nectar
2f13e09165
Import of OpenSSL 0.9.6e.
2002-07-30 13:38:06 +00:00
nectar
9b2d850453
This commit was generated by cvs2svn to compensate for changes in r100936,
...
which included commits to RCS files with non-trunk default branches.
2002-07-30 13:38:06 +00:00
nectar
7515065745
This man page has not been referenced by anything for a while,
...
and is not part of the OpenSSL distribution. Remove it.
2002-07-30 12:54:03 +00:00
nectar
0518ae8674
Remove many obsolete files. The majority of these are simply no
...
longer included as part of the OpenSSL distribution. However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.
2002-07-30 12:51:09 +00:00
nectar
8b62a95bfc
Resolve conflicts after import of OpenSSL 0.9.6d.
2002-07-30 12:46:49 +00:00
nectar
0aed2eea83
Import of OpenSSL 0.9.6d.
2002-07-30 12:44:15 +00:00
nectar
050218e0d0
This commit was generated by cvs2svn to compensate for changes in r100928,
...
which included commits to RCS files with non-trunk default branches.
2002-07-30 12:44:15 +00:00
nectar
ef94fba97d
Update list of files to remove prior to import of OpenSSL 0.9.6d
2002-07-30 12:38:41 +00:00
fanf
1ae0b432fe
Use login_getpwclass() instead of login_getclass() so that the root
...
vs. default login class distinction is made correctly.
PR: 37416
Approved by: des
MFC after: 4 days
2002-07-29 00:36:24 +00:00
fanf
b26a01d35d
FreeBSD doesn't use the host RSA key by default.
...
Reviewed by: des
2002-07-26 15:16:56 +00:00
ache
57a3dbab09
Problems addressed:
...
1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.
Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)
2002-07-26 02:20:00 +00:00
fanf
8e466364e9
Document the FreeBSD default for CheckHostIP, which was changed in
...
rev 1.2 of readconf.c.
Approved by: des
2002-07-25 15:59:40 +00:00
des
0aa82e6d90
Whitespace nit.
2002-07-23 17:57:17 +00:00
des
5aaa4a883f
In pam_init_ctx(), register a cleanup function that will kill the child
...
process if a fatal error occurs. Deregister it in pam_free_ctx().
2002-07-17 17:44:02 +00:00
des
71869d2ebd
Use realhostname_sa(3) so the IP address will be used instead of the
...
hostname if the latter is too long for utmp.
Submitted by: ru
MFC after: 3 days
2002-07-11 10:36:10 +00:00
des
ed67e10a93
Do not try to use PAM for password authentication, as it is
...
already (and far better) supported by the challenge/response
authentication mechanism.
2002-07-10 23:05:13 +00:00
des
1983859ac6
Don't forget to clear the buffer before reusing it.
2002-07-10 23:04:07 +00:00
des
ac9c3868c1
Rewrite to use the buffer API instead of roll-your-own messaging.
...
Suggested by: Markus Friedl <markus@openbsd.org>
Sponsored by: DARPA, NAI Labs
2002-07-05 15:27:26 +00:00
des
cd66807aa2
(forgot to commit) We don't need --with-opie since PAM takes care of it.
2002-07-05 15:25:55 +00:00
des
7e54a0bbed
- Don't enable OpenSSH's OPIE support, since we let PAM handle OPIE.
...
- We don't have setutent(3) etc., and I have no idea why configure ever
thought we did.
2002-07-03 00:12:09 +00:00
des
f450aaf037
Two FreeBSD-specific nits in comments:
...
- ChallengeResponseAuthentication controls PAM, not S/Key
- We don't honor PAMAuthenticationViaKbdInt, because the code path it
controls doesn't make sense for us, so don't mention it.
Sponsored by: DARPA, NAI Labs
2002-07-03 00:08:19 +00:00
des
e9db3343e8
Version bump for mm_answer_pam_respond() fix.
2002-07-02 13:07:37 +00:00
des
7523600be4
Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if
...
PAM authentication failed due to an incorrect response.
2002-07-02 13:07:17 +00:00
des
9cc7de0fcd
Forgot to update the addendum in the config files.
2002-06-30 10:32:09 +00:00
des
3cde2270d8
Regenerate.
2002-06-29 11:58:32 +00:00
des
437db953e0
<sys/mman.h> requires <sys/types.h>.
2002-06-29 11:57:51 +00:00
des
72a8e501f7
Resolve conflicts.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 11:48:59 +00:00
des
1ba793a7c0
Vendor import of OpenSSH 3.4p1.
2002-06-29 11:34:13 +00:00
des
96f831106b
This commit was generated by cvs2svn to compensate for changes in r99060,
...
which included commits to RCS files with non-trunk default branches.
2002-06-29 11:34:13 +00:00
des
1fe6eac54a
Commit config.h so we don't need autoconf to build world.
2002-06-29 11:31:02 +00:00
des
31ca40f6fa
OpenBSD lifted this code our tree. Preserve the original CVS id.
2002-06-29 11:25:20 +00:00
des
a1a5bcd8f6
Use our __RCSID().
2002-06-29 11:22:20 +00:00
des
f5c4526d2f
Make sure the environment variables set by setusercontext() are passed on
...
to the child process.
Reviewed by: ache
Sponsored by: DARPA, NAI Labs
2002-06-29 11:21:58 +00:00
des
eb9c7816d4
Canonicize the host name before looking it up in the host file.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:57:53 +00:00
des
c6ba2ba489
Apply class-imposed login restrictions.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:57:13 +00:00
des
3003a57dbb
PAM support, the FreeBSD way.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:56:23 +00:00
des
3f22fbc9c3
Document FreeBSD defaults.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:55:18 +00:00
des
3e4ef54c7b
Document FreeBSD defaults and paths.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:53:57 +00:00
des
10f0309f20
Remove duplicate.
2002-06-29 10:52:42 +00:00
des
2d6cae03f1
Apply FreeBSD's configuration defaults.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:51:56 +00:00
des
a56e989df5
Add the VersionAddendum configuration variable.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:49:57 +00:00
des
4d49e874a9
Support OPIE as an alternative to S/Key.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:44:37 +00:00
des
3aa72d2c55
Document the upgrade process.
2002-06-29 10:39:14 +00:00
des
4ff94afd20
Files we don't want to import.
2002-06-29 10:39:02 +00:00
des
5ba29faa04
Forcibly revert to mainline.
2002-06-27 22:42:11 +00:00
des
bb02848f18
Vendor import of OpenSSH 3.3p1.
2002-06-27 22:31:32 +00:00
des
0a08712215
This commit was generated by cvs2svn to compensate for changes in r98937,
...
which included commits to RCS files with non-trunk default branches.
2002-06-27 22:31:32 +00:00
markm
741591a6b4
Warnings fixes. Sort out some variable types.
2002-06-26 17:06:14 +00:00
markm
d999cc9a29
Help fix warnings by marking an argument as unused.
2002-06-26 17:05:08 +00:00
dinoex
fd860e7d16
remove declaration of authlog
...
use variable from_host
Reviewed by: des
2002-06-24 11:11:30 +00:00
des
4db40e9ca5
IPv4or6 is already defined in libssh.
2002-06-24 10:15:26 +00:00
des
2894284b2a
Resolve conflicts and document local changes.
2002-06-23 21:42:47 +00:00
des
5375a0a2ad
Correctly export the environment variables set by setusercontext().
...
Sponsored by: DARPA, NAI Labs
2002-06-23 20:22:49 +00:00
des
fa8aa6dfe7
Resolve conflicts. Known issues:
...
- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.
Sponsored by: DARPA, NAI Labs
2002-06-23 16:09:08 +00:00
des
610201f50f
Vendor import of OpenSSH 3.3.
2002-06-23 14:01:54 +00:00
des
0161794f0d
This commit was generated by cvs2svn to compensate for changes in r98675,
...
which included commits to RCS files with non-trunk default branches.
2002-06-23 14:01:54 +00:00
jmallett
afc38d0730
Don't risk catching a signal while handling a signal for a dying child, as we
...
can then end up not properly clearing wtmp/utmp entries.
PR: bin/37934
Submitted by: Sandeep Kumar <skumar@juniper.net>
Reviewed by: markm
MFC after: 2 weeks
2002-05-27 08:10:24 +00:00
jedgar
a679ebf88a
Remove _PATH_CP now that it is defined in paths.h
...
Reviewed by: des
2002-05-12 01:52:11 +00:00
alfred
ab796ae7fb
unbreak build:
...
commands.c, sys_bsd.c: comment out/remove junk after #endif/#else
network.c, terminal.c, utlities.c: include stdlib.h for exit(3)
2002-05-11 03:19:44 +00:00
des
a4d79fec60
Resurrect as an empty file to unbreak the build. We have everything we
...
need in paths.h.
2002-05-08 17:19:02 +00:00
markm
452e85175e
Fix an external declaration that was causing telnetd to core dump.
...
MFC after: 1 week
PR: 37766
2002-05-06 09:46:29 +00:00
obrien
0908b99eb0
Usual after-import fixup of SCM IDs.
2002-05-01 22:39:53 +00:00
des
ec4b7563a5
Back out previous commit.
2002-04-25 16:53:25 +00:00
jkh
04da61f7a8
Change default challenge/response behavior of sshd by popular demand.
...
This brings us into sync with the behavior of sshd on other Unix platforms.
Submitted by: Joshua Goodall <joshua@roughtrade.net>
2002-04-25 05:59:53 +00:00
ache
162e53dcfe
1) Proberly conditionalize PAM "last login" printout.
...
2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block,
narrow it down.
3) Don't check the same conditions twice (for "copyright" and "welcome"),
put them under single block.
4) Print \n between "copyright" and "welcome" as our login does.
Reviewed by: des (1)
2002-04-23 12:36:11 +00:00
des
ad8d1ef864
Don't report last login time in PAM case. (perforce change 10057)
...
Sponsored by: DARPA, NAI Labs
2002-04-22 06:26:29 +00:00
des
1a6399fa3b
Fix warnings + wait for child so it doesn't go zombie (perforce change 10122)
2002-04-22 06:25:13 +00:00
ache
ac2b640032
Move LOGIN_CAP calls before all file descriptors are closed hard, since some
...
descriptors may be used by LOGIN_CAP internally, add login_close().
Use "nocheckmail" LOGIN_CAP capability too like our login does.
2002-04-21 13:31:56 +00:00
ache
b8f64a3c9b
Fix TZ & TERM handling for use_login case of rev. 1.24
2002-04-20 09:56:10 +00:00
ache
a9f47835a0
1) Surprisingly, "CheckMail" handling code completely removed from this
...
version, so documented "CheckMail" option exists but does nothing.
Bring it back to life adding code back.
2) Cosmetique. Reduce number of args in do_setusercontext()
2002-04-20 09:26:43 +00:00
ache
4c135df5a2
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old
...
code merge.
2) In addition honor "timezone" and "term" capabilities from login.conf,
not overwrite them once they set (they are TZ and TERM variables).
2002-04-20 05:44:36 +00:00
ache
9cec8df7cf
Please repeat after me: setusercontext() modifies _current_ environment, but
...
sshd uses separate child_env. So, to make setusercontext() really does
something, environment must be switched before call and passed to child_env
back after it.
The error here was that modified environment not passed back to child_env,
so all variables that setusercontext() adds are lost, including ones from
~/.login_conf
2002-04-20 04:38:07 +00:00
des
67bfdd081a
Fix some warnings. Don't record logins twice in USE_PAM case. Strip
...
"/dev/" off the tty name before passing it to auth_ttyok or PAM.
Inspired by: dinoex
Sponsored by: DARPA, NAI Labs
2002-04-14 16:24:36 +00:00
des
0e80f55d44
Back out previous backout. It seems I was right to begin with, and DSA is
...
preferrable to RSA (not least because the SECSH draft standard requires
DSA while RSA is only recommended).
2002-04-12 15:52:10 +00:00
des
0264ee3296
Knowledgeable persons assure me that RSA is preferable to DSA and that we
...
should transition away from DSA.
2002-04-11 22:04:40 +00:00
des
d48b9c1d4a
Prefer DSA to RSA if both are available.
2002-04-11 16:08:48 +00:00
des
be2e00cce9
Do not attempt to load an ssh2 RSA host key by default.
2002-04-11 16:08:02 +00:00
ru
54bcb55671
Align for const poisoning in -lutil.
2002-04-08 11:07:51 +00:00
des
a3900e7d70
Nuke stale copy of the pam_ssh(8) source code.
2002-04-06 04:46:01 +00:00
des
a06ed407a7
Revert to vendor version, what little was left of our local patches here
...
was incorrect.
Pointed out by: Markus Friedl <markus@openbsd.org>
2002-04-02 23:07:31 +00:00
des
26f5df0f67
Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens
...
the version string to 28 characters, which is below the 40-character limit
specified in the proposed SECSH standard. Some servers, however (like the
one built into the Foundry BigIron line of switches) will hang when
confronted with a version string longer than 24 characters, so some users
may need to shorten it further.
Sponsored by: DARPA, NAI Labs
2002-04-02 21:53:54 +00:00
des
ac025bb036
Make the various ssh clients understand the VersionAddendum option.
...
Submitted by: pb
2002-04-02 21:48:51 +00:00
ru
065ea04bd8
Switch over to using pam_login_access(8) module in sshd(8).
...
(Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
2002-03-26 12:52:28 +00:00
nectar
6a3cd1f6ba
REALLY correct typo this time.
...
Noticed by: roam
2002-03-26 12:27:43 +00:00
nectar
8624a5ead1
Fix typo (missing paren) affecting KRB4 && KRB5 case.
...
Approved by: des
2002-03-25 14:55:41 +00:00
des
c379ca4071
We keep moduli(5) in /etc/ssh, not /etc.
2002-03-23 19:26:21 +00:00
des
0f9782fc45
Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.
...
Sponsored by: DARPA, NAI Labs
2002-03-21 12:55:21 +00:00
des
af3f1ef24c
Use the "sshd" service instead of "csshd". The latter was only needed
...
because of bugs (incorrect design decisions, actually) in Linux-PAM.
Sponsored by: DARPA, NAI Labs
2002-03-21 12:23:09 +00:00
cvs2svn
f58c4e7f5e
This commit was manufactured by cvs2svn to create branch
...
'VENDOR-crypto-openssh'.
2002-03-21 12:18:28 +00:00
des
cb58035239
Use PAM instead of S/Key (or OPIE) for SSH2.
...
Sponsored by: DARPA, NAI Labs
2002-03-21 12:18:27 +00:00
des
2e58ec0271
Note that portions of this software were
...
Sponsored by: DARPA, NAI Labs
2002-03-20 22:10:10 +00:00
des
8528b8bd57
- Change the prompt from "S/Key Password: " to "OPIE Password: "
...
- If the user doesn't have an OPIE key, don't challenge him. This is
a workaround until I get PAM to work properly with ssh2.
Sponsored by: DARPA, NAI Labs
2002-03-20 22:02:02 +00:00
des
2423fff46f
Unbreak for KRB4 ^ KRB5 case.
...
Sponsored by: DARPA, NAI Labs
2002-03-19 16:44:11 +00:00
des
0ddd6e4b65
Revive this file (which is used for opie rather than skey)
2002-03-18 10:31:33 +00:00
des
6534271ec8
Fix conflicts.
2002-03-18 10:09:43 +00:00
des
2fc4a48897
Vendor import of OpenSSH 3.1
2002-03-18 09:55:03 +00:00
des
ec85a15f0e
This commit was generated by cvs2svn to compensate for changes in r92555,
...
which included commits to RCS files with non-trunk default branches.
2002-03-18 09:55:03 +00:00
des
160859d708
Diff reduction.
...
Sponsored by: DARPA, NAI Labs
2002-03-16 08:03:48 +00:00
nectar
f2ed33b521
Update version string.
2002-03-07 14:36:28 +00:00
nectar
6ee5449e7c
Fix off-by-one error.
...
Obtained from: OpenBSD
2002-03-05 14:27:19 +00:00
green
445306ca92
Use login_getpwclass() instead of login_getclass() so that default
...
mapping of user login classes works.
Obtained from: TrustedBSD project
Sponsored by: DARPA, NAI Labs
2002-02-27 22:36:30 +00:00
nectar
63b64d9c11
Update build after import of Heimdal Kerberos 2002/02/17.
2002-02-19 15:53:33 +00:00
nectar
f4587696d6
Remove files that were dropped from Heimdal Kerberos 2002/02/17.
2002-02-19 15:51:09 +00:00
nectar
25f2aedbdd
Resolve conflicts after import of Heimdal Kerberos 2002/02/17.
2002-02-19 15:50:30 +00:00
nectar
69a91bec14
Import of Heimdal Kerberos from KTH repository circa 2002/02/17.
2002-02-19 15:46:56 +00:00
nectar
4691b92e66
This commit was generated by cvs2svn to compensate for changes in r90926,
...
which included commits to RCS files with non-trunk default branches.
2002-02-19 15:46:56 +00:00
sheldonh
81cc5956d9
Don't use non-signal-safe functions (exit(3) in this case) in
...
signal handlers. In this case, use _exit(2) instead, following
the call to shutdown(2).
This fixes rare telnetd hangs.
PR: misc/33672
Submitted by: Umesh Krishnaswamy <umesh@juniper.net>
MFC after: 1 month
2002-02-05 15:20:02 +00:00
kris
7b695f1ddd
Resolve conflicts.
2002-01-27 03:17:13 +00:00
kris
1f8c2aa176
Initial import of OpenSSL 0.9.6c
2002-01-27 03:13:07 +00:00
kris
0b3d98771f
This commit was generated by cvs2svn to compensate for changes in r89837,
...
which included commits to RCS files with non-trunk default branches.
2002-01-27 03:13:07 +00:00
ru
5307ecb83c
Make libssh.so useable (undefined reference to IPv4or6).
...
Reviewed by: des, markm
Approved by: markm
2002-01-23 15:06:47 +00:00
nectar
8db4cdb3da
Don't use getlogin() to determine whether we are root.
...
(Import of vendor fix.)
2002-01-15 19:25:55 +00:00
nectar
8d40c4c4ac
This commit was generated by cvs2svn to compensate for changes in r89402,
...
which included commits to RCS files with non-trunk default branches.
2002-01-15 19:25:55 +00:00
green
fe27adc46b
Fix a coredump bug occurring if ssh-keygen attempts to change the password
...
on a DSA key.
Submitted by: ian j hart <ianjhart@ntlworld.com>
2002-01-07 15:55:20 +00:00
ru
8c39ab0e40
mdoc(7) police: remove -r from SYNOPSIS, sort -p in DESCRIPTION.
2001-12-14 14:41:07 +00:00
jkh
fcc97a61ad
Don't assume that the number of fds to select on is known quantity (in
...
this case 16). Use dynamic FD_SETs and calculated high-water marks
throughout. There are also too many versions of telnet in the tree.
Obtained from: OpenBSD and Apple's Radar database
MFC after: 2 days
2001-12-09 09:53:27 +00:00
ru
dc891f7e3c
Fixed bugs from previous revision.
...
Removed -s from SYNOPSIS and restored -S in DESCRIPTION.
2001-12-04 16:02:36 +00:00
nectar
d69c342a45
Update version string since we applied a fix for the UseLogin issue.
2001-12-03 22:47:51 +00:00
jhay
06c2f4bca3
Protect variables and function prototypes that are only used in the INET6
...
case with an ifdef INET6.
This make the fixit floppy compile again.
Reviewed by: markm
2001-12-03 17:42:02 +00:00
markm
c7155665d1
More help for alpha WARNS=2. This code is, erm, unusual. Anyone who
...
feels like rewriting it will meet no objection from me.
2001-12-03 12:16:40 +00:00
markm
7138baa87d
help the alphas out with the WARNS=2 stuff.
2001-12-03 12:13:18 +00:00
nectar
b0b55f7f5f
Do not pass user-defined environmental variables to /usr/bin/login.
...
Obtained from: OpenBSD
Approved by: green
2001-12-03 00:51:47 +00:00
markm
4cff8701ff
Protect names that are used elsewhere. This fixes WARNS=2 breakage
...
in crypto telnet.
2001-12-01 18:48:36 +00:00
markm
14227a41e2
Damn. The previous mega-commit was incomplete WRT ANSIfication. This
...
fixes that.
2001-11-30 22:28:07 +00:00
markm
19fd256fae
Very large style makeover.
...
1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff
This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
dwmalone
9a6b4717f3
In the "UseLogin yes" case we need env to be NULL to make sure it
...
will be correctly initialised.
PR: 32065
Tested by: The Anarcat <anarcat@anarcat.dyndns.org>
MFC after: 3 days
2001-11-19 19:40:14 +00:00
jhb
1c9daba05c
Fix world by trimming an extra comment terminator.
2001-10-29 19:22:38 +00:00
nsayer
267f5448c8
Add Berkeley copyright to SRA.
...
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:
Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.
>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.
>dave safford
This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.
MFC after: 1 day
2001-10-29 16:12:16 +00:00
markm
4c52c72d92
Diff-reduce these two.
...
Really, one of them needs to disappear. I'll figure out which
later.
Reported by: bde
2001-10-27 12:49:19 +00:00
markm
0163eae972
Add __FBSDID() to diff-reduce with "base" telnet.
2001-10-01 16:04:55 +00:00
green
e990e27894
Modify a "You don't exist" message, pretty rude for transient YP failures.
2001-09-27 18:54:42 +00:00
assar
6d29950919
fix renamed options in some of the code that was #ifdef AFS
...
also print an error if krb5 ticket passing is disabled
Submitted by: Jonathan Chen <jon@spock.org>
2001-09-04 13:27:04 +00:00
markm
5987cca2b8
Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.
2001-08-29 14:16:17 +00:00
ps
e7bdb473a8
Backout last change. I didnt follow the thread and made a mistake
...
with this. localisations is a valid spelling. Oops
2001-08-27 10:37:50 +00:00
ps
4e55facbeb
Correctly spell localizations
2001-08-27 10:20:02 +00:00
dd
2c3a92a16f
Remove description of an option that only applies to UNICOS < 7.0.
...
That define may still be present in the source, but I don't think
anyone has plans to try to use it.
Obtained from: NetBSD
2001-08-25 21:29:12 +00:00
markm
62fa01a04b
Code merge and diff reduce with "base" telnet. This is the "later"
...
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.
2001-08-20 12:28:40 +00:00
green
9f287caebc
Update the OpenSSH minor-version string.
...
Requested by: obrien
Reviewed by: rwatson
2001-08-16 19:26:19 +00:00
horikawa
679dd2c9f8
Removal of following export controll related sentences:
...
o Because of export controls, TELNET ENCRYPT option is not supported outside
of the United States and Canada.
o Because of export controls, data encryption
is not supported outside of the United States and Canada.
src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.
Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc
2001-08-15 01:30:25 +00:00
ru
24c7b0a61d
mdoc(7) police: s/BSD/.Bx/ where appropriate.
2001-08-14 10:01:54 +00:00
kris
d051133293
output_data(), output_datalen() and netflush() didn't actually guarantee
...
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded). Change the
semantics so that these functions ensure they complete the operation before
returning.
Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.
Patch developed with assistance from ru and assar.
2001-07-23 21:52:26 +00:00
ru
4b023c5a9f
More potential buffer overflow fixes.
...
o Fixed `nfrontp' calculations in output_data(). If `remaining' is
initially zero, it was possible for `nfrontp' to be decremented.
Noticed by: dillon
o Replaced leaking writenet() with output_datalen():
: * writenet
: *
: * Just a handy little function to write a bit of raw data to the net.
: * It will force a transmit of the buffer if necessary
: *
: * arguments
: * ptr - A pointer to a character string to write
: * len - How many bytes to write
: */
: void
: writenet(ptr, len)
: register unsigned char *ptr;
: register int len;
: {
: /* flush buffer if no room for new data) */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: /* if this fails, don't worry, buffer is a little big */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: netflush();
: }
:
: memmove(nfrontp, ptr, len);
: nfrontp += len;
:
: } /* end of writenet */
What an irony! :-)
o Optimized output_datalen() a bit.
2001-07-20 12:02:30 +00:00
kris
18cbcd5eff
Resolve conflicts
2001-07-19 20:05:28 +00:00
kris
3b19ada1e8
Initial import of OpenSSL 0.9.6b
2001-07-19 19:59:37 +00:00
kris
84fabcda92
This commit was generated by cvs2svn to compensate for changes in r79998,
...
which included commits to RCS files with non-trunk default branches.
2001-07-19 19:59:37 +00:00
ru
5bfe15ad2f
vsnprintf() can return a value larger than the buffer size.
...
Submitted by: assar
Obtained from: OpenBSD
2001-07-19 18:58:31 +00:00
ru
9cac33d71f
Fixed the exploitable remote buffer overflow.
...
Reported on: bugtraq
Obtained from: Heimdal, NetBSD
Reviewed by: obrien, imp
2001-07-19 17:48:57 +00:00
nectar
0e7f0df834
Bug fix: When the client connects to a server and Kerberos
...
authentication is enabled, the client effectively ignores any error
from krb5_rd_rep due to a missing branch.
In theory this could result in an ssh client using Kerberos 5
authentication accepting a spoofed AP-REP. I doubt this is a real
possiblity, however, because the AP-REP is passed from the server to
the client via the SSH encrypted channel. Any tampering should cause
the decryption or MAC to fail.
Approved by: green
MFC after: 1 week
2001-07-13 18:12:13 +00:00
ru
d19961ab7f
mdoc(7) police: removed HISTORY info from the .Os call.
2001-07-10 10:42:19 +00:00
green
961721080a
Fix an incorrect conflict resolution which prevented TISAuthentication
...
from working right in 2.9.
2001-07-07 14:19:53 +00:00
ru
9fe5b34c60
mdoc(7) police: merge all fixes from non-crypto version.
2001-07-05 14:08:12 +00:00
ru
30aad2eb2c
MF non-crypto: 1.13: document -u in usage.
2001-07-05 14:06:27 +00:00
green
93a6a41112
Also add a colon to "Bad passphrase, please try again ".
2001-06-29 16:43:13 +00:00
green
5d06029221
Put in a missing colon in the "Enter passphrase" message.
2001-06-29 16:34:14 +00:00
green
fe0162ddb3
Back out the last change which is probably actually a red herring. Argh!
2001-06-26 15:15:22 +00:00
green
c3258d9fdd
Don't pointlessly kill a channel because the first (forced)
...
non-blocking read returns 0.
Now I can finally tunnel CVSUP again...
2001-06-26 14:17:35 +00:00
assar
c05dadd832
fix merges from 0.3f
2001-06-21 02:21:57 +00:00
assar
0c8fa35435
import of heimdal 0.3f
2001-06-21 02:12:07 +00:00
assar
7281f96821
This commit was generated by cvs2svn to compensate for changes in r78527,
...
which included commits to RCS files with non-trunk default branches.
2001-06-21 02:12:07 +00:00
assar
116337ea17
(do_authloop): handle !KRB4 && KRB5
2001-06-16 07:44:17 +00:00
markm
5fa9d6f739
Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does
...
not imply that you want, need or have kerberosIV headers.
2001-06-15 08:12:31 +00:00
green
fdb0c1688a
Enable Kerberos 5 support in sshd again.
2001-06-12 03:43:47 +00:00
green
45d207659b
Switch to the user's uid before attempting to unlink the auth forwarding
...
file, nullifying the effects of a race.
Obtained from: OpenBSD
2001-06-08 22:22:09 +00:00
obrien
a26134411c
Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason.
2001-05-24 07:22:08 +00:00
dillon
0c1af1bd68
Oops, forgot the 'u' in the getopt for the previous commit.
2001-05-24 00:14:19 +00:00
dillon
9ff666d52d
A feature to allow one to telnet to a unix domain socket. (MFC from
...
non-crypto version)
Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.
Obtained from: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
2001-05-23 22:54:07 +00:00
kris
445c7928a1
Resolve conflicts
2001-05-20 03:17:35 +00:00
kris
12896e829e
Initial import of OpenSSL 0.9.6a
2001-05-20 03:07:21 +00:00
kris
d8a086ad88
This commit was generated by cvs2svn to compensate for changes in r76866,
...
which included commits to RCS files with non-trunk default branches.
2001-05-20 03:07:21 +00:00
obrien
bac609c202
Restore the RSA host key to /etc/ssh/ssh_host_key.
...
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
2001-05-18 18:10:02 +00:00
nsayer
e25576d211
Make the PAM user-override actually override the correect thing.
2001-05-17 16:28:11 +00:00
peter
859d222e45
Back out last commit. This was already fixed. This should never have
...
happened, this is why we have commit mail expressly delivered to
committers.
2001-05-17 03:14:42 +00:00
peter
fdd845cf6b
Fix the latest telnet breakage. Obviously this was never compiled.
2001-05-17 03:13:00 +00:00
nsayer
295844e3ff
Since the root-on-insecure-tty code was added to telnetd, a dependency
...
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
2001-05-16 20:34:42 +00:00
nsayer
02a47b1303
Make sure the protocol actively rejects bad data rather than
...
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
nsayer
280add2b35
srandomdev() affords us the opportunity to radically improve, and at the
...
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
nsayer
ca01fb27dc
Catch any attempted buffer overflows. The magic numbers in this code
...
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.
Submitted by: kris
2001-05-16 18:27:09 +00:00
nsayer
ce94eedfd7
Catch malloc return failures. This should help avoid dereferencing NULL on
...
low-memory situations.
Submitted by: kris
2001-05-16 18:17:55 +00:00
peter
6125cb47e3
Hack to work around braindeath in libtelnet:sra.c. The sra.o file
...
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
nsayer
2bdf180df8
If the uid of the attempted authentication is 0 and if the pty is
...
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
green
a407780211
If a host would exceed 16 characters in the utmp entry, record only
...
it's IP address/base host instead.
Submitted by: brian
2001-05-15 01:50:40 +00:00
ru
3add9296c0
mdoc(7) police: finished fixing conflicts in revision 1.18.
2001-05-14 18:13:34 +00:00
markm
cdb0cb9ccd
Fix make world in the kerberosIV case.
2001-05-11 09:36:17 +00:00
assar
afb22517a4
merge imported changes into HEAD
2001-05-11 00:14:02 +00:00
alfred
bd16bfd06f
Fix some of the handling in the pam module, don't unregister things
...
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.
Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
2001-05-09 03:40:37 +00:00
green
9c961719a9
Since PAM is broken, let pam_setcred() failure be non-fatal.
2001-05-08 22:30:18 +00:00
assar
a4ee56e2bb
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
assar
06c859ecf5
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
assar
b9733926af
This commit was generated by cvs2svn to compensate for changes in r76371,
...
which included commits to RCS files with non-trunk default branches.
2001-05-08 14:57:13 +00:00
nsayer
b47830be3e
Pointy hat fix -- reapply the SRA PAM patch. To -current this time.
2001-05-07 20:42:02 +00:00
green
3f59c74031
sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
2001-05-05 13:48:13 +00:00
green
094816f4b2
Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
...
(Missing Delta Brigade, tally-ho!)
2001-05-05 01:12:45 +00:00
green
729aac1a81
Get ssh(1) compiling with MAKE_KERBEROS5.
2001-05-04 04:37:49 +00:00
green
d1f65ecd2b
Remove obsoleted files.
2001-05-04 04:15:22 +00:00
green
119a11eb6b
Fix conflicts for OpenSSH 2.9.
2001-05-04 04:14:23 +00:00
green
8acd87ac47
Say "hi" to the latest in the OpenSSH series, version 2.9!
...
Happy birthday to: rwatson
2001-05-04 03:57:05 +00:00
green
08fd06354d
This commit was generated by cvs2svn to compensate for changes in r76259,
...
which included commits to RCS files with non-trunk default branches.
2001-05-04 03:57:05 +00:00
green
461d7e1472
Add a "VersionAddendum" configuration setting for sshd which allows
...
anyone to easily change the part of the OpenSSH version after the main
version number. The FreeBSD-specific version banner could be disabled
that way, for example:
# Call ourselves plain OpenSSH
VersionAddendum
2001-05-03 00:29:28 +00:00
green
6d6d6e45ee
Backout completely canonical lookup modifications.
2001-05-03 00:26:47 +00:00
markm
10249e46a3
Toss into attic stuff we don't use.
2001-04-14 09:48:26 +00:00
ru
8e59fdc98e
mdoc(7) police: removed hard sentence breaks introduced in rev.1.10.
2001-04-13 08:49:52 +00:00
nsayer
311a1c9e61
Clean up telnet's argument processing a bit. autologin and encryption is
...
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
2001-04-06 15:56:10 +00:00
nsayer
66051d03dc
Reactivate SRA.
...
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
green
b9a62213ae
Suggested by kris, OpenSSH shall have a version designated to note that
...
it's not "plain" OpenSSH 2.3.0.
2001-03-20 02:11:25 +00:00
green
e1c06db961
Make password attacks based on traffic analysis harder by requiring that
...
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.
Obtained from: OpenBSD
2001-03-20 02:06:40 +00:00
nsayer
392858ffd3
Fix core noted in -stable with 'auth disable SRA'.
...
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
asmodai
355885cfa7
Fix double mention of ssh.
...
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.
PR: 25743
Submitted by: David Wolfskill <dhw@whistle.com>
2001-03-15 09:24:40 +00:00
green
8b51db0ce8
Don't dump core when an attempt is made to login using protocol 2 with
...
an invalid user name.
2001-03-15 03:15:18 +00:00
assar
95047bd0c5
(try_krb5_authentication): simplify code. from joda@netbsd.org
2001-03-13 04:42:38 +00:00
assar
07c5543bb1
Fix LP64 problem in Kerberos 5 TGT passing.
...
Obtained from: NetBSD (done by thorpej@netbsd.org )
2001-03-12 08:14:22 +00:00
assar
c63261057a
enable auto-negotiation of encrypt and decrypt
2001-03-12 03:54:48 +00:00
assar
1387b4dc3d
initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory.
...
PR: bin/20779
2001-03-12 03:48:03 +00:00
green
f261519030
Reenable the SIGPIPE signal handler default in all cases for spawned
...
sessions.
2001-03-11 02:26:57 +00:00
markm
2624196bc4
Remove stuff that is really "ports material", generated files and
...
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
2001-03-04 07:26:45 +00:00
markm
3f99913eea
Trim down the source tree a bit. We shouldn't have blatantly
...
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
2001-03-04 07:06:39 +00:00
assar
4e2eb78eca
Add code for being compatible with ssh.com's krb5 authentication.
...
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
2001-03-04 02:22:04 +00:00
kris
4fef76e966
Resolve conflicts
2001-02-18 03:23:30 +00:00
kris
7e55354aa4
Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10
2001-02-18 03:17:36 +00:00
kris
68872806ec
This commit was generated by cvs2svn to compensate for changes in r72613,
...
which included commits to RCS files with non-trunk default branches.
2001-02-18 03:17:36 +00:00
ps
4abb31bd7d
Make ConnectionsPerPeriod non-fatal for real.
2001-02-18 01:33:31 +00:00
markm
b1b1c55467
Fix a "make world"-breaking inconsistency for those folks making
...
a world with both KRB4 and KRB5.
2001-02-14 19:54:36 +00:00
assar
c492c977b4
nuke conflict markers
2001-02-13 22:40:28 +00:00
assar
e25a9ea1d2
update to new heimdal libkrb5
2001-02-13 16:58:04 +00:00
assar
e1ae34cd7e
fix conflicts in heimdal 0.3e import
2001-02-13 16:52:56 +00:00
assar
ebfe6dc471
import of heimdal 0.3e
2001-02-13 16:46:19 +00:00
assar
3a971fe69a
This commit was generated by cvs2svn to compensate for changes in r72445,
...
which included commits to RCS files with non-trunk default branches.
2001-02-13 16:46:19 +00:00
kris
94cb603894
Patches backported from later development version of OpenSSH which prevent
...
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.
Reviewed by: rwatson
2001-02-12 06:44:51 +00:00
kris
5e1021a55a
Note that crypto/ is not used to build in, people should see secure/
...
instead.
2001-02-10 04:47:47 +00:00
asmodai
bf7345c3e8
Synch: Add $FreeBSD$.
2001-02-07 21:58:16 +00:00
asmodai
7d76aced28
Fix typo: compatability -> compatibility.
...
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
asmodai
47a2266000
Fix typo: seperate -> separate.
...
Seperate does not exist in the english language.
Submitted to look at by: kris
2001-02-06 10:39:38 +00:00
asmodai
43450ced68
Fix typo: wierd -> weird.
...
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
green
c0460ef928
Correctly fill in the sun_len for a sockaddr_sun.
...
Submitted by: Alexander Leidinger <Alexander@leidinger.net>
2001-02-04 20:23:17 +00:00
green
007d3cc3ed
MFS: Don't use the canonical hostname here, too.
2001-02-04 20:16:14 +00:00
green
8ae23e3ef8
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
2001-02-04 20:15:53 +00:00
ru
8c9e49b445
mdoc(7) police: split punctuation characters + misc fixes.
2001-02-01 17:12:45 +00:00
green
42801d85d9
Actually propagate back to the rest of the application that a command
...
was specified when using -t mode with the SSH client.
Submitted by: Dima Dorfman <dima@unixfreak.org>
2001-01-21 05:45:27 +00:00
green
759414f218
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
...
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
ru
a45dd3f68d
Prepare for mdoc(7)NG.
2001-01-10 16:51:28 +00:00
green
a121b36822
Fix a long-standing bug that resulted in a dropped session sometimes
...
when an X11-forwarded client was closed. For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really). Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
assar
2a7f590041
fix conflicts from merge
2000-12-29 21:16:01 +00:00
assar
2aa51584a1
import krb4-1.0.5
2000-12-29 21:00:22 +00:00
assar
29cd18e572
This commit was generated by cvs2svn to compensate for changes in r70494,
...
which included commits to RCS files with non-trunk default branches.
2000-12-29 21:00:22 +00:00
assar
7e5f2377be
merge fix from vendor for not overwriting old ticket file
2000-12-10 21:01:33 +00:00
assar
25b981f320
This commit was generated by cvs2svn to compensate for changes in r69836,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:01:33 +00:00
assar
32ce969d51
merge fix from vendor for removing buffer overrun
2000-12-10 21:00:35 +00:00
assar
636a56109d
This commit was generated by cvs2svn to compensate for changes in r69833,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:00:35 +00:00
assar
2fe34f87ef
merge fix from vendor for not looking at environment variables
2000-12-10 20:59:35 +00:00
assar
1419c7c47a
This commit was generated by cvs2svn to compensate for changes in r69830,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 20:59:35 +00:00
assar
b022d1d27e
(scrub_env): change to only accept a listed set of variables,
...
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00