Commit Graph

701 Commits

Author SHA1 Message Date
manu
8006965b1b Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version
according to ipsec-tools' ChangeLog:

2005-02-23  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
          support for patented algorithms: IDEA and RC5.
        * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
          is not required in the configuration
        * src/racoon/isakmp.c: do not reject addresses for which kernel
          refused UDP encapsulation, they can still be used for non NAT-T
          traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)

2005-02-18  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{main.c|eaytest.c|plairsa-gen.c}
          src/setkey/setkey.c: don't use fuzzy paths for package_version.h

2005-02-18  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
          related DELETE_SA
        * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire

2005-02-17  Emmanuel Dreyfus <manu@netbsd.org>

        From Fred Senault <fred.letter@lacave.net>
        * src/racoon/remoteconf.c: Fix a bug in script init

2005-02-17  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks

2005-02-15  Michal Ludvig  <michal@logix.cz>

        * configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
2005-02-23 14:53:33 +00:00
elric
3e9f769ad6 Turn protocol 1 krb5 support back on. 2005-02-22 02:29:32 +00:00
wiz
0e4368712b Fix Xref. 2005-02-20 21:10:54 +00:00
wiz
54c5fce210 Sort sections, whitespace nit, use .In. 2005-02-20 21:10:04 +00:00
manu
a7d348371a Remove KAME racoon distribution, which is not used anymore 2005-02-20 15:50:02 +00:00
onoe
9bd25f488a re-enable smime encrypt. fix from openssl-0.9.7e 2005-02-20 03:33:47 +00:00
thorpej
3029ac0bc4 Use __inline instead of inline. 2005-02-19 22:02:59 +00:00
christos
c4362dc746 Move duplicate block for pam to the 1.5 dispatch block where it belongs.
Restore KRB4 and KRB5 blocks to the 1.5 dispatch block.
XXX: Should we remove the KRB4 block from the 2.0 dispatch block?
2005-02-19 03:08:23 +00:00
thorpej
2a7ae5ee05 Fix package_version.h include path so it has a chance of working in
our source tree.
2005-02-18 06:28:52 +00:00
thorpej
b4668e17e3 Alter the include path for package_version.h so that it has a chance
of working in our source tree.
2005-02-18 06:24:38 +00:00
elric
48f369dafd Put Kerberos configuration options back into client config parsing
routines.
2005-02-16 05:04:05 +00:00
he
e4afa5eb28 A sig_atomic_t isn't necessarily compatible with a %d printf format;
on evbsh5 sig_atomic_t is an __int64_t.  Since this only stores a
signal number, cast to int before printing.
2005-02-15 16:22:12 +00:00
christos
0b6f3b5222 add moduli from openssh-3.9p1 2005-02-13 19:34:24 +00:00
christos
d6e447b0f6 Add PAM hooks from portable OpenSSH. 2005-02-13 18:14:04 +00:00
christos
b3a1b19bc5 Make this compile. 2005-02-13 18:13:34 +00:00
christos
cb2bba8c62 Add pam files from portable openssh 3.9p1 2005-02-13 18:11:30 +00:00
christos
ea7d905559 Bring back files we need from the dead. 2005-02-13 06:01:36 +00:00
christos
43dbbb7ed8 Merge conflicts. 2005-02-13 06:01:14 +00:00
christos
8b8ab8547b Resolve conflicts. 2005-02-13 05:57:25 +00:00
christos
797648d563 Change the order of the set{e,}{u,g}id calls. NetBSD is stricter and needs
to keep the euid until the end. Add a bit of debugging.
2005-02-13 05:54:27 +00:00
christos
cad419c94d from ftp.openbsd.org 2005-02-13 00:52:40 +00:00
manu
1cbaff0bc3 Remove .cvsignore files commtted by mistake 2005-02-12 15:52:36 +00:00
manu
a8f0ad3c37 Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS)
ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many
enhancements.
2005-02-12 11:11:11 +00:00
simonb
9cbc979889 Bring closer to reality. 2005-02-07 12:26:56 +00:00
christos
83da2f6968 don't throw const away for no reason. 2004-12-11 06:58:20 +00:00
christos
fbed044c7e Grr, this was not updating lastlogx! 2004-11-11 22:08:39 +00:00
thorpej
b454543f45 Apply patches as discussed on:
http://mail-index.netbsd.org/tech-net/2004/11/05/0004.html

Slightly modified to differentiate the version string from a stock racoon.

	* auth_gssapi.h (GSSAPI_DEF_NAME): Change from "ike" to "host".
	(gssapi_get_default_id): Rename to gssapi_get_id.
	(gssapi_get_default_gss_id): New prototype.
	* cfparse.y (GSSAPI_ID): Rename to GSS_ID.
	(GSS_ID_ENC, GSS_ID_ENCTYPE): New tokens.
	(gssenc_statement): New statement.
	(isakmpproposal_spec): Use GSS_ID token.
	(expand_isakmpspec): Fill in gssid in the new proposal only
	if authmethod is OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB.  If the
	GSS ID is not provided, call gssapi_get_default_gss_id() to
	place the default ID in the proposal.
	* cftoken.l (S_GSSENC): New start condition.
	(<S_RMTP>gss_id): New, return the GSS_ID token.
	(<S_RMTP>gssapi_id): Return the GSS_ID token.
	(<S_INI>gss_id_enc, <S_GSSENC>latin1, <S_GSSENC>utf-16le)
	(<S_GSSENC>{semi}): New, tokenize the "gss_id_enc enctype;"
	statement.
	* gssapi.c: Include <unistd.h>.
	(gssapi_get_default_gss_id): New function.
	(gssapi_init): Disable a broken debugging message.  Make
	printf formats consistent in their handling of non-NUL-terminated
	strings.
	(gssapi_get_default_id): Rename to...
	(gssapi_get_id): ...this.  If the proposal has a gssid, vdup()
	that and return it.  Disable a broken debugging message.  Make
	printf formats consistent in their handling of non-NUL-terminated
	strings.
	* ipsec_doi.c: Include <iconv.h>.
	(get_ph1approval): Make printf formats consistent in their handling
	of non-NUL-terminated strings.  Call gssapi_get_id() instead of
	gssapi_get_default_id(), and remove some complexity that has been
	pushed into that function.
	(t2isakmpsa): When parsing the OAKLEY_ATTR_GSS_ID attribute,
	check convert the attribute from UTF-16LE to ISO-Latin-1, unless
	we are configured to assume the attribute is already ISO-Latin-1
	encoded.
	(setph1attr): When setting the OAKLEY_ATTR_GSS_ID attribute,
	convert the attribute from ISO-Latin-1 to UTF-16LE, unless we
	are configured to encode the attribute in ISO-Latin-1.
	* localconf.c (setdefault): Set the default GSS ID encoding type
	to UTF-16LE.
	* localconf.h (LC_GSSENC_UTF16LE, LC_GSSENC_LATIN1)
	(LC_GSSENC_MAX): New constants.
	(struct localconf): Add gss_id_enc member.
	* main.c (RACOON_VERSION): Append " - NetBSD 20041110" to the
	version string.
	* racoon.conf.5: Document changes to GSS ID encoding and default
	GSS ID computation.  Document "gss_id_enc enctype;" statement.
	* samples/racoon.conf.sample-gssapi: Update and add comments to
	provide more information.
2004-11-10 20:23:28 +00:00
christos
d08f4201ee For ptys of the form /dev/pts/n, print foo@pts/n instead of foo@n. Check
that strrchr() returns non null before using it.
2004-11-10 16:55:55 +00:00
dsl
1869f0e146 Add (unsigned char) cast to ctype functions 2004-11-05 21:56:01 +00:00
dsl
3d446c0f42 Add (unsigned char) cast to ctype functions 2004-11-03 21:01:45 +00:00
dsl
e2f49bd9e2 Add (unsigned char) cast to ctype functions 2004-10-30 15:15:37 +00:00
dsl
8668419e38 Add (unsigned char) cast to ctype functions 2004-10-30 08:34:24 +00:00
lha
2c875217bb Merge in changes between 0.6.2 and 0.6.3 2004-09-14 08:08:19 +00:00
lha
ac5d4384ae remove generated files 2004-09-14 07:50:24 +00:00
lha
a53f6df83e Import heimdal 0.6.3
Changes in release 0.6.3

 * fix vulnerabilities in ftpd
 * support for linux AFS /proc "syscalls"
 * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
   kpasswdd
 * fix possible KDC denial of service
 * bug fixes
2004-09-14 07:45:53 +00:00
mycroft
6e317e9e72 Disable the "may kill you" message, because:
1) It's not documented anywhere.
2) The problem it's attempting to warn about is not documented anywhere.
3) There are no example configs (or any I found with Google) that use the
   "listen" directive.
4) In any event, it's poorly worded and unclear what it's talking about.
2004-08-06 13:57:05 +00:00
drochner
14c8904f79 rename local pow10 function to avoid conflicts with the C99 libm one;
while not implemented in NetBSD yet is is considered reserved by gcc-3.4
2004-08-05 16:55:34 +00:00
wiz
e8e1e9c2fe Sync with Heimdal: krb5_set_password.3,v 1.7 (except for a reference to
a man page we don't have yet):
Document krb5_set_password_using_ccache and krb5_passwd_result_to_string.
Ok'd by lha.
2004-07-18 15:08:50 +00:00
wiz
258b1bfb2e Remove superfluous comma; grammar fixes; split sentence
in two for better understanding.
XXX: krb5_set_password_using_ccache not described.
2004-07-14 09:21:59 +00:00
jonathan
8045e967b9 Fix typo (space added at beginning of line in an editor window under
the shell where I retested the Makefile changes, sigh...)
2004-07-14 07:12:25 +00:00
jonathan
f17171cf5d Restore Heimdal Id as $Heimdal:, add NetBSD ID. 2004-07-14 07:06:44 +00:00
jonathan
98b92eb4a5 Commit manpage for krb5_set_password(3), based on Heimdal-20040606,
with small revisions by myself, reviewed/approved by Love.
2004-07-14 07:02:07 +00:00
he
8416ac87c6 Print ssize_t-typed variables using %zd format, not just %d.
Fixes build problem observed when compiling for hpcarm.
2004-07-13 14:15:17 +00:00
jonathan
e5f57f3a70 Commit changes from Heimdal-current, as per discussion with Love
(lha@NetBSD.ORG), to incorporate contemporary (last-year-ish)
set-password and change-password extensions derived RFC-3244
(Microsoft set-password/change-password extensions), and the
subsequent MIT-KRB5 APIs for changing and setting passwords.

Required for compatibility with recent (2002/2003-ish) open-source
code which uses the MIT KRB5 APIs for setting passwords, or for
joining Microsoft domains as a  "computer account".

Modified files (for pullup tracking purposes):
	lib/libasn1/Makefile
	crypto/dist/heimdal/lib/asn1/k5.asn1
 	crypto/dist/heimdal/lib/krb5/changepw.c
 	crypto/dist/heimdal/lib/krb5/krb5-protos.h
 	crypto/dist/heimdal/lib/krb5/krb5.h
2004-07-12 20:44:56 +00:00
christos
763b8e76a6 Now that we have addrlen, use it. 2004-07-06 02:59:55 +00:00
drochner
c62dff1bf7 fix a const'ification inconsistency, noticed by gcc-3.4 2004-07-01 21:27:42 +00:00
drochner
5e420ba772 restore behaviour before the 0.9.7d import: fall back to /dev/urandom
if ~/.rnd is not present.
(This code is with #ifdef __OpenBSD__ in openssl now; this change just
generalizes it.)
(approved by tls)
2004-06-21 15:14:16 +00:00
itojun
166adfa9e5 sync w/ 20040617. 2004-06-17 03:42:55 +00:00
itojun
f7968a3c82 version 20040617a, includes important fix about cert handling 2004-06-17 03:38:44 +00:00
lha
76164d845a Now that we have res_nsearch, use it. Thanks christos for adding it. 2004-05-25 11:15:43 +00:00