nsayer
e25576d211
Make the PAM user-override actually override the correect thing.
2001-05-17 16:28:11 +00:00
peter
fdd845cf6b
Fix the latest telnet breakage. Obviously this was never compiled.
2001-05-17 03:13:00 +00:00
nsayer
02a47b1303
Make sure the protocol actively rejects bad data rather than
...
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
nsayer
280add2b35
srandomdev() affords us the opportunity to radically improve, and at the
...
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
nsayer
ca01fb27dc
Catch any attempted buffer overflows. The magic numbers in this code
...
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.
Submitted by: kris
2001-05-16 18:27:09 +00:00
nsayer
ce94eedfd7
Catch malloc return failures. This should help avoid dereferencing NULL on
...
low-memory situations.
Submitted by: kris
2001-05-16 18:17:55 +00:00
nsayer
2bdf180df8
If the uid of the attempted authentication is 0 and if the pty is
...
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
nsayer
b47830be3e
Pointy hat fix -- reapply the SRA PAM patch. To -current this time.
2001-05-07 20:42:02 +00:00
nsayer
392858ffd3
Fix core noted in -stable with 'auth disable SRA'.
...
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
peter
e2062d0bd5
Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
2000-07-16 05:48:49 +00:00
nsayer
f0ebc4fdd1
Fix 'telnet -X sra' coredump
...
PR# 19835
2000-07-11 15:04:05 +00:00
kris
a5aaf7609c
Don't call printf with no format string.
2000-07-10 05:16:59 +00:00
markm
2cbf93e2b4
Get crypto from libcrypto, not libdes.
2000-02-24 19:28:31 +00:00
nsayer
6cf65828c9
According to Mark Murray, Makefiles do not belong here. I guess we're
...
going to have to figure something else out.
1999-08-16 18:59:05 +00:00
nsayer
189690bcce
Add SRA authentication to src/crypto/telnet.
...
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.
SRA was originally developed at Texas A&M University.
This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).
SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.
1999-08-16 11:24:29 +00:00
peter
e133ecebec
Old stuff laying around: Don't use getstr which can conflict with some
...
curses/termcap/terminfo implementations and causes recursion.
1998-12-16 06:06:06 +00:00
markm
cd2a6be22c
Bring the FreeBSD changes to the virgin sources.
1997-09-07 07:02:53 +00:00
markm
2ea49f693f
Initial import of BSD telnet. This will be used to build the kerberised
...
telnet, and after userland diffs have been merged in, will be used to
build the non-kerberised sources as well. (See unifdef(1) for details)
1997-09-04 06:11:16 +00:00