summaryrefslogtreecommitdiffstats
path: root/secure
Commit message (Collapse)AuthorAgeFilesLines
* Fix cross-building, etc:ru2001-09-291-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. To cross-build, one now needs to set TARGET_ARCH, and not the MACHINE_ARCH. MACHINE_ARCH should never be changed manually! 2. Initialize DESTDIR= explicitly for bootstrap-tools, build-tools, and cross-tools stages. This fixes broken header and library dependencies problem. We build them in the host environment, and obviously want them to depend on host headers and libraries. The problem with broken header dependencies for bootstrap-tools and cross-tools was already partially solved (see BOOTSTRAPPING tests in bsd.prog.mk and bsd.lib.mk), but it was still there for build-tools if the user ran "make world DESTDIR=/foo". Also, for all of these stages, the library dependencies were broken because of how bsd.libnames.mk define DPADD members. We still provide a glue to install bootstrap- and cross-tools under the ${WORLDTMP}. Removed PATH overrides for bootstrap-, build-, and cross-tools stages. There is just no reason why we would need to override it, and the hacks to clean up the ${WORLDTMP} in the -DNOCLEAN case are no longer needed with fixes from this step. That is, we now never use ${WORLDTMP} headers and libraries, and we don't use any ${WORLDTMP} installed binaries during these stages. Again, these stages depend solely on the host environment, including compiler, headers, and libraries. 3. Moved "miniperl" back from cross-tools (it has nothing to do with a cross-compiler) to build-tools where it belongs. The change from step 1 let to do this. Also, to make this work, build-tools targets of "cc_tools" and "miniperl" were modified to call "depend". Here follow the detailed explanations. There are two categories of build tools, for now. In the first category there are "cc_tools" and "miniperl". They occupy the whole (sub)directory, and nothing needs to be done in this subdirectory later during the "all" stage. They are also constructed using system makefiles. We must build the .depend early in the build-tools stage because: 1) They use (and depend on) the host environment. 2) If we don't do this in build-tools, the "depend" stage of buildworld will do this for us; wrong library and header dependencies will be recorded (DESTDIR=${WORLDTMP}) and, what's worse, the "all" stage may then clobber the build-architecture format tools (that we built in the build-tools stage) with the target-architecture format ones, breaking cross build. In the second category there are all other build-tools. They share their directory with the "main" module that needs them in the "all" stage, and they don't show up themselves in the .depend file. The portion of this fix was already committed in gnu/usr.bin/cc/cc_tools/Makefile,v 1.52. 4. "libperl" is no longer a build tool, and "miniperl" is the stand-alone application. I had to make this change because build-tools and "all" stages share the same object directory. Without this change, if we cross compile, libperl.a is first built for the build architecture during the build-tools stage (for the purposes of immediate linkage with "miniperl"). Later on, the "all" stage sees this library as up-to-date, and doesn't rebuild it. The effect is that the wrong format static libperl library is installed with installworld. 5. Fixed "includes" to install secure/lib/libtelnet headers if required. Reviewed by: bde
* Fixed world breakage in rev.1.13. -lpam must never be used directly sincebde2001-08-291-1/+1
| | | | it doesn't work for static linkage.
* Diff reduce all the crypto telnet Makefiles.markm2001-08-202-2/+2
|
* mdoc(7) police: s/NetBSD/.Nx/ where appropriate.ru2001-08-131-1/+3
|
* mdoc(7) police: join split punctuation to macro calls.ru2001-08-101-2/+1
|
* Link to libcipher in the usual way. `bdes' depended on a nonexistentbde2001-08-031-10/+2
| | | | | | | library. This only worked because of the undocmented feature of make(1) that targets named foo.a are always up to date. Fixed some style bugs.
* Revamp and diff-reduce the various secure telnets. Make sure thatmarkm2001-08-034-7/+7
| | | | | Kerberos5 has _a_ telnet (which is not currently K5 enabled). Incorporate BDE's static linking fixes.
* Fixed world breakage when NOSHARED=yes. libmp now depends on libcrypto,bde2001-07-302-6/+6
| | | | so it must be linked before libcrypto to work right.
* Added missing DPADD and CLEANFILES.ru2001-07-121-0/+3
|
* mdoc(7) police: removed HISTORY info from the .Os call.ru2001-07-101-1/+1
|
* Remove stale file.kris2001-07-041-11/+0
|
* Enable Kerberos 5 support in sshd again.green2001-06-121-2/+0
|
* Update for OpenSSL 0.9.6akris2001-05-201-2/+5
| | | | MFC after: 2 weeks
* Fixed world breakage in previous commit. -lpam must never be usedbde2001-05-091-4/+4
| | | | | | | | | directly (except in the definition of MINUSLPAM in bsd.libnames.mk) since it doesn't give all the libraries necessary for static linkage. Fixed missing ${LIBPAM} in DPADD. Fixed some style bugs in DPADD and LDADD.
* Fixed world breakage in previous commit. -lpam must never be usedbde2001-05-091-3/+4
| | | | | | | | | directly (except in the definition of MINUSLPAM in bsd.libnames.mk) since it doesn't give all the lbraries necessary for static linkage. Fixed new and old bugs in DPADD. ${LIBPAM} was missing, and the library order was different from that in LDADD so `make checkdpadd' reported a non-bug.
* Add PAM support to SRA authentication. Cribbed mostly from ftpd. Thisnsayer2001-05-072-2/+2
| | | | | doesn't solve the problem of root being allowed to log in, but that sort of thing is something PAM should be doing anyway.
* Update to OpenSSH 2.9. Somehow this missed getting committed yesterday.green2001-05-041-3/+3
|
* Don't build with Kerberos 5 support for now. I'll fix this soon,green2001-05-041-0/+2
| | | | | but I don't want to break Kerberos 5 users' worlds too much in the meantime.
* Follow the OpenSSH 2.9 upgrade with the infrastructure. Two newgreen2001-05-0410-20/+42
| | | | programs are now included: sftp(1) and ssh-keyscan(1).
* Add the new version.c to libssh.green2001-05-031-1/+1
|
* Reactivate SRA.nsayer2001-04-051-2/+2
| | | | | Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode(). This allows people to break out of SRA authentication if they wish to.
* Merged src/lib/libtelnet rev.1.9 (fixed removing of obsolete sharedru2001-03-281-8/+5
| | | | | | | | | | library: wrong library directory, wrong library extension and wrong comment). This is mainly of historical interest, if any. The library that gets removed is aout. Also, backout the beforeinstall -> afterinstall change in rev.1.20 that was required to install proper telnet.h into /usr/include/arpa. The actual problem is in <bsd.lib.mk>, and I am going to fix it.
* Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.ru2001-03-284-4/+11
| | | | Approved by: markm
* secure/ build fixes:ru2001-03-2618-109/+62
| | | | | | | | | | | | | | | | | | | | - TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there. - SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing. - libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa. - Removed BINOWN, BINMODE, BINDIR and SRCS with default values. Reviewed by: markm - MAN[1-9] -> MAN.
* disable SRAassar2001-03-231-2/+2
| | | | | | this impacts negatively to POLA since once autologin is enabled, telnet will prompt for a password using getpass() and thus not allow the usual signal characters or C-]
* Attempt to fix the problem with -j builds, and du-uglify the asm codekris2001-03-141-10/+6
| | | | | | generation and assembly targets. Help from: bde, obrien
* Add OpenBSD-style blowfish password hashing. This makes one lessmarkm2001-03-113-0/+1249
| | | | | | | | | | gratuitous difference between us and our sister project. This was given to me _ages_ ago. May apologies to Paul for the length of time its taken me to commit. Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD Submitted by: Paul Herman <pherman@frenchfries.net>
* MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6kris2001-03-082-2/+2
|
* Install the des.h link under ${DESTDIR}. Fixes buildworld.kris2001-03-041-1/+1
| | | | Submitted by: Christian Weisgerber <naddy@mips.inka.de>
* Clean up the installation of the compatibility libdes header/librarykris2001-03-041-22/+11
| | | | | | symlinks Pointed out by: bde
* Don't override CPUTYPE (actually this predates the <bsd.cpu.mk> use ofkris2001-03-041-13/+3
| | | | | | CPUTYPE, and I forgot I used it here already) Pointed out by: bde
* setlocale(3) has been fixed to match POSIX standard:ru2001-03-021-1/+1
| | | | LC_ALL takes precedence over other LC_* envariables.
* Update the list of OpenSSL manpages (now contains many more describingkris2001-02-251-55/+108
| | | | | | | libssl, for example), and hide it behind a make.conf option, WANT_OPENSSL_MANPAGES, instead of having it commented out. We still can't install these by default because of clobbering of a number of system manpages with the same name, but they're there for people who want them.
* Add back a missing file from the no-asm casekris2001-02-201-1/+1
| | | | Submitted by: gallatin
* Remove a remnant of my attempt to get alpha asm code working. OpenSSLkris2001-02-191-2/+0
| | | | | | | | does include code for the alpha, but as far as I can tell, it is non-functional (e.g. it's not even compiled by the native openssl build on the alpha). Noticed by: gallatin
* Introduce support for using OpenSSL ASM optimizations. This is donekris2001-02-192-10/+91
| | | | | | | | | | | | | | | | | | | | | | | through the use of a new build directive, MACHINE_CPU, which contains a list of the CPU generations/features for which optimizations are desired. This feature will be extended to cover the ports tree in the future. Currently OpenSSL provides optimizations for i386, i586 and i686-class CPUs. Currently it has not been tested on an i386 or i486. Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not defined (namely, the lowest common denominator CPU we support for each architecture). Currently this is i386 for the i386 architecture and ev4 for the alpha. sys.mk also sets the variable as a last resort for consistency with MACHINE_ARCH and bootstrapping from very old versions of make. Benchmarks show a significant speed increase even in the i386 case, with additional improvements for i586 and i686 systems. For maximum performance define MACHINE_CPU=i686 i586 i386 in /etc/make.conf. Based on a patch submitted by: Mike Silbersack <silby@silby.com> Reviewed by: current
* Define HAVE_PAM_GETENVLIST for build. Now environmental variables setnectar2001-02-081-1/+1
| | | | by PAM modules will be exported (correctly).
* Fixed missing include of <unistd.h> and wrong prototype for setkey().bde2001-02-061-1/+2
|
* Add .Lb libcipherben2001-01-241-1/+3
| | | | | PR: 24434 Submitted by: Bill Cheswick <ches@bell-labs.com>
* man(7) -> mdoc(7).ru2001-01-161-140/+173
|
* Merge into a single US-exportable libcrypt, which only providespeter2000-12-281-73/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | one-way hash functions for authentication purposes. There is no more "set the libcrypt->libXXXcrypt" nightmare. - Undo the libmd.so hack, use -D to hide the md5c.c internals. - Remove the symlink hacks in release/Makefile - the algorthm is set by set_crypt_format() as before. If this is not called, it tries to heuristically figure out the hash format, and if all else fails, it uses the optional auth.conf entry to chose the overall default hash. - Since source has non-hidden crypto in it there may be some issues with having the source it in some countries, so preserve the "secure/*" division. You can still build a des-free libcrypt library if you want to badly enough. This should not be a problem in the US or exporting from the US as freebsd.org had notified BXA some time ago. That makes this stuff re-exportable by anyone. - For consistancy, the default in absence of any other clues is md5. This is to try and minimize POLA across buildworld where folk may suddenly be activating des-crypt()-hash support. Since the des hash may not always be present, it seemed sensible to make the stronger md5 algorithm the default. All things being equal, no functionality is lost. Reviewed-by: jkh (flame-proof suit on)
* Update for OpenSSH 2.3.0.green2000-12-052-6/+9
|
* Fixed a typo from the last commit.ru2000-11-151-1/+1
| | | | Submitted by: Mike Heffner <mheffner@vt.edu>
* Correct some fallout from the semi-automated way I updated the makefile.kris2000-11-141-4/+4
| | | | Submitted by: roberto
* Disable /usr/bin/ssh being setuid root by default. Let the variablegreen2000-11-141-0/+2
| | | | | | | | | | ENABLE_SUID_SSH being defined reenable it for those that want it. This follows discussion favoring the change from September. It is not usually necessary to be setuid root, possibly less safe, and less convenient (cannot use $HOSTALIASES, for example). Submitted by: jedgar
* Update for OpenSSL 0.9.6kris2000-11-134-61/+69
|
* Fix up the build for the STARTTLS version of sendmail (again). This methodgshapiro2000-10-242-78/+0
| | | | | | | | | | mimics that of tcpdump in that for normal builds, sendmail will only be built once. For 'make release', it is built once for the bin dist and once for the crypto dist. This method also removes the need for two separate Makefiles (which could become out of sync). Suggested by: bde Assisted by: kris
* Do not override BINDIR settings from subdirectory Makefiles.gshapiro2000-10-131-1/+1
| | | | Submitted by: bde
* ../Makefile.inc was clobbering BINDIR so sendmail was being installed ingshapiro2000-10-131-1/+1
| | | | | | /usr/sbin/ instead of /usr/libexec/sendmail/ Submitted by: bde
* Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSLgshapiro2000-10-131-0/+4
|
OpenPOWER on IntegriCloud