Commit Graph

64 Commits

Author SHA1 Message Date
christos cce62d0952 check pwd != NULL 2005-04-19 03:22:54 +00:00
christos 8ec5371f02 - use getpwnam_r 2005-03-30 01:33:30 +00:00
christos 6e498d006d KNF, WARNS == 3. Reported by John Nemeth 2005-03-27 21:00:58 +00:00
christos a646be989c Handle the regular case too, not only the error case. 2005-03-13 01:48:54 +00:00
christos bb8740ddcf - Don't call pam functions after pam_end().
- Only call wait for our own pid.
- Improve error checking.
- Reorder some code to minimize diffs with FreeBSD.
2005-03-12 18:23:30 +00:00
ginsbach 98d24e6cc9 Remove unnecessary cast. 2005-03-11 16:04:09 +00:00
wiz 4b98ca48e7 Sort options. 2005-03-09 16:43:37 +00:00
wiz 13966518a6 Bump date for previous, and some minor cleanup while here. 2005-03-09 16:42:49 +00:00
hubertf f396f9eb19 * Add ssh(1), sshd(8) and hosts_access(5) to SEE ALSO list.
(What would one look at for Kerberos?)
 * Be a bit more explicit about the security implications of rsh & friends,
   as suggested by Steven M. Bellovin and OK'd by Christos Zoulas
2005-03-09 07:49:08 +00:00
christos a2ee5dcfcc Avoid source routing ip options. Described in:
http://www.citi.umich.edu/u/provos/papers/secnet-spoof.txt
2005-03-08 04:35:19 +00:00
he 8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
christos 216d8f75cc Add missing goto badlogin; noticed by: Hisashi T Fujinaka 2005-02-20 06:11:51 +00:00
christos 6b2a62b742 PAMify. 2005-02-20 05:45:55 +00:00
lukem 7157011597 Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
2005-01-10 02:58:58 +00:00
itojun da88342476 NI_WITHSCOPEID was not picked up by IETF standardization process 2004-11-16 06:04:12 +00:00
wiz 24d271a979 Code is not using gethostbyaddr any longer, but getnameinfo.
Fix references. Addresses part of PR 26337 by Peter Postma.
2004-07-17 18:32:23 +00:00
agc 8e6ab8837d Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
2003-08-07 09:46:37 +00:00
joff 2c4a7474a0 use TCP_NODELAY 2003-06-14 22:43:31 +00:00
itojun 5a8065df69 string manipulation cleanup 2003-05-17 21:26:47 +00:00
dsl 2bc2d2208d Call setsid() before (setusercontext() calls) setlogin() so we don't change
the username of inetd and everyone else that is logged in.
(approved by christos)
2003-03-03 18:29:55 +00:00
wiz 990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
lukem 20b1f73235 revert previous; this *DOES* use -lutil 2002-11-30 21:56:34 +00:00
lukem 764c86e2b1 don't need -lutil here 2002-11-30 03:16:14 +00:00
wiz d6285bbf1d Begin new sentences on new lines.
Patch from Robert Elz (kre at munnari oz au).
2002-09-29 14:05:52 +00:00
mycroft aae6c28cf9 null commit 2002-09-23 12:44:34 +00:00
itojun a9fc5f306a poll.h, not sys/poll.h 2002-09-23 03:32:34 +00:00
mycroft 51581bcb01 select() -> poll() 2002-09-18 20:37:11 +00:00
mjl 7385725727 ANSIfy.
Lose \n from syslog messages.
strncpy() -> strlcpy().
Correct last arg to execl (NULL, not 0).
(From OpenBSD)
2002-03-18 23:59:57 +00:00
ross dc5571b22e Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:21:55 +00:00
wiz 7642cb7ddf Whitespace nits. 2002-01-15 02:27:15 +00:00
wiz 4c99916337 va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
christos 20d53d3990 fix nested extern 2001-02-04 22:14:13 +00:00
lukem d59d820e4b - use SHUT_RDWR instead of 1+1 for the 2nd arg to shutdown()
- use LOG_ERR for fatal errors
- don't use LOG_ODELAY, it's the default
2001-01-11 01:32:34 +00:00
itojun 7b0d3f1d84 do not refer free'ed memory region. KAME PR 302 from ryo@iij.ad.jp 2000-11-09 01:04:14 +00:00
is 48052d04a3 Format string cleanups by sommerfeld. 2000-10-10 19:54:37 +00:00
itojun 6fc49112e9 document IPv4 mapped address twists.
- ftp(1): treats IPv4 mapped destination as IPv4 peer, not native IPv6 peer.
  this does not support network with SIIT translator.
- rshd(8)/rlogind(8): rejects accesses from IPv4 mapped peer, to avoid
  possible abuse of IPv4 mapped addr (rshd/rlogind use source address-based
  auth so it is important to check the condition).
2000-05-30 05:21:46 +00:00
itojun 42a6c72320 reject conneciton attempt from IPv4 mapped address, just in case.
I thought of supporting it, however, rejected due to possible complication.
i prefer the safer side here... (code available, commented out)
2000-04-14 12:28:51 +00:00
itojun 2a5b88bffb IPv6 support. 2000-01-31 14:20:13 +00:00
itojun 6e6f6caf3e declare -DLOGIN_CAP in CPPFLAGS, not in CFLAGS. 2000-01-24 14:10:56 +00:00
mjl c47ddf604a Login.conf-ify rshd. Heavily inspired by FreeBSD. 2000-01-22 10:22:55 +00:00
garbled f124765044 More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages.  Many more to
come.
1999-03-22 18:25:43 +00:00
perry bfd526219d bzero->memset, bcopy->memcpy, bcmp->memcmp 1998-08-10 02:57:23 +00:00
mycroft 5dd823ab5d const poisoning. 1998-07-26 19:44:12 +00:00
mrg 2beab49a06 - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:45:41 +00:00
fair 5ce6614a4f fix bad .Xr references 1998-04-29 08:33:11 +00:00
enami 86053c56a1 Cosmetic changes; fix more indentation (just added/deleted white spaces). 1998-02-28 13:29:03 +00:00
lukem 69c37cf0b7 fix indenting of a block 1998-01-08 03:30:49 +00:00
enami e50ac59ba3 Fix .Nm usage. 1997-10-20 02:53:32 +00:00
mrg 2268d2dfb3 merge lite-2 Makefiles (rcsids), and turn on WARNS for all of libexec. 1997-10-08 09:07:11 +00:00
enami 7c92c8b774 Compare a return value of getopt() against -1 instead of EOF. 1997-10-08 01:04:31 +00:00