jkh
fcc97a61ad
Don't assume that the number of fds to select on is known quantity (in
...
this case 16). Use dynamic FD_SETs and calculated high-water marks
throughout. There are also too many versions of telnet in the tree.
Obtained from: OpenBSD and Apple's Radar database
MFC after: 2 days
2001-12-09 09:53:27 +00:00
ru
dc891f7e3c
Fixed bugs from previous revision.
...
Removed -s from SYNOPSIS and restored -S in DESCRIPTION.
2001-12-04 16:02:36 +00:00
nectar
d69c342a45
Update version string since we applied a fix for the UseLogin issue.
2001-12-03 22:47:51 +00:00
jhay
06c2f4bca3
Protect variables and function prototypes that are only used in the INET6
...
case with an ifdef INET6.
This make the fixit floppy compile again.
Reviewed by: markm
2001-12-03 17:42:02 +00:00
markm
c7155665d1
More help for alpha WARNS=2. This code is, erm, unusual. Anyone who
...
feels like rewriting it will meet no objection from me.
2001-12-03 12:16:40 +00:00
markm
7138baa87d
help the alphas out with the WARNS=2 stuff.
2001-12-03 12:13:18 +00:00
nectar
b0b55f7f5f
Do not pass user-defined environmental variables to /usr/bin/login.
...
Obtained from: OpenBSD
Approved by: green
2001-12-03 00:51:47 +00:00
markm
4cff8701ff
Protect names that are used elsewhere. This fixes WARNS=2 breakage
...
in crypto telnet.
2001-12-01 18:48:36 +00:00
markm
14227a41e2
Damn. The previous mega-commit was incomplete WRT ANSIfication. This
...
fixes that.
2001-11-30 22:28:07 +00:00
markm
19fd256fae
Very large style makeover.
...
1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff
This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
dwmalone
9a6b4717f3
In the "UseLogin yes" case we need env to be NULL to make sure it
...
will be correctly initialised.
PR: 32065
Tested by: The Anarcat <anarcat@anarcat.dyndns.org>
MFC after: 3 days
2001-11-19 19:40:14 +00:00
jhb
1c9daba05c
Fix world by trimming an extra comment terminator.
2001-10-29 19:22:38 +00:00
nsayer
267f5448c8
Add Berkeley copyright to SRA.
...
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:
Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.
>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.
>dave safford
This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.
MFC after: 1 day
2001-10-29 16:12:16 +00:00
markm
4c52c72d92
Diff-reduce these two.
...
Really, one of them needs to disappear. I'll figure out which
later.
Reported by: bde
2001-10-27 12:49:19 +00:00
markm
0163eae972
Add __FBSDID() to diff-reduce with "base" telnet.
2001-10-01 16:04:55 +00:00
green
e990e27894
Modify a "You don't exist" message, pretty rude for transient YP failures.
2001-09-27 18:54:42 +00:00
assar
6d29950919
fix renamed options in some of the code that was #ifdef AFS
...
also print an error if krb5 ticket passing is disabled
Submitted by: Jonathan Chen <jon@spock.org>
2001-09-04 13:27:04 +00:00
markm
5987cca2b8
Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.
2001-08-29 14:16:17 +00:00
ps
e7bdb473a8
Backout last change. I didnt follow the thread and made a mistake
...
with this. localisations is a valid spelling. Oops
2001-08-27 10:37:50 +00:00
ps
4e55facbeb
Correctly spell localizations
2001-08-27 10:20:02 +00:00
dd
2c3a92a16f
Remove description of an option that only applies to UNICOS < 7.0.
...
That define may still be present in the source, but I don't think
anyone has plans to try to use it.
Obtained from: NetBSD
2001-08-25 21:29:12 +00:00
markm
62fa01a04b
Code merge and diff reduce with "base" telnet. This is the "later"
...
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.
2001-08-20 12:28:40 +00:00
green
9f287caebc
Update the OpenSSH minor-version string.
...
Requested by: obrien
Reviewed by: rwatson
2001-08-16 19:26:19 +00:00
horikawa
679dd2c9f8
Removal of following export controll related sentences:
...
o Because of export controls, TELNET ENCRYPT option is not supported outside
of the United States and Canada.
o Because of export controls, data encryption
is not supported outside of the United States and Canada.
src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.
Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc
2001-08-15 01:30:25 +00:00
ru
24c7b0a61d
mdoc(7) police: s/BSD/.Bx/ where appropriate.
2001-08-14 10:01:54 +00:00
kris
d051133293
output_data(), output_datalen() and netflush() didn't actually guarantee
...
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded). Change the
semantics so that these functions ensure they complete the operation before
returning.
Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.
Patch developed with assistance from ru and assar.
2001-07-23 21:52:26 +00:00
ru
4b023c5a9f
More potential buffer overflow fixes.
...
o Fixed `nfrontp' calculations in output_data(). If `remaining' is
initially zero, it was possible for `nfrontp' to be decremented.
Noticed by: dillon
o Replaced leaking writenet() with output_datalen():
: * writenet
: *
: * Just a handy little function to write a bit of raw data to the net.
: * It will force a transmit of the buffer if necessary
: *
: * arguments
: * ptr - A pointer to a character string to write
: * len - How many bytes to write
: */
: void
: writenet(ptr, len)
: register unsigned char *ptr;
: register int len;
: {
: /* flush buffer if no room for new data) */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: /* if this fails, don't worry, buffer is a little big */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: netflush();
: }
:
: memmove(nfrontp, ptr, len);
: nfrontp += len;
:
: } /* end of writenet */
What an irony! :-)
o Optimized output_datalen() a bit.
2001-07-20 12:02:30 +00:00
kris
18cbcd5eff
Resolve conflicts
2001-07-19 20:05:28 +00:00
kris
3b19ada1e8
Initial import of OpenSSL 0.9.6b
2001-07-19 19:59:37 +00:00
kris
84fabcda92
This commit was generated by cvs2svn to compensate for changes in r79998,
...
which included commits to RCS files with non-trunk default branches.
2001-07-19 19:59:37 +00:00
ru
5bfe15ad2f
vsnprintf() can return a value larger than the buffer size.
...
Submitted by: assar
Obtained from: OpenBSD
2001-07-19 18:58:31 +00:00
ru
9cac33d71f
Fixed the exploitable remote buffer overflow.
...
Reported on: bugtraq
Obtained from: Heimdal, NetBSD
Reviewed by: obrien, imp
2001-07-19 17:48:57 +00:00
nectar
0e7f0df834
Bug fix: When the client connects to a server and Kerberos
...
authentication is enabled, the client effectively ignores any error
from krb5_rd_rep due to a missing branch.
In theory this could result in an ssh client using Kerberos 5
authentication accepting a spoofed AP-REP. I doubt this is a real
possiblity, however, because the AP-REP is passed from the server to
the client via the SSH encrypted channel. Any tampering should cause
the decryption or MAC to fail.
Approved by: green
MFC after: 1 week
2001-07-13 18:12:13 +00:00
ru
d19961ab7f
mdoc(7) police: removed HISTORY info from the .Os call.
2001-07-10 10:42:19 +00:00
green
961721080a
Fix an incorrect conflict resolution which prevented TISAuthentication
...
from working right in 2.9.
2001-07-07 14:19:53 +00:00
ru
9fe5b34c60
mdoc(7) police: merge all fixes from non-crypto version.
2001-07-05 14:08:12 +00:00
ru
30aad2eb2c
MF non-crypto: 1.13: document -u in usage.
2001-07-05 14:06:27 +00:00
green
93a6a41112
Also add a colon to "Bad passphrase, please try again ".
2001-06-29 16:43:13 +00:00
green
5d06029221
Put in a missing colon in the "Enter passphrase" message.
2001-06-29 16:34:14 +00:00
green
fe0162ddb3
Back out the last change which is probably actually a red herring. Argh!
2001-06-26 15:15:22 +00:00
green
c3258d9fdd
Don't pointlessly kill a channel because the first (forced)
...
non-blocking read returns 0.
Now I can finally tunnel CVSUP again...
2001-06-26 14:17:35 +00:00
assar
c05dadd832
fix merges from 0.3f
2001-06-21 02:21:57 +00:00
assar
0c8fa35435
import of heimdal 0.3f
2001-06-21 02:12:07 +00:00
assar
7281f96821
This commit was generated by cvs2svn to compensate for changes in r78527,
...
which included commits to RCS files with non-trunk default branches.
2001-06-21 02:12:07 +00:00
assar
116337ea17
(do_authloop): handle !KRB4 && KRB5
2001-06-16 07:44:17 +00:00
markm
5fa9d6f739
Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does
...
not imply that you want, need or have kerberosIV headers.
2001-06-15 08:12:31 +00:00
green
fdb0c1688a
Enable Kerberos 5 support in sshd again.
2001-06-12 03:43:47 +00:00
green
45d207659b
Switch to the user's uid before attempting to unlink the auth forwarding
...
file, nullifying the effects of a race.
Obtained from: OpenBSD
2001-06-08 22:22:09 +00:00
obrien
a26134411c
Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason.
2001-05-24 07:22:08 +00:00
dillon
0c1af1bd68
Oops, forgot the 'u' in the getopt for the previous commit.
2001-05-24 00:14:19 +00:00
dillon
9ff666d52d
A feature to allow one to telnet to a unix domain socket. (MFC from
...
non-crypto version)
Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.
Obtained from: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
2001-05-23 22:54:07 +00:00
kris
445c7928a1
Resolve conflicts
2001-05-20 03:17:35 +00:00
kris
12896e829e
Initial import of OpenSSL 0.9.6a
2001-05-20 03:07:21 +00:00
kris
d8a086ad88
This commit was generated by cvs2svn to compensate for changes in r76866,
...
which included commits to RCS files with non-trunk default branches.
2001-05-20 03:07:21 +00:00
obrien
bac609c202
Restore the RSA host key to /etc/ssh/ssh_host_key.
...
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
2001-05-18 18:10:02 +00:00
nsayer
e25576d211
Make the PAM user-override actually override the correect thing.
2001-05-17 16:28:11 +00:00
peter
859d222e45
Back out last commit. This was already fixed. This should never have
...
happened, this is why we have commit mail expressly delivered to
committers.
2001-05-17 03:14:42 +00:00
peter
fdd845cf6b
Fix the latest telnet breakage. Obviously this was never compiled.
2001-05-17 03:13:00 +00:00
nsayer
295844e3ff
Since the root-on-insecure-tty code was added to telnetd, a dependency
...
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
2001-05-16 20:34:42 +00:00
nsayer
02a47b1303
Make sure the protocol actively rejects bad data rather than
...
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
nsayer
280add2b35
srandomdev() affords us the opportunity to radically improve, and at the
...
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
nsayer
ca01fb27dc
Catch any attempted buffer overflows. The magic numbers in this code
...
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.
Submitted by: kris
2001-05-16 18:27:09 +00:00
nsayer
ce94eedfd7
Catch malloc return failures. This should help avoid dereferencing NULL on
...
low-memory situations.
Submitted by: kris
2001-05-16 18:17:55 +00:00
peter
6125cb47e3
Hack to work around braindeath in libtelnet:sra.c. The sra.o file
...
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
nsayer
2bdf180df8
If the uid of the attempted authentication is 0 and if the pty is
...
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
green
a407780211
If a host would exceed 16 characters in the utmp entry, record only
...
it's IP address/base host instead.
Submitted by: brian
2001-05-15 01:50:40 +00:00
ru
3add9296c0
mdoc(7) police: finished fixing conflicts in revision 1.18.
2001-05-14 18:13:34 +00:00
markm
cdb0cb9ccd
Fix make world in the kerberosIV case.
2001-05-11 09:36:17 +00:00
assar
afb22517a4
merge imported changes into HEAD
2001-05-11 00:14:02 +00:00
alfred
bd16bfd06f
Fix some of the handling in the pam module, don't unregister things
...
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.
Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
2001-05-09 03:40:37 +00:00
green
9c961719a9
Since PAM is broken, let pam_setcred() failure be non-fatal.
2001-05-08 22:30:18 +00:00
assar
a4ee56e2bb
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
assar
06c859ecf5
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
assar
b9733926af
This commit was generated by cvs2svn to compensate for changes in r76371,
...
which included commits to RCS files with non-trunk default branches.
2001-05-08 14:57:13 +00:00
nsayer
b47830be3e
Pointy hat fix -- reapply the SRA PAM patch. To -current this time.
2001-05-07 20:42:02 +00:00
green
3f59c74031
sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
2001-05-05 13:48:13 +00:00
green
094816f4b2
Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
...
(Missing Delta Brigade, tally-ho!)
2001-05-05 01:12:45 +00:00
green
729aac1a81
Get ssh(1) compiling with MAKE_KERBEROS5.
2001-05-04 04:37:49 +00:00
green
d1f65ecd2b
Remove obsoleted files.
2001-05-04 04:15:22 +00:00
green
119a11eb6b
Fix conflicts for OpenSSH 2.9.
2001-05-04 04:14:23 +00:00
green
8acd87ac47
Say "hi" to the latest in the OpenSSH series, version 2.9!
...
Happy birthday to: rwatson
2001-05-04 03:57:05 +00:00
green
08fd06354d
This commit was generated by cvs2svn to compensate for changes in r76259,
...
which included commits to RCS files with non-trunk default branches.
2001-05-04 03:57:05 +00:00
green
461d7e1472
Add a "VersionAddendum" configuration setting for sshd which allows
...
anyone to easily change the part of the OpenSSH version after the main
version number. The FreeBSD-specific version banner could be disabled
that way, for example:
# Call ourselves plain OpenSSH
VersionAddendum
2001-05-03 00:29:28 +00:00
green
6d6d6e45ee
Backout completely canonical lookup modifications.
2001-05-03 00:26:47 +00:00
markm
10249e46a3
Toss into attic stuff we don't use.
2001-04-14 09:48:26 +00:00
ru
8e59fdc98e
mdoc(7) police: removed hard sentence breaks introduced in rev.1.10.
2001-04-13 08:49:52 +00:00
nsayer
311a1c9e61
Clean up telnet's argument processing a bit. autologin and encryption is
...
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
2001-04-06 15:56:10 +00:00
nsayer
66051d03dc
Reactivate SRA.
...
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
green
b9a62213ae
Suggested by kris, OpenSSH shall have a version designated to note that
...
it's not "plain" OpenSSH 2.3.0.
2001-03-20 02:11:25 +00:00
green
e1c06db961
Make password attacks based on traffic analysis harder by requiring that
...
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.
Obtained from: OpenBSD
2001-03-20 02:06:40 +00:00
nsayer
392858ffd3
Fix core noted in -stable with 'auth disable SRA'.
...
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
asmodai
355885cfa7
Fix double mention of ssh.
...
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.
PR: 25743
Submitted by: David Wolfskill <dhw@whistle.com>
2001-03-15 09:24:40 +00:00
green
8b51db0ce8
Don't dump core when an attempt is made to login using protocol 2 with
...
an invalid user name.
2001-03-15 03:15:18 +00:00
assar
95047bd0c5
(try_krb5_authentication): simplify code. from joda@netbsd.org
2001-03-13 04:42:38 +00:00
assar
07c5543bb1
Fix LP64 problem in Kerberos 5 TGT passing.
...
Obtained from: NetBSD (done by thorpej@netbsd.org )
2001-03-12 08:14:22 +00:00
assar
c63261057a
enable auto-negotiation of encrypt and decrypt
2001-03-12 03:54:48 +00:00
assar
1387b4dc3d
initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory.
...
PR: bin/20779
2001-03-12 03:48:03 +00:00
green
f261519030
Reenable the SIGPIPE signal handler default in all cases for spawned
...
sessions.
2001-03-11 02:26:57 +00:00
markm
2624196bc4
Remove stuff that is really "ports material", generated files and
...
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
2001-03-04 07:26:45 +00:00
markm
3f99913eea
Trim down the source tree a bit. We shouldn't have blatantly
...
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
2001-03-04 07:06:39 +00:00
assar
4e2eb78eca
Add code for being compatible with ssh.com's krb5 authentication.
...
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
2001-03-04 02:22:04 +00:00
kris
4fef76e966
Resolve conflicts
2001-02-18 03:23:30 +00:00
kris
7e55354aa4
Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10
2001-02-18 03:17:36 +00:00
kris
68872806ec
This commit was generated by cvs2svn to compensate for changes in r72613,
...
which included commits to RCS files with non-trunk default branches.
2001-02-18 03:17:36 +00:00
ps
4abb31bd7d
Make ConnectionsPerPeriod non-fatal for real.
2001-02-18 01:33:31 +00:00
markm
b1b1c55467
Fix a "make world"-breaking inconsistency for those folks making
...
a world with both KRB4 and KRB5.
2001-02-14 19:54:36 +00:00
assar
c492c977b4
nuke conflict markers
2001-02-13 22:40:28 +00:00
assar
e25a9ea1d2
update to new heimdal libkrb5
2001-02-13 16:58:04 +00:00
assar
e1ae34cd7e
fix conflicts in heimdal 0.3e import
2001-02-13 16:52:56 +00:00
assar
ebfe6dc471
import of heimdal 0.3e
2001-02-13 16:46:19 +00:00
assar
3a971fe69a
This commit was generated by cvs2svn to compensate for changes in r72445,
...
which included commits to RCS files with non-trunk default branches.
2001-02-13 16:46:19 +00:00
kris
94cb603894
Patches backported from later development version of OpenSSH which prevent
...
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.
Reviewed by: rwatson
2001-02-12 06:44:51 +00:00
kris
5e1021a55a
Note that crypto/ is not used to build in, people should see secure/
...
instead.
2001-02-10 04:47:47 +00:00
asmodai
bf7345c3e8
Synch: Add $FreeBSD$.
2001-02-07 21:58:16 +00:00
asmodai
7d76aced28
Fix typo: compatability -> compatibility.
...
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
asmodai
47a2266000
Fix typo: seperate -> separate.
...
Seperate does not exist in the english language.
Submitted to look at by: kris
2001-02-06 10:39:38 +00:00
asmodai
43450ced68
Fix typo: wierd -> weird.
...
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
green
c0460ef928
Correctly fill in the sun_len for a sockaddr_sun.
...
Submitted by: Alexander Leidinger <Alexander@leidinger.net>
2001-02-04 20:23:17 +00:00
green
007d3cc3ed
MFS: Don't use the canonical hostname here, too.
2001-02-04 20:16:14 +00:00
green
8ae23e3ef8
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
2001-02-04 20:15:53 +00:00
ru
8c9e49b445
mdoc(7) police: split punctuation characters + misc fixes.
2001-02-01 17:12:45 +00:00
green
42801d85d9
Actually propagate back to the rest of the application that a command
...
was specified when using -t mode with the SSH client.
Submitted by: Dima Dorfman <dima@unixfreak.org>
2001-01-21 05:45:27 +00:00
green
759414f218
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
...
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
ru
a45dd3f68d
Prepare for mdoc(7)NG.
2001-01-10 16:51:28 +00:00
green
a121b36822
Fix a long-standing bug that resulted in a dropped session sometimes
...
when an X11-forwarded client was closed. For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really). Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
assar
2a7f590041
fix conflicts from merge
2000-12-29 21:16:01 +00:00
assar
2aa51584a1
import krb4-1.0.5
2000-12-29 21:00:22 +00:00
assar
29cd18e572
This commit was generated by cvs2svn to compensate for changes in r70494,
...
which included commits to RCS files with non-trunk default branches.
2000-12-29 21:00:22 +00:00
assar
7e5f2377be
merge fix from vendor for not overwriting old ticket file
2000-12-10 21:01:33 +00:00
assar
25b981f320
This commit was generated by cvs2svn to compensate for changes in r69836,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:01:33 +00:00
assar
32ce969d51
merge fix from vendor for removing buffer overrun
2000-12-10 21:00:35 +00:00
assar
636a56109d
This commit was generated by cvs2svn to compensate for changes in r69833,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:00:35 +00:00
assar
2fe34f87ef
merge fix from vendor for not looking at environment variables
2000-12-10 20:59:35 +00:00
assar
1419c7c47a
This commit was generated by cvs2svn to compensate for changes in r69830,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 20:59:35 +00:00
assar
b022d1d27e
(scrub_env): change to only accept a listed set of variables,
...
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
cvs2svn
5bcde1229c
This commit was manufactured by cvs2svn to create branch
...
'VENDOR-crypto-openssh'.
2000-12-05 02:55:13 +00:00
green
ab6b35a1d6
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
...
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
green
6202ac1614
Forgot to remove the old line in the last commit.
2000-12-05 02:41:01 +00:00
green
2aecee364f
Import of OpenSSH 2.3.0 (virgin OpenBSD source release).
2000-12-05 02:20:19 +00:00
green
1c5144a169
This commit was generated by cvs2svn to compensate for changes in r69587,
...
which included commits to RCS files with non-trunk default branches.
2000-12-05 02:20:19 +00:00
brian
17a750ff36
Remove duplicate line
...
Not responded to by: kris, then green
2000-12-04 22:57:53 +00:00
asmodai
56b0ddae6c
Add more environment variables to be filtered through scrub_env().
...
Synched from normal telnet.
2000-11-30 13:14:54 +00:00
asmodai
5c47bfad32
String paranoia fix. Synched from normal telnet.
2000-11-30 13:10:01 +00:00
asmodai
617a96fd6d
String paranoia. Merged from regular telnet.
2000-11-30 10:55:25 +00:00
kris
35eec2074d
Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
...
Submitted by: Edwin Groothuis <mavetju@chello.nl>
PR: bin/22787
2000-11-26 21:37:51 +00:00
green
163406c6e5
In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
...
back to the original environ unconditionally. The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set. Therefore, don't try to swap the env back
unless the previous env has been initialized.
PR: bin/22670
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2000-11-25 02:00:35 +00:00
billf
de5ab7abc1
Correct an arguement to ssh_add_identity, this matches what is currently
...
in ports/security/openssh/files/pam_ssh.c
PR: 22164
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by: green
Approved by: green
2000-11-25 01:55:42 +00:00
ru
71e2293ad4
mdoc(7) police: use the new features of the Nm macro.
2000-11-20 20:10:44 +00:00
kris
1a1517afe4
Fix a buffer overflow from a long local hostname.
...
Obtained from: OpenBSD
2000-11-19 10:08:26 +00:00
green
0bc5843790
Add login_cap and login_access support. Previously, these FreeBSD-local
...
checks were only made when using the 1.x protocol.
2000-11-14 04:35:03 +00:00
green
100d82038d
Import a security fix: the client would allow a server to use its
...
ssh-agent or X11 forwarding even if it was disabled.
This is the vendor fix provided, not an actual revision of clientloop.c.
Submitted by: Markus Friedl <markus@OpenBSD.org> via kris
2000-11-14 03:51:53 +00:00
green
fb253173ae
This commit was generated by cvs2svn to compensate for changes in r68700,
...
which included commits to RCS files with non-trunk default branches.
2000-11-14 03:51:53 +00:00
kris
4b15a516e7
Update list of files to remove prior to import
2000-11-13 07:46:20 +00:00
kris
76c54c9ba3
Resolve conflicts, and garbage collect some local changes that are no
...
longer required
2000-11-13 02:20:29 +00:00
kris
539b977eff
Initial import of OpenSSL 0.9.6
2000-11-13 01:03:58 +00:00
kris
f648020584
This commit was generated by cvs2svn to compensate for changes in r68651,
...
which included commits to RCS files with non-trunk default branches.
2000-11-13 01:03:58 +00:00
ru
a6f5d950d8
Avoid use of direct troff requests in mdoc(7) manual pages.
2000-11-10 17:46:15 +00:00
dougb
353f00f96c
Add a CVS Id tag
2000-10-29 10:00:58 +00:00
kris
d2f83e4ec4
Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY
2000-10-29 00:10:14 +00:00
green
3c8715d5d7
Fix a few style oddities.
2000-09-10 18:04:12 +00:00
green
bb24bb397b
Fix a goof in timevaldiff.
2000-09-10 18:03:46 +00:00
kris
c5a4794750
Remove files no longer present in OpenSSH 2.2.0 and beyond
2000-09-10 10:26:07 +00:00
kris
24372e6c10
Resolve conflicts and update for OpenSSH 2.2.0
...
Reviewed by: gshapiro, peter, green
2000-09-10 09:35:38 +00:00
kris
0ca2bdc2f7
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09
2000-09-10 08:31:17 +00:00
kris
f2912c8208
This commit was generated by cvs2svn to compensate for changes in r65668,
...
which included commits to RCS files with non-trunk default branches.
2000-09-10 08:31:17 +00:00
kris
e4a753d311
Nuke RSAREF support from orbit.
...
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
kris
2450bc1f18
ttyname was not being passed into do_login(), so we were erroneously picking
...
up the function definition from unistd.h instead. Use s->tty instead.
Submitted by: peter
2000-09-04 08:43:05 +00:00
kris
175e5fe4dd
bzero() the struct timeval for paranoia
...
Submitted by: gshapiro
2000-09-03 07:58:35 +00:00
kris
868b20c6a8
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
...
was using this feature.
2000-09-02 07:32:05 +00:00
kris
458b9e5882
Repair a broken conflict resolution in r1.2 which had the effect of nullifying
...
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".
Submitted by: gshapiro
2000-09-02 05:40:50 +00:00
kris
8b99f6e1dc
Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh!
...
Submitted by: gshapiro
2000-09-02 04:41:33 +00:00
kris
6eee534256
Re-add missing "break" which was lost during a previous patch
...
integration. This currently has no effect.
Submitted by: gshapiro
2000-09-02 04:37:51 +00:00
kris
42ae81df48
Turn on X11Forwarding by default on the server. Any risk is to the client,
...
where it is already disabled by default.
Reminded by: peter
2000-09-02 03:49:22 +00:00
kris
3ae9606341
Increase the default value of LoginGraceTime from 60 seconds to 120
...
seconds.
PR: 20488
Submitted by: rwatson
2000-08-23 09:47:25 +00:00
kris
aba57a02e8
Respect X11BASE to derive the location of xauth(1)
...
PR: 17818
Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00
kris
e5f617598c
Fix setproctitle() and syslog() vulnerabilities.
2000-08-13 05:23:23 +00:00
kris
c433a0e2f8
This commit was generated by cvs2svn to compensate for changes in r64593,
...
which included commits to RCS files with non-trunk default branches.
2000-08-13 05:23:23 +00:00
kris
e5795f1541
Fix benign bugs due to missing format string in err() and warn().
...
Approved by: assar (vendor :-)
2000-08-13 04:46:54 +00:00
kris
cab37673f6
This commit was generated by cvs2svn to compensate for changes in r64583,
...
which included commits to RCS files with non-trunk default branches.
2000-08-13 04:46:54 +00:00
kris
f7413271b5
Fix setproctitle() vulnerability in non-compiled code.
2000-08-13 04:35:43 +00:00
asmodai
5209950187
Chalk up another phkmalloc victim.
...
It seems as if uninitialised memory was the culprit.
We may want to contribute this back to the OpenSSH project.
Submitted by: Alexander Leidinger <Alexander@Leidinger.net> on -current.
2000-08-01 08:07:15 +00:00
alex
0a765c451d
Crypto sources are no longer export controlled:
...
Explain, why crypto sources are still in crypto/.
Reviewed by: markm
2000-07-31 12:24:13 +00:00
asmodai
0a6c762555
Fix a weird typo, is -> are.
...
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.
Submitted by: Jon Perkin <sketchy@netcraft.com>
2000-07-27 19:21:15 +00:00
marko
1dcee686be
Fixed a minor typo in the header.
...
Pointed out by: asmodai
2000-07-27 17:21:07 +00:00
marko
674af77794
Committed, Thanks!!
...
PR: 20108
Submitted by: Doug Lee
2000-07-25 16:49:48 +00:00
ume
0abc0cfcd6
Fix buffer size of ALIGNed buffer.
...
PR: bin/20053
Submitted by: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
2000-07-20 14:54:04 +00:00
assar
f816d255fa
merge in syslog fixes, do not call syslog with variabel as format string
2000-07-20 05:43:55 +00:00
peter
e2062d0bd5
Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
2000-07-16 05:48:49 +00:00
nsayer
f0ebc4fdd1
Fix 'telnet -X sra' coredump
...
PR# 19835
2000-07-11 15:04:05 +00:00
peter
d9df5f65de
Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)
2000-07-11 09:54:24 +00:00
peter
5f6efaa063
Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.
2000-07-11 09:52:14 +00:00
peter
772dd17b51
Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but
...
sshd's internal default was 'yes'. (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)
Approved by: kris
2000-07-11 09:50:15 +00:00
peter
adeace1395
Make FallBackToRsh off by default. Falling back to rsh by default is
...
silly in this day and age.
Approved by: kris
2000-07-11 09:39:34 +00:00
kris
a5aaf7609c
Don't call printf with no format string.
2000-07-10 05:16:59 +00:00
ume
4eacfb7489
Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA
...
change (getaddrinfo.c rev 1.12).
2000-07-08 05:22:00 +00:00
itojun
1fcab4244d
sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org
2000-07-07 12:35:05 +00:00
green
be6e69fbed
Allow restarting on SIGHUP when the full path was not given as argv[0].
...
We do have /proc/curproc/file :)
2000-07-04 06:43:26 +00:00
green
26efc47d38
So /this/ is what has made OpenSSH's SSHv2 support never work right!
...
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
2000-06-27 21:16:06 +00:00
green
71e9ee0209
Also make sure to close the socket that exceeds your rate limit.
2000-06-26 23:39:26 +00:00
green
9bccae4f2e
Make rate limiting work per-listening-socket. Log better messages than
...
before for this, requiring a new function (get_ipaddr()). canohost.c
receives a $FreeBSD$ line.
Suggested by: Niels Provos <niels@OpenBSD.org>
2000-06-26 05:44:23 +00:00
markm
2fe0472e39
MFI. This is a documentation-only, diffreducing patch, that if
...
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
2000-06-24 06:50:58 +00:00
markm
58b7870cc7
Grrr. I hate CVS. These were supposed to be committed when I did the
...
IDEA fix earlier today.
Bring back IDEA from the dead (but not compiled by default).
2000-06-19 21:09:27 +00:00
markm
940ce492dc
Re-add IDEA. This is not actually built unless asked for by the user.
...
(To avoid patent hassles).
2000-06-19 13:59:34 +00:00
kris
4f57b24cfd
Fix syntax error in previous commit.
...
Submitted by: Udo Schweigert <ust@cert.siemens.de>
2000-06-11 21:41:25 +00:00
kris
ad6da2a572
Fix security botch in "UseLogin Yes" case: commands are executed with
...
uid 0.
Obtained from: OpenBSD
2000-06-10 22:32:57 +00:00
ru
caf976b39e
Make `ssh-agent -k' work for csh(1)-like shells.
2000-06-10 14:14:28 +00:00
green
ba3f3c2ac7
Allow "DenyUsers" to function.
2000-06-06 06:16:55 +00:00
kris
a55fcaa060
Resolve conflicts
2000-06-03 09:58:15 +00:00
kris
3639dd9ace
Initial import of OpenSSH snapshot from 2000/05/30
...
Obtained from: OpenBSD
2000-06-03 09:52:37 +00:00
kris
0a76acd42d
This commit was generated by cvs2svn to compensate for changes in r61209,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 09:52:37 +00:00
kris
1e51208074
Resolve conflicts
2000-06-03 09:23:13 +00:00
kris
585dc667de
Import from vendor repository.
...
Obtained from: OpenBSD
2000-06-03 09:20:19 +00:00
kris
780d02839a
This commit was generated by cvs2svn to compensate for changes in r61206,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 09:20:19 +00:00
kris
66c0eb5d8c
Bring vendor patches onto the main branch, and resolve conflicts.
2000-06-03 07:31:44 +00:00
kris
e503398156
Import vendor patches: the first is written by
...
Brian Feldman <green@FreeBSD.org>
* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)
Submitted by: green
Obtained from: OpenBSD
2000-06-03 07:18:09 +00:00
kris
88a84bd92e
This commit was generated by cvs2svn to compensate for changes in r61201,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 07:18:09 +00:00
kris
10badcd8c7
Import vendor patch originally submitted by the below author: don't
...
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.
Submitted by: Jan Koum <jkb@yahoo-inc.com>
2000-06-03 07:06:14 +00:00
kris
89aaaa3ccb
This commit was generated by cvs2svn to compensate for changes in r61199,
...
which included commits to RCS files with non-trunk default branches.
2000-06-03 07:06:14 +00:00
kris
e1e1f53651
Import vendor fix: "fix key_read() for uuencoded keys w/o '='"
...
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.
Submitted by: Christian Weisgerber <naddy@mips.inka.de>
Obtained from: OpenBSD
2000-06-03 06:51:30 +00:00
kris
27503968d8
Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken
...
from the openssh port)
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
2000-05-30 09:03:15 +00:00
jake
961b97d434
Back out the previous change to the queue(3) interface.
...
It was not discussed and should probably not happen.
Requested by: msmith and others
2000-05-26 02:09:24 +00:00
jake
d93fbc9916
Change the way that the queue(3) structures are declared; don't assume that
...
the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk
Reviewed by: phk
Approved by: mdodd
2000-05-23 20:41:01 +00:00
ache
b102c893de
Turn on CheckMail to be more login-compatible by default
2000-05-23 06:06:54 +00:00
brian
0e085590db
Don't USE_PIPES
...
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
2000-05-22 09:51:18 +00:00
kris
ecdf63b33e
Correct two stupid typos in the DSA key location.
...
Submitted by: Udo Schweigert <ust@cert.siemens.de>
2000-05-18 06:04:23 +00:00
kris
de71a10db8
Unbreak Kerberos5 compilation. This still remains untested.
...
Noticed by: obrien
2000-05-17 08:06:20 +00:00
kris
40816e5260
Oops, rename S/Key to Opie in line with FreeBSD usage.
2000-05-15 06:11:30 +00:00
kris
866470d785
Create a DSA host key if one does not already exist, and teach sshd_config
...
about it.
2000-05-15 05:40:27 +00:00
kris
a632b4789c
Resolve conflicts and update for FreeBSD.
2000-05-15 05:24:25 +00:00
kris
4dc8aa85ce
Initial import of OpenSSH v2.1.
2000-05-15 04:37:24 +00:00
kris
8cf8ce7bb1
This commit was generated by cvs2svn to compensate for changes in r60573,
...
which included commits to RCS files with non-trunk default branches.
2000-05-15 04:37:24 +00:00
nik
b8783e88c4
Note that X11 Forwarding is off by default.
...
PR: docs/17566
Submitted by: Keith Stevenson <ktstev01@louisville.edu>
2000-04-30 22:41:58 +00:00
markm
3e04080f8a
MFF: catch up with FreeFall
2000-04-19 21:20:54 +00:00
kris
a0eba154d3
If stderr is closed, report the error message about missing libraries
...
via syslog instead.
Reviewed by: jkh
2000-04-18 06:25:24 +00:00
markm
f8f9ad64d4
Internat diff reducer.
2000-04-16 17:49:31 +00:00
markm
893841d237
Virgin import of OpenSSL v0.9.5a
2000-04-16 16:03:07 +00:00
markm
fcef4a7a75
This commit was generated by cvs2svn to compensate for changes in r59281,
...
which included commits to RCS files with non-trunk default branches.
2000-04-16 16:03:07 +00:00
kris
6b5aa79169
Resolve conflicts.
2000-04-13 07:15:03 +00:00
kris
54c77f990d
Initial import of OpenSSL 0.9.5a
2000-04-13 06:33:22 +00:00
kris
40ba664ca8
This commit was generated by cvs2svn to compensate for changes in r59191,
...
which included commits to RCS files with non-trunk default branches.
2000-04-13 06:33:22 +00:00
kris
0acc851007
Correct a typo and interchanged library names
...
Submitted by: Ben Rosengart <ben@narcissus.net>
Matthew D. Fuller <fullermd@futuresouth.com>
2000-04-05 04:09:51 +00:00
kris
77771891cb
Fix a memory leak.
...
PR: 17360
Submitted by: Andrew J. Korty <ajk@iu.edu>
2000-03-29 08:24:37 +00:00
kris
9b205c3441
#include <ssl/foo.h> -> #include <openssl/foo.h>
2000-03-26 10:00:28 +00:00
kris
6948a83776
Resolve conflicts.
2000-03-26 07:37:48 +00:00
kris
b201b15ee1
Virgin import of OpenSSH sources dated 2000/03/25
2000-03-26 07:07:24 +00:00
kris
e46dd7a5de
This commit was generated by cvs2svn to compensate for changes in r58582,
...
which included commits to RCS files with non-trunk default branches.
2000-03-26 07:07:24 +00:00
kris
977254a1c1
Don't refer to the openssl handbook chapter by name - the doc guys keep
...
jamming new chapters in front of it :)
2000-03-25 07:28:18 +00:00
brian
64f92723d4
Use pipe() instead of socketpair() in sshd when communicating
...
with the client.
This allows ppp/ssh style tunnels to function again.
Ok'd by: markk
Submitted by: markk@knigma.org
2000-03-24 15:39:37 +00:00
mpp
b064529634
Fix a few spelling errors.
2000-03-24 02:26:54 +00:00
sheldonh
7889147802
IgnoreUserKnownHosts is a boolean flag, not an integer value.
...
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.
PR: 17027
Submitted by: David Malone <dwmalone@maths.tcd.ie>
Obtained from: OpenBSD
2000-03-22 09:36:35 +00:00
kris
0d170b1596
Add a new function stub to libcrypto() which resolves to a symbol in
...
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.
This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'
This is a 4.0-RELEASE candidate.
2000-03-13 09:55:53 +00:00
kris
d675ea707a
Various manpage style/grammar/formatting cleanups
...
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar
PR: 17292 (remainder of)
2000-03-13 00:17:43 +00:00
nik
2ace392884
- typos
...
- Add double spaces following full stops to improve typeset output
- mdoc-ification. (Though I'm uncertain whether option values and
contents should be .Dq or something else).
- Fix a missed /etc/ssh change
- Expand wording on RandomSeed and behaviour when X11 isn't forwarded.
- Change examples to literal mode.
- Trim trailing whitespace
PR: docs/17292
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
2000-03-10 11:48:49 +00:00
markm
b0cba82a4f
Make LOGIN_CAP work properly.
2000-03-09 14:52:31 +00:00
kris
8141458379
/etc -> /etc/ssh
...
Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
2000-03-08 03:44:00 +00:00
jhay
94eda357d0
MFI: Use krb5 functions in krb5 files.
...
Reviewed by: markm
2000-03-03 20:31:58 +00:00
shin
1b7dce690e
Replace structure copy form ifreq obtained by SIOCGIFADDR
...
to memcpy(), to avoid unaligned access trap on alpha.
Approved by: jkh
2000-03-03 13:05:00 +00:00
shin
b284df6e2f
CMSG_XXX macros alignment fixes to follow RFC2292.
...
Approved by: jkh
2000-03-03 12:50:46 +00:00
green
ead1658802
Turn off X11 forwarding in the client. X11 forwarding in the server by
...
default should probably also get turned on, now.
Requested by: kris
Obtained from: OpenBSD
2000-03-03 05:58:39 +00:00
kris
b3d817cd57
Update the wording on the error message when libcrypto.so can't find an
...
RSA library.
Reviewed by: peter, jkh
2000-03-02 06:21:02 +00:00
ume
1294a0b6cf
Enable connection logging. FreeBSD's libwrap is IPv6 ready.
...
OpenSSH is in our source tree, now. It's a time to enable it.
Reviewed by: markm, shin
Approved by: jkh
2000-02-29 19:37:04 +00:00
markm
37dce23afc
1) Add kerberos5 functionality.
...
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
by Andrey Chernov
2000-02-28 19:03:50 +00:00
brian
499e159c08
Don't put truncated hostnames in utmp
...
Approved by: jkh
2000-02-28 18:51:30 +00:00
peter
4f3a50153f
Sync with internat.freebsd.org; weak symbols vs static libs == trouble
2000-02-26 16:57:17 +00:00
peter
8d6551c752
Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot.
2000-02-26 14:20:18 +00:00
peter
95cacb19a9
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
...
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
2000-02-26 13:19:18 +00:00
peter
58c2a78aa2
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
...
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
2000-02-26 13:13:03 +00:00
peter
527ba28c8f
At great personal risk (to my already fragile sanity), reorganize
...
the rsa stubs for libcrypto. libcrypto.so now uses dlopen() to
implement the backends for either the native or rsaref implemented
RSA code.
This involves:
- unifying the libcrypto and openssl(1) source so there is no
#ifdef RSAref variations.
- using weak symbols and dlopen()/dlsym() routines to access the
rsa method vectors.
Releases will enable the user to choose International, US (rsaref) or
no RSA code at install time.
'make world' will DTRT depending on whether you have the international
or US source. For US users, you must either install rsaref (the port
or package) or (if you don't fear RSA Inc) use the (superior)
International rsa_eay.c code.
This has been discussed at great length by the affected folks and even
we have a great deal of confusion. This is a checkpoint so we can tune
the results. This works for me in all permutations I can think of and
should result in a CD/ftp 'release' just about doing the right thing now.
2000-02-26 13:06:55 +00:00
peter
eb77fcb95c
Redo this with a repo copy from the original file and reset the
...
__PREFIX__ markers.
2000-02-26 09:59:14 +00:00
peter
18bcb8d297
oops, update path to /etc/ssh/ssh_host_key
2000-02-26 02:24:38 +00:00
peter
7abc89037f
Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh
2000-02-25 14:25:10 +00:00
peter
7caf65d2f4
Don't use the dlopen() stubs if comiling with PIC. This still
...
needs some more thought for the static case. Should we provide weak
error-generating stubs for static binaries if -lrsaref was forgotten?
2000-02-25 08:13:50 +00:00
green
522f06fd77
Fix a bug that crawled in pretty recently (from the port). It made
...
sshd coredump :(
2000-02-25 05:22:14 +00:00
peter
8e4001f110
Fix garbage in SSH_PROGRAM (only on freefall, not internat)
2000-02-25 04:41:06 +00:00
green
83bac1a374
Make "CheckHostIP" default to off. This was proposed on -security and
...
earlier IRC, but despite my inital feeling against it, this seems
the more proper thing to do.
Proposed by: rwatson
2000-02-25 03:04:29 +00:00
green
129e6a7558
The includes must be <openssl/.*\.h>, not <ssl/.*\.h>.
2000-02-25 01:53:12 +00:00
markm
ccef1c20fc
remove more ports crud.
2000-02-24 23:54:00 +00:00
markm
190eabf199
remove ports junk
2000-02-24 23:46:38 +00:00
markm
881ec50548
Use libcrypto instead of libdes.
2000-02-24 20:21:16 +00:00
markm
443e3df9fc
RIP libdes. All hail libcrypto!
2000-02-24 19:35:08 +00:00
markm
2cbf93e2b4
Get crypto from libcrypto, not libdes.
2000-02-24 19:28:31 +00:00
markm
37a38e6638
Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)
2000-02-24 15:29:42 +00:00
markm
fc557ff7d9
Vendor import of OpenSSH.
2000-02-24 14:29:47 +00:00
markm
606d31b1ec
This commit was generated by cvs2svn to compensate for changes in r57429,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 14:29:47 +00:00
markm
be16c6202a
Merge conflicts.
2000-02-24 13:37:41 +00:00
markm
4d2ec46519
Oops; forgot to add this.
2000-02-24 13:20:48 +00:00
markm
3aaee576c1
Get this to the same level of functionality as old libdes.
2000-02-24 13:20:15 +00:00
markm
5ed96cd5da
Vendor import of Heimdal 0.2p
2000-02-24 11:28:20 +00:00
markm
4f25fdd792
This commit was generated by cvs2svn to compensate for changes in r57422,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:28:20 +00:00
markm
69414e22b9
Vendor import of Heimdal 0.2o
2000-02-24 11:19:29 +00:00
markm
1a9f61a7f9
This commit was generated by cvs2svn to compensate for changes in r57419,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:19:29 +00:00
markm
fa8b1a96d3
Vendor import of Heimdal 0.2n
2000-02-24 11:07:16 +00:00
markm
50efcd9b31
This commit was generated by cvs2svn to compensate for changes in r57416,
...
which included commits to RCS files with non-trunk default branches.
2000-02-24 11:07:16 +00:00
markm
d99784ddf1
freefall/internat diff reducer
2000-02-24 10:38:40 +00:00
markm
fd6da7cf96
Freefall/Internat diff reducer.
2000-02-24 10:37:29 +00:00
jkh
c99b4c1afc
Add call stubs for dynamic rsaref loading. This isn't enabled for now
...
but simply lets us sync up on the solution as it's evolved.
2000-02-22 06:22:54 +00:00
shin
981d4a6e4b
Use static buffer to save source route hostnames.
...
Approved by: jkh
2000-02-19 16:33:14 +00:00
shin
e1b335a34c
Print "Trying ..." for each host. Also cleanups for error printing.
...
Approved by: jkh
Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
2000-02-19 16:17:41 +00:00
shin
77f276d5ac
Fix bugs in telnet.
...
Sorry there were still several bugs.
-error retry at af missmatch was incomplete.
-af matching for source addr option was wrong
-socket was not freed at retry.
Approved by: jkh
2000-02-15 15:59:12 +00:00
shin
bca215974d
Add more dual stack consideration.
...
-Should retry as much as possible when some of source
routing intermediate hosts' address families missmatch
happened.
(such as when a host has only A record, and another host
has each of A and AAAA record.)
-Should retry as much as possible when dest addr and
source addr(specified with -s option) address family
missmatch happend
Approved by: jkh
2000-02-10 20:06:36 +00:00
shin
67ff6efc68
Fix telnet core dump at invalid service name specified.
...
Added an error check to avoid it.
Approved by: jkh
Submitted by: Robert Muir <rmuir@gibralter.net>
2000-02-07 00:52:49 +00:00
shin
3859c2231c
Add NI_NAMEREQD flag to getnameinfo() call. Without this flag,
...
getnameinfo() don't return error at name resolving failure.
But it is used at doaddrlookup(-N) case in telnet, error need to be
returned to correctly initialize hostname buffer.
Discovered at checking recent KAME repository change, noticed by itojun.
2000-01-29 18:21:05 +00:00
shin
ce15efb7c0
another tcp apps IPv6 updates.(should be make world safe)
...
ftp, telnet, ftpd, faithd
also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
2000-01-27 09:28:38 +00:00
kris
7e4e44947b
Import the RSA support code. There shouldn't be any actual RSA
...
cryptography here.
2000-01-16 05:14:57 +00:00
kris
2e01efe7c1
This commit was generated by cvs2svn to compensate for changes in r56083,
...
which included commits to RCS files with non-trunk default branches.
2000-01-16 05:14:57 +00:00
kris
f389ea9752
Fix for missing symbol in -DRSAref case.
2000-01-16 04:45:18 +00:00
kris
728ac76565
Fix breakage when NO_RSA specified.
...
Reviewed by: Ben Laurie <ben@openssl.org>
2000-01-14 05:24:08 +00:00
kris
168e054f17
Zap NO_IDEA
2000-01-10 06:28:04 +00:00
cvs2svn
06e3860a5c
This commit was manufactured by cvs2svn to create branch
...
'VENDOR-crypto-openssl'.
2000-01-10 06:27:13 +00:00
kris
4203a050f6
List of files to nuke prior to import.
2000-01-10 06:27:12 +00:00
kris
2e467dc342
Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent
...
infringement reasons.
2000-01-10 06:22:05 +00:00
kris
ebe7c1ce23
This commit was generated by cvs2svn to compensate for changes in r55714,
...
which included commits to RCS files with non-trunk default branches.
2000-01-10 06:22:05 +00:00
kris
b8e601b240
Zap the IDEA stuff - it's patented internationally (at least in some
...
places), and we don't want people to get in trouble just for having it.
2000-01-10 05:36:35 +00:00
markm
4ecbd6db44
Import KTH Heimdal, which will be the core of our Kerberos5.
...
Userland to follow.
2000-01-09 20:58:00 +00:00
markm
5f68254a36
This commit was generated by cvs2svn to compensate for changes in r55682,
...
which included commits to RCS files with non-trunk default branches.
2000-01-09 20:58:00 +00:00
markm
469413f558
Fix path.
2000-01-09 13:52:56 +00:00
markm
3b8aea4be2
resolve conflicts.
2000-01-09 08:53:35 +00:00
markm
ca616c603d
Clean import of KTH Kerberos (eBones) v1.0.
2000-01-09 08:31:47 +00:00
markm
6ae78a5389
This commit was generated by cvs2svn to compensate for changes in r55643,
...
which included commits to RCS files with non-trunk default branches.
2000-01-09 08:31:47 +00:00
green
8b8214b6d3
Upgrade to the pam_ssh module, version 1.1..
...
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used. XDM and its variants
should now work without modification. Note that the new code uses
the macros in <sys/queue.h>.
Submitted by: Andrew J. Korty <ajk@iu.edu>
1999-12-28 05:32:54 +00:00
kris
e829abb179
Initial import of OpenSSL v0.9.4
1999-12-25 16:37:36 +00:00
kris
4562f83d3b
This commit was generated by cvs2svn to compensate for changes in r55099,
...
which included commits to RCS files with non-trunk default branches.
1999-12-25 16:37:36 +00:00
green
bcc4466e40
Add the PAM SSH RSA key authentication module. For example, you can add,
...
"login auth sufficient pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)
PR: 15158
Submitted by: Andrew J. Korty <ajk@waterspout.com>
Reviewed by: obrien
1999-11-29 07:09:44 +00:00
markm
7df5ada37c
Merge anf fix for build.
1999-09-19 21:56:09 +00:00
markm
fe83e8abf3
Clean import of KTH krb4-0.10.1.
1999-09-19 14:19:32 +00:00
markm
c171f3b182
This commit was generated by cvs2svn to compensate for changes in r51415,
...
which included commits to RCS files with non-trunk default branches.
1999-09-19 14:19:32 +00:00
markm
4f947d680a
Big OpenSSL/KTH/FreeBSD merge, badly poisoned by $FreeBSD$'s.
1999-09-19 13:04:49 +00:00
markm
69cafd82fe
This commit was generated by cvs2svn to compensate for changes in r50894,
...
which included commits to RCS files with non-trunk default branches.
1999-09-04 12:45:43 +00:00
markm
aebb972b81
Vendor import EAY's LIBSSL to fix comments, etc.
1999-09-04 12:45:43 +00:00
markm
101cc573f4
Add macro originally provided externally.
1999-09-04 11:06:07 +00:00
markm
a00f78e661
Add includes to to silence warnings. Bit hackish.
1999-09-04 11:03:01 +00:00
markm
d7d8526858
Add some includes to shut up warnings.
1999-09-04 10:46:27 +00:00
markm
145a94070b
Drat. Import this into the right place. Pass me the pointy hat.
1999-09-01 19:59:25 +00:00
markm
3083434d3d
This commit was generated by cvs2svn to compensate for changes in r50760,
...
which included commits to RCS files with non-trunk default branches.
1999-09-01 19:59:25 +00:00
markm
05435ef431
Termcap header no longer needed.
1999-09-01 18:57:38 +00:00
peter
efabb9ccb1
$Id$ -> $FreeBSD$
1999-08-28 01:35:59 +00:00
markm
43201bf2b8
Add virtual MAINTAINER line.
1999-08-16 19:05:02 +00:00
nsayer
6cf65828c9
According to Mark Murray, Makefiles do not belong here. I guess we're
...
going to have to figure something else out.
1999-08-16 18:59:05 +00:00
nsayer
189690bcce
Add SRA authentication to src/crypto/telnet.
...
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.
SRA was originally developed at Texas A&M University.
This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).
SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.
1999-08-16 11:24:29 +00:00
nsayer
8528b2a710
Fix int function without return (make consistent with neighbors)
1999-08-16 02:15:29 +00:00
nik
668aec5d3d
Document the "skey" command in telnet(1).
...
PR: docs/12360
Submitted by: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime)
Nagged by: markm :-)
1999-07-30 21:24:03 +00:00
ru
c7b22dab8b
Merge from non-crypto version:
...
- "-N" option
- "-E" security fix
- "-s src_addr" option
Requested by: markm
1999-06-17 09:24:37 +00:00
brian
7670f1eab4
MF libexec/telnetd: Determine the host name using an array size of
...
MAXHOSTNAMELEN and call trimdomain() before implementing
the -u option.
1999-04-08 21:39:34 +00:00
brian
88f6c1a7e8
MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes.
1999-04-07 10:17:24 +00:00
brian
07625d3f4d
Use realhostname().
1999-04-06 23:35:21 +00:00
brian
290eeb0e06
MF src/libexec/telnetd: Verify the reverse DNS lookup
...
ala rlogind.
Suggested by: markm
1999-04-06 12:41:27 +00:00
peter
e133ecebec
Old stuff laying around: Don't use getstr which can conflict with some
...
curses/termcap/terminfo implementations and causes recursion.
1998-12-16 06:06:06 +00:00
peter
f3847d7306
Old stuff from a source tree: copy (verbatum) the code to expand the
...
%s/%m in the default /etc/gettytab.
1998-12-16 06:01:33 +00:00
gpalmer
be7570dbc1
Remove redundant decl. of time(). Causes problems on alpha
1998-09-01 15:17:28 +00:00
jdp
f731a1a207
Remove a work-around for an assembler bug that has been fixed since
...
April, 1997. The work-around causes problems under ELF.
1998-08-31 20:01:48 +00:00
markm
0503689f0a
Fix nasty typo that randomly caused kinit to not properly deduce the
...
user's username when this was not specified.
Reported by: Sean Eric Fagan
1998-03-29 07:27:43 +00:00
markm
3513ffecbf
Make the ticket filename the same as for our old eBones. I am going to
...
kerberize xdm again, and it will be a pain to maintain two different
sets of patches (for 2.2 and 3.0).
1998-02-16 12:39:25 +00:00
markm
765f216743
Bring back the old behaviour of kinit; if no username is mentioned on
...
the command line, attempt to get a ticket for the current uid (or
<uid>.root if we are already su'ed).
Requested By: Garrett Wollman
1998-02-16 12:36:49 +00:00
imp
7d01b0b30c
MFC: sprintf paranoia
1998-01-22 00:04:57 +00:00
charnier
25d74465e2
MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3).
1997-12-08 07:41:13 +00:00
markm
6026327fe6
kinit(1) and its man page do not agre on what is reported with -v. Fix this.
...
Submitted by: Sheldon Hearn.
1997-11-25 21:12:37 +00:00
uhclem
e9a0f249e7
PR: bin/771 and bin/1037 are resolved by this change
...
This change changes the default handling of linemode so that older and/or
stupider telnet clients can still get wakeup characters like <ESC> and
<CTRL>D to work correctly multiple times on the same line, as in csh
"set filec" operations. It also causes CR and LF characters to be read by
apps in certain terminal modes consistently, as opposed to returning
CR sometimes and LF sometimes, which broke existing apps. The change
was shown to fix the problem demonstrated in the FreeBSD telnet client,
along with the telnet client in Solaris, SCO, Windows '95 & NT, DEC OSF,
NCSA, and others.
A similar change was incorporated in the non-crypto version of telnetd.
This resolves bin/771 and bin/1037.
1997-10-08 03:14:34 +00:00
wosch
8ee659dd96
Sort cross refereces in section SEE ALSO.
1997-09-29 19:11:55 +00:00
markm
00501fb8d7
FreeBSD's original passwd helper is needed here.
1997-09-21 17:37:08 +00:00
markm
cd2a6be22c
Bring the FreeBSD changes to the virgin sources.
1997-09-07 07:02:53 +00:00
markm
d1685a9fcc
FreeBSD specific schanges - mainly religious issues about where to put
...
stuff.
1997-09-04 21:37:57 +00:00
markm
21c65d62af
This commit was generated by cvs2svn to compensate for changes in r29088,
...
which included commits to RCS files with non-trunk default branches.
1997-09-04 06:11:16 +00:00
markm
2ea49f693f
Initial import of BSD telnet. This will be used to build the kerberised
...
telnet, and after userland diffs have been merged in, will be used to
build the non-kerberised sources as well. (See unifdef(1) for details)
1997-09-04 06:11:16 +00:00
markm
a8a89cfaf9
Initial import of KTH eBones. This has been cleaned up to only include
...
the "core" Kerberos functionality. The rest of the userland will get their
own changes later.
1997-09-04 06:04:33 +00:00
markm
5a800c893f
This commit was generated by cvs2svn to compensate for changes in r29085,
...
which included commits to RCS files with non-trunk default branches.
1997-09-04 06:04:33 +00:00
markm
fe8101c086
Bring in the Starter files for the contrib-crypto dir.
...
I am not going to commit anything to this area for a few days.
This is because
1) I want everyone to be DARN sure there is no export of crypto
that may get our USA friends it trouble.
2) I have been asked by the folk developing KTH-eBones to hold off
for their new release.
Worked with: rkw, jdp
CVS:
CVS:
1997-05-03 09:16:07 +00:00