manu
c557aaf18f
Fix bug when using hybrid auth in client mode
...
make xauth_login work again
add safety checks
2005-09-26 16:24:57 +00:00
christos
e83e36d896
fix spelling from Liam Foy.
2005-09-24 22:45:51 +00:00
christos
b9301b48d0
fix typos.
2005-09-24 17:34:17 +00:00
christos
2192079ea8
use get*_r()
2005-09-24 14:40:59 +00:00
christos
54a773e9d7
Can we please stop using caddr_t?
2005-09-24 14:40:39 +00:00
wiz
e904ea2e97
Drop trailing whitespace.
2005-09-23 19:58:28 +00:00
manu
7e2e2c16ff
Correctly initialize NAT-T VID to avoid freeing unallocated space
2005-09-23 14:22:27 +00:00
tron
3cc3e3c7a3
Correct documentation about Mode Config. It now works without XAuth, too.
...
Patch supplied by Emmanuel Dreyfus on the "ipsec-tools" mailing list.
2005-09-21 15:06:22 +00:00
tron
dc5127a31e
Make "Mode Config" work if XAuth is not used.
2005-09-21 12:46:08 +00:00
christos
a6040f634b
PR/13738: Johan Danielsson: ssh doesn't look at $HOME
2005-09-18 18:39:05 +00:00
christos
5391e24af6
Make -D behave like -L (obey GatewayPorts). Before it defaulted to listen
...
to wildcard which is not secure.
2005-09-18 18:27:28 +00:00
christos
218a95c0f2
Document that -D takes bind_address.
2005-09-18 16:22:35 +00:00
wiz
e6f32f6f02
Drop trailing whitespace.
2005-09-15 08:42:09 +00:00
christos
5db1262f0e
PR/31261: Mark Davies: ssh invokes xauth with bogus argument
2005-09-09 12:24:37 +00:00
christos
453555bc8b
PR/31243: Mark Davies: sshd uses pipes rather than socketpairs, making bash
...
not execute .bashrc. Since socketpairs work on all NetBSD systems, make it
the default.
2005-09-09 12:20:12 +00:00
elad
8f1a245ebd
Use default_md = sha1 in ``req'' section too, so we don't fallback to MD5.
...
Noted by smb@.
2005-09-01 21:35:25 +00:00
elad
98e0d8f19f
SHA1 is a better default than MD5.
...
Discussed with Steven M. Bellovin.
Closes PR/30395.
2005-08-27 12:32:15 +00:00
manu
0b97cbeb71
Update to ipsec-tools 0.6.1
2005-08-20 00:57:06 +00:00
manu
96ae7759c9
Import ipsec-tools 0.6.1
2005-08-20 00:40:43 +00:00
wiz
c8f5575b45
End sentence with a dot.
2005-08-14 09:25:08 +00:00
wiz
c91d1d213a
Drop trailing whitespace.
2005-08-07 11:19:35 +00:00
manu
111c13fe24
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
...
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.
2005-08-07 09:38:45 +00:00
manu
df08b9e74a
Update ipsec-tools to 0.6.1rc1
...
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
2005-08-07 08:46:11 +00:00
christos
1a191ad79e
PR/29862: Denis Lagno: sshd segfaults with long keys
...
The problem was that the rsa fips validation code did not allocate long
enough buffers, so it was trashing the stack.
2005-07-30 00:38:40 +00:00
he
182dc837b5
Move a variable declaration to the variable declaration section of
...
the enclosing block from within the middle of active code, so that
this compiles with older gcc. Fixes build problem for vax.
2005-07-14 11:26:57 +00:00
manu
b0602a2f44
Add safety checks for informational messages
2005-07-12 21:33:01 +00:00
tron
50c09443b0
Backout botched patch, approved by Emmanuel Dreyfus.
2005-07-12 19:17:37 +00:00
manu
132d72e25b
Add SHA2 support
2005-07-12 16:49:52 +00:00
manu
7736ad81cf
Add comments on how to use the hook scripts without NAT-T
2005-07-12 16:33:27 +00:00
manu
ecb971f5f8
Don't wipe out IKE ports for SA update as it breaks things: the SA is taken
...
from an existing SA and already has matching IKE ports.
2005-07-12 16:24:29 +00:00
manu
91b9c188b3
Add support for alrogithms with non OpenSSL default key sizes
2005-07-12 14:51:07 +00:00
manu
e0dd78cfbd
Don't use adminport when it is disabled
2005-07-12 14:15:39 +00:00
manu
4c94bccce3
Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems
...
when NAT-T is disabled
2005-07-12 14:14:46 +00:00
manu
929f80643d
Safety checks on informational messages
2005-07-12 14:13:10 +00:00
manu
8bc1e3c0ac
pkcs7 support
2005-07-12 14:12:20 +00:00
tron
d3544c4e45
Document that "aes" can be used for IKE and ESP encryption.
2005-07-07 12:34:17 +00:00
christos
eb8e3b9ad4
Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to
...
u_int, since this is what the author intended.
2005-06-28 16:12:41 +00:00
christos
ca496ece2e
- Add lint comments
...
- Fix bad casts.
- Comment out unused variables.
2005-06-28 16:04:54 +00:00
christos
a1625e9ee8
Fix an error I introduced in the previous commit. The length could be 0.
...
Also parenthesize an expression properly.
2005-06-28 16:03:09 +00:00
christos
444efb36db
deal with casting/caddr_t stupidity. It is not 1980 anymore and people should
...
start using void *, instead of caddr_t.
2005-06-27 03:19:45 +00:00
christos
983e538712
Collect externs into one file instead of duplicating them everywhere.
2005-06-26 23:49:31 +00:00
christos
dd8cdde018
Fix compiler warnings.
2005-06-26 23:34:26 +00:00
christos
fba8d9ce60
Fix some of the pointer abuse, and add some const. Not done yet.
2005-06-26 21:14:08 +00:00
manu
dd3259cec0
NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports
...
are used instead. This was done on phase 2 initiation from the kernel
(acquire message), but not on phase 2 initiation retries when the
phase 2 had been queued for a phase 1.
2005-06-22 21:28:18 +00:00
manu
13ca728372
Consume NAT-T packets that have already been seen through MSG_PEEK
2005-06-15 07:29:20 +00:00
chs
7bbdd188e1
appease gcc -Wuninitialized on hp700.
2005-06-05 19:08:28 +00:00
manu
6ec5a5a9b7
Fix Xauth login with PAM authentication
2005-06-04 22:09:27 +00:00
manu
2c39301c40
Endianness bug fix
2005-06-04 21:55:05 +00:00
manu
311dff8be0
Missing 0th element in rm_idtype2doi array
2005-06-03 22:27:06 +00:00
lukem
d687f4502c
appease gcc -Wuninitialized
2005-06-02 04:59:17 +00:00