Commit Graph

18 Commits

Author SHA1 Message Date
nsayer
e25576d211 Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
peter
fdd845cf6b Fix the latest telnet breakage. Obviously this was never compiled. 2001-05-17 03:13:00 +00:00
nsayer
02a47b1303 Make sure the protocol actively rejects bad data rather than
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
nsayer
280add2b35 srandomdev() affords us the opportunity to radically improve, and at the
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
nsayer
ca01fb27dc Catch any attempted buffer overflows. The magic numbers in this code
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
2001-05-16 18:27:09 +00:00
nsayer
ce94eedfd7 Catch malloc return failures. This should help avoid dereferencing NULL on
low-memory situations.

Submitted by:	kris
2001-05-16 18:17:55 +00:00
nsayer
2bdf180df8 If the uid of the attempted authentication is 0 and if the pty is
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
nsayer
b47830be3e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
nsayer
392858ffd3 Fix core noted in -stable with 'auth disable SRA'.
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
peter
e2062d0bd5 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
nsayer
f0ebc4fdd1 Fix 'telnet -X sra' coredump
PR# 19835
2000-07-11 15:04:05 +00:00
kris
a5aaf7609c Don't call printf with no format string. 2000-07-10 05:16:59 +00:00
markm
2cbf93e2b4 Get crypto from libcrypto, not libdes. 2000-02-24 19:28:31 +00:00
nsayer
6cf65828c9 According to Mark Murray, Makefiles do not belong here. I guess we're
going to have to figure something else out.
1999-08-16 18:59:05 +00:00
nsayer
189690bcce Add SRA authentication to src/crypto/telnet.
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.

SRA was originally developed at Texas A&M University.

This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).

SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.
1999-08-16 11:24:29 +00:00
peter
e133ecebec Old stuff laying around: Don't use getstr which can conflict with some
curses/termcap/terminfo implementations and causes recursion.
1998-12-16 06:06:06 +00:00
markm
cd2a6be22c Bring the FreeBSD changes to the virgin sources. 1997-09-07 07:02:53 +00:00
markm
2ea49f693f Initial import of BSD telnet. This will be used to build the kerberised
telnet, and after userland diffs have been merged in, will be used to
build the non-kerberised sources as well. (See unifdef(1) for details)
1997-09-04 06:11:16 +00:00