Andrey A. Chernov
03df31a6fc
Please repeat after me: setusercontext() modifies _current_ environment, but
...
sshd uses separate child_env. So, to make setusercontext() really does
something, environment must be switched before call and passed to child_env
back after it.
The error here was that modified environment not passed back to child_env,
so all variables that setusercontext() adds are lost, including ones from
~/.login_conf
2002-04-20 04:38:07 +00:00
Dag-Erling Smørgrav
ca99146106
Fix some warnings. Don't record logins twice in USE_PAM case. Strip
...
"/dev/" off the tty name before passing it to auth_ttyok or PAM.
Inspired by: dinoex
Sponsored by: DARPA, NAI Labs
2002-04-14 16:24:36 +00:00
Dag-Erling Smørgrav
cd3dfe6d6e
Back out previous backout. It seems I was right to begin with, and DSA is
...
preferrable to RSA (not least because the SECSH draft standard requires
DSA while RSA is only recommended).
2002-04-12 15:52:10 +00:00
Dag-Erling Smørgrav
8f8855cff0
Knowledgeable persons assure me that RSA is preferable to DSA and that we
...
should transition away from DSA.
2002-04-11 22:04:40 +00:00
Dag-Erling Smørgrav
6cef489c5c
Prefer DSA to RSA if both are available.
2002-04-11 16:08:48 +00:00
Dag-Erling Smørgrav
9c0adca3e7
Do not attempt to load an ssh2 RSA host key by default.
2002-04-11 16:08:02 +00:00
Ruslan Ermilov
f2f306b622
Align for const poisoning in -lutil.
2002-04-08 11:07:51 +00:00
Dag-Erling Smørgrav
5e022fc6f0
Nuke stale copy of the pam_ssh(8) source code.
2002-04-06 04:46:01 +00:00
Dag-Erling Smørgrav
5297e48d04
Revert to vendor version, what little was left of our local patches here
...
was incorrect.
Pointed out by: Markus Friedl <markus@openbsd.org>
2002-04-02 23:07:31 +00:00
Dag-Erling Smørgrav
43e73ba0c2
Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens
...
the version string to 28 characters, which is below the 40-character limit
specified in the proposed SECSH standard. Some servers, however (like the
one built into the Foundry BigIron line of switches) will hang when
confronted with a version string longer than 24 characters, so some users
may need to shorten it further.
Sponsored by: DARPA, NAI Labs
2002-04-02 21:53:54 +00:00
Dag-Erling Smørgrav
9e2cbe04ff
Make the various ssh clients understand the VersionAddendum option.
...
Submitted by: pb
2002-04-02 21:48:51 +00:00
Ruslan Ermilov
2735cfee64
Switch over to using pam_login_access(8) module in sshd(8).
...
(Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
2002-03-26 12:52:28 +00:00
Jacques Vidrine
7fd1ca3b0c
REALLY correct typo this time.
...
Noticed by: roam
2002-03-26 12:27:43 +00:00
Jacques Vidrine
26241f6368
Fix typo (missing paren) affecting KRB4 && KRB5 case.
...
Approved by: des
2002-03-25 14:55:41 +00:00
Dag-Erling Smørgrav
f0cf488b75
We keep moduli(5) in /etc/ssh, not /etc.
2002-03-23 19:26:21 +00:00
Dag-Erling Smørgrav
6b11d510fd
Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.
...
Sponsored by: DARPA, NAI Labs
2002-03-21 12:55:21 +00:00
Dag-Erling Smørgrav
fe49ecbc93
Use the "sshd" service instead of "csshd". The latter was only needed
...
because of bugs (incorrect design decisions, actually) in Linux-PAM.
Sponsored by: DARPA, NAI Labs
2002-03-21 12:23:09 +00:00
cvs2svn
556a3fb01e
This commit was manufactured by cvs2svn to create branch
...
'VENDOR-crypto-openssh'.
2002-03-21 12:18:28 +00:00
Dag-Erling Smørgrav
da4dc1eeb5
Use PAM instead of S/Key (or OPIE) for SSH2.
...
Sponsored by: DARPA, NAI Labs
2002-03-21 12:18:27 +00:00
Dag-Erling Smørgrav
97ec1da11a
Note that portions of this software were
...
Sponsored by: DARPA, NAI Labs
2002-03-20 22:10:10 +00:00
Dag-Erling Smørgrav
3a17de1501
- Change the prompt from "S/Key Password: " to "OPIE Password: "
...
- If the user doesn't have an OPIE key, don't challenge him. This is
a workaround until I get PAM to work properly with ssh2.
Sponsored by: DARPA, NAI Labs
2002-03-20 22:02:02 +00:00
Dag-Erling Smørgrav
1d9e2b0ad5
Unbreak for KRB4 ^ KRB5 case.
...
Sponsored by: DARPA, NAI Labs
2002-03-19 16:44:11 +00:00
Dag-Erling Smørgrav
8bf26f5d41
Revive this file (which is used for opie rather than skey)
2002-03-18 10:31:33 +00:00
Dag-Erling Smørgrav
af12a3e74a
Fix conflicts.
2002-03-18 10:09:43 +00:00
Dag-Erling Smørgrav
ae1f160d56
Vendor import of OpenSSH 3.1
2002-03-18 09:55:03 +00:00
Dag-Erling Smørgrav
996836565f
This commit was generated by cvs2svn to compensate for changes in r92555,
...
which included commits to RCS files with non-trunk default branches.
2002-03-18 09:55:03 +00:00
Dag-Erling Smørgrav
a681ab0abe
Diff reduction.
...
Sponsored by: DARPA, NAI Labs
2002-03-16 08:03:48 +00:00
Jacques Vidrine
1acac5eba8
Update version string.
2002-03-07 14:36:28 +00:00
Jacques Vidrine
d96f3089f2
Fix off-by-one error.
...
Obtained from: OpenBSD
2002-03-05 14:27:19 +00:00
Brian Feldman
885a59f2e0
Use login_getpwclass() instead of login_getclass() so that default
...
mapping of user login classes works.
Obtained from: TrustedBSD project
Sponsored by: DARPA, NAI Labs
2002-02-27 22:36:30 +00:00
Jacques Vidrine
eacee0ff7e
Update build after import of Heimdal Kerberos 2002/02/17.
2002-02-19 15:53:33 +00:00
Jacques Vidrine
70d0374720
Remove files that were dropped from Heimdal Kerberos 2002/02/17.
2002-02-19 15:51:09 +00:00
Jacques Vidrine
bc865db654
Resolve conflicts after import of Heimdal Kerberos 2002/02/17.
2002-02-19 15:50:30 +00:00
Jacques Vidrine
4137ff4cc1
Import of Heimdal Kerberos from KTH repository circa 2002/02/17.
2002-02-19 15:46:56 +00:00
Jacques Vidrine
50d8893512
This commit was generated by cvs2svn to compensate for changes in r90926,
...
which included commits to RCS files with non-trunk default branches.
2002-02-19 15:46:56 +00:00
Sheldon Hearn
fa3e900453
Don't use non-signal-safe functions (exit(3) in this case) in
...
signal handlers. In this case, use _exit(2) instead, following
the call to shutdown(2).
This fixes rare telnetd hangs.
PR: misc/33672
Submitted by: Umesh Krishnaswamy <umesh@juniper.net>
MFC after: 1 month
2002-02-05 15:20:02 +00:00
Kris Kennaway
c21ce79893
Resolve conflicts.
2002-01-27 03:17:13 +00:00
Kris Kennaway
a21b1b381e
Initial import of OpenSSL 0.9.6c
2002-01-27 03:13:07 +00:00
Kris Kennaway
a61825c7f3
This commit was generated by cvs2svn to compensate for changes in r89837,
...
which included commits to RCS files with non-trunk default branches.
2002-01-27 03:13:07 +00:00
Ruslan Ermilov
fd4ca9e02d
Make libssh.so useable (undefined reference to IPv4or6).
...
Reviewed by: des, markm
Approved by: markm
2002-01-23 15:06:47 +00:00
Jacques Vidrine
5a83b025a9
Don't use getlogin() to determine whether we are root.
...
(Import of vendor fix.)
2002-01-15 19:25:55 +00:00
Jacques Vidrine
282fee498c
This commit was generated by cvs2svn to compensate for changes in r89402,
...
which included commits to RCS files with non-trunk default branches.
2002-01-15 19:25:55 +00:00
Brian Feldman
27e5f9f620
Fix a coredump bug occurring if ssh-keygen attempts to change the password
...
on a DSA key.
Submitted by: ian j hart <ianjhart@ntlworld.com>
2002-01-07 15:55:20 +00:00
Ruslan Ermilov
3f36940560
mdoc(7) police: remove -r from SYNOPSIS, sort -p in DESCRIPTION.
2001-12-14 14:41:07 +00:00
Jordan K. Hubbard
d1f21093cd
Don't assume that the number of fds to select on is known quantity (in
...
this case 16). Use dynamic FD_SETs and calculated high-water marks
throughout. There are also too many versions of telnet in the tree.
Obtained from: OpenBSD and Apple's Radar database
MFC after: 2 days
2001-12-09 09:53:27 +00:00
Ruslan Ermilov
5c5c92aff0
Fixed bugs from previous revision.
...
Removed -s from SYNOPSIS and restored -S in DESCRIPTION.
2001-12-04 16:02:36 +00:00
Jacques Vidrine
eb5bc300e8
Update version string since we applied a fix for the UseLogin issue.
2001-12-03 22:47:51 +00:00
John Hay
de0dff907e
Protect variables and function prototypes that are only used in the INET6
...
case with an ifdef INET6.
This make the fixit floppy compile again.
Reviewed by: markm
2001-12-03 17:42:02 +00:00
Mark Murray
5eb2b33ad8
More help for alpha WARNS=2. This code is, erm, unusual. Anyone who
...
feels like rewriting it will meet no objection from me.
2001-12-03 12:16:40 +00:00
Mark Murray
54ab3ed82b
help the alphas out with the WARNS=2 stuff.
2001-12-03 12:13:18 +00:00
Jacques Vidrine
1c5093bbbc
Do not pass user-defined environmental variables to /usr/bin/login.
...
Obtained from: OpenBSD
Approved by: green
2001-12-03 00:51:47 +00:00
Mark Murray
5a12e441eb
Protect names that are used elsewhere. This fixes WARNS=2 breakage
...
in crypto telnet.
2001-12-01 18:48:36 +00:00
Mark Murray
3138440a79
Damn. The previous mega-commit was incomplete WRT ANSIfication. This
...
fixes that.
2001-11-30 22:28:07 +00:00
Mark Murray
8fa113e5fc
Very large style makeover.
...
1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff
This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
David Malone
46fdbb8ad4
In the "UseLogin yes" case we need env to be NULL to make sure it
...
will be correctly initialised.
PR: 32065
Tested by: The Anarcat <anarcat@anarcat.dyndns.org>
MFC after: 3 days
2001-11-19 19:40:14 +00:00
John Baldwin
4091481652
Fix world by trimming an extra comment terminator.
2001-10-29 19:22:38 +00:00
Nick Sayer
3737d6dfe3
Add Berkeley copyright to SRA.
...
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:
Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.
>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.
>dave safford
This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.
MFC after: 1 day
2001-10-29 16:12:16 +00:00
Mark Murray
6fdd5473af
Diff-reduce these two.
...
Really, one of them needs to disappear. I'll figure out which
later.
Reported by: bde
2001-10-27 12:49:19 +00:00
Mark Murray
f2ac7de925
Add __FBSDID() to diff-reduce with "base" telnet.
2001-10-01 16:04:55 +00:00
Brian Feldman
ccf35be189
Modify a "You don't exist" message, pretty rude for transient YP failures.
2001-09-27 18:54:42 +00:00
Assar Westerlund
1f131ac4bd
fix renamed options in some of the code that was #ifdef AFS
...
also print an error if krb5 ticket passing is disabled
Submitted by: Jonathan Chen <jon@spock.org>
2001-09-04 13:27:04 +00:00
Mark Murray
6b022d0047
Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.
2001-08-29 14:16:17 +00:00
Paul Saab
20a18c35f4
Backout last change. I didnt follow the thread and made a mistake
...
with this. localisations is a valid spelling. Oops
2001-08-27 10:37:50 +00:00
Paul Saab
95576c53ef
Correctly spell localizations
2001-08-27 10:20:02 +00:00
Dima Dorfman
39b7ac5a89
Remove description of an option that only applies to UNICOS < 7.0.
...
That define may still be present in the source, but I don't think
anyone has plans to try to use it.
Obtained from: NetBSD
2001-08-25 21:29:12 +00:00
Mark Murray
21f083c0a6
Code merge and diff reduce with "base" telnet. This is the "later"
...
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.
2001-08-20 12:28:40 +00:00
Brian Feldman
0e513252b5
Update the OpenSSH minor-version string.
...
Requested by: obrien
Reviewed by: rwatson
2001-08-16 19:26:19 +00:00
Kazuo Horikawa
ba8140a6f6
Removal of following export controll related sentences:
...
o Because of export controls, TELNET ENCRYPT option is not supported outside
of the United States and Canada.
o Because of export controls, data encryption
is not supported outside of the United States and Canada.
src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.
Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc
2001-08-15 01:30:25 +00:00
Ruslan Ermilov
753d686d34
mdoc(7) police: s/BSD/.Bx/ where appropriate.
2001-08-14 10:01:54 +00:00
Kris Kennaway
a2a887b56a
output_data(), output_datalen() and netflush() didn't actually guarantee
...
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded). Change the
semantics so that these functions ensure they complete the operation before
returning.
Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.
Patch developed with assistance from ru and assar.
2001-07-23 21:52:26 +00:00
Ruslan Ermilov
40e7fc1a20
More potential buffer overflow fixes.
...
o Fixed `nfrontp' calculations in output_data(). If `remaining' is
initially zero, it was possible for `nfrontp' to be decremented.
Noticed by: dillon
o Replaced leaking writenet() with output_datalen():
: * writenet
: *
: * Just a handy little function to write a bit of raw data to the net.
: * It will force a transmit of the buffer if necessary
: *
: * arguments
: * ptr - A pointer to a character string to write
: * len - How many bytes to write
: */
: void
: writenet(ptr, len)
: register unsigned char *ptr;
: register int len;
: {
: /* flush buffer if no room for new data) */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: /* if this fails, don't worry, buffer is a little big */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: netflush();
: }
:
: memmove(nfrontp, ptr, len);
: nfrontp += len;
:
: } /* end of writenet */
What an irony! :-)
o Optimized output_datalen() a bit.
2001-07-20 12:02:30 +00:00
Kris Kennaway
37b8c2dbf3
Resolve conflicts
2001-07-19 20:05:28 +00:00
Kris Kennaway
26d191b459
Initial import of OpenSSL 0.9.6b
2001-07-19 19:59:37 +00:00
Kris Kennaway
3c738b5631
This commit was generated by cvs2svn to compensate for changes in r79998,
...
which included commits to RCS files with non-trunk default branches.
2001-07-19 19:59:37 +00:00
Ruslan Ermilov
1ee47d0673
vsnprintf() can return a value larger than the buffer size.
...
Submitted by: assar
Obtained from: OpenBSD
2001-07-19 18:58:31 +00:00
Ruslan Ermilov
5f10368c1d
Fixed the exploitable remote buffer overflow.
...
Reported on: bugtraq
Obtained from: Heimdal, NetBSD
Reviewed by: obrien, imp
2001-07-19 17:48:57 +00:00
Jacques Vidrine
b33edd3956
Bug fix: When the client connects to a server and Kerberos
...
authentication is enabled, the client effectively ignores any error
from krb5_rd_rep due to a missing branch.
In theory this could result in an ssh client using Kerberos 5
authentication accepting a spoofed AP-REP. I doubt this is a real
possiblity, however, because the AP-REP is passed from the server to
the client via the SSH encrypted channel. Any tampering should cause
the decryption or MAC to fail.
Approved by: green
MFC after: 1 week
2001-07-13 18:12:13 +00:00
Ruslan Ermilov
63919764c2
mdoc(7) police: removed HISTORY info from the .Os call.
2001-07-10 10:42:19 +00:00
Brian Feldman
d9769eeead
Fix an incorrect conflict resolution which prevented TISAuthentication
...
from working right in 2.9.
2001-07-07 14:19:53 +00:00
Ruslan Ermilov
df1cda58e4
mdoc(7) police: merge all fixes from non-crypto version.
2001-07-05 14:08:12 +00:00
Ruslan Ermilov
a5493c1b77
MF non-crypto: 1.13: document -u in usage.
2001-07-05 14:06:27 +00:00
Brian Feldman
a15906e7aa
Also add a colon to "Bad passphrase, please try again ".
2001-06-29 16:43:13 +00:00
Brian Feldman
69b8e053cb
Put in a missing colon in the "Enter passphrase" message.
2001-06-29 16:34:14 +00:00
Brian Feldman
0c82706bc0
Back out the last change which is probably actually a red herring. Argh!
2001-06-26 15:15:22 +00:00
Brian Feldman
c3e2f3baec
Don't pointlessly kill a channel because the first (forced)
...
non-blocking read returns 0.
Now I can finally tunnel CVSUP again...
2001-06-26 14:17:35 +00:00
Assar Westerlund
c80b5a6353
fix merges from 0.3f
2001-06-21 02:21:57 +00:00
Assar Westerlund
adb0ddaeac
import of heimdal 0.3f
2001-06-21 02:12:07 +00:00
Assar Westerlund
362982da86
This commit was generated by cvs2svn to compensate for changes in r78527,
...
which included commits to RCS files with non-trunk default branches.
2001-06-21 02:12:07 +00:00
Assar Westerlund
07de0e4353
(do_authloop): handle !KRB4 && KRB5
2001-06-16 07:44:17 +00:00
Mark Murray
7e40a391bc
Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does
...
not imply that you want, need or have kerberosIV headers.
2001-06-15 08:12:31 +00:00
Brian Feldman
e7edf5a116
Enable Kerberos 5 support in sshd again.
2001-06-12 03:43:47 +00:00
Brian Feldman
e9fd63dfdd
Switch to the user's uid before attempting to unlink the auth forwarding
...
file, nullifying the effects of a race.
Obtained from: OpenBSD
2001-06-08 22:22:09 +00:00
David E. O'Brien
e8f64f5ebf
Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason.
2001-05-24 07:22:08 +00:00
Matthew Dillon
7a2254dcf0
Oops, forgot the 'u' in the getopt for the previous commit.
2001-05-24 00:14:19 +00:00
Matthew Dillon
e5c23e887b
A feature to allow one to telnet to a unix domain socket. (MFC from
...
non-crypto version)
Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.
Obtained from: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
2001-05-23 22:54:07 +00:00
Kris Kennaway
f06df90bde
Resolve conflicts
2001-05-20 03:17:35 +00:00
Kris Kennaway
5740a5e34c
Initial import of OpenSSL 0.9.6a
2001-05-20 03:07:21 +00:00
Kris Kennaway
4992dce6f6
This commit was generated by cvs2svn to compensate for changes in r76866,
...
which included commits to RCS files with non-trunk default branches.
2001-05-20 03:07:21 +00:00
David E. O'Brien
d3ebe37cd0
Restore the RSA host key to /etc/ssh/ssh_host_key.
...
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
2001-05-18 18:10:02 +00:00
Nick Sayer
9286fd701f
Make the PAM user-override actually override the correect thing.
2001-05-17 16:28:11 +00:00
Peter Wemm
64867478d8
Back out last commit. This was already fixed. This should never have
...
happened, this is why we have commit mail expressly delivered to
committers.
2001-05-17 03:14:42 +00:00
Peter Wemm
d48d5be0d0
Fix the latest telnet breakage. Obviously this was never compiled.
2001-05-17 03:13:00 +00:00
Nick Sayer
1848e3d448
Since the root-on-insecure-tty code was added to telnetd, a dependency
...
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
2001-05-16 20:34:42 +00:00
Nick Sayer
166b3cb9a0
Make sure the protocol actively rejects bad data rather than
...
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
Nick Sayer
8183ac8f53
srandomdev() affords us the opportunity to radically improve, and at the
...
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
Nick Sayer
60f581768d
Catch any attempted buffer overflows. The magic numbers in this code
...
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.
Submitted by: kris
2001-05-16 18:27:09 +00:00
Nick Sayer
e7157113a9
Catch malloc return failures. This should help avoid dereferencing NULL on
...
low-memory situations.
Submitted by: kris
2001-05-16 18:17:55 +00:00
Peter Wemm
cd189e1195
Hack to work around braindeath in libtelnet:sra.c. The sra.o file
...
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
Nick Sayer
c7be24c970
If the uid of the attempted authentication is 0 and if the pty is
...
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
Brian Feldman
62c931e0a4
If a host would exceed 16 characters in the utmp entry, record only
...
it's IP address/base host instead.
Submitted by: brian
2001-05-15 01:50:40 +00:00
Ruslan Ermilov
bb60401e7a
mdoc(7) police: finished fixing conflicts in revision 1.18.
2001-05-14 18:13:34 +00:00
Mark Murray
fa83754c4e
Fix make world in the kerberosIV case.
2001-05-11 09:36:17 +00:00
Assar Westerlund
66b166c994
merge imported changes into HEAD
2001-05-11 00:14:02 +00:00
Alfred Perlstein
2c917d39b2
Fix some of the handling in the pam module, don't unregister things
...
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.
Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
2001-05-09 03:40:37 +00:00
Brian Feldman
00e38eaf7f
Since PAM is broken, let pam_setcred() failure be non-fatal.
2001-05-08 22:30:18 +00:00
Assar Westerlund
a3204abff5
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
Assar Westerlund
45524cd79e
mdoc(ng) fixes
...
Submitted by: ru
2001-05-08 14:57:13 +00:00
Assar Westerlund
d1edd0128c
This commit was generated by cvs2svn to compensate for changes in r76371,
...
which included commits to RCS files with non-trunk default branches.
2001-05-08 14:57:13 +00:00
Nick Sayer
053c5b3a9e
Pointy hat fix -- reapply the SRA PAM patch. To -current this time.
2001-05-07 20:42:02 +00:00
Brian Feldman
3817a12c9b
sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
2001-05-05 13:48:13 +00:00
Brian Feldman
4c5de86978
Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
...
(Missing Delta Brigade, tally-ho!)
2001-05-05 01:12:45 +00:00
Brian Feldman
87767895f0
Get ssh(1) compiling with MAKE_KERBEROS5.
2001-05-04 04:37:49 +00:00
Brian Feldman
345012bf8b
Remove obsoleted files.
2001-05-04 04:15:22 +00:00
Brian Feldman
ca3176e7c8
Fix conflicts for OpenSSH 2.9.
2001-05-04 04:14:23 +00:00
Brian Feldman
1e8db6e2f6
Say "hi" to the latest in the OpenSSH series, version 2.9!
...
Happy birthday to: rwatson
2001-05-04 03:57:05 +00:00
Brian Feldman
3ed16d1511
This commit was generated by cvs2svn to compensate for changes in r76259,
...
which included commits to RCS files with non-trunk default branches.
2001-05-04 03:57:05 +00:00
Brian Feldman
933ca70f8f
Add a "VersionAddendum" configuration setting for sshd which allows
...
anyone to easily change the part of the OpenSSH version after the main
version number. The FreeBSD-specific version banner could be disabled
that way, for example:
# Call ourselves plain OpenSSH
VersionAddendum
2001-05-03 00:29:28 +00:00
Brian Feldman
1f5ce8f412
Backout completely canonical lookup modifications.
2001-05-03 00:26:47 +00:00
Mark Murray
b7ffbfee87
Toss into attic stuff we don't use.
2001-04-14 09:48:26 +00:00
Ruslan Ermilov
566f5a4859
mdoc(7) police: removed hard sentence breaks introduced in rev.1.10.
2001-04-13 08:49:52 +00:00
Nick Sayer
036790848a
Clean up telnet's argument processing a bit. autologin and encryption is
...
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
2001-04-06 15:56:10 +00:00
Nick Sayer
6a1fe28e41
Reactivate SRA.
...
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
Brian Feldman
313cb084c4
Suggested by kris, OpenSSH shall have a version designated to note that
...
it's not "plain" OpenSSH 2.3.0.
2001-03-20 02:11:25 +00:00
Brian Feldman
e0fbb1d2de
Make password attacks based on traffic analysis harder by requiring that
...
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.
Obtained from: OpenBSD
2001-03-20 02:06:40 +00:00
Nick Sayer
989efc86f5
Fix core noted in -stable with 'auth disable SRA'.
...
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
Jeroen Ruigrok van der Werven
f7191d4fae
Fix double mention of ssh.
...
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.
PR: 25743
Submitted by: David Wolfskill <dhw@whistle.com>
2001-03-15 09:24:40 +00:00
Brian Feldman
e4fe1ca667
Don't dump core when an attempt is made to login using protocol 2 with
...
an invalid user name.
2001-03-15 03:15:18 +00:00
Assar Westerlund
aeccfe991a
(try_krb5_authentication): simplify code. from joda@netbsd.org
2001-03-13 04:42:38 +00:00
Assar Westerlund
a16a9b0f1e
Fix LP64 problem in Kerberos 5 TGT passing.
...
Obtained from: NetBSD (done by thorpej@netbsd.org )
2001-03-12 08:14:22 +00:00
Assar Westerlund
bb330cd01e
enable auto-negotiation of encrypt and decrypt
2001-03-12 03:54:48 +00:00
Assar Westerlund
02c9ff5b94
initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory.
...
PR: bin/20779
2001-03-12 03:48:03 +00:00
Brian Feldman
46c9472cd6
Reenable the SIGPIPE signal handler default in all cases for spawned
...
sessions.
2001-03-11 02:26:57 +00:00
Mark Murray
a4f378438c
Remove stuff that is really "ports material", generated files and
...
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
2001-03-04 07:26:45 +00:00
Mark Murray
c21f532945
Trim down the source tree a bit. We shouldn't have blatantly
...
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
2001-03-04 07:06:39 +00:00
Assar Westerlund
cb96ab3672
Add code for being compatible with ssh.com's krb5 authentication.
...
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
2001-03-04 02:22:04 +00:00
Kris Kennaway
b64f39b655
Resolve conflicts
2001-02-18 03:23:30 +00:00
Kris Kennaway
de7cdddab1
Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10
2001-02-18 03:17:36 +00:00
Kris Kennaway
a991678294
This commit was generated by cvs2svn to compensate for changes in r72613,
...
which included commits to RCS files with non-trunk default branches.
2001-02-18 03:17:36 +00:00
Paul Saab
8e97fe726f
Make ConnectionsPerPeriod non-fatal for real.
2001-02-18 01:33:31 +00:00
Mark Murray
93f09f075a
Fix a "make world"-breaking inconsistency for those folks making
...
a world with both KRB4 and KRB5.
2001-02-14 19:54:36 +00:00
Assar Westerlund
0346cda4f9
nuke conflict markers
2001-02-13 22:40:28 +00:00
Assar Westerlund
c9e3f8cfb9
update to new heimdal libkrb5
2001-02-13 16:58:04 +00:00
Assar Westerlund
47085b17ae
fix conflicts in heimdal 0.3e import
2001-02-13 16:52:56 +00:00
Assar Westerlund
5e9cd1ae3e
import of heimdal 0.3e
2001-02-13 16:46:19 +00:00
Assar Westerlund
c25d7ab741
This commit was generated by cvs2svn to compensate for changes in r72445,
...
which included commits to RCS files with non-trunk default branches.
2001-02-13 16:46:19 +00:00
Kris Kennaway
a09221f83c
Patches backported from later development version of OpenSSH which prevent
...
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.
Reviewed by: rwatson
2001-02-12 06:44:51 +00:00
Kris Kennaway
e0834d8749
Note that crypto/ is not used to build in, people should see secure/
...
instead.
2001-02-10 04:47:47 +00:00
Jeroen Ruigrok van der Werven
2b081e30cf
Synch: Add $FreeBSD$.
2001-02-07 21:58:16 +00:00
Jeroen Ruigrok van der Werven
2fa72ea7d4
Fix typo: compatability -> compatibility.
...
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd
Fix typo: seperate -> separate.
...
Seperate does not exist in the english language.
Submitted to look at by: kris
2001-02-06 10:39:38 +00:00
Jeroen Ruigrok van der Werven
2cdd9c0332
Fix typo: wierd -> weird.
...
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
Brian Feldman
ffd692be66
Correctly fill in the sun_len for a sockaddr_sun.
...
Submitted by: Alexander Leidinger <Alexander@leidinger.net>
2001-02-04 20:23:17 +00:00
Brian Feldman
a61d605eda
MFS: Don't use the canonical hostname here, too.
2001-02-04 20:16:14 +00:00
Brian Feldman
895b03b1e8
MFF: Make ConnectionsPerPeriod usage a warning, not fatal.
2001-02-04 20:15:53 +00:00
Ruslan Ermilov
f78fa00345
mdoc(7) police: split punctuation characters + misc fixes.
2001-02-01 17:12:45 +00:00
Brian Feldman
926581ede3
Actually propagate back to the rest of the application that a command
...
was specified when using -t mode with the SSH client.
Submitted by: Dima Dorfman <dima@unixfreak.org>
2001-01-21 05:45:27 +00:00
Brian Feldman
ea0187039a
/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
...
and giving a dire error to its lingering users.
2001-01-13 07:57:43 +00:00
Ruslan Ermilov
72c60cff38
Prepare for mdoc(7)NG.
2001-01-10 16:51:28 +00:00
Brian Feldman
39567f8cee
Fix a long-standing bug that resulted in a dropped session sometimes
...
when an X11-forwarded client was closed. For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really). Set SIGPIPE's handler to SIG_IGN.
2001-01-06 21:15:07 +00:00
Assar Westerlund
6e3caa0833
fix conflicts from merge
2000-12-29 21:16:01 +00:00
Assar Westerlund
5ad8ddfb6f
import krb4-1.0.5
2000-12-29 21:00:22 +00:00
Assar Westerlund
2a9bc9996c
This commit was generated by cvs2svn to compensate for changes in r70494,
...
which included commits to RCS files with non-trunk default branches.
2000-12-29 21:00:22 +00:00
Assar Westerlund
ee695f07e2
merge fix from vendor for not overwriting old ticket file
2000-12-10 21:01:33 +00:00
Assar Westerlund
45afb7befd
This commit was generated by cvs2svn to compensate for changes in r69836,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:01:33 +00:00
Assar Westerlund
7a7ff9f80d
merge fix from vendor for removing buffer overrun
2000-12-10 21:00:35 +00:00
Assar Westerlund
a623f068e0
This commit was generated by cvs2svn to compensate for changes in r69833,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 21:00:35 +00:00
Assar Westerlund
fcbc584c3b
merge fix from vendor for not looking at environment variables
2000-12-10 20:59:35 +00:00
Assar Westerlund
46c48c19a2
This commit was generated by cvs2svn to compensate for changes in r69830,
...
which included commits to RCS files with non-trunk default branches.
2000-12-10 20:59:35 +00:00
Assar Westerlund
ba688fa510
(scrub_env): change to only accept a listed set of variables,
...
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
Brian Feldman
099584266b
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
...
new features description elided in favor of checking out their
website.
Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
2000-12-05 02:55:12 +00:00
Brian Feldman
386879a128
Forgot to remove the old line in the last commit.
2000-12-05 02:41:01 +00:00
Brian Feldman
5b9b2fafd4
Import of OpenSSH 2.3.0 (virgin OpenBSD source release).
2000-12-05 02:20:19 +00:00
Brian Feldman
803a607983
This commit was generated by cvs2svn to compensate for changes in r69587,
...
which included commits to RCS files with non-trunk default branches.
2000-12-05 02:20:19 +00:00
Brian Somers
3c3d69579f
Remove duplicate line
...
Not responded to by: kris, then green
2000-12-04 22:57:53 +00:00
Jeroen Ruigrok van der Werven
acd1c3499e
Add more environment variables to be filtered through scrub_env().
...
Synched from normal telnet.
2000-11-30 13:14:54 +00:00
Jeroen Ruigrok van der Werven
d904cf9f8e
String paranoia fix. Synched from normal telnet.
2000-11-30 13:10:01 +00:00
Jeroen Ruigrok van der Werven
7e8f2fef03
String paranoia. Merged from regular telnet.
2000-11-30 10:55:25 +00:00
Kris Kennaway
f6fd83ed27
Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
...
Submitted by: Edwin Groothuis <mavetju@chello.nl>
PR: bin/22787
2000-11-26 21:37:51 +00:00
Brian Feldman
ee510eab3f
In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
...
back to the original environ unconditionally. The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set. Therefore, don't try to swap the env back
unless the previous env has been initialized.
PR: bin/22670
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2000-11-25 02:00:35 +00:00
Bill Fumerola
2a644691bc
Correct an arguement to ssh_add_identity, this matches what is currently
...
in ports/security/openssh/files/pam_ssh.c
PR: 22164
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by: green
Approved by: green
2000-11-25 01:55:42 +00:00
Ruslan Ermilov
e97407b4f2
mdoc(7) police: use the new features of the Nm macro.
2000-11-20 20:10:44 +00:00
Kris Kennaway
f743d11975
Fix a buffer overflow from a long local hostname.
...
Obtained from: OpenBSD
2000-11-19 10:08:26 +00:00
Brian Feldman
03e72be8c8
Add login_cap and login_access support. Previously, these FreeBSD-local
...
checks were only made when using the 1.x protocol.
2000-11-14 04:35:03 +00:00
Brian Feldman
4899dde749
Import a security fix: the client would allow a server to use its
...
ssh-agent or X11 forwarding even if it was disabled.
This is the vendor fix provided, not an actual revision of clientloop.c.
Submitted by: Markus Friedl <markus@OpenBSD.org> via kris
2000-11-14 03:51:53 +00:00
Brian Feldman
786df71457
This commit was generated by cvs2svn to compensate for changes in r68700,
...
which included commits to RCS files with non-trunk default branches.
2000-11-14 03:51:53 +00:00
Kris Kennaway
d153b54ab9
Update list of files to remove prior to import
2000-11-13 07:46:20 +00:00
Kris Kennaway
ae152dd3aa
Resolve conflicts, and garbage collect some local changes that are no
...
longer required
2000-11-13 02:20:29 +00:00
Kris Kennaway
ddd58736f0
Initial import of OpenSSL 0.9.6
2000-11-13 01:03:58 +00:00
Kris Kennaway
feb1e94b6a
This commit was generated by cvs2svn to compensate for changes in r68651,
...
which included commits to RCS files with non-trunk default branches.
2000-11-13 01:03:58 +00:00
Ruslan Ermilov
726b61ab5f
Avoid use of direct troff requests in mdoc(7) manual pages.
2000-11-10 17:46:15 +00:00