#
# You must get the source code for cipher first; then edit DESDIR.
#   ftp.uu.net:/pub/security/des/cipher-3.0.tar.Z
#
# Find the set of lines which corresponds to your configuration, and uncomment
# them.  If you have a machine not listed here, the most likely configuration
# to work is the one for SunOS 4.1.1, or Gnu CC.   
#
# Type "make".
#
# If you get the error "Don't know how to make target `desblock.o'", just type
# "make" again; this is a symlink dependency which was resolved by the 1st make.
# 
# You will have to supply a default decryption key if you wish to compile
# the server process "deslogind".
#
# If everything compiles, type "make install" to see how to finish 
# installation and configuration.
#
# Read the man pages for deslogin and deslogind with "nroff -man"
#
# Test your installation.  Login via deslogin.  Verify the following:
#    The "who -R" command prints your correct login information and remote host
#    The "tty" command prints your correct login pty.
#    The pty returned by the tty command has correct ownership and permissions.
#    The "groups" command prints your correct supplementary group id's.
#    The "id" command prints your correct user/group name and id.
#    The "last -10" command prints correct login name.
#    Interrupt and job-control signals (usually Ctl-C, Ctl-Z) work correctly
#    Reading and writing from /dev/tty work correctly.
#    Login as a user without a .profile/.login file, and verify that
#       the environment is initialized the same as the login program.
#    Examine the deslogind log file for warnings or error messages.
#
# If you must create a new configuration, see the comments below.
#
# Dave Barrett (barrett@asgard.cs.Colorodo.EDU
#
# Makefile  RCS: $Revision: 1.6 $ $Date: 94/06/14 10:09:30 $
# 
CC=@echo "you really must edit the makefile for your machine"; exit 1

#
# For "make install"
#
MANDIR=/usr/local/man/man1
BINDIR=/usr/local/bin

#
# Get cipher-3.0.tar.Z from ftp.uu.net:/pub/security/des
# and untar it into $(DESDIR)
#
DESDIR	= ../cipher-3.0
#
# Configuration options to deslogind.  
# Others in deslogind.c and deslogin.h should be correct.
#
USER_FILE=\"/usr/local/etc/deslogind.users\"
LOG_FILE=\"/usr/adm/deslogind.log\"
GW_LOG_FILE=\"/usr/adm/deslogingw.log\"
# LOGIN_PROC is only used for the -w option to deslogind; nowhere else.
LOGIN_PROG=\"/bin/login\"
#
# Add -D_USE_SYSLOG to NSTCFLAGS if you want to log messages via to syslogd 
# instead of the logfile.  It only affects code in the file log.c.  I prefer to
# use a logfile instead of syslogd so that I don't have to worry about a hostile
# user hijacking the connection to syslogd, or installing a Trojan horse for
# for syslogd, or, even worse, having syslogd be on a remote unsecure machine.
# This feature may go away when I add encryption to the logging facility.
#
#DEBUG=-g
DEBUG=-O # -D_USE_SYSLOG

## HP-UX Ansi C compiler
#CC      = cc -Aa
#CFLAGS	= $(DEBUG)
#LDFLAGS	= $(DEBUG) -Wl,-a,archive -s
#NSTCFLAGS=$(DEBUG) -D_HPUX_SOURCE 	# make non-posix symbols visable 

## HP-UX C++ compiler (won't work because typedef pfv in posignal.h)
#CC	= CC
#CFLAGS	= $(DEBUG)
#LDFLAGS= $(DEBUG) -Wl,-a,archive # -s 
#NSTCFLAGS=$(DEBUG) -D_HPUX_SOURCE

## DEC MIPS Ultrix 4.3 ANSI C compiler 
#CC	  = cc -std -non_shared
#CFLAGS	  = $(DEBUG)
#LDFLAGS  = $(DEBUG) -non_shared  # -s 
#NSTCFLAGS=$(DEBUG) -DONLCR=0x00000004

## DEC MIPS Ultrix 4.2 Non-ANSI C compiler 
#CC	= cc -YPOSIX
#CFLAGS	= $(DEBUG)
#LDFLAGS	= $(DEBUG) -YSYSTEM_FIVE # -s 
#NSTCFLAGS=$(DEBUG) -D__MIPS -DONLCR=0x00000004

## DEC Alpha OSF/1 C compiler
#CC	= cc -std -non_shared
#CFLAGS	= $(DEBUG)
#LDFLAGS = $(DEBUG) -non_shared  # -s 
#NSTCFLAGS=$(DEBUG) -D_XOPEN_SOURCE -D_OSF_SOURCE -D__ALPHA

## DEC Alpha OSF/1 C++ compiler  (OSF1 V2.0 240 alpha)
##  don't enable -O: generates incorrect code: progName output as junk
#CC	= cxx -non_shared
#CFLAGS	= $(DEBUG)
#LDFLAGS  =$(DEBUG) -non_shared # -s
#NSTCFLAGS=$(DEBUG) -non_shared -D_XOPEN_SOURCE -D_OSF_SOURCE -D__ALPHA
## ONLCR, non-posix symbols, controlling terminal

## SunOS 4.1.1 BSD C compiler (Sun's includes were really poor on my machine)
#CC       = cc
#CFLAGS	  =$(DEBUG) -Bstatic -Dsparc	# need -Dsparc if missing atexit
#LDFLAGS  =$(DEBUG) -Bstatic # -s
#NSTCFLAGS=$(DEBUG) -Bstatic -Dsparc -DONLCR=0x00000004

## BSD/386 1.1 0 i386 gcc - Probably any net/2.  
#LOG_FILE=\"/var/log/deslogind.log\"
#GW_LOG_FILE=\"/var/log/deslogingw.log\"
#LOGIN_PROG=\"/usr/bin/login\"
#CC       =gcc -ansi
#CFLAGS	 =$(DEBUG)
#LDFLAGS  =$(DEBUG)
#NSTCFLAGS=$(DEBUG) -D__bsdi__ -D_USE_SYSLOG

## Gnu C compiler
#CC	= gcc -ansi
#CFLAGS	= $(DEBUG)
#LDFLAGS = $(DEBUG)

## Gnu C compiler with lots of warnings (not useful except for debugging)
#CC	= gcc -ansi -pedantic
#CFLAGS	= $(DEBUG) -Wall
#LDFLAGS = $(DEBUG)
#NSTCFLAGS=$(DEBUG) -Wall -D_HPUX_SOURCE
#NSTCFLAGS=$(DEBUG) -D_XOPEN_SOURCE -D_OSF_SOURCE -D__ALPHA

## Linux GNU C compiler
## -D_LINUX_SOURCE is necessary for to compile getkey.c for cipher.
## If you already have cipher installed, you don't need the one here.
#CC	 = gcc -ansi
#CFLAGS	 = $(DEBUG) -Dlinux -D_LINUX_SOURCE
#LDFLAGS  = $(DEBUG)
#NSTCFLAGS= $(DEBUG)

# Gnu C++ compiler cannot handle old-style function argument declaratons 
# If you figure out how to make it accept them, please send mail to the author.

#
# If you have to read this comment, send mail to barrett@asgard.cs.Colorado.EDU.
# The file "Notes" includes some old notes I wrote which may help you.
#
# Non-standard object files require special non-posix features be available in 
# order to compile and link.  NSTCFLAGS are flags to the compiler to make 
# non-posix symbols and features available.  
#
# Here are the problem areas in porting to new machines:
#
#    log.c:   vsprintf must return an int.  If it doesn't, you have a
#             non-ANSI machine.  It also needs ANSI's stdarg.h.
#             The default source should work, since it tries to detect these.
#    tty.c:   If you don't have POSIX termios, you're hosed.  This code is
#             completely POSIX except:  The flag ONLCR is not part of POSIX.  
#             Some machines require an ioctl to acquire the controlling terminal
#             for the session leader.  See the function mkCtrlTty.
#   txfr.c:   depends heavily upon the BSD select(2) semantics, which are
#             only vaguely documented.  If the code runs incorrectly here, 
#             it's a bitch to diagnose and fix.
#  socket.c:  Networking isn't POSIX yet.  This isolates all networking calls.
#  posignal.h: The arguments to a signal handler are machine-specific.
#
# If any of the above files fail to compile, it's most likely because the
# header files on your system require a compilation option to make non-posix
# symbols visible.  For example, <sys/types.h> declares u_short which is
# required to compile socket.c.  To get around this problem, I've not defined
# _POSIX_SOURCE until *after* <sys/types.h> and <sys/time.h> are included,
# which "fixes" the problem on most machines.  For the ONLCR problem, 
# grep for "ONLCR" in /usr/include{/sys}/termio*.h.  Once you find that 
# symbol, look for an #ifdef to enable it and add that flag to NSTCFLAGS
# in this Makefile.
#
# Make *SURE* to enable the compile options to not use shared libraries or
# run-time procedure binding because it enables a serious trojan horse.
# Many vendors enable dynmaic binding by default; so be careful.
#

# Don't change anything below this line
LOGINDFLAGS=-DUSER_FILE=$(USER_FILE) -DLOG_FILE=$(LOG_FILE) -DLOGIN_PROG=$(LOGIN_PROG)
GWFLAGS=-DGW_LOG_FILE=$(GW_LOG_FILE)

DESSRC	= desblock.c deskey.c descfb.c sboxp.c
DESBINSRC = cipher.c getkey.c
DESBINOBJ = $(DESBINSRC:.c=.o)
DESOBJ	= $(DESSRC:.c=.o)
DESHDR	= cipher.h des.h desdefs.h
DESMAN	= cipher.1

DIST	= deslogin
CLIHDR	= posignal.h tty.h auth.h txfr.h socket.h log.h deslogin.h utmp.h
SERHDR  = $(CLIHDR) pty.h  group.h
HDR	= $(SERHDR)
CSRC	= deslogin.c deslogind.c deslogingw.c log.c pty.c socket.c txfr.c \
          group.c tty.c posignal.c utmp.c auth.c gendeskd.c
MANSRC	= deslogin.1 deslogind.1
NSTOBJ	= socket.o txfr.o group.o
OBJS	= $(DESSRC:.c=.o) $(DESBINSRC:.c=.o) $(CSRC:.c=.o)
BINS	= deslogin deslogind deslogingw gendeskd cipher

SRC	= README Makefile deslogind.users Notes	\
	  $(HDR) $(CSRC) $(MANSRC)

COMOBJ  = tty.o posignal.o auth.o log.o $(DESOBJ)

all:		links $(BINS)

deslogin:	deslogin.o $(COMOBJ) socket.o txfr.o utmp.o
		$(CC) $(LDFLAGS) -o $@ $@.o $(COMOBJ) socket.o txfr.o utmp.o

deslogind:	deslogind.o $(COMOBJ) defkey.o pty.o utmp.o $(NSTOBJ)
		$(CC) $(LDFLAGS) -o $@ $@.o $(COMOBJ) defkey.o pty.o utmp.o \
		$(NSTOBJ) 
		cat deslogind.o >defkey.o
		rm defkey.o

deslogingw:	deslogingw.o $(COMOBJ) socket.o txfr.o 
		$(CC) $(LDFLAGS) -o $@ $@.o $(COMOBJ) socket.o txfr.o

deslogind.o:	deslogind.c $(SERHDR) $(DESHDR)
		$(CC) $(LOGINDFLAGS) $(CFLAGS) -c deslogind.c

deslogingw.o:	deslogingw.c $(SERHDR) $(DESHDR)
		$(CC) $(GWFLAGS) $(CFLAGS) -c deslogingw.c

deslogin.o:	deslogin.c $(CLIHDR) $(DESHDR)
		$(CC) $(CFLAGS) -c deslogin.c

cipher:		$(DESBINOBJ) $(DESOBJ)
		$(CC) $(LDFLAGS) -o $@ $(DESBINOBJ) $(DESOBJ)

gendeskd:	gendeskd.o getkey.o $(DESOBJ)
		$(CC) $(LDFLAGS) -o $@ $@.o getkey.o $(DESOBJ)

defkey.o:	defkey.c
		$(CC) $(CFLAGS) -c defkey.c
		cat deslogin.h >defkey.c
		rm defkey.c

defkey.c:	gendeskd
	@echo
	@echo You must select a default encryption key for the userFile.
	@echo This allows you to place \"deslogind -c\" in /etc/inetd.config.
	@echo Pick a secure passphase, longer than 8 characters, that you can 
	@echo remember.  You will need it echo every time you must edit the 
	@echo userFile \(to add users, or to change pass phrases\).  The most 
	@echo secure way to run deslogind is with no arguments and type the
	@echo userFile passphrase in response to its query.  You need never use
	@echo the -c option, and when you do, it never exposes the contents of 
	@echo the userFile.  If you use a different key to encrypt the userfile,
	@echo the -c option will not work, but otherwise the deslogind will
	@echo work fine.  The compiled-in key is not stored as a text 
	@echo string, nor is it a simple 8-byte DES key.
	@echo
	@echo "*** Do not run deslogind where its virtual-memory data segment"
	@echo "*** can be examined by sufficiently determined hostile users."
	@echo
	@echo "*** Do not use the -c option if the executable file can be"
	@echo "*** can be examined by sufficiently determined hostile users."
	@echo 
		@./gendeskd > $@

socket.o:	socket.c
		$(CC) $(NSTCFLAGS) -c socket.c

txfr.o:		txfr.c
		$(CC) $(NSTCFLAGS) -c txfr.c

group.o:	group.c
		$(CC) $(NSTCFLAGS) -c group.c

getkey.o:	getkey.c
		$(CC) $(NSTCFLAGS) -c getkey.c

log.o:		log.c
		$(CC) $(NSTCFLAGS) -c log.c

tty.o:		tty.c
		$(CC) $(NSTCFLAGS) -c tty.c

man:		$(MANSRC)
		nroff -man <$(MANSRC)

# No changes needed below here

install:	# $(BINS) $(MANSRC) 
	@echo
	@echo You must install by hand.  Running automatic installation
	@echo scripts \(especially as root\) is extremely dangerous.
	@echo
	@echo It's more secure if $(BINS) are 
	@echo stripped, linked statically, and not readable or writeable by 
	@echo users other than owner.  They should *NOT* be setuid but 
	@echo they can and should be executable by anyone.
	@echo 
	@echo The following two commands should work:
	@echo "   strip $(BINS)
	@echo "   chmod 111 $(BINS)"
	@echo
	@echo --- For system-wide installations ---
	@echo Deslogind should be owned by root.
	@echo Add to /etc/services:
	@echo "   deslogin 2005/tcp"
	@echo "   deslogingw 2006/tcp"
	@echo Add to /etc/inetd.conf: 
	@echo "   deslogin stream tcp nowait root $(BINDIR)/deslogind deslogind -c"
	@echo "   deslogingw stream tcp nowait root $(BINDIR)/deslogingw deslogingw -c"
	@echo Make sure $(USER_FILE) exists. 
	@echo "   If you use deslogind with -c, make sure the file is encrypted"
	@echo with cipher using the same passphrase you specifed when building 
	@echo deslogind.  See the deslogind man page for details.
	@echo
	@echo Install the executables with the following commands:
	@echo "   cp $(BINS) $$(BINDIR)"
	@echo "   cp $(MANSRC) $(MANDIR)"
	@echo

links:		$(DESDIR)
		if [ ! -f  "$(DESDIR)/des.h" ]; then \
		   echo get cipher source code and install in $(DESDIR); \
		   exit 1; \
		else \
		   for i in $(DESSRC) $(DESBINSRC) $(DESHDR); do \
		      if [ ! -r $$i ]; then ln -s $(DESDIR)/$$i .; fi \
		   done \
		fi
		touch links

cleanlinks:	$(DESDIR)
		for i in $(DESSRC) $(DESBINSRC) $(DESHDR); do \
		   if [ -r $$i ]; then rm -f $$i; fi \
		done
		rm links

$(DIST).tar:	$(SRC)
		tar -cvhf - $(SRC) >$(DIST).tar
		touch tar

tar:		$(DIST).tar
	
tar.Z:		$(DIST).tar
		compress <$(DIST).tar >$(DIST).tar.Z

tar.gz:		$(DIST).tar
		gzip <$(DIST).tar >$(DIST).tar.gz

shar:		$(SRC)
		shar $(SRC) >$(DIST).shar

btoa:		tar
		btoa <$(DIST).tar.Z >$(DIST).btoa

clean:
		rm -f $(OBJS) defkey.c

clobber: 	clean cleanlinks
		rm -f $(BINS)
