system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-24 03:37:16 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
292477 commits 76 branches 138 tags 3.4 GiB
Commit graph

1302 commits

Author SHA1 Message Date
Kris Kennaway b66f2d16a0 Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 2000-09-10 08:31:17 +00:00
Kris Kennaway c7b5135400 This commit was generated by cvs2svn to compensate for changes in r65668, 
which included commits to RCS files with non-trunk default branches.
 2000-09-10 08:31:17 +00:00
Kris Kennaway 690a362571 Nuke RSAREF support from orbit. 
It's the only way to be sure.
 2000-09-10 00:09:37 +00:00
Kris Kennaway 5ed779ad1e ttyname was not being passed into do_login(), so we were erroneously picking 
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by:	peter
 2000-09-04 08:43:05 +00:00
Kris Kennaway cabf13fcdb bzero() the struct timeval for paranoia 
Submitted by:	gshapiro
 2000-09-03 07:58:35 +00:00
Kris Kennaway 939c32909c Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody 
was using this feature.
 2000-09-02 07:32:05 +00:00
Kris Kennaway 80bbcbe344 Repair a broken conflict resolution in r1.2 which had the effect of nullifying 
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".

Submitted by:	gshapiro
 2000-09-02 05:40:50 +00:00
Kris Kennaway 14ef7e2794 Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh! 
Submitted by:	gshapiro
 2000-09-02 04:41:33 +00:00
Kris Kennaway ac70abf4bc Re-add missing "break" which was lost during a previous patch 
integration. This currently has no effect.

Submitted by:	gshapiro
 2000-09-02 04:37:51 +00:00
Kris Kennaway 1610cd7fa6 Turn on X11Forwarding by default on the server. Any risk is to the client, 
where it is already disabled by default.

Reminded by:	peter
 2000-09-02 03:49:22 +00:00
Kris Kennaway b87db7cec0 Increase the default value of LoginGraceTime from 60 seconds to 120 
seconds.

PR:		20488
Submitted by:	rwatson
 2000-08-23 09:47:25 +00:00
Kris Kennaway 4d858ef441 Respect X11BASE to derive the location of xauth(1) 
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
 2000-08-23 09:39:20 +00:00
Kris Kennaway b904de74b0 Fix setproctitle() and syslog() vulnerabilities. 2000-08-13 05:23:23 +00:00
Kris Kennaway 9ef8fb5b06 This commit was generated by cvs2svn to compensate for changes in r64593, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 05:23:23 +00:00
Kris Kennaway 9c47a2dba1 Fix benign bugs due to missing format string in err() and warn(). 
Approved by:	assar (vendor :-)
 2000-08-13 04:46:54 +00:00
Kris Kennaway b58b0cb1d2 This commit was generated by cvs2svn to compensate for changes in r64583, 
which included commits to RCS files with non-trunk default branches.
 2000-08-13 04:46:54 +00:00
Kris Kennaway c26927949d Fix setproctitle() vulnerability in non-compiled code. 2000-08-13 04:35:43 +00:00
Jeroen Ruigrok van der Werven f30cce5c6c Chalk up another phkmalloc victim. 
It seems as if uninitialised memory was the culprit.

We may want to contribute this back to the OpenSSH project.

Submitted by:	Alexander Leidinger <Alexander@Leidinger.net> on -current.
 2000-08-01 08:07:15 +00:00
Alexander Langer 6877e653a0 Crypto sources are no longer export controlled: 
Explain, why crypto sources are still in crypto/.

Reviewed by:	markm
 2000-07-31 12:24:13 +00:00
Jeroen Ruigrok van der Werven 870fb37275 Fix a weird typo, is -> are. 
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.

Submitted by:	Jon Perkin <sketchy@netcraft.com>
 2000-07-27 19:21:15 +00:00
Mark Ovens 85ea01646c Fixed a minor typo in the header. 
Pointed out by:	asmodai
 2000-07-27 17:21:07 +00:00
Mark Ovens 2abceb0402 Committed, Thanks!! 
PR:		20108
Submitted by:	Doug Lee
 2000-07-25 16:49:48 +00:00
Hajimu UMEMOTO c847fdb1f9 Fix buffer size of ALIGNed buffer. 
PR:		bin/20053
Submitted by:	Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
 2000-07-20 14:54:04 +00:00
Assar Westerlund b3e7de4b6e merge in syslog fixes, do not call syslog with variabel as format string 2000-07-20 05:43:55 +00:00
Peter Wemm ecece7e319 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
Nick Sayer 67bf7a0ac8 Fix 'telnet -X sra' coredump 
PR# 19835
 2000-07-11 15:04:05 +00:00
Peter Wemm 365c420eb1 Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes) 2000-07-11 09:54:24 +00:00
Peter Wemm 44de2297a4 Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600. 2000-07-11 09:52:14 +00:00
Peter Wemm e213d985b2 Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but 
sshd's internal default was 'yes'.  (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)

Approved by: kris
 2000-07-11 09:50:15 +00:00
Peter Wemm a3d6796930 Make FallBackToRsh off by default. Falling back to rsh by default is 
silly in this day and age.

Approved by: kris
 2000-07-11 09:39:34 +00:00
Kris Kennaway 19a32101dd Don't call printf with no format string. 2000-07-10 05:16:59 +00:00
Hajimu UMEMOTO 1c60903414 Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA 
change (getaddrinfo.c rev 1.12).
 2000-07-08 05:22:00 +00:00
Jun-ichiro itojun Hagino 7e154dad2e sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org 2000-07-07 12:35:05 +00:00
Brian Feldman c8ef594c0f Allow restarting on SIGHUP when the full path was not given as argv[0]. 
We do have /proc/curproc/file :)
 2000-07-04 06:43:26 +00:00
Brian Feldman 21deafa350 So /this/ is what has made OpenSSH's SSHv2 support never work right! 
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.
 2000-06-27 21:16:06 +00:00
Brian Feldman c342fc930b Also make sure to close the socket that exceeds your rate limit. 2000-06-26 23:39:26 +00:00
Brian Feldman 7e03cf33e9 Make rate limiting work per-listening-socket. Log better messages than 
before for this, requiring a new function (get_ipaddr()).  canohost.c
receives a $FreeBSD$ line.

Suggested by:	Niels Provos <niels@OpenBSD.org>
 2000-06-26 05:44:23 +00:00
Mark Murray ce09ad5098 MFI. This is a documentation-only, diffreducing patch, that if 
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
 2000-06-24 06:50:58 +00:00
Mark Murray 4fe82c1303 Grrr. I hate CVS. These were supposed to be committed when I did the 
IDEA fix earlier today.

Bring back IDEA from the dead (but not compiled by default).
 2000-06-19 21:09:27 +00:00
Mark Murray 84fa01da81 Re-add IDEA. This is not actually built unless asked for by the user. 
(To avoid patent hassles).
 2000-06-19 13:59:34 +00:00
Kris Kennaway fb633b3056 Fix syntax error in previous commit. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-06-11 21:41:25 +00:00
Kris Kennaway 95e2a710ad Fix security botch in "UseLogin Yes" case: commands are executed with 
uid 0.

Obtained from:	OpenBSD
 2000-06-10 22:32:57 +00:00
Ruslan Ermilov b3ba283ebe Make `ssh-agent -k' work for csh(1)-like shells. 2000-06-10 14:14:28 +00:00
Brian Feldman 2803b77e52 Allow "DenyUsers" to function. 2000-06-06 06:16:55 +00:00
Kris Kennaway c322fe352d Resolve conflicts 2000-06-03 09:58:15 +00:00
Kris Kennaway 2632b0c875 Initial import of OpenSSH snapshot from 2000/05/30 
Obtained from:	OpenBSD
 2000-06-03 09:52:37 +00:00
Kris Kennaway 7513668808 This commit was generated by cvs2svn to compensate for changes in r61209, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:52:37 +00:00
Kris Kennaway cfa18fd2ba Resolve conflicts 2000-06-03 09:23:13 +00:00
Kris Kennaway 87e372b8a2 Import from vendor repository. 
Obtained from:	OpenBSD
 2000-06-03 09:20:19 +00:00
Kris Kennaway 48fb0b1aa9 This commit was generated by cvs2svn to compensate for changes in r61206, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 09:20:19 +00:00
Kris Kennaway db1cb46ca2 Bring vendor patches onto the main branch, and resolve conflicts. 2000-06-03 07:31:44 +00:00
Kris Kennaway 1ae2db81a5 Import vendor patches: the first is written by 
Brian Feldman <green@FreeBSD.org>

* Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC)
* Disable agent forwarding by default in the client (security risk)

Submitted by:	green
Obtained from:	OpenBSD
 2000-06-03 07:18:09 +00:00
Kris Kennaway 7567fde002 This commit was generated by cvs2svn to compensate for changes in r61201, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:18:09 +00:00
Kris Kennaway fcee55a281 Import vendor patch originally submitted by the below author: don't 
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.

Submitted by:	Jan Koum <jkb@yahoo-inc.com>
 2000-06-03 07:06:14 +00:00
Kris Kennaway 6298712178 This commit was generated by cvs2svn to compensate for changes in r61199, 
which included commits to RCS files with non-trunk default branches.
 2000-06-03 07:06:14 +00:00
Kris Kennaway 830ccf58ce Import vendor fix: "fix key_read() for uuencoded keys w/o '='" 
This bug caused OpenSSH not to recognise some of the DSA keys it
generated.

Submitted by:	Christian Weisgerber <naddy@mips.inka.de>
Obtained from:	OpenBSD
 2000-06-03 06:51:30 +00:00
Kris Kennaway 4f00f8562d Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
Jake Burkholder e39756439c Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
Jake Burkholder 740a1973a6 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
Andrey A. Chernov a4bc7676d4 Turn on CheckMail to be more login-compatible by default 2000-05-23 06:06:54 +00:00
Brian Somers 73813569e4 Don't USE_PIPES 
Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org
 2000-05-22 09:51:18 +00:00
Kris Kennaway ba0c6b0830 Correct two stupid typos in the DSA key location. 
Submitted by:	Udo Schweigert <ust@cert.siemens.de>
 2000-05-18 06:04:23 +00:00
Kris Kennaway b787acb5e3 Unbreak Kerberos5 compilation. This still remains untested. 
Noticed by:	obrien
 2000-05-17 08:06:20 +00:00
Kris Kennaway e551e5eafa Oops, rename S/Key to Opie in line with FreeBSD usage. 2000-05-15 06:11:30 +00:00
Kris Kennaway 0c11f6e187 Create a DSA host key if one does not already exist, and teach sshd_config 
about it.
 2000-05-15 05:40:27 +00:00
Kris Kennaway e8aafc91b5 Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00
Kris Kennaway a04a10f891 Initial import of OpenSSH v2.1. 2000-05-15 04:37:24 +00:00
Kris Kennaway fe01acb846 This commit was generated by cvs2svn to compensate for changes in r60573, 
which included commits to RCS files with non-trunk default branches.
 2000-05-15 04:37:24 +00:00
Nik Clayton 699cc2f5e1 Note that X11 Forwarding is off by default. 
PR:             docs/17566
Submitted by:   Keith Stevenson <ktstev01@louisville.edu>
 2000-04-30 22:41:58 +00:00
Mark Murray 79eb2b5421 MFF: catch up with FreeFall 2000-04-19 21:20:54 +00:00
Kris Kennaway 9a823cff39 If stderr is closed, report the error message about missing libraries 
via syslog instead.

Reviewed by:	jkh
 2000-04-18 06:25:24 +00:00
Mark Murray 3c6b6b90c7 Internat diff reducer. 2000-04-16 17:49:31 +00:00
Mark Murray 07c567b8ec Virgin import of OpenSSL v0.9.5a 2000-04-16 16:03:07 +00:00
Mark Murray ef781a073e This commit was generated by cvs2svn to compensate for changes in r59281, 
which included commits to RCS files with non-trunk default branches.
 2000-04-16 16:03:07 +00:00
Kris Kennaway 7e7159cbdc Resolve conflicts. 2000-04-13 07:15:03 +00:00
Kris Kennaway f579bf8ec7 Initial import of OpenSSL 0.9.5a 2000-04-13 06:33:22 +00:00
Kris Kennaway 193faf8655 This commit was generated by cvs2svn to compensate for changes in r59191, 
which included commits to RCS files with non-trunk default branches.
 2000-04-13 06:33:22 +00:00
Kris Kennaway 2d773b269e Correct a typo and interchanged library names 
Submitted by:	Ben Rosengart <ben@narcissus.net>
		Matthew D. Fuller <fullermd@futuresouth.com>
 2000-04-05 04:09:51 +00:00
Kris Kennaway e31adaffd9 Fix a memory leak. 
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
 2000-03-29 08:24:37 +00:00
Kris Kennaway 18fa3c2ec9 #include <ssl/foo.h> -> #include <openssl/foo.h> 2000-03-26 10:00:28 +00:00
Kris Kennaway 3c6ae11886 Resolve conflicts. 2000-03-26 07:37:48 +00:00
Kris Kennaway a8f6863aa6 Virgin import of OpenSSH sources dated 2000/03/25 2000-03-26 07:07:24 +00:00
Kris Kennaway cc99d7f2df This commit was generated by cvs2svn to compensate for changes in r58582, 
which included commits to RCS files with non-trunk default branches.
 2000-03-26 07:07:24 +00:00
Kris Kennaway 6aae670844 Don't refer to the openssl handbook chapter by name - the doc guys keep 
jamming new chapters in front of it :)
 2000-03-25 07:28:18 +00:00
Brian Somers 727214e9b8 Use pipe() instead of socketpair() in sshd when communicating 
with the client.
This allows ppp/ssh style tunnels to function again.

Ok'd by:	markk
Submitted by:	markk@knigma.org
 2000-03-24 15:39:37 +00:00
Mike Pritchard 5c51cd6437 Fix a few spelling errors. 2000-03-24 02:26:54 +00:00
Sheldon Hearn 962a3f4e81 IgnoreUserKnownHosts is a boolean flag, not an integer value. 
The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.

PR:		17027
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
Obtained from:	OpenBSD
 2000-03-22 09:36:35 +00:00
Kris Kennaway 9fd4066575 Add a new function stub to libcrypto() which resolves to a symbol in 
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
 2000-03-13 09:55:53 +00:00
Kris Kennaway 6a8633db4e Various manpage style/grammar/formatting cleanups 
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar
PR:		17292 (remainder of)
 2000-03-13 00:17:43 +00:00
Nik Clayton 8ff0a8c302 - typos 
- Add double spaces following full stops to improve typeset output
- mdoc-ification.  (Though I'm uncertain whether option values and
  contents should be .Dq or something else).
- Fix a missed /etc/ssh change
- Expand wording on RandomSeed and behaviour when X11 isn't forwarded.
- Change examples to literal mode.
- Trim trailing whitespace

PR:		docs/17292
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
 2000-03-10 11:48:49 +00:00
Mark Murray c59bf09996 Make LOGIN_CAP work properly. 2000-03-09 14:52:31 +00:00
Kris Kennaway 2134165c54 /etc -> /etc/ssh 
Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
 2000-03-08 03:44:00 +00:00
John Hay 2216ad9c7e MFI: Use krb5 functions in krb5 files. 
Reviewed by:	markm
 2000-03-03 20:31:58 +00:00
Yoshinobu Inoue 137d85e410 Replace structure copy form ifreq obtained by SIOCGIFADDR 
to memcpy(), to avoid unaligned access trap on alpha.

Approved by: jkh
 2000-03-03 13:05:00 +00:00
Yoshinobu Inoue 46ad1c2366 CMSG_XXX macros alignment fixes to follow RFC2292. 
Approved by: jkh
 2000-03-03 12:50:46 +00:00
Brian Feldman 5dc73ebebe Turn off X11 forwarding in the client. X11 forwarding in the server by 
default should probably also get turned on, now.

Requested by:	kris
Obtained from:	OpenBSD
 2000-03-03 05:58:39 +00:00
Kris Kennaway 1d32417468 Update the wording on the error message when libcrypto.so can't find an 
RSA library.

Reviewed by:	peter, jkh
 2000-03-02 06:21:02 +00:00
Hajimu UMEMOTO e51ec40ec8 Enable connection logging. FreeBSD's libwrap is IPv6 ready. 
OpenSSH is in our source tree, now.  It's a time to enable it.

Reviewed by:	markm, shin
Approved by:	jkh
 2000-02-29 19:37:04 +00:00
Mark Murray fe5fd0173b 1) Add kerberos5 functionality. 
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
   by Andrey Chernov
 2000-02-28 19:03:50 +00:00
Brian Somers ccd16b43ed Don't put truncated hostnames in utmp 
Approved by: jkh
 2000-02-28 18:51:30 +00:00
Peter Wemm 6f35016f23 Sync with internat.freebsd.org; weak symbols vs static libs == trouble 2000-02-26 16:57:17 +00:00
Peter Wemm 7d8acc815a Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot. 2000-02-26 14:20:18 +00:00
Peter Wemm 4198e0cb8b Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) 
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.
 2000-02-26 13:19:18 +00:00
Peter Wemm 9fa5f5fd96 Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) 
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.
 2000-02-26 13:13:03 +00:00
Peter Wemm b70ab85b2b At great personal risk (to my already fragile sanity), reorganize 
the rsa stubs for libcrypto.  libcrypto.so now uses dlopen() to
implement the backends for either the native or rsaref implemented
RSA code.
This involves:
- unifying the libcrypto and openssl(1) source so there is no
  #ifdef RSAref variations.
- using weak symbols and dlopen()/dlsym() routines to access the
  rsa method vectors.

Releases will enable the user to choose International, US (rsaref) or
no RSA code at install time.
'make world' will DTRT depending on whether you have the international
or US source.  For US users, you must either install rsaref (the port
or package) or (if you don't fear RSA Inc) use the (superior)
International rsa_eay.c code.

This has been discussed at great length by the affected folks and even
we have a great deal of confusion.  This is a checkpoint so we can tune
the results.  This works for me in all permutations I can think of and
should result in a CD/ftp 'release' just about doing the right thing now.
 2000-02-26 13:06:55 +00:00
Peter Wemm 2307080405 Redo this with a repo copy from the original file and reset the 
__PREFIX__ markers.
 2000-02-26 09:59:14 +00:00
Peter Wemm 4d3289a849 oops, update path to /etc/ssh/ssh_host_key 2000-02-26 02:24:38 +00:00
Peter Wemm 9ceffc938a Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh 2000-02-25 14:25:10 +00:00
Peter Wemm 150f7c198f Don't use the dlopen() stubs if comiling with PIC. This still 
needs some more thought for the static case.  Should we provide weak
error-generating stubs for static binaries if -lrsaref was forgotten?
 2000-02-25 08:13:50 +00:00
Brian Feldman 8261034302 Fix a bug that crawled in pretty recently (from the port). It made 
sshd coredump :(
 2000-02-25 05:22:14 +00:00
Peter Wemm 38ba484ce1 Fix garbage in SSH_PROGRAM (only on freefall, not internat) 2000-02-25 04:41:06 +00:00
Brian Feldman a95c122521 Make "CheckHostIP" default to off. This was proposed on -security and 
earlier IRC, but despite my inital feeling against it, this seems
the more proper thing to do.

Proposed by:	rwatson
 2000-02-25 03:04:29 +00:00
Brian Feldman 18a711954e The includes must be <openssl/.*\.h>, not <ssl/.*\.h>. 2000-02-25 01:53:12 +00:00
Mark Murray b719e3c926 remove more ports crud. 2000-02-24 23:54:00 +00:00
Mark Murray 6ecb050733 remove ports junk 2000-02-24 23:46:38 +00:00
Mark Murray c7aee9a208 Use libcrypto instead of libdes. 2000-02-24 20:21:16 +00:00
Mark Murray bfb672b22a RIP libdes. All hail libcrypto! 2000-02-24 19:35:08 +00:00
Mark Murray bf4f84d44c Get crypto from libcrypto, not libdes. 2000-02-24 19:28:31 +00:00
Mark Murray 42f71286cd Add the patches fom ports (QV: ports/security/openssh/patches/patch-*) 2000-02-24 15:29:42 +00:00
Mark Murray 511b41d2a1 Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Mark Murray 8e3e42fe07 This commit was generated by cvs2svn to compensate for changes in r57429, 
which included commits to RCS files with non-trunk default branches.
 2000-02-24 14:29:47 +00:00
Mark Murray 8ceb13ade4 Merge conflicts. 2000-02-24 13:37:41 +00:00
Mark Murray c97e282188 Oops; forgot to add this. 2000-02-24 13:20:48 +00:00
Mark Murray b98bf15079 Get this to the same level of functionality as old libdes. 2000-02-24 13:20:15 +00:00
Mark Murray d61f1c7965 Vendor import of Heimdal 0.2p 2000-02-24 11:28:20 +00:00
Mark Murray 957428c77a This commit was generated by cvs2svn to compensate for changes in r57422, 
which included commits to RCS files with non-trunk default branches.
 2000-02-24 11:28:20 +00:00
Mark Murray 283d988c23 Vendor import of Heimdal 0.2o 2000-02-24 11:19:29 +00:00
Mark Murray b50c40f67b This commit was generated by cvs2svn to compensate for changes in r57419, 
which included commits to RCS files with non-trunk default branches.
 2000-02-24 11:19:29 +00:00
Mark Murray 13e3f4d6d9 Vendor import of Heimdal 0.2n 2000-02-24 11:07:16 +00:00
Mark Murray 270628b77a This commit was generated by cvs2svn to compensate for changes in r57416, 
which included commits to RCS files with non-trunk default branches.
 2000-02-24 11:07:16 +00:00
Mark Murray 9a843541e2 freefall/internat diff reducer 2000-02-24 10:38:40 +00:00
Mark Murray 228c5a5af7 Freefall/Internat diff reducer. 2000-02-24 10:37:29 +00:00
Jordan K. Hubbard 6895862c18 Add call stubs for dynamic rsaref loading. This isn't enabled for now 
but simply lets us sync up on the solution as it's evolved.
 2000-02-22 06:22:54 +00:00
Yoshinobu Inoue 81edae92ed Use static buffer to save source route hostnames. 
Approved by: jkh
 2000-02-19 16:33:14 +00:00
Yoshinobu Inoue a82a4df889 Print "Trying ..." for each host. Also cleanups for error printing. 
Approved by: jkh

Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
 2000-02-19 16:17:41 +00:00
Yoshinobu Inoue 1d1ade86f0 Fix bugs in telnet. 
Sorry there were still several bugs.
   -error retry at af missmatch was incomplete.
   -af matching for source addr option was wrong
   -socket was not freed at retry.

Approved by: jkh
 2000-02-15 15:59:12 +00:00
Yoshinobu Inoue 960e15a70b Add more dual stack consideration. 
-Should retry as much as possible when some of source
     routing intermediate hosts' address families missmatch
     happened.
     (such as when a host has only A record, and another host
     has each of A and AAAA record.)

    -Should retry as much as possible when dest addr and
     source addr(specified with -s option) address family
     missmatch happend

Approved by: jkh
 2000-02-10 20:06:36 +00:00
Yoshinobu Inoue f306e0c85f Fix telnet core dump at invalid service name specified. 
Added an error check to avoid it.

Approved by: jkh

Submitted by: Robert Muir <rmuir@gibralter.net>
 2000-02-07 00:52:49 +00:00
Yoshinobu Inoue 0bd288cd6c Add NI_NAMEREQD flag to getnameinfo() call. Without this flag, 
getnameinfo() don't return error at name resolving failure.
But it is used at doaddrlookup(-N) case in telnet, error need to be
returned to correctly initialize hostname buffer.

Discovered at checking recent KAME repository change, noticed by itojun.
 2000-01-29 18:21:05 +00:00
Yoshinobu Inoue 4dd8b5ab79 another tcp apps IPv6 updates.(should be make world safe) 
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
 2000-01-27 09:28:38 +00:00
Kris Kennaway 97b2ed56f8 Import the RSA support code. There shouldn't be any actual RSA 
cryptography here.
 2000-01-16 05:14:57 +00:00
Kris Kennaway 72b2312537 This commit was generated by cvs2svn to compensate for changes in r56083, 
which included commits to RCS files with non-trunk default branches.
 2000-01-16 05:14:57 +00:00
Kris Kennaway d9d4eec9ea Fix for missing symbol in -DRSAref case. 2000-01-16 04:45:18 +00:00
Kris Kennaway ce600b6ae6 Fix breakage when NO_RSA specified. 
Reviewed by:	Ben Laurie <ben@openssl.org>
 2000-01-14 05:24:08 +00:00
Kris Kennaway 62410b5785 Zap NO_IDEA 2000-01-10 06:28:04 +00:00
cvs2svn 2b11cf855f This commit was manufactured by cvs2svn to create branch 
'VENDOR-crypto-openssl'.
 2000-01-10 06:27:13 +00:00
Kris Kennaway 196e8792a2 List of files to nuke prior to import. 2000-01-10 06:27:12 +00:00
Kris Kennaway 7466462628 Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent 
infringement reasons.
 2000-01-10 06:22:05 +00:00
Kris Kennaway 07bb8677bb This commit was generated by cvs2svn to compensate for changes in r55714, 
which included commits to RCS files with non-trunk default branches.
 2000-01-10 06:22:05 +00:00
Kris Kennaway 808811401e Zap the IDEA stuff - it's patented internationally (at least in some 
places), and we don't want people to get in trouble just for having it.
 2000-01-10 05:36:35 +00:00
Mark Murray b528cefc6b Import KTH Heimdal, which will be the core of our Kerberos5. 
Userland to follow.
 2000-01-09 20:58:00 +00:00
Mark Murray 5f1c68f748 This commit was generated by cvs2svn to compensate for changes in r55682, 
which included commits to RCS files with non-trunk default branches.
 2000-01-09 20:58:00 +00:00
Mark Murray 660a5f4353 Fix path. 2000-01-09 13:52:56 +00:00
Mark Murray 0f2b69ce58 resolve conflicts. 2000-01-09 08:53:35 +00:00
Mark Murray 8e2795854b Clean import of KTH Kerberos (eBones) v1.0. 2000-01-09 08:31:47 +00:00
Mark Murray 38392ffddd This commit was generated by cvs2svn to compensate for changes in r55643, 
which included commits to RCS files with non-trunk default branches.
 2000-01-09 08:31:47 +00:00
Brian Feldman 0e17bca17c Upgrade to the pam_ssh module, version 1.1.. 
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
 1999-12-28 05:32:54 +00:00
Kris Kennaway f595284587 Initial import of OpenSSL v0.9.4 1999-12-25 16:37:36 +00:00
Kris Kennaway 77142bf48c This commit was generated by cvs2svn to compensate for changes in r55099, 
which included commits to RCS files with non-trunk default branches.
 1999-12-25 16:37:36 +00:00
Brian Feldman b71e3dafa5 Add the PAM SSH RSA key authentication module. For example, you can add, 
"login  auth    sufficient      pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR:		15158
Submitted by:	Andrew J. Korty <ajk@waterspout.com>
Reviewed by:	obrien
 1999-11-29 07:09:44 +00:00
Mark Murray 99a2afa8ae Merge anf fix for build. 1999-09-19 21:56:09 +00:00
Mark Murray f4c5d10e69 Clean import of KTH krb4-0.10.1. 1999-09-19 14:19:32 +00:00
Mark Murray 3766ed332b This commit was generated by cvs2svn to compensate for changes in r51415, 
which included commits to RCS files with non-trunk default branches.
 1999-09-19 14:19:32 +00:00
Mark Murray e0706c85f3 Big OpenSSL/KTH/FreeBSD merge, badly poisoned by $FreeBSD$'s. 1999-09-19 13:04:49 +00:00
Mark Murray 056bcb03a1 This commit was generated by cvs2svn to compensate for changes in r50894, 
which included commits to RCS files with non-trunk default branches.
 1999-09-04 12:45:43 +00:00
Mark Murray 68084c2752 Vendor import EAY's LIBSSL to fix comments, etc. 1999-09-04 12:45:43 +00:00
Mark Murray ddf3225c81 Add macro originally provided externally. 1999-09-04 11:06:07 +00:00
Mark Murray b711a41f78 Add includes to to silence warnings. Bit hackish. 1999-09-04 11:03:01 +00:00
Mark Murray 68212f753a Add some includes to shut up warnings. 1999-09-04 10:46:27 +00:00
Mark Murray 21424c1a5c Drat. Import this into the right place. Pass me the pointy hat. 1999-09-01 19:59:25 +00:00
Mark Murray 778981c288 This commit was generated by cvs2svn to compensate for changes in r50760, 
which included commits to RCS files with non-trunk default branches.
 1999-09-01 19:59:25 +00:00
Mark Murray 2d8a17c768 Termcap header no longer needed. 1999-09-01 18:57:38 +00:00
Peter Wemm 97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Mark Murray c6e775b83f Add virtual MAINTAINER line. 1999-08-16 19:05:02 +00:00
Nick Sayer 610fe6066a According to Mark Murray, Makefiles do not belong here. I guess we're 
going to have to figure something else out.
 1999-08-16 18:59:05 +00:00
Nick Sayer 0f8c8396c5 Add SRA authentication to src/crypto/telnet. 
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.

SRA was originally developed at Texas A&M University.

This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).

SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.
 1999-08-16 11:24:29 +00:00
Nick Sayer c6a00c4589 Fix int function without return (make consistent with neighbors) 1999-08-16 02:15:29 +00:00
Nik Clayton 8c47947a95 Document the "skey" command in telnet(1). 
PR:             docs/12360
Submitted by:   kjm@rins.ryukoku.ac.jp (KOJIMA Hajime)
Nagged by:      markm :-)
 1999-07-30 21:24:03 +00:00
Ruslan Ermilov 42cf8219dc Merge from non-crypto version: 
- "-N" option
- "-E" security fix
- "-s src_addr" option

Requested by:	markm
 1999-06-17 09:24:37 +00:00
Brian Somers 4560ea546c MF libexec/telnetd: Determine the host name using an array size of 
MAXHOSTNAMELEN and call trimdomain() before implementing
                    the -u option.
 1999-04-08 21:39:34 +00:00
Brian Somers 22e99a4288 MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes. 1999-04-07 10:17:24 +00:00
Brian Somers 9c5cc7136c Use realhostname(). 1999-04-06 23:35:21 +00:00
Brian Somers 3bfc6c798d MF src/libexec/telnetd: Verify the reverse DNS lookup 
ala rlogind.
Suggested by: markm
 1999-04-06 12:41:27 +00:00
Peter Wemm 8d0a3d19f7 Old stuff laying around: Don't use getstr which can conflict with some 
curses/termcap/terminfo implementations and causes recursion.
 1998-12-16 06:06:06 +00:00
Peter Wemm 3f0340f838 Old stuff from a source tree: copy (verbatum) the code to expand the 
%s/%m in the default /etc/gettytab.
 1998-12-16 06:01:33 +00:00
Gary Palmer f58619de89 Remove redundant decl. of time(). Causes problems on alpha 1998-09-01 15:17:28 +00:00
John Polstra f55ccce3ca Remove a work-around for an assembler bug that has been fixed since 
April, 1997.  The work-around causes problems under ELF.
 1998-08-31 20:01:48 +00:00
Mark Murray a783721299 Fix nasty typo that randomly caused kinit to not properly deduce the 
user's username when this was not specified.

Reported by: Sean Eric Fagan
 1998-03-29 07:27:43 +00:00
Mark Murray 22b8189d67 Make the ticket filename the same as for our old eBones. I am going to 
kerberize xdm again, and it will be a pain to maintain two different
sets of patches (for 2.2 and 3.0).
 1998-02-16 12:39:25 +00:00
Mark Murray 879e5f26e8 Bring back the old behaviour of kinit; if no username is mentioned on 
the command line, attempt to get a ticket for the current uid (or
<uid>.root if we are already su'ed).

Requested By: Garrett Wollman
 1998-02-16 12:36:49 +00:00
Warner Losh d82dcd5eaf MFC: sprintf paranoia 1998-01-22 00:04:57 +00:00
Philippe Charnier 81e04eaec0 MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3). 1997-12-08 07:41:13 +00:00
Mark Murray b50a9aa790 kinit(1) and its man page do not agre on what is reported with -v. Fix this. 
Submitted by:	Sheldon Hearn.
 1997-11-25 21:12:37 +00:00
Frank Durda IV bf7bcc34e1 PR: bin/771 and bin/1037 are resolved by this change 
This change changes the default handling of linemode so that older and/or
stupider telnet clients can still get wakeup characters like <ESC> and
<CTRL>D to work correctly multiple times on the same line, as in csh
"set filec" operations.   It also causes CR and LF characters to be read by
apps in certain terminal modes consistently, as opposed to returning
CR sometimes and LF sometimes, which broke existing apps.  The change
was shown to fix the problem demonstrated in the FreeBSD telnet client,
along with the telnet client in Solaris, SCO, Windows '95 & NT, DEC OSF,
NCSA, and others.

A similar change was incorporated in the non-crypto version of telnetd.

This resolves bin/771 and bin/1037.
 1997-10-08 03:14:34 +00:00
Wolfram Schneider bf5cbf3551 Sort cross refereces in section SEE ALSO. 1997-09-29 19:11:55 +00:00
Mark Murray 9bfd2669e9 FreeBSD's original passwd helper is needed here. 1997-09-21 17:37:08 +00:00
Mark Murray 04c426cce3 Bring the FreeBSD changes to the virgin sources. 1997-09-07 07:02:53 +00:00
Mark Murray f48c26f183 FreeBSD specific schanges - mainly religious issues about where to put 
stuff.
 1997-09-04 21:37:57 +00:00
Mark Murray 81cb6ddccd Initial import of BSD telnet. This will be used to build the kerberised 
telnet, and after userland diffs have been merged in, will be used to
build the non-kerberised sources as well. (See unifdef(1) for details)
 1997-09-04 06:11:16 +00:00
Mark Murray 03656ac1b0 Initial import of KTH eBones. This has been cleaned up to only include 
the "core" Kerberos functionality. The rest of the userland will get their
own changes later.
 1997-09-04 06:04:33 +00:00
Mark Murray 4a1db16b66 This commit was generated by cvs2svn to compensate for changes in r29085, 
which included commits to RCS files with non-trunk default branches.
 1997-09-04 06:04:33 +00:00
Mark Murray f3a5dfab63 Bring in the Starter files for the contrib-crypto dir. 
I am not going to commit anything to this area for a few days.
This is because
1) I want everyone to be DARN sure there is no export of crypto
   that may get our USA friends it trouble.
2) I have been asked by the folk developing KTH-eBones to hold off
   for their new release.

Worked with: rkw, jdp
CVS:
CVS:
 1997-05-03 09:16:07 +00:00