d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
58,655 Commits 72 Branches 135 Tags 3.2 GiB
90b367d2b8
Commit Graph

277 Commits

Author SHA1 Message Date
green
2aecee364f Import of OpenSSH 2.3.0 (virgin OpenBSD source release). 2000-12-05 02:20:19 +00:00
brian
d71631cdd5 Remove duplicate line 
Not responded to by: kris, then green
 2000-12-04 22:57:53 +00:00
asmodai
f9ee1b3035 Add more environment variables to be filtered through scrub_env(). 
Synched from normal telnet.
 2000-11-30 13:14:54 +00:00
asmodai
17ac8dd5ff String paranoia fix. Synched from normal telnet. 2000-11-30 13:10:01 +00:00
asmodai
d8be929ac8 String paranoia. Merged from regular telnet. 2000-11-30 10:55:25 +00:00
kris
9ed2dafdd6 Correct definition of MAXHOSTNAMELEN in ifdef'ed code. 
Submitted by:	Edwin Groothuis <mavetju@chello.nl>
PR:		bin/22787
 2000-11-26 21:37:51 +00:00
green
31543fcdcc In env_destroy(), it is a bad idea to env_swap(self, 0) to switch 
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2000-11-25 02:00:35 +00:00
billf
f9709d079b Correct an arguement to ssh_add_identity, this matches what is currently 
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
 2000-11-25 01:55:42 +00:00
ru
c3189e713e mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
kris
5b3403165c Fix a buffer overflow from a long local hostname. 
Obtained from:	OpenBSD
 2000-11-19 10:08:26 +00:00
green
b95cf8b09c Add login_cap and login_access support. Previously, these FreeBSD-local 
checks were only made when using the 1.x protocol.
 2000-11-14 04:35:03 +00:00
green
100d82038d Import a security fix: the client would allow a server to use its 
ssh-agent or X11 forwarding even if it was disabled.

This is the vendor fix provided, not an actual revision of clientloop.c.

Submitted by:	Markus Friedl <markus@OpenBSD.org> via kris
 2000-11-14 03:51:53 +00:00
green
0ca278a6c8 This commit was generated by cvs2svn to compensate for changes in r68700, 
which included commits to RCS files with non-trunk default branches.
 2000-11-14 03:51:53 +00:00
kris
6a70ee8741 Update list of files to remove prior to import 2000-11-13 07:46:20 +00:00
kris
9fe6127c90 Resolve conflicts, and garbage collect some local changes that are no 
longer required
 2000-11-13 02:20:29 +00:00
kris
c2775125a7 Initial import of OpenSSL 0.9.6 2000-11-13 01:03:58 +00:00
kris
a20ace197e This commit was generated by cvs2svn to compensate for changes in r68651, 
which included commits to RCS files with non-trunk default branches.
 2000-11-13 01:03:58 +00:00
ru
f9c7198049 Avoid use of direct troff requests in mdoc(7) manual pages. 2000-11-10 17:46:15 +00:00
dougb
98b45016b2 Add a CVS Id tag 2000-10-29 10:00:58 +00:00
kris
3fa82411eb Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY 2000-10-29 00:10:14 +00:00
green
15f43d12d9 Fix a few style oddities. 2000-09-10 18:04:12 +00:00
green
9b66eed210 Fix a goof in timevaldiff. 2000-09-10 18:03:46 +00:00
kris
2a84d96bfa Remove files no longer present in OpenSSH 2.2.0 and beyond 2000-09-10 10:26:07 +00:00
kris
71b51dc832 Resolve conflicts and update for OpenSSH 2.2.0 
Reviewed by:	gshapiro, peter, green
 2000-09-10 09:35:38 +00:00
kris
0ca2bdc2f7 Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 2000-09-10 08:31:17 +00:00
kris
3d4fe2511f This commit was generated by cvs2svn to compensate for changes in r65668, 
which included commits to RCS files with non-trunk default branches.
 2000-09-10 08:31:17 +00:00
kris
395ad657f8 Nuke RSAREF support from orbit. 
It's the only way to be sure.
 2000-09-10 00:09:37 +00:00
kris
b688db32ff ttyname was not being passed into do_login(), so we were erroneously picking 
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by:	peter
 2000-09-04 08:43:05 +00:00
kris
e82b86bebd bzero() the struct timeval for paranoia 
Submitted by:	gshapiro
 2000-09-03 07:58:35 +00:00
kris
367e08bb74 Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody 
was using this feature.
 2000-09-02 07:32:05 +00:00
kris
aa3b9a47a8 Repair a broken conflict resolution in r1.2 which had the effect of nullifying 
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".

Submitted by:	gshapiro
 2000-09-02 05:40:50 +00:00
kris
aa72fb6d06 Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh! 
Submitted by:	gshapiro
 2000-09-02 04:41:33 +00:00
kris
cbf45b2b87 Re-add missing "break" which was lost during a previous patch 
integration. This currently has no effect.

Submitted by:	gshapiro
 2000-09-02 04:37:51 +00:00
kris
72765236c6 Turn on X11Forwarding by default on the server. Any risk is to the client, 
where it is already disabled by default.

Reminded by:	peter
 2000-09-02 03:49:22 +00:00
kris
c35f2b0120 Increase the default value of LoginGraceTime from 60 seconds to 120 
seconds.

PR:		20488
Submitted by:	rwatson
 2000-08-23 09:47:25 +00:00
kris
e7d14b45db Respect X11BASE to derive the location of xauth(1) 
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
 2000-08-23 09:39:20 +00:00
kris
e5f617598c Fix setproctitle() and syslog() vulnerabilities. 2000-08-13 05:23:23 +00:00
kris
a3b4cc13a0 This commit was generated by cvs2svn to compensate for changes in r64593, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 05:23:23 +00:00
kris
e5795f1541 Fix benign bugs due to missing format string in err() and warn(). 
Approved by:	assar (vendor :-)
 2000-08-13 04:46:54 +00:00
kris
d705e89ca3 This commit was generated by cvs2svn to compensate for changes in r64583, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 04:46:54 +00:00
kris
e4f947c892 Fix setproctitle() vulnerability in non-compiled code. 2000-08-13 04:35:43 +00:00
asmodai
91cbf96576 Chalk up another phkmalloc victim. 
It seems as if uninitialised memory was the culprit.

We may want to contribute this back to the OpenSSH project.

Submitted by:	Alexander Leidinger <Alexander@Leidinger.net> on -current.
 2000-08-01 08:07:15 +00:00
alex
6ef8a00dbc Crypto sources are no longer export controlled: 
Explain, why crypto sources are still in crypto/.

Reviewed by:	markm
 2000-07-31 12:24:13 +00:00
asmodai
1e0ff1e9ee Fix a weird typo, is -> are. 
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.

Submitted by:	Jon Perkin <sketchy@netcraft.com>
 2000-07-27 19:21:15 +00:00
marko
5b6f43012f Fixed a minor typo in the header. 
Pointed out by:	asmodai
 2000-07-27 17:21:07 +00:00
marko
bac3d432ce Committed, Thanks!! 
PR:		20108
Submitted by:	Doug Lee
 2000-07-25 16:49:48 +00:00
ume
a96fe340ba Fix buffer size of ALIGNed buffer. 
PR:		bin/20053
Submitted by:	Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
 2000-07-20 14:54:04 +00:00
assar
79387f62b0 merge in syslog fixes, do not call syslog with variabel as format string 2000-07-20 05:43:55 +00:00
peter
e9baa5cc97 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
nsayer
92fcc2d3d7 Fix 'telnet -X sra' coredump 
PR# 19835
 2000-07-11 15:04:05 +00:00
peter
03d1c93d26 Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes) 2000-07-11 09:54:24 +00:00
peter
3e605439c1 Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600. 2000-07-11 09:52:14 +00:00
peter
b5823cc1e6 Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but 
sshd's internal default was 'yes'.  (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)

Approved by: kris
 2000-07-11 09:50:15 +00:00
peter
0edc966949 Make FallBackToRsh off by default. Falling back to rsh by default is 
silly in this day and age.

Approved by: kris
 2000-07-11 09:39:34 +00:00
kris
911669a1de Don't call printf with no format string. 2000-07-10 05:16:59 +00:00
ume
45d8dc287b Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA 
change (getaddrinfo.c rev 1.12).
 2000-07-08 05:22:00 +00:00
itojun
51f03c2d74 sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org 2000-07-07 12:35:05 +00:00
green
cd99eac545 Allow restarting on SIGHUP when the full path was not given as argv[0]. 
We do have /proc/curproc/file :)
 2000-07-04 06:43:26 +00:00
green
1f01eb0f78 So /this/ is what has made OpenSSH's SSHv2 support never work right! 
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
 2000-06-27 21:16:06 +00:00
green
d58f8c6566 Also make sure to close the socket that exceeds your rate limit. 2000-06-26 23:39:26 +00:00
green
6032b3e1eb Make rate limiting work per-listening-socket. Log better messages than 
before for this, requiring a new function (get_ipaddr()).  canohost.c
receives a $FreeBSD$ line.

Suggested by:	Niels Provos <niels@OpenBSD.org>
 2000-06-26 05:44:23 +00:00
markm
cf531b0a90 MFI. This is a documentation-only, diffreducing patch, that if 
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
 2000-06-24 06:50:58 +00:00
markm
f730aee9a0 Grrr. I hate CVS. These were supposed to be committed when I did the 
IDEA fix earlier today.

Bring back IDEA from the dead (but not compiled by default).
 2000-06-19 21:09:27 +00:00
markm
563a62186d Re-add IDEA. This is not actually built unless asked for by the user. 
(To avoid patent hassles).
 2000-06-19 13:59:34 +00:00
kris
4c97df6f1d Fix syntax error in previous commit. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-06-11 21:41:25 +00:00
kris
3040938ae2 Fix security botch in "UseLogin Yes" case: commands are executed with 
uid 0.

Obtained from:	OpenBSD
 2000-06-10 22:32:57 +00:00
ru
1f394a2458 Make `ssh-agent -k' work for csh(1)-like shells. 2000-06-10 14:14:28 +00:00
green
ac5c481ad0 Allow "DenyUsers" to function. 2000-06-06 06:16:55 +00:00
kris
b8a1eb5ea1 Resolve conflicts 2000-06-03 09:58:15 +00:00
kris
3639dd9ace Initial import of OpenSSH snapshot from 2000/05/30 
Obtained from:	OpenBSD
 2000-06-03 09:52:37 +00:00
kris
1c4b02a92e This commit was generated by cvs2svn to compensate for changes in r61209, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:52:37 +00:00
kris
dd1209e63c Resolve conflicts 2000-06-03 09:23:13 +00:00
kris
585dc667de Import from vendor repository. 
Obtained from:	OpenBSD
 2000-06-03 09:20:19 +00:00
kris
8a7831d8e0 This commit was generated by cvs2svn to compensate for changes in r61206, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:20:19 +00:00
kris
75f296e741 Bring vendor patches onto the main branch, and resolve conflicts. 2000-06-03 07:31:44 +00:00
kris
e503398156 Import vendor patches: the first is written by 
Brian Feldman <green@FreeBSD.org>

* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)

Submitted by:	green
Obtained from:	OpenBSD
 2000-06-03 07:18:09 +00:00
kris
7b7cd4c4d3 This commit was generated by cvs2svn to compensate for changes in r61201, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:18:09 +00:00
kris
10badcd8c7 Import vendor patch originally submitted by the below author: don't 
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.

Submitted by:	Jan Koum <jkb@yahoo-inc.com>
 2000-06-03 07:06:14 +00:00
kris
af709005df This commit was generated by cvs2svn to compensate for changes in r61199, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:06:14 +00:00
kris
e1e1f53651 Import vendor fix: "fix key_read() for uuencoded keys w/o '='" 
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.

Submitted by:	Christian Weisgerber <naddy@mips.inka.de>
Obtained from:	OpenBSD
 2000-06-03 06:51:30 +00:00
kris
bb0b65f065 Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
jake
5e208b0c18 Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
jake
1d685644e0 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
ache
051bad99a3 Turn on CheckMail to be more login-compatible by default 2000-05-23 06:06:54 +00:00
brian
0beebe9f7b Don't USE_PIPES 
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
 2000-05-22 09:51:18 +00:00
kris
e109927403 Correct two stupid typos in the DSA key location. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-05-18 06:04:23 +00:00
kris
4480fb101d Unbreak Kerberos5 compilation. This still remains untested. 
Noticed by:	obrien
 2000-05-17 08:06:20 +00:00
kris
35e5917a75 Oops, rename S/Key to Opie in line with FreeBSD usage. 2000-05-15 06:11:30 +00:00
kris
0be7f3c2c4 Create a DSA host key if one does not already exist, and teach sshd_config 
about it.
 2000-05-15 05:40:27 +00:00
kris
a5c6208127 Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00
kris
4dc8aa85ce Initial import of OpenSSH v2.1. 2000-05-15 04:37:24 +00:00
kris
9b4130bcbc This commit was generated by cvs2svn to compensate for changes in r60573, 
which included commits to RCS files with non-trunk default branches.
 2000-05-15 04:37:24 +00:00
nik
5001aa5ad5 Note that X11 Forwarding is off by default. 
PR:             docs/17566
Submitted by:   Keith Stevenson <ktstev01@louisville.edu>
 2000-04-30 22:41:58 +00:00
markm
251b3b6e8f MFF: catch up with FreeFall 2000-04-19 21:20:54 +00:00
kris
5fb3d480bd If stderr is closed, report the error message about missing libraries 
via syslog instead.

Reviewed by:	jkh
 2000-04-18 06:25:24 +00:00
markm
780b7ecb0c Internat diff reducer. 2000-04-16 17:49:31 +00:00
markm
48457cbba4 Virgin import of OpenSSL v0.9.5a 2000-04-16 16:03:07 +00:00
markm
f203f01833 This commit was generated by cvs2svn to compensate for changes in r59281, 
which included commits to RCS files with non-trunk default branches.
 2000-04-16 16:03:07 +00:00
kris
3bb46af2e4 Resolve conflicts. 2000-04-13 07:15:03 +00:00
kris
50bc915a9f Initial import of OpenSSL 0.9.5a 2000-04-13 06:33:22 +00:00