Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
176,148 Commits 606 Branches 0 Tags 3.1 GiB
c1e7a459ca
Commit Graph

1310 Commits

Author SHA1 Message Date
vanhu
b5ae261d16 Generates a log if cert validation has been disabled by configuration 2008-03-06 17:00:03 +00:00
manu
b6b6316484 From Cyrus Rahman <crahman@gmail.com> 
privilegied instance exit when unprivilegied one terminates. Save PID in real root, not in chroot
 2008-03-06 04:29:20 +00:00
mgrooms
1e1f81eb1d Add the ability to initiate IPsec SA negotiations using the admin socket. 
Submitted by Timo Teras.
 2008-03-06 00:46:04 +00:00
mgrooms
3fd729ad89 Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras. 2008-03-06 00:34:11 +00:00
mgrooms
089a95fdcd Refactor admin socket event protocol to be less error prone. Backwards 
compatibility is provided. Submitted by Timmo Teras.
 2008-03-06 00:34:10 +00:00
mgrooms
5e5c5d5011 Properly initialize the unity network struct to prevent erroneous protocol 
and port info from being transmitted.
 2008-03-05 22:27:50 +00:00
mgrooms
f771df75b3 Reload SPD on SIGHUP or adminport reload. Also provide better handling for 
pfkey socket read errors. Submitted by Timo Teras.
 2008-03-05 22:09:44 +00:00
manu
5ae99b01fd Missing entries for last changes 2008-02-25 20:14:05 +00:00
manu
6ee9ace370 From Brian Haley <brian.haley@hp.com> 
There's a cut/paste error in cmp_aproppair_i(), it's supposed to be
checking spi_size but it's not.  I'm not sure this patch is correct, but
what's there isn't either.
 2008-02-25 20:06:55 +00:00
manu
ebc590d76a Fix address length, from Brian Haley 2008-02-22 18:50:03 +00:00
matt
2bbccfb905 yyparse returns int, not void. 2008-02-16 18:29:39 +00:00
spz
a91c432416 closes PR bin/37644 
did not meet violent opposition ( :) ) on ipsec-tools-devel
 2008-02-10 12:11:08 +00:00
christos
8a85bb4332 remove Protocol=2 line; from Jukka Salmi 2008-01-28 13:57:02 +00:00
tls
4781622c25 CRIOGET is gone. Saves one ioctl per session. 2008-01-26 20:46:21 +00:00
tls
9675caff5e Some minor opencrypto fixes, one with a major performance impact for 
OpenSSL:

1) Fix extremely misleading text in crypto.4 manual page so it does not
   appear to claim that a new cloned file descriptor is required for every
   session.

2) Fix severe performance problem (and fd leak!) in openssl cryptodev
   engine resulting from misunderstanding probably caused by said manual
   page text.

3) Check for session-ID wraparound in kernel cryptodev provider.  Also,
   start allocating sessions at 1, not 0 -- this will be necessary when
   we add ioctls for the creation of multiple sessions at once, so we
   can tell which if any creations failed.
 2008-01-25 07:09:56 +00:00
vanhu
4aacbd15e1 From Timo Teras: reset iph1->dpd_r_u in the scheduler's callback, to avoid access to freed memory. 2008-01-11 14:27:34 +00:00
vanhu
ca6b517233 reset iph1->dpd_r_u in the scheduler's callback, to avoid some access to freed memory 2008-01-11 14:27:33 +00:00
vanhu
e0b7c2f9ec reported somes fixes from Krzysztof Oledzki 2008-01-11 14:09:50 +00:00
vanhu
90cd29a77c From Krzysztof Oledzki: Fix compilation with IDEA and recent gcc. 2008-01-11 14:09:05 +00:00
vanhu
5e3ace1c19 From Krzysztof Oledzki: added some details to some logs (also reported new getph1byaddr() arg). 2008-01-11 14:08:29 +00:00
vanhu
e8714f7763 From Krzysztof Oledzki: Only search for established ph1 handles in DPD (also reported new getph1byaddr() arg). 2008-01-11 14:07:39 +00:00
vanhu
223c4f34ce added an 'established' arg to getph1byaddr() 2008-01-11 14:06:56 +00:00
mgrooms
c825a8ee5f Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timo Teras. 2007-12-31 01:42:07 +00:00
mgrooms
e2eda5513a Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timmo Teras. 2007-12-31 01:42:06 +00:00
jnemeth
c9b9889ada add back #include <sys/socket.h> from Scott Ellis on current-users@ 2007-12-21 20:42:03 +00:00
tnn
e9e5abe68c fix typo in comment 2007-12-21 01:03:58 +00:00
martin
53a105b083 Disable the umac-64 MAC for now, it needs to be rewritten from scractch. 
Addresses PR bin/37562.
 2007-12-20 14:14:04 +00:00
dogcow
d642d06d3d fixes for alpha: %ld -> %zd, signals are long. 2007-12-18 09:00:30 +00:00
dogcow
ceafeaa9bc Eliminate "endian_convert defined but not used" on big-endian platforms; 
instead of using the "generic" functions for byteswapping in this file,
use le32toh() and friends.
 2007-12-18 08:32:21 +00:00
dogcow
4750a01617 on NetBSD, use %zu for sizeof() 2007-12-18 07:22:32 +00:00
christos
512c2e7e60 merge conflicts 2007-12-18 02:35:25 +00:00
christos
848569aa46 from ftp.openbsd.org 2007-12-17 20:15:38 +00:00
mgrooms
3a210f56fc Add corrections submitted in a follow up patch for the nat-t oa support. 2007-12-12 05:08:28 +00:00
mgrooms
892304dffa Add support for nat-t oa payload handling. Submitted by Timo Teras. 2007-12-12 04:45:59 +00:00
jnemeth
85c7ab0640 add a sample XAuthLocation for x.org users as discussed on pkgsrc-users@ 2007-12-08 19:03:28 +00:00
mgrooms
4454243c5b Add changelog entries missed in the last commit. 2007-12-04 19:54:24 +00:00
mgrooms
2ada148e80 Modify ipsecdoi_sockaddr2id() to obtain an id without specifying the exact prefix length. Correct a memory leak in phase2. Both submitted by Timo Teras. 2007-12-04 19:52:30 +00:00
wiz
e5326240e8 Fix typos. New sentence, new line. 2007-12-01 19:24:47 +00:00
vanhu
3139da7ed3 From Natanael Copa: fixed a race condition when building yacc stuff. 2007-11-29 16:22:08 +00:00
vanhu
45ebb13627 fixed a race condition when building yacc stuff 2007-11-29 16:22:07 +00:00
vanhu
e76e80b28b From Arnaud Ebalard: some sanity checks, debug, and a better matching of SPD entries in getsp_r() 2007-11-09 16:28:14 +00:00
vanhu
faf3c4a53b From Arnaud Ebalard: Some sanity checking in pk_recv() 2007-11-09 16:27:58 +00:00
vanhu
70597b6cab From Arnaud Ebalard: Better matching of SPD entries in getsp_r(). 2007-11-09 16:27:47 +00:00
vanhu
cd8d63d79e From Arnaud Ebalard: Added some debug in get_proposal_r(). 2007-11-09 16:27:42 +00:00
adrianp
c9951c135d Fix for CVE-2007-4995 from OpenSSL CVS 2007-10-21 20:34:14 +00:00
manu
57c0ea0775 Add SPLITNET_{INCLUDR_LOCAL}_CIDR to hook scripts 2007-10-19 03:37:18 +00:00
vanhu
702eac21e5 Try to increase the buffer size of the pfkey socket, this may help things when we have a huge SPD 2007-10-15 16:05:01 +00:00
vanhu
657e6e5324 new plog macro 2007-10-02 09:48:08 +00:00
vanhu
4e4df07d61 From Scott Lamb: include plog.h to work with the new plog macro. 2007-10-02 09:47:55 +00:00
vanhu
400c6ca5a9 From Scott Lamb: plog changed to _plog to work with new plog macro 2007-10-02 09:47:45 +00:00
vanhu
c12d0d481a From Scott Lamb: new plog macro. 2007-10-02 09:47:40 +00:00
drochner
0e0b59826f apply a patch from openssl CVS to fix a remaining off-by-one error 
in an older security fix, see
http://www.securityfocus.com/archive/1/480855/30/0/threaded
 2007-09-28 13:09:26 +00:00
mgrooms
26182f1f5d Set REUSE option on sockets to prevent failures associated with closing and immediately re-opening. Submitted by Gabriel Somlo. 2007-09-19 19:29:36 +00:00
mgrooms
33e6656ef9 Prevent duplicate entries in splitnet list. Submitted by Gabriel Somlo. 2007-09-19 19:20:25 +00:00
mgrooms
8293a09746 Fix autoconf check for selinux support. Submitted by Joy Latten. 2007-09-13 00:26:14 +00:00
mgrooms
aca8e1eed2 Implement clientaddr sainfo remote id option and refine the sainfo man page syntax. 2007-09-12 23:39:49 +00:00
tron
6dda4e3f48 Use poll(2) to wait for rnd(4). The initialisation of OpenSSL's RNG 
now works reliably if the first FD_SETSIZE file descriptors are in use.
 2007-09-07 08:10:00 +00:00
mgrooms
324a68d0b7 Sort sainfo sections on insert and improve matching logic. 2007-09-05 06:55:44 +00:00
mgrooms
edac7dae7c Correct the syntax for wins4 in the man page and add nbns4 as an alias. Pointed out by Claas Langbehn. 2007-09-03 18:08:42 +00:00
manu
1c79bc103b src/racoon/isakmp_xauth.c: Don't mix up RADIUS authentication and 
authorization ports. Allow interoperability with freeradius
 2007-08-07 04:35:01 +00:00
taca
9fcfdb104e Apply a patch from https://bugzilla.mindrot.org/show_bug.cgi?id=1306. 
Fix nasty "error: channel 0: chan_read_failed for istate 3" message.
 2007-07-31 03:09:49 +00:00
mgrooms
8628a88239 Update NEWS file with additional 0.7 improvements. 2007-07-24 04:29:23 +00:00
mgrooms
9b7e05e155 Various racoon configuration manpage updates. 2007-07-18 22:50:47 +00:00
christos
0878f17383 PR/36665: Matthias Scheler: Thread support is not enabled in NetBSD's OpenSSL 
I enabled it.
 2007-07-18 20:19:56 +00:00
vanhu
c3bc7fe364 use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues 2007-07-18 12:07:49 +00:00
vanhu
9f7ae421ea fixed a socket leak 2007-07-16 15:05:10 +00:00
vanhu
0fd2ceaf72 indentation 2007-07-16 15:03:13 +00:00
christos
4d0c78dab0 PR/36624: Edgar Fu: sshd should not check pw_{expire,change} if UsePam is 
enabled. This is what the "portable" version of openssh does.
 2007-07-10 15:48:56 +00:00
christos
a39c84a8c3 PR/36623: Edgar Fu: ssh publickey authentification fails if homedir not present 
Removed extra realpath check that was introduced by a bogus merge.
 2007-07-10 14:56:25 +00:00
christos
30638c77c3 PR/36562: Takeshi Nakayama: sshd(8) HostbasedAuthentication fails after 
upgrading to 4.0_BETA
Remove $HOME test since this is also used by sshd.
 2007-06-26 18:28:34 +00:00
christos
d1cb3ec527 remove unused variable. 2007-06-25 01:42:31 +00:00
christos
c6b86acffc don't use __progname for the pam service name. Hard-code it to "sshd" 2007-06-24 23:48:30 +00:00
manu
72fe4c3a84 From Paul Winder <Paul.Winder@tadpole.com>: 
Fix ignored INTERNAL_DNS4_LIST
 2007-06-07 20:04:26 +00:00
vanhu
6ae0ffb7d9 From Rong-En Fan: fix compilation with gcc 4.2 2007-06-06 15:37:15 +00:00
vanhu
cc41629a4c fixed compilation with gcc 4.2 2007-06-06 15:37:14 +00:00
vanhu
6817ea28d9 speeds up interfaces update when they changed 2007-06-06 09:47:30 +00:00
vanhu
1ed22670fa From Jianli Liu: speed up interfaces update when they change. 2007-06-06 09:47:29 +00:00
vanhu
7c53bfe0b6 ignore obsolete lifebyte when validating reloaded configuration 2007-06-06 09:18:16 +00:00
manu
a16fcccee0 From Joy Latten <latten@austin.ibm.com> 
Fix file descriptor shortage when using labeled IPsec.
 2007-05-31 19:54:54 +00:00
manu
23326f5b62 From Jianli Liu <jlliu@nortel.com>: 
In racoonctl, use the specified socket path instead of the default location
 2007-05-30 21:02:39 +00:00
christos
5d1825b2a1 Use RESCUEDIR if set. 2007-05-17 00:17:50 +00:00
christos
538010e358 coverity CID 4168: yyerror() does not return, so we proceed to de-reference 
NULL. Make it return -1 instead like in other places.
 2007-05-16 21:00:40 +00:00
christos
dc073934fe coverity CID 4170: yyerror() does not return, so we proceed to de-reference 
NULL. Make it return -1 instead like in other places.
 2007-05-16 20:59:04 +00:00
vanhu
5e29f1f1bb search a ph1 by address if iph2->ph1 is NULL when validating the new config 2007-05-04 14:33:38 +00:00
vanhu
79dfa780cb ... 2007-05-04 09:10:07 +00:00
vanhu
0f20ab497d added some debug in getph1byaddr() to track some port matching problems with NAT-T 2007-05-04 09:09:54 +00:00
vanhu
e91f01072a added some debug in isakmp_chkph1there() to track some port matching problems with NAT-T 2007-05-04 09:09:47 +00:00
vanhu
ff0f36d165 added some debug for DELETE_SA process 2007-05-04 09:09:35 +00:00
vanhu
ae24f5b259 Force the update of ph2 in pk_recvupdate() if NAT_T support, to solve some port match problems with the first IPSec SAs negociated as initiator 2007-05-04 09:09:26 +00:00
plunky
e3a1867a4d fix usage error: use type for .Ft 2007-04-13 18:22:08 +00:00
vanhu
ace683e685 checks proto_id in ipsecdoi_chkcmpids() 2007-04-04 13:09:36 +00:00
vanhu
f31c3aee8e dumps peer's ID and peer's certificate subject /subjectaltname if they don't match 2007-04-04 13:07:31 +00:00
vanhu
52c7a2891e Store the DPD main scheduler in ph1 handler, to be able to cancel it when removing the handler, and some minor cleanups in DPD code 2007-03-26 15:58:07 +00:00
christos
8f6921b522 PR/36069: Huang Yushuo: racoon can't work with pam_group 
Set RUSER.
 2007-03-24 02:07:42 +00:00
vanhu
2af4eed892 From Joy Latten: fix a segfault when using security labels between 32bit and 64bit host. 2007-03-23 15:43:19 +00:00
vanhu
38a126966c fixed a segfault when using security labels between a 32bit and a 64bit host 2007-03-23 15:43:18 +00:00
vanhu
27934310cd expire zombie handlers in getph2byid(), to avoid situations where we'll never negociate a phase2 again 2007-03-23 15:34:31 +00:00
vanhu
1046a9e619 From Cyrus Rahman: give more details about what is checked when using certificates to authenticate 2007-03-23 09:57:29 +00:00
vanhu
a1d41ca41d give more details about what is checked when using certificates to authenticate 2007-03-23 09:57:28 +00:00
vanhu
27187d08ab fixed subnet check to generate IPV4_ADDRESS when needed in sockaddr2id() 2007-03-22 10:26:19 +00:00
vanhu
002f3b4723 checks if arg is NULL in SCHED_KILL 2007-03-21 14:37:58 +00:00
vanhu
452cfb7edf NULL sched check is now done in SCHED_KILL 2007-03-21 14:29:22 +00:00
vanhu
43c152a498 checks if arg is NULL in SCHED_KILL 2007-03-21 14:28:59 +00:00
vanhu
a270a7afb9 From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux. 2007-03-15 14:12:12 +00:00
vanhu
7a26f531db enable monitoring of ipv6 addresse changes on linux 2007-03-15 14:12:11 +00:00
vanhu
0fca99dc2f Consider a negociation timeout when retry_counter is <=0 instead of < 0 2007-03-15 10:37:44 +00:00
christos
2cf8149db2 resurect files that we need and make things compile again. 2007-03-10 23:05:24 +00:00
christos
06993fb381 resolve conflicts. 2007-03-10 22:52:04 +00:00
christos
38f7168c16 PR/35965: Kazushi Marukawa: SSHD doesn't work under protocol 1 
This is a manifestation of a bug in OpenSSL 0.9.8e, which breaks
certain ciphers in OpenSSH <= 4.5p1. See:
    http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html
    http://bugzilla.mindrot.org/show_bug.cgi?id=1291
 2007-03-10 17:18:31 +00:00
christos
f0f7c41448 enable RFC/3779, requested by George Michaelson 2007-03-10 00:49:47 +00:00
dogcow
01abf44400 resolve the not-quite-resolved cvs conflicts (a missing #endif) 2007-03-07 02:34:59 +00:00
mjf
d774015c29 resolve conflicts 2007-03-06 23:47:18 +00:00
mjf
b22ff73a10 Import OpenSSL 0.9.8e 2007-03-06 21:12:00 +00:00
christos
17fe25abca eliminate caddr_t 2007-03-04 08:21:34 +00:00
mgrooms
adf474a143 Add logic to allow ip address ids to be matched to ip subnet ids when 
appropriate.
 2007-02-28 05:36:45 +00:00
vanhu
f1c1e37275 block variable declaration before code in ipsecdoi_id2str() 2007-02-21 11:01:06 +00:00
vanhu
740b198715 Removed a debug printf.... 2007-02-20 16:32:28 +00:00
vanhu
bd81981229 Only delete a generated SPD if it's creation date matches the creation date of the SA we are currently deleting 2007-02-20 09:11:30 +00:00
vanhu
1cb0c229b8 updated delete_spd() calls 2007-02-20 09:11:14 +00:00
vanhu
19df9f5fcc fills creation date of generated SPDs 2007-02-20 09:11:03 +00:00
vanhu
57d8173408 added 'created' var 2007-02-20 09:10:47 +00:00
vanhu
3c99a9f776 Removed a debug printf.... 2007-02-19 13:08:47 +00:00
vanhu
496e74bcde From Olivier Warin: Fix a %zu in a printf. 2007-02-16 11:01:35 +00:00
vanhu
834d2e72c5 Fixed a %zu in a printf 2007-02-16 11:01:34 +00:00
manu
eac241862b Missing SELinux file 2007-02-15 16:31:38 +00:00
manu
1b2a464d38 Missing stuff for SELinux 2007-02-15 16:23:40 +00:00
vanhu
6c4dc9e4c6 From "Uncle Pedro" on sf.net: Just expire a ph1 handle when receiving a DELETE-SA instead of calling purge_remote(). 2007-02-15 13:01:26 +00:00
vanhu
5f4b4e0b21 Just expire a ph1 handle when receiving a DELETE-SA instead of calling purge_remote() 2007-02-15 13:01:25 +00:00
vanhu
6ced6eb0cd Fixed the way phase1/2 messages are sent/resent, to avoid zombie handles and acces to freed memory 2007-02-15 10:19:24 +00:00
rpaulo
b552802596 It's no longer basesrc. 2007-02-05 18:12:43 +00:00
vanhu
5374d6ac89 Fixed a check of NAT-T support in libipsec 2007-02-02 13:42:28 +00:00
vanhu
1634f1d295 From "Uncle Pedro" on sf.net: When receiving an ISAKMP DELETE_SA, get the cookie of the SA to be deleted from payload instead of just deleting the ISAKMP SA used to protect the informational exchange. 2007-02-01 08:48:32 +00:00
vanhu
e25ad0ee61 When receiving an Isakmp DELETE_SA, gets the cookie of the SA to be deleted from payload instead of just deleting the Isakmp SA used to protect the informational 2007-02-01 08:48:31 +00:00
wiz
15b0193490 Refer to RFC 4716 in two more places (instead of "IETF SECSH"). 
From jmc@openbsd.
 2007-01-23 22:21:54 +00:00
alc
a740eb5ac0 CID-4268: `c' is EOF here, remove deadcode 2006-12-26 00:06:03 +00:00
alc
bdf6fc4f47 CID-4167: check for 'iph1->approval != NULL' 2006-12-26 00:04:00 +00:00
wiz
a0a9492dc8 Talk of RFC 4716 SSH public key format instead of SECSH public key format. 
From markus@openbsd via jmc@openbsd (rev 1.73).
 2006-12-24 10:06:03 +00:00
wiz
7ce75c98d8 Mention RFC 4716. From markus@openbsd via jmc@openbsd (rev. 1.266). 2006-12-24 10:04:08 +00:00
wiz
9e2cc05c4b Use even more macros. 2006-12-23 09:29:53 +00:00
wiz
710cf70831 Use more macros. 2006-12-23 09:29:01 +00:00
wiz
fc51d9d324 Serial comma, and bump date for previous. 2006-12-23 09:22:52 +00:00
vanhu
1a38b96eff From Joy Latten: fix a memory leak 2006-12-18 10:15:30 +00:00
vanhu
591299b29f fixed a memory leak in crypto_openssl 2006-12-18 10:15:29 +00:00
manu
fcdf5459d0 branch 0.7 created 2006-12-10 22:36:06 +00:00
manu
7c683c0b23 Bring back API and ABI backward compatibility with previous libipsec before 
recent interface change. Bump libipsec minor version. Remove ifdefs in
struct pfkey_send_sa_args to avoid ABI compatibility lossage.
Add a capability flags to detect missing optional feature in libipsec
 2006-12-10 18:46:39 +00:00
manu
78f5cfece3 From Joy Latten: README.plainrsa documenting plain RSA auth 2006-12-10 05:51:14 +00:00
manu
99a403e274 From Joy Latten: Add support for SELinux security contexts. Also cleanup the 
libipsec interface for adding and updating security associations.
 2006-12-09 05:52:57 +00:00
manu
10cadc281e From Simon Chang: More hints about plain RSA authentication 2006-12-09 05:44:34 +00:00
vanhu
3db7f7800e Check keys length regarding proposal_check level 2006-12-05 13:38:40 +00:00
mgrooms
8ceadc3208 Correct issues associated with anonymous sainfo selection in racoon. 2006-11-16 00:30:55 +00:00
dogcow
ea8336c632 As uwe points out, it looks like the L on the version constant was 
accidentally removed. Add it back, especially as the documentation still
claims that the constant is a long.
 2006-11-14 22:30:33 +00:00
adrianp
1be366570b From http://www.openssh.org/txt/release-4.5: (CVE-2006-5794) 
* Fix a bug in the sshd privilege separation monitor that weakened its
  verification of successful authentication. This bug is not known to
  be exploitable in the absence of additional vulnerabilities.

Bump __NETBSDSSH_VERSION
 2006-11-14 21:52:09 +00:00
christos
600680c6c3 merge conflicts. 2006-11-13 21:55:36 +00:00
christos
4a5ea8ca2f import 0.9.8d 2006-11-13 21:16:04 +00:00
christos
9f3fa7dc87 eliminate the only variable stack array allocation. 2006-11-09 20:22:18 +00:00
christos
94eb6e9da8 fix typo 2006-11-09 19:51:06 +00:00
christos
f06f014bee use malloc when ssp 2006-11-09 19:50:03 +00:00
cbiere
577883a31d Don't define the deprecated IPV6_RECVDSTADDR if the "advanced IPv6 API" is 
used because IPV6_RECVPKTINFO and IPV6_PKTINFO are used to prevent
potential bugs in the future just in case that the numeric value of the
socket option is ever recycled.
 2006-10-31 00:17:21 +00:00
agc
05ad853be0 one more to catch up with the new location for sha2.h 2006-10-28 23:07:23 +00:00
vanhu
b0d7d1da89 From Michal Ruzicka: fix typos 2006-10-22 15:10:31 +00:00
vanhu
df130f3c13 fixed typos 2006-10-22 15:10:30 +00:00
vanhu
5328e8c78b Added ipsecdoi_chkcmpids() function 2006-10-19 09:36:22 +00:00
vanhu
3835b0b6a5 From Matthew Grooms: use ipsecdoi_chkcmpids() and changed src/dst to loc/rmt in getsainfo(). 2006-10-19 09:35:51 +00:00
vanhu
b0f2fc5ddb From Matthew Grooms: Added ipsecdoi_chkcmpids() function. 2006-10-19 09:35:44 +00:00
adrianp
9480ff5303 Change the default sshd configuration file so that only protocol version 2 
is enabled by default.  Users can manually add back support for protocol
version 1 in their sshd_config if they have a specific need for it.

Suggested by perry@ and ghen@. Ok'ed security-officer@ and christos@
 2006-10-15 14:01:53 +00:00
manu
966e3f130f Fix memory leak (Coverity 3438 and 3437) 2006-10-09 06:32:59 +00:00
manu
331d3b1287 List modified files for last commit 2006-10-09 06:21:11 +00:00
manu
6eca4f09f3 Correctly check read() return value: it's signed (Coverity 1251) 2006-10-09 06:17:20 +00:00
kardel
f34e7857d3 keep len correct when substituting variables - fixes PR/24458 2006-10-08 22:21:14 +00:00
manu
56f4977415 Camelia cipher support as in RFC 4312, from Tomoyuki Okazaki 
<okazaki@kick.gr.jp>
 2006-10-06 12:02:26 +00:00
christos
ee4546d741 unbreak gcc-3 builds. 2006-10-04 14:31:55 +00:00
christos
a9fc92da63 PR/34681: Scott Ellis: Explicitly include <sys/socket.h> 2006-10-04 14:30:35 +00:00
christos
1eafb02344 put back ignorerootrhosts 2006-10-04 14:26:31 +00:00
manu
20d3dfdcfa fix endianness issue introduced yesterday 2006-10-03 20:43:10 +00:00
vanhu
2b72a4f236 remoteid/ph1id support 2006-10-03 08:04:31 +00:00
vanhu
b45c893ef4 Added remoteid/ph1id syntax 2006-10-03 08:03:59 +00:00
vanhu
7d2c6acefd Parses remoteid/ph1id values 2006-10-03 08:03:33 +00:00
vanhu
dd3c365568 Uses remoteid/ph1id values 2006-10-03 08:02:51 +00:00
vanhu
80d5a8a518 Added remoteid/ph1id values 2006-10-03 08:01:56 +00:00
manu
9547d0f260 avoid reusing free'd pointer (Coverity 2613) 2006-10-02 21:51:33 +00:00
manu
1966cc3311 Check for NULL pointer (COverity 4175) 2006-10-02 21:47:32 +00:00
manu
e1ade705e1 Remove dead code (Coverity 3451) 2006-10-02 21:41:59 +00:00
manu
520ec462f7 Fix array overrun (Coverity 4172) 2006-10-02 21:33:14 +00:00
manu
e5d24ec446 Fix memory leak (Coverity 2002) 2006-10-02 21:27:08 +00:00
manu
cdb1e64a8c Fix memory leak (Coverity 2001), refactor the code to use port get/set 
functions
 2006-10-02 21:19:43 +00:00
manu
cd350eaf6d Avoid reusing free'd pointer (Coverity 4200) 2006-10-02 20:52:17 +00:00
manu
d564be9350 Don't use NULL pointer (Coverity 3443), reformat to 80 char/line 2006-10-02 18:54:46 +00:00
dogcow
f54a9b4797 If you're going to initialize a pointer, you have to init it with a pointer 
type, not an int.
 2006-10-02 12:44:40 +00:00
manu
68e9583818 Don't use NULL pointer (coverity 3439) 2006-10-02 12:04:53 +00:00
manu
5227e9475b Don't use NULL pointer (Coverity 1334) 2006-10-02 11:59:40 +00:00
manu
41042afaf6 Don't use NULL pointer (Coverity 944) 2006-10-02 07:17:57 +00:00
manu
01d5ad642c Don't use NULL pointer (Coverity 941) 2006-10-02 07:15:09 +00:00
manu
9a55720f5c Don't use NULL pointer (Coverity 942) 2006-10-02 07:12:26 +00:00
manu
bfd607cda0 Don't use null pointer (Coverity 863) 2006-10-02 07:08:25 +00:00
manu
626d146a75 FIx memory leak (Coverity 4181) 2006-10-01 22:04:03 +00:00
manu
7be862b0db Check that iph1->remote is not NULL before using it (Coverity 3436) 2006-10-01 19:23:57 +00:00
manu
c7242e7e9f emove dead code (Coverity 4165) 2006-09-30 21:49:37 +00:00
manu
07b750b745 Fix memory leak (Coverity 4179) 2006-09-30 21:38:39 +00:00
manu
df69765a89 update the scripts for wrorking around routing problems on NetBSD 2006-09-30 21:22:21 +00:00
manu
172675f3db Reuse existing code for closing IKE sockets, and avoid screwing things by 
setting p->sock = -1, which is not expected (Coverity 4173).
 2006-09-30 16:14:18 +00:00