Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
117,173 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

201 Commits

Author SHA1 Message Date
itojun 9a2478a3b0 /var/empty -> /var/chroot/sshd. PR 17519 2002-07-08 14:39:53 +00:00
itojun 968294e218 >make ssh-keysign read /etc/ssh/ssh_config 
>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@

sync w/openbsd
 2002-07-03 14:23:13 +00:00
itojun 92ea28e291 >for compression=yes, we fallback to no-compression if the server does 
>not support compression, vice versa for compression=no. ok mouring@
sync w/openbsd
 2002-07-03 10:07:48 +00:00
itojun 673c1a7ac1 >use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) 
>in order to avoid a possible Kocher timing attack pointed out by Charles
>Hannum; ok provos@
 2002-07-03 10:06:39 +00:00
itojun c28e7ac1f6 correct signed/unsigned mixup; openbsd 2002-07-03 10:05:58 +00:00
itojun 8d3378688a pednatic check on command line args. correct signed/unsigned mixup. 
sync w/ openbsd
 2002-07-01 06:17:11 +00:00
itojun 84559971ee make use of xfree() consistent. from openbsd 2002-07-01 05:56:45 +00:00
itojun 11792b93b1 don't use freed memory. sync w/openbsd 2002-07-01 05:54:03 +00:00
itojun 5bdd56b128 sync with 3.4 2002-06-26 14:08:29 +00:00
itojun b8f8e01057 OpenSSH 3.4 around 2002/6/26. 
most significant change:
>make sure # of response matches # of queries, fixes int overflow; from ISS

as we have already enabled privsep by default, we should have been safe.
 2002-06-26 14:02:54 +00:00
itojun 603dca2ed2 sync whitespace w/ openbsd tree 2002-06-24 15:47:25 +00:00
itojun bc7b65a647 don't lose information while we cast 2002-06-24 15:46:34 +00:00
agc 7d6a7caf6a Cast arguments so that this file will compile on less forgiving architectures 
like arm32.
 2002-06-24 15:32:58 +00:00
itojun 3ea946f134 sync with openssh 3.3. 
local mods included to make it compile with openssl 0.9.6d.
 2002-06-24 05:48:24 +00:00
itojun 3dfc6702ef clean ssh-keysign build dir before import. 2002-06-24 05:45:17 +00:00
itojun 9486e6fd01 it shouldn't be imported 2002-06-24 05:28:32 +00:00
itojun b5222aff66 OpenSSH 3.3 as of June 24, 2002. 
- ssh is no longer seruid root.  ssh-keyscan is added to read secret host keys.
  protocol version 1 rsh-like authentication is gone.
- FallBackToRsh is deprecated.
 2002-06-24 05:25:39 +00:00
wiz d844f0d7b1 Fix Xrefs. 2002-06-13 00:15:09 +00:00
wiz 78c59017cc Remove photurisd reference. 2002-06-13 00:14:26 +00:00
itojun b745604c00 sync sockaddr_ntop with latest openssh (minor change) 2002-06-09 22:22:55 +00:00
itojun be5f1d082c use getnameinfo on diag printing. sync w/openssh in openbsd 2002-06-08 21:17:57 +00:00
itojun e67961b545 check sshd uid/chroot dir on UsePrivilegeSeparation mode, and die if they 
do not exist.  sync w/openssh
 2002-05-29 23:54:29 +00:00
itojun a5c3041a1b bump date for rhosts auth fix 2002-05-27 13:45:40 +00:00
itojun b274d69ad0 correct rhosts authentication. should fix PR 17023 2002-05-27 13:45:17 +00:00
itojun a46557038c now arc4random is in libc, we don't need to supply local version 2002-05-25 00:29:52 +00:00
itojun e26b1052bb use /var/chroot/sshd instead of /var/empty. suggested by christos 2002-05-16 20:59:35 +00:00
itojun f47caddaf3 turn on privilege separation, as 3.2.1 default do. 
requires sshd uid/gid as well as /var/empty directory.
 2002-05-14 23:33:07 +00:00
itojun ca89359407 sync with 3.2.1 as of 5/13. 
NOTE: privilege separation is turned off by default
as it seems there still are issues with setsid().
 2002-05-13 02:58:17 +00:00
itojun 24255a6a60 OpenSSH 3.2.1 as of 2002/5/13 2002-05-13 02:28:40 +00:00
lukem 244b762de1 Complete the conversion back to the OpenSSH default configuration files of 
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.
 2002-04-29 08:23:34 +00:00
itojun 936168b29d correct afs/kerberos token-passing. notified by markus@openbsd 2002-04-24 01:48:04 +00:00
itojun 34b40b030e sync with openssh 3.2 as of 2002/4/22. 
- privilege separation
- afs/kerberos auth security issue fixed
 2002-04-22 07:59:35 +00:00
itojun ff10d69ea5 OpenSSH 3.2 as of 2002/4/22. bring in sys/sys/tree.h 2002-04-22 07:47:47 +00:00
itojun f597d4ec88 OpenSSH 3.2 as of 2002/4/22. fixes issues with AFS/kerberos auth 2002-04-22 07:35:39 +00:00
itojun 0a2445c3b6 move sshd config files to /etc/ssh 2002-03-11 04:57:55 +00:00
sommerfeld 68c304f103 Fix several LL128 format string mismatches with a chainsaw. 
%llu is "unsigned long long", not "uint64_t"; the former can be 128
bits on LP64 systems.
 2002-03-09 15:03:33 +00:00
itojun 9d597e40f3 printf type mismatch. 2002-03-08 06:03:21 +00:00
itojun 295a85a1c9 sync better with reality (LoginGraceTime) 2002-03-08 02:18:11 +00:00
itojun af34a358ff sync w/ 3.1 as of 2002/3/8. configuration file directory is still /etc 
(openbsd usr.bin/ssh is using /etc/ssh)
 2002-03-08 02:00:50 +00:00
itojun 797a097779 OpenSSH 3.1 as of 2002/3/8. plugs off-by-one security hole 2002-03-08 01:20:24 +00:00
tron 9097d36b33 Fix off by one error described in "PINE-CERT-20020301" advisory. 2002-03-07 16:02:22 +00:00
joda a8d19a98fc don't try to use the krb5 context if the init fails; should fix 
bin/15585
 2002-02-26 11:16:08 +00:00
bjh21 4845a9458f Rather than assuming that -1 is a valid value for a LogLevel or LogFacility, 
explicitly declare SYSLOG_LEVEL_NOT_SET and SYSLOG_FACILITY_NOT_SET and use
those instead.

This is necessary for -fshort-enums platforms, and corresponds to the
following OpenBSD revisions:
log.c           1.21
log.h           1.5
readconf.c      1.95
servconf.c      1.53
 2002-02-10 16:23:33 +00:00
explorer ad08960f5c When calling krb5_verify_user(), we must restore root's uid, since it will need to read /etc/krb5.keytab. 2001-12-19 10:28:47 +00:00
he a18ce029f6 Deal with lossage caused by the addition of the netbsd-1-5 branch tag 
to these files.

Apparently, the "magic" which causes the latest version on the
vendor branch to appear at the head in the repository broke when
the netbsd-1-5 tag was added.  Thus, merge in the lost revisions from
the vendor tag to work around this.
 2001-12-13 15:53:54 +00:00
itojun e2970b134f sync with openbsd/remove variable name from prototype 2001-12-12 17:24:46 +00:00
itojun 684138909c fix constness difference in prototype and func def. 2001-12-12 17:16:16 +00:00
itojun 718900f830 sync with 3.0.2 2001-12-06 03:54:04 +00:00
itojun d97f5d9481 OpenSSH 3.0.2 as of 2001/12/06. fixes environment variable passing in UseLogin=yes 2001-12-06 03:46:04 +00:00
thorpej cce3152281 Deal with an LP64 printf format issue. 2001-11-30 00:46:36 +00:00
itojun d4b3b8bf82 update version date to 20011127 2001-11-27 04:16:08 +00:00
itojun f7146cb367 resolve one more conflict 2001-11-27 04:11:23 +00:00
itojun ce0e2b2976 resolve conflicts on 3.0.1 import 2001-11-27 04:10:22 +00:00
itojun c0c77d470a OpenSSH 3.0.1 as of 2001/11/27. minor bugfixes only. 2001-11-27 04:03:44 +00:00
itojun 6ececc36b4 openssh 3.0 krb5 auth problem has been plugged, 
sync up version number to 3.0.1 so that we can identify it.
 2001-11-19 07:39:57 +00:00
itojun 1eb2191d4f fix auth_krb5() error case behavior. found by jhawk, sync with openbsd tree 2001-11-12 05:45:29 +00:00
itojun 29574d25c5 sync with 3.0 as of 2001/11/7. 2001-11-07 06:26:47 +00:00
itojun 29c34cbb94 OpenSSH 3.0 as of 2001/11/7 2001-11-07 06:20:12 +00:00
sommerfeld 9de5bfcf8f Turn on TCP_NODELAY over loopback 2001-10-18 19:46:12 +00:00
itojun 880aff49c4 buffix from openbsd tree: users config should overwrite system config. 2001-10-02 00:39:14 +00:00
itojun ba613513e8 sync with openssh 2.9.9 around 9/27. 2001-09-27 03:24:01 +00:00
itojun bcdc367f57 OpenSSH 2.9.9 as of 2001/9/27 2001-09-27 02:00:33 +00:00
itojun 00489c2412 apply the following advisory. 2.9.9 will be imported soon. 
Subject: OpenSSH Security Advisory (adv.option)
From: Markus Friedl <markus@openbsd.org>
Message-ID: <20010926231823.A15229@folly>
 2001-09-27 00:12:42 +00:00
cjs d814de63b5 For consistency, make permit_root_login default to PERMIT_NO if not specified 
in the config file. Thanks to itojun for pointing this out.
 2001-09-03 04:23:10 +00:00
cjs da09d12c1e Document that PermitRootLogin's default is now "no". 2001-08-31 09:00:29 +00:00
cjs 894936aa50 Do not permit direct root logins. This makes ssh consistent with 
NetBSD's default security policy in this area: if you are not on
a secure terminal, you must be able to authenticate as a user in
the "wheel" group before you may attempt to authenticate as root
using the root password.
 2001-08-31 08:16:24 +00:00
garbled 7c0934f7f5 While writing sushi's support for sshd.conf, I found out that the manpage 
lies wrt to MaxStartups.  Make the manpage match the code.
 2001-08-03 02:29:07 +00:00
manu 3f1d5c2789 sshd is now able to log in an user if the filesystem is readonly and the tty 
owned by root. Note that the tty still must be mode 620, and sshd does not
check which group owns the tty (more problems here?).
This closes NetBSD PR bin/13499
The fix has been commited to OpenSSH CVS. See OpenBSD's PR user/1946.
 2001-07-27 23:34:27 +00:00
wiz 419e44fdc2 Mostly formatting fixes. 2001-06-24 17:44:11 +00:00
veego 7b726945ac There is no photurisd(8). 2001-06-24 17:29:43 +00:00
itojun 69d60502fe upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh). 
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
  into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
 2001-06-23 19:37:38 +00:00
itojun 0d521994cf OpenBSD 2001/6/24 2001-06-23 19:09:44 +00:00
itojun 6cc43ed622 OpenSSH 2.9 as of 2001/6/24 2001-06-23 16:36:22 +00:00
itojun 5324608adc reject expired password/account. warn if interactive && about to expire. 
ala login(1).  From: Brian Poole <raj@cerias.purdue.edu>

XXX code duplicate with login(1) - should be solved by BSD AUTH code integration
 2001-06-23 08:08:04 +00:00
itojun fed4515da9 bump netbsd-local version number to identify X11 "cookies" fix 2001-06-20 07:49:45 +00:00
lukem ab32b074ec If UseLogin is enabled, disable X11Forwarding (since xauth passing doesn't 
work in this case, so X11Forwarding is effectively useless). Document this.
Resolves my pr [security/13172].
 2001-06-18 10:26:33 +00:00
wiz b6449b85de Add RCS Id, adapt to NetBSD, fix punctuation and whitespace. 2001-06-15 12:50:44 +00:00
wiz 0cc24e9a9f On note by kleink: Add primes.5 to crypto/dist/ssh instead of share/man/man5. 
Import state of 2001-06-14.
 2001-06-15 12:47:39 +00:00
itojun 82b8462ccf apply ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch. 
sshd(8) allows users to delete arbitrary files named "cookies"
       if X11 forwarding is enabled. X11 forwarding is disabled by
       default.
 2001-06-14 02:45:30 +00:00
itojun f7528da67e make it compile with KRB4 and not with KRB5. from IIJ SEIL team 2001-06-14 02:42:31 +00:00
itojun de1e278afa $NetBSD$ 2001-05-26 23:26:59 +00:00
itojun c01f1862d6 prime table for OpenSSH, from OpenBSD etc/primes 2001-05-26 23:24:21 +00:00
itojun 5bb235dbab recover $NetBSD$ 2001-05-15 16:00:32 +00:00
itojun f4532f2487 upgrade to openssh (openbsd usr.bin/ssh) 2.9, around 5/15/2001. 2001-05-15 15:26:07 +00:00
itojun 72af75e4ce OpenSSH 2.9 as of 2001/5/15 2001-05-15 15:02:20 +00:00
itojun d9f67f8672 reduce amount of diff with openbsd usr.bin/ssh (for -Wall -Werror clean) 
so that we can get rid of local changes.

openssh side do not like static functions so put prototypes into each files
rather than making function static.
 2001-05-15 14:50:49 +00:00
onoe c85f9c433b Do not discard input data from client for channels waiting for connection 
establishment.
 2001-05-08 03:02:35 +00:00
itojun b7ab24621c do not attempt to pass null pointer to krb5 library. PR 12683 2001-04-17 12:27:37 +00:00
tron 517c969698 Fix possible core dump in "ssh-add". Patch supplied by Wolfgang Rupprecht 
in PR pkg/12669.
 2001-04-16 03:10:14 +00:00
itojun 374141fb16 duplicated calls to login_getclass. 
From: Jim Bernard <jbernard@mines.edu>
 2001-04-11 23:39:46 +00:00
itojun 8acc6b96b1 refer ~/.ssh/id_rsa{.pub,}. sync with openbsd usr.bin/ssh. 2001-04-10 09:15:49 +00:00
itojun 235b9f0c2f upgrade to openssh 2.5.4 (2001/4/10). 
major behavior changes: (made in openssh master tree - openbsd usr.bin/ssh)
- ssh(1) now defaults to ssh protocol version 2.
  if you want version 1 to take precedence, use /etc/ssh.conf to override.
- config change: ~/.ssh/id_rsa[12] is now ~/.ssh/id_rsa (changed 4/3)
- forced client rekey for protocol version 2 (~R)
- swap gid when uid swaps.
- ListenAddress syntax can take [foo]:port for IPv6 numerics.
- "ssh -D 1080" allows us to use ssh tunnel as SOCKS4 proxy.
 2001-04-10 08:07:54 +00:00
itojun d5fbc62ac3 OpenSSH 2.5.4 as of 2001/04/10 2001-04-10 07:13:48 +00:00
wiz 18a4938209 Fix date. 2001-04-09 12:49:14 +00:00
lukem 315c0a92f9 if debugging (i.e, -v), use options.level instead of SYSLOG_LEVEL_INFO 
to the first call to log_init(), otherwise debug messages from config
file parsing won't appear. (this seems to have been broken in recent
versions of openssh)
 2001-04-02 03:53:36 +00:00
thorpej 6fe37483a3 Set the KRB5CCNAME envrironment variable in the child if we received 
forwarded Kerberos 5 credentials, so that the process that needs them
can actually find them.
 2001-03-28 03:31:52 +00:00
thorpej 8ab184566c When we receive forwarded Kerberos credentials, stuff them into 
a file credential cache (rather than a memory credential cache)
so that they're useful.
 2001-03-28 03:17:23 +00:00
thorpej 2651b336ba Somewhat crude hack to make Kerberos 5 credential forwarding work. 2001-03-28 03:02:51 +00:00
thorpej 2f7b0c6c27 Print useful Kerberos error messages. 2001-03-27 03:58:02 +00:00
simonb 08e4590096 Cast to (long long) when using "%lld" in a printf format. 2001-03-21 00:11:06 +00:00