d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
59,014 Commits 4 Branches 49 Tags 2 GiB
78a36d2109
Commit Graph

281 Commits

Author SHA1 Message Date
assar
b022d1d27e (scrub_env): change to only accept a listed set of variables, 
including only non-filename contents for TERMCAP
 2000-12-10 20:50:20 +00:00
green
ab6b35a1d6 Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>
 2000-12-05 02:55:12 +00:00
green
6202ac1614 Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
green
1c5144a169 This commit was generated by cvs2svn to compensate for changes in r69587, 
which included commits to RCS files with non-trunk default branches.
 2000-12-05 02:20:19 +00:00
green
2aecee364f Import of OpenSSH 2.3.0 (virgin OpenBSD source release). 2000-12-05 02:20:19 +00:00
brian
17a750ff36 Remove duplicate line 
Not responded to by: kris, then green
 2000-12-04 22:57:53 +00:00
asmodai
56b0ddae6c Add more environment variables to be filtered through scrub_env(). 
Synched from normal telnet.
 2000-11-30 13:14:54 +00:00
asmodai
5c47bfad32 String paranoia fix. Synched from normal telnet. 2000-11-30 13:10:01 +00:00
asmodai
617a96fd6d String paranoia. Merged from regular telnet. 2000-11-30 10:55:25 +00:00
kris
35eec2074d Correct definition of MAXHOSTNAMELEN in ifdef'ed code. 
Submitted by:	Edwin Groothuis <mavetju@chello.nl>
PR:		bin/22787
 2000-11-26 21:37:51 +00:00
green
163406c6e5 In env_destroy(), it is a bad idea to env_swap(self, 0) to switch 
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2000-11-25 02:00:35 +00:00
billf
de5ab7abc1 Correct an arguement to ssh_add_identity, this matches what is currently 
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
 2000-11-25 01:55:42 +00:00
ru
71e2293ad4 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
kris
1a1517afe4 Fix a buffer overflow from a long local hostname. 
Obtained from:	OpenBSD
 2000-11-19 10:08:26 +00:00
green
0bc5843790 Add login_cap and login_access support. Previously, these FreeBSD-local 
checks were only made when using the 1.x protocol.
 2000-11-14 04:35:03 +00:00
green
100d82038d Import a security fix: the client would allow a server to use its 
ssh-agent or X11 forwarding even if it was disabled.

This is the vendor fix provided, not an actual revision of clientloop.c.

Submitted by:	Markus Friedl <markus@OpenBSD.org> via kris
 2000-11-14 03:51:53 +00:00
green
fb253173ae This commit was generated by cvs2svn to compensate for changes in r68700, 
which included commits to RCS files with non-trunk default branches.
 2000-11-14 03:51:53 +00:00
kris
4b15a516e7 Update list of files to remove prior to import 2000-11-13 07:46:20 +00:00
kris
76c54c9ba3 Resolve conflicts, and garbage collect some local changes that are no 
longer required
 2000-11-13 02:20:29 +00:00
kris
539b977eff Initial import of OpenSSL 0.9.6 2000-11-13 01:03:58 +00:00
kris
f648020584 This commit was generated by cvs2svn to compensate for changes in r68651, 
which included commits to RCS files with non-trunk default branches.
 2000-11-13 01:03:58 +00:00
ru
a6f5d950d8 Avoid use of direct troff requests in mdoc(7) manual pages. 2000-11-10 17:46:15 +00:00
dougb
353f00f96c Add a CVS Id tag 2000-10-29 10:00:58 +00:00
kris
d2f83e4ec4 Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY 2000-10-29 00:10:14 +00:00
green
3c8715d5d7 Fix a few style oddities. 2000-09-10 18:04:12 +00:00
green
bb24bb397b Fix a goof in timevaldiff. 2000-09-10 18:03:46 +00:00
kris
c5a4794750 Remove files no longer present in OpenSSH 2.2.0 and beyond 2000-09-10 10:26:07 +00:00
kris
24372e6c10 Resolve conflicts and update for OpenSSH 2.2.0 
Reviewed by:	gshapiro, peter, green
 2000-09-10 09:35:38 +00:00
kris
0ca2bdc2f7 Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 2000-09-10 08:31:17 +00:00
kris
f2912c8208 This commit was generated by cvs2svn to compensate for changes in r65668, 
which included commits to RCS files with non-trunk default branches.
 2000-09-10 08:31:17 +00:00
kris
e4a753d311 Nuke RSAREF support from orbit. 
It's the only way to be sure.
 2000-09-10 00:09:37 +00:00
kris
2450bc1f18 ttyname was not being passed into do_login(), so we were erroneously picking 
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by:	peter
 2000-09-04 08:43:05 +00:00
kris
175e5fe4dd bzero() the struct timeval for paranoia 
Submitted by:	gshapiro
 2000-09-03 07:58:35 +00:00
kris
868b20c6a8 Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody 
was using this feature.
 2000-09-02 07:32:05 +00:00
kris
458b9e5882 Repair a broken conflict resolution in r1.2 which had the effect of nullifying 
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".

Submitted by:	gshapiro
 2000-09-02 05:40:50 +00:00
kris
8b99f6e1dc Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh! 
Submitted by:	gshapiro
 2000-09-02 04:41:33 +00:00
kris
6eee534256 Re-add missing "break" which was lost during a previous patch 
integration. This currently has no effect.

Submitted by:	gshapiro
 2000-09-02 04:37:51 +00:00
kris
42ae81df48 Turn on X11Forwarding by default on the server. Any risk is to the client, 
where it is already disabled by default.

Reminded by:	peter
 2000-09-02 03:49:22 +00:00
kris
3ae9606341 Increase the default value of LoginGraceTime from 60 seconds to 120 
seconds.

PR:		20488
Submitted by:	rwatson
 2000-08-23 09:47:25 +00:00
kris
aba57a02e8 Respect X11BASE to derive the location of xauth(1) 
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
 2000-08-23 09:39:20 +00:00
kris
e5f617598c Fix setproctitle() and syslog() vulnerabilities. 2000-08-13 05:23:23 +00:00
kris
c433a0e2f8 This commit was generated by cvs2svn to compensate for changes in r64593, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 05:23:23 +00:00
kris
e5795f1541 Fix benign bugs due to missing format string in err() and warn(). 
Approved by:	assar (vendor :-)
 2000-08-13 04:46:54 +00:00
kris
cab37673f6 This commit was generated by cvs2svn to compensate for changes in r64583, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 04:46:54 +00:00
kris
f7413271b5 Fix setproctitle() vulnerability in non-compiled code. 2000-08-13 04:35:43 +00:00
asmodai
5209950187 Chalk up another phkmalloc victim. 
It seems as if uninitialised memory was the culprit.

We may want to contribute this back to the OpenSSH project.

Submitted by:	Alexander Leidinger <Alexander@Leidinger.net> on -current.
 2000-08-01 08:07:15 +00:00
alex
0a765c451d Crypto sources are no longer export controlled: 
Explain, why crypto sources are still in crypto/.

Reviewed by:	markm
 2000-07-31 12:24:13 +00:00
asmodai
0a6c762555 Fix a weird typo, is -> are. 
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.

Submitted by:	Jon Perkin <sketchy@netcraft.com>
 2000-07-27 19:21:15 +00:00
marko
1dcee686be Fixed a minor typo in the header. 
Pointed out by:	asmodai
 2000-07-27 17:21:07 +00:00
marko
674af77794 Committed, Thanks!! 
PR:		20108
Submitted by:	Doug Lee
 2000-07-25 16:49:48 +00:00
ume
0abc0cfcd6 Fix buffer size of ALIGNed buffer. 
PR:		bin/20053
Submitted by:	Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
 2000-07-20 14:54:04 +00:00
assar
f816d255fa merge in syslog fixes, do not call syslog with variabel as format string 2000-07-20 05:43:55 +00:00
peter
e2062d0bd5 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
nsayer
f0ebc4fdd1 Fix 'telnet -X sra' coredump 
PR# 19835
 2000-07-11 15:04:05 +00:00
peter
d9df5f65de Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes) 2000-07-11 09:54:24 +00:00
peter
5f6efaa063 Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600. 2000-07-11 09:52:14 +00:00
peter
772dd17b51 Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but 
sshd's internal default was 'yes'.  (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)

Approved by: kris
 2000-07-11 09:50:15 +00:00
peter
adeace1395 Make FallBackToRsh off by default. Falling back to rsh by default is 
silly in this day and age.

Approved by: kris
 2000-07-11 09:39:34 +00:00
kris
a5aaf7609c Don't call printf with no format string. 2000-07-10 05:16:59 +00:00
ume
4eacfb7489 Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA 
change (getaddrinfo.c rev 1.12).
 2000-07-08 05:22:00 +00:00
itojun
1fcab4244d sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org 2000-07-07 12:35:05 +00:00
green
be6e69fbed Allow restarting on SIGHUP when the full path was not given as argv[0]. 
We do have /proc/curproc/file :)
 2000-07-04 06:43:26 +00:00
green
26efc47d38 So /this/ is what has made OpenSSH's SSHv2 support never work right! 
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
 2000-06-27 21:16:06 +00:00
green
71e9ee0209 Also make sure to close the socket that exceeds your rate limit. 2000-06-26 23:39:26 +00:00
green
9bccae4f2e Make rate limiting work per-listening-socket. Log better messages than 
before for this, requiring a new function (get_ipaddr()).  canohost.c
receives a $FreeBSD$ line.

Suggested by:	Niels Provos <niels@OpenBSD.org>
 2000-06-26 05:44:23 +00:00
markm
2fe0472e39 MFI. This is a documentation-only, diffreducing patch, that if 
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
 2000-06-24 06:50:58 +00:00
markm
58b7870cc7 Grrr. I hate CVS. These were supposed to be committed when I did the 
IDEA fix earlier today.

Bring back IDEA from the dead (but not compiled by default).
 2000-06-19 21:09:27 +00:00
markm
940ce492dc Re-add IDEA. This is not actually built unless asked for by the user. 
(To avoid patent hassles).
 2000-06-19 13:59:34 +00:00
kris
4f57b24cfd Fix syntax error in previous commit. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-06-11 21:41:25 +00:00
kris
ad6da2a572 Fix security botch in "UseLogin Yes" case: commands are executed with 
uid 0.

Obtained from:	OpenBSD
 2000-06-10 22:32:57 +00:00
ru
caf976b39e Make `ssh-agent -k' work for csh(1)-like shells. 2000-06-10 14:14:28 +00:00
green
ba3f3c2ac7 Allow "DenyUsers" to function. 2000-06-06 06:16:55 +00:00
kris
a55fcaa060 Resolve conflicts 2000-06-03 09:58:15 +00:00
kris
3639dd9ace Initial import of OpenSSH snapshot from 2000/05/30 
Obtained from:	OpenBSD
 2000-06-03 09:52:37 +00:00
kris
0a76acd42d This commit was generated by cvs2svn to compensate for changes in r61209, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:52:37 +00:00
kris
1e51208074 Resolve conflicts 2000-06-03 09:23:13 +00:00
kris
585dc667de Import from vendor repository. 
Obtained from:	OpenBSD
 2000-06-03 09:20:19 +00:00
kris
780d02839a This commit was generated by cvs2svn to compensate for changes in r61206, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:20:19 +00:00
kris
66c0eb5d8c Bring vendor patches onto the main branch, and resolve conflicts. 2000-06-03 07:31:44 +00:00
kris
e503398156 Import vendor patches: the first is written by 
Brian Feldman <green@FreeBSD.org>

* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)

Submitted by:	green
Obtained from:	OpenBSD
 2000-06-03 07:18:09 +00:00
kris
88a84bd92e This commit was generated by cvs2svn to compensate for changes in r61201, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:18:09 +00:00
kris
10badcd8c7 Import vendor patch originally submitted by the below author: don't 
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.

Submitted by:	Jan Koum <jkb@yahoo-inc.com>
 2000-06-03 07:06:14 +00:00
kris
89aaaa3ccb This commit was generated by cvs2svn to compensate for changes in r61199, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:06:14 +00:00
kris
e1e1f53651 Import vendor fix: "fix key_read() for uuencoded keys w/o '='" 
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.

Submitted by:	Christian Weisgerber <naddy@mips.inka.de>
Obtained from:	OpenBSD
 2000-06-03 06:51:30 +00:00
kris
27503968d8 Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
jake
961b97d434 Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
jake
d93fbc9916 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
ache
b102c893de Turn on CheckMail to be more login-compatible by default 2000-05-23 06:06:54 +00:00
brian
0e085590db Don't USE_PIPES 
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
 2000-05-22 09:51:18 +00:00
kris
ecdf63b33e Correct two stupid typos in the DSA key location. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-05-18 06:04:23 +00:00
kris
de71a10db8 Unbreak Kerberos5 compilation. This still remains untested. 
Noticed by:	obrien
 2000-05-17 08:06:20 +00:00
kris
40816e5260 Oops, rename S/Key to Opie in line with FreeBSD usage. 2000-05-15 06:11:30 +00:00
kris
866470d785 Create a DSA host key if one does not already exist, and teach sshd_config 
about it.
 2000-05-15 05:40:27 +00:00
kris
a632b4789c Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00
kris
4dc8aa85ce Initial import of OpenSSH v2.1. 2000-05-15 04:37:24 +00:00
kris
8cf8ce7bb1 This commit was generated by cvs2svn to compensate for changes in r60573, 
which included commits to RCS files with non-trunk default branches.
 2000-05-15 04:37:24 +00:00
nik
b8783e88c4 Note that X11 Forwarding is off by default. 
PR:             docs/17566
Submitted by:   Keith Stevenson <ktstev01@louisville.edu>
 2000-04-30 22:41:58 +00:00
markm
3e04080f8a MFF: catch up with FreeFall 2000-04-19 21:20:54 +00:00
kris
a0eba154d3 If stderr is closed, report the error message about missing libraries 
via syslog instead.

Reviewed by:	jkh
 2000-04-18 06:25:24 +00:00
markm
f8f9ad64d4 Internat diff reducer. 2000-04-16 17:49:31 +00:00