. Use the same hack as for the parent's Makefile.inc for the compile_et multi-output rule.
* Speculatively replace a cp with a cat for gathering data on apeter2014-01-284-8/+8
| | | | | sporadic parallel build failure in the FreeBSD cluster on many-core systems with ZFS. cp uses mmap in this scenario, cat does not.
* Try and fix the dependency/bootstrap issues in kerberos5uqs2013-12-232-4/+3
| | | | | | | | | | | | libkafs5 needs a header from libkrb5, it includes this from ${.OBJDIR}/mumble, this used to work fine as long as you happen to have a krb_err.h in your base system, this doesn't work for bootstrapping or using a cross-compiler with a different sysroot. This is just a best-effort bandaid, sufficient parallelism can still break it. Fix a SRCS override that dropped krb5_err.h. Discussed with: stas
* Clean up the Kerberos build by turning libheimipcc and libheimipcs intodes2013-09-106-11/+10
| | | | | | | | private shared libraries, instead of hacked-together archives of PIC objects. This makes it possible to build a static libkrb5 that works. Reviewed by: stas Approved by: re (gjb)
* Fix the getpwnam_r() call in the pname_to_uid() kerberos library function sormacklem2013-05-021-4/+28
| | | | | | | | | that it handles the ERANGE error return case. Without this fix, authentication of users for certain system setups could fail unexpectedly. Reported by: Elias Martenson (lokedhs@gmail.com) Tested by: Elias Martenson (earlier version) MFC after: 2 weeks
* Add -lheimntlm to LDADD directly.brooks2013-02-111-1/+1
| | | | | | | | | | | With the current binutils, symbols from libheimtlm.so are loaded because it is referenced by DT_NEEDED. This feature is not implemented in mclinker (https://code.google.com/p/mclinker/issues/detail?id=104). I encountered the same issue when linking with a recent devel/binutils invoked via clang. This was the only use of DT_NEEDED in the tree so removing it simplifies toolchain requirements. Submitted by: Pete Chou <petechou@gmail.com> (mclinker issue)
* Only try to install one link at each path.brooks2013-01-231-9/+1
| | | | | Don't install verify_krb5_conf.8. It is installed in kerberos5/usr.bin/verify_krb5_conf.
* Add support for bmake. This includes:marcel2012-10-063-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Don't do upgrade_checks when using bmake. As long as we have WITH_BMAKE, there's a bootstrap complication in ths respect. Avoid it. Make the necessary changes to have upgrade_checks work wth bmake anyway. 2. Remove the use of -E. It's not needed in our build because we use ?= for the respective variables, which means that we'll take the environment value (if any) anyway. 3. Properly declare phony targets as phony as bmake is a lot smarter (and thus agressive) about build avoidance. 4. Make sure CLEANFILES is complete and use it on .NOPATH. bmake is a lot smarter about build avoidance and should not find files we generate in the source tree. We should not have files in the repository we want to generate, but this is an easier way to cross this hurdle. 5. Have behavior under bmake the same as it is under make with respect to halting when sub-commands fail. Add "set -e" to compound commands so that bmake is informed when sub-commands fail. 6. Make sure crunchgen uses the same make as the rest of the build. This is important when the make utility isn't called make (but bmake for example). 7. While here, add support for using MAKEOBJDIR to set the object tree location. It's the second alternative bmake looks for when determining the actual object directory (= .OBJDIR). Submitted by: Simon Gerraty <sjg@juniper.net> Submitted by: John Van Horne <jvanhorne@juniper.net>
* Centralize the specification of the krb5 build tools.obrien2012-06-0114-19/+11
|
* * Remove headers from SRCS that are not generatedobrien2012-05-3027-67/+41
| | | | | | (and are in /usr/src/crypto/heimdal/). * Avoid race conditions with 'make -j<N>'.
* - Update FreeBSD's Heimdal distribution to 1.5.2. This is a bugfixstas2012-04-082-5/+5
| | | | release, which fixes a DoS issue in libkrb5.
* - Add a "real" symbol version map to libasn1. The upstream versionstas2012-04-084-11/+1618
| | | | | | | | | | of the version map just exported all the symbols, which caused a binutils bug being triggered when ld fails to link two objects, one of which exports a versioned version of the symbol, and another -- unversioned. [1] - Also add version map for libkafs5. Submitted by: jchandra@ (based on)
* Assume a big-endian default on MIPS and drop the "eb" suffix from MACHINE_ARCH.jmallett2012-03-291-2/+1
| | | | | | | | | | | | | | | This makes our naming scheme more closely match other systems and the expectations of much third-party software. MIPS builds which are little-endian should require and exhibit no changes. Big-endian TARGET_ARCHes must be changed: From: To: mipseb mips mipsn32eb mipsn32 mips64eb mips64 An entry has been added to UPDATING and some foot-shooting protection (complete with warnings which should become errors in the near future) to the top-level base system Makefile.
* - Apply binutils workaround on mips.mips as well. Though this TARGET_ARCHstas2012-03-241-1/+2
| | | | is deprecated, tinderbox uses it.
* - Update FreeBSD Heimdal distribution to version 1.5.1. This also bringsstas2012-03-2262-855/+1842
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service. We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509. - The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5. - Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf. - libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next. - Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well. - This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues.
* Don't support OpenLDAP during lib32 build.ume2011-12-061-1/+1
|
* - Make heimdal buildable with WITH_OPENLDAP defined, again.ume2011-12-052-4/+4
| | | | - Our heimdal uses the deprecated OpenLDAP functions.
* Link with -ledit instead of -lreadline.fjoe2011-11-292-4/+4
|
* - Add missing interdependencies to kerberos libraries. Some of thestas2011-09-2712-7/+33
| | | | | | | | | kerberos libraries were not linked properly (missing dependencies), which causes 3rd party applications linking to fail when --as-needed ld flag is used. I also added the --no-undefined ld(1) flag to make sure that there're no missing dependencies. MFC after: 3 days
* The kerberos5 tools are only used as build tools but not otherwise andmarius2011-06-251-1/+1
| | | | | | didn't get installed either. MFC after: 1 week
* Fix a typo.antoine2010-01-091-1/+1
| | | | MFC after: 1 month
* Fix a typo.antoine2010-01-091-1/+1
| | | | MFC after: 1 month
* Link GSS mechanics modules against libgssapi so they will not fail duebland2009-10-122-4/+4
| | | | | | | | unresolved symbol errors when in turn libgssapi was loaded with RTLD_LOCAL flag set (which is the default). Reviewed by: dfr, jhb MFC after: 3 days
* Disconnect closefrom.c as we have it as a system call.delphij2009-06-161-1/+0
|
* Now we have closefrom().delphij2009-06-151-1/+1
|
* Add strndup(3) prototype to string.h.kib2008-12-081-1/+1
| | | | | | | | | | | This change was erronously ommitted from the r185690, and attempt to simply add the prototype to string.h has revealed that several contributed programs defined local prototypes for strndup(), controlled by autoconfed config.h. So, manually change #undef HAVE_STRNDUP to #define HAVE_STRNDUP 1. Next import of the corresponding program would regenerate config.h, overriding the changes in this commit. No objections from: kan
* Add an implementation of the RPCSEC_GSS authentication protocol for RPC. Thisdfr2008-08-062-0/+60
| | | | | | | | is based on an old implementation from the University of Michigan with lots of changes and fixes by me and the addition of a Solaris-compatible API. Sponsored by: Isilon Systems Reviewed by: alfred
* Add roken.h to SRCS. This fixes the compilation of slc during amarius2008-06-181-0/+1
| | | | | buildworld on a host running a world built with WITHOUT_KERBEROS defined.
* Add the hx509 error table.dfr2008-05-151-0/+2
|
* Add manpage links to krb5_principal.3.dfr2008-05-111-0/+29
|
* Don't try to make links to manpages that no longer exist. Fixes installworlddfr2008-05-111-6/+0
| | | | Submitted by: phk
* Update magic sed script for heimdal-1.1dfr2008-05-091-4/+7
|
* Update heimdal_version.dfr2008-05-081-2/+2
| | | | Pointed out by: antoine@
* Fix conflicts after heimdal-1.1 import and add build infrastructure. Importdfr2008-05-0743-292/+2114
| | | | all non-style changes made by heimdal to our own libgssapi.
* While checking over the libraries for 7.0-REL Kris found the followingkensmith2007-11-201-1/+1
| | | | | | | | | | | libraries had not had their versions bumped relative to 6.3-REL but had indeed been changed. We need to bump their version so they can be properly added to the compat6x port: libasn1.so.8 libgssapi.so.8 libhdb.so.8 libkadm5clnt.so.8 libkadm5srv.so.8 libkafs5.so.8 libkrb5.so.8 libobjc.so.2 MFC After: 1 day
OpenPOWER on IntegriCloud