summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Bug fix: When the client connects to a server and Kerberosnectar2001-07-131-0/+1
| | | | | | | | | | | | | | authentication is enabled, the client effectively ignores any error from krb5_rd_rep due to a missing branch. In theory this could result in an ssh client using Kerberos 5 authentication accepting a spoofed AP-REP. I doubt this is a real possiblity, however, because the AP-REP is passed from the server to the client via the SSH encrypted channel. Any tampering should cause the decryption or MAC to fail. Approved by: green MFC after: 1 week
* mdoc(7) police: removed HISTORY info from the .Os call.ru2001-07-102-3/+2
|
* Fix an incorrect conflict resolution which prevented TISAuthenticationgreen2001-07-071-25/+2
| | | | from working right in 2.9.
* mdoc(7) police: merge all fixes from non-crypto version.ru2001-07-051-58/+92
|
* MF non-crypto: 1.13: document -u in usage.ru2001-07-051-8/+8
|
* Also add a colon to "Bad passphrase, please try again ".green2001-06-291-1/+1
|
* Put in a missing colon in the "Enter passphrase" message.green2001-06-291-1/+1
|
* Back out the last change which is probably actually a red herring. Argh!green2001-06-261-4/+2
|
* Don't pointlessly kill a channel because the first (forced)green2001-06-261-2/+4
| | | | | | non-blocking read returns 0. Now I can finally tunnel CVSUP again...
* fix merges from 0.3fassar2001-06-217-274/+528
|
* This commit was generated by cvs2svn to compensate for changes in r78527,assar2001-06-21485-7462/+39617
|\ | | | | | | which included commits to RCS files with non-trunk default branches.
| * import of heimdal 0.3fassar2001-06-21495-7740/+40167
| |
* | (do_authloop): handle !KRB4 && KRB5assar2001-06-161-4/+7
| |
* | Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 doesmarkm2001-06-151-1/+3
| | | | | | | | not imply that you want, need or have kerberosIV headers.
* | Enable Kerberos 5 support in sshd again.green2001-06-123-2/+4
| |
* | Switch to the user's uid before attempting to unlink the auth forwardinggreen2001-06-084-25/+45
| | | | | | | | | | | | file, nullifying the effects of a race. Obtained from: OpenBSD
* | Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason.obrien2001-05-241-1/+1
| |
* | Oops, forgot the 'u' in the getopt for the previous commit.dillon2001-05-241-1/+1
| |
* | A feature to allow one to telnet to a unix domain socket. (MFC fromdillon2001-05-233-3/+51
| | | | | | | | | | | | | | | | | | non-crypto version) Also update the crypto telnet's man page to reflect other options ported from the non-crypto version. Obtained from: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
* | Resolve conflictskris2001-05-206-26/+48
| |
* | This commit was generated by cvs2svn to compensate for changes in r76866,kris2001-05-20116-815/+1893
|\ \ | | | | | | | | | which included commits to RCS files with non-trunk default branches.
| * | Initial import of OpenSSL 0.9.6akris2001-05-20122-841/+1941
| | |
* | | Restore the RSA host key to /etc/ssh/ssh_host_key.obrien2001-05-181-2/+1
| | | | | | | | | | | | Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
* | | Make the PAM user-override actually override the correect thing.nsayer2001-05-171-3/+3
| | |
* | | Back out last commit. This was already fixed. This should never havepeter2001-05-171-2/+0
| | | | | | | | | | | | | | | happened, this is why we have commit mail expressly delivered to committers.
* | | Fix the latest telnet breakage. Obviously this was never compiled.peter2001-05-171-4/+4
| | |
* | | Since the root-on-insecure-tty code was added to telnetd, a dependencynsayer2001-05-161-0/+2
| | | | | | | | | | | | | | | on char *line was added to libtelnet. Put a dummy one in to keep the linker happy.
* | | Make sure the protocol actively rejects bad data rather thannsayer2001-05-161-8/+8
| | | | | | | | | | | | (potentially) not responding to an invalid SRA 'auth is' message.
* | | srandomdev() affords us the opportunity to radically improve, and at thensayer2001-05-161-0/+7
| | | | | | | | | | | | same time simplify, the random number selection code.
* | | Catch any attempted buffer overflows. The magic numbers in this codensayer2001-05-161-2/+6
| | | | | | | | | | | | | | | | | | | | | (512) are a little distressing, but the method really needs to be extended to allow server-supplied DH parameters anyway. Submitted by: kris
* | | Catch malloc return failures. This should help avoid dereferencing NULL onnsayer2001-05-161-0/+8
| | | | | | | | | | | | | | | | | | low-memory situations. Submitted by: kris
* | | Hack to work around braindeath in libtelnet:sra.c. The sra.o filepeter2001-05-151-0/+1
| | | | | | | | | | | | | | | | | | | | | references global variables from telnetd, but is also linked into telnet as well. I was tempted to back out the last sra.c change as it is 100% bogus and should be taken out and shot, but for now this bandaid should get world working again. :-(
* | | If the uid of the attempted authentication is 0 and if the pty isnsayer2001-05-151-1/+34
| | | | | | | | | | | | | | | insecure, do not succeed. Copied from login.c. This functionality really should be a PAM module.
* | | If a host would exceed 16 characters in the utmp entry, record onlygreen2001-05-151-1/+1
| | | | | | | | | | | | | | | | | | it's IP address/base host instead. Submitted by: brian
* | | mdoc(7) police: finished fixing conflicts in revision 1.18.ru2001-05-141-1/+0
| | |
* | | Fix make world in the kerberosIV case.markm2001-05-111-1/+5
| | |
* | | merge imported changes into HEADassar2001-05-113-18/+8
| | |
* | | Fix some of the handling in the pam module, don't unregister thingsalfred2001-05-091-14/+50
| | | | | | | | | | | | | | | | | | | | | that were never registered. At the same time handle a failure from pam_setcreds with a bit more paranioa than the previous fix. Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
* | | Since PAM is broken, let pam_setcred() failure be non-fatal.green2001-05-081-1/+1
| | |
| | |
| \ \
*-. \ \ This commit was generated by cvs2svn to compensate for changes in r76371,assar2001-05-0855-341/+280
|\ \ \ \ | | |_|/ | |/| | | | | | which included commits to RCS files with non-trunk default branches.
| | * | mdoc(ng) fixesassar2001-05-0822-145/+128
| | | | | | | | | | | | | | | | Submitted by: ru
| * | | mdoc(ng) fixesassar2001-05-0836-214/+160
| | | | | | | | | | | | | | | | Submitted by: ru
* | | | Pointy hat fix -- reapply the SRA PAM patch. To -current this time.nsayer2001-05-071-0/+133
| | | |
* | | | sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.green2001-05-051-3/+3
| | | |
* | | | Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.green2001-05-052-5/+11
| | | | | | | | | | | | | | | | (Missing Delta Brigade, tally-ho!)
* | | | Get ssh(1) compiling with MAKE_KERBEROS5.green2001-05-042-2/+6
| | | |
* | | | Remove obsoleted files.green2001-05-0412-1582/+0
| | | |
* | | | Fix conflicts for OpenSSH 2.9.green2001-05-0449-4374/+5736
| | | |
* | | | This commit was generated by cvs2svn to compensate for changes in r76259,green2001-05-04118-2874/+10190
|\ \ \ \ | | | | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches.
| * | | | Say "hi" to the latest in the OpenSSH series, version 2.9!green2001-05-04162-7158/+15940
| | | | | | | | | | | | | | | | | | | | Happy birthday to: rwatson
OpenPOWER on IntegriCloud