| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
| |
Idea from: Theo de Raadt <deraadt@openbsd.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
There are protocol issues to deal with.
Bring back this routine (renamed to avoid a library conflict in libssh)
and overhaul it for more 21st Century style coding.
Pointed out by: bde
|
|
|
|
|
| |
Submitted by: bde
Pointy hat: markm
|
|
|
|
| |
wanting static apps).
|
|
|
|
| |
Asked for by: BDE
|
|
|
|
|
| |
own" error() routine when errx() is available. This resolves a conflict
when linking statically.
|
| |
|
|
|
|
|
|
|
| |
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c
Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>
|
|
|
|
| |
- MAN[1-9] -> MAN.
|
| |
|
|
|
|
| |
Compatability is not an existing english word.
|
|
|
|
|
|
|
|
| |
The PR also included documentation for other options, but upon
inspection of the source these options aren't used.
PR: docs/24149
Submitted by: Jesse Monroy, Jr. <opentrax@email.com>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
not allocate a pty(4) so it is not suitable at all for interactive
PAM modules. rlogind calls login(1) which is already PAM enabled.
Approved by: markm
|
|
|
|
|
|
| |
password was empty.
Reviewed by: Warner Losh <imp@freebsd.org>
|
|
|
|
| |
This also removes a dependency/reference on COMPAT_43.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of rcmd related function is need to be updated to
support IPv6. Some of them are already updated as standard
document. But there is also several de-facto functions and
they are not listed in standard documents.
They are,
iruserok() (used by rlogind, rshd)
ruserok() (used by kerberos, etc)
KAME package updated those functions in original way.
iruserok_af()
ruserok_af()
But recently there was discussion on IETF IPng mailing
list about how to sync those API, and it is decided,
-Those function is not standard and not documented.
-But let BSDs sync their API as de-facto.
And after some discussion, it is announced that
-add update to iruserok() as iruserok_sa()
-no ruserok() API change(it is only updated internaly)
So I sync those API before 4.0 is released.
The changes are,
-prototype changes
-ruserok() internal update (use iruserok_sa() inside)
-removal of ruserok_af()
-change iruserok_af() as static functioin, and also prefix the name with __.
-add iruserok_sa() (Just call __iruserok_af() inside)
-adding flag AI_ALL to getipnodebyaddr() called from __icheckhost().
This is necessary to support IPv4 communication via AF_INET6 socket
could be correctly authenticated via iruserok_sa()
-irusreok_af() call is replaced to iruserok_sa() call
in rlogind, and rshd.
Approved by: jkh
|
|
|
|
| |
Confirmed by: F. Heinrichmeyer <fritz.heinrichmeyer@fernuni-hagen.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
-inetd
-rshd
-rlogind
-telnetd
-rsh
-rlogin
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|
|
|
|
|
|
|
|
| |
. add Xrs to hosts.equiv(5), auth.conf(5), services(5) to some pages
. sort Xrs in SEE ALSO sections
Patches based on PR: docs/15680
Submitted by: Christian Weisgerber <naddy@mips.rhein-neckar.de>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)
Prompted by: bde
|
|
|
|
|
|
| |
gethostbyaddr() & gethostbyname().
Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
|
|
|
|
|
|
| |
my check of the tree was incomplete. Sorry guys.
Reported by: Ben Smithurst <ben@scientia.demon.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
on rshd and rlogind. However, note that:
1: rshd used to drop a connection with -a if the hostname != ip address.
This is unneeded, because iruserok() does it's own checking.
It was also wrong if .rhosts had an explicit IP address in it,
connections would be dropped from that host solely because the DNS was
mismatched even though it was explicitly intended to work by IP address.
2: rlogind and rshd check the hostname mappings by default now because that
is what goes into the utmp/wtmp and logs. If the hostname != ip address,
then it uses the IP address for logging/utmp/wtmp purposes. There isn't
much point logging ficticious hostnames.
3: rshd -a is now accepted (but ignored) for compatability. If you really
want to make life miserable for people with bad reverse DNS, use tcpd in
paranoid mode (which is questionable anyway, given DNS ttl tweaking).
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Pointed out by: Nathan Torkington <gnat@prometheus.frii.com> PR 5585
|
| |
|
| |
|
|
|
|
| |
Also make -Wall a bit quieter
|
| |
|
| |
|
| |
|
|
|
|
|
| |
second socket. If we're going to check for reserved ports, we should
do it properly.
|
|
|
|
| |
posix standard on the topic.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rev 1.13 deraadt:
do not warn about valid options; invalid options correctly quit
Rev 1.12 deraadt:
need not clear options since bad ones cause exit;
provos@ws1.physnet.uni-hamburg.de
Rev 1.11 deraadt:
IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed
out by provos@wserver.physnet.uni-hamburg.de. also another 1-char
buffer overflow.
Reviewed by: Peter Wemm
Obtained from: OpenSBD
|
|
|
|
|
| |
could still clobber the static storage, yielding an error message with
a wrong hostname.
|