33 Commits

Author SHA1 Message Date
peter
b811a3806f As previously threatened, clean up the rshd -a option and make it default
on rshd and rlogind.  However, note that:
1: rshd used to drop a connection with -a if the hostname != ip address.
   This is unneeded, because iruserok() does it's own checking.
   It was also wrong if .rhosts had an explicit IP address in it,
   connections would be dropped from that host solely because the DNS was
   mismatched even though it was explicitly intended to work by IP address.
2: rlogind and rshd check the hostname mappings by default now because that
   is what goes into the utmp/wtmp and logs.  If the hostname != ip address,
   then it uses the IP address for logging/utmp/wtmp purposes.  There isn't
   much point logging ficticious hostnames.
3: rshd -a is now accepted (but ignored) for compatability.  If you really
   want to make life miserable for people with bad reverse DNS, use tcpd in
   paranoid mode (which is questionable anyway, given DNS ttl tweaking).
1998-12-16 07:20:45 +00:00
bde
1ece6223be Fixed long line in previous commit. 1998-12-03 05:45:18 +00:00
dg
24689f2c76 Added a -D option to turn on TCP_NODELAY. 1998-12-01 23:27:24 +00:00
jb
b3bc350baa Add -lcrypt when building kerberos. 1998-09-05 00:32:27 +00:00
markm
ec4dc9550e Fix LIBDIR (for aout/ELF). 1998-08-06 21:41:13 +00:00
rnordier
9eefc374c7 Replace _exit() with exit()
Pointed out by: Nathan Torkington <gnat@prometheus.frii.com> PR 5585
1998-05-05 00:28:51 +00:00
charnier
8a27726113 Typo. 1997-12-18 07:39:27 +00:00
charnier
a3ea3db575 No \n in syslog() strings. Add man page to Xrefs. Change null byte to NUL byte. 1997-12-02 12:30:04 +00:00
markm
6122273f59 Changes for the new KTH Kerberos4.
Also make -Wall a bit quieter
1997-09-28 08:38:04 +00:00
wosch
6c57ae296c Rshd print to much information if a user does not exists. 1997-07-18 21:04:19 +00:00
davidn
f766bd31c5 login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
davidn
9467d57b92 Added login.conf support. 1997-04-23 03:06:47 +00:00
peter
1743de6ff7 Be a bit more careful about what port number we are using for the
second socket.  If we're going to check for reserved ports, we should
do it properly.
1997-03-29 12:35:06 +00:00
imp
3125d931c2 compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-28 15:48:21 +00:00
peter
090fb430f1 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
imp
ee7d6816c3 Some patches for source routed packets from OpenBSD.
Rev 1.13 deraadt:
	do not warn about valid options; invalid options correctly quit
Rev 1.12 deraadt:
	need not clear options since bad ones cause exit;
	provos@ws1.physnet.uni-hamburg.de
Rev 1.11 deraadt:
	IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed
	out by provos@wserver.physnet.uni-hamburg.de. also another 1-char
	buffer overflow.

Reviewed by:	Peter Wemm
Obtained from:	OpenSBD
1997-02-09 04:16:27 +00:00
joerg
f1bacc34bc Make even more copies of hostnames obtained by inet_ntoa(). iruserok()
could still clobber the static storage, yielding an error message with
a wrong hostname.
1997-01-27 15:38:46 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
wosch
71f5160702 Sort cross references. 1997-01-13 00:25:51 +00:00
scrappy
f82957fb4d Fixes:
When an rsh is denied by rshd because the client is lacking appropriate
.rhosts permission, an error message is formatted for syslog which contains
the client's hostname.  The hostname portion of the message relies on a pointer
to a field within gethostbyname()'s internal struct hostent which changes state
between when the pointer is initialized and when it is dereferenced to create th
e
message.

Submitted by: skynyrd@opus.cts.cwu.edu
1996-10-22 21:11:49 +00:00
wosch
361a15b8f4 add forgotten $Id$ 1996-09-22 21:56:57 +00:00
pst
8ddc5c2acb Fix some compilation warnings. 1996-09-21 18:01:23 +00:00
adam
51705cc05f consistent presentation of emphasis 1996-07-23 12:21:46 +00:00
markm
532cda9998 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
markm
b79e54892f Rename des_set_key -> des_set_key_krb. (libdes conflict) 1996-02-03 11:51:19 +00:00
wosch
ddc4317586 Section FILES and SEE ALSO completed
Section FILES and SEE ALSO completed
1996-01-28 23:57:38 +00:00
ache
44c4f6823f Add missing & in des_set_key argument 1995-11-19 15:20:48 +00:00
peter
f27a7effac Move the setlogin() call a little earlier.. It was being done in the child
process - which would be no longer allowed if the setlogin() changes go
through.  Now the parent (the session leader, when started by inetd) does it.
1995-11-12 18:31:23 +00:00
mpp
684146e8ce Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
wollman
740456e526 Add distribution=krb for P-HK 1994-11-20 23:23:28 +00:00
csgr
e9bb220eef First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES.  (Far fewer contortions,
and both default to off.)  IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
1994-09-29 13:06:54 +00:00
wollman
96c19e77ba Update to new make macros and disable Kerberos because we haven't got it
set up right yet.
1994-08-05 21:24:58 +00:00
rgrimes
7d07d2de2f BSD 4.4 Lite Libexec Sources 1994-05-27 12:39:25 +00:00