Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
81,294 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

227 Commits

Author SHA1 Message Date
thorpej 2651b336ba Somewhat crude hack to make Kerberos 5 credential forwarding work. 2001-03-28 03:02:51 +00:00
thorpej 2f7b0c6c27 Print useful Kerberos error messages. 2001-03-27 03:58:02 +00:00
itojun 0265b9e0c2 redo 1.1 -> 1.2. on RAND_file_name(), return /dev/urandom by default. 
RAND_{load,write}_file() takes care of device file case.  from openbsd.
 2001-03-26 18:08:25 +00:00
itojun 522ac04d08 backout 1.1 -> 1.2 (use /dev/urandom if no value can be found), 
/dev/urandom is not a normal file - there'll be no EOF.
noticed by Manuel Bouyer.
 2001-03-21 19:49:50 +00:00
simonb 08e4590096 Cast to (long long) when using "%lld" in a printf format. 2001-03-21 00:11:06 +00:00
itojun 37da3c3c3c sync with openssh 2.5.2 (from openbsd usr.bin/ssh, not from portable). 2001-03-19 20:03:24 +00:00
itojun 7617bcad07 OpenSSH 2.5.2 as of 3/19/2001, from openbsd usr.bin/ssh 2001-03-19 19:42:00 +00:00
thorpej 9ab0878e2a If we get a KRB5KRB_AP_ERR_BAD_INTEGRITY on a TGS req with 
a key usage of KRB5_KU_TGS_REQ_AUTH, then try again with a
key usage of KRB5_KU_AP_REQ_AUTH.  This addresses an interop
issue between new kinit(1) (0.3e) and older KDCs (such as 0.3a).

Patch from assar@netbsd.org; see discussion on current-users.
 2001-03-12 19:25:51 +00:00
joda bee147163e simplify the krb5 code somewhat 2001-03-12 17:56:36 +00:00
thorpej 3fba4682aa Fix LP64 problem in Kerberos 5 TGT passing. 2001-03-09 06:28:30 +00:00
thorpej ca0ffe95fb Merge 2002/03/08 racoon import. 2001-03-08 22:27:52 +00:00
thorpej 29f3673b42 KAME racoon as of 2001/03/08. 2001-03-08 22:18:05 +00:00
thorpej ac356314da Document: 
- forwardable ([libdefaults] and [realms])
- proxiable ([libdefaults] and [realms])
- date_format ([libdefaults])
- srv_lookup ([libdefaults])
- srv_try_txt ([libdefaults])
- scan_interfaces ([libdefaults])
- fcache_version ([libdefaults])
 2001-03-08 17:53:46 +00:00
thorpej bda8951f6b Plug some memory leaks. 2001-03-08 04:12:08 +00:00
assar e625c71295 add krb5 support to ssh/sshd. based on code initially from Daniel Kouril <kouril@informatics.muni.cz> and Björn Grönvall <bg@sics.se> 2001-03-04 00:41:27 +00:00
jmc bacb2758e0 Change keymatlen to size_t to match prototype for str2val. 2001-02-25 03:50:05 +00:00
itojun 96863758b7 remove WARNS=0. from enami 2001-02-22 03:11:24 +00:00
itojun 82ff942844 document complex_bundle. sync with kame 2001-02-22 02:42:43 +00:00
itojun a5316a5fa5 sync with 2/22 code. -B and -Z, 
bundle proposal interpretation, and some other fixes.
XXX WARNS?=0 in racoon/Makefile is necessary to compile yacc-generated files
(static function, generated by yacc, is never used).
 2001-02-22 02:33:06 +00:00
itojun 98857d7198 KAME racoon as of 2001/2/22 2001-02-22 02:21:12 +00:00
itojun 1317273fae sync up with 2.5.1. 
this fixes backward compatibility breakage against 1.2.18 - 1.2.22.
 2001-02-19 12:13:04 +00:00
itojun 10400c1d11 OpenSSH 2.5.1 as of 2001/2/19 2001-02-19 12:09:12 +00:00
itojun c83dc32a4c sync up with 2.5.0. simulate echobacks, X11 display name check, sftp upgrdes. 2001-02-16 15:48:34 +00:00
itojun f02c06e047 OpenSSH 2.5.0 as of 2001/2/17 2001-02-16 15:41:22 +00:00
joda ce75fa5829 removed in 0.3e 2001-02-16 15:34:39 +00:00
itojun 72b00a4178 take the safest side, mandate rnd(4). 2001-02-14 04:46:58 +00:00
itojun 788df94479 update import date. 2001-02-14 01:22:02 +00:00
itojun 531a3ed838 sync with 2/14. 
openssh changes:
- SIGWINCH propagated correctly
- mitigate SSH1 traffic analysis
- sprintf -> snprintf and lots of other cleanups
netbsd local changes:
- include OpenBSD RCSID into binary again, which helps us diagnose later.
 2001-02-14 01:06:48 +00:00
itojun da62f78331 OpenSSH 2.3.2 as of 2001/2/14 2001-02-14 00:53:01 +00:00
assar 43c24b8340 undef ECHO to avoid a warning from the lex-generated code 2001-02-11 17:59:15 +00:00
assar 7a01412798 fix merg-up 2001-02-11 17:58:27 +00:00
assar 657da009a2 fix texinfo mark-up bug 2001-02-11 17:56:09 +00:00
assar 465ad8fda9 fix merge-ups 2001-02-11 16:08:41 +00:00
assar be890e9bcf fix merge conflicts 2001-02-11 14:13:07 +00:00
assar 7a16662ba0 import of heimdal 0.3e 2001-02-11 13:51:06 +00:00
itojun a7b1b8e49c make sure to zero-fill malloced region. sync with openbsd/usr.bin/ssh 2001-02-09 14:39:47 +00:00
itojun 19fb6ccf8d comment: function are named "arc4"foo just for easy porting. 2001-02-09 00:44:35 +00:00
itojun e3045c89d8 sync with 2.3.2. 2001-02-08 19:02:14 +00:00
itojun e5eae0162b OpenSSH 2.3.2 as of 2001/2/9 2001-02-08 18:55:32 +00:00
itojun 7f8fa38080 authentication mistake in SSHv2 + pubkey, from markus. 
REBUILD AND RESTART SSHD NOW.
(vulnerability window for netbsd-current - < 48hours)
 2001-02-08 18:17:24 +00:00
itojun fbfaba7e44 %30s is too short for IPv6 addrssses. 2001-02-08 10:08:53 +00:00
itojun 54bdd08634 fix size_t -> int cast. need checking with alpha... 2001-02-07 18:05:23 +00:00
itojun 3614dcc87c unsigned long long -> %llu, not %qd 2001-02-07 18:01:30 +00:00
itojun 31c0f02be2 update date string 2001-02-07 17:07:07 +00:00
itojun 1f5cfca3e6 sync crypto/dist/ssh with re-importorted tree. try to minimize diffs 
with openssh tree to ease future upgrade.  re-do local changes, including:
- prototype pedants
- IgnoreRootRhosts
- login.conf user validation
some of the local changes that weren't used are omitted for now.  we may
need to revisit those afterwards.

it adds "sftp".
 2001-02-07 17:05:31 +00:00
itojun 9d3aa44a65 OpenSSH 2.3.1 as of 2001/2/8 2001-02-07 16:46:40 +00:00
christos a132b86864 remove redundant declarations 2001-02-04 22:55:26 +00:00
thorpej 78463fc818 Remove the pid file upon exit. 2001-02-04 20:15:52 +00:00
christos c9b3202d16 remove/avoid redundand declarations. 2001-02-04 18:04:03 +00:00
christos ef5d120e44 remove redundant decls. 2001-02-04 18:03:03 +00:00
christos e745af3d91 remove redundant declarations. 2001-02-04 18:02:30 +00:00
christos 9b24735fd3 ifdef out redundant declaration of crypt(3); we don't need it. 2001-02-04 18:01:48 +00:00
christos 28473bf6be remove redundant prototypes. 2001-02-04 18:00:31 +00:00
thorpej 848d04a86c Merge the notsnap20010129 import. 2001-01-30 02:08:54 +00:00
thorpej 05d9e5e0e0 Update racoon from today's KAME sources. Includes memory leak 
fixes in the GSSAPI support code.
 2001-01-30 02:04:39 +00:00
itojun 2d889f0dc5 have safeputchar() for tcpdump/packet-isakmp.c. reported by bernd, 
sync with kame.
 2001-01-28 17:17:56 +00:00
itojun 21ecf40da9 BIND 8.2.3 2001-01-27 08:07:35 +00:00
thorpej b6abea6f2b Merge notsnap20010126 import. 2001-01-26 23:56:18 +00:00
thorpej 034d969067 Bring in latest racoon/libipsec from KAME (not part of a snap 
kit).  Includes a few bugfixes from, including a re-key problem
and memory leak when doing GSSAPI authentication for Phase 1.
Also some better config file documentation.
 2001-01-26 23:53:26 +00:00
jdolecek f17efc018b complete the paragraph about HostKey directive, reword slighly 2001-01-24 22:59:11 +00:00
thorpej 16915b1818 Merge conflicts from notsnap20010124 import. 2001-01-24 18:18:32 +00:00
thorpej 1e7bdbcad4 Bring in latest racoon/libipsec from KAME (not part of a snap 
kit).  Includes several racoon bugfixes, including ones that
fix coredumps when using GSSAPI authentication for Phase 1.
 2001-01-24 18:10:22 +00:00
itojun 6530b069f5 fix to PR 11320 (ssh-askpass gets invoked forever if we don't have 
control terminal).  from markus@openbsd
 2001-01-21 02:44:05 +00:00
hubertf cbd751b376 Sync with localsrc: The default is "ForwardX11 no". 2001-01-20 03:38:19 +00:00
itojun 096913193b disable s/key authentication request (from client) by default, to prevent 
confusing fake s/key challenge to show up.
per recent discussion on tech-userlevel.
 2001-01-18 13:37:17 +00:00
itojun f08806ada3 fix printf format for u_int64_t 2001-01-17 11:35:38 +00:00
simonb 3cc4829557 Fix printf format with sizeof(). 2001-01-16 02:20:19 +00:00
toshii a230982a45 Catch up with sshd config file entry changes. 
Now we need to explicitly set DSA key location to use protocol version 2.
 2001-01-15 06:13:08 +00:00
itojun a98ee796df $NetBSD$ 2001-01-14 05:28:01 +00:00
itojun a0f7a7d829 crypto/dist/ssh: resolve conflicts with 2.3.0/20010105. 
usr.bin/ssh: add ssh-keyscan and sftp-server into SUBDIR.
 2001-01-14 05:22:31 +00:00
itojun bfbf0e0d31 NetBSD Secure Shell, based on OpenSSH 2.3.0 around 1/5/2001 2001-01-14 04:49:51 +00:00
lukem 286bcc01a3 don't use LOG_CONS 2001-01-11 02:58:05 +00:00
christos 339f061e38 remove redundant decls 2001-01-07 23:21:44 +00:00
mycroft feb89c799a Add a COMPATIBILITY section, mentioning the lossage with IDEA-encrypted keys. 2001-01-07 20:48:06 +00:00
christos 6b02df2bb5 remove redundant decl. 2001-01-07 05:44:03 +00:00
christos 1473c569f5 eliminated redundant decl. 2001-01-07 00:01:16 +00:00
christos 2c1245f292 eliminate redundant declarations. 2001-01-06 23:30:57 +00:00
itojun cbf1717a72 do not allow outsider from injecting syslog entry anonymously. 
log peer's ip address instead.
openbsd PR 1600.
 2001-01-05 06:33:36 +00:00
itojun b1375d5035 do not look at environment variables if issetugid() == 0. 
use random number device file as the default value.
from openbsd.
 2001-01-05 06:22:32 +00:00
lukem f819878ce7 use more standard %ll_ in favour of %q_ 2001-01-04 15:39:50 +00:00
itojun 650239ad74 fix error return (0 -> -1). sync with kame. 2001-01-04 06:16:38 +00:00
itojun f2b75fc51d sync with kame: NULL != 0 2001-01-02 05:08:43 +00:00
itojun 5a3fc2bdaa PR 11715 
- kerberos is in chapter 8, not 7
- ftp(1) is not kerberized.
 2000-12-31 07:45:50 +00:00
toshii 3a0975845b Enable TCP_NODELAY socket option also for interactive IPv6 connections. 
TCP_NODELAY isn't IPv4 only.
 2000-12-30 14:54:38 +00:00
itojun 1a9f8a405b change pathname to netbsd-oriented 2000-12-29 03:12:59 +00:00
assar 492d9092b5 merge fix-ups 2000-12-29 02:52:35 +00:00
itojun 69fd2e0f90 location of manpage 2000-12-29 02:32:42 +00:00
itojun 57ebd1b3c8 KAME racoon, 2000/12/29 2000-12-29 02:25:05 +00:00
itojun 349ac51600 KAME libipsec/libpfkey, 2000/12/29 2000-12-29 02:24:40 +00:00
assar 8905d28796 was removed in krb4-1.0.5 2000-12-29 02:07:25 +00:00
assar a842a70c3c merge 2000-12-29 01:52:14 +00:00
assar 2d80b20be2 import krb4-1.0.5 2000-12-29 01:42:08 +00:00
fvdl be812c01d9 Remove redundant forward declaration of krb5_cache_data struct. 2000-12-24 12:17:21 +00:00
itojun 5389a2b390 cope with embedded KAME scopeid. getifaddrs() expose kernel internal format 
to the userland.
 2000-12-21 03:58:52 +00:00
nathanw 1cc86f8ba4 Check the return value of krb5_init_context(), and bail out if it failed. 
Also, when failing, don't try to use the non-initialized context value
to determine the error text.

This avoids dumping core in the following programs when /etc/krb5.conf is
missing or broken: klist, kdestroy, kpasswd, kadmin, kadmind, ktutil, kdc.

XXX Better error reporting in this failure case would be nice.
 2000-12-19 21:31:11 +00:00
assar 2eabd5aae0 (tf_create): remove the overwriting of the old ticket file 2000-12-09 00:53:52 +00:00
assar 71d1fbbd25 (kdc_reply_cipher): fix buffer over-run 2000-12-09 00:53:21 +00:00
assar a32b774256 remove (obsolete) support for environment variables. 2000-12-09 00:51:46 +00:00
thorpej ecf24d1394 Use getifaddrs() if HAVE_GETIFADDRS is defined. 2000-12-03 20:21:03 +00:00
thorpej 074a0c939d In krb5_sendto(), try the send/recv *inside* the loop through the 
addinfos, so that e.g. if we fail to connect with an IPv6 address,
we can fall back onto an IPv4 address.
 2000-12-02 01:53:08 +00:00