From 0772d05c3dce1f9a9cd4a13ebd0a180334e8f851 Mon Sep 17 00:00:00 2001 From: basebuilder_pel7x64builder0 Date: Tue, 27 Nov 2018 14:39:35 +0100 Subject: [PATCH] rsh package update Signed-off-by: basebuilder_pel7x64builder0 --- ...e-pointer-returned-from-rcp_basename.patch | 45 ++ ...kaddr_in-for-non-native-IPv6-clients.patch | 50 ++ ...1-rshd-use-upper-bound-for-cmdbuflen.patch | 30 + ...ckaddr_in-for-non-native-IPv6-client.patch | 45 ++ SOURCES/netkit-rsh-0.10-stdarg.patch | 43 ++ SOURCES/netkit-rsh-0.16-jbj.patch | 33 + SOURCES/netkit-rsh-0.16-jbj4.patch | 14 + SOURCES/netkit-rsh-0.16-nokrb.patch | 231 ++++++ SOURCES/netkit-rsh-0.16-prompt.patch | 37 + SOURCES/netkit-rsh-0.16-rlogin=rsh.patch | 10 + SOURCES/netkit-rsh-0.17-arg_max.patch | 82 +++ SOURCES/netkit-rsh-0.17-audit.patch | 258 +++++++ SOURCES/netkit-rsh-0.17-chdir.patch | 57 ++ SOURCES/netkit-rsh-0.17-checkdir.patch | 22 + SOURCES/netkit-rsh-0.17-dns.patch | 60 ++ SOURCES/netkit-rsh-0.17-errno.patch | 51 ++ SOURCES/netkit-rsh-0.17-ignchld.patch | 22 + SOURCES/netkit-rsh-0.17-ipv6-rexec.patch | 148 ++++ SOURCES/netkit-rsh-0.17-ipv6.patch | 451 ++++++++++++ SOURCES/netkit-rsh-0.17-lfs.patch | 25 + SOURCES/netkit-rsh-0.17-longname.patch | 25 + SOURCES/netkit-rsh-0.17-nohost.patch | 63 ++ .../netkit-rsh-0.17-nohostcheck-compat.patch | 37 + SOURCES/netkit-rsh-0.17-pam-conv.patch | 95 +++ SOURCES/netkit-rsh-0.17-pam-nologin.patch | 14 + SOURCES/netkit-rsh-0.17-pam-rhost.patch | 13 + SOURCES/netkit-rsh-0.17-pam-sess.patch | 12 + SOURCES/netkit-rsh-0.17-pam-warning.patch | 17 + SOURCES/netkit-rsh-0.17-pam_env.patch | 36 + .../netkit-rsh-0.17-pre20000412-jbj5.patch | 29 + SOURCES/netkit-rsh-0.17-rcp-largefile.patch | 11 + SOURCES/netkit-rsh-0.17-remote-close.patch | 12 + SOURCES/netkit-rsh-0.17-rexec-cmdbuflen.patch | 34 + SOURCES/netkit-rsh-0.17-rexec-netrc.patch | 251 +++++++ SOURCES/netkit-rsh-0.17-rexec-sig.patch | 17 + SOURCES/netkit-rsh-0.17-rexec.patch | 55 ++ SOURCES/netkit-rsh-0.17-rh448904.patch | 26 + SOURCES/netkit-rsh-0.17-rh461903.patch | 17 + SOURCES/netkit-rsh-0.17-rh473492.patch | 64 ++ SOURCES/netkit-rsh-0.17-rh650119.patch | 12 + SOURCES/netkit-rsh-0.17-rh710987.patch | 19 + SOURCES/netkit-rsh-0.17-rh784467.patch | 50 ++ SOURCES/netkit-rsh-0.17-rh896583.patch | 22 + SOURCES/netkit-rsh-0.17-rh947213.patch | 65 ++ SOURCES/netkit-rsh-0.17-rlogin-linefeed.patch | 58 ++ SOURCES/netkit-rsh-0.17-sectty.patch | 32 + SOURCES/netkit-rsh-0.17-strip.patch | 66 ++ SOURCES/netkit-rsh-0.17-userandhost.patch | 70 ++ SOURCES/rexec.pam | 11 + SOURCES/rexec.socket | 9 + SOURCES/rexec@.service | 8 + SOURCES/rlogin.pam | 13 + SOURCES/rlogin.socket | 10 + SOURCES/rlogin@.service | 9 + SOURCES/rsh.pam | 11 + SOURCES/rsh.socket | 9 + SOURCES/rsh@.service | 8 + SPECS/rsh.spec | 660 ++++++++++++++++++ 58 files changed, 3684 insertions(+) create mode 100644 SOURCES/0001-rcp-don-t-advance-pointer-returned-from-rcp_basename.patch create mode 100644 SOURCES/0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch create mode 100644 SOURCES/0001-rshd-use-upper-bound-for-cmdbuflen.patch create mode 100644 SOURCES/0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch create mode 100644 SOURCES/netkit-rsh-0.10-stdarg.patch create mode 100644 SOURCES/netkit-rsh-0.16-jbj.patch create mode 100644 SOURCES/netkit-rsh-0.16-jbj4.patch create mode 100644 SOURCES/netkit-rsh-0.16-nokrb.patch create mode 100644 SOURCES/netkit-rsh-0.16-prompt.patch create mode 100644 SOURCES/netkit-rsh-0.16-rlogin=rsh.patch create mode 100644 SOURCES/netkit-rsh-0.17-arg_max.patch create mode 100644 SOURCES/netkit-rsh-0.17-audit.patch create mode 100644 SOURCES/netkit-rsh-0.17-chdir.patch create mode 100644 SOURCES/netkit-rsh-0.17-checkdir.patch create mode 100644 SOURCES/netkit-rsh-0.17-dns.patch create mode 100644 SOURCES/netkit-rsh-0.17-errno.patch create mode 100644 SOURCES/netkit-rsh-0.17-ignchld.patch create mode 100644 SOURCES/netkit-rsh-0.17-ipv6-rexec.patch create mode 100644 SOURCES/netkit-rsh-0.17-ipv6.patch create mode 100644 SOURCES/netkit-rsh-0.17-lfs.patch create mode 100644 SOURCES/netkit-rsh-0.17-longname.patch create mode 100644 SOURCES/netkit-rsh-0.17-nohost.patch create mode 100644 SOURCES/netkit-rsh-0.17-nohostcheck-compat.patch create mode 100644 SOURCES/netkit-rsh-0.17-pam-conv.patch create mode 100644 SOURCES/netkit-rsh-0.17-pam-nologin.patch create mode 100644 SOURCES/netkit-rsh-0.17-pam-rhost.patch create mode 100644 SOURCES/netkit-rsh-0.17-pam-sess.patch create mode 100644 SOURCES/netkit-rsh-0.17-pam-warning.patch create mode 100644 SOURCES/netkit-rsh-0.17-pam_env.patch create mode 100644 SOURCES/netkit-rsh-0.17-pre20000412-jbj5.patch create mode 100644 SOURCES/netkit-rsh-0.17-rcp-largefile.patch create mode 100644 SOURCES/netkit-rsh-0.17-remote-close.patch create mode 100644 SOURCES/netkit-rsh-0.17-rexec-cmdbuflen.patch create mode 100644 SOURCES/netkit-rsh-0.17-rexec-netrc.patch create mode 100644 SOURCES/netkit-rsh-0.17-rexec-sig.patch create mode 100644 SOURCES/netkit-rsh-0.17-rexec.patch create mode 100644 SOURCES/netkit-rsh-0.17-rh448904.patch create mode 100644 SOURCES/netkit-rsh-0.17-rh461903.patch create mode 100644 SOURCES/netkit-rsh-0.17-rh473492.patch create mode 100644 SOURCES/netkit-rsh-0.17-rh650119.patch create mode 100644 SOURCES/netkit-rsh-0.17-rh710987.patch create mode 100644 SOURCES/netkit-rsh-0.17-rh784467.patch create mode 100644 SOURCES/netkit-rsh-0.17-rh896583.patch create mode 100644 SOURCES/netkit-rsh-0.17-rh947213.patch create mode 100644 SOURCES/netkit-rsh-0.17-rlogin-linefeed.patch create mode 100644 SOURCES/netkit-rsh-0.17-sectty.patch create mode 100644 SOURCES/netkit-rsh-0.17-strip.patch create mode 100644 SOURCES/netkit-rsh-0.17-userandhost.patch create mode 100644 SOURCES/rexec.pam create mode 100644 SOURCES/rexec.socket create mode 100644 SOURCES/rexec@.service create mode 100644 SOURCES/rlogin.pam create mode 100644 SOURCES/rlogin.socket create mode 100644 SOURCES/rlogin@.service create mode 100644 SOURCES/rsh.pam create mode 100644 SOURCES/rsh.socket create mode 100644 SOURCES/rsh@.service create mode 100644 SPECS/rsh.spec diff --git a/SOURCES/0001-rcp-don-t-advance-pointer-returned-from-rcp_basename.patch b/SOURCES/0001-rcp-don-t-advance-pointer-returned-from-rcp_basename.patch new file mode 100644 index 00000000..30a3d0d3 --- /dev/null +++ b/SOURCES/0001-rcp-don-t-advance-pointer-returned-from-rcp_basename.patch @@ -0,0 +1,45 @@ +From b86a7a6af20330dbf87264da768a9d317e210dbb Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 26 Mar 2015 14:10:51 +0100 +Subject: [PATCH] rcp: don't advance pointer returned from rcp_basename + +--- + rcp/rcp.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff -up netkit-rsh-0.17/rcp/rcp.c.basename netkit-rsh-0.17/rcp/rcp.c +--- netkit-rsh-0.17/rcp/rcp.c.basename 2015-03-26 14:19:25.771159388 +0100 ++++ netkit-rsh-0.17/rcp/rcp.c 2015-03-26 14:28:23.233938529 +0100 +@@ -98,6 +98,7 @@ static void usage(void); + static void toremote(const char *targ, int argc, char *argv[]); + static void tolocal(int argc, char *argv[]); + static void error(const char *fmt, ...); ++static char *rcp_basename(char *path); + + int + main(int argc, char *argv[]) +@@ -464,11 +465,11 @@ notreg: (void)close(f); + error("rcp: %s: not a plain file\n", name); + continue; + } +- last = strrchr(name, '/'); ++ ++ last = rcp_basename(name); + if (last == 0) + last = name; +- else +- last++; ++ + if (pflag) { + /* + * Make it compatible with possible future +@@ -556,8 +557,7 @@ rsource(char *name, struct stat *statp) + last = rcp_basename(name); + if (last == 0) + last = name; +- else +- last++; ++ + if (pflag) { + (void)snprintf(path, sizeof(path), + "T%ld 0 %ld 0\n", statp->st_mtime, statp->st_atime); diff --git a/SOURCES/0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch b/SOURCES/0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch new file mode 100644 index 00000000..14eb61f8 --- /dev/null +++ b/SOURCES/0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch @@ -0,0 +1,50 @@ +From dfc2da58520df75fc1a2506ebc4142085ed2ba1c Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 14 Jun 2013 15:38:02 +0200 +Subject: [PATCH 1/2] rshd: use sockaddr_in for non-native IPv6 clients + +When client has IPv4 address but connection was made via AF_INET6 +socket, then convert socket structure representing client back +to sockaddr_in so we don't confuse pam_rhosts authentication with +IPv4-mapped IPv6 address. +--- + rshd/rshd.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/rshd/rshd.c b/rshd/rshd.c +index d1ea0e9..e8cdfe2 100644 +--- a/rshd/rshd.c ++++ b/rshd/rshd.c +@@ -644,6 +644,29 @@ static void network_init(int fd, + syslog(LOG_ERR, "getpeername: %m"); + _exit(1); + } ++ ++ if (((struct sockaddr_in *) fromp)->sin_family == AF_INET6 && ++ IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) fromp)->sin6_addr)) { ++ ++ struct addrinfo *res, hints = {}; ++ char client_addr[INET6_ADDRSTRLEN] = {}; ++ char client_port[6] = {}; ++ ++ inet_ntop(AF_INET6, &((struct sockaddr_in6 *) fromp)->sin6_addr, ++ client_addr, sizeof(client_addr)); ++ ++ sprintf(client_port, "%d", ntohs(((struct sockaddr_in6 *) fromp)->sin6_port)); ++ ++ hints.ai_family = AF_INET; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV; ++ ++ getaddrinfo(client_addr, client_port, &hints, &res); ++ ++ memcpy(fromp, res->ai_addr, sizeof(struct sockaddr_in6)); ++ freeaddrinfo(res); ++ } ++ + if (keepalive && + setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, + sizeof(on)) < 0) +-- +1.8.1.4 + diff --git a/SOURCES/0001-rshd-use-upper-bound-for-cmdbuflen.patch b/SOURCES/0001-rshd-use-upper-bound-for-cmdbuflen.patch new file mode 100644 index 00000000..1cf60eff --- /dev/null +++ b/SOURCES/0001-rshd-use-upper-bound-for-cmdbuflen.patch @@ -0,0 +1,30 @@ +From 4f543ec56d023905ec22e4b6325f834bce4a624a Mon Sep 17 00:00:00 2001 +From: Adam Tkac +Date: Mon, 5 May 2014 12:01:41 +0200 +Subject: [PATCH] rshd: use upper bound for cmdbuflen + +--- + rshd/rshd.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/rshd/rshd.c b/rshd/rshd.c +index 66c5703..487c969 100644 +--- a/rshd/rshd.c ++++ b/rshd/rshd.c +@@ -430,7 +430,12 @@ doit(struct sockaddr_storage *fromp, socklen_t fromlen) + exit (1); + } + +- cmdbuf = malloc (++cmdbuflen); ++ cmdbuflen++; ++ /* Decrease cmdbuflen to reasonable number if it's too high */ ++ if ((size_t) cmdbuflen > 131072) ++ cmdbuflen = 131072; ++ ++ cmdbuf = malloc (cmdbuflen); + if (cmdbuf == NULL) { + syslog (LOG_ERR, "Could not allocate space for cmdbuf"); + exit (1); +-- +1.8.3.1 + diff --git a/SOURCES/0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch b/SOURCES/0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch new file mode 100644 index 00000000..ba599d83 --- /dev/null +++ b/SOURCES/0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch @@ -0,0 +1,45 @@ +From 6e0abc319fa8d1f17c4cd1bfa633b9aa10ef5370 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 14 Jun 2013 16:34:58 +0200 +Subject: [PATCH 2/2] rlogind: use sockaddr_in for non-native IPv6 client + +--- + rlogind/network.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/rlogind/network.c b/rlogind/network.c +index 8c2a975..db272fd 100644 +--- a/rlogind/network.c ++++ b/rlogind/network.c +@@ -204,6 +204,28 @@ network_init(int f, int *hostokp) + #endif + fromp = &from; + ++ if (((struct sockaddr_in *) fromp)->sin_family == AF_INET6 && ++ IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) fromp)->sin6_addr)) { ++ ++ struct addrinfo *res, hints = {}; ++ char client_addr[INET6_ADDRSTRLEN] = {}; ++ char client_port[6] = {}; ++ ++ inet_ntop(AF_INET6, &((struct sockaddr_in6 *) fromp)->sin6_addr, ++ client_addr, sizeof(client_addr)); ++ ++ sprintf(client_port, "%d", ntohs(((struct sockaddr_in6 *) fromp)->sin6_port)); ++ ++ hints.ai_family = AF_INET; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV; ++ ++ getaddrinfo(client_addr, client_port, &hints, &res); ++ ++ memcpy(fromp, res->ai_addr, sizeof(struct sockaddr_in6)); ++ freeaddrinfo(res); ++ } ++ + alarm(60); + read(f, &c, 1); + +-- +1.8.1.4 + diff --git a/SOURCES/netkit-rsh-0.10-stdarg.patch b/SOURCES/netkit-rsh-0.10-stdarg.patch new file mode 100644 index 00000000..584e762e --- /dev/null +++ b/SOURCES/netkit-rsh-0.10-stdarg.patch @@ -0,0 +1,43 @@ +--- netkit-rsh-0.10/rcp/rcp.c 1999-04-18 05:16:49-04 1.1 ++++ netkit-rsh-0.10/rcp/rcp.c 1999-04-18 05:40:52-04 +@@ -836,19 +836,33 @@ + error(const char *fmt, ...) + { + static FILE *fp; +- va_list ap; +- +- va_start(ap, fmt); ++ char buf[1000]; + + ++errs; + if (!fp && !(fp = fdopen(rem, "w"))) + return; +- fprintf(fp, "%c", 0x01); +- vfprintf(fp, fmt, ap); ++ ++ /* (fmt,...) might need to go to two streams. ++ * ++ * In { va_start ; vfprintf ; vfprintf ; va_end }, second ++ * vfprintf didn't restart (ie: vfprintf affects ap) (glibc) ++ * ++ * Is { va_start ; vfprintf ; va_end} * 2 even allowed? ++ * ++ * => Dump (fmt,...) to buffer. */ ++ ++ { ++ va_list ap; ++ va_start(ap, fmt); ++ vsnprintf(buf, sizeof(buf), fmt, ap); ++ buf[sizeof(buf)-1] = 0; ++ va_end(ap); ++ } ++ ++ fprintf(fp, "%c%s", 0x01, buf); + fflush(fp); +- if (!iamremote) vfprintf(stderr, fmt, ap); + +- va_end(ap); ++ if (!iamremote) fputs(buf, stderr); + } + + static void diff --git a/SOURCES/netkit-rsh-0.16-jbj.patch b/SOURCES/netkit-rsh-0.16-jbj.patch new file mode 100644 index 00000000..64495e98 --- /dev/null +++ b/SOURCES/netkit-rsh-0.16-jbj.patch @@ -0,0 +1,33 @@ +--- netkit-rsh-0.16/rcp/Makefile.jbj Tue Dec 21 16:32:51 1999 ++++ netkit-rsh-0.16/rcp/Makefile Tue Dec 21 16:33:16 1999 +@@ -7,7 +7,7 @@ + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + + install: rcp +- install -s -o root -m$(SUIDMODE) rcp $(INSTALLROOT)$(BINDIR) ++ install -s rcp $(INSTALLROOT)$(BINDIR) + install -m$(MANMODE) rcp.1 $(INSTALLROOT)$(MANDIR)/man1 + + clean: +--- netkit-rsh-0.16/rlogin/Makefile.jbj Tue Dec 21 16:33:57 1999 ++++ netkit-rsh-0.16/rlogin/Makefile Tue Dec 21 16:34:08 1999 +@@ -10,7 +10,7 @@ + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + + install: $(PROG) +- install -s -o root -m$(SUIDMODE) $(PROG) $(INSTALLROOT)$(BINDIR) ++ install -s $(PROG) $(INSTALLROOT)$(BINDIR) + install -m $(MANMODE) $(PROG).1 $(INSTALLROOT)$(MANDIR)/man1 + + clean: +--- netkit-rsh-0.16/rsh/Makefile.jbj Tue Dec 21 16:33:28 1999 ++++ netkit-rsh-0.16/rsh/Makefile Tue Dec 21 16:33:44 1999 +@@ -9,7 +9,7 @@ + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + + install: rsh +- install -s -o root -m$(SUIDMODE) rsh $(INSTALLROOT)$(BINDIR) ++ install -s rsh $(INSTALLROOT)$(BINDIR) + install -m$(MANMODE) rsh.1 $(INSTALLROOT)$(MANDIR)/man1 + + clean: diff --git a/SOURCES/netkit-rsh-0.16-jbj4.patch b/SOURCES/netkit-rsh-0.16-jbj4.patch new file mode 100644 index 00000000..73b810e1 --- /dev/null +++ b/SOURCES/netkit-rsh-0.16-jbj4.patch @@ -0,0 +1,14 @@ +--- netkit-rsh-0.16/rshd/Makefile.jbj4 Fri Jan 28 12:17:42 2000 ++++ netkit-rsh-0.16/rshd/Makefile Fri Jan 28 12:17:56 2000 +@@ -6,9 +6,8 @@ + OBJS = rshd.o + + ifeq ($(USE_PAM),1) +-# ? +-CFLAGS += # -DUSE_PAM +-LIBS += -ldl # -lpam -lpam_misc ++CFLAGS += -DUSE_PAM ++LIBS += -ldl -lpam -lpam_misc + endif + + rshd: $(OBJS) diff --git a/SOURCES/netkit-rsh-0.16-nokrb.patch b/SOURCES/netkit-rsh-0.16-nokrb.patch new file mode 100644 index 00000000..f3e06b83 --- /dev/null +++ b/SOURCES/netkit-rsh-0.16-nokrb.patch @@ -0,0 +1,231 @@ +diff -uNr netkit-rsh-0.16/rcp/rcp.1 netkit-rsh-0.16/rcp/rcp.1 +--- netkit-rsh-0.16/rcp/rcp.1 Tue Dec 14 07:52:57 1999 ++++ netkit-rsh-0.16/rcp/rcp.1 Mon May 29 22:52:34 2000 +@@ -41,12 +41,10 @@ + .Sh SYNOPSIS + .Nm rcp + .Op Fl px +-.Op Fl k Ar realm + .Ar file1 file2 + .Nm rcp + .Op Fl px + .Op Fl r +-.Op Fl k Ar realm + .Ar file ... + .Ar directory + .Sh DESCRIPTION +@@ -79,27 +77,6 @@ + modified by the + .Xr umask 2 + on the destination host is used. +-.It Fl k +-The +-.Fl k +-option requests +-.Nm rcp +-to obtain tickets +-for the remote host in realm +-.Ar realm +-instead of the remote host's realm as determined by +-.Xr krb_realmofhost 3 . +-.It Fl x +-The +-.Fl x +-option turns on +-.Tn DES +-encryption for all data passed by +-.Nm rcp . +-This may impact response time and +-.Tn CPU +-utilization, but provides +-increased security. + .El + .Pp + If +@@ -134,11 +111,6 @@ + .Nm rcp + command appeared in + .Bx 4.2 . +-The version of +-.Nm rcp +-described here +-has been reimplemented with Kerberos in +-.Bx 4.3 Reno . + .Sh BUGS + Doesn't detect all cases where the target of a copy might + be a file in cases where only a directory should be legal. +diff -uNr netkit-rsh-0.16/rlogin/rlogin.1 netkit-rsh-0.16/rlogin/rlogin.1 +--- netkit-rsh-0.16/rlogin/rlogin.1 Tue Dec 14 07:52:57 1999 ++++ netkit-rsh-0.16/rlogin/rlogin.1 Mon May 29 22:51:42 2000 +@@ -42,7 +42,6 @@ + .Ar rlogin + .Op Fl 8EKLdx + .Op Fl e Ar char +-.Op Fl k Ar realm + .Op Fl l Ar username + .Ar host + .Sh DESCRIPTION +@@ -50,9 +49,7 @@ + starts a terminal session on a remote host + .Ar host . + .Pp +-.Nm Rlogin +-first attempts to use the Kerberos authorization mechanism, described below. +-If the remote host does not supporting Kerberos the standard Berkeley ++The standard Berkeley + .Pa rhosts + authorization mechanism is used. + The options are as follows: +@@ -71,10 +68,6 @@ + When used with the + .Fl 8 + option, this provides a completely transparent connection. +-.It Fl K +-The +-.Fl K +-option turns off all Kerberos authentication. + .It Fl L + The + .Fl L +@@ -94,25 +87,6 @@ + ``~'' by default. + This specification may be as a literal character, or as an octal + value in the form \ennn. +-.It Fl k +-The +-.FL k +-option requests rlogin to obtain tickets for the remote host +-in realm +-.Ar realm +-instead of the remote host's realm as determined by +-.Xr krb_realmofhost 3 . +-.It Fl x +-The +-.Fl x +-option turns on +-.Tn DES +-encryption for all data passed via the +-rlogin session. +-This may impact response time and +-.Tn CPU +-utilization, but provides +-increased security. + .El + .Pp + A line of the form ``.'' disconnects from the remote host. +@@ -129,35 +103,6 @@ + is transparent. + Flow control via ^S/^Q and flushing of input and output on interrupts + are handled properly. +-.Sh KERBEROS AUTHENTICATION +-Each user may have a private authorization list in the file +-.Pa .klogin +-in their home directory. +-Each line in this file should contain a Kerberos principal name of the +-form +-.Ar principal.instance@realm . +-If the originating user is authenticated to one of the principals named +-in +-.Pa .klogin , +-access is granted to the account. +-The principal +-.Ar accountname.@localrealm +-is granted access if +-there is no +-.Pa .klogin +-file. +-Otherwise a login and password will be prompted for on the remote machine +-as in +-.Xr login 1 . +-To avoid certain security problems, the +-.Pa .klogin +-file must be owned by +-the remote user. +-.Pp +-If Kerberos authentication fails, a warning message is printed and the +-standard Berkeley +-.Nm rlogin +-is used instead. + .Sh ENVIRONMENT + The following environment variable is utilized by + .Nm rlogin : +@@ -167,9 +112,6 @@ + .El + .Sh SEE ALSO + .Xr rsh 1 , +-.Xr kerberos 3 , +-.Xr krb_sendauth 3 , +-.Xr krb_realmofhost 3 + .Sh HISTORY + The + .Nm rlogin +diff -uNr netkit-rsh-0.16/rsh/rsh.1 netkit-rsh-0.16/rsh/rsh.1 +--- netkit-rsh-0.16/rsh/rsh.1 Tue Dec 14 07:52:58 1999 ++++ netkit-rsh-0.16/rsh/rsh.1 Mon May 29 22:51:29 2000 +@@ -41,7 +41,6 @@ + .Sh SYNOPSIS + .Nm rsh + .Op Fl Kdnx +-.Op Fl k Ar realm + .Op Fl l Ar username + .Ar host + .Op command +@@ -62,10 +61,6 @@ + normally terminates when the remote command does. + The options are as follows: + .Bl -tag -width flag +-.It Fl K +-The +-.Fl K +-option turns off all Kerberos authentication. + .It Fl d + The + .Fl d +@@ -74,23 +69,11 @@ + on the + .Tn TCP + sockets used for communication with the remote host. +-.It Fl k +-The +-.Fl k +-option causes +-.Nm rsh +-to obtain tickets for the remote host in +-.Ar realm +-instead of the remote host's realm as determined by +-.Xr krb_realmofhost 3 . + .It Fl l + By default, the remote username is the same as the local username. + The + .Fl l + option allows the remote name to be specified. +-Kerberos authentication is used, and authorization is determined +-as in +-.Xr rlogin 1 . + .It Fl n + The + .Fl n +@@ -99,13 +82,6 @@ + (see the + .Sx BUGS + section of this manual page). +-.It Fl x +-The +-.Fl x +-option turns on +-.Tn DES +-encryption for all data exchange. +-This may introduce a significant delay in response time. + .El + .Pp + If no +@@ -142,9 +118,6 @@ + .El + .Sh SEE ALSO + .Xr rlogin 1 , +-.Xr kerberos 3 , +-.Xr krb_sendauth 3 , +-.Xr krb_realmofhost 3 + .Sh HISTORY + The + .Nm rsh diff --git a/SOURCES/netkit-rsh-0.16-prompt.patch b/SOURCES/netkit-rsh-0.16-prompt.patch new file mode 100644 index 00000000..8091dcc6 --- /dev/null +++ b/SOURCES/netkit-rsh-0.16-prompt.patch @@ -0,0 +1,37 @@ +--- netkit-rsh-0.16/rexec/rexec.c.prompt Mon Feb 28 16:23:33 2000 ++++ netkit-rsh-0.16/rexec/rexec.c Mon Feb 28 16:49:23 2000 +@@ -164,12 +164,30 @@ + user_name[strlen(user_name)-1] = '\0'; /* Hopefully fgets always adds + a newline. */ + passwd = getpass("Password: "); ++ } else { ++ ++ if ( user_name == NULL ) ++ user_name = getenv("REXEC_USER"); ++ if ( user_name == NULL ) { ++ uid_t uid = getuid(); ++ struct passwd *pw = getpwuid(uid); ++ if (!(pw && pw->pw_name)) { ++ fprintf(stderr, "Can't lookup uid %d\n", uid); ++ exit(1); ++ } ++ user_name = strdup(pw->pw_name); ++ } ++ if ( passwd == NULL ) ++ passwd = getenv("REXEC_PASS"); ++ if ( passwd == NULL ) ++ passwd = getpass("Password: "); + } + +- if ( user_name == NULL ) +- user_name = getenv("REXEC_USER"); +- if ( passwd == NULL ) +- passwd = getenv("REXEC_PASS"); ++ if (!(user_name && passwd)) { ++ fprintf(stderr, "Can't use %s without supplying a user and password\n", ++ progname); ++ exit(1); ++ } + + if ( (sock = rexec(&host, port_exec, user_name, passwd, command, + p_to_aux_sock)) < 0 ) diff --git a/SOURCES/netkit-rsh-0.16-rlogin=rsh.patch b/SOURCES/netkit-rsh-0.16-rlogin=rsh.patch new file mode 100644 index 00000000..1e06491e --- /dev/null +++ b/SOURCES/netkit-rsh-0.16-rlogin=rsh.patch @@ -0,0 +1,10 @@ +--- netkit-rsh-0.16/rlogin/rlogin.c.rsh Fri Mar 3 08:59:37 2000 ++++ netkit-rsh-0.16/rlogin/rlogin.c Fri Mar 3 08:59:45 2000 +@@ -194,6 +194,7 @@ + p = argv[0]; + + if (strcmp(p, "rlogin")) ++ if (strcmp(p, "rsh")) + host = p; + + /* handle "rlogin host flags" */ diff --git a/SOURCES/netkit-rsh-0.17-arg_max.patch b/SOURCES/netkit-rsh-0.17-arg_max.patch new file mode 100644 index 00000000..30a05c46 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-arg_max.patch @@ -0,0 +1,82 @@ +diff -up netkit-rsh-0.17/rexecd/rexecd.c.arg_max netkit-rsh-0.17/rexecd/rexecd.c +--- netkit-rsh-0.17/rexecd/rexecd.c.arg_max 2008-05-09 10:36:44.000000000 +0200 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2008-05-09 10:36:44.000000000 +0200 +@@ -235,7 +235,8 @@ static struct pam_conv PAM_conversation + static void + doit(struct sockaddr_in *fromp) + { +- char cmdbuf[ARG_MAX+1]; ++ char *cmdbuf; ++ long cmdbuflen; + char user[17], pass[17]; + struct passwd *pwd; + int s = -1; +@@ -254,6 +255,18 @@ doit(struct sockaddr_in *fromp) + #endif + #endif /* USE_PAM */ + ++ cmdbuflen = sysconf (_SC_ARG_MAX); ++ if (!(cmdbuflen > 0)) { ++ syslog (LOG_ERR, "sysconf (_SC_ARG_MAX) failed"); ++ fatal ("sysconf (_SC_ARG_MAX) failed\n"); ++ } ++ ++ cmdbuf = malloc (++cmdbuflen); ++ if (cmdbuf == NULL) { ++ syslog (LOG_ERR, "Could not allocate space for cmdbuf"); ++ fatal ("Could not allocate space for cmdbuf\n"); ++ } ++ + signal(SIGINT, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + signal(SIGTERM, SIG_DFL); +@@ -303,7 +316,7 @@ doit(struct sockaddr_in *fromp) + + getstr(user, sizeof(user), "username too long\n"); + getstr(pass, sizeof(pass), "password too long\n"); +- getstr(cmdbuf, sizeof(cmdbuf), "command too long\n"); ++ getstr(cmdbuf, cmdbuflen, "command too long\n"); + #ifdef USE_PAM + #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \ + pam_end(pamh, pam_error); exit(1); \ +diff -up netkit-rsh-0.17/rshd/rshd.c.arg_max netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.arg_max 2008-05-09 10:36:44.000000000 +0200 ++++ netkit-rsh-0.17/rshd/rshd.c 2008-05-09 10:38:51.000000000 +0200 +@@ -402,7 +402,8 @@ static int log_audit(const char *usernam + static void + doit(struct sockaddr_storage *fromp, socklen_t fromlen) + { +- char cmdbuf[ARG_MAX+1]; ++ char *cmdbuf; ++ long cmdbuflen; + const char *theshell, *shellname; + char locuser[16], remuser[16]; + struct passwd *pwd; +@@ -415,6 +416,18 @@ doit(struct sockaddr_storage *fromp, soc + int i; + #endif + ++ cmdbuflen = sysconf (_SC_ARG_MAX); ++ if (!(cmdbuflen > 0)) { ++ syslog (LOG_ERR, "sysconf (_SC_ARG_MAX) failed"); ++ exit (1); ++ } ++ ++ cmdbuf = malloc (++cmdbuflen); ++ if (cmdbuf == NULL) { ++ syslog (LOG_ERR, "Could not allocate space for cmdbuf"); ++ exit (1); ++ } ++ + signal(SIGINT, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + signal(SIGTERM, SIG_DFL); +@@ -460,7 +473,7 @@ doit(struct sockaddr_storage *fromp, soc + + getstr(remuser, sizeof(remuser), "remuser"); + getstr(locuser, sizeof(locuser), "locuser"); +- getstr(cmdbuf, sizeof(cmdbuf), "command"); ++ getstr(cmdbuf, cmdbuflen, "command"); + if (!strcmp(locuser, "root")) paranoid = 1; + + hostname = findhostname((struct sockaddr *)fromp, fromlen, diff --git a/SOURCES/netkit-rsh-0.17-audit.patch b/SOURCES/netkit-rsh-0.17-audit.patch new file mode 100644 index 00000000..67cfa25c --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-audit.patch @@ -0,0 +1,258 @@ +diff -up netkit-rsh-0.17/rshd/Makefile.audit netkit-rsh-0.17/rshd/Makefile +--- netkit-rsh-0.17/rshd/Makefile.audit 2008-03-25 12:33:26.000000000 +0100 ++++ netkit-rsh-0.17/rshd/Makefile 2008-03-25 12:33:26.000000000 +0100 +@@ -9,6 +9,10 @@ ifeq ($(USE_PAM),1) + CFLAGS += -DUSE_PAM + LIBS += -ldl -lpam -lpam_misc + endif ++ifeq ($(USE_AUDIT),1) ++CFLAGS += -DUSE_AUDIT ++LIBS += -ldl -laudit ++endif + + rshd: $(OBJS) + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ +diff -up netkit-rsh-0.17/rshd/rshd.c.audit netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.audit 2008-03-25 12:33:26.000000000 +0100 ++++ netkit-rsh-0.17/rshd/rshd.c 2008-03-25 12:35:37.000000000 +0100 +@@ -90,6 +90,10 @@ char rcsid[] = + static pam_handle_t *pamh; + #endif /* USE_PAM */ + ++#ifdef USE_AUDIT ++#include ++#endif /* USE_AUDIT */ ++ + #define OPTIONS "aDhlLn" + + static int keepalive = 1; +@@ -224,6 +228,14 @@ static void stderr_parent(int sock, int + exit(0); + } + ++#define PAM_SET_ITEM(item,val) \ ++ do { \ ++ retcode = pam_set_item(pamh, (item), (val)); \ ++ if (retcode != PAM_SUCCESS) { \ ++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode)); \ ++ exit (1); \ ++ } \ ++ } while (0) + + static struct passwd *doauth(const char *remuser, + const char *hostname, +@@ -243,9 +255,10 @@ static struct passwd *doauth(const char + syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retcode)); + exit (1); + } +- pam_set_item (pamh, PAM_RUSER, remuser); +- pam_set_item (pamh, PAM_RHOST, hostname); +- pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */ ++ ++ PAM_SET_ITEM(PAM_RUSER, remuser); ++ PAM_SET_ITEM(PAM_RHOST, hostname); ++ PAM_SET_ITEM(PAM_TTY, "rsh"); /* we don't use a tty, so punt */ + + retcode = pam_authenticate(pamh, 0); + if (retcode == PAM_SUCCESS) { +@@ -365,6 +378,27 @@ static const char *findhostname(struct s + return NULL; /* not reachable */ + } + ++static int log_audit(const char *username, int uid, const char *hostname, ++ int success) ++{ ++#ifdef USE_AUDIT ++ int audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno != EINVAL && errno != EPROTONOSUPPORT && ++ errno != EAFNOSUPPORT) ++ return 1; ++ } else { ++ int rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, ++ NULL, "login", username, uid, hostname, NULL, ++ "rsh", success); ++ close(audit_fd); ++ if (rc <= 0) ++ return 1; ++ } ++#endif ++ return 0; ++} ++ + static void + doit(struct sockaddr_storage *fromp, socklen_t fromlen) + { +@@ -435,14 +469,21 @@ doit(struct sockaddr_storage *fromp, soc + setpwent(); + pwd = doauth(remuser, hostname, locuser); + if (pwd == NULL) { ++ if (log_audit(remuser, -1, hostname, 0) > 0) { ++ fail("Error sending audit event.\n", ++ remuser, hostname, locuser, cmdbuf); ++ } + fail("Permission denied.\n", + remuser, hostname, locuser, cmdbuf); + } +- + if (pwd->pw_uid != 0 && !access(_PATH_NOLOGIN, F_OK)) { + error("Logins currently disabled.\n"); + exit(1); + } ++ if (log_audit(NULL, pwd->pw_uid, hostname, 1) > 0) { ++ fail("Error sending audit event.\n", ++ remuser, hostname, locuser, cmdbuf); ++ } + + (void) write(2, "\0", 1); + sent_null = 1; +diff -up netkit-rsh-0.17/rexecd/rexecd.c.audit netkit-rsh-0.17/rexecd/rexecd.c +--- netkit-rsh-0.17/rexecd/rexecd.c.audit 2008-03-25 12:33:26.000000000 +0100 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2008-03-25 12:33:26.000000000 +0100 +@@ -312,9 +312,12 @@ doit(struct sockaddr_in *fromp) + PAM_password = pass; + pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh); + PAM_BAIL; +- pam_set_item (pamh, PAM_RUSER, user); +- pam_set_item (pamh, PAM_RHOST, remote); +- pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */ ++ pam_error = pam_set_item (pamh, PAM_RUSER, user); ++ PAM_BAIL; ++ pam_error = pam_set_item (pamh, PAM_RHOST, remote); ++ PAM_BAIL; ++ pam_error = pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */ ++ PAM_BAIL; + pam_error = pam_authenticate(pamh, 0); + PAM_BAIL; + pam_error = pam_acct_mgmt(pamh, 0); +diff -up netkit-rsh-0.17/rlogind/auth.c.audit netkit-rsh-0.17/rlogind/auth.c +--- netkit-rsh-0.17/rlogind/auth.c.audit 2008-03-25 12:33:26.000000000 +0100 ++++ netkit-rsh-0.17/rlogind/auth.c 2008-03-25 12:33:26.000000000 +0100 +@@ -102,6 +102,16 @@ static int attempt_auth(void) { + return retval; + } + ++#define PAM_SET_ITEM(item,val) \ ++ do { \ ++ retval = pam_set_item(pamh, (item), (val)); \ ++ if (retval != PAM_SUCCESS) { \ ++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval)); \ ++ pam_end(pamh, retval); \ ++ fatal(STDERR_FILENO, "initialization failed", 0); \ ++ } \ ++ } while (0) ++ + /* + * This function must either die, return -1 on authentication failure, + * or return 0 on authentication success. Dying is discouraged. +@@ -117,17 +127,19 @@ int auth_checkauth(const char *remoteuse + retval = pam_start("rlogin", localuser, &conv, &pamh); + if (retval != PAM_SUCCESS) { + syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retval)); ++ pam_end(pamh, retval); + fatal(STDERR_FILENO, "initialization failed", 0); + } + +- pam_set_item(pamh, PAM_USER, localuser); +- pam_set_item(pamh, PAM_RUSER, remoteuser); +- pam_set_item(pamh, PAM_RHOST, host); +- pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */ +- ++ PAM_SET_ITEM(PAM_USER, localuser); ++ PAM_SET_ITEM(PAM_RUSER, remoteuser); ++ PAM_SET_ITEM(PAM_RHOST, host); ++ PAM_SET_ITEM(PAM_TTY, "rlogin"); /* we don't have a tty yet! */ ++ + network_confirm(); + retval = attempt_auth(); + if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) { ++ pam_end(pamh, retval); + syslog(LOG_ERR, "PAM authentication denied for in.rlogind"); + exit(1); + } else if (retval != PAM_SUCCESS) { +diff -up netkit-rsh-0.17/rlogind/rlogind.c.audit netkit-rsh-0.17/rlogind/rlogind.c +--- netkit-rsh-0.17/rlogind/rlogind.c.audit 2008-03-25 12:33:26.000000000 +0100 ++++ netkit-rsh-0.17/rlogind/rlogind.c 2008-03-25 12:33:26.000000000 +0100 +@@ -357,9 +357,9 @@ static void child(const char *hname, con + } + termenv[3] = NULL; + ++ auth_finish(); ++ closeall(); + if (authenticated) { +- auth_finish(); +- closeall(); + execle(_PATH_LOGIN, "login", "-p", + "-h", hname, "-f", localuser, NULL, termenv); + } +@@ -368,8 +368,6 @@ static void child(const char *hname, con + syslog(LOG_AUTH|LOG_INFO, "rlogin with an option as a name!"); + exit(1); + } +- auth_finish(); +- closeall(); + execle(_PATH_LOGIN, "login", "-p", + "-h", hname, localuser, NULL, termenv); + } +diff -up netkit-rsh-0.17/configure.audit netkit-rsh-0.17/configure +--- netkit-rsh-0.17/configure.audit 2000-07-29 20:00:29.000000000 +0200 ++++ netkit-rsh-0.17/configure 2008-03-25 12:33:26.000000000 +0100 +@@ -19,8 +19,9 @@ while [ x$1 != x ]; do case $1 in + Usage: configure [options] + --help Show this message + --with-debug Enable debugging +- --without-pam Disable PAM support ++ --without-pam Disable PAM support + --without-shadow Disable shadow password support ++ --without-audit Disable audit support + --prefix=path Prefix for location of files [/usr] + --exec-prefix=path Location for arch-depedent files [prefix] + --installroot=root Top of filesystem tree to install in [/] +@@ -47,6 +48,7 @@ EOF + --with-c-compiler=*) CC=`echo $1 | sed 's/^[^=]*=//'` ;; + --without-pam|--disable-pam) WITHOUT_PAM=1;; + --without-shadow|--disable-shadow) WITHOUT_SHADOW=1;; ++ --without-audit|--disable-audit) WITHOUT_AUDIT=1;; + *) echo "Unrecognized option: $1"; exit 1;; + esac + shift +@@ -342,6 +344,32 @@ rm -f __conftest* + + ################################################## + ++echo -n 'Checking for AUDIT... ' ++if [ x$WITHOUT_AUDIT != x ]; then ++ echo disabled ++else ++cat <__conftest.c ++#include ++#include ++int main() { ++ audit_log_acct_message(1, AUDIT_USER_LOGIN, NULL, NULL, NULL, 0, NULL, NULL, NULL, 0); ++ return 0; ++} ++ ++EOF ++if ( ++ $CC $CFLAGS __conftest.c -laudit -o __conftest || exit 1 ++ ) >/dev/null 2>&1; then ++ echo 'yes' ++ USE_AUDIT=1 ++ else ++ echo 'no' ++ fi ++fi ++rm -f __conftest* ++ ++################################################## ++ + echo -n 'Checking for crypt... ' + cat <__conftest.c + int main() { crypt("aa", "bb"); } +@@ -593,5 +621,6 @@ echo 'Generating MCONFIG...' + echo "USE_PAM=$USE_PAM" + echo "USE_SHADOW=$USE_SHADOW" + echo "LIBSHADOW=$LIBSHADOW" ++ echo "USE_AUDIT=$USE_AUDIT" + ) > MCONFIG + diff --git a/SOURCES/netkit-rsh-0.17-chdir.patch b/SOURCES/netkit-rsh-0.17-chdir.patch new file mode 100644 index 00000000..c9217ba2 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-chdir.patch @@ -0,0 +1,57 @@ +--- netkit-rsh-0.17/rshd/rshd.c.orig Sun Jul 23 06:16:24 2000 ++++ netkit-rsh-0.17/rshd/rshd.c Tue Dec 11 17:45:10 2001 +@@ -388,15 +388,6 @@ + remuser, hostname, locuser, cmdbuf); + } + +- if (chdir(pwd->pw_dir) < 0) { +- chdir("/"); +- /* +- * error("No remote directory.\n"); +- * exit(1); +- */ +- } +- +- + if (pwd->pw_uid != 0 && !access(_PATH_NOLOGIN, F_OK)) { + error("Logins currently disabled.\n"); + exit(1); +@@ -456,6 +447,14 @@ + exit(1); + } + environ = envinit; ++ ++ if (chdir(pwd->pw_dir) < 0) { ++ chdir("/"); ++ /* ++ * error("No remote directory.\n"); ++ * exit(1); ++ */ ++ } + + strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); + homedir[sizeof(homedir)-1] = 0; +--- netkit-rsh-0.17/rexecd/rexecd.c.orig Sun Jul 23 06:16:22 2000 ++++ netkit-rsh-0.17/rexecd/rexecd.c Tue Dec 11 18:28:36 2001 +@@ -375,10 +375,6 @@ + /* Log successful attempts. */ + syslog(LOG_INFO, "login from %.128s as %s", remote, user); + +- if (chdir(pwd->pw_dir) < 0) { +- fatal("No remote directory.\n"); +- } +- + write(2, "\0", 1); + if (port) { + /* If we have a port, dup STDERR on that port KRH */ +@@ -408,6 +404,10 @@ + if (setuid(pwd->pw_uid)) { + perror("setuid"); + exit(1); ++ } ++ ++ if (chdir(pwd->pw_dir) < 0) { ++ fatal("No remote directory.\n"); + } + + strcat(path, _PATH_DEFPATH); diff --git a/SOURCES/netkit-rsh-0.17-checkdir.patch b/SOURCES/netkit-rsh-0.17-checkdir.patch new file mode 100644 index 00000000..3437ee6f --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-checkdir.patch @@ -0,0 +1,22 @@ +--- netkit-rsh-0.17/rcp/rcp.c.checkdir 2005-01-28 16:20:38.280031064 +0100 ++++ netkit-rsh-0.17/rcp/rcp.c 2005-01-28 16:25:56.479657368 +0100 +@@ -716,6 +716,10 @@ + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); ++ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ error("rcp: unexpected filename: %s", cp); ++ exit(1); ++ } + if (targisdir) { + static char *namebuf; + static int cursize; +@@ -734,6 +738,8 @@ + np = targ; + exists = stat(np, &stb) == 0; + if (buf[0] == 'D') { ++ if (!iamrecursive) ++ SCREWUP("received directory without -r"); + if (exists) { + if ((stb.st_mode&S_IFMT) != S_IFDIR) { + errno = ENOTDIR; diff --git a/SOURCES/netkit-rsh-0.17-dns.patch b/SOURCES/netkit-rsh-0.17-dns.patch new file mode 100644 index 00000000..7e3fa39c --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-dns.patch @@ -0,0 +1,60 @@ +diff -up netkit-rsh-0.17/rshd/rshd.c.dns netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.dns 2007-09-27 11:05:26.000000000 +0200 ++++ netkit-rsh-0.17/rshd/rshd.c 2007-09-27 11:16:54.000000000 +0200 +@@ -294,6 +294,7 @@ static const char *findhostname(struct s + char remote_hostname[NI_MAXHOST]; + struct addrinfo hints; + struct addrinfo *res0, *res; ++ int err; + + if (! inet_ntop(fromp->sa_family, + (( fromp->sa_family == AF_INET6 ) +@@ -305,12 +306,16 @@ static const char *findhostname(struct s + exit(1); + } + +- if (getnameinfo(fromp, fromlen, remote_hostname, NI_MAXHOST, +- NULL, 0, 0)) { +- syslog(LOG_NOTICE|LOG_AUTH, +- "Failed to retrieve the hostname information for %s", +- remote_address); +- exit(1); ++ err = getnameinfo(fromp, fromlen, remote_hostname, NI_MAXHOST, ++ NULL, 0, 0); ++ if (err && (err == EAI_AGAIN) && !check_all) ++ err = getnameinfo (fromp, fromlen, remote_hostname, NI_MAXHOST, ++ NULL, 0, NI_NUMERICHOST); ++ if (err) { ++ syslog(LOG_NOTICE|LOG_AUTH, ++ "Failed to retrieve the hostname information for %s", ++ remote_address); ++ exit(1); + } + + errno = ENOMEM; /* malloc (thus strdup) may not set it */ +@@ -586,6 +591,11 @@ static void network_init(int fd, + error = getnameinfo((struct sockaddr *)fromp, *fromlenp, + hostname, sizeof(hostname), portname, sizeof(portname), + NI_NUMERICSERV); ++ if (error && (error == EAI_AGAIN) && !check_all) ++ error = getnameinfo ((struct sockaddr *)fromp, *fromlenp, ++ hostname, sizeof(hostname), portname, ++ sizeof(portname), ++ NI_NUMERICSERV|NI_NUMERICHOST); + if (error) { + syslog(LOG_NOTICE|LOG_AUTH, + "Failed to retrieve address and port of the connection: %s", +diff -up netkit-rsh-0.17/rlogind/network.c.dns netkit-rsh-0.17/rlogind/network.c +--- netkit-rsh-0.17/rlogind/network.c.dns 2007-09-27 11:17:07.000000000 +0200 ++++ netkit-rsh-0.17/rlogind/network.c 2007-09-27 11:20:29.000000000 +0200 +@@ -127,6 +127,10 @@ find_hostname(struct sockaddr *fromp, so + error = getnameinfo(fromp, fromlen, + hname_buf, sizeof(hname_buf), portname, NI_MAXSERV, + NI_NUMERICSERV); ++ if ((error == EAI_AGAIN) && !check_all) ++ error = getnameinfo(fromp, fromlen, ++ hname_buf, sizeof(hname_buf), portname, NI_MAXSERV, ++ NI_NUMERICSERV|NI_NUMERICHOST); + assert(error == 0); + + if (check_all || local_domain(hname_buf)) { diff --git a/SOURCES/netkit-rsh-0.17-errno.patch b/SOURCES/netkit-rsh-0.17-errno.patch new file mode 100644 index 00000000..92d024ed --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-errno.patch @@ -0,0 +1,51 @@ +--- netkit-rsh-0.17/rcp/rcp.c.errno 2004-11-17 13:49:13.247815440 +0100 ++++ netkit-rsh-0.17/rcp/rcp.c 2004-11-17 13:52:56.638854840 +0100 +@@ -613,6 +613,7 @@ + struct stat stb; + struct timeval tv[2]; + enum { YES, NO, DISPLAYED } wrerr; ++ int werrno = 0; + BUF *bp; + off_t i, j, size; + char ch, *targ; +@@ -766,6 +767,7 @@ + cp = bp->buf; + count = 0; + wrerr = NO; ++ werrno = 0; + for (i = 0; i < size; i += BUFSIZ) { + amt = BUFSIZ; + if (i + amt > size) +@@ -784,16 +786,20 @@ + } while (amt > 0); + if (count == bp->cnt) { + if (wrerr == NO && +- write(ofd, bp->buf, count) != count) ++ write(ofd, bp->buf, count) != count) { + wrerr = YES; ++ werrno = errno; ++ } + count = 0; + cp = bp->buf; + } + } + if (count != 0 && wrerr == NO && +- write(ofd, bp->buf, count) != count) ++ write(ofd, bp->buf, count) != count) { + wrerr = YES; +- if (ftruncate(ofd, size)) { ++ werrno = errno; ++ } ++ if (wrerr == NO && ftruncate(ofd, size)) { + error("rcp: can't truncate %s: %s\n", np, + strerror(errno)); + wrerr = DISPLAYED; +@@ -810,7 +816,7 @@ + } + switch(wrerr) { + case YES: +- error("rcp: %s: %s\n", np, strerror(errno)); ++ error("rcp: %s: %s\n", np, strerror(werrno)); + break; + case NO: + (void)write(rem, "", 1); diff --git a/SOURCES/netkit-rsh-0.17-ignchld.patch b/SOURCES/netkit-rsh-0.17-ignchld.patch new file mode 100644 index 00000000..abb5459f --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-ignchld.patch @@ -0,0 +1,22 @@ +--- netkit-rsh-0.17/rlogind/rlogind.c.ignchld 2004-12-06 13:31:23.263630216 +0100 ++++ netkit-rsh-0.17/rlogind/rlogind.c 2004-12-06 13:31:43.382571672 +0100 +@@ -440,7 +440,7 @@ + ioctl(master, TIOCPKT, &on); + signal(SIGCHLD, cleanup); + protocol(netfd, master); +- signal(SIGCHLD, SIG_IGN); ++ signal(SIGCHLD, SIG_DFL); + cleanup(0); + } + +--- netkit-rsh-0.17/rlogin/rlogin.c.ignchld 2004-12-06 13:30:37.110646536 +0100 ++++ netkit-rsh-0.17/rlogin/rlogin.c 2004-12-06 13:31:00.224132752 +0100 +@@ -523,7 +523,7 @@ + stop(char cmdc) + { + mode(0); +- signal(SIGCHLD, SIG_IGN); ++ signal(SIGCHLD, SIG_DFL); + kill(cmdc == defsusp ? 0 : getpid(), SIGTSTP); + signal(SIGCHLD, catch_child); + mode(1); diff --git a/SOURCES/netkit-rsh-0.17-ipv6-rexec.patch b/SOURCES/netkit-rsh-0.17-ipv6-rexec.patch new file mode 100644 index 00000000..8b61f0cc --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-ipv6-rexec.patch @@ -0,0 +1,148 @@ +diff -up netkit-rsh-0.17/rexecd/rexecd.c.ipv6-rexec netkit-rsh-0.17/rexecd/rexecd.c +--- netkit-rsh-0.17/rexecd/rexecd.c.ipv6-rexec 2013-07-15 17:31:07.678365071 +0200 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2013-07-15 17:32:17.010346615 +0200 +@@ -114,7 +114,7 @@ int deny_severity = LOG_WARNING; + */ + + static void fatal(const char *); +-static void doit(struct sockaddr_in *fromp); ++static void doit(struct sockaddr_storage *fromp); + static void getstr(char *buf, int cnt, const char *err); + + static const char *remote = NULL; +@@ -122,7 +122,7 @@ static const char *remote = NULL; + int + main(int argc, char **argv) + { +- struct sockaddr_in from; ++ struct sockaddr_storage from; + socklen_t fromlen; + + (void)argc; +@@ -136,6 +136,29 @@ main(int argc, char **argv) + + openlog(argv[0], LOG_PID, LOG_DAEMON); + ++ /* handle situation when connected peer *doesn't have* native IPv6 address but systemd/xinetd ++ * is listening on AF_INET6 socket on our behalf and fds we are given corresponds to AF_INET6 socket ++ */ ++ if (from.ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) &from)->sin6_addr)) { ++ struct addrinfo *res, hints = {}; ++ char client_addr[INET6_ADDRSTRLEN] = {}; ++ char client_port[6] = {}; ++ ++ inet_ntop(AF_INET6, &((struct sockaddr_in6 *) &from)->sin6_addr, ++ client_addr, sizeof(client_addr)); ++ ++ sprintf(client_port, "%d", ntohs(((struct sockaddr_in6 *) &from)->sin6_port)); ++ ++ hints.ai_family = AF_INET; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV; ++ ++ getaddrinfo(client_addr, client_port, &hints, &res); ++ ++ memcpy(&from, res->ai_addr, sizeof(struct sockaddr_in)); ++ freeaddrinfo(res); ++ } ++ + #ifdef TCP_WRAPPER + /* Find out and report the remote host name. */ + /* I don't think this works. -- dholland */ +@@ -146,19 +169,42 @@ main(int argc, char **argv) + if (argc > 1 && argv[1] && strcmp(argv[1], "-D")==0) + { + /* use IP in logs -- this is workaround */ +- remote = strdup(inet_ntoa(from.sin_addr)); ++ char remote_addr[INET6_ADDRSTRLEN] = {}; ++ ++ if (from.ss_family == AF_INET) ++ remote = inet_ntop(AF_INET, &from, remote_addr, INET_ADDRSTRLEN); ++ else ++ remote = inet_ntop(AF_INET6, &from, remote_addr, INET6_ADDRSTRLEN); ++ ++ if (remote) { ++ remote = strdup(remote); ++ if (!remote) { ++ fprintf(stderr, "rexecd: strdup: %s\n", strerror(errno)); ++ return 1; ++ } ++ } else { ++ fprintf(stderr, "rexecd: inet_ntop: %s\n", strerror(errno)); ++ return 1; ++ } + } + else + { +- struct hostent *h = gethostbyaddr((const char *)&from.sin_addr, +- sizeof(struct in_addr), +- AF_INET); +- if (!h || !h->h_name) { +- write(0, "\1Where are you?\n", 16); ++ int r; ++ char remote_hostname[NI_MAXHOST] = {}; ++ ++ r = getnameinfo((struct sockaddr *) &from, sizeof(struct sockaddr_storage), remote_hostname, NI_MAXHOST, NULL, NULL, 0); ++ ++ if (r) { ++ fprintf(stderr, "rexecd: getnameinfo: %s\n", gai_strerror(r)); ++ return 1; ++ } ++ ++ remote = strdup(remote_hostname); ++ if (!remote) { ++ fprintf(stderr, "rexecd: strdup: %s\n", strerror(errno)); + return 1; + } +- /* Be advised that this may be utter nonsense. */ +- remote = strdup(h->h_name); ++ + } + #endif + syslog(allow_severity, "connect from %.128s", remote); +@@ -233,7 +279,7 @@ static struct pam_conv PAM_conversation + + + static void +-doit(struct sockaddr_in *fromp) ++doit(struct sockaddr_storage *fromp) + { + char *cmdbuf; + long cmdbuflen; +@@ -298,7 +344,7 @@ doit(struct sockaddr_in *fromp) + We must connect back to the client here if a port was provided. KRH + */ + if (port != 0) { +- s = socket(AF_INET, SOCK_STREAM, 0); ++ s = socket(fromp->ss_family, SOCK_STREAM, 0); + if (s < 0) + exit(1); + +@@ -308,7 +354,12 @@ doit(struct sockaddr_in *fromp) + exit(1); + #endif + alarm(60); +- fromp->sin_port = htons(port); ++ ++ if (fromp->ss_family == AF_INET) ++ ((struct sockaddr_in *) fromp)->sin_port = htons(port); ++ else ++ ((struct sockaddr_in6 *) fromp)->sin6_port = htons(port); ++ + if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) + exit(1); + alarm(0); +diff -up netkit-rsh-0.17/rexec/rexec.c.ipv6-rexec netkit-rsh-0.17/rexec/rexec.c +--- netkit-rsh-0.17/rexec/rexec.c.ipv6-rexec 2013-07-15 17:31:07.686365068 +0200 ++++ netkit-rsh-0.17/rexec/rexec.c 2013-07-15 17:31:07.698365065 +0200 +@@ -194,8 +194,8 @@ int main(int argc, char *argv[]) + exit(1); + } + +- if ( (sock = rexec(&host, port_exec, user_name, passwd, command, +- p_to_aux_sock)) < 0 ) ++ if ( (sock = rexec_af(&host, port_exec, user_name, passwd, command, ++ p_to_aux_sock, AF_UNSPEC)) < 0 ) + { + fprintf(stderr,"%s: Error in rexec system call,\n",argv[0]); + fprintf(stderr,"%s: (The following system error may itself be in error)\n",argv[0]); diff --git a/SOURCES/netkit-rsh-0.17-ipv6.patch b/SOURCES/netkit-rsh-0.17-ipv6.patch new file mode 100644 index 00000000..c9fddb02 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-ipv6.patch @@ -0,0 +1,451 @@ +diff -up netkit-rsh-0.17/rcp/rcp.c.ipv6 netkit-rsh-0.17/rcp/rcp.c +--- netkit-rsh-0.17/rcp/rcp.c.ipv6 2008-10-03 12:44:22.000000000 +0200 ++++ netkit-rsh-0.17/rcp/rcp.c 2008-10-03 12:44:22.000000000 +0200 +@@ -262,9 +262,9 @@ toremote(const char *targ, int argc, cha + nospace(); + (void)snprintf(bp, len, "%s -t %s", cmd, targ); + host = thost; +- rem = rcmd(&host, port, pwd->pw_name, ++ rem = rcmd_af(&host, port, pwd->pw_name, + tuser ? tuser : pwd->pw_name, +- bp, 0); ++ bp, 0, AF_UNSPEC); + if (rem < 0) + exit(1); + #ifdef IP_TOS +@@ -325,7 +325,8 @@ tolocal(int argc, char *argv[]) + if (!(bp = malloc(len))) + nospace(); + (void)snprintf(bp, len, "%s -f %s", cmd, src); +- rem = rcmd(&host, port, pwd->pw_name, suser, bp, 0); ++ rem = rcmd_af(&host, port, pwd->pw_name, suser, bp, 0, ++ AF_UNSPEC); + (void)free(bp); + if (rem < 0) { + ++errs; +diff -up netkit-rsh-0.17/rlogind/network.c.ipv6 netkit-rsh-0.17/rlogind/network.c +--- netkit-rsh-0.17/rlogind/network.c.ipv6 1999-12-12 16:15:40.000000000 +0100 ++++ netkit-rsh-0.17/rlogind/network.c 2008-10-03 12:44:22.000000000 +0200 +@@ -88,47 +88,78 @@ local_domain(const char *h) + return(0); + } + ++static int ++soaddr_eq_ip(const struct sockaddr *s1, const struct sockaddr *s2) ++{ ++ if (s1->sa_family != s2->sa_family) ++ return 0; ++ if (s2->sa_family == AF_INET6) ++ return (memcmp( ++ (const void*)( ++ &((const struct sockaddr_in6 *)s1)->sin6_addr ++ ), ++ (const void*)( ++ &((const struct sockaddr_in6 *)s2)->sin6_addr ++ ), ++ sizeof(struct in6_addr)) ++ == 0); ++ else ++ return (memcmp( ++ (const void*)( ++ &((const struct sockaddr_in *)s1)->sin_addr ++ ), ++ (const void*)( ++ &((const struct sockaddr_in *)s2)->sin_addr ++ ), ++ sizeof(struct in_addr)) ++ == 0); ++} + + static char * +-find_hostname(const struct sockaddr_in *fromp, int *hostokp) ++find_hostname(struct sockaddr *fromp, socklen_t fromlen, ++ char *portname, int *hostokp) + { +- struct hostent *hop; ++ int error; + char *hname; ++ char hname_buf[NI_MAXHOST]; + int hostok = 0; + +- hop = gethostbyaddr((const char *)&fromp->sin_addr, +- sizeof(struct in_addr), fromp->sin_family); +- if (hop == NULL) { +- hname = strdup(inet_ntoa(fromp->sin_addr)); +- hostok = 1; +- } +- else if (check_all || local_domain(hop->h_name)) { ++ error = getnameinfo(fromp, fromlen, ++ hname_buf, sizeof(hname_buf), portname, NI_MAXSERV, ++ NI_NUMERICSERV); ++ assert(error == 0); ++ ++ if (check_all || local_domain(hname_buf)) { + /* +- * If name returned by gethostbyaddr is in our domain, ++ * If name returned is in our domain, + * attempt to verify that we haven't been fooled by someone + * in a remote net; look up the name and check that this + * address corresponds to the name. + */ +- hname = strdup(hop->h_name); +- hop = gethostbyname(hname); +- if (hop) { +- for (; hop->h_addr_list[0]; hop->h_addr_list++) { +- if (!memcmp(hop->h_addr_list[0], &fromp->sin_addr, +- sizeof(fromp->sin_addr))) { ++ struct addrinfo hints; ++ struct addrinfo *res0, *res; ++ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = PF_UNSPEC; ++ error = getaddrinfo(hname_buf, NULL, &hints, &res); ++ assert(error == 0); ++ ++ res0 = res; ++ while (res) { ++ if (soaddr_eq_ip(fromp, res->ai_addr)) { + hostok = 1; + break; + } +- } +- /* not clear if this is worthwhile */ +- free(hname); +- hname = strdup(hop->h_name); ++ res = res->ai_next; + } ++ freeaddrinfo(res0); + } + else { +- hname = strdup(hop->h_name); + hostok = 1; + } + ++ hname = strdup(hname_buf); ++ + /* + * Actually it might be null if we're out of memory, but + * where do we go then? We'd have to bail anyhow. +@@ -145,14 +176,14 @@ find_hostname(const struct sockaddr_in * + char * + network_init(int f, int *hostokp) + { +- struct sockaddr_in from, *fromp; ++ struct sockaddr_storage from, *fromp; + socklen_t fromlen; + int on = 1; + char c; + char *hname; ++ char portname[NI_MAXSERV]; + int port; + +- from.sin_family = AF_INET; + fromlen = sizeof (from); + if (getpeername(f, (struct sockaddr *)&from, &fromlen) < 0) { + syslog(LOG_ERR,"Can't get peer name of remote host: %m"); +@@ -177,13 +208,19 @@ network_init(int f, int *hostokp) + + alarm(0); + +- hname = find_hostname(fromp, hostokp); ++ hname = find_hostname((struct sockaddr *)fromp, fromlen, ++ portname, hostokp); ++ assert(hname != NULL); + +- port = ntohs(fromp->sin_port); +- if (fromp->sin_family != AF_INET || ++ port = atoi(portname); ++ if (! port) { ++ syslog(LOG_NOTICE, "Unknown port %s", portname); ++ fatal(f, "Permission denied", 0); ++ } ++ if ((fromp->ss_family != AF_INET && fromp->ss_family != AF_INET6) || + port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { + syslog(LOG_NOTICE, "Connection from %s on illegal port", +- inet_ntoa(fromp->sin_addr)); ++ portname); + fatal(f, "Permission denied", 0); + } + +diff -up netkit-rsh-0.17/rlogin/rlogin.c.ipv6 netkit-rsh-0.17/rlogin/rlogin.c +--- netkit-rsh-0.17/rlogin/rlogin.c.ipv6 2008-10-03 12:44:22.000000000 +0200 ++++ netkit-rsh-0.17/rlogin/rlogin.c 2008-10-03 12:44:22.000000000 +0200 +@@ -280,7 +280,7 @@ main(int argc, char **argv) + /* will use SIGUSR1 for window size hack, so hold it off */ + omask = sigblock(sigmask(SIGURG) | sigmask(SIGUSR1)); + +- rem = rcmd(&host, sp->s_port, pw->pw_name, user, term, 0); ++ rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, term, 0, AF_UNSPEC); + + if (rem < 0) exit(1); + +diff -up netkit-rsh-0.17/rshd/rshd.c.ipv6 netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.ipv6 2008-10-03 12:44:22.000000000 +0200 ++++ netkit-rsh-0.17/rshd/rshd.c 2008-10-03 12:53:08.000000000 +0200 +@@ -109,7 +109,7 @@ char *envinit[] = + extern char **environ; + + static void error(const char *fmt, ...); +-static void doit(struct sockaddr_in *fromp); ++static void doit(struct sockaddr_storage *fromp, socklen_t fromlen); + static void getstr(char *buf, int cnt, const char *err); + + extern int _check_rhosts_file; +@@ -284,19 +284,37 @@ static struct passwd *doauth(const char + #endif + } + +-static const char *findhostname(struct sockaddr_in *fromp, ++static const char *findhostname(struct sockaddr *fromp, ++ socklen_t fromlen, + const char *remuser, const char *locuser, + const char *cmdbuf) + { +- struct hostent *hp; + const char *hostname; ++ char remote_address[INET6_ADDRSTRLEN]; ++ char remote_hostname[NI_MAXHOST]; ++ struct addrinfo hints; ++ struct addrinfo *res0, *res; ++ ++ if (! inet_ntop(fromp->sa_family, ++ (( fromp->sa_family == AF_INET6 ) ++ ? ( &((struct sockaddr_in6 *)fromp)->sin6_addr ) ++ : ( &((struct sockaddr_in *)fromp)->sin_addr )), ++ remote_address, sizeof(remote_address))) { ++ syslog(LOG_NOTICE|LOG_AUTH, ++ "Failed to retrieve the socket remote address"); ++ exit(1); ++ } + +- hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr), +- fromp->sin_family); ++ if (getnameinfo(fromp, fromlen, remote_hostname, NI_MAXHOST, ++ NULL, 0, 0)) { ++ syslog(LOG_NOTICE|LOG_AUTH, ++ "Failed to retrieve the hostname information for %s", ++ remote_address); ++ exit(1); ++ } + + errno = ENOMEM; /* malloc (thus strdup) may not set it */ +- if (hp) hostname = strdup(hp->h_name); +- else hostname = strdup(inet_ntoa(fromp->sin_addr)); ++ hostname = strdup(remote_hostname); + + if (hostname==NULL) { + /* out of memory? */ +@@ -307,31 +325,43 @@ static const char *findhostname(struct s + /* + * Attempt to confirm the DNS. + */ +-#ifdef RES_DNSRCH +- _res.options &= ~RES_DNSRCH; +-#endif +- hp = gethostbyname(hostname); +- if (hp == NULL) { +- syslog(LOG_INFO, "Couldn't look up address for %s", hostname); ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = PF_UNSPEC; ++ if (getaddrinfo(hostname, NULL, &hints, &res)) { ++ syslog(LOG_INFO, "Couldn't look up address for %s/%s", ++ hostname, remote_address); + fail("Couldn't get address for your host (%s)\n", +- remuser, inet_ntoa(fromp->sin_addr), locuser, cmdbuf); +- } +- while (hp->h_addr_list[0] != NULL) { +- if (!memcmp(hp->h_addr_list[0], &fromp->sin_addr, +- sizeof(fromp->sin_addr))) { +- return hostname; ++ remuser, hostname, locuser, cmdbuf); ++ } ++ ++ res0 = res; ++ while (res) { ++ struct sockaddr *sa; ++ char res_address[INET6_ADDRSTRLEN]; ++ sa = res->ai_addr; ++ ++ if (inet_ntop(sa->sa_family, ++ (( sa->sa_family == AF_INET6 ) ++ ? ( &((struct sockaddr_in6 *)sa)->sin6_addr ) ++ : ( &((struct sockaddr_in *)sa)->sin_addr )), ++ res_address, sizeof(res_address)) ++ && strcmp(remote_address, res_address) == 0) { ++ freeaddrinfo(res0); ++ return hostname; + } +- hp->h_addr_list++; ++ res = res->ai_next; + } ++ freeaddrinfo(res0); ++ + syslog(LOG_NOTICE, "Host addr %s not listed for host %s", +- inet_ntoa(fromp->sin_addr), hp->h_name); ++ remote_address, hostname); + fail("Host address mismatch for %s\n", +- remuser, inet_ntoa(fromp->sin_addr), locuser, cmdbuf); ++ remuser, hostname, locuser, cmdbuf); + return NULL; /* not reachable */ + } + + static void +-doit(struct sockaddr_in *fromp) ++doit(struct sockaddr_storage *fromp, socklen_t fromlen) + { + char cmdbuf[ARG_MAX+1]; + const char *theshell, *shellname; +@@ -351,8 +381,12 @@ doit(struct sockaddr_in *fromp) + alarm(0); + + if (port != 0) { ++ struct sockaddr_storage second_connect; + int lport = IPPORT_RESERVED - 1; +- sock = rresvport(&lport); ++ ++ memcpy((void *)&second_connect, (void *)fromp, fromlen); ++ sock = rresvport_af(&lport, ++ ((struct sockaddr *)&second_connect)->sa_family); + if (sock < 0) { + syslog(LOG_ERR, "can't get stderr port: %m"); + exit(1); +@@ -361,10 +395,15 @@ doit(struct sockaddr_in *fromp) + syslog(LOG_ERR, "2nd port not reserved\n"); + exit(1); + } +- fromp->sin_port = htons(port); +- if (connect(sock, (struct sockaddr *)fromp, +- sizeof(*fromp)) < 0) { +- syslog(LOG_INFO, "connect second port: %m"); ++ if (((struct sockaddr *)&second_connect)->sa_family == AF_INET6) ++ ((struct sockaddr_in6 *)&second_connect)->sin6_port ++ = htons(port); ++ else ++ ((struct sockaddr_in *)&second_connect)->sin_port ++ = htons(port); ++ if (connect(sock, (struct sockaddr *)&second_connect, ++ fromlen) < 0) { ++ syslog(LOG_INFO, "connect second port %d: %m", port); + exit(1); + } + } +@@ -381,7 +420,8 @@ doit(struct sockaddr_in *fromp) + getstr(cmdbuf, sizeof(cmdbuf), "command"); + if (!strcmp(locuser, "root")) paranoid = 1; + +- hostname = findhostname(fromp, remuser, locuser, cmdbuf); ++ hostname = findhostname((struct sockaddr *)fromp, fromlen, ++ remuser, locuser, cmdbuf); + + setpwent(); + pwd = doauth(remuser, hostname, locuser); +@@ -496,15 +536,19 @@ doit(struct sockaddr_in *fromp) + exit(1); + } + +-static void network_init(int fd, struct sockaddr_in *fromp) ++static void network_init(int fd, ++ struct sockaddr_storage *fromp, socklen_t *fromlenp) + { + struct linger linger; +- socklen_t fromlen; ++ char hostname[NI_MAXHOST]; ++ char portname[NI_MAXSERV]; ++ sa_family_t family; ++ ++ int error; + int on=1; + int port; + +- fromlen = sizeof(*fromp); +- if (getpeername(fd, (struct sockaddr *) fromp, &fromlen) < 0) { ++ if (getpeername(fd, (struct sockaddr *)fromp, fromlenp) < 0) { + syslog(LOG_ERR, "getpeername: %m"); + _exit(1); + } +@@ -518,9 +562,20 @@ static void network_init(int fd, struct + sizeof (linger)) < 0) + syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); + +- if (fromp->sin_family != AF_INET) { ++ family = ((struct sockaddr *)fromp)->sa_family; ++ if (family != AF_INET && family != AF_INET6) { + syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", +- fromp->sin_family); ++ family); ++ exit(1); ++ } ++ ++ error = getnameinfo((struct sockaddr *)fromp, *fromlenp, ++ hostname, sizeof(hostname), portname, sizeof(portname), ++ NI_NUMERICSERV); ++ if (error) { ++ syslog(LOG_NOTICE|LOG_AUTH, ++ "Failed to retrieve address and port of the connection: %s", ++ gai_strerror(error)); + exit(1); + } + #ifdef IP_OPTIONS +@@ -550,7 +605,7 @@ static void network_init(int fd, struct + syslog(LOG_NOTICE, + "Connection received from %s using IP options" + " (ignored): %s", +- inet_ntoa(fromp->sin_addr), lbuf); ++ hostname, lbuf); + + if (setsockopt(0, ipproto, IP_OPTIONS, NULL, optsize) != 0) { + syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m"); +@@ -563,10 +618,15 @@ static void network_init(int fd, struct + /* + * Check originating port for validity. + */ +- port = ntohs(fromp->sin_port); ++ port = atoi(portname); ++ if (! port) { ++ syslog(LOG_NOTICE|LOG_AUTH, "Unknown port %s", portname); ++ exit(1); ++ } + if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { +- syslog(LOG_NOTICE|LOG_AUTH, "Connection from %s on illegal port", +- inet_ntoa(fromp->sin_addr)); ++ syslog(LOG_NOTICE|LOG_AUTH, ++ "Connection from %s from illegal port %s", ++ hostname, portname); + exit(1); + } + } +@@ -575,7 +635,8 @@ int + main(int argc, char *argv[]) + { + int ch; +- struct sockaddr_in from; ++ struct sockaddr_storage from; ++ socklen_t fromlen; + _check_rhosts_file=1; + + openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); +@@ -618,8 +679,9 @@ main(int argc, char *argv[]) + "pam_rhosts_auth in /etc/pam.conf"); + #endif /* USE_PAM */ + +- network_init(0, &from); +- doit(&from); ++ fromlen = sizeof(from); ++ network_init(0, &from, &fromlen); ++ doit(&from, fromlen); + return 0; + } + +diff -up netkit-rsh-0.17/rsh/rsh.c.ipv6 netkit-rsh-0.17/rsh/rsh.c +--- netkit-rsh-0.17/rsh/rsh.c.ipv6 2000-07-23 06:16:24.000000000 +0200 ++++ netkit-rsh-0.17/rsh/rsh.c 2008-10-03 12:44:22.000000000 +0200 +@@ -163,7 +163,8 @@ main(int argc, char *argv[]) + exit(1); + } + +- rem = rcmd(&host, sp->s_port, pw->pw_name, user, args, &rfd2); ++ rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args, &rfd2, ++ AF_UNSPEC); + + if (rem < 0) + exit(1); diff --git a/SOURCES/netkit-rsh-0.17-lfs.patch b/SOURCES/netkit-rsh-0.17-lfs.patch new file mode 100644 index 00000000..75d016b1 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-lfs.patch @@ -0,0 +1,25 @@ +--- netkit-rsh-0.17/rcp/rcp.c.bigfile 2003-01-17 16:06:44.000000000 +0200 ++++ netkit-rsh-0.17/rcp/rcp.c 2003-01-17 16:08:48.000000000 +0200 +@@ -482,7 +482,7 @@ + } + } + (void)snprintf(buf, sizeof(buf), +- "C%04o %ld %s\n", stb.st_mode&07777, stb.st_size, last); ++ "C%04o %lld %s\n", stb.st_mode&07777, (long long)(stb.st_size), last); + (void)write(rem, buf, (int)strlen(buf)); + if (response() < 0) { + (void)close(f); +@@ -614,11 +614,11 @@ + struct timeval tv[2]; + enum { YES, NO, DISPLAYED } wrerr; + BUF *bp; +- off_t i, j; ++ off_t i, j, size; + char ch, *targ; + const char *why; + int amt, count, exists, first, mask, mode; +- int ofd, setimes, size, targisdir; ++ int ofd, setimes, targisdir; + char *np, *vect[1], buf[BUFSIZ]; + + #define atime tv[0] diff --git a/SOURCES/netkit-rsh-0.17-longname.patch b/SOURCES/netkit-rsh-0.17-longname.patch new file mode 100644 index 00000000..0360be90 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-longname.patch @@ -0,0 +1,25 @@ +diff -up netkit-rsh-0.17/rexecd/rexecd.c.longname netkit-rsh-0.17/rexecd/rexecd.c +--- netkit-rsh-0.17/rexecd/rexecd.c.longname 2008-03-27 16:12:22.000000000 +0100 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2008-03-27 16:41:46.000000000 +0100 +@@ -236,7 +236,7 @@ static void + doit(struct sockaddr_in *fromp) + { + char cmdbuf[ARG_MAX+1]; +- char user[16], pass[16]; ++ char user[17], pass[17]; + struct passwd *pwd; + int s = -1; + u_short port; +@@ -468,10 +468,10 @@ getstr(char *buf, int cnt, const char *e + do { + if (read(0, &c, 1) != 1) + exit(1); +- *buf++ = c; +- if (--cnt <= 0) { ++ if (--cnt < 0) { + fatal(err); + } ++ *buf++ = c; + } while (c != 0); + } + diff --git a/SOURCES/netkit-rsh-0.17-nohost.patch b/SOURCES/netkit-rsh-0.17-nohost.patch new file mode 100644 index 00000000..7304adb2 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-nohost.patch @@ -0,0 +1,63 @@ +--- netkit-rsh-0.17/rexecd/rexecd.8.nohost 2004-12-03 15:20:17.436174216 +0100 ++++ netkit-rsh-0.17/rexecd/rexecd.8 2004-12-03 15:39:39.972441840 +0100 +@@ -40,6 +40,16 @@ + .Nd remote execution server + .Sh SYNOPSIS + .Nm rexecd ++[ ++\fB\-D\fP ++] ++.Sh OPTIONS ++.Nm Rexec ++accepts one option: ++.Pp ++.Bl -tag -width Ds ++.It Sy -D ++Disable reverse DNS look up and in the log will be used client IP addresses. + .Sh DESCRIPTION + .Nm Rexecd + is the server for the +--- netkit-rsh-0.17/rexecd/rexecd.c.nohost 2004-12-03 15:09:37.163510456 +0100 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2004-12-03 15:20:04.832090328 +0100 +@@ -82,7 +82,9 @@ + #include + #include + #include +- ++#include ++ ++ + #ifdef USE_SHADOW + #include + #endif +@@ -141,16 +143,22 @@ + refuse(&from_host); + remote = hosts_info(&from_host); + #else ++ if (argc > 1 && argv[1] && strcmp(argv[1], "-D")==0) + { +- struct hostent *h = gethostbyaddr((const char *)&from.sin_addr, +- sizeof(struct in_addr), +- AF_INET); +- if (!h || !h->h_name) { +- write(0, "\1Where are you?\n", 16); +- return 1; ++ /* use IP in logs -- this is workaround */ ++ remote = strdup(inet_ntoa(from.sin_addr)); + } +- /* Be advised that this may be utter nonsense. */ +- remote = strdup(h->h_name); ++ else ++ { ++ struct hostent *h = gethostbyaddr((const char *)&from.sin_addr, ++ sizeof(struct in_addr), ++ AF_INET); ++ if (!h || !h->h_name) { ++ write(0, "\1Where are you?\n", 16); ++ return 1; ++ } ++ /* Be advised that this may be utter nonsense. */ ++ remote = strdup(h->h_name); + } + #endif + syslog(allow_severity, "connect from %.128s", remote); diff --git a/SOURCES/netkit-rsh-0.17-nohostcheck-compat.patch b/SOURCES/netkit-rsh-0.17-nohostcheck-compat.patch new file mode 100644 index 00000000..200a1402 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-nohostcheck-compat.patch @@ -0,0 +1,37 @@ +diff -up netkit-rsh-0.17/rshd/rshd.c.nohostcheck-compat netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.nohostcheck-compat 2007-10-03 13:06:08.000000000 +0200 ++++ netkit-rsh-0.17/rshd/rshd.c 2007-10-03 13:07:15.000000000 +0200 +@@ -90,7 +90,7 @@ char rcsid[] = + static pam_handle_t *pamh; + #endif /* USE_PAM */ + +-#define OPTIONS "ahlLn" ++#define OPTIONS "aDhlLn" + + static int keepalive = 1; + static int check_all = 0; +@@ -658,6 +658,9 @@ main(int argc, char *argv[]) + check_all = 1; + break; + ++ case 'D': ++ break; ++ + case 'h': + allow_root_rhosts = 1; + break; +diff -up netkit-rsh-0.17/rlogind/rlogind.c.nohostcheck-compat netkit-rsh-0.17/rlogind/rlogind.c +--- netkit-rsh-0.17/rlogind/rlogind.c.nohostcheck-compat 2007-10-03 13:06:08.000000000 +0200 ++++ netkit-rsh-0.17/rlogind/rlogind.c 2007-10-03 13:06:45.000000000 +0200 +@@ -450,9 +450,10 @@ int main(int argc, char **argv) { + openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); + + opterr = 0; +- while ((ch = getopt(argc, argv, "ahLln")) != EOF) { ++ while ((ch = getopt(argc, argv, "aDhLln")) != EOF) { + switch (ch) { + case 'a': check_all = 1; break; ++ case 'D': break; + case 'h': allow_root_rhosts = 1; break; + case 'L': deny_all_rhosts_hequiv = 1; break; + case 'l': use_rhosts = 0; break; diff --git a/SOURCES/netkit-rsh-0.17-pam-conv.patch b/SOURCES/netkit-rsh-0.17-pam-conv.patch new file mode 100644 index 00000000..35f2a858 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-pam-conv.patch @@ -0,0 +1,95 @@ +--- netkit-rsh-0.17/rexecd/rexecd.c.pam-conv 2005-10-13 18:42:54.000000000 +0200 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2005-10-13 18:45:30.000000000 +0200 +@@ -178,47 +178,51 @@ + static char *PAM_username; + static char *PAM_password; + +-static int PAM_conv (int num_msg, +- const struct pam_message **msg, +- struct pam_response **resp, +- void *appdata_ptr) { +- int count = 0, replies = 0; +- struct pam_response *reply = NULL; +- int size = sizeof(struct pam_response); +- +- #define GET_MEM if (reply) realloc(reply, size); else reply = malloc(size); \ +- if (!reply) return PAM_CONV_ERR; \ +- size += sizeof(struct pam_response) +- #define COPY_STRING(s) (s) ? strdup(s) : NULL +- +- for (count = 0; count < num_msg; count++) { +- GET_MEM; +- switch (msg[count]->msg_style) { +- case PAM_PROMPT_ECHO_ON: +- reply[replies].resp_retcode = PAM_SUCCESS; +- reply[replies++].resp = COPY_STRING(PAM_username); +- /* PAM frees resp */ +- break; +- case PAM_PROMPT_ECHO_OFF: +- reply[replies].resp_retcode = PAM_SUCCESS; +- reply[replies++].resp = COPY_STRING(PAM_password); +- /* PAM frees resp */ +- break; +- case PAM_TEXT_INFO: +- reply[replies].resp_retcode = PAM_SUCCESS; +- reply[replies++].resp = NULL; +- /* ignore it... */ +- break; +- case PAM_ERROR_MSG: +- reply[replies].resp_retcode = PAM_SUCCESS; +- reply[replies++].resp = NULL; +- /* Must be an error of some sort... */ +- default: +- return PAM_CONV_ERR; +- } +- } +- if (reply) *resp = reply; +- return PAM_SUCCESS; ++static int ++PAM_conv(int num_msg, const struct pam_message **msg, ++ struct pam_response **response, void *appdata_ptr) ++{ ++ struct pam_response *pr; ++ const struct pam_message *pm; ++ int n; ++ ++ if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) ++ return(PAM_CONV_ERR); ++ memset(*response, 0, num_msg * sizeof(struct pam_response)); ++ ++ for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) ++ { ++ switch (pm->msg_style) { ++ case PAM_PROMPT_ECHO_ON: ++ /* XXX: why not pam_set_item(PAM_RUSER) ? */ ++ pr->resp_retcode = PAM_SUCCESS; ++ pr->resp = PAM_username ? strdup(PAM_username) : NULL; ++ /* PAM frees resp */ ++ break; ++ case PAM_PROMPT_ECHO_OFF: ++ pr->resp_retcode = PAM_SUCCESS; ++ pr->resp = PAM_password ? strdup(PAM_password) : NULL; ++ /* PAM frees resp */ ++ break; ++ case PAM_TEXT_INFO: ++ case PAM_ERROR_MSG: ++ /* ignore it... */ ++ pr->resp_retcode = PAM_SUCCESS; ++ pr->resp = NULL; ++ break; ++ default: ++ /* Zero and free allocated memory and return an error. */ ++ for (pr = *response, n = num_msg; n--; pr++) ++ { ++ if (pr->resp) ++ free(pr->resp); ++ } ++ free(*response); ++ *response = NULL; ++ return(PAM_CONV_ERR); ++ } ++ } ++ return PAM_SUCCESS; + } + + static struct pam_conv PAM_conversation = { diff --git a/SOURCES/netkit-rsh-0.17-pam-nologin.patch b/SOURCES/netkit-rsh-0.17-pam-nologin.patch new file mode 100644 index 00000000..e159bf8c --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-pam-nologin.patch @@ -0,0 +1,14 @@ +--- netkit-rsh-0.17-pre20000412/rlogind/auth.c.orig Tue Mar 19 11:46:29 2002 ++++ netkit-rsh-0.17-pre20000412/rlogind/auth.c Wed Apr 17 16:35:43 2002 +@@ -127,7 +127,10 @@ + + network_confirm(); + retval = attempt_auth(); +- if (retval != PAM_SUCCESS) { ++ if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) { ++ syslog(LOG_ERR, "PAM authentication denied for in.rlogind"); ++ exit(1); ++ } else if (retval != PAM_SUCCESS) { + syslog(LOG_ERR, "PAM authentication failed for in.rlogind"); + return -1; + } diff --git a/SOURCES/netkit-rsh-0.17-pam-rhost.patch b/SOURCES/netkit-rsh-0.17-pam-rhost.patch new file mode 100644 index 00000000..ba657a96 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-pam-rhost.patch @@ -0,0 +1,13 @@ +--- netkit-rsh-0.17/rexecd/rexecd.c.pam-rhost 2005-11-28 15:24:14.000000000 +0100 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2005-11-28 15:27:08.000000000 +0100 +@@ -312,7 +312,9 @@ + PAM_password = pass; + pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh); + PAM_BAIL; +- (void) pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */ ++ pam_set_item (pamh, PAM_RUSER, user); ++ pam_set_item (pamh, PAM_RHOST, remote); ++ pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */ + pam_error = pam_authenticate(pamh, 0); + PAM_BAIL; + pam_error = pam_acct_mgmt(pamh, 0); diff --git a/SOURCES/netkit-rsh-0.17-pam-sess.patch b/SOURCES/netkit-rsh-0.17-pam-sess.patch new file mode 100644 index 00000000..bad69715 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-pam-sess.patch @@ -0,0 +1,12 @@ +--- netkit-rsh-0.17/rexecd/rexecd.c.pam-sess 2004-11-17 10:58:27.894345912 +0100 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2004-11-17 10:58:44.794776656 +0100 +@@ -307,6 +307,9 @@ + PAM_BAIL; + pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED); + PAM_BAIL; ++ pam_error = pam_open_session(pamh, 0); ++ PAM_BAIL; ++ pam_close_session(pamh, 0); + pam_end(pamh, PAM_SUCCESS); + /* If this point is reached, the user has been authenticated. */ + setpwent(); diff --git a/SOURCES/netkit-rsh-0.17-pam-warning.patch b/SOURCES/netkit-rsh-0.17-pam-warning.patch new file mode 100644 index 00000000..fcccff2c --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-pam-warning.patch @@ -0,0 +1,17 @@ +diff --git a/rcp/rcp.c b/rcp/rcp.c +index 897185f..635dd49 100644 +--- a/rcp/rcp.c ++++ b/rcp/rcp.c +@@ -721,6 +721,12 @@ sink(int argc, char *argv[]) + (void)write(rem, "", 1); + continue; + } ++ if(*cp == 'W') { ++ while (*cp != '\0') ++ cp++; ++ ++ continue; ++ } + if (*cp != 'C' && *cp != 'D') { + /* + * Check for the case "rcp remote:foo\* local:bar". diff --git a/SOURCES/netkit-rsh-0.17-pam_env.patch b/SOURCES/netkit-rsh-0.17-pam_env.patch new file mode 100644 index 00000000..80448dc2 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-pam_env.patch @@ -0,0 +1,36 @@ +diff -up netkit-rsh-0.17/rshd/rshd.c.pam_env netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.pam_env 2009-03-30 13:20:36.730136943 +0200 ++++ netkit-rsh-0.17/rshd/rshd.c 2009-03-30 13:26:17.202136832 +0200 +@@ -107,6 +107,9 @@ char remotehost[50] = "REMOTEHOST="; + char *envinit[] = + {homedir, shell, path, username, remoteuser, remotehost, 0}; + extern char **environ; ++#ifdef USE_PAM ++static char** env; ++#endif + + static void error(const char *fmt, ...); + static void doit(struct sockaddr_storage *fromp, socklen_t fromlen); +@@ -371,6 +374,9 @@ doit(struct sockaddr_storage *fromp, soc + const char *hostname; + u_short port; + int pv[2], pid, ifd; ++#ifdef USE_PAM ++ int i; ++#endif + + signal(SIGINT, SIG_DFL); + signal(SIGQUIT, SIG_DFL); +@@ -518,6 +524,12 @@ doit(struct sockaddr_storage *fromp, soc + shellname = strrchr(theshell, '/'); + if (shellname) shellname++; + else shellname = theshell; ++#ifdef USE_PAM ++ env = pam_getenvlist(pamh); ++ if (NULL != env) ++ for(i = 0; env[i]; i++) ++ putenv(env[i]); ++#endif + + endpwent(); + if (paranoid) { diff --git a/SOURCES/netkit-rsh-0.17-pre20000412-jbj5.patch b/SOURCES/netkit-rsh-0.17-pre20000412-jbj5.patch new file mode 100644 index 00000000..a65dfe8f --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-pre20000412-jbj5.patch @@ -0,0 +1,29 @@ +--- netkit-rsh-0.17-pre20000412/rlogind/auth.c.jbj5 Sun Jun 18 11:18:37 2000 ++++ netkit-rsh-0.17-pre20000412/rlogind/auth.c Sun Jun 18 11:21:37 2000 +@@ -37,6 +37,7 @@ + #include "rlogind.h" + + #ifdef USE_PAM ++#include + + /* + * Modifications for Linux-PAM: Al Longyear +@@ -158,18 +159,14 @@ + pwd = getpwnam(localuser); + if (pwd==NULL) { + syslog(LOG_ERR, "user returned by PAM does not exist\n"); +- /* don't print this - it tells people which accounts exist */ +- /*fprintf(stderr, "rlogind: internal error\n");*/ + return -1; + } + if (setgid(pwd->pw_gid) != 0) { + syslog(LOG_ERR, "cannot assume gid for user returned by PAM\n"); +- fprintf(stderr, "rlogind: internal error\n"); + return -1; + } + if (initgroups(localuser, pwd->pw_gid) != 0) { + syslog(LOG_ERR, "initgroups failed for user returned by PAM\n"); +- fprintf(stderr, "rlogind: internal error\n"); + return -1; + } + retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); diff --git a/SOURCES/netkit-rsh-0.17-rcp-largefile.patch b/SOURCES/netkit-rsh-0.17-rcp-largefile.patch new file mode 100644 index 00000000..5a77267d --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rcp-largefile.patch @@ -0,0 +1,11 @@ +--- netkit-rsh-0.17/rcp/rcp.c.largefile 2005-11-24 10:38:12.000000000 +0100 ++++ netkit-rsh-0.17/rcp/rcp.c 2005-11-24 10:40:28.000000000 +0100 +@@ -482,7 +482,7 @@ + } + } + (void)snprintf(buf, sizeof(buf), +- "C%04o %lld %s\n", stb.st_mode&07777, (long long)(stb.st_size), last); ++ "C%04o %llu %s\n", stb.st_mode&07777, (unsigned long long)(stb.st_size), last); + (void)write(rem, buf, (int)strlen(buf)); + if (response() < 0) { + (void)close(f); diff --git a/SOURCES/netkit-rsh-0.17-remote-close.patch b/SOURCES/netkit-rsh-0.17-remote-close.patch new file mode 100644 index 00000000..dfa4cc0a --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-remote-close.patch @@ -0,0 +1,12 @@ +diff --git a/rshd/rshd.c b/rshd/rshd.c +index 546b908..9b0024e 100644 +--- a/rshd/rshd.c ++++ b/rshd/rshd.c +@@ -212,6 +212,7 @@ static void stderr_parent(int sock, int pype, int pid) { + if (cc <= 0) { + shutdown(sock, 2); + FD_CLR(pype, &readfrom); ++ close(sock); + guys--; + } + else write(sock, buf, cc); diff --git a/SOURCES/netkit-rsh-0.17-rexec-cmdbuflen.patch b/SOURCES/netkit-rsh-0.17-rexec-cmdbuflen.patch new file mode 100644 index 00000000..451153a5 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rexec-cmdbuflen.patch @@ -0,0 +1,34 @@ +diff -up netkit-rsh-0.17/rexecd/rexecd.c netkit-rsh-0.17/rexecd/rexecd.c +--- netkit-rsh-0.17/rexecd/rexecd.c 2017-10-17 10:50:49.508905643 +0200 ++++ netkit-rsh-0.17/rexecd/rexecd.c 2017-10-17 11:47:32.563051760 +0200 +@@ -261,7 +261,14 @@ doit(struct sockaddr_in *fromp) + fatal ("sysconf (_SC_ARG_MAX) failed\n"); + } + +- cmdbuf = malloc (++cmdbuflen); ++ cmdbuflen++; ++ /* Decrease cmdbuflen to reasonable number if it's too high */ ++ if ((size_t) cmdbuflen > 131072) { ++ cmdbuflen = 131072; ++ syslog (LOG_INFO, "Decreasing cmdbuflen because it was too high (>131072 bytes)"); ++ } ++ ++ cmdbuf = malloc (cmdbuflen); + if (cmdbuf == NULL) { + syslog (LOG_ERR, "Could not allocate space for cmdbuf"); + fatal ("Could not allocate space for cmdbuf\n"); +diff -up netkit-rsh-0.17/rshd/rshd.c netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c 2017-10-17 11:26:15.192221595 +0200 ++++ netkit-rsh-0.17/rshd/rshd.c 2017-10-17 11:47:26.065986220 +0200 +@@ -433,8 +433,10 @@ doit(struct sockaddr_storage *fromp, soc + + cmdbuflen++; + /* Decrease cmdbuflen to reasonable number if it's too high */ +- if ((size_t) cmdbuflen > 131072) ++ if ((size_t) cmdbuflen > 131072) { + cmdbuflen = 131072; ++ syslog (LOG_INFO, "Decreasing cmdbuflen because it was too high (>131072 bytes)"); ++ } + + cmdbuf = malloc (cmdbuflen); + if (cmdbuf == NULL) { diff --git a/SOURCES/netkit-rsh-0.17-rexec-netrc.patch b/SOURCES/netkit-rsh-0.17-rexec-netrc.patch new file mode 100644 index 00000000..41e7dd7a --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rexec-netrc.patch @@ -0,0 +1,251 @@ +--- netkit-rsh-0.17/rexec/ruserpass.c.netrc 2004-10-14 12:02:04.000000000 -0500 ++++ netkit-rsh-0.17/rexec/ruserpass.c 2004-10-14 12:14:14.000000000 -0500 +@@ -0,0 +1,214 @@ ++/* ++ * Copyright (c) 1985 Regents of the University of California. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by the University of ++ * California, Berkeley and its contributors. ++ * 4. Neither the name of the University nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++/* ++ * from: @(#)ruserpass.c 5.3 (Berkeley) 3/1/91 ++ */ ++char ruserpass_rcsid[] = ++ "$Id: ruserpass.c,v 1.9 1999/10/02 19:12:33 dholland Exp $"; ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static FILE *cfile; ++static int token(void); ++ ++#define MACBUF_LEN 4096 ++ ++#define DEFAULT 1 ++#define LOGIN 2 ++#define PASSWD 3 ++#define ACCOUNT 4 ++#define MACDEF 5 ++#define ID 10 ++#define MACH 11 ++ ++static char tokval[100]; ++ ++static struct toktab { ++ const char *tokstr; ++ int tval; ++} toktab[]= { ++ { "default", DEFAULT }, ++ { "login", LOGIN }, ++ { "password", PASSWD }, ++ { "passwd", PASSWD }, ++ { "account", ACCOUNT }, ++ { "machine", MACH }, ++ { "macdef", MACDEF }, ++ { NULL, 0 } ++}; ++ ++int ++xruserpass(const char *host, char **aname, char **apass) ++{ ++ const char *hdir; ++ char buf[BUFSIZ], *tmp; ++ char myname[MAXHOSTNAMELEN]; ++ const char *mydomain; ++ int t, usedefault = 0; ++ struct stat stb; ++ ++ hdir = getenv("HOME"); ++ if (hdir == NULL) ++ hdir = "."; ++ snprintf(buf, sizeof(buf), "%s/.netrc", hdir); ++ cfile = fopen(buf, "r"); ++ if (cfile == NULL) { ++ if (errno != ENOENT) ++ perror(buf); ++ return(0); ++ } ++ if (gethostname(myname, sizeof(myname)) < 0) ++ myname[0] = '\0'; ++ if ((mydomain = strchr(myname, '.')) == NULL) ++ mydomain = ""; ++next: ++ while ((t = token())) switch(t) { ++ ++ case DEFAULT: ++ usedefault = 1; ++ /* FALL THROUGH */ ++ ++ case MACH: ++ if (!usedefault) { ++ if (token() != ID) ++ continue; ++ /* ++ * Allow match of incompletely-specified host in ++ * local domain. ++ */ ++ if (strcasecmp(host, tokval) == 0) ++ goto match; ++ if ((tmp = index(host, '.')) != NULL && ++ strcasecmp(tmp, mydomain) == 0 && ++ strncasecmp(host, tokval, tmp - host) == 0 && ++ tokval[tmp - host] == '\0') ++ goto match; ++ continue; ++ } ++ match: ++ while ((t = token()) && t != MACH && t != DEFAULT) switch(t) { ++ ++ case LOGIN: ++ if (token()) { ++ if (*aname == 0) { ++ *aname = malloc((unsigned) strlen(tokval) + 1); ++ (void) strcpy(*aname, tokval); ++ } else { ++ if (strcmp(*aname, tokval)) ++ goto next; ++ } ++ } ++ break; ++ case PASSWD: ++ if (*aname==NULL) { ++ fprintf(stderr, "Error: `password' must follow `login' in .netrc\n"); ++ goto bad; ++ } ++ if (strcmp(*aname, "anonymous") && ++ fstat(fileno(cfile), &stb) >= 0 && ++ (stb.st_mode & 077) != 0) { ++ fprintf(stderr, "Error - .netrc file not correct permissions.\n"); ++ fprintf(stderr, "Remove password or correct mode (should be 600).\n"); ++ goto bad; ++ } ++ if (token() && *apass == 0) { ++ *apass = malloc((unsigned) strlen(tokval) + 1); ++ (void) strcpy(*apass, tokval); ++ } ++ break; ++ case ACCOUNT: ++ break; ++ case MACDEF: ++ break; ++ default: ++ fprintf(stderr, "Unknown .netrc keyword %s\n", tokval); ++ break; ++ } ++ goto done; ++ } ++done: ++ (void) fclose(cfile); ++ return(0); ++bad: ++ (void) fclose(cfile); ++ return(-1); ++} ++ ++static ++int ++token(void) ++{ ++ char *cp; ++ int c; ++ struct toktab *t; ++ ++ if (feof(cfile)) ++ return (0); ++ while ((c = getc(cfile)) != EOF && ++ (c == '\n' || c == '\t' || c == ' ' || c == ',')) ++ continue; ++ if (c == EOF) ++ return (0); ++ cp = tokval; ++ if (c == '"') { ++ while ((c = getc(cfile)) != EOF && c != '"') { ++ if (c == '\\') ++ c = getc(cfile); ++ *cp++ = c; ++ } ++ } else { ++ *cp++ = c; ++ while ((c = getc(cfile)) != EOF ++ && c != '\n' && c != '\t' && c != ' ' && c != ',') { ++ if (c == '\\') ++ c = getc(cfile); ++ *cp++ = c; ++ } ++ } ++ *cp = 0; ++ if (tokval[0] == 0) ++ return (0); ++ for (t = toktab; t->tokstr; t++) ++ if (!strcmp(t->tokstr, tokval)) ++ return (t->tval); ++ return (ID); ++} +--- netkit-rsh-0.17/rexec/rexec.c.netrc 2004-10-14 12:02:04.000000000 -0500 ++++ netkit-rsh-0.17/rexec/rexec.c 2004-10-14 12:16:46.000000000 -0500 +@@ -100,6 +100,8 @@ + void echo_sig(int sig); + void safe_write_error(const char *message); + ++int xruserpass(const char *host, char **aname, char **apass); ++ + /* These need to be global for signal passing. */ + int aux_sock=-1; /* Socket for auxiliary channel. */ + int extra_error = 1; /* Setup special channel for standard error? */ +@@ -165,7 +167,10 @@ + a newline. */ + passwd = getpass("Password: "); + } else { +- ++ if (xruserpass(host, &user_name, &passwd) < 0) { ++ user_name = NULL; ++ passwd = NULL; ++ } + if ( user_name == NULL ) + user_name = getenv("REXEC_USER"); + if ( user_name == NULL ) { +--- netkit-rsh-0.17/rexec/Makefile.netrc 2004-10-14 12:15:30.000000000 -0500 ++++ netkit-rsh-0.17/rexec/Makefile 2004-10-14 12:03:37.000000000 -0500 +@@ -11,7 +11,7 @@ + + all: rexec + +-rexec: rexec.c ++rexec: rexec.o ruserpass.o + + rexec.1: + diff --git a/SOURCES/netkit-rsh-0.17-rexec-sig.patch b/SOURCES/netkit-rsh-0.17-rexec-sig.patch new file mode 100644 index 00000000..05d29370 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rexec-sig.patch @@ -0,0 +1,17 @@ +--- netkit-rsh-0.17/rexec/rexec.c.rexec-sig 2004-11-17 16:51:37.000000000 +0100 ++++ netkit-rsh-0.17/rexec/rexec.c 2004-11-17 17:17:12.844628352 +0100 +@@ -434,10 +434,10 @@ + break; + default: + if ( sigaction(sig, NULL, &action) < 0 ) +- { +- perror(progname); +- exit(1); +- } ++ /* in the signal(7) you can found "...except SIGKILL and SIGSTOP", ++ * but we detect problems with more signals... ++ */ ++ return; + if ( action.sa_handler != SIG_IGN ) + { + action.sa_handler = handler; diff --git a/SOURCES/netkit-rsh-0.17-rexec.patch b/SOURCES/netkit-rsh-0.17-rexec.patch new file mode 100644 index 00000000..1b582b85 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rexec.patch @@ -0,0 +1,55 @@ +--- netkit-rsh-0.10/rexecd/rexecd.8.rexec Mon Jul 15 03:53:47 1996 ++++ netkit-rsh-0.10/rexecd/rexecd.8 Fri Jul 30 19:13:15 1999 +@@ -68,8 +68,9 @@ + it is interpreted as the port number of a secondary + stream to be used for the + .Em stderr . +-A second connection is then created to the specified +-port on the client's machine. ++A second connection will be created to the specified ++port on the client's machine after receiving and authenticating ++the user, password, and command from the client. + .It + A NUL terminated user name of at most 16 characters + is retrieved on the initial socket. +--- netkit-rsh-0.10/rexec/Makefile.rexec Thu Jul 29 23:32:28 1999 ++++ netkit-rsh-0.10/rexec/Makefile Fri Jul 30 19:14:15 1999 +@@ -1,30 +1,23 @@ + + SHELL = /bin/sh + +-BINDIR = /usr/local/bin +-MANDIR = /usr/local/man/man1 ++include ../MCONFIG ++include ../MRULES + + # Uncomment this line if you get link errors under Solaris + #LDLIBS=-lsocket -lnsl + + .PHONY: all + +-all: rexec install ++all: rexec + + rexec: rexec.c + + rexec.1: + ++clean: ++ rm -f *.o rexec ++ + install: rexec rexec.1 +- @ echo "Installation: Press enter for defaults."; \ +- echo -n "Enter the location to install executable "; \ +- echo -n " (default: $(BINDIR)): "; \ +- read bindir; \ +- bindir=$${bindir:-$(BINDIR)}; \ +- echo -n "Enter the manpage location (default $(MANDIR)): ";\ +- read mandir; \ +- mandir=$${mandir:-$(MANDIR)}; \ +- cp rexec $$bindir; \ +- chmod a+rx $${bindir}/rexec; \ +- cp rexec.1 $$mandir; \ +- chmod a+r $${mandir}/rexec.1 ++ install -m 0755 rexec $(INSTALLROOT)/$(BINDIR)/rexec ++ install -m 0644 rexec.1 $(INSTALLROOT)/$(MANDIR)/man1/rexec.1 diff --git a/SOURCES/netkit-rsh-0.17-rh448904.patch b/SOURCES/netkit-rsh-0.17-rh448904.patch new file mode 100644 index 00000000..560dcff4 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rh448904.patch @@ -0,0 +1,26 @@ +diff -up netkit-rsh-0.17/rshd/rshd.c.rh448904 netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.rh448904 2008-10-03 13:52:58.000000000 +0200 ++++ netkit-rsh-0.17/rshd/rshd.c 2008-10-03 13:55:54.000000000 +0200 +@@ -382,6 +382,7 @@ static int log_audit(const char *usernam + int success) + { + #ifdef USE_AUDIT ++ int err; + int audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno != EINVAL && errno != EPROTONOSUPPORT && +@@ -391,8 +392,13 @@ static int log_audit(const char *usernam + int rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, + NULL, "login", username, uid, hostname, NULL, + "rsh", success); ++ err = errno; + close(audit_fd); +- if (rc <= 0) ++ /* ++ * ECONNREFUSED is returned when kernel is compiled without ++ * audit support ++ */ ++ if (rc <= 0 && err != ECONNREFUSED) + return 1; + } + #endif diff --git a/SOURCES/netkit-rsh-0.17-rh461903.patch b/SOURCES/netkit-rsh-0.17-rh461903.patch new file mode 100644 index 00000000..307ead36 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rh461903.patch @@ -0,0 +1,17 @@ +diff -up netkit-rsh-0.17/rcp/rcp.c.closeerr netkit-rsh-0.17/rcp/rcp.c +--- netkit-rsh-0.17/rcp/rcp.c.closeerr 2008-09-10 12:07:43.000000000 +0200 ++++ netkit-rsh-0.17/rcp/rcp.c 2008-09-10 12:30:57.000000000 +0200 +@@ -810,7 +810,11 @@ bad: error("rcp: %s: %s\n", np, strerr + strerror(errno)); + wrerr = DISPLAYED; + } +- (void)close(ofd); ++ if (close(ofd) != 0) { ++ error("rcp: error closing %s: %s\n", np, ++ strerror(errno)); ++ wrerr = DISPLAYED; ++ } + (void)response(); + if (setimes && wrerr == NO) { + setimes = 0; + diff --git a/SOURCES/netkit-rsh-0.17-rh473492.patch b/SOURCES/netkit-rsh-0.17-rh473492.patch new file mode 100644 index 00000000..51d91e38 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rh473492.patch @@ -0,0 +1,64 @@ +diff -up netkit-rsh-0.17/rexec/rexec.c.patch netkit-rsh-0.17/rexec/rexec.c +--- netkit-rsh-0.17/rexec/rexec.c.patch 2010-01-05 15:24:44.000000000 +0100 ++++ netkit-rsh-0.17/rexec/rexec.c 2010-01-05 16:06:55.927098704 +0100 +@@ -300,14 +300,29 @@ void parse_options(char *argv[], int arg + { + case 'l': + if (optarg != NULL) +- *user_name=strcpy((char *)malloc((strlen(optarg)+1)*sizeof(char)),optarg); ++ { ++ *user_name = malloc((strlen(optarg)+1)*sizeof(char)); ++ if(*user_name == NULL) ++ { ++ fprintf(stderr, "%s: can't allocate memory!\n", argv[0]); ++ exit(1); ++ } ++ strcpy(*user_name,optarg); ++ } + break; + case 'p': + if ( optarg!= NULL ) + { + int passlen = strlen(optarg); + +- *passwd=strcpy((char *)malloc((passlen+1)*sizeof(char)),optarg); ++ *passwd = malloc((char *)malloc((passlen+1)*sizeof(char))); ++ if(*passwd == NULL) ++ { ++ fprintf(stderr, "%s: can't allocate memory!\n", argv[0]); ++ exit(1); ++ } ++ strcpy(*passwd,optarg); ++ + for (ind = 0; ind < passlen; ++ind) + optarg[ind] = '\0'; + } +@@ -356,6 +371,12 @@ void parse_options(char *argv[], int arg + for ( ind = optind; ind < argc; ++ind) + len += strlen(argv[ind])+1; + *command = (char *) malloc((len+1)*sizeof(char)); ++ if ( *command == NULL ) ++ { ++ fprintf(stderr, "%s: can't allocate memory!\n", argv[0]); ++ exit(1); ++ } ++ + **command = '\0'; + for ( ind = optind; ind < argc; ++ind) { + if ( ind > optind ) { +diff -up netkit-rsh-0.17/rshd/rshd.c.patch netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.patch 2010-01-05 15:24:44.000000000 +0100 ++++ netkit-rsh-0.17/rshd/rshd.c 2010-01-05 15:46:39.718973390 +0100 +@@ -562,7 +562,11 @@ doit(struct sockaddr_storage *fromp, soc + environ = envinit; + + if (chdir(pwd->pw_dir) < 0) { +- chdir("/"); ++ if(chdir("/") < 0) ++ { ++ error("No remote directory and can't chdir to root.\n"); ++ exit(1); ++ } + /* + * error("No remote directory.\n"); + * exit(1); diff --git a/SOURCES/netkit-rsh-0.17-rh650119.patch b/SOURCES/netkit-rsh-0.17-rh650119.patch new file mode 100644 index 00000000..0881c18b --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rh650119.patch @@ -0,0 +1,12 @@ +diff -up netkit-rsh-0.17/rexec/rexec.c.rh650119 netkit-rsh-0.17/rexec/rexec.c +--- netkit-rsh-0.17/rexec/rexec.c.rh650119 2010-11-08 13:14:20.946845218 +0100 ++++ netkit-rsh-0.17/rexec/rexec.c 2010-11-08 13:14:36.126838888 +0100 +@@ -315,7 +315,7 @@ void parse_options(char *argv[], int arg + { + int passlen = strlen(optarg); + +- *passwd = malloc((char *)malloc((passlen+1)*sizeof(char))); ++ *passwd = (char *)malloc((passlen+1)*sizeof(char)); + if(*passwd == NULL) + { + fprintf(stderr, "%s: can't allocate memory!\n", argv[0]); diff --git a/SOURCES/netkit-rsh-0.17-rh710987.patch b/SOURCES/netkit-rsh-0.17-rh710987.patch new file mode 100644 index 00000000..c614cc9f --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rh710987.patch @@ -0,0 +1,19 @@ +diff -up netkit-rsh-0.17/rshd/rshd.c.rh710987 netkit-rsh-0.17/rshd/rshd.c +--- netkit-rsh-0.17/rshd/rshd.c.rh710987 2011-10-26 17:49:22.559772285 +0200 ++++ netkit-rsh-0.17/rshd/rshd.c 2011-10-26 17:49:29.229771822 +0200 +@@ -487,7 +487,6 @@ doit(struct sockaddr_storage *fromp, soc + hostname = findhostname((struct sockaddr *)fromp, fromlen, + remuser, locuser, cmdbuf); + +- setpwent(); + pwd = doauth(remuser, hostname, locuser); + if (pwd == NULL) { + if (log_audit(remuser, -1, hostname, 0) > 0) { +@@ -600,7 +599,6 @@ doit(struct sockaddr_storage *fromp, soc + putenv(env[i]); + #endif + +- endpwent(); + if (paranoid) { + syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%s'", + remuser, hostname, locuser, cmdbuf); diff --git a/SOURCES/netkit-rsh-0.17-rh784467.patch b/SOURCES/netkit-rsh-0.17-rh784467.patch new file mode 100644 index 00000000..9f24ada1 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rh784467.patch @@ -0,0 +1,50 @@ +diff -up netkit-rsh-0.17/rcp/rcp.c.rh784467 netkit-rsh-0.17/rcp/rcp.c +--- netkit-rsh-0.17/rcp/rcp.c.rh784467 2012-01-31 15:47:57.996697245 +0100 ++++ netkit-rsh-0.17/rcp/rcp.c 2012-01-31 17:11:23.489578305 +0100 +@@ -511,6 +511,37 @@ notreg: (void)close(f); + } + } + ++static char * ++rcp_basename(char *path) ++{ ++ char *bname; ++ ++ if (path == NULL || *path == '\0') ++ return NULL; ++ ++retry: ++ /* Note this is GNU basename */ ++ bname = basename(path); ++ if (*bname == '\0') { ++ /* path ends with '/', strip them all */ ++ char *end = path + strlen(path) - 1; ++ while (path <= end && *end == '/') { ++ *end = '\0'; ++ end--; ++ } ++ ++ if (end < path) { ++ /* The path consists only from '/' chars */ ++ *path = '/'; ++ return path; ++ } else { ++ /* We removed all trailing '/' characters */ ++ goto retry; ++ } ++ } else ++ return bname; ++} ++ + static void + rsource(char *name, struct stat *statp) + { +@@ -522,7 +553,7 @@ rsource(char *name, struct stat *statp) + error("rcp: %s: %s\n", name, strerror(errno)); + return; + } +- last = strrchr(name, '/'); ++ last = rcp_basename(name); + if (last == 0) + last = name; + else diff --git a/SOURCES/netkit-rsh-0.17-rh896583.patch b/SOURCES/netkit-rsh-0.17-rh896583.patch new file mode 100644 index 00000000..447c79a8 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rh896583.patch @@ -0,0 +1,22 @@ +--- rshd/rshd.c.orig 2013-01-17 14:33:14.694727753 +0000 ++++ rshd/rshd.c 2013-01-17 14:43:53.302906217 +0000 +@@ -531,6 +531,19 @@ + close(pv[0]); + dup2(pv[1], 2); + close(pv[1]); ++ } else { ++ pid = fork(); ++ if (pid == -1) { ++ error("Can't fork; try again.\n"); ++ exit(1); ++ } ++ if (pid) { ++ waitpid(pid, NULL, 0); ++ pam_close_session(pamh, 0); ++ pam_end(pamh, PAM_SUCCESS); ++ exit(0); ++ } ++ setpgrp(); + } + theshell = pwd->pw_shell; + if (!theshell || !*theshell) { diff --git a/SOURCES/netkit-rsh-0.17-rh947213.patch b/SOURCES/netkit-rsh-0.17-rh947213.patch new file mode 100644 index 00000000..155f8739 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rh947213.patch @@ -0,0 +1,65 @@ +diff -up netkit-rsh-0.17/rlogind/rlogind.c.rh947213 netkit-rsh-0.17/rlogind/rlogind.c +--- netkit-rsh-0.17/rlogind/rlogind.c.rh947213 2013-04-11 14:18:47.481715853 +0200 ++++ netkit-rsh-0.17/rlogind/rlogind.c 2013-04-11 14:32:50.807780164 +0200 +@@ -67,12 +67,13 @@ char rcsid[] = + #include + #include + #include ++#include ++#include + + #include "pathnames.h" + #include "logwtmp.h" + #include "rlogind.h" + +-pid_t forkpty(int *, char *, struct termios *, struct winsize *); + int logout(const char *); + + #ifndef TIOCPKT_WINDOW +@@ -389,7 +390,7 @@ static void getstr(char *buf, int cnt, c + } + + static void doit(int netfd) { +- int master, pid, on = 1; ++ int master, slave, r, pid, on = 1; + int authenticated = 0; + char *hname; + int hostok; +@@ -421,12 +422,34 @@ static void doit(int netfd) { + write(netfd, "rlogind: Host address mismatch.\r\n", 33); + } + +- pid = forkpty(&master, line, NULL, &win); +- if (pid < 0) { ++ /* We can no longer call forkpty here (a convenience routine that combines ++ openpty, fork, and login_tty) because, with forkpty, the slave end of ++ the pty is open only in the child process. The child process execs ++ /bin/login which now closes all open file descriptors before doing a ++ vhangup (see lkml.org/lkml/2012/6/5/145), and this resets packet mode ++ on the pty, undoing the effect of the ioctl(master, TIOCPKT, &on) call ++ made by the parent. ++ ++ Instead, we call openpty, fork, and login_tty individually, so that we ++ can keep a file descriptor to the slave open in the parent process, ++ thereby retaining packet mode even when the child closes file descriptors ++ to call vhangup. */ ++ r = openpty(&master, &slave, line, NULL, &win); ++ if (r < 0) { + if (errno == ENOENT) fatal(netfd, "Out of ptys", 0); +- fatal(netfd, "Forkpty", 1); ++ fatal(netfd, "Openpty", 1); ++ } ++ ++ signal(SIGHUP, SIG_IGN); ++ ++ pid = fork(); ++ if (pid < 0) { ++ fatal(netfd, "Fork", 1); + } ++ + if (pid == 0) { ++ close(master); ++ login_tty(slave); + /* netfd should always be 0, but... */ + if (netfd > 2) close(netfd); + child(hname, termtype, lusername, authenticated, rusername); diff --git a/SOURCES/netkit-rsh-0.17-rlogin-linefeed.patch b/SOURCES/netkit-rsh-0.17-rlogin-linefeed.patch new file mode 100644 index 00000000..51b4941d --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-rlogin-linefeed.patch @@ -0,0 +1,58 @@ +--- netkit-rsh-0.17/rlogind/sockconv.c.linefeed 1999-10-02 23:50:52.000000000 +0200 ++++ netkit-rsh-0.17/rlogind/sockconv.c 2006-07-17 14:30:50.000000000 +0200 +@@ -86,6 +86,35 @@ + return (text); + } + ++/* conver \n to \r\n and also terminate string by \r\n */ ++static void my_fputs(char *str, FILE *out) ++{ ++ char *p = str, *last = str; ++ ++ while(p && *p) { ++ if ((p=strchr(p, '\n')) && (p==str || *(p-1)!='\r')) { ++ /* convert \n to \n\r */ ++ fwrite((const void *) last, 1, p-last, out); ++ fputs("\r\n", out); ++ p++; ++ last = p; ++ } ++ else if (p && *(p+1)) ++ /* \r\n already in strimg, continue... */ ++ p++; ++ else { ++ /* write the rest of string */ ++ int len = strlen(str); ++ ++ fwrite((const void *) last, 1, len-(last-str), out); ++ if (*(str+(len-1)) != '\n') ++ fputs("\r\n", out); /* terminate output */ ++ break; ++ } ++ } ++} ++ ++ + static void drop_reply(struct pam_response *reply, int replies) + { + int i; +@@ -126,16 +155,15 @@ + } + break; + case PAM_ERROR_MSG: +- fprintf(stderr,"%s\n",msgm[replies]->msg); ++ my_fputs(msgm[replies]->msg, stderr); + string = NULL; +- + break; + case PAM_TEXT_INFO: +- fprintf(stderr,"%s\n",msgm[replies]->msg); ++ my_fputs(msgm[replies]->msg, stderr); + string = NULL; + break; + default: +- fprintf(stderr, "erroneous conversation (%d)\n" ++ fprintf(stderr, "erroneous conversation (%d)\r\n" + ,msgm[replies]->msg_style); + drop_reply(reply,replies); + return (PAM_CONV_ERR); diff --git a/SOURCES/netkit-rsh-0.17-sectty.patch b/SOURCES/netkit-rsh-0.17-sectty.patch new file mode 100644 index 00000000..dd723de8 --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-sectty.patch @@ -0,0 +1,32 @@ +--- netkit-rsh-0.17-pre20000412/rexecd/rexecd.c.sectty Sat Oct 2 17:50:52 1999 ++++ netkit-rsh-0.17-pre20000412/rexecd/rexecd.c Mon Feb 5 16:42:29 2001 +@@ -300,6 +300,7 @@ + PAM_password = pass; + pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh); + PAM_BAIL; ++ (void) pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */ + pam_error = pam_authenticate(pamh, 0); + PAM_BAIL; + pam_error = pam_acct_mgmt(pamh, 0); +--- netkit-rsh-0.17-pre20000412/rlogind/auth.c.sectty Mon Feb 5 16:43:46 2001 ++++ netkit-rsh-0.17-pre20000412/rlogind/auth.c Mon Feb 5 16:44:28 2001 +@@ -123,7 +123,7 @@ + pam_set_item(pamh, PAM_USER, localuser); + pam_set_item(pamh, PAM_RUSER, remoteuser); + pam_set_item(pamh, PAM_RHOST, host); +- pam_set_item(pamh, PAM_TTY, "tty"); /* ? */ ++ pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */ + + network_confirm(); + retval = attempt_auth(); +--- netkit-rsh-0.17-pre20000412/rshd/rshd.c.sectty Mon Feb 5 16:43:52 2001 ++++ netkit-rsh-0.17-pre20000412/rshd/rshd.c Mon Feb 5 16:44:42 2001 +@@ -243,7 +243,7 @@ + } + pam_set_item (pamh, PAM_RUSER, remuser); + pam_set_item (pamh, PAM_RHOST, hostname); +- pam_set_item (pamh, PAM_TTY, "tty"); ++ pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */ + + retcode = pam_authenticate(pamh, 0); + if (retcode == PAM_SUCCESS) { diff --git a/SOURCES/netkit-rsh-0.17-strip.patch b/SOURCES/netkit-rsh-0.17-strip.patch new file mode 100644 index 00000000..dd29135c --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-strip.patch @@ -0,0 +1,66 @@ +--- netkit-rsh-0.17/rcp/Makefile.strip Wed Jun 19 16:47:42 2002 ++++ netkit-rsh-0.17/rcp/Makefile Wed Jun 19 17:01:11 2002 +@@ -7,7 +7,7 @@ + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + + install: rcp +- install -s rcp $(INSTALLROOT)$(BINDIR) ++ install rcp $(INSTALLROOT)$(BINDIR) + install -m$(MANMODE) rcp.1 $(INSTALLROOT)$(MANDIR)/man1 + + clean: +--- netkit-rsh-0.17/rexecd/Makefile.strip Sun Dec 12 19:05:00 1999 ++++ netkit-rsh-0.17/rexecd/Makefile Wed Jun 19 17:01:41 2002 +@@ -27,7 +27,7 @@ + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + + install: rexecd +- install -s -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd ++ install -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd + install -m$(MANMODE) rexecd.8 $(INSTALLROOT)$(MANDIR)/man8/in.rexecd.8 + ln -sf in.rexecd.8 $(INSTALLROOT)$(MANDIR)/man8/rexecd.8 + ifeq ($(USE_PAM),1) +--- netkit-rsh-0.17/rlogin/Makefile.strip Wed Jun 19 16:47:42 2002 ++++ netkit-rsh-0.17/rlogin/Makefile Wed Jun 19 17:02:06 2002 +@@ -10,7 +10,7 @@ + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + + install: $(PROG) +- install -s $(PROG) $(INSTALLROOT)$(BINDIR) ++ install $(PROG) $(INSTALLROOT)$(BINDIR) + install -m $(MANMODE) $(PROG).1 $(INSTALLROOT)$(MANDIR)/man1 + + clean: +--- netkit-rsh-0.17/rlogind/Makefile.strip Sun Dec 12 19:05:01 1999 ++++ netkit-rsh-0.17/rlogind/Makefile Wed Jun 19 17:02:26 2002 +@@ -20,7 +20,7 @@ + auth.o network.o: rlogind.h + + install: rlogind +- install -s -m$(DAEMONMODE) rlogind $(INSTALLROOT)$(SBINDIR)/in.rlogind ++ install -m$(DAEMONMODE) rlogind $(INSTALLROOT)$(SBINDIR)/in.rlogind + install -m$(MANMODE) rlogind.8 $(INSTALLROOT)$(MANDIR)/man8/in.rlogind.8 + ln -sf in.rlogind.8 $(INSTALLROOT)$(MANDIR)/man8/rlogind.8 + +--- netkit-rsh-0.17/rsh/Makefile.strip Wed Jun 19 16:47:42 2002 ++++ netkit-rsh-0.17/rsh/Makefile Wed Jun 19 17:02:45 2002 +@@ -9,7 +9,7 @@ + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + + install: rsh +- install -s rsh $(INSTALLROOT)$(BINDIR) ++ install rsh $(INSTALLROOT)$(BINDIR) + install -m$(MANMODE) rsh.1 $(INSTALLROOT)$(MANDIR)/man1 + + clean: +--- netkit-rsh-0.17/rshd/Makefile.strip Wed Jun 19 16:47:42 2002 ++++ netkit-rsh-0.17/rshd/Makefile Wed Jun 19 17:02:59 2002 +@@ -14,7 +14,7 @@ + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + + install: rshd +- install -s -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd ++ install -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd + install -m$(MANMODE) rshd.8 $(INSTALLROOT)$(MANDIR)/man8/in.rshd.8 + ln -sf in.rshd.8 $(INSTALLROOT)$(MANDIR)/man8/rshd.8 + diff --git a/SOURCES/netkit-rsh-0.17-userandhost.patch b/SOURCES/netkit-rsh-0.17-userandhost.patch new file mode 100644 index 00000000..a5b760cd --- /dev/null +++ b/SOURCES/netkit-rsh-0.17-userandhost.patch @@ -0,0 +1,70 @@ +--- netkit-rsh-0.17/rlogind/rlogind.c.userandhost 2000-07-23 05:07:58.000000000 +0200 ++++ netkit-rsh-0.17/rlogind/rlogind.c 2003-01-17 17:31:25.000000000 +0100 +@@ -333,9 +333,10 @@ + + + static void child(const char *hname, const char *termtype, +- const char *localuser, int authenticated) ++ const char *localuser, int authenticated, ++ const char *rusername) + { +- char *termenv[2]; ++ char *termenv[4]; + + setup_term(0, termtype); + +@@ -344,7 +345,17 @@ + strcpy(termenv[0], "TERM="); + strcat(termenv[0], termtype); + } +- termenv[1] = NULL; ++ termenv[1] = malloc(strlen(rusername)+12); ++ if (termenv[1]) { /* shouldn't ever fail, mind you */ ++ strcpy(termenv[1], "REMOTEUSER="); ++ strcat(termenv[1], rusername); ++ } ++ termenv[2] = malloc(strlen(hname)+12); ++ if (termenv[2]) { /* shouldn't ever fail, mind you */ ++ strcpy(termenv[2], "REMOTEHOST="); ++ strcat(termenv[2], hname); ++ } ++ termenv[3] = NULL; + + if (authenticated) { + auth_finish(); +@@ -420,7 +431,7 @@ + if (pid == 0) { + /* netfd should always be 0, but... */ + if (netfd > 2) close(netfd); +- child(hname, termtype, lusername, authenticated); ++ child(hname, termtype, lusername, authenticated, rusername); + } + on = 1; + ioctl(netfd, FIONBIO, &on); +--- netkit-rsh-0.17/rshd/rshd.c.userandhost 2003-01-17 17:25:22.000000000 +0100 ++++ netkit-rsh-0.17/rshd/rshd.c 2003-01-17 17:25:22.000000000 +0100 +@@ -102,8 +102,10 @@ + char homedir[64] = "HOME="; + char shell[64] = "SHELL="; + char path[100] = "PATH="; ++char remoteuser[20] = "REMOTEUSER="; ++char remotehost[50] = "REMOTEHOST="; + char *envinit[] = +- {homedir, shell, path, username, 0}; ++ {homedir, shell, path, username, remoteuser, remotehost, 0}; + extern char **environ; + + static void error(const char *fmt, ...); +@@ -460,6 +462,12 @@ + strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); + homedir[sizeof(homedir)-1] = 0; + ++ strncat(remoteuser, remuser, sizeof(remoteuser)-12); ++ remoteuser[sizeof(remoteuser)-1] = 0; ++ ++ strncat(remotehost, hostname, sizeof(remotehost)-12); ++ remotehost[sizeof(remotehost)-1] = 0; ++ + strcat(path, _PATH_DEFPATH); + + strncat(shell, theshell, sizeof(shell)-7); diff --git a/SOURCES/rexec.pam b/SOURCES/rexec.pam new file mode 100644 index 00000000..92d61f67 --- /dev/null +++ b/SOURCES/rexec.pam @@ -0,0 +1,11 @@ +#%PAM-1.0 +# For root login to succeed here with pam_securetty, "rexec" must be +# listed in /etc/securetty. +auth required pam_nologin.so +auth required pam_securetty.so +auth required pam_env.so +auth include password-auth +account include password-auth +session optional pam_keyinit.so force revoke +session required pam_loginuid.so +session include password-auth diff --git a/SOURCES/rexec.socket b/SOURCES/rexec.socket new file mode 100644 index 00000000..2ea67b1f --- /dev/null +++ b/SOURCES/rexec.socket @@ -0,0 +1,9 @@ +[Unit] +Description=Remote Execution Facilities Activation Socket + +[Socket] +ListenStream=512 +Accept=true + +[Install] +WantedBy=sockets.target diff --git a/SOURCES/rexec@.service b/SOURCES/rexec@.service new file mode 100644 index 00000000..b5beb5af --- /dev/null +++ b/SOURCES/rexec@.service @@ -0,0 +1,8 @@ +[Unit] +Description=Remote Execution Facilities Server +After=local-fs.target + +[Service] +ExecStart=-/usr/sbin/in.rexecd +StandardInput=socket +IgnoreSIGPIPE=no diff --git a/SOURCES/rlogin.pam b/SOURCES/rlogin.pam new file mode 100644 index 00000000..15d3254b --- /dev/null +++ b/SOURCES/rlogin.pam @@ -0,0 +1,13 @@ +#%PAM-1.0 +# For root login to succeed here with pam_securetty, "rlogin" must be +# listed in /etc/securetty. +auth required pam_nologin.so +auth required pam_securetty.so +auth required pam_env.so +auth sufficient pam_rhosts.so +auth include password-auth +account include password-auth +password include password-auth +session optional pam_keyinit.so force revoke +session required pam_loginuid.so +session include password-auth diff --git a/SOURCES/rlogin.socket b/SOURCES/rlogin.socket new file mode 100644 index 00000000..1b20f795 --- /dev/null +++ b/SOURCES/rlogin.socket @@ -0,0 +1,10 @@ +[Unit] +Description=Remote Login Facilities Activation Socket +IgnoreOnIsolate=true + +[Socket] +ListenStream=513 +Accept=true + +[Install] +WantedBy=sockets.target diff --git a/SOURCES/rlogin@.service b/SOURCES/rlogin@.service new file mode 100644 index 00000000..9d683304 --- /dev/null +++ b/SOURCES/rlogin@.service @@ -0,0 +1,9 @@ +[Unit] +Description=Remote Login Facilities Server +After=local-fs.target +IgnoreOnIsolate=true + +[Service] +ExecStart=-/usr/sbin/in.rlogind +StandardInput=socket +IgnoreSIGPIPE=no diff --git a/SOURCES/rsh.pam b/SOURCES/rsh.pam new file mode 100644 index 00000000..bfe15fdd --- /dev/null +++ b/SOURCES/rsh.pam @@ -0,0 +1,11 @@ +#%PAM-1.0 +# For root login to succeed here with pam_securetty, "rsh" must be +# listed in /etc/securetty. +auth required pam_nologin.so +auth required pam_securetty.so +auth required pam_env.so +auth required pam_rhosts.so +account include password-auth +session optional pam_keyinit.so force revoke +session required pam_loginuid.so +session include password-auth diff --git a/SOURCES/rsh.socket b/SOURCES/rsh.socket new file mode 100644 index 00000000..4d44b99e --- /dev/null +++ b/SOURCES/rsh.socket @@ -0,0 +1,9 @@ +[Unit] +Description=Remote Shell Facilities Activation Socket + +[Socket] +ListenStream=514 +Accept=true + +[Install] +WantedBy=sockets.target diff --git a/SOURCES/rsh@.service b/SOURCES/rsh@.service new file mode 100644 index 00000000..0f0bff37 --- /dev/null +++ b/SOURCES/rsh@.service @@ -0,0 +1,8 @@ +[Unit] +Description=Remote Shell Facilities Server +After=local-fs.target + +[Service] +ExecStart=-/usr/sbin/in.rshd +StandardInput=socket +IgnoreSIGPIPE=no diff --git a/SPECS/rsh.spec b/SPECS/rsh.spec new file mode 100644 index 00000000..d0fbd15e --- /dev/null +++ b/SPECS/rsh.spec @@ -0,0 +1,660 @@ +%global _hardened_build 1 + +Summary: Clients for remote access commands (rsh, rlogin, rcp) +Name: rsh +Version: 0.17 +Release: 79%{?dist} +License: BSD +Group: Applications/Internet + +BuildRequires: perl, ncurses-devel, pam-devel, audit-libs-devel, systemd + +URL: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit +Source0: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-rsh-%{version}.tar.gz +Source1: rexec.pam +Source2: rlogin.pam +Source3: rsh.pam +# Source is no longer publicly available. +Source4: rexec-1.5.tar.gz +Source5: rsh@.service +Source6: rsh.socket +Source7: rlogin@.service +Source8: rlogin.socket +Source9: rexec@.service +Source10: rexec.socket + +Patch1: netkit-rsh-0.17-sectty.patch +# Make rexec installation process working +Patch2: netkit-rsh-0.17-rexec.patch +Patch3: netkit-rsh-0.10-stdarg.patch +# Improve installation process +Patch4: netkit-rsh-0.16-jbj.patch +# Link rshd against libpam +Patch8: netkit-rsh-0.16-jbj4.patch +Patch9: netkit-rsh-0.16-prompt.patch +Patch10: netkit-rsh-0.16-rlogin=rsh.patch +# Improve documentation +Patch11: netkit-rsh-0.16-nokrb.patch +# Remove spurious double-reporting of errors +Patch12: netkit-rsh-0.17-pre20000412-jbj5.patch +# RH #42880 +Patch13: netkit-rsh-0.17-userandhost.patch +# Don't strip binaries during installation +Patch14: netkit-rsh-0.17-strip.patch +# RH #67362 +Patch15: netkit-rsh-0.17-lfs.patch +# RH #57392 +Patch16: netkit-rsh-0.17-chdir.patch +# RH #63806 +Patch17: netkit-rsh-0.17-pam-nologin.patch +# RH #135643 +Patch19: netkit-rsh-0.17-rexec-netrc.patch +# RH #68590 +Patch20: netkit-rsh-0.17-pam-sess.patch +# RH #67361 +Patch21: netkit-rsh-0.17-errno.patch +# RH #118630 +Patch22: netkit-rsh-0.17-rexec-sig.patch +# RH #135827 +Patch23: netkit-rsh-0.17-nohost.patch +# RH #122315 +Patch24: netkit-rsh-0.17-ignchld.patch +# RH #146464 +Patch25: netkit-rsh-0.17-checkdir.patch +Patch26: netkit-rsh-0.17-pam-conv.patch +# RH #174045 +Patch27: netkit-rsh-0.17-rcp-largefile.patch +# RH #174146 +Patch28: netkit-rsh-0.17-pam-rhost.patch +# RH #178916 +Patch29: netkit-rsh-0.17-rlogin-linefeed.patch +Patch30: netkit-rsh-0.17-ipv6.patch +Patch31: netkit-rsh-0.17-pam_env.patch +Patch33: netkit-rsh-0.17-dns.patch +Patch34: netkit-rsh-0.17-nohostcheck-compat.patch +# RH #448904 +Patch35: netkit-rsh-0.17-audit.patch +Patch36: netkit-rsh-0.17-longname.patch +# RH #440867 +Patch37: netkit-rsh-0.17-arg_max.patch +Patch38: netkit-rsh-0.17-rh448904.patch +Patch39: netkit-rsh-0.17-rh461903.patch +Patch40: netkit-rsh-0.17-rh473492.patch +Patch41: netkit-rsh-0.17-rh650119.patch +Patch42: netkit-rsh-0.17-rh710987.patch +Patch43: netkit-rsh-0.17-rh784467.patch +Patch44: netkit-rsh-0.17-rh896583.patch +Patch45: netkit-rsh-0.17-rh947213.patch +Patch46: 0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch +Patch47: 0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch +Patch48: netkit-rsh-0.17-ipv6-rexec.patch +Patch49: 0001-rshd-use-upper-bound-for-cmdbuflen.patch +Patch50: 0001-rcp-don-t-advance-pointer-returned-from-rcp_basename.patch +Patch51: netkit-rsh-0.17-pam-warning.patch +Patch52: netkit-rsh-0.17-rexec-cmdbuflen.patch +Patch53: netkit-rsh-0.17-remote-close.patch + +%description +The rsh package contains a set of programs which allow users to run +commands on remote machines, login to other machines and copy files +between machines (rsh, rlogin and rcp). All three of these commands +use rhosts style authentication. This package contains the clients +needed for all of these services. +The rsh package should be installed to enable remote access to other +machines + +%package server +Summary: Servers for remote access commands (rsh, rlogin, rcp) +Group: System Environment/Daemons +Requires: pam, /etc/pam.d/system-auth +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description server +The rsh-server package contains a set of programs which allow users +to run commands on remote machines, login to other machines and copy +files between machines (rsh, rlogin and rcp). All three of these +commands use rhosts style authentication. This package contains the +servers needed for all of these services. It also contains a server +for rexec, an alternate method of executing remote commands. +All of these servers are run by systemd and configured using +systemd units and PAM. + +The rsh-server package should be installed to enable remote access +from other machines + +%prep +%setup -q -n netkit-rsh-%{version} -a 4 +%patch1 -p1 -b .sectty +%patch2 -p1 -b .rexec +%patch3 -p1 -b .stdarg +%patch4 -p1 -b .jbj +%patch8 -p1 -b .jbj4 +%patch9 -p1 -b .prompt +%patch10 -p1 -b .rsh +%patch11 -p1 -b .rsh.nokrb +%patch12 -p1 -b .jbj5 +%patch13 -p1 -b .userandhost +%patch14 -p1 -b .strip +%patch15 -p1 -b .lfs +%patch16 -p1 -b .chdir +%patch17 -p1 -b .pam-nologin +%patch19 -p1 -b .rexec-netrc +%patch20 -p1 -b .pam-sess +%patch21 -p1 -b .errno +%patch22 -p1 -b .rexec-sig +%patch23 -p1 -b .nohost +%patch24 -p1 -b .ignchld +%patch25 -p1 -b .checkdir +%patch26 -p1 -b .pam-conv +%patch27 -p1 -b .largefile +%patch28 -p1 -b .pam-rhost +%patch29 -p1 -b .linefeed +%patch30 -p1 -b .ipv6 +%patch31 -p1 -b .pam_env +%patch33 -p1 -b .dns +%patch34 -p1 -b .compat +%patch35 -p1 -b .audit +%patch36 -p1 -b .longname +%patch37 -p1 -b .arg_max +%patch38 -p1 -b .rh448904 +%patch39 -p1 -b .rh461903 +%patch40 -p1 -b .rh473492 +%patch41 -p1 -b .rh650119 +%patch42 -p1 -b .rh710987 +%patch43 -p1 -b .rh784467 +%patch44 -b .rh896583 +%patch45 -p1 -b .rh947213 +%patch46 -p1 +%patch47 -p1 +%patch48 -p1 -b .ipv6-rexec +%patch49 -p1 -b .cmdbuflen +%patch50 -p1 -b .basename +%patch51 -p1 -b .pam-warning +%patch52 -p1 -b .rexec-cmdbuflen +%patch53 -p1 -b .remote-close + +# No, I don't know what this is doing in the tarball. +rm -f rexec/rexec + +%build +sh configure --with-c-compiler=gcc +export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +%ifarch s390 s390x +%{__perl} -pi -e ' + s,^CC=.*$,CC=cc,; + s,-O2,\$(RPM_OPT_FLAGS) -fPIC -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE,; + s,^LDFLAGS=,LDFLAGS=-z now -pie,; + s,^BINDIR=.*$,BINDIR=%{_bindir},; + s,^MANDIR=.*$,MANDIR=%{_mandir},; + s,^SBINDIR=.*$,SBINDIR=%{_sbindir},; + ' MCONFIG +%else +%{__perl} -pi -e ' + s,^CC=.*$,CC=cc,; + s,-O2,\$(RPM_OPT_FLAGS) -fpic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE,; + s,^LDFLAGS=,LDFLAGS=-z now -pie,; + s,^BINDIR=.*$,BINDIR=%{_bindir},; + s,^MANDIR=.*$,MANDIR=%{_mandir},; + s,^SBINDIR=.*$,SBINDIR=%{_sbindir},; + ' MCONFIG +%endif +make %{?_smp_mflags} + +%install +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}%{_mandir}/man{1,5,8} +mkdir -p %{buildroot}%{_sysconfdir}/pam.d + +make INSTALLROOT=%{buildroot} BINDIR=%{_bindir} MANDIR=%{_mandir} install + +install -m 644 %SOURCE1 %{buildroot}%{_sysconfdir}/pam.d/rexec +install -m 644 %SOURCE2 %{buildroot}%{_sysconfdir}/pam.d/rlogin +install -m 644 %SOURCE3 %{buildroot}%{_sysconfdir}/pam.d/rsh + +mkdir -p %{buildroot}%{_unitdir} +install -m644 %SOURCE5 %{buildroot}%{_unitdir}/rsh@.service +install -m644 %SOURCE6 %{buildroot}%{_unitdir}/rsh.socket +install -m644 %SOURCE7 %{buildroot}%{_unitdir}/rlogin@.service +install -m644 %SOURCE8 %{buildroot}%{_unitdir}/rlogin.socket +install -m644 %SOURCE9 %{buildroot}%{_unitdir}/rexec@.service +install -m644 %SOURCE10 %{buildroot}%{_unitdir}/rexec.socket + +%post server +%systemd_post rsh.socket +%systemd_post rlogin.socket +%systemd_post rexec.socket + +%preun server +%systemd_preun rsh.socket +%systemd_preun rlogin.socket +%systemd_preun rexec.socket + +%postun server +%systemd_postun_with_restart rsh.socket +%systemd_postun_with_restart rlogin.socket +%systemd_postun_with_restart rexec.socket + +%files +%defattr(-,root,root,-) +%doc README BUGS +%attr(0755,root,root) %caps(cap_net_bind_service=pe) %{_bindir}/rcp +%{_bindir}/rexec +%attr(0755,root,root) %caps(cap_net_bind_service=pe) %{_bindir}/rlogin +%attr(0755,root,root) %caps(cap_net_bind_service=pe) %{_bindir}/rsh +%{_mandir}/man1/*.1* + +%files server +%defattr(-,root,root,-) +%config(noreplace) %{_sysconfdir}/pam.d/rsh +%config(noreplace) %{_sysconfdir}/pam.d/rlogin +%config(noreplace) %{_sysconfdir}/pam.d/rexec +%{_sbindir}/in.rexecd +%{_sbindir}/in.rlogind +%{_sbindir}/in.rshd +%{_unitdir}/* +%{_mandir}/man8/*.8* + +%changelog +* Sat Apr 28 2018 Michal Ruprich - 0.17-79 +- Related: #1477207 - service and socket file directives should be under [Unit] + +* Wed Apr 18 2018 Michal Ruprich - 0.17-78 +- Resolves: #1502657 - Copying remote file to local dir fails with "rcp: protocol screwup: expected control record" +- Resolves: #1338037 - rsh/rlogin sessions ignore SIGPIPE due to systemd +- Resolves: #1477207 - rlogin killed when changing run level +- Resolves: #1503112 - rexecd Could not allocate space for cmdbuf +- Resolves: #1505226 - have a proposed patch for rsh-0.17-76.el7_1.1 + +* Thu Mar 26 2015 Michal Sekletar - 0.17-77 +- don't truncate first character of dirname when doing recursive copy (#1129483) + +* Mon Aug 18 2014 Michal Sekletar - 0.17-76 +- disable strict aliasing optimizations (#1095306) +- use upper bound for cmdbuflen (#1093749) + +* Fri Jan 24 2014 Daniel Mach - 0.17-75 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.17-74 +- Mass rebuild 2013-12-27 + +* Mon Jul 15 2013 Michal Sekletar - 0.17-73 +- add IPv6 support to rexec and rexecd +- enable hardened build +- fix dates in changelog + +* Wed Jun 26 2013 Michal Sekletar - 0.17-72 +- unit files must not be marked as config files +- fix handling of non-native IPv6 connections via AF_INET6 socket + +* Thu Apr 11 2013 Michal Sekletar - 0.17-71 +- resolves: RHBZ #737244 #896583 #947213 +- migrate from xinetd to systemd configuration +- close pam session correctly when client does not ask for separate error channel +- fix pty handling which was broken by changes in /bin/login + +* Thu Feb 14 2013 Fedora Release Engineering - 0.17-70 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Jul 21 2012 Fedora Release Engineering - 0.17-69 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jan 31 2012 Adam Tkac - 0.17-68 +- rcp: handle copying of directories with ending slash well (#784467) + +* Sat Jan 14 2012 Fedora Release Engineering - 0.17-67 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Oct 26 2011 Adam Tkac - 0.17-66 +- remove unneeded setpwent/endpwent calls + +* Wed Feb 09 2011 Fedora Release Engineering - 0.17-65 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Nov 08 2010 Adam Tkac - 0.17-64 +- fix typo in rexec.c (#650119) + +* Mon Nov 08 2010 Adam Tkac - 0.17-63 +- use filesystem-based capabilities instead of SUID (#646489) + +* Tue Jan 5 2010 Jan Gorig - 0.17-62 +- add check for return values (#473492) + +* Thu Dec 17 2009 Adam Tkac - 0.17-61 +- include README and BUGS files as documentation (#226379) + +* Tue Dec 15 2009 Adam Tkac - 0.17-60 +- more merge review related fixes (#226379) + +* Mon Nov 30 2009 Adam Tkac - 0.17-59 +- merge review related fixes (#226379) +- remove unused patches + - netkit-rsh-0.16-pamfix.patch + - netkit-rsh-0.16-jbj2.patch + - netkit-rsh-0.16-jbj3.patch + +* Wed Sep 16 2009 Tomas Mraz - 0.17-58 +- use password-auth common PAM configuration instead of system-auth + +* Fri Aug 21 2009 Tomas Mraz - 0.17-57 +- rebuilt with new audit + +* Tue Aug 11 2009 Adam Tkac 0.17-56 +- remove URL from rexec source, it is no longer publicly available + +* Sun Jul 26 2009 Fedora Release Engineering - 0.17-55 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Mar 30 2009 Adam Tkac 0.17-54 +- improve pam_env patch + +* Thu Mar 26 2009 Adam Tkac 0.17-53 +- check return value from close to catch errors on NFS filesystems (#461903) + +* Wed Feb 25 2009 Fedora Release Engineering - 0.17-52 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Oct 03 2008 Adam Tkac 0.17-51 +- updated ipv6 patch due rpm 4.6 (#465053) +- make in.rshd working on kernels without audit support (#448904) + +* Fri May 09 2008 Adam Tkac 0.17-50 +- fixed typos in arg_max and audit patches (#445606) +- use pam_rhosts, not pam_rhosts_auth (#445606) + +* Mon Apr 14 2008 Adam Tkac 0.17-49 +- use sysconf for ARG_MAX value (#440867) + +* Thu Mar 27 2008 Adam Tkac 0.17-48 +- in.rexecd username limit was 14 characters, not 16 + +* Tue Mar 25 2008 Adam Tkac 0.17-47 +- fixed NULL pointer dereference (#437815) +- cleanup in audit patch + +* Thu Feb 14 2008 Adam Tkac 0.17-46 +- rebuild with gcc4.3 +- build with -D_GNU_SOURCE + +* Sat Oct 20 2007 Steve Grubb 0.17-45 +- update for audit + +* Tue Oct 16 2007 Adam Tkac 0.17-44 +- added -D option for compatibility with F8 test releases +- fixed rsh-server description + +* Thu Sep 27 2007 Adam Tkac 0.17-43 +- removed -D option from rshd and rlogind (we have -a option when + we need force reverse DNS lookup) +- patches netkit-rsh-0.17-nodns.patch and netkit-rsh-0.17-nohostcheck.patch + are substituted by netkit-rsh-0.17-dns.patch + +* Wed Aug 22 2007 Adam Tkac 0.17-42 +- rebuild (BuildID feature) + +* Thu Jul 26 2007 Adam Tkac 0.17-41 +- improved nodns patch (in.rshd also has -D option now) + +* Tue Apr 10 2007 Adam Tkac 0.17-40 +- improved -D option to rlogind - when name won't be resolved rlogind uses IP address +- added smp_mflags to make + +* Mon Jan 22 2007 Adam Tkac 0.17-39 +- rebased on ncurses instead of libtermcap + +* Tue Dec 05 2006 Adam Tkac 0.17-38 +- rsh now load pan_env module correctly + +* Tue Oct 24 2006 Adam Tkac 0.17-37 +- added xinetd dependency to rsh-server + +* Wed Oct 4 2006 Karel Zak 0.17-36 +- fix #209277 - rsh-server not linked to PAM (missing BuildRequires) + +* Mon Jul 17 2006 Karel Zak 0.17-35 +- added support for IPv6 (patch by Jan Pazdziora) +- fix #198632 - add keyinit instructions to the rsh, rlogin and rexec PAM scripts + (patch by David Howells) +- fix #191390 - improve linefeed patch + +* Wed Jul 12 2006 Jesse Keating - 0.17-34.2 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 0.17-34.1 +- bump again for double-long bug on ppc(64) + +* Thu Feb 9 2006 Karel Zak 0.17-34 +- fix #178916 - Line feeds when password needs changing with rlogin + +* Tue Feb 07 2006 Jesse Keating 0.17-33.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating 0.17-33.1 +- rebuilt + +* Mon Nov 28 2005 Karel Zak 0.17-33 +- fix #174146 - pam_access.so does not work with rexecd + +* Thu Nov 24 2005 Karel Zak 0.17-32 +- fix #174045 - rcp outputs negative file size when over 2GB + +* Thu Oct 13 2005 Karel Zak 0.17-31 +- rewrite rexecd PAM_conversation() + +* Thu Oct 13 2005 Karel Zak 0.17-30 +- replace pam_stack with "include" + +* Sat Mar 5 2005 Karel Zak 0.17-29 +- rebuilt + +* Thu Feb 3 2005 Karel Zak 0.17-28 +- malicious rcp server can cause rcp to write to arbitrary files (like scp CAN-2004-0175) (#146464) + +* Mon Dec 6 2004 Karel Zak 0.17-27 +- removed BSD stuff "signal(SIGCHLD, SIG_IGN)". It's unsupported by POSIX/linux. (#122315) + +* Sat Dec 4 2004 Karel Zak 0.17-26 +- "-D" option turns off reverse DNS in rexecd (#135827) + +* Wed Nov 17 2004 Karel Zak 0.17-25 +- rexecd uses PAM session now (#68590) +- fixed errno usage in rcp (#67361) +- fixed rexec fails with "Invalid Argument" (#118630) + +* Mon Oct 18 2004 Radek Vokal 0.17-24 +- The username and password for ~/.netrc are used (#135643) + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Wed May 12 2004 Phil Knirsch 0.17-22 +- Added all other tools to list of PIE enabled apps. + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Thu Feb 5 2004 Thomas Woerner 0.17-20 +- in.rexecd, in.rlogind and in.rshd are pie, now + +* Tue Oct 21 2003 Phil Knirsch 0.17-19 +- Included updated patch from #105733. + +* Thu Oct 02 2003 Phil Knirsch 0.17-18 +- Fixed YAT (#79391). +- Included feature request #105733 (-D option). + +* Fri Jun 27 2003 Phil Knirsch 0.17-17.1 +- rebuilt + +* Thu Jun 26 2003 Phil Knirsch 0.17-17 +- Included chdir patch (#57392). +- Included pam-nologin patch (#63806). + +* Tue Jun 17 2003 Phil Knirsch 0.17-16 +- rebuilt + +* Wed Jun 04 2003 Elliot Lee 0.17-15 +- rebuilt + +* Tue May 06 2003 Phil Knirsch +- Fixed manpages (#7168). + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Fri Jan 17 2003 Phil Knirsch 0.17-13 +- Added LFS support (#67362). +- Fixed user and host patch (#80822). + +* Tue Jan 14 2003 Phil Knirsch 0.17-12 +- Fixed bug #79391 (typo in description). + +* Mon Nov 11 2002 Nalin Dahyabhai 0.17-11 +- remove directory names from PAM configuration files, allowing them to be used + for all arches on multilib systems + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Wed Jun 19 2002 Phil Knirsch 0.17-9 +- Don't forcibly strip binaries + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Wed Jan 30 2002 Phil Knirsch +- Bumped version for rebuild +- Added the remote user and host addition (RFE #42880) + +* Tue Jul 24 2001 Phil Knirsch +- Fixed really missing BuildPrereq: libtermcap-devel (#49577) +- Fixed security problem with rexec.pam (#49181) + +* Fri Jun 22 2001 Phil Knirsch +- Update to latest stable version 0.17 +- Removed unneeded glib22 patch + +* Mon Apr 30 2001 Nalin Dahyabhai +- tag xinetd config files as config files + +* Wed Apr 4 2001 Jakub Jelinek +- don't let configure to guess compiler, it can pick up egcs + +* Mon Feb 5 2001 Nalin Dahyabhai +- securetty is screwy because rsh doesn't allocate one and rlogin does auth + before it has a tty, so change the hard-coded TTYs used from "tty" for all + to "rsh" or "rlogin" or "rexec" + +* Tue Oct 10 2000 Nalin Dahyabhai +- fix PAM config files to always honor nologin and securetty, to use rhosts, + and to fall back to password auth only for rlogin and rexec (#17183) +- add references to pam_env to the PAM configs as well (#16170) +- disable rlogin and rsh by default + +* Mon Oct 02 2000 Nalin Dahyabhai +- fix typo in the rexec xinetd configuration file (#18107) + +* Fri Jul 21 2000 Nalin Dahyabhai +- fix typo in the rlogin PAM config file +- continue the tradition of messed-up release numbers + +* Tue Jul 18 2000 Bill Nottingham +- add description & default to xinetd file + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Sun Jun 18 2000 Jeff Johnson +- FHS packaging. +- update to 0.17. + +* Thu Jun 1 2000 Nalin Dahyabhai +- modify PAM setup to use system-auth + +* Mon May 29 2000 Nalin Dahyabhai +- expunge all mentions of kerberos authentication or DES encryption using + kerberos from the man pages + +* Thu May 25 2000 Trond Eivind Glomsrod +- switched to xinetd + +* Tue Mar 7 2000 Jeff Johnson +- rebuild for sparc baud rates > 38400. + +* Sat Mar 04 2000 Nalin Dahyabhai +- make rlogin still work correctly when argv[0] = "rsh" + +* Mon Feb 28 2000 Jeff Johnson +- workaround (by explicitly prompting for password) #4328 and #9715. + +* Wed Feb 9 2000 Jeff Johnson +- mark pam config files as %%config. + +* Fri Feb 4 2000 Bill Nottingham +- handle compressed manpages + +* Wed Feb 02 2000 Cristian Gafton +- fix description + +* Sun Jan 30 2000 Bill Nottingham +- remove bogus rexec binary when building; it causes weirdness + +* Fri Jan 28 2000 Jeff Johnson +- Make sure that rshd is compiled with -DUSE_PAM. + +* Mon Jan 10 2000 Jeff Johnson +- Fix bug in rshd (hangs forever with zombie offspring) (#8313). + +* Wed Jan 5 2000 Jeff Johnson +- fix the PAM fix yet again (#8133). + +* Tue Jan 4 2000 Bill Nottingham +- split client and server + +* Tue Dec 21 1999 Jeff Johnson +- update to 0.16. +- dup setuid bits into files list. + +* Fri Jul 30 1999 Jeff Johnson +- update to rexec-1.5 client (#4262) + +* Wed May 19 1999 Jeff Johnson +- fix broken rexec protocol in in.rexecd (#2318). + +* Tue May 4 1999 Justin Vallon +- rcp with error was tricked by stdarg side effect (#2300) + +* Thu Apr 15 1999 Michael K. Johnson +- rlogin pam file was missing comment magic + +* Tue Apr 06 1999 Preston Brown +- strip rexec + +* Fri Mar 26 1999 Jeff Johnson +- rexec needs pam_set_item() (#60). +- clarify protocol in rexecd.8. +- add rexec client from contrib. + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 22) + +* Mon Mar 15 1999 Jeff Johnson +- compile for 6.0. + +* Fri Apr 24 1998 Prospector System +- translations modified for de, fr, tr + +* Tue Apr 14 1998 Erik Troan +- built against new ncurses + +* Sun Apr 5 1998 Marcelo F. Vianna +- Packaged for RH5.0 (Hurricane) + +* Tue Oct 14 1997 Michael K. Johnson +- new pam conventions + +* Tue Jul 15 1997 Erik Troan +- initial build