Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
141,224 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

840 Commits

Author SHA1 Message Date
chs 7bbdd188e1 appease gcc -Wuninitialized on hp700. 2005-06-05 19:08:28 +00:00
manu 6ec5a5a9b7 Fix Xauth login with PAM authentication 2005-06-04 22:09:27 +00:00
manu 2c39301c40 Endianness bug fix 2005-06-04 21:55:05 +00:00
manu 311dff8be0 Missing 0th element in rm_idtype2doi array 2005-06-03 22:27:06 +00:00
lukem d687f4502c appease gcc -Wuninitialized 2005-06-02 04:59:17 +00:00
lukem 936a4cd73f Don't attempt to close a random file descriptor upon error. 
Detected with gcc -Wuninitialized.
 2005-06-02 04:57:33 +00:00
lukem 08ef6270ca appease gcc -Wuninitialized 2005-06-02 04:56:14 +00:00
lukem 89f4d29f7d Appease gcc -Wuninitialized, in a similar method used elsewhere in the 
same function.
 2005-06-02 04:43:45 +00:00
lukem 6e3cdc676d appease gcc -Wuninitialized 2005-06-01 12:07:00 +00:00
wiz 8bf012821a Drop trailing whitespace. 2005-05-25 16:57:39 +00:00
wiz bf77c4e4b3 Drop trailing whitespace and a grammar fix. 2005-05-25 10:09:36 +00:00
manu bd592e6e99 Really delete phase 1 on Xauth failure 2005-05-20 07:34:47 +00:00
manu 48fade8581 Fix NAT-T plus IPcomp 2005-05-20 01:28:13 +00:00
manu c6660c31c6 Fix parse bug in IPsec policies 2005-05-20 00:57:33 +00:00
manu 2e090d4afb When altering the lifetime, don't modify to configured proposal, duplicate 
it instead.
 2005-05-20 00:54:55 +00:00
christos 137ea645ec PR/30198: Lubomir Sedlacik: The forwarding listening host is optional; don't 
try to free it.
 2005-05-18 16:11:11 +00:00
manu 6add206c2f - Fix a double free 
- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port
 2005-05-13 14:09:44 +00:00
manu a5a80e2b4d Update sample config file to higher security settings 2005-05-10 10:22:03 +00:00
manu aed94b2d22 Add two Cisco extensions for pushing PFS group and save password 
setting throug ISAKMP mode config
 2005-05-10 09:54:43 +00:00
manu db7c068992 proposal_check fixes: 
- fix claim behavior in phase 1
- also check lifebyte
 2005-05-10 09:23:36 +00:00
lukem 56b6919254 Remove a stale #endif, and add one missing at EOF. 
Noticed by code inspection and confirming by diffing against the vendor source.
The previous code compiled, but it certainly wouldn't have DTRT ...
 2005-05-08 23:30:46 +00:00
christos 0a3fafc305 Update PAM from the "portable openssh" 4.0p1 2005-05-08 21:15:04 +00:00
he 8d29e11e90 Add a prototype for getph2bysaddr(), fixes build problem for isakmp.c. 2005-05-08 14:14:18 +00:00
manu 873e8e21a9 More NAT-T fixes for the situation where racoon acts as a VPN client 
Flush SA and generated SP on DPD timeout and deletion payloads
 2005-05-08 08:57:26 +00:00
manu 63a609062e From Manisha Malla <mmanisha@novell.com>: 
fix unsigned int checked for being negative
 2005-05-04 17:23:10 +00:00
manu 8bf053b3f3 on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that 
multiple SA can be used in transport mode

While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
 2005-05-03 21:08:47 +00:00
uwe f3b48582e5 return statements in void functions make lint very confused. 2005-04-27 22:38:56 +00:00
manu 10802677c9 Bug fixes from the ipsec-tools 0.6 branch: 
- Fix NAT-T problems that prevented multiple peers behind the same NAT
  to talk to the same machine outside the NAT. This also require kernel
  fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
  over UDP when printing policies
 2005-04-27 05:19:49 +00:00
matt d627c3edde Don't emit struct units [] anymore. emit a struct units * const foo and 
in the C file initialize that to the static list.
 2005-04-25 17:20:51 +00:00
matt 5ac7f26c22 Emit headers with #include <parse_units.h> so that struct units is defined 
so that extern struct units <foo> will not cause errors with gcc4.x
 2005-04-25 01:25:25 +00:00
kleink 14fc3b7ba8 Fix printf format/argument mismatch. 2005-04-24 13:31:01 +00:00
christos a8090b3963 add back moduli 2005-04-23 21:12:47 +00:00
christos 31ed567522 resolve conflicts. 2005-04-23 19:31:14 +00:00
christos ed314b4eb0 from www.openssl.org 2005-04-23 19:10:56 +00:00
christos 0df7655544 bring back files that this update removed. 2005-04-23 16:55:03 +00:00
christos 8471a3b7da resolve conflicts. 2005-04-23 16:53:28 +00:00
christos 70917d9a4b Import OpenSSH 4.0 from ftp.openbsd.org 2005-04-23 16:28:01 +00:00
manu 6845962b31 Fix simple DES support (security problems for racoon to racoon setups) 
Fix broken generated policies flush
 2005-04-19 19:42:08 +00:00
christos 97b2d3b1c8 check for pwd != NULL in getpwnam_r. From John Nemeth. 2005-04-19 12:55:31 +00:00
manu d3e5d568cd Fix SA lifebyte check 2005-04-18 11:15:01 +00:00
wiz e35111eeee Some more minor changes, ok manu@. 2005-04-17 01:03:46 +00:00
wiz 1390e25dcf Some more English improvements after feedback from manu@; more formatting. 2005-04-15 13:23:58 +00:00
wiz 6e35cd769e Improve English in comments. 2005-04-15 11:10:32 +00:00
wiz 0f822df19c Improve english, improve formatting, sort options. 2005-04-15 10:58:11 +00:00
wiz c0259e4629 Grammar fixes & improvements. 2005-04-14 11:47:26 +00:00
wiz 57066c3ab7 Grammar improvements. 2005-04-14 11:41:53 +00:00
wiz 097b641d74 kerberos -> Kerberos. 2005-04-14 11:35:08 +00:00
wiz 1b303684c3 Fix typo. 2005-04-14 11:34:37 +00:00
wiz 6b53ca1794 all SA -> all SAs. 2005-04-14 10:31:35 +00:00
wiz 6e903fbf59 New sentence, new line; some other dot fixes found during line breaking. 2005-04-14 10:30:28 +00:00
wiz 1131da3fb1 Use capitalized spelling of NetBSD. 2005-04-14 10:26:40 +00:00
wiz 6e8a3f159a Add LIBRARY section. 2005-04-14 10:25:58 +00:00
wiz 863b095e57 Punctuation nits. 2005-04-14 10:24:43 +00:00
wiz 0fb9995f39 Use Bq instead of []. 2005-04-14 10:24:18 +00:00
wiz 75b3bff7ae Punctuation nits. 2005-04-14 10:23:38 +00:00
wiz dd317f6217 Use .In for header files. 2005-04-14 10:22:11 +00:00
wiz 9e8d46e23b No dot at end of SEE ALSO; Xr fixes. 2005-04-14 10:21:22 +00:00
wiz 9582558bf7 Mostly punctuation nits; break line after Xr arguments. 2005-04-14 10:20:01 +00:00
wiz 954b6abb72 Fix Dd and Dt arguments; fix two more typos; add comma in SEE ALSO; 
format author with An/Aq.
 2005-04-14 10:15:58 +00:00
wiz 2299aab679 We want .Os without argument. 2005-04-14 10:13:10 +00:00
wiz f6b271af05 Add missing .Os. 2005-04-14 10:13:03 +00:00
wiz 472d87499c Uncomment xref to racoonctl. 2005-04-14 10:11:32 +00:00
wiz acc79b78a6 hexa-decimal -> hexadecimal. 2005-04-14 10:07:35 +00:00
wiz db0843b173 Add an article, and 2nd -> second. 2005-04-14 10:07:10 +00:00
wiz f7c1b62f03 Use Xr for chroot. 2005-04-14 10:06:32 +00:00
wiz d0e3ae6a43 oakley -> Oakley. 2005-04-14 10:05:45 +00:00
wiz caf942511e aspell 2005-04-14 10:04:17 +00:00
wiz 2ea3f3fa43 Drop trailing whitespace. 2005-04-14 09:47:12 +00:00
wiz 03a7a7234a New sentence, new line. Remove Os argument (we are not KAME). 
NetBSD -> Nx. Use Sx for section cross-references.
 2005-04-13 23:12:01 +00:00
wiz 6cd6ff42d8 Drop trailing whitespace. 2005-04-13 23:09:35 +00:00
manu 5a6c417352 Resurrect TCP-MD5 support. This fixes bin/29915 2005-04-10 21:20:55 +00:00
manu 09a5230af6 Fix a buffer overrun in ISAKMP mode config SET handler 2005-04-04 21:43:26 +00:00
christos 55ef051c47 s/u_int32_t/uint32_t/ 
kill the rest of u32,u16,u8
 2005-03-26 03:48:44 +00:00
christos 9b98d82f76 s/u32/u_int32_t/ 2005-03-26 02:23:06 +00:00
christos c6a84da3bd Don't define FIPS_selftest_failed locally. 2005-03-26 02:22:42 +00:00
christos 514fe26b5c The last broken merge. 2005-03-25 23:03:47 +00:00
christos 2674f87be1 Fix merge issue. 2005-03-25 21:54:20 +00:00
christos db19fc60e2 Missed 2 #ifdef OPENSSL_FIPS... 2005-03-25 20:19:51 +00:00
christos 684dfceb07 Resolve conflicts. 2005-03-25 20:14:24 +00:00
christos e72fb54032 import openssl-0.9.7f from ftp.openssl.org 2005-03-25 19:05:51 +00:00
kleink ac37001e7f As observed in other modules, pull in <sys/queue.h> explicitly rather 
than relying on namespace pollution to do so.
 2005-03-17 20:40:42 +00:00
manu d658ac5976 Updated ipsec-tools: 
2005-03-16  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
          src/racoon/remoteconf.c: When running in privsep mode, check that
          private key and script paths match those given in the path section.

2005-03-15  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
          RADIUS accounting at startup
        * src/racoon/privsep.c: fix minor bug in PAM cleanup
        * src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used

2005-03-14  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac: handle correctly dynamic libradius
        * src/racoon/cfparse.y: correctly initialize address pool
 2005-03-16 23:53:12 +00:00
manu 8a98c83667 Updated ipsec-tools: 
2005-03-16  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
          src/racoon/remoteconf.c: When running in privsep mode, check that
          private key and script paths match those given in the path section.

2005-03-15  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
          RADIUS accounting at startup
        * src/racoon/privsep.c: fix minor bug in PAM cleanup
        * src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used

2005-03-14  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac: handle correctly dynamic libradius
        * src/racoon/cfparse.y: correctly initialize address pool
 2005-03-16 23:52:42 +00:00
manu e4563075a5 Updated ipsec-tools: 
2005-03-16  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
          src/racoon/remoteconf.c: When running in privsep mode, check that
          private key and script paths match those given in the path section.

2005-03-15  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
          RADIUS accounting at startup
        * src/racoon/privsep.c: fix minor bug in PAM cleanup
        * src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used

2005-03-14  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac: handle correctly dynamic libradius
        * src/racoon/cfparse.y: correctly initialize address pool
 2005-03-16 23:51:44 +00:00
manu e298dc4582 Import ipsec-tools ipsec-tools-0_6-20050314 2005-03-14 08:14:24 +00:00
christos daee9fbceb Add UsePam yes 2005-02-28 02:35:10 +00:00
manu 519aeb19a0 Resolve conflict 2005-02-24 20:59:24 +00:00
manu 6159f46a8d Import ipsec-tools ipsec-tools-0_6-20050224 2005-02-24 20:52:25 +00:00
manu 88856e235d Resolve conficts and remove autoconf files that were committed by mistake 2005-02-23 15:17:50 +00:00
manu 8006965b1b Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version 
according to ipsec-tools' ChangeLog:

2005-02-23  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
          support for patented algorithms: IDEA and RC5.
        * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
          is not required in the configuration
        * src/racoon/isakmp.c: do not reject addresses for which kernel
          refused UDP encapsulation, they can still be used for non NAT-T
          traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)

2005-02-18  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{main.c|eaytest.c|plairsa-gen.c}
          src/setkey/setkey.c: don't use fuzzy paths for package_version.h

2005-02-18  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
          related DELETE_SA
        * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire

2005-02-17  Emmanuel Dreyfus <manu@netbsd.org>

        From Fred Senault <fred.letter@lacave.net>
        * src/racoon/remoteconf.c: Fix a bug in script init

2005-02-17  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks

2005-02-15  Michal Ludvig  <michal@logix.cz>

        * configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
 2005-02-23 14:53:33 +00:00
elric 3e9f769ad6 Turn protocol 1 krb5 support back on. 2005-02-22 02:29:32 +00:00
wiz 0e4368712b Fix Xref. 2005-02-20 21:10:54 +00:00
wiz 54c5fce210 Sort sections, whitespace nit, use .In. 2005-02-20 21:10:04 +00:00
manu a7d348371a Remove KAME racoon distribution, which is not used anymore 2005-02-20 15:50:02 +00:00
onoe 9bd25f488a re-enable smime encrypt. fix from openssl-0.9.7e 2005-02-20 03:33:47 +00:00
thorpej 3029ac0bc4 Use __inline instead of inline. 2005-02-19 22:02:59 +00:00
christos c4362dc746 Move duplicate block for pam to the 1.5 dispatch block where it belongs. 
Restore KRB4 and KRB5 blocks to the 1.5 dispatch block.
XXX: Should we remove the KRB4 block from the 2.0 dispatch block?
 2005-02-19 03:08:23 +00:00
thorpej 2a7ae5ee05 Fix package_version.h include path so it has a chance of working in 
our source tree.
 2005-02-18 06:28:52 +00:00
thorpej b4668e17e3 Alter the include path for package_version.h so that it has a chance 
of working in our source tree.
 2005-02-18 06:24:38 +00:00
elric 48f369dafd Put Kerberos configuration options back into client config parsing 
routines.
 2005-02-16 05:04:05 +00:00