Commit Graph

264 Commits

Author SHA1 Message Date
Andrey A. Chernov
e2101afed1 Fix 3 error with login.conf
1) pw->pw_class was always zero since not copied
2) login_getuserclass() used instead of login_getclass(), so
default class always returned
3) env pointer can be redefined at the moment of setusercontext() call
1997-05-02 20:20:49 +00:00
Peter Wemm
25c2756dd9 Update from ssh-1.2.19 to ssh-1.2.20. All patches applied still, I just
regenerated them to fix the line numbers.  Also, I added two commented out
options in Makefile, one to tell sshd that a group writeable homedir
is OK because all users are in their own group, and the other is to allow
an unencrypted connection (which is dangerous since it can lead to
compromise of keys), but on a secure network it's damn useful for backups
etc.
1997-04-25 05:01:06 +00:00
David E. O'Brien
69ac7b4b06 turn on super 1997-04-24 08:03:31 +00:00
David E. O'Brien
fc543e03c6 Super is a setuid-root program that offers
o  restricted setuid-root access to executables, adjustable
        on a per-program and per-user basis;

    o  a relatively secure environment for scripts, so that well-written
        scripts can be run as root (or some other uid/gid), without
        unduly compromising security.

See pkg/DESCR for a comparson w/sudo.
1997-04-24 08:02:43 +00:00
Wolfram Schneider
df8f6f276f Add virtual category 'perl5'. 1997-04-20 13:53:29 +00:00
Andrey A. Chernov
62128c83d1 Disable extended LOGIN_CAP $MAIL processing until it will be fixed
properly. In old variant /var/mail/root was always checked instead of
/var/mail/<user>
1997-04-16 21:07:36 +00:00
Andrey A. Chernov
29fe1065ad Upgrade to 1.2.19 1997-04-16 19:48:30 +00:00
Joe Greco
e7c49bb4bb Minor correction-
Changed floppy generation code to chmod gunzip to executable by a
better strategic location for the chmod command.  The former code
failed to do this, meaning gunzip couldn't be run from the floppy.

"Ooops".  Yes, I actually do use this code!  Honest!  :-)
1997-04-03 23:09:49 +00:00
Paul Traina
d7a878f85c Back out previous patch, I got confused by an old sshd.conf file 1997-04-01 05:52:30 +00:00
John Polstra
8878e637bd Enable tripwire. 1997-04-01 04:48:08 +00:00
John Polstra
28d7af23c3 Initial import of Joe Greco's tripwire port.
Submitted by:	jgreco@ns.sol.net
1997-04-01 04:44:00 +00:00
Andrey A. Chernov
f742a35be3 Fix argument parsing loop in ssh-agent (original 1.2.18 bug) 1997-04-01 04:17:21 +00:00
Paul Traina
37bbce243a Generate host key in /etc to match the port 1997-04-01 03:34:25 +00:00
Andrey A. Chernov
797920ff49 Upgrade to 1.2.18 1997-03-28 23:30:39 +00:00
David E. O'Brien
206e6779f8 Style problem.
Noticed by:	Satoshi
1997-03-10 17:39:35 +00:00
David E. O'Brien
664188bae7 Restricted: contains crypto -- crypt() 1997-03-09 21:41:56 +00:00
David E. O'Brien
a1db8363e4 John the Ripper is a UNIX password cracker, currently available for UNIX
(tested with Linux x86, FreeBSD x86, Solaris 2.x SPARC, OSF/1 Alpha), DOS,
WinNT/Win95.

    John the Ripper supports the following cracking modes:
    - wordlist with or without rules;
    - "single crack", makes use of the login/GECOS information;
    - incremental, tries all character combinations;
    - external, allows you to define your own cracking mode.
    - MD5 based password files support
1997-03-09 21:34:26 +00:00
David E. O'Brien
2f6d0a15ee Respects ${PREFIX}
Broke up mega-patches into one/file.
1997-03-07 12:33:43 +00:00
David E. O'Brien
2cf0fbdea3 Respects ${PREFIX} 1997-03-07 12:33:01 +00:00
Peter Wemm
2a3d5d6f8f Update from 2.7.2 to 2.7.4
patch-ag is merged into patch-ab - they both patched the same file
patch-ah was included by the author
1997-03-02 03:09:19 +00:00
Andrey A. Chernov
96a7483d0d Add LOGIN_CAP abilities
Submitted by: davidn
1997-02-27 00:44:35 +00:00
Satoshi Asami
81f9bf0731 Add $Id$. 1997-02-06 07:14:48 +00:00
Andrey A. Chernov
c195ec584d Use rsaref from ports for USA
Add more mirrors
1997-02-02 21:45:31 +00:00
Andrey A. Chernov
b9c455742b Install rsa.h too 1997-02-02 21:25:28 +00:00
Andrey A. Chernov
2705181d05 Add rsaref 1997-02-02 20:16:39 +00:00
Andrey A. Chernov
1156f5bc01 encryption/authentication library, RSA/MDX/DES 1997-02-02 20:11:08 +00:00
David E. O'Brien
aabaf706de Minor style nitpick. 1997-02-02 11:11:51 +00:00
David E. O'Brien
d5ae3fb035 Change Makefile more to my likeing. 1997-02-02 02:22:47 +00:00
David E. O'Brien
525d966660 Smoke some crack and pass it on to others.
(ie. turn on crack)
1997-02-02 01:30:51 +00:00
David E. O'Brien
7117a1d4ad This is Alec Muffett's password guessing program.
This version (5.0) supports the 4.4BSD password format, and also FreeBSD's
MD5 style passwords.
1997-02-02 01:28:04 +00:00
Mark Murray
1dc43e3194 Upgrade to 0.6.6 1997-01-13 21:39:44 +00:00
Masafumi Max NAKANE
39591c1e02 New port, strobe:
strobe   is  a  network/security  tool  that  locates  and
describes all listening tcp ports on a (remote) host or on
many hosts in a bandwidth utilisation maximising, and pro-
cess resource minimizing manner.

strobe approximates a parallel finite state machine inter-
nally. In non-linear multi-host mode it attempts to appor-
tion bandwidth and sockets amoung  the  hosts  very  effi-
ciently.   This  can  reap  appreciable gains in speed for
multiple distinct hosts/routes.
Submitted by:	proff@suburbia.net (Julian Assange)
Reviewed & Modified by:	max
(Closing PR #1663.)
1997-01-07 12:20:48 +00:00
Torsten Blum
b22ab3862c make this one compile again 1997-01-05 21:12:27 +00:00
Torsten Blum
e237457b01 fix the clean target to remove *.so and libwrap.so
Pointed-Out by: Wietse Venema <wietse@porcupine.org>
1997-01-03 09:44:56 +00:00
Peter Wemm
67faab29d6 Make one of our changes for -current work on 2.1. In -current, rresvport()
ignores it's argument (it's meaningless, the kernel keeps the state), but
2.1.x use it.  ssh was effectively giving a random port to 2.1.

Originally noticed by: John Polstra <jdp@polstra.com>
1996-12-27 08:42:41 +00:00
Mark Murray
bb25d8f5ea @#$%!! Forgot the MD5 checksum.
Found before: Anyone Else
1996-12-12 06:27:56 +00:00
Mark Murray
53cc1b610c Update to 0.6.5 1996-12-11 20:54:57 +00:00
Masafumi Max NAKANE
86913ca557 No `.' is needed at the end of the reason string for NO_CDROM, NO_PACKAGE,
RESTRICTED or BROKEN.
Pointed-out by:	asami
1996-12-08 01:45:16 +00:00
David E. O'Brien
83d594bc51 Install SSLeay docs into ${PREFIX}/share/doc/SSLeay/...
Submitted by:	Igor Vinokurov <igor@ibank.ru>  (on ports list)
1996-12-03 11:32:53 +00:00
Mark Murray
83f9b19153 Add safe-tcl.
Remembered before: asami
1996-11-27 19:21:03 +00:00
Eric L. Hernes
bb5a7e6eff upgrade to 1.5.3
Submitted by:	Masafumi NAKANE (max@wide.ad.jp)
1996-11-26 15:27:25 +00:00
Satoshi Asami
85ee758a05 Add cops. 1996-11-26 08:59:28 +00:00
Peter Wemm
05c76a48a3 aargh! how did this happen?? USE_DES is *not* supposed to be on by
default, as it needs the secure dist to be installed...
1996-11-25 07:26:28 +00:00
Satoshi Asami
969bf5095a Silently fix up my mistakes so nobody will know what a dork I am. 1996-11-22 00:21:57 +00:00
Adam David
80926da9e8 1.2.16 --> 1.2.17
(new agent forwarding protocol that is said to work this time)
1996-11-20 12:45:59 +00:00
Satoshi Asami
c98cfd116d Compress a bunch of manpages. Remove unnecessary @ directives from
PLISTs.

Note: I know that this is going to break some symlinks and/or .so
includes, I will back some of these out as I run into these during
package building.
1996-11-18 14:17:24 +00:00
Satoshi Asami
300c45cf2e Use MAN? macros. CATEGORIES+= -> CATEGORIES. 1996-11-18 11:44:27 +00:00
Satoshi Asami
95e743d9b7 Use MASTER_SITE_PERL_CPAN. Use MAN? macros. CATEGORIES+= -> CATEGORIES. 1996-11-18 08:47:32 +00:00
David E. O'Brien
d73b963228 Missed that PKGNAME and DISTNAME needed to be switched. 1996-11-18 07:31:46 +00:00
Torsten Blum
e794149dd6 upgrade to 0.20 1996-11-17 20:59:57 +00:00
David E. O'Brien
2d0b362f21 Removed the hardcoded paths and used our variables instead (WRKSRC,PREFIX).
CATEGORIES+= --> CATEGORIES=
1996-11-17 19:29:55 +00:00
James FitzGibbon
2edb6649ef Import of the COPS system security checker.
Reviewed by:	jfitz@FreeBSD.ORG
Submitted by:	 Oliver Oberdorf <oly@world.std.com>
1996-11-17 18:29:57 +00:00
David E. O'Brien
8419c1ad54 CAT_E_GORIES+= -> CAT_E_GORIES= (*everybody*'s a critic :-))
Converted to new MAN[1-9]
Converted to MASTER_SITES= ${MASTER_SITE_PERL_CPAN} where applicable
1996-11-17 07:58:10 +00:00
Satoshi Asami
ecd130a1bd YAFCS 1996-11-16 09:45:06 +00:00
Peter Wemm
bf933b19cc Update 2.7.1 -> 2.7.2. The author used our patches that were not
related to the ports mechanism.
1996-11-15 12:53:24 +00:00
Andrey A. Chernov
fedd4e1e4c Master site path changed 1996-11-14 01:13:57 +00:00
Mark Murray
1845875538 Fix this:
a) Distribution tarball names were broken.
b) doc file md5 was wrong/dist file has changed
c) replace multiple spaces with tabs
1996-11-13 18:15:14 +00:00
Satoshi Asami
4d3eb1451e sudo is moved from sysutils to security.
Forgotten by:	obrien ;)
1996-11-12 05:00:34 +00:00
Andrey A. Chernov
d67a4ad9e9 Remove my ptys patch, because this code is unused, openpty is used instead
Mimic login more closely now:
1) Put usual Copyright line
2) You have mail
1996-11-12 01:47:39 +00:00
Andrey A. Chernov
a13d148e44 Use BSD naming convention for pty names, it fixes two problems:
1) Too many false open syscalls on pty allocation
2) (more serious) ssh not use about half of available ptys
1996-11-12 00:13:38 +00:00
David E. O'Brien
c2eaa16214 Moved sudo from ports/sysutils -> ports/security.
Reviewed by:    Satoshi
1996-11-12 00:05:35 +00:00
Peter Wemm
82e68e552b Add a compile option so that identd will send encrypted cookies out rather
than usernames.  This makes it much more difficult for somebody to "frame"
one of your users.

ie: instead of people getting:
   connect from peter@spinner.DIALix.COM
in their syslogs, they will get this instead:
   connect from [W+rNvCy5FuPV4xEj8thdXIlfD9qNIbzB]@spinner.DIALix.COM

The remote site will have to send it to you to decode it.  When you are
given one of these cookies, you can know for sure it is not faked, and you
don't have to trust the word of the remote sysadmin when arranging your
local lame hacker-type user to meet with an unfortunate incident :-).

This feature is documented in the man pages.

Also, fix an apparent bug in the code that deals with this, but it might
be a feature of the version of libdes we have on FreeBSD.

Requested by: markm (a fair while ago)
1996-11-05 18:23:42 +00:00
Peter Wemm
c1ffabdc3c Fix bug in man page path substitution.
(it used to come out as /usr/local/identd)
1996-11-05 16:41:44 +00:00
Andrey A. Chernov
4a2478071f Change syslog facility from DAEMON to AUTH 1996-11-02 00:18:49 +00:00
Andrey A. Chernov
d1940f107c Upgrade to 2.7.1 1996-10-31 00:13:07 +00:00
Masafumi Max NAKANE
b90d145e88 Activated vscan. 1996-10-27 10:11:19 +00:00
Masafumi Max NAKANE
b3cf8f355e Mcafee VirusScan 1.0.2.
Submitted by:	David O'Brien <obrien@cs.ucdavis.edu>
(Closing PR #1718.)
1996-10-27 10:08:48 +00:00
Andrey A. Chernov
d6d04d104d Use system shared libgmp now 1996-10-24 23:46:15 +00:00
James FitzGibbon
b8c06517e3 Add RUN_DEPENDS to all perl5 ports, to make packages install perl.
Submitted by:	asami@freebsd.org
1996-10-24 09:59:32 +00:00
James FitzGibbon
eb2a4771fd Update for new perl5 ports 1996-10-24 08:38:44 +00:00
James FitzGibbon
072d72d794 perl5 module to work with PGP messages. 1996-10-24 08:38:37 +00:00
James FitzGibbon
b836b50aa4 perl5 interface to the RSA Data Security Inc. MD5 Message-Digest Algorithm 1996-10-24 08:37:23 +00:00
James FitzGibbon
04860148c3 perl5 interface to IDEA block cipher. 1996-10-24 08:35:48 +00:00
James FitzGibbon
1e8ba55efa perl5 interface to DES block cipher. 1996-10-24 08:33:54 +00:00
Andrey A. Chernov
3c3ae1773e It fixes a really annoying error
reporting bug which happens if the remote end uses tcp_wrappers to control
sshd access (it says something like "read: no such file or directory" or
"read: permission denied" instead of "connection closed").  I already sent it
in to the ssh mailing list.
Submitted by: fenner
1996-10-17 23:00:41 +00:00
Masafumi Max NAKANE
f005e69fa5 Changed flags for ln in the install: target in the Makefile to -s to -fs.
Noticed by:	asami
1996-10-16 08:15:19 +00:00
Satoshi Asami
a1a6d48072 Change NO_PACKAGE to RESTRICTED, we don't even want to redistribute the
distfile.
1996-10-16 08:13:48 +00:00
Andrey A. Chernov
dfd4904911 Upgrade to official 1.2.16
Fix PLIST
1996-10-16 04:56:12 +00:00
Satoshi Asami
95137d2010 Oh my goodness! Satoshi is finally fed up and decided to "clean up"
all the COMMENTs!  No package names, no version numbers, no "this is
absolutix-3.1.2" type comments that have zero information contents.

Now, without any bad examples to follow, nobody has an excuse to import
a port with those kind of comments. :)

Phew!  238 ports modified!
1996-10-10 05:05:35 +00:00
Mark Murray
63eefc4274 Update to 0.6.4
Submitted by:Jeremy Prior <jez@netcraft.co.uk> (sorry I took so long!)
1996-09-24 18:03:54 +00:00
Masafumi Max NAKANE
9cd9d5ef35 Added donkey to SUBDIR. 1996-09-19 13:34:06 +00:00
Masafumi Max NAKANE
bbaf199dcb An alternative for S/KEY's key command. 1996-09-19 11:33:49 +00:00
Gary Palmer
6c2e1c651d From the README:
TIS has recently instituted a registration policy for access to the freely
available toolkit. We have added this additional step to ensure that you
are aware that, while this software is freely available, it is licensed and
copyrighted software.

so add a dummy fetch: target to tell people to read their licence and
obtain the source manually, and what to do with it when you have it.
1996-09-19 09:58:47 +00:00
Torsten Blum
17cdff96b5 Upgrade to 2.7 (no changes since 2.7b4) 1996-09-14 23:22:07 +00:00
Torsten Blum
59a394e69a Upgrade to 0.19 1996-09-14 23:15:25 +00:00
Eric L. Hernes
4ba8d4d619 upgrade to v1.5 1996-09-06 13:41:04 +00:00
Satoshi Asami
7a4662e170 Remove LIB_DEPENDS on libz, it's in /usr/src now. 1996-08-19 10:31:04 +00:00
Peter Wemm
3c3b1d9e1b Dont install identconn or itest, installing itest requires root access,
meaning it will silently fail if you (say) install as "bin".  This makes
the packaging break.  (Will the package tools install the setuid-root
binary anyway?)

They were not particularly useful anyway, they are mainly diagnostic tools
to parse the output of 'netstat' to see which users have what local
connections open.

Requested by: asami
1996-08-17 11:19:03 +00:00
Peter Wemm
54a78b40a6 Update from 2.7b3 -> 2.7b4, the author included our patch.
.. however, he also changed the top level Makefile to use $PREFIX for
something completely different (and incompatable) to what we use it for.
1996-08-16 18:31:04 +00:00
Peter Wemm
4f8ec254e4 Have ssh use rresvport() to get a privileged socket instead of doing it
itself.  This means it obeys the portrange sysctl's.
1996-08-12 14:17:53 +00:00
Mark Murray
890f946482 Move to version 0.6.3 1996-08-10 19:15:44 +00:00
Mark Murray
7279f52c21 Move to version 0.6.3 1996-08-10 18:10:55 +00:00
Peter Wemm
702bf4b966 Several fixes/improvements :-
- protect the secret RSA etc/ssh_host_key.  It is now generated on install
   (either by pkg_add or make install) if not already present and is not
   ever added to a package since it's your host's credentials.  It should
   not be removed on pkg_delete, since you are in big trouble if you did
   this (for example) pkg_delete ssh-1.2.14; pkg_add ssh-1.2.15.tgz.
 - fix the broken manpage symlink when compressing man pages (slogin.1
   has been causing /etc/weekly to generate cron messages)
 - zlib 1.0.4 is now "blessed" again, the ssh working sources now use this
   instead of v0.95. The decompression problem was fixed in either 1.0.3
   or 1.0.4.  Also, the current version of cvs uses zlib 1.0.4 as well..
 - perl5.002 -> perl5.003

Reviewed by: torstenb
1996-08-08 13:57:02 +00:00
Peter Wemm
5d9049b6c3 Turn off the unconditional use of USE_PIPES as it prevents rdist from using
ssh for transport.  FreeBSD does not have the implementation bugs that some
other systems appear to have, this option only hurts us.

Reviewed by: torstenb
1996-08-08 13:47:55 +00:00
Satoshi Asami
d5b408c66c Change NO_PACKAGE to RESTRICTED, this is crypto code so we don't even
want to touch it.

While I'm here, change MASTER_SITES to URL form (ftp://) and add
markm as the maintainer (he's the only one who touched this
Makefile since the beginning of history)....
1996-07-30 19:43:53 +00:00
Mark Murray
2d686b6259 SSLeay version 0.6.2.
This implementation has been built with Our ((actually its own but in our
source tree) DES library and our MD{45}. You will need to link your SSL
code with -ldes and -lmd.

Are you happy now, Torsten? ;-)
1996-07-29 19:57:58 +00:00
Jordan K. Hubbard
f97e248437 The checksum for the ssh tarball was out of date - fix it. 1996-07-29 02:33:33 +00:00
Paul Traina
98eae442a0 If using socks, make sure you find socks library 1996-07-22 23:06:08 +00:00
Satoshi Asami
9b6acf4966 Put "sudoers.sample" in the package and copy it to "sudoers" if the
latter doesn't already exist.  Closes PR ports/1405 ("why can Satoshi
sudo on my machine?").
1996-07-19 21:00:43 +00:00
Torsten Blum
e1b1692d10 Back out andrews change - 1.2.14.1 is not an official ssh release. 1996-07-18 11:33:47 +00:00