d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
532,575 Commits 4 Branches 49 Tags 2 GiB
master
Commit Graph

571 Commits

Author SHA1 Message Date
Colin Percival
e9b8779126 Fix .Dd line: FreeBSD's mdoc code doesn't understand OpenBSD's $Mdocdate$. 
MFC after:	3 days
 2010-05-28 01:06:40 +00:00
Dag-Erling Smørgrav
8ad9b54a6d Upgrade to OpenSSH 5.5p1. 2010-04-28 10:36:33 +00:00
Konstantin Belousov
412ea5c6c5 Enhance r199804 by marking the daemonised child as immune to OOM instead 
of short-living parent. Only mark the master process that accepts
connections, do not protect connection handlers spawned from inetd.

Submitted by:	Mykola Dzham <i levsha me>
Reviewed by:	attilio
MFC after:	1 week
 2010-04-08 12:07:40 +00:00
Dag-Erling Smørgrav
b15c83408c Upgrade to OpenSSH 5.4p1. 
MFC after:	1 month
 2010-03-09 19:16:43 +00:00
Ed Schouten
9567147bea Add a missing $FreeBSD$ string. 
I was requested to add this string to any file that was modified by my
commit, which I forgot to do so.

Requested by:	des
 2010-01-13 20:30:16 +00:00
Ed Schouten
b40cdde64c Make OpenSSH work with utmpx. 
- Partially revert r184122 (sshd.c). Our ut_host is now big enough to
  fit proper hostnames.

- Change config.h to match reality.

- defines.h requires UTMPX_FILE to be set by <utmpx.h> before it allows
  the utmpx code to work. This makes no sense to me. I've already
  mentioned this upstream.

- Add our own platform-specific handling of lastlog. The version I will
  send to the OpenSSH folks will use proper autoconf generated
  definitions instead of `#if 1'.
 2010-01-13 18:43:32 +00:00
Attilio Rao
7a7043c787 Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap 
environments.
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from:	Sandvine Incorporated
Reviewed by:	emaste, arch@
Sponsored by:	Sandvine Incorporated
MFC:		1 month
 2009-11-25 15:12:24 +00:00
Dag-Erling Smørgrav
0c56c384d6 Fix globbing 
Noticed by:	delphij, David Cornejo <dave@dogwood.com>
Forgotten by:	des
 2009-11-10 09:45:43 +00:00
Dag-Erling Smørgrav
5972f81bbe Remove dupe. 2009-10-11 14:27:33 +00:00
Dag-Erling Smørgrav
e21bf2c43b Add more symbols that need to be masked: 
- initialized and uninitialized data
 - symbols from roaming_dummy.c which end up in pam_ssh

Update the command line used to generate the #defines.
 2009-10-05 18:55:13 +00:00
Dag-Erling Smørgrav
7aee6ffee0 Upgrade to OpenSSH 5.3p1. 2009-10-01 17:12:52 +00:00
Dag-Erling Smørgrav
9517e86625 Update and remove CVS-specific items 
Approved by:	re (kib)
 2009-08-13 06:07:38 +00:00
John Baldwin
5d54b264b7 Use the closefrom(2) system call. 
Reviewed by:	des
 2009-06-16 15:30:10 +00:00
Dag-Erling Smørgrav
cce7d3464f Upgrade to OpenSSH 5.2p1. 
MFC after:	3 months
 2009-05-22 18:46:28 +00:00
Dag-Erling Smørgrav
0aeb000d7b At some point, construct_utmp() was changed to use realhostname() to fill 
in the struct utmp due to concerns about the length of the hostname buffer.
However, this breaks the UseDNS option.  There is a simpler and better
solution: initialize utmp_len to the correct value (UT_HOSTSIZE instead of
MAXHOSTNAMELEN) and let get_remote_name_or_ip() worry about the size of the
buffer.

PR:		bin/97499
Submitted by:	Bruce Cran <bruce@cran.org.uk>
MFC after:	1 week
 2008-10-21 11:58:26 +00:00
Dag-Erling Smørgrav
a29f9ec52c Our groff doesn't understand $Mdocdate$, so replace them with bare dates. 
MFC after:	3 days
 2008-09-29 10:53:05 +00:00
Dag-Erling Smørgrav
8137f50df5 MFV "xmalloc: zero size" fix. 
MFC after:	1 week
 2008-09-24 21:20:44 +00:00
Dag-Erling Smørgrav
39fa99fb24 Remove some unused files. 2008-09-01 16:34:02 +00:00
Dag-Erling Smørgrav
d08cd9468b Set SIZEOF_LONG_INT and SIZEOF_LONG_LONG_INT to plausible values. They 
aren't used for anything, but that's no excuse for being silly.
 2008-09-01 14:15:57 +00:00
Dag-Erling Smørgrav
03f6c5cd93 Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED. 
Submitted upstream, no reaction.

Submitted by:	delphij@
MFC after:	2 weeks
 2008-08-20 10:40:07 +00:00
Dag-Erling Smørgrav
d4af9e693f Upgrade to OpenSSH 5.1p1. 
I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
 2008-08-01 02:48:36 +00:00
Dag-Erling Smørgrav
6ef57c8cb4 Another file with no local changes. 
"This time for sure!"
 2008-08-01 01:50:55 +00:00
Dag-Erling Smørgrav
287d742923 Another file with no local changes. 2008-08-01 01:48:33 +00:00
Dag-Erling Smørgrav
3b137a2c3e Another four files without local changes. This is driving me nuts - 
every time I think I got them all, another one pops up.
 2008-08-01 01:45:56 +00:00
Dag-Erling Smørgrav
24360cb0fb Yet another file with no local changes. 2008-08-01 01:38:50 +00:00
Dag-Erling Smørgrav
28ba6a75b2 Accidentally mangled this one in the previous commit. 2008-08-01 01:38:24 +00:00
Dag-Erling Smørgrav
7ca12ebb55 More files which no longer have any local changes. 2008-08-01 01:32:56 +00:00
Dag-Erling Smørgrav
7396b2c4a1 These two files have no local patches except to prevent expansion of the 
original $FreeBSD$ keywords.  Revert those changes, and simply disable
keyword expansion.
 2008-08-01 01:30:26 +00:00
Dag-Erling Smørgrav
504c3e3a23 Last remains of old OPIE patch 2008-08-01 01:24:42 +00:00
Dag-Erling Smørgrav
d09462ac3e We no longer have any local changes here. 2008-08-01 01:19:13 +00:00
Dag-Erling Smørgrav
539f0548f9 Tag expansion is no longer needed (svn handles them correctly). 
Add svn command to diff against vendor branch.
 2008-08-01 01:05:27 +00:00
Dag-Erling Smørgrav
a84fceb333 This is no longer needed. 2008-08-01 01:04:52 +00:00
Dag-Erling Smørgrav
58055dcd5a Cleanup. 2008-08-01 01:00:34 +00:00
Dag-Erling Smørgrav
5a19634aa0 Ugh. Set svn:mergeinfo correctly. 2008-08-01 00:34:37 +00:00
Dag-Erling Smørgrav
cb7b802714 Catch up with reality. 2008-08-01 00:28:50 +00:00
Dag-Erling Smørgrav
7cbfb01447 Revert an old hack I put in to replace S/Key with OPIE. We haven't used 
that code in ages - we use pam_opie(8) instead - so this is a NOP.
 2008-08-01 00:27:48 +00:00
Dag-Erling Smørgrav
977e23ac4d Add missing #include for strlen() 2008-07-31 23:33:26 +00:00
Dag-Erling Smørgrav
882ff9f579 Fix alignment of the cmsg buffer by placing it in a union with a struct 
cmsghdr.  Derived from upstream patch.

Submitted by:	cognet
MFC after:	2 weeks
 2008-07-30 09:16:46 +00:00
Dag-Erling Smørgrav
a9337121a7 Remove a bunch of files we don't need to build OpenSSH. They are still 
available in base/vendor-crypto/openssh/dist/.
 2008-07-23 17:02:25 +00:00
Dag-Erling Smørgrav
e3ae3b098d Properly flatten openssh/dist. 2008-07-22 19:01:18 +00:00
Dag-Erling Smørgrav
1c71974b6c Fix the Xlist so it actually works with 'tar -X', and update the upgrade 
instructions accordingly.
 2008-02-06 23:14:24 +00:00
Dag-Erling Smørgrav
2f84291cac As per discussion, commit experimental metadata for my contrib packages. 
The idea is to have a FREEBSD-vendor file for every third-party package
in the tree.
 2008-02-06 23:06:24 +00:00
Dag-Erling Smørgrav
ffea3f5a05 s/X11R6/local/g 2007-05-24 22:04:07 +00:00
Dag-Erling Smørgrav
62efe23a82 Resolve conflicts. 2006-11-10 16:52:41 +00:00
Dag-Erling Smørgrav
92eb0aa103 Vendor import of OpenSSH 4.5p1. 2006-11-10 16:39:21 +00:00
Dag-Erling Smørgrav
b8e61582fe This commit was generated by cvs2svn to compensate for changes in r164146, 
which included commits to RCS files with non-trunk default branches.
 2006-11-10 16:39:21 +00:00
Dag-Erling Smørgrav
6c93a5ae8e Don't define XAUTH_PATH here, we either pass it in on the compiler command 
line or rely on the built-in default.
 2006-10-06 14:27:26 +00:00
Dag-Erling Smørgrav
7705c58f36 Go figure how an extra $Id$ line crept in... 2006-10-04 10:21:00 +00:00
Dag-Erling Smørgrav
27241b599f Merge vendor patch. 2006-10-04 10:15:53 +00:00
Dag-Erling Smørgrav
85511fb52d Apply vendor patch to fix detection of tap / tun headers and ENGINE support. 2006-10-04 10:14:30 +00:00
Dag-Erling Smørgrav
497e3d52a4 Tweak ifdefs for backward compatibility. 2006-10-03 11:33:25 +00:00
Dag-Erling Smørgrav
62142b308a Dead files. 2006-10-02 13:29:41 +00:00
Dag-Erling Smørgrav
77ec673a84 Regenerate; no effect on the code as it doesn't actually use the handful of 
conditionals that changed in this revision.
 2006-10-02 12:45:27 +00:00
Dag-Erling Smørgrav
e66498cd40 Update configure options and add some missing steps. 
The section about our local changes needs reviewing, and some of those
changes should probably be reconsidered (such as preferring DSA over RSA,
which made sense when RSA was encumbered but probably doesn't any more)
 2006-10-02 12:39:28 +00:00
Dag-Erling Smørgrav
4a20f963ec Regenerate. 
MFC after:	1 week
 2006-09-30 13:40:56 +00:00
Dag-Erling Smørgrav
1aa495cac5 #include <errno.h>; this has the unfortunate side effect of taking the file 
off the vendor branch.

MFC after:	1 week
 2006-09-30 13:40:35 +00:00
Dag-Erling Smørgrav
0bdb06c305 Removed from vendor branch. 
MFC after:	1 week
 2006-09-30 13:39:35 +00:00
Dag-Erling Smørgrav
3c492e28cd Bump version addendum. 
MFC after:	1 week
 2006-09-30 13:39:07 +00:00
Dag-Erling Smørgrav
333ee03933 Merge conflicts. 
MFC after:	1 week
 2006-09-30 13:38:06 +00:00
Dag-Erling Smørgrav
761efaa70c Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00
Dag-Erling Smørgrav
a435c625d7 This commit was generated by cvs2svn to compensate for changes in r162852, 
which included commits to RCS files with non-trunk default branches.
 2006-09-30 13:29:51 +00:00
Dag-Erling Smørgrav
9d2c6627a1 Merge vendor patch for BSM problem in protocol version 1. 
MFC after:	1 week
 2006-09-16 15:12:58 +00:00
Dag-Erling Smørgrav
30c2033ae7 Vendor patch for a problem that prevented using protocol version 1 when 
BSM was enabled.
 2006-09-16 15:10:13 +00:00
Dag-Erling Smørgrav
567b2a322e Our glob(3) has all the required features. 
Submitted by:	ache
 2006-06-09 08:39:05 +00:00
Dag-Erling Smørgrav
98c61a2292 Revert inadvertant commit of debugging code. 2006-06-09 07:23:14 +00:00
Dag-Erling Smørgrav
ed22e27d8a Introduce a namespace munging hack inspired by NetBSD to avoid polluting 
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
 2006-05-13 13:47:45 +00:00
Dag-Erling Smørgrav
998ab76154 Fix utmp. There is some clever logic in configure.ac which attempts to 
determine whether struct utmp contains the ut_host and ut_time fields.
Unfortunately, it reports a false negative for both on FreeBSD, and I
didn't check the resulting config.h closely enough to catch the error.

Noticed by:	ache
 2006-03-23 21:31:42 +00:00
Dag-Erling Smørgrav
d8b92da88b Regenerate. 2006-03-22 20:41:53 +00:00
Dag-Erling Smørgrav
b74df5b26f Merge conflicts. 2006-03-22 20:41:37 +00:00
Dag-Erling Smørgrav
021d409f5b Vendor import of OpenSSH 4.3p1. 2006-03-22 19:46:12 +00:00
Dag-Erling Smørgrav
4f87d65874 This commit was generated by cvs2svn to compensate for changes in r157016, 
which included commits to RCS files with non-trunk default branches.
 2006-03-22 19:46:12 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see: 
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
 2006-03-17 18:54:44 +00:00
Doug Rabson
c0b9f4fe65 Add a new extensible GSS-API layer which can support GSS-API plugins, 
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
 2005-12-29 14:40:22 +00:00
Dag-Erling Smørgrav
184ad7d3be Regenerate 2005-09-03 07:08:51 +00:00
Dag-Erling Smørgrav
d4ecd10857 Resolve conflicts. 2005-09-03 07:04:25 +00:00
Dag-Erling Smørgrav
043840df5b Vendor import of OpenSSH 4.2p1. 2005-09-03 06:59:33 +00:00
Dag-Erling Smørgrav
f8a2a7f14a This commit was generated by cvs2svn to compensate for changes in r149749, 
which included commits to RCS files with non-trunk default branches.
 2005-09-03 06:59:33 +00:00
Dag-Erling Smørgrav
ad69811c17 fine-tune. 2005-09-03 06:42:11 +00:00
Dag-Erling Smørgrav
c032a2803f Forgot to bump the version addendum. 2005-06-05 18:30:53 +00:00
Dag-Erling Smørgrav
19bccc89b4 Regenerate. 2005-06-05 15:46:27 +00:00
Dag-Erling Smørgrav
aa49c9264c Resolve conflicts. 2005-06-05 15:46:09 +00:00
Dag-Erling Smørgrav
6dbd30e786 Update for 4.1p1. 2005-06-05 15:43:57 +00:00
Dag-Erling Smørgrav
4518870c72 Vendor import of OpenSSH 4.1p1. 2005-06-05 15:41:57 +00:00
Dag-Erling Smørgrav
6d014e2f60 This commit was generated by cvs2svn to compensate for changes in r147001, 
which included commits to RCS files with non-trunk default branches.
 2005-06-05 15:41:57 +00:00
Dag-Erling Smørgrav
5e8dbd04ef Vendor import of OpenSSH 4.0p1. 2005-06-05 15:40:50 +00:00
Dag-Erling Smørgrav
1f6afdc098 This commit was generated by cvs2svn to compensate for changes in r146998, 
which included commits to RCS files with non-trunk default branches.
 2005-06-05 15:40:50 +00:00
Dag-Erling Smørgrav
5bfbdca45a Rewrite some of the regexps so they don't match themselves. 2005-06-04 23:18:33 +00:00
Dag-Erling Smørgrav
d49dad04cb Better Xlist command line. 2004-10-28 16:13:28 +00:00
Dag-Erling Smørgrav
21e764df0c Resolve conflicts 2004-10-28 16:11:31 +00:00
Dag-Erling Smørgrav
d74d50a84b Vendor import of OpenSSH 3.9p1. 2004-10-28 16:03:53 +00:00
Dag-Erling Smørgrav
3b4228da23 This commit was generated by cvs2svn to compensate for changes in r137015, 
which included commits to RCS files with non-trunk default branches.
 2004-10-28 16:03:53 +00:00
Dag-Erling Smørgrav
39b9ae0d72 These are unnecessary and have been causing imp@ trouble. 2004-10-27 19:07:36 +00:00
Dag-Erling Smørgrav
3c8487013c Regenerate. 2004-04-20 09:49:37 +00:00
Dag-Erling Smørgrav
cfa59440c5 One more conflict. 2004-04-20 09:47:13 +00:00
Dag-Erling Smørgrav
5962c0e9a3 Resolve conflicts. 2004-04-20 09:46:41 +00:00
Dag-Erling Smørgrav
562de5d9f6 Adjust version number and addendum. 2004-04-20 09:37:29 +00:00
Dag-Erling Smørgrav
52028650db Vendor import of OpenSSH 3.8.1p1. 2004-04-20 09:35:04 +00:00
Dag-Erling Smørgrav
b247dbc706 This commit was generated by cvs2svn to compensate for changes in r128456, 
which included commits to RCS files with non-trunk default branches.
 2004-04-20 09:35:04 +00:00
Dag-Erling Smørgrav
d2b1b4f3c5 Correctly document the default value of UsePAM. 2004-03-15 18:38:29 +00:00
Dag-Erling Smørgrav
eea81d70c9 Update VersionAddendum in config files and man pages. 2004-02-26 11:54:03 +00:00
Dag-Erling Smørgrav
98e0062102 Define HAVE_GSSAPI_H. 2004-02-26 11:06:29 +00:00
Dag-Erling Smørgrav
7dbb68c469 Regenerate. 2004-02-26 10:57:38 +00:00
Dag-Erling Smørgrav
3ee07a3a90 Document recently changed configuration defaults. 2004-02-26 10:57:28 +00:00
Dag-Erling Smørgrav
1ec0d75429 Resolve conflicts. 2004-02-26 10:52:33 +00:00
Dag-Erling Smørgrav
efcad6b72f Vendor import of OpenSSH 3.8p1. 2004-02-26 10:38:49 +00:00
Dag-Erling Smørgrav
6b475b41d8 This commit was generated by cvs2svn to compensate for changes in r126274, 
which included commits to RCS files with non-trunk default branches.
 2004-02-26 10:38:49 +00:00
Dag-Erling Smørgrav
476cd3b2f0 Merge OpenSSH 3.8p1. 2004-02-26 10:38:38 +00:00
Dag-Erling Smørgrav
3aedec2adb Prepare for upcoming 3.8p1 import. 2004-02-26 10:37:34 +00:00
Dag-Erling Smørgrav
028c324ac8 Pull asbesthos underpants on and disable protocol version 1 by default. 2004-02-26 10:24:07 +00:00
Dag-Erling Smørgrav
b909c84bf2 Turn non-PAM password authentication off by default when USE_PAM is 
defined.  Too many users are getting bitten by it.
 2004-02-19 15:53:31 +00:00
Dag-Erling Smørgrav
c880b0438e Update the "overview of FreeBSD changes to OpenSSH-portable" to reflect 
reality.
 2004-01-25 13:09:56 +00:00
Dag-Erling Smørgrav
8d71fed0f2 Work around removal of EAI_NODATA from netdb.h. 2004-01-18 22:31:30 +00:00
Dag-Erling Smørgrav
002696701b Don't output the terminating '\0' (already fixed in OpenSSH CVS) 2004-01-09 12:57:36 +00:00
Dag-Erling Smørgrav
2735d723cb This commit was generated by cvs2svn to compensate for changes in r124287, 
which included commits to RCS files with non-trunk default branches.
 2004-01-09 12:57:36 +00:00
Dag-Erling Smørgrav
f0477b2653 Egg on my face: UsePAM was off by default. 
Pointed out by:	Sean McNeil <sean@mcneil.com>
 2004-01-09 08:07:12 +00:00
Dag-Erling Smørgrav
a5ac46fb04 Regenerate config.h; I don't know why this didn't hit CVS yesterday. 2004-01-08 09:42:35 +00:00
Dag-Erling Smørgrav
8cf8104b8f Remove obsolete files on the vendor branch. 2004-01-08 09:33:46 +00:00
Dag-Erling Smørgrav
e2fb0b2a6b Update to reflect changes since the last version. 2004-01-07 11:51:18 +00:00
Dag-Erling Smørgrav
cf2b5f3b6d Resolve conflicts and remove obsolete files. 
Sponsored by:	registrar.no
 2004-01-07 11:16:27 +00:00
Dag-Erling Smørgrav
d95e11bf7e Vendor import of OpenSSH 3.7.1p2. 2004-01-07 11:10:17 +00:00
Dag-Erling Smørgrav
fb7dd0a77c This commit was generated by cvs2svn to compensate for changes in r124208, 
which included commits to RCS files with non-trunk default branches.
 2004-01-07 11:10:17 +00:00
Dag-Erling Smørgrav
221552e490 Merge OpenSSH 3.7.1p2. 2004-01-07 11:10:02 +00:00
Simon L. B. Nielsen
b0a159ccab Add a missing word. 
Submitted by:	Michel Lavondes <fox@vader.aacc.cc.md.us>
Reviewed by:	des
MFC after:	1 week
 2003-10-31 21:49:47 +00:00
Dag-Erling Smørgrav
522a040d24 Plug a memory leak in the PAM child process. It is of no great consequence 
as the process is short-lived, and the leak occurs very rarely and always
shortly before the process terminates.

MFC after:	3 days
 2003-10-23 08:27:16 +00:00
Josef Karthauser
dcf5581978 Additional corrections to OpenSSH buffer handling. 
Obtained from:  openssh.org
Originally committed to head by: nectar
 2003-09-26 19:15:53 +00:00
Josef Karthauser
a7e41a41f9 This commit was generated by cvs2svn to compensate for changes in r120489, 
which included commits to RCS files with non-trunk default branches.
 2003-09-26 19:15:53 +00:00
Josef Karthauser
3533e7e58a Additional corrections to OpenSSH buffer handling. 
Obtained from:  openssh.org
Originally committed to head by: nectar
 2003-09-26 19:15:53 +00:00
Dag-Erling Smørgrav
44172b702c Update version string. 2003-09-24 19:20:23 +00:00
Dag-Erling Smørgrav
b584000fa2 Remove bogus calls to xfree(). 2003-09-24 19:11:52 +00:00
Dag-Erling Smørgrav
8cc2c63b43 resp is a pointer to an array of structs, not an array of pointers to structs. 2003-09-24 18:26:29 +00:00
Dag-Erling Smørgrav
7961e48467 Return the correct error value when a null query fails. 2003-09-24 18:24:27 +00:00
Dag-Erling Smørgrav
da26b3794a Fix broken shell code. 2003-09-19 11:29:51 +00:00
Jacques Vidrine
454412956c Correct more cases of allocation size bookkeeping being updated before 
calling functions which can potentially fail and cause cleanups to be
invoked.

Submitted by:	Solar Designer <solar@openwall.com>
 2003-09-17 14:36:14 +00:00
Jacques Vidrine
78ad1843d4 This commit was generated by cvs2svn to compensate for changes in r120161, 
which included commits to RCS files with non-trunk default branches.
 2003-09-17 14:36:14 +00:00
Jacques Vidrine
b69cd7f2b0 Correct more cases of allocation size bookkeeping being updated before 
calling functions which can potentially fail and cause cleanups to be
invoked.

Submitted by:	Solar Designer <solar@openwall.com>
 2003-09-17 14:36:14 +00:00
Jacques Vidrine
979af4e167 Update the OpenSSH addendum string for the buffer handling fix. 2003-09-16 14:33:04 +00:00
Jacques Vidrine
8947bcb756 Do not record expanded size before attempting to reallocate associated 
memory.

Obtained from:	OpenBSD
 2003-09-16 06:11:58 +00:00
Jacques Vidrine
9267dca39a This commit was generated by cvs2svn to compensate for changes in r120113, 
which included commits to RCS files with non-trunk default branches.
 2003-09-16 06:11:58 +00:00
Dag-Erling Smørgrav
af8524a91e Add a "return" that was missing from 3.6.1p1. Since it's been fixed in 
the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.
 2003-06-24 19:30:44 +00:00
Dag-Erling Smørgrav
07e57fee7d This commit was generated by cvs2svn to compensate for changes in r116791, 
which included commits to RCS files with non-trunk default branches.
 2003-06-24 19:30:44 +00:00
Dag-Erling Smørgrav
da05574c54 Fix off-by-one and initialization errors which prevented sshd from 
restarting when sent a SIGHUP.

Submitted by:	tegge
Approved by:	re (jhb)
 2003-05-28 19:39:33 +00:00
Dag-Erling Smørgrav
fbafac351f Revert unnecessary part of previous commit. 2003-05-13 10:18:49 +00:00
Dag-Erling Smørgrav
57f64f4e2f Rename a few functions to avoid stealing common words (error, log, debug 
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.

Approved by:	re (rwatson)
 2003-05-12 19:22:47 +00:00
Dag-Erling Smørgrav
d12c7b01da Remove RCSID from files which have no other diffs to the vendor branch. 2003-05-01 15:05:43 +00:00
Dag-Erling Smørgrav
2d61bc6706 Nit. 2003-04-23 17:23:06 +00:00
Dag-Erling Smørgrav
ae48cf5798 Improvements to the proposed shell code. 2003-04-23 17:21:55 +00:00
Dag-Erling Smørgrav
07a3a2906c Regenerate. 2003-04-23 17:21:27 +00:00
Dag-Erling Smørgrav
e73e9afa91 Resolve conflicts. 2003-04-23 17:13:13 +00:00
Dag-Erling Smørgrav
d0c8c0bcc2 Vendor import of OpenSSH-portable 3.6.1p1. 2003-04-23 16:53:02 +00:00
Dag-Erling Smørgrav
486cd0043e This commit was generated by cvs2svn to compensate for changes in r113908, 
which included commits to RCS files with non-trunk default branches.
 2003-04-23 16:53:02 +00:00
Dag-Erling Smørgrav
7a94787140 - when using a child process instead of a thread, change the child's 
name to reflect its role
- try to handle expired passwords a little better

MFC after:	1 week
 2003-03-31 13:48:18 +00:00
Dag-Erling Smørgrav
fc0824d97d If an ssh1 client initiated challenge-response authentication but did 
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.

Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.

MFC after:	1 week
 2003-03-31 13:45:36 +00:00
Dag-Erling Smørgrav
b7f9a9adc7 Paranoia: instead of a NULL conversation function, use one that always 
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.

MFC after:	3 days
 2003-02-16 11:03:55 +00:00
Dag-Erling Smørgrav
9794bba8a8 document the current default value for VersionAddendum. 2003-02-11 12:11:15 +00:00
Dag-Erling Smørgrav
1e731869b2 Set the ruid to the euid at startup as a workaround for a bug in pam_ssh. 
MFC after:	3 days
 2003-02-07 15:48:27 +00:00
Tom Rhodes
fb256a4a54 The manual page lists only 2 files, however it reads as `three files' which is 
obviously incorrect.

PR:		46841
Submitted by:	Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
 2003-02-05 02:14:03 +00:00
Dag-Erling Smørgrav
2adf4e49c2 Linux-PAM's pam_start(3) fails with a bogus error message if passed the 
pam_conv argument is NULL.  OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.

Pointed out by:	Damien Miller <djm@mindrot.org>
 2003-02-03 14:10:28 +00:00
Dag-Erling Smørgrav
b946f5e1ff Bump patch date to 2003-02-01 (the day after I fixed PAM authentication 
for ssh1)
 2003-02-03 11:11:36 +00:00
Dag-Erling Smørgrav
07fd326c9c Fix keyboard-interactive authentication for ssh1. The problem was twofold: 
- The PAM kbdint device sometimes doesn't know authentication succeeded
   until you re-query it.  The ssh1 kbdint code would never re-query the
   device, so authentication would always fail.  This patch has been
   submitted to the OpenSSH developers.

 - The monitor code for PAM sometimes forgot to tell the monitor that
   authentication had succeeded.  This caused the monitor to veto the
   privsep child's decision to allow the connection.

These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.

Sponsored by:	DARPA, NAI Labs
 2003-01-31 11:08:07 +00:00
Dag-Erling Smørgrav
84860c33f0 Force early initialization of the resolver library, since the resolver 
configuration files will no longer be available once sshd is chrooted.

PR:		39953, 40894
Submitted by:	dinoex
MFC after:	3 days
 2003-01-22 14:12:59 +00:00
Dag-Erling Smørgrav
d46e273b14 The previous commit contained a stupid mistake: ctxt->pam_[cp]sock was 
initialized after the call to pthread_create() instead of before.  It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
 2002-12-21 15:09:58 +00:00
Dag-Erling Smørgrav
d953f52834 If possible, use pthreads instead of a child process for PAM. 
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread.  If
a child process is used instead, they will (necessarily) use a separate
context.

Constify do_pam_account() and do_pam_session().

Sponsored by:	DARPA, NAI Labs
 2002-12-14 13:52:39 +00:00
Dag-Erling Smørgrav
9be00009ed Add a missing #include "canohost.h". 2002-12-14 13:48:47 +00:00
Dag-Erling Smørgrav
bdb8839451 Remove code related to the PAMAuthenticationViaKbdInt option (which we've 
disabled).  This removes the only reference to auth2_pam().
 2002-12-14 13:48:13 +00:00
Dag-Erling Smørgrav
3600b2f406 Back out a lastlog-related change which is no longer relevant. 2002-12-14 13:40:21 +00:00
Dag-Erling Smørgrav
b6fd52a01d Fix a rounding error in the block size calculation. 
Submitted by:	tjr
 2002-12-14 13:38:49 +00:00
Dag-Erling Smørgrav
5d93b6af54 Since OpenSSH drops privileges before calling pam_open_session(3), 
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.

Approved by:	re (rwatson)
 2002-12-03 15:48:11 +00:00
Dag-Erling Smørgrav
810a15b120 Add caveats regarding the effect of PAM on PasswordAuthentication and 
PermitRootLogin.

PR:		docs/43776
MFC after:	1 week
 2002-11-06 08:04:56 +00:00
Dag-Erling Smørgrav
dc04779010 Document the current default for VersionAddendum. 2002-11-05 17:25:15 +00:00
Dag-Erling Smørgrav
ee8aeb145a Accurately reflect our local changes and additions. 2002-11-05 17:24:01 +00:00
Dag-Erling Smørgrav
0061710269 Document the current default value for VersionAddendum. 2002-11-05 17:17:09 +00:00
Dag-Erling Smørgrav
7e4224fafd Switch to two-clause license, with NAI's permission. 2002-11-02 19:55:23 +00:00
Dag-Erling Smørgrav
f388f5ef26 Resolve conflicts. 2002-10-29 10:16:02 +00:00
Dag-Erling Smørgrav
dd5f4be98b Protect against tag expansion + fix some brainos. 2002-10-29 10:12:51 +00:00
Dag-Erling Smørgrav
ef8cdc4065 Some tricks I use when I upgrade. 2002-10-29 09:56:16 +00:00
Dag-Erling Smørgrav
d73be2d96a Correct shell code to expand globs in FREEBSD-Xlist 2002-10-29 09:55:28 +00:00
Dag-Erling Smørgrav
8488d4a48c More cruft. 2002-10-29 09:54:53 +00:00
Dag-Erling Smørgrav
4b17dab0ba Vendor import of OpenSSH-portable 3.5p1. 2002-10-29 09:43:00 +00:00
Dag-Erling Smørgrav
a8694a9a06 This commit was generated by cvs2svn to compensate for changes in r106121, 
which included commits to RCS files with non-trunk default branches.
 2002-10-29 09:43:00 +00:00
Hajimu UMEMOTO
7ac3260308 sshd didn't handle actual size of struct sockaddr correctly, 
and did copy it as long as just size of struct sockaddr.  So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.

Reported by:	many people
Reviewed by:	current@ and stable@ (no objection)
MFC after:	3 days
 2002-09-09 16:49:11 +00:00
Jun Kuriyama
b811072634 Fix typo (s@src/crypto/openssh-portable@src/crypto/openssh@). 2002-09-09 02:00:28 +00:00
Andrey A. Chernov
bccd761645 Do login cap calls _before_ descriptors are hardly closed because close may 
invalidate login cap descriptor.

Reviewed by:	des
 2002-08-05 16:06:35 +00:00
Tony Finch
f38aa77fc8 Use login_getpwclass() instead of login_getclass() so that the root 
vs. default login class distinction is made correctly.

PR:		37416
Approved by:	des
MFC after:	4 days
 2002-07-29 00:36:24 +00:00
Tony Finch
a02377d3e2 FreeBSD doesn't use the host RSA key by default. 
Reviewed by:	des
 2002-07-26 15:16:56 +00:00
Andrey A. Chernov
59ac432a4d Problems addressed: 
1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.

Reviewed by:	maintainer's silence in 2 weeks (with my constant reminders)
 2002-07-26 02:20:00 +00:00
Tony Finch
a9a70dec76 Document the FreeBSD default for CheckHostIP, which was changed in 
rev 1.2 of readconf.c.

Approved by:	des
 2002-07-25 15:59:40 +00:00
Dag-Erling Smørgrav
c6b7459669 Whitespace nit. 2002-07-23 17:57:17 +00:00
Dag-Erling Smørgrav
f335483476 In pam_init_ctx(), register a cleanup function that will kill the child 
process if a fatal error occurs.  Deregister it in pam_free_ctx().
 2002-07-17 17:44:02 +00:00
Dag-Erling Smørgrav
a9f7d76b96 Use realhostname_sa(3) so the IP address will be used instead of the 
hostname if the latter is too long for utmp.

Submitted by:	ru
MFC after:	3 days
 2002-07-11 10:36:10 +00:00
Dag-Erling Smørgrav
77741b874a Do not try to use PAM for password authentication, as it is 
already (and far better) supported by the challenge/response
authentication mechanism.
 2002-07-10 23:05:13 +00:00
Dag-Erling Smørgrav
645ca8e839 Don't forget to clear the buffer before reusing it. 2002-07-10 23:04:07 +00:00
Dag-Erling Smørgrav
d2030524ec Rewrite to use the buffer API instead of roll-your-own messaging. 
Suggested by:	Markus Friedl <markus@openbsd.org>
Sponsored by:	DARPA, NAI Labs
 2002-07-05 15:27:26 +00:00
Dag-Erling Smørgrav
21f19a0cbf (forgot to commit) We don't need --with-opie since PAM takes care of it. 2002-07-05 15:25:55 +00:00
Dag-Erling Smørgrav
b770f258b3 - Don't enable OpenSSH's OPIE support, since we let PAM handle OPIE. 
- We don't have setutent(3) etc., and I have no idea why configure ever
   thought we did.
 2002-07-03 00:12:09 +00:00
Dag-Erling Smørgrav
53282320d1 Two FreeBSD-specific nits in comments: 
- ChallengeResponseAuthentication controls PAM, not S/Key
 - We don't honor PAMAuthenticationViaKbdInt, because the code path it
   controls doesn't make sense for us, so don't mention it.

Sponsored by:	DARPA, NAI Labs
 2002-07-03 00:08:19 +00:00
Dag-Erling Smørgrav
9f95720321 Version bump for mm_answer_pam_respond() fix. 2002-07-02 13:07:37 +00:00
Dag-Erling Smørgrav
669e440e50 Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if 
PAM authentication failed due to an incorrect response.
 2002-07-02 13:07:17 +00:00
Dag-Erling Smørgrav
9a97937550 Forgot to update the addendum in the config files. 2002-06-30 10:32:09 +00:00
Dag-Erling Smørgrav
e12c24615a Regenerate. 2002-06-29 11:58:32 +00:00
Dag-Erling Smørgrav
076b29c735 <sys/mman.h> requires <sys/types.h>. 2002-06-29 11:57:51 +00:00