freebsd-dev

Author	SHA1	Message	Date
Jacques Vidrine	78ad1843d4	This commit was generated by cvs2svn to compensate for changes in r120161, which included commits to RCS files with non-trunk default branches.	2003-09-17 14:36:14 +00:00
Jacques Vidrine	b69cd7f2b0	Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com>	2003-09-17 14:36:14 +00:00
Jacques Vidrine	979af4e167	Update the OpenSSH addendum string for the buffer handling fix.	2003-09-16 14:33:04 +00:00
Jacques Vidrine	8947bcb756	Do not record expanded size before attempting to reallocate associated memory. Obtained from: OpenBSD	2003-09-16 06:11:58 +00:00
Jacques Vidrine	9267dca39a	This commit was generated by cvs2svn to compensate for changes in r120113, which included commits to RCS files with non-trunk default branches.	2003-09-16 06:11:58 +00:00
Mark Murray	4afa371832	Very big makeover in the way telnet, telnetd and libtelnet are built. Previously, there were two copies of telnet; a non-crypto version that lived in the usual places, and a crypto version that lived in crypto/telnet/. The latter was built in a broken manner somewhat akin to other "contribified" sources. This meant that there were 4 telnets competing with each other at build time - KerberosIV, Kerberos5, plain-old-secure and base. KerberosIV is no longer in the running, but the other three took it in turns to jump all over each other during a "make buildworld". As the crypto issue has been clarified, and crypto _calls_ are not a problem, crypto/telnet has been repo-copied to contrib/telnet, and with this commit, all telnets are now "contribified". The contrib path was chosen to not destroy history in the repository, and differs from other contrib/ entries in that it may be worked on as "normal" BSD code. There is no dangerous crypto in these sources, only a very weak system less strong than enigma(1). Kerberos5 telnet and Secure telnet are now selected by using the usual macros in /etc/make.conf, and the build process is unsurprising and less treacherous.	2003-07-16 20:59:15 +00:00
Dag-Erling Smørgrav	af8524a91e	Add a "return" that was missing from 3.6.1p1. Since it's been fixed in the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.	2003-06-24 19:30:44 +00:00
Dag-Erling Smørgrav	07e57fee7d	This commit was generated by cvs2svn to compensate for changes in r116791, which included commits to RCS files with non-trunk default branches.	2003-06-24 19:30:44 +00:00
Dag-Erling Smørgrav	da05574c54	Fix off-by-one and initialization errors which prevented sshd from restarting when sent a SIGHUP. Submitted by: tegge Approved by: re (jhb)	2003-05-28 19:39:33 +00:00
Dag-Erling Smørgrav	fbafac351f	Revert unnecessary part of previous commit.	2003-05-13 10:18:49 +00:00
Dag-Erling Smørgrav	57f64f4e2f	Rename a few functions to avoid stealing common words (error, log, debug etc.) from the application namespace for programs that use pam_ssh(8). Use #defines to avoid changing the actual source code. Approved by: re (rwatson)	2003-05-12 19:22:47 +00:00
Mark Murray	074e8e8ee9	Fix up external variables named "debug" that have a horrible habit of conflicting with other, similarly named functions in static libraries. This is done mostly by renaming the var if it is shared amongst modules, or making it static otherwise. OK'ed by: re(scottl)	2003-05-11 18:17:00 +00:00
David E. O'Brien	77b7cdf199	Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.	2003-05-04 02:54:49 +00:00
Dag-Erling Smørgrav	d12c7b01da	Remove RCSID from files which have no other diffs to the vendor branch.	2003-05-01 15:05:43 +00:00
Dag-Erling Smørgrav	2d61bc6706	Nit.	2003-04-23 17:23:06 +00:00
Dag-Erling Smørgrav	ae48cf5798	Improvements to the proposed shell code.	2003-04-23 17:21:55 +00:00
Dag-Erling Smørgrav	07a3a2906c	Regenerate.	2003-04-23 17:21:27 +00:00
Dag-Erling Smørgrav	e73e9afa91	Resolve conflicts.	2003-04-23 17:13:13 +00:00
Dag-Erling Smørgrav	d0c8c0bcc2	Vendor import of OpenSSH-portable 3.6.1p1.	2003-04-23 16:53:02 +00:00
Dag-Erling Smørgrav	486cd0043e	This commit was generated by cvs2svn to compensate for changes in r113908, which included commits to RCS files with non-trunk default branches.	2003-04-23 16:53:02 +00:00
Dag-Erling Smørgrav	7a94787140	- when using a child process instead of a thread, change the child's name to reflect its role - try to handle expired passwords a little better MFC after: 1 week	2003-03-31 13:48:18 +00:00
Dag-Erling Smørgrav	fc0824d97d	If an ssh1 client initiated challenge-response authentication but did not respond to challenge, and later successfully authenticated itself using another method, the kbdint context would never be released, leaving the PAM child process behind even after the connection ended. Fix this by automatically releasing the kbdint context if a packet of type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type SSH_CMSG_AUTH_TIS_RESPONSE. MFC after: 1 week	2003-03-31 13:45:36 +00:00
Chris D. Faulhaber	a6b47b5f08	Merge conflicts	2003-03-20 20:56:03 +00:00
Chris D. Faulhaber	5b877a2d56	Enable RSA blinding by default. http://www.openssl.org/news/secadv_20030317.txt	2003-03-20 20:44:11 +00:00
Chris D. Faulhaber	35f304853f	This commit was generated by cvs2svn to compensate for changes in r112439, which included commits to RCS files with non-trunk default branches.	2003-03-20 20:41:45 +00:00
Chris D. Faulhaber	8786792504	Import of PKCS #1 security fix. http://www.openssl.org/news/secadv_20030319.txt	2003-03-20 20:41:45 +00:00
Mark Murray	4d20ef3ca0	KerberosIV deorbit sequence: Re-entry. Thank you, faithful friend. Enjoy your retirement in ports.	2003-03-08 12:55:48 +00:00
Jacques Vidrine	81d1ffee08	Unbreak Kerberos 5 authentication in telnet. (Credential forwarding is still broken.) PR: bin/45397	2003-03-06 13:41:53 +00:00
Jacques Vidrine	def0b8c9c5	Resolve conflicts after import of OpenSSL 0.9.7a.	2003-02-19 23:24:16 +00:00
Jacques Vidrine	fceca8a377	Vendor import of OpenSSL 0.9.7a.	2003-02-19 23:17:42 +00:00
Jacques Vidrine	015ec3c905	This commit was generated by cvs2svn to compensate for changes in r111147, which included commits to RCS files with non-trunk default branches.	2003-02-19 23:17:42 +00:00
Dag-Erling Smørgrav	b7f9a9adc7	Paranoia: instead of a NULL conversation function, use one that always returns PAM_CONV_ERR; moreover, make sure we always have the right conversation function installed before calling PAM service functions. Also unwrap some not-so-long lines. MFC after: 3 days	2003-02-16 11:03:55 +00:00
Jacques Vidrine	d1e792e94a	When `des_read_pw_string' is a macro, as in OpenSSL 0.9.7, an attempt to declare a prototype for it will croak.	2003-02-14 14:37:26 +00:00
Dag-Erling Smørgrav	9794bba8a8	document the current default value for VersionAddendum.	2003-02-11 12:11:15 +00:00
Dag-Erling Smørgrav	1e731869b2	Set the ruid to the euid at startup as a workaround for a bug in pam_ssh. MFC after: 3 days	2003-02-07 15:48:27 +00:00
Tom Rhodes	fb256a4a54	The manual page lists only 2 files, however it reads as `three files' which is obviously incorrect. PR: 46841 Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>	2003-02-05 02:14:03 +00:00
Dag-Erling Smørgrav	2adf4e49c2	Linux-PAM's pam_start(3) fails with a bogus error message if passed the pam_conv argument is NULL. OpenPAM doesn't care, but to make things easier for people porting this code to other systems (or -STABLE), use a dummy struct pam_conv instead of NULL. Pointed out by: Damien Miller <djm@mindrot.org>	2003-02-03 14:10:28 +00:00
Dag-Erling Smørgrav	b946f5e1ff	Bump patch date to 2003-02-01 (the day after I fixed PAM authentication for ssh1)	2003-02-03 11:11:36 +00:00
Dag-Erling Smørgrav	07fd326c9c	Fix keyboard-interactive authentication for ssh1. The problem was twofold: - The PAM kbdint device sometimes doesn't know authentication succeeded until you re-query it. The ssh1 kbdint code would never re-query the device, so authentication would always fail. This patch has been submitted to the OpenSSH developers. - The monitor code for PAM sometimes forgot to tell the monitor that authentication had succeeded. This caused the monitor to veto the privsep child's decision to allow the connection. These patches have been tested with OpenSSH clients on -STABLE, NetBSD and Linux, and with ssh.com's ssh1 on Solaris. Sponsored by: DARPA, NAI Labs	2003-01-31 11:08:07 +00:00
Jacques Vidrine	4b2eaea43f	Background: When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c). Now, finally get around to removing the dependencies on these interfaces. There were basically two cases: des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced. des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed. Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.	2003-01-29 18:14:29 +00:00
Jacques Vidrine	6e955c8f09	= Fix a bug in UI_UTIL_read_pw's error handling that caused des_read_pw_string to break (and thus rather mysteriously breaking utilities such as kinit). = Enable the BSD /dev/crypto interface. (These changes are being imported on the vendor branch, as they have already been accepted and committed to the OpenSSL CVS repository.)	2003-01-29 02:25:30 +00:00
Jacques Vidrine	912e44b663	This commit was generated by cvs2svn to compensate for changes in r110018, which included commits to RCS files with non-trunk default branches.	2003-01-29 02:25:30 +00:00
Mark Murray	bff3688511	Merge conflicts. This is cunning doublespeak for "use vendor code".	2003-01-28 22:34:21 +00:00
Mark Murray	f1b2c95128	Remove files no longer on OpenSSL 0.9.7. crypto/des/rnd_keys.c is retained as it is still used.	2003-01-28 22:12:30 +00:00
Mark Murray	5c87c606cd	Vendor import of OpenSSL release 0.9.7. This release includes support for AES and OpenBSD's hardware crypto.	2003-01-28 21:43:22 +00:00
Mark Murray	5bd38a39ed	This commit was generated by cvs2svn to compensate for changes in r109998, which included commits to RCS files with non-trunk default branches.	2003-01-28 21:43:22 +00:00
Jacques Vidrine	5bce7286b4	Make the Kerberos 4 bits build against OpenSSL 0.9.7. This required two basic changes (both of which should be no-ops until OpenSSL 0.9.7 is imported): = Define OPENSSL_DES_LIBDES_COMPATIBILITY wherever we include openssl/des.h. = Spell `struct des_ks_struct []' using the existing `des_key_schedule' typedef. When OpenSSL 0.9.7 is imported, `des_key_schedule' (among other things) will be a macro invocation instead of a typedef, and things should `just work'. Yes, this commit does take several files off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.	2003-01-28 20:18:26 +00:00
Dag-Erling Smørgrav	84860c33f0	Force early initialization of the resolver library, since the resolver configuration files will no longer be available once sshd is chrooted. PR: 39953, 40894 Submitted by: dinoex MFC after: 3 days	2003-01-22 14:12:59 +00:00
Jacques Vidrine	4f62b1068d	Add a missing include, needed to get a prototype for `des_read_pw_string'. This is particularly important for OpenSSL 0.9.7, as `des_read_pw_string' is a macro there. (This fix brought in on the vendor branch, because I already committed it to Heimdal's CVS.)	2003-01-21 14:19:06 +00:00
Jacques Vidrine	87fd161364	This commit was generated by cvs2svn to compensate for changes in r109641, which included commits to RCS files with non-trunk default branches.	2003-01-21 14:19:06 +00:00
Bill Fumerola	a3bb66de04	add more RFC defined telnet options Reviewed by: ps	2003-01-18 06:10:21 +00:00
Dag-Erling Smørgrav	d46e273b14	The previous commit contained a stupid mistake: ctxt->pam_[cp]sock was initialized after the call to pthread_create() instead of before. It just happened to work with threads enabled because ctxt is shared, but of course it doesn't work when we use a child process instead of threads.	2002-12-21 15:09:58 +00:00
Dag-Erling Smørgrav	d953f52834	If possible, use pthreads instead of a child process for PAM. Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that they share the PAM context used by the keyboard-interactive thread. If a child process is used instead, they will (necessarily) use a separate context. Constify do_pam_account() and do_pam_session(). Sponsored by: DARPA, NAI Labs	2002-12-14 13:52:39 +00:00
Dag-Erling Smørgrav	9be00009ed	Add a missing #include "canohost.h".	2002-12-14 13:48:47 +00:00
Dag-Erling Smørgrav	bdb8839451	Remove code related to the PAMAuthenticationViaKbdInt option (which we've disabled). This removes the only reference to auth2_pam().	2002-12-14 13:48:13 +00:00
Dag-Erling Smørgrav	3600b2f406	Back out a lastlog-related change which is no longer relevant.	2002-12-14 13:40:21 +00:00
Dag-Erling Smørgrav	b6fd52a01d	Fix a rounding error in the block size calculation. Submitted by: tjr	2002-12-14 13:38:49 +00:00
Dag-Erling Smørgrav	5d93b6af54	Since OpenSSH drops privileges before calling pam_open_session(3), pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog. Approved by: re (rwatson)	2002-12-03 15:48:11 +00:00
Eric Melville	0d16d02150	Merge argument parsing changes into this copy of telnet. Submitted by: markm Approved by: bmah	2002-11-27 06:34:24 +00:00
Jacques Vidrine	5bda878e3e	Import of Heimdal 0.5.1. Approved by: re	2002-11-24 20:59:25 +00:00
Jacques Vidrine	1036289598	This commit was generated by cvs2svn to compensate for changes in r107207, which included commits to RCS files with non-trunk default branches.	2002-11-24 20:59:25 +00:00
Dag-Erling Smørgrav	810a15b120	Add caveats regarding the effect of PAM on PasswordAuthentication and PermitRootLogin. PR: docs/43776 MFC after: 1 week	2002-11-06 08:04:56 +00:00
Dag-Erling Smørgrav	dc04779010	Document the current default for VersionAddendum.	2002-11-05 17:25:15 +00:00
Dag-Erling Smørgrav	ee8aeb145a	Accurately reflect our local changes and additions.	2002-11-05 17:24:01 +00:00
Dag-Erling Smørgrav	0061710269	Document the current default value for VersionAddendum.	2002-11-05 17:17:09 +00:00
Dag-Erling Smørgrav	7e4224fafd	Switch to two-clause license, with NAI's permission.	2002-11-02 19:55:23 +00:00
Dag-Erling Smørgrav	f388f5ef26	Resolve conflicts.	2002-10-29 10:16:02 +00:00
Dag-Erling Smørgrav	dd5f4be98b	Protect against tag expansion + fix some brainos.	2002-10-29 10:12:51 +00:00
Dag-Erling Smørgrav	ef8cdc4065	Some tricks I use when I upgrade.	2002-10-29 09:56:16 +00:00
Dag-Erling Smørgrav	d73be2d96a	Correct shell code to expand globs in FREEBSD-Xlist	2002-10-29 09:55:28 +00:00
Dag-Erling Smørgrav	8488d4a48c	More cruft.	2002-10-29 09:54:53 +00:00
Dag-Erling Smørgrav	4b17dab0ba	Vendor import of OpenSSH-portable 3.5p1.	2002-10-29 09:43:00 +00:00
Dag-Erling Smørgrav	a8694a9a06	This commit was generated by cvs2svn to compensate for changes in r106121, which included commits to RCS files with non-trunk default branches.	2002-10-29 09:43:00 +00:00
Assar Westerlund	20fae80cf2	This commit was generated by cvs2svn to compensate for changes in r105765, which included commits to RCS files with non-trunk default branches.	2002-10-23 06:10:08 +00:00
Assar Westerlund	d5cb658451	import 1.29 to fix buffer overflow: check the length of the authenticator and rlen Obtained from: Heimdal CVS	2002-10-23 06:10:08 +00:00
Assar Westerlund	5ead950622	import 1.27 to fix buffer overflow: check size of rlen Obtained from: Heimdal CVS	2002-10-22 02:13:32 +00:00
Assar Westerlund	0c3bd4ca35	This commit was generated by cvs2svn to compensate for changes in r105672, which included commits to RCS files with non-trunk default branches.	2002-10-22 02:13:32 +00:00
Dima Dorfman	ba0f77df7a	Permit the argument to the -s option to be a hostname. I see no reason to restrict this to a numeric address. PR: 41841 Submitted by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>, Maxim Maximov <mcsi@agava.com>	2002-10-02 00:27:14 +00:00
Jacques Vidrine	1b3f4135a5	Fix an annoying bug that causes a spurious error message when changing passwords, even when the operation actually succeeded. % k5passwd luser@REA.LM's Password: ************ New password: ********** Verifying password - New password: ************ k5passwd: krb5_change_password: unable to reach any changepw server in realm REA.LM [In reality, the password was changed.] Obtained from: Heimdal CVS	2002-09-30 11:48:23 +00:00
Jacques Vidrine	a5573db3bf	This commit was generated by cvs2svn to compensate for changes in r104204, which included commits to RCS files with non-trunk default branches.	2002-09-30 11:48:23 +00:00
Mark Murray	4141227a94	Catch up with "base" telnet. s/FALL THROUGH/FALLTHROUGH/ for lint(1).	2002-09-25 07:28:04 +00:00
Mark Murray	86953b026a	Catch up with "base" telnet. s/FALL THROUGH/FALLTHROUGH/ for lint(1). s/Usage/usage/ for consistency.	2002-09-25 07:26:25 +00:00
Mark Murray	53889d70ff	From the requestor: "Could you do me a favor and fix sys_bsd.c to get the howmany() macro from <sys/param.h>, instead of <sys/types.h>? This will save me from having to worry about the unsync'd bits before making the change." Requested by: mike	2002-09-25 07:24:01 +00:00
Jacques Vidrine	0bd4a81b2e	These RFCs and internet-drafts are not really needed in the base system, and I've not been importing them lately. cvs rm them now so they can be cleaned out of the attic later. Requested by: obrien	2002-09-18 14:17:14 +00:00
Jacques Vidrine	43a2371256	Resolve conflicts.	2002-09-16 21:07:11 +00:00
Jacques Vidrine	0cadf2f4d7	Import of Heimdal Kerberos from KTH repository circa 2002/09/16.	2002-09-16 21:04:40 +00:00
Jacques Vidrine	18600429b3	This commit was generated by cvs2svn to compensate for changes in r103423, which included commits to RCS files with non-trunk default branches.	2002-09-16 21:04:40 +00:00
Hajimu UMEMOTO	7ac3260308	sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix. Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days	2002-09-09 16:49:11 +00:00
Jun Kuriyama	b811072634	Fix typo (s@src/crypto/openssh-portable@src/crypto/openssh@).	2002-09-09 02:00:28 +00:00
Jacques Vidrine	88268f8f47	Pass the pointy hat! Remove accidently imported files.	2002-08-30 21:53:25 +00:00
Jacques Vidrine	c825f43432	Remove some parts of the Heimdal distribution which we do not use and have never used.	2002-08-30 21:37:10 +00:00
Jacques Vidrine	bafe3deb75	Remove files no longer relevant after latest import.	2002-08-30 21:28:12 +00:00
Jacques Vidrine	7b173f654d	Resolve conflicts after import of Heimdal Kerberos circa 2002/08/29.	2002-08-30 21:25:14 +00:00
Jacques Vidrine	8373020d34	Import of Heimdal Kerberos from KTH repository circa 2002/08/29.	2002-08-30 21:23:27 +00:00
Jacques Vidrine	714b4175a0	This commit was generated by cvs2svn to compensate for changes in r102644, which included commits to RCS files with non-trunk default branches.	2002-08-30 21:23:27 +00:00
Nick Sayer	c4f6a2a9e1	Encrypted strings (after hex decoding) aren't null terminated, because 0 might simply be part of the ciphertext. PR: bin/40266 Submitted by: andr@dgap.mipt.ru MFC after: 3 days	2002-08-22 06:19:07 +00:00
Jacques Vidrine	fd35706acb	Resolve conflicts.	2002-08-10 01:50:50 +00:00
Jacques Vidrine	499810c08e	Import of OpenSSL 0.9.6g.	2002-08-10 01:48:01 +00:00
Jacques Vidrine	47e862627e	This commit was generated by cvs2svn to compensate for changes in r101618, which included commits to RCS files with non-trunk default branches.	2002-08-10 01:48:01 +00:00
Jacques Vidrine	484549566e	Import of OpenSSL 0.9.6f.	2002-08-10 01:46:10 +00:00
Jacques Vidrine	d96a831475	This commit was generated by cvs2svn to compensate for changes in r101615, which included commits to RCS files with non-trunk default branches.	2002-08-10 01:46:10 +00:00
Jacques Vidrine	9e6c5d1742	Import of OpenSSL 0.9.6f.	2002-08-10 01:40:00 +00:00
Jacques Vidrine	506570008c	This commit was generated by cvs2svn to compensate for changes in r101613, which included commits to RCS files with non-trunk default branches.	2002-08-10 01:40:00 +00:00
Jacques Vidrine	b1357e1cec	Correct a bug in the ASN.1 decoder which was introduced with the recent OpenSSL update. Obtained from: OpenSSL CVS	2002-08-05 16:25:17 +00:00
Jacques Vidrine	cad8e82685	This commit was generated by cvs2svn to compensate for changes in r101386, which included commits to RCS files with non-trunk default branches.	2002-08-05 16:25:17 +00:00
Andrey A. Chernov	bccd761645	Do login cap calls _before_ descriptors are hardly closed because close may invalidate login cap descriptor. Reviewed by: des	2002-08-05 16:06:35 +00:00
Jacques Vidrine	d57327ee50	Resolve conflicts after import of OpenSSL 0.9.6e.	2002-07-30 13:58:53 +00:00
Jacques Vidrine	4f20a5a274	Import of OpenSSL 0.9.6e.	2002-07-30 13:38:06 +00:00
Jacques Vidrine	0f881ddd5e	This commit was generated by cvs2svn to compensate for changes in r100936, which included commits to RCS files with non-trunk default branches.	2002-07-30 13:38:06 +00:00
Jacques Vidrine	b55e3089db	This man page has not been referenced by anything for a while, and is not part of the OpenSSL distribution. Remove it.	2002-07-30 12:54:03 +00:00
Jacques Vidrine	018cd73f8c	Remove many obsolete files. The majority of these are simply no longer included as part of the OpenSSL distribution. However, a few we just don't need and are explicitly excluded in FREEBSD-Xlist.	2002-07-30 12:51:09 +00:00
Jacques Vidrine	b325c11869	Resolve conflicts after import of OpenSSL 0.9.6d.	2002-07-30 12:46:49 +00:00
Jacques Vidrine	c1803d7836	Import of OpenSSL 0.9.6d.	2002-07-30 12:44:15 +00:00
Jacques Vidrine	0135f0027c	This commit was generated by cvs2svn to compensate for changes in r100928, which included commits to RCS files with non-trunk default branches.	2002-07-30 12:44:15 +00:00
Jacques Vidrine	c8ae058fd0	Update list of files to remove prior to import of OpenSSL 0.9.6d	2002-07-30 12:38:41 +00:00
Tony Finch	f38aa77fc8	Use login_getpwclass() instead of login_getclass() so that the root vs. default login class distinction is made correctly. PR: 37416 Approved by: des MFC after: 4 days	2002-07-29 00:36:24 +00:00
Tony Finch	a02377d3e2	FreeBSD doesn't use the host RSA key by default. Reviewed by: des	2002-07-26 15:16:56 +00:00
Andrey A. Chernov	59ac432a4d	Problems addressed: 1) options.print_lastlog was not honored. 2) "Last login: ..." was printed twice. 3) "copyright" was not printed 4) No newline was before motd. Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)	2002-07-26 02:20:00 +00:00
Tony Finch	a9a70dec76	Document the FreeBSD default for CheckHostIP, which was changed in rev 1.2 of readconf.c. Approved by: des	2002-07-25 15:59:40 +00:00
Dag-Erling Smørgrav	c6b7459669	Whitespace nit.	2002-07-23 17:57:17 +00:00
Dag-Erling Smørgrav	f335483476	In pam_init_ctx(), register a cleanup function that will kill the child process if a fatal error occurs. Deregister it in pam_free_ctx().	2002-07-17 17:44:02 +00:00
Dag-Erling Smørgrav	a9f7d76b96	Use realhostname_sa(3) so the IP address will be used instead of the hostname if the latter is too long for utmp. Submitted by: ru MFC after: 3 days	2002-07-11 10:36:10 +00:00
Dag-Erling Smørgrav	77741b874a	Do not try to use PAM for password authentication, as it is already (and far better) supported by the challenge/response authentication mechanism.	2002-07-10 23:05:13 +00:00
Dag-Erling Smørgrav	645ca8e839	Don't forget to clear the buffer before reusing it.	2002-07-10 23:04:07 +00:00
Dag-Erling Smørgrav	d2030524ec	Rewrite to use the buffer API instead of roll-your-own messaging. Suggested by: Markus Friedl <markus@openbsd.org> Sponsored by: DARPA, NAI Labs	2002-07-05 15:27:26 +00:00
Dag-Erling Smørgrav	21f19a0cbf	(forgot to commit) We don't need --with-opie since PAM takes care of it.	2002-07-05 15:25:55 +00:00
Dag-Erling Smørgrav	b770f258b3	- Don't enable OpenSSH's OPIE support, since we let PAM handle OPIE. - We don't have setutent(3) etc., and I have no idea why configure ever thought we did.	2002-07-03 00:12:09 +00:00
Dag-Erling Smørgrav	53282320d1	Two FreeBSD-specific nits in comments: - ChallengeResponseAuthentication controls PAM, not S/Key - We don't honor PAMAuthenticationViaKbdInt, because the code path it controls doesn't make sense for us, so don't mention it. Sponsored by: DARPA, NAI Labs	2002-07-03 00:08:19 +00:00
Dag-Erling Smørgrav	9f95720321	Version bump for mm_answer_pam_respond() fix.	2002-07-02 13:07:37 +00:00
Dag-Erling Smørgrav	669e440e50	Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if PAM authentication failed due to an incorrect response.	2002-07-02 13:07:17 +00:00
Dag-Erling Smørgrav	9a97937550	Forgot to update the addendum in the config files.	2002-06-30 10:32:09 +00:00
Dag-Erling Smørgrav	e12c24615a	Regenerate.	2002-06-29 11:58:32 +00:00
Dag-Erling Smørgrav	076b29c735	<sys/mman.h> requires <sys/types.h>.	2002-06-29 11:57:51 +00:00
Dag-Erling Smørgrav	a82e551f0f	Resolve conflicts. Sponsored by: DARPA, NAI Labs	2002-06-29 11:48:59 +00:00
Dag-Erling Smørgrav	ee21a45f81	Vendor import of OpenSSH 3.4p1.	2002-06-29 11:34:13 +00:00
Dag-Erling Smørgrav	d2a34caedb	This commit was generated by cvs2svn to compensate for changes in r99060, which included commits to RCS files with non-trunk default branches.	2002-06-29 11:34:13 +00:00
Dag-Erling Smørgrav	effdee7ce0	Commit config.h so we don't need autoconf to build world.	2002-06-29 11:31:02 +00:00
Dag-Erling Smørgrav	0ff2975460	OpenBSD lifted this code our tree. Preserve the original CVS id.	2002-06-29 11:25:20 +00:00
Dag-Erling Smørgrav	9e1547ea49	Use our __RCSID().	2002-06-29 11:22:20 +00:00
Dag-Erling Smørgrav	c62005fc13	Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs	2002-06-29 11:21:58 +00:00
Dag-Erling Smørgrav	bf2e2524a2	Canonicize the host name before looking it up in the host file. Sponsored by: DARPA, NAI Labs	2002-06-29 10:57:53 +00:00
Dag-Erling Smørgrav	5b400a39b8	Apply class-imposed login restrictions. Sponsored by: DARPA, NAI Labs	2002-06-29 10:57:13 +00:00
Dag-Erling Smørgrav	382d19ee61	PAM support, the FreeBSD way. Sponsored by: DARPA, NAI Labs	2002-06-29 10:56:23 +00:00
Dag-Erling Smørgrav	1f334c7bc7	Document FreeBSD defaults. Sponsored by: DARPA, NAI Labs	2002-06-29 10:55:18 +00:00
Dag-Erling Smørgrav	35d4ccfb55	Document FreeBSD defaults and paths. Sponsored by: DARPA, NAI Labs	2002-06-29 10:53:57 +00:00
Dag-Erling Smørgrav	3d48a988f6	Remove duplicate.	2002-06-29 10:52:42 +00:00
Dag-Erling Smørgrav	975616f046	Apply FreeBSD's configuration defaults. Sponsored by: DARPA, NAI Labs	2002-06-29 10:51:56 +00:00
Dag-Erling Smørgrav	db58a8e40c	Add the VersionAddendum configuration variable. Sponsored by: DARPA, NAI Labs	2002-06-29 10:49:57 +00:00
Dag-Erling Smørgrav	edb557f8bb	Support OPIE as an alternative to S/Key. Sponsored by: DARPA, NAI Labs	2002-06-29 10:44:37 +00:00
Dag-Erling Smørgrav	ba11afcc21	Document the upgrade process.	2002-06-29 10:39:14 +00:00
Dag-Erling Smørgrav	2e3e4630c5	Files we don't want to import.	2002-06-29 10:39:02 +00:00
Dag-Erling Smørgrav	989dd127e4	Forcibly revert to mainline.	2002-06-27 22:42:11 +00:00
Dag-Erling Smørgrav	83d2307d00	Vendor import of OpenSSH 3.3p1.	2002-06-27 22:31:32 +00:00
Dag-Erling Smørgrav	db5fd092db	This commit was generated by cvs2svn to compensate for changes in r98937, which included commits to RCS files with non-trunk default branches.	2002-06-27 22:31:32 +00:00
Mark Murray	78455da4ab	Warnings fixes. Sort out some variable types.	2002-06-26 17:06:14 +00:00
Mark Murray	09e8dea793	Help fix warnings by marking an argument as unused.	2002-06-26 17:05:08 +00:00
Dirk Meyer	742e9f76c3	remove declaration of authlog use variable from_host Reviewed by: des	2002-06-24 11:11:30 +00:00
Dag-Erling Smørgrav	ccc9bac89c	IPv4or6 is already defined in libssh.	2002-06-24 10:15:26 +00:00
Dag-Erling Smørgrav	614c49a910	Resolve conflicts and document local changes.	2002-06-23 21:42:47 +00:00
Dag-Erling Smørgrav	6f562d4003	Correctly export the environment variables set by setusercontext(). Sponsored by: DARPA, NAI Labs	2002-06-23 20:22:49 +00:00
Dag-Erling Smørgrav	80628bacb0	Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs	2002-06-23 16:09:08 +00:00
Dag-Erling Smørgrav	545d5eca42	Vendor import of OpenSSH 3.3.	2002-06-23 14:01:54 +00:00
Dag-Erling Smørgrav	f6342a9bad	This commit was generated by cvs2svn to compensate for changes in r98675, which included commits to RCS files with non-trunk default branches.	2002-06-23 14:01:54 +00:00
Juli Mallett	2061e87111	Don't risk catching a signal while handling a signal for a dying child, as we can then end up not properly clearing wtmp/utmp entries. PR: bin/37934 Submitted by: Sandeep Kumar <skumar@juniper.net> Reviewed by: markm MFC after: 2 weeks	2002-05-27 08:10:24 +00:00
Chris D. Faulhaber	c2fc1c7365	Remove _PATH_CP now that it is defined in paths.h Reviewed by: des	2002-05-12 01:52:11 +00:00
Alfred Perlstein	cc7b0935ec	unbreak build: commands.c, sys_bsd.c: comment out/remove junk after #endif/#else network.c, terminal.c, utlities.c: include stdlib.h for exit(3)	2002-05-11 03:19:44 +00:00
Dag-Erling Smørgrav	30e78c9ea1	Resurrect as an empty file to unbreak the build. We have everything we need in paths.h.	2002-05-08 17:19:02 +00:00
Mark Murray	ee2ea5ceaf	Fix an external declaration that was causing telnetd to core dump. MFC after: 1 week PR: 37766	2002-05-06 09:46:29 +00:00
David E. O'Brien	259bbc7376	Usual after-import fixup of SCM IDs.	2002-05-01 22:39:53 +00:00
Dag-Erling Smørgrav	8024187191	Back out previous commit.	2002-04-25 16:53:25 +00:00
Jordan K. Hubbard	44493e088a	Change default challenge/response behavior of sshd by popular demand. This brings us into sync with the behavior of sshd on other Unix platforms. Submitted by: Joshua Goodall <joshua@roughtrade.net>	2002-04-25 05:59:53 +00:00
Andrey A. Chernov	098de0c172	1) Proberly conditionalize PAM "last login" printout. 2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block, narrow it down. 3) Don't check the same conditions twice (for "copyright" and "welcome"), put them under single block. 4) Print \n between "copyright" and "welcome" as our login does. Reviewed by: des (1)	2002-04-23 12:36:11 +00:00
Dag-Erling Smørgrav	6e8ced7fd0	Don't report last login time in PAM case. (perforce change 10057) Sponsored by: DARPA, NAI Labs	2002-04-22 06:26:29 +00:00
Dag-Erling Smørgrav	a5763cd1f0	Fix warnings + wait for child so it doesn't go zombie (perforce change 10122)	2002-04-22 06:25:13 +00:00
Andrey A. Chernov	940bc501bd	Move LOGIN_CAP calls before all file descriptors are closed hard, since some descriptors may be used by LOGIN_CAP internally, add login_close(). Use "nocheckmail" LOGIN_CAP capability too like our login does.	2002-04-21 13:31:56 +00:00
Andrey A. Chernov	a37da82a78	Fix TZ & TERM handling for use_login case of rev. 1.24	2002-04-20 09:56:10 +00:00
Andrey A. Chernov	b36e10eee6	1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext()	2002-04-20 09:26:43 +00:00
Andrey A. Chernov	32eb065e64	1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old code merge. 2) In addition honor "timezone" and "term" capabilities from login.conf, not overwrite them once they set (they are TZ and TERM variables).	2002-04-20 05:44:36 +00:00
Andrey A. Chernov	03df31a6fc	Please repeat after me: setusercontext() modifies _current_ environment, but sshd uses separate child_env. So, to make setusercontext() really does something, environment must be switched before call and passed to child_env back after it. The error here was that modified environment not passed back to child_env, so all variables that setusercontext() adds are lost, including ones from ~/.login_conf	2002-04-20 04:38:07 +00:00
Dag-Erling Smørgrav	ca99146106	Fix some warnings. Don't record logins twice in USE_PAM case. Strip "/dev/" off the tty name before passing it to auth_ttyok or PAM. Inspired by: dinoex Sponsored by: DARPA, NAI Labs	2002-04-14 16:24:36 +00:00
Dag-Erling Smørgrav	cd3dfe6d6e	Back out previous backout. It seems I was right to begin with, and DSA is preferrable to RSA (not least because the SECSH draft standard requires DSA while RSA is only recommended).	2002-04-12 15:52:10 +00:00
Dag-Erling Smørgrav	8f8855cff0	Knowledgeable persons assure me that RSA is preferable to DSA and that we should transition away from DSA.	2002-04-11 22:04:40 +00:00
Dag-Erling Smørgrav	6cef489c5c	Prefer DSA to RSA if both are available.	2002-04-11 16:08:48 +00:00
Dag-Erling Smørgrav	9c0adca3e7	Do not attempt to load an ssh2 RSA host key by default.	2002-04-11 16:08:02 +00:00
Ruslan Ermilov	f2f306b622	Align for const poisoning in -lutil.	2002-04-08 11:07:51 +00:00
Dag-Erling Smørgrav	5e022fc6f0	Nuke stale copy of the pam_ssh(8) source code.	2002-04-06 04:46:01 +00:00
Dag-Erling Smørgrav	5297e48d04	Revert to vendor version, what little was left of our local patches here was incorrect. Pointed out by: Markus Friedl <markus@openbsd.org>	2002-04-02 23:07:31 +00:00
Dag-Erling Smørgrav	43e73ba0c2	Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens the version string to 28 characters, which is below the 40-character limit specified in the proposed SECSH standard. Some servers, however (like the one built into the Foundry BigIron line of switches) will hang when confronted with a version string longer than 24 characters, so some users may need to shorten it further. Sponsored by: DARPA, NAI Labs	2002-04-02 21:53:54 +00:00
Dag-Erling Smørgrav	9e2cbe04ff	Make the various ssh clients understand the VersionAddendum option. Submitted by: pb	2002-04-02 21:48:51 +00:00
Ruslan Ermilov	2735cfee64	Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.) Reviewed by: bde	2002-03-26 12:52:28 +00:00
Jacques Vidrine	7fd1ca3b0c	REALLY correct typo this time. Noticed by: roam	2002-03-26 12:27:43 +00:00
Jacques Vidrine	26241f6368	Fix typo (missing paren) affecting KRB4 && KRB5 case. Approved by: des	2002-03-25 14:55:41 +00:00
Dag-Erling Smørgrav	f0cf488b75	We keep moduli(5) in /etc/ssh, not /etc.	2002-03-23 19:26:21 +00:00
Dag-Erling Smørgrav	6b11d510fd	Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job. Sponsored by: DARPA, NAI Labs	2002-03-21 12:55:21 +00:00
Dag-Erling Smørgrav	fe49ecbc93	Use the "sshd" service instead of "csshd". The latter was only needed because of bugs (incorrect design decisions, actually) in Linux-PAM. Sponsored by: DARPA, NAI Labs	2002-03-21 12:23:09 +00:00
cvs2svn	556a3fb01e	This commit was manufactured by cvs2svn to create branch 'VENDOR-crypto-openssh'.	2002-03-21 12:18:28 +00:00
Dag-Erling Smørgrav	da4dc1eeb5	Use PAM instead of S/Key (or OPIE) for SSH2. Sponsored by: DARPA, NAI Labs	2002-03-21 12:18:27 +00:00
Dag-Erling Smørgrav	97ec1da11a	Note that portions of this software were Sponsored by: DARPA, NAI Labs	2002-03-20 22:10:10 +00:00
Dag-Erling Smørgrav	3a17de1501	- Change the prompt from "S/Key Password: " to "OPIE Password: " - If the user doesn't have an OPIE key, don't challenge him. This is a workaround until I get PAM to work properly with ssh2. Sponsored by: DARPA, NAI Labs	2002-03-20 22:02:02 +00:00
Dag-Erling Smørgrav	1d9e2b0ad5	Unbreak for KRB4 ^ KRB5 case. Sponsored by: DARPA, NAI Labs	2002-03-19 16:44:11 +00:00

... 2 3 4 5 6 ...

736 Commits