Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
167,430 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

1153 Commits

Author SHA1 Message Date
mgrooms 324a68d0b7 Sort sainfo sections on insert and improve matching logic. 2007-09-05 06:55:44 +00:00
mgrooms edac7dae7c Correct the syntax for wins4 in the man page and add nbns4 as an alias. Pointed out by Claas Langbehn. 2007-09-03 18:08:42 +00:00
manu 1c79bc103b src/racoon/isakmp_xauth.c: Don't mix up RADIUS authentication and 
authorization ports. Allow interoperability with freeradius
 2007-08-07 04:35:01 +00:00
taca 9fcfdb104e Apply a patch from https://bugzilla.mindrot.org/show_bug.cgi?id=1306. 
Fix nasty "error: channel 0: chan_read_failed for istate 3" message.
 2007-07-31 03:09:49 +00:00
mgrooms 8628a88239 Update NEWS file with additional 0.7 improvements. 2007-07-24 04:29:23 +00:00
mgrooms 9b7e05e155 Various racoon configuration manpage updates. 2007-07-18 22:50:47 +00:00
christos 0878f17383 PR/36665: Matthias Scheler: Thread support is not enabled in NetBSD's OpenSSL 
I enabled it.
 2007-07-18 20:19:56 +00:00
vanhu c3bc7fe364 use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues 2007-07-18 12:07:49 +00:00
vanhu 9f7ae421ea fixed a socket leak 2007-07-16 15:05:10 +00:00
vanhu 0fd2ceaf72 indentation 2007-07-16 15:03:13 +00:00
christos 4d0c78dab0 PR/36624: Edgar Fu: sshd should not check pw_{expire,change} if UsePam is 
enabled. This is what the "portable" version of openssh does.
 2007-07-10 15:48:56 +00:00
christos a39c84a8c3 PR/36623: Edgar Fu: ssh publickey authentification fails if homedir not present 
Removed extra realpath check that was introduced by a bogus merge.
 2007-07-10 14:56:25 +00:00
christos 30638c77c3 PR/36562: Takeshi Nakayama: sshd(8) HostbasedAuthentication fails after 
upgrading to 4.0_BETA
Remove $HOME test since this is also used by sshd.
 2007-06-26 18:28:34 +00:00
christos d1cb3ec527 remove unused variable. 2007-06-25 01:42:31 +00:00
christos c6b86acffc don't use __progname for the pam service name. Hard-code it to "sshd" 2007-06-24 23:48:30 +00:00
manu 72fe4c3a84 From Paul Winder <Paul.Winder@tadpole.com>: 
Fix ignored INTERNAL_DNS4_LIST
 2007-06-07 20:04:26 +00:00
vanhu 6ae0ffb7d9 From Rong-En Fan: fix compilation with gcc 4.2 2007-06-06 15:37:15 +00:00
vanhu cc41629a4c fixed compilation with gcc 4.2 2007-06-06 15:37:14 +00:00
vanhu 6817ea28d9 speeds up interfaces update when they changed 2007-06-06 09:47:30 +00:00
vanhu 1ed22670fa From Jianli Liu: speed up interfaces update when they change. 2007-06-06 09:47:29 +00:00
vanhu 7c53bfe0b6 ignore obsolete lifebyte when validating reloaded configuration 2007-06-06 09:18:16 +00:00
manu a16fcccee0 From Joy Latten <latten@austin.ibm.com> 
Fix file descriptor shortage when using labeled IPsec.
 2007-05-31 19:54:54 +00:00
manu 23326f5b62 From Jianli Liu <jlliu@nortel.com>: 
In racoonctl, use the specified socket path instead of the default location
 2007-05-30 21:02:39 +00:00
christos 5d1825b2a1 Use RESCUEDIR if set. 2007-05-17 00:17:50 +00:00
christos 538010e358 coverity CID 4168: yyerror() does not return, so we proceed to de-reference 
NULL. Make it return -1 instead like in other places.
 2007-05-16 21:00:40 +00:00
christos dc073934fe coverity CID 4170: yyerror() does not return, so we proceed to de-reference 
NULL. Make it return -1 instead like in other places.
 2007-05-16 20:59:04 +00:00
vanhu 5e29f1f1bb search a ph1 by address if iph2->ph1 is NULL when validating the new config 2007-05-04 14:33:38 +00:00
vanhu 79dfa780cb ... 2007-05-04 09:10:07 +00:00
vanhu 0f20ab497d added some debug in getph1byaddr() to track some port matching problems with NAT-T 2007-05-04 09:09:54 +00:00
vanhu e91f01072a added some debug in isakmp_chkph1there() to track some port matching problems with NAT-T 2007-05-04 09:09:47 +00:00
vanhu ff0f36d165 added some debug for DELETE_SA process 2007-05-04 09:09:35 +00:00
vanhu ae24f5b259 Force the update of ph2 in pk_recvupdate() if NAT_T support, to solve some port match problems with the first IPSec SAs negociated as initiator 2007-05-04 09:09:26 +00:00
plunky e3a1867a4d fix usage error: use type for .Ft 2007-04-13 18:22:08 +00:00
vanhu ace683e685 checks proto_id in ipsecdoi_chkcmpids() 2007-04-04 13:09:36 +00:00
vanhu f31c3aee8e dumps peer's ID and peer's certificate subject /subjectaltname if they don't match 2007-04-04 13:07:31 +00:00
vanhu 52c7a2891e Store the DPD main scheduler in ph1 handler, to be able to cancel it when removing the handler, and some minor cleanups in DPD code 2007-03-26 15:58:07 +00:00
christos 8f6921b522 PR/36069: Huang Yushuo: racoon can't work with pam_group 
Set RUSER.
 2007-03-24 02:07:42 +00:00
vanhu 2af4eed892 From Joy Latten: fix a segfault when using security labels between 32bit and 64bit host. 2007-03-23 15:43:19 +00:00
vanhu 38a126966c fixed a segfault when using security labels between a 32bit and a 64bit host 2007-03-23 15:43:18 +00:00
vanhu 27934310cd expire zombie handlers in getph2byid(), to avoid situations where we'll never negociate a phase2 again 2007-03-23 15:34:31 +00:00
vanhu 1046a9e619 From Cyrus Rahman: give more details about what is checked when using certificates to authenticate 2007-03-23 09:57:29 +00:00
vanhu a1d41ca41d give more details about what is checked when using certificates to authenticate 2007-03-23 09:57:28 +00:00
vanhu 27187d08ab fixed subnet check to generate IPV4_ADDRESS when needed in sockaddr2id() 2007-03-22 10:26:19 +00:00
vanhu 002f3b4723 checks if arg is NULL in SCHED_KILL 2007-03-21 14:37:58 +00:00
vanhu 452cfb7edf NULL sched check is now done in SCHED_KILL 2007-03-21 14:29:22 +00:00
vanhu 43c152a498 checks if arg is NULL in SCHED_KILL 2007-03-21 14:28:59 +00:00
vanhu a270a7afb9 From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux. 2007-03-15 14:12:12 +00:00
vanhu 7a26f531db enable monitoring of ipv6 addresse changes on linux 2007-03-15 14:12:11 +00:00
vanhu 0fca99dc2f Consider a negociation timeout when retry_counter is <=0 instead of < 0 2007-03-15 10:37:44 +00:00
christos 2cf8149db2 resurect files that we need and make things compile again. 2007-03-10 23:05:24 +00:00
christos 06993fb381 resolve conflicts. 2007-03-10 22:52:04 +00:00
christos 38f7168c16 PR/35965: Kazushi Marukawa: SSHD doesn't work under protocol 1 
This is a manifestation of a bug in OpenSSL 0.9.8e, which breaks
certain ciphers in OpenSSH <= 4.5p1. See:
    http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html
    http://bugzilla.mindrot.org/show_bug.cgi?id=1291
 2007-03-10 17:18:31 +00:00
christos f0f7c41448 enable RFC/3779, requested by George Michaelson 2007-03-10 00:49:47 +00:00
dogcow 01abf44400 resolve the not-quite-resolved cvs conflicts (a missing #endif) 2007-03-07 02:34:59 +00:00
mjf d774015c29 resolve conflicts 2007-03-06 23:47:18 +00:00
mjf b22ff73a10 Import OpenSSL 0.9.8e 2007-03-06 21:12:00 +00:00
christos 17fe25abca eliminate caddr_t 2007-03-04 08:21:34 +00:00
mgrooms adf474a143 Add logic to allow ip address ids to be matched to ip subnet ids when 
appropriate.
 2007-02-28 05:36:45 +00:00
vanhu f1c1e37275 block variable declaration before code in ipsecdoi_id2str() 2007-02-21 11:01:06 +00:00
vanhu 740b198715 Removed a debug printf.... 2007-02-20 16:32:28 +00:00
vanhu bd81981229 Only delete a generated SPD if it's creation date matches the creation date of the SA we are currently deleting 2007-02-20 09:11:30 +00:00
vanhu 1cb0c229b8 updated delete_spd() calls 2007-02-20 09:11:14 +00:00
vanhu 19df9f5fcc fills creation date of generated SPDs 2007-02-20 09:11:03 +00:00
vanhu 57d8173408 added 'created' var 2007-02-20 09:10:47 +00:00
vanhu 3c99a9f776 Removed a debug printf.... 2007-02-19 13:08:47 +00:00
vanhu 496e74bcde From Olivier Warin: Fix a %zu in a printf. 2007-02-16 11:01:35 +00:00
vanhu 834d2e72c5 Fixed a %zu in a printf 2007-02-16 11:01:34 +00:00
manu eac241862b Missing SELinux file 2007-02-15 16:31:38 +00:00
manu 1b2a464d38 Missing stuff for SELinux 2007-02-15 16:23:40 +00:00
vanhu 6c4dc9e4c6 From "Uncle Pedro" on sf.net: Just expire a ph1 handle when receiving a DELETE-SA instead of calling purge_remote(). 2007-02-15 13:01:26 +00:00
vanhu 5f4b4e0b21 Just expire a ph1 handle when receiving a DELETE-SA instead of calling purge_remote() 2007-02-15 13:01:25 +00:00
vanhu 6ced6eb0cd Fixed the way phase1/2 messages are sent/resent, to avoid zombie handles and acces to freed memory 2007-02-15 10:19:24 +00:00
rpaulo b552802596 It's no longer basesrc. 2007-02-05 18:12:43 +00:00
vanhu 5374d6ac89 Fixed a check of NAT-T support in libipsec 2007-02-02 13:42:28 +00:00
vanhu 1634f1d295 From "Uncle Pedro" on sf.net: When receiving an ISAKMP DELETE_SA, get the cookie of the SA to be deleted from payload instead of just deleting the ISAKMP SA used to protect the informational exchange. 2007-02-01 08:48:32 +00:00
vanhu e25ad0ee61 When receiving an Isakmp DELETE_SA, gets the cookie of the SA to be deleted from payload instead of just deleting the Isakmp SA used to protect the informational 2007-02-01 08:48:31 +00:00
wiz 15b0193490 Refer to RFC 4716 in two more places (instead of "IETF SECSH"). 
From jmc@openbsd.
 2007-01-23 22:21:54 +00:00
alc a740eb5ac0 CID-4268: `c' is EOF here, remove deadcode 2006-12-26 00:06:03 +00:00
alc bdf6fc4f47 CID-4167: check for 'iph1->approval != NULL' 2006-12-26 00:04:00 +00:00
wiz a0a9492dc8 Talk of RFC 4716 SSH public key format instead of SECSH public key format. 
From markus@openbsd via jmc@openbsd (rev 1.73).
 2006-12-24 10:06:03 +00:00
wiz 7ce75c98d8 Mention RFC 4716. From markus@openbsd via jmc@openbsd (rev. 1.266). 2006-12-24 10:04:08 +00:00
wiz 9e2cc05c4b Use even more macros. 2006-12-23 09:29:53 +00:00
wiz 710cf70831 Use more macros. 2006-12-23 09:29:01 +00:00
wiz fc51d9d324 Serial comma, and bump date for previous. 2006-12-23 09:22:52 +00:00
vanhu 1a38b96eff From Joy Latten: fix a memory leak 2006-12-18 10:15:30 +00:00
vanhu 591299b29f fixed a memory leak in crypto_openssl 2006-12-18 10:15:29 +00:00
manu fcdf5459d0 branch 0.7 created 2006-12-10 22:36:06 +00:00
manu 7c683c0b23 Bring back API and ABI backward compatibility with previous libipsec before 
recent interface change. Bump libipsec minor version. Remove ifdefs in
struct pfkey_send_sa_args to avoid ABI compatibility lossage.
Add a capability flags to detect missing optional feature in libipsec
 2006-12-10 18:46:39 +00:00
manu 78f5cfece3 From Joy Latten: README.plainrsa documenting plain RSA auth 2006-12-10 05:51:14 +00:00
manu 99a403e274 From Joy Latten: Add support for SELinux security contexts. Also cleanup the 
libipsec interface for adding and updating security associations.
 2006-12-09 05:52:57 +00:00
manu 10cadc281e From Simon Chang: More hints about plain RSA authentication 2006-12-09 05:44:34 +00:00
vanhu 3db7f7800e Check keys length regarding proposal_check level 2006-12-05 13:38:40 +00:00
mgrooms 8ceadc3208 Correct issues associated with anonymous sainfo selection in racoon. 2006-11-16 00:30:55 +00:00
dogcow ea8336c632 As uwe points out, it looks like the L on the version constant was 
accidentally removed. Add it back, especially as the documentation still
claims that the constant is a long.
 2006-11-14 22:30:33 +00:00
adrianp 1be366570b From http://www.openssh.org/txt/release-4.5: (CVE-2006-5794) 
* Fix a bug in the sshd privilege separation monitor that weakened its
  verification of successful authentication. This bug is not known to
  be exploitable in the absence of additional vulnerabilities.

Bump __NETBSDSSH_VERSION
 2006-11-14 21:52:09 +00:00
christos 600680c6c3 merge conflicts. 2006-11-13 21:55:36 +00:00
christos 4a5ea8ca2f import 0.9.8d 2006-11-13 21:16:04 +00:00
christos 9f3fa7dc87 eliminate the only variable stack array allocation. 2006-11-09 20:22:18 +00:00
christos 94eb6e9da8 fix typo 2006-11-09 19:51:06 +00:00
christos f06f014bee use malloc when ssp 2006-11-09 19:50:03 +00:00