| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.
|
| |\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
des_read_pw_string to break (and thus rather mysteriously
breaking utilities such as kinit).
= Enable the BSD /dev/crypto interface.
(These changes are being imported on the vendor branch, as they have
already been accepted and committed to the OpenSSL CVS repository.)
|
| | |
| |
| |
| | |
This is cunning doublespeak for "use vendor code".
|
| | |
| |
| |
| | |
retained as it is still used.
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| | |
support for AES and OpenBSD's hardware crypto.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
two basic changes (both of which should be no-ops until OpenSSL 0.9.7
is imported):
= Define OPENSSL_DES_LIBDES_COMPATIBILITY wherever we include
openssl/des.h.
= Spell `struct des_ks_struct []' using the existing
`des_key_schedule' typedef.
When OpenSSL 0.9.7 is imported, `des_key_schedule' (among other
things) will be a macro invocation instead of a typedef, and things
should `just work'.
Yes, this commit does take several files off the vendor branch.
I do not expect there to be future imports of KTH Kerberos 4.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days
|
| |\ \
| | |
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This is particularly important for OpenSSL 0.9.7, as `des_read_pw_string'
is a macro there. (This fix brought in on the vendor branch, because I
already committed it to Heimdal's CVS.)
|
| | | |
| | |
| | |
| | | |
Reviewed by: ps
|
| | | |
| | |
| | |
| | |
| | |
| | | |
initialized after the call to pthread_create() instead of before. It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread. If
a child process is used instead, they will (necessarily) use a separate
context.
Constify do_pam_account() and do_pam_session().
Sponsored by: DARPA, NAI Labs
|
| | | | |
|
| | | |
| | |
| | |
| | | |
disabled). This removes the only reference to auth2_pam().
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Submitted by: tjr
|
| | | |
| | |
| | |
| | |
| | |
| | | |
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.
Approved by: re (rwatson)
|
| | | |
| | |
| | |
| | |
| | | |
Submitted by: markm
Approved by: bmah
|
| |\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
| | |
| | |
| | | |
Approved by: re
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
PermitRootLogin.
PR: docs/43776
MFC after: 1 week
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | | |
which included commits to RCS files with non-trunk default branches.
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | | |
which included commits to RCS files with non-trunk default branches.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
check the length of the authenticator and rlen
Obtained from: Heimdal CVS
|
| |\ \ \ \ \
| | |_|/ /
| |/| | |
| | | | | |
which included commits to RCS files with non-trunk default branches.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
check size of rlen
Obtained from: Heimdal CVS
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
reason to restrict this to a numeric address.
PR: 41841
Submitted by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>,
Maxim Maximov <mcsi@agava.com>
|
| |\ \ \ \ \
| |/ / / /
| | | | |
| | | | | |
which included commits to RCS files with non-trunk default branches.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
passwords, even when the operation actually succeeded.
% k5passwd
luser@REA.LM's Password: **************
New password: **************
Verifying password - New password: **************
k5passwd: krb5_change_password: unable to reach any changepw server in realm REA.LM
[In reality, the password was changed.]
Obtained from: Heimdal CVS
|
| | | | | |
| | | | |
| | | | |
| | | | | |
s/FALL THROUGH/FALLTHROUGH/ for lint(1).
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
s/FALL THROUGH/FALLTHROUGH/ for lint(1).
s/Usage/usage/ for consistency.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
"Could you do me a favor and fix sys_bsd.c to get the howmany() macro
from <sys/param.h>, instead of <sys/types.h>? This will save me from
having to worry about the unsync'd bits before making the change."
Requested by: mike
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
system, and I've not been importing them lately. cvs rm them now
so they can be cleaned out of the attic later.
Requested by: obrien
|
| | | | | | |
|
| |\ \ \ \ \
| |/ / / /
| | | | |
| | | | | |
which included commits to RCS files with non-trunk default branches.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.
Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days
|
