d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
86,036 Commits 72 Branches 135 Tags 3.2 GiB
1ec5262d9b
Commit Graph

554 Commits

Author SHA1 Message Date
nsayer
2005964c91 Add Berkeley copyright to SRA. 
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:

Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.

>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.

>dave safford

This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.

MFC after:	1 day
 2001-10-29 16:12:16 +00:00
markm
012b8ca164 Diff-reduce these two. 
Really, one of them needs to disappear. I'll figure out which
later.

Reported by:	bde
 2001-10-27 12:49:19 +00:00
markm
7f4c98c7f1 Add __FBSDID() to diff-reduce with "base" telnet. 2001-10-01 16:04:55 +00:00
green
bf04b80bd5 Modify a "You don't exist" message, pretty rude for transient YP failures. 2001-09-27 18:54:42 +00:00
assar
c753fd6b3d fix renamed options in some of the code that was #ifdef AFS 
also print an error if krb5 ticket passing is disabled

Submitted by:	Jonathan Chen <jon@spock.org>
 2001-09-04 13:27:04 +00:00
markm
a0aea2d2dc Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code. 2001-08-29 14:16:17 +00:00
ps
2c678f7f39 Backout last change. I didnt follow the thread and made a mistake 
with this.  localisations is a valid spelling.  Oops
 2001-08-27 10:37:50 +00:00
ps
52b695b1eb Correctly spell localizations 2001-08-27 10:20:02 +00:00
dd
8dcc7b8be3 Remove description of an option that only applies to UNICOS < 7.0. 
That define may still be present in the source, but I don't think
anyone has plans to try to use it.

Obtained from:	NetBSD
 2001-08-25 21:29:12 +00:00
markm
cd426a1bca Code merge and diff reduce with "base" telnet. This is the "later" 
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.
 2001-08-20 12:28:40 +00:00
green
221000aec0 Update the OpenSSH minor-version string. 
Requested by:	obrien
Reviewed by:	rwatson
 2001-08-16 19:26:19 +00:00
horikawa
1a0aaba06e Removal of following export controll related sentences: 
o Because of export controls, TELNET ENCRYPT option is not supported outside
  of the United States and Canada.
o Because of export controls, data encryption
  is not supported outside of the United States and Canada.

src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.

Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc
 2001-08-15 01:30:25 +00:00
ru
173222b339 mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
kris
8870d40bfa output_data(), output_datalen() and netflush() didn't actually guarantee 
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded).  Change the
semantics so that these functions ensure they complete the operation before
returning.

Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.

Patch developed with assistance from ru and assar.
 2001-07-23 21:52:26 +00:00
ru
78fa3f18a6 More potential buffer overflow fixes. 
o Fixed `nfrontp' calculations in output_data().  If `remaining' is
  initially zero, it was possible for `nfrontp' to be decremented.

Noticed by:	dillon

o Replaced leaking writenet() with output_datalen():

:  * writenet
:  *
:  * Just a handy little function to write a bit of raw data to the net.
:  * It will force a transmit of the buffer if necessary
:  *
:  * arguments
:  *    ptr - A pointer to a character string to write
:  *    len - How many bytes to write
:  */
: 	void
: writenet(ptr, len)
: 	register unsigned char *ptr;
: 	register int len;
: {
: 	/* flush buffer if no room for new data) */
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: 		/* if this fails, don't worry, buffer is a little big */
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 		netflush();
: 	}
:
: 	memmove(nfrontp, ptr, len);
: 	nfrontp += len;
:
: }  /* end of writenet */

What an irony!  :-)

o Optimized output_datalen() a bit.
 2001-07-20 12:02:30 +00:00
kris
32f6a76597 Resolve conflicts 2001-07-19 20:05:28 +00:00
kris
faf2b8a912 Initial import of OpenSSL 0.9.6b 2001-07-19 19:59:37 +00:00
kris
1ec260871e This commit was generated by cvs2svn to compensate for changes in r79998, 
which included commits to RCS files with non-trunk default branches.
 2001-07-19 19:59:37 +00:00
ru
f6e041ebe5 vsnprintf() can return a value larger than the buffer size. 
Submitted by:	assar
Obtained from:	OpenBSD
 2001-07-19 18:58:31 +00:00
ru
bea326ca5f Fixed the exploitable remote buffer overflow. 
Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp
 2001-07-19 17:48:57 +00:00
nectar
b46e1b266a Bug fix: When the client connects to a server and Kerberos 
authentication is  enabled, the  client effectively ignores  any error
from krb5_rd_rep due to a missing branch.

In  theory  this could  result  in  an  ssh  client using  Kerberos  5
authentication accepting  a spoofed  AP-REP.  I doubt  this is  a real
possiblity, however, because  the AP-REP is passed from  the server to
the client via the SSH  encrypted channel.  Any tampering should cause
the decryption or MAC to fail.

Approved by:	green
MFC after:	1 week
 2001-07-13 18:12:13 +00:00
ru
d177b65ce4 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
green
14b2fed211 Fix an incorrect conflict resolution which prevented TISAuthentication 
from working right in 2.9.
 2001-07-07 14:19:53 +00:00
ru
afc184ee2b mdoc(7) police: merge all fixes from non-crypto version. 2001-07-05 14:08:12 +00:00
ru
15c82fa30b MF non-crypto: 1.13: document -u in usage. 2001-07-05 14:06:27 +00:00
green
663b90ec4f Also add a colon to "Bad passphrase, please try again ". 2001-06-29 16:43:13 +00:00
green
bb0ece08cd Put in a missing colon in the "Enter passphrase" message. 2001-06-29 16:34:14 +00:00
green
da492ebce8 Back out the last change which is probably actually a red herring. Argh! 2001-06-26 15:15:22 +00:00
green
0ff046679f Don't pointlessly kill a channel because the first (forced) 
non-blocking read returns 0.

Now I can finally tunnel CVSUP again...
 2001-06-26 14:17:35 +00:00
assar
1ae1fb1c3e fix merges from 0.3f 2001-06-21 02:21:57 +00:00
assar
0c8fa35435 import of heimdal 0.3f 2001-06-21 02:12:07 +00:00
assar
035d7fdde4 This commit was generated by cvs2svn to compensate for changes in r78527, 
which included commits to RCS files with non-trunk default branches.
 2001-06-21 02:12:07 +00:00
assar
7bbbf00611 (do_authloop): handle !KRB4 && KRB5 2001-06-16 07:44:17 +00:00
markm
8ab5b668f0 Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does 
not imply that you want, need or have kerberosIV headers.
 2001-06-15 08:12:31 +00:00
green
9b4110c5e5 Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
green
d858193287 Switch to the user's uid before attempting to unlink the auth forwarding 
file, nullifying the effects of a race.

Obtained from:	OpenBSD
 2001-06-08 22:22:09 +00:00
obrien
d28b3020e0 Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason. 2001-05-24 07:22:08 +00:00
dillon
7c9881bb6d Oops, forgot the 'u' in the getopt for the previous commit. 2001-05-24 00:14:19 +00:00
dillon
43b251fff6 A feature to allow one to telnet to a unix domain socket. (MFC from 
non-crypto version)

Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.

Obtained from:   Lyndon Nerenberg <lyndon@orthanc.ab.ca>
 2001-05-23 22:54:07 +00:00
kris
039bdff556 Resolve conflicts 2001-05-20 03:17:35 +00:00
kris
5c3fdcff75 Initial import of OpenSSL 0.9.6a 2001-05-20 03:07:21 +00:00
kris
7e2abc47ba This commit was generated by cvs2svn to compensate for changes in r76866, 
which included commits to RCS files with non-trunk default branches.
 2001-05-20 03:07:21 +00:00
obrien
c2a0af9de9 Restore the RSA host key to /etc/ssh/ssh_host_key. 
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
 2001-05-18 18:10:02 +00:00
nsayer
acdba14ce0 Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
peter
a0f507f8ae Back out last commit. This was already fixed. This should never have 
happened, this is why we have commit mail expressly delivered to
committers.
 2001-05-17 03:14:42 +00:00
peter
6a2bc7f8ee Fix the latest telnet breakage. Obviously this was never compiled. 2001-05-17 03:13:00 +00:00
nsayer
48dcf3a014 Since the root-on-insecure-tty code was added to telnetd, a dependency 
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
 2001-05-16 20:34:42 +00:00
nsayer
0fc596428b Make sure the protocol actively rejects bad data rather than 
(potentially) not responding to an invalid SRA 'auth is' message.
 2001-05-16 20:24:58 +00:00
nsayer
e3d767bac2 srandomdev() affords us the opportunity to radically improve, and at the 
same time simplify, the random number selection code.
 2001-05-16 18:32:46 +00:00
nsayer
1be2f5ba52 Catch any attempted buffer overflows. The magic numbers in this code 
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
 2001-05-16 18:27:09 +00:00
nsayer
ce33146412 Catch malloc return failures. This should help avoid dereferencing NULL on 
low-memory situations.

Submitted by:	kris
 2001-05-16 18:17:55 +00:00
peter
f9ccd29a6a Hack to work around braindeath in libtelnet:sra.c. The sra.o file 
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
 2001-05-15 09:52:03 +00:00
nsayer
1a11f3f940 If the uid of the attempted authentication is 0 and if the pty is 
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
 2001-05-15 04:47:14 +00:00
green
dc1d7c596c If a host would exceed 16 characters in the utmp entry, record only 
it's IP address/base host instead.

Submitted by:	brian
 2001-05-15 01:50:40 +00:00
ru
d9bf66e32a mdoc(7) police: finished fixing conflicts in revision 1.18. 2001-05-14 18:13:34 +00:00
markm
59bdfd4c78 Fix make world in the kerberosIV case. 2001-05-11 09:36:17 +00:00
assar
d949912a40 merge imported changes into HEAD 2001-05-11 00:14:02 +00:00
alfred
87b6cfa403 Fix some of the handling in the pam module, don't unregister things 
that were never registered.  At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
 2001-05-09 03:40:37 +00:00
green
4c53600da0 Since PAM is broken, let pam_setcred() failure be non-fatal. 2001-05-08 22:30:18 +00:00
assar
a4ee56e2bb mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
assar
06c859ecf5 mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
assar
6dec691f65 This commit was generated by cvs2svn to compensate for changes in r76371, 
which included commits to RCS files with non-trunk default branches.
 2001-05-08 14:57:13 +00:00
nsayer
432133a6fe Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
green
ef95bdcf09 sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc. 2001-05-05 13:48:13 +00:00
green
4850c61e14 Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates. 
(Missing Delta Brigade, tally-ho!)
 2001-05-05 01:12:45 +00:00
green
f578998009 Get ssh(1) compiling with MAKE_KERBEROS5. 2001-05-04 04:37:49 +00:00
green
5c19fbfcf3 Remove obsoleted files. 2001-05-04 04:15:22 +00:00
green
e1b74d5cfc Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
green
bff216029e Say "hi" to the latest in the OpenSSH series, version 2.9! 
Happy birthday to:	rwatson
 2001-05-04 03:57:05 +00:00
green
0ba1971539 This commit was generated by cvs2svn to compensate for changes in r76259, 
which included commits to RCS files with non-trunk default branches.
 2001-05-04 03:57:05 +00:00
green
6d82450791 Add a "VersionAddendum" configuration setting for sshd which allows 
anyone to easily change the part of the OpenSSH version after the main
version number.  The FreeBSD-specific version banner could be disabled
that way, for example:

# Call ourselves plain OpenSSH
VersionAddendum
 2001-05-03 00:29:28 +00:00
green
80585512e4 Backout completely canonical lookup modifications. 2001-05-03 00:26:47 +00:00
markm
620e961deb Toss into attic stuff we don't use. 2001-04-14 09:48:26 +00:00
ru
36beb8b59e mdoc(7) police: removed hard sentence breaks introduced in rev.1.10. 2001-04-13 08:49:52 +00:00
nsayer
51675c2712 Clean up telnet's argument processing a bit. autologin and encryption is 
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
 2001-04-06 15:56:10 +00:00
nsayer
7f0bcdb794 Reactivate SRA. 
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
 2001-04-05 14:09:15 +00:00
green
6f515d8d34 Suggested by kris, OpenSSH shall have a version designated to note that 
it's not "plain" OpenSSH 2.3.0.
 2001-03-20 02:11:25 +00:00
green
fdce75a19b Make password attacks based on traffic analysis harder by requiring that 
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.

Obtained from:	OpenBSD
 2001-03-20 02:06:40 +00:00
nsayer
dd03c3e952 Fix core noted in -stable with 'auth disable SRA'. 
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
 2001-03-18 09:44:25 +00:00
asmodai
38e7299ef6 Fix double mention of ssh. 
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.

PR:		25743
Submitted by:	David Wolfskill <dhw@whistle.com>
 2001-03-15 09:24:40 +00:00
green
38cdb2ac8b Don't dump core when an attempt is made to login using protocol 2 with 
an invalid user name.
 2001-03-15 03:15:18 +00:00
assar
e3bda85946 (try_krb5_authentication): simplify code. from joda@netbsd.org 2001-03-13 04:42:38 +00:00
assar
a308e4a2b4 Fix LP64 problem in Kerberos 5 TGT passing. 
Obtained from: NetBSD (done by thorpej@netbsd.org)
 2001-03-12 08:14:22 +00:00
assar
797c533a5a enable auto-negotiation of encrypt and decrypt 2001-03-12 03:54:48 +00:00
assar
e2c7ce93ff initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory. 
PR:		bin/20779
 2001-03-12 03:48:03 +00:00
green
93f32c5caf Reenable the SIGPIPE signal handler default in all cases for spawned 
sessions.
 2001-03-11 02:26:57 +00:00
markm
7630080b0a Remove stuff that is really "ports material", generated files and 
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
 2001-03-04 07:26:45 +00:00
markm
2dc08feacd Trim down the source tree a bit. We shouldn't have blatantly 
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
 2001-03-04 07:06:39 +00:00
assar
ed5525fcec Add code for being compatible with ssh.com's krb5 authentication. 
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
 2001-03-04 02:22:04 +00:00
kris
6bf88336f3 Resolve conflicts 2001-02-18 03:23:30 +00:00
kris
6447e500e7 Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10 2001-02-18 03:17:36 +00:00
kris
dcb1266f53 This commit was generated by cvs2svn to compensate for changes in r72613, 
which included commits to RCS files with non-trunk default branches.
 2001-02-18 03:17:36 +00:00
ps
007b98e98a Make ConnectionsPerPeriod non-fatal for real. 2001-02-18 01:33:31 +00:00
markm
7d476598a6 Fix a "make world"-breaking inconsistency for those folks making 
a world with both KRB4 and KRB5.
 2001-02-14 19:54:36 +00:00
assar
25fba1c2af nuke conflict markers 2001-02-13 22:40:28 +00:00
assar
f1302e84ce update to new heimdal libkrb5 2001-02-13 16:58:04 +00:00
assar
6794f0dfb2 fix conflicts in heimdal 0.3e import 2001-02-13 16:52:56 +00:00
assar
ebfe6dc471 import of heimdal 0.3e 2001-02-13 16:46:19 +00:00
assar
c114d0ad93 This commit was generated by cvs2svn to compensate for changes in r72445, 
which included commits to RCS files with non-trunk default branches.
 2001-02-13 16:46:19 +00:00
kris
d44d42def3 Patches backported from later development version of OpenSSH which prevent 
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by:	rwatson
 2001-02-12 06:44:51 +00:00
kris
a16767cc23 Note that crypto/ is not used to build in, people should see secure/ 
instead.
 2001-02-10 04:47:47 +00:00
asmodai
42be6ba036 Synch: Add $FreeBSD$. 2001-02-07 21:58:16 +00:00
asmodai
9bb829b9c2 Fix typo: compatability -> compatibility. 
Compatability is not an existing english word.
 2001-02-06 12:05:58 +00:00
asmodai
db24d83a1c Fix typo: seperate -> separate. 
Seperate does not exist in the english language.

Submitted to look at by:	kris
 2001-02-06 10:39:38 +00:00
asmodai
bd4658fe52 Fix typo: wierd -> weird. 
There is no such thing as wierd in the english language.
 2001-02-06 09:32:26 +00:00
green
0d037651fe Correctly fill in the sun_len for a sockaddr_sun. 
Submitted by:	Alexander Leidinger <Alexander@leidinger.net>
 2001-02-04 20:23:17 +00:00
green
db1cf40a27 MFS: Don't use the canonical hostname here, too. 2001-02-04 20:16:14 +00:00
green
5a0414c3f3 MFF: Make ConnectionsPerPeriod usage a warning, not fatal. 2001-02-04 20:15:53 +00:00
ru
9099bb40b9 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 17:12:45 +00:00
green
c41e3c8f9e Actually propagate back to the rest of the application that a command 
was specified when using -t mode with the SSH client.

Submitted by:	Dima Dorfman <dima@unixfreak.org>
 2001-01-21 05:45:27 +00:00
green
8548d87c25 /Really/ deprecate ConnectionsPerPeriod, ripping out the code for it 
and giving a dire error to its lingering users.
 2001-01-13 07:57:43 +00:00
ru
225d61e4bb Prepare for mdoc(7)NG. 2001-01-10 16:51:28 +00:00
green
c15c7589b4 Fix a long-standing bug that resulted in a dropped session sometimes 
when an X11-forwarded client was closed.  For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really).  Set SIGPIPE's handler to SIG_IGN.
 2001-01-06 21:15:07 +00:00
assar
e09ea83e84 fix conflicts from merge 2000-12-29 21:16:01 +00:00
assar
2aa51584a1 import krb4-1.0.5 2000-12-29 21:00:22 +00:00
assar
78fdaa215a This commit was generated by cvs2svn to compensate for changes in r70494, 
which included commits to RCS files with non-trunk default branches.
 2000-12-29 21:00:22 +00:00
assar
7e5f2377be merge fix from vendor for not overwriting old ticket file 2000-12-10 21:01:33 +00:00
assar
60206056a8 This commit was generated by cvs2svn to compensate for changes in r69836, 
which included commits to RCS files with non-trunk default branches.
 2000-12-10 21:01:33 +00:00
assar
32ce969d51 merge fix from vendor for removing buffer overrun 2000-12-10 21:00:35 +00:00
assar
eef73539a5 This commit was generated by cvs2svn to compensate for changes in r69833, 
which included commits to RCS files with non-trunk default branches.
 2000-12-10 21:00:35 +00:00
assar
2fe34f87ef merge fix from vendor for not looking at environment variables 2000-12-10 20:59:35 +00:00
assar
b06a14aecd This commit was generated by cvs2svn to compensate for changes in r69830, 
which included commits to RCS files with non-trunk default branches.
 2000-12-10 20:59:35 +00:00
assar
36a2de7dc2 (scrub_env): change to only accept a listed set of variables, 
including only non-filename contents for TERMCAP
 2000-12-10 20:50:20 +00:00
cvs2svn
a58fc46e9c This commit was manufactured by cvs2svn to create branch 
'VENDOR-crypto-openssh'.
 2000-12-05 02:55:13 +00:00
green
77f12310de Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>
 2000-12-05 02:55:12 +00:00
green
705c28942c Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
green
2aecee364f Import of OpenSSH 2.3.0 (virgin OpenBSD source release). 2000-12-05 02:20:19 +00:00
green
8b63a886a4 This commit was generated by cvs2svn to compensate for changes in r69587, 
which included commits to RCS files with non-trunk default branches.
 2000-12-05 02:20:19 +00:00
brian
d71631cdd5 Remove duplicate line 
Not responded to by: kris, then green
 2000-12-04 22:57:53 +00:00
asmodai
f9ee1b3035 Add more environment variables to be filtered through scrub_env(). 
Synched from normal telnet.
 2000-11-30 13:14:54 +00:00
asmodai
17ac8dd5ff String paranoia fix. Synched from normal telnet. 2000-11-30 13:10:01 +00:00
asmodai
d8be929ac8 String paranoia. Merged from regular telnet. 2000-11-30 10:55:25 +00:00
kris
9ed2dafdd6 Correct definition of MAXHOSTNAMELEN in ifdef'ed code. 
Submitted by:	Edwin Groothuis <mavetju@chello.nl>
PR:		bin/22787
 2000-11-26 21:37:51 +00:00
green
31543fcdcc In env_destroy(), it is a bad idea to env_swap(self, 0) to switch 
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2000-11-25 02:00:35 +00:00
billf
f9709d079b Correct an arguement to ssh_add_identity, this matches what is currently 
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
 2000-11-25 01:55:42 +00:00
ru
c3189e713e mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
kris
5b3403165c Fix a buffer overflow from a long local hostname. 
Obtained from:	OpenBSD
 2000-11-19 10:08:26 +00:00
green
b95cf8b09c Add login_cap and login_access support. Previously, these FreeBSD-local 
checks were only made when using the 1.x protocol.
 2000-11-14 04:35:03 +00:00
green
100d82038d Import a security fix: the client would allow a server to use its 
ssh-agent or X11 forwarding even if it was disabled.

This is the vendor fix provided, not an actual revision of clientloop.c.

Submitted by:	Markus Friedl <markus@OpenBSD.org> via kris
 2000-11-14 03:51:53 +00:00
green
0ca278a6c8 This commit was generated by cvs2svn to compensate for changes in r68700, 
which included commits to RCS files with non-trunk default branches.
 2000-11-14 03:51:53 +00:00
kris
6a70ee8741 Update list of files to remove prior to import 2000-11-13 07:46:20 +00:00
kris
9fe6127c90 Resolve conflicts, and garbage collect some local changes that are no 
longer required
 2000-11-13 02:20:29 +00:00
kris
c2775125a7 Initial import of OpenSSL 0.9.6 2000-11-13 01:03:58 +00:00
kris
a20ace197e This commit was generated by cvs2svn to compensate for changes in r68651, 
which included commits to RCS files with non-trunk default branches.
 2000-11-13 01:03:58 +00:00
ru
f9c7198049 Avoid use of direct troff requests in mdoc(7) manual pages. 2000-11-10 17:46:15 +00:00
dougb
98b45016b2 Add a CVS Id tag 2000-10-29 10:00:58 +00:00
kris
3fa82411eb Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY 2000-10-29 00:10:14 +00:00
green
15f43d12d9 Fix a few style oddities. 2000-09-10 18:04:12 +00:00
green
9b66eed210 Fix a goof in timevaldiff. 2000-09-10 18:03:46 +00:00
kris
2a84d96bfa Remove files no longer present in OpenSSH 2.2.0 and beyond 2000-09-10 10:26:07 +00:00
kris
71b51dc832 Resolve conflicts and update for OpenSSH 2.2.0 
Reviewed by:	gshapiro, peter, green
 2000-09-10 09:35:38 +00:00
kris
0ca2bdc2f7 Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 2000-09-10 08:31:17 +00:00
kris
3d4fe2511f This commit was generated by cvs2svn to compensate for changes in r65668, 
which included commits to RCS files with non-trunk default branches.
 2000-09-10 08:31:17 +00:00
kris
395ad657f8 Nuke RSAREF support from orbit. 
It's the only way to be sure.
 2000-09-10 00:09:37 +00:00
kris
b688db32ff ttyname was not being passed into do_login(), so we were erroneously picking 
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by:	peter
 2000-09-04 08:43:05 +00:00
kris
e82b86bebd bzero() the struct timeval for paranoia 
Submitted by:	gshapiro
 2000-09-03 07:58:35 +00:00
kris
367e08bb74 Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody 
was using this feature.
 2000-09-02 07:32:05 +00:00
kris
aa3b9a47a8 Repair a broken conflict resolution in r1.2 which had the effect of nullifying 
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".

Submitted by:	gshapiro
 2000-09-02 05:40:50 +00:00
kris
aa72fb6d06 Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh! 
Submitted by:	gshapiro
 2000-09-02 04:41:33 +00:00
kris
cbf45b2b87 Re-add missing "break" which was lost during a previous patch 
integration. This currently has no effect.

Submitted by:	gshapiro
 2000-09-02 04:37:51 +00:00
kris
72765236c6 Turn on X11Forwarding by default on the server. Any risk is to the client, 
where it is already disabled by default.

Reminded by:	peter
 2000-09-02 03:49:22 +00:00
kris
c35f2b0120 Increase the default value of LoginGraceTime from 60 seconds to 120 
seconds.

PR:		20488
Submitted by:	rwatson
 2000-08-23 09:47:25 +00:00
kris
e7d14b45db Respect X11BASE to derive the location of xauth(1) 
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
 2000-08-23 09:39:20 +00:00
kris
e5f617598c Fix setproctitle() and syslog() vulnerabilities. 2000-08-13 05:23:23 +00:00
kris
a3b4cc13a0 This commit was generated by cvs2svn to compensate for changes in r64593, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 05:23:23 +00:00
kris
e5795f1541 Fix benign bugs due to missing format string in err() and warn(). 
Approved by:	assar (vendor :-)
 2000-08-13 04:46:54 +00:00
kris
d705e89ca3 This commit was generated by cvs2svn to compensate for changes in r64583, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 04:46:54 +00:00
kris
e4f947c892 Fix setproctitle() vulnerability in non-compiled code. 2000-08-13 04:35:43 +00:00
asmodai
91cbf96576 Chalk up another phkmalloc victim. 
It seems as if uninitialised memory was the culprit.

We may want to contribute this back to the OpenSSH project.

Submitted by:	Alexander Leidinger <Alexander@Leidinger.net> on -current.
 2000-08-01 08:07:15 +00:00
alex
6ef8a00dbc Crypto sources are no longer export controlled: 
Explain, why crypto sources are still in crypto/.

Reviewed by:	markm
 2000-07-31 12:24:13 +00:00
asmodai
1e0ff1e9ee Fix a weird typo, is -> are. 
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.

Submitted by:	Jon Perkin <sketchy@netcraft.com>
 2000-07-27 19:21:15 +00:00
marko
5b6f43012f Fixed a minor typo in the header. 
Pointed out by:	asmodai
 2000-07-27 17:21:07 +00:00
marko
bac3d432ce Committed, Thanks!! 
PR:		20108
Submitted by:	Doug Lee
 2000-07-25 16:49:48 +00:00
ume
a96fe340ba Fix buffer size of ALIGNed buffer. 
PR:		bin/20053
Submitted by:	Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
 2000-07-20 14:54:04 +00:00
assar
79387f62b0 merge in syslog fixes, do not call syslog with variabel as format string 2000-07-20 05:43:55 +00:00
peter
e9baa5cc97 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
nsayer
92fcc2d3d7 Fix 'telnet -X sra' coredump 
PR# 19835
 2000-07-11 15:04:05 +00:00
peter
03d1c93d26 Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes) 2000-07-11 09:54:24 +00:00
peter
3e605439c1 Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600. 2000-07-11 09:52:14 +00:00
peter
b5823cc1e6 Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but 
sshd's internal default was 'yes'.  (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)

Approved by: kris
 2000-07-11 09:50:15 +00:00
peter
0edc966949 Make FallBackToRsh off by default. Falling back to rsh by default is 
silly in this day and age.

Approved by: kris
 2000-07-11 09:39:34 +00:00
kris
911669a1de Don't call printf with no format string. 2000-07-10 05:16:59 +00:00
ume
45d8dc287b Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA 
change (getaddrinfo.c rev 1.12).
 2000-07-08 05:22:00 +00:00
itojun
51f03c2d74 sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org 2000-07-07 12:35:05 +00:00
green
cd99eac545 Allow restarting on SIGHUP when the full path was not given as argv[0]. 
We do have /proc/curproc/file :)
 2000-07-04 06:43:26 +00:00
green
1f01eb0f78 So /this/ is what has made OpenSSH's SSHv2 support never work right! 
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
 2000-06-27 21:16:06 +00:00
green
d58f8c6566 Also make sure to close the socket that exceeds your rate limit. 2000-06-26 23:39:26 +00:00
green
6032b3e1eb Make rate limiting work per-listening-socket. Log better messages than 
before for this, requiring a new function (get_ipaddr()).  canohost.c
receives a $FreeBSD$ line.

Suggested by:	Niels Provos <niels@OpenBSD.org>
 2000-06-26 05:44:23 +00:00
markm
cf531b0a90 MFI. This is a documentation-only, diffreducing patch, that if 
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
 2000-06-24 06:50:58 +00:00
markm
f730aee9a0 Grrr. I hate CVS. These were supposed to be committed when I did the 
IDEA fix earlier today.

Bring back IDEA from the dead (but not compiled by default).
 2000-06-19 21:09:27 +00:00
markm
563a62186d Re-add IDEA. This is not actually built unless asked for by the user. 
(To avoid patent hassles).
 2000-06-19 13:59:34 +00:00
kris
4c97df6f1d Fix syntax error in previous commit. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-06-11 21:41:25 +00:00
kris
3040938ae2 Fix security botch in "UseLogin Yes" case: commands are executed with 
uid 0.

Obtained from:	OpenBSD
 2000-06-10 22:32:57 +00:00
ru
1f394a2458 Make `ssh-agent -k' work for csh(1)-like shells. 2000-06-10 14:14:28 +00:00
green
ac5c481ad0 Allow "DenyUsers" to function. 2000-06-06 06:16:55 +00:00
kris
b8a1eb5ea1 Resolve conflicts 2000-06-03 09:58:15 +00:00
kris
3639dd9ace Initial import of OpenSSH snapshot from 2000/05/30 
Obtained from:	OpenBSD
 2000-06-03 09:52:37 +00:00
kris
1c4b02a92e This commit was generated by cvs2svn to compensate for changes in r61209, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:52:37 +00:00
kris
dd1209e63c Resolve conflicts 2000-06-03 09:23:13 +00:00
kris
585dc667de Import from vendor repository. 
Obtained from:	OpenBSD
 2000-06-03 09:20:19 +00:00
kris
8a7831d8e0 This commit was generated by cvs2svn to compensate for changes in r61206, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:20:19 +00:00
kris
75f296e741 Bring vendor patches onto the main branch, and resolve conflicts. 2000-06-03 07:31:44 +00:00
kris
e503398156 Import vendor patches: the first is written by 
Brian Feldman <green@FreeBSD.org>

* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)

Submitted by:	green
Obtained from:	OpenBSD
 2000-06-03 07:18:09 +00:00
kris
7b7cd4c4d3 This commit was generated by cvs2svn to compensate for changes in r61201, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:18:09 +00:00
kris
10badcd8c7 Import vendor patch originally submitted by the below author: don't 
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.

Submitted by:	Jan Koum <jkb@yahoo-inc.com>
 2000-06-03 07:06:14 +00:00
kris
af709005df This commit was generated by cvs2svn to compensate for changes in r61199, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:06:14 +00:00
kris
e1e1f53651 Import vendor fix: "fix key_read() for uuencoded keys w/o '='" 
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.

Submitted by:	Christian Weisgerber <naddy@mips.inka.de>
Obtained from:	OpenBSD
 2000-06-03 06:51:30 +00:00
kris
bb0b65f065 Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
jake
5e208b0c18 Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
jake
1d685644e0 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
ache
051bad99a3 Turn on CheckMail to be more login-compatible by default 2000-05-23 06:06:54 +00:00
brian
0beebe9f7b Don't USE_PIPES 
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
 2000-05-22 09:51:18 +00:00
kris
e109927403 Correct two stupid typos in the DSA key location. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-05-18 06:04:23 +00:00
kris
4480fb101d Unbreak Kerberos5 compilation. This still remains untested. 
Noticed by:	obrien
 2000-05-17 08:06:20 +00:00
kris
35e5917a75 Oops, rename S/Key to Opie in line with FreeBSD usage. 2000-05-15 06:11:30 +00:00
kris
0be7f3c2c4 Create a DSA host key if one does not already exist, and teach sshd_config 
about it.
 2000-05-15 05:40:27 +00:00
kris
a5c6208127 Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00
kris
4dc8aa85ce Initial import of OpenSSH v2.1. 2000-05-15 04:37:24 +00:00
kris
9b4130bcbc This commit was generated by cvs2svn to compensate for changes in r60573, 
which included commits to RCS files with non-trunk default branches.
 2000-05-15 04:37:24 +00:00
nik
5001aa5ad5 Note that X11 Forwarding is off by default. 
PR:             docs/17566
Submitted by:   Keith Stevenson <ktstev01@louisville.edu>
 2000-04-30 22:41:58 +00:00
markm
251b3b6e8f MFF: catch up with FreeFall 2000-04-19 21:20:54 +00:00
kris
5fb3d480bd If stderr is closed, report the error message about missing libraries 
via syslog instead.

Reviewed by:	jkh
 2000-04-18 06:25:24 +00:00
markm
780b7ecb0c Internat diff reducer. 2000-04-16 17:49:31 +00:00
markm
48457cbba4 Virgin import of OpenSSL v0.9.5a 2000-04-16 16:03:07 +00:00
markm
f203f01833 This commit was generated by cvs2svn to compensate for changes in r59281, 
which included commits to RCS files with non-trunk default branches.
 2000-04-16 16:03:07 +00:00
kris
3bb46af2e4 Resolve conflicts. 2000-04-13 07:15:03 +00:00
kris
50bc915a9f Initial import of OpenSSL 0.9.5a 2000-04-13 06:33:22 +00:00
kris
29b7124027 This commit was generated by cvs2svn to compensate for changes in r59191, 
which included commits to RCS files with non-trunk default branches.
 2000-04-13 06:33:22 +00:00
kris
cd3ffade07 Correct a typo and interchanged library names 
Submitted by:	Ben Rosengart <ben@narcissus.net>
		Matthew D. Fuller <fullermd@futuresouth.com>
 2000-04-05 04:09:51 +00:00
kris
ccb2bb86c9 Fix a memory leak. 
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
 2000-03-29 08:24:37 +00:00
kris
9ff72212a8 #include <ssl/foo.h> -> #include <openssl/foo.h> 2000-03-26 10:00:28 +00:00
kris
cea45abfda Resolve conflicts. 2000-03-26 07:37:48 +00:00
kris
b201b15ee1 Virgin import of OpenSSH sources dated 2000/03/25 2000-03-26 07:07:24 +00:00
kris
09dfa7dfb4 This commit was generated by cvs2svn to compensate for changes in r58582, 
which included commits to RCS files with non-trunk default branches.
 2000-03-26 07:07:24 +00:00
kris
3f482ce298 Don't refer to the openssl handbook chapter by name - the doc guys keep 
jamming new chapters in front of it :)
 2000-03-25 07:28:18 +00:00
brian
85a39e63a4 Use pipe() instead of socketpair() in sshd when communicating 
with the client.
This allows ppp/ssh style tunnels to function again.

Ok'd by:	markk
Submitted by:	markk@knigma.org
 2000-03-24 15:39:37 +00:00
mpp
fdd7999364 Fix a few spelling errors. 2000-03-24 02:26:54 +00:00
sheldonh
48fa6a51df IgnoreUserKnownHosts is a boolean flag, not an integer value. 
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.

PR:		17027
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Obtained from:	OpenBSD
 2000-03-22 09:36:35 +00:00
kris
bd1f80cef9 Add a new function stub to libcrypto() which resolves to a symbol in 
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
 2000-03-13 09:55:53 +00:00
kris
afbc4bd1fb Various manpage style/grammar/formatting cleanups 
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar
PR:		17292 (remainder of)
 2000-03-13 00:17:43 +00:00
nik
81a3105a72 - typos 
- Add double spaces following full stops to improve typeset output
- mdoc-ification.  (Though I'm uncertain whether option values and
  contents should be .Dq or something else).
- Fix a missed /etc/ssh change
- Expand wording on RandomSeed and behaviour when X11 isn't forwarded.
- Change examples to literal mode.
- Trim trailing whitespace

PR:		docs/17292
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
 2000-03-10 11:48:49 +00:00
markm
43d424cab0 Make LOGIN_CAP work properly. 2000-03-09 14:52:31 +00:00
kris
cd40b5e1ea /etc -> /etc/ssh 
Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
 2000-03-08 03:44:00 +00:00
jhay
69eb79866d MFI: Use krb5 functions in krb5 files. 
Reviewed by:	markm
 2000-03-03 20:31:58 +00:00
shin
c1e729a062 Replace structure copy form ifreq obtained by SIOCGIFADDR 
to memcpy(), to avoid unaligned access trap on alpha.

Approved by: jkh
 2000-03-03 13:05:00 +00:00
shin
bd3c73b28d CMSG_XXX macros alignment fixes to follow RFC2292. 
Approved by: jkh
 2000-03-03 12:50:46 +00:00
green
42e845e2dd Turn off X11 forwarding in the client. X11 forwarding in the server by 
default should probably also get turned on, now.

Requested by:	kris
Obtained from:	OpenBSD
 2000-03-03 05:58:39 +00:00
kris
76dfe94f1d Update the wording on the error message when libcrypto.so can't find an 
RSA library.

Reviewed by:	peter, jkh
 2000-03-02 06:21:02 +00:00
ume
2b52652a6f Enable connection logging. FreeBSD's libwrap is IPv6 ready. 
OpenSSH is in our source tree, now.  It's a time to enable it.

Reviewed by:	markm, shin
Approved by:	jkh
 2000-02-29 19:37:04 +00:00
markm
e54fe4cc8e 1) Add kerberos5 functionality. 
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
   by Andrey Chernov
 2000-02-28 19:03:50 +00:00