| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| |
| |
| |
| | |
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
|
| |
| |
| |
| |
| |
| |
| | |
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| |
| |
| | |
memory.
Obtained from: OpenBSD
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".
As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).
Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| | |
the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.
|
| |
| |
| |
| |
| |
| |
| | |
restarting when sent a SIGHUP.
Submitted by: tegge
Approved by: re (jhb)
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.
Approved by: re (rwatson)
|
| |
| |
| |
| |
| |
| |
| |
| | |
of conflicting with other, similarly named functions in static
libraries. This is done mostly by renaming the var if it is shared
amongst modules, or making it static otherwise.
OK'ed by: re(scottl)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
name to reflect its role
- try to handle expired passwords a little better
MFC after: 1 week
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.
Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.
MFC after: 1 week
|
| | |
|
|\ \
| | |
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| | |
| | |
| | | |
http://www.openssl.org/news/secadv_20030319.txt
|
| | |
| | |
| | |
| | | |
Enjoy your retirement in ports.
|
| | |
| | |
| | |
| | |
| | |
| | | |
(Credential forwarding is still broken.)
PR: bin/45397
|
| | | |
|
|\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.
MFC after: 3 days
|
| | |
| | |
| | |
| | | |
an attempt to declare a prototype for it will croak.
|
| | | |
|
| | |
| | |
| | |
| | | |
MFC after: 3 days
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
obviously incorrect.
PR: 46841
Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pam_conv argument is NULL. OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.
Pointed out by: Damien Miller <djm@mindrot.org>
|
| | |
| | |
| | |
| | | |
for ssh1)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.
|
|\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
des_read_pw_string to break (and thus rather mysteriously
breaking utilities such as kinit).
= Enable the BSD /dev/crypto interface.
(These changes are being imported on the vendor branch, as they have
already been accepted and committed to the OpenSSL CVS repository.)
|
| | |
| | |
| | |
| | | |
This is cunning doublespeak for "use vendor code".
|
| | |
| | |
| | |
| | | |
retained as it is still used.
|
|\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| | |
| | |
| | | |
support for AES and OpenBSD's hardware crypto.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
two basic changes (both of which should be no-ops until OpenSSL 0.9.7
is imported):
= Define OPENSSL_DES_LIBDES_COMPATIBILITY wherever we include
openssl/des.h.
= Spell `struct des_ks_struct []' using the existing
`des_key_schedule' typedef.
When OpenSSL 0.9.7 is imported, `des_key_schedule' (among other
things) will be a macro invocation instead of a typedef, and things
should `just work'.
Yes, this commit does take several files off the vendor branch.
I do not expect there to be future imports of KTH Kerberos 4.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days
|
|\ \ \
| | | |
| | | |
| | | | |
which included commits to RCS files with non-trunk default branches.
|