d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
238,464 Commits 4 Branches 49 Tags 2 GiB
907009c8af
Commit Graph

520 Commits

Author SHA1 Message Date
des
a74a69e336 Regenerate; no effect on the code as it doesn't actually use the handful of 
conditionals that changed in this revision.
 2006-10-02 12:45:27 +00:00
des
14ad83d6bf Update configure options and add some missing steps. 
The section about our local changes needs reviewing, and some of those
changes should probably be reconsidered (such as preferring DSA over RSA,
which made sense when RSA was encumbered but probably doesn't any more)
 2006-10-02 12:39:28 +00:00
des
0824f0c0e7 Regenerate. 
MFC after:	1 week
 2006-09-30 13:40:56 +00:00
des
ac038c1070 #include <errno.h>; this has the unfortunate side effect of taking the file 
off the vendor branch.

MFC after:	1 week
 2006-09-30 13:40:35 +00:00
des
0f481d7c8c Removed from vendor branch. 
MFC after:	1 week
 2006-09-30 13:39:35 +00:00
des
e16bfbb7bc Bump version addendum. 
MFC after:	1 week
 2006-09-30 13:39:07 +00:00
des
4ff234ef46 Merge conflicts. 
MFC after:	1 week
 2006-09-30 13:38:06 +00:00
des
2f35ce4773 Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00
des
abd7c8704b This commit was generated by cvs2svn to compensate for changes in r162852, 
which included commits to RCS files with non-trunk default branches.
 2006-09-30 13:29:51 +00:00
des
97a1b8f884 Merge vendor patch for BSM problem in protocol version 1. 
MFC after:	1 week
 2006-09-16 15:12:58 +00:00
des
03ef9d989b Vendor patch for a problem that prevented using protocol version 1 when 
BSM was enabled.
 2006-09-16 15:10:13 +00:00
des
d9ba51b5fc Our glob(3) has all the required features. 
Submitted by:	ache
 2006-06-09 08:39:05 +00:00
des
a34ad0a5f7 Revert inadvertant commit of debugging code. 2006-06-09 07:23:14 +00:00
des
148092431d Introduce a namespace munging hack inspired by NetBSD to avoid polluting 
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
 2006-05-13 13:47:45 +00:00
des
9c68158992 Fix utmp. There is some clever logic in configure.ac which attempts to 
determine whether struct utmp contains the ut_host and ut_time fields.
Unfortunately, it reports a false negative for both on FreeBSD, and I
didn't check the resulting config.h closely enough to catch the error.

Noticed by:	ache
 2006-03-23 21:31:42 +00:00
des
eb091e1fc6 Regenerate. 2006-03-22 20:41:53 +00:00
des
7c07891caf Merge conflicts. 2006-03-22 20:41:37 +00:00
des
448503722a Vendor import of OpenSSH 4.3p1. 2006-03-22 19:46:12 +00:00
des
c2efe9a305 This commit was generated by cvs2svn to compensate for changes in r157016, 
which included commits to RCS files with non-trunk default branches.
 2006-03-22 19:46:12 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see: 
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
 2006-03-17 18:54:44 +00:00
dfr
d9cbcb50b5 Add a new extensible GSS-API layer which can support GSS-API plugins, 
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
 2005-12-29 14:40:22 +00:00
des
fbfe6dd7e0 Regenerate 2005-09-03 07:08:51 +00:00
des
88c7c9558b Resolve conflicts. 2005-09-03 07:04:25 +00:00
des
755a16fa86 Vendor import of OpenSSH 4.2p1. 2005-09-03 06:59:33 +00:00
des
1ea3628aba This commit was generated by cvs2svn to compensate for changes in r149749, 
which included commits to RCS files with non-trunk default branches.
 2005-09-03 06:59:33 +00:00
des
f0dcade643 fine-tune. 2005-09-03 06:42:11 +00:00
des
af7fe6f7d6 Forgot to bump the version addendum. 2005-06-05 18:30:53 +00:00
des
ec61b1c40a Regenerate. 2005-06-05 15:46:27 +00:00
des
983ad11a1c Resolve conflicts. 2005-06-05 15:46:09 +00:00
des
3c5bc6b274 Update for 4.1p1. 2005-06-05 15:43:57 +00:00
des
c4dfc1ed3b Vendor import of OpenSSH 4.1p1. 2005-06-05 15:41:57 +00:00
des
35c298a910 This commit was generated by cvs2svn to compensate for changes in r147001, 
which included commits to RCS files with non-trunk default branches.
 2005-06-05 15:41:57 +00:00
des
11a09ab416 Vendor import of OpenSSH 4.0p1. 2005-06-05 15:40:50 +00:00
des
7688286f9d This commit was generated by cvs2svn to compensate for changes in r146998, 
which included commits to RCS files with non-trunk default branches.
 2005-06-05 15:40:50 +00:00
des
9230b25dd7 Rewrite some of the regexps so they don't match themselves. 2005-06-04 23:18:33 +00:00
des
2ed082fd66 Better Xlist command line. 2004-10-28 16:13:28 +00:00
des
a744ec13ad Resolve conflicts 2004-10-28 16:11:31 +00:00
des
d5d493f03a Vendor import of OpenSSH 3.9p1. 2004-10-28 16:03:53 +00:00
des
b0cdf22191 This commit was generated by cvs2svn to compensate for changes in r137015, 
which included commits to RCS files with non-trunk default branches.
 2004-10-28 16:03:53 +00:00
des
0a4f1e0cd4 These are unnecessary and have been causing imp@ trouble. 2004-10-27 19:07:36 +00:00
des
aaa4408d55 Regenerate. 2004-04-20 09:49:37 +00:00
des
6e7fa35a0a One more conflict. 2004-04-20 09:47:13 +00:00
des
e5d801b2d6 Resolve conflicts. 2004-04-20 09:46:41 +00:00
des
efa3572464 Adjust version number and addendum. 2004-04-20 09:37:29 +00:00
des
c69db9c5a2 Vendor import of OpenSSH 3.8.1p1. 2004-04-20 09:35:04 +00:00
des
13038249fe This commit was generated by cvs2svn to compensate for changes in r128456, 
which included commits to RCS files with non-trunk default branches.
 2004-04-20 09:35:04 +00:00
des
2fe413a41a Correctly document the default value of UsePAM. 2004-03-15 18:38:29 +00:00
des
437b8c0fdd Update VersionAddendum in config files and man pages. 2004-02-26 11:54:03 +00:00
des
c05d4b9b43 Define HAVE_GSSAPI_H. 2004-02-26 11:06:29 +00:00
des
77d6d5a07e Regenerate. 2004-02-26 10:57:38 +00:00
des
c7ba229763 Document recently changed configuration defaults. 2004-02-26 10:57:28 +00:00
des
124c4a1415 Resolve conflicts. 2004-02-26 10:52:33 +00:00
des
7d1750f1d6 Vendor import of OpenSSH 3.8p1. 2004-02-26 10:38:49 +00:00
des
1754c77e5e This commit was generated by cvs2svn to compensate for changes in r126274, 
which included commits to RCS files with non-trunk default branches.
 2004-02-26 10:38:49 +00:00
des
b1ffd1f6ac Merge OpenSSH 3.8p1. 2004-02-26 10:38:38 +00:00
des
270e7d7140 Prepare for upcoming 3.8p1 import. 2004-02-26 10:37:34 +00:00
des
85717525b0 Pull asbesthos underpants on and disable protocol version 1 by default. 2004-02-26 10:24:07 +00:00
des
49dee586c1 Turn non-PAM password authentication off by default when USE_PAM is 
defined.  Too many users are getting bitten by it.
 2004-02-19 15:53:31 +00:00
des
84ff378ae4 Update the "overview of FreeBSD changes to OpenSSH-portable" to reflect 
reality.
 2004-01-25 13:09:56 +00:00
des
31d02c599b Work around removal of EAI_NODATA from netdb.h. 2004-01-18 22:31:30 +00:00
des
5c8d98dfbd Don't output the terminating '\0' (already fixed in OpenSSH CVS) 2004-01-09 12:57:36 +00:00
des
c3b2098e8b This commit was generated by cvs2svn to compensate for changes in r124287, 
which included commits to RCS files with non-trunk default branches.
 2004-01-09 12:57:36 +00:00
des
f773ff17e4 Egg on my face: UsePAM was off by default. 
Pointed out by:	Sean McNeil <sean@mcneil.com>
 2004-01-09 08:07:12 +00:00
des
59fac3f07b Regenerate config.h; I don't know why this didn't hit CVS yesterday. 2004-01-08 09:42:35 +00:00
des
bd159d8b4f Remove obsolete files on the vendor branch. 2004-01-08 09:33:46 +00:00
des
ee97d7f67c Update to reflect changes since the last version. 2004-01-07 11:51:18 +00:00
des
7545fb1c7e Resolve conflicts and remove obsolete files. 
Sponsored by:	registrar.no
 2004-01-07 11:16:27 +00:00
des
b5d16e7138 Vendor import of OpenSSH 3.7.1p2. 2004-01-07 11:10:17 +00:00
des
b5f9e06a6d This commit was generated by cvs2svn to compensate for changes in r124208, 
which included commits to RCS files with non-trunk default branches.
 2004-01-07 11:10:17 +00:00
des
fd8a3b71eb Merge OpenSSH 3.7.1p2. 2004-01-07 11:10:02 +00:00
simon
b25ecb5dd4 Add a missing word. 
Submitted by:	Michel Lavondes <fox@vader.aacc.cc.md.us>
Reviewed by:	des
MFC after:	1 week
 2003-10-31 21:49:47 +00:00
des
365ce457b0 Plug a memory leak in the PAM child process. It is of no great consequence 
as the process is short-lived, and the leak occurs very rarely and always
shortly before the process terminates.

MFC after:	3 days
 2003-10-23 08:27:16 +00:00
joe
dc42ef0264 Additional corrections to OpenSSH buffer handling. 
Obtained from:  openssh.org
Originally committed to head by: nectar
 2003-09-26 19:15:53 +00:00
joe
62fcef3496 This commit was generated by cvs2svn to compensate for changes in r120489, 
which included commits to RCS files with non-trunk default branches.
 2003-09-26 19:15:53 +00:00
joe
175ed5a6e4 Additional corrections to OpenSSH buffer handling. 
Obtained from:  openssh.org
Originally committed to head by: nectar
 2003-09-26 19:15:53 +00:00
des
0b9dcf3092 Update version string. 2003-09-24 19:20:23 +00:00
des
202ae7da6f Remove bogus calls to xfree(). 2003-09-24 19:11:52 +00:00
des
7ddad9d4af resp is a pointer to an array of structs, not an array of pointers to structs. 2003-09-24 18:26:29 +00:00
des
005a1d4afd Return the correct error value when a null query fails. 2003-09-24 18:24:27 +00:00
des
21906911ce Fix broken shell code. 2003-09-19 11:29:51 +00:00
nectar
0689a1c0d3 Correct more cases of allocation size bookkeeping being updated before 
calling functions which can potentially fail and cause cleanups to be
invoked.

Submitted by:	Solar Designer <solar@openwall.com>
 2003-09-17 14:36:14 +00:00
nectar
441fabb06e This commit was generated by cvs2svn to compensate for changes in r120161, 
which included commits to RCS files with non-trunk default branches.
 2003-09-17 14:36:14 +00:00
nectar
bacf67e6ca Correct more cases of allocation size bookkeeping being updated before 
calling functions which can potentially fail and cause cleanups to be
invoked.

Submitted by:	Solar Designer <solar@openwall.com>
 2003-09-17 14:36:14 +00:00
nectar
359ce984aa Update the OpenSSH addendum string for the buffer handling fix. 2003-09-16 14:33:04 +00:00
nectar
8cd211c561 Do not record expanded size before attempting to reallocate associated 
memory.

Obtained from:	OpenBSD
 2003-09-16 06:11:58 +00:00
nectar
ff50ba9baf This commit was generated by cvs2svn to compensate for changes in r120113, 
which included commits to RCS files with non-trunk default branches.
 2003-09-16 06:11:58 +00:00
des
7fc179286a Add a "return" that was missing from 3.6.1p1. Since it's been fixed in 
the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.
 2003-06-24 19:30:44 +00:00
des
270ae60a45 This commit was generated by cvs2svn to compensate for changes in r116791, 
which included commits to RCS files with non-trunk default branches.
 2003-06-24 19:30:44 +00:00
des
108403d091 Fix off-by-one and initialization errors which prevented sshd from 
restarting when sent a SIGHUP.

Submitted by:	tegge
Approved by:	re (jhb)
 2003-05-28 19:39:33 +00:00
des
e0263bb5ea Revert unnecessary part of previous commit. 2003-05-13 10:18:49 +00:00
des
ab070fe748 Rename a few functions to avoid stealing common words (error, log, debug 
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.

Approved by:	re (rwatson)
 2003-05-12 19:22:47 +00:00
des
8a5b06b8e0 Remove RCSID from files which have no other diffs to the vendor branch. 2003-05-01 15:05:43 +00:00
des
a4b5e84c1c Nit. 2003-04-23 17:23:06 +00:00
des
471d81d867 Improvements to the proposed shell code. 2003-04-23 17:21:55 +00:00
des
5e9cbb7bff Regenerate. 2003-04-23 17:21:27 +00:00
des
58b9db3b6f Resolve conflicts. 2003-04-23 17:13:13 +00:00
des
85b37b9574 Vendor import of OpenSSH-portable 3.6.1p1. 2003-04-23 16:53:02 +00:00
des
6d34992e86 This commit was generated by cvs2svn to compensate for changes in r113908, 
which included commits to RCS files with non-trunk default branches.
 2003-04-23 16:53:02 +00:00
des
39ecd8ace7 - when using a child process instead of a thread, change the child's 
name to reflect its role
- try to handle expired passwords a little better

MFC after:	1 week
 2003-03-31 13:48:18 +00:00
des
2f9a965fa9 If an ssh1 client initiated challenge-response authentication but did 
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.

Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.

MFC after:	1 week
 2003-03-31 13:45:36 +00:00
des
fc3e30fe3b Paranoia: instead of a NULL conversation function, use one that always 
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.

MFC after:	3 days
 2003-02-16 11:03:55 +00:00
des
f4ca4d4385 document the current default value for VersionAddendum. 2003-02-11 12:11:15 +00:00
des
a6e843c458 Set the ruid to the euid at startup as a workaround for a bug in pam_ssh. 
MFC after:	3 days
 2003-02-07 15:48:27 +00:00
trhodes
914d9fc8a8 The manual page lists only 2 files, however it reads as `three files' which is 
obviously incorrect.

PR:		46841
Submitted by:	Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
 2003-02-05 02:14:03 +00:00
des
b9730314a0 Linux-PAM's pam_start(3) fails with a bogus error message if passed the 
pam_conv argument is NULL.  OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.

Pointed out by:	Damien Miller <djm@mindrot.org>
 2003-02-03 14:10:28 +00:00
des
8da928f615 Bump patch date to 2003-02-01 (the day after I fixed PAM authentication 
for ssh1)
 2003-02-03 11:11:36 +00:00
des
a428b35290 Fix keyboard-interactive authentication for ssh1. The problem was twofold: 
- The PAM kbdint device sometimes doesn't know authentication succeeded
   until you re-query it.  The ssh1 kbdint code would never re-query the
   device, so authentication would always fail.  This patch has been
   submitted to the OpenSSH developers.

 - The monitor code for PAM sometimes forgot to tell the monitor that
   authentication had succeeded.  This caused the monitor to veto the
   privsep child's decision to allow the connection.

These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.

Sponsored by:	DARPA, NAI Labs
 2003-01-31 11:08:07 +00:00
des
d37413d05a Force early initialization of the resolver library, since the resolver 
configuration files will no longer be available once sshd is chrooted.

PR:		39953, 40894
Submitted by:	dinoex
MFC after:	3 days
 2003-01-22 14:12:59 +00:00
des
a9741e060a The previous commit contained a stupid mistake: ctxt->pam_[cp]sock was 
initialized after the call to pthread_create() instead of before.  It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
 2002-12-21 15:09:58 +00:00
des
06b0ce4f65 If possible, use pthreads instead of a child process for PAM. 
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread.  If
a child process is used instead, they will (necessarily) use a separate
context.

Constify do_pam_account() and do_pam_session().

Sponsored by:	DARPA, NAI Labs
 2002-12-14 13:52:39 +00:00
des
b6985eb271 Add a missing #include "canohost.h". 2002-12-14 13:48:47 +00:00
des
a46b8cda04 Remove code related to the PAMAuthenticationViaKbdInt option (which we've 
disabled).  This removes the only reference to auth2_pam().
 2002-12-14 13:48:13 +00:00
des
9f8ff3709f Back out a lastlog-related change which is no longer relevant. 2002-12-14 13:40:21 +00:00
des
bb06b52b06 Fix a rounding error in the block size calculation. 
Submitted by:	tjr
 2002-12-14 13:38:49 +00:00
des
81fe169630 Since OpenSSH drops privileges before calling pam_open_session(3), 
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.

Approved by:	re (rwatson)
 2002-12-03 15:48:11 +00:00
des
66bd92dc49 Add caveats regarding the effect of PAM on PasswordAuthentication and 
PermitRootLogin.

PR:		docs/43776
MFC after:	1 week
 2002-11-06 08:04:56 +00:00
des
398f2c44aa Document the current default for VersionAddendum. 2002-11-05 17:25:15 +00:00
des
b0ec3f5077 Accurately reflect our local changes and additions. 2002-11-05 17:24:01 +00:00
des
e08b64e978 Document the current default value for VersionAddendum. 2002-11-05 17:17:09 +00:00
des
d6d0eadd15 Switch to two-clause license, with NAI's permission. 2002-11-02 19:55:23 +00:00
des
279b0fa809 Resolve conflicts. 2002-10-29 10:16:02 +00:00
des
ce26c10eda Protect against tag expansion + fix some brainos. 2002-10-29 10:12:51 +00:00
des
4d499f34f8 Some tricks I use when I upgrade. 2002-10-29 09:56:16 +00:00
des
9f3147578a Correct shell code to expand globs in FREEBSD-Xlist 2002-10-29 09:55:28 +00:00
des
b057cae3d7 More cruft. 2002-10-29 09:54:53 +00:00
des
099d1a58f7 Vendor import of OpenSSH-portable 3.5p1. 2002-10-29 09:43:00 +00:00
des
85f71815b9 This commit was generated by cvs2svn to compensate for changes in r106121, 
which included commits to RCS files with non-trunk default branches.
 2002-10-29 09:43:00 +00:00
ume
03b3b78217 sshd didn't handle actual size of struct sockaddr correctly, 
and did copy it as long as just size of struct sockaddr.  So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.

Reported by:	many people
Reviewed by:	current@ and stable@ (no objection)
MFC after:	3 days
 2002-09-09 16:49:11 +00:00
kuriyama
aae5a5f01d Fix typo (s@src/crypto/openssh-portable@src/crypto/openssh@). 2002-09-09 02:00:28 +00:00
ache
15b8a90686 Do login cap calls _before_ descriptors are hardly closed because close may 
invalidate login cap descriptor.

Reviewed by:	des
 2002-08-05 16:06:35 +00:00
fanf
1ae0b432fe Use login_getpwclass() instead of login_getclass() so that the root 
vs. default login class distinction is made correctly.

PR:		37416
Approved by:	des
MFC after:	4 days
 2002-07-29 00:36:24 +00:00
fanf
b26a01d35d FreeBSD doesn't use the host RSA key by default. 
Reviewed by:	des
 2002-07-26 15:16:56 +00:00
ache
57a3dbab09 Problems addressed: 
1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.

Reviewed by:	maintainer's silence in 2 weeks (with my constant reminders)
 2002-07-26 02:20:00 +00:00
fanf
8e466364e9 Document the FreeBSD default for CheckHostIP, which was changed in 
rev 1.2 of readconf.c.

Approved by:	des
 2002-07-25 15:59:40 +00:00
des
0aa82e6d90 Whitespace nit. 2002-07-23 17:57:17 +00:00
des
5aaa4a883f In pam_init_ctx(), register a cleanup function that will kill the child 
process if a fatal error occurs.  Deregister it in pam_free_ctx().
 2002-07-17 17:44:02 +00:00
des
71869d2ebd Use realhostname_sa(3) so the IP address will be used instead of the 
hostname if the latter is too long for utmp.

Submitted by:	ru
MFC after:	3 days
 2002-07-11 10:36:10 +00:00
des
ed67e10a93 Do not try to use PAM for password authentication, as it is 
already (and far better) supported by the challenge/response
authentication mechanism.
 2002-07-10 23:05:13 +00:00
des
1983859ac6 Don't forget to clear the buffer before reusing it. 2002-07-10 23:04:07 +00:00
des
ac9c3868c1 Rewrite to use the buffer API instead of roll-your-own messaging. 
Suggested by:	Markus Friedl <markus@openbsd.org>
Sponsored by:	DARPA, NAI Labs
 2002-07-05 15:27:26 +00:00
des
cd66807aa2 (forgot to commit) We don't need --with-opie since PAM takes care of it. 2002-07-05 15:25:55 +00:00
des
7e54a0bbed - Don't enable OpenSSH's OPIE support, since we let PAM handle OPIE. 
- We don't have setutent(3) etc., and I have no idea why configure ever
   thought we did.
 2002-07-03 00:12:09 +00:00
des
f450aaf037 Two FreeBSD-specific nits in comments: 
- ChallengeResponseAuthentication controls PAM, not S/Key
 - We don't honor PAMAuthenticationViaKbdInt, because the code path it
   controls doesn't make sense for us, so don't mention it.

Sponsored by:	DARPA, NAI Labs
 2002-07-03 00:08:19 +00:00
des
e9db3343e8 Version bump for mm_answer_pam_respond() fix. 2002-07-02 13:07:37 +00:00
des
7523600be4 Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if 
PAM authentication failed due to an incorrect response.
 2002-07-02 13:07:17 +00:00
des
9cc7de0fcd Forgot to update the addendum in the config files. 2002-06-30 10:32:09 +00:00
des
3cde2270d8 Regenerate. 2002-06-29 11:58:32 +00:00
des
437db953e0 <sys/mman.h> requires <sys/types.h>. 2002-06-29 11:57:51 +00:00
des
72a8e501f7 Resolve conflicts. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 11:48:59 +00:00
des
1ba793a7c0 Vendor import of OpenSSH 3.4p1. 2002-06-29 11:34:13 +00:00
des
96f831106b This commit was generated by cvs2svn to compensate for changes in r99060, 
which included commits to RCS files with non-trunk default branches.
 2002-06-29 11:34:13 +00:00
des
1fe6eac54a Commit config.h so we don't need autoconf to build world. 2002-06-29 11:31:02 +00:00
des
31ca40f6fa OpenBSD lifted this code our tree. Preserve the original CVS id. 2002-06-29 11:25:20 +00:00
des
a1a5bcd8f6 Use our __RCSID(). 2002-06-29 11:22:20 +00:00
des
f5c4526d2f Make sure the environment variables set by setusercontext() are passed on 
to the child process.

Reviewed by:	ache
Sponsored by:	DARPA, NAI Labs
 2002-06-29 11:21:58 +00:00
des
eb9c7816d4 Canonicize the host name before looking it up in the host file. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 10:57:53 +00:00
des
c6ba2ba489 Apply class-imposed login restrictions. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 10:57:13 +00:00
des
3003a57dbb PAM support, the FreeBSD way. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 10:56:23 +00:00
des
3f22fbc9c3 Document FreeBSD defaults. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 10:55:18 +00:00
des
3e4ef54c7b Document FreeBSD defaults and paths. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 10:53:57 +00:00
des
10f0309f20 Remove duplicate. 2002-06-29 10:52:42 +00:00
des
2d6cae03f1 Apply FreeBSD's configuration defaults. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 10:51:56 +00:00
des
a56e989df5 Add the VersionAddendum configuration variable. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 10:49:57 +00:00
des
4d49e874a9 Support OPIE as an alternative to S/Key. 
Sponsored by:	DARPA, NAI Labs
 2002-06-29 10:44:37 +00:00
des
3aa72d2c55 Document the upgrade process. 2002-06-29 10:39:14 +00:00
des
4ff94afd20 Files we don't want to import. 2002-06-29 10:39:02 +00:00
des
5ba29faa04 Forcibly revert to mainline. 2002-06-27 22:42:11 +00:00
des
bb02848f18 Vendor import of OpenSSH 3.3p1. 2002-06-27 22:31:32 +00:00
des
0a08712215 This commit was generated by cvs2svn to compensate for changes in r98937, 
which included commits to RCS files with non-trunk default branches.
 2002-06-27 22:31:32 +00:00
dinoex
fd860e7d16 remove declaration of authlog 
use variable from_host
Reviewed by:	des
 2002-06-24 11:11:30 +00:00
des
4db40e9ca5 IPv4or6 is already defined in libssh. 2002-06-24 10:15:26 +00:00
des
2894284b2a Resolve conflicts and document local changes. 2002-06-23 21:42:47 +00:00
des
5375a0a2ad Correctly export the environment variables set by setusercontext(). 
Sponsored by:	DARPA, NAI Labs
 2002-06-23 20:22:49 +00:00
des
fa8aa6dfe7 Resolve conflicts. Known issues: 
- sshd fails to set TERM correctly.
 - privilege separation may break PAM and is currently turned off.
 - man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by:	DARPA, NAI Labs
 2002-06-23 16:09:08 +00:00
des
610201f50f Vendor import of OpenSSH 3.3. 2002-06-23 14:01:54 +00:00
des
0161794f0d This commit was generated by cvs2svn to compensate for changes in r98675, 
which included commits to RCS files with non-trunk default branches.
 2002-06-23 14:01:54 +00:00
jedgar
a679ebf88a Remove _PATH_CP now that it is defined in paths.h 
Reviewed by:	des
 2002-05-12 01:52:11 +00:00
obrien
0908b99eb0 Usual after-import fixup of SCM IDs. 2002-05-01 22:39:53 +00:00
des
ec4b7563a5 Back out previous commit. 2002-04-25 16:53:25 +00:00
jkh
04da61f7a8 Change default challenge/response behavior of sshd by popular demand. 
This brings us into sync with the behavior of sshd on other Unix platforms.

Submitted by:	Joshua Goodall <joshua@roughtrade.net>
 2002-04-25 05:59:53 +00:00
ache
162e53dcfe 1) Proberly conditionalize PAM "last login" printout. 
2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block,
narrow it down.
3) Don't check the same conditions twice (for "copyright" and "welcome"),
put them under single block.
4) Print \n between "copyright" and "welcome" as our login does.

Reviewed by:	des (1)
 2002-04-23 12:36:11 +00:00
des
ad8d1ef864 Don't report last login time in PAM case. (perforce change 10057) 
Sponsored by:	DARPA, NAI Labs
 2002-04-22 06:26:29 +00:00
des
1a6399fa3b Fix warnings + wait for child so it doesn't go zombie (perforce change 10122) 2002-04-22 06:25:13 +00:00
ache
ac2b640032 Move LOGIN_CAP calls before all file descriptors are closed hard, since some 
descriptors may be used by LOGIN_CAP internally, add login_close().

Use "nocheckmail" LOGIN_CAP capability too like our login does.
 2002-04-21 13:31:56 +00:00
ache
b8f64a3c9b Fix TZ & TERM handling for use_login case of rev. 1.24 2002-04-20 09:56:10 +00:00
ache
a9f47835a0 1) Surprisingly, "CheckMail" handling code completely removed from this 
version, so documented "CheckMail" option exists but does nothing.
Bring it back to life adding code back.

2) Cosmetique. Reduce number of args in do_setusercontext()
 2002-04-20 09:26:43 +00:00
ache
4c135df5a2 1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old 
code merge.

2) In addition honor "timezone" and "term" capabilities from login.conf,
not overwrite them once they set (they are TZ and TERM variables).
 2002-04-20 05:44:36 +00:00
ache
9cec8df7cf Please repeat after me: setusercontext() modifies _current_ environment, but 
sshd uses separate child_env. So, to make setusercontext() really does
something, environment must be switched before call and passed to child_env
back after it.

The error here was that modified environment not passed back to child_env,
so all variables that setusercontext() adds are lost, including ones from
~/.login_conf
 2002-04-20 04:38:07 +00:00
des
67bfdd081a Fix some warnings. Don't record logins twice in USE_PAM case. Strip 
"/dev/" off the tty name before passing it to auth_ttyok or PAM.

Inspired by:	dinoex
Sponsored by:	DARPA, NAI Labs
 2002-04-14 16:24:36 +00:00
des
0e80f55d44 Back out previous backout. It seems I was right to begin with, and DSA is 
preferrable to RSA (not least because the SECSH draft standard requires
DSA while RSA is only recommended).
 2002-04-12 15:52:10 +00:00
des
0264ee3296 Knowledgeable persons assure me that RSA is preferable to DSA and that we 
should transition away from DSA.
 2002-04-11 22:04:40 +00:00
des
d48b9c1d4a Prefer DSA to RSA if both are available. 2002-04-11 16:08:48 +00:00
des
be2e00cce9 Do not attempt to load an ssh2 RSA host key by default. 2002-04-11 16:08:02 +00:00
ru
54bcb55671 Align for const poisoning in -lutil. 2002-04-08 11:07:51 +00:00
des
a3900e7d70 Nuke stale copy of the pam_ssh(8) source code. 2002-04-06 04:46:01 +00:00
des
a06ed407a7 Revert to vendor version, what little was left of our local patches here 
was incorrect.

Pointed out by:	Markus Friedl <markus@openbsd.org>
 2002-04-02 23:07:31 +00:00
des
26f5df0f67 Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens 
the version string to 28 characters, which is below the 40-character limit
specified in the proposed SECSH standard.  Some servers, however (like the
one built into the Foundry BigIron line of switches) will hang when
confronted with a version string longer than 24 characters, so some users
may need to shorten it further.

Sponsored by:	DARPA, NAI Labs
 2002-04-02 21:53:54 +00:00
des
ac025bb036 Make the various ssh clients understand the VersionAddendum option. 
Submitted by:	pb
 2002-04-02 21:48:51 +00:00
ru
065ea04bd8 Switch over to using pam_login_access(8) module in sshd(8). 
(Fixes static compilation.  Reduces diffs to OpenSSH.)

Reviewed by:	bde
 2002-03-26 12:52:28 +00:00
nectar
6a3cd1f6ba REALLY correct typo this time. 
Noticed by:	roam
 2002-03-26 12:27:43 +00:00