Commit Graph

54 Commits

Author SHA1 Message Date
des
da156e9602 Update for OpenSSH 3.5p1. 2002-10-29 10:18:00 +00:00
des
a651b056f9 ssh-keysign(8) belongs in /usr/libexec, not in /usr/bin, and needs to be
setuid so ssh(1) doesn't have to be.

Pointy hat to:	des
Submitted by:	Katsuyuki TATEISHI <katsu@iec.hiroshima-u.ac.jp>
2002-07-05 08:39:09 +00:00
des
513df53f59 No guts, no glory. Switch to OpenSSH-portable.
Sponsored by:	DARPA, NAI Labs
2002-06-25 19:10:09 +00:00
ru
b2c3dc0715 Now that cross-tools ld(1) has been fixed to look for dynamic
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by:	markm
2002-02-08 13:42:58 +00:00
kris
0e1bb965cc Set WFORMAT=0, overlooked in previous commits to libexec/.
Reported by:	jhay
2002-02-06 11:07:55 +00:00
ru
c9d8bf8608 Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:54:17 +00:00
markm
7f33af3e59 Clean up makefiles, and turn on WARNS=2. Take into account the telnet
#if cleanup.
2001-11-30 21:10:58 +00:00
markm
18d8718070 Revamp and diff-reduce the various secure telnets. Make sure that
Kerberos5 has _a_ telnet (which is not currently K5 enabled).
Incorporate BDE's static linking fixes.
2001-08-03 16:03:26 +00:00
bde
150ca138e2 Fixed world breakage when NOSHARED=yes. libmp now depends on libcrypto,
so it must be linked before libcrypto to work right.
2001-07-30 14:36:19 +00:00
bde
5e17943e7b Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the lbraries necessary for static linkage.

Fixed new and old bugs in DPADD.  ${LIBPAM} was missing, and the
library order was different from that in LDADD so `make checkdpadd'
reported a non-bug.
2001-05-09 14:23:54 +00:00
nsayer
ce2648b0d2 Add PAM support to SRA authentication. Cribbed mostly from ftpd. This
doesn't solve the problem of root being allowed to log in, but that sort
of thing is something PAM should be doing anyway.
2001-05-07 20:38:39 +00:00
green
a0c1c483e2 Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new
programs are now included: sftp(1) and ssh-keyscan(1).
2001-05-04 04:21:25 +00:00
ru
98c6ecb383 Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.
Approved by:	markm
2001-03-28 12:08:22 +00:00
ru
ffbd5f978d secure/ build fixes:
- TELNETOBJDIR is gone.  `buildworld' already installs libtelnet.a
  in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.

- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
  New LIBSSH is introduced for libssh.a (an internal static lib).
  Previously, build without prior `obj' was broken; SSH modules
  always looked for libssh.a in ${.OBJDIR}.  Also, the dependancies
  on the libssh.a were missing.

- libtelnet/ did not install the crypto version of telnet.h into
  /usr/include/arpa.

- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.

Reviewed by:	markm

- MAN[1-9] -> MAN.
2001-03-26 14:53:33 +00:00
kris
8d2aad5ae9 Only build sftp-server conditionally 2000-09-16 22:43:00 +00:00
ache
ec0b442175 Add sftp-server 2000-09-15 01:04:32 +00:00
kris
f9e92409b4 Update for OpenSSH 2.2.0 2000-09-10 09:43:29 +00:00
kris
9cf81bab1e Don't build crypto-enabled telnetd if NO_OPENSSL is defined, since it
attempts to link against libcrypto.
2000-07-25 01:11:17 +00:00
markm
ef025b40ab Build everything properly. This means:
o Don't b uild libdes.

o Crypto is now housed in libcrypto (with a compatability symlink to
  libdes)

o RSA may depend on RSAREF at your locale.

o OpenSSH is now a part of the base system.
2000-02-24 18:59:34 +00:00
shin
ce15efb7c0 another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
2000-01-27 09:28:38 +00:00
peter
bf11704e75 Revert -lmd changes now that libcrypt doesn't expose this binutils/ld
bug any more.
1999-12-18 16:42:33 +00:00
marcel
539b0dd3ef Add libmd to DPADD and LDADD. 1999-12-17 11:45:28 +00:00
markm
ca616e7d07 Dont build telenet if we are going for kerberised telnet; this just
jumps all over kerberised telnet otherwise.
1999-10-12 19:48:05 +00:00
markm
e22fcdae42 Make telnet with SRA work.
Submitted by:	Nick Sayer
1999-10-07 19:47:09 +00:00
markm
524bda369e Secure telnet is now in eBones. 1996-11-07 14:42:57 +00:00
peter
7e745e3e6f Same as non-secure telnetd, add support for ``-P altlogin'' to specify
an alternate /usr/bin/login type program to be run.
1996-08-13 07:53:54 +00:00
ache
573902ba60 Localize time 1996-05-07 19:05:10 +00:00
markm
135587ee97 Big clean-up job. Remove ancient and never-to-be used stuff.
The look much more like BSD Makefiles now.
1996-03-11 16:17:58 +00:00
ache
fd4a236df2 Sense MAKE_EBONES, DESTDIR
SRCS, DPADD cleanup
1996-03-09 13:39:00 +00:00
peter
ab124e78b0 recording cvs-1.6 file death 1995-12-30 19:02:48 +00:00
ache
b3c2c5a150 Remove LD_NOSTD_PATH unsetenv, it isn't exist anymore 1995-10-24 06:52:36 +00:00
ache
ad266c215d Fix original patch error with ! before strncmp
Zap only needed LD_* variables
1995-10-20 22:17:35 +00:00
ache
c0765b5449 Don't allow LD_* env. variables to be tricked
Submitted by: Sam Hartman <hartmans@mit.edu>
1995-10-20 17:16:58 +00:00
gibbs
651cbee0db Remove MAKE_EBONES conditionals. They were originally placed here because
of missing functionality in our libkrb which is no longer a problem.
1995-10-11 00:04:09 +00:00
gibbs
8d7d06f373 Add TELNETOBJDIR and CRYPTOBJDIR for use in LDADD entries. This makes
secure reference the libraries that were just build instead of in /usr/lib.
1995-09-16 03:04:10 +00:00
gibbs
958c14faa7 Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES. 1995-09-14 21:29:21 +00:00
dg
1ae004d611 sys_term.c: killed sleep(1) as this should no longer be a problem with
the move of startslave().
telnetd.c: fix bug introduced with the move of startslave()...the number
of arguments was wrong and "level" and "user_name" had to be made globals.
1995-09-11 21:02:02 +00:00
pst
14ad5aa657 Move erase cleanup outside linemode conditional 1995-09-06 02:03:36 +00:00
pst
8693020356 Avoid race condition with telnet options processing (login: prompt lost).
Submitted by:	John Capo & Peter Wemm
1995-09-05 19:31:06 +00:00
pst
b68227ec08 Set erase character for login: prompt.
Submitted by:	Peter Wemm & John Capo
1995-09-05 19:30:05 +00:00
pst
059d76f5fe Do NOT compile with -DKLUDGELINEMODE...hoses many telnet clients 1995-08-28 17:55:08 +00:00
ache
f87a14f2ec Comment out LDADD+=-ldescrypt, it is not yet active due to
missng defines for krb4encpwd and rsaencpwd and missing rsa library too.
1995-08-05 19:10:25 +00:00
ache
25dcf9aae3 Change default banner to FreeBSD, properly ifdefed by __FreeBSD__
Reviewed by:
Submitted by:
Obtained from:
1995-08-04 00:12:08 +00:00
markm
96fd43c32a After pst and ache fixed secure telnet, it was still not in the main
makefiles. This puts it in.

PLEASE NOTE - YOU WILL NEED TO BUILD AND INSTALL THE libtelnet IN secure/
Reviewed by:
Submitted by:
Obtained from:
1995-07-29 12:49:25 +00:00
ache
5bd836c190 Final cleanup pass through Makefiles, now this stuff
autodetect kerberos/eBones and work even with eBones,
but with reduced functionality (don't pick up des/krb stuff
in this case)
1995-07-24 22:55:59 +00:00
ache
2abb3f187a Add -ldescrypt, or wrong crypt version can be picked from libc
Reviewed by:
Submitted by:
Obtained from:
1995-07-24 22:01:01 +00:00
ache
8d6cb97e95 Since this stuff not works with eBones, ifdef kerberos stuff
with MAKE_KERBEROS to allow other things to live
Reviewed by:
Submitted by:
Obtained from:
1995-07-24 21:47:30 +00:00
ache
d5bb9e78cb Point to proper DESTDIR now
Reviewed by:
Submitted by:
Obtained from:
1995-07-24 20:31:07 +00:00
pst
5b689f15e4 When hostname len > 8, name replaced with dot notation when -u flag
not specified (default case).
Use _PATH_* for utmp/wtmp.

Support for >32 PTYs.
>Submitted by:   Heikki Suonsivu <hsu@cs.hut.fi>

Plug already known security hole. (Brought over from 1.1.5):
Fixed security problem with telnetd, which allowed
   telnet -l -hcert.org localhost
to change the user's host in utmp.
Thanks to Matthew Green <mrgreen@@mame.mu.oz.au> for showing me this one.

>Reviewed by:    karl, guido
>Submitted by:   mrgreen@mame.mu.oz.au

Obtained from:	FreeBSD insecure telnetd
1995-07-20 12:35:01 +00:00
pst
d1a257b33a The final negotiation of DO_BINARY in the LINEMODE portion of the telnetd code
causes some clients that do not support linemode to mis-interpret the return
key (i.e. double returns).
The fix is to only do the state check for binary options if linemode will
be used.
Closes PR#505.

Submitted by:   Charles Henrich
Obtained from:	FreeBSD insecure telnetd
1995-07-20 12:32:40 +00:00