d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
72,767 Commits 72 Branches 135 Tags 3.2 GiB
1d4cb54ba8
Commit Graph

401 Commits

Author SHA1 Message Date
Mark Murray
6fdd5473af Diff-reduce these two. 
Really, one of them needs to disappear. I'll figure out which
later.

Reported by:	bde
 2001-10-27 12:49:19 +00:00
Mark Murray
f2ac7de925 Add __FBSDID() to diff-reduce with "base" telnet. 2001-10-01 16:04:55 +00:00
Brian Feldman
ccf35be189 Modify a "You don't exist" message, pretty rude for transient YP failures. 2001-09-27 18:54:42 +00:00
Assar Westerlund
1f131ac4bd fix renamed options in some of the code that was #ifdef AFS 
also print an error if krb5 ticket passing is disabled

Submitted by:	Jonathan Chen <jon@spock.org>
 2001-09-04 13:27:04 +00:00
Mark Murray
6b022d0047 Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code. 2001-08-29 14:16:17 +00:00
Paul Saab
20a18c35f4 Backout last change. I didnt follow the thread and made a mistake 
with this.  localisations is a valid spelling.  Oops
 2001-08-27 10:37:50 +00:00
Paul Saab
95576c53ef Correctly spell localizations 2001-08-27 10:20:02 +00:00
Dima Dorfman
39b7ac5a89 Remove description of an option that only applies to UNICOS < 7.0. 
That define may still be present in the source, but I don't think
anyone has plans to try to use it.

Obtained from:	NetBSD
 2001-08-25 21:29:12 +00:00
Mark Murray
21f083c0a6 Code merge and diff reduce with "base" telnet. This is the "later" 
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.
 2001-08-20 12:28:40 +00:00
Brian Feldman
0e513252b5 Update the OpenSSH minor-version string. 
Requested by:	obrien
Reviewed by:	rwatson
 2001-08-16 19:26:19 +00:00
Kazuo Horikawa
ba8140a6f6 Removal of following export controll related sentences: 
o Because of export controls, TELNET ENCRYPT option is not supported outside
  of the United States and Canada.
o Because of export controls, data encryption
  is not supported outside of the United States and Canada.

src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.

Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc
 2001-08-15 01:30:25 +00:00
Ruslan Ermilov
753d686d34 mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
Kris Kennaway
a2a887b56a output_data(), output_datalen() and netflush() didn't actually guarantee 
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded).  Change the
semantics so that these functions ensure they complete the operation before
returning.

Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.

Patch developed with assistance from ru and assar.
 2001-07-23 21:52:26 +00:00
Ruslan Ermilov
40e7fc1a20 More potential buffer overflow fixes. 
o Fixed `nfrontp' calculations in output_data().  If `remaining' is
  initially zero, it was possible for `nfrontp' to be decremented.

Noticed by:	dillon

o Replaced leaking writenet() with output_datalen():

:  * writenet
:  *
:  * Just a handy little function to write a bit of raw data to the net.
:  * It will force a transmit of the buffer if necessary
:  *
:  * arguments
:  *    ptr - A pointer to a character string to write
:  *    len - How many bytes to write
:  */
: 	void
: writenet(ptr, len)
: 	register unsigned char *ptr;
: 	register int len;
: {
: 	/* flush buffer if no room for new data) */
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: 		/* if this fails, don't worry, buffer is a little big */
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 		netflush();
: 	}
:
: 	memmove(nfrontp, ptr, len);
: 	nfrontp += len;
:
: }  /* end of writenet */

What an irony!  :-)

o Optimized output_datalen() a bit.
 2001-07-20 12:02:30 +00:00
Kris Kennaway
37b8c2dbf3 Resolve conflicts 2001-07-19 20:05:28 +00:00
Kris Kennaway
26d191b459 Initial import of OpenSSL 0.9.6b 2001-07-19 19:59:37 +00:00
Kris Kennaway
3c738b5631 This commit was generated by cvs2svn to compensate for changes in r79998, 
which included commits to RCS files with non-trunk default branches.
 2001-07-19 19:59:37 +00:00
Ruslan Ermilov
1ee47d0673 vsnprintf() can return a value larger than the buffer size. 
Submitted by:	assar
Obtained from:	OpenBSD
 2001-07-19 18:58:31 +00:00
Ruslan Ermilov
5f10368c1d Fixed the exploitable remote buffer overflow. 
Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp
 2001-07-19 17:48:57 +00:00
Jacques Vidrine
b33edd3956 Bug fix: When the client connects to a server and Kerberos 
authentication is  enabled, the  client effectively ignores  any error
from krb5_rd_rep due to a missing branch.

In  theory  this could  result  in  an  ssh  client using  Kerberos  5
authentication accepting  a spoofed  AP-REP.  I doubt  this is  a real
possiblity, however, because  the AP-REP is passed from  the server to
the client via the SSH  encrypted channel.  Any tampering should cause
the decryption or MAC to fail.

Approved by:	green
MFC after:	1 week
 2001-07-13 18:12:13 +00:00
Ruslan Ermilov
63919764c2 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
Brian Feldman
d9769eeead Fix an incorrect conflict resolution which prevented TISAuthentication 
from working right in 2.9.
 2001-07-07 14:19:53 +00:00
Ruslan Ermilov
df1cda58e4 mdoc(7) police: merge all fixes from non-crypto version. 2001-07-05 14:08:12 +00:00
Ruslan Ermilov
a5493c1b77 MF non-crypto: 1.13: document -u in usage. 2001-07-05 14:06:27 +00:00
Brian Feldman
a15906e7aa Also add a colon to "Bad passphrase, please try again ". 2001-06-29 16:43:13 +00:00
Brian Feldman
69b8e053cb Put in a missing colon in the "Enter passphrase" message. 2001-06-29 16:34:14 +00:00
Brian Feldman
0c82706bc0 Back out the last change which is probably actually a red herring. Argh! 2001-06-26 15:15:22 +00:00
Brian Feldman
c3e2f3baec Don't pointlessly kill a channel because the first (forced) 
non-blocking read returns 0.

Now I can finally tunnel CVSUP again...
 2001-06-26 14:17:35 +00:00
Assar Westerlund
c80b5a6353 fix merges from 0.3f 2001-06-21 02:21:57 +00:00
Assar Westerlund
adb0ddaeac import of heimdal 0.3f 2001-06-21 02:12:07 +00:00
Assar Westerlund
362982da86 This commit was generated by cvs2svn to compensate for changes in r78527, 
which included commits to RCS files with non-trunk default branches.
 2001-06-21 02:12:07 +00:00
Assar Westerlund
07de0e4353 (do_authloop): handle !KRB4 && KRB5 2001-06-16 07:44:17 +00:00
Mark Murray
7e40a391bc Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does 
not imply that you want, need or have kerberosIV headers.
 2001-06-15 08:12:31 +00:00
Brian Feldman
e7edf5a116 Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
Brian Feldman
e9fd63dfdd Switch to the user's uid before attempting to unlink the auth forwarding 
file, nullifying the effects of a race.

Obtained from:	OpenBSD
 2001-06-08 22:22:09 +00:00
David E. O'Brien
e8f64f5ebf Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason. 2001-05-24 07:22:08 +00:00
Matthew Dillon
7a2254dcf0 Oops, forgot the 'u' in the getopt for the previous commit. 2001-05-24 00:14:19 +00:00
Matthew Dillon
e5c23e887b A feature to allow one to telnet to a unix domain socket. (MFC from 
non-crypto version)

Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.

Obtained from:   Lyndon Nerenberg <lyndon@orthanc.ab.ca>
 2001-05-23 22:54:07 +00:00
Kris Kennaway
f06df90bde Resolve conflicts 2001-05-20 03:17:35 +00:00
Kris Kennaway
5740a5e34c Initial import of OpenSSL 0.9.6a 2001-05-20 03:07:21 +00:00
Kris Kennaway
4992dce6f6 This commit was generated by cvs2svn to compensate for changes in r76866, 
which included commits to RCS files with non-trunk default branches.
 2001-05-20 03:07:21 +00:00
David E. O'Brien
d3ebe37cd0 Restore the RSA host key to /etc/ssh/ssh_host_key. 
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
 2001-05-18 18:10:02 +00:00
Nick Sayer
9286fd701f Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
Peter Wemm
64867478d8 Back out last commit. This was already fixed. This should never have 
happened, this is why we have commit mail expressly delivered to
committers.
 2001-05-17 03:14:42 +00:00
Peter Wemm
d48d5be0d0 Fix the latest telnet breakage. Obviously this was never compiled. 2001-05-17 03:13:00 +00:00
Nick Sayer
1848e3d448 Since the root-on-insecure-tty code was added to telnetd, a dependency 
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
 2001-05-16 20:34:42 +00:00
Nick Sayer
166b3cb9a0 Make sure the protocol actively rejects bad data rather than 
(potentially) not responding to an invalid SRA 'auth is' message.
 2001-05-16 20:24:58 +00:00
Nick Sayer
8183ac8f53 srandomdev() affords us the opportunity to radically improve, and at the 
same time simplify, the random number selection code.
 2001-05-16 18:32:46 +00:00
Nick Sayer
60f581768d Catch any attempted buffer overflows. The magic numbers in this code 
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
 2001-05-16 18:27:09 +00:00
Nick Sayer
e7157113a9 Catch malloc return failures. This should help avoid dereferencing NULL on 
low-memory situations.

Submitted by:	kris
 2001-05-16 18:17:55 +00:00
Peter Wemm
cd189e1195 Hack to work around braindeath in libtelnet:sra.c. The sra.o file 
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
 2001-05-15 09:52:03 +00:00
Nick Sayer
c7be24c970 If the uid of the attempted authentication is 0 and if the pty is 
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
 2001-05-15 04:47:14 +00:00
Brian Feldman
62c931e0a4 If a host would exceed 16 characters in the utmp entry, record only 
it's IP address/base host instead.

Submitted by:	brian
 2001-05-15 01:50:40 +00:00
Ruslan Ermilov
bb60401e7a mdoc(7) police: finished fixing conflicts in revision 1.18. 2001-05-14 18:13:34 +00:00
Mark Murray
fa83754c4e Fix make world in the kerberosIV case. 2001-05-11 09:36:17 +00:00
Assar Westerlund
66b166c994 merge imported changes into HEAD 2001-05-11 00:14:02 +00:00
Alfred Perlstein
2c917d39b2 Fix some of the handling in the pam module, don't unregister things 
that were never registered.  At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
 2001-05-09 03:40:37 +00:00
Brian Feldman
00e38eaf7f Since PAM is broken, let pam_setcred() failure be non-fatal. 2001-05-08 22:30:18 +00:00
Assar Westerlund
45524cd79e mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
Assar Westerlund
d1edd0128c This commit was generated by cvs2svn to compensate for changes in r76371, 
which included commits to RCS files with non-trunk default branches.
 2001-05-08 14:57:13 +00:00
Assar Westerlund
a3204abff5 mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
Nick Sayer
053c5b3a9e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
Brian Feldman
3817a12c9b sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc. 2001-05-05 13:48:13 +00:00
Brian Feldman
4c5de86978 Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates. 
(Missing Delta Brigade, tally-ho!)
 2001-05-05 01:12:45 +00:00
Brian Feldman
87767895f0 Get ssh(1) compiling with MAKE_KERBEROS5. 2001-05-04 04:37:49 +00:00
Brian Feldman
345012bf8b Remove obsoleted files. 2001-05-04 04:15:22 +00:00
Brian Feldman
ca3176e7c8 Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Brian Feldman
1e8db6e2f6 Say "hi" to the latest in the OpenSSH series, version 2.9! 
Happy birthday to:	rwatson
 2001-05-04 03:57:05 +00:00
Brian Feldman
3ed16d1511 This commit was generated by cvs2svn to compensate for changes in r76259, 
which included commits to RCS files with non-trunk default branches.
 2001-05-04 03:57:05 +00:00
Brian Feldman
933ca70f8f Add a "VersionAddendum" configuration setting for sshd which allows 
anyone to easily change the part of the OpenSSH version after the main
version number.  The FreeBSD-specific version banner could be disabled
that way, for example:

# Call ourselves plain OpenSSH
VersionAddendum
 2001-05-03 00:29:28 +00:00
Brian Feldman
1f5ce8f412 Backout completely canonical lookup modifications. 2001-05-03 00:26:47 +00:00
Mark Murray
b7ffbfee87 Toss into attic stuff we don't use. 2001-04-14 09:48:26 +00:00
Ruslan Ermilov
566f5a4859 mdoc(7) police: removed hard sentence breaks introduced in rev.1.10. 2001-04-13 08:49:52 +00:00
Nick Sayer
036790848a Clean up telnet's argument processing a bit. autologin and encryption is 
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
 2001-04-06 15:56:10 +00:00
Nick Sayer
6a1fe28e41 Reactivate SRA. 
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
 2001-04-05 14:09:15 +00:00
Brian Feldman
313cb084c4 Suggested by kris, OpenSSH shall have a version designated to note that 
it's not "plain" OpenSSH 2.3.0.
 2001-03-20 02:11:25 +00:00
Brian Feldman
e0fbb1d2de Make password attacks based on traffic analysis harder by requiring that 
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.

Obtained from:	OpenBSD
 2001-03-20 02:06:40 +00:00
Nick Sayer
989efc86f5 Fix core noted in -stable with 'auth disable SRA'. 
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
 2001-03-18 09:44:25 +00:00
Jeroen Ruigrok van der Werven
f7191d4fae Fix double mention of ssh. 
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.

PR:		25743
Submitted by:	David Wolfskill <dhw@whistle.com>
 2001-03-15 09:24:40 +00:00
Brian Feldman
e4fe1ca667 Don't dump core when an attempt is made to login using protocol 2 with 
an invalid user name.
 2001-03-15 03:15:18 +00:00
Assar Westerlund
aeccfe991a (try_krb5_authentication): simplify code. from joda@netbsd.org 2001-03-13 04:42:38 +00:00
Assar Westerlund
a16a9b0f1e Fix LP64 problem in Kerberos 5 TGT passing. 
Obtained from: NetBSD (done by thorpej@netbsd.org)
 2001-03-12 08:14:22 +00:00
Assar Westerlund
bb330cd01e enable auto-negotiation of encrypt and decrypt 2001-03-12 03:54:48 +00:00
Assar Westerlund
02c9ff5b94 initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory. 
PR:		bin/20779
 2001-03-12 03:48:03 +00:00
Brian Feldman
46c9472cd6 Reenable the SIGPIPE signal handler default in all cases for spawned 
sessions.
 2001-03-11 02:26:57 +00:00
Mark Murray
a4f378438c Remove stuff that is really "ports material", generated files and 
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
 2001-03-04 07:26:45 +00:00
Mark Murray
c21f532945 Trim down the source tree a bit. We shouldn't have blatantly 
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
 2001-03-04 07:06:39 +00:00
Assar Westerlund
cb96ab3672 Add code for being compatible with ssh.com's krb5 authentication. 
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
 2001-03-04 02:22:04 +00:00
Kris Kennaway
b64f39b655 Resolve conflicts 2001-02-18 03:23:30 +00:00
Kris Kennaway
de7cdddab1 Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10 2001-02-18 03:17:36 +00:00
Kris Kennaway
a991678294 This commit was generated by cvs2svn to compensate for changes in r72613, 
which included commits to RCS files with non-trunk default branches.
 2001-02-18 03:17:36 +00:00
Paul Saab
8e97fe726f Make ConnectionsPerPeriod non-fatal for real. 2001-02-18 01:33:31 +00:00
Mark Murray
93f09f075a Fix a "make world"-breaking inconsistency for those folks making 
a world with both KRB4 and KRB5.
 2001-02-14 19:54:36 +00:00
Assar Westerlund
0346cda4f9 nuke conflict markers 2001-02-13 22:40:28 +00:00
Assar Westerlund
c9e3f8cfb9 update to new heimdal libkrb5 2001-02-13 16:58:04 +00:00
Assar Westerlund
47085b17ae fix conflicts in heimdal 0.3e import 2001-02-13 16:52:56 +00:00
Assar Westerlund
5e9cd1ae3e import of heimdal 0.3e 2001-02-13 16:46:19 +00:00
Assar Westerlund
c25d7ab741 This commit was generated by cvs2svn to compensate for changes in r72445, 
which included commits to RCS files with non-trunk default branches.
 2001-02-13 16:46:19 +00:00
Kris Kennaway
a09221f83c Patches backported from later development version of OpenSSH which prevent 
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by:	rwatson
 2001-02-12 06:44:51 +00:00
Kris Kennaway
e0834d8749 Note that crypto/ is not used to build in, people should see secure/ 
instead.
 2001-02-10 04:47:47 +00:00