powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity

rsh package update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 2018-11-27 14:39:35 +01:00
parent b758f5b5ff
commit 0772d05c3d
58 changed files with 3684 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SOURCES/0001-rcp-don-t-advance-pointer-returned-from-rcp_basename.patch Normal file
View File

@ -0,0 +1,45 @@
From b86a7a6af20330dbf87264da768a9d317e210dbb Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 26 Mar 2015 14:10:51 +0100
Subject: [PATCH] rcp: don't advance pointer returned from rcp_basename

---
rcp/rcp.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

diff -up netkit-rsh-0.17/rcp/rcp.c.basename netkit-rsh-0.17/rcp/rcp.c
--- netkit-rsh-0.17/rcp/rcp.c.basename 2015-03-26 14:19:25.771159388 +0100
+++ netkit-rsh-0.17/rcp/rcp.c 2015-03-26 14:28:23.233938529 +0100
@@ -98,6 +98,7 @@ static void usage(void);
static void toremote(const char *targ, int argc, char *argv[]);
static void tolocal(int argc, char *argv[]);
static void error(const char *fmt, ...);
+static char *rcp_basename(char *path);
int
main(int argc, char *argv[])
@@ -464,11 +465,11 @@ notreg: (void)close(f);
error("rcp: %s: not a plain file\n", name);
continue;
}
- last = strrchr(name, '/');
+
+ last = rcp_basename(name);
if (last == 0)
last = name;
- else
- last++;
+
if (pflag) {
/*
* Make it compatible with possible future
@@ -556,8 +557,7 @@ rsource(char *name, struct stat *statp)
last = rcp_basename(name);
if (last == 0)
last = name;
- else
- last++;
+
if (pflag) {
(void)snprintf(path, sizeof(path),
"T%ld 0 %ld 0\n", statp->st_mtime, statp->st_atime);

50
SOURCES/0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch Normal file
View File

@ -0,0 +1,50 @@
From dfc2da58520df75fc1a2506ebc4142085ed2ba1c Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 14 Jun 2013 15:38:02 +0200
Subject: [PATCH 1/2] rshd: use sockaddr_in for non-native IPv6 clients

When client has IPv4 address but connection was made via AF_INET6
socket, then convert socket structure representing client back
to sockaddr_in so we don't confuse pam_rhosts authentication with
IPv4-mapped IPv6 address.
---
rshd/rshd.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)

diff --git a/rshd/rshd.c b/rshd/rshd.c
index d1ea0e9..e8cdfe2 100644
--- a/rshd/rshd.c
+++ b/rshd/rshd.c
@@ -644,6 +644,29 @@ static void network_init(int fd,
syslog(LOG_ERR, "getpeername: %m");
_exit(1);
}
+
+ if (((struct sockaddr_in *) fromp)->sin_family == AF_INET6 &&
+ IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) fromp)->sin6_addr)) {
+
+ struct addrinfo *res, hints = {};
+ char client_addr[INET6_ADDRSTRLEN] = {};
+ char client_port[6] = {};
+
+ inet_ntop(AF_INET6, &((struct sockaddr_in6 *) fromp)->sin6_addr,
+ client_addr, sizeof(client_addr));
+
+ sprintf(client_port, "%d", ntohs(((struct sockaddr_in6 *) fromp)->sin6_port));
+
+ hints.ai_family = AF_INET;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
+
+ getaddrinfo(client_addr, client_port, &hints, &res);
+
+ memcpy(fromp, res->ai_addr, sizeof(struct sockaddr_in6));
+ freeaddrinfo(res);
+ }
+
if (keepalive &&
setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
sizeof(on)) < 0)
--
1.8.1.4

30
SOURCES/0001-rshd-use-upper-bound-for-cmdbuflen.patch Normal file
View File

@ -0,0 +1,30 @@
From 4f543ec56d023905ec22e4b6325f834bce4a624a Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@redhat.com>
Date: Mon, 5 May 2014 12:01:41 +0200
Subject: [PATCH] rshd: use upper bound for cmdbuflen

---
rshd/rshd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/rshd/rshd.c b/rshd/rshd.c
index 66c5703..487c969 100644
--- a/rshd/rshd.c
+++ b/rshd/rshd.c
@@ -430,7 +430,12 @@ doit(struct sockaddr_storage *fromp, socklen_t fromlen)
exit (1);
}
- cmdbuf = malloc (++cmdbuflen);
+ cmdbuflen++;
+ /* Decrease cmdbuflen to reasonable number if it's too high */
+ if ((size_t) cmdbuflen > 131072)
+ cmdbuflen = 131072;
+
+ cmdbuf = malloc (cmdbuflen);
if (cmdbuf == NULL) {
syslog (LOG_ERR, "Could not allocate space for cmdbuf");
exit (1);
--
1.8.3.1

45
SOURCES/0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch Normal file
View File

@ -0,0 +1,45 @@
From 6e0abc319fa8d1f17c4cd1bfa633b9aa10ef5370 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 14 Jun 2013 16:34:58 +0200
Subject: [PATCH 2/2] rlogind: use sockaddr_in for non-native IPv6 client

---
rlogind/network.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)

diff --git a/rlogind/network.c b/rlogind/network.c
index 8c2a975..db272fd 100644
--- a/rlogind/network.c
+++ b/rlogind/network.c
@@ -204,6 +204,28 @@ network_init(int f, int *hostokp)
#endif
fromp = &from;
+ if (((struct sockaddr_in *) fromp)->sin_family == AF_INET6 &&
+ IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) fromp)->sin6_addr)) {
+
+ struct addrinfo *res, hints = {};
+ char client_addr[INET6_ADDRSTRLEN] = {};
+ char client_port[6] = {};
+
+ inet_ntop(AF_INET6, &((struct sockaddr_in6 *) fromp)->sin6_addr,
+ client_addr, sizeof(client_addr));
+
+ sprintf(client_port, "%d", ntohs(((struct sockaddr_in6 *) fromp)->sin6_port));
+
+ hints.ai_family = AF_INET;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
+
+ getaddrinfo(client_addr, client_port, &hints, &res);
+
+ memcpy(fromp, res->ai_addr, sizeof(struct sockaddr_in6));
+ freeaddrinfo(res);
+ }
+
alarm(60);
read(f, &c, 1);
--
1.8.1.4

43
SOURCES/netkit-rsh-0.10-stdarg.patch Normal file
View File

@ -0,0 +1,43 @@
--- netkit-rsh-0.10/rcp/rcp.c 1999-04-18 05:16:49-04 1.1
+++ netkit-rsh-0.10/rcp/rcp.c 1999-04-18 05:40:52-04
@@ -836,19 +836,33 @@
error(const char *fmt, ...)
{
static FILE *fp;
- va_list ap;
-
- va_start(ap, fmt);
+ char buf[1000];
++errs;
if (!fp && !(fp = fdopen(rem, "w")))
return;
- fprintf(fp, "%c", 0x01);
- vfprintf(fp, fmt, ap);
+
+ /* (fmt,...) might need to go to two streams.
+ *
+ * In { va_start ; vfprintf ; vfprintf ; va_end }, second
+ * vfprintf didn't restart (ie: vfprintf affects ap) (glibc)
+ *
+ * Is { va_start ; vfprintf ; va_end} * 2 even allowed?
+ *
+ * => Dump (fmt,...) to buffer. */
+
+ {
+ va_list ap;
+ va_start(ap, fmt);
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ buf[sizeof(buf)-1] = 0;
+ va_end(ap);
+ }
+
+ fprintf(fp, "%c%s", 0x01, buf);
fflush(fp);
- if (!iamremote) vfprintf(stderr, fmt, ap);
- va_end(ap);
+ if (!iamremote) fputs(buf, stderr);
}
static void

33
SOURCES/netkit-rsh-0.16-jbj.patch Normal file
View File

@ -0,0 +1,33 @@
--- netkit-rsh-0.16/rcp/Makefile.jbj Tue Dec 21 16:32:51 1999
+++ netkit-rsh-0.16/rcp/Makefile Tue Dec 21 16:33:16 1999
@@ -7,7 +7,7 @@
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
install: rcp
- install -s -o root -m$(SUIDMODE) rcp $(INSTALLROOT)$(BINDIR)
+ install -s rcp $(INSTALLROOT)$(BINDIR)
install -m$(MANMODE) rcp.1 $(INSTALLROOT)$(MANDIR)/man1
clean:
--- netkit-rsh-0.16/rlogin/Makefile.jbj Tue Dec 21 16:33:57 1999
+++ netkit-rsh-0.16/rlogin/Makefile Tue Dec 21 16:34:08 1999
@@ -10,7 +10,7 @@
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
install: $(PROG)
- install -s -o root -m$(SUIDMODE) $(PROG) $(INSTALLROOT)$(BINDIR)
+ install -s $(PROG) $(INSTALLROOT)$(BINDIR)
install -m $(MANMODE) $(PROG).1 $(INSTALLROOT)$(MANDIR)/man1
clean:
--- netkit-rsh-0.16/rsh/Makefile.jbj Tue Dec 21 16:33:28 1999
+++ netkit-rsh-0.16/rsh/Makefile Tue Dec 21 16:33:44 1999
@@ -9,7 +9,7 @@
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
install: rsh
- install -s -o root -m$(SUIDMODE) rsh $(INSTALLROOT)$(BINDIR)
+ install -s rsh $(INSTALLROOT)$(BINDIR)
install -m$(MANMODE) rsh.1 $(INSTALLROOT)$(MANDIR)/man1
clean:

14
SOURCES/netkit-rsh-0.16-jbj4.patch Normal file
View File

@ -0,0 +1,14 @@
--- netkit-rsh-0.16/rshd/Makefile.jbj4 Fri Jan 28 12:17:42 2000
+++ netkit-rsh-0.16/rshd/Makefile Fri Jan 28 12:17:56 2000
@@ -6,9 +6,8 @@
OBJS = rshd.o
ifeq ($(USE_PAM),1)
-# ?
-CFLAGS += # -DUSE_PAM
-LIBS += -ldl # -lpam -lpam_misc
+CFLAGS += -DUSE_PAM
+LIBS += -ldl -lpam -lpam_misc
endif
rshd: $(OBJS)

231
SOURCES/netkit-rsh-0.16-nokrb.patch Normal file
View File

@ -0,0 +1,231 @@
diff -uNr netkit-rsh-0.16/rcp/rcp.1 netkit-rsh-0.16/rcp/rcp.1
--- netkit-rsh-0.16/rcp/rcp.1 Tue Dec 14 07:52:57 1999
+++ netkit-rsh-0.16/rcp/rcp.1 Mon May 29 22:52:34 2000
@@ -41,12 +41,10 @@
.Sh SYNOPSIS
.Nm rcp
.Op Fl px
-.Op Fl k Ar realm
.Ar file1 file2
.Nm rcp
.Op Fl px
.Op Fl r
-.Op Fl k Ar realm
.Ar file ...
.Ar directory
.Sh DESCRIPTION
@@ -79,27 +77,6 @@
modified by the
.Xr umask 2
on the destination host is used.
-.It Fl k
-The
-.Fl k
-option requests
-.Nm rcp
-to obtain tickets
-for the remote host in realm
-.Ar realm
-instead of the remote host's realm as determined by
-.Xr krb_realmofhost 3 .
-.It Fl x
-The
-.Fl x
-option turns on
-.Tn DES
-encryption for all data passed by
-.Nm rcp .
-This may impact response time and
-.Tn CPU
-utilization, but provides
-increased security.
.El
.Pp
If
@@ -134,11 +111,6 @@
.Nm rcp
command appeared in
.Bx 4.2 .
-The version of
-.Nm rcp
-described here
-has been reimplemented with Kerberos in
-.Bx 4.3 Reno .
.Sh BUGS
Doesn't detect all cases where the target of a copy might
be a file in cases where only a directory should be legal.
diff -uNr netkit-rsh-0.16/rlogin/rlogin.1 netkit-rsh-0.16/rlogin/rlogin.1
--- netkit-rsh-0.16/rlogin/rlogin.1 Tue Dec 14 07:52:57 1999
+++ netkit-rsh-0.16/rlogin/rlogin.1 Mon May 29 22:51:42 2000
@@ -42,7 +42,6 @@
.Ar rlogin
.Op Fl 8EKLdx
.Op Fl e Ar char
-.Op Fl k Ar realm
.Op Fl l Ar username
.Ar host
.Sh DESCRIPTION
@@ -50,9 +49,7 @@
starts a terminal session on a remote host
.Ar host .
.Pp
-.Nm Rlogin
-first attempts to use the Kerberos authorization mechanism, described below.
-If the remote host does not supporting Kerberos the standard Berkeley
+The standard Berkeley
.Pa rhosts
authorization mechanism is used.
The options are as follows:
@@ -71,10 +68,6 @@
When used with the
.Fl 8
option, this provides a completely transparent connection.
-.It Fl K
-The
-.Fl K
-option turns off all Kerberos authentication.
.It Fl L
The
.Fl L
@@ -94,25 +87,6 @@
``~'' by default.
This specification may be as a literal character, or as an octal
value in the form \ennn.
-.It Fl k
-The
-.FL k
-option requests rlogin to obtain tickets for the remote host
-in realm
-.Ar realm
-instead of the remote host's realm as determined by
-.Xr krb_realmofhost 3 .
-.It Fl x
-The
-.Fl x
-option turns on
-.Tn DES
-encryption for all data passed via the
-rlogin session.
-This may impact response time and
-.Tn CPU
-utilization, but provides
-increased security.
.El
.Pp
A line of the form ``<escape char>.'' disconnects from the remote host.
@@ -129,35 +103,6 @@
is transparent.
Flow control via ^S/^Q and flushing of input and output on interrupts
are handled properly.
-.Sh KERBEROS AUTHENTICATION
-Each user may have a private authorization list in the file
-.Pa .klogin
-in their home directory.
-Each line in this file should contain a Kerberos principal name of the
-form
-.Ar principal.instance@realm .
-If the originating user is authenticated to one of the principals named
-in
-.Pa .klogin ,
-access is granted to the account.
-The principal
-.Ar accountname.@localrealm
-is granted access if
-there is no
-.Pa .klogin
-file.
-Otherwise a login and password will be prompted for on the remote machine
-as in
-.Xr login 1 .
-To avoid certain security problems, the
-.Pa .klogin
-file must be owned by
-the remote user.
-.Pp
-If Kerberos authentication fails, a warning message is printed and the
-standard Berkeley
-.Nm rlogin
-is used instead.
.Sh ENVIRONMENT
The following environment variable is utilized by
.Nm rlogin :
@@ -167,9 +112,6 @@
.El
.Sh SEE ALSO
.Xr rsh 1 ,
-.Xr kerberos 3 ,
-.Xr krb_sendauth 3 ,
-.Xr krb_realmofhost 3
.Sh HISTORY
The
.Nm rlogin
diff -uNr netkit-rsh-0.16/rsh/rsh.1 netkit-rsh-0.16/rsh/rsh.1
--- netkit-rsh-0.16/rsh/rsh.1 Tue Dec 14 07:52:58 1999
+++ netkit-rsh-0.16/rsh/rsh.1 Mon May 29 22:51:29 2000
@@ -41,7 +41,6 @@
.Sh SYNOPSIS
.Nm rsh
.Op Fl Kdnx
-.Op Fl k Ar realm
.Op Fl l Ar username
.Ar host
.Op command
@@ -62,10 +61,6 @@
normally terminates when the remote command does.
The options are as follows:
.Bl -tag -width flag
-.It Fl K
-The
-.Fl K
-option turns off all Kerberos authentication.
.It Fl d
The
.Fl d
@@ -74,23 +69,11 @@
on the
.Tn TCP
sockets used for communication with the remote host.
-.It Fl k
-The
-.Fl k
-option causes
-.Nm rsh
-to obtain tickets for the remote host in
-.Ar realm
-instead of the remote host's realm as determined by
-.Xr krb_realmofhost 3 .
.It Fl l
By default, the remote username is the same as the local username.
The
.Fl l
option allows the remote name to be specified.
-Kerberos authentication is used, and authorization is determined
-as in
-.Xr rlogin 1 .
.It Fl n
The
.Fl n
@@ -99,13 +82,6 @@
(see the
.Sx BUGS
section of this manual page).
-.It Fl x
-The
-.Fl x
-option turns on
-.Tn DES
-encryption for all data exchange.
-This may introduce a significant delay in response time.
.El
.Pp
If no
@@ -142,9 +118,6 @@
.El
.Sh SEE ALSO
.Xr rlogin 1 ,
-.Xr kerberos 3 ,
-.Xr krb_sendauth 3 ,
-.Xr krb_realmofhost 3
.Sh HISTORY
The
.Nm rsh

37
SOURCES/netkit-rsh-0.16-prompt.patch Normal file
View File

@ -0,0 +1,37 @@
--- netkit-rsh-0.16/rexec/rexec.c.prompt Mon Feb 28 16:23:33 2000
+++ netkit-rsh-0.16/rexec/rexec.c Mon Feb 28 16:49:23 2000
@@ -164,12 +164,30 @@
user_name[strlen(user_name)-1] = '\0'; /* Hopefully fgets always adds
a newline. */
passwd = getpass("Password: ");
+ } else {
+
+ if ( user_name == NULL )
+ user_name = getenv("REXEC_USER");
+ if ( user_name == NULL ) {
+ uid_t uid = getuid();
+ struct passwd *pw = getpwuid(uid);
+ if (!(pw && pw->pw_name)) {
+ fprintf(stderr, "Can't lookup uid %d\n", uid);
+ exit(1);
+ }
+ user_name = strdup(pw->pw_name);
+ }
+ if ( passwd == NULL )
+ passwd = getenv("REXEC_PASS");
+ if ( passwd == NULL )
+ passwd = getpass("Password: ");
}
- if ( user_name == NULL )
- user_name = getenv("REXEC_USER");
- if ( passwd == NULL )
- passwd = getenv("REXEC_PASS");
+ if (!(user_name && passwd)) {
+ fprintf(stderr, "Can't use %s without supplying a user and password\n",
+ progname);
+ exit(1);
+ }
if ( (sock = rexec(&host, port_exec, user_name, passwd, command,
p_to_aux_sock)) < 0 )

10
SOURCES/netkit-rsh-0.16-rlogin=rsh.patch Normal file
View File

@ -0,0 +1,10 @@
--- netkit-rsh-0.16/rlogin/rlogin.c.rsh Fri Mar 3 08:59:37 2000
+++ netkit-rsh-0.16/rlogin/rlogin.c Fri Mar 3 08:59:45 2000
@@ -194,6 +194,7 @@
p = argv[0];
if (strcmp(p, "rlogin"))
+ if (strcmp(p, "rsh"))
host = p;
/* handle "rlogin host flags" */

82
SOURCES/netkit-rsh-0.17-arg_max.patch Normal file
View File

@ -0,0 +1,82 @@
diff -up netkit-rsh-0.17/rexecd/rexecd.c.arg_max netkit-rsh-0.17/rexecd/rexecd.c
--- netkit-rsh-0.17/rexecd/rexecd.c.arg_max 2008-05-09 10:36:44.000000000 +0200
+++ netkit-rsh-0.17/rexecd/rexecd.c 2008-05-09 10:36:44.000000000 +0200
@@ -235,7 +235,8 @@ static struct pam_conv PAM_conversation
static void
doit(struct sockaddr_in *fromp)
{
- char cmdbuf[ARG_MAX+1];
+ char *cmdbuf;
+ long cmdbuflen;
char user[17], pass[17];
struct passwd *pwd;
int s = -1;
@@ -254,6 +255,18 @@ doit(struct sockaddr_in *fromp)
#endif
#endif /* USE_PAM */
+ cmdbuflen = sysconf (_SC_ARG_MAX);
+ if (!(cmdbuflen > 0)) {
+ syslog (LOG_ERR, "sysconf (_SC_ARG_MAX) failed");
+ fatal ("sysconf (_SC_ARG_MAX) failed\n");
+ }
+
+ cmdbuf = malloc (++cmdbuflen);
+ if (cmdbuf == NULL) {
+ syslog (LOG_ERR, "Could not allocate space for cmdbuf");
+ fatal ("Could not allocate space for cmdbuf\n");
+ }
+
signal(SIGINT, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
@@ -303,7 +316,7 @@ doit(struct sockaddr_in *fromp)
getstr(user, sizeof(user), "username too long\n");
getstr(pass, sizeof(pass), "password too long\n");
- getstr(cmdbuf, sizeof(cmdbuf), "command too long\n");
+ getstr(cmdbuf, cmdbuflen, "command too long\n");
#ifdef USE_PAM
#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
pam_end(pamh, pam_error); exit(1); \
diff -up netkit-rsh-0.17/rshd/rshd.c.arg_max netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.arg_max 2008-05-09 10:36:44.000000000 +0200
+++ netkit-rsh-0.17/rshd/rshd.c 2008-05-09 10:38:51.000000000 +0200
@@ -402,7 +402,8 @@ static int log_audit(const char *usernam
static void
doit(struct sockaddr_storage *fromp, socklen_t fromlen)
{
- char cmdbuf[ARG_MAX+1];
+ char *cmdbuf;
+ long cmdbuflen;
const char *theshell, *shellname;
char locuser[16], remuser[16];
struct passwd *pwd;
@@ -415,6 +416,18 @@ doit(struct sockaddr_storage *fromp, soc
int i;
#endif
+ cmdbuflen = sysconf (_SC_ARG_MAX);
+ if (!(cmdbuflen > 0)) {
+ syslog (LOG_ERR, "sysconf (_SC_ARG_MAX) failed");
+ exit (1);
+ }
+
+ cmdbuf = malloc (++cmdbuflen);
+ if (cmdbuf == NULL) {
+ syslog (LOG_ERR, "Could not allocate space for cmdbuf");
+ exit (1);
+ }
+
signal(SIGINT, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
@@ -460,7 +473,7 @@ doit(struct sockaddr_storage *fromp, soc
getstr(remuser, sizeof(remuser), "remuser");
getstr(locuser, sizeof(locuser), "locuser");
- getstr(cmdbuf, sizeof(cmdbuf), "command");
+ getstr(cmdbuf, cmdbuflen, "command");
if (!strcmp(locuser, "root")) paranoid = 1;
hostname = findhostname((struct sockaddr *)fromp, fromlen,

258
SOURCES/netkit-rsh-0.17-audit.patch Normal file
View File

@ -0,0 +1,258 @@
diff -up netkit-rsh-0.17/rshd/Makefile.audit netkit-rsh-0.17/rshd/Makefile
--- netkit-rsh-0.17/rshd/Makefile.audit 2008-03-25 12:33:26.000000000 +0100
+++ netkit-rsh-0.17/rshd/Makefile 2008-03-25 12:33:26.000000000 +0100
@@ -9,6 +9,10 @@ ifeq ($(USE_PAM),1)
CFLAGS += -DUSE_PAM
LIBS += -ldl -lpam -lpam_misc
endif
+ifeq ($(USE_AUDIT),1)
+CFLAGS += -DUSE_AUDIT
+LIBS += -ldl -laudit
+endif
rshd: $(OBJS)
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
diff -up netkit-rsh-0.17/rshd/rshd.c.audit netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.audit 2008-03-25 12:33:26.000000000 +0100
+++ netkit-rsh-0.17/rshd/rshd.c 2008-03-25 12:35:37.000000000 +0100
@@ -90,6 +90,10 @@ char rcsid[] =
static pam_handle_t *pamh;
#endif /* USE_PAM */
+#ifdef USE_AUDIT
+#include <libaudit.h>
+#endif /* USE_AUDIT */
+
#define OPTIONS "aDhlLn"
static int keepalive = 1;
@@ -224,6 +228,14 @@ static void stderr_parent(int sock, int
exit(0);
}
+#define PAM_SET_ITEM(item,val) \
+ do { \
+ retcode = pam_set_item(pamh, (item), (val)); \
+ if (retcode != PAM_SUCCESS) { \
+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode)); \
+ exit (1); \
+ } \
+ } while (0)
static struct passwd *doauth(const char *remuser,
const char *hostname,
@@ -243,9 +255,10 @@ static struct passwd *doauth(const char
syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retcode));
exit (1);
}
- pam_set_item (pamh, PAM_RUSER, remuser);
- pam_set_item (pamh, PAM_RHOST, hostname);
- pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */
+
+ PAM_SET_ITEM(PAM_RUSER, remuser);
+ PAM_SET_ITEM(PAM_RHOST, hostname);
+ PAM_SET_ITEM(PAM_TTY, "rsh"); /* we don't use a tty, so punt */
retcode = pam_authenticate(pamh, 0);
if (retcode == PAM_SUCCESS) {
@@ -365,6 +378,27 @@ static const char *findhostname(struct s
return NULL; /* not reachable */
}
+static int log_audit(const char *username, int uid, const char *hostname,
+ int success)
+{
+#ifdef USE_AUDIT
+ int audit_fd = audit_open();
+ if (audit_fd < 0) {
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
+ errno != EAFNOSUPPORT)
+ return 1;
+ } else {
+ int rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
+ NULL, "login", username, uid, hostname, NULL,
+ "rsh", success);
+ close(audit_fd);
+ if (rc <= 0)
+ return 1;
+ }
+#endif
+ return 0;
+}
+
static void
doit(struct sockaddr_storage *fromp, socklen_t fromlen)
{
@@ -435,14 +469,21 @@ doit(struct sockaddr_storage *fromp, soc
setpwent();
pwd = doauth(remuser, hostname, locuser);
if (pwd == NULL) {
+ if (log_audit(remuser, -1, hostname, 0) > 0) {
+ fail("Error sending audit event.\n",
+ remuser, hostname, locuser, cmdbuf);
+ }
fail("Permission denied.\n",
remuser, hostname, locuser, cmdbuf);
}
-
if (pwd->pw_uid != 0 && !access(_PATH_NOLOGIN, F_OK)) {
error("Logins currently disabled.\n");
exit(1);
}
+ if (log_audit(NULL, pwd->pw_uid, hostname, 1) > 0) {
+ fail("Error sending audit event.\n",
+ remuser, hostname, locuser, cmdbuf);
+ }
(void) write(2, "\0", 1);
sent_null = 1;
diff -up netkit-rsh-0.17/rexecd/rexecd.c.audit netkit-rsh-0.17/rexecd/rexecd.c
--- netkit-rsh-0.17/rexecd/rexecd.c.audit 2008-03-25 12:33:26.000000000 +0100
+++ netkit-rsh-0.17/rexecd/rexecd.c 2008-03-25 12:33:26.000000000 +0100
@@ -312,9 +312,12 @@ doit(struct sockaddr_in *fromp)
PAM_password = pass;
pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh);
PAM_BAIL;
- pam_set_item (pamh, PAM_RUSER, user);
- pam_set_item (pamh, PAM_RHOST, remote);
- pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
+ pam_error = pam_set_item (pamh, PAM_RUSER, user);
+ PAM_BAIL;
+ pam_error = pam_set_item (pamh, PAM_RHOST, remote);
+ PAM_BAIL;
+ pam_error = pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
+ PAM_BAIL;
pam_error = pam_authenticate(pamh, 0);
PAM_BAIL;
pam_error = pam_acct_mgmt(pamh, 0);
diff -up netkit-rsh-0.17/rlogind/auth.c.audit netkit-rsh-0.17/rlogind/auth.c
--- netkit-rsh-0.17/rlogind/auth.c.audit 2008-03-25 12:33:26.000000000 +0100
+++ netkit-rsh-0.17/rlogind/auth.c 2008-03-25 12:33:26.000000000 +0100
@@ -102,6 +102,16 @@ static int attempt_auth(void) {
return retval;
}
+#define PAM_SET_ITEM(item,val) \
+ do { \
+ retval = pam_set_item(pamh, (item), (val)); \
+ if (retval != PAM_SUCCESS) { \
+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval)); \
+ pam_end(pamh, retval); \
+ fatal(STDERR_FILENO, "initialization failed", 0); \
+ } \
+ } while (0)
+
/*
* This function must either die, return -1 on authentication failure,
* or return 0 on authentication success. Dying is discouraged.
@@ -117,17 +127,19 @@ int auth_checkauth(const char *remoteuse
retval = pam_start("rlogin", localuser, &conv, &pamh);
if (retval != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retval));
+ pam_end(pamh, retval);
fatal(STDERR_FILENO, "initialization failed", 0);
}
- pam_set_item(pamh, PAM_USER, localuser);
- pam_set_item(pamh, PAM_RUSER, remoteuser);
- pam_set_item(pamh, PAM_RHOST, host);
- pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */
-
+ PAM_SET_ITEM(PAM_USER, localuser);
+ PAM_SET_ITEM(PAM_RUSER, remoteuser);
+ PAM_SET_ITEM(PAM_RHOST, host);
+ PAM_SET_ITEM(PAM_TTY, "rlogin"); /* we don't have a tty yet! */
+
network_confirm();
retval = attempt_auth();
if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) {
+ pam_end(pamh, retval);
syslog(LOG_ERR, "PAM authentication denied for in.rlogind");
exit(1);
} else if (retval != PAM_SUCCESS) {
diff -up netkit-rsh-0.17/rlogind/rlogind.c.audit netkit-rsh-0.17/rlogind/rlogind.c
--- netkit-rsh-0.17/rlogind/rlogind.c.audit 2008-03-25 12:33:26.000000000 +0100
+++ netkit-rsh-0.17/rlogind/rlogind.c 2008-03-25 12:33:26.000000000 +0100
@@ -357,9 +357,9 @@ static void child(const char *hname, con
}
termenv[3] = NULL;
+ auth_finish();
+ closeall();
if (authenticated) {
- auth_finish();
- closeall();
execle(_PATH_LOGIN, "login", "-p",
"-h", hname, "-f", localuser, NULL, termenv);
}
@@ -368,8 +368,6 @@ static void child(const char *hname, con
syslog(LOG_AUTH|LOG_INFO, "rlogin with an option as a name!");
exit(1);
}
- auth_finish();
- closeall();
execle(_PATH_LOGIN, "login", "-p",
"-h", hname, localuser, NULL, termenv);
}
diff -up netkit-rsh-0.17/configure.audit netkit-rsh-0.17/configure
--- netkit-rsh-0.17/configure.audit 2000-07-29 20:00:29.000000000 +0200
+++ netkit-rsh-0.17/configure 2008-03-25 12:33:26.000000000 +0100
@@ -19,8 +19,9 @@ while [ x$1 != x ]; do case $1 in
Usage: configure [options]
--help Show this message
--with-debug Enable debugging
- --without-pam Disable PAM support
+ --without-pam Disable PAM support
--without-shadow Disable shadow password support
+ --without-audit Disable audit support
--prefix=path Prefix for location of files [/usr]
--exec-prefix=path Location for arch-depedent files [prefix]
--installroot=root Top of filesystem tree to install in [/]
@@ -47,6 +48,7 @@ EOF
--with-c-compiler=*) CC=`echo $1 | sed 's/^[^=]*=//'` ;;
--without-pam|--disable-pam) WITHOUT_PAM=1;;
--without-shadow|--disable-shadow) WITHOUT_SHADOW=1;;
+ --without-audit|--disable-audit) WITHOUT_AUDIT=1;;
*) echo "Unrecognized option: $1"; exit 1;;
esac
shift
@@ -342,6 +344,32 @@ rm -f __conftest*
##################################################
+echo -n 'Checking for AUDIT... '
+if [ x$WITHOUT_AUDIT != x ]; then
+ echo disabled
+else
+cat <<EOF >__conftest.c
+#include <stdio.h>
+#include <libaudit.h>
+int main() {
+ audit_log_acct_message(1, AUDIT_USER_LOGIN, NULL, NULL, NULL, 0, NULL, NULL, NULL, 0);
+ return 0;
+}
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -laudit -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ USE_AUDIT=1
+ else
+ echo 'no'
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
echo -n 'Checking for crypt... '
cat <<EOF >__conftest.c
int main() { crypt("aa", "bb"); }
@@ -593,5 +621,6 @@ echo 'Generating MCONFIG...'
echo "USE_PAM=$USE_PAM"
echo "USE_SHADOW=$USE_SHADOW"
echo "LIBSHADOW=$LIBSHADOW"
+ echo "USE_AUDIT=$USE_AUDIT"
) > MCONFIG

57
SOURCES/netkit-rsh-0.17-chdir.patch Normal file
View File

@ -0,0 +1,57 @@
--- netkit-rsh-0.17/rshd/rshd.c.orig Sun Jul 23 06:16:24 2000
+++ netkit-rsh-0.17/rshd/rshd.c Tue Dec 11 17:45:10 2001
@@ -388,15 +388,6 @@
remuser, hostname, locuser, cmdbuf);
}
- if (chdir(pwd->pw_dir) < 0) {
- chdir("/");
- /*
- * error("No remote directory.\n");
- * exit(1);
- */
- }
-
-
if (pwd->pw_uid != 0 && !access(_PATH_NOLOGIN, F_OK)) {
error("Logins currently disabled.\n");
exit(1);
@@ -456,6 +447,14 @@
exit(1);
}
environ = envinit;
+
+ if (chdir(pwd->pw_dir) < 0) {
+ chdir("/");
+ /*
+ * error("No remote directory.\n");
+ * exit(1);
+ */
+ }
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
homedir[sizeof(homedir)-1] = 0;
--- netkit-rsh-0.17/rexecd/rexecd.c.orig Sun Jul 23 06:16:22 2000
+++ netkit-rsh-0.17/rexecd/rexecd.c Tue Dec 11 18:28:36 2001
@@ -375,10 +375,6 @@
/* Log successful attempts. */
syslog(LOG_INFO, "login from %.128s as %s", remote, user);
- if (chdir(pwd->pw_dir) < 0) {
- fatal("No remote directory.\n");
- }
-
write(2, "\0", 1);
if (port) {
/* If we have a port, dup STDERR on that port KRH */
@@ -408,6 +404,10 @@
if (setuid(pwd->pw_uid)) {
perror("setuid");
exit(1);
+ }
+
+ if (chdir(pwd->pw_dir) < 0) {
+ fatal("No remote directory.\n");
}
strcat(path, _PATH_DEFPATH);

22
SOURCES/netkit-rsh-0.17-checkdir.patch Normal file
View File

@ -0,0 +1,22 @@
--- netkit-rsh-0.17/rcp/rcp.c.checkdir 2005-01-28 16:20:38.280031064 +0100
+++ netkit-rsh-0.17/rcp/rcp.c 2005-01-28 16:25:56.479657368 +0100
@@ -716,6 +716,10 @@
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
+ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+ error("rcp: unexpected filename: %s", cp);
+ exit(1);
+ }
if (targisdir) {
static char *namebuf;
static int cursize;
@@ -734,6 +738,8 @@
np = targ;
exists = stat(np, &stb) == 0;
if (buf[0] == 'D') {
+ if (!iamrecursive)
+ SCREWUP("received directory without -r");
if (exists) {
if ((stb.st_mode&S_IFMT) != S_IFDIR) {
errno = ENOTDIR;

60
SOURCES/netkit-rsh-0.17-dns.patch Normal file
View File

@ -0,0 +1,60 @@
diff -up netkit-rsh-0.17/rshd/rshd.c.dns netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.dns 2007-09-27 11:05:26.000000000 +0200
+++ netkit-rsh-0.17/rshd/rshd.c 2007-09-27 11:16:54.000000000 +0200
@@ -294,6 +294,7 @@ static const char *findhostname(struct s
char remote_hostname[NI_MAXHOST];
struct addrinfo hints;
struct addrinfo *res0, *res;
+ int err;
if (! inet_ntop(fromp->sa_family,
(( fromp->sa_family == AF_INET6 )
@@ -305,12 +306,16 @@ static const char *findhostname(struct s
exit(1);
}
- if (getnameinfo(fromp, fromlen, remote_hostname, NI_MAXHOST,
- NULL, 0, 0)) {
- syslog(LOG_NOTICE|LOG_AUTH,
- "Failed to retrieve the hostname information for %s",
- remote_address);
- exit(1);
+ err = getnameinfo(fromp, fromlen, remote_hostname, NI_MAXHOST,
+ NULL, 0, 0);
+ if (err && (err == EAI_AGAIN) && !check_all)
+ err = getnameinfo (fromp, fromlen, remote_hostname, NI_MAXHOST,
+ NULL, 0, NI_NUMERICHOST);
+ if (err) {
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "Failed to retrieve the hostname information for %s",
+ remote_address);
+ exit(1);
}
errno = ENOMEM; /* malloc (thus strdup) may not set it */
@@ -586,6 +591,11 @@ static void network_init(int fd,
error = getnameinfo((struct sockaddr *)fromp, *fromlenp,
hostname, sizeof(hostname), portname, sizeof(portname),
NI_NUMERICSERV);
+ if (error && (error == EAI_AGAIN) && !check_all)
+ error = getnameinfo ((struct sockaddr *)fromp, *fromlenp,
+ hostname, sizeof(hostname), portname,
+ sizeof(portname),
+ NI_NUMERICSERV|NI_NUMERICHOST);
if (error) {
syslog(LOG_NOTICE|LOG_AUTH,
"Failed to retrieve address and port of the connection: %s",
diff -up netkit-rsh-0.17/rlogind/network.c.dns netkit-rsh-0.17/rlogind/network.c
--- netkit-rsh-0.17/rlogind/network.c.dns 2007-09-27 11:17:07.000000000 +0200
+++ netkit-rsh-0.17/rlogind/network.c 2007-09-27 11:20:29.000000000 +0200
@@ -127,6 +127,10 @@ find_hostname(struct sockaddr *fromp, so
error = getnameinfo(fromp, fromlen,
hname_buf, sizeof(hname_buf), portname, NI_MAXSERV,
NI_NUMERICSERV);
+ if ((error == EAI_AGAIN) && !check_all)
+ error = getnameinfo(fromp, fromlen,
+ hname_buf, sizeof(hname_buf), portname, NI_MAXSERV,
+ NI_NUMERICSERV|NI_NUMERICHOST);
assert(error == 0);
if (check_all || local_domain(hname_buf)) {

51
SOURCES/netkit-rsh-0.17-errno.patch Normal file
View File

@ -0,0 +1,51 @@
--- netkit-rsh-0.17/rcp/rcp.c.errno 2004-11-17 13:49:13.247815440 +0100
+++ netkit-rsh-0.17/rcp/rcp.c 2004-11-17 13:52:56.638854840 +0100
@@ -613,6 +613,7 @@
struct stat stb;
struct timeval tv[2];
enum { YES, NO, DISPLAYED } wrerr;
+ int werrno = 0;
BUF *bp;
off_t i, j, size;
char ch, *targ;
@@ -766,6 +767,7 @@
cp = bp->buf;
count = 0;
wrerr = NO;
+ werrno = 0;
for (i = 0; i < size; i += BUFSIZ) {
amt = BUFSIZ;
if (i + amt > size)
@@ -784,16 +786,20 @@
} while (amt > 0);
if (count == bp->cnt) {
if (wrerr == NO &&
- write(ofd, bp->buf, count) != count)
+ write(ofd, bp->buf, count) != count) {
wrerr = YES;
+ werrno = errno;
+ }
count = 0;
cp = bp->buf;
}
}
if (count != 0 && wrerr == NO &&
- write(ofd, bp->buf, count) != count)
+ write(ofd, bp->buf, count) != count) {
wrerr = YES;
- if (ftruncate(ofd, size)) {
+ werrno = errno;
+ }
+ if (wrerr == NO && ftruncate(ofd, size)) {
error("rcp: can't truncate %s: %s\n", np,
strerror(errno));
wrerr = DISPLAYED;
@@ -810,7 +816,7 @@
}
switch(wrerr) {
case YES:
- error("rcp: %s: %s\n", np, strerror(errno));
+ error("rcp: %s: %s\n", np, strerror(werrno));
break;
case NO:
(void)write(rem, "", 1);

22
SOURCES/netkit-rsh-0.17-ignchld.patch Normal file
View File

@ -0,0 +1,22 @@
--- netkit-rsh-0.17/rlogind/rlogind.c.ignchld 2004-12-06 13:31:23.263630216 +0100
+++ netkit-rsh-0.17/rlogind/rlogind.c 2004-12-06 13:31:43.382571672 +0100
@@ -440,7 +440,7 @@
ioctl(master, TIOCPKT, &on);
signal(SIGCHLD, cleanup);
protocol(netfd, master);
- signal(SIGCHLD, SIG_IGN);
+ signal(SIGCHLD, SIG_DFL);
cleanup(0);
}
--- netkit-rsh-0.17/rlogin/rlogin.c.ignchld 2004-12-06 13:30:37.110646536 +0100
+++ netkit-rsh-0.17/rlogin/rlogin.c 2004-12-06 13:31:00.224132752 +0100
@@ -523,7 +523,7 @@
stop(char cmdc)
{
mode(0);
- signal(SIGCHLD, SIG_IGN);
+ signal(SIGCHLD, SIG_DFL);
kill(cmdc == defsusp ? 0 : getpid(), SIGTSTP);
signal(SIGCHLD, catch_child);
mode(1);

148
SOURCES/netkit-rsh-0.17-ipv6-rexec.patch Normal file
View File

@ -0,0 +1,148 @@
diff -up netkit-rsh-0.17/rexecd/rexecd.c.ipv6-rexec netkit-rsh-0.17/rexecd/rexecd.c
--- netkit-rsh-0.17/rexecd/rexecd.c.ipv6-rexec 2013-07-15 17:31:07.678365071 +0200
+++ netkit-rsh-0.17/rexecd/rexecd.c 2013-07-15 17:32:17.010346615 +0200
@@ -114,7 +114,7 @@ int deny_severity = LOG_WARNING;
*/
static void fatal(const char *);
-static void doit(struct sockaddr_in *fromp);
+static void doit(struct sockaddr_storage *fromp);
static void getstr(char *buf, int cnt, const char *err);
static const char *remote = NULL;
@@ -122,7 +122,7 @@ static const char *remote = NULL;
int
main(int argc, char **argv)
{
- struct sockaddr_in from;
+ struct sockaddr_storage from;
socklen_t fromlen;
(void)argc;
@@ -136,6 +136,29 @@ main(int argc, char **argv)
openlog(argv[0], LOG_PID, LOG_DAEMON);
+ /* handle situation when connected peer *doesn't have* native IPv6 address but systemd/xinetd
+ * is listening on AF_INET6 socket on our behalf and fds we are given corresponds to AF_INET6 socket
+ */
+ if (from.ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) &from)->sin6_addr)) {
+ struct addrinfo *res, hints = {};
+ char client_addr[INET6_ADDRSTRLEN] = {};
+ char client_port[6] = {};
+
+ inet_ntop(AF_INET6, &((struct sockaddr_in6 *) &from)->sin6_addr,
+ client_addr, sizeof(client_addr));
+
+ sprintf(client_port, "%d", ntohs(((struct sockaddr_in6 *) &from)->sin6_port));
+
+ hints.ai_family = AF_INET;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
+
+ getaddrinfo(client_addr, client_port, &hints, &res);
+
+ memcpy(&from, res->ai_addr, sizeof(struct sockaddr_in));
+ freeaddrinfo(res);
+ }
+
#ifdef TCP_WRAPPER
/* Find out and report the remote host name. */
/* I don't think this works. -- dholland */
@@ -146,19 +169,42 @@ main(int argc, char **argv)
if (argc > 1 && argv[1] && strcmp(argv[1], "-D")==0)
{
/* use IP in logs -- this is workaround */
- remote = strdup(inet_ntoa(from.sin_addr));
+ char remote_addr[INET6_ADDRSTRLEN] = {};
+
+ if (from.ss_family == AF_INET)
+ remote = inet_ntop(AF_INET, &from, remote_addr, INET_ADDRSTRLEN);
+ else
+ remote = inet_ntop(AF_INET6, &from, remote_addr, INET6_ADDRSTRLEN);
+
+ if (remote) {
+ remote = strdup(remote);
+ if (!remote) {
+ fprintf(stderr, "rexecd: strdup: %s\n", strerror(errno));
+ return 1;
+ }
+ } else {
+ fprintf(stderr, "rexecd: inet_ntop: %s\n", strerror(errno));
+ return 1;
+ }
}
else
{
- struct hostent *h = gethostbyaddr((const char *)&from.sin_addr,
- sizeof(struct in_addr),
- AF_INET);
- if (!h || !h->h_name) {
- write(0, "\1Where are you?\n", 16);
+ int r;
+ char remote_hostname[NI_MAXHOST] = {};
+
+ r = getnameinfo((struct sockaddr *) &from, sizeof(struct sockaddr_storage), remote_hostname, NI_MAXHOST, NULL, NULL, 0);
+
+ if (r) {
+ fprintf(stderr, "rexecd: getnameinfo: %s\n", gai_strerror(r));
+ return 1;
+ }
+
+ remote = strdup(remote_hostname);
+ if (!remote) {
+ fprintf(stderr, "rexecd: strdup: %s\n", strerror(errno));
return 1;
}
- /* Be advised that this may be utter nonsense. */
- remote = strdup(h->h_name);
+
}
#endif
syslog(allow_severity, "connect from %.128s", remote);
@@ -233,7 +279,7 @@ static struct pam_conv PAM_conversation
static void
-doit(struct sockaddr_in *fromp)
+doit(struct sockaddr_storage *fromp)
{
char *cmdbuf;
long cmdbuflen;
@@ -298,7 +344,7 @@ doit(struct sockaddr_in *fromp)
We must connect back to the client here if a port was provided. KRH
*/
if (port != 0) {
- s = socket(AF_INET, SOCK_STREAM, 0);
+ s = socket(fromp->ss_family, SOCK_STREAM, 0);
if (s < 0)
exit(1);
@@ -308,7 +354,12 @@ doit(struct sockaddr_in *fromp)
exit(1);
#endif
alarm(60);
- fromp->sin_port = htons(port);
+
+ if (fromp->ss_family == AF_INET)
+ ((struct sockaddr_in *) fromp)->sin_port = htons(port);
+ else
+ ((struct sockaddr_in6 *) fromp)->sin6_port = htons(port);
+
if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0)
exit(1);
alarm(0);
diff -up netkit-rsh-0.17/rexec/rexec.c.ipv6-rexec netkit-rsh-0.17/rexec/rexec.c
--- netkit-rsh-0.17/rexec/rexec.c.ipv6-rexec 2013-07-15 17:31:07.686365068 +0200
+++ netkit-rsh-0.17/rexec/rexec.c 2013-07-15 17:31:07.698365065 +0200
@@ -194,8 +194,8 @@ int main(int argc, char *argv[])
exit(1);
}
- if ( (sock = rexec(&host, port_exec, user_name, passwd, command,
- p_to_aux_sock)) < 0 )
+ if ( (sock = rexec_af(&host, port_exec, user_name, passwd, command,
+ p_to_aux_sock, AF_UNSPEC)) < 0 )
{
fprintf(stderr,"%s: Error in rexec system call,\n",argv[0]);
fprintf(stderr,"%s: (The following system error may itself be in error)\n",argv[0]);

451
SOURCES/netkit-rsh-0.17-ipv6.patch Normal file
View File

@ -0,0 +1,451 @@
diff -up netkit-rsh-0.17/rcp/rcp.c.ipv6 netkit-rsh-0.17/rcp/rcp.c
--- netkit-rsh-0.17/rcp/rcp.c.ipv6 2008-10-03 12:44:22.000000000 +0200
+++ netkit-rsh-0.17/rcp/rcp.c 2008-10-03 12:44:22.000000000 +0200
@@ -262,9 +262,9 @@ toremote(const char *targ, int argc, cha
nospace();
(void)snprintf(bp, len, "%s -t %s", cmd, targ);
host = thost;
- rem = rcmd(&host, port, pwd->pw_name,
+ rem = rcmd_af(&host, port, pwd->pw_name,
tuser ? tuser : pwd->pw_name,
- bp, 0);
+ bp, 0, AF_UNSPEC);
if (rem < 0)
exit(1);
#ifdef IP_TOS
@@ -325,7 +325,8 @@ tolocal(int argc, char *argv[])
if (!(bp = malloc(len)))
nospace();
(void)snprintf(bp, len, "%s -f %s", cmd, src);
- rem = rcmd(&host, port, pwd->pw_name, suser, bp, 0);
+ rem = rcmd_af(&host, port, pwd->pw_name, suser, bp, 0,
+ AF_UNSPEC);
(void)free(bp);
if (rem < 0) {
++errs;
diff -up netkit-rsh-0.17/rlogind/network.c.ipv6 netkit-rsh-0.17/rlogind/network.c
--- netkit-rsh-0.17/rlogind/network.c.ipv6 1999-12-12 16:15:40.000000000 +0100
+++ netkit-rsh-0.17/rlogind/network.c 2008-10-03 12:44:22.000000000 +0200
@@ -88,47 +88,78 @@ local_domain(const char *h)
return(0);
}
+static int
+soaddr_eq_ip(const struct sockaddr *s1, const struct sockaddr *s2)
+{
+ if (s1->sa_family != s2->sa_family)
+ return 0;
+ if (s2->sa_family == AF_INET6)
+ return (memcmp(
+ (const void*)(
+ &((const struct sockaddr_in6 *)s1)->sin6_addr
+ ),
+ (const void*)(
+ &((const struct sockaddr_in6 *)s2)->sin6_addr
+ ),
+ sizeof(struct in6_addr))
+ == 0);
+ else
+ return (memcmp(
+ (const void*)(
+ &((const struct sockaddr_in *)s1)->sin_addr
+ ),
+ (const void*)(
+ &((const struct sockaddr_in *)s2)->sin_addr
+ ),
+ sizeof(struct in_addr))
+ == 0);
+}
static char *
-find_hostname(const struct sockaddr_in *fromp, int *hostokp)
+find_hostname(struct sockaddr *fromp, socklen_t fromlen,
+ char *portname, int *hostokp)
{
- struct hostent *hop;
+ int error;
char *hname;
+ char hname_buf[NI_MAXHOST];
int hostok = 0;
- hop = gethostbyaddr((const char *)&fromp->sin_addr,
- sizeof(struct in_addr), fromp->sin_family);
- if (hop == NULL) {
- hname = strdup(inet_ntoa(fromp->sin_addr));
- hostok = 1;
- }
- else if (check_all || local_domain(hop->h_name)) {
+ error = getnameinfo(fromp, fromlen,
+ hname_buf, sizeof(hname_buf), portname, NI_MAXSERV,
+ NI_NUMERICSERV);
+ assert(error == 0);
+
+ if (check_all || local_domain(hname_buf)) {
/*
- * If name returned by gethostbyaddr is in our domain,
+ * If name returned is in our domain,
* attempt to verify that we haven't been fooled by someone
* in a remote net; look up the name and check that this
* address corresponds to the name.
*/
- hname = strdup(hop->h_name);
- hop = gethostbyname(hname);
- if (hop) {
- for (; hop->h_addr_list[0]; hop->h_addr_list++) {
- if (!memcmp(hop->h_addr_list[0], &fromp->sin_addr,
- sizeof(fromp->sin_addr))) {
+ struct addrinfo hints;
+ struct addrinfo *res0, *res;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ error = getaddrinfo(hname_buf, NULL, &hints, &res);
+ assert(error == 0);
+
+ res0 = res;
+ while (res) {
+ if (soaddr_eq_ip(fromp, res->ai_addr)) {
hostok = 1;
break;
}
- }
- /* not clear if this is worthwhile */
- free(hname);
- hname = strdup(hop->h_name);
+ res = res->ai_next;
}
+ freeaddrinfo(res0);
}
else {
- hname = strdup(hop->h_name);
hostok = 1;
}
+ hname = strdup(hname_buf);
+
/*
* Actually it might be null if we're out of memory, but
* where do we go then? We'd have to bail anyhow.
@@ -145,14 +176,14 @@ find_hostname(const struct sockaddr_in *
char *
network_init(int f, int *hostokp)
{
- struct sockaddr_in from, *fromp;
+ struct sockaddr_storage from, *fromp;
socklen_t fromlen;
int on = 1;
char c;
char *hname;
+ char portname[NI_MAXSERV];
int port;
- from.sin_family = AF_INET;
fromlen = sizeof (from);
if (getpeername(f, (struct sockaddr *)&from, &fromlen) < 0) {
syslog(LOG_ERR,"Can't get peer name of remote host: %m");
@@ -177,13 +208,19 @@ network_init(int f, int *hostokp)
alarm(0);
- hname = find_hostname(fromp, hostokp);
+ hname = find_hostname((struct sockaddr *)fromp, fromlen,
+ portname, hostokp);
+ assert(hname != NULL);
- port = ntohs(fromp->sin_port);
- if (fromp->sin_family != AF_INET ||
+ port = atoi(portname);
+ if (! port) {
+ syslog(LOG_NOTICE, "Unknown port %s", portname);
+ fatal(f, "Permission denied", 0);
+ }
+ if ((fromp->ss_family != AF_INET && fromp->ss_family != AF_INET6) ||
port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE, "Connection from %s on illegal port",
- inet_ntoa(fromp->sin_addr));
+ portname);
fatal(f, "Permission denied", 0);
}
diff -up netkit-rsh-0.17/rlogin/rlogin.c.ipv6 netkit-rsh-0.17/rlogin/rlogin.c
--- netkit-rsh-0.17/rlogin/rlogin.c.ipv6 2008-10-03 12:44:22.000000000 +0200
+++ netkit-rsh-0.17/rlogin/rlogin.c 2008-10-03 12:44:22.000000000 +0200
@@ -280,7 +280,7 @@ main(int argc, char **argv)
/* will use SIGUSR1 for window size hack, so hold it off */
omask = sigblock(sigmask(SIGURG) | sigmask(SIGUSR1));
- rem = rcmd(&host, sp->s_port, pw->pw_name, user, term, 0);
+ rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, term, 0, AF_UNSPEC);
if (rem < 0) exit(1);
diff -up netkit-rsh-0.17/rshd/rshd.c.ipv6 netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.ipv6 2008-10-03 12:44:22.000000000 +0200
+++ netkit-rsh-0.17/rshd/rshd.c 2008-10-03 12:53:08.000000000 +0200
@@ -109,7 +109,7 @@ char *envinit[] =
extern char **environ;
static void error(const char *fmt, ...);
-static void doit(struct sockaddr_in *fromp);
+static void doit(struct sockaddr_storage *fromp, socklen_t fromlen);
static void getstr(char *buf, int cnt, const char *err);
extern int _check_rhosts_file;
@@ -284,19 +284,37 @@ static struct passwd *doauth(const char
#endif
}
-static const char *findhostname(struct sockaddr_in *fromp,
+static const char *findhostname(struct sockaddr *fromp,
+ socklen_t fromlen,
const char *remuser, const char *locuser,
const char *cmdbuf)
{
- struct hostent *hp;
const char *hostname;
+ char remote_address[INET6_ADDRSTRLEN];
+ char remote_hostname[NI_MAXHOST];
+ struct addrinfo hints;
+ struct addrinfo *res0, *res;
+
+ if (! inet_ntop(fromp->sa_family,
+ (( fromp->sa_family == AF_INET6 )
+ ? ( &((struct sockaddr_in6 *)fromp)->sin6_addr )
+ : ( &((struct sockaddr_in *)fromp)->sin_addr )),
+ remote_address, sizeof(remote_address))) {
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "Failed to retrieve the socket remote address");
+ exit(1);
+ }
- hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr),
- fromp->sin_family);
+ if (getnameinfo(fromp, fromlen, remote_hostname, NI_MAXHOST,
+ NULL, 0, 0)) {
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "Failed to retrieve the hostname information for %s",
+ remote_address);
+ exit(1);
+ }
errno = ENOMEM; /* malloc (thus strdup) may not set it */
- if (hp) hostname = strdup(hp->h_name);
- else hostname = strdup(inet_ntoa(fromp->sin_addr));
+ hostname = strdup(remote_hostname);
if (hostname==NULL) {
/* out of memory? */
@@ -307,31 +325,43 @@ static const char *findhostname(struct s
/*
* Attempt to confirm the DNS.
*/
-#ifdef RES_DNSRCH
- _res.options &= ~RES_DNSRCH;
-#endif
- hp = gethostbyname(hostname);
- if (hp == NULL) {
- syslog(LOG_INFO, "Couldn't look up address for %s", hostname);
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ if (getaddrinfo(hostname, NULL, &hints, &res)) {
+ syslog(LOG_INFO, "Couldn't look up address for %s/%s",
+ hostname, remote_address);
fail("Couldn't get address for your host (%s)\n",
- remuser, inet_ntoa(fromp->sin_addr), locuser, cmdbuf);
- }
- while (hp->h_addr_list[0] != NULL) {
- if (!memcmp(hp->h_addr_list[0], &fromp->sin_addr,
- sizeof(fromp->sin_addr))) {
- return hostname;
+ remuser, hostname, locuser, cmdbuf);
+ }
+
+ res0 = res;
+ while (res) {
+ struct sockaddr *sa;
+ char res_address[INET6_ADDRSTRLEN];
+ sa = res->ai_addr;
+
+ if (inet_ntop(sa->sa_family,
+ (( sa->sa_family == AF_INET6 )
+ ? ( &((struct sockaddr_in6 *)sa)->sin6_addr )
+ : ( &((struct sockaddr_in *)sa)->sin_addr )),
+ res_address, sizeof(res_address))
+ && strcmp(remote_address, res_address) == 0) {
+ freeaddrinfo(res0);
+ return hostname;
}
- hp->h_addr_list++;
+ res = res->ai_next;
}
+ freeaddrinfo(res0);
+
syslog(LOG_NOTICE, "Host addr %s not listed for host %s",
- inet_ntoa(fromp->sin_addr), hp->h_name);
+ remote_address, hostname);
fail("Host address mismatch for %s\n",
- remuser, inet_ntoa(fromp->sin_addr), locuser, cmdbuf);
+ remuser, hostname, locuser, cmdbuf);
return NULL; /* not reachable */
}
static void
-doit(struct sockaddr_in *fromp)
+doit(struct sockaddr_storage *fromp, socklen_t fromlen)
{
char cmdbuf[ARG_MAX+1];
const char *theshell, *shellname;
@@ -351,8 +381,12 @@ doit(struct sockaddr_in *fromp)
alarm(0);
if (port != 0) {
+ struct sockaddr_storage second_connect;
int lport = IPPORT_RESERVED - 1;
- sock = rresvport(&lport);
+
+ memcpy((void *)&second_connect, (void *)fromp, fromlen);
+ sock = rresvport_af(&lport,
+ ((struct sockaddr *)&second_connect)->sa_family);
if (sock < 0) {
syslog(LOG_ERR, "can't get stderr port: %m");
exit(1);
@@ -361,10 +395,15 @@ doit(struct sockaddr_in *fromp)
syslog(LOG_ERR, "2nd port not reserved\n");
exit(1);
}
- fromp->sin_port = htons(port);
- if (connect(sock, (struct sockaddr *)fromp,
- sizeof(*fromp)) < 0) {
- syslog(LOG_INFO, "connect second port: %m");
+ if (((struct sockaddr *)&second_connect)->sa_family == AF_INET6)
+ ((struct sockaddr_in6 *)&second_connect)->sin6_port
+ = htons(port);
+ else
+ ((struct sockaddr_in *)&second_connect)->sin_port
+ = htons(port);
+ if (connect(sock, (struct sockaddr *)&second_connect,
+ fromlen) < 0) {
+ syslog(LOG_INFO, "connect second port %d: %m", port);
exit(1);
}
}
@@ -381,7 +420,8 @@ doit(struct sockaddr_in *fromp)
getstr(cmdbuf, sizeof(cmdbuf), "command");
if (!strcmp(locuser, "root")) paranoid = 1;
- hostname = findhostname(fromp, remuser, locuser, cmdbuf);
+ hostname = findhostname((struct sockaddr *)fromp, fromlen,
+ remuser, locuser, cmdbuf);
setpwent();
pwd = doauth(remuser, hostname, locuser);
@@ -496,15 +536,19 @@ doit(struct sockaddr_in *fromp)
exit(1);
}
-static void network_init(int fd, struct sockaddr_in *fromp)
+static void network_init(int fd,
+ struct sockaddr_storage *fromp, socklen_t *fromlenp)
{
struct linger linger;
- socklen_t fromlen;
+ char hostname[NI_MAXHOST];
+ char portname[NI_MAXSERV];
+ sa_family_t family;
+
+ int error;
int on=1;
int port;
- fromlen = sizeof(*fromp);
- if (getpeername(fd, (struct sockaddr *) fromp, &fromlen) < 0) {
+ if (getpeername(fd, (struct sockaddr *)fromp, fromlenp) < 0) {
syslog(LOG_ERR, "getpeername: %m");
_exit(1);
}
@@ -518,9 +562,20 @@ static void network_init(int fd, struct
sizeof (linger)) < 0)
syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
- if (fromp->sin_family != AF_INET) {
+ family = ((struct sockaddr *)fromp)->sa_family;
+ if (family != AF_INET && family != AF_INET6) {
syslog(LOG_ERR, "malformed \"from\" address (af %d)\n",
- fromp->sin_family);
+ family);
+ exit(1);
+ }
+
+ error = getnameinfo((struct sockaddr *)fromp, *fromlenp,
+ hostname, sizeof(hostname), portname, sizeof(portname),
+ NI_NUMERICSERV);
+ if (error) {
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "Failed to retrieve address and port of the connection: %s",
+ gai_strerror(error));
exit(1);
}
#ifdef IP_OPTIONS
@@ -550,7 +605,7 @@ static void network_init(int fd, struct
syslog(LOG_NOTICE,
"Connection received from %s using IP options"
" (ignored): %s",
- inet_ntoa(fromp->sin_addr), lbuf);
+ hostname, lbuf);
if (setsockopt(0, ipproto, IP_OPTIONS, NULL, optsize) != 0) {
syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
@@ -563,10 +618,15 @@ static void network_init(int fd, struct
/*
* Check originating port for validity.
*/
- port = ntohs(fromp->sin_port);
+ port = atoi(portname);
+ if (! port) {
+ syslog(LOG_NOTICE|LOG_AUTH, "Unknown port %s", portname);
+ exit(1);
+ }
if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) {
- syslog(LOG_NOTICE|LOG_AUTH, "Connection from %s on illegal port",
- inet_ntoa(fromp->sin_addr));
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "Connection from %s from illegal port %s",
+ hostname, portname);
exit(1);
}
}
@@ -575,7 +635,8 @@ int
main(int argc, char *argv[])
{
int ch;
- struct sockaddr_in from;
+ struct sockaddr_storage from;
+ socklen_t fromlen;
_check_rhosts_file=1;
openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
@@ -618,8 +679,9 @@ main(int argc, char *argv[])
"pam_rhosts_auth in /etc/pam.conf");
#endif /* USE_PAM */
- network_init(0, &from);
- doit(&from);
+ fromlen = sizeof(from);
+ network_init(0, &from, &fromlen);
+ doit(&from, fromlen);
return 0;
}
diff -up netkit-rsh-0.17/rsh/rsh.c.ipv6 netkit-rsh-0.17/rsh/rsh.c
--- netkit-rsh-0.17/rsh/rsh.c.ipv6 2000-07-23 06:16:24.000000000 +0200
+++ netkit-rsh-0.17/rsh/rsh.c 2008-10-03 12:44:22.000000000 +0200
@@ -163,7 +163,8 @@ main(int argc, char *argv[])
exit(1);
}
- rem = rcmd(&host, sp->s_port, pw->pw_name, user, args, &rfd2);
+ rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args, &rfd2,
+ AF_UNSPEC);
if (rem < 0)
exit(1);

25
SOURCES/netkit-rsh-0.17-lfs.patch Normal file
View File

@ -0,0 +1,25 @@
--- netkit-rsh-0.17/rcp/rcp.c.bigfile 2003-01-17 16:06:44.000000000 +0200
+++ netkit-rsh-0.17/rcp/rcp.c 2003-01-17 16:08:48.000000000 +0200
@@ -482,7 +482,7 @@
}
}
(void)snprintf(buf, sizeof(buf),
- "C%04o %ld %s\n", stb.st_mode&07777, stb.st_size, last);
+ "C%04o %lld %s\n", stb.st_mode&07777, (long long)(stb.st_size), last);
(void)write(rem, buf, (int)strlen(buf));
if (response() < 0) {
(void)close(f);
@@ -614,11 +614,11 @@
struct timeval tv[2];
enum { YES, NO, DISPLAYED } wrerr;
BUF *bp;
- off_t i, j;
+ off_t i, j, size;
char ch, *targ;
const char *why;
int amt, count, exists, first, mask, mode;
- int ofd, setimes, size, targisdir;
+ int ofd, setimes, targisdir;
char *np, *vect[1], buf[BUFSIZ];
#define atime tv[0]

25
SOURCES/netkit-rsh-0.17-longname.patch Normal file
View File

@ -0,0 +1,25 @@
diff -up netkit-rsh-0.17/rexecd/rexecd.c.longname netkit-rsh-0.17/rexecd/rexecd.c
--- netkit-rsh-0.17/rexecd/rexecd.c.longname 2008-03-27 16:12:22.000000000 +0100
+++ netkit-rsh-0.17/rexecd/rexecd.c 2008-03-27 16:41:46.000000000 +0100
@@ -236,7 +236,7 @@ static void
doit(struct sockaddr_in *fromp)
{
char cmdbuf[ARG_MAX+1];
- char user[16], pass[16];
+ char user[17], pass[17];
struct passwd *pwd;
int s = -1;
u_short port;
@@ -468,10 +468,10 @@ getstr(char *buf, int cnt, const char *e
do {
if (read(0, &c, 1) != 1)
exit(1);
- *buf++ = c;
- if (--cnt <= 0) {
+ if (--cnt < 0) {
fatal(err);
}
+ *buf++ = c;
} while (c != 0);
}

63
SOURCES/netkit-rsh-0.17-nohost.patch Normal file
View File

@ -0,0 +1,63 @@
--- netkit-rsh-0.17/rexecd/rexecd.8.nohost 2004-12-03 15:20:17.436174216 +0100
+++ netkit-rsh-0.17/rexecd/rexecd.8 2004-12-03 15:39:39.972441840 +0100
@@ -40,6 +40,16 @@
.Nd remote execution server
.Sh SYNOPSIS
.Nm rexecd
+[
+\fB\-D\fP
+]
+.Sh OPTIONS
+.Nm Rexec
+accepts one option:
+.Pp
+.Bl -tag -width Ds
+.It Sy -D
+Disable reverse DNS look up and in the log will be used client IP addresses.
.Sh DESCRIPTION
.Nm Rexecd
is the server for the
--- netkit-rsh-0.17/rexecd/rexecd.c.nohost 2004-12-03 15:09:37.163510456 +0100
+++ netkit-rsh-0.17/rexecd/rexecd.c 2004-12-03 15:20:04.832090328 +0100
@@ -82,7 +82,9 @@
#include <string.h>
#include <paths.h>
#include <grp.h>
-
+#include <arpa/inet.h>
+
+
#ifdef USE_SHADOW
#include <shadow.h>
#endif
@@ -141,16 +143,22 @@
refuse(&from_host);
remote = hosts_info(&from_host);
#else
+ if (argc > 1 && argv[1] && strcmp(argv[1], "-D")==0)
{
- struct hostent *h = gethostbyaddr((const char *)&from.sin_addr,
- sizeof(struct in_addr),
- AF_INET);
- if (!h || !h->h_name) {
- write(0, "\1Where are you?\n", 16);
- return 1;
+ /* use IP in logs -- this is workaround */
+ remote = strdup(inet_ntoa(from.sin_addr));
}
- /* Be advised that this may be utter nonsense. */
- remote = strdup(h->h_name);
+ else
+ {
+ struct hostent *h = gethostbyaddr((const char *)&from.sin_addr,
+ sizeof(struct in_addr),
+ AF_INET);
+ if (!h || !h->h_name) {
+ write(0, "\1Where are you?\n", 16);
+ return 1;
+ }
+ /* Be advised that this may be utter nonsense. */
+ remote = strdup(h->h_name);
}
#endif
syslog(allow_severity, "connect from %.128s", remote);

37
SOURCES/netkit-rsh-0.17-nohostcheck-compat.patch Normal file
View File

@ -0,0 +1,37 @@
diff -up netkit-rsh-0.17/rshd/rshd.c.nohostcheck-compat netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.nohostcheck-compat 2007-10-03 13:06:08.000000000 +0200
+++ netkit-rsh-0.17/rshd/rshd.c 2007-10-03 13:07:15.000000000 +0200
@@ -90,7 +90,7 @@ char rcsid[] =
static pam_handle_t *pamh;
#endif /* USE_PAM */
-#define OPTIONS "ahlLn"
+#define OPTIONS "aDhlLn"
static int keepalive = 1;
static int check_all = 0;
@@ -658,6 +658,9 @@ main(int argc, char *argv[])
check_all = 1;
break;
+ case 'D':
+ break;
+
case 'h':
allow_root_rhosts = 1;
break;
diff -up netkit-rsh-0.17/rlogind/rlogind.c.nohostcheck-compat netkit-rsh-0.17/rlogind/rlogind.c
--- netkit-rsh-0.17/rlogind/rlogind.c.nohostcheck-compat 2007-10-03 13:06:08.000000000 +0200
+++ netkit-rsh-0.17/rlogind/rlogind.c 2007-10-03 13:06:45.000000000 +0200
@@ -450,9 +450,10 @@ int main(int argc, char **argv) {
openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
opterr = 0;
- while ((ch = getopt(argc, argv, "ahLln")) != EOF) {
+ while ((ch = getopt(argc, argv, "aDhLln")) != EOF) {
switch (ch) {
case 'a': check_all = 1; break;
+ case 'D': break;
case 'h': allow_root_rhosts = 1; break;
case 'L': deny_all_rhosts_hequiv = 1; break;
case 'l': use_rhosts = 0; break;

95
SOURCES/netkit-rsh-0.17-pam-conv.patch Normal file
View File

@ -0,0 +1,95 @@
--- netkit-rsh-0.17/rexecd/rexecd.c.pam-conv 2005-10-13 18:42:54.000000000 +0200
+++ netkit-rsh-0.17/rexecd/rexecd.c 2005-10-13 18:45:30.000000000 +0200
@@ -178,47 +178,51 @@
static char *PAM_username;
static char *PAM_password;
-static int PAM_conv (int num_msg,
- const struct pam_message **msg,
- struct pam_response **resp,
- void *appdata_ptr) {
- int count = 0, replies = 0;
- struct pam_response *reply = NULL;
- int size = sizeof(struct pam_response);
-
- #define GET_MEM if (reply) realloc(reply, size); else reply = malloc(size); \
- if (!reply) return PAM_CONV_ERR; \
- size += sizeof(struct pam_response)
- #define COPY_STRING(s) (s) ? strdup(s) : NULL
-
- for (count = 0; count < num_msg; count++) {
- GET_MEM;
- switch (msg[count]->msg_style) {
- case PAM_PROMPT_ECHO_ON:
- reply[replies].resp_retcode = PAM_SUCCESS;
- reply[replies++].resp = COPY_STRING(PAM_username);
- /* PAM frees resp */
- break;
- case PAM_PROMPT_ECHO_OFF:
- reply[replies].resp_retcode = PAM_SUCCESS;
- reply[replies++].resp = COPY_STRING(PAM_password);
- /* PAM frees resp */
- break;
- case PAM_TEXT_INFO:
- reply[replies].resp_retcode = PAM_SUCCESS;
- reply[replies++].resp = NULL;
- /* ignore it... */
- break;
- case PAM_ERROR_MSG:
- reply[replies].resp_retcode = PAM_SUCCESS;
- reply[replies++].resp = NULL;
- /* Must be an error of some sort... */
- default:
- return PAM_CONV_ERR;
- }
- }
- if (reply) *resp = reply;
- return PAM_SUCCESS;
+static int
+PAM_conv(int num_msg, const struct pam_message **msg,
+ struct pam_response **response, void *appdata_ptr)
+{
+ struct pam_response *pr;
+ const struct pam_message *pm;
+ int n;
+
+ if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
+ return(PAM_CONV_ERR);
+ memset(*response, 0, num_msg * sizeof(struct pam_response));
+
+ for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++)
+ {
+ switch (pm->msg_style) {
+ case PAM_PROMPT_ECHO_ON:
+ /* XXX: why not pam_set_item(PAM_RUSER) ? */
+ pr->resp_retcode = PAM_SUCCESS;
+ pr->resp = PAM_username ? strdup(PAM_username) : NULL;
+ /* PAM frees resp */
+ break;
+ case PAM_PROMPT_ECHO_OFF:
+ pr->resp_retcode = PAM_SUCCESS;
+ pr->resp = PAM_password ? strdup(PAM_password) : NULL;
+ /* PAM frees resp */
+ break;
+ case PAM_TEXT_INFO:
+ case PAM_ERROR_MSG:
+ /* ignore it... */
+ pr->resp_retcode = PAM_SUCCESS;
+ pr->resp = NULL;
+ break;
+ default:
+ /* Zero and free allocated memory and return an error. */
+ for (pr = *response, n = num_msg; n--; pr++)
+ {
+ if (pr->resp)
+ free(pr->resp);
+ }
+ free(*response);
+ *response = NULL;
+ return(PAM_CONV_ERR);
+ }
+ }
+ return PAM_SUCCESS;
}
static struct pam_conv PAM_conversation = {

14
SOURCES/netkit-rsh-0.17-pam-nologin.patch Normal file
View File

@ -0,0 +1,14 @@
--- netkit-rsh-0.17-pre20000412/rlogind/auth.c.orig Tue Mar 19 11:46:29 2002
+++ netkit-rsh-0.17-pre20000412/rlogind/auth.c Wed Apr 17 16:35:43 2002
@@ -127,7 +127,10 @@
network_confirm();
retval = attempt_auth();
- if (retval != PAM_SUCCESS) {
+ if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) {
+ syslog(LOG_ERR, "PAM authentication denied for in.rlogind");
+ exit(1);
+ } else if (retval != PAM_SUCCESS) {
syslog(LOG_ERR, "PAM authentication failed for in.rlogind");
return -1;
}

13
SOURCES/netkit-rsh-0.17-pam-rhost.patch Normal file
View File

@ -0,0 +1,13 @@
--- netkit-rsh-0.17/rexecd/rexecd.c.pam-rhost 2005-11-28 15:24:14.000000000 +0100
+++ netkit-rsh-0.17/rexecd/rexecd.c 2005-11-28 15:27:08.000000000 +0100
@@ -312,7 +312,9 @@
PAM_password = pass;
pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh);
PAM_BAIL;
- (void) pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
+ pam_set_item (pamh, PAM_RUSER, user);
+ pam_set_item (pamh, PAM_RHOST, remote);
+ pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
pam_error = pam_authenticate(pamh, 0);
PAM_BAIL;
pam_error = pam_acct_mgmt(pamh, 0);

12
SOURCES/netkit-rsh-0.17-pam-sess.patch Normal file
View File

@ -0,0 +1,12 @@
--- netkit-rsh-0.17/rexecd/rexecd.c.pam-sess 2004-11-17 10:58:27.894345912 +0100
+++ netkit-rsh-0.17/rexecd/rexecd.c 2004-11-17 10:58:44.794776656 +0100
@@ -307,6 +307,9 @@
PAM_BAIL;
pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED);
PAM_BAIL;
+ pam_error = pam_open_session(pamh, 0);
+ PAM_BAIL;
+ pam_close_session(pamh, 0);
pam_end(pamh, PAM_SUCCESS);
/* If this point is reached, the user has been authenticated. */
setpwent();

17
SOURCES/netkit-rsh-0.17-pam-warning.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git a/rcp/rcp.c b/rcp/rcp.c
index 897185f..635dd49 100644
--- a/rcp/rcp.c
+++ b/rcp/rcp.c
@@ -721,6 +721,12 @@ sink(int argc, char *argv[])
(void)write(rem, "", 1);
continue;
}
+ if(*cp == 'W') {
+ while (*cp != '\0')
+ cp++;
+
+ continue;
+ }
if (*cp != 'C' && *cp != 'D') {
/*
* Check for the case "rcp remote:foo\* local:bar".

36
SOURCES/netkit-rsh-0.17-pam_env.patch Normal file
View File

@ -0,0 +1,36 @@
diff -up netkit-rsh-0.17/rshd/rshd.c.pam_env netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.pam_env 2009-03-30 13:20:36.730136943 +0200
+++ netkit-rsh-0.17/rshd/rshd.c 2009-03-30 13:26:17.202136832 +0200
@@ -107,6 +107,9 @@ char remotehost[50] = "REMOTEHOST=";
char *envinit[] =
{homedir, shell, path, username, remoteuser, remotehost, 0};
extern char **environ;
+#ifdef USE_PAM
+static char** env;
+#endif
static void error(const char *fmt, ...);
static void doit(struct sockaddr_storage *fromp, socklen_t fromlen);
@@ -371,6 +374,9 @@ doit(struct sockaddr_storage *fromp, soc
const char *hostname;
u_short port;
int pv[2], pid, ifd;
+#ifdef USE_PAM
+ int i;
+#endif
signal(SIGINT, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
@@ -518,6 +524,12 @@ doit(struct sockaddr_storage *fromp, soc
shellname = strrchr(theshell, '/');
if (shellname) shellname++;
else shellname = theshell;
+#ifdef USE_PAM
+ env = pam_getenvlist(pamh);
+ if (NULL != env)
+ for(i = 0; env[i]; i++)
+ putenv(env[i]);
+#endif
endpwent();
if (paranoid) {

29
SOURCES/netkit-rsh-0.17-pre20000412-jbj5.patch Normal file
View File

@ -0,0 +1,29 @@
--- netkit-rsh-0.17-pre20000412/rlogind/auth.c.jbj5 Sun Jun 18 11:18:37 2000
+++ netkit-rsh-0.17-pre20000412/rlogind/auth.c Sun Jun 18 11:21:37 2000
@@ -37,6 +37,7 @@
#include "rlogind.h"
#ifdef USE_PAM
+#include <grp.h>
/*
* Modifications for Linux-PAM: Al Longyear <longyear@netcom.com>
@@ -158,18 +159,14 @@
pwd = getpwnam(localuser);
if (pwd==NULL) {
syslog(LOG_ERR, "user returned by PAM does not exist\n");
- /* don't print this - it tells people which accounts exist */
- /*fprintf(stderr, "rlogind: internal error\n");*/
return -1;
}
if (setgid(pwd->pw_gid) != 0) {
syslog(LOG_ERR, "cannot assume gid for user returned by PAM\n");
- fprintf(stderr, "rlogind: internal error\n");
return -1;
}
if (initgroups(localuser, pwd->pw_gid) != 0) {
syslog(LOG_ERR, "initgroups failed for user returned by PAM\n");
- fprintf(stderr, "rlogind: internal error\n");
return -1;
}
retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);

11
SOURCES/netkit-rsh-0.17-rcp-largefile.patch Normal file
View File

@ -0,0 +1,11 @@
--- netkit-rsh-0.17/rcp/rcp.c.largefile 2005-11-24 10:38:12.000000000 +0100
+++ netkit-rsh-0.17/rcp/rcp.c 2005-11-24 10:40:28.000000000 +0100
@@ -482,7 +482,7 @@
}
}
(void)snprintf(buf, sizeof(buf),
- "C%04o %lld %s\n", stb.st_mode&07777, (long long)(stb.st_size), last);
+ "C%04o %llu %s\n", stb.st_mode&07777, (unsigned long long)(stb.st_size), last);
(void)write(rem, buf, (int)strlen(buf));
if (response() < 0) {
(void)close(f);

12
SOURCES/netkit-rsh-0.17-remote-close.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/rshd/rshd.c b/rshd/rshd.c
index 546b908..9b0024e 100644
--- a/rshd/rshd.c
+++ b/rshd/rshd.c
@@ -212,6 +212,7 @@ static void stderr_parent(int sock, int pype, int pid) {
if (cc <= 0) {
shutdown(sock, 2);
FD_CLR(pype, &readfrom);
+ close(sock);
guys--;
}
else write(sock, buf, cc);

34
SOURCES/netkit-rsh-0.17-rexec-cmdbuflen.patch Normal file
View File

@ -0,0 +1,34 @@
diff -up netkit-rsh-0.17/rexecd/rexecd.c netkit-rsh-0.17/rexecd/rexecd.c
--- netkit-rsh-0.17/rexecd/rexecd.c 2017-10-17 10:50:49.508905643 +0200
+++ netkit-rsh-0.17/rexecd/rexecd.c 2017-10-17 11:47:32.563051760 +0200
@@ -261,7 +261,14 @@ doit(struct sockaddr_in *fromp)
fatal ("sysconf (_SC_ARG_MAX) failed\n");
}
- cmdbuf = malloc (++cmdbuflen);
+ cmdbuflen++;
+ /* Decrease cmdbuflen to reasonable number if it's too high */
+ if ((size_t) cmdbuflen > 131072) {
+ cmdbuflen = 131072;
+ syslog (LOG_INFO, "Decreasing cmdbuflen because it was too high (>131072 bytes)");
+ }
+
+ cmdbuf = malloc (cmdbuflen);
if (cmdbuf == NULL) {
syslog (LOG_ERR, "Could not allocate space for cmdbuf");
fatal ("Could not allocate space for cmdbuf\n");
diff -up netkit-rsh-0.17/rshd/rshd.c netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c 2017-10-17 11:26:15.192221595 +0200
+++ netkit-rsh-0.17/rshd/rshd.c 2017-10-17 11:47:26.065986220 +0200
@@ -433,8 +433,10 @@ doit(struct sockaddr_storage *fromp, soc
cmdbuflen++;
/* Decrease cmdbuflen to reasonable number if it's too high */
- if ((size_t) cmdbuflen > 131072)
+ if ((size_t) cmdbuflen > 131072) {
cmdbuflen = 131072;
+ syslog (LOG_INFO, "Decreasing cmdbuflen because it was too high (>131072 bytes)");
+ }
cmdbuf = malloc (cmdbuflen);
if (cmdbuf == NULL) {

251
SOURCES/netkit-rsh-0.17-rexec-netrc.patch Normal file
View File

@ -0,0 +1,251 @@
--- netkit-rsh-0.17/rexec/ruserpass.c.netrc 2004-10-14 12:02:04.000000000 -0500
+++ netkit-rsh-0.17/rexec/ruserpass.c 2004-10-14 12:14:14.000000000 -0500
@@ -0,0 +1,214 @@
+/*
+ * Copyright (c) 1985 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * from: @(#)ruserpass.c 5.3 (Berkeley) 3/1/91
+ */
+char ruserpass_rcsid[] =
+ "$Id: ruserpass.c,v 1.9 1999/10/02 19:12:33 dholland Exp $";
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <utmp.h>
+#include <ctype.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+static FILE *cfile;
+static int token(void);
+
+#define MACBUF_LEN 4096
+
+#define DEFAULT 1
+#define LOGIN 2
+#define PASSWD 3
+#define ACCOUNT 4
+#define MACDEF 5
+#define ID 10
+#define MACH 11
+
+static char tokval[100];
+
+static struct toktab {
+ const char *tokstr;
+ int tval;
+} toktab[]= {
+ { "default", DEFAULT },
+ { "login", LOGIN },
+ { "password", PASSWD },
+ { "passwd", PASSWD },
+ { "account", ACCOUNT },
+ { "machine", MACH },
+ { "macdef", MACDEF },
+ { NULL, 0 }
+};
+
+int
+xruserpass(const char *host, char **aname, char **apass)
+{
+ const char *hdir;
+ char buf[BUFSIZ], *tmp;
+ char myname[MAXHOSTNAMELEN];
+ const char *mydomain;
+ int t, usedefault = 0;
+ struct stat stb;
+
+ hdir = getenv("HOME");
+ if (hdir == NULL)
+ hdir = ".";
+ snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
+ cfile = fopen(buf, "r");
+ if (cfile == NULL) {
+ if (errno != ENOENT)
+ perror(buf);
+ return(0);
+ }
+ if (gethostname(myname, sizeof(myname)) < 0)
+ myname[0] = '\0';
+ if ((mydomain = strchr(myname, '.')) == NULL)
+ mydomain = "";
+next:
+ while ((t = token())) switch(t) {
+
+ case DEFAULT:
+ usedefault = 1;
+ /* FALL THROUGH */
+
+ case MACH:
+ if (!usedefault) {
+ if (token() != ID)
+ continue;
+ /*
+ * Allow match of incompletely-specified host in
+ * local domain.
+ */
+ if (strcasecmp(host, tokval) == 0)
+ goto match;
+ if ((tmp = index(host, '.')) != NULL &&
+ strcasecmp(tmp, mydomain) == 0 &&
+ strncasecmp(host, tokval, tmp - host) == 0 &&
+ tokval[tmp - host] == '\0')
+ goto match;
+ continue;
+ }
+ match:
+ while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
+
+ case LOGIN:
+ if (token()) {
+ if (*aname == 0) {
+ *aname = malloc((unsigned) strlen(tokval) + 1);
+ (void) strcpy(*aname, tokval);
+ } else {
+ if (strcmp(*aname, tokval))
+ goto next;
+ }
+ }
+ break;
+ case PASSWD:
+ if (*aname==NULL) {
+ fprintf(stderr, "Error: `password' must follow `login' in .netrc\n");
+ goto bad;
+ }
+ if (strcmp(*aname, "anonymous") &&
+ fstat(fileno(cfile), &stb) >= 0 &&
+ (stb.st_mode & 077) != 0) {
+ fprintf(stderr, "Error - .netrc file not correct permissions.\n");
+ fprintf(stderr, "Remove password or correct mode (should be 600).\n");
+ goto bad;
+ }
+ if (token() && *apass == 0) {
+ *apass = malloc((unsigned) strlen(tokval) + 1);
+ (void) strcpy(*apass, tokval);
+ }
+ break;
+ case ACCOUNT:
+ break;
+ case MACDEF:
+ break;
+ default:
+ fprintf(stderr, "Unknown .netrc keyword %s\n", tokval);
+ break;
+ }
+ goto done;
+ }
+done:
+ (void) fclose(cfile);
+ return(0);
+bad:
+ (void) fclose(cfile);
+ return(-1);
+}
+
+static
+int
+token(void)
+{
+ char *cp;
+ int c;
+ struct toktab *t;
+
+ if (feof(cfile))
+ return (0);
+ while ((c = getc(cfile)) != EOF &&
+ (c == '\n' || c == '\t' || c == ' ' || c == ','))
+ continue;
+ if (c == EOF)
+ return (0);
+ cp = tokval;
+ if (c == '"') {
+ while ((c = getc(cfile)) != EOF && c != '"') {
+ if (c == '\\')
+ c = getc(cfile);
+ *cp++ = c;
+ }
+ } else {
+ *cp++ = c;
+ while ((c = getc(cfile)) != EOF
+ && c != '\n' && c != '\t' && c != ' ' && c != ',') {
+ if (c == '\\')
+ c = getc(cfile);
+ *cp++ = c;
+ }
+ }
+ *cp = 0;
+ if (tokval[0] == 0)
+ return (0);
+ for (t = toktab; t->tokstr; t++)
+ if (!strcmp(t->tokstr, tokval))
+ return (t->tval);
+ return (ID);
+}
--- netkit-rsh-0.17/rexec/rexec.c.netrc 2004-10-14 12:02:04.000000000 -0500
+++ netkit-rsh-0.17/rexec/rexec.c 2004-10-14 12:16:46.000000000 -0500
@@ -100,6 +100,8 @@
void echo_sig(int sig);
void safe_write_error(const char *message);
+int xruserpass(const char *host, char **aname, char **apass);
+
/* These need to be global for signal passing. */
int aux_sock=-1; /* Socket for auxiliary channel. */
int extra_error = 1; /* Setup special channel for standard error? */
@@ -165,7 +167,10 @@
a newline. */
passwd = getpass("Password: ");
} else {
-
+ if (xruserpass(host, &user_name, &passwd) < 0) {
+ user_name = NULL;
+ passwd = NULL;
+ }
if ( user_name == NULL )
user_name = getenv("REXEC_USER");
if ( user_name == NULL ) {
--- netkit-rsh-0.17/rexec/Makefile.netrc 2004-10-14 12:15:30.000000000 -0500
+++ netkit-rsh-0.17/rexec/Makefile 2004-10-14 12:03:37.000000000 -0500
@@ -11,7 +11,7 @@
all: rexec
-rexec: rexec.c
+rexec: rexec.o ruserpass.o
rexec.1:

17
SOURCES/netkit-rsh-0.17-rexec-sig.patch Normal file
View File

@ -0,0 +1,17 @@
--- netkit-rsh-0.17/rexec/rexec.c.rexec-sig 2004-11-17 16:51:37.000000000 +0100
+++ netkit-rsh-0.17/rexec/rexec.c 2004-11-17 17:17:12.844628352 +0100
@@ -434,10 +434,10 @@
break;
default:
if ( sigaction(sig, NULL, &action) < 0 )
- {
- perror(progname);
- exit(1);
- }
+ /* in the signal(7) you can found "...except SIGKILL and SIGSTOP",
+ * but we detect problems with more signals...
+ */
+ return;
if ( action.sa_handler != SIG_IGN )
{
action.sa_handler = handler;

55
SOURCES/netkit-rsh-0.17-rexec.patch Normal file
View File

@ -0,0 +1,55 @@
--- netkit-rsh-0.10/rexecd/rexecd.8.rexec Mon Jul 15 03:53:47 1996
+++ netkit-rsh-0.10/rexecd/rexecd.8 Fri Jul 30 19:13:15 1999
@@ -68,8 +68,9 @@
it is interpreted as the port number of a secondary
stream to be used for the
.Em stderr .
-A second connection is then created to the specified
-port on the client's machine.
+A second connection will be created to the specified
+port on the client's machine after receiving and authenticating
+the user, password, and command from the client.
.It
A NUL terminated user name of at most 16 characters
is retrieved on the initial socket.
--- netkit-rsh-0.10/rexec/Makefile.rexec Thu Jul 29 23:32:28 1999
+++ netkit-rsh-0.10/rexec/Makefile Fri Jul 30 19:14:15 1999
@@ -1,30 +1,23 @@
SHELL = /bin/sh
-BINDIR = /usr/local/bin
-MANDIR = /usr/local/man/man1
+include ../MCONFIG
+include ../MRULES
# Uncomment this line if you get link errors under Solaris
#LDLIBS=-lsocket -lnsl
.PHONY: all
-all: rexec install
+all: rexec
rexec: rexec.c
rexec.1:
+clean:
+ rm -f *.o rexec
+
install: rexec rexec.1
- @ echo "Installation: Press enter for defaults."; \
- echo -n "Enter the location to install executable "; \
- echo -n " (default: $(BINDIR)): "; \
- read bindir; \
- bindir=$${bindir:-$(BINDIR)}; \
- echo -n "Enter the manpage location (default $(MANDIR)): ";\
- read mandir; \
- mandir=$${mandir:-$(MANDIR)}; \
- cp rexec $$bindir; \
- chmod a+rx $${bindir}/rexec; \
- cp rexec.1 $$mandir; \
- chmod a+r $${mandir}/rexec.1
+ install -m 0755 rexec $(INSTALLROOT)/$(BINDIR)/rexec
+ install -m 0644 rexec.1 $(INSTALLROOT)/$(MANDIR)/man1/rexec.1

26
SOURCES/netkit-rsh-0.17-rh448904.patch Normal file
View File

@ -0,0 +1,26 @@
diff -up netkit-rsh-0.17/rshd/rshd.c.rh448904 netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.rh448904 2008-10-03 13:52:58.000000000 +0200
+++ netkit-rsh-0.17/rshd/rshd.c 2008-10-03 13:55:54.000000000 +0200
@@ -382,6 +382,7 @@ static int log_audit(const char *usernam
int success)
{
#ifdef USE_AUDIT
+ int err;
int audit_fd = audit_open();
if (audit_fd < 0) {
if (errno != EINVAL && errno != EPROTONOSUPPORT &&
@@ -391,8 +392,13 @@ static int log_audit(const char *usernam
int rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
NULL, "login", username, uid, hostname, NULL,
"rsh", success);
+ err = errno;
close(audit_fd);
- if (rc <= 0)
+ /*
+ * ECONNREFUSED is returned when kernel is compiled without
+ * audit support
+ */
+ if (rc <= 0 && err != ECONNREFUSED)
return 1;
}
#endif

17
SOURCES/netkit-rsh-0.17-rh461903.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up netkit-rsh-0.17/rcp/rcp.c.closeerr netkit-rsh-0.17/rcp/rcp.c
--- netkit-rsh-0.17/rcp/rcp.c.closeerr 2008-09-10 12:07:43.000000000 +0200
+++ netkit-rsh-0.17/rcp/rcp.c 2008-09-10 12:30:57.000000000 +0200
@@ -810,7 +810,11 @@ bad: error("rcp: %s: %s\n", np, strerr
strerror(errno));
wrerr = DISPLAYED;
}
- (void)close(ofd);
+ if (close(ofd) != 0) {
+ error("rcp: error closing %s: %s\n", np,
+ strerror(errno));
+ wrerr = DISPLAYED;
+ }
(void)response();
if (setimes && wrerr == NO) {
setimes = 0;

64
SOURCES/netkit-rsh-0.17-rh473492.patch Normal file
View File

@ -0,0 +1,64 @@
diff -up netkit-rsh-0.17/rexec/rexec.c.patch netkit-rsh-0.17/rexec/rexec.c
--- netkit-rsh-0.17/rexec/rexec.c.patch 2010-01-05 15:24:44.000000000 +0100
+++ netkit-rsh-0.17/rexec/rexec.c 2010-01-05 16:06:55.927098704 +0100
@@ -300,14 +300,29 @@ void parse_options(char *argv[], int arg
{
case 'l':
if (optarg != NULL)
- *user_name=strcpy((char *)malloc((strlen(optarg)+1)*sizeof(char)),optarg);
+ {
+ *user_name = malloc((strlen(optarg)+1)*sizeof(char));
+ if(*user_name == NULL)
+ {
+ fprintf(stderr, "%s: can't allocate memory!\n", argv[0]);
+ exit(1);
+ }
+ strcpy(*user_name,optarg);
+ }
break;
case 'p':
if ( optarg!= NULL )
{
int passlen = strlen(optarg);
- *passwd=strcpy((char *)malloc((passlen+1)*sizeof(char)),optarg);
+ *passwd = malloc((char *)malloc((passlen+1)*sizeof(char)));
+ if(*passwd == NULL)
+ {
+ fprintf(stderr, "%s: can't allocate memory!\n", argv[0]);
+ exit(1);
+ }
+ strcpy(*passwd,optarg);
+
for (ind = 0; ind < passlen; ++ind)
optarg[ind] = '\0';
}
@@ -356,6 +371,12 @@ void parse_options(char *argv[], int arg
for ( ind = optind; ind < argc; ++ind)
len += strlen(argv[ind])+1;
*command = (char *) malloc((len+1)*sizeof(char));
+ if ( *command == NULL )
+ {
+ fprintf(stderr, "%s: can't allocate memory!\n", argv[0]);
+ exit(1);
+ }
+
**command = '\0';
for ( ind = optind; ind < argc; ++ind) {
if ( ind > optind ) {
diff -up netkit-rsh-0.17/rshd/rshd.c.patch netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.patch 2010-01-05 15:24:44.000000000 +0100
+++ netkit-rsh-0.17/rshd/rshd.c 2010-01-05 15:46:39.718973390 +0100
@@ -562,7 +562,11 @@ doit(struct sockaddr_storage *fromp, soc
environ = envinit;
if (chdir(pwd->pw_dir) < 0) {
- chdir("/");
+ if(chdir("/") < 0)
+ {
+ error("No remote directory and can't chdir to root.\n");
+ exit(1);
+ }
/*
* error("No remote directory.\n");
* exit(1);

12
SOURCES/netkit-rsh-0.17-rh650119.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up netkit-rsh-0.17/rexec/rexec.c.rh650119 netkit-rsh-0.17/rexec/rexec.c
--- netkit-rsh-0.17/rexec/rexec.c.rh650119 2010-11-08 13:14:20.946845218 +0100
+++ netkit-rsh-0.17/rexec/rexec.c 2010-11-08 13:14:36.126838888 +0100
@@ -315,7 +315,7 @@ void parse_options(char *argv[], int arg
{
int passlen = strlen(optarg);
- *passwd = malloc((char *)malloc((passlen+1)*sizeof(char)));
+ *passwd = (char *)malloc((passlen+1)*sizeof(char));
if(*passwd == NULL)
{
fprintf(stderr, "%s: can't allocate memory!\n", argv[0]);

19
SOURCES/netkit-rsh-0.17-rh710987.patch Normal file
View File

@ -0,0 +1,19 @@
diff -up netkit-rsh-0.17/rshd/rshd.c.rh710987 netkit-rsh-0.17/rshd/rshd.c
--- netkit-rsh-0.17/rshd/rshd.c.rh710987 2011-10-26 17:49:22.559772285 +0200
+++ netkit-rsh-0.17/rshd/rshd.c 2011-10-26 17:49:29.229771822 +0200
@@ -487,7 +487,6 @@ doit(struct sockaddr_storage *fromp, soc
hostname = findhostname((struct sockaddr *)fromp, fromlen,
remuser, locuser, cmdbuf);
- setpwent();
pwd = doauth(remuser, hostname, locuser);
if (pwd == NULL) {
if (log_audit(remuser, -1, hostname, 0) > 0) {
@@ -600,7 +599,6 @@ doit(struct sockaddr_storage *fromp, soc
putenv(env[i]);
#endif
- endpwent();
if (paranoid) {
syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%s'",
remuser, hostname, locuser, cmdbuf);

50
SOURCES/netkit-rsh-0.17-rh784467.patch Normal file
View File

@ -0,0 +1,50 @@
diff -up netkit-rsh-0.17/rcp/rcp.c.rh784467 netkit-rsh-0.17/rcp/rcp.c
--- netkit-rsh-0.17/rcp/rcp.c.rh784467 2012-01-31 15:47:57.996697245 +0100
+++ netkit-rsh-0.17/rcp/rcp.c 2012-01-31 17:11:23.489578305 +0100
@@ -511,6 +511,37 @@ notreg: (void)close(f);
}
}
+static char *
+rcp_basename(char *path)
+{
+ char *bname;
+
+ if (path == NULL || *path == '\0')
+ return NULL;
+
+retry:
+ /* Note this is GNU basename */
+ bname = basename(path);
+ if (*bname == '\0') {
+ /* path ends with '/', strip them all */
+ char *end = path + strlen(path) - 1;
+ while (path <= end && *end == '/') {
+ *end = '\0';
+ end--;
+ }
+
+ if (end < path) {
+ /* The path consists only from '/' chars */
+ *path = '/';
+ return path;
+ } else {
+ /* We removed all trailing '/' characters */
+ goto retry;
+ }
+ } else
+ return bname;
+}
+
static void
rsource(char *name, struct stat *statp)
{
@@ -522,7 +553,7 @@ rsource(char *name, struct stat *statp)
error("rcp: %s: %s\n", name, strerror(errno));
return;
}
- last = strrchr(name, '/');
+ last = rcp_basename(name);
if (last == 0)
last = name;
else

22
SOURCES/netkit-rsh-0.17-rh896583.patch Normal file
View File

@ -0,0 +1,22 @@
--- rshd/rshd.c.orig 2013-01-17 14:33:14.694727753 +0000
+++ rshd/rshd.c 2013-01-17 14:43:53.302906217 +0000
@@ -531,6 +531,19 @@
close(pv[0]);
dup2(pv[1], 2);
close(pv[1]);
+ } else {
+ pid = fork();
+ if (pid == -1) {
+ error("Can't fork; try again.\n");
+ exit(1);
+ }
+ if (pid) {
+ waitpid(pid, NULL, 0);
+ pam_close_session(pamh, 0);
+ pam_end(pamh, PAM_SUCCESS);
+ exit(0);
+ }
+ setpgrp();
}
theshell = pwd->pw_shell;
if (!theshell || !*theshell) {

65
SOURCES/netkit-rsh-0.17-rh947213.patch Normal file
View File

@ -0,0 +1,65 @@
diff -up netkit-rsh-0.17/rlogind/rlogind.c.rh947213 netkit-rsh-0.17/rlogind/rlogind.c
--- netkit-rsh-0.17/rlogind/rlogind.c.rh947213 2013-04-11 14:18:47.481715853 +0200
+++ netkit-rsh-0.17/rlogind/rlogind.c 2013-04-11 14:32:50.807780164 +0200
@@ -67,12 +67,13 @@ char rcsid[] =
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
+#include <pty.h>
+#include <utmp.h>
#include "pathnames.h"
#include "logwtmp.h"
#include "rlogind.h"
-pid_t forkpty(int *, char *, struct termios *, struct winsize *);
int logout(const char *);
#ifndef TIOCPKT_WINDOW
@@ -389,7 +390,7 @@ static void getstr(char *buf, int cnt, c
}
static void doit(int netfd) {
- int master, pid, on = 1;
+ int master, slave, r, pid, on = 1;
int authenticated = 0;
char *hname;
int hostok;
@@ -421,12 +422,34 @@ static void doit(int netfd) {
write(netfd, "rlogind: Host address mismatch.\r\n", 33);
}
- pid = forkpty(&master, line, NULL, &win);
- if (pid < 0) {
+ /* We can no longer call forkpty here (a convenience routine that combines
+ openpty, fork, and login_tty) because, with forkpty, the slave end of
+ the pty is open only in the child process. The child process execs
+ /bin/login which now closes all open file descriptors before doing a
+ vhangup (see lkml.org/lkml/2012/6/5/145), and this resets packet mode
+ on the pty, undoing the effect of the ioctl(master, TIOCPKT, &on) call
+ made by the parent.
+
+ Instead, we call openpty, fork, and login_tty individually, so that we
+ can keep a file descriptor to the slave open in the parent process,
+ thereby retaining packet mode even when the child closes file descriptors
+ to call vhangup. */
+ r = openpty(&master, &slave, line, NULL, &win);
+ if (r < 0) {
if (errno == ENOENT) fatal(netfd, "Out of ptys", 0);
- fatal(netfd, "Forkpty", 1);
+ fatal(netfd, "Openpty", 1);
+ }
+
+ signal(SIGHUP, SIG_IGN);
+
+ pid = fork();
+ if (pid < 0) {
+ fatal(netfd, "Fork", 1);
}
+
if (pid == 0) {
+ close(master);
+ login_tty(slave);
/* netfd should always be 0, but... */
if (netfd > 2) close(netfd);
child(hname, termtype, lusername, authenticated, rusername);

58
SOURCES/netkit-rsh-0.17-rlogin-linefeed.patch Normal file
View File

@ -0,0 +1,58 @@
--- netkit-rsh-0.17/rlogind/sockconv.c.linefeed 1999-10-02 23:50:52.000000000 +0200
+++ netkit-rsh-0.17/rlogind/sockconv.c 2006-07-17 14:30:50.000000000 +0200
@@ -86,6 +86,35 @@
return (text);
}
+/* conver \n to \r\n and also terminate string by \r\n */
+static void my_fputs(char *str, FILE *out)
+{
+ char *p = str, *last = str;
+
+ while(p && *p) {
+ if ((p=strchr(p, '\n')) && (p==str || *(p-1)!='\r')) {
+ /* convert \n to \n\r */
+ fwrite((const void *) last, 1, p-last, out);
+ fputs("\r\n", out);
+ p++;
+ last = p;
+ }
+ else if (p && *(p+1))
+ /* \r\n already in strimg, continue... */
+ p++;
+ else {
+ /* write the rest of string */
+ int len = strlen(str);
+
+ fwrite((const void *) last, 1, len-(last-str), out);
+ if (*(str+(len-1)) != '\n')
+ fputs("\r\n", out); /* terminate output */
+ break;
+ }
+ }
+}
+
+
static void drop_reply(struct pam_response *reply, int replies)
{
int i;
@@ -126,16 +155,15 @@
}
break;
case PAM_ERROR_MSG:
- fprintf(stderr,"%s\n",msgm[replies]->msg);
+ my_fputs(msgm[replies]->msg, stderr);
string = NULL;
-
break;
case PAM_TEXT_INFO:
- fprintf(stderr,"%s\n",msgm[replies]->msg);
+ my_fputs(msgm[replies]->msg, stderr);
string = NULL;
break;
default:
- fprintf(stderr, "erroneous conversation (%d)\n"
+ fprintf(stderr, "erroneous conversation (%d)\r\n"
,msgm[replies]->msg_style);
drop_reply(reply,replies);
return (PAM_CONV_ERR);

32
SOURCES/netkit-rsh-0.17-sectty.patch Normal file
View File

@ -0,0 +1,32 @@
--- netkit-rsh-0.17-pre20000412/rexecd/rexecd.c.sectty Sat Oct 2 17:50:52 1999
+++ netkit-rsh-0.17-pre20000412/rexecd/rexecd.c Mon Feb 5 16:42:29 2001
@@ -300,6 +300,7 @@
PAM_password = pass;
pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh);
PAM_BAIL;
+ (void) pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
pam_error = pam_authenticate(pamh, 0);
PAM_BAIL;
pam_error = pam_acct_mgmt(pamh, 0);
--- netkit-rsh-0.17-pre20000412/rlogind/auth.c.sectty Mon Feb 5 16:43:46 2001
+++ netkit-rsh-0.17-pre20000412/rlogind/auth.c Mon Feb 5 16:44:28 2001
@@ -123,7 +123,7 @@
pam_set_item(pamh, PAM_USER, localuser);
pam_set_item(pamh, PAM_RUSER, remoteuser);
pam_set_item(pamh, PAM_RHOST, host);
- pam_set_item(pamh, PAM_TTY, "tty"); /* ? */
+ pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */
network_confirm();
retval = attempt_auth();
--- netkit-rsh-0.17-pre20000412/rshd/rshd.c.sectty Mon Feb 5 16:43:52 2001
+++ netkit-rsh-0.17-pre20000412/rshd/rshd.c Mon Feb 5 16:44:42 2001
@@ -243,7 +243,7 @@
}
pam_set_item (pamh, PAM_RUSER, remuser);
pam_set_item (pamh, PAM_RHOST, hostname);
- pam_set_item (pamh, PAM_TTY, "tty");
+ pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */
retcode = pam_authenticate(pamh, 0);
if (retcode == PAM_SUCCESS) {

66
SOURCES/netkit-rsh-0.17-strip.patch Normal file
View File

@ -0,0 +1,66 @@
--- netkit-rsh-0.17/rcp/Makefile.strip Wed Jun 19 16:47:42 2002
+++ netkit-rsh-0.17/rcp/Makefile Wed Jun 19 17:01:11 2002
@@ -7,7 +7,7 @@
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
install: rcp
- install -s rcp $(INSTALLROOT)$(BINDIR)
+ install rcp $(INSTALLROOT)$(BINDIR)
install -m$(MANMODE) rcp.1 $(INSTALLROOT)$(MANDIR)/man1
clean:
--- netkit-rsh-0.17/rexecd/Makefile.strip Sun Dec 12 19:05:00 1999
+++ netkit-rsh-0.17/rexecd/Makefile Wed Jun 19 17:01:41 2002
@@ -27,7 +27,7 @@
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
install: rexecd
- install -s -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd
+ install -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd
install -m$(MANMODE) rexecd.8 $(INSTALLROOT)$(MANDIR)/man8/in.rexecd.8
ln -sf in.rexecd.8 $(INSTALLROOT)$(MANDIR)/man8/rexecd.8
ifeq ($(USE_PAM),1)
--- netkit-rsh-0.17/rlogin/Makefile.strip Wed Jun 19 16:47:42 2002
+++ netkit-rsh-0.17/rlogin/Makefile Wed Jun 19 17:02:06 2002
@@ -10,7 +10,7 @@
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
install: $(PROG)
- install -s $(PROG) $(INSTALLROOT)$(BINDIR)
+ install $(PROG) $(INSTALLROOT)$(BINDIR)
install -m $(MANMODE) $(PROG).1 $(INSTALLROOT)$(MANDIR)/man1
clean:
--- netkit-rsh-0.17/rlogind/Makefile.strip Sun Dec 12 19:05:01 1999
+++ netkit-rsh-0.17/rlogind/Makefile Wed Jun 19 17:02:26 2002
@@ -20,7 +20,7 @@
auth.o network.o: rlogind.h
install: rlogind
- install -s -m$(DAEMONMODE) rlogind $(INSTALLROOT)$(SBINDIR)/in.rlogind
+ install -m$(DAEMONMODE) rlogind $(INSTALLROOT)$(SBINDIR)/in.rlogind
install -m$(MANMODE) rlogind.8 $(INSTALLROOT)$(MANDIR)/man8/in.rlogind.8
ln -sf in.rlogind.8 $(INSTALLROOT)$(MANDIR)/man8/rlogind.8
--- netkit-rsh-0.17/rsh/Makefile.strip Wed Jun 19 16:47:42 2002
+++ netkit-rsh-0.17/rsh/Makefile Wed Jun 19 17:02:45 2002
@@ -9,7 +9,7 @@
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
install: rsh
- install -s rsh $(INSTALLROOT)$(BINDIR)
+ install rsh $(INSTALLROOT)$(BINDIR)
install -m$(MANMODE) rsh.1 $(INSTALLROOT)$(MANDIR)/man1
clean:
--- netkit-rsh-0.17/rshd/Makefile.strip Wed Jun 19 16:47:42 2002
+++ netkit-rsh-0.17/rshd/Makefile Wed Jun 19 17:02:59 2002
@@ -14,7 +14,7 @@
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
install: rshd
- install -s -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd
+ install -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd
install -m$(MANMODE) rshd.8 $(INSTALLROOT)$(MANDIR)/man8/in.rshd.8
ln -sf in.rshd.8 $(INSTALLROOT)$(MANDIR)/man8/rshd.8

70
SOURCES/netkit-rsh-0.17-userandhost.patch Normal file
View File

@ -0,0 +1,70 @@
--- netkit-rsh-0.17/rlogind/rlogind.c.userandhost 2000-07-23 05:07:58.000000000 +0200
+++ netkit-rsh-0.17/rlogind/rlogind.c 2003-01-17 17:31:25.000000000 +0100
@@ -333,9 +333,10 @@
static void child(const char *hname, const char *termtype,
- const char *localuser, int authenticated)
+ const char *localuser, int authenticated,
+ const char *rusername)
{
- char *termenv[2];
+ char *termenv[4];
setup_term(0, termtype);
@@ -344,7 +345,17 @@
strcpy(termenv[0], "TERM=");
strcat(termenv[0], termtype);
}
- termenv[1] = NULL;
+ termenv[1] = malloc(strlen(rusername)+12);
+ if (termenv[1]) { /* shouldn't ever fail, mind you */
+ strcpy(termenv[1], "REMOTEUSER=");
+ strcat(termenv[1], rusername);
+ }
+ termenv[2] = malloc(strlen(hname)+12);
+ if (termenv[2]) { /* shouldn't ever fail, mind you */
+ strcpy(termenv[2], "REMOTEHOST=");
+ strcat(termenv[2], hname);
+ }
+ termenv[3] = NULL;
if (authenticated) {
auth_finish();
@@ -420,7 +431,7 @@
if (pid == 0) {
/* netfd should always be 0, but... */
if (netfd > 2) close(netfd);
- child(hname, termtype, lusername, authenticated);
+ child(hname, termtype, lusername, authenticated, rusername);
}
on = 1;
ioctl(netfd, FIONBIO, &on);
--- netkit-rsh-0.17/rshd/rshd.c.userandhost 2003-01-17 17:25:22.000000000 +0100
+++ netkit-rsh-0.17/rshd/rshd.c 2003-01-17 17:25:22.000000000 +0100
@@ -102,8 +102,10 @@
char homedir[64] = "HOME=";
char shell[64] = "SHELL=";
char path[100] = "PATH=";
+char remoteuser[20] = "REMOTEUSER=";
+char remotehost[50] = "REMOTEHOST=";
char *envinit[] =
- {homedir, shell, path, username, 0};
+ {homedir, shell, path, username, remoteuser, remotehost, 0};
extern char **environ;
static void error(const char *fmt, ...);
@@ -460,6 +462,12 @@
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
homedir[sizeof(homedir)-1] = 0;
+ strncat(remoteuser, remuser, sizeof(remoteuser)-12);
+ remoteuser[sizeof(remoteuser)-1] = 0;
+
+ strncat(remotehost, hostname, sizeof(remotehost)-12);
+ remotehost[sizeof(remotehost)-1] = 0;
+
strcat(path, _PATH_DEFPATH);
strncat(shell, theshell, sizeof(shell)-7);

11
SOURCES/rexec.pam Normal file
View File

@ -0,0 +1,11 @@
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rexec" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth include password-auth
account include password-auth
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include password-auth

9
SOURCES/rexec.socket Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Remote Execution Facilities Activation Socket

[Socket]
ListenStream=512
Accept=true

[Install]
WantedBy=sockets.target

8
SOURCES/rexec@.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Remote Execution Facilities Server
After=local-fs.target

[Service]
ExecStart=-/usr/sbin/in.rexecd
StandardInput=socket
IgnoreSIGPIPE=no

13
SOURCES/rlogin.pam Normal file
View File

@ -0,0 +1,13 @@
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_rhosts.so
auth include password-auth
account include password-auth
password include password-auth
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include password-auth

10
SOURCES/rlogin.socket Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Remote Login Facilities Activation Socket
IgnoreOnIsolate=true

[Socket]
ListenStream=513
Accept=true

[Install]
WantedBy=sockets.target

9
SOURCES/rlogin@.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Remote Login Facilities Server
After=local-fs.target
IgnoreOnIsolate=true

[Service]
ExecStart=-/usr/sbin/in.rlogind
StandardInput=socket
IgnoreSIGPIPE=no

11
SOURCES/rsh.pam Normal file
View File

@ -0,0 +1,11 @@
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts.so
account include password-auth
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include password-auth

9
SOURCES/rsh.socket Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Remote Shell Facilities Activation Socket

[Socket]
ListenStream=514
Accept=true

[Install]
WantedBy=sockets.target

8
SOURCES/rsh@.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Remote Shell Facilities Server
After=local-fs.target

[Service]
ExecStart=-/usr/sbin/in.rshd
StandardInput=socket
IgnoreSIGPIPE=no

660
SPECS/rsh.spec Normal file
View File

@ -0,0 +1,660 @@
%global _hardened_build 1

Summary: Clients for remote access commands (rsh, rlogin, rcp)
Name: rsh
Version: 0.17
Release: 79%{?dist}
License: BSD
Group: Applications/Internet

BuildRequires: perl, ncurses-devel, pam-devel, audit-libs-devel, systemd

URL: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit
Source0: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-rsh-%{version}.tar.gz
Source1: rexec.pam
Source2: rlogin.pam
Source3: rsh.pam
# Source is no longer publicly available.
Source4: rexec-1.5.tar.gz
Source5: rsh@.service
Source6: rsh.socket
Source7: rlogin@.service
Source8: rlogin.socket
Source9: rexec@.service
Source10: rexec.socket

Patch1: netkit-rsh-0.17-sectty.patch
# Make rexec installation process working
Patch2: netkit-rsh-0.17-rexec.patch
Patch3: netkit-rsh-0.10-stdarg.patch
# Improve installation process
Patch4: netkit-rsh-0.16-jbj.patch
# Link rshd against libpam
Patch8: netkit-rsh-0.16-jbj4.patch
Patch9: netkit-rsh-0.16-prompt.patch
Patch10: netkit-rsh-0.16-rlogin=rsh.patch
# Improve documentation
Patch11: netkit-rsh-0.16-nokrb.patch
# Remove spurious double-reporting of errors
Patch12: netkit-rsh-0.17-pre20000412-jbj5.patch
# RH #42880
Patch13: netkit-rsh-0.17-userandhost.patch
# Don't strip binaries during installation
Patch14: netkit-rsh-0.17-strip.patch
# RH #67362
Patch15: netkit-rsh-0.17-lfs.patch
# RH #57392
Patch16: netkit-rsh-0.17-chdir.patch
# RH #63806
Patch17: netkit-rsh-0.17-pam-nologin.patch
# RH #135643
Patch19: netkit-rsh-0.17-rexec-netrc.patch
# RH #68590
Patch20: netkit-rsh-0.17-pam-sess.patch
# RH #67361
Patch21: netkit-rsh-0.17-errno.patch
# RH #118630
Patch22: netkit-rsh-0.17-rexec-sig.patch
# RH #135827
Patch23: netkit-rsh-0.17-nohost.patch
# RH #122315
Patch24: netkit-rsh-0.17-ignchld.patch
# RH #146464
Patch25: netkit-rsh-0.17-checkdir.patch
Patch26: netkit-rsh-0.17-pam-conv.patch
# RH #174045
Patch27: netkit-rsh-0.17-rcp-largefile.patch
# RH #174146
Patch28: netkit-rsh-0.17-pam-rhost.patch
# RH #178916
Patch29: netkit-rsh-0.17-rlogin-linefeed.patch
Patch30: netkit-rsh-0.17-ipv6.patch
Patch31: netkit-rsh-0.17-pam_env.patch
Patch33: netkit-rsh-0.17-dns.patch
Patch34: netkit-rsh-0.17-nohostcheck-compat.patch
# RH #448904
Patch35: netkit-rsh-0.17-audit.patch
Patch36: netkit-rsh-0.17-longname.patch
# RH #440867
Patch37: netkit-rsh-0.17-arg_max.patch
Patch38: netkit-rsh-0.17-rh448904.patch
Patch39: netkit-rsh-0.17-rh461903.patch
Patch40: netkit-rsh-0.17-rh473492.patch
Patch41: netkit-rsh-0.17-rh650119.patch
Patch42: netkit-rsh-0.17-rh710987.patch
Patch43: netkit-rsh-0.17-rh784467.patch
Patch44: netkit-rsh-0.17-rh896583.patch
Patch45: netkit-rsh-0.17-rh947213.patch
Patch46: 0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch
Patch47: 0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch
Patch48: netkit-rsh-0.17-ipv6-rexec.patch
Patch49: 0001-rshd-use-upper-bound-for-cmdbuflen.patch
Patch50: 0001-rcp-don-t-advance-pointer-returned-from-rcp_basename.patch
Patch51: netkit-rsh-0.17-pam-warning.patch
Patch52: netkit-rsh-0.17-rexec-cmdbuflen.patch
Patch53: netkit-rsh-0.17-remote-close.patch

%description
The rsh package contains a set of programs which allow users to run
commands on remote machines, login to other machines and copy files
between machines (rsh, rlogin and rcp). All three of these commands
use rhosts style authentication. This package contains the clients
needed for all of these services.
The rsh package should be installed to enable remote access to other
machines

%package server
Summary: Servers for remote access commands (rsh, rlogin, rcp)
Group: System Environment/Daemons
Requires: pam, /etc/pam.d/system-auth
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd

%description server
The rsh-server package contains a set of programs which allow users
to run commands on remote machines, login to other machines and copy
files between machines (rsh, rlogin and rcp). All three of these
commands use rhosts style authentication. This package contains the
servers needed for all of these services. It also contains a server
for rexec, an alternate method of executing remote commands.
All of these servers are run by systemd and configured using
systemd units and PAM.

The rsh-server package should be installed to enable remote access
from other machines

%prep
%setup -q -n netkit-rsh-%{version} -a 4
%patch1 -p1 -b .sectty
%patch2 -p1 -b .rexec
%patch3 -p1 -b .stdarg
%patch4 -p1 -b .jbj
%patch8 -p1 -b .jbj4
%patch9 -p1 -b .prompt
%patch10 -p1 -b .rsh
%patch11 -p1 -b .rsh.nokrb
%patch12 -p1 -b .jbj5
%patch13 -p1 -b .userandhost
%patch14 -p1 -b .strip
%patch15 -p1 -b .lfs
%patch16 -p1 -b .chdir
%patch17 -p1 -b .pam-nologin
%patch19 -p1 -b .rexec-netrc
%patch20 -p1 -b .pam-sess
%patch21 -p1 -b .errno
%patch22 -p1 -b .rexec-sig
%patch23 -p1 -b .nohost
%patch24 -p1 -b .ignchld
%patch25 -p1 -b .checkdir
%patch26 -p1 -b .pam-conv
%patch27 -p1 -b .largefile
%patch28 -p1 -b .pam-rhost
%patch29 -p1 -b .linefeed
%patch30 -p1 -b .ipv6
%patch31 -p1 -b .pam_env
%patch33 -p1 -b .dns
%patch34 -p1 -b .compat
%patch35 -p1 -b .audit
%patch36 -p1 -b .longname
%patch37 -p1 -b .arg_max
%patch38 -p1 -b .rh448904
%patch39 -p1 -b .rh461903
%patch40 -p1 -b .rh473492
%patch41 -p1 -b .rh650119
%patch42 -p1 -b .rh710987
%patch43 -p1 -b .rh784467
%patch44 -b .rh896583
%patch45 -p1 -b .rh947213
%patch46 -p1
%patch47 -p1
%patch48 -p1 -b .ipv6-rexec
%patch49 -p1 -b .cmdbuflen
%patch50 -p1 -b .basename
%patch51 -p1 -b .pam-warning
%patch52 -p1 -b .rexec-cmdbuflen
%patch53 -p1 -b .remote-close

# No, I don't know what this is doing in the tarball.
rm -f rexec/rexec

%build
sh configure --with-c-compiler=gcc
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
%ifarch s390 s390x
%{__perl} -pi -e '
s,^CC=.*$,CC=cc,;
s,-O2,\$(RPM_OPT_FLAGS) -fPIC -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE,;
s,^LDFLAGS=,LDFLAGS=-z now -pie,;
s,^BINDIR=.*$,BINDIR=%{_bindir},;
s,^MANDIR=.*$,MANDIR=%{_mandir},;
s,^SBINDIR=.*$,SBINDIR=%{_sbindir},;
' MCONFIG
%else
%{__perl} -pi -e '
s,^CC=.*$,CC=cc,;
s,-O2,\$(RPM_OPT_FLAGS) -fpic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE,;
s,^LDFLAGS=,LDFLAGS=-z now -pie,;
s,^BINDIR=.*$,BINDIR=%{_bindir},;
s,^MANDIR=.*$,MANDIR=%{_mandir},;
s,^SBINDIR=.*$,SBINDIR=%{_sbindir},;
' MCONFIG
%endif
make %{?_smp_mflags}

%install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}%{_mandir}/man{1,5,8}
mkdir -p %{buildroot}%{_sysconfdir}/pam.d

make INSTALLROOT=%{buildroot} BINDIR=%{_bindir} MANDIR=%{_mandir} install

install -m 644 %SOURCE1 %{buildroot}%{_sysconfdir}/pam.d/rexec
install -m 644 %SOURCE2 %{buildroot}%{_sysconfdir}/pam.d/rlogin
install -m 644 %SOURCE3 %{buildroot}%{_sysconfdir}/pam.d/rsh

mkdir -p %{buildroot}%{_unitdir}
install -m644 %SOURCE5 %{buildroot}%{_unitdir}/rsh@.service
install -m644 %SOURCE6 %{buildroot}%{_unitdir}/rsh.socket
install -m644 %SOURCE7 %{buildroot}%{_unitdir}/rlogin@.service
install -m644 %SOURCE8 %{buildroot}%{_unitdir}/rlogin.socket
install -m644 %SOURCE9 %{buildroot}%{_unitdir}/rexec@.service
install -m644 %SOURCE10 %{buildroot}%{_unitdir}/rexec.socket

%post server
%systemd_post rsh.socket
%systemd_post rlogin.socket
%systemd_post rexec.socket

%preun server
%systemd_preun rsh.socket
%systemd_preun rlogin.socket
%systemd_preun rexec.socket

%postun server
%systemd_postun_with_restart rsh.socket
%systemd_postun_with_restart rlogin.socket
%systemd_postun_with_restart rexec.socket

%files
%defattr(-,root,root,-)
%doc README BUGS
%attr(0755,root,root) %caps(cap_net_bind_service=pe) %{_bindir}/rcp
%{_bindir}/rexec
%attr(0755,root,root) %caps(cap_net_bind_service=pe) %{_bindir}/rlogin
%attr(0755,root,root) %caps(cap_net_bind_service=pe) %{_bindir}/rsh
%{_mandir}/man1/*.1*

%files server
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/pam.d/rsh
%config(noreplace) %{_sysconfdir}/pam.d/rlogin
%config(noreplace) %{_sysconfdir}/pam.d/rexec
%{_sbindir}/in.rexecd
%{_sbindir}/in.rlogind
%{_sbindir}/in.rshd
%{_unitdir}/*
%{_mandir}/man8/*.8*

%changelog
* Sat Apr 28 2018 Michal Ruprich <mruprich@redhat.com> - 0.17-79
- Related: #1477207 - service and socket file directives should be under [Unit]

* Wed Apr 18 2018 Michal Ruprich <mruprich@redhat.com> - 0.17-78
- Resolves: #1502657 - Copying remote file to local dir fails with "rcp: protocol screwup: expected control record"
- Resolves: #1338037 - rsh/rlogin sessions ignore SIGPIPE due to systemd
- Resolves: #1477207 - rlogin killed when changing run level
- Resolves: #1503112 - rexecd Could not allocate space for cmdbuf
- Resolves: #1505226 - have a proposed patch for rsh-0.17-76.el7_1.1

* Thu Mar 26 2015 Michal Sekletar <msekleta@redhat.com> - 0.17-77
- don't truncate first character of dirname when doing recursive copy (#1129483)

* Mon Aug 18 2014 Michal Sekletar <msekleta@redhat.com> - 0.17-76
- disable strict aliasing optimizations (#1095306)
- use upper bound for cmdbuflen (#1093749)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.17-75
- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.17-74
- Mass rebuild 2013-12-27

* Mon Jul 15 2013 Michal Sekletar <msekleta@redhat.com> - 0.17-73
- add IPv6 support to rexec and rexecd
- enable hardened build
- fix dates in changelog

* Wed Jun 26 2013 Michal Sekletar <msekleta@redhat.com> - 0.17-72
- unit files must not be marked as config files
- fix handling of non-native IPv6 connections via AF_INET6 socket

* Thu Apr 11 2013 Michal Sekletar <msekleta@redhat.com> - 0.17-71
- resolves: RHBZ #737244 #896583 #947213
- migrate from xinetd to systemd configuration
- close pam session correctly when client does not ask for separate error channel
- fix pty handling which was broken by changes in /bin/login

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-70
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-69
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Tue Jan 31 2012 Adam Tkac <atkac redhat com> - 0.17-68
- rcp: handle copying of directories with ending slash well (#784467)

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-67
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Wed Oct 26 2011 Adam Tkac <atkac redhat com> - 0.17-66
- remove unneeded setpwent/endpwent calls

* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-65
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Mon Nov 08 2010 Adam Tkac <atkac redhat com> - 0.17-64
- fix typo in rexec.c (#650119)

* Mon Nov 08 2010 Adam Tkac <atkac redhat com> - 0.17-63
- use filesystem-based capabilities instead of SUID (#646489)

* Tue Jan 5 2010 Jan Gorig <jgorig redhat com> - 0.17-62
- add check for return values (#473492)

* Thu Dec 17 2009 Adam Tkac <atkac redhat com> - 0.17-61
- include README and BUGS files as documentation (#226379)

* Tue Dec 15 2009 Adam Tkac <atkac redhat com> - 0.17-60
- more merge review related fixes (#226379)

* Mon Nov 30 2009 Adam Tkac <atkac redhat com> - 0.17-59
- merge review related fixes (#226379)
- remove unused patches
- netkit-rsh-0.16-pamfix.patch
- netkit-rsh-0.16-jbj2.patch
- netkit-rsh-0.16-jbj3.patch

* Wed Sep 16 2009 Tomas Mraz <tmraz@redhat.com> - 0.17-58
- use password-auth common PAM configuration instead of system-auth

* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.17-57
- rebuilt with new audit

* Tue Aug 11 2009 Adam Tkac <atkac redhat com> 0.17-56
- remove URL from rexec source, it is no longer publicly available

* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-55
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Mon Mar 30 2009 Adam Tkac <atkac redhat com> 0.17-54
- improve pam_env patch

* Thu Mar 26 2009 Adam Tkac <atkac redhat com> 0.17-53
- check return value from close to catch errors on NFS filesystems (#461903)

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-52
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Fri Oct 03 2008 Adam Tkac <atkac redhat com> 0.17-51
- updated ipv6 patch due rpm 4.6 (#465053)
- make in.rshd working on kernels without audit support (#448904)

* Fri May 09 2008 Adam Tkac <atkac redhat com> 0.17-50
- fixed typos in arg_max and audit patches (#445606)
- use pam_rhosts, not pam_rhosts_auth (#445606)

* Mon Apr 14 2008 Adam Tkac <atkac redhat com> 0.17-49
- use sysconf for ARG_MAX value (#440867)

* Thu Mar 27 2008 Adam Tkac <atkac redhat com> 0.17-48
- in.rexecd username limit was 14 characters, not 16

* Tue Mar 25 2008 Adam Tkac <atkac redhat com> 0.17-47
- fixed NULL pointer dereference (#437815)
- cleanup in audit patch

* Thu Feb 14 2008 Adam Tkac <atkac redhat com> 0.17-46
- rebuild with gcc4.3
- build with -D_GNU_SOURCE

* Sat Oct 20 2007 Steve Grubb <sgrubb@redhat.com> 0.17-45
- update for audit

* Tue Oct 16 2007 Adam Tkac <atkac redhat com> 0.17-44
- added -D option for compatibility with F8 test releases
- fixed rsh-server description

* Thu Sep 27 2007 Adam Tkac <atkac redhat com> 0.17-43
- removed -D option from rshd and rlogind (we have -a option when
we need force reverse DNS lookup)
- patches netkit-rsh-0.17-nodns.patch and netkit-rsh-0.17-nohostcheck.patch
are substituted by netkit-rsh-0.17-dns.patch

* Wed Aug 22 2007 Adam Tkac <atkac redhat com> 0.17-42
- rebuild (BuildID feature)

* Thu Jul 26 2007 Adam Tkac <atkac redhat com> 0.17-41
- improved nodns patch (in.rshd also has -D option now)

* Tue Apr 10 2007 Adam Tkac <atkac redhat com> 0.17-40
- improved -D option to rlogind - when name won't be resolved rlogind uses IP address
- added smp_mflags to make

* Mon Jan 22 2007 Adam Tkac <atkac redhat com> 0.17-39
- rebased on ncurses instead of libtermcap

* Tue Dec 05 2006 Adam Tkac <atkac redhat com> 0.17-38
- rsh now load pan_env module correctly

* Tue Oct 24 2006 Adam Tkac <atkac@redhat.com> 0.17-37
- added xinetd dependency to rsh-server

* Wed Oct 4 2006 Karel Zak <kzak@redhat.com> 0.17-36
- fix #209277 - rsh-server not linked to PAM (missing BuildRequires)

* Mon Jul 17 2006 Karel Zak <kzak@redhat.com> 0.17-35
- added support for IPv6 (patch by Jan Pazdziora)
- fix #198632 - add keyinit instructions to the rsh, rlogin and rexec PAM scripts
(patch by David Howells)
- fix #191390 - improve linefeed patch

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.17-34.2
- rebuild

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.17-34.1
- bump again for double-long bug on ppc(64)

* Thu Feb 9 2006 Karel Zak <kzak@redhat.com> 0.17-34
- fix #178916 - Line feeds when password needs changing with rlogin

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> 0.17-33.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> 0.17-33.1
- rebuilt

* Mon Nov 28 2005 Karel Zak <kzak@redhat.com> 0.17-33
- fix #174146 - pam_access.so does not work with rexecd

* Thu Nov 24 2005 Karel Zak <kzak@redhat.com> 0.17-32
- fix #174045 - rcp outputs negative file size when over 2GB

* Thu Oct 13 2005 Karel Zak <kzak@redhat.com> 0.17-31
- rewrite rexecd PAM_conversation()

* Thu Oct 13 2005 Karel Zak <kzak@redhat.com> 0.17-30
- replace pam_stack with "include"

* Sat Mar 5 2005 Karel Zak <kzak@redhat.com> 0.17-29
- rebuilt

* Thu Feb 3 2005 Karel Zak <kzak@redhat.com> 0.17-28
- malicious rcp server can cause rcp to write to arbitrary files (like scp CAN-2004-0175) (#146464)

* Mon Dec 6 2004 Karel Zak <kzak@redhat.com> 0.17-27
- removed BSD stuff "signal(SIGCHLD, SIG_IGN)". It's unsupported by POSIX/linux. (#122315)

* Sat Dec 4 2004 Karel Zak <kzak@redhat.com> 0.17-26
- "-D" option turns off reverse DNS in rexecd (#135827)

* Wed Nov 17 2004 Karel Zak <kzak@redhat.com> 0.17-25
- rexecd uses PAM session now (#68590)
- fixed errno usage in rcp (#67361)
- fixed rexec fails with "Invalid Argument" (#118630)

* Mon Oct 18 2004 Radek Vokal <rvokal@redhat.com> 0.17-24
- The username and password for ~/.netrc are used (#135643)

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Wed May 12 2004 Phil Knirsch <pknirsch@redhat.com> 0.17-22
- Added all other tools to list of PIE enabled apps.

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Thu Feb 5 2004 Thomas Woerner <twoerner@redhat.com> 0.17-20
- in.rexecd, in.rlogind and in.rshd are pie, now

* Tue Oct 21 2003 Phil Knirsch <pknirsch@redhat.com> 0.17-19
- Included updated patch from #105733.

* Thu Oct 02 2003 Phil Knirsch <pknirsch@redhat.com> 0.17-18
- Fixed YAT (#79391).
- Included feature request #105733 (-D option).

* Fri Jun 27 2003 Phil Knirsch <pknirsch@redhat.com> 0.17-17.1
- rebuilt

* Thu Jun 26 2003 Phil Knirsch <pknirsch@redhat.com> 0.17-17
- Included chdir patch (#57392).
- Included pam-nologin patch (#63806).

* Tue Jun 17 2003 Phil Knirsch <pknirsch@redhat.com> 0.17-16
- rebuilt

* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> 0.17-15
- rebuilt

* Tue May 06 2003 Phil Knirsch <pknirsch@redhat.com>
- Fixed manpages (#7168).

* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt

* Fri Jan 17 2003 Phil Knirsch <pknirsch@redhat.com> 0.17-13
- Added LFS support (#67362).
- Fixed user and host patch (#80822).

* Tue Jan 14 2003 Phil Knirsch <pknirsch@redhat.com> 0.17-12
- Fixed bug #79391 (typo in description).

* Mon Nov 11 2002 Nalin Dahyabhai <nalin@redhat.com> 0.17-11
- remove directory names from PAM configuration files, allowing them to be used
for all arches on multilib systems

* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Wed Jun 19 2002 Phil Knirsch <pknirsch@redhat.com> 0.17-9
- Don't forcibly strip binaries

* Thu May 23 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Wed Jan 30 2002 Phil Knirsch <pknirsch@redhat.com>
- Bumped version for rebuild
- Added the remote user and host addition (RFE #42880)

* Tue Jul 24 2001 Phil Knirsch <pknirsch@redhat.com>
- Fixed really missing BuildPrereq: libtermcap-devel (#49577)
- Fixed security problem with rexec.pam (#49181)

* Fri Jun 22 2001 Phil Knirsch <pknirsch@redhat.com>
- Update to latest stable version 0.17
- Removed unneeded glib22 patch

* Mon Apr 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- tag xinetd config files as config files

* Wed Apr 4 2001 Jakub Jelinek <jakub@redhat.com>
- don't let configure to guess compiler, it can pick up egcs

* Mon Feb 5 2001 Nalin Dahyabhai <nalin@redhat.com>
- securetty is screwy because rsh doesn't allocate one and rlogin does auth
before it has a tty, so change the hard-coded TTYs used from "tty" for all
to "rsh" or "rlogin" or "rexec"

* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix PAM config files to always honor nologin and securetty, to use rhosts,
and to fall back to password auth only for rlogin and rexec (#17183)
- add references to pam_env to the PAM configs as well (#16170)
- disable rlogin and rsh by default

* Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix typo in the rexec xinetd configuration file (#18107)

* Fri Jul 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix typo in the rlogin PAM config file
- continue the tradition of messed-up release numbers

* Tue Jul 18 2000 Bill Nottingham <notting@redhat.com>
- add description & default to xinetd file

* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild

* Sun Jun 18 2000 Jeff Johnson <jbj@redhat.com>
- FHS packaging.
- update to 0.17.

* Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- modify PAM setup to use system-auth

* Mon May 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- expunge all mentions of kerberos authentication or DES encryption using
kerberos from the man pages

* Thu May 25 2000 Trond Eivind Glomsrod <teg@redhat.com>
- switched to xinetd

* Tue Mar 7 2000 Jeff Johnson <jbj@redhat.com>
- rebuild for sparc baud rates > 38400.

* Sat Mar 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- make rlogin still work correctly when argv[0] = "rsh"

* Mon Feb 28 2000 Jeff Johnson <jbj@redhat.com>
- workaround (by explicitly prompting for password) #4328 and #9715.

* Wed Feb 9 2000 Jeff Johnson <jbj@redhat.com>
- mark pam config files as %%config.

* Fri Feb 4 2000 Bill Nottingham <notting@redhat.com>
- handle compressed manpages

* Wed Feb 02 2000 Cristian Gafton <gafton@redhat.com>
- fix description

* Sun Jan 30 2000 Bill Nottingham <notting@redhat.com>
- remove bogus rexec binary when building; it causes weirdness

* Fri Jan 28 2000 Jeff Johnson <jbj@redhat.com>
- Make sure that rshd is compiled with -DUSE_PAM.

* Mon Jan 10 2000 Jeff Johnson <jbj@redhat.com>
- Fix bug in rshd (hangs forever with zombie offspring) (#8313).

* Wed Jan 5 2000 Jeff Johnson <jbj@redhat.com>
- fix the PAM fix yet again (#8133).

* Tue Jan 4 2000 Bill Nottingham <notting@redhat.com>
- split client and server

* Tue Dec 21 1999 Jeff Johnson <jbj@redhat.com>
- update to 0.16.
- dup setuid bits into files list.

* Fri Jul 30 1999 Jeff Johnson <jbj@redhat.com>
- update to rexec-1.5 client (#4262)

* Wed May 19 1999 Jeff Johnson <jbj@redhat.com>
- fix broken rexec protocol in in.rexecd (#2318).

* Tue May 4 1999 Justin Vallon <vallon@mindspring.com>
- rcp with error was tricked by stdarg side effect (#2300)

* Thu Apr 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- rlogin pam file was missing comment magic

* Tue Apr 06 1999 Preston Brown <pbrown@redhat.com>
- strip rexec

* Fri Mar 26 1999 Jeff Johnson <jbj@redhat.com>
- rexec needs pam_set_item() (#60).
- clarify protocol in rexecd.8.
- add rexec client from contrib.

* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 22)

* Mon Mar 15 1999 Jeff Johnson <jbj@redhat.com>
- compile for 6.0.

* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr

* Tue Apr 14 1998 Erik Troan <ewt@redhat.com>
- built against new ncurses

* Sun Apr 5 1998 Marcelo F. Vianna <m-vianna@usa.net>
- Packaged for RH5.0 (Hurricane)

* Tue Oct 14 1997 Michael K. Johnson <johnsonm@redhat.com>
- new pam conventions

* Tue Jul 15 1997 Erik Troan <ewt@redhat.com>
- initial build