Assar Westerlund
a16a9b0f1e
Fix LP64 problem in Kerberos 5 TGT passing.
...
Obtained from: NetBSD (done by thorpej@netbsd.org )
2001-03-12 08:14:22 +00:00
Assar Westerlund
bb330cd01e
enable auto-negotiation of encrypt and decrypt
2001-03-12 03:54:48 +00:00
Assar Westerlund
02c9ff5b94
initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory.
...
PR: bin/20779
2001-03-12 03:48:03 +00:00
Brian Feldman
46c9472cd6
Reenable the SIGPIPE signal handler default in all cases for spawned
...
sessions.
2001-03-11 02:26:57 +00:00
Mark Murray
a4f378438c
Remove stuff that is really "ports material", generated files and
...
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
2001-03-04 07:26:45 +00:00
Mark Murray
c21f532945
Trim down the source tree a bit. We shouldn't have blatantly
...
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
2001-03-04 07:06:39 +00:00
Assar Westerlund
cb96ab3672
Add code for being compatible with ssh.com's krb5 authentication.
...
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
2001-03-04 02:22:04 +00:00
Kris Kennaway
b64f39b655
Resolve conflicts
2001-02-18 03:23:30 +00:00
Kris Kennaway
de7cdddab1
Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10
2001-02-18 03:17:36 +00:00
Kris Kennaway
a991678294
This commit was generated by cvs2svn to compensate for changes in r72613,
...
which included commits to RCS files with non-trunk default branches.
2001-02-18 03:17:36 +00:00
Paul Saab
8e97fe726f
Make ConnectionsPerPeriod non-fatal for real.
2001-02-18 01:33:31 +00:00
Mark Murray
93f09f075a
Fix a "make world"-breaking inconsistency for those folks making
...
a world with both KRB4 and KRB5.
2001-02-14 19:54:36 +00:00
Assar Westerlund
0346cda4f9
nuke conflict markers
2001-02-13 22:40:28 +00:00
Assar Westerlund
c9e3f8cfb9
update to new heimdal libkrb5
2001-02-13 16:58:04 +00:00
Assar Westerlund
47085b17ae
fix conflicts in heimdal 0.3e import
2001-02-13 16:52:56 +00:00
Assar Westerlund
5e9cd1ae3e
import of heimdal 0.3e
2001-02-13 16:46:19 +00:00
Assar Westerlund
c25d7ab741
This commit was generated by cvs2svn to compensate for changes in r72445,
...
which included commits to RCS files with non-trunk default branches.
2001-02-13 16:46:19 +00:00
Kris Kennaway
a09221f83c
Patches backported from later development version of OpenSSH which prevent
...
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.
Reviewed by: rwatson
2001-02-12 06:44:51 +00:00
Kris Kennaway
e0834d8749
Note that crypto/ is not used to build in, people should see secure/
...
instead.
2001-02-10 04:47:47 +00:00
Jeroen Ruigrok van der Werven
2b081e30cf
Synch: Add $FreeBSD$.
2001-02-07 21:58:16 +00:00
Jeroen Ruigrok van der Werven
2fa72ea7d4
Fix typo: compatability -> compatibility.
...
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd
Fix typo: seperate -> separate.
...
Seperate does not exist in the english language.
Submitted to look at by: kris
2001-02-06 10:39:38 +00:00
Jeroen Ruigrok van der Werven
2cdd9c0332
Fix typo: wierd -> weird.
...
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
Brian Feldman
ffd692be66
Correctly fill in the sun_len for a sockaddr_sun.
...
Submitted by: Alexander Leidinger <Alexander@leidinger.net>
2001-02-04 20:23:17 +00:00
Brian Feldman
a61d605eda
MFS: Don't use the canonical hostname here, too.
2001-02-04 20:16:14 +00:00
Brian Feldman
895b03b1e8
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
2001-02-04 20:15:53 +00:00
Ruslan Ermilov
f78fa00345
mdoc(7) police: split punctuation characters + misc fixes.
2001-02-01 17:12:45 +00:00
Brian Feldman
926581ede3
Actually propagate back to the rest of the application that a command
...
was specified when using -t mode with the SSH client.
Submitted by: Dima Dorfman <dima@unixfreak.org>
2001-01-21 05:45:27 +00:00
Brian Feldman
ea0187039a
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
...
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
Ruslan Ermilov
72c60cff38
Prepare for mdoc(7)NG.
2001-01-10 16:51:28 +00:00
Brian Feldman
39567f8cee
Fix a long-standing bug that resulted in a dropped session sometimes
...
when an X11-forwarded client was closed. For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really). Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
Assar Westerlund
6e3caa0833
fix conflicts from merge
2000-12-29 21:16:01 +00:00
Assar Westerlund
5ad8ddfb6f
import krb4-1.0.5
2000-12-29 21:00:22 +00:00
Assar Westerlund
2a9bc9996c
This commit was generated by cvs2svn to compensate for changes in r70494,
...
which included commits to RCS files with non-trunk default branches.
2000-12-29 21:00:22 +00:00
Assar Westerlund
ee695f07e2
merge fix from vendor for not overwriting old ticket file
2000-12-10 21:01:33 +00:00
Assar Westerlund
45afb7befd
This commit was generated by cvs2svn to compensate for changes in r69836,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:01:33 +00:00
Assar Westerlund
7a7ff9f80d
merge fix from vendor for removing buffer overrun
2000-12-10 21:00:35 +00:00
Assar Westerlund
a623f068e0
This commit was generated by cvs2svn to compensate for changes in r69833,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:00:35 +00:00
Assar Westerlund
fcbc584c3b
merge fix from vendor for not looking at environment variables
2000-12-10 20:59:35 +00:00
Assar Westerlund
46c48c19a2
This commit was generated by cvs2svn to compensate for changes in r69830,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 20:59:35 +00:00
Assar Westerlund
ba688fa510
(scrub_env): change to only accept a listed set of variables,
...
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
Brian Feldman
099584266b
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
...
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
Brian Feldman
386879a128
Forgot to remove the old line in the last commit.
2000-12-05 02:41:01 +00:00
Brian Feldman
5b9b2fafd4
Import of OpenSSH 2.3.0 (virgin OpenBSD source release).
2000-12-05 02:20:19 +00:00
Brian Feldman
803a607983
This commit was generated by cvs2svn to compensate for changes in r69587,
...
which included commits to RCS files with non-trunk default branches.
2000-12-05 02:20:19 +00:00
Brian Somers
3c3d69579f
Remove duplicate line
...
Not responded to by: kris, then green
2000-12-04 22:57:53 +00:00
Jeroen Ruigrok van der Werven
acd1c3499e
Add more environment variables to be filtered through scrub_env().
...
Synched from normal telnet.
2000-11-30 13:14:54 +00:00
Jeroen Ruigrok van der Werven
d904cf9f8e
String paranoia fix. Synched from normal telnet.
2000-11-30 13:10:01 +00:00
Jeroen Ruigrok van der Werven
7e8f2fef03
String paranoia. Merged from regular telnet.
2000-11-30 10:55:25 +00:00
Kris Kennaway
f6fd83ed27
Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
...
Submitted by: Edwin Groothuis <mavetju@chello.nl>
PR: bin/22787
2000-11-26 21:37:51 +00:00
Brian Feldman
ee510eab3f
In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
...
back to the original environ unconditionally. The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set. Therefore, don't try to swap the env back
unless the previous env has been initialized.
PR: bin/22670
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2000-11-25 02:00:35 +00:00
Bill Fumerola
2a644691bc
Correct an arguement to ssh_add_identity, this matches what is currently
...
in ports/security/openssh/files/pam_ssh.c
PR: 22164
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by: green
Approved by: green
2000-11-25 01:55:42 +00:00
Ruslan Ermilov
e97407b4f2
mdoc(7) police: use the new features of the Nm macro.
2000-11-20 20:10:44 +00:00
Kris Kennaway
f743d11975
Fix a buffer overflow from a long local hostname.
...
Obtained from: OpenBSD
2000-11-19 10:08:26 +00:00
Brian Feldman
03e72be8c8
Add login_cap and login_access support. Previously, these FreeBSD-local
...
checks were only made when using the 1.x protocol.
2000-11-14 04:35:03 +00:00
Brian Feldman
4899dde749
Import a security fix: the client would allow a server to use its
...
ssh-agent or X11 forwarding even if it was disabled.
This is the vendor fix provided, not an actual revision of clientloop.c.
Submitted by: Markus Friedl <markus@OpenBSD.org> via kris
2000-11-14 03:51:53 +00:00
Brian Feldman
786df71457
This commit was generated by cvs2svn to compensate for changes in r68700,
...
which included commits to RCS files with non-trunk default branches.
2000-11-14 03:51:53 +00:00
Kris Kennaway
d153b54ab9
Update list of files to remove prior to import
2000-11-13 07:46:20 +00:00
Kris Kennaway
ae152dd3aa
Resolve conflicts, and garbage collect some local changes that are no
...
longer required
2000-11-13 02:20:29 +00:00
Kris Kennaway
ddd58736f0
Initial import of OpenSSL 0.9.6
2000-11-13 01:03:58 +00:00
Kris Kennaway
feb1e94b6a
This commit was generated by cvs2svn to compensate for changes in r68651,
...
which included commits to RCS files with non-trunk default branches.
2000-11-13 01:03:58 +00:00
Ruslan Ermilov
726b61ab5f
Avoid use of direct troff requests in mdoc(7) manual pages.
2000-11-10 17:46:15 +00:00
Doug Barton
ea8f54b543
Add a CVS Id tag
2000-10-29 10:00:58 +00:00
Kris Kennaway
579c78c7f6
Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY
2000-10-29 00:10:14 +00:00
Brian Feldman
4a950c224b
Fix a few style oddities.
2000-09-10 18:04:12 +00:00
Brian Feldman
dd5f9dffd6
Fix a goof in timevaldiff.
2000-09-10 18:03:46 +00:00
Kris Kennaway
b8c2df609a
Remove files no longer present in OpenSSH 2.2.0 and beyond
2000-09-10 10:26:07 +00:00
Kris Kennaway
c2d3a5594b
Resolve conflicts and update for OpenSSH 2.2.0
...
Reviewed by: gshapiro, peter, green
2000-09-10 09:35:38 +00:00
Kris Kennaway
b66f2d16a0
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09
2000-09-10 08:31:17 +00:00
Kris Kennaway
c7b5135400
This commit was generated by cvs2svn to compensate for changes in r65668,
...
which included commits to RCS files with non-trunk default branches.
2000-09-10 08:31:17 +00:00
Kris Kennaway
690a362571
Nuke RSAREF support from orbit.
...
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
Kris Kennaway
5ed779ad1e
ttyname was not being passed into do_login(), so we were erroneously picking
...
up the function definition from unistd.h instead. Use s->tty instead.
Submitted by: peter
2000-09-04 08:43:05 +00:00
Kris Kennaway
cabf13fcdb
bzero() the struct timeval for paranoia
...
Submitted by: gshapiro
2000-09-03 07:58:35 +00:00
Kris Kennaway
939c32909c
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
...
was using this feature.
2000-09-02 07:32:05 +00:00
Kris Kennaway
80bbcbe344
Repair a broken conflict resolution in r1.2 which had the effect of nullifying
...
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".
Submitted by: gshapiro
2000-09-02 05:40:50 +00:00
Kris Kennaway
14ef7e2794
Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh!
...
Submitted by: gshapiro
2000-09-02 04:41:33 +00:00
Kris Kennaway
ac70abf4bc
Re-add missing "break" which was lost during a previous patch
...
integration. This currently has no effect.
Submitted by: gshapiro
2000-09-02 04:37:51 +00:00
Kris Kennaway
1610cd7fa6
Turn on X11Forwarding by default on the server. Any risk is to the client,
...
where it is already disabled by default.
Reminded by: peter
2000-09-02 03:49:22 +00:00
Kris Kennaway
b87db7cec0
Increase the default value of LoginGraceTime from 60 seconds to 120
...
seconds.
PR: 20488
Submitted by: rwatson
2000-08-23 09:47:25 +00:00
Kris Kennaway
4d858ef441
Respect X11BASE to derive the location of xauth(1)
...
PR: 17818
Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00
Kris Kennaway
b904de74b0
Fix setproctitle() and syslog() vulnerabilities.
2000-08-13 05:23:23 +00:00
Kris Kennaway
9ef8fb5b06
This commit was generated by cvs2svn to compensate for changes in r64593,
...
which included commits to RCS files with non-trunk default branches.
2000-08-13 05:23:23 +00:00
Kris Kennaway
9c47a2dba1
Fix benign bugs due to missing format string in err() and warn().
...
Approved by: assar (vendor :-)
2000-08-13 04:46:54 +00:00
Kris Kennaway
b58b0cb1d2
This commit was generated by cvs2svn to compensate for changes in r64583,
...
which included commits to RCS files with non-trunk default branches.
2000-08-13 04:46:54 +00:00
Kris Kennaway
c26927949d
Fix setproctitle() vulnerability in non-compiled code.
2000-08-13 04:35:43 +00:00
Jeroen Ruigrok van der Werven
f30cce5c6c
Chalk up another phkmalloc victim.
...
It seems as if uninitialised memory was the culprit.
We may want to contribute this back to the OpenSSH project.
Submitted by: Alexander Leidinger <Alexander@Leidinger.net> on -current.
2000-08-01 08:07:15 +00:00
Alexander Langer
6877e653a0
Crypto sources are no longer export controlled:
...
Explain, why crypto sources are still in crypto/.
Reviewed by: markm
2000-07-31 12:24:13 +00:00
Jeroen Ruigrok van der Werven
870fb37275
Fix a weird typo, is -> are.
...
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.
Submitted by: Jon Perkin <sketchy@netcraft.com>
2000-07-27 19:21:15 +00:00
Mark Ovens
85ea01646c
Fixed a minor typo in the header.
...
Pointed out by: asmodai
2000-07-27 17:21:07 +00:00
Mark Ovens
2abceb0402
Committed, Thanks!!
...
PR: 20108
Submitted by: Doug Lee
2000-07-25 16:49:48 +00:00
Hajimu UMEMOTO
c847fdb1f9
Fix buffer size of ALIGNed buffer.
...
PR: bin/20053
Submitted by: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
2000-07-20 14:54:04 +00:00
Assar Westerlund
b3e7de4b6e
merge in syslog fixes, do not call syslog with variabel as format string
2000-07-20 05:43:55 +00:00
Peter Wemm
ecece7e319
Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
2000-07-16 05:48:49 +00:00
Nick Sayer
67bf7a0ac8
Fix 'telnet -X sra' coredump
...
PR# 19835
2000-07-11 15:04:05 +00:00
Peter Wemm
365c420eb1
Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)
2000-07-11 09:54:24 +00:00
Peter Wemm
44de2297a4
Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.
2000-07-11 09:52:14 +00:00
Peter Wemm
e213d985b2
Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but
...
sshd's internal default was 'yes'. (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)
Approved by: kris
2000-07-11 09:50:15 +00:00
Peter Wemm
a3d6796930
Make FallBackToRsh off by default. Falling back to rsh by default is
...
silly in this day and age.
Approved by: kris
2000-07-11 09:39:34 +00:00
Kris Kennaway
19a32101dd
Don't call printf with no format string.
2000-07-10 05:16:59 +00:00
Hajimu UMEMOTO
1c60903414
Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA
...
change (getaddrinfo.c rev 1.12).
2000-07-08 05:22:00 +00:00