joe
dc42ef0264
Additional corrections to OpenSSH buffer handling.
...
Obtained from: openssh.org
Originally committed to head by: nectar
2003-09-26 19:15:53 +00:00
joe
62fcef3496
This commit was generated by cvs2svn to compensate for changes in r120489,
...
which included commits to RCS files with non-trunk default branches.
2003-09-26 19:15:53 +00:00
joe
175ed5a6e4
Additional corrections to OpenSSH buffer handling.
...
Obtained from: openssh.org
Originally committed to head by: nectar
2003-09-26 19:15:53 +00:00
des
0b9dcf3092
Update version string.
2003-09-24 19:20:23 +00:00
des
202ae7da6f
Remove bogus calls to xfree().
2003-09-24 19:11:52 +00:00
des
7ddad9d4af
resp is a pointer to an array of structs, not an array of pointers to structs.
2003-09-24 18:26:29 +00:00
des
005a1d4afd
Return the correct error value when a null query fails.
2003-09-24 18:24:27 +00:00
des
21906911ce
Fix broken shell code.
2003-09-19 11:29:51 +00:00
nectar
0689a1c0d3
Correct more cases of allocation size bookkeeping being updated before
...
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
2003-09-17 14:36:14 +00:00
nectar
441fabb06e
This commit was generated by cvs2svn to compensate for changes in r120161,
...
which included commits to RCS files with non-trunk default branches.
2003-09-17 14:36:14 +00:00
nectar
bacf67e6ca
Correct more cases of allocation size bookkeeping being updated before
...
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
2003-09-17 14:36:14 +00:00
nectar
359ce984aa
Update the OpenSSH addendum string for the buffer handling fix.
2003-09-16 14:33:04 +00:00
nectar
8cd211c561
Do not record expanded size before attempting to reallocate associated
...
memory.
Obtained from: OpenBSD
2003-09-16 06:11:58 +00:00
nectar
ff50ba9baf
This commit was generated by cvs2svn to compensate for changes in r120113,
...
which included commits to RCS files with non-trunk default branches.
2003-09-16 06:11:58 +00:00
markm
d6aec2b6d6
Very big makeover in the way telnet, telnetd and libtelnet are built.
...
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".
As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).
Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
des
7fc179286a
Add a "return" that was missing from 3.6.1p1. Since it's been fixed in
...
the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.
2003-06-24 19:30:44 +00:00
des
270ae60a45
This commit was generated by cvs2svn to compensate for changes in r116791,
...
which included commits to RCS files with non-trunk default branches.
2003-06-24 19:30:44 +00:00
des
108403d091
Fix off-by-one and initialization errors which prevented sshd from
...
restarting when sent a SIGHUP.
Submitted by: tegge
Approved by: re (jhb)
2003-05-28 19:39:33 +00:00
des
e0263bb5ea
Revert unnecessary part of previous commit.
2003-05-13 10:18:49 +00:00
des
ab070fe748
Rename a few functions to avoid stealing common words (error, log, debug
...
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.
Approved by: re (rwatson)
2003-05-12 19:22:47 +00:00
markm
141dcc06d3
Fix up external variables named "debug" that have a horrible habit
...
of conflicting with other, similarly named functions in static
libraries. This is done mostly by renaming the var if it is shared
amongst modules, or making it static otherwise.
OK'ed by: re(scottl)
2003-05-11 18:17:00 +00:00
obrien
c3792f8bd9
Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.
2003-05-04 02:54:49 +00:00
des
8a5b06b8e0
Remove RCSID from files which have no other diffs to the vendor branch.
2003-05-01 15:05:43 +00:00
des
a4b5e84c1c
Nit.
2003-04-23 17:23:06 +00:00
des
471d81d867
Improvements to the proposed shell code.
2003-04-23 17:21:55 +00:00
des
5e9cbb7bff
Regenerate.
2003-04-23 17:21:27 +00:00
des
58b9db3b6f
Resolve conflicts.
2003-04-23 17:13:13 +00:00
des
85b37b9574
Vendor import of OpenSSH-portable 3.6.1p1.
2003-04-23 16:53:02 +00:00
des
6d34992e86
This commit was generated by cvs2svn to compensate for changes in r113908,
...
which included commits to RCS files with non-trunk default branches.
2003-04-23 16:53:02 +00:00
des
39ecd8ace7
- when using a child process instead of a thread, change the child's
...
name to reflect its role
- try to handle expired passwords a little better
MFC after: 1 week
2003-03-31 13:48:18 +00:00
des
2f9a965fa9
If an ssh1 client initiated challenge-response authentication but did
...
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.
Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.
MFC after: 1 week
2003-03-31 13:45:36 +00:00
jedgar
ed812d3ac4
Merge conflicts
2003-03-20 20:56:03 +00:00
jedgar
5d79b842c1
Enable RSA blinding by default.
...
http://www.openssl.org/news/secadv_20030317.txt
2003-03-20 20:44:11 +00:00
jedgar
ad2b755e27
This commit was generated by cvs2svn to compensate for changes in r112439,
...
which included commits to RCS files with non-trunk default branches.
2003-03-20 20:41:45 +00:00
jedgar
5514cd4987
Import of PKCS #1 security fix.
...
http://www.openssl.org/news/secadv_20030319.txt
2003-03-20 20:41:45 +00:00
markm
508deb59f8
KerberosIV deorbit sequence: Re-entry. Thank you, faithful friend.
...
Enjoy your retirement in ports.
2003-03-08 12:55:48 +00:00
nectar
c4f823a8ba
Unbreak Kerberos 5 authentication in telnet.
...
(Credential forwarding is still broken.)
PR: bin/45397
2003-03-06 13:41:53 +00:00
nectar
0fee824237
Resolve conflicts after import of OpenSSL 0.9.7a.
2003-02-19 23:24:16 +00:00
nectar
6c9986c446
Vendor import of OpenSSL 0.9.7a.
2003-02-19 23:17:42 +00:00
nectar
21bb0e5fa9
This commit was generated by cvs2svn to compensate for changes in r111147,
...
which included commits to RCS files with non-trunk default branches.
2003-02-19 23:17:42 +00:00
des
fc3e30fe3b
Paranoia: instead of a NULL conversation function, use one that always
...
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.
MFC after: 3 days
2003-02-16 11:03:55 +00:00
nectar
d91a03aab2
When `des_read_pw_string' is a macro, as in OpenSSL 0.9.7,
...
an attempt to declare a prototype for it will croak.
2003-02-14 14:37:26 +00:00
des
f4ca4d4385
document the current default value for VersionAddendum.
2003-02-11 12:11:15 +00:00
des
a6e843c458
Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
...
MFC after: 3 days
2003-02-07 15:48:27 +00:00
trhodes
914d9fc8a8
The manual page lists only 2 files, however it reads as `three files' which is
...
obviously incorrect.
PR: 46841
Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
2003-02-05 02:14:03 +00:00
des
b9730314a0
Linux-PAM's pam_start(3) fails with a bogus error message if passed the
...
pam_conv argument is NULL. OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.
Pointed out by: Damien Miller <djm@mindrot.org>
2003-02-03 14:10:28 +00:00
des
8da928f615
Bump patch date to 2003-02-01 (the day after I fixed PAM authentication
...
for ssh1)
2003-02-03 11:11:36 +00:00
des
a428b35290
Fix keyboard-interactive authentication for ssh1. The problem was twofold:
...
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
2003-01-31 11:08:07 +00:00
nectar
637cc179f5
Background:
...
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.
2003-01-29 18:14:29 +00:00
nectar
b6c07e9a21
= Fix a bug in UI_UTIL_read_pw's error handling that caused
...
des_read_pw_string to break (and thus rather mysteriously
breaking utilities such as kinit).
= Enable the BSD /dev/crypto interface.
(These changes are being imported on the vendor branch, as they have
already been accepted and committed to the OpenSSL CVS repository.)
2003-01-29 02:25:30 +00:00
nectar
e99b3c8426
This commit was generated by cvs2svn to compensate for changes in r110018,
...
which included commits to RCS files with non-trunk default branches.
2003-01-29 02:25:30 +00:00
markm
3f245d6325
Merge conflicts.
...
This is cunning doublespeak for "use vendor code".
2003-01-28 22:34:21 +00:00
markm
ad7148cc98
Remove files no longer on OpenSSL 0.9.7. crypto/des/rnd_keys.c is
...
retained as it is still used.
2003-01-28 22:12:30 +00:00
markm
aad1d64cb5
Vendor import of OpenSSL release 0.9.7. This release includes
...
support for AES and OpenBSD's hardware crypto.
2003-01-28 21:43:22 +00:00
markm
33af127a88
This commit was generated by cvs2svn to compensate for changes in r109998,
...
which included commits to RCS files with non-trunk default branches.
2003-01-28 21:43:22 +00:00
nectar
4bcab33bf9
Make the Kerberos 4 bits build against OpenSSL 0.9.7. This required
...
two basic changes (both of which should be no-ops until OpenSSL 0.9.7
is imported):
= Define OPENSSL_DES_LIBDES_COMPATIBILITY wherever we include
openssl/des.h.
= Spell `struct des_ks_struct []' using the existing
`des_key_schedule' typedef.
When OpenSSL 0.9.7 is imported, `des_key_schedule' (among other
things) will be a macro invocation instead of a typedef, and things
should `just work'.
Yes, this commit does take several files off the vendor branch.
I do not expect there to be future imports of KTH Kerberos 4.
2003-01-28 20:18:26 +00:00
des
d37413d05a
Force early initialization of the resolver library, since the resolver
...
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days
2003-01-22 14:12:59 +00:00
nectar
12eb3dee85
Add a missing include, needed to get a prototype for `des_read_pw_string'.
...
This is particularly important for OpenSSL 0.9.7, as `des_read_pw_string'
is a macro there. (This fix brought in on the vendor branch, because I
already committed it to Heimdal's CVS.)
2003-01-21 14:19:06 +00:00
nectar
d729ef0795
This commit was generated by cvs2svn to compensate for changes in r109641,
...
which included commits to RCS files with non-trunk default branches.
2003-01-21 14:19:06 +00:00
billf
75d164a3d8
add more RFC defined telnet options
...
Reviewed by: ps
2003-01-18 06:10:21 +00:00
des
a9741e060a
The previous commit contained a stupid mistake: ctxt->pam_[cp]sock was
...
initialized after the call to pthread_create() instead of before. It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
2002-12-21 15:09:58 +00:00
des
06b0ce4f65
If possible, use pthreads instead of a child process for PAM.
...
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread. If
a child process is used instead, they will (necessarily) use a separate
context.
Constify do_pam_account() and do_pam_session().
Sponsored by: DARPA, NAI Labs
2002-12-14 13:52:39 +00:00
des
b6985eb271
Add a missing #include "canohost.h".
2002-12-14 13:48:47 +00:00
des
a46b8cda04
Remove code related to the PAMAuthenticationViaKbdInt option (which we've
...
disabled). This removes the only reference to auth2_pam().
2002-12-14 13:48:13 +00:00
des
9f8ff3709f
Back out a lastlog-related change which is no longer relevant.
2002-12-14 13:40:21 +00:00
des
bb06b52b06
Fix a rounding error in the block size calculation.
...
Submitted by: tjr
2002-12-14 13:38:49 +00:00
des
81fe169630
Since OpenSSH drops privileges before calling pam_open_session(3),
...
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.
Approved by: re (rwatson)
2002-12-03 15:48:11 +00:00
eric
7153bb5d55
Merge argument parsing changes into this copy of telnet.
...
Submitted by: markm
Approved by: bmah
2002-11-27 06:34:24 +00:00
nectar
1abd325d28
Import of Heimdal 0.5.1.
...
Approved by: re
2002-11-24 20:59:25 +00:00
nectar
d13cd487f6
This commit was generated by cvs2svn to compensate for changes in r107207,
...
which included commits to RCS files with non-trunk default branches.
2002-11-24 20:59:25 +00:00
des
66bd92dc49
Add caveats regarding the effect of PAM on PasswordAuthentication and
...
PermitRootLogin.
PR: docs/43776
MFC after: 1 week
2002-11-06 08:04:56 +00:00
des
398f2c44aa
Document the current default for VersionAddendum.
2002-11-05 17:25:15 +00:00
des
b0ec3f5077
Accurately reflect our local changes and additions.
2002-11-05 17:24:01 +00:00
des
e08b64e978
Document the current default value for VersionAddendum.
2002-11-05 17:17:09 +00:00
des
d6d0eadd15
Switch to two-clause license, with NAI's permission.
2002-11-02 19:55:23 +00:00
des
279b0fa809
Resolve conflicts.
2002-10-29 10:16:02 +00:00
des
ce26c10eda
Protect against tag expansion + fix some brainos.
2002-10-29 10:12:51 +00:00
des
4d499f34f8
Some tricks I use when I upgrade.
2002-10-29 09:56:16 +00:00
des
9f3147578a
Correct shell code to expand globs in FREEBSD-Xlist
2002-10-29 09:55:28 +00:00
des
b057cae3d7
More cruft.
2002-10-29 09:54:53 +00:00
des
099d1a58f7
Vendor import of OpenSSH-portable 3.5p1.
2002-10-29 09:43:00 +00:00
des
85f71815b9
This commit was generated by cvs2svn to compensate for changes in r106121,
...
which included commits to RCS files with non-trunk default branches.
2002-10-29 09:43:00 +00:00
assar
36fdd564c7
This commit was generated by cvs2svn to compensate for changes in r105765,
...
which included commits to RCS files with non-trunk default branches.
2002-10-23 06:10:08 +00:00
assar
1b79516e3f
import 1.29 to fix buffer overflow:
...
check the length of the authenticator and rlen
Obtained from: Heimdal CVS
2002-10-23 06:10:08 +00:00
assar
3d945415d6
import 1.27 to fix buffer overflow:
...
check size of rlen
Obtained from: Heimdal CVS
2002-10-22 02:13:32 +00:00
assar
4e7f1e8a5d
This commit was generated by cvs2svn to compensate for changes in r105672,
...
which included commits to RCS files with non-trunk default branches.
2002-10-22 02:13:32 +00:00
dd
f5801700f4
Permit the argument to the -s option to be a hostname. I see no
...
reason to restrict this to a numeric address.
PR: 41841
Submitted by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>,
Maxim Maximov <mcsi@agava.com>
2002-10-02 00:27:14 +00:00
nectar
93b309dcff
Fix an annoying bug that causes a spurious error message when changing
...
passwords, even when the operation actually succeeded.
% k5passwd
luser@REA.LM's Password: **************
New password: **************
Verifying password - New password: **************
k5passwd: krb5_change_password: unable to reach any changepw server in realm REA.LM
[In reality, the password was changed.]
Obtained from: Heimdal CVS
2002-09-30 11:48:23 +00:00
nectar
5a5cffa0bd
This commit was generated by cvs2svn to compensate for changes in r104204,
...
which included commits to RCS files with non-trunk default branches.
2002-09-30 11:48:23 +00:00
markm
7a2e60f0e3
Catch up with "base" telnet.
...
s/FALL THROUGH/FALLTHROUGH/ for lint(1).
2002-09-25 07:28:04 +00:00
markm
0ec9e3f996
Catch up with "base" telnet.
...
s/FALL THROUGH/FALLTHROUGH/ for lint(1).
s/Usage/usage/ for consistency.
2002-09-25 07:26:25 +00:00
markm
8466db9d92
From the requestor:
...
"Could you do me a favor and fix sys_bsd.c to get the howmany() macro
from <sys/param.h>, instead of <sys/types.h>? This will save me from
having to worry about the unsync'd bits before making the change."
Requested by: mike
2002-09-25 07:24:01 +00:00
nectar
7458827ad1
These RFCs and internet-drafts are not really needed in the base
...
system, and I've not been importing them lately. cvs rm them now
so they can be cleaned out of the attic later.
Requested by: obrien
2002-09-18 14:17:14 +00:00
nectar
ed53d8e233
Resolve conflicts.
2002-09-16 21:07:11 +00:00
nectar
8707f88659
Import of Heimdal Kerberos from KTH repository circa 2002/09/16.
2002-09-16 21:04:40 +00:00
nectar
a876cfedd8
This commit was generated by cvs2svn to compensate for changes in r103423,
...
which included commits to RCS files with non-trunk default branches.
2002-09-16 21:04:40 +00:00
ume
03b3b78217
sshd didn't handle actual size of struct sockaddr correctly,
...
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.
Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days
2002-09-09 16:49:11 +00:00
kuriyama
aae5a5f01d
Fix typo (s@src/crypto/openssh-portable@src/crypto/openssh@).
2002-09-09 02:00:28 +00:00
nectar
7817fdfb01
Pass the pointy hat! Remove accidently imported files.
2002-08-30 21:53:25 +00:00
nectar
d2a1eec363
Remove some parts of the Heimdal distribution which we do not use
...
and have never used.
2002-08-30 21:37:10 +00:00
nectar
0816241251
Remove files no longer relevant after latest import.
2002-08-30 21:28:12 +00:00
nectar
d397dcfbc0
Resolve conflicts after import of Heimdal Kerberos circa 2002/08/29.
2002-08-30 21:25:14 +00:00
nectar
a77dba08ca
Import of Heimdal Kerberos from KTH repository circa 2002/08/29.
2002-08-30 21:23:27 +00:00
nectar
820d4243ea
This commit was generated by cvs2svn to compensate for changes in r102644,
...
which included commits to RCS files with non-trunk default branches.
2002-08-30 21:23:27 +00:00
nsayer
3781c72cd9
Encrypted strings (after hex decoding) aren't null terminated, because
...
0 might simply be part of the ciphertext.
PR: bin/40266
Submitted by: andr@dgap.mipt.ru
MFC after: 3 days
2002-08-22 06:19:07 +00:00
nectar
f779e835e5
Resolve conflicts.
2002-08-10 01:50:50 +00:00
nectar
eba366e36e
Import of OpenSSL 0.9.6g.
2002-08-10 01:48:01 +00:00
nectar
fdead658fb
This commit was generated by cvs2svn to compensate for changes in r101618,
...
which included commits to RCS files with non-trunk default branches.
2002-08-10 01:48:01 +00:00
nectar
c99c2264cb
Import of OpenSSL 0.9.6f.
2002-08-10 01:46:10 +00:00
nectar
45bf128dcc
This commit was generated by cvs2svn to compensate for changes in r101615,
...
which included commits to RCS files with non-trunk default branches.
2002-08-10 01:46:10 +00:00
nectar
c48e8e3d25
Import of OpenSSL 0.9.6f.
2002-08-10 01:40:00 +00:00
nectar
15e4ff204e
This commit was generated by cvs2svn to compensate for changes in r101613,
...
which included commits to RCS files with non-trunk default branches.
2002-08-10 01:40:00 +00:00
nectar
2836f6786d
Correct a bug in the ASN.1 decoder which was introduced with the
...
recent OpenSSL update.
Obtained from: OpenSSL CVS
2002-08-05 16:25:17 +00:00
nectar
5a59c1aa36
This commit was generated by cvs2svn to compensate for changes in r101386,
...
which included commits to RCS files with non-trunk default branches.
2002-08-05 16:25:17 +00:00
ache
15b8a90686
Do login cap calls _before_ descriptors are hardly closed because close may
...
invalidate login cap descriptor.
Reviewed by: des
2002-08-05 16:06:35 +00:00
nectar
9b13f71fee
Resolve conflicts after import of OpenSSL 0.9.6e.
2002-07-30 13:58:53 +00:00
nectar
2f13e09165
Import of OpenSSL 0.9.6e.
2002-07-30 13:38:06 +00:00
nectar
9b2d850453
This commit was generated by cvs2svn to compensate for changes in r100936,
...
which included commits to RCS files with non-trunk default branches.
2002-07-30 13:38:06 +00:00
nectar
7515065745
This man page has not been referenced by anything for a while,
...
and is not part of the OpenSSL distribution. Remove it.
2002-07-30 12:54:03 +00:00
nectar
0518ae8674
Remove many obsolete files. The majority of these are simply no
...
longer included as part of the OpenSSL distribution. However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.
2002-07-30 12:51:09 +00:00
nectar
8b62a95bfc
Resolve conflicts after import of OpenSSL 0.9.6d.
2002-07-30 12:46:49 +00:00
nectar
0aed2eea83
Import of OpenSSL 0.9.6d.
2002-07-30 12:44:15 +00:00
nectar
050218e0d0
This commit was generated by cvs2svn to compensate for changes in r100928,
...
which included commits to RCS files with non-trunk default branches.
2002-07-30 12:44:15 +00:00
nectar
ef94fba97d
Update list of files to remove prior to import of OpenSSL 0.9.6d
2002-07-30 12:38:41 +00:00
fanf
1ae0b432fe
Use login_getpwclass() instead of login_getclass() so that the root
...
vs. default login class distinction is made correctly.
PR: 37416
Approved by: des
MFC after: 4 days
2002-07-29 00:36:24 +00:00
fanf
b26a01d35d
FreeBSD doesn't use the host RSA key by default.
...
Reviewed by: des
2002-07-26 15:16:56 +00:00
ache
57a3dbab09
Problems addressed:
...
1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.
Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)
2002-07-26 02:20:00 +00:00
fanf
8e466364e9
Document the FreeBSD default for CheckHostIP, which was changed in
...
rev 1.2 of readconf.c.
Approved by: des
2002-07-25 15:59:40 +00:00
des
0aa82e6d90
Whitespace nit.
2002-07-23 17:57:17 +00:00
des
5aaa4a883f
In pam_init_ctx(), register a cleanup function that will kill the child
...
process if a fatal error occurs. Deregister it in pam_free_ctx().
2002-07-17 17:44:02 +00:00
des
71869d2ebd
Use realhostname_sa(3) so the IP address will be used instead of the
...
hostname if the latter is too long for utmp.
Submitted by: ru
MFC after: 3 days
2002-07-11 10:36:10 +00:00
des
ed67e10a93
Do not try to use PAM for password authentication, as it is
...
already (and far better) supported by the challenge/response
authentication mechanism.
2002-07-10 23:05:13 +00:00
des
1983859ac6
Don't forget to clear the buffer before reusing it.
2002-07-10 23:04:07 +00:00
des
ac9c3868c1
Rewrite to use the buffer API instead of roll-your-own messaging.
...
Suggested by: Markus Friedl <markus@openbsd.org>
Sponsored by: DARPA, NAI Labs
2002-07-05 15:27:26 +00:00
des
cd66807aa2
(forgot to commit) We don't need --with-opie since PAM takes care of it.
2002-07-05 15:25:55 +00:00
des
7e54a0bbed
- Don't enable OpenSSH's OPIE support, since we let PAM handle OPIE.
...
- We don't have setutent(3) etc., and I have no idea why configure ever
thought we did.
2002-07-03 00:12:09 +00:00
des
f450aaf037
Two FreeBSD-specific nits in comments:
...
- ChallengeResponseAuthentication controls PAM, not S/Key
- We don't honor PAMAuthenticationViaKbdInt, because the code path it
controls doesn't make sense for us, so don't mention it.
Sponsored by: DARPA, NAI Labs
2002-07-03 00:08:19 +00:00
des
e9db3343e8
Version bump for mm_answer_pam_respond() fix.
2002-07-02 13:07:37 +00:00
des
7523600be4
Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if
...
PAM authentication failed due to an incorrect response.
2002-07-02 13:07:17 +00:00
des
9cc7de0fcd
Forgot to update the addendum in the config files.
2002-06-30 10:32:09 +00:00
des
3cde2270d8
Regenerate.
2002-06-29 11:58:32 +00:00
des
437db953e0
<sys/mman.h> requires <sys/types.h>.
2002-06-29 11:57:51 +00:00
des
72a8e501f7
Resolve conflicts.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 11:48:59 +00:00
des
1ba793a7c0
Vendor import of OpenSSH 3.4p1.
2002-06-29 11:34:13 +00:00
des
96f831106b
This commit was generated by cvs2svn to compensate for changes in r99060,
...
which included commits to RCS files with non-trunk default branches.
2002-06-29 11:34:13 +00:00
des
1fe6eac54a
Commit config.h so we don't need autoconf to build world.
2002-06-29 11:31:02 +00:00
des
31ca40f6fa
OpenBSD lifted this code our tree. Preserve the original CVS id.
2002-06-29 11:25:20 +00:00
des
a1a5bcd8f6
Use our __RCSID().
2002-06-29 11:22:20 +00:00
des
f5c4526d2f
Make sure the environment variables set by setusercontext() are passed on
...
to the child process.
Reviewed by: ache
Sponsored by: DARPA, NAI Labs
2002-06-29 11:21:58 +00:00
des
eb9c7816d4
Canonicize the host name before looking it up in the host file.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:57:53 +00:00
des
c6ba2ba489
Apply class-imposed login restrictions.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:57:13 +00:00
des
3003a57dbb
PAM support, the FreeBSD way.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:56:23 +00:00
des
3f22fbc9c3
Document FreeBSD defaults.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:55:18 +00:00
des
3e4ef54c7b
Document FreeBSD defaults and paths.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:53:57 +00:00
des
10f0309f20
Remove duplicate.
2002-06-29 10:52:42 +00:00
des
2d6cae03f1
Apply FreeBSD's configuration defaults.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:51:56 +00:00
des
a56e989df5
Add the VersionAddendum configuration variable.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:49:57 +00:00
des
4d49e874a9
Support OPIE as an alternative to S/Key.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 10:44:37 +00:00
des
3aa72d2c55
Document the upgrade process.
2002-06-29 10:39:14 +00:00
des
4ff94afd20
Files we don't want to import.
2002-06-29 10:39:02 +00:00
des
5ba29faa04
Forcibly revert to mainline.
2002-06-27 22:42:11 +00:00
des
bb02848f18
Vendor import of OpenSSH 3.3p1.
2002-06-27 22:31:32 +00:00
des
0a08712215
This commit was generated by cvs2svn to compensate for changes in r98937,
...
which included commits to RCS files with non-trunk default branches.
2002-06-27 22:31:32 +00:00
markm
741591a6b4
Warnings fixes. Sort out some variable types.
2002-06-26 17:06:14 +00:00
markm
d999cc9a29
Help fix warnings by marking an argument as unused.
2002-06-26 17:05:08 +00:00
dinoex
fd860e7d16
remove declaration of authlog
...
use variable from_host
Reviewed by: des
2002-06-24 11:11:30 +00:00
des
4db40e9ca5
IPv4or6 is already defined in libssh.
2002-06-24 10:15:26 +00:00
des
2894284b2a
Resolve conflicts and document local changes.
2002-06-23 21:42:47 +00:00
des
5375a0a2ad
Correctly export the environment variables set by setusercontext().
...
Sponsored by: DARPA, NAI Labs
2002-06-23 20:22:49 +00:00
des
fa8aa6dfe7
Resolve conflicts. Known issues:
...
- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.
Sponsored by: DARPA, NAI Labs
2002-06-23 16:09:08 +00:00
des
610201f50f
Vendor import of OpenSSH 3.3.
2002-06-23 14:01:54 +00:00
des
0161794f0d
This commit was generated by cvs2svn to compensate for changes in r98675,
...
which included commits to RCS files with non-trunk default branches.
2002-06-23 14:01:54 +00:00
jmallett
afc38d0730
Don't risk catching a signal while handling a signal for a dying child, as we
...
can then end up not properly clearing wtmp/utmp entries.
PR: bin/37934
Submitted by: Sandeep Kumar <skumar@juniper.net>
Reviewed by: markm
MFC after: 2 weeks
2002-05-27 08:10:24 +00:00
jedgar
a679ebf88a
Remove _PATH_CP now that it is defined in paths.h
...
Reviewed by: des
2002-05-12 01:52:11 +00:00
alfred
ab796ae7fb
unbreak build:
...
commands.c, sys_bsd.c: comment out/remove junk after #endif/#else
network.c, terminal.c, utlities.c: include stdlib.h for exit(3)
2002-05-11 03:19:44 +00:00
des
a4d79fec60
Resurrect as an empty file to unbreak the build. We have everything we
...
need in paths.h.
2002-05-08 17:19:02 +00:00
markm
452e85175e
Fix an external declaration that was causing telnetd to core dump.
...
MFC after: 1 week
PR: 37766
2002-05-06 09:46:29 +00:00
obrien
0908b99eb0
Usual after-import fixup of SCM IDs.
2002-05-01 22:39:53 +00:00
des
ec4b7563a5
Back out previous commit.
2002-04-25 16:53:25 +00:00
jkh
04da61f7a8
Change default challenge/response behavior of sshd by popular demand.
...
This brings us into sync with the behavior of sshd on other Unix platforms.
Submitted by: Joshua Goodall <joshua@roughtrade.net>
2002-04-25 05:59:53 +00:00
ache
162e53dcfe
1) Proberly conditionalize PAM "last login" printout.
...
2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block,
narrow it down.
3) Don't check the same conditions twice (for "copyright" and "welcome"),
put them under single block.
4) Print \n between "copyright" and "welcome" as our login does.
Reviewed by: des (1)
2002-04-23 12:36:11 +00:00
des
ad8d1ef864
Don't report last login time in PAM case. (perforce change 10057)
...
Sponsored by: DARPA, NAI Labs
2002-04-22 06:26:29 +00:00
des
1a6399fa3b
Fix warnings + wait for child so it doesn't go zombie (perforce change 10122)
2002-04-22 06:25:13 +00:00
ache
ac2b640032
Move LOGIN_CAP calls before all file descriptors are closed hard, since some
...
descriptors may be used by LOGIN_CAP internally, add login_close().
Use "nocheckmail" LOGIN_CAP capability too like our login does.
2002-04-21 13:31:56 +00:00
ache
b8f64a3c9b
Fix TZ & TERM handling for use_login case of rev. 1.24
2002-04-20 09:56:10 +00:00
ache
a9f47835a0
1) Surprisingly, "CheckMail" handling code completely removed from this
...
version, so documented "CheckMail" option exists but does nothing.
Bring it back to life adding code back.
2) Cosmetique. Reduce number of args in do_setusercontext()
2002-04-20 09:26:43 +00:00
ache
4c135df5a2
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old
...
code merge.
2) In addition honor "timezone" and "term" capabilities from login.conf,
not overwrite them once they set (they are TZ and TERM variables).
2002-04-20 05:44:36 +00:00
ache
9cec8df7cf
Please repeat after me: setusercontext() modifies _current_ environment, but
...
sshd uses separate child_env. So, to make setusercontext() really does
something, environment must be switched before call and passed to child_env
back after it.
The error here was that modified environment not passed back to child_env,
so all variables that setusercontext() adds are lost, including ones from
~/.login_conf
2002-04-20 04:38:07 +00:00
des
67bfdd081a
Fix some warnings. Don't record logins twice in USE_PAM case. Strip
...
"/dev/" off the tty name before passing it to auth_ttyok or PAM.
Inspired by: dinoex
Sponsored by: DARPA, NAI Labs
2002-04-14 16:24:36 +00:00
des
0e80f55d44
Back out previous backout. It seems I was right to begin with, and DSA is
...
preferrable to RSA (not least because the SECSH draft standard requires
DSA while RSA is only recommended).
2002-04-12 15:52:10 +00:00
des
0264ee3296
Knowledgeable persons assure me that RSA is preferable to DSA and that we
...
should transition away from DSA.
2002-04-11 22:04:40 +00:00
des
d48b9c1d4a
Prefer DSA to RSA if both are available.
2002-04-11 16:08:48 +00:00
des
be2e00cce9
Do not attempt to load an ssh2 RSA host key by default.
2002-04-11 16:08:02 +00:00
ru
54bcb55671
Align for const poisoning in -lutil.
2002-04-08 11:07:51 +00:00
des
a3900e7d70
Nuke stale copy of the pam_ssh(8) source code.
2002-04-06 04:46:01 +00:00
des
a06ed407a7
Revert to vendor version, what little was left of our local patches here
...
was incorrect.
Pointed out by: Markus Friedl <markus@openbsd.org>
2002-04-02 23:07:31 +00:00
des
26f5df0f67
Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens
...
the version string to 28 characters, which is below the 40-character limit
specified in the proposed SECSH standard. Some servers, however (like the
one built into the Foundry BigIron line of switches) will hang when
confronted with a version string longer than 24 characters, so some users
may need to shorten it further.
Sponsored by: DARPA, NAI Labs
2002-04-02 21:53:54 +00:00
des
ac025bb036
Make the various ssh clients understand the VersionAddendum option.
...
Submitted by: pb
2002-04-02 21:48:51 +00:00
ru
065ea04bd8
Switch over to using pam_login_access(8) module in sshd(8).
...
(Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
2002-03-26 12:52:28 +00:00
nectar
6a3cd1f6ba
REALLY correct typo this time.
...
Noticed by: roam
2002-03-26 12:27:43 +00:00
nectar
8624a5ead1
Fix typo (missing paren) affecting KRB4 && KRB5 case.
...
Approved by: des
2002-03-25 14:55:41 +00:00
des
c379ca4071
We keep moduli(5) in /etc/ssh, not /etc.
2002-03-23 19:26:21 +00:00
des
0f9782fc45
Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.
...
Sponsored by: DARPA, NAI Labs
2002-03-21 12:55:21 +00:00
des
af3f1ef24c
Use the "sshd" service instead of "csshd". The latter was only needed
...
because of bugs (incorrect design decisions, actually) in Linux-PAM.
Sponsored by: DARPA, NAI Labs
2002-03-21 12:23:09 +00:00
cvs2svn
f58c4e7f5e
This commit was manufactured by cvs2svn to create branch
...
'VENDOR-crypto-openssh'.
2002-03-21 12:18:28 +00:00
des
cb58035239
Use PAM instead of S/Key (or OPIE) for SSH2.
...
Sponsored by: DARPA, NAI Labs
2002-03-21 12:18:27 +00:00
des
2e58ec0271
Note that portions of this software were
...
Sponsored by: DARPA, NAI Labs
2002-03-20 22:10:10 +00:00
des
8528b8bd57
- Change the prompt from "S/Key Password: " to "OPIE Password: "
...
- If the user doesn't have an OPIE key, don't challenge him. This is
a workaround until I get PAM to work properly with ssh2.
Sponsored by: DARPA, NAI Labs
2002-03-20 22:02:02 +00:00
des
2423fff46f
Unbreak for KRB4 ^ KRB5 case.
...
Sponsored by: DARPA, NAI Labs
2002-03-19 16:44:11 +00:00
des
0ddd6e4b65
Revive this file (which is used for opie rather than skey)
2002-03-18 10:31:33 +00:00
des
6534271ec8
Fix conflicts.
2002-03-18 10:09:43 +00:00
des
2fc4a48897
Vendor import of OpenSSH 3.1
2002-03-18 09:55:03 +00:00
des
ec85a15f0e
This commit was generated by cvs2svn to compensate for changes in r92555,
...
which included commits to RCS files with non-trunk default branches.
2002-03-18 09:55:03 +00:00
des
160859d708
Diff reduction.
...
Sponsored by: DARPA, NAI Labs
2002-03-16 08:03:48 +00:00
nectar
f2ed33b521
Update version string.
2002-03-07 14:36:28 +00:00
nectar
6ee5449e7c
Fix off-by-one error.
...
Obtained from: OpenBSD
2002-03-05 14:27:19 +00:00
green
445306ca92
Use login_getpwclass() instead of login_getclass() so that default
...
mapping of user login classes works.
Obtained from: TrustedBSD project
Sponsored by: DARPA, NAI Labs
2002-02-27 22:36:30 +00:00
nectar
63b64d9c11
Update build after import of Heimdal Kerberos 2002/02/17.
2002-02-19 15:53:33 +00:00
nectar
f4587696d6
Remove files that were dropped from Heimdal Kerberos 2002/02/17.
2002-02-19 15:51:09 +00:00
nectar
25f2aedbdd
Resolve conflicts after import of Heimdal Kerberos 2002/02/17.
2002-02-19 15:50:30 +00:00
nectar
69a91bec14
Import of Heimdal Kerberos from KTH repository circa 2002/02/17.
2002-02-19 15:46:56 +00:00
nectar
4691b92e66
This commit was generated by cvs2svn to compensate for changes in r90926,
...
which included commits to RCS files with non-trunk default branches.
2002-02-19 15:46:56 +00:00
sheldonh
81cc5956d9
Don't use non-signal-safe functions (exit(3) in this case) in
...
signal handlers. In this case, use _exit(2) instead, following
the call to shutdown(2).
This fixes rare telnetd hangs.
PR: misc/33672
Submitted by: Umesh Krishnaswamy <umesh@juniper.net>
MFC after: 1 month
2002-02-05 15:20:02 +00:00
kris
7b695f1ddd
Resolve conflicts.
2002-01-27 03:17:13 +00:00
kris
1f8c2aa176
Initial import of OpenSSL 0.9.6c
2002-01-27 03:13:07 +00:00
kris
0b3d98771f
This commit was generated by cvs2svn to compensate for changes in r89837,
...
which included commits to RCS files with non-trunk default branches.
2002-01-27 03:13:07 +00:00
ru
5307ecb83c
Make libssh.so useable (undefined reference to IPv4or6).
...
Reviewed by: des, markm
Approved by: markm
2002-01-23 15:06:47 +00:00
nectar
8db4cdb3da
Don't use getlogin() to determine whether we are root.
...
(Import of vendor fix.)
2002-01-15 19:25:55 +00:00
nectar
8d40c4c4ac
This commit was generated by cvs2svn to compensate for changes in r89402,
...
which included commits to RCS files with non-trunk default branches.
2002-01-15 19:25:55 +00:00
green
fe27adc46b
Fix a coredump bug occurring if ssh-keygen attempts to change the password
...
on a DSA key.
Submitted by: ian j hart <ianjhart@ntlworld.com>
2002-01-07 15:55:20 +00:00
ru
8c39ab0e40
mdoc(7) police: remove -r from SYNOPSIS, sort -p in DESCRIPTION.
2001-12-14 14:41:07 +00:00
jkh
fcc97a61ad
Don't assume that the number of fds to select on is known quantity (in
...
this case 16). Use dynamic FD_SETs and calculated high-water marks
throughout. There are also too many versions of telnet in the tree.
Obtained from: OpenBSD and Apple's Radar database
MFC after: 2 days
2001-12-09 09:53:27 +00:00
ru
dc891f7e3c
Fixed bugs from previous revision.
...
Removed -s from SYNOPSIS and restored -S in DESCRIPTION.
2001-12-04 16:02:36 +00:00
nectar
d69c342a45
Update version string since we applied a fix for the UseLogin issue.
2001-12-03 22:47:51 +00:00
jhay
06c2f4bca3
Protect variables and function prototypes that are only used in the INET6
...
case with an ifdef INET6.
This make the fixit floppy compile again.
Reviewed by: markm
2001-12-03 17:42:02 +00:00
markm
c7155665d1
More help for alpha WARNS=2. This code is, erm, unusual. Anyone who
...
feels like rewriting it will meet no objection from me.
2001-12-03 12:16:40 +00:00
markm
7138baa87d
help the alphas out with the WARNS=2 stuff.
2001-12-03 12:13:18 +00:00
nectar
b0b55f7f5f
Do not pass user-defined environmental variables to /usr/bin/login.
...
Obtained from: OpenBSD
Approved by: green
2001-12-03 00:51:47 +00:00
markm
4cff8701ff
Protect names that are used elsewhere. This fixes WARNS=2 breakage
...
in crypto telnet.
2001-12-01 18:48:36 +00:00
markm
14227a41e2
Damn. The previous mega-commit was incomplete WRT ANSIfication. This
...
fixes that.
2001-11-30 22:28:07 +00:00
markm
19fd256fae
Very large style makeover.
...
1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff
This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
dwmalone
9a6b4717f3
In the "UseLogin yes" case we need env to be NULL to make sure it
...
will be correctly initialised.
PR: 32065
Tested by: The Anarcat <anarcat@anarcat.dyndns.org>
MFC after: 3 days
2001-11-19 19:40:14 +00:00
jhb
1c9daba05c
Fix world by trimming an extra comment terminator.
2001-10-29 19:22:38 +00:00
nsayer
267f5448c8
Add Berkeley copyright to SRA.
...
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:
Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.
>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.
>dave safford
This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.
MFC after: 1 day
2001-10-29 16:12:16 +00:00
markm
4c52c72d92
Diff-reduce these two.
...
Really, one of them needs to disappear. I'll figure out which
later.
Reported by: bde
2001-10-27 12:49:19 +00:00
markm
0163eae972
Add __FBSDID() to diff-reduce with "base" telnet.
2001-10-01 16:04:55 +00:00
green
e990e27894
Modify a "You don't exist" message, pretty rude for transient YP failures.
2001-09-27 18:54:42 +00:00
assar
6d29950919
fix renamed options in some of the code that was #ifdef AFS
...
also print an error if krb5 ticket passing is disabled
Submitted by: Jonathan Chen <jon@spock.org>
2001-09-04 13:27:04 +00:00
markm
5987cca2b8
Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.
2001-08-29 14:16:17 +00:00
ps
e7bdb473a8
Backout last change. I didnt follow the thread and made a mistake
...
with this. localisations is a valid spelling. Oops
2001-08-27 10:37:50 +00:00