d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
82,540 Commits 4 Branches 49 Tags 2 GiB
b057cae3d7
Commit Graph

30 Commits

Author SHA1 Message Date
des
b833b9d1d3 Unbreak static build and remove usage() that isn't usage(). 
Reviewed by:	bde
 2002-05-03 13:12:06 +00:00
des
37ceba5949 PAMify rexecd(8). 
Sponsored by:	DARPA, NAI Labs
 2002-05-02 05:06:32 +00:00
ume
903c50775a When opieverify() is fail, fallback to try unix password. 
Tested by:	kuriyama
 2002-04-16 10:54:30 +00:00
ume
7027bf8c9b Add an IPv6 support. 
I dunno if there is an IPv6 supported rexec client.  So, it was
tested that this change doesn't break an IPv4.

Tested by:	kuriyama (IPv4 only)
 2002-04-16 10:15:30 +00:00
kuriyama
c89f41e943 Make this compilable without -DOPIE. 
Hint by:	ume
 2002-04-16 07:53:42 +00:00
imp
c963f1d002 o __P removal 
o register removal
o use new style prototypes and function definitions
 2002-02-07 23:57:01 +00:00
sheldonh
9bfb9eedcd Use STD{ERR,IN,OUT}_FILENO instead of their numeric values. The 
definitions are more readable, and it's possible that they're
more portable to pathalogical platforms.

Submitted by:   David Hill <david@phobia.ms>
 2001-07-26 11:02:39 +00:00
markm
84b43d4375 Goodbye S/Key, Hello OPIE. 
I believe I have done due dilligence on this, but I'd appreciate
decent test scenarios and sucess (or failure) reports.
 2001-07-09 17:34:22 +00:00
brian
8636b161b3 Fix the type of the NULL arg to execl() 
Idea from: Theo de Raadt <deraadt@openbsd.org>
 2001-07-09 09:24:06 +00:00
dwmalone
9d3e9efd8a Avoid a warning by making a variable a const char *. 2001-05-01 10:35:20 +00:00
charnier
f1a89df331 Remove unused #include. Use getopt(3). Add usage() with syslog(3) cap. 2000-11-28 18:15:25 +00:00
nsayer
d83d7a6528 Add -i (insecure) flag to rexecd, which allows uid == 0 logins 
(presuming that the user in question is not in /etc/ftpusers and
does not have a null password).
 2000-05-13 15:58:36 +00:00
peter
76f0c923fe $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
brian
c6c6c7de65 Ensure that things returned by gethostname() and 
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde
 1999-04-07 08:27:45 +00:00
brian
a77173a7cd Use realhostname() rather than various combinations of 
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
 1999-04-06 23:06:00 +00:00
charnier
d61a5ed6ec Use err(3). -Wall cleaning. Use Pa for file names and add section in Xrefs. 1997-11-26 07:29:04 +00:00
imp
7f79bbed5b Julian A's fix. Do chdir as user rather than as root. Fixes a minor NFS 
compatibility problem at the same time.  Some buffer made large enough
for worst case hostname.

fixes PR 2593.

Reviewed by:	Dan Cross and maybe others
 1997-03-24 05:57:28 +00:00
peter
090fb430f1 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
imp
cced79bd4c Buffer Overflow from OpenBSD 
rev 1.7 deraadt:
	buf oflow
Obtained from: OpenBSD
 1997-02-09 04:40:02 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$ 
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
 1997-01-14 07:20:47 +00:00
pst
f802c9787d Back out recent security patch for rexecd. After more careful analysis, 
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.

Yes, an attacker can "relay" connections using this trick,  but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
 1996-11-22 08:59:07 +00:00
pst
9b54175344 Do not attempt to open reverse channel until authentication phase has 
succeeded.

Never allow the reverse channel to be to a privileged port.

Cannidate for:	2.1 and 2.2 branches

Reviewed by:	pst (with local cleanups)
Submitted by:	Cy Shubert <cy@cwsys.cwent.com>
Obtained from:	Jaeger <jaeger@dhp.com> via BUGTRAQ
 1996-11-19 18:03:16 +00:00
wosch
361a15b8f4 add forgotten $Id$ 1996-09-22 21:56:57 +00:00
mpp
684146e8ce Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
peter
8ca6f0e2ac rexecd was not calling "setlogin()" when it should have. This was causing 
getlogin() to return wrong answers (eg: "root").
Reviewed by:	davidg
Obtained from:	James Jegers, for NetBSD, slightly reworked by me.
 1995-07-29 15:21:15 +00:00
rgrimes
f05428e4cd Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
pst
d66cc2a40a make rexecd link against skeyaccess, not authfile 1994-09-30 06:38:43 +00:00
pst
e9556ba2e9 Tighen up rexecd(8) security (see manual page for details). 
Rexecd is a crock, it never should have been written,  however make it so
that people who have a need to run it don't hurt themselves so badly.

Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
 1994-09-29 09:23:58 +00:00
guido
170df33e71 Add skey support 
Reviewed by:
Submitted by:	guido
 1994-08-21 19:10:43 +00:00
rgrimes
7d07d2de2f BSD 4.4 Lite Libexec Sources 1994-05-27 12:39:25 +00:00