system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-09-22 01:34:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
84184 commits 77 branches 139 tags 3.4 GiB
Commit graph

535 commits

Author SHA1 Message Date
Kris Kennaway 3c738b5631 This commit was generated by cvs2svn to compensate for changes in r79998, 
which included commits to RCS files with non-trunk default branches.
 2001-07-19 19:59:37 +00:00
Ruslan Ermilov 1ee47d0673 vsnprintf() can return a value larger than the buffer size. 
Submitted by:	assar
Obtained from:	OpenBSD
 2001-07-19 18:58:31 +00:00
Ruslan Ermilov 5f10368c1d Fixed the exploitable remote buffer overflow. 
Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp
 2001-07-19 17:48:57 +00:00
Jacques Vidrine b33edd3956 Bug fix: When the client connects to a server and Kerberos 
authentication is  enabled, the  client effectively ignores  any error
from krb5_rd_rep due to a missing branch.

In  theory  this could  result  in  an  ssh  client using  Kerberos  5
authentication accepting  a spoofed  AP-REP.  I doubt  this is  a real
possiblity, however, because  the AP-REP is passed from  the server to
the client via the SSH  encrypted channel.  Any tampering should cause
the decryption or MAC to fail.

Approved by:	green
MFC after:	1 week
 2001-07-13 18:12:13 +00:00
Ruslan Ermilov 63919764c2 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
Brian Feldman d9769eeead Fix an incorrect conflict resolution which prevented TISAuthentication 
from working right in 2.9.
 2001-07-07 14:19:53 +00:00
Ruslan Ermilov df1cda58e4 mdoc(7) police: merge all fixes from non-crypto version. 2001-07-05 14:08:12 +00:00
Ruslan Ermilov a5493c1b77 MF non-crypto: 1.13: document -u in usage. 2001-07-05 14:06:27 +00:00
Brian Feldman a15906e7aa Also add a colon to "Bad passphrase, please try again ". 2001-06-29 16:43:13 +00:00
Brian Feldman 69b8e053cb Put in a missing colon in the "Enter passphrase" message. 2001-06-29 16:34:14 +00:00
Brian Feldman 0c82706bc0 Back out the last change which is probably actually a red herring. Argh! 2001-06-26 15:15:22 +00:00
Brian Feldman c3e2f3baec Don't pointlessly kill a channel because the first (forced) 
non-blocking read returns 0.

Now I can finally tunnel CVSUP again...
 2001-06-26 14:17:35 +00:00
Assar Westerlund c80b5a6353 fix merges from 0.3f 2001-06-21 02:21:57 +00:00
Assar Westerlund adb0ddaeac import of heimdal 0.3f 2001-06-21 02:12:07 +00:00
Assar Westerlund 362982da86 This commit was generated by cvs2svn to compensate for changes in r78527, 
which included commits to RCS files with non-trunk default branches.
 2001-06-21 02:12:07 +00:00
Assar Westerlund 07de0e4353 (do_authloop): handle !KRB4 && KRB5 2001-06-16 07:44:17 +00:00
Mark Murray 7e40a391bc Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does 
not imply that you want, need or have kerberosIV headers.
 2001-06-15 08:12:31 +00:00
Brian Feldman e7edf5a116 Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
Brian Feldman e9fd63dfdd Switch to the user's uid before attempting to unlink the auth forwarding 
file, nullifying the effects of a race.

Obtained from:	OpenBSD
 2001-06-08 22:22:09 +00:00
David E. O'Brien e8f64f5ebf Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason. 2001-05-24 07:22:08 +00:00
Matthew Dillon 7a2254dcf0 Oops, forgot the 'u' in the getopt for the previous commit. 2001-05-24 00:14:19 +00:00
Matthew Dillon e5c23e887b A feature to allow one to telnet to a unix domain socket. (MFC from 
non-crypto version)

Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.

Obtained from:   Lyndon Nerenberg <lyndon@orthanc.ab.ca>
 2001-05-23 22:54:07 +00:00
Kris Kennaway f06df90bde Resolve conflicts 2001-05-20 03:17:35 +00:00
Kris Kennaway 5740a5e34c Initial import of OpenSSL 0.9.6a 2001-05-20 03:07:21 +00:00
Kris Kennaway 4992dce6f6 This commit was generated by cvs2svn to compensate for changes in r76866, 
which included commits to RCS files with non-trunk default branches.
 2001-05-20 03:07:21 +00:00
David E. O'Brien d3ebe37cd0 Restore the RSA host key to /etc/ssh/ssh_host_key. 
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
 2001-05-18 18:10:02 +00:00
Nick Sayer 9286fd701f Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
Peter Wemm 64867478d8 Back out last commit. This was already fixed. This should never have 
happened, this is why we have commit mail expressly delivered to
committers.
 2001-05-17 03:14:42 +00:00
Peter Wemm d48d5be0d0 Fix the latest telnet breakage. Obviously this was never compiled. 2001-05-17 03:13:00 +00:00
Nick Sayer 1848e3d448 Since the root-on-insecure-tty code was added to telnetd, a dependency 
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
 2001-05-16 20:34:42 +00:00
Nick Sayer 166b3cb9a0 Make sure the protocol actively rejects bad data rather than 
(potentially) not responding to an invalid SRA 'auth is' message.
 2001-05-16 20:24:58 +00:00
Nick Sayer 8183ac8f53 srandomdev() affords us the opportunity to radically improve, and at the 
same time simplify, the random number selection code.
 2001-05-16 18:32:46 +00:00
Nick Sayer 60f581768d Catch any attempted buffer overflows. The magic numbers in this code 
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
 2001-05-16 18:27:09 +00:00
Nick Sayer e7157113a9 Catch malloc return failures. This should help avoid dereferencing NULL on 
low-memory situations.

Submitted by:	kris
 2001-05-16 18:17:55 +00:00
Peter Wemm cd189e1195 Hack to work around braindeath in libtelnet:sra.c. The sra.o file 
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
 2001-05-15 09:52:03 +00:00
Nick Sayer c7be24c970 If the uid of the attempted authentication is 0 and if the pty is 
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
 2001-05-15 04:47:14 +00:00
Brian Feldman 62c931e0a4 If a host would exceed 16 characters in the utmp entry, record only 
it's IP address/base host instead.

Submitted by:	brian
 2001-05-15 01:50:40 +00:00
Ruslan Ermilov bb60401e7a mdoc(7) police: finished fixing conflicts in revision 1.18. 2001-05-14 18:13:34 +00:00
Mark Murray fa83754c4e Fix make world in the kerberosIV case. 2001-05-11 09:36:17 +00:00
Assar Westerlund 66b166c994 merge imported changes into HEAD 2001-05-11 00:14:02 +00:00
Alfred Perlstein 2c917d39b2 Fix some of the handling in the pam module, don't unregister things 
that were never registered.  At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
 2001-05-09 03:40:37 +00:00
Brian Feldman 00e38eaf7f Since PAM is broken, let pam_setcred() failure be non-fatal. 2001-05-08 22:30:18 +00:00
Assar Westerlund a3204abff5 mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
Assar Westerlund 45524cd79e mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
Assar Westerlund d1edd0128c This commit was generated by cvs2svn to compensate for changes in r76371, 
which included commits to RCS files with non-trunk default branches.
 2001-05-08 14:57:13 +00:00
Nick Sayer 053c5b3a9e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
Brian Feldman 3817a12c9b sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc. 2001-05-05 13:48:13 +00:00
Brian Feldman 4c5de86978 Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates. 
(Missing Delta Brigade, tally-ho!)
 2001-05-05 01:12:45 +00:00
Brian Feldman 87767895f0 Get ssh(1) compiling with MAKE_KERBEROS5. 2001-05-04 04:37:49 +00:00
Brian Feldman 345012bf8b Remove obsoleted files. 2001-05-04 04:15:22 +00:00
Brian Feldman ca3176e7c8 Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Brian Feldman 1e8db6e2f6 Say "hi" to the latest in the OpenSSH series, version 2.9! 
Happy birthday to:	rwatson
 2001-05-04 03:57:05 +00:00
Brian Feldman 3ed16d1511 This commit was generated by cvs2svn to compensate for changes in r76259, 
which included commits to RCS files with non-trunk default branches.
 2001-05-04 03:57:05 +00:00
Brian Feldman 933ca70f8f Add a "VersionAddendum" configuration setting for sshd which allows 
anyone to easily change the part of the OpenSSH version after the main
version number.  The FreeBSD-specific version banner could be disabled
that way, for example:

# Call ourselves plain OpenSSH
VersionAddendum
 2001-05-03 00:29:28 +00:00
Brian Feldman 1f5ce8f412 Backout completely canonical lookup modifications. 2001-05-03 00:26:47 +00:00
Mark Murray b7ffbfee87 Toss into attic stuff we don't use. 2001-04-14 09:48:26 +00:00
Ruslan Ermilov 566f5a4859 mdoc(7) police: removed hard sentence breaks introduced in rev.1.10. 2001-04-13 08:49:52 +00:00
Nick Sayer 036790848a Clean up telnet's argument processing a bit. autologin and encryption is 
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
 2001-04-06 15:56:10 +00:00
Nick Sayer 6a1fe28e41 Reactivate SRA. 
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
 2001-04-05 14:09:15 +00:00
Brian Feldman 313cb084c4 Suggested by kris, OpenSSH shall have a version designated to note that 
it's not "plain" OpenSSH 2.3.0.
 2001-03-20 02:11:25 +00:00
Brian Feldman e0fbb1d2de Make password attacks based on traffic analysis harder by requiring that 
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.

Obtained from:	OpenBSD
 2001-03-20 02:06:40 +00:00
Nick Sayer 989efc86f5 Fix core noted in -stable with 'auth disable SRA'. 
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
 2001-03-18 09:44:25 +00:00
Jeroen Ruigrok van der Werven f7191d4fae Fix double mention of ssh. 
This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.

PR:		25743
Submitted by:	David Wolfskill <dhw@whistle.com>
 2001-03-15 09:24:40 +00:00
Brian Feldman e4fe1ca667 Don't dump core when an attempt is made to login using protocol 2 with 
an invalid user name.
 2001-03-15 03:15:18 +00:00
Assar Westerlund aeccfe991a (try_krb5_authentication): simplify code. from joda@netbsd.org 2001-03-13 04:42:38 +00:00
Assar Westerlund a16a9b0f1e Fix LP64 problem in Kerberos 5 TGT passing. 
Obtained from: NetBSD (done by thorpej@netbsd.org)
 2001-03-12 08:14:22 +00:00
Assar Westerlund bb330cd01e enable auto-negotiation of encrypt and decrypt 2001-03-12 03:54:48 +00:00
Assar Westerlund 02c9ff5b94 initialize pointers to NULL and sized to 0 to avoid free:ing invalid memory. 
PR:		bin/20779
 2001-03-12 03:48:03 +00:00
Brian Feldman 46c9472cd6 Reenable the SIGPIPE signal handler default in all cases for spawned 
sessions.
 2001-03-11 02:26:57 +00:00
Mark Murray a4f378438c Remove stuff that is really "ports material", generated files and 
stuff for other OS's. Also remove stuff (libraries) that are
already present in FreeBSD and must not get mixed up in our
code.
 2001-03-04 07:26:45 +00:00
Mark Murray c21f532945 Trim down the source tree a bit. We shouldn't have blatantly 
uncompilable bits in here (like X stuff), nor should we have
too much "ports material".
 2001-03-04 07:06:39 +00:00
Assar Westerlund cb96ab3672 Add code for being compatible with ssh.com's krb5 authentication. 
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR:		misc/20504
 2001-03-04 02:22:04 +00:00
Kris Kennaway b64f39b655 Resolve conflicts 2001-02-18 03:23:30 +00:00
Kris Kennaway de7cdddab1 Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10 2001-02-18 03:17:36 +00:00
Kris Kennaway a991678294 This commit was generated by cvs2svn to compensate for changes in r72613, 
which included commits to RCS files with non-trunk default branches.
 2001-02-18 03:17:36 +00:00
Paul Saab 8e97fe726f Make ConnectionsPerPeriod non-fatal for real. 2001-02-18 01:33:31 +00:00
Mark Murray 93f09f075a Fix a "make world"-breaking inconsistency for those folks making 
a world with both KRB4 and KRB5.
 2001-02-14 19:54:36 +00:00
Assar Westerlund 0346cda4f9 nuke conflict markers 2001-02-13 22:40:28 +00:00
Assar Westerlund c9e3f8cfb9 update to new heimdal libkrb5 2001-02-13 16:58:04 +00:00
Assar Westerlund 47085b17ae fix conflicts in heimdal 0.3e import 2001-02-13 16:52:56 +00:00
Assar Westerlund 5e9cd1ae3e import of heimdal 0.3e 2001-02-13 16:46:19 +00:00
Assar Westerlund c25d7ab741 This commit was generated by cvs2svn to compensate for changes in r72445, 
which included commits to RCS files with non-trunk default branches.
 2001-02-13 16:46:19 +00:00
Kris Kennaway a09221f83c Patches backported from later development version of OpenSSH which prevent 
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by:	rwatson
 2001-02-12 06:44:51 +00:00
Kris Kennaway e0834d8749 Note that crypto/ is not used to build in, people should see secure/ 
instead.
 2001-02-10 04:47:47 +00:00
Jeroen Ruigrok van der Werven 2b081e30cf Synch: Add $FreeBSD$. 2001-02-07 21:58:16 +00:00
Jeroen Ruigrok van der Werven 2fa72ea7d4 Fix typo: compatability -> compatibility. 
Compatability is not an existing english word.
 2001-02-06 12:05:58 +00:00
Jeroen Ruigrok van der Werven 9a01d32bfd Fix typo: seperate -> separate. 
Seperate does not exist in the english language.

Submitted to look at by:	kris
 2001-02-06 10:39:38 +00:00
Jeroen Ruigrok van der Werven 2cdd9c0332 Fix typo: wierd -> weird. 
There is no such thing as wierd in the english language.
 2001-02-06 09:32:26 +00:00
Brian Feldman ffd692be66 Correctly fill in the sun_len for a sockaddr_sun. 
Submitted by:	Alexander Leidinger <Alexander@leidinger.net>
 2001-02-04 20:23:17 +00:00
Brian Feldman a61d605eda MFS: Don't use the canonical hostname here, too. 2001-02-04 20:16:14 +00:00
Brian Feldman 895b03b1e8 MFF: Make ConnectionsPerPeriod usage a warning, not fatal. 2001-02-04 20:15:53 +00:00
Ruslan Ermilov f78fa00345 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 17:12:45 +00:00
Brian Feldman 926581ede3 Actually propagate back to the rest of the application that a command 
was specified when using -t mode with the SSH client.

Submitted by:	Dima Dorfman <dima@unixfreak.org>
 2001-01-21 05:45:27 +00:00
Brian Feldman ea0187039a /Really/ deprecate ConnectionsPerPeriod, ripping out the code for it 
and giving a dire error to its lingering users.
 2001-01-13 07:57:43 +00:00
Ruslan Ermilov 72c60cff38 Prepare for mdoc(7)NG. 2001-01-10 16:51:28 +00:00
Brian Feldman 39567f8cee Fix a long-standing bug that resulted in a dropped session sometimes 
when an X11-forwarded client was closed.  For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really).  Set SIGPIPE's handler to SIG_IGN.
 2001-01-06 21:15:07 +00:00
Assar Westerlund 6e3caa0833 fix conflicts from merge 2000-12-29 21:16:01 +00:00
Assar Westerlund 5ad8ddfb6f import krb4-1.0.5 2000-12-29 21:00:22 +00:00
Assar Westerlund 2a9bc9996c This commit was generated by cvs2svn to compensate for changes in r70494, 
which included commits to RCS files with non-trunk default branches.
 2000-12-29 21:00:22 +00:00
Assar Westerlund ee695f07e2 merge fix from vendor for not overwriting old ticket file 2000-12-10 21:01:33 +00:00
Assar Westerlund 45afb7befd This commit was generated by cvs2svn to compensate for changes in r69836, 
which included commits to RCS files with non-trunk default branches.
 2000-12-10 21:01:33 +00:00
Assar Westerlund 7a7ff9f80d merge fix from vendor for removing buffer overrun 2000-12-10 21:00:35 +00:00
Assar Westerlund a623f068e0 This commit was generated by cvs2svn to compensate for changes in r69833, 
which included commits to RCS files with non-trunk default branches.
 2000-12-10 21:00:35 +00:00
Assar Westerlund fcbc584c3b merge fix from vendor for not looking at environment variables 2000-12-10 20:59:35 +00:00
Assar Westerlund 46c48c19a2 This commit was generated by cvs2svn to compensate for changes in r69830, 
which included commits to RCS files with non-trunk default branches.
 2000-12-10 20:59:35 +00:00
Assar Westerlund ba688fa510 (scrub_env): change to only accept a listed set of variables, 
including only non-filename contents for TERMCAP
 2000-12-10 20:50:20 +00:00
Brian Feldman 099584266b Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>
 2000-12-05 02:55:12 +00:00
Brian Feldman 386879a128 Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
Brian Feldman 5b9b2fafd4 Import of OpenSSH 2.3.0 (virgin OpenBSD source release). 2000-12-05 02:20:19 +00:00
Brian Feldman 803a607983 This commit was generated by cvs2svn to compensate for changes in r69587, 
which included commits to RCS files with non-trunk default branches.
 2000-12-05 02:20:19 +00:00
Brian Somers 3c3d69579f Remove duplicate line 
Not responded to by: kris, then green
 2000-12-04 22:57:53 +00:00
Jeroen Ruigrok van der Werven acd1c3499e Add more environment variables to be filtered through scrub_env(). 
Synched from normal telnet.
 2000-11-30 13:14:54 +00:00
Jeroen Ruigrok van der Werven d904cf9f8e String paranoia fix. Synched from normal telnet. 2000-11-30 13:10:01 +00:00
Jeroen Ruigrok van der Werven 7e8f2fef03 String paranoia. Merged from regular telnet. 2000-11-30 10:55:25 +00:00
Kris Kennaway f6fd83ed27 Correct definition of MAXHOSTNAMELEN in ifdef'ed code. 
Submitted by:	Edwin Groothuis <mavetju@chello.nl>
PR:		bin/22787
 2000-11-26 21:37:51 +00:00
Brian Feldman ee510eab3f In env_destroy(), it is a bad idea to env_swap(self, 0) to switch 
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2000-11-25 02:00:35 +00:00
Bill Fumerola 2a644691bc Correct an arguement to ssh_add_identity, this matches what is currently 
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
 2000-11-25 01:55:42 +00:00
Ruslan Ermilov e97407b4f2 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
Kris Kennaway f743d11975 Fix a buffer overflow from a long local hostname. 
Obtained from:	OpenBSD
 2000-11-19 10:08:26 +00:00
Brian Feldman 03e72be8c8 Add login_cap and login_access support. Previously, these FreeBSD-local 
checks were only made when using the 1.x protocol.
 2000-11-14 04:35:03 +00:00
Brian Feldman 4899dde749 Import a security fix: the client would allow a server to use its 
ssh-agent or X11 forwarding even if it was disabled.

This is the vendor fix provided, not an actual revision of clientloop.c.

Submitted by:	Markus Friedl <markus@OpenBSD.org> via kris
 2000-11-14 03:51:53 +00:00
Brian Feldman 786df71457 This commit was generated by cvs2svn to compensate for changes in r68700, 
which included commits to RCS files with non-trunk default branches.
 2000-11-14 03:51:53 +00:00
Kris Kennaway d153b54ab9 Update list of files to remove prior to import 2000-11-13 07:46:20 +00:00
Kris Kennaway ae152dd3aa Resolve conflicts, and garbage collect some local changes that are no 
longer required
 2000-11-13 02:20:29 +00:00
Kris Kennaway ddd58736f0 Initial import of OpenSSL 0.9.6 2000-11-13 01:03:58 +00:00
Kris Kennaway feb1e94b6a This commit was generated by cvs2svn to compensate for changes in r68651, 
which included commits to RCS files with non-trunk default branches.
 2000-11-13 01:03:58 +00:00
Ruslan Ermilov 726b61ab5f Avoid use of direct troff requests in mdoc(7) manual pages. 2000-11-10 17:46:15 +00:00
Doug Barton ea8f54b543 Add a CVS Id tag 2000-10-29 10:00:58 +00:00
Kris Kennaway 579c78c7f6 Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY 2000-10-29 00:10:14 +00:00
Brian Feldman 4a950c224b Fix a few style oddities. 2000-09-10 18:04:12 +00:00
Brian Feldman dd5f9dffd6 Fix a goof in timevaldiff. 2000-09-10 18:03:46 +00:00
Kris Kennaway b8c2df609a Remove files no longer present in OpenSSH 2.2.0 and beyond 2000-09-10 10:26:07 +00:00
Kris Kennaway c2d3a5594b Resolve conflicts and update for OpenSSH 2.2.0 
Reviewed by:	gshapiro, peter, green
 2000-09-10 09:35:38 +00:00
Kris Kennaway b66f2d16a0 Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 2000-09-10 08:31:17 +00:00
Kris Kennaway c7b5135400 This commit was generated by cvs2svn to compensate for changes in r65668, 
which included commits to RCS files with non-trunk default branches.
 2000-09-10 08:31:17 +00:00
Kris Kennaway 690a362571 Nuke RSAREF support from orbit. 
It's the only way to be sure.
 2000-09-10 00:09:37 +00:00
Kris Kennaway 5ed779ad1e ttyname was not being passed into do_login(), so we were erroneously picking 
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by:	peter
 2000-09-04 08:43:05 +00:00
Kris Kennaway cabf13fcdb bzero() the struct timeval for paranoia 
Submitted by:	gshapiro
 2000-09-03 07:58:35 +00:00
Kris Kennaway 939c32909c Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody 
was using this feature.
 2000-09-02 07:32:05 +00:00
Kris Kennaway 80bbcbe344 Repair a broken conflict resolution in r1.2 which had the effect of nullifying 
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".

Submitted by:	gshapiro
 2000-09-02 05:40:50 +00:00
Kris Kennaway 14ef7e2794 Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh! 
Submitted by:	gshapiro
 2000-09-02 04:41:33 +00:00
Kris Kennaway ac70abf4bc Re-add missing "break" which was lost during a previous patch 
integration. This currently has no effect.

Submitted by:	gshapiro
 2000-09-02 04:37:51 +00:00
Kris Kennaway 1610cd7fa6 Turn on X11Forwarding by default on the server. Any risk is to the client, 
where it is already disabled by default.

Reminded by:	peter
 2000-09-02 03:49:22 +00:00
Kris Kennaway b87db7cec0 Increase the default value of LoginGraceTime from 60 seconds to 120 
seconds.

PR:		20488
Submitted by:	rwatson
 2000-08-23 09:47:25 +00:00
Kris Kennaway 4d858ef441 Respect X11BASE to derive the location of xauth(1) 
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
 2000-08-23 09:39:20 +00:00
Kris Kennaway b904de74b0 Fix setproctitle() and syslog() vulnerabilities. 2000-08-13 05:23:23 +00:00
Kris Kennaway 9ef8fb5b06 This commit was generated by cvs2svn to compensate for changes in r64593, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 05:23:23 +00:00
Kris Kennaway 9c47a2dba1 Fix benign bugs due to missing format string in err() and warn(). 
Approved by:	assar (vendor :-)
 2000-08-13 04:46:54 +00:00
Kris Kennaway b58b0cb1d2 This commit was generated by cvs2svn to compensate for changes in r64583, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 04:46:54 +00:00
Kris Kennaway c26927949d Fix setproctitle() vulnerability in non-compiled code. 2000-08-13 04:35:43 +00:00
Jeroen Ruigrok van der Werven f30cce5c6c Chalk up another phkmalloc victim. 
It seems as if uninitialised memory was the culprit.

We may want to contribute this back to the OpenSSH project.

Submitted by:	Alexander Leidinger <Alexander@Leidinger.net> on -current.
 2000-08-01 08:07:15 +00:00
Alexander Langer 6877e653a0 Crypto sources are no longer export controlled: 
Explain, why crypto sources are still in crypto/.

Reviewed by:	markm
 2000-07-31 12:24:13 +00:00
Jeroen Ruigrok van der Werven 870fb37275 Fix a weird typo, is -> are. 
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.

Submitted by:	Jon Perkin <sketchy@netcraft.com>
 2000-07-27 19:21:15 +00:00
Mark Ovens 85ea01646c Fixed a minor typo in the header. 
Pointed out by:	asmodai
 2000-07-27 17:21:07 +00:00
Mark Ovens 2abceb0402 Committed, Thanks!! 
PR:		20108
Submitted by:	Doug Lee
 2000-07-25 16:49:48 +00:00
Hajimu UMEMOTO c847fdb1f9 Fix buffer size of ALIGNed buffer. 
PR:		bin/20053
Submitted by:	Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
 2000-07-20 14:54:04 +00:00
Assar Westerlund b3e7de4b6e merge in syslog fixes, do not call syslog with variabel as format string 2000-07-20 05:43:55 +00:00
Peter Wemm ecece7e319 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
Nick Sayer 67bf7a0ac8 Fix 'telnet -X sra' coredump 
PR# 19835
 2000-07-11 15:04:05 +00:00
Peter Wemm 365c420eb1 Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes) 2000-07-11 09:54:24 +00:00
Peter Wemm 44de2297a4 Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600. 2000-07-11 09:52:14 +00:00
Peter Wemm e213d985b2 Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but 
sshd's internal default was 'yes'.  (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)

Approved by: kris
 2000-07-11 09:50:15 +00:00
Peter Wemm a3d6796930 Make FallBackToRsh off by default. Falling back to rsh by default is 
silly in this day and age.

Approved by: kris
 2000-07-11 09:39:34 +00:00
Kris Kennaway 19a32101dd Don't call printf with no format string. 2000-07-10 05:16:59 +00:00
Hajimu UMEMOTO 1c60903414 Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA 
change (getaddrinfo.c rev 1.12).
 2000-07-08 05:22:00 +00:00
Jun-ichiro itojun Hagino 7e154dad2e sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org 2000-07-07 12:35:05 +00:00
Brian Feldman c8ef594c0f Allow restarting on SIGHUP when the full path was not given as argv[0]. 
We do have /proc/curproc/file :)
 2000-07-04 06:43:26 +00:00
Brian Feldman 21deafa350 So /this/ is what has made OpenSSH's SSHv2 support never work right! 
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
 2000-06-27 21:16:06 +00:00
Brian Feldman c342fc930b Also make sure to close the socket that exceeds your rate limit. 2000-06-26 23:39:26 +00:00
Brian Feldman 7e03cf33e9 Make rate limiting work per-listening-socket. Log better messages than 
before for this, requiring a new function (get_ipaddr()).  canohost.c
receives a $FreeBSD$ line.

Suggested by:	Niels Provos <niels@OpenBSD.org>
 2000-06-26 05:44:23 +00:00
Mark Murray ce09ad5098 MFI. This is a documentation-only, diffreducing patch, that if 
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
 2000-06-24 06:50:58 +00:00
Mark Murray 4fe82c1303 Grrr. I hate CVS. These were supposed to be committed when I did the 
IDEA fix earlier today.

Bring back IDEA from the dead (but not compiled by default).
 2000-06-19 21:09:27 +00:00
Mark Murray 84fa01da81 Re-add IDEA. This is not actually built unless asked for by the user. 
(To avoid patent hassles).
 2000-06-19 13:59:34 +00:00
Kris Kennaway fb633b3056 Fix syntax error in previous commit. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-06-11 21:41:25 +00:00
Kris Kennaway 95e2a710ad Fix security botch in "UseLogin Yes" case: commands are executed with 
uid 0.

Obtained from:	OpenBSD
 2000-06-10 22:32:57 +00:00
Ruslan Ermilov b3ba283ebe Make `ssh-agent -k' work for csh(1)-like shells. 2000-06-10 14:14:28 +00:00
Brian Feldman 2803b77e52 Allow "DenyUsers" to function. 2000-06-06 06:16:55 +00:00
Kris Kennaway c322fe352d Resolve conflicts 2000-06-03 09:58:15 +00:00
Kris Kennaway 2632b0c875 Initial import of OpenSSH snapshot from 2000/05/30 
Obtained from:	OpenBSD
 2000-06-03 09:52:37 +00:00
Kris Kennaway 7513668808 This commit was generated by cvs2svn to compensate for changes in r61209, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:52:37 +00:00
Kris Kennaway cfa18fd2ba Resolve conflicts 2000-06-03 09:23:13 +00:00
Kris Kennaway 87e372b8a2 Import from vendor repository. 
Obtained from:	OpenBSD
 2000-06-03 09:20:19 +00:00
Kris Kennaway 48fb0b1aa9 This commit was generated by cvs2svn to compensate for changes in r61206, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:20:19 +00:00
Kris Kennaway db1cb46ca2 Bring vendor patches onto the main branch, and resolve conflicts. 2000-06-03 07:31:44 +00:00
Kris Kennaway 1ae2db81a5 Import vendor patches: the first is written by 
Brian Feldman <green@FreeBSD.org>

* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)

Submitted by:	green
Obtained from:	OpenBSD
 2000-06-03 07:18:09 +00:00
Kris Kennaway 7567fde002 This commit was generated by cvs2svn to compensate for changes in r61201, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:18:09 +00:00
Kris Kennaway fcee55a281 Import vendor patch originally submitted by the below author: don't 
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.

Submitted by:	Jan Koum <jkb@yahoo-inc.com>
 2000-06-03 07:06:14 +00:00
Kris Kennaway 6298712178 This commit was generated by cvs2svn to compensate for changes in r61199, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:06:14 +00:00
Kris Kennaway 830ccf58ce Import vendor fix: "fix key_read() for uuencoded keys w/o '='" 
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.

Submitted by:	Christian Weisgerber <naddy@mips.inka.de>
Obtained from:	OpenBSD
 2000-06-03 06:51:30 +00:00
Kris Kennaway 4f00f8562d Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
Jake Burkholder e39756439c Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
Jake Burkholder 740a1973a6 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
Andrey A. Chernov a4bc7676d4 Turn on CheckMail to be more login-compatible by default 2000-05-23 06:06:54 +00:00
Brian Somers 73813569e4 Don't USE_PIPES 
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
 2000-05-22 09:51:18 +00:00
Kris Kennaway ba0c6b0830 Correct two stupid typos in the DSA key location. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-05-18 06:04:23 +00:00
Kris Kennaway b787acb5e3 Unbreak Kerberos5 compilation. This still remains untested. 
Noticed by:	obrien
 2000-05-17 08:06:20 +00:00
Kris Kennaway e551e5eafa Oops, rename S/Key to Opie in line with FreeBSD usage. 2000-05-15 06:11:30 +00:00
Kris Kennaway 0c11f6e187 Create a DSA host key if one does not already exist, and teach sshd_config 
about it.
 2000-05-15 05:40:27 +00:00
Kris Kennaway e8aafc91b5 Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00
Kris Kennaway a04a10f891 Initial import of OpenSSH v2.1. 2000-05-15 04:37:24 +00:00
Kris Kennaway fe01acb846 This commit was generated by cvs2svn to compensate for changes in r60573, 
which included commits to RCS files with non-trunk default branches.
 2000-05-15 04:37:24 +00:00
Nik Clayton 699cc2f5e1 Note that X11 Forwarding is off by default. 
PR:             docs/17566
Submitted by:   Keith Stevenson <ktstev01@louisville.edu>
 2000-04-30 22:41:58 +00:00
Mark Murray 79eb2b5421 MFF: catch up with FreeFall 2000-04-19 21:20:54 +00:00
Kris Kennaway 9a823cff39 If stderr is closed, report the error message about missing libraries 
via syslog instead.

Reviewed by:	jkh
 2000-04-18 06:25:24 +00:00
Mark Murray 3c6b6b90c7 Internat diff reducer. 2000-04-16 17:49:31 +00:00
Mark Murray 07c567b8ec Virgin import of OpenSSL v0.9.5a 2000-04-16 16:03:07 +00:00
Mark Murray ef781a073e This commit was generated by cvs2svn to compensate for changes in r59281, 
which included commits to RCS files with non-trunk default branches.
 2000-04-16 16:03:07 +00:00
Kris Kennaway 7e7159cbdc Resolve conflicts. 2000-04-13 07:15:03 +00:00
Kris Kennaway f579bf8ec7 Initial import of OpenSSL 0.9.5a 2000-04-13 06:33:22 +00:00
Kris Kennaway 193faf8655 This commit was generated by cvs2svn to compensate for changes in r59191, 
which included commits to RCS files with non-trunk default branches.
 2000-04-13 06:33:22 +00:00
Kris Kennaway 2d773b269e Correct a typo and interchanged library names 
Submitted by:	Ben Rosengart <ben@narcissus.net>
		Matthew D. Fuller <fullermd@futuresouth.com>
 2000-04-05 04:09:51 +00:00
Kris Kennaway e31adaffd9 Fix a memory leak. 
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
 2000-03-29 08:24:37 +00:00
Kris Kennaway 18fa3c2ec9 #include <ssl/foo.h> -> #include <openssl/foo.h> 2000-03-26 10:00:28 +00:00
Kris Kennaway 3c6ae11886 Resolve conflicts. 2000-03-26 07:37:48 +00:00
Kris Kennaway a8f6863aa6 Virgin import of OpenSSH sources dated 2000/03/25 2000-03-26 07:07:24 +00:00
Kris Kennaway cc99d7f2df This commit was generated by cvs2svn to compensate for changes in r58582, 
which included commits to RCS files with non-trunk default branches.
 2000-03-26 07:07:24 +00:00
Kris Kennaway 6aae670844 Don't refer to the openssl handbook chapter by name - the doc guys keep 
jamming new chapters in front of it :)
 2000-03-25 07:28:18 +00:00
Brian Somers 727214e9b8 Use pipe() instead of socketpair() in sshd when communicating 
with the client.
This allows ppp/ssh style tunnels to function again.

Ok'd by:	markk
Submitted by:	markk@knigma.org
 2000-03-24 15:39:37 +00:00
Mike Pritchard 5c51cd6437 Fix a few spelling errors. 2000-03-24 02:26:54 +00:00
Sheldon Hearn 962a3f4e81 IgnoreUserKnownHosts is a boolean flag, not an integer value. 
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.

PR:		17027
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Obtained from:	OpenBSD
 2000-03-22 09:36:35 +00:00
Kris Kennaway 9fd4066575 Add a new function stub to libcrypto() which resolves to a symbol in 
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
 2000-03-13 09:55:53 +00:00
Kris Kennaway 6a8633db4e Various manpage style/grammar/formatting cleanups 
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar
PR:		17292 (remainder of)
 2000-03-13 00:17:43 +00:00
Nik Clayton 8ff0a8c302 - typos 
- Add double spaces following full stops to improve typeset output
- mdoc-ification.  (Though I'm uncertain whether option values and
  contents should be .Dq or something else).
- Fix a missed /etc/ssh change
- Expand wording on RandomSeed and behaviour when X11 isn't forwarded.
- Change examples to literal mode.
- Trim trailing whitespace

PR:		docs/17292
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
 2000-03-10 11:48:49 +00:00
Mark Murray c59bf09996 Make LOGIN_CAP work properly. 2000-03-09 14:52:31 +00:00
Kris Kennaway 2134165c54 /etc -> /etc/ssh 
Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
 2000-03-08 03:44:00 +00:00
John Hay 2216ad9c7e MFI: Use krb5 functions in krb5 files. 
Reviewed by:	markm
 2000-03-03 20:31:58 +00:00
Yoshinobu Inoue 137d85e410 Replace structure copy form ifreq obtained by SIOCGIFADDR 
to memcpy(), to avoid unaligned access trap on alpha.

Approved by: jkh
 2000-03-03 13:05:00 +00:00
Yoshinobu Inoue 46ad1c2366 CMSG_XXX macros alignment fixes to follow RFC2292. 
Approved by: jkh
 2000-03-03 12:50:46 +00:00
Brian Feldman 5dc73ebebe Turn off X11 forwarding in the client. X11 forwarding in the server by 
default should probably also get turned on, now.

Requested by:	kris
Obtained from:	OpenBSD
 2000-03-03 05:58:39 +00:00
Kris Kennaway 1d32417468 Update the wording on the error message when libcrypto.so can't find an 
RSA library.

Reviewed by:	peter, jkh
 2000-03-02 06:21:02 +00:00
Hajimu UMEMOTO e51ec40ec8 Enable connection logging. FreeBSD's libwrap is IPv6 ready. 
OpenSSH is in our source tree, now.  It's a time to enable it.

Reviewed by:	markm, shin
Approved by:	jkh
 2000-02-29 19:37:04 +00:00
Mark Murray fe5fd0173b 1) Add kerberos5 functionality. 
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
   by Andrey Chernov
 2000-02-28 19:03:50 +00:00
Brian Somers ccd16b43ed Don't put truncated hostnames in utmp 
Approved by: jkh
 2000-02-28 18:51:30 +00:00
Peter Wemm 6f35016f23 Sync with internat.freebsd.org; weak symbols vs static libs == trouble 2000-02-26 16:57:17 +00:00
Peter Wemm 7d8acc815a Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot. 2000-02-26 14:20:18 +00:00
Peter Wemm 4198e0cb8b Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) 
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.
 2000-02-26 13:19:18 +00:00
Peter Wemm 9fa5f5fd96 Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) 
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.
 2000-02-26 13:13:03 +00:00
Peter Wemm b70ab85b2b At great personal risk (to my already fragile sanity), reorganize 
the rsa stubs for libcrypto.  libcrypto.so now uses dlopen() to
implement the backends for either the native or rsaref implemented
RSA code.
This involves:
- unifying the libcrypto and openssl(1) source so there is no
  #ifdef RSAref variations.
- using weak symbols and dlopen()/dlsym() routines to access the
  rsa method vectors.

Releases will enable the user to choose International, US (rsaref) or
no RSA code at install time.
'make world' will DTRT depending on whether you have the international
or US source.  For US users, you must either install rsaref (the port
or package) or (if you don't fear RSA Inc) use the (superior)
International rsa_eay.c code.

This has been discussed at great length by the affected folks and even
we have a great deal of confusion.  This is a checkpoint so we can tune
the results.  This works for me in all permutations I can think of and
should result in a CD/ftp 'release' just about doing the right thing now.
 2000-02-26 13:06:55 +00:00
Peter Wemm 2307080405 Redo this with a repo copy from the original file and reset the 
__PREFIX__ markers.
 2000-02-26 09:59:14 +00:00
Peter Wemm 4d3289a849 oops, update path to /etc/ssh/ssh_host_key 2000-02-26 02:24:38 +00:00
Peter Wemm 9ceffc938a Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh 2000-02-25 14:25:10 +00:00
Peter Wemm 150f7c198f Don't use the dlopen() stubs if comiling with PIC. This still 
needs some more thought for the static case.  Should we provide weak
error-generating stubs for static binaries if -lrsaref was forgotten?
 2000-02-25 08:13:50 +00:00
Brian Feldman 8261034302 Fix a bug that crawled in pretty recently (from the port). It made 
sshd coredump :(
 2000-02-25 05:22:14 +00:00
Peter Wemm 38ba484ce1 Fix garbage in SSH_PROGRAM (only on freefall, not internat) 2000-02-25 04:41:06 +00:00
Brian Feldman a95c122521 Make "CheckHostIP" default to off. This was proposed on -security and 
earlier IRC, but despite my inital feeling against it, this seems
the more proper thing to do.

Proposed by:	rwatson
 2000-02-25 03:04:29 +00:00
Brian Feldman 18a711954e The includes must be <openssl/.*\.h>, not <ssl/.*\.h>. 2000-02-25 01:53:12 +00:00
Mark Murray b719e3c926 remove more ports crud. 2000-02-24 23:54:00 +00:00
Mark Murray 6ecb050733 remove ports junk 2000-02-24 23:46:38 +00:00
Mark Murray c7aee9a208 Use libcrypto instead of libdes. 2000-02-24 20:21:16 +00:00
Mark Murray bfb672b22a RIP libdes. All hail libcrypto! 2000-02-24 19:35:08 +00:00