Commit Graph

45 Commits

Author SHA1 Message Date
Ruslan Ermilov
6f1214d918 Removed broken PAM support from rshd(8) and rlogind(8). rshd does
not allocate a pty(4) so it is not suitable at all for interactive
PAM modules.  rlogind calls login(1) which is already PAM enabled.

Approved by:	markm
2000-10-12 07:18:20 +00:00
Ruslan Ermilov
9b376c9084 Make it compile without -DNO_PAM again. 2000-10-06 17:08:31 +00:00
Kris Kennaway
769ec4a81a sprintf() -> snprintf() paranoia. 2000-08-04 10:39:34 +00:00
Hajimu UMEMOTO
21cca9bebe Make compilable without -DINET6.
With shut up unused variable warnings.

PR:		bin/20225
Submitted by:	Paul Herman <pherman@frenchfries.net>
2000-07-28 09:34:44 +00:00
Mark Murray
f0ad5f0b62 Use libcrypto instead of libdes. 2000-02-24 21:18:08 +00:00
Yoshinobu Inoue
e3be4d7b7e sync iruserok() extension API with other BSDs
Some of rcmd related function is need to be updated to
  support IPv6. Some of them are already updated as standard
  document. But there is also several de-facto functions and
  they are not listed in standard documents.
  They are,

    iruserok()  (used by rlogind, rshd)
    ruserok()   (used by kerberos, etc)

  KAME package updated those functions in original way.

    iruserok_af()
    ruserok_af()

  But recently there was discussion on IETF IPng mailing
  list about how to sync those API, and it is decided,

    -Those function is not standard and not documented.
    -But let BSDs sync their API as de-facto.

  And after some discussion, it is announced that

    -add update to iruserok() as iruserok_sa()
    -no ruserok() API change(it is only updated internaly)

So I sync those API before 4.0 is released.
The changes are,
   -prototype changes
   -ruserok() internal update (use iruserok_sa() inside)
   -removal of ruserok_af()
   -change iruserok_af() as static functioin, and also prefix the name with __.
   -add iruserok_sa() (Just call __iruserok_af() inside)
   -adding flag AI_ALL to getipnodebyaddr() called from __icheckhost().
    This is necessary to support IPv4 communication via AF_INET6 socket
    could be correctly authenticated via iruserok_sa()
   -irusreok_af() call is replaced to iruserok_sa() call
    in rlogind, and rshd.

Approved by: jkh
2000-02-01 15:55:56 +00:00
Yoshinobu Inoue
0cac72f42c several tcp apps IPv6 update
-inetd
 -rshd
 -rlogind
 -telnetd
 -rsh
 -rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-25 14:52:10 +00:00
Alexey Zelkin
4df223aaf6 . mdoc(7)'fy
. add Xrs to hosts.equiv(5), auth.conf(5), services(5) to some pages
. sort Xrs in SEE ALSO sections

Patches based on PR:	docs/15680
Submitted by:		Christian Weisgerber <naddy@mips.rhein-neckar.de>
2000-01-07 13:14:32 +00:00
Mark Murray
6c9134c067 Fix for new Kerberos4. Make a fist cut at PAM-ising while I'm here. 1999-09-19 22:05:32 +00:00
Mark Murray
b2b9ed4833 Fix more Common Error brokenness. 1999-09-06 20:18:44 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Warner Losh
7d773433a7 Ufff. cflags -> chflags. I could have sworn this change has been in
my last three successful make buildworlds...

Noticed by: phk
1999-08-21 20:54:40 +00:00
Warner Losh
15621e0d76 Remove all flags from devices before we try to assert ownership and
set permissions.

Bug not fixed:
	We silently ignore failures of chflags, chmod and chown.
1999-08-21 18:15:55 +00:00
Warner Losh
859663719d More egcs warning fixes:
o main returns int not void
	o use return 0 at end of main when needed
	o use braces to avoid potentially ambiguous else
	o don't default to type int (and also remove a useless register
	  modifier).

Reviewed by: obrien and chuckr
1999-04-25 22:23:38 +00:00
Brian Somers
9e9a43bdec Ensure that things returned by gethostname() and
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde
1999-04-07 08:27:45 +00:00
Brian Somers
32af26a501 Use realhostname() rather than various combinations of
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
1999-04-06 23:06:00 +00:00
Satoshi Asami
0e510aed5b Oops, I missed a few more /etc/nologin references yesterday. It appears
my check of the tree was incomplete.  Sorry guys.

Reported by:	Ben Smithurst <ben@scientia.demon.co.uk>
1999-01-12 14:09:23 +00:00
Peter Wemm
5328c7eb7e As previously threatened, clean up the rshd -a option and make it default
on rshd and rlogind.  However, note that:
1: rshd used to drop a connection with -a if the hostname != ip address.
   This is unneeded, because iruserok() does it's own checking.
   It was also wrong if .rhosts had an explicit IP address in it,
   connections would be dropped from that host solely because the DNS was
   mismatched even though it was explicitly intended to work by IP address.
2: rlogind and rshd check the hostname mappings by default now because that
   is what goes into the utmp/wtmp and logs.  If the hostname != ip address,
   then it uses the IP address for logging/utmp/wtmp purposes.  There isn't
   much point logging ficticious hostnames.
3: rshd -a is now accepted (but ignored) for compatability.  If you really
   want to make life miserable for people with bad reverse DNS, use tcpd in
   paranoid mode (which is questionable anyway, given DNS ttl tweaking).
1998-12-16 07:20:45 +00:00
John Birrell
e00072f9f4 Add -lcrypt when building kerberos. 1998-09-05 00:32:27 +00:00
Mark Murray
448bbb5805 Fix LIBDIR (for aout/ELF). 1998-08-06 21:41:13 +00:00
Philippe Charnier
943eade9ed Sort #includes. Add rcsid. Add man page section in .Xrefs. 1997-11-25 07:17:15 +00:00
Mark Murray
e7509c75f5 Changes for the new KTH Kerberos.
Also make -Wall a bit quieter.
1997-09-28 08:36:04 +00:00
Warner Losh
91477cc4d7 compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-28 15:48:21 +00:00
Warner Losh
0f5e6a0d00 Fix various buffer overflows that may or may not be exploitable.
Fixes PR 2588

Reviewed by:	Dan Cross?
Submitted by:	Julian Assange
1997-03-24 06:01:39 +00:00
Peter Wemm
9e522f7a18 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
Warner Losh
70dc969961 Some patches for source routed packets from OpenBSD.
Rev 1.16 deraadt:
	do not warn about valid options; invalid options correctly quit
Rev 1.15 deraadt:
	need not clear options since bad ones cause exit;
	provos@ws1.physnet.uni-hamburg.de
Rev 1.14 deraadt:
	IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed
	out by provos@wserver.physnet.uni-hamburg.de. also another 1-char
	buffer overflow.

Reviewed by:    Peter Wemm
Obtained from:  OpenSBD
1997-02-09 04:18:43 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Wolfram Schneider
af20215665 Sort cross references. 1997-01-13 00:25:51 +00:00
Mike Pritchard
d3b133fb1c Document the -k, -v and -x options.
Closes PR# 801.
1996-12-16 00:01:28 +00:00
Wolfram Schneider
148531ef1e add forgotten $Id$ 1996-09-22 21:56:57 +00:00
Paul Traina
39ea627d62 Fix some compilation warnings. 1996-09-21 18:01:23 +00:00
Mark Murray
bbff7ca556 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
Mark Murray
5bf1814b0e Rename des_set_key -> des_set_key_krb. (libdes conflict) 1996-02-03 11:51:19 +00:00
Wolfram Schneider
7b30d8a2b1 Section FILES and SEE ALSO completed 1996-01-28 23:57:09 +00:00
Nate Williams
56dbd97bcb Fix typo. 1995-12-02 18:23:00 +00:00
Guido van Rooij
d7b3176278 It is not necessary to check if a '-' is in lusername., Checking if
lusername starts with a '-' is enough. Otherwise, no users with a '-'
in there name can use rlogin.
1995-12-01 20:38:40 +00:00
Peter Wemm
2d9cb0580d Stop rlogind from bogusly ignoring an explicit .rhosts file for root.
It still correctly ignores hosts.equiv.  This is now consistant with rshd.
1995-11-20 23:25:35 +00:00
David Greenman
dfd651579c Added a -D option to set the TCP_NODELAY socket option. This improves
responsiveness at the expense of some additional network traffic.
1995-10-15 03:40:57 +00:00
Justin T. Gibbs
f4390542d7 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Garrett Wollman
a38c3127e1 Add distribution=krb for P-HK 1994-11-20 23:23:28 +00:00
Geoff Rehmet
c368d11dd2 First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES.  (Far fewer contortions,
and both default to off.)  IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
1994-09-29 13:06:54 +00:00
Guido van Rooij
9496903032 Plug security hole that was already fixed in 1.1. It prevents
user from specifying their hostname when rlogin()-ing in
(using rlogin -f-h<host>)

Reviewed by:
Submitted by:
1994-08-15 19:44:50 +00:00
Garrett Wollman
2a3c26c889 Update to new make macros and disable Kerberos because we haven't got it
set up right yet.
1994-08-05 21:24:58 +00:00
Rodney W. Grimes
ea022d1687 BSD 4.4 Lite Libexec Sources 1994-05-27 12:39:25 +00:00