Brian Feldman
5b9b2fafd4
Import of OpenSSH 2.3.0 (virgin OpenBSD source release).
2000-12-05 02:20:19 +00:00
Brian Somers
3c3d69579f
Remove duplicate line
...
Not responded to by: kris, then green
2000-12-04 22:57:53 +00:00
Jeroen Ruigrok van der Werven
acd1c3499e
Add more environment variables to be filtered through scrub_env().
...
Synched from normal telnet.
2000-11-30 13:14:54 +00:00
Jeroen Ruigrok van der Werven
d904cf9f8e
String paranoia fix. Synched from normal telnet.
2000-11-30 13:10:01 +00:00
Jeroen Ruigrok van der Werven
7e8f2fef03
String paranoia. Merged from regular telnet.
2000-11-30 10:55:25 +00:00
Kris Kennaway
f6fd83ed27
Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
...
Submitted by: Edwin Groothuis <mavetju@chello.nl>
PR: bin/22787
2000-11-26 21:37:51 +00:00
Brian Feldman
ee510eab3f
In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
...
back to the original environ unconditionally. The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set. Therefore, don't try to swap the env back
unless the previous env has been initialized.
PR: bin/22670
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2000-11-25 02:00:35 +00:00
Bill Fumerola
2a644691bc
Correct an arguement to ssh_add_identity, this matches what is currently
...
in ports/security/openssh/files/pam_ssh.c
PR: 22164
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by: green
Approved by: green
2000-11-25 01:55:42 +00:00
Ruslan Ermilov
e97407b4f2
mdoc(7) police: use the new features of the Nm macro.
2000-11-20 20:10:44 +00:00
Kris Kennaway
f743d11975
Fix a buffer overflow from a long local hostname.
...
Obtained from: OpenBSD
2000-11-19 10:08:26 +00:00
Brian Feldman
03e72be8c8
Add login_cap and login_access support. Previously, these FreeBSD-local
...
checks were only made when using the 1.x protocol.
2000-11-14 04:35:03 +00:00
Brian Feldman
4899dde749
Import a security fix: the client would allow a server to use its
...
ssh-agent or X11 forwarding even if it was disabled.
This is the vendor fix provided, not an actual revision of clientloop.c.
Submitted by: Markus Friedl <markus@OpenBSD.org> via kris
2000-11-14 03:51:53 +00:00
Brian Feldman
786df71457
This commit was generated by cvs2svn to compensate for changes in r68700,
...
which included commits to RCS files with non-trunk default branches.
2000-11-14 03:51:53 +00:00
Kris Kennaway
d153b54ab9
Update list of files to remove prior to import
2000-11-13 07:46:20 +00:00
Kris Kennaway
ae152dd3aa
Resolve conflicts, and garbage collect some local changes that are no
...
longer required
2000-11-13 02:20:29 +00:00
Kris Kennaway
ddd58736f0
Initial import of OpenSSL 0.9.6
2000-11-13 01:03:58 +00:00
Kris Kennaway
feb1e94b6a
This commit was generated by cvs2svn to compensate for changes in r68651,
...
which included commits to RCS files with non-trunk default branches.
2000-11-13 01:03:58 +00:00
Ruslan Ermilov
726b61ab5f
Avoid use of direct troff requests in mdoc(7) manual pages.
2000-11-10 17:46:15 +00:00
Doug Barton
ea8f54b543
Add a CVS Id tag
2000-10-29 10:00:58 +00:00
Kris Kennaway
579c78c7f6
Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY
2000-10-29 00:10:14 +00:00
Brian Feldman
4a950c224b
Fix a few style oddities.
2000-09-10 18:04:12 +00:00
Brian Feldman
dd5f9dffd6
Fix a goof in timevaldiff.
2000-09-10 18:03:46 +00:00
Kris Kennaway
b8c2df609a
Remove files no longer present in OpenSSH 2.2.0 and beyond
2000-09-10 10:26:07 +00:00
Kris Kennaway
c2d3a5594b
Resolve conflicts and update for OpenSSH 2.2.0
...
Reviewed by: gshapiro, peter, green
2000-09-10 09:35:38 +00:00
Kris Kennaway
b66f2d16a0
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09
2000-09-10 08:31:17 +00:00
Kris Kennaway
c7b5135400
This commit was generated by cvs2svn to compensate for changes in r65668,
...
which included commits to RCS files with non-trunk default branches.
2000-09-10 08:31:17 +00:00
Kris Kennaway
690a362571
Nuke RSAREF support from orbit.
...
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
Kris Kennaway
5ed779ad1e
ttyname was not being passed into do_login(), so we were erroneously picking
...
up the function definition from unistd.h instead. Use s->tty instead.
Submitted by: peter
2000-09-04 08:43:05 +00:00
Kris Kennaway
cabf13fcdb
bzero() the struct timeval for paranoia
...
Submitted by: gshapiro
2000-09-03 07:58:35 +00:00
Kris Kennaway
939c32909c
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
...
was using this feature.
2000-09-02 07:32:05 +00:00
Kris Kennaway
80bbcbe344
Repair a broken conflict resolution in r1.2 which had the effect of nullifying
...
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".
Submitted by: gshapiro
2000-09-02 05:40:50 +00:00
Kris Kennaway
14ef7e2794
Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh!
...
Submitted by: gshapiro
2000-09-02 04:41:33 +00:00
Kris Kennaway
ac70abf4bc
Re-add missing "break" which was lost during a previous patch
...
integration. This currently has no effect.
Submitted by: gshapiro
2000-09-02 04:37:51 +00:00
Kris Kennaway
1610cd7fa6
Turn on X11Forwarding by default on the server. Any risk is to the client,
...
where it is already disabled by default.
Reminded by: peter
2000-09-02 03:49:22 +00:00
Kris Kennaway
b87db7cec0
Increase the default value of LoginGraceTime from 60 seconds to 120
...
seconds.
PR: 20488
Submitted by: rwatson
2000-08-23 09:47:25 +00:00
Kris Kennaway
4d858ef441
Respect X11BASE to derive the location of xauth(1)
...
PR: 17818
Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00
Kris Kennaway
b904de74b0
Fix setproctitle() and syslog() vulnerabilities.
2000-08-13 05:23:23 +00:00
Kris Kennaway
9ef8fb5b06
This commit was generated by cvs2svn to compensate for changes in r64593,
...
which included commits to RCS files with non-trunk default branches.
2000-08-13 05:23:23 +00:00
Kris Kennaway
9c47a2dba1
Fix benign bugs due to missing format string in err() and warn().
...
Approved by: assar (vendor :-)
2000-08-13 04:46:54 +00:00
Kris Kennaway
b58b0cb1d2
This commit was generated by cvs2svn to compensate for changes in r64583,
...
which included commits to RCS files with non-trunk default branches.
2000-08-13 04:46:54 +00:00
Kris Kennaway
c26927949d
Fix setproctitle() vulnerability in non-compiled code.
2000-08-13 04:35:43 +00:00
Jeroen Ruigrok van der Werven
f30cce5c6c
Chalk up another phkmalloc victim.
...
It seems as if uninitialised memory was the culprit.
We may want to contribute this back to the OpenSSH project.
Submitted by: Alexander Leidinger <Alexander@Leidinger.net> on -current.
2000-08-01 08:07:15 +00:00
Alexander Langer
6877e653a0
Crypto sources are no longer export controlled:
...
Explain, why crypto sources are still in crypto/.
Reviewed by: markm
2000-07-31 12:24:13 +00:00
Jeroen Ruigrok van der Werven
870fb37275
Fix a weird typo, is -> are.
...
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.
Submitted by: Jon Perkin <sketchy@netcraft.com>
2000-07-27 19:21:15 +00:00
Mark Ovens
85ea01646c
Fixed a minor typo in the header.
...
Pointed out by: asmodai
2000-07-27 17:21:07 +00:00
Mark Ovens
2abceb0402
Committed, Thanks!!
...
PR: 20108
Submitted by: Doug Lee
2000-07-25 16:49:48 +00:00
Hajimu UMEMOTO
c847fdb1f9
Fix buffer size of ALIGNed buffer.
...
PR: bin/20053
Submitted by: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
2000-07-20 14:54:04 +00:00
Assar Westerlund
b3e7de4b6e
merge in syslog fixes, do not call syslog with variabel as format string
2000-07-20 05:43:55 +00:00
Peter Wemm
ecece7e319
Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
2000-07-16 05:48:49 +00:00
Nick Sayer
67bf7a0ac8
Fix 'telnet -X sra' coredump
...
PR# 19835
2000-07-11 15:04:05 +00:00
Peter Wemm
365c420eb1
Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)
2000-07-11 09:54:24 +00:00
Peter Wemm
44de2297a4
Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.
2000-07-11 09:52:14 +00:00
Peter Wemm
e213d985b2
Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but
...
sshd's internal default was 'yes'. (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)
Approved by: kris
2000-07-11 09:50:15 +00:00
Peter Wemm
a3d6796930
Make FallBackToRsh off by default. Falling back to rsh by default is
...
silly in this day and age.
Approved by: kris
2000-07-11 09:39:34 +00:00
Kris Kennaway
19a32101dd
Don't call printf with no format string.
2000-07-10 05:16:59 +00:00
Hajimu UMEMOTO
1c60903414
Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA
...
change (getaddrinfo.c rev 1.12).
2000-07-08 05:22:00 +00:00
Jun-ichiro itojun Hagino
7e154dad2e
sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org
2000-07-07 12:35:05 +00:00
Brian Feldman
c8ef594c0f
Allow restarting on SIGHUP when the full path was not given as argv[0].
...
We do have /proc/curproc/file :)
2000-07-04 06:43:26 +00:00
Brian Feldman
21deafa350
So /this/ is what has made OpenSSH's SSHv2 support never work right!
...
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
2000-06-27 21:16:06 +00:00
Brian Feldman
c342fc930b
Also make sure to close the socket that exceeds your rate limit.
2000-06-26 23:39:26 +00:00
Brian Feldman
7e03cf33e9
Make rate limiting work per-listening-socket. Log better messages than
...
before for this, requiring a new function (get_ipaddr()). canohost.c
receives a $FreeBSD$ line.
Suggested by: Niels Provos <niels@OpenBSD.org>
2000-06-26 05:44:23 +00:00
Mark Murray
ce09ad5098
MFI. This is a documentation-only, diffreducing patch, that if
...
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
2000-06-24 06:50:58 +00:00
Mark Murray
4fe82c1303
Grrr. I hate CVS. These were supposed to be committed when I did the
...
IDEA fix earlier today.
Bring back IDEA from the dead (but not compiled by default).
2000-06-19 21:09:27 +00:00
Mark Murray
84fa01da81
Re-add IDEA. This is not actually built unless asked for by the user.
...
(To avoid patent hassles).
2000-06-19 13:59:34 +00:00
Kris Kennaway
fb633b3056
Fix syntax error in previous commit.
...
Submitted by: Udo Schweigert <ust@cert.siemens.de>
2000-06-11 21:41:25 +00:00
Kris Kennaway
95e2a710ad
Fix security botch in "UseLogin Yes" case: commands are executed with
...
uid 0.
Obtained from: OpenBSD
2000-06-10 22:32:57 +00:00
Ruslan Ermilov
b3ba283ebe
Make `ssh-agent -k' work for csh(1)-like shells.
2000-06-10 14:14:28 +00:00
Brian Feldman
2803b77e52
Allow "DenyUsers" to function.
2000-06-06 06:16:55 +00:00
Kris Kennaway
c322fe352d
Resolve conflicts
2000-06-03 09:58:15 +00:00
Kris Kennaway
2632b0c875
Initial import of OpenSSH snapshot from 2000/05/30
...
Obtained from: OpenBSD
2000-06-03 09:52:37 +00:00
Kris Kennaway
7513668808
This commit was generated by cvs2svn to compensate for changes in r61209,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 09:52:37 +00:00
Kris Kennaway
cfa18fd2ba
Resolve conflicts
2000-06-03 09:23:13 +00:00
Kris Kennaway
87e372b8a2
Import from vendor repository.
...
Obtained from: OpenBSD
2000-06-03 09:20:19 +00:00
Kris Kennaway
48fb0b1aa9
This commit was generated by cvs2svn to compensate for changes in r61206,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 09:20:19 +00:00
Kris Kennaway
db1cb46ca2
Bring vendor patches onto the main branch, and resolve conflicts.
2000-06-03 07:31:44 +00:00
Kris Kennaway
1ae2db81a5
Import vendor patches: the first is written by
...
Brian Feldman <green@FreeBSD.org>
* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)
Submitted by: green
Obtained from: OpenBSD
2000-06-03 07:18:09 +00:00
Kris Kennaway
7567fde002
This commit was generated by cvs2svn to compensate for changes in r61201,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 07:18:09 +00:00
Kris Kennaway
fcee55a281
Import vendor patch originally submitted by the below author: don't
...
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.
Submitted by: Jan Koum <jkb@yahoo-inc.com>
2000-06-03 07:06:14 +00:00
Kris Kennaway
6298712178
This commit was generated by cvs2svn to compensate for changes in r61199,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 07:06:14 +00:00
Kris Kennaway
830ccf58ce
Import vendor fix: "fix key_read() for uuencoded keys w/o '='"
...
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.
Submitted by: Christian Weisgerber <naddy@mips.inka.de>
Obtained from: OpenBSD
2000-06-03 06:51:30 +00:00
Kris Kennaway
4f00f8562d
Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken
...
from the openssh port)
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
2000-05-30 09:03:15 +00:00
Jake Burkholder
e39756439c
Back out the previous change to the queue(3) interface.
...
It was not discussed and should probably not happen.
Requested by: msmith and others
2000-05-26 02:09:24 +00:00
Jake Burkholder
740a1973a6
Change the way that the queue(3) structures are declared; don't assume that
...
the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk
Reviewed by: phk
Approved by: mdodd
2000-05-23 20:41:01 +00:00
Andrey A. Chernov
a4bc7676d4
Turn on CheckMail to be more login-compatible by default
2000-05-23 06:06:54 +00:00
Brian Somers
73813569e4
Don't USE_PIPES
...
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
2000-05-22 09:51:18 +00:00
Kris Kennaway
ba0c6b0830
Correct two stupid typos in the DSA key location.
...
Submitted by: Udo Schweigert <ust@cert.siemens.de>
2000-05-18 06:04:23 +00:00
Kris Kennaway
b787acb5e3
Unbreak Kerberos5 compilation. This still remains untested.
...
Noticed by: obrien
2000-05-17 08:06:20 +00:00
Kris Kennaway
e551e5eafa
Oops, rename S/Key to Opie in line with FreeBSD usage.
2000-05-15 06:11:30 +00:00
Kris Kennaway
0c11f6e187
Create a DSA host key if one does not already exist, and teach sshd_config
...
about it.
2000-05-15 05:40:27 +00:00
Kris Kennaway
e8aafc91b5
Resolve conflicts and update for FreeBSD.
2000-05-15 05:24:25 +00:00
Kris Kennaway
a04a10f891
Initial import of OpenSSH v2.1.
2000-05-15 04:37:24 +00:00
Kris Kennaway
fe01acb846
This commit was generated by cvs2svn to compensate for changes in r60573,
...
which included commits to RCS files with non-trunk default branches.
2000-05-15 04:37:24 +00:00
Nik Clayton
699cc2f5e1
Note that X11 Forwarding is off by default.
...
PR: docs/17566
Submitted by: Keith Stevenson <ktstev01@louisville.edu>
2000-04-30 22:41:58 +00:00
Mark Murray
79eb2b5421
MFF: catch up with FreeFall
2000-04-19 21:20:54 +00:00
Kris Kennaway
9a823cff39
If stderr is closed, report the error message about missing libraries
...
via syslog instead.
Reviewed by: jkh
2000-04-18 06:25:24 +00:00
Mark Murray
3c6b6b90c7
Internat diff reducer.
2000-04-16 17:49:31 +00:00
Mark Murray
07c567b8ec
Virgin import of OpenSSL v0.9.5a
2000-04-16 16:03:07 +00:00
Mark Murray
ef781a073e
This commit was generated by cvs2svn to compensate for changes in r59281,
...
which included commits to RCS files with non-trunk default branches.
2000-04-16 16:03:07 +00:00
Kris Kennaway
7e7159cbdc
Resolve conflicts.
2000-04-13 07:15:03 +00:00
Kris Kennaway
f579bf8ec7
Initial import of OpenSSL 0.9.5a
2000-04-13 06:33:22 +00:00