Remove svn:mergeinfo from the releng/10.0 branch.

After branch creation from stable/10, the stable/10 branch mergeinfo
was moved to the root of the branch.

Since there have not been any merges from stable/10 to releng/10.0
yet, we do not need to track any of the existing mergeinfo here.

Merges to releng/10.0 should now be done to the root of the branch.

For future branches during the release cycle, unless otherwise noted,
this change will be done as part of the stable/ and releng/ branch
creation.

Discussed with: peter
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFH (r257954): upgrade to OpenSSH 6.4p1

Approved by: re (kib)

Pre-zero the MAC context.

Security: CVE-2013-4548
Security: FreeBSD-SA-13:14.openssh
Approved by: re (implicit)

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by: re (marius)

Pull in all the OpenSSH bits that we'd previously left out because we
didn't use them. This will make future merges from the vendor tree much
easier.

Approved by: re (gjb)

Upgrade to 6.3p1.

Approved by: re (gjb)

Change the default value of VerifyHostKeyDNS to "yes" if compiled with
LDNS. With that setting, OpenSSH will silently accept host keys that
match verified SSHFP records. If an SSHFP record exists but could not
be verified, OpenSSH will print a message and prompt the user as usual.

Approved by: re (blanket)

These three files appeared in 6.0p1, which was imported into the vendor
branch but never merged to head. They were inadvertantly left out when
6.1p1 was merged to head. It didn't make any difference at the time,
because they were unused, but one of them is required for DNS-based host
key verification.

Approved by: re (blanket)

Apply upstream revision 1.151 (fix relative symlinks)

MFC after: 3 days

r251088 reverted the default value for UsePrivilegeSeparation from
"sandbox" to "yes", but did not update the documentation to match.

Revert a local change that sets the default for UsePrivilegeSeparation to
"sandbox" instead of "yes". In sandbox mode, the privsep child is unable
to load additional libraries and will therefore crash when trying to take
advantage of crypto offloading on CPUs that support it.

Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.

The HPN patch added a new BUG bit for SSH_BUG_LARGEWINDOW
and the update to 6.1 added SSH_BUG_DYNAMIC_RPORT with the
same value.

Fix the HPN SSH_BUG_LARGEWINDOW bit so it is unique.

Approved by: des
MFC after: 2 weeks

Merge updated "no such identity file" patch.

PR: bin/178060

Silence "received disconnect" in the common case.

Merge upstream patch to silence spurious "no such identity file" warnings.

Silence printf format warnings.

Silence warnings about redefined macros.

Revert r247892 now that this has been fixed upstream.

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Keep the default AuthorizedKeysFile setting. Although authorized_keys2
has been deprecated for a while, some people still use it and were
unpleasantly surprised by this change.

I may revert this commit at a later date if I can come up with a way
to give users who still have authorized_keys2 files sufficient advance
warning.

MFC after: ASAP

Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's
own umask setting (from ~/.login.conf) unless running with the user's UID.
Therefore, we need to call it again with LOGIN_SETUMASK after changing UID.

PR: bin/176740
Submitted by: John Marshall <john.marshall@riverwillow.com.au>
MFC after: 1 week

Partially revert r247892 and r247904 since our strnvis() does not
behave the way OpenSSH expects.

Remove strnvis(), strvis(), strvisx().

Explicitly disable lastlog, utmp and wtmp.

Upgrade OpenSSH to 6.1p1.

MFV (r237567):

Fetch both ECDSA and RSA keys by default in ssh-keyscan(1).

Approved by: des
Obtained from: OpenSSH portable
MFC after: 1 week

OpenSSH: allow VersionAddendum to be used again

Prior to this, setting VersionAddendum will be a no-op: one will
always have BASE_VERSION + " " + VERSION_HPN for VersionAddendum
set in the config and a bare BASE_VERSION + VERSION_HPN when there
is no VersionAddendum is set.

HPN patch requires both parties to have the "hpn" inside their
advertized versions, so we add VERSION_HPN to the VERSION_BASE
if HPN is enabled and omitting it if HPN is disabled.

VersionAddendum now uses the following logics:
* unset (default value): append " " and VERSION_ADDENDUM;
* VersionAddendum is set and isn't empty: append " "
and VersionAddendum;
* VersionAddendum is set and empty: don't append anything.

Approved by: des
Reviewed by: bz
MFC after: 3 days

Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:

Extend the so far IPv4-only support for multiple routing tables (FIBs)
introduced in r178888 to IPv6 providing feature parity.

This includes an extended rtalloc(9) KPI for IPv6, the necessary
adjustments to the network stack, and user land support as in netstat.

Sponsored by: Cisco Systems, Inc.
Reviewed by: melifaro (basically)
MFC after: 10 days

Polish diff against upstream.

- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.

Approved by: des
MFC after: 1 month

Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.

MFC after: 1 week

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Belatedly regenerate after application of the HPN patch.

Remove the svn:keywords property and restore the historical $FreeBSD$ tag.

Approved by: re (kib)
MFC after: 3 weeks

Fix two more $FreeBSD$ keywords.

Reported by: pluknet
Approved by: re (implicit)

Enable keyword expansion for $FreeBSD$ on files where it was added it
r224638.

Submitted by: bz
Approved by: re (implicit)
Point hat to: brooks

Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links). Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher. The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line. Additionally, the None cypher will only be activated after
authentication is complete. To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by: bz
Approved by: re (kib), des (maintainer)

With retirement of cpumask_t and usage of cpuset_t for representing a
mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient.

Remove them and replace their usage with custom pc_cpuid magic (as,
atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and
pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))).

This change is not targeted for MFC because of struct pcpu members
removal and dependency by cpumask_t retirement.

MD review by: marcel, marius, alc
Tested by: pluknet
MD testing by: marcel, marius, gonzo, andreast

etire the cpumask_t type and replace it with cpuset_t usage.

This is intended to fix the bug where cpu mask objects are
capped to 32. MAXCPU, then, can now arbitrarely bumped to whatever
value. Anyway, as long as several structures in the kernel are
statically allocated and sized as MAXCPU, it is suggested to keep it
as low as possible for the time being.

Technical notes on this commit itself:
- More functions to handle with cpuset_t objects are introduced.
The most notable are cpusetobj_ffs() (which calculates a ffs(3)
for a cpuset_t object), cpusetobj_strprint() (which prepares a string
representing a cpuset_t object) and cpusetobj_strscan() (which
creates a valid cpuset_t starting from a string representation).
- pc_cpumask and pc_other_cpus are target to be removed soon.
With the moving from cpumask_t to cpuset_t they are now inefficient
and not really useful. Anyway, for the time being, please note that
access to pcpu datas is protected by sched_pin() in order to avoid
migrating the CPU while reading more than one (possible) word
- Please note that size of cpuset_t objects may differ between kernel
and userland. While this is not directly related to the patch itself,
it is good to understand that concept and possibly use the patch
as a reference on how to deal with cpuset_t objects in userland, when
accessing kernland members.
- KTR_CPUMASK is changed and now is represented through a string, to be
set as the example reported in NOTES.

Please additively note that no MAXCPU is bumped in this patch, but
private testing has been done until to MAXCPU=128 on a real 8x8x2(htt)
machine (amd64).

Please note that the FreeBSD version is not yet bumped because of
the upcoming pcpu changes. However, note that this patch is not
targeted for MFC.

People to thank for the time spent on this patch:
- sbruno, pluknet and Nicholas Esborn (nick AT desert DOT net) tested
several revision of the patches and really helped in improving
stability of this work.
- marius fixed several bugs in the sparc64 implementation and reviewed
patches related to ktr.
- jeff and jhb discussed the basic approach followed.
- kib and marcel made targeted review on some specific part of the
patch.
- marius, art, nwhitehorn and andreast reviewed MD specific part of
the patch.
- marius, andreast, gonzo, nwhitehorn and jceel tested MD specific
implementations of the patch.
- Other people have made contributions on other patches that have been
already committed and have been listed separately.

Companies that should be mentioned for having participated at several
degrees:
- Yahoo! for having offered the machines used for testing on big
count of CPUs.
- The FreeBSD Foundation for having sponsored my devsummit attendance,
which has been instrumental.
- Sandvine for having offered offices and infrastructure during
development.

(I really hope I didn't forget anyone, if it happened I apologize in
advance).

Merge two upstream patches from vendor branch. No functional changes.

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.6p1.

Forgot to svn rm this when I imported 5.4p1.

Remove copyright strings printed at login time via login(1) or sshd(8).
It is not clear to what this copyright should apply, and this is in line
with what other operating systems do.

For ssh specifically, printing of the copyright string is not in the
upstream version so this reduces our FreeBSD-local diffs.

Approved by: core, des (ssh)

More commas

Missing commas

Fix .Dd line: FreeBSD's mdoc code doesn't understand OpenBSD's $Mdocdate$.

MFC after: 3 days

Merger of the quota64 project into head.

This joint work of Dag-Erling Smørgrav and myself updates the
FFS quota system to support both traditional 32-bit and new 64-bit
quotas (for those of you who want to put 2+Tb quotas on your users).

By default quotas are not compiled into the kernel. To include them
in your kernel configuration you need to specify:

options QUOTA # Enable FFS quotas

If you are already running with the current 32-bit quotas, they
should continue to work just as they have in the past. If you
wish to convert to using 64-bit quotas, use `quotacheck -c 64';
if you wish to revert from 64-bit quotas back to 32-bit quotas,
use `quotacheck -c 32'.

There is a new library of functions to simplify the use of the
quota system, do `man quotafile' for details. If your application
is currently using the quotactl(2), it is highly recommended that
you convert your application to use the quotafile interface.
Note that existing binaries will continue to work.

Special thanks to John Kozubik of rsync.net for getting me
interested in pursuing 64-bit quota support and for funding
part of my development time on this project.

Upgrade to OpenSSH 5.5p1.

Enhance r199804 by marking the daemonised child as immune to OOM instead
of short-living parent. Only mark the master process that accepts
connections, do not protect connection handlers spawned from inetd.

Submitted by: Mykola Dzham <i levsha me>
Reviewed by: attilio
MFC after: 1 week

Upgrade to OpenSSH 5.4p1.

MFC after: 1 month

Add a missing $FreeBSD$ string.

I was requested to add this string to any file that was modified by my
commit, which I forgot to do so.

Requested by: des

Make OpenSSH work with utmpx.

- Partially revert r184122 (sshd.c). Our ut_host is now big enough to
fit proper hostnames.

- Change config.h to match reality.

- defines.h requires UTMPX_FILE to be set by <utmpx.h> before it allows
the utmpx code to work. This makes no sense to me. I've already
mentioned this upstream.

- Add our own platform-specific handling of lastlog. The version I will
send to the OpenSSH folks will use proper autoconf generated
definitions instead of `#if 1'.

Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month

Fix globbing

Noticed by: delphij, David Cornejo <dave@dogwood.com>
Forgotten by: des

Remove dupe.

Expand $FreeBSD$

Add more symbols that need to be masked:

- initialized and uninitialized data
- symbols from roaming_dummy.c which end up in pam_ssh

Update the command line used to generate the #defines.

Upgrade to OpenSSH 5.3p1.

Update and remove CVS-specific items

Approved by: re (kib)

Use the closefrom(2) system call.

Reviewed by: des

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

At some point, construct_utmp() was changed to use realhostname() to fill
in the struct utmp due to concerns about the length of the hostname buffer.
However, this breaks the UseDNS option. There is a simpler and better
solution: initialize utmp_len to the correct value (UT_HOSTSIZE instead of
MAXHOSTNAMELEN) and let get_remote_name_or_ip() worry about the size of the
buffer.

PR: bin/97499
Submitted by: Bruce Cran <bruce@cran.org.uk>
MFC after: 1 week

Our groff doesn't understand $Mdocdate$, so replace them with bare dates.

MFC after: 3 days

MFV "xmalloc: zero size" fix.

MFC after: 1 week

Remove some unused files.

Set SIZEOF_LONG_INT and SIZEOF_LONG_LONG_INT to plausible values. They
aren't used for anything, but that's no excuse for being silly.

Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED.
Submitted upstream, no reaction.

Submitted by: delphij@
MFC after: 2 weeks

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Remove svn:keywords except on files that need it. This makes diffs
against the vendor branch much more readable.

Another file with no local changes.

"This time for sure!"

Another file with no local changes.

Another four files without local changes. This is driving me nuts -
every time I think I got them all, another one pops up.

Yet another file with no local changes.

Accidentally mangled this one in the previous commit.

More files which no longer have any local changes.

These two files have no local patches except to prevent expansion of the
original $FreeBSD$ keywords. Revert those changes, and simply disable
keyword expansion.

Last remains of old OPIE patch

We no longer have any local changes here.

Consistently set svn:eol-style.

Tag expansion is no longer needed (svn handles them correctly).
Add svn command to diff against vendor branch.

This is no longer needed.

Cleanup.

Ugh. Set svn:mergeinfo correctly.

Catch up with reality.

Revert an old hack I put in to replace S/Key with OPIE. We haven't used
that code in ages - we use pam_opie(8) instead - so this is a NOP.

Add missing #include for strlen()

Advance merge point.

Fix alignment of the cmsg buffer by placing it in a union with a struct
cmsghdr. Derived from upstream patch.

Submitted by: cognet
MFC after: 2 weeks

Remove a bunch of files we don't need to build OpenSSH. They are still
available in base/vendor-crypto/openssh/dist/.

Bootstrap svn:mergeinfo.

Fix the Xlist so it actually works with 'tar -X', and update the upgrade
instructions accordingly.

As per discussion, commit experimental metadata for my contrib packages.
The idea is to have a FREEBSD-vendor file for every third-party package
in the tree.

s/X11R6/local/g

Resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r164146,
which included commits to RCS files with non-trunk default branches.

Don't define XAUTH_PATH here, we either pass it in on the compiler command
line or rely on the built-in default.

Go figure how an extra $Id$ line crept in...

Merge vendor patch.

Tweak ifdefs for backward compatibility.

Regenerate; no effect on the code as it doesn't actually use the handful of
conditionals that changed in this revision.

Update configure options and add some missing steps.
The section about our local changes needs reviewing, and some of those
changes should probably be reconsidered (such as preferring DSA over RSA,
which made sense when RSA was encumbered but probably doesn't any more)

Regenerate.

MFC after: 1 week

#include <errno.h>; this has the unfortunate side effect of taking the file
off the vendor branch.

MFC after: 1 week

Removed from vendor branch.

MFC after: 1 week

Bump version addendum.

MFC after: 1 week

Merge conflicts.

MFC after: 1 week

This commit was generated by cvs2svn to compensate for changes in r162852,
which included commits to RCS files with non-trunk default branches.

Merge vendor patch for BSM problem in protocol version 1.

MFC after: 1 week

Our glob(3) has all the required features.

Submitted by: ache

Revert inadvertant commit of debugging code.

Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by: lukem@netbsd.org
MFC after: 6 weeks

Fix utmp. There is some clever logic in configure.ac which attempts to
determine whether struct utmp contains the ut_host and ut_time fields.
Unfortunately, it reports a false negative for both on FreeBSD, and I
didn't check the resulting config.h closely enough to catch the error.

Noticed by: ache

Regenerate.

Merge conflicts.

This commit was generated by cvs2svn to compensate for changes in r157016,
which included commits to RCS files with non-trunk default branches.

Reimplementation of world/kernel build options. For details, see:

http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)

Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)

Regenerate

Resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r149749,
which included commits to RCS files with non-trunk default branches.

fine-tune.

Forgot to bump the version addendum.

Regenerate.

Resolve conflicts.

Update for 4.1p1.

This commit was generated by cvs2svn to compensate for changes in r147001,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r146998,
which included commits to RCS files with non-trunk default branches.

Rewrite some of the regexps so they don't match themselves.

Better Xlist command line.

Resolve conflicts

This commit was generated by cvs2svn to compensate for changes in r137015,
which included commits to RCS files with non-trunk default branches.

These are unnecessary and have been causing imp@ trouble.

Regenerate.

One more conflict.

Resolve conflicts.

Adjust version number and addendum.

This commit was generated by cvs2svn to compensate for changes in r128456,
which included commits to RCS files with non-trunk default branches.

Correctly document the default value of UsePAM.

Update VersionAddendum in config files and man pages.

Define HAVE_GSSAPI_H.

Regenerate.

Document recently changed configuration defaults.

Resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r126274,
which included commits to RCS files with non-trunk default branches.

Merge OpenSSH 3.8p1.

Prepare for upcoming 3.8p1 import.

Pull asbesthos underpants on and disable protocol version 1 by default.

Turn non-PAM password authentication off by default when USE_PAM is
defined. Too many users are getting bitten by it.

Update the "overview of FreeBSD changes to OpenSSH-portable" to reflect
reality.

Work around removal of EAI_NODATA from netdb.h.

This commit was generated by cvs2svn to compensate for changes in r124287,
which included commits to RCS files with non-trunk default branches.

Egg on my face: UsePAM was off by default.

Pointed out by: Sean McNeil <sean@mcneil.com>

Regenerate config.h; I don't know why this didn't hit CVS yesterday.

Update to reflect changes since the last version.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

This commit was generated by cvs2svn to compensate for changes in r124208,
which included commits to RCS files with non-trunk default branches.

Merge OpenSSH 3.7.1p2.

Add a missing word.

Submitted by: Michel Lavondes <fox@vader.aacc.cc.md.us>
Reviewed by: des
MFC after: 1 week

Plug a memory leak in the PAM child process. It is of no great consequence
as the process is short-lived, and the leak occurs very rarely and always
shortly before the process terminates.

MFC after: 3 days

This commit was generated by cvs2svn to compensate for changes in r120489,
which included commits to RCS files with non-trunk default branches.

Additional corrections to OpenSSH buffer handling.

Obtained from: openssh.org
Originally committed to head by: nectar

Update version string.

Remove bogus calls to xfree().

resp is a pointer to an array of structs, not an array of pointers to structs.

Return the correct error value when a null query fails.

Fix broken shell code.

This commit was generated by cvs2svn to compensate for changes in r120161,
which included commits to RCS files with non-trunk default branches.

Correct more cases of allocation size bookkeeping being updated before
calling functions which can potentially fail and cause cleanups to be
invoked.

Submitted by: Solar Designer <solar@openwall.com>

Update the OpenSSH addendum string for the buffer handling fix.

This commit was generated by cvs2svn to compensate for changes in r120113,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r116791,
which included commits to RCS files with non-trunk default branches.

Fix off-by-one and initialization errors which prevented sshd from
restarting when sent a SIGHUP.

Submitted by: tegge
Approved by: re (jhb)

Revert unnecessary part of previous commit.

Rename a few functions to avoid stealing common words (error, log, debug
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.

Approved by: re (rwatson)

Remove RCSID from files which have no other diffs to the vendor branch.

Nit.

Improvements to the proposed shell code.

Regenerate.

Resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r113908,
which included commits to RCS files with non-trunk default branches.

- when using a child process instead of a thread, change the child's
name to reflect its role
- try to handle expired passwords a little better

MFC after: 1 week

If an ssh1 client initiated challenge-response authentication but did
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.

Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.

MFC after: 1 week

Paranoia: instead of a NULL conversation function, use one that always
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.

MFC after: 3 days

document the current default value for VersionAddendum.

Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.

MFC after: 3 days

The manual page lists only 2 files, however it reads as `three files' which is
obviously incorrect.

PR: 46841
Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>

Linux-PAM's pam_start(3) fails with a bogus error message if passed the
pam_conv argument is NULL. OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.

Pointed out by: Damien Miller <djm@mindrot.org>

Bump patch date to 2003-02-01 (the day after I fixed PAM authentication
for ssh1)

Fix keyboard-interactive authentication for ssh1. The problem was twofold:

- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.

- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.

These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.

Sponsored by: DARPA, NAI Labs

Force early initialization of the resolver library, since the resolver
configuration files will no longer be available once sshd is chrooted.

PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days

The previous commit contained a stupid mistake: ctxt->pam_[cp]sock was
initialized after the call to pthread_create() instead of before. It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.

If possible, use pthreads instead of a child process for PAM.

Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread. If
a child process is used instead, they will (necessarily) use a separate
context.

Constify do_pam_account() and do_pam_session().

Sponsored by: DARPA, NAI Labs

Add a missing #include "canohost.h".

Remove code related to the PAMAuthenticationViaKbdInt option (which we've
disabled). This removes the only reference to auth2_pam().

Back out a lastlog-related change which is no longer relevant.

Fix a rounding error in the block size calculation.

Submitted by: tjr

Since OpenSSH drops privileges before calling pam_open_session(3),
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.

Approved by: re (rwatson)

Add caveats regarding the effect of PAM on PasswordAuthentication and
PermitRootLogin.

PR: docs/43776
MFC after: 1 week

Document the current default for VersionAddendum.

Accurately reflect our local changes and additions.

Document the current default value for VersionAddendum.

Switch to two-clause license, with NAI's permission.

Resolve conflicts.

Protect against tag expansion + fix some brainos.

Some tricks I use when I upgrade.

Correct shell code to expand globs in FREEBSD-Xlist

More cruft.

This commit was generated by cvs2svn to compensate for changes in r106121,
which included commits to RCS files with non-trunk default branches.

sshd didn't handle actual size of struct sockaddr correctly,
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.

Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days

Fix typo (s@src/crypto/openssh-portable@src/crypto/openssh@).

Do login cap calls _before_ descriptors are hardly closed because close may
invalidate login cap descriptor.

Reviewed by: des

Use login_getpwclass() instead of login_getclass() so that the root
vs. default login class distinction is made correctly.

PR: 37416
Approved by: des
MFC after: 4 days

FreeBSD doesn't use the host RSA key by default.

Reviewed by: des

Problems addressed:

1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.

Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)

Document the FreeBSD default for CheckHostIP, which was changed in
rev 1.2 of readconf.c.

Approved by: des

Whitespace nit.

In pam_init_ctx(), register a cleanup function that will kill the child
process if a fatal error occurs. Deregister it in pam_free_ctx().

Use realhostname_sa(3) so the IP address will be used instead of the
hostname if the latter is too long for utmp.

Submitted by: ru
MFC after: 3 days

Do not try to use PAM for password authentication, as it is
already (and far better) supported by the challenge/response
authentication mechanism.

Don't forget to clear the buffer before reusing it.

Rewrite to use the buffer API instead of roll-your-own messaging.

Suggested by: Markus Friedl <markus@openbsd.org>
Sponsored by: DARPA, NAI Labs

(forgot to commit) We don't need --with-opie since PAM takes care of it.

- Don't enable OpenSSH's OPIE support, since we let PAM handle OPIE.

- We don't have setutent(3) etc., and I have no idea why configure ever
thought we did.

Two FreeBSD-specific nits in comments:
- ChallengeResponseAuthentication controls PAM, not S/Key
- We don't honor PAMAuthenticationViaKbdInt, because the code path it
controls doesn't make sense for us, so don't mention it.

Sponsored by: DARPA, NAI Labs

Version bump for mm_answer_pam_respond() fix.

Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if
PAM authentication failed due to an incorrect response.

Forgot to update the addendum in the config files.

Regenerate.

<sys/mman.h> requires <sys/types.h>.

Resolve conflicts.

Sponsored by: DARPA, NAI Labs

This commit was generated by cvs2svn to compensate for changes in r99060,
which included commits to RCS files with non-trunk default branches.

Commit config.h so we don't need autoconf to build world.

OpenBSD lifted this code our tree. Preserve the original CVS id.

Use our __RCSID().

Make sure the environment variables set by setusercontext() are passed on
to the child process.

Reviewed by: ache
Sponsored by: DARPA, NAI Labs

Canonicize the host name before looking it up in the host file.

Sponsored by: DARPA, NAI Labs

Apply class-imposed login restrictions.

Sponsored by: DARPA, NAI Labs

PAM support, the FreeBSD way.

Sponsored by: DARPA, NAI Labs

Document FreeBSD defaults.

Sponsored by: DARPA, NAI Labs

Document FreeBSD defaults and paths.

Sponsored by: DARPA, NAI Labs

Remove duplicate.

Apply FreeBSD's configuration defaults.

Sponsored by: DARPA, NAI Labs

Add the VersionAddendum configuration variable.

Sponsored by: DARPA, NAI Labs

Support OPIE as an alternative to S/Key.

Sponsored by: DARPA, NAI Labs

Document the upgrade process.

Files we don't want to import.

Forcibly revert to mainline.

This commit was generated by cvs2svn to compensate for changes in r98937,
which included commits to RCS files with non-trunk default branches.

remove declaration of authlog
use variable from_host
Reviewed by: des

IPv4or6 is already defined in libssh.

Resolve conflicts and document local changes.

Correctly export the environment variables set by setusercontext().

Sponsored by: DARPA, NAI Labs

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

This commit was generated by cvs2svn to compensate for changes in r98675,
which included commits to RCS files with non-trunk default branches.

Remove _PATH_CP now that it is defined in paths.h

Reviewed by: des

Usual after-import fixup of SCM IDs.

Back out previous commit.

Change default challenge/response behavior of sshd by popular demand.
This brings us into sync with the behavior of sshd on other Unix platforms.

Submitted by: Joshua Goodall <joshua@roughtrade.net>

1) Proberly conditionalize PAM "last login" printout.
2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block,
narrow it down.
3) Don't check the same conditions twice (for "copyright" and "welcome"),
put them under single block.
4) Print \n between "copyright" and "welcome" as our login does.

Reviewed by: des (1)

Don't report last login time in PAM case. (perforce change 10057)

Sponsored by: DARPA, NAI Labs

Fix warnings + wait for child so it doesn't go zombie (perforce change 10122)

Move LOGIN_CAP calls before all file descriptors are closed hard, since some
descriptors may be used by LOGIN_CAP internally, add login_close().

Use "nocheckmail" LOGIN_CAP capability too like our login does.

Fix TZ & TERM handling for use_login case of rev. 1.24

1) Surprisingly, "CheckMail" handling code completely removed from this
version, so documented "CheckMail" option exists but does nothing.
Bring it back to life adding code back.

2) Cosmetique. Reduce number of args in do_setusercontext()

1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old
code merge.

2) In addition honor "timezone" and "term" capabilities from login.conf,
not overwrite them once they set (they are TZ and TERM variables).

Please repeat after me: setusercontext() modifies _current_ environment, but
sshd uses separate child_env. So, to make setusercontext() really does
something, environment must be switched before call and passed to child_env
back after it.

The error here was that modified environment not passed back to child_env,
so all variables that setusercontext() adds are lost, including ones from
~/.login_conf

Fix some warnings. Don't record logins twice in USE_PAM case. Strip
"/dev/" off the tty name before passing it to auth_ttyok or PAM.

Inspired by: dinoex
Sponsored by: DARPA, NAI Labs

Back out previous backout. It seems I was right to begin with, and DSA is
preferrable to RSA (not least because the SECSH draft standard requires
DSA while RSA is only recommended).

Knowledgeable persons assure me that RSA is preferable to DSA and that we
should transition away from DSA.

Prefer DSA to RSA if both are available.

Do not attempt to load an ssh2 RSA host key by default.

Align for const poisoning in -lutil.

Nuke stale copy of the pam_ssh(8) source code.

Revert to vendor version, what little was left of our local patches here
was incorrect.

Pointed out by: Markus Friedl <markus@openbsd.org>

Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens
the version string to 28 characters, which is below the 40-character limit
specified in the proposed SECSH standard. Some servers, however (like the
one built into the Foundry BigIron line of switches) will hang when
confronted with a version string longer than 24 characters, so some users
may need to shorten it further.

Sponsored by: DARPA, NAI Labs

Make the various ssh clients understand the VersionAddendum option.

Submitted by: pb

Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)

Reviewed by: bde

REALLY correct typo this time.

Noticed by: roam

Fix typo (missing paren) affecting KRB4 && KRB5 case.

Approved by: des

We keep moduli(5) in /etc/ssh, not /etc.

Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.

Sponsored by: DARPA, NAI Labs

Use the "sshd" service instead of "csshd". The latter was only needed
because of bugs (incorrect design decisions, actually) in Linux-PAM.

Sponsored by: DARPA, NAI Labs

Use PAM instead of S/Key (or OPIE) for SSH2.

Sponsored by: DARPA, NAI Labs

Note that portions of this software were

Sponsored by: DARPA, NAI Labs

- Change the prompt from "S/Key Password: " to "OPIE Password: "

- If the user doesn't have an OPIE key, don't challenge him. This is
a workaround until I get PAM to work properly with ssh2.

Sponsored by: DARPA, NAI Labs

Unbreak for KRB4 ^ KRB5 case.

Sponsored by: DARPA, NAI Labs

Revive this file (which is used for opie rather than skey)

Fix conflicts.

This commit was generated by cvs2svn to compensate for changes in r92555,
which included commits to RCS files with non-trunk default branches.

Diff reduction.

Sponsored by: DARPA, NAI Labs

Update version string.

Fix off-by-one error.

Obtained from: OpenBSD

Use login_getpwclass() instead of login_getclass() so that default
mapping of user login classes works.

Obtained from: TrustedBSD project
Sponsored by: DARPA, NAI Labs

Make libssh.so useable (undefined reference to IPv4or6).

Reviewed by: des, markm
Approved by: markm

Fix a coredump bug occurring if ssh-keygen attempts to change the password
on a DSA key.

Submitted by: ian j hart <ianjhart@ntlworld.com>

Update version string since we applied a fix for the UseLogin issue.

Do not pass user-defined environmental variables to /usr/bin/login.

Obtained from: OpenBSD
Approved by: green

In the "UseLogin yes" case we need env to be NULL to make sure it
will be correctly initialised.

PR: 32065
Tested by: The Anarcat <anarcat@anarcat.dyndns.org>
MFC after: 3 days

Modify a "You don't exist" message, pretty rude for transient YP failures.

fix renamed options in some of the code that was #ifdef AFS
also print an error if krb5 ticket passing is disabled

Submitted by: Jonathan Chen <jon@spock.org>

Backout last change. I didnt follow the thread and made a mistake
with this. localisations is a valid spelling. Oops

Correctly spell localizations

Update the OpenSSH minor-version string.

Requested by: obrien
Reviewed by: rwatson

Bug fix: When the client connects to a server and Kerberos
authentication is enabled, the client effectively ignores any error
from krb5_rd_rep due to a missing branch.

In theory this could result in an ssh client using Kerberos 5
authentication accepting a spoofed AP-REP. I doubt this is a real
possiblity, however, because the AP-REP is passed from the server to
the client via the SSH encrypted channel. Any tampering should cause
the decryption or MAC to fail.

Approved by: green
MFC after: 1 week

Fix an incorrect conflict resolution which prevented TISAuthentication
from working right in 2.9.

Also add a colon to "Bad passphrase, please try again ".

Put in a missing colon in the "Enter passphrase" message.

Back out the last change which is probably actually a red herring. Argh!

Don't pointlessly kill a channel because the first (forced)
non-blocking read returns 0.

Now I can finally tunnel CVSUP again...

(do_authloop): handle !KRB4 && KRB5

Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does
not imply that you want, need or have kerberosIV headers.

Enable Kerberos 5 support in sshd again.

Switch to the user's uid before attempting to unlink the auth forwarding
file, nullifying the effects of a race.

Obtained from: OpenBSD

Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason.

Restore the RSA host key to /etc/ssh/ssh_host_key.
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.

If a host would exceed 16 characters in the utmp entry, record only
it's IP address/base host instead.

Submitted by: brian

mdoc(7) police: finished fixing conflicts in revision 1.18.

Fix make world in the kerberosIV case.

Fix some of the handling in the pam module, don't unregister things
that were never registered. At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.

Since PAM is broken, let pam_setcred() failure be non-fatal.

sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.

Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates.
(Missing Delta Brigade, tally-ho!)

Get ssh(1) compiling with MAKE_KERBEROS5.

Remove obsoleted files.

Fix conflicts for OpenSSH 2.9.

This commit was generated by cvs2svn to compensate for changes in r76259,
which included commits to RCS files with non-trunk default branches.

Add a "VersionAddendum" configuration setting for sshd which allows
anyone to easily change the part of the OpenSSH version after the main
version number. The FreeBSD-specific version banner could be disabled
that way, for example:

# Call ourselves plain OpenSSH
VersionAddendum

Backout completely canonical lookup modifications.

Suggested by kris, OpenSSH shall have a version designated to note that
it's not "plain" OpenSSH 2.3.0.

Make password attacks based on traffic analysis harder by requiring that
"non-echoed" characters are still echoed back in a null packet, as well
as pad passwords sent to not give hints to the length otherwise.

Obtained from: OpenBSD

Fix double mention of ssh.

This file is already off the vendorbranch, nonetheless it needs to be
submitted back to the OpenSSH people.

PR: 25743
Submitted by: David Wolfskill <dhw@whistle.com>

Don't dump core when an attempt is made to login using protocol 2 with
an invalid user name.

(try_krb5_authentication): simplify code. from joda@netbsd.org

Fix LP64 problem in Kerberos 5 TGT passing.

Obtained from: NetBSD (done by thorpej@netbsd.org)

Reenable the SIGPIPE signal handler default in all cases for spawned
sessions.

Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR: misc/20504

Make ConnectionsPerPeriod non-fatal for real.

update to new heimdal libkrb5

Patches backported from later development version of OpenSSH which prevent
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by: rwatson

Correctly fill in the sun_len for a sockaddr_sun.

Submitted by: Alexander Leidinger <Alexander@leidinger.net>

MFS: Don't use the canonical hostname here, too.

MFF: Make ConnectionsPerPeriod usage a warning, not fatal.

Actually propagate back to the rest of the application that a command
was specified when using -t mode with the SSH client.

Submitted by: Dima Dorfman <dima@unixfreak.org>

/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
and giving a dire error to its lingering users.

Fix a long-standing bug that resulted in a dropped session sometimes
when an X11-forwarded client was closed. For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really). Set SIGPIPE's handler to SIG_IGN.

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Forgot to remove the old line in the last commit.

This commit was generated by cvs2svn to compensate for changes in r69587,
which included commits to RCS files with non-trunk default branches.

Remove duplicate line

Not responded to by: kris, then green

In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
back to the original environ unconditionally. The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set. Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR: bin/22670
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>

Correct an arguement to ssh_add_identity, this matches what is currently
in ports/security/openssh/files/pam_ssh.c

PR: 22164
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by: green
Approved by: green

Add login_cap and login_access support. Previously, these FreeBSD-local
checks were only made when using the 1.x protocol.

This commit was generated by cvs2svn to compensate for changes in r68700,
which included commits to RCS files with non-trunk default branches.

Fix a few style oddities.

Fix a goof in timevaldiff.

Remove files no longer present in OpenSSH 2.2.0 and beyond

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

This commit was generated by cvs2svn to compensate for changes in r65668,
which included commits to RCS files with non-trunk default branches.

Nuke RSAREF support from orbit.

It's the only way to be sure.

ttyname was not being passed into do_login(), so we were erroneously picking
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by: peter

bzero() the struct timeval for paranoia

Submitted by: gshapiro

Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
was using this feature.

Repair a broken conflict resolution in r1.2 which had the effect of nullifying
the login_cap and login.access checks for whether a user/host is allowed
access to the system for users other than root. But since we currently don't
have a similar check in the ssh2 code path anyway, it's um, "okay".

Submitted by: gshapiro

Repair my dyslexia: s/opt/otp/ in the OPIE challenge. D'oh!

Submitted by: gshapiro

Re-add missing "break" which was lost during a previous patch
integration. This currently has no effect.

Submitted by: gshapiro

Turn on X11Forwarding by default on the server. Any risk is to the client,
where it is already disabled by default.

Reminded by: peter

Increase the default value of LoginGraceTime from 60 seconds to 120
seconds.

PR: 20488
Submitted by: rwatson

Respect X11BASE to derive the location of xauth(1)

PR: 17818
Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>

Chalk up another phkmalloc victim.

It seems as if uninitialised memory was the culprit.

We may want to contribute this back to the OpenSSH project.

Submitted by: Alexander Leidinger <Alexander@Leidinger.net> on -current.

Fix a weird typo, is -> are.
The OpenSSH maintainer probably want to contribute this back to the
real OpenSSH guys.

Submitted by: Jon Perkin <sketchy@netcraft.com>

Fixed a minor typo in the header.

Pointed out by: asmodai

Committed, Thanks!!

PR: 20108
Submitted by: Doug Lee

Sync sshd_config with sshd and manapage internal defaults (Checkmail = yes)

Sync LoginGraceTime with sshd_config = 60 seconds by default, not 600.

Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but
sshd's internal default was 'yes'. (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)

Approved by: kris

Make FallBackToRsh off by default. Falling back to rsh by default is
silly in this day and age.

Approved by: kris

Allow restarting on SIGHUP when the full path was not given as argv[0].
We do have /proc/curproc/file :)

So /this/ is what has made OpenSSH's SSHv2 support never work right!
In some cases, limits did not get set to the proper class, but
instead always to "default", because not all passwd copies were
done to completion.

Also make sure to close the socket that exceeds your rate limit.

Make rate limiting work per-listening-socket. Log better messages than
before for this, requiring a new function (get_ipaddr()). canohost.c
receives a $FreeBSD$ line.

Suggested by: Niels Provos <niels@OpenBSD.org>

Fix syntax error in previous commit.

Submitted by: Udo Schweigert <ust@cert.siemens.de>

Fix security botch in "UseLogin Yes" case: commands are executed with
uid 0.

Obtained from: OpenBSD

Make `ssh-agent -k' work for csh(1)-like shells.

Allow "DenyUsers" to function.

Resolve conflicts

This commit was generated by cvs2svn to compensate for changes in r61209,
which included commits to RCS files with non-trunk default branches.

Resolve conflicts

This commit was generated by cvs2svn to compensate for changes in r61206,
which included commits to RCS files with non-trunk default branches.

Bring vendor patches onto the main branch, and resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r61201,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r61199,
which included commits to RCS files with non-trunk default branches.

Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken
from the openssh port)

Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>

Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by: msmith and others

Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by: phk
Reviewed by: phk
Approved by: mdodd

Turn on CheckMail to be more login-compatible by default

Don't USE_PIPES

Spammed by: peter
Submitted by: mkn@uk.FreeBSD.org

Correct two stupid typos in the DSA key location.

Submitted by: Udo Schweigert <ust@cert.siemens.de>

Unbreak Kerberos5 compilation. This still remains untested.

Noticed by: obrien

Oops, rename S/Key to Opie in line with FreeBSD usage.

Create a DSA host key if one does not already exist, and teach sshd_config
about it.

Resolve conflicts and update for FreeBSD.

This commit was generated by cvs2svn to compensate for changes in r60573,
which included commits to RCS files with non-trunk default branches.

Note that X11 Forwarding is off by default.

PR: docs/17566
Submitted by: Keith Stevenson <ktstev01@louisville.edu>

Fix a memory leak.

PR: 17360
Submitted by: Andrew J. Korty <ajk@iu.edu>

#include <ssl/foo.h> -> #include <openssl/foo.h>

Resolve conflicts.

This commit was generated by cvs2svn to compensate for changes in r58582,
which included commits to RCS files with non-trunk default branches.

Use pipe() instead of socketpair() in sshd when communicating
with the client.
This allows ppp/ssh style tunnels to function again.

Ok'd by: markk
Submitted by: markk@knigma.org

Fix a few spelling errors.

IgnoreUserKnownHosts is a boolean flag, not an integer value.

The fix submitted in the attributed PR is identical to the one
adopted by OpenBSD.

PR: 17027
Submitted by: David Malone <dwmalone@maths.tcd.ie>
Obtained from: OpenBSD

Add a new function stub to libcrypto() which resolves to a symbol in
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.

Various manpage style/grammar/formatting cleanups

Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>, jedgar
PR: 17292 (remainder of)

- typos
- Add double spaces following full stops to improve typeset output
- mdoc-ification. (Though I'm uncertain whether option values and
contents should be .Dq or something else).
- Fix a missed /etc/ssh change
- Expand wording on RandomSeed and behaviour when X11 isn't forwarded.
- Change examples to literal mode.
- Trim trailing whitespace

PR: docs/17292
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>

Make LOGIN_CAP work properly.

/etc -> /etc/ssh

Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>

MFI: Use krb5 functions in krb5 files.

Reviewed by: markm

Turn off X11 forwarding in the client. X11 forwarding in the server by
default should probably also get turned on, now.

Requested by: kris
Obtained from: OpenBSD

Enable connection logging. FreeBSD's libwrap is IPv6 ready.
OpenSSH is in our source tree, now. It's a time to enable it.

Reviewed by: markm, shin
Approved by: jkh

1) Add kerberos5 functionality.
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
by Andrey Chernov

Don't put truncated hostnames in utmp

Approved by: jkh

Redo this with a repo copy from the original file and reset the
__PREFIX__ markers.

oops, update path to /etc/ssh/ssh_host_key

Merge from internat.freebsd.org; move ssh files from /etc to /etc/ssh

Fix a bug that crawled in pretty recently (from the port). It made
sshd coredump :(

Fix garbage in SSH_PROGRAM (only on freefall, not internat)

Make "CheckHostIP" default to off. This was proposed on -security and
earlier IRC, but despite my inital feeling against it, this seems
the more proper thing to do.

Proposed by: rwatson

The includes must be <openssl/.*\.h>, not <ssl/.*\.h>.

remove more ports crud.

remove ports junk

Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)

This commit was generated by cvs2svn to compensate for changes in r57429,
which included commits to RCS files with non-trunk default branches.

Upgrade to the pam_ssh module, version 1.1..

(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used. XDM and its variants
should now work without modification. Note that the new code uses
the macros in <sys/queue.h>.

Submitted by: Andrew J. Korty <ajk@iu.edu>

Add the PAM SSH RSA key authentication module. For example, you can add,
"login auth sufficient pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR: 15158
Submitted by: Andrew J. Korty <ajk@waterspout.com>
Reviewed by: obrien