Nick Sayer
60f581768d
Catch any attempted buffer overflows. The magic numbers in this code
...
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.
Submitted by: kris
2001-05-16 18:27:09 +00:00
Nick Sayer
e7157113a9
Catch malloc return failures. This should help avoid dereferencing NULL on
...
low-memory situations.
Submitted by: kris
2001-05-16 18:17:55 +00:00
Peter Wemm
cd189e1195
Hack to work around braindeath in libtelnet:sra.c. The sra.o file
...
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
Nick Sayer
c7be24c970
If the uid of the attempted authentication is 0 and if the pty is
...
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
Brian Feldman
62c931e0a4
If a host would exceed 16 characters in the utmp entry, record only
...
it's IP address/base host instead.
Submitted by: brian
2001-05-15 01:50:40 +00:00
Ruslan Ermilov
bb60401e7a
mdoc(7) police: finished fixing conflicts in revision 1.18.
2001-05-14 18:13:34 +00:00
Mark Murray
fa83754c4e
Fix make world in the kerberosIV case.
2001-05-11 09:36:17 +00:00
Assar Westerlund
66b166c994
merge imported changes into HEAD
2001-05-11 00:14:02 +00:00
Alfred Perlstein
2c917d39b2
Fix some of the handling in the pam module, don't unregister things
...
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.
Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
2001-05-09 03:40:37 +00:00
Brian Feldman
00e38eaf7f
Since PAM is broken, let pam_setcred() failure be non-fatal.
2001-05-08 22:30:18 +00:00
Assar Westerlund
45524cd79e
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
Assar Westerlund
d1edd0128c
This commit was generated by cvs2svn to compensate for changes in r76371,
...
which included commits to RCS files with non-trunk default branches.
2001-05-08 14:57:13 +00:00
Assar Westerlund
a3204abff5
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
Nick Sayer
053c5b3a9e
Pointy hat fix -- reapply the SRA PAM patch. To -current this time.
2001-05-07 20:42:02 +00:00
Brian Feldman
3817a12c9b
sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
2001-05-05 13:48:13 +00:00
Brian Feldman
4c5de86978
Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
...
(Missing Delta Brigade, tally-ho!)
2001-05-05 01:12:45 +00:00
Brian Feldman
87767895f0
Get ssh(1) compiling with MAKE_KERBEROS5.
2001-05-04 04:37:49 +00:00
Brian Feldman
345012bf8b
Remove obsoleted files.
2001-05-04 04:15:22 +00:00
Brian Feldman
ca3176e7c8
Fix conflicts for OpenSSH 2.9.
2001-05-04 04:14:23 +00:00
Brian Feldman
1e8db6e2f6
Say "hi" to the latest in the OpenSSH series, version 2.9!
...
Happy birthday to: rwatson
2001-05-04 03:57:05 +00:00
Brian Feldman
3ed16d1511
This commit was generated by cvs2svn to compensate for changes in r76259,
...
which included commits to RCS files with non-trunk default branches.
2001-05-04 03:57:05 +00:00
Brian Feldman
933ca70f8f
Add a "VersionAddendum" configuration setting for sshd which allows
...
anyone to easily change the part of the OpenSSH version after the main
version number. The FreeBSD-specific version banner could be disabled
that way, for example:
# Call ourselves plain OpenSSH
VersionAddendum
2001-05-03 00:29:28 +00:00
Brian Feldman
1f5ce8f412
Backout completely canonical lookup modifications.
2001-05-03 00:26:47 +00:00
Mark Murray
b7ffbfee87
Toss into attic stuff we don't use.
2001-04-14 09:48:26 +00:00
Ruslan Ermilov
566f5a4859
mdoc(7) police: removed hard sentence breaks introduced in rev.1.10.
2001-04-13 08:49:52 +00:00
Nick Sayer
036790848a
Clean up telnet's argument processing a bit. autologin and encryption is
...
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
2001-04-06 15:56:10 +00:00
Nick Sayer
6a1fe28e41
Reactivate SRA.
...
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
Brian Feldman
313cb084c4
Suggested by kris, OpenSSH shall have a version designated to note that
...
it's not "plain" OpenSSH 2.3.0.
2001-03-20 02:11:25 +00:00
Brian Feldman
e0fbb1d2de
Make password attacks based on traffic analysis harder by requiring that
...
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.
Obtained from: OpenBSD
2001-03-20 02:06:40 +00:00
Nick Sayer
989efc86f5
Fix core noted in -stable with 'auth disable SRA'.
...
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
Jeroen Ruigrok van der Werven
f7191d4fae
Fix double mention of ssh.
...
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.
PR: 25743
Submitted by: David Wolfskill <dhw@whistle.com>
2001-03-15 09:24:40 +00:00
Brian Feldman
e4fe1ca667
Don't dump core when an attempt is made to login using protocol 2 with
...
an invalid user name.
2001-03-15 03:15:18 +00:00
Assar Westerlund
aeccfe991a
(try_krb5_authentication): simplify code. from joda@netbsd.org
2001-03-13 04:42:38 +00:00
Assar Westerlund
a16a9b0f1e
Fix LP64 problem in Kerberos 5 TGT passing.
...
Obtained from: NetBSD (done by thorpej@netbsd.org )
2001-03-12 08:14:22 +00:00
Assar Westerlund
bb330cd01e
enable auto-negotiation of encrypt and decrypt
2001-03-12 03:54:48 +00:00
Assar Westerlund
02c9ff5b94
initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory.
...
PR: bin/20779
2001-03-12 03:48:03 +00:00
Brian Feldman
46c9472cd6
Reenable the SIGPIPE signal handler default in all cases for spawned
...
sessions.
2001-03-11 02:26:57 +00:00
Mark Murray
a4f378438c
Remove stuff that is really "ports material", generated files and
...
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
2001-03-04 07:26:45 +00:00
Mark Murray
c21f532945
Trim down the source tree a bit. We shouldn't have blatantly
...
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
2001-03-04 07:06:39 +00:00
Assar Westerlund
cb96ab3672
Add code for being compatible with ssh.com's krb5 authentication.
...
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
2001-03-04 02:22:04 +00:00
Kris Kennaway
b64f39b655
Resolve conflicts
2001-02-18 03:23:30 +00:00
Kris Kennaway
de7cdddab1
Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10
2001-02-18 03:17:36 +00:00
Kris Kennaway
a991678294
This commit was generated by cvs2svn to compensate for changes in r72613,
...
which included commits to RCS files with non-trunk default branches.
2001-02-18 03:17:36 +00:00
Paul Saab
8e97fe726f
Make ConnectionsPerPeriod non-fatal for real.
2001-02-18 01:33:31 +00:00
Mark Murray
93f09f075a
Fix a "make world"-breaking inconsistency for those folks making
...
a world with both KRB4 and KRB5.
2001-02-14 19:54:36 +00:00
Assar Westerlund
0346cda4f9
nuke conflict markers
2001-02-13 22:40:28 +00:00
Assar Westerlund
c9e3f8cfb9
update to new heimdal libkrb5
2001-02-13 16:58:04 +00:00
Assar Westerlund
47085b17ae
fix conflicts in heimdal 0.3e import
2001-02-13 16:52:56 +00:00
Assar Westerlund
5e9cd1ae3e
import of heimdal 0.3e
2001-02-13 16:46:19 +00:00
Assar Westerlund
c25d7ab741
This commit was generated by cvs2svn to compensate for changes in r72445,
...
which included commits to RCS files with non-trunk default branches.
2001-02-13 16:46:19 +00:00
Kris Kennaway
a09221f83c
Patches backported from later development version of OpenSSH which prevent
...
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.
Reviewed by: rwatson
2001-02-12 06:44:51 +00:00
Kris Kennaway
e0834d8749
Note that crypto/ is not used to build in, people should see secure/
...
instead.
2001-02-10 04:47:47 +00:00
Jeroen Ruigrok van der Werven
2b081e30cf
Synch: Add $FreeBSD$.
2001-02-07 21:58:16 +00:00
Jeroen Ruigrok van der Werven
2fa72ea7d4
Fix typo: compatability -> compatibility.
...
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd
Fix typo: seperate -> separate.
...
Seperate does not exist in the english language.
Submitted to look at by: kris
2001-02-06 10:39:38 +00:00
Jeroen Ruigrok van der Werven
2cdd9c0332
Fix typo: wierd -> weird.
...
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
Brian Feldman
ffd692be66
Correctly fill in the sun_len for a sockaddr_sun.
...
Submitted by: Alexander Leidinger <Alexander@leidinger.net>
2001-02-04 20:23:17 +00:00
Brian Feldman
a61d605eda
MFS: Don't use the canonical hostname here, too.
2001-02-04 20:16:14 +00:00
Brian Feldman
895b03b1e8
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
2001-02-04 20:15:53 +00:00
Ruslan Ermilov
f78fa00345
mdoc(7) police: split punctuation characters + misc fixes.
2001-02-01 17:12:45 +00:00
Brian Feldman
926581ede3
Actually propagate back to the rest of the application that a command
...
was specified when using -t mode with the SSH client.
Submitted by: Dima Dorfman <dima@unixfreak.org>
2001-01-21 05:45:27 +00:00
Brian Feldman
ea0187039a
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
...
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
Ruslan Ermilov
72c60cff38
Prepare for mdoc(7)NG.
2001-01-10 16:51:28 +00:00
Brian Feldman
39567f8cee
Fix a long-standing bug that resulted in a dropped session sometimes
...
when an X11-forwarded client was closed. For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really). Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
Assar Westerlund
6e3caa0833
fix conflicts from merge
2000-12-29 21:16:01 +00:00
Assar Westerlund
5ad8ddfb6f
import krb4-1.0.5
2000-12-29 21:00:22 +00:00
Assar Westerlund
2a9bc9996c
This commit was generated by cvs2svn to compensate for changes in r70494,
...
which included commits to RCS files with non-trunk default branches.
2000-12-29 21:00:22 +00:00
Assar Westerlund
ee695f07e2
merge fix from vendor for not overwriting old ticket file
2000-12-10 21:01:33 +00:00
Assar Westerlund
45afb7befd
This commit was generated by cvs2svn to compensate for changes in r69836,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:01:33 +00:00
Assar Westerlund
7a7ff9f80d
merge fix from vendor for removing buffer overrun
2000-12-10 21:00:35 +00:00
Assar Westerlund
a623f068e0
This commit was generated by cvs2svn to compensate for changes in r69833,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:00:35 +00:00
Assar Westerlund
fcbc584c3b
merge fix from vendor for not looking at environment variables
2000-12-10 20:59:35 +00:00
Assar Westerlund
46c48c19a2
This commit was generated by cvs2svn to compensate for changes in r69830,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 20:59:35 +00:00
Assar Westerlund
ba688fa510
(scrub_env): change to only accept a listed set of variables,
...
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
Brian Feldman
099584266b
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
...
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
Brian Feldman
386879a128
Forgot to remove the old line in the last commit.
2000-12-05 02:41:01 +00:00
Brian Feldman
5b9b2fafd4
Import of OpenSSH 2.3.0 (virgin OpenBSD source release).
2000-12-05 02:20:19 +00:00
Brian Feldman
803a607983
This commit was generated by cvs2svn to compensate for changes in r69587,
...
which included commits to RCS files with non-trunk default branches.
2000-12-05 02:20:19 +00:00
Brian Somers
3c3d69579f
Remove duplicate line
...
Not responded to by: kris, then green
2000-12-04 22:57:53 +00:00
Jeroen Ruigrok van der Werven
acd1c3499e
Add more environment variables to be filtered through scrub_env().
...
Synched from normal telnet.
2000-11-30 13:14:54 +00:00
Jeroen Ruigrok van der Werven
d904cf9f8e
String paranoia fix. Synched from normal telnet.
2000-11-30 13:10:01 +00:00
Jeroen Ruigrok van der Werven
7e8f2fef03
String paranoia. Merged from regular telnet.
2000-11-30 10:55:25 +00:00
Kris Kennaway
f6fd83ed27
Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
...
Submitted by: Edwin Groothuis <mavetju@chello.nl>
PR: bin/22787
2000-11-26 21:37:51 +00:00
Brian Feldman
ee510eab3f
In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
...
back to the original environ unconditionally. The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set. Therefore, don't try to swap the env back
unless the previous env has been initialized.
PR: bin/22670
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2000-11-25 02:00:35 +00:00
Bill Fumerola
2a644691bc
Correct an arguement to ssh_add_identity, this matches what is currently
...
in ports/security/openssh/files/pam_ssh.c
PR: 22164
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by: green
Approved by: green
2000-11-25 01:55:42 +00:00
Ruslan Ermilov
e97407b4f2
mdoc(7) police: use the new features of the Nm macro.
2000-11-20 20:10:44 +00:00
Kris Kennaway
f743d11975
Fix a buffer overflow from a long local hostname.
...
Obtained from: OpenBSD
2000-11-19 10:08:26 +00:00
Brian Feldman
03e72be8c8
Add login_cap and login_access support. Previously, these FreeBSD-local
...
checks were only made when using the 1.x protocol.
2000-11-14 04:35:03 +00:00
Brian Feldman
4899dde749
Import a security fix: the client would allow a server to use its
...
ssh-agent or X11 forwarding even if it was disabled.
This is the vendor fix provided, not an actual revision of clientloop.c.
Submitted by: Markus Friedl <markus@OpenBSD.org> via kris
2000-11-14 03:51:53 +00:00
Brian Feldman
786df71457
This commit was generated by cvs2svn to compensate for changes in r68700,
...
which included commits to RCS files with non-trunk default branches.
2000-11-14 03:51:53 +00:00
Kris Kennaway
d153b54ab9
Update list of files to remove prior to import
2000-11-13 07:46:20 +00:00
Kris Kennaway
ae152dd3aa
Resolve conflicts, and garbage collect some local changes that are no
...
longer required
2000-11-13 02:20:29 +00:00
Kris Kennaway
ddd58736f0
Initial import of OpenSSL 0.9.6
2000-11-13 01:03:58 +00:00
Kris Kennaway
feb1e94b6a
This commit was generated by cvs2svn to compensate for changes in r68651,
...
which included commits to RCS files with non-trunk default branches.
2000-11-13 01:03:58 +00:00
Ruslan Ermilov
726b61ab5f
Avoid use of direct troff requests in mdoc(7) manual pages.
2000-11-10 17:46:15 +00:00
Doug Barton
ea8f54b543
Add a CVS Id tag
2000-10-29 10:00:58 +00:00
Kris Kennaway
579c78c7f6
Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY
2000-10-29 00:10:14 +00:00
Brian Feldman
4a950c224b
Fix a few style oddities.
2000-09-10 18:04:12 +00:00
Brian Feldman
dd5f9dffd6
Fix a goof in timevaldiff.
2000-09-10 18:03:46 +00:00
Kris Kennaway
b8c2df609a
Remove files no longer present in OpenSSH 2.2.0 and beyond
2000-09-10 10:26:07 +00:00
Kris Kennaway
c2d3a5594b
Resolve conflicts and update for OpenSSH 2.2.0
...
Reviewed by: gshapiro, peter, green
2000-09-10 09:35:38 +00:00
Kris Kennaway
b66f2d16a0
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09
2000-09-10 08:31:17 +00:00
Kris Kennaway
c7b5135400
This commit was generated by cvs2svn to compensate for changes in r65668,
...
which included commits to RCS files with non-trunk default branches.
2000-09-10 08:31:17 +00:00
Kris Kennaway
690a362571
Nuke RSAREF support from orbit.
...
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
Kris Kennaway
5ed779ad1e
ttyname was not being passed into do_login(), so we were erroneously picking
...
up the function definition from unistd.h instead. Use s->tty instead.
Submitted by: peter
2000-09-04 08:43:05 +00:00
Kris Kennaway
cabf13fcdb
bzero() the struct timeval for paranoia
...
Submitted by: gshapiro
2000-09-03 07:58:35 +00:00
Kris Kennaway
939c32909c
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
...
was using this feature.
2000-09-02 07:32:05 +00:00
Kris Kennaway
80bbcbe344
Repair a broken conflict resolution in r1.2 which had the effect of nullifying
...
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".
Submitted by: gshapiro
2000-09-02 05:40:50 +00:00
Kris Kennaway
14ef7e2794
Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh!
...
Submitted by: gshapiro
2000-09-02 04:41:33 +00:00
Kris Kennaway
ac70abf4bc
Re-add missing "break" which was lost during a previous patch
...
integration. This currently has no effect.
Submitted by: gshapiro
2000-09-02 04:37:51 +00:00
Kris Kennaway
1610cd7fa6
Turn on X11Forwarding by default on the server. Any risk is to the client,
...
where it is already disabled by default.
Reminded by: peter
2000-09-02 03:49:22 +00:00
Kris Kennaway
b87db7cec0
Increase the default value of LoginGraceTime from 60 seconds to 120
...
seconds.
PR: 20488
Submitted by: rwatson
2000-08-23 09:47:25 +00:00
Kris Kennaway
4d858ef441
Respect X11BASE to derive the location of xauth(1)
...
PR: 17818
Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00
Kris Kennaway
b904de74b0
Fix setproctitle() and syslog() vulnerabilities.
2000-08-13 05:23:23 +00:00
Kris Kennaway
9ef8fb5b06
This commit was generated by cvs2svn to compensate for changes in r64593,
...
which included commits to RCS files with non-trunk default branches.
2000-08-13 05:23:23 +00:00
Kris Kennaway
9c47a2dba1
Fix benign bugs due to missing format string in err() and warn().
...
Approved by: assar (vendor :-)
2000-08-13 04:46:54 +00:00
Kris Kennaway
b58b0cb1d2
This commit was generated by cvs2svn to compensate for changes in r64583,
...
which included commits to RCS files with non-trunk default branches.
2000-08-13 04:46:54 +00:00
Kris Kennaway
c26927949d
Fix setproctitle() vulnerability in non-compiled code.
2000-08-13 04:35:43 +00:00
Jeroen Ruigrok van der Werven
f30cce5c6c
Chalk up another phkmalloc victim.
...
It seems as if uninitialised memory was the culprit.
We may want to contribute this back to the OpenSSH project.
Submitted by: Alexander Leidinger <Alexander@Leidinger.net> on -current.
2000-08-01 08:07:15 +00:00
Alexander Langer
6877e653a0
Crypto sources are no longer export controlled:
...
Explain, why crypto sources are still in crypto/.
Reviewed by: markm
2000-07-31 12:24:13 +00:00
Jeroen Ruigrok van der Werven
870fb37275
Fix a weird typo, is -> are.
...
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.
Submitted by: Jon Perkin <sketchy@netcraft.com>
2000-07-27 19:21:15 +00:00
Mark Ovens
85ea01646c
Fixed a minor typo in the header.
...
Pointed out by: asmodai
2000-07-27 17:21:07 +00:00
Mark Ovens
2abceb0402
Committed, Thanks!!
...
PR: 20108
Submitted by: Doug Lee
2000-07-25 16:49:48 +00:00
Hajimu UMEMOTO
c847fdb1f9
Fix buffer size of ALIGNed buffer.
...
PR: bin/20053
Submitted by: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
2000-07-20 14:54:04 +00:00
Assar Westerlund
b3e7de4b6e
merge in syslog fixes, do not call syslog with variabel as format string
2000-07-20 05:43:55 +00:00
Peter Wemm
ecece7e319
Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
2000-07-16 05:48:49 +00:00
Nick Sayer
67bf7a0ac8
Fix 'telnet -X sra' coredump
...
PR# 19835
2000-07-11 15:04:05 +00:00
Peter Wemm
365c420eb1
Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)
2000-07-11 09:54:24 +00:00
Peter Wemm
44de2297a4
Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.
2000-07-11 09:52:14 +00:00
Peter Wemm
e213d985b2
Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but
...
sshd's internal default was 'yes'. (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)
Approved by: kris
2000-07-11 09:50:15 +00:00
Peter Wemm
a3d6796930
Make FallBackToRsh off by default. Falling back to rsh by default is
...
silly in this day and age.
Approved by: kris
2000-07-11 09:39:34 +00:00
Kris Kennaway
19a32101dd
Don't call printf with no format string.
2000-07-10 05:16:59 +00:00
Hajimu UMEMOTO
1c60903414
Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA
...
change (getaddrinfo.c rev 1.12).
2000-07-08 05:22:00 +00:00
Jun-ichiro itojun Hagino
7e154dad2e
sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org
2000-07-07 12:35:05 +00:00
Brian Feldman
c8ef594c0f
Allow restarting on SIGHUP when the full path was not given as argv[0].
...
We do have /proc/curproc/file :)
2000-07-04 06:43:26 +00:00
Brian Feldman
21deafa350
So /this/ is what has made OpenSSH's SSHv2 support never work right!
...
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
2000-06-27 21:16:06 +00:00
Brian Feldman
c342fc930b
Also make sure to close the socket that exceeds your rate limit.
2000-06-26 23:39:26 +00:00
Brian Feldman
7e03cf33e9
Make rate limiting work per-listening-socket. Log better messages than
...
before for this, requiring a new function (get_ipaddr()). canohost.c
receives a $FreeBSD$ line.
Suggested by: Niels Provos <niels@OpenBSD.org>
2000-06-26 05:44:23 +00:00
Mark Murray
ce09ad5098
MFI. This is a documentation-only, diffreducing patch, that if
...
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
2000-06-24 06:50:58 +00:00
Mark Murray
4fe82c1303
Grrr. I hate CVS. These were supposed to be committed when I did the
...
IDEA fix earlier today.
Bring back IDEA from the dead (but not compiled by default).
2000-06-19 21:09:27 +00:00
Mark Murray
84fa01da81
Re-add IDEA. This is not actually built unless asked for by the user.
...
(To avoid patent hassles).
2000-06-19 13:59:34 +00:00
Kris Kennaway
fb633b3056
Fix syntax error in previous commit.
...
Submitted by: Udo Schweigert <ust@cert.siemens.de>
2000-06-11 21:41:25 +00:00
Kris Kennaway
95e2a710ad
Fix security botch in "UseLogin Yes" case: commands are executed with
...
uid 0.
Obtained from: OpenBSD
2000-06-10 22:32:57 +00:00
Ruslan Ermilov
b3ba283ebe
Make `ssh-agent -k' work for csh(1)-like shells.
2000-06-10 14:14:28 +00:00
Brian Feldman
2803b77e52
Allow "DenyUsers" to function.
2000-06-06 06:16:55 +00:00
Kris Kennaway
c322fe352d
Resolve conflicts
2000-06-03 09:58:15 +00:00
Kris Kennaway
2632b0c875
Initial import of OpenSSH snapshot from 2000/05/30
...
Obtained from: OpenBSD
2000-06-03 09:52:37 +00:00
Kris Kennaway
7513668808
This commit was generated by cvs2svn to compensate for changes in r61209,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 09:52:37 +00:00
Kris Kennaway
cfa18fd2ba
Resolve conflicts
2000-06-03 09:23:13 +00:00
Kris Kennaway
87e372b8a2
Import from vendor repository.
...
Obtained from: OpenBSD
2000-06-03 09:20:19 +00:00
Kris Kennaway
48fb0b1aa9
This commit was generated by cvs2svn to compensate for changes in r61206,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 09:20:19 +00:00
Kris Kennaway
db1cb46ca2
Bring vendor patches onto the main branch, and resolve conflicts.
2000-06-03 07:31:44 +00:00
Kris Kennaway
1ae2db81a5
Import vendor patches: the first is written by
...
Brian Feldman <green@FreeBSD.org>
* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)
Submitted by: green
Obtained from: OpenBSD
2000-06-03 07:18:09 +00:00
Kris Kennaway
7567fde002
This commit was generated by cvs2svn to compensate for changes in r61201,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 07:18:09 +00:00
Kris Kennaway
fcee55a281
Import vendor patch originally submitted by the below author: don't
...
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.
Submitted by: Jan Koum <jkb@yahoo-inc.com>
2000-06-03 07:06:14 +00:00
Kris Kennaway
6298712178
This commit was generated by cvs2svn to compensate for changes in r61199,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 07:06:14 +00:00
Kris Kennaway
830ccf58ce
Import vendor fix: "fix key_read() for uuencoded keys w/o '='"
...
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.
Submitted by: Christian Weisgerber <naddy@mips.inka.de>
Obtained from: OpenBSD
2000-06-03 06:51:30 +00:00
Kris Kennaway
4f00f8562d
Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken
...
from the openssh port)
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
2000-05-30 09:03:15 +00:00
Jake Burkholder
e39756439c
Back out the previous change to the queue(3) interface.
...
It was not discussed and should probably not happen.
Requested by: msmith and others
2000-05-26 02:09:24 +00:00
Jake Burkholder
740a1973a6
Change the way that the queue(3) structures are declared; don't assume that
...
the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk
Reviewed by: phk
Approved by: mdodd
2000-05-23 20:41:01 +00:00
Andrey A. Chernov
a4bc7676d4
Turn on CheckMail to be more login-compatible by default
2000-05-23 06:06:54 +00:00
Brian Somers
73813569e4
Don't USE_PIPES
...
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
2000-05-22 09:51:18 +00:00
Kris Kennaway
ba0c6b0830
Correct two stupid typos in the DSA key location.
...
Submitted by: Udo Schweigert <ust@cert.siemens.de>
2000-05-18 06:04:23 +00:00
Kris Kennaway
b787acb5e3
Unbreak Kerberos5 compilation. This still remains untested.
...
Noticed by: obrien
2000-05-17 08:06:20 +00:00
Kris Kennaway
e551e5eafa
Oops, rename S/Key to Opie in line with FreeBSD usage.
2000-05-15 06:11:30 +00:00
Kris Kennaway
0c11f6e187
Create a DSA host key if one does not already exist, and teach sshd_config
...
about it.
2000-05-15 05:40:27 +00:00
Kris Kennaway
e8aafc91b5
Resolve conflicts and update for FreeBSD.
2000-05-15 05:24:25 +00:00
Kris Kennaway
a04a10f891
Initial import of OpenSSH v2.1.
2000-05-15 04:37:24 +00:00
Kris Kennaway
fe01acb846
This commit was generated by cvs2svn to compensate for changes in r60573,
...
which included commits to RCS files with non-trunk default branches.
2000-05-15 04:37:24 +00:00
Nik Clayton
699cc2f5e1
Note that X11 Forwarding is off by default.
...
PR: docs/17566
Submitted by: Keith Stevenson <ktstev01@louisville.edu>
2000-04-30 22:41:58 +00:00
Mark Murray
79eb2b5421
MFF: catch up with FreeFall
2000-04-19 21:20:54 +00:00
Kris Kennaway
9a823cff39
If stderr is closed, report the error message about missing libraries
...
via syslog instead.
Reviewed by: jkh
2000-04-18 06:25:24 +00:00
Mark Murray
3c6b6b90c7
Internat diff reducer.
2000-04-16 17:49:31 +00:00
Mark Murray
07c567b8ec
Virgin import of OpenSSL v0.9.5a
2000-04-16 16:03:07 +00:00
Mark Murray
ef781a073e
This commit was generated by cvs2svn to compensate for changes in r59281,
...
which included commits to RCS files with non-trunk default branches.
2000-04-16 16:03:07 +00:00
Kris Kennaway
7e7159cbdc
Resolve conflicts.
2000-04-13 07:15:03 +00:00
Kris Kennaway
f579bf8ec7
Initial import of OpenSSL 0.9.5a
2000-04-13 06:33:22 +00:00
Kris Kennaway
193faf8655
This commit was generated by cvs2svn to compensate for changes in r59191,
...
which included commits to RCS files with non-trunk default branches.
2000-04-13 06:33:22 +00:00
Kris Kennaway
2d773b269e
Correct a typo and interchanged library names
...
Submitted by: Ben Rosengart <ben@narcissus.net>
Matthew D. Fuller <fullermd@futuresouth.com>
2000-04-05 04:09:51 +00:00
Kris Kennaway
e31adaffd9
Fix a memory leak.
...
PR: 17360
Submitted by: Andrew J. Korty <ajk@iu.edu>
2000-03-29 08:24:37 +00:00
Kris Kennaway
18fa3c2ec9
#include <ssl/foo.h> -> #include <openssl/foo.h>
2000-03-26 10:00:28 +00:00
Kris Kennaway
3c6ae11886
Resolve conflicts.
2000-03-26 07:37:48 +00:00
Kris Kennaway
a8f6863aa6
Virgin import of OpenSSH sources dated 2000/03/25
2000-03-26 07:07:24 +00:00
Kris Kennaway
cc99d7f2df
This commit was generated by cvs2svn to compensate for changes in r58582,
...
which included commits to RCS files with non-trunk default branches.
2000-03-26 07:07:24 +00:00
Kris Kennaway
6aae670844
Don't refer to the openssl handbook chapter by name - the doc guys keep
...
jamming new chapters in front of it :)
2000-03-25 07:28:18 +00:00
Brian Somers
727214e9b8
Use pipe() instead of socketpair() in sshd when communicating
...
with the client.
This allows ppp/ssh style tunnels to function again.
Ok'd by: markk
Submitted by: markk@knigma.org
2000-03-24 15:39:37 +00:00
Mike Pritchard
5c51cd6437
Fix a few spelling errors.
2000-03-24 02:26:54 +00:00
Sheldon Hearn
962a3f4e81
IgnoreUserKnownHosts is a boolean flag, not an integer value.
...
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.
PR: 17027
Submitted by: David Malone <dwmalone@maths.tcd.ie>
Obtained from: OpenBSD
2000-03-22 09:36:35 +00:00
Kris Kennaway
9fd4066575
Add a new function stub to libcrypto() which resolves to a symbol in
...
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.
This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'
This is a 4.0-RELEASE candidate.
2000-03-13 09:55:53 +00:00
Kris Kennaway
6a8633db4e
Various manpage style/grammar/formatting cleanups
...
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar
PR: 17292 (remainder of)
2000-03-13 00:17:43 +00:00
Nik Clayton
8ff0a8c302
- typos
...
- Add double spaces following full stops to improve typeset output
- mdoc-ification. (Though I'm uncertain whether option values and
contents should be .Dq or something else).
- Fix a missed /etc/ssh change
- Expand wording on RandomSeed and behaviour when X11 isn't forwarded.
- Change examples to literal mode.
- Trim trailing whitespace
PR: docs/17292
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
2000-03-10 11:48:49 +00:00
Mark Murray
c59bf09996
Make LOGIN_CAP work properly.
2000-03-09 14:52:31 +00:00
Kris Kennaway
2134165c54
/etc -> /etc/ssh
...
Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
2000-03-08 03:44:00 +00:00
John Hay
2216ad9c7e
MFI: Use krb5 functions in krb5 files.
...
Reviewed by: markm
2000-03-03 20:31:58 +00:00
Yoshinobu Inoue
137d85e410
Replace structure copy form ifreq obtained by SIOCGIFADDR
...
to memcpy(), to avoid unaligned access trap on alpha.
Approved by: jkh
2000-03-03 13:05:00 +00:00
Yoshinobu Inoue
46ad1c2366
CMSG_XXX macros alignment fixes to follow RFC2292.
...
Approved by: jkh
2000-03-03 12:50:46 +00:00
Brian Feldman
5dc73ebebe
Turn off X11 forwarding in the client. X11 forwarding in the server by
...
default should probably also get turned on, now.
Requested by: kris
Obtained from: OpenBSD
2000-03-03 05:58:39 +00:00
Kris Kennaway
1d32417468
Update the wording on the error message when libcrypto.so can't find an
...
RSA library.
Reviewed by: peter, jkh
2000-03-02 06:21:02 +00:00
Hajimu UMEMOTO
e51ec40ec8
Enable connection logging. FreeBSD's libwrap is IPv6 ready.
...
OpenSSH is in our source tree, now. It's a time to enable it.
Reviewed by: markm, shin
Approved by: jkh
2000-02-29 19:37:04 +00:00
Mark Murray
fe5fd0173b
1) Add kerberos5 functionality.
...
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
by Andrey Chernov
2000-02-28 19:03:50 +00:00
Brian Somers
ccd16b43ed
Don't put truncated hostnames in utmp
...
Approved by: jkh
2000-02-28 18:51:30 +00:00
Peter Wemm
6f35016f23
Sync with internat.freebsd.org; weak symbols vs static libs == trouble
2000-02-26 16:57:17 +00:00
Peter Wemm
7d8acc815a
Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot.
2000-02-26 14:20:18 +00:00
Peter Wemm
4198e0cb8b
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
...
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
2000-02-26 13:19:18 +00:00
Peter Wemm
9fa5f5fd96
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
...
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
2000-02-26 13:13:03 +00:00
Peter Wemm
b70ab85b2b
At great personal risk (to my already fragile sanity), reorganize
...
the rsa stubs for libcrypto. libcrypto.so now uses dlopen() to
implement the backends for either the native or rsaref implemented
RSA code.
This involves:
- unifying the libcrypto and openssl(1) source so there is no
#ifdef RSAref variations.
- using weak symbols and dlopen()/dlsym() routines to access the
rsa method vectors.
Releases will enable the user to choose International, US (rsaref) or
no RSA code at install time.
'make world' will DTRT depending on whether you have the international
or US source. For US users, you must either install rsaref (the port
or package) or (if you don't fear RSA Inc) use the (superior)
International rsa_eay.c code.
This has been discussed at great length by the affected folks and even
we have a great deal of confusion. This is a checkpoint so we can tune
the results. This works for me in all permutations I can think of and
should result in a CD/ftp 'release' just about doing the right thing now.
2000-02-26 13:06:55 +00:00
Peter Wemm
2307080405
Redo this with a repo copy from the original file and reset the
...
__PREFIX__ markers.
2000-02-26 09:59:14 +00:00
Peter Wemm
4d3289a849
oops, update path to /etc/ssh/ssh_host_key
2000-02-26 02:24:38 +00:00
Peter Wemm
9ceffc938a
Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh
2000-02-25 14:25:10 +00:00
Peter Wemm
150f7c198f
Don't use the dlopen() stubs if comiling with PIC. This still
...
needs some more thought for the static case. Should we provide weak
error-generating stubs for static binaries if -lrsaref was forgotten?
2000-02-25 08:13:50 +00:00
Brian Feldman
8261034302
Fix a bug that crawled in pretty recently (from the port). It made
...
sshd coredump :(
2000-02-25 05:22:14 +00:00
Peter Wemm
38ba484ce1
Fix garbage in SSH_PROGRAM (only on freefall, not internat)
2000-02-25 04:41:06 +00:00
Brian Feldman
a95c122521
Make "CheckHostIP" default to off. This was proposed on -security and
...
earlier IRC, but despite my inital feeling against it, this seems
the more proper thing to do.
Proposed by: rwatson
2000-02-25 03:04:29 +00:00
Brian Feldman
18a711954e
The includes must be <openssl/.*\.h>, not <ssl/.*\.h>.
2000-02-25 01:53:12 +00:00
Mark Murray
b719e3c926
remove more ports crud.
2000-02-24 23:54:00 +00:00
Mark Murray
6ecb050733
remove ports junk
2000-02-24 23:46:38 +00:00
Mark Murray
c7aee9a208
Use libcrypto instead of libdes.
2000-02-24 20:21:16 +00:00
Mark Murray
bfb672b22a
RIP libdes. All hail libcrypto!
2000-02-24 19:35:08 +00:00
Mark Murray
bf4f84d44c
Get crypto from libcrypto, not libdes.
2000-02-24 19:28:31 +00:00
Mark Murray
42f71286cd
Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)
2000-02-24 15:29:42 +00:00
Mark Murray
511b41d2a1
Vendor import of OpenSSH.
2000-02-24 14:29:47 +00:00
Mark Murray
8e3e42fe07
This commit was generated by cvs2svn to compensate for changes in r57429,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 14:29:47 +00:00
Mark Murray
8ceb13ade4
Merge conflicts.
2000-02-24 13:37:41 +00:00
Mark Murray
c97e282188
Oops; forgot to add this.
2000-02-24 13:20:48 +00:00
Mark Murray
b98bf15079
Get this to the same level of functionality as old libdes.
2000-02-24 13:20:15 +00:00
Mark Murray
d61f1c7965
Vendor import of Heimdal 0.2p
2000-02-24 11:28:20 +00:00
Mark Murray
957428c77a
This commit was generated by cvs2svn to compensate for changes in r57422,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:28:20 +00:00
Mark Murray
283d988c23
Vendor import of Heimdal 0.2o
2000-02-24 11:19:29 +00:00
Mark Murray
b50c40f67b
This commit was generated by cvs2svn to compensate for changes in r57419,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:19:29 +00:00
Mark Murray
13e3f4d6d9
Vendor import of Heimdal 0.2n
2000-02-24 11:07:16 +00:00
Mark Murray
270628b77a
This commit was generated by cvs2svn to compensate for changes in r57416,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:07:16 +00:00
Mark Murray
9a843541e2
freefall/internat diff reducer
2000-02-24 10:38:40 +00:00
Mark Murray
228c5a5af7
Freefall/Internat diff reducer.
2000-02-24 10:37:29 +00:00
Jordan K. Hubbard
6895862c18
Add call stubs for dynamic rsaref loading. This isn't enabled for now
...
but simply lets us sync up on the solution as it's evolved.
2000-02-22 06:22:54 +00:00
Yoshinobu Inoue
81edae92ed
Use static buffer to save source route hostnames.
...
Approved by: jkh
2000-02-19 16:33:14 +00:00
Yoshinobu Inoue
a82a4df889
Print "Trying ..." for each host. Also cleanups for error printing.
...
Approved by: jkh
Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
2000-02-19 16:17:41 +00:00
Yoshinobu Inoue
1d1ade86f0
Fix bugs in telnet.
...
Sorry there were still several bugs.
-error retry at af missmatch was incomplete.
-af matching for source addr option was wrong
-socket was not freed at retry.
Approved by: jkh
2000-02-15 15:59:12 +00:00
Yoshinobu Inoue
960e15a70b
Add more dual stack consideration.
...
-Should retry as much as possible when some of source
routing intermediate hosts' address families missmatch
happened.
(such as when a host has only A record, and another host
has each of A and AAAA record.)
-Should retry as much as possible when dest addr and
source addr(specified with -s option) address family
missmatch happend
Approved by: jkh
2000-02-10 20:06:36 +00:00
Yoshinobu Inoue
f306e0c85f
Fix telnet core dump at invalid service name specified.
...
Added an error check to avoid it.
Approved by: jkh
Submitted by: Robert Muir <rmuir@gibralter.net>
2000-02-07 00:52:49 +00:00
Yoshinobu Inoue
0bd288cd6c
Add NI_NAMEREQD flag to getnameinfo() call. Without this flag,
...
getnameinfo() don't return error at name resolving failure.
But it is used at doaddrlookup(-N) case in telnet, error need to be
returned to correctly initialize hostname buffer.
Discovered at checking recent KAME repository change, noticed by itojun.
2000-01-29 18:21:05 +00:00
Yoshinobu Inoue
4dd8b5ab79
another tcp apps IPv6 updates.(should be make world safe)
...
ftp, telnet, ftpd, faithd
also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
2000-01-27 09:28:38 +00:00
Kris Kennaway
97b2ed56f8
Import the RSA support code. There shouldn't be any actual RSA
...
cryptography here.
2000-01-16 05:14:57 +00:00
Kris Kennaway
72b2312537
This commit was generated by cvs2svn to compensate for changes in r56083,
...
which included commits to RCS files with non-trunk default branches.
2000-01-16 05:14:57 +00:00
Kris Kennaway
d9d4eec9ea
Fix for missing symbol in -DRSAref case.
2000-01-16 04:45:18 +00:00
Kris Kennaway
ce600b6ae6
Fix breakage when NO_RSA specified.
...
Reviewed by: Ben Laurie <ben@openssl.org>
2000-01-14 05:24:08 +00:00
Kris Kennaway
62410b5785
Zap NO_IDEA
2000-01-10 06:28:04 +00:00
cvs2svn
2b11cf855f
This commit was manufactured by cvs2svn to create branch
...
'VENDOR-crypto-openssl'.
2000-01-10 06:27:13 +00:00
Kris Kennaway
196e8792a2
List of files to nuke prior to import.
2000-01-10 06:27:12 +00:00
Kris Kennaway
7466462628
Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent
...
infringement reasons.
2000-01-10 06:22:05 +00:00
Kris Kennaway
07bb8677bb
This commit was generated by cvs2svn to compensate for changes in r55714,
...
which included commits to RCS files with non-trunk default branches.
2000-01-10 06:22:05 +00:00