d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
116,336 Commits 4 Branches 49 Tags 2 GiB
0d56bd2793
Commit Graph

58 Commits

Author SHA1 Message Date
das
e2b9708f18 s/int/size_t/ as appropriate. 
Noticed by:	bde
 2005-04-17 01:06:37 +00:00
des
ca18f36fa5 Revert parts of previous commits and use a temporary variable to avoid 
an invalid type pun.
 2005-04-08 11:19:50 +00:00
nectar
32eab0f970 An array was mistaken for a pointer in the previous commit. 
Noticed by:	tinderbox, stefanf
Pointy hat to:	nectar
 2005-04-07 19:26:35 +00:00
nectar
816af95a77 Correct type mismatch introduced in last commit. 
Noticed by:	Steve Kargl <sgk@troutmask.apl.washington.edu>
 2005-04-05 18:25:27 +00:00
nectar
6435ce940d DES pointed out that the PAM layer may change the target user name 
during authentication.  Thus we need to call getpwnam *after* the user
has been authenticated.  Colin mentioned that we should also move the
check for root in that case.
 2005-04-05 14:55:33 +00:00
nectar
8f12f32e0d When PAM support was added to rexecd in revision 1.29 (just prior to 
5.0-RELEASE), a visually elusive bug was introduced.  A comparison
operator was changed to assignment.  As a result, rexecd behaved
always as if the `-i' option had been specified.  It would allow root
logins.  This commit corrects the situation in the obvious way.

A separate bug was introduced at the same time.  The PAM library
functions are called between the invocation of getpwnam(3) and the use
of the returned static object.  Since many PAM library functions
result in additional getpwnam(3) calls, the contents of the returned
static object could be changed from under rexecd.  With this commit,
getpwnam_r(3) is used instead.

Other PAM-using applications should be reviewed for similar errors in
getpw* usage.

Security:	rexecd's documented default policy of disallowing root
		logins was not enforced.
Reviewed by:	cperciva
 2005-03-27 13:59:44 +00:00
das
930b2ee454 Use sysconf(_SC_ARG_MAX) instead of NCARGS. 2005-03-21 08:01:14 +00:00
ume
2da58c2233 correct WARNS=6 fix to use cast to (void *). 
use of struct sockaddr_strage * is thought as not good manner. :)
 2005-03-01 10:55:06 +00:00
des
235eb699e1 If what we have is a struct sockaddr_storage * and what we want is a 
struct sockaddr_storage *, there's no point in casting it prematurely
to a struct sockaddr *.  This unbreaks WARNS=6 on sparc64.
 2005-02-23 21:26:55 +00:00
des
6b77db7044 Make WARNS=6-clean. 2005-02-23 17:13:28 +00:00
stefanf
03a2de3818 Fix most cases where the address of an int is passed to a function expecting a 
socklen_t * argument.
 2005-02-14 17:42:58 +00:00
ru
d95b3c4c8d Sort sections. 2005-01-18 09:29:40 +00:00
ru
20fbd172b2 Mechanically kill hard sentence breaks. 2004-07-02 21:28:50 +00:00
stefanf
12a8a7fa4c Include <stdlib.h> for exit() and abort() prototypes. 
Approved by:	das (mentor)
 2004-05-24 13:21:24 +00:00
charnier
eeb46390af Add section number to .Xr 2003-06-08 12:40:50 +00:00
charnier
9639b20db6 The .Nm utility 2002-07-06 19:19:48 +00:00
des
b833b9d1d3 Unbreak static build and remove usage() that isn't usage(). 
Reviewed by:	bde
 2002-05-03 13:12:06 +00:00
des
37ceba5949 PAMify rexecd(8). 
Sponsored by:	DARPA, NAI Labs
 2002-05-02 05:06:32 +00:00
ume
903c50775a When opieverify() is fail, fallback to try unix password. 
Tested by:	kuriyama
 2002-04-16 10:54:30 +00:00
ume
7027bf8c9b Add an IPv6 support. 
I dunno if there is an IPv6 supported rexec client.  So, it was
tested that this change doesn't break an IPv4.

Tested by:	kuriyama (IPv4 only)
 2002-04-16 10:15:30 +00:00
kuriyama
c89f41e943 Make this compilable without -DOPIE. 
Hint by:	ume
 2002-04-16 07:53:42 +00:00
imp
c963f1d002 o __P removal 
o register removal
o use new style prototypes and function definitions
 2002-02-07 23:57:01 +00:00
kris
c60495e0de Lock down with WFORMAT?=1, with overrides in the subdirectories which 
are not yet warning-clean.  Tested on i386 and alpha.
 2002-02-04 02:33:51 +00:00
bde
5acdee8a8e Don't clobber the default for CFLAGS. 2001-08-03 21:45:54 +00:00
sheldonh
9bfb9eedcd Use STD{ERR,IN,OUT}_FILENO instead of their numeric values. The 
definitions are more readable, and it's possible that they're
more portable to pathalogical platforms.

Submitted by:   David Hill <david@phobia.ms>
 2001-07-26 11:02:39 +00:00
dd
a145482cf6 Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
ru
5e14a6862e mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:49:54 +00:00
markm
84b43d4375 Goodbye S/Key, Hello OPIE. 
I believe I have done due dilligence on this, but I'd appreciate
decent test scenarios and sucess (or failure) reports.
 2001-07-09 17:34:22 +00:00
brian
8636b161b3 Fix the type of the NULL arg to execl() 
Idea from: Theo de Raadt <deraadt@openbsd.org>
 2001-07-09 09:24:06 +00:00
dwmalone
9d3e9efd8a Avoid a warning by making a variable a const char *. 2001-05-01 10:35:20 +00:00
ru
45d92a4319 - Backout botched attempt to intoduce MANSECT feature. 
- MAN[1-9] -> MAN.
 2001-03-26 14:22:12 +00:00
ru
a23a98f937 Set the default manual section for libexec/ to 8. 2001-03-20 18:10:13 +00:00
charnier
f1a89df331 Remove unused #include. Use getopt(3). Add usage() with syslog(3) cap. 2000-11-28 18:15:25 +00:00
ru
fda4c0a990 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 14:42:24 +00:00
nsayer
21a39613d0 Man page fixups 
Submitted by:	sheldonh@uunet.co.za
 2000-05-15 14:06:07 +00:00
nsayer
d83d7a6528 Add -i (insecure) flag to rexecd, which allows uid == 0 logins 
(presuming that the user in question is not in /etc/ftpusers and
does not have a null password).
 2000-05-13 15:58:36 +00:00
peter
76f0c923fe $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
brian
c6c6c7de65 Ensure that things returned by gethostname() and 
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde
 1999-04-07 08:27:45 +00:00
brian
213baed96f Link with libutil 1999-04-06 23:40:25 +00:00
brian
a77173a7cd Use realhostname() rather than various combinations of 
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
 1999-04-06 23:06:00 +00:00
charnier
d61a5ed6ec Use err(3). -Wall cleaning. Use Pa for file names and add section in Xrefs. 1997-11-26 07:29:04 +00:00
imp
7f79bbed5b Julian A's fix. Do chdir as user rather than as root. Fixes a minor NFS 
compatibility problem at the same time.  Some buffer made large enough
for worst case hostname.

fixes PR 2593.

Reviewed by:	Dan Cross and maybe others
 1997-03-24 05:57:28 +00:00
peter
090fb430f1 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
imp
cced79bd4c Buffer Overflow from OpenBSD 
rev 1.7 deraadt:
	buf oflow
Obtained from: OpenBSD
 1997-02-09 04:40:02 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$ 
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
 1997-01-14 07:20:47 +00:00
pst
f802c9787d Back out recent security patch for rexecd. After more careful analysis, 
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.

Yes, an attacker can "relay" connections using this trick,  but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
 1996-11-22 08:59:07 +00:00
pst
9b54175344 Do not attempt to open reverse channel until authentication phase has 
succeeded.

Never allow the reverse channel to be to a privileged port.

Cannidate for:	2.1 and 2.2 branches

Reviewed by:	pst (with local cleanups)
Submitted by:	Cy Shubert <cy@cwsys.cwent.com>
Obtained from:	Jaeger <jaeger@dhp.com> via BUGTRAQ
 1996-11-19 18:03:16 +00:00
wosch
361a15b8f4 add forgotten $Id$ 1996-09-22 21:56:57 +00:00
mpp
684146e8ce Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
peter
8ca6f0e2ac rexecd was not calling "setlogin()" when it should have. This was causing 
getlogin() to return wrong answers (eg: "root").
Reviewed by:	davidg
Obtained from:	James Jegers, for NetBSD, slightly reworked by me.
 1995-07-29 15:21:15 +00:00