thorpej
1e7bdbcad4
Bring in latest racoon/libipsec from KAME (not part of a snap
...
kit). Includes several racoon bugfixes, including ones that
fix coredumps when using GSSAPI authentication for Phase 1.
2001-01-24 18:10:22 +00:00
itojun
6530b069f5
fix to PR 11320 (ssh-askpass gets invoked forever if we don't have
...
control terminal). from markus@openbsd
2001-01-21 02:44:05 +00:00
hubertf
cbd751b376
Sync with localsrc: The default is "ForwardX11 no".
2001-01-20 03:38:19 +00:00
itojun
096913193b
disable s/key authentication request (from client) by default, to prevent
...
confusing fake s/key challenge to show up.
per recent discussion on tech-userlevel.
2001-01-18 13:37:17 +00:00
itojun
f08806ada3
fix printf format for u_int64_t
2001-01-17 11:35:38 +00:00
simonb
3cc4829557
Fix printf format with sizeof().
2001-01-16 02:20:19 +00:00
toshii
a230982a45
Catch up with sshd config file entry changes.
...
Now we need to explicitly set DSA key location to use protocol version 2.
2001-01-15 06:13:08 +00:00
itojun
a98ee796df
$NetBSD$
2001-01-14 05:28:01 +00:00
itojun
a0f7a7d829
crypto/dist/ssh: resolve conflicts with 2.3.0/20010105.
...
usr.bin/ssh: add ssh-keyscan and sftp-server into SUBDIR.
2001-01-14 05:22:31 +00:00
itojun
bfbf0e0d31
NetBSD Secure Shell, based on OpenSSH 2.3.0 around 1/5/2001
2001-01-14 04:49:51 +00:00
lukem
286bcc01a3
don't use LOG_CONS
2001-01-11 02:58:05 +00:00
christos
339f061e38
remove redundant decls
2001-01-07 23:21:44 +00:00
mycroft
feb89c799a
Add a COMPATIBILITY section, mentioning the lossage with IDEA-encrypted keys.
2001-01-07 20:48:06 +00:00
christos
6b02df2bb5
remove redundant decl.
2001-01-07 05:44:03 +00:00
christos
1473c569f5
eliminated redundant decl.
2001-01-07 00:01:16 +00:00
christos
2c1245f292
eliminate redundant declarations.
2001-01-06 23:30:57 +00:00
itojun
cbf1717a72
do not allow outsider from injecting syslog entry anonymously.
...
log peer's ip address instead.
openbsd PR 1600.
2001-01-05 06:33:36 +00:00
itojun
b1375d5035
do not look at environment variables if issetugid() == 0.
...
use random number device file as the default value.
from openbsd.
2001-01-05 06:22:32 +00:00
lukem
f819878ce7
use more standard %ll_ in favour of %q_
2001-01-04 15:39:50 +00:00
itojun
650239ad74
fix error return (0 -> -1). sync with kame.
2001-01-04 06:16:38 +00:00
itojun
f2b75fc51d
sync with kame: NULL != 0
2001-01-02 05:08:43 +00:00
itojun
5a3fc2bdaa
PR 11715
...
- kerberos is in chapter 8, not 7
- ftp(1) is not kerberized.
2000-12-31 07:45:50 +00:00
toshii
3a0975845b
Enable TCP_NODELAY socket option also for interactive IPv6 connections.
...
TCP_NODELAY isn't IPv4 only.
2000-12-30 14:54:38 +00:00
itojun
1a9f8a405b
change pathname to netbsd-oriented
2000-12-29 03:12:59 +00:00
assar
492d9092b5
merge fix-ups
2000-12-29 02:52:35 +00:00
itojun
69fd2e0f90
location of manpage
2000-12-29 02:32:42 +00:00
itojun
57ebd1b3c8
KAME racoon, 2000/12/29
2000-12-29 02:25:05 +00:00
itojun
349ac51600
KAME libipsec/libpfkey, 2000/12/29
2000-12-29 02:24:40 +00:00
assar
8905d28796
was removed in krb4-1.0.5
2000-12-29 02:07:25 +00:00
assar
a842a70c3c
merge
2000-12-29 01:52:14 +00:00
assar
2d80b20be2
import krb4-1.0.5
2000-12-29 01:42:08 +00:00
fvdl
be812c01d9
Remove redundant forward declaration of krb5_cache_data struct.
2000-12-24 12:17:21 +00:00
itojun
5389a2b390
cope with embedded KAME scopeid. getifaddrs() expose kernel internal format
...
to the userland.
2000-12-21 03:58:52 +00:00
nathanw
1cc86f8ba4
Check the return value of krb5_init_context(), and bail out if it failed.
...
Also, when failing, don't try to use the non-initialized context value
to determine the error text.
This avoids dumping core in the following programs when /etc/krb5.conf is
missing or broken: klist, kdestroy, kpasswd, kadmin, kadmind, ktutil, kdc.
XXX Better error reporting in this failure case would be nice.
2000-12-19 21:31:11 +00:00
assar
2eabd5aae0
(tf_create): remove the overwriting of the old ticket file
2000-12-09 00:53:52 +00:00
assar
71d1fbbd25
(kdc_reply_cipher): fix buffer over-run
2000-12-09 00:53:21 +00:00
assar
a32b774256
remove (obsolete) support for environment variables.
2000-12-09 00:51:46 +00:00
thorpej
ecf24d1394
Use getifaddrs() if HAVE_GETIFADDRS is defined.
2000-12-03 20:21:03 +00:00
thorpej
074a0c939d
In krb5_sendto(), try the send/recv *inside* the loop through the
...
addinfos, so that e.g. if we fail to connect with an IPv6 address,
we can fall back onto an IPv4 address.
2000-12-02 01:53:08 +00:00
fvdl
c9366a8efe
Fix reversed test.
2000-11-20 14:08:12 +00:00
mason
18a6237381
s/usefull/useful/
2000-11-20 06:42:05 +00:00
itojun
40ad5fc4c1
correct validation on X11 forwarding. from markus@openbsd
2000-11-13 02:30:38 +00:00
joda
25f03b52f9
remove extra .Xc
2000-11-12 15:40:19 +00:00
is
d2b5345f10
When forwarding a connection, use the right descriptor to get IP options.
...
Fixes PR 11261 my Michael Eriksson, using his patch.
2000-11-07 16:06:24 +00:00
fvdl
e22c13589c
Make gss_acquire_cred actually work. Add a ccache member to the id_t struct
...
to store alternate creds, retrieved from a keytab. Make gss_init_sec_context
work with creds != GSS_C_NO_CREDENTIAL. Free ccache in id_t in release_cred.
2000-11-06 15:06:51 +00:00
christos
392621627b
always attempt to canonicalize hostnames, not only when the hostname
...
does not contain a dot.
2000-11-05 20:09:08 +00:00
mason
43bcdca61e
Apply the following:
...
- static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
...so that large packets do not wrap "n".
2000-10-30 18:58:37 +00:00
veego
923459b8ef
Print a newline after 'You entered the wrong passphrase.'
2000-10-29 08:55:59 +00:00
itojun
f3f11aec78
make version identification string conform to SSH version string format.
...
version format must be like:
SSH-[0-9]*.[0-9]*-[^-]*( .*)?
and previous string did not conform to the requirement (too many hyphens).
based on comment from markus@openbsd (openssh maintainer)
2000-10-28 13:41:55 +00:00
joda
4b39e2fe3f
fix v4 fallback lifetime calculation
2000-10-27 14:44:08 +00:00