Commit Graph

47 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos 85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
he 8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
manu 3113fa979d Add PAM support to login(8) 2005-01-23 09:47:43 +00:00
xtraeme a35b6d287f Kill __P(), ANSIfy, remove main() prototype, whitespace; WARNS=2 2005-01-20 15:41:14 +00:00
lukem 32e6b841fb Generate the copyright string from sys/conf/copyright rather than
replicating it here.  Idea from Simon Burge.
2004-01-05 03:53:10 +00:00
dyoung 4758291178 Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no)
and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist
complained of missing files.

* move kerberos- and kerberos 4-only files into new flists,
  distrib/sets/lists/*/krb.*

* make the flist generators grok MKKERBEROS{,4} variables

* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no.
  9 out of 10 experts agree that it is ludicrous to build w/
  KERBEROS4 and w/o KERBEROS5.

* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.

* omit some Kerberos-only subdirectories from the build as
  MKKERBEROS{,4} indicate

(I acknowledge the sentiment that flists are the wrong way to go,
and that the makefiles should produce the metalog directly.  That
sounds to me like the right way to go, but I am not prepared to do
revamp all the makefiles.  While my approach is expedient, it fits
painlessly within the current build architecture until we are
delivered from flist purgatory, and it does not postpone our
delivery. Fair enough?)
2003-12-11 09:46:26 +00:00
lha afad8d1f7c libkrb depends on libdes, patch in private mail from
Harold Gutch logix at foobar franken de
2003-08-23 23:03:42 +00:00
itojun e63468d8cc split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se
(build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)
2003-07-23 08:01:24 +00:00
itojun e91a21c27c add DPADD. 2002-10-23 01:25:35 +00:00
christos 51de4d82f7 make this compile without SUPPORT_UTMPX 2002-07-27 22:58:07 +00:00
christos 48715dcc0c Factor out the utmp/wtmp/lastlog updating and add utmpx/wtmpx/lastlogx updating.
Both are turned on for now.
2002-07-27 20:10:32 +00:00
thorpej 9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
simonb 9b22175a26 Remove INSTALLFLAGS=-fschg, as per change to usr.bin/ssh/ssh/Makefile. 2000-10-18 00:24:18 +00:00
assar 6d7f2da1a1 remove -lvers, it's not used 2000-08-03 22:56:29 +00:00
assar 549a4d9cdc update build infrastructure for heimdal 0.3a 2000-08-03 04:02:29 +00:00
mycroft 98987090cb Fix library order. 2000-07-23 22:23:14 +00:00
thorpej df83a2a3cd Add MK... variables to enable/disable various aspects of building
crypto support into the system.  See share/mk/bsd.README for more
a full description.
2000-06-23 06:01:10 +00:00
thorpej e7d6b96938 Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so.  Eliminate
bsd.crypto.mk.

There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
2000-06-20 06:00:24 +00:00
mjl eb1d660e28 Clean up changes a bit. 2000-01-13 12:43:19 +00:00
mjl 07053cf7c1 Re-enable login_cap processing, now that a non-existing login.conf
won't make it crash. Also make it less noisy in that case.
2000-01-13 06:52:47 +00:00
mjl cfdb7e0720 Ack. Disable login caps, until problems are fixed. 2000-01-13 06:30:31 +00:00
mjl 4863ee6f07 Add login.conf capability setting. 2000-01-13 06:17:56 +00:00
mrg 51a96a002f optionally include CRYPTOPATH Makefile.frag files. 1999-07-20 09:35:18 +00:00
thorpej 9630ed475e Use bsd.crypto.mk. 1999-07-12 22:11:37 +00:00
aidan 3a4abbe0d1 Kerberos5 changes to login -- now supports forwarded TGTs. 1999-07-12 21:36:10 +00:00
kim 0d4599522a Build domestic login on domestic systems.
Incorporated (minor) diff from domestic man page.
1999-03-05 01:07:56 +00:00
scottr 8481f548e2 Remove the crypto-related bits until such time as we have a fully-
integrated source tree.  Export-controlled versions of these are now
built during the domestic build process.
1999-02-18 21:22:51 +00:00
lukem ca15d8c056 don't define WARNS=1 here 1997-10-19 03:44:21 +00:00
mycroft 2b4b3f1ded SRCS must be defined *before* bsd.prog.mk is included... 1997-10-12 14:07:38 +00:00
mycroft d91c72fbd3 Minor changes. 1997-10-12 13:10:16 +00:00
mycroft e6751fc584 Minor changes. 1997-10-12 12:54:55 +00:00
mycroft 40471d4e79 Pull in bsd.own.mk for SKEY, KERBEROS, KERBEROS5. 1997-10-12 12:39:17 +00:00
christos 470e6b8604 CFLAGS->CPPFLAGS; Conditionalize SKEY 1997-10-11 19:19:11 +00:00
mycroft 3110c7add1 Various changes to keep up with krb5, mostly addition of the kcontext
structure.  From PR 3826, by Chris Jones.
1997-08-19 17:26:13 +00:00
lukem 049da32c75 * add functionality to `force password change at next login'. to use,
set the pw_change field of the user to -1 (defined in <pwd.h> as
  _PASSWORD_CHGNOW). based on [bin/936] by Simon Gerraty <sjg@quick.com.au>
* clean up for WARNS?=1
1997-08-16 13:50:43 +00:00
lukem 806ac9275c Install statically linked, as suggested by mrg@eterna.com.au in [bin/1715]. 1997-06-23 12:47:45 +00:00
jtc b412b86505 Merged with 4.4lite.
Changed to conform to NetBSD's new RCS Id convention.
1994-12-23 06:52:56 +00:00
brezak b491643425 Add support for Kerberos5 authentication. 1994-07-25 21:11:08 +00:00
deraadt 4693d9a138 add s/key support 1994-05-24 06:50:57 +00:00
cgd 2ab4a0ae5c some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 02:49:15 +00:00
cgd 4b30c543a0 always use libcrypt 1993-10-07 02:16:39 +00:00
mycroft 690cae8181 Add RCS indentifiers. 1993-07-31 15:17:49 +00:00
cgd 673442398b update to new version from uunet 1993-04-26 23:13:43 +00:00
cgd 86677cb02a changed to use new libcrypt scheme. 1993-04-26 14:42:34 +00:00
cgd 649bd7ccc5 added support for using real crypt 1993-03-22 23:27:33 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00