freebsd-skq

Author	SHA1	Message	Date
green	8ae23e3ef8	MFF: Make ConnectionsPerPeriod usage a warning, not fatal.	2001-02-04 20:15:53 +00:00
ru	8c9e49b445	mdoc(7) police: split punctuation characters + misc fixes.	2001-02-01 17:12:45 +00:00
green	42801d85d9	Actually propagate back to the rest of the application that a command was specified when using -t mode with the SSH client. Submitted by: Dima Dorfman <dima@unixfreak.org>	2001-01-21 05:45:27 +00:00
green	759414f218	/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it and giving a dire error to its lingering users.	2001-01-13 07:57:43 +00:00
ru	a45dd3f68d	Prepare for mdoc(7)NG.	2001-01-10 16:51:28 +00:00
green	a121b36822	Fix a long-standing bug that resulted in a dropped session sometimes when an X11-forwarded client was closed. For some reason, sshd didn't disable the SIGPIPE exit handler and died a horrible death (well, okay, a silent death really). Set SIGPIPE's handler to SIG_IGN.	2001-01-06 21:15:07 +00:00
assar	2a7f590041	fix conflicts from merge	2000-12-29 21:16:01 +00:00
assar	2aa51584a1	import krb4-1.0.5	2000-12-29 21:00:22 +00:00
assar	29cd18e572	This commit was generated by cvs2svn to compensate for changes in r70494, which included commits to RCS files with non-trunk default branches.	2000-12-29 21:00:22 +00:00
assar	7e5f2377be	merge fix from vendor for not overwriting old ticket file	2000-12-10 21:01:33 +00:00
assar	25b981f320	This commit was generated by cvs2svn to compensate for changes in r69836, which included commits to RCS files with non-trunk default branches.	2000-12-10 21:01:33 +00:00
assar	32ce969d51	merge fix from vendor for removing buffer overrun	2000-12-10 21:00:35 +00:00
assar	636a56109d	This commit was generated by cvs2svn to compensate for changes in r69833, which included commits to RCS files with non-trunk default branches.	2000-12-10 21:00:35 +00:00
assar	2fe34f87ef	merge fix from vendor for not looking at environment variables	2000-12-10 20:59:35 +00:00
assar	1419c7c47a	This commit was generated by cvs2svn to compensate for changes in r69830, which included commits to RCS files with non-trunk default branches.	2000-12-10 20:59:35 +00:00
assar	b022d1d27e	(scrub_env): change to only accept a listed set of variables, including only non-filename contents for TERMCAP	2000-12-10 20:50:20 +00:00
cvs2svn	5bcde1229c	This commit was manufactured by cvs2svn to create branch 'VENDOR-crypto-openssh'.	2000-12-05 02:55:13 +00:00
green	ab6b35a1d6	Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org>	2000-12-05 02:55:12 +00:00
green	6202ac1614	Forgot to remove the old line in the last commit.	2000-12-05 02:41:01 +00:00
green	2aecee364f	Import of OpenSSH 2.3.0 (virgin OpenBSD source release).	2000-12-05 02:20:19 +00:00
green	1c5144a169	This commit was generated by cvs2svn to compensate for changes in r69587, which included commits to RCS files with non-trunk default branches.	2000-12-05 02:20:19 +00:00
brian	17a750ff36	Remove duplicate line Not responded to by: kris, then green	2000-12-04 22:57:53 +00:00
asmodai	56b0ddae6c	Add more environment variables to be filtered through scrub_env(). Synched from normal telnet.	2000-11-30 13:14:54 +00:00
asmodai	5c47bfad32	String paranoia fix. Synched from normal telnet.	2000-11-30 13:10:01 +00:00
asmodai	617a96fd6d	String paranoia. Merged from regular telnet.	2000-11-30 10:55:25 +00:00
kris	35eec2074d	Correct definition of MAXHOSTNAMELEN in ifdef'ed code. Submitted by: Edwin Groothuis <mavetju@chello.nl> PR: bin/22787	2000-11-26 21:37:51 +00:00
green	163406c6e5	In env_destroy(), it is a bad idea to env_swap(self, 0) to switch back to the original environ unconditionally. The setting of the variable to save the previous environ is conditional; it happens when ENV.e_committed is set. Therefore, don't try to swap the env back unless the previous env has been initialized. PR: bin/22670 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2000-11-25 02:00:35 +00:00
billf	de5ab7abc1	Correct an arguement to ssh_add_identity, this matches what is currently in ports/security/openssh/files/pam_ssh.c PR: 22164 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp> Reviewed by: green Approved by: green	2000-11-25 01:55:42 +00:00
ru	71e2293ad4	mdoc(7) police: use the new features of the Nm macro.	2000-11-20 20:10:44 +00:00
kris	1a1517afe4	Fix a buffer overflow from a long local hostname. Obtained from: OpenBSD	2000-11-19 10:08:26 +00:00
green	0bc5843790	Add login_cap and login_access support. Previously, these FreeBSD-local checks were only made when using the 1.x protocol.	2000-11-14 04:35:03 +00:00
green	100d82038d	Import a security fix: the client would allow a server to use its ssh-agent or X11 forwarding even if it was disabled. This is the vendor fix provided, not an actual revision of clientloop.c. Submitted by: Markus Friedl <markus@OpenBSD.org> via kris	2000-11-14 03:51:53 +00:00
green	fb253173ae	This commit was generated by cvs2svn to compensate for changes in r68700, which included commits to RCS files with non-trunk default branches.	2000-11-14 03:51:53 +00:00
kris	4b15a516e7	Update list of files to remove prior to import	2000-11-13 07:46:20 +00:00
kris	76c54c9ba3	Resolve conflicts, and garbage collect some local changes that are no longer required	2000-11-13 02:20:29 +00:00
kris	539b977eff	Initial import of OpenSSL 0.9.6	2000-11-13 01:03:58 +00:00
kris	f648020584	This commit was generated by cvs2svn to compensate for changes in r68651, which included commits to RCS files with non-trunk default branches.	2000-11-13 01:03:58 +00:00
ru	a6f5d950d8	Avoid use of direct troff requests in mdoc(7) manual pages.	2000-11-10 17:46:15 +00:00
dougb	353f00f96c	Add a CVS Id tag	2000-10-29 10:00:58 +00:00
kris	d2f83e4ec4	Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY	2000-10-29 00:10:14 +00:00
green	3c8715d5d7	Fix a few style oddities.	2000-09-10 18:04:12 +00:00
green	bb24bb397b	Fix a goof in timevaldiff.	2000-09-10 18:03:46 +00:00
kris	c5a4794750	Remove files no longer present in OpenSSH 2.2.0 and beyond	2000-09-10 10:26:07 +00:00
kris	24372e6c10	Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green	2000-09-10 09:35:38 +00:00
kris	0ca2bdc2f7	Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09	2000-09-10 08:31:17 +00:00
kris	f2912c8208	This commit was generated by cvs2svn to compensate for changes in r65668, which included commits to RCS files with non-trunk default branches.	2000-09-10 08:31:17 +00:00
kris	e4a753d311	Nuke RSAREF support from orbit. It's the only way to be sure.	2000-09-10 00:09:37 +00:00
kris	2450bc1f18	ttyname was not being passed into do_login(), so we were erroneously picking up the function definition from unistd.h instead. Use s->tty instead. Submitted by: peter	2000-09-04 08:43:05 +00:00
kris	175e5fe4dd	bzero() the struct timeval for paranoia Submitted by: gshapiro	2000-09-03 07:58:35 +00:00
kris	868b20c6a8	Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature.	2000-09-02 07:32:05 +00:00
kris	458b9e5882	Repair a broken conflict resolution in r1.2 which had the effect of nullifying the login_cap and login.access checks for whether a user/host is allowed access to the system for users other than root. But since we currently don't have a similar check in the ssh2 code path anyway, it's um, "okay". Submitted by: gshapiro	2000-09-02 05:40:50 +00:00
kris	8b99f6e1dc	Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh! Submitted by: gshapiro	2000-09-02 04:41:33 +00:00
kris	6eee534256	Re-add missing "break" which was lost during a previous patch integration. This currently has no effect. Submitted by: gshapiro	2000-09-02 04:37:51 +00:00
kris	42ae81df48	Turn on X11Forwarding by default on the server. Any risk is to the client, where it is already disabled by default. Reminded by: peter	2000-09-02 03:49:22 +00:00
kris	3ae9606341	Increase the default value of LoginGraceTime from 60 seconds to 120 seconds. PR: 20488 Submitted by: rwatson	2000-08-23 09:47:25 +00:00
kris	aba57a02e8	Respect X11BASE to derive the location of xauth(1) PR: 17818 Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>	2000-08-23 09:39:20 +00:00
kris	e5f617598c	Fix setproctitle() and syslog() vulnerabilities.	2000-08-13 05:23:23 +00:00
kris	c433a0e2f8	This commit was generated by cvs2svn to compensate for changes in r64593, which included commits to RCS files with non-trunk default branches.	2000-08-13 05:23:23 +00:00
kris	e5795f1541	Fix benign bugs due to missing format string in err() and warn(). Approved by: assar (vendor :-)	2000-08-13 04:46:54 +00:00
kris	cab37673f6	This commit was generated by cvs2svn to compensate for changes in r64583, which included commits to RCS files with non-trunk default branches.	2000-08-13 04:46:54 +00:00
kris	f7413271b5	Fix setproctitle() vulnerability in non-compiled code.	2000-08-13 04:35:43 +00:00
asmodai	5209950187	Chalk up another phkmalloc victim. It seems as if uninitialised memory was the culprit. We may want to contribute this back to the OpenSSH project. Submitted by: Alexander Leidinger <Alexander@Leidinger.net> on -current.	2000-08-01 08:07:15 +00:00
alex	0a765c451d	Crypto sources are no longer export controlled: Explain, why crypto sources are still in crypto/. Reviewed by: markm	2000-07-31 12:24:13 +00:00
asmodai	0a6c762555	Fix a weird typo, is -> are. The OpenSSH maintainer probably want to contribute this back to the real OpenSSH guys. Submitted by: Jon Perkin <sketchy@netcraft.com>	2000-07-27 19:21:15 +00:00
marko	1dcee686be	Fixed a minor typo in the header. Pointed out by: asmodai	2000-07-27 17:21:07 +00:00
marko	674af77794	Committed, Thanks!! PR: 20108 Submitted by: Doug Lee	2000-07-25 16:49:48 +00:00
ume	0abc0cfcd6	Fix buffer size of ALIGNed buffer. PR: bin/20053 Submitted by: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>	2000-07-20 14:54:04 +00:00
assar	f816d255fa	merge in syslog fixes, do not call syslog with variabel as format string	2000-07-20 05:43:55 +00:00
peter	e2062d0bd5	Add missing $FreeBSD$ to files that are NOT still on vendor a branch.	2000-07-16 05:48:49 +00:00
nsayer	f0ebc4fdd1	Fix 'telnet -X sra' coredump PR# 19835	2000-07-11 15:04:05 +00:00
peter	d9df5f65de	Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)	2000-07-11 09:54:24 +00:00
peter	5f6efaa063	Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.	2000-07-11 09:52:14 +00:00
peter	772dd17b51	Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but sshd's internal default was 'yes'. (if some cracker managed to trash /etc/ssh/sshd_config, then root logins could be reactivated) Approved by: kris	2000-07-11 09:50:15 +00:00
peter	adeace1395	Make FallBackToRsh off by default. Falling back to rsh by default is silly in this day and age. Approved by: kris	2000-07-11 09:39:34 +00:00
kris	a5aaf7609c	Don't call printf with no format string.	2000-07-10 05:16:59 +00:00
ume	4eacfb7489	Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA change (getaddrinfo.c rev 1.12).	2000-07-08 05:22:00 +00:00
itojun	1fcab4244d	sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org	2000-07-07 12:35:05 +00:00
green	be6e69fbed	Allow restarting on SIGHUP when the full path was not given as argv[0]. We do have /proc/curproc/file :)	2000-07-04 06:43:26 +00:00
green	26efc47d38	So /this/ is what has made OpenSSH's SSHv2 support never work right! In some cases, limits did not get set to the proper class, but instead always to "default", because not all passwd copies were done to completion.	2000-06-27 21:16:06 +00:00
green	71e9ee0209	Also make sure to close the socket that exceeds your rate limit.	2000-06-26 23:39:26 +00:00
green	9bccae4f2e	Make rate limiting work per-listening-socket. Log better messages than before for this, requiring a new function (get_ipaddr()). canohost.c receives a $FreeBSD$ line. Suggested by: Niels Provos <niels@OpenBSD.org>	2000-06-26 05:44:23 +00:00
markm	2fe0472e39	MFI. This is a documentation-only, diffreducing patch, that if invoked will cause breakage. US Users - DO NOT try to turn on IDEA - the sources are not included.	2000-06-24 06:50:58 +00:00
markm	58b7870cc7	Grrr. I hate CVS. These were supposed to be committed when I did the IDEA fix earlier today. Bring back IDEA from the dead (but not compiled by default).	2000-06-19 21:09:27 +00:00
markm	940ce492dc	Re-add IDEA. This is not actually built unless asked for by the user. (To avoid patent hassles).	2000-06-19 13:59:34 +00:00
kris	4f57b24cfd	Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de>	2000-06-11 21:41:25 +00:00
kris	ad6da2a572	Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD	2000-06-10 22:32:57 +00:00
ru	caf976b39e	Make `ssh-agent -k' work for csh(1)-like shells.	2000-06-10 14:14:28 +00:00
green	ba3f3c2ac7	Allow "DenyUsers" to function.	2000-06-06 06:16:55 +00:00
kris	a55fcaa060	Resolve conflicts	2000-06-03 09:58:15 +00:00
kris	3639dd9ace	Initial import of OpenSSH snapshot from 2000/05/30 Obtained from: OpenBSD	2000-06-03 09:52:37 +00:00
kris	0a76acd42d	This commit was generated by cvs2svn to compensate for changes in r61209, which included commits to RCS files with non-trunk default branches.	2000-06-03 09:52:37 +00:00
kris	1e51208074	Resolve conflicts	2000-06-03 09:23:13 +00:00
kris	585dc667de	Import from vendor repository. Obtained from: OpenBSD	2000-06-03 09:20:19 +00:00
kris	780d02839a	This commit was generated by cvs2svn to compensate for changes in r61206, which included commits to RCS files with non-trunk default branches.	2000-06-03 09:20:19 +00:00
kris	66c0eb5d8c	Bring vendor patches onto the main branch, and resolve conflicts.	2000-06-03 07:31:44 +00:00
kris	e503398156	Import vendor patches: the first is written by Brian Feldman <green@FreeBSD.org> * Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC) * Disable agent forwarding by default in the client (security risk) Submitted by: green Obtained from: OpenBSD	2000-06-03 07:18:09 +00:00
kris	88a84bd92e	This commit was generated by cvs2svn to compensate for changes in r61201, which included commits to RCS files with non-trunk default branches.	2000-06-03 07:18:09 +00:00
kris	10badcd8c7	Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com>	2000-06-03 07:06:14 +00:00
kris	89aaaa3ccb	This commit was generated by cvs2svn to compensate for changes in r61199, which included commits to RCS files with non-trunk default branches.	2000-06-03 07:06:14 +00:00
kris	e1e1f53651	Import vendor fix: "fix key_read() for uuencoded keys w/o '='" This bug caused OpenSSH not to recognise some of the DSA keys it generated. Submitted by: Christian Weisgerber <naddy@mips.inka.de> Obtained from: OpenBSD	2000-06-03 06:51:30 +00:00
kris	27503968d8	Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken from the openssh port) Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>	2000-05-30 09:03:15 +00:00
jake	961b97d434	Back out the previous change to the queue(3) interface. It was not discussed and should probably not happen. Requested by: msmith and others	2000-05-26 02:09:24 +00:00
jake	d93fbc9916	Change the way that the queue(3) structures are declared; don't assume that the type argument to _HEAD and _ENTRY is a struct. Suggested by: phk Reviewed by: phk Approved by: mdodd	2000-05-23 20:41:01 +00:00
ache	b102c893de	Turn on CheckMail to be more login-compatible by default	2000-05-23 06:06:54 +00:00
brian	0e085590db	Don't USE_PIPES Spammed by: peter Submitted by: mkn@uk.FreeBSD.org	2000-05-22 09:51:18 +00:00
kris	ecdf63b33e	Correct two stupid typos in the DSA key location. Submitted by: Udo Schweigert <ust@cert.siemens.de>	2000-05-18 06:04:23 +00:00
kris	de71a10db8	Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien	2000-05-17 08:06:20 +00:00
kris	40816e5260	Oops, rename S/Key to Opie in line with FreeBSD usage.	2000-05-15 06:11:30 +00:00
kris	866470d785	Create a DSA host key if one does not already exist, and teach sshd_config about it.	2000-05-15 05:40:27 +00:00
kris	a632b4789c	Resolve conflicts and update for FreeBSD.	2000-05-15 05:24:25 +00:00
kris	4dc8aa85ce	Initial import of OpenSSH v2.1.	2000-05-15 04:37:24 +00:00
kris	8cf8ce7bb1	This commit was generated by cvs2svn to compensate for changes in r60573, which included commits to RCS files with non-trunk default branches.	2000-05-15 04:37:24 +00:00
nik	b8783e88c4	Note that X11 Forwarding is off by default. PR: docs/17566 Submitted by: Keith Stevenson <ktstev01@louisville.edu>	2000-04-30 22:41:58 +00:00
markm	3e04080f8a	MFF: catch up with FreeFall	2000-04-19 21:20:54 +00:00
kris	a0eba154d3	If stderr is closed, report the error message about missing libraries via syslog instead. Reviewed by: jkh	2000-04-18 06:25:24 +00:00
markm	f8f9ad64d4	Internat diff reducer.	2000-04-16 17:49:31 +00:00
markm	893841d237	Virgin import of OpenSSL v0.9.5a	2000-04-16 16:03:07 +00:00
markm	fcef4a7a75	This commit was generated by cvs2svn to compensate for changes in r59281, which included commits to RCS files with non-trunk default branches.	2000-04-16 16:03:07 +00:00
kris	6b5aa79169	Resolve conflicts.	2000-04-13 07:15:03 +00:00
kris	54c77f990d	Initial import of OpenSSL 0.9.5a	2000-04-13 06:33:22 +00:00
kris	40ba664ca8	This commit was generated by cvs2svn to compensate for changes in r59191, which included commits to RCS files with non-trunk default branches.	2000-04-13 06:33:22 +00:00
kris	0acc851007	Correct a typo and interchanged library names Submitted by: Ben Rosengart <ben@narcissus.net> Matthew D. Fuller <fullermd@futuresouth.com>	2000-04-05 04:09:51 +00:00
kris	77771891cb	Fix a memory leak. PR: 17360 Submitted by: Andrew J. Korty <ajk@iu.edu>	2000-03-29 08:24:37 +00:00
kris	9b205c3441	#include <ssl/foo.h> -> #include <openssl/foo.h>	2000-03-26 10:00:28 +00:00
kris	6948a83776	Resolve conflicts.	2000-03-26 07:37:48 +00:00
kris	b201b15ee1	Virgin import of OpenSSH sources dated 2000/03/25	2000-03-26 07:07:24 +00:00
kris	e46dd7a5de	This commit was generated by cvs2svn to compensate for changes in r58582, which included commits to RCS files with non-trunk default branches.	2000-03-26 07:07:24 +00:00
kris	977254a1c1	Don't refer to the openssl handbook chapter by name - the doc guys keep jamming new chapters in front of it :)	2000-03-25 07:28:18 +00:00
brian	64f92723d4	Use pipe() instead of socketpair() in sshd when communicating with the client. This allows ppp/ssh style tunnels to function again. Ok'd by: markk Submitted by: markk@knigma.org	2000-03-24 15:39:37 +00:00
mpp	b064529634	Fix a few spelling errors.	2000-03-24 02:26:54 +00:00
sheldonh	7889147802	IgnoreUserKnownHosts is a boolean flag, not an integer value. The fix submitted in the attributed PR is identical to the one adopted by OpenBSD. PR: 17027 Submitted by: David Malone <dwmalone@maths.tcd.ie> Obtained from: OpenBSD	2000-03-22 09:36:35 +00:00
kris	0d170b1596	Add a new function stub to libcrypto() which resolves to a symbol in the librsa* library and reports which version of the library (OpenSSL/RSAREF) is being used. This is then used in openssh to detect the failure case of RSAREF and a RSA key >1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai led.' This is a 4.0-RELEASE candidate.	2000-03-13 09:55:53 +00:00
kris	d675ea707a	Various manpage style/grammar/formatting cleanups Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar PR: 17292 (remainder of)	2000-03-13 00:17:43 +00:00
nik	2ace392884	- typos - Add double spaces following full stops to improve typeset output - mdoc-ification. (Though I'm uncertain whether option values and contents should be .Dq or something else). - Fix a missed /etc/ssh change - Expand wording on RandomSeed and behaviour when X11 isn't forwarded. - Change examples to literal mode. - Trim trailing whitespace PR: docs/17292 Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>	2000-03-10 11:48:49 +00:00
markm	b0cba82a4f	Make LOGIN_CAP work properly.	2000-03-09 14:52:31 +00:00
kris	8141458379	/etc -> /etc/ssh Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>	2000-03-08 03:44:00 +00:00
jhay	94eda357d0	MFI: Use krb5 functions in krb5 files. Reviewed by: markm	2000-03-03 20:31:58 +00:00
shin	1b7dce690e	Replace structure copy form ifreq obtained by SIOCGIFADDR to memcpy(), to avoid unaligned access trap on alpha. Approved by: jkh	2000-03-03 13:05:00 +00:00
shin	b284df6e2f	CMSG_XXX macros alignment fixes to follow RFC2292. Approved by: jkh	2000-03-03 12:50:46 +00:00
green	ead1658802	Turn off X11 forwarding in the client. X11 forwarding in the server by default should probably also get turned on, now. Requested by: kris Obtained from: OpenBSD	2000-03-03 05:58:39 +00:00
kris	b3d817cd57	Update the wording on the error message when libcrypto.so can't find an RSA library. Reviewed by: peter, jkh	2000-03-02 06:21:02 +00:00
ume	1294a0b6cf	Enable connection logging. FreeBSD's libwrap is IPv6 ready. OpenSSH is in our source tree, now. It's a time to enable it. Reviewed by: markm, shin Approved by: jkh	2000-02-29 19:37:04 +00:00
markm	37dce23afc	1) Add kerberos5 functionality. by Daniel Kouril <kouril@informatics.muni.cz> 2) Add full LOGIN_CAP capability by Andrey Chernov	2000-02-28 19:03:50 +00:00
brian	499e159c08	Don't put truncated hostnames in utmp Approved by: jkh	2000-02-28 18:51:30 +00:00
peter	4f3a50153f	Sync with internat.freebsd.org; weak symbols vs static libs == trouble	2000-02-26 16:57:17 +00:00
peter	8d6551c752	Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot.	2000-02-26 14:20:18 +00:00
peter	95cacb19a9	Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen(). This is a checkpoint and may require more tweaks still.	2000-02-26 13:19:18 +00:00
peter	58c2a78aa2	Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen(). This is a checkpoint and may require more tweaks still.	2000-02-26 13:13:03 +00:00
peter	527ba28c8f	At great personal risk (to my already fragile sanity), reorganize the rsa stubs for libcrypto. libcrypto.so now uses dlopen() to implement the backends for either the native or rsaref implemented RSA code. This involves: - unifying the libcrypto and openssl(1) source so there is no #ifdef RSAref variations. - using weak symbols and dlopen()/dlsym() routines to access the rsa method vectors. Releases will enable the user to choose International, US (rsaref) or no RSA code at install time. 'make world' will DTRT depending on whether you have the international or US source. For US users, you must either install rsaref (the port or package) or (if you don't fear RSA Inc) use the (superior) International rsa_eay.c code. This has been discussed at great length by the affected folks and even we have a great deal of confusion. This is a checkpoint so we can tune the results. This works for me in all permutations I can think of and should result in a CD/ftp 'release' just about doing the right thing now.	2000-02-26 13:06:55 +00:00
peter	eb77fcb95c	Redo this with a repo copy from the original file and reset the __PREFIX__ markers.	2000-02-26 09:59:14 +00:00
peter	18bcb8d297	oops, update path to /etc/ssh/ssh_host_key	2000-02-26 02:24:38 +00:00
peter	7abc89037f	Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh	2000-02-25 14:25:10 +00:00
peter	7caf65d2f4	Don't use the dlopen() stubs if comiling with PIC. This still needs some more thought for the static case. Should we provide weak error-generating stubs for static binaries if -lrsaref was forgotten?	2000-02-25 08:13:50 +00:00
green	522f06fd77	Fix a bug that crawled in pretty recently (from the port). It made sshd coredump :(	2000-02-25 05:22:14 +00:00
peter	8e4001f110	Fix garbage in SSH_PROGRAM (only on freefall, not internat)	2000-02-25 04:41:06 +00:00
green	83bac1a374	Make "CheckHostIP" default to off. This was proposed on -security and earlier IRC, but despite my inital feeling against it, this seems the more proper thing to do. Proposed by: rwatson	2000-02-25 03:04:29 +00:00
green	129e6a7558	The includes must be <openssl/.\.h>, not <ssl/.\.h>.	2000-02-25 01:53:12 +00:00
markm	ccef1c20fc	remove more ports crud.	2000-02-24 23:54:00 +00:00
markm	190eabf199	remove ports junk	2000-02-24 23:46:38 +00:00
markm	881ec50548	Use libcrypto instead of libdes.	2000-02-24 20:21:16 +00:00
markm	443e3df9fc	RIP libdes. All hail libcrypto!	2000-02-24 19:35:08 +00:00
markm	2cbf93e2b4	Get crypto from libcrypto, not libdes.	2000-02-24 19:28:31 +00:00
markm	37a38e6638	Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)	2000-02-24 15:29:42 +00:00
markm	fc557ff7d9	Vendor import of OpenSSH.	2000-02-24 14:29:47 +00:00
markm	606d31b1ec	This commit was generated by cvs2svn to compensate for changes in r57429, which included commits to RCS files with non-trunk default branches.	2000-02-24 14:29:47 +00:00
markm	be16c6202a	Merge conflicts.	2000-02-24 13:37:41 +00:00
markm	4d2ec46519	Oops; forgot to add this.	2000-02-24 13:20:48 +00:00
markm	3aaee576c1	Get this to the same level of functionality as old libdes.	2000-02-24 13:20:15 +00:00
markm	5ed96cd5da	Vendor import of Heimdal 0.2p	2000-02-24 11:28:20 +00:00
markm	4f25fdd792	This commit was generated by cvs2svn to compensate for changes in r57422, which included commits to RCS files with non-trunk default branches.	2000-02-24 11:28:20 +00:00
markm	69414e22b9	Vendor import of Heimdal 0.2o	2000-02-24 11:19:29 +00:00
markm	1a9f61a7f9	This commit was generated by cvs2svn to compensate for changes in r57419, which included commits to RCS files with non-trunk default branches.	2000-02-24 11:19:29 +00:00
markm	fa8b1a96d3	Vendor import of Heimdal 0.2n	2000-02-24 11:07:16 +00:00
markm	50efcd9b31	This commit was generated by cvs2svn to compensate for changes in r57416, which included commits to RCS files with non-trunk default branches.	2000-02-24 11:07:16 +00:00
markm	d99784ddf1	freefall/internat diff reducer	2000-02-24 10:38:40 +00:00
markm	fd6da7cf96	Freefall/Internat diff reducer.	2000-02-24 10:37:29 +00:00
jkh	c99b4c1afc	Add call stubs for dynamic rsaref loading. This isn't enabled for now but simply lets us sync up on the solution as it's evolved.	2000-02-22 06:22:54 +00:00
shin	981d4a6e4b	Use static buffer to save source route hostnames. Approved by: jkh	2000-02-19 16:33:14 +00:00
shin	e1b335a34c	Print "Trying ..." for each host. Also cleanups for error printing. Approved by: jkh Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>	2000-02-19 16:17:41 +00:00
shin	77f276d5ac	Fix bugs in telnet. Sorry there were still several bugs. -error retry at af missmatch was incomplete. -af matching for source addr option was wrong -socket was not freed at retry. Approved by: jkh	2000-02-15 15:59:12 +00:00
shin	bca215974d	Add more dual stack consideration. -Should retry as much as possible when some of source routing intermediate hosts' address families missmatch happened. (such as when a host has only A record, and another host has each of A and AAAA record.) -Should retry as much as possible when dest addr and source addr(specified with -s option) address family missmatch happend Approved by: jkh	2000-02-10 20:06:36 +00:00
shin	67ff6efc68	Fix telnet core dump at invalid service name specified. Added an error check to avoid it. Approved by: jkh Submitted by: Robert Muir <rmuir@gibralter.net>	2000-02-07 00:52:49 +00:00
shin	3859c2231c	Add NI_NAMEREQD flag to getnameinfo() call. Without this flag, getnameinfo() don't return error at name resolving failure. But it is used at doaddrlookup(-N) case in telnet, error need to be returned to correctly initialize hostname buffer. Discovered at checking recent KAME repository change, noticed by itojun.	2000-01-29 18:21:05 +00:00
shin	ce15efb7c0	another tcp apps IPv6 updates.(should be make world safe) ftp, telnet, ftpd, faithd also telnet related sync with crypto, secure, kerberosIV Obtained from: KAME project	2000-01-27 09:28:38 +00:00
kris	7e4e44947b	Import the RSA support code. There shouldn't be any actual RSA cryptography here.	2000-01-16 05:14:57 +00:00
kris	2e01efe7c1	This commit was generated by cvs2svn to compensate for changes in r56083, which included commits to RCS files with non-trunk default branches.	2000-01-16 05:14:57 +00:00
kris	f389ea9752	Fix for missing symbol in -DRSAref case.	2000-01-16 04:45:18 +00:00
kris	728ac76565	Fix breakage when NO_RSA specified. Reviewed by: Ben Laurie <ben@openssl.org>	2000-01-14 05:24:08 +00:00
kris	168e054f17	Zap NO_IDEA	2000-01-10 06:28:04 +00:00
cvs2svn	06e3860a5c	This commit was manufactured by cvs2svn to create branch 'VENDOR-crypto-openssl'.	2000-01-10 06:27:13 +00:00
kris	4203a050f6	List of files to nuke prior to import.	2000-01-10 06:27:12 +00:00
kris	2e467dc342	Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent infringement reasons.	2000-01-10 06:22:05 +00:00
kris	ebe7c1ce23	This commit was generated by cvs2svn to compensate for changes in r55714, which included commits to RCS files with non-trunk default branches.	2000-01-10 06:22:05 +00:00
kris	b8e601b240	Zap the IDEA stuff - it's patented internationally (at least in some places), and we don't want people to get in trouble just for having it.	2000-01-10 05:36:35 +00:00
markm	4ecbd6db44	Import KTH Heimdal, which will be the core of our Kerberos5. Userland to follow.	2000-01-09 20:58:00 +00:00
markm	5f68254a36	This commit was generated by cvs2svn to compensate for changes in r55682, which included commits to RCS files with non-trunk default branches.	2000-01-09 20:58:00 +00:00
markm	469413f558	Fix path.	2000-01-09 13:52:56 +00:00
markm	3b8aea4be2	resolve conflicts.	2000-01-09 08:53:35 +00:00
markm	ca616c603d	Clean import of KTH Kerberos (eBones) v1.0.	2000-01-09 08:31:47 +00:00
markm	6ae78a5389	This commit was generated by cvs2svn to compensate for changes in r55643, which included commits to RCS files with non-trunk default branches.	2000-01-09 08:31:47 +00:00
green	8b8214b6d3	Upgrade to the pam_ssh module, version 1.1.. (From the author:) Primarily, I have added built-in functions for manipulating the environment, so putenv() is no longer used. XDM and its variants should now work without modification. Note that the new code uses the macros in <sys/queue.h>. Submitted by: Andrew J. Korty <ajk@iu.edu>	1999-12-28 05:32:54 +00:00
kris	e829abb179	Initial import of OpenSSL v0.9.4	1999-12-25 16:37:36 +00:00
kris	4562f83d3b	This commit was generated by cvs2svn to compensate for changes in r55099, which included commits to RCS files with non-trunk default branches.	1999-12-25 16:37:36 +00:00
green	bcc4466e40	Add the PAM SSH RSA key authentication module. For example, you can add, "login auth sufficient pam_ssh.so" to your /etc/pam.conf, and users with a ~/.ssh/identity can login(1) with their SSH key :) PR: 15158 Submitted by: Andrew J. Korty <ajk@waterspout.com> Reviewed by: obrien	1999-11-29 07:09:44 +00:00
markm	7df5ada37c	Merge anf fix for build.	1999-09-19 21:56:09 +00:00
markm	fe83e8abf3	Clean import of KTH krb4-0.10.1.	1999-09-19 14:19:32 +00:00
markm	c171f3b182	This commit was generated by cvs2svn to compensate for changes in r51415, which included commits to RCS files with non-trunk default branches.	1999-09-19 14:19:32 +00:00
markm	4f947d680a	Big OpenSSL/KTH/FreeBSD merge, badly poisoned by $FreeBSD$'s.	1999-09-19 13:04:49 +00:00
markm	69cafd82fe	This commit was generated by cvs2svn to compensate for changes in r50894, which included commits to RCS files with non-trunk default branches.	1999-09-04 12:45:43 +00:00
markm	aebb972b81	Vendor import EAY's LIBSSL to fix comments, etc.	1999-09-04 12:45:43 +00:00
markm	101cc573f4	Add macro originally provided externally.	1999-09-04 11:06:07 +00:00
markm	a00f78e661	Add includes to to silence warnings. Bit hackish.	1999-09-04 11:03:01 +00:00
markm	d7d8526858	Add some includes to shut up warnings.	1999-09-04 10:46:27 +00:00
markm	145a94070b	Drat. Import this into the right place. Pass me the pointy hat.	1999-09-01 19:59:25 +00:00
markm	3083434d3d	This commit was generated by cvs2svn to compensate for changes in r50760, which included commits to RCS files with non-trunk default branches.	1999-09-01 19:59:25 +00:00
markm	05435ef431	Termcap header no longer needed.	1999-09-01 18:57:38 +00:00
peter	efabb9ccb1	$Id$ -> $FreeBSD$	1999-08-28 01:35:59 +00:00
markm	43201bf2b8	Add virtual MAINTAINER line.	1999-08-16 19:05:02 +00:00
nsayer	6cf65828c9	According to Mark Murray, Makefiles do not belong here. I guess we're going to have to figure something else out.	1999-08-16 18:59:05 +00:00
nsayer	189690bcce	Add SRA authentication to src/crypto/telnet. SRA does a Diffie-Hellmen exchange and then DES-encrypts the authentication data. If the authentication is successful, it also sets up a session key for DES encryption. SRA was originally developed at Texas A&M University. This code is probably export restricted (despite the fact that I originally found it at a University in Germany). SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks and does not use tremendously large DH constants (and thus an individual exchange probably could be factored in a few days on modern CPU horsepower). It does not, however, require any changes in user or administrative behavior and foils session hijacking and sniffing. The goal of this commit is that telnet and telnetd end up in the DES distribution and that therefore an encrypted session telnet becomes standard issue for FreeBSD.	1999-08-16 11:24:29 +00:00
nsayer	8528b2a710	Fix int function without return (make consistent with neighbors)	1999-08-16 02:15:29 +00:00
nik	668aec5d3d	Document the "skey" command in telnet(1). PR: docs/12360 Submitted by: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime) Nagged by: markm :-)	1999-07-30 21:24:03 +00:00
ru	c7b22dab8b	Merge from non-crypto version: - "-N" option - "-E" security fix - "-s src_addr" option Requested by: markm	1999-06-17 09:24:37 +00:00
brian	7670f1eab4	MF libexec/telnetd: Determine the host name using an array size of MAXHOSTNAMELEN and call trimdomain() before implementing the -u option.	1999-04-08 21:39:34 +00:00
brian	88f6c1a7e8	MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes.	1999-04-07 10:17:24 +00:00
brian	07625d3f4d	Use realhostname().	1999-04-06 23:35:21 +00:00
brian	290eeb0e06	MF src/libexec/telnetd: Verify the reverse DNS lookup ala rlogind. Suggested by: markm	1999-04-06 12:41:27 +00:00
peter	e133ecebec	Old stuff laying around: Don't use getstr which can conflict with some curses/termcap/terminfo implementations and causes recursion.	1998-12-16 06:06:06 +00:00
peter	f3847d7306	Old stuff from a source tree: copy (verbatum) the code to expand the %s/%m in the default /etc/gettytab.	1998-12-16 06:01:33 +00:00
gpalmer	be7570dbc1	Remove redundant decl. of time(). Causes problems on alpha	1998-09-01 15:17:28 +00:00
jdp	f731a1a207	Remove a work-around for an assembler bug that has been fixed since April, 1997. The work-around causes problems under ELF.	1998-08-31 20:01:48 +00:00
markm	0503689f0a	Fix nasty typo that randomly caused kinit to not properly deduce the user's username when this was not specified. Reported by: Sean Eric Fagan	1998-03-29 07:27:43 +00:00
markm	3513ffecbf	Make the ticket filename the same as for our old eBones. I am going to kerberize xdm again, and it will be a pain to maintain two different sets of patches (for 2.2 and 3.0).	1998-02-16 12:39:25 +00:00
markm	765f216743	Bring back the old behaviour of kinit; if no username is mentioned on the command line, attempt to get a ticket for the current uid (or <uid>.root if we are already su'ed). Requested By: Garrett Wollman	1998-02-16 12:36:49 +00:00
imp	7d01b0b30c	MFC: sprintf paranoia	1998-01-22 00:04:57 +00:00
charnier	25d74465e2	MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3).	1997-12-08 07:41:13 +00:00
markm	6026327fe6	kinit(1) and its man page do not agre on what is reported with -v. Fix this. Submitted by: Sheldon Hearn.	1997-11-25 21:12:37 +00:00
uhclem	e9a0f249e7	PR: bin/771 and bin/1037 are resolved by this change This change changes the default handling of linemode so that older and/or stupider telnet clients can still get wakeup characters like <ESC> and <CTRL>D to work correctly multiple times on the same line, as in csh "set filec" operations. It also causes CR and LF characters to be read by apps in certain terminal modes consistently, as opposed to returning CR sometimes and LF sometimes, which broke existing apps. The change was shown to fix the problem demonstrated in the FreeBSD telnet client, along with the telnet client in Solaris, SCO, Windows '95 & NT, DEC OSF, NCSA, and others. A similar change was incorporated in the non-crypto version of telnetd. This resolves bin/771 and bin/1037.	1997-10-08 03:14:34 +00:00
wosch	8ee659dd96	Sort cross refereces in section SEE ALSO.	1997-09-29 19:11:55 +00:00
markm	00501fb8d7	FreeBSD's original passwd helper is needed here.	1997-09-21 17:37:08 +00:00
markm	cd2a6be22c	Bring the FreeBSD changes to the virgin sources.	1997-09-07 07:02:53 +00:00
markm	d1685a9fcc	FreeBSD specific schanges - mainly religious issues about where to put stuff.	1997-09-04 21:37:57 +00:00
markm	21c65d62af	This commit was generated by cvs2svn to compensate for changes in r29088, which included commits to RCS files with non-trunk default branches.	1997-09-04 06:11:16 +00:00
markm	2ea49f693f	Initial import of BSD telnet. This will be used to build the kerberised telnet, and after userland diffs have been merged in, will be used to build the non-kerberised sources as well. (See unifdef(1) for details)	1997-09-04 06:11:16 +00:00
markm	a8a89cfaf9	Initial import of KTH eBones. This has been cleaned up to only include the "core" Kerberos functionality. The rest of the userland will get their own changes later.	1997-09-04 06:04:33 +00:00
markm	5a800c893f	This commit was generated by cvs2svn to compensate for changes in r29085, which included commits to RCS files with non-trunk default branches.	1997-09-04 06:04:33 +00:00
markm	fe8101c086	Bring in the Starter files for the contrib-crypto dir. I am not going to commit anything to this area for a few days. This is because 1) I want everyone to be DARN sure there is no export of crypto that may get our USA friends it trouble. 2) I have been asked by the folk developing KTH-eBones to hold off for their new release. Worked with: rkw, jdp CVS: CVS:	1997-05-03 09:16:07 +00:00

... 9 10 11 12 13 ...

747 Commits