Commit Graph

358 Commits

Author SHA1 Message Date
Paul Traina
a13e275f66 Back out recent security patch for rexecd. After more careful analysis,
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.

Yes, an attacker can "relay" connections using this trick,  but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
1996-11-22 08:59:07 +00:00
Paul Traina
dacc975297 Conditionalize setsockopt IP_PORTRANGE to make ftpd portable. 1996-11-20 22:13:51 +00:00
Paul Traina
312c86cfd9 Truncate argument list to avoid buffer overflows.
Cannidate for: 2.1 and 2.2
1996-11-20 22:12:50 +00:00
Paul Traina
6c6cc60e38 Do not attempt to open reverse channel until authentication phase has
succeeded.

Never allow the reverse channel to be to a privileged port.

Cannidate for:	2.1 and 2.2 branches

Reviewed by:	pst (with local cleanups)
Submitted by:	Cy Shubert <cy@cwsys.cwent.com>
Obtained from:	Jaeger <jaeger@dhp.com> via BUGTRAQ
1996-11-19 18:03:16 +00:00
Paul Traina
4c640c1689 remove newly added reference to ppplogin 1996-11-13 01:36:52 +00:00
Paul Traina
ee936a69e4 Add the >optional< ability to sense PPP link bringups and call an authentication program 1996-11-13 01:06:40 +00:00
Poul-Henning Kamp
9649260fa5 doc/1994: spelling error.
Submitted by:	David Leonard David Leonard <d@scry.dstc.edu.au>
1996-11-12 13:32:49 +00:00
Jordan K. Hubbard
ea8f0676cf Correct the ancient paths here in case someone ever uncomments this again. 1996-11-05 05:13:39 +00:00
Torsten Blum
ff4167733f Comment out the XIDLE extension stuff, it breaks make world on systems
with Xinside's CDE installed
1996-11-04 20:58:58 +00:00
Mark Murray
50ab54df69 Compile telnetd from eBones instead of secure.
2.2 candidate.
1996-11-03 17:00:12 +00:00
Bill Paul
81a82d4dfd Give ypxfr the ability to detect the presence of the YP_INTERDOMAIN
and YP_SECURE flags so that it can properly add them to newly created
maps when needed. This applies only when using the 'standard' method
for map transfers. When using rpc.ypxfrd, the whole map is copied
verbatim, along with any special entries that may be encoded in it.

Also made -Wall a little quieter for ypxfrd_getmap.c.
1996-10-25 16:13:09 +00:00
John Polstra
ab6c6377b3 If errors occur during the loading of the shared libraries required by
the main program, report them directly from the dynamic linker and die
there, rather than returning an error message to crt0.o.  This enables
the printing of error messages even for old executables, whose version
of crt0.o is not able to print them.

This fix closes PR bin/1869.

The code in crt0.o for printing error messages from the dynamic linker
is no longer used, because of this change.  But it must remain, for
backward compatibility with older dynamic linkers.
1996-10-24 16:24:19 +00:00
Bill Paul
2385e0163a Nuke a couple of useless lines of code from the /etc/netid parsing
section. (Cut & paste-o.)
1996-10-24 03:33:32 +00:00
Marc G. Fournier
80bcade31d Totally botched ths patch...revert back to Rev 1.7, and request a
proper context diff from the submitter...
1996-10-23 05:05:32 +00:00
Marc G. Fournier
59faa42d9d Last time I trust 'sucess's on a non-context diff...
Pointed out by: Bill Fenner <fenner@parc.xerox.com>
1996-10-22 22:52:37 +00:00
Marc G. Fournier
268fa61dc1 Fixes:
When an rsh is denied by rshd because the client is lacking appropriate
.rhosts permission, an error message is formatted for syslog which contains
the client's hostname.  The hostname portion of the message relies on a pointer
to a field within gethostbyname()'s internal struct hostent which changes state
between when the pointer is initialized and when it is dereferenced to create th
e
message.

Submitted by: skynyrd@opus.cts.cwu.edu
1996-10-22 21:11:49 +00:00
Marc G. Fournier
d89ac03c9d Fixes:
>Description:

        /usr/libexec/mail.local runs as root.  As such is can fill up a
        mailbox on a quota'd filesystem, and keep going... Makes quota's
        almost useless in an ISP environment.

Closes: PR#bin/1111

Submitted by:	 Charles Henrich <henrich@crh.cl.msu.edu>
1996-10-22 21:01:01 +00:00
Bill Paul
2c33b20a87 Add a couple of reserved port checks: don't talk to either ypserv
or rpc.ypxfrd processes on remote systems that aren't bound to reserved
ports. The servers already do reserved port checks on the clients.

Obtained from: scrutinizing the OpenBSD ypxfr sources. (Note that this
applies to the ypserv check only; OpenBSD doesn't have an rpc.ypxfrd.)
1996-10-20 19:52:53 +00:00
Andrey A. Chernov
43658eac64 Implement alternative strategy if it is impossible to confirm
password: ask for it, but don't tell that S/key password required.
It looks like non-s/key system from outside.

Additionally tell that s/key required when it is so for normal case
1996-10-18 17:09:26 +00:00
John Polstra
16804804df Fix two minor typos in the manual page. 1996-10-18 04:49:43 +00:00
Andrey A. Chernov
28fbb50335 Oops, fix my previous commit, now tell user his s/key parameters 1996-10-17 17:46:00 +00:00
Andrey A. Chernov
28ed0fe08b Don't ever ask for password if it is impossible to confirm it
It happens if 1) regular passwords not allowed, 2) skey database
not activated for given user.
Under some rare circumstanes skey_challenge can return empty
diagnostic or even previous buffer, fix it.
1996-10-17 17:06:04 +00:00
John Polstra
e5bbb2e4b5 Add the search directories from the hints file only the first time it is
opened.  After that, the directories are already present, and there is
no point in adding them again.  This doesn't fix any bugs; it's just for
efficiency.
1996-10-10 23:16:50 +00:00
John Polstra
9151bb8d2d Fix a bug that caused a segmentation violation if dlsym() was called
with its first argument equal to NULL.
1996-10-10 04:10:32 +00:00
Wolfram Schneider
8607faf466 correct spelling of 'X Window System' (tm) 1996-10-06 17:59:28 +00:00
Wolfram Schneider
e83201b43a delete doubled words, e.g.: "the the" -> "the" 1996-10-05 22:27:30 +00:00
Nate Williams
9ac501e21b There's no need to 'unsetenv()' unsafe environment variables explicitly
since rt_readenv() already takes care of not setting unsafe variables.
This was part of the changes I submitted to Peter and John during the
review which must have gotten missed.
1996-10-01 16:09:18 +00:00
Peter Wemm
3e17261bac Sigh, oh well, here's my obligigatory "oops" commit. I don't quite know
how I managed to get this out of sync, but I did.  I guess that's what I
get for directly committing from different machines that I was testing on.

Pointed out by: Paul Traina <pst@freebsd.org>
1996-10-01 11:54:38 +00:00
Peter Wemm
5584286a91 Update to handle new version ld.so.hints and info in executable for
configurable fallback search paths, as well as new crt interface version.

Also:
 - even faster getenv(), get all environment variable settings in a single
   pass.
 - ldd printf-like format specifications
 - minor code cleanups, one vsprintf -> vsnprintf (harmless)

The library search sequence is a little more complete now. Before,
it'd search $LD_LIBRARY_PATH (by opendir/readdir/closedir), then read
the hints file, then read /usr/lib (again by scanning thr directory).  It
would then fail if there was no "found" library.

Now, it does LD_LIBRARY_PATH and the hints file the same, but then uses
a longer fallback path.  The -R path is fetched from the executable if
specified at build time, the ldconfig path is appended, and /usr/lib is
appended to that. Duplicates are suppressed.  This means that simply
placing a new library in /usr/local/lib will work (the same as it did in
/usr/lib) without needing ldconfig -m.  It will find it quicker if the
ldconfig is run though.

Similar changes have been made to the NetBSD ld.so, but ours is rather
different now due to John Polstra's speedups and fixes from a while back.

The ldd printf-like format support came direct from NetBSD.

Reviewed by: nate, jdp
1996-10-01 01:52:03 +00:00
Peter Wemm
b186571cf6 Update the backends to go with the top-level ld changes. The non-i386
changes are for completeness, I don't think they work.  There are changes
to deal with the new include files.

Obtained from: NetBSD (mostly)
1996-10-01 01:28:10 +00:00
Peter Wemm
d0a184df5d Support for .weak (in addition to the N_INDR stab) for gcc/g++. Also deal
with the -R option and store the path in the dynamic header when specified.
The $LD_RUN_PATH environment variable is not checked yet.

While here, split up the code a bit more to enable more selective replacing
of GPL'ed components that are linked with ld.so with others.

Obtained from: NetBSD (mostly, the breakup is my fault)
1996-10-01 01:22:51 +00:00
Wolfram Schneider
e0e5145ce6 add missing comma(s) in .Xr macros 1996-09-23 22:24:39 +00:00
Wolfram Schneider
148531ef1e add forgotten $Id$ 1996-09-22 21:56:57 +00:00
Warner Losh
8ea3178507 Reviewed by: Bill Fenner <fennder@parc.xerox.com>
Reviewed by:	Garrett Wollman <wollman@freebsd.org>
Submitted by:	Warner Losh <imp@village.org>
Close PR bin/1145:
	Add -s flag to tftpd.  This enables the so-called secure mode
of tftpd where it chroots to a given directory before allowing access
to the files.  In addition, it runs as nobody when in this mode.
Reviewed a long time ago by Bill and Garrett.  Apply my patch from the
pr, and close the PR.
1996-09-22 04:19:27 +00:00
Paul Traina
39ea627d62 Fix some compilation warnings. 1996-09-21 18:01:23 +00:00
Bruce Evans
9e04d4c7f5 This should have gone away with the COMPAT_43 cruft. cgetent() is now
used instead of the rudimentary routines here.
1996-09-20 11:19:00 +00:00
Poul-Henning Kamp
d3e560a1d3 Make the inetd suggestion slightly less confusing. 1996-09-19 08:21:18 +00:00
Bruce Evans
eaa86f9d7f Don't use __dead or __pure in user code. They were obfuscations
for gcc >= 2.5 and no-ops for gcc >= 2.6.  Converted to use __dead2
or __pure2 where it wasn't already done, except in math.h where use
of __pure was mostly wrong.
1996-09-14 03:00:32 +00:00
Bruce Evans
87d0dcafca Use `install -C' instead of lots of shell commands to install ld.so
as atomically as possible.

(Immutable targets can't be renamed without opening a window when
neither the source nor the target is immutable.  Perhaps there
should be a rename_immutable syscall to do this if unsetting the
immutable flags would work.)
1996-09-12 03:42:54 +00:00
Paul Traina
86ca32cd60 bootpd.dump is in /tmp 1996-09-11 01:37:24 +00:00
Peter Wemm
163d0a5fb8 wrong C bracketing, *blush*... 1996-09-07 02:17:29 +00:00
Peter Wemm
f533eaf1c0 zap #include <sgtty.h>, it's not used. 1996-09-07 02:08:35 +00:00
Peter Wemm
2a29592214 Another sgtty use bites the dust.. 1996-09-07 02:05:53 +00:00
Bruce Evans
5b963fa12e Fixed DPADD. 1996-09-05 17:16:10 +00:00
Bruce Evans
680b396b51 Removed unused `-I.'s from CFLAGS.
"." means the object directory, so it is just confusing to use it
when nothing is included from the object directory unless the object
directory is also the source directory.  It is confusing for "."
not to mean the source directory anyway, so used `-I.'s should be
replaced by `-I${.OBJDIR}'.
1996-09-04 22:25:35 +00:00
Andrey A. Chernov
ea9ce57fe2 Unlocalize date 1996-09-01 00:53:45 +00:00
Peter Wemm
05403b9a0d Add named-xfer 1996-08-29 22:17:27 +00:00
Peter Wemm
b433e12930 build bind-4.9.4-P1 named-xfer in it's own directory 1996-08-29 21:50:49 +00:00
Wolfram Schneider
5a80fb277e sync copyright with /usr/share/examples/etc/bsd-style-copyright 1996-08-27 20:04:45 +00:00
Mike Pritchard
c0b0bcf4d3 Use the .Bx macro where appropriate. 1996-08-23 20:36:11 +00:00
Mike Pritchard
0f7785061e Use the .At macro where appropriate. 1996-08-23 01:06:24 +00:00
Mike Pritchard
85cf659a76 Use the .Fx macro where appropriate. 1996-08-23 00:57:08 +00:00
Peter Wemm
326bbdd92f Add a ``-P altlogin'' option which allows the sysadmin to specify an
alternate login(1) type program to run.
1996-08-13 07:51:45 +00:00
Julian Elischer
105a3c98b9 Reviewed by: various
Submitted by:	archie@whistle.com

allow ftpd to bind to a single address/interface
this allows easy split services.
1996-08-09 22:22:30 +00:00
Mark Murray
9aca17cb12 Tidy up the Kerberised bits. While I'm here, fix some -Wall complaints. 1996-08-09 09:02:31 +00:00
Poul-Henning Kamp
3cde2031c8 Fix another bogon. 1996-08-06 14:29:06 +00:00
Poul-Henning Kamp
0bb6e9ed65 Make password checking in ftpd work again. 1996-08-06 08:43:43 +00:00
Paul Traina
a5a4544e77 Convert STATS and PARANOID to run-time options.
Document the new -R (relax paranoia) option.

From NetBSD/Lite2: code and man page cleanups, Kerberos IV hooks
(relax, we're still exportable), and /etc/ftpchroot feature for
semi-anonymous accounts
1996-08-05 00:21:15 +00:00
Paul Traina
61f891a6df If PARANOID is set, do not allow PORT commands to remote ports less than 1024
or addresses other than the requestor's address.  This violates the FTP
protocol (hmm...as I write this, I'm going to change this to a run-time var.)

Require login before PASV and RNTO commands.

Close unused PASV ports so they don't hang around forever.

Do not allow file overwrites via rename or STOR when anonymous
(suspenders).

Clean up buffer utilization.

My code, but heavily inspired by Hobbit's changes to wu-ftpd as pointed out
by Mike Prettejohn and Kit Knox.
1996-08-04 22:40:35 +00:00
Bill Paul
09cd72056a Use err() instead of perror()/exit() and remember to #include <errno.h>
and <err.h>.
1996-08-04 19:17:15 +00:00
Adam David
30c690ce79 consistent presentation of emphasis 1996-07-23 12:21:46 +00:00
Bruce Evans
884d83ff09 Include <sys/types.h> before including <grp.h> so that this doesn't
depend on <stdio.h> bogusly including <sys/types.h>

Reordered includes to satisfy KNF rules.
1996-07-12 05:55:38 +00:00
Wolfram Schneider
e3908fd51f add manpage getNAME(1) 1996-07-08 20:18:28 +00:00
Bill Paul
78acff3281 Fill in new arguments in the ypxfr_getmap structure (byte order,
db type, filename) and check for new failure codes (db mismatch,
endian mismatch).
1996-07-04 02:13:11 +00:00
Bill Paul
4c2e2040b6 Improve performance with very large user databases by increasing
hash table size from 256 to 1024.

Generate output that looks more like the SunOS mknetid: uses a space
instead of tabs for white space.

Fix typo in comment in hash.h: Groupit -> Groupid.
1996-06-27 05:42:01 +00:00
Bill Paul
281a1128d8 Turn on mknetid. 1996-06-25 20:32:30 +00:00
Bill Paul
ca09eb424c (This import had better work correctly or so help me I'll move to
the Himalayas and become a hermit.)

Import new mknetid program. This replaces the crufty, soon to be defunct
mknetid script packaged with ypserv.

This program parses the group, passwd, hosts and netid databases into
the netid.byname map. Duplicate checking is performed using hash tables.
Testing on my 486DX2/66 with FreeBSD 2.1.0 showed that this program can
process a 30,000-entry passwd database into a netid map (along with
assorted group and hosts information) in about 22 seconds. On my SPARC IPX
with SunOS 4.1.3, it takes about 15 seconds. This compares favorably with
the SunOS mknetid program, which parses the same database(s) in 13 seconds.
(With smaller databases, my program is actually slightly faster. Go
figure.)
1996-06-25 20:26:38 +00:00
Andrey A. Chernov
333468bac7 If hostname > UT_HOSTSIZE, use its numerical address instead to keep
valid utmp and wtmp entries
1996-06-17 14:59:07 +00:00
Bill Paul
1ed0ebdc98 Take ypxfrd_xdr.c out of SRCS line. It should be included in librpcsvc,
which ypxfr links with. (Sorry: left over development bogon.)

Just a reminder: you must rebuild librpcsvc before you build
this program.

Pointed out by: Stephen Hocking
1996-06-06 03:58:06 +00:00
Bill Paul
16deb43a45 Add support for rpc.ypxfrd and document it in the man page.
Also generallize the yp_dbwrite functions a little: allow the caller
to specify certain flags. I need this mostly for some changes to
rpc.yppasswdd to allow in-place updates.

Also change Makefile a little to use the same format as ypserv.
1996-06-05 05:42:52 +00:00
Paul Traina
6cde43480c Pass in both username and file to jkfprintf 1996-06-04 15:42:09 +00:00
Poul-Henning Kamp
6b5139742c backout yacc changes 1996-06-02 17:10:13 +00:00
Peter Wemm
40e9d39e59 Use the sysctl settable data port ranges rather than the statically
compiled values.  see sysctl net.inet.ip.portrange.* and the IP_PORTRANGE
discussion in <netinet/in.h>
1996-05-31 03:10:25 +00:00
Poul-Henning Kamp
9ad70fa0b2 Fix yacc rule usage. 1996-05-30 21:29:03 +00:00
John Polstra
1dd43c183e When checking to see whether a needed shared library has already
been loaded, look for a match by device and inode number if the
traditional pathname comparisons don't find a match.  This detects
the case in which a library is requested using two different names
which are really links to the same file, and avoids loading it
twice.

Requested by:	peter@freebsd.org
Reviewed by:	peter@freebsd.org
1996-05-22 06:34:12 +00:00
Bill Paul
d7b71c676e Small touchups:
- Fix typos in comments in hash.c.
- Remove unneeded and unused member from grouplist struct in hash.h.
  (Curiously, the compiler never complained about this even though the
   member was of type 'struct grps' which is not defined anywhere in
   this program.)
- char ch -> int ch in revnetgroup.c.
- char *argv[0]; -> char *argv[]; also in revnetgroup.c.
- Force the user to specify at least one of the -u or -h flags
  and complain if they specify both.
1996-05-12 17:17:45 +00:00
Wolfram Schneider
9fb933075e `mv'' -> `mv -f''
``rm'' -> ``rm -f''
so mv/rm may not ask for confirmation if you are not root
1996-05-07 23:19:49 +00:00
Bill Paul
a7bd0e76fc phkmalloc doesn't like the call to xdr_free() in ypxfr_get_master().
Nuke it.
1996-05-07 21:08:20 +00:00
Andrey A. Chernov
03749d174f Localize time 1996-05-07 19:10:32 +00:00
Andrey A. Chernov
65fe4a53c3 Replace non-POSIX speed setting by POSIX one 1996-05-07 16:42:26 +00:00
Joerg Wunsch
cae66988a1 Finally commit the changes that make getty(8) no longer depend on the
COMPAT_43 cruft.  This is supposedly the last core utility that has
been using it!  (So now, one should be able to remove this option from
the config files.  Be aware that the last officially released xterm
however still requires it.)

The getty has been running now for several weeks on my modem line, so
i feel safe about it.

Obtained from:	mostly from the NetBSD vendor-branch
1996-05-05 19:01:13 +00:00
Bill Paul
b95c787ed4 Small tweak to yp_put_record(): call the DB put routine with the
R_NOOVERWRITE flag and process return codes so that we can tell the
difference between a failure due to a duplicate database entry and
failure due to some other error.
1996-04-28 03:59:56 +00:00
John Polstra
dd2b076850 Implement support for LD_PRELOAD in the dynamic linker. Remove
descriptions of LD_NO_INTERN_SEARCH and LD_NOSTD_PATH from the manual
page, since they are not supported.

Submitted by:	Doug Ambrisko <ambrisko@ambrisko.roble.com>
1996-04-20 18:29:50 +00:00
John Polstra
c049096e82 Implement support for LD_PRELOAD in the dynamic linker.
Submitted by:	Doug Ambrisko <ambrisko@ambrisko.roble.com>
1996-04-20 18:27:56 +00:00
Joerg Wunsch
474bf6693a This commit was generated by cvs2svn to compensate for changes in r15249,
which included commits to RCS files with non-trunk default branches.
1996-04-13 15:33:16 +00:00
Joerg Wunsch
712c581c89 Import NetBSD's termios'ed getty into a vendor branch.
Obtained from:	NetBSD 1.1R
1996-04-13 15:33:16 +00:00
Joerg Wunsch
5e814ff6c2 Introduce a -b option for sites who are not interested in the old biff
service.  (Avoid a ``in_vain'' warning...)
1996-04-13 11:44:12 +00:00
David Greenman
cf09a2067c Implemented a "-D" option that causes ftpd to detach and become a daemon -
accepting connections on the FTP port and forking children processes to
handling them. This is lower overhead than spawning ftpd from inetd and
can be a significant win on busy FTP servers. Be sure to disable ftpd in
inetd.conf if you decide to use this option.
These changes are based on similar changes I made to wu-ftpd and have
been in use on wcarchive for several months.
1996-04-11 10:22:16 +00:00
Mike Pritchard
edf0e5b3f8 Correct some man page xrefs, and some other minor changes to bring some
man pages up to mdoc guidelines and fix some minor formatting glitches.
Also fixed a number of man pages to not abuse the .Xr macro to
display functions and path names and a lot of other junk.
1996-04-08 04:18:31 +00:00
Joerg Wunsch
ea5256699d Import the 4.4Lite2 getty into a vendor branch. 1996-04-07 10:28:57 +00:00
Mike Pritchard
906c1e27fc Correct some man page cross references and file location references. 1996-04-07 00:06:21 +00:00
Jordan K. Hubbard
a7939d5aa6 Here is a patch to talkd which makes it send the request to the tty with
the lowest idle time.
Submitted by:	loodvrij@gridpoint.com (Bruce J. Keeler)
1996-03-24 09:27:20 +00:00
David Greenman
1332892bcf Fix bug that caused a coredump when attempting to enter passive mode when
not logged in. Original fix slightly altered by me to return the correct
reply code.

Submitted by:	Vadim Kolontsov <vadim@tversu.ac.ru>
1996-03-18 11:09:03 +00:00
Mike Pritchard
b8c8989377 Update the uucpd makefile to install the man page. 1996-02-18 21:38:13 +00:00
Mark Murray
7648a7d3a5 New man page for uucpd. There is precious little info for this thing
available, but I managed to find something in the BSD4.4 uucico(8)
docs.

Closes pr docs/131.
1996-02-18 20:32:30 +00:00
Bill Paul
b6248eebf5 Turn on ypxfr. 1996-02-13 14:59:20 +00:00
Joerg Wunsch
2ec6fd6a09 Include both, the regular and the `secure' telnetd, when building
a release.
1996-02-13 09:20:16 +00:00
Mike Pritchard
78b0b234eb Correct a bunch of man page cross references and generally
try and silence "manck".

ncurses, rpc, and some of the gnu stuff are still a big mess, however.
1996-02-11 22:38:05 +00:00
Mark Murray
bbff7ca556 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
Mike Pritchard
c4c23c4df8 Another round of various man page cleanups. 1996-02-09 17:25:57 +00:00