Kris Kennaway
3c738b5631
This commit was generated by cvs2svn to compensate for changes in r79998,
...
which included commits to RCS files with non-trunk default branches.
2001-07-19 19:59:37 +00:00
Kris Kennaway
26d191b459
Initial import of OpenSSL 0.9.6b
2001-07-19 19:59:37 +00:00
Ruslan Ermilov
1ee47d0673
vsnprintf() can return a value larger than the buffer size.
...
Submitted by: assar
Obtained from: OpenBSD
2001-07-19 18:58:31 +00:00
Ruslan Ermilov
5f10368c1d
Fixed the exploitable remote buffer overflow.
...
Reported on: bugtraq
Obtained from: Heimdal, NetBSD
Reviewed by: obrien, imp
2001-07-19 17:48:57 +00:00
Jacques Vidrine
b33edd3956
Bug fix: When the client connects to a server and Kerberos
...
authentication is enabled, the client effectively ignores any error
from krb5_rd_rep due to a missing branch.
In theory this could result in an ssh client using Kerberos 5
authentication accepting a spoofed AP-REP. I doubt this is a real
possiblity, however, because the AP-REP is passed from the server to
the client via the SSH encrypted channel. Any tampering should cause
the decryption or MAC to fail.
Approved by: green
MFC after: 1 week
2001-07-13 18:12:13 +00:00
Ruslan Ermilov
63919764c2
mdoc(7) police: removed HISTORY info from the .Os call.
2001-07-10 10:42:19 +00:00
Brian Feldman
d9769eeead
Fix an incorrect conflict resolution which prevented TISAuthentication
...
from working right in 2.9.
2001-07-07 14:19:53 +00:00
Ruslan Ermilov
df1cda58e4
mdoc(7) police: merge all fixes from non-crypto version.
2001-07-05 14:08:12 +00:00
Ruslan Ermilov
a5493c1b77
MF non-crypto: 1.13: document -u in usage.
2001-07-05 14:06:27 +00:00
Brian Feldman
a15906e7aa
Also add a colon to "Bad passphrase, please try again ".
2001-06-29 16:43:13 +00:00
Brian Feldman
69b8e053cb
Put in a missing colon in the "Enter passphrase" message.
2001-06-29 16:34:14 +00:00
Brian Feldman
0c82706bc0
Back out the last change which is probably actually a red herring. Argh!
2001-06-26 15:15:22 +00:00
Brian Feldman
c3e2f3baec
Don't pointlessly kill a channel because the first (forced)
...
non-blocking read returns 0.
Now I can finally tunnel CVSUP again...
2001-06-26 14:17:35 +00:00
Assar Westerlund
c80b5a6353
fix merges from 0.3f
2001-06-21 02:21:57 +00:00
Assar Westerlund
362982da86
This commit was generated by cvs2svn to compensate for changes in r78527,
...
which included commits to RCS files with non-trunk default branches.
2001-06-21 02:12:07 +00:00
Assar Westerlund
adb0ddaeac
import of heimdal 0.3f
2001-06-21 02:12:07 +00:00
Assar Westerlund
07de0e4353
(do_authloop): handle !KRB4 && KRB5
2001-06-16 07:44:17 +00:00
Mark Murray
7e40a391bc
Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does
...
not imply that you want, need or have kerberosIV headers.
2001-06-15 08:12:31 +00:00
Brian Feldman
e7edf5a116
Enable Kerberos 5 support in sshd again.
2001-06-12 03:43:47 +00:00
Brian Feldman
e9fd63dfdd
Switch to the user's uid before attempting to unlink the auth forwarding
...
file, nullifying the effects of a race.
Obtained from: OpenBSD
2001-06-08 22:22:09 +00:00
David E. O'Brien
e8f64f5ebf
Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason.
2001-05-24 07:22:08 +00:00
Matthew Dillon
7a2254dcf0
Oops, forgot the 'u' in the getopt for the previous commit.
2001-05-24 00:14:19 +00:00
Matthew Dillon
e5c23e887b
A feature to allow one to telnet to a unix domain socket. (MFC from
...
non-crypto version)
Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.
Obtained from: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
2001-05-23 22:54:07 +00:00
Kris Kennaway
f06df90bde
Resolve conflicts
2001-05-20 03:17:35 +00:00
Kris Kennaway
5740a5e34c
Initial import of OpenSSL 0.9.6a
2001-05-20 03:07:21 +00:00
Kris Kennaway
4992dce6f6
This commit was generated by cvs2svn to compensate for changes in r76866,
...
which included commits to RCS files with non-trunk default branches.
2001-05-20 03:07:21 +00:00
David E. O'Brien
d3ebe37cd0
Restore the RSA host key to /etc/ssh/ssh_host_key.
...
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
2001-05-18 18:10:02 +00:00
Nick Sayer
9286fd701f
Make the PAM user-override actually override the correect thing.
2001-05-17 16:28:11 +00:00
Peter Wemm
64867478d8
Back out last commit. This was already fixed. This should never have
...
happened, this is why we have commit mail expressly delivered to
committers.
2001-05-17 03:14:42 +00:00
Peter Wemm
d48d5be0d0
Fix the latest telnet breakage. Obviously this was never compiled.
2001-05-17 03:13:00 +00:00
Nick Sayer
1848e3d448
Since the root-on-insecure-tty code was added to telnetd, a dependency
...
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
2001-05-16 20:34:42 +00:00
Nick Sayer
166b3cb9a0
Make sure the protocol actively rejects bad data rather than
...
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
Nick Sayer
8183ac8f53
srandomdev() affords us the opportunity to radically improve, and at the
...
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
Nick Sayer
60f581768d
Catch any attempted buffer overflows. The magic numbers in this code
...
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.
Submitted by: kris
2001-05-16 18:27:09 +00:00
Nick Sayer
e7157113a9
Catch malloc return failures. This should help avoid dereferencing NULL on
...
low-memory situations.
Submitted by: kris
2001-05-16 18:17:55 +00:00
Peter Wemm
cd189e1195
Hack to work around braindeath in libtelnet:sra.c. The sra.o file
...
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
Nick Sayer
c7be24c970
If the uid of the attempted authentication is 0 and if the pty is
...
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
Brian Feldman
62c931e0a4
If a host would exceed 16 characters in the utmp entry, record only
...
it's IP address/base host instead.
Submitted by: brian
2001-05-15 01:50:40 +00:00
Ruslan Ermilov
bb60401e7a
mdoc(7) police: finished fixing conflicts in revision 1.18.
2001-05-14 18:13:34 +00:00
Mark Murray
fa83754c4e
Fix make world in the kerberosIV case.
2001-05-11 09:36:17 +00:00
Assar Westerlund
66b166c994
merge imported changes into HEAD
2001-05-11 00:14:02 +00:00
Alfred Perlstein
2c917d39b2
Fix some of the handling in the pam module, don't unregister things
...
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.
Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
2001-05-09 03:40:37 +00:00
Brian Feldman
00e38eaf7f
Since PAM is broken, let pam_setcred() failure be non-fatal.
2001-05-08 22:30:18 +00:00
Assar Westerlund
45524cd79e
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
Assar Westerlund
d1edd0128c
This commit was generated by cvs2svn to compensate for changes in r76371,
...
which included commits to RCS files with non-trunk default branches.
2001-05-08 14:57:13 +00:00
Assar Westerlund
a3204abff5
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
Nick Sayer
053c5b3a9e
Pointy hat fix -- reapply the SRA PAM patch. To -current this time.
2001-05-07 20:42:02 +00:00
Brian Feldman
3817a12c9b
sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
2001-05-05 13:48:13 +00:00
Brian Feldman
4c5de86978
Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
...
(Missing Delta Brigade, tally-ho!)
2001-05-05 01:12:45 +00:00
Brian Feldman
87767895f0
Get ssh(1) compiling with MAKE_KERBEROS5.
2001-05-04 04:37:49 +00:00