Commit Graph

42 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
d6551d89a2 Unbreak static build and remove usage() that isn't usage().
Reviewed by:	bde
2002-05-03 13:12:06 +00:00
Dag-Erling Smørgrav
7f5e4ed359 PAMify rexecd(8).
Sponsored by:	DARPA, NAI Labs
2002-05-02 05:06:32 +00:00
Hajimu UMEMOTO
b2b1845212 When opieverify() is fail, fallback to try unix password.
Tested by:	kuriyama
2002-04-16 10:54:30 +00:00
Hajimu UMEMOTO
859be0911a Add an IPv6 support.
I dunno if there is an IPv6 supported rexec client.  So, it was
tested that this change doesn't break an IPv4.

Tested by:	kuriyama (IPv4 only)
2002-04-16 10:15:30 +00:00
Jun Kuriyama
0d652d42ca Make this compilable without -DOPIE.
Hint by:	ume
2002-04-16 07:53:42 +00:00
Warner Losh
266ebcd391 o __P removal
o register removal
o use new style prototypes and function definitions
2002-02-07 23:57:01 +00:00
Kris Kennaway
9357f4121d Lock down with WFORMAT?=1, with overrides in the subdirectories which
are not yet warning-clean.  Tested on i386 and alpha.
2002-02-04 02:33:51 +00:00
Bruce Evans
a7dff00b1e Don't clobber the default for CFLAGS. 2001-08-03 21:45:54 +00:00
Sheldon Hearn
e1b4d8d074 Use STD{ERR,IN,OUT}_FILENO instead of their numeric values. The
definitions are more readable, and it's possible that they're
more portable to pathalogical platforms.

Submitted by:   David Hill <david@phobia.ms>
2001-07-26 11:02:39 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Ruslan Ermilov
0efe23d669 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:49:54 +00:00
Mark Murray
20934175ae Goodbye S/Key, Hello OPIE.
I believe I have done due dilligence on this, but I'd appreciate
decent test scenarios and sucess (or failure) reports.
2001-07-09 17:34:22 +00:00
Brian Somers
7bc6d0158f Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
David Malone
ea66ccbf96 Avoid a warning by making a variable a const char *. 2001-05-01 10:35:20 +00:00
Ruslan Ermilov
e5b5c66bca - Backout botched attempt to intoduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:22:12 +00:00
Ruslan Ermilov
020ee2dc9f Set the default manual section for libexec/ to 8. 2001-03-20 18:10:13 +00:00
Philippe Charnier
57757e9f36 Remove unused #include. Use getopt(3). Add usage() with syslog(3) cap. 2000-11-28 18:15:25 +00:00
Ruslan Ermilov
760819894e mdoc(7) police: use the new features of the Nm macro. 2000-11-20 14:42:24 +00:00
Nick Sayer
210376ef16 Man page fixups
Submitted by:	sheldonh@uunet.co.za
2000-05-15 14:06:07 +00:00
Nick Sayer
0d9fb499eb Add -i (insecure) flag to rexecd, which allows uid == 0 logins
(presuming that the user in question is not in /etc/ftpusers and
does not have a null password).
2000-05-13 15:58:36 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Brian Somers
9e9a43bdec Ensure that things returned by gethostname() and
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde
1999-04-07 08:27:45 +00:00
Brian Somers
143b4dcdc7 Link with libutil 1999-04-06 23:40:25 +00:00
Brian Somers
32af26a501 Use realhostname() rather than various combinations of
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
1999-04-06 23:06:00 +00:00
Philippe Charnier
6896720af3 Use err(3). -Wall cleaning. Use Pa for file names and add section in Xrefs. 1997-11-26 07:29:04 +00:00
Warner Losh
a51e2c9b04 Julian A's fix. Do chdir as user rather than as root. Fixes a minor NFS
compatibility problem at the same time.  Some buffer made large enough
for worst case hostname.

fixes PR 2593.

Reviewed by:	Dan Cross and maybe others
1997-03-24 05:57:28 +00:00
Peter Wemm
9e522f7a18 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
Warner Losh
5b266377fd Buffer Overflow from OpenBSD
rev 1.7 deraadt:
	buf oflow
Obtained from: OpenBSD
1997-02-09 04:40:02 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Paul Traina
a13e275f66 Back out recent security patch for rexecd. After more careful analysis,
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.

Yes, an attacker can "relay" connections using this trick,  but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
1996-11-22 08:59:07 +00:00
Paul Traina
6c6cc60e38 Do not attempt to open reverse channel until authentication phase has
succeeded.

Never allow the reverse channel to be to a privileged port.

Cannidate for:	2.1 and 2.2 branches

Reviewed by:	pst (with local cleanups)
Submitted by:	Cy Shubert <cy@cwsys.cwent.com>
Obtained from:	Jaeger <jaeger@dhp.com> via BUGTRAQ
1996-11-19 18:03:16 +00:00
Wolfram Schneider
148531ef1e add forgotten $Id$ 1996-09-22 21:56:57 +00:00
Mike Pritchard
ae532ecb79 Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
Peter Wemm
3f59b9c4ef rexecd was not calling "setlogin()" when it should have. This was causing
getlogin() to return wrong answers (eg: "root").
Reviewed by:	davidg
Obtained from:	James Jegers, for NetBSD, slightly reworked by me.
1995-07-29 15:21:15 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Nate Williams
50dfa3861b Don't rely on the shared library bringing in libmd, do it explicitly.
Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 06:50:00 +00:00
Paul Traina
9c48498989 make rexecd link against skeyaccess, not authfile 1994-09-30 06:38:43 +00:00
Paul Traina
cda3118c2e Tighen up rexecd(8) security (see manual page for details).
Rexecd is a crock, it never should have been written,  however make it so
that people who have a need to run it don't hurt themselves so badly.

Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
1994-09-29 09:23:58 +00:00
Guido van Rooij
a670645c57 Add skey support
Reviewed by:
Submitted by:	guido
1994-08-21 19:10:43 +00:00
Geoff Rehmet
4714bb15be LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:19:46 +00:00
Garrett Wollman
2a3c26c889 Update to new make macros and disable Kerberos because we haven't got it
set up right yet.
1994-08-05 21:24:58 +00:00
Rodney W. Grimes
ea022d1687 BSD 4.4 Lite Libexec Sources 1994-05-27 12:39:25 +00:00