Commit Graph

36 Commits

Author SHA1 Message Date
cperciva
a02488779d Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by:    so (cperciva)
Approved by:    re (bz)
Security:       FreeBSD-SA-11:06.bind
Security:       FreeBSD-SA-11:07.chroot
Security:       FreeBSD-SA-11:08.telnetd
Security:       FreeBSD-SA-11:09.pam_ssh
Security:       FreeBSD-SA-11:10.pam


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228843 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2011-12-23 15:00:37 +00:00
dim
d107e99829 In contrib/telnet/libtelnet/sra.c, use the correct number of bytes to
zero the password buffer.

MFC after:	1 week


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228559 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2011-12-16 00:48:53 +00:00
ed
7541522753 Rename all symbols in libmp(3) to mp_*, just like Solaris.
The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.

libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.

Reviewed by:	deischen, rdivacky


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@189092 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2009-02-26 21:43:15 +00:00
obrien
90a2e082b9 Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@114630 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-05-04 02:54:49 +00:00
nectar
a948d8a850 Unbreak Kerberos 5 authentication in telnet.
(Credential forwarding is still broken.)

PR:	bin/45397


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@111946 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-03-06 13:41:53 +00:00
nectar
a6a592c797 Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
 interfaces that the former implemented but the latter did not.  Because
 some software in the base system still depended upon these interfaces,
 we simply included them in our libcrypto (rnd_keys.c).

Now, finally get around to removing the dependencies on these
interfaces.  There were basically two cases:

  des_new_random_key -- This is just a wrapper for des_random_key, and
     these calls were replaced.

  des_init_random_number_generator et. al. -- A few functions were used
     by the application to seed libdes's PRNG.  These are not necessary
     when using libcrypto, as OpenSSL internally seeds the PRNG from
     /dev/random.  These calls were simply removed.

Again, some of the Kerberos 4 files have been taken off the vendor
branch.  I do not expect there to be future imports of KTH Kerberos 4.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@110049 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-01-29 18:14:29 +00:00
nsayer
60fe3b5542 Encrypted strings (after hex decoding) aren't null terminated, because
0 might simply be part of the ciphertext.

PR:		bin/40266
Submitted by:	andr@dgap.mipt.ru
MFC after:	3 days


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@102250 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-08-22 06:19:07 +00:00
markm
e537a06c59 Warnings fixes. Sort out some variable types.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@98884 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-06-26 17:06:14 +00:00
markm
22ff929ecd Help fix warnings by marking an argument as unused.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@98882 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-06-26 17:05:08 +00:00
markm
356920ba37 Fix an external declaration that was causing telnetd to core dump.
MFC after:	1 week
PR:		37766


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@96108 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-05-06 09:46:29 +00:00
nectar
8fe168e641 Update build after import of Heimdal Kerberos 2002/02/17.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@90931 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-02-19 15:53:33 +00:00
markm
0efd3a3530 help the alphas out with the WARNS=2 stuff.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@87266 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-12-03 12:13:18 +00:00
markm
a88d48b9df Damn. The previous mega-commit was incomplete WRT ANSIfication. This
fixes that.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@87155 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-11-30 22:28:07 +00:00
markm
820d180830 Very large style makeover.
1) ANSIfy.
2) Clean up ifdefs so that
   a) ones that never/always apply are appropriately either
      fully removed, or just the #if junk is removed.
   b) change #if defined(FOO) for appropiate values of FOO.
      (currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@87139 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-11-30 21:06:38 +00:00
jhb
55a105f79b Fix world by trimming an extra comment terminator.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@85703 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-10-29 19:22:38 +00:00
nsayer
c28778abe6 Add Berkeley copyright to SRA.
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:

Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.

>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.

>dave safford

This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.

MFC after:	1 day


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@85690 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-10-29 16:12:16 +00:00
markm
1f6fc161a6 Add __FBSDID() to diff-reduce with "base" telnet.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@84305 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-10-01 16:04:55 +00:00
markm
0fd2377dcc Code merge and diff reduce with "base" telnet. This is the "later"
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@81965 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-08-20 12:28:40 +00:00
nsayer
9c526f75a3 Make the PAM user-override actually override the correect thing.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76751 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-05-17 16:28:11 +00:00
peter
595c1bb3ca Fix the latest telnet breakage. Obviously this was never compiled.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76711 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-05-17 03:13:00 +00:00
nsayer
74034d9846 Make sure the protocol actively rejects bad data rather than
(potentially) not responding to an invalid SRA 'auth is' message.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76696 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-05-16 20:24:58 +00:00
nsayer
e7c0163dfe srandomdev() affords us the opportunity to radically improve, and at the
same time simplify, the random number selection code.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76691 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-05-16 18:32:46 +00:00
nsayer
0a0c02d634 Catch any attempted buffer overflows. The magic numbers in this code
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76690 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-05-16 18:27:09 +00:00
nsayer
ebece97cb0 Catch malloc return failures. This should help avoid dereferencing NULL on
low-memory situations.

Submitted by:	kris


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76689 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-05-16 18:17:55 +00:00
nsayer
b482ad5b9e If the uid of the attempted authentication is 0 and if the pty is
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76610 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-05-15 04:47:14 +00:00
nsayer
4213319244 Pointy hat fix -- reapply the SRA PAM patch. To -current this time.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76339 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-05-07 20:42:02 +00:00
nsayer
47180006ae Fix core noted in -stable with 'auth disable SRA'.
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@74411 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2001-03-18 09:44:25 +00:00
peter
1448d0f1e3 Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@63248 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2000-07-16 05:48:49 +00:00
nsayer
794e8e7295 Fix 'telnet -X sra' coredump
PR# 19835


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@62958 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2000-07-11 15:04:05 +00:00
kris
a19c3ab413 Don't call printf with no format string.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@62868 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2000-07-10 05:16:59 +00:00
markm
2d4e3ed569 Get crypto from libcrypto, not libdes.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@57442 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2000-02-24 19:28:31 +00:00
nsayer
95b971e484 According to Mark Murray, Makefiles do not belong here. I guess we're
going to have to figure something else out.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@49901 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
1999-08-16 18:59:05 +00:00
nsayer
0f2c0f75fe Add SRA authentication to src/crypto/telnet.
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.

SRA was originally developed at Texas A&M University.

This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).

SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@49887 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
1999-08-16 11:24:29 +00:00
peter
8808a173ed Old stuff laying around: Don't use getstr which can conflict with some
curses/termcap/terminfo implementations and causes recursion.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@41858 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
1998-12-16 06:06:06 +00:00
markm
6ba4d9bbdb Bring the FreeBSD changes to the virgin sources.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@29181 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
1997-09-07 07:02:53 +00:00
markm
0e15f670a1 This commit was generated by cvs2svn to compensate for changes in r29088,
which included commits to RCS files with non-trunk default branches.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@29089 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
1997-09-04 06:11:16 +00:00