Commit Graph

240 Commits

Author SHA1 Message Date
Brian Feldman
39567f8cee Fix a long-standing bug that resulted in a dropped session sometimes
when an X11-forwarded client was closed.  For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really).  Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
Assar Westerlund
6e3caa0833 fix conflicts from merge 2000-12-29 21:16:01 +00:00
Assar Westerlund
2a9bc9996c This commit was generated by cvs2svn to compensate for changes in r70494,
which included commits to RCS files with non-trunk default branches.
2000-12-29 21:00:22 +00:00
Assar Westerlund
5ad8ddfb6f import krb4-1.0.5 2000-12-29 21:00:22 +00:00
Assar Westerlund
ee695f07e2 merge fix from vendor for not overwriting old ticket file 2000-12-10 21:01:33 +00:00
Assar Westerlund
45afb7befd This commit was generated by cvs2svn to compensate for changes in r69836,
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:01:33 +00:00
Assar Westerlund
7a7ff9f80d merge fix from vendor for removing buffer overrun 2000-12-10 21:00:35 +00:00
Assar Westerlund
a623f068e0 This commit was generated by cvs2svn to compensate for changes in r69833,
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:00:35 +00:00
Assar Westerlund
fcbc584c3b merge fix from vendor for not looking at environment variables 2000-12-10 20:59:35 +00:00
Assar Westerlund
46c48c19a2 This commit was generated by cvs2svn to compensate for changes in r69830,
which included commits to RCS files with non-trunk default branches.
2000-12-10 20:59:35 +00:00
Assar Westerlund
ba688fa510 (scrub_env): change to only accept a listed set of variables,
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
Brian Feldman
099584266b Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
Brian Feldman
386879a128 Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
Brian Feldman
803a607983 This commit was generated by cvs2svn to compensate for changes in r69587,
which included commits to RCS files with non-trunk default branches.
2000-12-05 02:20:19 +00:00
Brian Feldman
5b9b2fafd4 Import of OpenSSH 2.3.0 (virgin OpenBSD source release). 2000-12-05 02:20:19 +00:00
Brian Somers
3c3d69579f Remove duplicate line
Not responded to by: kris, then green
2000-12-04 22:57:53 +00:00
Jeroen Ruigrok van der Werven
acd1c3499e Add more environment variables to be filtered through scrub_env().
Synched from normal telnet.
2000-11-30 13:14:54 +00:00
Jeroen Ruigrok van der Werven
d904cf9f8e String paranoia fix. Synched from normal telnet. 2000-11-30 13:10:01 +00:00
Jeroen Ruigrok van der Werven
7e8f2fef03 String paranoia. Merged from regular telnet. 2000-11-30 10:55:25 +00:00
Kris Kennaway
f6fd83ed27 Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
Submitted by:	Edwin Groothuis <mavetju@chello.nl>
PR:		bin/22787
2000-11-26 21:37:51 +00:00
Brian Feldman
ee510eab3f In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2000-11-25 02:00:35 +00:00
Bill Fumerola
2a644691bc Correct an arguement to ssh_add_identity, this matches what is currently
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
2000-11-25 01:55:42 +00:00
Ruslan Ermilov
e97407b4f2 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
Kris Kennaway
f743d11975 Fix a buffer overflow from a long local hostname.
Obtained from:	OpenBSD
2000-11-19 10:08:26 +00:00
Brian Feldman
03e72be8c8 Add login_cap and login_access support. Previously, these FreeBSD-local
checks were only made when using the 1.x protocol.
2000-11-14 04:35:03 +00:00
Brian Feldman
4899dde749 Import a security fix: the client would allow a server to use its
ssh-agent or X11 forwarding even if it was disabled.

This is the vendor fix provided, not an actual revision of clientloop.c.

Submitted by:	Markus Friedl <markus@OpenBSD.org> via kris
2000-11-14 03:51:53 +00:00
Brian Feldman
786df71457 This commit was generated by cvs2svn to compensate for changes in r68700,
which included commits to RCS files with non-trunk default branches.
2000-11-14 03:51:53 +00:00
Kris Kennaway
d153b54ab9 Update list of files to remove prior to import 2000-11-13 07:46:20 +00:00
Kris Kennaway
ae152dd3aa Resolve conflicts, and garbage collect some local changes that are no
longer required
2000-11-13 02:20:29 +00:00
Kris Kennaway
feb1e94b6a This commit was generated by cvs2svn to compensate for changes in r68651,
which included commits to RCS files with non-trunk default branches.
2000-11-13 01:03:58 +00:00
Kris Kennaway
ddd58736f0 Initial import of OpenSSL 0.9.6 2000-11-13 01:03:58 +00:00
Ruslan Ermilov
726b61ab5f Avoid use of direct troff requests in mdoc(7) manual pages. 2000-11-10 17:46:15 +00:00
Doug Barton
ea8f54b543 Add a CVS Id tag 2000-10-29 10:00:58 +00:00
Kris Kennaway
579c78c7f6 Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY 2000-10-29 00:10:14 +00:00
Brian Feldman
4a950c224b Fix a few style oddities. 2000-09-10 18:04:12 +00:00
Brian Feldman
dd5f9dffd6 Fix a goof in timevaldiff. 2000-09-10 18:03:46 +00:00
Kris Kennaway
b8c2df609a Remove files no longer present in OpenSSH 2.2.0 and beyond 2000-09-10 10:26:07 +00:00
Kris Kennaway
c2d3a5594b Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by:	gshapiro, peter, green
2000-09-10 09:35:38 +00:00
Kris Kennaway
b66f2d16a0 Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 2000-09-10 08:31:17 +00:00
Kris Kennaway
c7b5135400 This commit was generated by cvs2svn to compensate for changes in r65668,
which included commits to RCS files with non-trunk default branches.
2000-09-10 08:31:17 +00:00
Kris Kennaway
690a362571 Nuke RSAREF support from orbit.
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
Kris Kennaway
5ed779ad1e ttyname was not being passed into do_login(), so we were erroneously picking
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by:	peter
2000-09-04 08:43:05 +00:00
Kris Kennaway
cabf13fcdb bzero() the struct timeval for paranoia
Submitted by:	gshapiro
2000-09-03 07:58:35 +00:00
Kris Kennaway
939c32909c Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
was using this feature.
2000-09-02 07:32:05 +00:00
Kris Kennaway
80bbcbe344 Repair a broken conflict resolution in r1.2 which had the effect of nullifying
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".

Submitted by:	gshapiro
2000-09-02 05:40:50 +00:00
Kris Kennaway
14ef7e2794 Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh!
Submitted by:	gshapiro
2000-09-02 04:41:33 +00:00
Kris Kennaway
ac70abf4bc Re-add missing "break" which was lost during a previous patch
integration. This currently has no effect.

Submitted by:	gshapiro
2000-09-02 04:37:51 +00:00
Kris Kennaway
1610cd7fa6 Turn on X11Forwarding by default on the server. Any risk is to the client,
where it is already disabled by default.

Reminded by:	peter
2000-09-02 03:49:22 +00:00
Kris Kennaway
b87db7cec0 Increase the default value of LoginGraceTime from 60 seconds to 120
seconds.

PR:		20488
Submitted by:	rwatson
2000-08-23 09:47:25 +00:00
Kris Kennaway
4d858ef441 Respect X11BASE to derive the location of xauth(1)
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00