kris
b3d817cd57
Update the wording on the error message when libcrypto.so can't find an
...
RSA library.
Reviewed by: peter, jkh
2000-03-02 06:21:02 +00:00
ume
1294a0b6cf
Enable connection logging. FreeBSD's libwrap is IPv6 ready.
...
OpenSSH is in our source tree, now. It's a time to enable it.
Reviewed by: markm, shin
Approved by: jkh
2000-02-29 19:37:04 +00:00
markm
37dce23afc
1) Add kerberos5 functionality.
...
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
by Andrey Chernov
2000-02-28 19:03:50 +00:00
brian
499e159c08
Don't put truncated hostnames in utmp
...
Approved by: jkh
2000-02-28 18:51:30 +00:00
peter
4f3a50153f
Sync with internat.freebsd.org; weak symbols vs static libs == trouble
2000-02-26 16:57:17 +00:00
peter
8d6551c752
Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot.
2000-02-26 14:20:18 +00:00
peter
95cacb19a9
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
...
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
2000-02-26 13:19:18 +00:00
peter
58c2a78aa2
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
...
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
2000-02-26 13:13:03 +00:00
peter
527ba28c8f
At great personal risk (to my already fragile sanity), reorganize
...
the rsa stubs for libcrypto. libcrypto.so now uses dlopen() to
implement the backends for either the native or rsaref implemented
RSA code.
This involves:
- unifying the libcrypto and openssl(1) source so there is no
#ifdef RSAref variations.
- using weak symbols and dlopen()/dlsym() routines to access the
rsa method vectors.
Releases will enable the user to choose International, US (rsaref) or
no RSA code at install time.
'make world' will DTRT depending on whether you have the international
or US source. For US users, you must either install rsaref (the port
or package) or (if you don't fear RSA Inc) use the (superior)
International rsa_eay.c code.
This has been discussed at great length by the affected folks and even
we have a great deal of confusion. This is a checkpoint so we can tune
the results. This works for me in all permutations I can think of and
should result in a CD/ftp 'release' just about doing the right thing now.
2000-02-26 13:06:55 +00:00
peter
eb77fcb95c
Redo this with a repo copy from the original file and reset the
...
__PREFIX__ markers.
2000-02-26 09:59:14 +00:00
peter
18bcb8d297
oops, update path to /etc/ssh/ssh_host_key
2000-02-26 02:24:38 +00:00
peter
7abc89037f
Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh
2000-02-25 14:25:10 +00:00
peter
7caf65d2f4
Don't use the dlopen() stubs if comiling with PIC. This still
...
needs some more thought for the static case. Should we provide weak
error-generating stubs for static binaries if -lrsaref was forgotten?
2000-02-25 08:13:50 +00:00
green
522f06fd77
Fix a bug that crawled in pretty recently (from the port). It made
...
sshd coredump :(
2000-02-25 05:22:14 +00:00
peter
8e4001f110
Fix garbage in SSH_PROGRAM (only on freefall, not internat)
2000-02-25 04:41:06 +00:00
green
83bac1a374
Make "CheckHostIP" default to off. This was proposed on -security and
...
earlier IRC, but despite my inital feeling against it, this seems
the more proper thing to do.
Proposed by: rwatson
2000-02-25 03:04:29 +00:00
green
129e6a7558
The includes must be <openssl/.*\.h>, not <ssl/.*\.h>.
2000-02-25 01:53:12 +00:00
markm
ccef1c20fc
remove more ports crud.
2000-02-24 23:54:00 +00:00
markm
190eabf199
remove ports junk
2000-02-24 23:46:38 +00:00
markm
881ec50548
Use libcrypto instead of libdes.
2000-02-24 20:21:16 +00:00
markm
443e3df9fc
RIP libdes. All hail libcrypto!
2000-02-24 19:35:08 +00:00
markm
2cbf93e2b4
Get crypto from libcrypto, not libdes.
2000-02-24 19:28:31 +00:00
markm
37a38e6638
Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)
2000-02-24 15:29:42 +00:00
markm
fc557ff7d9
Vendor import of OpenSSH.
2000-02-24 14:29:47 +00:00
markm
606d31b1ec
This commit was generated by cvs2svn to compensate for changes in r57429,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 14:29:47 +00:00
markm
be16c6202a
Merge conflicts.
2000-02-24 13:37:41 +00:00
markm
4d2ec46519
Oops; forgot to add this.
2000-02-24 13:20:48 +00:00
markm
3aaee576c1
Get this to the same level of functionality as old libdes.
2000-02-24 13:20:15 +00:00
markm
5ed96cd5da
Vendor import of Heimdal 0.2p
2000-02-24 11:28:20 +00:00
markm
4f25fdd792
This commit was generated by cvs2svn to compensate for changes in r57422,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:28:20 +00:00
markm
69414e22b9
Vendor import of Heimdal 0.2o
2000-02-24 11:19:29 +00:00
markm
1a9f61a7f9
This commit was generated by cvs2svn to compensate for changes in r57419,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:19:29 +00:00
markm
fa8b1a96d3
Vendor import of Heimdal 0.2n
2000-02-24 11:07:16 +00:00
markm
50efcd9b31
This commit was generated by cvs2svn to compensate for changes in r57416,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:07:16 +00:00
markm
d99784ddf1
freefall/internat diff reducer
2000-02-24 10:38:40 +00:00
markm
fd6da7cf96
Freefall/Internat diff reducer.
2000-02-24 10:37:29 +00:00
jkh
c99b4c1afc
Add call stubs for dynamic rsaref loading. This isn't enabled for now
...
but simply lets us sync up on the solution as it's evolved.
2000-02-22 06:22:54 +00:00
shin
981d4a6e4b
Use static buffer to save source route hostnames.
...
Approved by: jkh
2000-02-19 16:33:14 +00:00
shin
e1b335a34c
Print "Trying ..." for each host. Also cleanups for error printing.
...
Approved by: jkh
Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
2000-02-19 16:17:41 +00:00
shin
77f276d5ac
Fix bugs in telnet.
...
Sorry there were still several bugs.
-error retry at af missmatch was incomplete.
-af matching for source addr option was wrong
-socket was not freed at retry.
Approved by: jkh
2000-02-15 15:59:12 +00:00
shin
bca215974d
Add more dual stack consideration.
...
-Should retry as much as possible when some of source
routing intermediate hosts' address families missmatch
happened.
(such as when a host has only A record, and another host
has each of A and AAAA record.)
-Should retry as much as possible when dest addr and
source addr(specified with -s option) address family
missmatch happend
Approved by: jkh
2000-02-10 20:06:36 +00:00
shin
67ff6efc68
Fix telnet core dump at invalid service name specified.
...
Added an error check to avoid it.
Approved by: jkh
Submitted by: Robert Muir <rmuir@gibralter.net>
2000-02-07 00:52:49 +00:00
shin
3859c2231c
Add NI_NAMEREQD flag to getnameinfo() call. Without this flag,
...
getnameinfo() don't return error at name resolving failure.
But it is used at doaddrlookup(-N) case in telnet, error need to be
returned to correctly initialize hostname buffer.
Discovered at checking recent KAME repository change, noticed by itojun.
2000-01-29 18:21:05 +00:00
shin
ce15efb7c0
another tcp apps IPv6 updates.(should be make world safe)
...
ftp, telnet, ftpd, faithd
also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
2000-01-27 09:28:38 +00:00
kris
7e4e44947b
Import the RSA support code. There shouldn't be any actual RSA
...
cryptography here.
2000-01-16 05:14:57 +00:00
kris
2e01efe7c1
This commit was generated by cvs2svn to compensate for changes in r56083,
...
which included commits to RCS files with non-trunk default branches.
2000-01-16 05:14:57 +00:00
kris
f389ea9752
Fix for missing symbol in -DRSAref case.
2000-01-16 04:45:18 +00:00
kris
728ac76565
Fix breakage when NO_RSA specified.
...
Reviewed by: Ben Laurie <ben@openssl.org>
2000-01-14 05:24:08 +00:00
kris
168e054f17
Zap NO_IDEA
2000-01-10 06:28:04 +00:00
cvs2svn
06e3860a5c
This commit was manufactured by cvs2svn to create branch
...
'VENDOR-crypto-openssl'.
2000-01-10 06:27:13 +00:00
kris
4203a050f6
List of files to nuke prior to import.
2000-01-10 06:27:12 +00:00
kris
2e467dc342
Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent
...
infringement reasons.
2000-01-10 06:22:05 +00:00
kris
ebe7c1ce23
This commit was generated by cvs2svn to compensate for changes in r55714,
...
which included commits to RCS files with non-trunk default branches.
2000-01-10 06:22:05 +00:00
kris
b8e601b240
Zap the IDEA stuff - it's patented internationally (at least in some
...
places), and we don't want people to get in trouble just for having it.
2000-01-10 05:36:35 +00:00
markm
4ecbd6db44
Import KTH Heimdal, which will be the core of our Kerberos5.
...
Userland to follow.
2000-01-09 20:58:00 +00:00
markm
5f68254a36
This commit was generated by cvs2svn to compensate for changes in r55682,
...
which included commits to RCS files with non-trunk default branches.
2000-01-09 20:58:00 +00:00
markm
469413f558
Fix path.
2000-01-09 13:52:56 +00:00
markm
3b8aea4be2
resolve conflicts.
2000-01-09 08:53:35 +00:00
markm
ca616c603d
Clean import of KTH Kerberos (eBones) v1.0.
2000-01-09 08:31:47 +00:00
markm
6ae78a5389
This commit was generated by cvs2svn to compensate for changes in r55643,
...
which included commits to RCS files with non-trunk default branches.
2000-01-09 08:31:47 +00:00
green
8b8214b6d3
Upgrade to the pam_ssh module, version 1.1..
...
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used. XDM and its variants
should now work without modification. Note that the new code uses
the macros in <sys/queue.h>.
Submitted by: Andrew J. Korty <ajk@iu.edu>
1999-12-28 05:32:54 +00:00
kris
e829abb179
Initial import of OpenSSL v0.9.4
1999-12-25 16:37:36 +00:00
kris
4562f83d3b
This commit was generated by cvs2svn to compensate for changes in r55099,
...
which included commits to RCS files with non-trunk default branches.
1999-12-25 16:37:36 +00:00
green
bcc4466e40
Add the PAM SSH RSA key authentication module. For example, you can add,
...
"login auth sufficient pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)
PR: 15158
Submitted by: Andrew J. Korty <ajk@waterspout.com>
Reviewed by: obrien
1999-11-29 07:09:44 +00:00
markm
7df5ada37c
Merge anf fix for build.
1999-09-19 21:56:09 +00:00
markm
fe83e8abf3
Clean import of KTH krb4-0.10.1.
1999-09-19 14:19:32 +00:00
markm
c171f3b182
This commit was generated by cvs2svn to compensate for changes in r51415,
...
which included commits to RCS files with non-trunk default branches.
1999-09-19 14:19:32 +00:00
markm
4f947d680a
Big OpenSSL/KTH/FreeBSD merge, badly poisoned by $FreeBSD$'s.
1999-09-19 13:04:49 +00:00
markm
69cafd82fe
This commit was generated by cvs2svn to compensate for changes in r50894,
...
which included commits to RCS files with non-trunk default branches.
1999-09-04 12:45:43 +00:00
markm
aebb972b81
Vendor import EAY's LIBSSL to fix comments, etc.
1999-09-04 12:45:43 +00:00
markm
101cc573f4
Add macro originally provided externally.
1999-09-04 11:06:07 +00:00
markm
a00f78e661
Add includes to to silence warnings. Bit hackish.
1999-09-04 11:03:01 +00:00
markm
d7d8526858
Add some includes to shut up warnings.
1999-09-04 10:46:27 +00:00
markm
145a94070b
Drat. Import this into the right place. Pass me the pointy hat.
1999-09-01 19:59:25 +00:00
markm
3083434d3d
This commit was generated by cvs2svn to compensate for changes in r50760,
...
which included commits to RCS files with non-trunk default branches.
1999-09-01 19:59:25 +00:00
markm
05435ef431
Termcap header no longer needed.
1999-09-01 18:57:38 +00:00
peter
efabb9ccb1
$Id$ -> $FreeBSD$
1999-08-28 01:35:59 +00:00
markm
43201bf2b8
Add virtual MAINTAINER line.
1999-08-16 19:05:02 +00:00
nsayer
6cf65828c9
According to Mark Murray, Makefiles do not belong here. I guess we're
...
going to have to figure something else out.
1999-08-16 18:59:05 +00:00
nsayer
189690bcce
Add SRA authentication to src/crypto/telnet.
...
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.
SRA was originally developed at Texas A&M University.
This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).
SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.
1999-08-16 11:24:29 +00:00
nsayer
8528b2a710
Fix int function without return (make consistent with neighbors)
1999-08-16 02:15:29 +00:00
nik
668aec5d3d
Document the "skey" command in telnet(1).
...
PR: docs/12360
Submitted by: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime)
Nagged by: markm :-)
1999-07-30 21:24:03 +00:00
ru
c7b22dab8b
Merge from non-crypto version:
...
- "-N" option
- "-E" security fix
- "-s src_addr" option
Requested by: markm
1999-06-17 09:24:37 +00:00
brian
7670f1eab4
MF libexec/telnetd: Determine the host name using an array size of
...
MAXHOSTNAMELEN and call trimdomain() before implementing
the -u option.
1999-04-08 21:39:34 +00:00
brian
88f6c1a7e8
MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes.
1999-04-07 10:17:24 +00:00
brian
07625d3f4d
Use realhostname().
1999-04-06 23:35:21 +00:00
brian
290eeb0e06
MF src/libexec/telnetd: Verify the reverse DNS lookup
...
ala rlogind.
Suggested by: markm
1999-04-06 12:41:27 +00:00
peter
e133ecebec
Old stuff laying around: Don't use getstr which can conflict with some
...
curses/termcap/terminfo implementations and causes recursion.
1998-12-16 06:06:06 +00:00
peter
f3847d7306
Old stuff from a source tree: copy (verbatum) the code to expand the
...
%s/%m in the default /etc/gettytab.
1998-12-16 06:01:33 +00:00
gpalmer
be7570dbc1
Remove redundant decl. of time(). Causes problems on alpha
1998-09-01 15:17:28 +00:00
jdp
f731a1a207
Remove a work-around for an assembler bug that has been fixed since
...
April, 1997. The work-around causes problems under ELF.
1998-08-31 20:01:48 +00:00
markm
0503689f0a
Fix nasty typo that randomly caused kinit to not properly deduce the
...
user's username when this was not specified.
Reported by: Sean Eric Fagan
1998-03-29 07:27:43 +00:00
markm
3513ffecbf
Make the ticket filename the same as for our old eBones. I am going to
...
kerberize xdm again, and it will be a pain to maintain two different
sets of patches (for 2.2 and 3.0).
1998-02-16 12:39:25 +00:00
markm
765f216743
Bring back the old behaviour of kinit; if no username is mentioned on
...
the command line, attempt to get a ticket for the current uid (or
<uid>.root if we are already su'ed).
Requested By: Garrett Wollman
1998-02-16 12:36:49 +00:00
imp
7d01b0b30c
MFC: sprintf paranoia
1998-01-22 00:04:57 +00:00
charnier
25d74465e2
MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3).
1997-12-08 07:41:13 +00:00
markm
6026327fe6
kinit(1) and its man page do not agre on what is reported with -v. Fix this.
...
Submitted by: Sheldon Hearn.
1997-11-25 21:12:37 +00:00
uhclem
e9a0f249e7
PR: bin/771 and bin/1037 are resolved by this change
...
This change changes the default handling of linemode so that older and/or
stupider telnet clients can still get wakeup characters like <ESC> and
<CTRL>D to work correctly multiple times on the same line, as in csh
"set filec" operations. It also causes CR and LF characters to be read by
apps in certain terminal modes consistently, as opposed to returning
CR sometimes and LF sometimes, which broke existing apps. The change
was shown to fix the problem demonstrated in the FreeBSD telnet client,
along with the telnet client in Solaris, SCO, Windows '95 & NT, DEC OSF,
NCSA, and others.
A similar change was incorporated in the non-crypto version of telnetd.
This resolves bin/771 and bin/1037.
1997-10-08 03:14:34 +00:00
wosch
8ee659dd96
Sort cross refereces in section SEE ALSO.
1997-09-29 19:11:55 +00:00
markm
00501fb8d7
FreeBSD's original passwd helper is needed here.
1997-09-21 17:37:08 +00:00
markm
cd2a6be22c
Bring the FreeBSD changes to the virgin sources.
1997-09-07 07:02:53 +00:00
markm
d1685a9fcc
FreeBSD specific schanges - mainly religious issues about where to put
...
stuff.
1997-09-04 21:37:57 +00:00
markm
21c65d62af
This commit was generated by cvs2svn to compensate for changes in r29088,
...
which included commits to RCS files with non-trunk default branches.
1997-09-04 06:11:16 +00:00
markm
2ea49f693f
Initial import of BSD telnet. This will be used to build the kerberised
...
telnet, and after userland diffs have been merged in, will be used to
build the non-kerberised sources as well. (See unifdef(1) for details)
1997-09-04 06:11:16 +00:00
markm
a8a89cfaf9
Initial import of KTH eBones. This has been cleaned up to only include
...
the "core" Kerberos functionality. The rest of the userland will get their
own changes later.
1997-09-04 06:04:33 +00:00
markm
5a800c893f
This commit was generated by cvs2svn to compensate for changes in r29085,
...
which included commits to RCS files with non-trunk default branches.
1997-09-04 06:04:33 +00:00
markm
fe8101c086
Bring in the Starter files for the contrib-crypto dir.
...
I am not going to commit anything to this area for a few days.
This is because
1) I want everyone to be DARN sure there is no export of crypto
that may get our USA friends it trouble.
2) I have been asked by the folk developing KTH-eBones to hold off
for their new release.
Worked with: rkw, jdp
CVS:
CVS:
1997-05-03 09:16:07 +00:00