itojun
4752a4465b
discourage the use of aggressive mode for identity disclosure.
2002-10-18 14:34:04 +00:00
manu
a2e26d6e11
back out the previous change. We really don't want to enable login on a
...
mode 666 tty.
In order to use sshd logins with a read-only /dev, the administrator has to
make the tty mode 600 root/wheel before the partition gets read-only.
2002-10-15 15:33:04 +00:00
manu
9dc3c4ee08
Re-allow connection when /dev is read-only, and the tty is owned by the
...
user or owned by root.
2002-10-15 15:19:02 +00:00
itojun
173446ddd0
use cast to unsigned long long, instead of PRIu64
...
(to make it easier to move the change back to main openssh distribution)
2002-10-04 02:22:05 +00:00
petrov
31b9b01a31
use PRIu64 for u_int64_t.
2002-10-03 07:41:10 +00:00
elric
f07ce00ec5
Turn on strict alignment #define's, because racoon reliably core
...
dumps on machines which require strict alignment such as sparc64.
2002-10-02 17:53:11 +00:00
itojun
ef7d24574a
upgrade to openssh 3.5. major changes include:
...
- krb4/5 support for privsep (krb5 diff was already applied)
includes fake implementaation of getpeereid() from openssh-portable, which
does nothing useful - need improvement.
2002-10-01 14:07:26 +00:00
itojun
604e45f4cd
OpenSSH 3.5 as of Oct 1, 2002
2002-10-01 13:39:55 +00:00
elric
75bc91b4e4
Changed documentation of the default setting for PermitRootLogin
...
to ``no'', to match our actual default setting.
Addresses PR: bin/18445
2002-09-28 15:07:33 +00:00
itojun
5431e7941f
tweak the example $HOME/.ssh/rc script to not show on any cmdline the
...
sensitive data it handles. This fixes bug # 402 as reported by
kolya@mit.edu (Nickolai Zeldovich).
2002-09-25 03:43:19 +00:00
mycroft
1268ff2729
select() -> poll()
2002-09-20 22:16:02 +00:00
mycroft
c83fcd876c
select() -> poll()
2002-09-20 22:05:59 +00:00
mycroft
016f903642
select() -> poll()
2002-09-20 21:48:58 +00:00
mycroft
ee48615074
select() -> poll()
2002-09-20 21:34:31 +00:00
joda
ee1dfded94
change unconfigured error code back to ENXIO
2002-09-19 19:48:33 +00:00
joda
7417b5942f
de-__P and comment out all parameter names
2002-09-19 19:22:53 +00:00
itojun
17e856961c
don't quit while creating X11 listening socket.
...
address (first) problem described in
http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
2002-09-17 06:26:18 +00:00
thorpej
f603ddfaad
__RCSID is not a portable macro to be using in a host tool (which
...
these files are). As a short-term work-around, only use it if it
is defined. A better solution will be worked out with the Heimdal
folks later.
Fixes building these host tools on Solaris 8.
2002-09-13 19:09:00 +00:00
joda
72be5e0769
invert detach flag to match previous NetBSD behaviour
2002-09-12 17:16:38 +00:00
joda
cae4f88ee0
kill some warnings
2002-09-12 15:35:02 +00:00
joda
2c3a59b23a
krb5_socklen_t and krb5_ssize_t should not go here
2002-09-12 14:52:33 +00:00
joda
91f0927074
make this actually do something
2002-09-12 14:12:18 +00:00
joda
58cc4c1950
alias dns functions so we don't have to bump major
2002-09-12 14:10:25 +00:00
joda
da086653ff
resolve import conflicts
2002-09-12 13:18:49 +00:00
joda
0444766465
import heimdal 0.5
2002-09-12 12:41:31 +00:00
joda
5146dc79e7
import helper
2002-09-12 12:35:03 +00:00
joda
3cc6c8c775
resolve import conflicts
2002-09-12 12:33:10 +00:00
joda
cfa4cd31bb
import krb4 1.2
2002-09-12 12:22:01 +00:00
itojun
32e004f92a
kerberos support w/ privsep. confirmed to work by lha@stacken.kth.se
2002-09-09 06:45:17 +00:00
itojun
42ebaa698b
don't touch free'ed memory. From: wang.zhong3@zte.com.cn, sync w/kame
2002-09-03 14:38:13 +00:00
itojun
2b9b8f5bd3
reduce #ifdef related to OPENSSLDIR - we want it be static
2002-09-01 11:38:34 +00:00
itojun
50d422c24f
e_os.h is not part of exported openssl interface, so don't install it into
...
/usr/include/openssl (e_os.h has an explicit comment about it). it obviously
is a bug in openssl 0.9.6 Makefile.
based on openssl 0.9.7 snapshot.
2002-08-31 10:46:36 +00:00
itojun
e1754c22c2
if () statement error. From: Krister Walfridsson <cato@df.lth.se>
...
(not compiled) sync w/kame
2002-08-31 07:56:14 +00:00
itojun
7049b3bdab
blank commit to force rebuild of krb.h
2002-08-29 14:34:11 +00:00
itojun
f613969b8a
somehow main trunk was not in sync with 0.9.6f for this file. noted by havard.
2002-08-28 23:10:30 +00:00
itojun
bcb0cf6929
tighten isakmp header length validation. from kame
2002-08-28 04:44:04 +00:00
wiz
b57bfa3f73
Drop superfluous Ns, sort sections.
2002-08-20 16:05:46 +00:00
wiz
4f40f42275
Remove superfluous Ns, drop trailing whitespace, fix a Xr, don't let lines
...
get longer than 80 characters.
2002-08-20 16:04:13 +00:00
wiz
2610a5c4d8
Remove superfluous Ns; while here, remove trailing whitespace and fix a
...
punctuation problem.
2002-08-20 15:59:37 +00:00
wiz
158398c921
Fix Ns abuse.
2002-08-20 15:32:12 +00:00
wiz
9bf08abfd4
Remove some unnecessary .Ns and trailing whitespace.
2002-08-20 15:24:38 +00:00
itojun
a6315c15ad
utmpx.ut_id is required.
...
PR 17998 with slight modification (deal with ttyname shorter than 4)
2002-08-20 07:42:53 +00:00
itojun
1146a80999
more NO_xx cleanup. can't catch these by openssl-unifdef.pl
2002-08-17 21:41:59 +00:00
itojun
08597903ce
sync with 0.9.6g
2002-08-09 15:58:46 +00:00
itojun
5eb341dcb6
openssl 0.9.6g, build framework fixes
2002-08-09 15:45:08 +00:00
itojun
182c0b6e08
sync with 0.9.6f. prevents DoS attack and regen of manpages.
2002-08-08 23:47:34 +00:00
itojun
f5e63fe4c2
openssl 0.9.6f, with security fixes
2002-08-08 23:14:54 +00:00
itojun
7bab20a582
bitmask operation audit (s/&&/&/). from openbsd
2002-08-08 15:12:09 +00:00
itojun
e8859ea868
remove files mistakenly shipped with openssl 0.9.6e.
...
(it won't affect the build)
2002-08-05 11:21:29 +00:00
itojun
85c4496982
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831422608153&w=2
...
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
Alon Kantor <alonk@checkpoint.com> (and others),
Steve Henson]
(critical)
2002-08-03 12:56:23 +00:00
itojun
e7f66af2b2
fix incorrect overrun check.
...
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831516309127&w=2
(thank todd!)
2002-08-02 23:09:03 +00:00
itojun
d103e0b575
plug memory leak. from ebisawa@iij. sync w/kame
2002-07-31 07:01:26 +00:00
itojun
ef920a0913
sync with 0.9.6e.
2002-07-31 01:29:37 +00:00
itojun
25e766824a
OpenSSL 0.9.6e. includes major security fixes (already applied)
2002-07-30 23:57:34 +00:00
itojun
e9316c8858
apply patch supplied with OpenSSL Security Advisory [30 July 2002]
...
advisory 1: four potentially remotely-exploitable vulnerability in
SSL2/SSL3 code
advisory 2: ASN1 parser vulnerability (all SSL/TLS apps affected)
2002-07-30 12:55:08 +00:00
christos
3fd219f644
add utmpx support.
2002-07-28 23:43:33 +00:00
grant
6742cb1812
sweep of errx/warnx, remove unnecessary trailing \n
2002-07-20 08:36:17 +00:00
itojun
24ef72afbf
print connect failure on debugging mode. sync w/openbsd
2002-07-12 13:28:36 +00:00
wiz
4b20971f01
Spell acquire with a 'c'.
2002-07-10 23:16:32 +00:00
itojun
bdfa549223
bark if all connection attemp fails. sync w/openbsd
2002-07-10 10:28:00 +00:00
itojun
92b7524e7d
silently connect(2) to next address. sync w/openbsd
2002-07-09 12:04:10 +00:00
itojun
a2a47b15ce
don't warn even if reverse lookup fails. sync w/openbsd
2002-07-09 12:03:54 +00:00
itojun
9a2478a3b0
/var/empty -> /var/chroot/sshd. PR 17519
2002-07-08 14:39:53 +00:00
itojun
968294e218
>make ssh-keysign read /etc/ssh/ssh_config
...
>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@
sync w/openbsd
2002-07-03 14:23:13 +00:00
itojun
92ea28e291
>for compression=yes, we fallback to no-compression if the server does
...
>not support compression, vice versa for compression=no. ok mouring@
sync w/openbsd
2002-07-03 10:07:48 +00:00
itojun
673c1a7ac1
>use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
...
>in order to avoid a possible Kocher timing attack pointed out by Charles
>Hannum; ok provos@
2002-07-03 10:06:39 +00:00
itojun
c28e7ac1f6
correct signed/unsigned mixup; openbsd
2002-07-03 10:05:58 +00:00
itojun
8d3378688a
pednatic check on command line args. correct signed/unsigned mixup.
...
sync w/ openbsd
2002-07-01 06:17:11 +00:00
itojun
84559971ee
make use of xfree() consistent. from openbsd
2002-07-01 05:56:45 +00:00
itojun
11792b93b1
don't use freed memory. sync w/openbsd
2002-07-01 05:54:03 +00:00
itojun
5bdd56b128
sync with 3.4
2002-06-26 14:08:29 +00:00
itojun
b8f8e01057
OpenSSH 3.4 around 2002/6/26.
...
most significant change:
>make sure # of response matches # of queries, fixes int overflow; from ISS
as we have already enabled privsep by default, we should have been safe.
2002-06-26 14:02:54 +00:00
itojun
603dca2ed2
sync whitespace w/ openbsd tree
2002-06-24 15:47:25 +00:00
itojun
bc7b65a647
don't lose information while we cast
2002-06-24 15:46:34 +00:00
agc
7d6a7caf6a
Cast arguments so that this file will compile on less forgiving architectures
...
like arm32.
2002-06-24 15:32:58 +00:00
itojun
3ea946f134
sync with openssh 3.3.
...
local mods included to make it compile with openssl 0.9.6d.
2002-06-24 05:48:24 +00:00
itojun
3dfc6702ef
clean ssh-keysign build dir before import.
2002-06-24 05:45:17 +00:00
itojun
9486e6fd01
it shouldn't be imported
2002-06-24 05:28:32 +00:00
itojun
b5222aff66
OpenSSH 3.3 as of June 24, 2002.
...
- ssh is no longer seruid root. ssh-keyscan is added to read secret host keys.
protocol version 1 rsh-like authentication is gone.
- FallBackToRsh is deprecated.
2002-06-24 05:25:39 +00:00
wiz
c650ef5756
Remove (commented out) krb_equiv(3) reference, suggested by joda.
2002-06-13 11:19:48 +00:00
wiz
d844f0d7b1
Fix Xrefs.
2002-06-13 00:15:09 +00:00
wiz
78c59017cc
Remove photurisd reference.
2002-06-13 00:14:26 +00:00
wiz
8def406232
Comment out Xref to krb_equiv(3), which does not exist.
2002-06-13 00:09:06 +00:00
itojun
b745604c00
sync sockaddr_ntop with latest openssh (minor change)
2002-06-09 22:22:55 +00:00
itojun
7c75b5ec2f
sync with 0.9.6d. shlib minor for libssl and libcrypto
...
is cranked for additional functions.
2002-06-09 16:12:52 +00:00
itojun
7720435b28
openssl 0.9.6d
2002-06-09 15:21:32 +00:00
itojun
f0231f96aa
do not propose IDEA cipher on SSL connection, as our default installation
...
does not handle IDEA.
TODO: dynamically enable IDEA if libcrypto_idea is linked
2002-06-09 02:16:18 +00:00
itojun
be5f1d082c
use getnameinfo on diag printing. sync w/openssh in openbsd
2002-06-08 21:17:57 +00:00
itojun
e67961b545
check sshd uid/chroot dir on UsePrivilegeSeparation mode, and die if they
...
do not exist. sync w/openssh
2002-05-29 23:54:29 +00:00
itojun
a5c3041a1b
bump date for rhosts auth fix
2002-05-27 13:45:40 +00:00
itojun
b274d69ad0
correct rhosts authentication. should fix PR 17023
2002-05-27 13:45:17 +00:00
itojun
a46557038c
now arc4random is in libc, we don't need to supply local version
2002-05-25 00:29:52 +00:00
itojun
a0da78395e
correct sha2 interoperability. From: "JuanJo Ciarlante" <jjo@mendoza.gov.ar>
2002-05-20 13:12:45 +00:00
itojun
e26b1052bb
use /var/chroot/sshd instead of /var/empty. suggested by christos
2002-05-16 20:59:35 +00:00
itojun
f47caddaf3
turn on privilege separation, as 3.2.1 default do.
...
requires sshd uid/gid as well as /var/empty directory.
2002-05-14 23:33:07 +00:00
itojun
ca89359407
sync with 3.2.1 as of 5/13.
...
NOTE: privilege separation is turned off by default
as it seems there still are issues with setsid().
2002-05-13 02:58:17 +00:00
itojun
24255a6a60
OpenSSH 3.2.1 as of 2002/5/13
2002-05-13 02:28:40 +00:00
itojun
c68a2428ba
correct handling of "unique" policy. bump version to 20020507
...
(corresponds to filename in ftp://ftp.kame.net/pub/kame).
2002-05-13 02:10:34 +00:00
itojun
c0fa39f338
correct plogv().
2002-05-07 08:58:32 +00:00
lukem
244b762de1
Complete the conversion back to the OpenSSH default configuration files of
...
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).
etc/postinstall will detect this, and if "fix" is given, rename the files.
2002-04-29 08:23:34 +00:00
itojun
812e154ef2
netbsd uses EXIT STATUS, not RETURN VALUES, for commands
2002-04-26 02:48:54 +00:00
wiz
77e1048dc4
Whitespace fixes, use standard headers, RCS police.
2002-04-26 02:33:00 +00:00
wiz
8366b5d7de
Sort sections and SEE ALSO, add NetBSD tag.
2002-04-26 02:31:10 +00:00
itojun
cd1e16de59
upgrade to KAME racoon as of 2002/4/26.
...
file descriptor leak fix.
null encryption algorithm key length fix (should use 0).
couple of null-pointer reference fixes.
set port # to 500 in ID payload (possible interop issue - spec is unclear).
correctly match address pair on informational exchange
2002-04-26 02:25:13 +00:00
itojun
b4df5a033c
KAME racoon as of 2002/4/26
2002-04-26 02:16:38 +00:00
itojun
936168b29d
correct afs/kerberos token-passing. notified by markus@openbsd
2002-04-24 01:48:04 +00:00
itojun
34b40b030e
sync with openssh 3.2 as of 2002/4/22.
...
- privilege separation
- afs/kerberos auth security issue fixed
2002-04-22 07:59:35 +00:00
itojun
ff10d69ea5
OpenSSH 3.2 as of 2002/4/22. bring in sys/sys/tree.h
2002-04-22 07:47:47 +00:00
itojun
f597d4ec88
OpenSSH 3.2 as of 2002/4/22. fixes issues with AFS/kerberos auth
2002-04-22 07:35:39 +00:00
bjh21
f7136b499f
Remove .cvsignore files.
...
<URL:http://www.netbsd.org/developers/cvs-repos/notes.html#cvsignore >
2002-04-04 17:07:06 +00:00
itojun
abe35ee7d1
correct initial contact payload handling. PR 15949. sync with kame
2002-03-29 01:18:08 +00:00
itojun
16bd2c3983
handle RTM_NEWADDR correctly. PR 15693. sync w/kame
2002-03-22 03:58:43 +00:00
reinoud
1c9c09e3be
Simple file static function had wrong function definition :
...
-find_etype(hdb_entry *princ, unsigned *etypes, unsigned len,
+find_etype(hdb_entry *princ, krb5_enctype *etypes, unsigned len,
In the Acorn32 port an enum doesn't have to be unsigned (!) int's ... but
can also be a byte/char sized var.
2002-03-21 21:02:16 +00:00
bjh21
24460e83d2
Actually use the 8003 patch joda applied upstream, rather than the one I sent
...
him (oops).
2002-03-18 19:16:04 +00:00
bjh21
4284d720b1
CKSUMTYPE needs to include 0x8003, since some things use that.
...
Approved by joda and committed upstream.
2002-03-18 19:07:49 +00:00
itojun
0a2445c3b6
move sshd config files to /etc/ssh
2002-03-11 04:57:55 +00:00
sommerfeld
68c304f103
Fix several LL128 format string mismatches with a chainsaw.
...
%llu is "unsigned long long", not "uint64_t"; the former can be 128
bits on LP64 systems.
2002-03-09 15:03:33 +00:00
itojun
9d597e40f3
printf type mismatch.
2002-03-08 06:03:21 +00:00
itojun
295a85a1c9
sync better with reality (LoginGraceTime)
2002-03-08 02:18:11 +00:00
itojun
af34a358ff
sync w/ 3.1 as of 2002/3/8. configuration file directory is still /etc
...
(openbsd usr.bin/ssh is using /etc/ssh)
2002-03-08 02:00:50 +00:00
itojun
797a097779
OpenSSH 3.1 as of 2002/3/8. plugs off-by-one security hole
2002-03-08 01:20:24 +00:00
tron
9097d36b33
Fix off by one error described in "PINE-CERT-20020301" advisory.
2002-03-07 16:02:22 +00:00
wiz
a50cd7c5cd
Add SYNOPSIS.
2002-03-06 14:25:42 +00:00
itojun
e4446468a6
s/IPSec/IPsec/.
2002-03-06 00:21:36 +00:00
joda
a8d19a98fc
don't try to use the krb5 context if the init fails; should fix
...
bin/15585
2002-02-26 11:16:08 +00:00
bjh21
4845a9458f
Rather than assuming that -1 is a valid value for a LogLevel or LogFacility,
...
explicitly declare SYSLOG_LEVEL_NOT_SET and SYSLOG_FACILITY_NOT_SET and use
those instead.
This is necessary for -fshort-enums platforms, and corresponds to the
following OpenBSD revisions:
log.c 1.21
log.h 1.5
readconf.c 1.95
servconf.c 1.53
2002-02-10 16:23:33 +00:00
bjh21
57a0815fae
Clean up the distinction between krb5_enctype and int, and between
...
krb5_key_usage and unsigned. These patches are necessary for
platforms with short enums, and should already be in Heimdal CVS.
2002-02-10 15:31:18 +00:00
joda
8dd8e58e76
import heimdal rev 1.42: we have to create our own param struct before
...
marshaling (fixes bin/15520)
2002-02-08 18:35:30 +00:00
simonb
f6d51843ea
Mirror 32-bit alignment change in crypto/dist/heimdal/lib/roken/resolve.c.
2002-01-08 03:27:59 +00:00
thorpej
5f9568a12e
Make sure the state array passed to initstate(3) is 32-bit aligned,
...
as that is how it is accessed within the random(3) suite of routines.
2002-01-08 02:15:24 +00:00
thorpej
19a95cad9c
Fix warnings generated by gcc 3.1.
2001-12-31 20:09:53 +00:00
explorer
ad08960f5c
When calling krb5_verify_user(), we must restore root's uid, since it will need to read /etc/krb5.keytab.
2001-12-19 10:28:47 +00:00
he
a18ce029f6
Deal with lossage caused by the addition of the netbsd-1-5 branch tag
...
to these files.
Apparently, the "magic" which causes the latest version on the
vendor branch to appear at the head in the repository broke when
the netbsd-1-5 tag was added. Thus, merge in the lost revisions from
the vendor tag to work around this.
2001-12-13 15:53:54 +00:00
itojun
e2970b134f
sync with openbsd/remove variable name from prototype
2001-12-12 17:24:46 +00:00
itojun
684138909c
fix constness difference in prototype and func def.
2001-12-12 17:16:16 +00:00
itojun
718900f830
sync with 3.0.2
2001-12-06 03:54:04 +00:00
itojun
d97f5d9481
OpenSSH 3.0.2 as of 2001/12/06. fixes environment variable passing in UseLogin=yes
2001-12-06 03:46:04 +00:00
wiz
b4371d47f5
Replace some misuses of "then" with "than".
2001-12-04 17:56:30 +00:00
thorpej
cce3152281
Deal with an LP64 printf format issue.
2001-11-30 00:46:36 +00:00
itojun
d4b3b8bf82
update version date to 20011127
2001-11-27 04:16:08 +00:00
itojun
f7146cb367
resolve one more conflict
2001-11-27 04:11:23 +00:00
itojun
ce0e2b2976
resolve conflicts on 3.0.1 import
2001-11-27 04:10:22 +00:00
itojun
c0c77d470a
OpenSSH 3.0.1 as of 2001/11/27. minor bugfixes only.
2001-11-27 04:03:44 +00:00
wiz
8c1a59d37e
Drop .Os argument, and sort sections.
2001-11-23 08:20:48 +00:00
gmcgarry
1ea6bbe92f
- include LIBRARY section
...
- reference the correct location of the header file
- remove irrelevant BUGS section
- spelling fixes
Note: this man page only documents the Kerberos 4 interface; the
krb5 interface remains undocumented.
2001-11-23 07:35:19 +00:00
gmcgarry
1510317819
Spelling fix.
2001-11-21 20:30:09 +00:00
wiz
1fd7eeefcd
"than" instead of "then".
2001-11-21 19:14:19 +00:00
wiz
a984ffbe34
less than, not then, and re-established, not re-estabished
2001-11-21 19:11:44 +00:00
wiz
1f1e26bd6d
Presence looks better with a 'c' instead of an 's'.
2001-11-21 19:01:31 +00:00
wiz
78ade3c6d9
Use standard headers, and a whitespace nit.
2001-11-21 10:46:23 +00:00