Commit Graph

309 Commits

Author SHA1 Message Date
Nick Sayer
9286fd701f Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
Peter Wemm
64867478d8 Back out last commit. This was already fixed. This should never have
happened, this is why we have commit mail expressly delivered to
committers.
2001-05-17 03:14:42 +00:00
Peter Wemm
d48d5be0d0 Fix the latest telnet breakage. Obviously this was never compiled. 2001-05-17 03:13:00 +00:00
Nick Sayer
1848e3d448 Since the root-on-insecure-tty code was added to telnetd, a dependency
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
2001-05-16 20:34:42 +00:00
Nick Sayer
166b3cb9a0 Make sure the protocol actively rejects bad data rather than
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
Nick Sayer
8183ac8f53 srandomdev() affords us the opportunity to radically improve, and at the
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
Nick Sayer
60f581768d Catch any attempted buffer overflows. The magic numbers in this code
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
2001-05-16 18:27:09 +00:00
Nick Sayer
e7157113a9 Catch malloc return failures. This should help avoid dereferencing NULL on
low-memory situations.

Submitted by:	kris
2001-05-16 18:17:55 +00:00
Peter Wemm
cd189e1195 Hack to work around braindeath in libtelnet:sra.c. The sra.o file
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
Nick Sayer
c7be24c970 If the uid of the attempted authentication is 0 and if the pty is
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
Brian Feldman
62c931e0a4 If a host would exceed 16 characters in the utmp entry, record only
it's IP address/base host instead.

Submitted by:	brian
2001-05-15 01:50:40 +00:00
Ruslan Ermilov
bb60401e7a mdoc(7) police: finished fixing conflicts in revision 1.18. 2001-05-14 18:13:34 +00:00
Mark Murray
fa83754c4e Fix make world in the kerberosIV case. 2001-05-11 09:36:17 +00:00
Assar Westerlund
66b166c994 merge imported changes into HEAD 2001-05-11 00:14:02 +00:00
Alfred Perlstein
2c917d39b2 Fix some of the handling in the pam module, don't unregister things
that were never registered.  At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
2001-05-09 03:40:37 +00:00
Brian Feldman
00e38eaf7f Since PAM is broken, let pam_setcred() failure be non-fatal. 2001-05-08 22:30:18 +00:00
Assar Westerlund
d1edd0128c This commit was generated by cvs2svn to compensate for changes in r76371,
which included commits to RCS files with non-trunk default branches.
2001-05-08 14:57:13 +00:00
Assar Westerlund
45524cd79e mdoc(ng) fixes
Submitted by:	ru
2001-05-08 14:57:13 +00:00
Assar Westerlund
a3204abff5 mdoc(ng) fixes
Submitted by:	ru
2001-05-08 14:57:13 +00:00
Nick Sayer
053c5b3a9e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
Brian Feldman
3817a12c9b sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc. 2001-05-05 13:48:13 +00:00
Brian Feldman
4c5de86978 Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
(Missing Delta Brigade, tally-ho!)
2001-05-05 01:12:45 +00:00
Brian Feldman
87767895f0 Get ssh(1) compiling with MAKE_KERBEROS5. 2001-05-04 04:37:49 +00:00
Brian Feldman
345012bf8b Remove obsoleted files. 2001-05-04 04:15:22 +00:00
Brian Feldman
ca3176e7c8 Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Brian Feldman
3ed16d1511 This commit was generated by cvs2svn to compensate for changes in r76259,
which included commits to RCS files with non-trunk default branches.
2001-05-04 03:57:05 +00:00
Brian Feldman
1e8db6e2f6 Say "hi" to the latest in the OpenSSH series, version 2.9!
Happy birthday to:	rwatson
2001-05-04 03:57:05 +00:00
Brian Feldman
933ca70f8f Add a "VersionAddendum" configuration setting for sshd which allows
anyone to easily change the part of the OpenSSH version after the main
version number.  The FreeBSD-specific version banner could be disabled
that way, for example:

# Call ourselves plain OpenSSH
VersionAddendum
2001-05-03 00:29:28 +00:00
Brian Feldman
1f5ce8f412 Backout completely canonical lookup modifications. 2001-05-03 00:26:47 +00:00
Mark Murray
b7ffbfee87 Toss into attic stuff we don't use. 2001-04-14 09:48:26 +00:00
Ruslan Ermilov
566f5a4859 mdoc(7) police: removed hard sentence breaks introduced in rev.1.10. 2001-04-13 08:49:52 +00:00
Nick Sayer
036790848a Clean up telnet's argument processing a bit. autologin and encryption is
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
2001-04-06 15:56:10 +00:00
Nick Sayer
6a1fe28e41 Reactivate SRA.
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
Brian Feldman
313cb084c4 Suggested by kris, OpenSSH shall have a version designated to note that
it's not "plain" OpenSSH 2.3.0.
2001-03-20 02:11:25 +00:00
Brian Feldman
e0fbb1d2de Make password attacks based on traffic analysis harder by requiring that
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.

Obtained from:	OpenBSD
2001-03-20 02:06:40 +00:00
Nick Sayer
989efc86f5 Fix core noted in -stable with 'auth disable SRA'.
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
Jeroen Ruigrok van der Werven
f7191d4fae Fix double mention of ssh.
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.

PR:		25743
Submitted by:	David Wolfskill <dhw@whistle.com>
2001-03-15 09:24:40 +00:00
Brian Feldman
e4fe1ca667 Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.
2001-03-15 03:15:18 +00:00
Assar Westerlund
aeccfe991a (try_krb5_authentication): simplify code. from joda@netbsd.org 2001-03-13 04:42:38 +00:00
Assar Westerlund
a16a9b0f1e Fix LP64 problem in Kerberos 5 TGT passing.
Obtained from: NetBSD (done by thorpej@netbsd.org)
2001-03-12 08:14:22 +00:00
Assar Westerlund
bb330cd01e enable auto-negotiation of encrypt and decrypt 2001-03-12 03:54:48 +00:00
Assar Westerlund
02c9ff5b94 initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory.
PR:		bin/20779
2001-03-12 03:48:03 +00:00
Brian Feldman
46c9472cd6 Reenable the SIGPIPE signal handler default in all cases for spawned
sessions.
2001-03-11 02:26:57 +00:00
Mark Murray
a4f378438c Remove stuff that is really "ports material", generated files and
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
2001-03-04 07:26:45 +00:00
Mark Murray
c21f532945 Trim down the source tree a bit. We shouldn't have blatantly
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
2001-03-04 07:06:39 +00:00
Assar Westerlund
cb96ab3672 Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
2001-03-04 02:22:04 +00:00
Kris Kennaway
b64f39b655 Resolve conflicts 2001-02-18 03:23:30 +00:00
Kris Kennaway
a991678294 This commit was generated by cvs2svn to compensate for changes in r72613,
which included commits to RCS files with non-trunk default branches.
2001-02-18 03:17:36 +00:00
Kris Kennaway
de7cdddab1 Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10 2001-02-18 03:17:36 +00:00
Paul Saab
8e97fe726f Make ConnectionsPerPeriod non-fatal for real. 2001-02-18 01:33:31 +00:00