Commit Graph

710 Commits

Author SHA1 Message Date
kleink ac37001e7f As observed in other modules, pull in <sys/queue.h> explicitly rather
than relying on namespace pollution to do so.
2005-03-17 20:40:42 +00:00
manu d658ac5976 Updated ipsec-tools:
2005-03-16  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
          src/racoon/remoteconf.c: When running in privsep mode, check that
          private key and script paths match those given in the path section.

2005-03-15  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
          RADIUS accounting at startup
        * src/racoon/privsep.c: fix minor bug in PAM cleanup
        * src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used

2005-03-14  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac: handle correctly dynamic libradius
        * src/racoon/cfparse.y: correctly initialize address pool
2005-03-16 23:53:12 +00:00
manu 8a98c83667 Updated ipsec-tools:
2005-03-16  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
          src/racoon/remoteconf.c: When running in privsep mode, check that
          private key and script paths match those given in the path section.

2005-03-15  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
          RADIUS accounting at startup
        * src/racoon/privsep.c: fix minor bug in PAM cleanup
        * src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used

2005-03-14  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac: handle correctly dynamic libradius
        * src/racoon/cfparse.y: correctly initialize address pool
2005-03-16 23:52:42 +00:00
manu e4563075a5 Updated ipsec-tools:
2005-03-16  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
          src/racoon/remoteconf.c: When running in privsep mode, check that
          private key and script paths match those given in the path section.

2005-03-15  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
          RADIUS accounting at startup
        * src/racoon/privsep.c: fix minor bug in PAM cleanup
        * src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used

2005-03-14  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac: handle correctly dynamic libradius
        * src/racoon/cfparse.y: correctly initialize address pool
2005-03-16 23:51:44 +00:00
manu e298dc4582 Import ipsec-tools ipsec-tools-0_6-20050314 2005-03-14 08:14:24 +00:00
christos daee9fbceb Add UsePam yes 2005-02-28 02:35:10 +00:00
manu 519aeb19a0 Resolve conflict 2005-02-24 20:59:24 +00:00
manu 6159f46a8d Import ipsec-tools ipsec-tools-0_6-20050224 2005-02-24 20:52:25 +00:00
manu 88856e235d Resolve conficts and remove autoconf files that were committed by mistake 2005-02-23 15:17:50 +00:00
manu 8006965b1b Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version
according to ipsec-tools' ChangeLog:

2005-02-23  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
          support for patented algorithms: IDEA and RC5.
        * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
          is not required in the configuration
        * src/racoon/isakmp.c: do not reject addresses for which kernel
          refused UDP encapsulation, they can still be used for non NAT-T
          traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)

2005-02-18  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{main.c|eaytest.c|plairsa-gen.c}
          src/setkey/setkey.c: don't use fuzzy paths for package_version.h

2005-02-18  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
          related DELETE_SA
        * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire

2005-02-17  Emmanuel Dreyfus <manu@netbsd.org>

        From Fred Senault <fred.letter@lacave.net>
        * src/racoon/remoteconf.c: Fix a bug in script init

2005-02-17  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks

2005-02-15  Michal Ludvig  <michal@logix.cz>

        * configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
2005-02-23 14:53:33 +00:00
elric 3e9f769ad6 Turn protocol 1 krb5 support back on. 2005-02-22 02:29:32 +00:00
wiz 0e4368712b Fix Xref. 2005-02-20 21:10:54 +00:00
wiz 54c5fce210 Sort sections, whitespace nit, use .In. 2005-02-20 21:10:04 +00:00
manu a7d348371a Remove KAME racoon distribution, which is not used anymore 2005-02-20 15:50:02 +00:00
onoe 9bd25f488a re-enable smime encrypt. fix from openssl-0.9.7e 2005-02-20 03:33:47 +00:00
thorpej 3029ac0bc4 Use __inline instead of inline. 2005-02-19 22:02:59 +00:00
christos c4362dc746 Move duplicate block for pam to the 1.5 dispatch block where it belongs.
Restore KRB4 and KRB5 blocks to the 1.5 dispatch block.
XXX: Should we remove the KRB4 block from the 2.0 dispatch block?
2005-02-19 03:08:23 +00:00
thorpej 2a7ae5ee05 Fix package_version.h include path so it has a chance of working in
our source tree.
2005-02-18 06:28:52 +00:00
thorpej b4668e17e3 Alter the include path for package_version.h so that it has a chance
of working in our source tree.
2005-02-18 06:24:38 +00:00
elric 48f369dafd Put Kerberos configuration options back into client config parsing
routines.
2005-02-16 05:04:05 +00:00
he e4afa5eb28 A sig_atomic_t isn't necessarily compatible with a %d printf format;
on evbsh5 sig_atomic_t is an __int64_t.  Since this only stores a
signal number, cast to int before printing.
2005-02-15 16:22:12 +00:00
christos 0b6f3b5222 add moduli from openssh-3.9p1 2005-02-13 19:34:24 +00:00
christos d6e447b0f6 Add PAM hooks from portable OpenSSH. 2005-02-13 18:14:04 +00:00
christos b3a1b19bc5 Make this compile. 2005-02-13 18:13:34 +00:00
christos cb2bba8c62 Add pam files from portable openssh 3.9p1 2005-02-13 18:11:30 +00:00
christos ea7d905559 Bring back files we need from the dead. 2005-02-13 06:01:36 +00:00
christos 43dbbb7ed8 Merge conflicts. 2005-02-13 06:01:14 +00:00
christos 8b8ab8547b Resolve conflicts. 2005-02-13 05:57:25 +00:00
christos 797648d563 Change the order of the set{e,}{u,g}id calls. NetBSD is stricter and needs
to keep the euid until the end. Add a bit of debugging.
2005-02-13 05:54:27 +00:00
christos cad419c94d from ftp.openbsd.org 2005-02-13 00:52:40 +00:00
manu 1cbaff0bc3 Remove .cvsignore files commtted by mistake 2005-02-12 15:52:36 +00:00
manu a8f0ad3c37 Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS)
ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many
enhancements.
2005-02-12 11:11:11 +00:00
simonb 9cbc979889 Bring closer to reality. 2005-02-07 12:26:56 +00:00
christos 83da2f6968 don't throw const away for no reason. 2004-12-11 06:58:20 +00:00
christos fbed044c7e Grr, this was not updating lastlogx! 2004-11-11 22:08:39 +00:00
thorpej b454543f45 Apply patches as discussed on:
http://mail-index.netbsd.org/tech-net/2004/11/05/0004.html

Slightly modified to differentiate the version string from a stock racoon.

	* auth_gssapi.h (GSSAPI_DEF_NAME): Change from "ike" to "host".
	(gssapi_get_default_id): Rename to gssapi_get_id.
	(gssapi_get_default_gss_id): New prototype.
	* cfparse.y (GSSAPI_ID): Rename to GSS_ID.
	(GSS_ID_ENC, GSS_ID_ENCTYPE): New tokens.
	(gssenc_statement): New statement.
	(isakmpproposal_spec): Use GSS_ID token.
	(expand_isakmpspec): Fill in gssid in the new proposal only
	if authmethod is OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB.  If the
	GSS ID is not provided, call gssapi_get_default_gss_id() to
	place the default ID in the proposal.
	* cftoken.l (S_GSSENC): New start condition.
	(<S_RMTP>gss_id): New, return the GSS_ID token.
	(<S_RMTP>gssapi_id): Return the GSS_ID token.
	(<S_INI>gss_id_enc, <S_GSSENC>latin1, <S_GSSENC>utf-16le)
	(<S_GSSENC>{semi}): New, tokenize the "gss_id_enc enctype;"
	statement.
	* gssapi.c: Include <unistd.h>.
	(gssapi_get_default_gss_id): New function.
	(gssapi_init): Disable a broken debugging message.  Make
	printf formats consistent in their handling of non-NUL-terminated
	strings.
	(gssapi_get_default_id): Rename to...
	(gssapi_get_id): ...this.  If the proposal has a gssid, vdup()
	that and return it.  Disable a broken debugging message.  Make
	printf formats consistent in their handling of non-NUL-terminated
	strings.
	* ipsec_doi.c: Include <iconv.h>.
	(get_ph1approval): Make printf formats consistent in their handling
	of non-NUL-terminated strings.  Call gssapi_get_id() instead of
	gssapi_get_default_id(), and remove some complexity that has been
	pushed into that function.
	(t2isakmpsa): When parsing the OAKLEY_ATTR_GSS_ID attribute,
	check convert the attribute from UTF-16LE to ISO-Latin-1, unless
	we are configured to assume the attribute is already ISO-Latin-1
	encoded.
	(setph1attr): When setting the OAKLEY_ATTR_GSS_ID attribute,
	convert the attribute from ISO-Latin-1 to UTF-16LE, unless we
	are configured to encode the attribute in ISO-Latin-1.
	* localconf.c (setdefault): Set the default GSS ID encoding type
	to UTF-16LE.
	* localconf.h (LC_GSSENC_UTF16LE, LC_GSSENC_LATIN1)
	(LC_GSSENC_MAX): New constants.
	(struct localconf): Add gss_id_enc member.
	* main.c (RACOON_VERSION): Append " - NetBSD 20041110" to the
	version string.
	* racoon.conf.5: Document changes to GSS ID encoding and default
	GSS ID computation.  Document "gss_id_enc enctype;" statement.
	* samples/racoon.conf.sample-gssapi: Update and add comments to
	provide more information.
2004-11-10 20:23:28 +00:00
christos d08f4201ee For ptys of the form /dev/pts/n, print foo@pts/n instead of foo@n. Check
that strrchr() returns non null before using it.
2004-11-10 16:55:55 +00:00
dsl 1869f0e146 Add (unsigned char) cast to ctype functions 2004-11-05 21:56:01 +00:00
dsl 3d446c0f42 Add (unsigned char) cast to ctype functions 2004-11-03 21:01:45 +00:00
dsl e2f49bd9e2 Add (unsigned char) cast to ctype functions 2004-10-30 15:15:37 +00:00
dsl 8668419e38 Add (unsigned char) cast to ctype functions 2004-10-30 08:34:24 +00:00
lha 2c875217bb Merge in changes between 0.6.2 and 0.6.3 2004-09-14 08:08:19 +00:00
lha ac5d4384ae remove generated files 2004-09-14 07:50:24 +00:00
lha a53f6df83e Import heimdal 0.6.3
Changes in release 0.6.3

 * fix vulnerabilities in ftpd
 * support for linux AFS /proc "syscalls"
 * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
   kpasswdd
 * fix possible KDC denial of service
 * bug fixes
2004-09-14 07:45:53 +00:00
mycroft 6e317e9e72 Disable the "may kill you" message, because:
1) It's not documented anywhere.
2) The problem it's attempting to warn about is not documented anywhere.
3) There are no example configs (or any I found with Google) that use the
   "listen" directive.
4) In any event, it's poorly worded and unclear what it's talking about.
2004-08-06 13:57:05 +00:00
drochner 14c8904f79 rename local pow10 function to avoid conflicts with the C99 libm one;
while not implemented in NetBSD yet is is considered reserved by gcc-3.4
2004-08-05 16:55:34 +00:00
wiz e8e1e9c2fe Sync with Heimdal: krb5_set_password.3,v 1.7 (except for a reference to
a man page we don't have yet):
Document krb5_set_password_using_ccache and krb5_passwd_result_to_string.
Ok'd by lha.
2004-07-18 15:08:50 +00:00
wiz 258b1bfb2e Remove superfluous comma; grammar fixes; split sentence
in two for better understanding.
XXX: krb5_set_password_using_ccache not described.
2004-07-14 09:21:59 +00:00
jonathan 8045e967b9 Fix typo (space added at beginning of line in an editor window under
the shell where I retested the Makefile changes, sigh...)
2004-07-14 07:12:25 +00:00
jonathan f17171cf5d Restore Heimdal Id as $Heimdal:, add NetBSD ID. 2004-07-14 07:06:44 +00:00