Commit Graph

56 Commits

Author SHA1 Message Date
Mark Murray
5bc9d93db3 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
Ruslan Ermilov
e5b5c66bca - Backout botched attempt to intoduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:22:12 +00:00
Ruslan Ermilov
020ee2dc9f Set the default manual section for libexec/ to 8. 2001-03-20 18:10:13 +00:00
Jeroen Ruigrok van der Werven
2fa72ea7d4 Fix typo: compatability -> compatibility.
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
Nik Clayton
e9f391478b Structure the options listing to be more standard.
The PR also included documentation for other options, but upon
inspection of the source these options aren't used.

PR:             docs/24149
Submitted by:   Jesse Monroy, Jr. <opentrax@email.com>
2001-02-02 03:29:09 +00:00
Ruslan Ermilov
d0353b836e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
Ruslan Ermilov
114c43dcf8 Whitespace-only to sync with -stable. 2000-12-07 15:09:48 +00:00
Ruslan Ermilov
760819894e mdoc(7) police: use the new features of the Nm macro. 2000-11-20 14:42:24 +00:00
Ben Smithurst
76a06f8483 remove trailing periods from SEE ALSO. 2000-11-15 17:27:54 +00:00
Ruslan Ermilov
6f1214d918 Removed broken PAM support from rshd(8) and rlogind(8). rshd does
not allocate a pty(4) so it is not suitable at all for interactive
PAM modules.  rlogind calls login(1) which is already PAM enabled.

Approved by:	markm
2000-10-12 07:18:20 +00:00
Brian S. Dean
f2b5eea7aa Plug the hole where rshd would bypass a proper .rhosts check if the
password was empty.

Reviewed by:	Warner Losh <imp@freebsd.org>
2000-07-05 17:47:17 +00:00
Jeroen Ruigrok van der Werven
2e79759062 Remove dead debug code.
This also removes a dependency/reference on COMPAT_43.
2000-04-29 12:02:00 +00:00
Mark Murray
f0ad5f0b62 Use libcrypto instead of libdes. 2000-02-24 21:18:08 +00:00
Yoshinobu Inoue
e3be4d7b7e sync iruserok() extension API with other BSDs
Some of rcmd related function is need to be updated to
  support IPv6. Some of them are already updated as standard
  document. But there is also several de-facto functions and
  they are not listed in standard documents.
  They are,

    iruserok()  (used by rlogind, rshd)
    ruserok()   (used by kerberos, etc)

  KAME package updated those functions in original way.

    iruserok_af()
    ruserok_af()

  But recently there was discussion on IETF IPng mailing
  list about how to sync those API, and it is decided,

    -Those function is not standard and not documented.
    -But let BSDs sync their API as de-facto.

  And after some discussion, it is announced that

    -add update to iruserok() as iruserok_sa()
    -no ruserok() API change(it is only updated internaly)

So I sync those API before 4.0 is released.
The changes are,
   -prototype changes
   -ruserok() internal update (use iruserok_sa() inside)
   -removal of ruserok_af()
   -change iruserok_af() as static functioin, and also prefix the name with __.
   -add iruserok_sa() (Just call __iruserok_af() inside)
   -adding flag AI_ALL to getipnodebyaddr() called from __icheckhost().
    This is necessary to support IPv4 communication via AF_INET6 socket
    could be correctly authenticated via iruserok_sa()
   -irusreok_af() call is replaced to iruserok_sa() call
    in rlogind, and rshd.

Approved by: jkh
2000-02-01 15:55:56 +00:00
Yoshinobu Inoue
1f2ba8fcb7 Fix rshd coredump when AF_INET socket is used.
Confirmed by: F. Heinrichmeyer <fritz.heinrichmeyer@fernuni-hagen.de>
2000-01-28 20:02:02 +00:00
Yoshinobu Inoue
0cac72f42c several tcp apps IPv6 update
-inetd
 -rshd
 -rlogind
 -telnetd
 -rsh
 -rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-25 14:52:10 +00:00
Alexey Zelkin
4df223aaf6 . mdoc(7)'fy
. add Xrs to hosts.equiv(5), auth.conf(5), services(5) to some pages
. sort Xrs in SEE ALSO sections

Patches based on PR:	docs/15680
Submitted by:		Christian Weisgerber <naddy@mips.rhein-neckar.de>
2000-01-07 13:14:32 +00:00
Mark Murray
6c9134c067 Fix for new Kerberos4. Make a fist cut at PAM-ising while I'm here. 1999-09-19 22:05:32 +00:00
Mark Murray
b2b9ed4833 Fix more Common Error brokenness. 1999-09-06 20:18:44 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Brian Somers
9e9a43bdec Ensure that things returned by gethostname() and
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde
1999-04-07 08:27:45 +00:00
Brian Somers
32af26a501 Use realhostname() rather than various combinations of
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
1999-04-06 23:06:00 +00:00
Satoshi Asami
0e510aed5b Oops, I missed a few more /etc/nologin references yesterday. It appears
my check of the tree was incomplete.  Sorry guys.

Reported by:	Ben Smithurst <ben@scientia.demon.co.uk>
1999-01-12 14:09:23 +00:00
Peter Wemm
5328c7eb7e As previously threatened, clean up the rshd -a option and make it default
on rshd and rlogind.  However, note that:
1: rshd used to drop a connection with -a if the hostname != ip address.
   This is unneeded, because iruserok() does it's own checking.
   It was also wrong if .rhosts had an explicit IP address in it,
   connections would be dropped from that host solely because the DNS was
   mismatched even though it was explicitly intended to work by IP address.
2: rlogind and rshd check the hostname mappings by default now because that
   is what goes into the utmp/wtmp and logs.  If the hostname != ip address,
   then it uses the IP address for logging/utmp/wtmp purposes.  There isn't
   much point logging ficticious hostnames.
3: rshd -a is now accepted (but ignored) for compatability.  If you really
   want to make life miserable for people with bad reverse DNS, use tcpd in
   paranoid mode (which is questionable anyway, given DNS ttl tweaking).
1998-12-16 07:20:45 +00:00
Bruce Evans
97aa1043ac Fixed long line in previous commit. 1998-12-03 05:45:18 +00:00
David Greenman
45166d95d1 Added a -D option to turn on TCP_NODELAY. 1998-12-01 23:27:24 +00:00
John Birrell
e00072f9f4 Add -lcrypt when building kerberos. 1998-09-05 00:32:27 +00:00
Mark Murray
448bbb5805 Fix LIBDIR (for aout/ELF). 1998-08-06 21:41:13 +00:00
Robert Nordier
c898c25b02 Replace _exit() with exit()
Pointed out by: Nathan Torkington <gnat@prometheus.frii.com> PR 5585
1998-05-05 00:28:51 +00:00
Philippe Charnier
5802420635 Typo. 1997-12-18 07:39:27 +00:00
Philippe Charnier
a40772799f No \n in syslog() strings. Add man page to Xrefs. Change null byte to NUL byte. 1997-12-02 12:30:04 +00:00
Mark Murray
0934db4674 Changes for the new KTH Kerberos4.
Also make -Wall a bit quieter
1997-09-28 08:38:04 +00:00
Wolfram Schneider
506a9d513c Rshd print to much information if a user does not exists. 1997-07-18 21:04:19 +00:00
David Nugent
5d0bfe39ec login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
David Nugent
80b3b7342f Added login.conf support. 1997-04-23 03:06:47 +00:00
Peter Wemm
f0ccf9018b Be a bit more careful about what port number we are using for the
second socket.  If we're going to check for reserved ports, we should
do it properly.
1997-03-29 12:35:06 +00:00
Warner Losh
91477cc4d7 compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-28 15:48:21 +00:00
Peter Wemm
9e522f7a18 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
Warner Losh
2631d5a8d1 Some patches for source routed packets from OpenBSD.
Rev 1.13 deraadt:
	do not warn about valid options; invalid options correctly quit
Rev 1.12 deraadt:
	need not clear options since bad ones cause exit;
	provos@ws1.physnet.uni-hamburg.de
Rev 1.11 deraadt:
	IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed
	out by provos@wserver.physnet.uni-hamburg.de. also another 1-char
	buffer overflow.

Reviewed by:	Peter Wemm
Obtained from:	OpenSBD
1997-02-09 04:16:27 +00:00
Joerg Wunsch
28f9fdc1ae Make even more copies of hostnames obtained by inet_ntoa(). iruserok()
could still clobber the static storage, yielding an error message with
a wrong hostname.
1997-01-27 15:38:46 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Wolfram Schneider
af20215665 Sort cross references. 1997-01-13 00:25:51 +00:00
Marc G. Fournier
268fa61dc1 Fixes:
When an rsh is denied by rshd because the client is lacking appropriate
.rhosts permission, an error message is formatted for syslog which contains
the client's hostname.  The hostname portion of the message relies on a pointer
to a field within gethostbyname()'s internal struct hostent which changes state
between when the pointer is initialized and when it is dereferenced to create th
e
message.

Submitted by: skynyrd@opus.cts.cwu.edu
1996-10-22 21:11:49 +00:00
Wolfram Schneider
148531ef1e add forgotten $Id$ 1996-09-22 21:56:57 +00:00
Paul Traina
39ea627d62 Fix some compilation warnings. 1996-09-21 18:01:23 +00:00
Adam David
30c690ce79 consistent presentation of emphasis 1996-07-23 12:21:46 +00:00
Mark Murray
bbff7ca556 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
Mark Murray
5bf1814b0e Rename des_set_key -> des_set_key_krb. (libdes conflict) 1996-02-03 11:51:19 +00:00
Wolfram Schneider
4714ab693b Section FILES and SEE ALSO completed
Section FILES and SEE ALSO completed
1996-01-28 23:57:38 +00:00
Andrey A. Chernov
cd0106ae43 Add missing & in des_set_key argument 1995-11-19 15:20:48 +00:00