Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

keyserv(1): drop useless comparison.

Comparing a character array against NULL serves no purpose. In any case
we are always asigning a value just before using the value so obviate
the comparison altogether.

Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D6651

CID: 1008422

Cleanup unnecessary semicolons from utilities we all love.

DIRDEPS_BUILD: Regenerate without local dependencies.

These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.

Sponsored by: EMC / Isilon Storage Division

Add META_MODE support.

Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision: D2796
Reviewed by: brooks imp

Convert usr.sbin to LIBADD
Reduce overlinking

Rework all non-contributed files that use `struct timezone'.

This structure is not part of POSIX. According to POSIX, gettimeofday()
has the following prototype:

int gettimeofday(struct timeval *restrict tp, void *restrict tzp);

Also, POSIX states that gettimeofday() shall return 0 (as long as tzp is
not used). Remove dead error handling code. Also use NULL for a
nul-pointer instead of integer 0.

While there, change all pieces of code that only use tv_sec to use
time(3), as this provides less overhead.

Consistently set RPCGEN_CPP when running rpcgen, so the C preprocessor
set via ${CPP} is used, instead of always using hardcoded /usr/bin/cpp.

MFC after: 1 week

In usr.sbin/keyserv, fix some implicit enum conversions, and use the
correct printf length modifiers for uid_t.

MFC after: 1 week

Rename all symbols in libmp(3) to mp_*, just like Solaris.

The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.

libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.

Reviewed by: deischen, rdivacky

Cleanup of userland __P use

The variable `ROOTKEY' has internal linkage in keyserv.c, don't declare it as
extern here.

Join the 21st century: Cryptography is no longer an optional component
of releases. The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by: re (scottl), markm
Discussed on: freebsd-current, in late April 2004

Remove spurious semicolons. Outside of functions they are actually errors but
GCC doesn't warn about them without -pedantic.

Approved by: das (mentor)
PR: 56649
Reviewed by: md5

Put chkey(1), newkey(8), and keyserv(8) into the crypto distribution.

Use arc4random() instead of random() when generating the master key.

MFC after: 1 week

Use sranddev()/srandomdev() for FreeBSD

Initiate deorbit burn for the i386-only a.out related support. Moves are
under way to move the remnants of the a.out toolchain to ports. As the
comment in src/Makefile said, this stuff is deprecated and one should not
expect this to remain beyond 4.0-REL. It has already lasted WAY beyond
that.

Notable exceptions:
gcc - I have not touched the a.out generation stuff there.
ldd/ldconfig - still have some code to interface with a.out rtld.
old as/ld/etc - I have not removed these yet, pending their move to ports.
some includes - necessary for ldd/ldconfig for now.

Tested on: i386 (extensively), alpha

mdoc(7) police: Removed redundant .Ns calls.

Port to TI/RPC and/or IPV6.

Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>

The .Nm utility

Use libcrypto.so.2 instead of .1, since we have it now. It should enable
DES for keyserv again.

Submitted by: mbr

Kill a stray __P while I'm here.

Spell void * as void * rather than caddr_t. This is complicated by the
fact that caddr_t is often misspelled as char *.

Sponsored by: DARPA, NAI Labs

Readded the svc_create() and the registering of the local transport,
now it is fixed. This should get us a working keyserv again, since
it depends on local transport for key exchange.

Since we do not have any KEYFILE name hardcoded anymore, set the
umask that way that the keyserver socket can be created with with
the appropriate permissions.

Re-add the accidently removed signal(SIGPIPE, SIG_IGN); to the code
which makes sense to avoid SIGPIPE when a disconnect on rpc socket
occurs.

Submitted by: mbr

Fixed bitrot in DPADD in previous commit.

Enable the new libmp in the build, and disable libgmp and its
henchmen.

Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.

Remove whitespace at EOL.

Nuke unused variables.

- Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.

Hopefully fix some of the bugs in passing credentials over UNIX domain sockets.

Make struct cmessage visible from socket.h (about 4 places were
defining it for themselves which wasn't good)

Make __rpc_get_local_uid() useable and give it prototype that's
visible.

Fix some issues with printing out usernames from rpcbind and keyserv.

Set the default manual section for usr.sbin/ to 8.

Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

Bring in required TLI library routines to support this.

Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.

This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).

The submitter has agreed to continue on and bring us up to the
1999 release.

Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.

Many userland updates were done to bring the code up to par with
the recent RPC API.

There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.

While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.

New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.

Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.

Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul

mdoc(7) police: split punctuation characters + misc fixes.

mdoc(7) police: use the new features of the Nm macro.

Use libcrypto instead of libdes.

$Id$ -> $FreeBSD$

Add $Id$, to make it simpler for members of the translation teams to
track.

The Id line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;

.\" $Id$
.\"

If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.

Approved by: bde

Remove irrelevant section.

PR: 8286
Submitted-by: yohta@bres.tsukuba.ac.jp

Apply patch from Stefan Esser to close PR #7941: add code to handle
dynamic loading of libdes on ELF systems. The patch looks correct to
me.

Fixed the usual dependency bugs. This Makefile accidentally usually
worked for `make -j9', but failed for `make -j4'.

Fixed DPADD.

Use err(3). Put includes in alphabetical order.
Rewrote man page in mdoc format.
Document -v and -p flags.

Correct the section number in the cross-reference for the publickey
file.

Work around a bug (deficiency?) in the libdes Secure RPC compat interface.
The way Secure RPC is set up, the ecb_crypt() routine is expected to
be able to encrypt a buffer of any size up to 8192 bytes. However, the
des_ecb_encrypt() routine in libdes only encrypts 8 bytes (64 bits) at a
time. The rpc_enc.c module should compensate for this by calling
des_ecb_encrypt() repeatedly until it has encrypted the entire supplied
buffer, but it does not do this.

As a workaround, keyserv now handles this itself: if we're using DES
encryption, and the caller requested ECB mode, keyserv will do the right
thing.

Also changed all references to 'rc4' into 'arcfour' just in case some
litigious bastard from RSA is watching.

Note that I discovered and fixed this problem while trying to get
a part of NIS+ working: rpc.nisd signs directory objects with a 16-byte
MD5 digest that is encrypted with ecb_crypt(). Previously, only the
first 8 bytes of the digest were being properly encrypted, which caused
the Sun nis_cachemgr to reject the signatures as invalid. I failed to
notice this before since Secure RPC usually never has to encrypt more
than 8 bytes of data during normal operations.

This commit was generated by cvs2svn to compensate for changes in r26234,
which included commits to RCS files with non-trunk default branches.