Stefan Farfeleder
28e1bf4689
Include <stdlib.h> for exit() and abort() prototypes.
...
Approved by: das (mentor)
2004-05-24 13:21:24 +00:00
Dag-Erling Smørgrav
d6551d89a2
Unbreak static build and remove usage() that isn't usage().
...
Reviewed by: bde
2002-05-03 13:12:06 +00:00
Dag-Erling Smørgrav
7f5e4ed359
PAMify rexecd(8).
...
Sponsored by: DARPA, NAI Labs
2002-05-02 05:06:32 +00:00
Hajimu UMEMOTO
b2b1845212
When opieverify() is fail, fallback to try unix password.
...
Tested by: kuriyama
2002-04-16 10:54:30 +00:00
Hajimu UMEMOTO
859be0911a
Add an IPv6 support.
...
I dunno if there is an IPv6 supported rexec client. So, it was
tested that this change doesn't break an IPv4.
Tested by: kuriyama (IPv4 only)
2002-04-16 10:15:30 +00:00
Jun Kuriyama
0d652d42ca
Make this compilable without -DOPIE.
...
Hint by: ume
2002-04-16 07:53:42 +00:00
Warner Losh
266ebcd391
o __P removal
...
o register removal
o use new style prototypes and function definitions
2002-02-07 23:57:01 +00:00
Sheldon Hearn
e1b4d8d074
Use STD{ERR,IN,OUT}_FILENO instead of their numeric values. The
...
definitions are more readable, and it's possible that they're
more portable to pathalogical platforms.
Submitted by: David Hill <david@phobia.ms>
2001-07-26 11:02:39 +00:00
Mark Murray
20934175ae
Goodbye S/Key, Hello OPIE.
...
I believe I have done due dilligence on this, but I'd appreciate
decent test scenarios and sucess (or failure) reports.
2001-07-09 17:34:22 +00:00
Brian Somers
7bc6d0158f
Fix the type of the NULL arg to execl()
...
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
David Malone
ea66ccbf96
Avoid a warning by making a variable a const char *.
2001-05-01 10:35:20 +00:00
Philippe Charnier
57757e9f36
Remove unused #include. Use getopt(3). Add usage() with syslog(3) cap.
2000-11-28 18:15:25 +00:00
Nick Sayer
0d9fb499eb
Add -i (insecure) flag to rexecd, which allows uid == 0 logins
...
(presuming that the user in question is not in /etc/ftpusers and
does not have a null password).
2000-05-13 15:58:36 +00:00
Peter Wemm
7f3dea244c
$Id$ -> $FreeBSD$
1999-08-28 00:22:10 +00:00
Brian Somers
9e9a43bdec
Ensure that things returned by gethostname() and
...
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)
Prompted by: bde
1999-04-07 08:27:45 +00:00
Brian Somers
32af26a501
Use realhostname() rather than various combinations of
...
gethostbyaddr() & gethostbyname().
Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
1999-04-06 23:06:00 +00:00
Philippe Charnier
6896720af3
Use err(3). -Wall cleaning. Use Pa for file names and add section in Xrefs.
1997-11-26 07:29:04 +00:00
Warner Losh
a51e2c9b04
Julian A's fix. Do chdir as user rather than as root. Fixes a minor NFS
...
compatibility problem at the same time. Some buffer made large enough
for worst case hostname.
fixes PR 2593.
Reviewed by: Dan Cross and maybe others
1997-03-24 05:57:28 +00:00
Peter Wemm
9e522f7a18
Revert $FreeBSD$ to $Id$
1997-02-22 14:22:49 +00:00
Warner Losh
5b266377fd
Buffer Overflow from OpenBSD
...
rev 1.7 deraadt:
buf oflow
Obtained from: OpenBSD
1997-02-09 04:40:02 +00:00
Jordan K. Hubbard
1130b656e5
Make the long-awaited change from $Id$ to $FreeBSD$
...
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Paul Traina
a13e275f66
Back out recent security patch for rexecd. After more careful analysis,
...
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.
Yes, an attacker can "relay" connections using this trick, but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
1996-11-22 08:59:07 +00:00
Paul Traina
6c6cc60e38
Do not attempt to open reverse channel until authentication phase has
...
succeeded.
Never allow the reverse channel to be to a privileged port.
Cannidate for: 2.1 and 2.2 branches
Reviewed by: pst (with local cleanups)
Submitted by: Cy Shubert <cy@cwsys.cwent.com>
Obtained from: Jaeger <jaeger@dhp.com> via BUGTRAQ
1996-11-19 18:03:16 +00:00
Wolfram Schneider
148531ef1e
add forgotten $Id$
1996-09-22 21:56:57 +00:00
Mike Pritchard
ae532ecb79
Check for expired passwords before allowing access to the system.
1995-08-28 21:30:59 +00:00
Peter Wemm
3f59b9c4ef
rexecd was not calling "setlogin()" when it should have. This was causing
...
getlogin() to return wrong answers (eg: "root").
Reviewed by: davidg
Obtained from: James Jegers, for NetBSD, slightly reworked by me.
1995-07-29 15:21:15 +00:00
Rodney W. Grimes
6c06b4e2aa
Remove trailing whitespace.
1995-05-30 05:51:47 +00:00
Paul Traina
9c48498989
make rexecd link against skeyaccess, not authfile
1994-09-30 06:38:43 +00:00
Paul Traina
cda3118c2e
Tighen up rexecd(8) security (see manual page for details).
...
Rexecd is a crock, it never should have been written, however make it so
that people who have a need to run it don't hurt themselves so badly.
Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
1994-09-29 09:23:58 +00:00
Guido van Rooij
a670645c57
Add skey support
...
Reviewed by:
Submitted by: guido
1994-08-21 19:10:43 +00:00
Rodney W. Grimes
ea022d1687
BSD 4.4 Lite Libexec Sources
1994-05-27 12:39:25 +00:00