d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
59,604 Commits 72 Branches 135 Tags 3.2 GiB
01e281bd12
Commit Graph

301 Commits

Author SHA1 Message Date
Peter Wemm
cd189e1195 Hack to work around braindeath in libtelnet:sra.c. The sra.o file 
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
 2001-05-15 09:52:03 +00:00
Nick Sayer
c7be24c970 If the uid of the attempted authentication is 0 and if the pty is 
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
 2001-05-15 04:47:14 +00:00
Brian Feldman
62c931e0a4 If a host would exceed 16 characters in the utmp entry, record only 
it's IP address/base host instead.

Submitted by:	brian
 2001-05-15 01:50:40 +00:00
Ruslan Ermilov
bb60401e7a mdoc(7) police: finished fixing conflicts in revision 1.18. 2001-05-14 18:13:34 +00:00
Mark Murray
fa83754c4e Fix make world in the kerberosIV case. 2001-05-11 09:36:17 +00:00
Assar Westerlund
66b166c994 merge imported changes into HEAD 2001-05-11 00:14:02 +00:00
Alfred Perlstein
2c917d39b2 Fix some of the handling in the pam module, don't unregister things 
that were never registered.  At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
 2001-05-09 03:40:37 +00:00
Brian Feldman
00e38eaf7f Since PAM is broken, let pam_setcred() failure be non-fatal. 2001-05-08 22:30:18 +00:00
Assar Westerlund
d1edd0128c This commit was generated by cvs2svn to compensate for changes in r76371, 
which included commits to RCS files with non-trunk default branches.
 2001-05-08 14:57:13 +00:00
Assar Westerlund
45524cd79e mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
Assar Westerlund
a3204abff5 mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
Nick Sayer
053c5b3a9e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
Brian Feldman
3817a12c9b sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc. 2001-05-05 13:48:13 +00:00
Brian Feldman
4c5de86978 Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates. 
(Missing Delta Brigade, tally-ho!)
 2001-05-05 01:12:45 +00:00
Brian Feldman
87767895f0 Get ssh(1) compiling with MAKE_KERBEROS5. 2001-05-04 04:37:49 +00:00
Brian Feldman
345012bf8b Remove obsoleted files. 2001-05-04 04:15:22 +00:00
Brian Feldman
ca3176e7c8 Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Brian Feldman
3ed16d1511 This commit was generated by cvs2svn to compensate for changes in r76259, 
which included commits to RCS files with non-trunk default branches.
 2001-05-04 03:57:05 +00:00
Brian Feldman
1e8db6e2f6 Say "hi" to the latest in the OpenSSH series, version 2.9! 
Happy birthday to:	rwatson
 2001-05-04 03:57:05 +00:00
Brian Feldman
933ca70f8f Add a "VersionAddendum" configuration setting for sshd which allows 
anyone to easily change the part of the OpenSSH version after the main
version number.  The FreeBSD-specific version banner could be disabled
that way, for example:

# Call ourselves plain OpenSSH
VersionAddendum
 2001-05-03 00:29:28 +00:00
Brian Feldman
1f5ce8f412 Backout completely canonical lookup modifications. 2001-05-03 00:26:47 +00:00
Mark Murray
b7ffbfee87 Toss into attic stuff we don't use. 2001-04-14 09:48:26 +00:00
Ruslan Ermilov
566f5a4859 mdoc(7) police: removed hard sentence breaks introduced in rev.1.10. 2001-04-13 08:49:52 +00:00
Nick Sayer
036790848a Clean up telnet's argument processing a bit. autologin and encryption is 
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
 2001-04-06 15:56:10 +00:00
Nick Sayer
6a1fe28e41 Reactivate SRA. 
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
 2001-04-05 14:09:15 +00:00
Brian Feldman
313cb084c4 Suggested by kris, OpenSSH shall have a version designated to note that 
it's not "plain" OpenSSH 2.3.0.
 2001-03-20 02:11:25 +00:00
Brian Feldman
e0fbb1d2de Make password attacks based on traffic analysis harder by requiring that 
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.

Obtained from:	OpenBSD
 2001-03-20 02:06:40 +00:00
Nick Sayer
989efc86f5 Fix core noted in -stable with 'auth disable SRA'. 
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
 2001-03-18 09:44:25 +00:00
Jeroen Ruigrok van der Werven
f7191d4fae Fix double mention of ssh. 
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.

PR:		25743
Submitted by:	David Wolfskill <dhw@whistle.com>
 2001-03-15 09:24:40 +00:00
Brian Feldman
e4fe1ca667 Don't dump core when an attempt is made to login using protocol 2 with 
an invalid user name.
 2001-03-15 03:15:18 +00:00
Assar Westerlund
aeccfe991a (try_krb5_authentication): simplify code. from joda@netbsd.org 2001-03-13 04:42:38 +00:00
Assar Westerlund
a16a9b0f1e Fix LP64 problem in Kerberos 5 TGT passing. 
Obtained from: NetBSD (done by thorpej@netbsd.org)
 2001-03-12 08:14:22 +00:00
Assar Westerlund
bb330cd01e enable auto-negotiation of encrypt and decrypt 2001-03-12 03:54:48 +00:00
Assar Westerlund
02c9ff5b94 initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory. 
PR:		bin/20779
 2001-03-12 03:48:03 +00:00
Brian Feldman
46c9472cd6 Reenable the SIGPIPE signal handler default in all cases for spawned 
sessions.
 2001-03-11 02:26:57 +00:00
Mark Murray
a4f378438c Remove stuff that is really "ports material", generated files and 
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
 2001-03-04 07:26:45 +00:00
Mark Murray
c21f532945 Trim down the source tree a bit. We shouldn't have blatantly 
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
 2001-03-04 07:06:39 +00:00
Assar Westerlund
cb96ab3672 Add code for being compatible with ssh.com's krb5 authentication. 
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
 2001-03-04 02:22:04 +00:00
Kris Kennaway
b64f39b655 Resolve conflicts 2001-02-18 03:23:30 +00:00
Kris Kennaway
a991678294 This commit was generated by cvs2svn to compensate for changes in r72613, 
which included commits to RCS files with non-trunk default branches.
 2001-02-18 03:17:36 +00:00
Kris Kennaway
de7cdddab1 Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10 2001-02-18 03:17:36 +00:00
Paul Saab
8e97fe726f Make ConnectionsPerPeriod non-fatal for real. 2001-02-18 01:33:31 +00:00
Mark Murray
93f09f075a Fix a "make world"-breaking inconsistency for those folks making 
a world with both KRB4 and KRB5.
 2001-02-14 19:54:36 +00:00
Assar Westerlund
0346cda4f9 nuke conflict markers 2001-02-13 22:40:28 +00:00
Assar Westerlund
c9e3f8cfb9 update to new heimdal libkrb5 2001-02-13 16:58:04 +00:00
Assar Westerlund
47085b17ae fix conflicts in heimdal 0.3e import 2001-02-13 16:52:56 +00:00
Assar Westerlund
5e9cd1ae3e import of heimdal 0.3e 2001-02-13 16:46:19 +00:00
Assar Westerlund
c25d7ab741 This commit was generated by cvs2svn to compensate for changes in r72445, 
which included commits to RCS files with non-trunk default branches.
 2001-02-13 16:46:19 +00:00
Kris Kennaway
a09221f83c Patches backported from later development version of OpenSSH which prevent 
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by:	rwatson
 2001-02-12 06:44:51 +00:00
Kris Kennaway
e0834d8749 Note that crypto/ is not used to build in, people should see secure/ 
instead.
 2001-02-10 04:47:47 +00:00