NetBSD/usr.bin/passwd/Makefile

#	$NetBSD: Makefile,v 1.46 2018/02/25 00:16:49 mrg Exp $
#	from: @(#)Makefile    8.3 (Berkeley) 4/2/94

.include <bsd.own.mk>

USE_FORT?= yes	# setuid
PROG=	passwd
SRCS=	local_passwd.c passwd.c
MAN=	passwd.1

CPPFLAGS+=-I${.CURDIR} -DLOGIN_CAP

.if (${USE_YP} != "no")
SRCS+=	yp_passwd.c
CPPFLAGS+=-DYP
LDADD+=	-lrpcsvc
DPADD+=	${LIBRPCSVC}
LINKS+=	${BINDIR}/passwd ${BINDIR}/yppasswd
MAN+=	yppasswd.1
.endif

LDADD+= -lcrypt -lutil
DPADD+= ${LIBCRYPT} ${LIBUTIL}

BINOWN=	root
BINMODE=4555

.if (${USE_KERBEROS} != "no")
CPPFLAGS+= -DKERBEROS5
SRCS+=	krb5_passwd.c

LDADD+=	${LIBKRB5_LDADD}
DPADD+=	${LIBKRB5_DPADD}
.ifdef OVERRIDE_HEIMDAL_KPASSWD
LINKS+=	${BINDIR}/passwd ${BINDIR}/kpasswd
MAN+=	kpasswd.1
.endif
.endif

.if (${USE_PAM} != "no")
CPPFLAGS+=-DUSE_PAM
SRCS+= pam_passwd.c
LDADD+=-lpam ${PAM_STATIC_LDADD}
DPADD+=${LIBPAM} ${PAM_STATIC_DPADD}
.endif

.include <bsd.prog.mk>
add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts to bsd.prog.mk. use them instead of hard coding various lists of libraries for krb5. this fixes static builds. 2018-02-25 03:16:48 +03:00			`# $NetBSD: Makefile,v 1.46 2018/02/25 00:16:49 mrg Exp $`
Sync with 4.4BSD-Lite2 (whew!) 1996-12-28 07:30:02 +03:00			`# from: @(#)Makefile 8.3 (Berkeley) 4/2/94`

Add a MKKERBEROS check to enable/disable kerberos support during the build. 2000-06-24 10:52:10 +04:00			`.include <bsd.own.mk>`

Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to various string and memory copy and set functions (as well as a few system calls and other miscellany) where known at function entry. RedHat has evidently built all "core system packages" with this option for some time. This option should be used at the top of Makefiles (or Makefile.inc where this is used for subdirectories) but after any setting of LIB. This is only useful for userland code, and cannot be used in libc or in any code which includes the libc internals, because it overrides certain libc functions with macros. Some effort has been made to make USE_FORT=yes work correctly for a full-system build by having the bsd.sys.mk logic disable the feature where it should not be used (libc, libssp iteself, the kernel) but no attempt has been made to build the entire system with USE_FORT and doing so will doubtless expose numerous bugs and misfeatures. Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired. 2007-05-28 16:06:17 +04:00			`USE_FORT?= yes # setuid`
initial import of 386bsd-0.1 sources 1993-03-21 12:45:37 +03:00			`PROG= passwd`
use pw_gensalt() and don't dig into libcrypt. 2005-01-12 01:42:30 +03:00			`SRCS= local_passwd.c passwd.c`
Magor rework of passwd(1) for the PAM case. Add "-d <database>" option, similar to Solaris's "-r <repository" or Mac OS X's "-i <infosystem>", to select the password database (files, nis, krb5). Otherwise, we default to using whatever PAM decides. 2005-02-26 10:19:25 +03:00			`MAN= passwd.1`
Add conditional kerberosIV and kerberos5 support 1994-07-27 07:28:11 +04:00
Split the notion of building Hesiod, Kerberos, S/key, and YP infrastructure and using that infrastructure in programs. * MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building of the infratsructure (libraries, support programs, etc.) * USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control building of support for using the corresponding API in various libraries/programs that can use it. As discussed on tech-toolchain. 2002-03-22 21:10:19 +03:00			`CPPFLAGS+=-I${.CURDIR} -DLOGIN_CAP`

			`.if (${USE_YP} != "no")`
			`SRCS+= yp_passwd.c`
			`CPPFLAGS+=-DYP`
			`LDADD+= -lrpcsvc`
add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts to bsd.prog.mk. use them instead of hard coding various lists of libraries for krb5. this fixes static builds. 2018-02-25 03:16:48 +03:00			`DPADD+= ${LIBRPCSVC}`
Don't build a separate kpasswd program, passwd can handle Kerberos password changing. Fixes last part of bin/14988. 2003-04-06 20:35:37 +04:00			`LINKS+= ${BINDIR}/passwd ${BINDIR}/yppasswd`
Magor rework of passwd(1) for the PAM case. Add "-d <database>" option, similar to Solaris's "-r <repository" or Mac OS X's "-i <infosystem>", to select the password database (files, nis, krb5). Otherwise, we default to using whatever PAM decides. 2005-02-26 10:19:25 +03:00			`MAN+= yppasswd.1`
Split the notion of building Hesiod, Kerberos, S/key, and YP infrastructure and using that infrastructure in programs. * MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building of the infratsructure (libraries, support programs, etc.) * USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control building of support for using the corresponding API in various libraries/programs that can use it. As discussed on tech-toolchain. 2002-03-22 21:10:19 +03:00			`.endif`

			`LDADD+= -lcrypt -lutil`
add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts to bsd.prog.mk. use them instead of hard coding various lists of libraries for krb5. this fixes static builds. 2018-02-25 03:16:48 +03:00			`DPADD+= ${LIBCRYPT} ${LIBUTIL}`
Make passwd work with a link to yppasswd. (From Jason Thorpe) 1995-02-12 20:45:54 +03:00
initial import of 386bsd-0.1 sources 1993-03-21 12:45:37 +03:00			`BINOWN= root`
			`BINMODE=4555`

Split the notion of building Hesiod, Kerberos, S/key, and YP infrastructure and using that infrastructure in programs. * MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building of the infratsructure (libraries, support programs, etc.) * USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control building of support for using the corresponding API in various libraries/programs that can use it. As discussed on tech-toolchain. 2002-03-22 21:10:19 +03:00			`.if (${USE_KERBEROS} != "no")`
We no longer need -I/usr/include/krb5. 2011-04-25 01:42:06 +04:00			`CPPFLAGS+= -DKERBEROS5`
Merge a bunch of things from crypto-us and crypto-intl into basesrc, adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate bsd.crypto.mk. There is still a bunch more work to do, but crypto is now more-or-less fully merged into the base NetBSD distribution. 2000-06-20 10:00:24 +04:00			`SRCS+= krb5_passwd.c`
remove -lvers, it's not used 2000-08-04 02:56:29 +04:00
add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts to bsd.prog.mk. use them instead of hard coding various lists of libraries for krb5. this fixes static builds. 2018-02-25 03:16:48 +03:00			`LDADD+= ${LIBKRB5_LDADD}`
			`DPADD+= ${LIBKRB5_DPADD}`
Keep the built-in support for passwd -k, but don't make the kpasswd link or install the kpasswd man page since these are provided by heimdal. I ifdef'ed them so that the code to install them is still with the Makefile. 2013-02-14 03:19:14 +04:00			`.ifdef OVERRIDE_HEIMDAL_KPASSWD`
Don't build a separate kpasswd program, passwd can handle Kerberos password changing. Fixes last part of bin/14988. 2003-04-06 20:35:37 +04:00			`LINKS+= ${BINDIR}/passwd ${BINDIR}/kpasswd`
Magor rework of passwd(1) for the PAM case. Add "-d <database>" option, similar to Solaris's "-r <repository" or Mac OS X's "-i <infosystem>", to select the password database (files, nis, krb5). Otherwise, we default to using whatever PAM decides. 2005-02-26 10:19:25 +03:00			`MAN+= kpasswd.1`
Add a MKKERBEROS check to enable/disable kerberos support during the build. 2000-06-24 10:52:10 +04:00			`.endif`
don't build kpasswd; heimdal does it for us. 2013-02-12 03:11:48 +04:00			`.endif`
Use bsd.crypto.mk. 1999-07-13 02:11:37 +04:00
Add a PAM passwd module. XXX: This avoids the issue of supporting separate -l -y -k, but is the behavior correct? Should passwd -p disable all other passwd methods? Should it become the default if compiled in? 2005-02-22 04:08:43 +03:00			`.if (${USE_PAM} != "no")`
			`CPPFLAGS+=-DUSE_PAM`
			`SRCS+= pam_passwd.c`
Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling with MKPIC=no, possibly because the target does not support shared libraries, these include libraries required to resolve all symbols which end up referenced from PAM-using applications. The libraries presently required are -lcrypt, -lrpcsvc and -lutil. Add use of these variables which are currently set up to use PAM, so that they compile when MKPIC=no. Also, in the telnetd case, reorder the order of the libraries, so that libtelnet.a comes before -ltermcap and -lutil, again to fix link error when MKPIC=no. Discussed with thorpej and christos. 2005-03-04 23:41:08 +03:00			`LDADD+=-lpam ${PAM_STATIC_LDADD}`
			`DPADD+=${LIBPAM} ${PAM_STATIC_DPADD}`
Add a PAM passwd module. XXX: This avoids the issue of supporting separate -l -y -k, but is the behavior correct? Should passwd -p disable all other passwd methods? Should it become the default if compiled in? 2005-02-22 04:08:43 +03:00			`.endif`

initial import of 386bsd-0.1 sources 1993-03-21 12:45:37 +03:00			`.include <bsd.prog.mk>`