Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
101,117 Commits 606 Branches 0 Tags 3.1 GiB
a6315c15ad
Commit Graph

158 Commits

Author SHA1 Message Date
explorer
ad08960f5c When calling krb5_verify_user(), we must restore root's uid, since it will need to read /etc/krb5.keytab. 2001-12-19 10:28:47 +00:00
he
a18ce029f6 Deal with lossage caused by the addition of the netbsd-1-5 branch tag 
to these files.

Apparently, the "magic" which causes the latest version on the
vendor branch to appear at the head in the repository broke when
the netbsd-1-5 tag was added.  Thus, merge in the lost revisions from
the vendor tag to work around this.
 2001-12-13 15:53:54 +00:00
itojun
e2970b134f sync with openbsd/remove variable name from prototype 2001-12-12 17:24:46 +00:00
itojun
684138909c fix constness difference in prototype and func def. 2001-12-12 17:16:16 +00:00
itojun
718900f830 sync with 3.0.2 2001-12-06 03:54:04 +00:00
itojun
d97f5d9481 OpenSSH 3.0.2 as of 2001/12/06. fixes environment variable passing in UseLogin=yes 2001-12-06 03:46:04 +00:00
thorpej
cce3152281 Deal with an LP64 printf format issue. 2001-11-30 00:46:36 +00:00
itojun
d4b3b8bf82 update version date to 20011127 2001-11-27 04:16:08 +00:00
itojun
f7146cb367 resolve one more conflict 2001-11-27 04:11:23 +00:00
itojun
ce0e2b2976 resolve conflicts on 3.0.1 import 2001-11-27 04:10:22 +00:00
itojun
c0c77d470a OpenSSH 3.0.1 as of 2001/11/27. minor bugfixes only. 2001-11-27 04:03:44 +00:00
itojun
6ececc36b4 openssh 3.0 krb5 auth problem has been plugged, 
sync up version number to 3.0.1 so that we can identify it.
 2001-11-19 07:39:57 +00:00
itojun
1eb2191d4f fix auth_krb5() error case behavior. found by jhawk, sync with openbsd tree 2001-11-12 05:45:29 +00:00
itojun
29574d25c5 sync with 3.0 as of 2001/11/7. 2001-11-07 06:26:47 +00:00
itojun
29c34cbb94 OpenSSH 3.0 as of 2001/11/7 2001-11-07 06:20:12 +00:00
sommerfeld
9de5bfcf8f Turn on TCP_NODELAY over loopback 2001-10-18 19:46:12 +00:00
itojun
880aff49c4 buffix from openbsd tree: users config should overwrite system config. 2001-10-02 00:39:14 +00:00
itojun
ba613513e8 sync with openssh 2.9.9 around 9/27. 2001-09-27 03:24:01 +00:00
itojun
bcdc367f57 OpenSSH 2.9.9 as of 2001/9/27 2001-09-27 02:00:33 +00:00
itojun
00489c2412 apply the following advisory. 2.9.9 will be imported soon. 
Subject: OpenSSH Security Advisory (adv.option)
From: Markus Friedl <markus@openbsd.org>
Message-ID: <20010926231823.A15229@folly>
 2001-09-27 00:12:42 +00:00
cjs
d814de63b5 For consistency, make permit_root_login default to PERMIT_NO if not specified 
in the config file. Thanks to itojun for pointing this out.
 2001-09-03 04:23:10 +00:00
cjs
da09d12c1e Document that PermitRootLogin's default is now "no". 2001-08-31 09:00:29 +00:00
cjs
894936aa50 Do not permit direct root logins. This makes ssh consistent with 
NetBSD's default security policy in this area: if you are not on
a secure terminal, you must be able to authenticate as a user in
the "wheel" group before you may attempt to authenticate as root
using the root password.
 2001-08-31 08:16:24 +00:00
garbled
7c0934f7f5 While writing sushi's support for sshd.conf, I found out that the manpage 
lies wrt to MaxStartups.  Make the manpage match the code.
 2001-08-03 02:29:07 +00:00
manu
3f1d5c2789 sshd is now able to log in an user if the filesystem is readonly and the tty 
owned by root. Note that the tty still must be mode 620, and sshd does not
check which group owns the tty (more problems here?).
This closes NetBSD PR bin/13499
The fix has been commited to OpenSSH CVS. See OpenBSD's PR user/1946.
 2001-07-27 23:34:27 +00:00
wiz
419e44fdc2 Mostly formatting fixes. 2001-06-24 17:44:11 +00:00
veego
7b726945ac There is no photurisd(8). 2001-06-24 17:29:43 +00:00
itojun
69d60502fe upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh). 
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
  into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
 2001-06-23 19:37:38 +00:00
itojun
0d521994cf OpenBSD 2001/6/24 2001-06-23 19:09:44 +00:00
itojun
6cc43ed622 OpenSSH 2.9 as of 2001/6/24 2001-06-23 16:36:22 +00:00
itojun
5324608adc reject expired password/account. warn if interactive && about to expire. 
ala login(1).  From: Brian Poole <raj@cerias.purdue.edu>

XXX code duplicate with login(1) - should be solved by BSD AUTH code integration
 2001-06-23 08:08:04 +00:00
itojun
fed4515da9 bump netbsd-local version number to identify X11 "cookies" fix 2001-06-20 07:49:45 +00:00
lukem
ab32b074ec If UseLogin is enabled, disable X11Forwarding (since xauth passing doesn't 
work in this case, so X11Forwarding is effectively useless). Document this.
Resolves my pr [security/13172].
 2001-06-18 10:26:33 +00:00
wiz
b6449b85de Add RCS Id, adapt to NetBSD, fix punctuation and whitespace. 2001-06-15 12:50:44 +00:00
wiz
0cc24e9a9f On note by kleink: Add primes.5 to crypto/dist/ssh instead of share/man/man5. 
Import state of 2001-06-14.
 2001-06-15 12:47:39 +00:00
itojun
82b8462ccf apply ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch. 
sshd(8) allows users to delete arbitrary files named "cookies"
       if X11 forwarding is enabled. X11 forwarding is disabled by
       default.
 2001-06-14 02:45:30 +00:00
itojun
f7528da67e make it compile with KRB4 and not with KRB5. from IIJ SEIL team 2001-06-14 02:42:31 +00:00
itojun
de1e278afa $NetBSD$ 2001-05-26 23:26:59 +00:00
itojun
c01f1862d6 prime table for OpenSSH, from OpenBSD etc/primes 2001-05-26 23:24:21 +00:00
itojun
5bb235dbab recover $NetBSD$ 2001-05-15 16:00:32 +00:00
itojun
f4532f2487 upgrade to openssh (openbsd usr.bin/ssh) 2.9, around 5/15/2001. 2001-05-15 15:26:07 +00:00
itojun
72af75e4ce OpenSSH 2.9 as of 2001/5/15 2001-05-15 15:02:20 +00:00
itojun
d9f67f8672 reduce amount of diff with openbsd usr.bin/ssh (for -Wall -Werror clean) 
so that we can get rid of local changes.

openssh side do not like static functions so put prototypes into each files
rather than making function static.
 2001-05-15 14:50:49 +00:00
onoe
c85f9c433b Do not discard input data from client for channels waiting for connection 
establishment.
 2001-05-08 03:02:35 +00:00
itojun
b7ab24621c do not attempt to pass null pointer to krb5 library. PR 12683 2001-04-17 12:27:37 +00:00
tron
517c969698 Fix possible core dump in "ssh-add". Patch supplied by Wolfgang Rupprecht 
in PR pkg/12669.
 2001-04-16 03:10:14 +00:00
itojun
374141fb16 duplicated calls to login_getclass. 
From: Jim Bernard <jbernard@mines.edu>
 2001-04-11 23:39:46 +00:00
itojun
8acc6b96b1 refer ~/.ssh/id_rsa{.pub,}. sync with openbsd usr.bin/ssh. 2001-04-10 09:15:49 +00:00
itojun
235b9f0c2f upgrade to openssh 2.5.4 (2001/4/10). 
major behavior changes: (made in openssh master tree - openbsd usr.bin/ssh)
- ssh(1) now defaults to ssh protocol version 2.
  if you want version 1 to take precedence, use /etc/ssh.conf to override.
- config change: ~/.ssh/id_rsa[12] is now ~/.ssh/id_rsa (changed 4/3)
- forced client rekey for protocol version 2 (~R)
- swap gid when uid swaps.
- ListenAddress syntax can take [foo]:port for IPv6 numerics.
- "ssh -D 1080" allows us to use ssh tunnel as SOCKS4 proxy.
 2001-04-10 08:07:54 +00:00
itojun
d5fbc62ac3 OpenSSH 2.5.4 as of 2001/04/10 2001-04-10 07:13:48 +00:00
wiz
18a4938209 Fix date. 2001-04-09 12:49:14 +00:00
lukem
315c0a92f9 if debugging (i.e, -v), use options.level instead of SYSLOG_LEVEL_INFO 
to the first call to log_init(), otherwise debug messages from config
file parsing won't appear. (this seems to have been broken in recent
versions of openssh)
 2001-04-02 03:53:36 +00:00
thorpej
6fe37483a3 Set the KRB5CCNAME envrironment variable in the child if we received 
forwarded Kerberos 5 credentials, so that the process that needs them
can actually find them.
 2001-03-28 03:31:52 +00:00
thorpej
8ab184566c When we receive forwarded Kerberos credentials, stuff them into 
a file credential cache (rather than a memory credential cache)
so that they're useful.
 2001-03-28 03:17:23 +00:00
thorpej
2651b336ba Somewhat crude hack to make Kerberos 5 credential forwarding work. 2001-03-28 03:02:51 +00:00
thorpej
2f7b0c6c27 Print useful Kerberos error messages. 2001-03-27 03:58:02 +00:00
simonb
08e4590096 Cast to (long long) when using "%lld" in a printf format. 2001-03-21 00:11:06 +00:00
itojun
37da3c3c3c sync with openssh 2.5.2 (from openbsd usr.bin/ssh, not from portable). 2001-03-19 20:03:24 +00:00
itojun
7617bcad07 OpenSSH 2.5.2 as of 3/19/2001, from openbsd usr.bin/ssh 2001-03-19 19:42:00 +00:00
joda
bee147163e simplify the krb5 code somewhat 2001-03-12 17:56:36 +00:00
thorpej
3fba4682aa Fix LP64 problem in Kerberos 5 TGT passing. 2001-03-09 06:28:30 +00:00
assar
e625c71295 add krb5 support to ssh/sshd. based on code initially from Daniel Kouril <kouril@informatics.muni.cz> and Björn Grönvall <bg@sics.se> 2001-03-04 00:41:27 +00:00
itojun
1317273fae sync up with 2.5.1. 
this fixes backward compatibility breakage against 1.2.18 - 1.2.22.
 2001-02-19 12:13:04 +00:00
itojun
10400c1d11 OpenSSH 2.5.1 as of 2001/2/19 2001-02-19 12:09:12 +00:00
itojun
c83dc32a4c sync up with 2.5.0. simulate echobacks, X11 display name check, sftp upgrdes. 2001-02-16 15:48:34 +00:00
itojun
f02c06e047 OpenSSH 2.5.0 as of 2001/2/17 2001-02-16 15:41:22 +00:00
itojun
72b00a4178 take the safest side, mandate rnd(4). 2001-02-14 04:46:58 +00:00
itojun
788df94479 update import date. 2001-02-14 01:22:02 +00:00
itojun
531a3ed838 sync with 2/14. 
openssh changes:
- SIGWINCH propagated correctly
- mitigate SSH1 traffic analysis
- sprintf -> snprintf and lots of other cleanups
netbsd local changes:
- include OpenBSD RCSID into binary again, which helps us diagnose later.
 2001-02-14 01:06:48 +00:00
itojun
da62f78331 OpenSSH 2.3.2 as of 2001/2/14 2001-02-14 00:53:01 +00:00
itojun
a7b1b8e49c make sure to zero-fill malloced region. sync with openbsd/usr.bin/ssh 2001-02-09 14:39:47 +00:00
itojun
19fb6ccf8d comment: function are named "arc4"foo just for easy porting. 2001-02-09 00:44:35 +00:00
itojun
e3045c89d8 sync with 2.3.2. 2001-02-08 19:02:14 +00:00
itojun
e5eae0162b OpenSSH 2.3.2 as of 2001/2/9 2001-02-08 18:55:32 +00:00
itojun
7f8fa38080 authentication mistake in SSHv2 + pubkey, from markus. 
REBUILD AND RESTART SSHD NOW.
(vulnerability window for netbsd-current - < 48hours)
 2001-02-08 18:17:24 +00:00
itojun
fbfaba7e44 %30s is too short for IPv6 addrssses. 2001-02-08 10:08:53 +00:00
itojun
54bdd08634 fix size_t -> int cast. need checking with alpha... 2001-02-07 18:05:23 +00:00
itojun
3614dcc87c unsigned long long -> %llu, not %qd 2001-02-07 18:01:30 +00:00
itojun
31c0f02be2 update date string 2001-02-07 17:07:07 +00:00
itojun
1f5cfca3e6 sync crypto/dist/ssh with re-importorted tree. try to minimize diffs 
with openssh tree to ease future upgrade.  re-do local changes, including:
- prototype pedants
- IgnoreRootRhosts
- login.conf user validation
some of the local changes that weren't used are omitted for now.  we may
need to revisit those afterwards.

it adds "sftp".
 2001-02-07 17:05:31 +00:00
itojun
9d3aa44a65 OpenSSH 2.3.1 as of 2001/2/8 2001-02-07 16:46:40 +00:00
jdolecek
f17efc018b complete the paragraph about HostKey directive, reword slighly 2001-01-24 22:59:11 +00:00
itojun
6530b069f5 fix to PR 11320 (ssh-askpass gets invoked forever if we don't have 
control terminal).  from markus@openbsd
 2001-01-21 02:44:05 +00:00
hubertf
cbd751b376 Sync with localsrc: The default is "ForwardX11 no". 2001-01-20 03:38:19 +00:00
itojun
096913193b disable s/key authentication request (from client) by default, to prevent 
confusing fake s/key challenge to show up.
per recent discussion on tech-userlevel.
 2001-01-18 13:37:17 +00:00
itojun
f08806ada3 fix printf format for u_int64_t 2001-01-17 11:35:38 +00:00
simonb
3cc4829557 Fix printf format with sizeof(). 2001-01-16 02:20:19 +00:00
toshii
a230982a45 Catch up with sshd config file entry changes. 
Now we need to explicitly set DSA key location to use protocol version 2.
 2001-01-15 06:13:08 +00:00
itojun
a98ee796df $NetBSD$ 2001-01-14 05:28:01 +00:00
itojun
a0f7a7d829 crypto/dist/ssh: resolve conflicts with 2.3.0/20010105. 
usr.bin/ssh: add ssh-keyscan and sftp-server into SUBDIR.
 2001-01-14 05:22:31 +00:00
itojun
bfbf0e0d31 NetBSD Secure Shell, based on OpenSSH 2.3.0 around 1/5/2001 2001-01-14 04:49:51 +00:00
mycroft
feb89c799a Add a COMPATIBILITY section, mentioning the lossage with IDEA-encrypted keys. 2001-01-07 20:48:06 +00:00
itojun
cbf1717a72 do not allow outsider from injecting syslog entry anonymously. 
log peer's ip address instead.
openbsd PR 1600.
 2001-01-05 06:33:36 +00:00
lukem
f819878ce7 use more standard %ll_ in favour of %q_ 2001-01-04 15:39:50 +00:00
toshii
3a0975845b Enable TCP_NODELAY socket option also for interactive IPv6 connections. 
TCP_NODELAY isn't IPv4 only.
 2000-12-30 14:54:38 +00:00
mason
18a6237381 s/usefull/useful/ 2000-11-20 06:42:05 +00:00
itojun
40ad5fc4c1 correct validation on X11 forwarding. from markus@openbsd 2000-11-13 02:30:38 +00:00
is
d2b5345f10 When forwarding a connection, use the right descriptor to get IP options. 
Fixes PR 11261 my Michael Eriksson, using his patch.
 2000-11-07 16:06:24 +00:00
christos
392621627b always attempt to canonicalize hostnames, not only when the hostname 
does not contain a dot.
 2000-11-05 20:09:08 +00:00
mason
43bcdca61e Apply the following: 
-       static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+       static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;

...so that large packets do not wrap "n".
 2000-10-30 18:58:37 +00:00