Commit Graph

92 Commits

Author SHA1 Message Date
assar
2eabd5aae0 (tf_create): remove the overwriting of the old ticket file 2000-12-09 00:53:52 +00:00
assar
71d1fbbd25 (kdc_reply_cipher): fix buffer over-run 2000-12-09 00:53:21 +00:00
assar
a32b774256 remove (obsolete) support for environment variables. 2000-12-09 00:51:46 +00:00
thorpej
ecf24d1394 Use getifaddrs() if HAVE_GETIFADDRS is defined. 2000-12-03 20:21:03 +00:00
thorpej
074a0c939d In krb5_sendto(), try the send/recv *inside* the loop through the
addinfos, so that e.g. if we fail to connect with an IPv6 address,
we can fall back onto an IPv4 address.
2000-12-02 01:53:08 +00:00
fvdl
c9366a8efe Fix reversed test. 2000-11-20 14:08:12 +00:00
mason
18a6237381 s/usefull/useful/ 2000-11-20 06:42:05 +00:00
itojun
40ad5fc4c1 correct validation on X11 forwarding. from markus@openbsd 2000-11-13 02:30:38 +00:00
joda
25f03b52f9 remove extra .Xc 2000-11-12 15:40:19 +00:00
is
d2b5345f10 When forwarding a connection, use the right descriptor to get IP options.
Fixes PR 11261 my Michael Eriksson, using his patch.
2000-11-07 16:06:24 +00:00
fvdl
e22c13589c Make gss_acquire_cred actually work. Add a ccache member to the id_t struct
to store alternate creds, retrieved from a keytab. Make gss_init_sec_context
work with creds != GSS_C_NO_CREDENTIAL. Free ccache in id_t in release_cred.
2000-11-06 15:06:51 +00:00
christos
392621627b always attempt to canonicalize hostnames, not only when the hostname
does not contain a dot.
2000-11-05 20:09:08 +00:00
mason
43bcdca61e Apply the following:
-       static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+       static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;

...so that large packets do not wrap "n".
2000-10-30 18:58:37 +00:00
veego
923459b8ef Print a newline after 'You entered the wrong passphrase.' 2000-10-29 08:55:59 +00:00
itojun
f3f11aec78 make version identification string conform to SSH version string format.
version format must be like:
	SSH-[0-9]*.[0-9]*-[^-]*( .*)?
and previous string did not conform to the requirement (too many hyphens).
based on comment from markus@openbsd (openssh maintainer)
2000-10-28 13:41:55 +00:00
joda
4b39e2fe3f fix v4 fallback lifetime calculation 2000-10-27 14:44:08 +00:00
simonb
dc0fe34aa7 Reduce swap_bytes() to a non-alignment dependent implementation - some
calls to swap_bytes() do indeed have non-aligned sources and destinations.
Fixes unaligned access problems on alpha and probably some of our other
architectures.
2000-10-23 11:40:55 +00:00
mycroft
968a585ab4 Fix formatting error. 2000-10-20 18:01:26 +00:00
martin
6a12425bca We have renamed the configuration file, adapt the documentation. 2000-10-20 12:40:34 +00:00
bouyer
e33acbd7b7 Correct printf format (used with integers, not longs). 2000-10-19 15:10:33 +00:00
taca
c011ac8db6 - Correct missing closedir(3) in SSL_add_dir_cert_subjects_to_stack().
This should be fix the bug that apache enabled SSL may exhaust its
  file descriptors.  Noted by TAKANO Yuji <takachan@running-dog.net>
  on apache@ecc.u-tokyo.ac.jp, apache mailing list in Japanese.

  He had already sent a bug report to openssl-dev@openssl.org, but it
  wasn't fixed in openssl-0.9.6.  :-(
2000-10-13 01:47:27 +00:00
itojun
b5c4933a2d printf format pedant. (size_t -> u_long). 2000-10-10 13:14:55 +00:00
is
612e4c298a define DES_LONG in time to be used by later header files. 2000-10-08 18:42:03 +00:00
is
7db764779b Format string cleanup by sommerfeld. 2000-10-08 18:40:08 +00:00
itojun
a001cd4e77 exit 0 on success, 1 on error 2000-10-06 06:21:16 +00:00
sommerfeld
dc3402136b Constify variables containing format strings 2000-10-05 14:32:50 +00:00
sommerfeld
37146bcc18 format checking for internal functions 2000-10-05 14:17:12 +00:00
sommerfeld
29dec280ee format checking for internal function 2000-10-05 14:16:10 +00:00
sommerfeld
8b2d1fefd2 Miscellaneous format string safety improvements 2000-10-05 14:09:07 +00:00
simonb
6fe5a2b27e Return failure in krb_get_lrealm() if no config files are found, rather
than then searching for a default realm.

Fixes PR lib/11010 from David Brownlee.  Patch from Jason Thorpe.
2000-10-04 04:08:30 +00:00
itojun
37a8d23037 improve error message on rnd(4) failure. the old text made reference
to ssl(4), which is openssl specific (talks about plugin RSA library).
2000-10-04 03:43:57 +00:00
itojun
18e8d6decc do not loop forever 2000-10-03 15:07:14 +00:00
itojun
42e4adfd95 make it useful as test (exit 0 if successful) 2000-10-03 14:45:36 +00:00
lukem
8e1c87ce80 - implement IgnoreRootRhosts. if set, ignores ~root/.[rs]hosts. defaults to
the value of IgnoreRhosts.  with `IgnoreRhosts yes' and `IgnoreRootRhosts no'
  you get similar behaviour to the `-l' flag on rshd(8).  this is based on
  similar modification i made which appeared in ssh 1.2.27 (?)
- document that IgnoreRhosts now doesn't apply to root.
- clarify that /etc/s?hosts.equiv doesn't apply to root (it didn't before
  my modification either).
- crank the version to 20001003
2000-10-03 09:56:38 +00:00
itojun
0b86bc5a1c nuke #define for changing variable size (affects ABI). 2000-10-03 04:00:19 +00:00
itojun
169eefc02f move rc5/idea dummy functions from crypto/dist/openssl/crypto to lib/libcrypto.
they are not part of the openssl distribution.
suggested by thorpej.
2000-10-01 22:17:59 +00:00
itojun
9c7b3bf3d5 nuke all NO_<algorithm name> in header file. they change ABI due to
#ifdef in struct/union definitions, and are bad for us shipping library binary.
2000-10-01 22:13:14 +00:00
itojun
563bf184ad improve abort message, when RC5/IDEA in libcrypto (dummy) is called. 2000-09-30 14:29:16 +00:00
itojun
e5e807d114 always compile RSA into libcrypto.
MKCRYPTO disables the whole crypto tree, and in that case,
we will not have RSA (nor libcrypto) with us.
2000-09-30 12:21:51 +00:00
itojun
bc22f284e4 we always build idea/rc5 (dummy, though). 2000-09-30 00:30:25 +00:00
itojun
8d26d03189 repair openssl (libcrypto) for non-32bit architecture.
don't use unsigned long where 32bit unsigned variable is asked for.
use u_int32_t.  (not sure if uint32_t is better or not, but anyway,
u_int32_t <-> uint32_t should not raise binary compatibility issue)
PR10921.

TODO: have arch-dependent Makefiles where we supply -DFOO for optimization.
(do not change size of variable though)

XXX: we should actually nuke all other #ifdef in /usr/include/openssl/*.h,
however, that needs a lot of work and will make future openssl upgrade harder.

remove RC5 and IDEA by default.  build them separately as
libcrypto_{rc5,idea}.a.  put dummy function, which is "warning to stderr
and exit(1)".  NOCRYPTO_{RC5,IDEA} are obsoleted.
PR10883.
2000-09-30 00:23:28 +00:00
thorpej
49a55a1d58 Import NetBSD Secure Shell. This is based on OpenSSH, but modified
somewhat.
2000-09-28 22:09:28 +00:00
fvdl
fb9657047a Add support for running kpasswdd from inetd. Active if INETD_SUPPORT
is defined. In either case, kpasswdd will continue to work from
the commandline as usual.
2000-09-13 11:29:26 +00:00
joda
7bc28b6591 add manpage for kadmin 2000-09-10 19:45:04 +00:00
joda
5ab344e414 add a, somewhat terse, kerberos overview manpage 2000-09-10 19:34:49 +00:00
joda
0acd5e96a9 move config and log files out of /var/heimdal 2000-09-10 19:29:44 +00:00
assar
38f9bead65 fix bad mdoc markup. closed PR/10854 2000-08-20 10:36:40 +00:00
fvdl
d2cc354307 Fix example: lib_defaults -> libdefaults, default_domain -> default_realm 2000-08-15 17:22:45 +00:00
thorpej
dafbb1e2ea - Reference count MCC IDs, and garbage-collect them in destroy if
the ref count is 0, and in close if the ref count is 0 and the
  ID is dead (i.e. has been previously destroyed).
- Don't use temp files to generate unique MCC names; use ASCII
  representations of pointers to the malloc'd IDs, which is
  unique enough for our purposes.
- Dead IDs cause an ENOENT error, as would a dead FCC ID.

Per discussion w/ Johan Danielsson <joda@pdc.kth.se>.
2000-08-10 18:58:59 +00:00
thorpej
7dd4170cf5 Fix typos in some #if 0'd code. 2000-08-10 16:18:00 +00:00