1 |
commit: 231787a2484df850fe2299a25ef3e715c00c0358 |
2 |
Author: Hank Leininger <hlein <AT> korelogic <DOT> com> |
3 |
AuthorDate: Tue Jun 22 23:14:40 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jun 25 00:31:15 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=231787a2 |
7 |
|
8 |
net-misc/netkit-rsh: security fix, add myself as p-m |
9 |
|
10 |
This updates one of our existing patches with Debian's fix for |
11 |
CVE-2019-7282 and CVE-2019-7283. Minor other cleanups. |
12 |
|
13 |
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com> |
14 |
Bug: https://bugs.gentoo.org/717794 |
15 |
Closes: https://bugs.gentoo.org/710960 |
16 |
Package-Manager: Portage-3.0.20, Repoman-3.0.3 |
17 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
18 |
|
19 |
.../netkit-rsh/files/patches/000_all_sectty.patch | 32 +++ |
20 |
.../netkit-rsh/files/patches/010_all_rexec.patch | 55 +++++ |
21 |
.../netkit-rsh/files/patches/020_all_stdarg.patch | 43 ++++ |
22 |
.../netkit-rsh/files/patches/030_all_jbj.patch | 33 +++ |
23 |
.../netkit-rsh/files/patches/040_all_jbj4.patch | 14 ++ |
24 |
.../netkit-rsh/files/patches/050_all_prompt.patch | 37 +++ |
25 |
.../files/patches/060_all_rlogin-rsh.patch | 10 + |
26 |
.../netkit-rsh/files/patches/070_all_nokrb.patch | 231 +++++++++++++++++++ |
27 |
.../netkit-rsh/files/patches/080_all_jbj5.patch | 29 +++ |
28 |
.../files/patches/090_all_userandhost.patch | 70 ++++++ |
29 |
.../netkit-rsh/files/patches/100_all_strip.patch | 66 ++++++ |
30 |
.../netkit-rsh/files/patches/110_all_lfs.patch | 25 ++ |
31 |
.../netkit-rsh/files/patches/120_all_chdir.patch | 57 +++++ |
32 |
.../files/patches/130_all_pam-nologin.patch | 14 ++ |
33 |
.../files/patches/140_all_nohostcheck.patch | 134 +++++++++++ |
34 |
.../files/patches/150_all_rexec-netrc.patch | 251 +++++++++++++++++++++ |
35 |
.../files/patches/160_all_pam-sess.patch | 12 + |
36 |
.../netkit-rsh/files/patches/170_all_errno.patch | 51 +++++ |
37 |
.../files/patches/180_all_rexec-sig.patch | 17 ++ |
38 |
.../netkit-rsh/files/patches/190_all_nohost.patch | 63 ++++++ |
39 |
.../netkit-rsh/files/patches/200_all_ignchld.patch | 22 ++ |
40 |
.../files/patches/210_all_checkdir-r1.patch | 23 ++ |
41 |
.../netkit-rsh/files/patches/220_all_fbsd.patch | 222 ++++++++++++++++++ |
42 |
.../netkit-rsh/files/patches/230_all_MAX_ARG.patch | 96 ++++++++ |
43 |
net-misc/netkit-rsh/metadata.xml | 9 +- |
44 |
net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild | 78 +++++++ |
45 |
26 files changed, 1693 insertions(+), 1 deletion(-) |
46 |
|
47 |
diff --git a/net-misc/netkit-rsh/files/patches/000_all_sectty.patch b/net-misc/netkit-rsh/files/patches/000_all_sectty.patch |
48 |
new file mode 100644 |
49 |
index 00000000000..fdd761bd991 |
50 |
--- /dev/null |
51 |
+++ b/net-misc/netkit-rsh/files/patches/000_all_sectty.patch |
52 |
@@ -0,0 +1,32 @@ |
53 |
+--- a/rexecd/rexecd.c |
54 |
++++ b/rexecd/rexecd.c |
55 |
+@@ -300,6 +300,7 @@ |
56 |
+ PAM_password = pass; |
57 |
+ pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh); |
58 |
+ PAM_BAIL; |
59 |
++ (void) pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */ |
60 |
+ pam_error = pam_authenticate(pamh, 0); |
61 |
+ PAM_BAIL; |
62 |
+ pam_error = pam_acct_mgmt(pamh, 0); |
63 |
+--- a/rlogind/auth.c |
64 |
++++ b/rlogind/auth.c |
65 |
+@@ -123,7 +123,7 @@ |
66 |
+ pam_set_item(pamh, PAM_USER, localuser); |
67 |
+ pam_set_item(pamh, PAM_RUSER, remoteuser); |
68 |
+ pam_set_item(pamh, PAM_RHOST, host); |
69 |
+- pam_set_item(pamh, PAM_TTY, "tty"); /* ? */ |
70 |
++ pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */ |
71 |
+ |
72 |
+ network_confirm(); |
73 |
+ retval = attempt_auth(); |
74 |
+--- a/rshd/rshd.c |
75 |
++++ b/rshd/rshd.c |
76 |
+@@ -243,7 +243,7 @@ |
77 |
+ } |
78 |
+ pam_set_item (pamh, PAM_RUSER, remuser); |
79 |
+ pam_set_item (pamh, PAM_RHOST, hostname); |
80 |
+- pam_set_item (pamh, PAM_TTY, "tty"); |
81 |
++ pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */ |
82 |
+ |
83 |
+ retcode = pam_authenticate(pamh, 0); |
84 |
+ if (retcode == PAM_SUCCESS) { |
85 |
|
86 |
diff --git a/net-misc/netkit-rsh/files/patches/010_all_rexec.patch b/net-misc/netkit-rsh/files/patches/010_all_rexec.patch |
87 |
new file mode 100644 |
88 |
index 00000000000..ffdbdfffebc |
89 |
--- /dev/null |
90 |
+++ b/net-misc/netkit-rsh/files/patches/010_all_rexec.patch |
91 |
@@ -0,0 +1,55 @@ |
92 |
+--- a/rexecd/rexecd.8 |
93 |
++++ b/rexecd/rexecd.8 |
94 |
+@@ -68,8 +68,9 @@ |
95 |
+ it is interpreted as the port number of a secondary |
96 |
+ stream to be used for the |
97 |
+ .Em stderr . |
98 |
+-A second connection is then created to the specified |
99 |
+-port on the client's machine. |
100 |
++A second connection will be created to the specified |
101 |
++port on the client's machine after receiving and authenticating |
102 |
++the user, password, and command from the client. |
103 |
+ .It |
104 |
+ A NUL terminated user name of at most 16 characters |
105 |
+ is retrieved on the initial socket. |
106 |
+--- a/rexec/Makefile |
107 |
++++ b/rexec/Makefile |
108 |
+@@ -1,30 +1,23 @@ |
109 |
+ |
110 |
+ SHELL = /bin/sh |
111 |
+ |
112 |
+-BINDIR = /usr/local/bin |
113 |
+-MANDIR = /usr/local/man/man1 |
114 |
++include ../MCONFIG |
115 |
++include ../MRULES |
116 |
+ |
117 |
+ # Uncomment this line if you get link errors under Solaris |
118 |
+ #LDLIBS=-lsocket -lnsl |
119 |
+ |
120 |
+ .PHONY: all |
121 |
+ |
122 |
+-all: rexec install |
123 |
++all: rexec |
124 |
+ |
125 |
+ rexec: rexec.c |
126 |
+ |
127 |
+ rexec.1: |
128 |
+ |
129 |
++clean: |
130 |
++ rm -f *.o rexec |
131 |
++ |
132 |
+ install: rexec rexec.1 |
133 |
+- @ echo "Installation: Press enter for defaults."; \ |
134 |
+- echo -n "Enter the location to install executable "; \ |
135 |
+- echo -n " (default: $(BINDIR)): "; \ |
136 |
+- read bindir; \ |
137 |
+- bindir=$${bindir:-$(BINDIR)}; \ |
138 |
+- echo -n "Enter the manpage location (default $(MANDIR)): ";\ |
139 |
+- read mandir; \ |
140 |
+- mandir=$${mandir:-$(MANDIR)}; \ |
141 |
+- cp rexec $$bindir; \ |
142 |
+- chmod a+rx $${bindir}/rexec; \ |
143 |
+- cp rexec.1 $$mandir; \ |
144 |
+- chmod a+r $${mandir}/rexec.1 |
145 |
++ install -m 0755 rexec $(INSTALLROOT)/$(BINDIR)/rexec |
146 |
++ install -m 0644 rexec.1 $(INSTALLROOT)/$(MANDIR)/man1/rexec.1 |
147 |
|
148 |
diff --git a/net-misc/netkit-rsh/files/patches/020_all_stdarg.patch b/net-misc/netkit-rsh/files/patches/020_all_stdarg.patch |
149 |
new file mode 100644 |
150 |
index 00000000000..a9ec010330a |
151 |
--- /dev/null |
152 |
+++ b/net-misc/netkit-rsh/files/patches/020_all_stdarg.patch |
153 |
@@ -0,0 +1,43 @@ |
154 |
+--- a/rcp/rcp.c |
155 |
++++ b/rcp/rcp.c |
156 |
+@@ -836,19 +836,33 @@ |
157 |
+ error(const char *fmt, ...) |
158 |
+ { |
159 |
+ static FILE *fp; |
160 |
+- va_list ap; |
161 |
+- |
162 |
+- va_start(ap, fmt); |
163 |
++ char buf[1000]; |
164 |
+ |
165 |
+ ++errs; |
166 |
+ if (!fp && !(fp = fdopen(rem, "w"))) |
167 |
+ return; |
168 |
+- fprintf(fp, "%c", 0x01); |
169 |
+- vfprintf(fp, fmt, ap); |
170 |
++ |
171 |
++ /* (fmt,...) might need to go to two streams. |
172 |
++ * |
173 |
++ * In { va_start ; vfprintf ; vfprintf ; va_end }, second |
174 |
++ * vfprintf didn't restart (ie: vfprintf affects ap) (glibc) |
175 |
++ * |
176 |
++ * Is { va_start ; vfprintf ; va_end} * 2 even allowed? |
177 |
++ * |
178 |
++ * => Dump (fmt,...) to buffer. */ |
179 |
++ |
180 |
++ { |
181 |
++ va_list ap; |
182 |
++ va_start(ap, fmt); |
183 |
++ vsnprintf(buf, sizeof(buf), fmt, ap); |
184 |
++ buf[sizeof(buf)-1] = 0; |
185 |
++ va_end(ap); |
186 |
++ } |
187 |
++ |
188 |
++ fprintf(fp, "%c%s", 0x01, buf); |
189 |
+ fflush(fp); |
190 |
+- if (!iamremote) vfprintf(stderr, fmt, ap); |
191 |
+ |
192 |
+- va_end(ap); |
193 |
++ if (!iamremote) fputs(buf, stderr); |
194 |
+ } |
195 |
+ |
196 |
+ static void |
197 |
|
198 |
diff --git a/net-misc/netkit-rsh/files/patches/030_all_jbj.patch b/net-misc/netkit-rsh/files/patches/030_all_jbj.patch |
199 |
new file mode 100644 |
200 |
index 00000000000..3f5e661b705 |
201 |
--- /dev/null |
202 |
+++ b/net-misc/netkit-rsh/files/patches/030_all_jbj.patch |
203 |
@@ -0,0 +1,33 @@ |
204 |
+--- a/rcp/Makefile |
205 |
++++ b/rcp/Makefile |
206 |
+@@ -7,7 +7,7 @@ |
207 |
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ |
208 |
+ |
209 |
+ install: rcp |
210 |
+- install -s -o root -m$(SUIDMODE) rcp $(INSTALLROOT)$(BINDIR) |
211 |
++ install -s rcp $(INSTALLROOT)$(BINDIR) |
212 |
+ install -m$(MANMODE) rcp.1 $(INSTALLROOT)$(MANDIR)/man1 |
213 |
+ |
214 |
+ clean: |
215 |
+--- a/rlogin/Makefile |
216 |
++++ a/rlogin/Makefile |
217 |
+@@ -10,7 +10,7 @@ |
218 |
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ |
219 |
+ |
220 |
+ install: $(PROG) |
221 |
+- install -s -o root -m$(SUIDMODE) $(PROG) $(INSTALLROOT)$(BINDIR) |
222 |
++ install -s $(PROG) $(INSTALLROOT)$(BINDIR) |
223 |
+ install -m $(MANMODE) $(PROG).1 $(INSTALLROOT)$(MANDIR)/man1 |
224 |
+ |
225 |
+ clean: |
226 |
+--- a/rsh/Makefile |
227 |
++++ b/rsh/Makefile |
228 |
+@@ -9,7 +9,7 @@ |
229 |
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ |
230 |
+ |
231 |
+ install: rsh |
232 |
+- install -s -o root -m$(SUIDMODE) rsh $(INSTALLROOT)$(BINDIR) |
233 |
++ install -s rsh $(INSTALLROOT)$(BINDIR) |
234 |
+ install -m$(MANMODE) rsh.1 $(INSTALLROOT)$(MANDIR)/man1 |
235 |
+ |
236 |
+ clean: |
237 |
|
238 |
diff --git a/net-misc/netkit-rsh/files/patches/040_all_jbj4.patch b/net-misc/netkit-rsh/files/patches/040_all_jbj4.patch |
239 |
new file mode 100644 |
240 |
index 00000000000..41c98d27606 |
241 |
--- /dev/null |
242 |
+++ b/net-misc/netkit-rsh/files/patches/040_all_jbj4.patch |
243 |
@@ -0,0 +1,14 @@ |
244 |
+--- a/rshd/Makefile |
245 |
++++ b/rshd/Makefile |
246 |
+@@ -6,9 +6,8 @@ |
247 |
+ OBJS = rshd.o |
248 |
+ |
249 |
+ ifeq ($(USE_PAM),1) |
250 |
+-# ? |
251 |
+-CFLAGS += # -DUSE_PAM |
252 |
+-LIBS += -ldl # -lpam -lpam_misc |
253 |
++CFLAGS += -DUSE_PAM |
254 |
++LIBS += -ldl -lpam -lpam_misc |
255 |
+ endif |
256 |
+ |
257 |
+ rshd: $(OBJS) |
258 |
|
259 |
diff --git a/net-misc/netkit-rsh/files/patches/050_all_prompt.patch b/net-misc/netkit-rsh/files/patches/050_all_prompt.patch |
260 |
new file mode 100644 |
261 |
index 00000000000..5f6a89dc1d9 |
262 |
--- /dev/null |
263 |
+++ b/net-misc/netkit-rsh/files/patches/050_all_prompt.patch |
264 |
@@ -0,0 +1,37 @@ |
265 |
+--- a/rexec/rexec.c |
266 |
++++ b/rexec/rexec.c |
267 |
+@@ -164,12 +164,30 @@ |
268 |
+ user_name[strlen(user_name)-1] = '\0'; /* Hopefully fgets always adds |
269 |
+ a newline. */ |
270 |
+ passwd = getpass("Password: "); |
271 |
++ } else { |
272 |
++ |
273 |
++ if ( user_name == NULL ) |
274 |
++ user_name = getenv("REXEC_USER"); |
275 |
++ if ( user_name == NULL ) { |
276 |
++ uid_t uid = getuid(); |
277 |
++ struct passwd *pw = getpwuid(uid); |
278 |
++ if (!(pw && pw->pw_name)) { |
279 |
++ fprintf(stderr, "Can't lookup uid %d\n", uid); |
280 |
++ exit(1); |
281 |
++ } |
282 |
++ user_name = strdup(pw->pw_name); |
283 |
++ } |
284 |
++ if ( passwd == NULL ) |
285 |
++ passwd = getenv("REXEC_PASS"); |
286 |
++ if ( passwd == NULL ) |
287 |
++ passwd = getpass("Password: "); |
288 |
+ } |
289 |
+ |
290 |
+- if ( user_name == NULL ) |
291 |
+- user_name = getenv("REXEC_USER"); |
292 |
+- if ( passwd == NULL ) |
293 |
+- passwd = getenv("REXEC_PASS"); |
294 |
++ if (!(user_name && passwd)) { |
295 |
++ fprintf(stderr, "Can't use %s without supplying a user and password\n", |
296 |
++ progname); |
297 |
++ exit(1); |
298 |
++ } |
299 |
+ |
300 |
+ if ( (sock = rexec(&host, port_exec, user_name, passwd, command, |
301 |
+ p_to_aux_sock)) < 0 ) |
302 |
|
303 |
diff --git a/net-misc/netkit-rsh/files/patches/060_all_rlogin-rsh.patch b/net-misc/netkit-rsh/files/patches/060_all_rlogin-rsh.patch |
304 |
new file mode 100644 |
305 |
index 00000000000..83a530765a9 |
306 |
--- /dev/null |
307 |
+++ b/net-misc/netkit-rsh/files/patches/060_all_rlogin-rsh.patch |
308 |
@@ -0,0 +1,10 @@ |
309 |
+--- a/rlogin/rlogin.c |
310 |
++++ b/rlogin/rlogin.c |
311 |
+@@ -194,6 +194,7 @@ |
312 |
+ p = argv[0]; |
313 |
+ |
314 |
+ if (strcmp(p, "rlogin")) |
315 |
++ if (strcmp(p, "rsh")) |
316 |
+ host = p; |
317 |
+ |
318 |
+ /* handle "rlogin host flags" */ |
319 |
|
320 |
diff --git a/net-misc/netkit-rsh/files/patches/070_all_nokrb.patch b/net-misc/netkit-rsh/files/patches/070_all_nokrb.patch |
321 |
new file mode 100644 |
322 |
index 00000000000..2d702937440 |
323 |
--- /dev/null |
324 |
+++ b/net-misc/netkit-rsh/files/patches/070_all_nokrb.patch |
325 |
@@ -0,0 +1,231 @@ |
326 |
+diff -uNr a/rcp/rcp.1 a/rcp/rcp.1 |
327 |
+--- a/rcp/rcp.1 |
328 |
++++ b/rcp/rcp.1 |
329 |
+@@ -41,12 +41,10 @@ |
330 |
+ .Sh SYNOPSIS |
331 |
+ .Nm rcp |
332 |
+ .Op Fl px |
333 |
+-.Op Fl k Ar realm |
334 |
+ .Ar file1 file2 |
335 |
+ .Nm rcp |
336 |
+ .Op Fl px |
337 |
+ .Op Fl r |
338 |
+-.Op Fl k Ar realm |
339 |
+ .Ar file ... |
340 |
+ .Ar directory |
341 |
+ .Sh DESCRIPTION |
342 |
+@@ -79,27 +77,6 @@ |
343 |
+ modified by the |
344 |
+ .Xr umask 2 |
345 |
+ on the destination host is used. |
346 |
+-.It Fl k |
347 |
+-The |
348 |
+-.Fl k |
349 |
+-option requests |
350 |
+-.Nm rcp |
351 |
+-to obtain tickets |
352 |
+-for the remote host in realm |
353 |
+-.Ar realm |
354 |
+-instead of the remote host's realm as determined by |
355 |
+-.Xr krb_realmofhost 3 . |
356 |
+-.It Fl x |
357 |
+-The |
358 |
+-.Fl x |
359 |
+-option turns on |
360 |
+-.Tn DES |
361 |
+-encryption for all data passed by |
362 |
+-.Nm rcp . |
363 |
+-This may impact response time and |
364 |
+-.Tn CPU |
365 |
+-utilization, but provides |
366 |
+-increased security. |
367 |
+ .El |
368 |
+ .Pp |
369 |
+ If |
370 |
+@@ -134,11 +111,6 @@ |
371 |
+ .Nm rcp |
372 |
+ command appeared in |
373 |
+ .Bx 4.2 . |
374 |
+-The version of |
375 |
+-.Nm rcp |
376 |
+-described here |
377 |
+-has been reimplemented with Kerberos in |
378 |
+-.Bx 4.3 Reno . |
379 |
+ .Sh BUGS |
380 |
+ Doesn't detect all cases where the target of a copy might |
381 |
+ be a file in cases where only a directory should be legal. |
382 |
+diff -uNr a/rlogin/rlogin.1 a/rlogin/rlogin.1 |
383 |
+--- a/rlogin/rlogin.1 |
384 |
++++ b/rlogin/rlogin.1 |
385 |
+@@ -42,7 +42,6 @@ |
386 |
+ .Ar rlogin |
387 |
+ .Op Fl 8EKLdx |
388 |
+ .Op Fl e Ar char |
389 |
+-.Op Fl k Ar realm |
390 |
+ .Op Fl l Ar username |
391 |
+ .Ar host |
392 |
+ .Sh DESCRIPTION |
393 |
+@@ -50,9 +49,7 @@ |
394 |
+ starts a terminal session on a remote host |
395 |
+ .Ar host . |
396 |
+ .Pp |
397 |
+-.Nm Rlogin |
398 |
+-first attempts to use the Kerberos authorization mechanism, described below. |
399 |
+-If the remote host does not supporting Kerberos the standard Berkeley |
400 |
++The standard Berkeley |
401 |
+ .Pa rhosts |
402 |
+ authorization mechanism is used. |
403 |
+ The options are as follows: |
404 |
+@@ -71,10 +68,6 @@ |
405 |
+ When used with the |
406 |
+ .Fl 8 |
407 |
+ option, this provides a completely transparent connection. |
408 |
+-.It Fl K |
409 |
+-The |
410 |
+-.Fl K |
411 |
+-option turns off all Kerberos authentication. |
412 |
+ .It Fl L |
413 |
+ The |
414 |
+ .Fl L |
415 |
+@@ -94,25 +87,6 @@ |
416 |
+ ``~'' by default. |
417 |
+ This specification may be as a literal character, or as an octal |
418 |
+ value in the form \ennn. |
419 |
+-.It Fl k |
420 |
+-The |
421 |
+-.FL k |
422 |
+-option requests rlogin to obtain tickets for the remote host |
423 |
+-in realm |
424 |
+-.Ar realm |
425 |
+-instead of the remote host's realm as determined by |
426 |
+-.Xr krb_realmofhost 3 . |
427 |
+-.It Fl x |
428 |
+-The |
429 |
+-.Fl x |
430 |
+-option turns on |
431 |
+-.Tn DES |
432 |
+-encryption for all data passed via the |
433 |
+-rlogin session. |
434 |
+-This may impact response time and |
435 |
+-.Tn CPU |
436 |
+-utilization, but provides |
437 |
+-increased security. |
438 |
+ .El |
439 |
+ .Pp |
440 |
+ A line of the form ``<escape char>.'' disconnects from the remote host. |
441 |
+@@ -129,35 +103,6 @@ |
442 |
+ is transparent. |
443 |
+ Flow control via ^S/^Q and flushing of input and output on interrupts |
444 |
+ are handled properly. |
445 |
+-.Sh KERBEROS AUTHENTICATION |
446 |
+-Each user may have a private authorization list in the file |
447 |
+-.Pa .klogin |
448 |
+-in their home directory. |
449 |
+-Each line in this file should contain a Kerberos principal name of the |
450 |
+-form |
451 |
+-.Ar principal.instance@realm . |
452 |
+-If the originating user is authenticated to one of the principals named |
453 |
+-in |
454 |
+-.Pa .klogin , |
455 |
+-access is granted to the account. |
456 |
+-The principal |
457 |
+-.Ar accountname.@localrealm |
458 |
+-is granted access if |
459 |
+-there is no |
460 |
+-.Pa .klogin |
461 |
+-file. |
462 |
+-Otherwise a login and password will be prompted for on the remote machine |
463 |
+-as in |
464 |
+-.Xr login 1 . |
465 |
+-To avoid certain security problems, the |
466 |
+-.Pa .klogin |
467 |
+-file must be owned by |
468 |
+-the remote user. |
469 |
+-.Pp |
470 |
+-If Kerberos authentication fails, a warning message is printed and the |
471 |
+-standard Berkeley |
472 |
+-.Nm rlogin |
473 |
+-is used instead. |
474 |
+ .Sh ENVIRONMENT |
475 |
+ The following environment variable is utilized by |
476 |
+ .Nm rlogin : |
477 |
+@@ -167,9 +112,6 @@ |
478 |
+ .El |
479 |
+ .Sh SEE ALSO |
480 |
+ .Xr rsh 1 , |
481 |
+-.Xr kerberos 3 , |
482 |
+-.Xr krb_sendauth 3 , |
483 |
+-.Xr krb_realmofhost 3 |
484 |
+ .Sh HISTORY |
485 |
+ The |
486 |
+ .Nm rlogin |
487 |
+diff -uNr a/rsh/rsh.1 a/rsh/rsh.1 |
488 |
+--- a/rsh/rsh.1 |
489 |
++++ b/rsh/rsh.1 |
490 |
+@@ -41,7 +41,6 @@ |
491 |
+ .Sh SYNOPSIS |
492 |
+ .Nm rsh |
493 |
+ .Op Fl Kdnx |
494 |
+-.Op Fl k Ar realm |
495 |
+ .Op Fl l Ar username |
496 |
+ .Ar host |
497 |
+ .Op command |
498 |
+@@ -62,10 +61,6 @@ |
499 |
+ normally terminates when the remote command does. |
500 |
+ The options are as follows: |
501 |
+ .Bl -tag -width flag |
502 |
+-.It Fl K |
503 |
+-The |
504 |
+-.Fl K |
505 |
+-option turns off all Kerberos authentication. |
506 |
+ .It Fl d |
507 |
+ The |
508 |
+ .Fl d |
509 |
+@@ -74,23 +69,11 @@ |
510 |
+ on the |
511 |
+ .Tn TCP |
512 |
+ sockets used for communication with the remote host. |
513 |
+-.It Fl k |
514 |
+-The |
515 |
+-.Fl k |
516 |
+-option causes |
517 |
+-.Nm rsh |
518 |
+-to obtain tickets for the remote host in |
519 |
+-.Ar realm |
520 |
+-instead of the remote host's realm as determined by |
521 |
+-.Xr krb_realmofhost 3 . |
522 |
+ .It Fl l |
523 |
+ By default, the remote username is the same as the local username. |
524 |
+ The |
525 |
+ .Fl l |
526 |
+ option allows the remote name to be specified. |
527 |
+-Kerberos authentication is used, and authorization is determined |
528 |
+-as in |
529 |
+-.Xr rlogin 1 . |
530 |
+ .It Fl n |
531 |
+ The |
532 |
+ .Fl n |
533 |
+@@ -99,13 +82,6 @@ |
534 |
+ (see the |
535 |
+ .Sx BUGS |
536 |
+ section of this manual page). |
537 |
+-.It Fl x |
538 |
+-The |
539 |
+-.Fl x |
540 |
+-option turns on |
541 |
+-.Tn DES |
542 |
+-encryption for all data exchange. |
543 |
+-This may introduce a significant delay in response time. |
544 |
+ .El |
545 |
+ .Pp |
546 |
+ If no |
547 |
+@@ -142,9 +118,6 @@ |
548 |
+ .El |
549 |
+ .Sh SEE ALSO |
550 |
+ .Xr rlogin 1 , |
551 |
+-.Xr kerberos 3 , |
552 |
+-.Xr krb_sendauth 3 , |
553 |
+-.Xr krb_realmofhost 3 |
554 |
+ .Sh HISTORY |
555 |
+ The |
556 |
+ .Nm rsh |
557 |
|
558 |
diff --git a/net-misc/netkit-rsh/files/patches/080_all_jbj5.patch b/net-misc/netkit-rsh/files/patches/080_all_jbj5.patch |
559 |
new file mode 100644 |
560 |
index 00000000000..5bfd70ac91a |
561 |
--- /dev/null |
562 |
+++ b/net-misc/netkit-rsh/files/patches/080_all_jbj5.patch |
563 |
@@ -0,0 +1,29 @@ |
564 |
+--- a/rlogind/auth.c |
565 |
++++ b/rlogind/auth.c |
566 |
+@@ -37,6 +37,7 @@ |
567 |
+ #include "rlogind.h" |
568 |
+ |
569 |
+ #ifdef USE_PAM |
570 |
++#include <grp.h> |
571 |
+ |
572 |
+ /* |
573 |
+ * Modifications for Linux-PAM: Al Longyear <longyear@××××××.com> |
574 |
+@@ -158,18 +159,14 @@ |
575 |
+ pwd = getpwnam(localuser); |
576 |
+ if (pwd==NULL) { |
577 |
+ syslog(LOG_ERR, "user returned by PAM does not exist\n"); |
578 |
+- /* don't print this - it tells people which accounts exist */ |
579 |
+- /*fprintf(stderr, "rlogind: internal error\n");*/ |
580 |
+ return -1; |
581 |
+ } |
582 |
+ if (setgid(pwd->pw_gid) != 0) { |
583 |
+ syslog(LOG_ERR, "cannot assume gid for user returned by PAM\n"); |
584 |
+- fprintf(stderr, "rlogind: internal error\n"); |
585 |
+ return -1; |
586 |
+ } |
587 |
+ if (initgroups(localuser, pwd->pw_gid) != 0) { |
588 |
+ syslog(LOG_ERR, "initgroups failed for user returned by PAM\n"); |
589 |
+- fprintf(stderr, "rlogind: internal error\n"); |
590 |
+ return -1; |
591 |
+ } |
592 |
+ retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); |
593 |
|
594 |
diff --git a/net-misc/netkit-rsh/files/patches/090_all_userandhost.patch b/net-misc/netkit-rsh/files/patches/090_all_userandhost.patch |
595 |
new file mode 100644 |
596 |
index 00000000000..42f135b6e2c |
597 |
--- /dev/null |
598 |
+++ b/net-misc/netkit-rsh/files/patches/090_all_userandhost.patch |
599 |
@@ -0,0 +1,70 @@ |
600 |
+--- a/rlogind/rlogind.c |
601 |
++++ b/rlogind/rlogind.c |
602 |
+@@ -333,9 +333,10 @@ |
603 |
+ |
604 |
+ |
605 |
+ static void child(const char *hname, const char *termtype, |
606 |
+- const char *localuser, int authenticated) |
607 |
++ const char *localuser, int authenticated, |
608 |
++ const char *rusername) |
609 |
+ { |
610 |
+- char *termenv[2]; |
611 |
++ char *termenv[4]; |
612 |
+ |
613 |
+ setup_term(0, termtype); |
614 |
+ |
615 |
+@@ -344,7 +345,17 @@ |
616 |
+ strcpy(termenv[0], "TERM="); |
617 |
+ strcat(termenv[0], termtype); |
618 |
+ } |
619 |
+- termenv[1] = NULL; |
620 |
++ termenv[1] = malloc(strlen(rusername)+12); |
621 |
++ if (termenv[1]) { /* shouldn't ever fail, mind you */ |
622 |
++ strcpy(termenv[1], "REMOTEUSER="); |
623 |
++ strcat(termenv[1], rusername); |
624 |
++ } |
625 |
++ termenv[2] = malloc(strlen(hname)+12); |
626 |
++ if (termenv[2]) { /* shouldn't ever fail, mind you */ |
627 |
++ strcpy(termenv[2], "REMOTEHOST="); |
628 |
++ strcat(termenv[2], hname); |
629 |
++ } |
630 |
++ termenv[3] = NULL; |
631 |
+ |
632 |
+ if (authenticated) { |
633 |
+ auth_finish(); |
634 |
+@@ -420,7 +431,7 @@ |
635 |
+ if (pid == 0) { |
636 |
+ /* netfd should always be 0, but... */ |
637 |
+ if (netfd > 2) close(netfd); |
638 |
+- child(hname, termtype, lusername, authenticated); |
639 |
++ child(hname, termtype, lusername, authenticated, rusername); |
640 |
+ } |
641 |
+ on = 1; |
642 |
+ ioctl(netfd, FIONBIO, &on); |
643 |
+--- a/rshd/rshd.c |
644 |
++++ b/rshd/rshd.c |
645 |
+@@ -102,8 +102,10 @@ |
646 |
+ char homedir[64] = "HOME="; |
647 |
+ char shell[64] = "SHELL="; |
648 |
+ char path[100] = "PATH="; |
649 |
++char remoteuser[20] = "REMOTEUSER="; |
650 |
++char remotehost[50] = "REMOTEHOST="; |
651 |
+ char *envinit[] = |
652 |
+- {homedir, shell, path, username, 0}; |
653 |
++ {homedir, shell, path, username, remoteuser, remotehost, 0}; |
654 |
+ extern char **environ; |
655 |
+ |
656 |
+ static void error(const char *fmt, ...); |
657 |
+@@ -460,6 +462,12 @@ |
658 |
+ strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); |
659 |
+ homedir[sizeof(homedir)-1] = 0; |
660 |
+ |
661 |
++ strncat(remoteuser, remuser, sizeof(remoteuser)-12); |
662 |
++ remoteuser[sizeof(remoteuser)-1] = 0; |
663 |
++ |
664 |
++ strncat(remotehost, hostname, sizeof(remotehost)-12); |
665 |
++ remotehost[sizeof(remotehost)-1] = 0; |
666 |
++ |
667 |
+ strcat(path, _PATH_DEFPATH); |
668 |
+ |
669 |
+ strncat(shell, theshell, sizeof(shell)-7); |
670 |
|
671 |
diff --git a/net-misc/netkit-rsh/files/patches/100_all_strip.patch b/net-misc/netkit-rsh/files/patches/100_all_strip.patch |
672 |
new file mode 100644 |
673 |
index 00000000000..c22765b10dc |
674 |
--- /dev/null |
675 |
+++ b/net-misc/netkit-rsh/files/patches/100_all_strip.patch |
676 |
@@ -0,0 +1,66 @@ |
677 |
+--- a/rcp/Makefile |
678 |
++++ b/rcp/Makefile |
679 |
+@@ -7,7 +7,7 @@ |
680 |
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ |
681 |
+ |
682 |
+ install: rcp |
683 |
+- install -s rcp $(INSTALLROOT)$(BINDIR) |
684 |
++ install rcp $(INSTALLROOT)$(BINDIR) |
685 |
+ install -m$(MANMODE) rcp.1 $(INSTALLROOT)$(MANDIR)/man1 |
686 |
+ |
687 |
+ clean: |
688 |
+--- a/rexecd/Makefile |
689 |
++++ b/rexecd/Makefile |
690 |
+@@ -27,7 +27,7 @@ |
691 |
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ |
692 |
+ |
693 |
+ install: rexecd |
694 |
+- install -s -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd |
695 |
++ install -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd |
696 |
+ install -m$(MANMODE) rexecd.8 $(INSTALLROOT)$(MANDIR)/man8/in.rexecd.8 |
697 |
+ ln -sf in.rexecd.8 $(INSTALLROOT)$(MANDIR)/man8/rexecd.8 |
698 |
+ ifeq ($(USE_PAM),1) |
699 |
+--- a/rlogin/Makefile |
700 |
++++ b/rlogin/Makefile |
701 |
+@@ -10,7 +10,7 @@ |
702 |
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ |
703 |
+ |
704 |
+ install: $(PROG) |
705 |
+- install -s $(PROG) $(INSTALLROOT)$(BINDIR) |
706 |
++ install $(PROG) $(INSTALLROOT)$(BINDIR) |
707 |
+ install -m $(MANMODE) $(PROG).1 $(INSTALLROOT)$(MANDIR)/man1 |
708 |
+ |
709 |
+ clean: |
710 |
+--- a/rlogind/Makefile |
711 |
++++ b/rlogind/Makefile |
712 |
+@@ -20,7 +20,7 @@ |
713 |
+ auth.o network.o: rlogind.h |
714 |
+ |
715 |
+ install: rlogind |
716 |
+- install -s -m$(DAEMONMODE) rlogind $(INSTALLROOT)$(SBINDIR)/in.rlogind |
717 |
++ install -m$(DAEMONMODE) rlogind $(INSTALLROOT)$(SBINDIR)/in.rlogind |
718 |
+ install -m$(MANMODE) rlogind.8 $(INSTALLROOT)$(MANDIR)/man8/in.rlogind.8 |
719 |
+ ln -sf in.rlogind.8 $(INSTALLROOT)$(MANDIR)/man8/rlogind.8 |
720 |
+ |
721 |
+--- a/rsh/Makefile |
722 |
++++ b/rsh/Makefile |
723 |
+@@ -9,7 +9,7 @@ |
724 |
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ |
725 |
+ |
726 |
+ install: rsh |
727 |
+- install -s rsh $(INSTALLROOT)$(BINDIR) |
728 |
++ install rsh $(INSTALLROOT)$(BINDIR) |
729 |
+ install -m$(MANMODE) rsh.1 $(INSTALLROOT)$(MANDIR)/man1 |
730 |
+ |
731 |
+ clean: |
732 |
+--- a/rshd/Makefile |
733 |
++++ b/rshd/Makefile |
734 |
+@@ -14,7 +14,7 @@ |
735 |
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ |
736 |
+ |
737 |
+ install: rshd |
738 |
+- install -s -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd |
739 |
++ install -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd |
740 |
+ install -m$(MANMODE) rshd.8 $(INSTALLROOT)$(MANDIR)/man8/in.rshd.8 |
741 |
+ ln -sf in.rshd.8 $(INSTALLROOT)$(MANDIR)/man8/rshd.8 |
742 |
+ |
743 |
|
744 |
diff --git a/net-misc/netkit-rsh/files/patches/110_all_lfs.patch b/net-misc/netkit-rsh/files/patches/110_all_lfs.patch |
745 |
new file mode 100644 |
746 |
index 00000000000..49a3970a03f |
747 |
--- /dev/null |
748 |
+++ b/net-misc/netkit-rsh/files/patches/110_all_lfs.patch |
749 |
@@ -0,0 +1,25 @@ |
750 |
+--- a/rcp/rcp.c |
751 |
++++ b/rcp/rcp.c |
752 |
+@@ -482,7 +482,7 @@ |
753 |
+ } |
754 |
+ } |
755 |
+ (void)snprintf(buf, sizeof(buf), |
756 |
+- "C%04o %ld %s\n", stb.st_mode&07777, stb.st_size, last); |
757 |
++ "C%04o %lld %s\n", stb.st_mode&07777, (long long)(stb.st_size), last); |
758 |
+ (void)write(rem, buf, (int)strlen(buf)); |
759 |
+ if (response() < 0) { |
760 |
+ (void)close(f); |
761 |
+@@ -614,11 +614,11 @@ |
762 |
+ struct timeval tv[2]; |
763 |
+ enum { YES, NO, DISPLAYED } wrerr; |
764 |
+ BUF *bp; |
765 |
+- off_t i, j; |
766 |
++ off_t i, j, size; |
767 |
+ char ch, *targ; |
768 |
+ const char *why; |
769 |
+ int amt, count, exists, first, mask, mode; |
770 |
+- int ofd, setimes, size, targisdir; |
771 |
++ int ofd, setimes, targisdir; |
772 |
+ char *np, *vect[1], buf[BUFSIZ]; |
773 |
+ |
774 |
+ #define atime tv[0] |
775 |
|
776 |
diff --git a/net-misc/netkit-rsh/files/patches/120_all_chdir.patch b/net-misc/netkit-rsh/files/patches/120_all_chdir.patch |
777 |
new file mode 100644 |
778 |
index 00000000000..2309a118385 |
779 |
--- /dev/null |
780 |
+++ b/net-misc/netkit-rsh/files/patches/120_all_chdir.patch |
781 |
@@ -0,0 +1,57 @@ |
782 |
+--- a/rshd/rshd.c |
783 |
++++ b/rshd/rshd.c |
784 |
+@@ -388,15 +388,6 @@ |
785 |
+ remuser, hostname, locuser, cmdbuf); |
786 |
+ } |
787 |
+ |
788 |
+- if (chdir(pwd->pw_dir) < 0) { |
789 |
+- chdir("/"); |
790 |
+- /* |
791 |
+- * error("No remote directory.\n"); |
792 |
+- * exit(1); |
793 |
+- */ |
794 |
+- } |
795 |
+- |
796 |
+- |
797 |
+ if (pwd->pw_uid != 0 && !access(_PATH_NOLOGIN, F_OK)) { |
798 |
+ error("Logins currently disabled.\n"); |
799 |
+ exit(1); |
800 |
+@@ -456,6 +447,14 @@ |
801 |
+ exit(1); |
802 |
+ } |
803 |
+ environ = envinit; |
804 |
++ |
805 |
++ if (chdir(pwd->pw_dir) < 0) { |
806 |
++ chdir("/"); |
807 |
++ /* |
808 |
++ * error("No remote directory.\n"); |
809 |
++ * exit(1); |
810 |
++ */ |
811 |
++ } |
812 |
+ |
813 |
+ strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); |
814 |
+ homedir[sizeof(homedir)-1] = 0; |
815 |
+--- a/rexecd/rexecd.c |
816 |
++++ b/rexecd/rexecd.c |
817 |
+@@ -375,10 +375,6 @@ |
818 |
+ /* Log successful attempts. */ |
819 |
+ syslog(LOG_INFO, "login from %.128s as %s", remote, user); |
820 |
+ |
821 |
+- if (chdir(pwd->pw_dir) < 0) { |
822 |
+- fatal("No remote directory.\n"); |
823 |
+- } |
824 |
+- |
825 |
+ write(2, "\0", 1); |
826 |
+ if (port) { |
827 |
+ /* If we have a port, dup STDERR on that port KRH */ |
828 |
+@@ -408,6 +404,10 @@ |
829 |
+ if (setuid(pwd->pw_uid)) { |
830 |
+ perror("setuid"); |
831 |
+ exit(1); |
832 |
++ } |
833 |
++ |
834 |
++ if (chdir(pwd->pw_dir) < 0) { |
835 |
++ fatal("No remote directory.\n"); |
836 |
+ } |
837 |
+ |
838 |
+ strcat(path, _PATH_DEFPATH); |
839 |
|
840 |
diff --git a/net-misc/netkit-rsh/files/patches/130_all_pam-nologin.patch b/net-misc/netkit-rsh/files/patches/130_all_pam-nologin.patch |
841 |
new file mode 100644 |
842 |
index 00000000000..b9e8cb147f3 |
843 |
--- /dev/null |
844 |
+++ b/net-misc/netkit-rsh/files/patches/130_all_pam-nologin.patch |
845 |
@@ -0,0 +1,14 @@ |
846 |
+--- a/rlogind/auth.c |
847 |
++++ b/rlogind/auth.c |
848 |
+@@ -127,7 +127,10 @@ |
849 |
+ |
850 |
+ network_confirm(); |
851 |
+ retval = attempt_auth(); |
852 |
+- if (retval != PAM_SUCCESS) { |
853 |
++ if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) { |
854 |
++ syslog(LOG_ERR, "PAM authentication denied for in.rlogind"); |
855 |
++ exit(1); |
856 |
++ } else if (retval != PAM_SUCCESS) { |
857 |
+ syslog(LOG_ERR, "PAM authentication failed for in.rlogind"); |
858 |
+ return -1; |
859 |
+ } |
860 |
|
861 |
diff --git a/net-misc/netkit-rsh/files/patches/140_all_nohostcheck.patch b/net-misc/netkit-rsh/files/patches/140_all_nohostcheck.patch |
862 |
new file mode 100644 |
863 |
index 00000000000..022fc7fd3bc |
864 |
--- /dev/null |
865 |
+++ b/net-misc/netkit-rsh/files/patches/140_all_nohostcheck.patch |
866 |
@@ -0,0 +1,134 @@ |
867 |
+--- a/rlogind/network.c |
868 |
++++ b/rlogind/network.c |
869 |
+@@ -90,7 +90,7 @@ |
870 |
+ |
871 |
+ |
872 |
+ static char * |
873 |
+-find_hostname(const struct sockaddr_in *fromp, int *hostokp) |
874 |
++find_hostname(const struct sockaddr_in *fromp, int no_host_check, int *hostokp) |
875 |
+ { |
876 |
+ struct hostent *hop; |
877 |
+ char *hname; |
878 |
+@@ -102,7 +102,7 @@ |
879 |
+ hname = strdup(inet_ntoa(fromp->sin_addr)); |
880 |
+ hostok = 1; |
881 |
+ } |
882 |
+- else if (check_all || local_domain(hop->h_name)) { |
883 |
++ else if ((check_all || local_domain(hop->h_name )) && !no_host_check ) { |
884 |
+ /* |
885 |
+ * If name returned by gethostbyaddr is in our domain, |
886 |
+ * attempt to verify that we haven't been fooled by someone |
887 |
+@@ -143,7 +143,7 @@ |
888 |
+ |
889 |
+ |
890 |
+ char * |
891 |
+-network_init(int f, int *hostokp) |
892 |
++network_init(int f, int no_host_check, int *hostokp) |
893 |
+ { |
894 |
+ struct sockaddr_in from, *fromp; |
895 |
+ socklen_t fromlen; |
896 |
+@@ -177,7 +177,7 @@ |
897 |
+ |
898 |
+ alarm(0); |
899 |
+ |
900 |
+- hname = find_hostname(fromp, hostokp); |
901 |
++ hname = find_hostname(fromp,no_host_check, hostokp); |
902 |
+ |
903 |
+ port = ntohs(fromp->sin_port); |
904 |
+ if (fromp->sin_family != AF_INET || |
905 |
+--- a/rlogind/rlogind.c |
906 |
++++ b/rlogind/rlogind.c |
907 |
+@@ -84,6 +84,7 @@ |
908 |
+ int use_rhosts = 1; |
909 |
+ int allow_root_rhosts = 0; |
910 |
+ int deny_all_rhosts_hequiv = 0; |
911 |
++static int no_host_check = 0; |
912 |
+ |
913 |
+ static char oobdata[] = {(char)TIOCPKT_WINDOW}; |
914 |
+ static char line[MAXPATHLEN]; |
915 |
+@@ -386,7 +387,7 @@ |
916 |
+ int hostok; |
917 |
+ char lusername[32], rusername[32], termtype[256]; |
918 |
+ |
919 |
+- hname = network_init(netfd, &hostok); |
920 |
++ hname = network_init(netfd, no_host_check, &hostok); |
921 |
+ |
922 |
+ getstr(rusername, sizeof(rusername), "remuser too long"); |
923 |
+ getstr(lusername, sizeof(lusername), "locuser too long"); |
924 |
+@@ -439,15 +440,16 @@ |
925 |
+ openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); |
926 |
+ |
927 |
+ opterr = 0; |
928 |
+- while ((ch = getopt(argc, argv, "ahLln")) != EOF) { |
929 |
++ while ((ch = getopt(argc, argv, "ahLlDn")) != EOF) { |
930 |
+ switch (ch) { |
931 |
+ case 'a': check_all = 1; break; |
932 |
+ case 'h': allow_root_rhosts = 1; break; |
933 |
+ case 'L': deny_all_rhosts_hequiv = 1; break; |
934 |
+ case 'l': use_rhosts = 0; break; |
935 |
++ case 'D': no_host_check = 1; break; |
936 |
+ case 'n': keepalive = 0; break; |
937 |
+ case '?': default: |
938 |
+- syslog(LOG_ERR, "usage: rlogind [-ahLln]"); |
939 |
++ syslog(LOG_ERR, "usage: rlogind [-ahLlDn]"); |
940 |
+ break; |
941 |
+ } |
942 |
+ } |
943 |
+--- a/rlogind/rlogind.h |
944 |
++++ b/rlogind/rlogind.h |
945 |
+@@ -3,7 +3,7 @@ |
946 |
+ void fatal(int f, const char *msg, int syserr); |
947 |
+ |
948 |
+ /* network.c */ |
949 |
+-char *network_init(int fd, int *hostokp); |
950 |
++char *network_init(int fd, int no_host_check, int *hostokp); |
951 |
+ void network_confirm(void); |
952 |
+ void network_anticonfirm(void); |
953 |
+ void network_close(void); |
954 |
+--- a/rshd/rshd.c |
955 |
++++ b/rshd/rshd.c |
956 |
+@@ -90,13 +90,14 @@ |
957 |
+ static pam_handle_t *pamh; |
958 |
+ #endif /* USE_PAM */ |
959 |
+ |
960 |
+-#define OPTIONS "ahlLn" |
961 |
++#define OPTIONS "ahlLnD" |
962 |
+ |
963 |
+ static int keepalive = 1; |
964 |
+ static int check_all = 0; |
965 |
+ static int paranoid = 0; |
966 |
+ static int sent_null; |
967 |
+-static int allow_root_rhosts=0; |
968 |
++static int allow_root_rhosts = 0; |
969 |
++static int no_host_check = 0; |
970 |
+ |
971 |
+ char username[20] = "USER="; |
972 |
+ char homedir[64] = "HOME="; |
973 |
+@@ -305,6 +306,7 @@ |
974 |
+ /* |
975 |
+ * Attempt to confirm the DNS. |
976 |
+ */ |
977 |
++ |
978 |
+ #ifdef RES_DNSRCH |
979 |
+ _res.options &= ~RES_DNSRCH; |
980 |
+ #endif |
981 |
+@@ -323,6 +325,8 @@ |
982 |
+ } |
983 |
+ syslog(LOG_NOTICE, "Host addr %s not listed for host %s", |
984 |
+ inet_ntoa(fromp->sin_addr), hp->h_name); |
985 |
++ if ( no_host_check == 1 ) |
986 |
++ return hostname; |
987 |
+ fail("Host address mismatch for %s\n", |
988 |
+ remuser, inet_ntoa(fromp->sin_addr), locuser, cmdbuf); |
989 |
+ return NULL; /* not reachable */ |
990 |
+@@ -596,6 +600,10 @@ |
991 |
+ paranoid = 1; |
992 |
+ break; |
993 |
+ |
994 |
++ case 'D': |
995 |
++ no_host_check = 1; |
996 |
++ break; |
997 |
++ |
998 |
+ case '?': |
999 |
+ default: |
1000 |
+ syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS); |
1001 |
|
1002 |
diff --git a/net-misc/netkit-rsh/files/patches/150_all_rexec-netrc.patch b/net-misc/netkit-rsh/files/patches/150_all_rexec-netrc.patch |
1003 |
new file mode 100644 |
1004 |
index 00000000000..13b4b84fad1 |
1005 |
--- /dev/null |
1006 |
+++ b/net-misc/netkit-rsh/files/patches/150_all_rexec-netrc.patch |
1007 |
@@ -0,0 +1,251 @@ |
1008 |
+--- a/rexec/ruserpass.c |
1009 |
++++ b/rexec/ruserpass.c |
1010 |
+@@ -0,0 +1,214 @@ |
1011 |
++/* |
1012 |
++ * Copyright (c) 1985 Regents of the University of California. |
1013 |
++ * All rights reserved. |
1014 |
++ * |
1015 |
++ * Redistribution and use in source and binary forms, with or without |
1016 |
++ * modification, are permitted provided that the following conditions |
1017 |
++ * are met: |
1018 |
++ * 1. Redistributions of source code must retain the above copyright |
1019 |
++ * notice, this list of conditions and the following disclaimer. |
1020 |
++ * 2. Redistributions in binary form must reproduce the above copyright |
1021 |
++ * notice, this list of conditions and the following disclaimer in the |
1022 |
++ * documentation and/or other materials provided with the distribution. |
1023 |
++ * 3. All advertising materials mentioning features or use of this software |
1024 |
++ * must display the following acknowledgement: |
1025 |
++ * This product includes software developed by the University of |
1026 |
++ * California, Berkeley and its contributors. |
1027 |
++ * 4. Neither the name of the University nor the names of its contributors |
1028 |
++ * may be used to endorse or promote products derived from this software |
1029 |
++ * without specific prior written permission. |
1030 |
++ * |
1031 |
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
1032 |
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
1033 |
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
1034 |
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
1035 |
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
1036 |
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
1037 |
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
1038 |
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
1039 |
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
1040 |
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
1041 |
++ * SUCH DAMAGE. |
1042 |
++ */ |
1043 |
++ |
1044 |
++/* |
1045 |
++ * from: @(#)ruserpass.c 5.3 (Berkeley) 3/1/91 |
1046 |
++ */ |
1047 |
++char ruserpass_rcsid[] = |
1048 |
++ "$Id: 150_all_rexec-netrc.patch,v 1.1 2006/10/14 23:09:28 drizzt Exp $"; |
1049 |
++ |
1050 |
++#include <stdio.h> |
1051 |
++#include <stdlib.h> |
1052 |
++#include <utmp.h> |
1053 |
++#include <ctype.h> |
1054 |
++#include <sys/stat.h> |
1055 |
++#include <sys/param.h> |
1056 |
++#include <errno.h> |
1057 |
++#include <string.h> |
1058 |
++#include <unistd.h> |
1059 |
++ |
1060 |
++static FILE *cfile; |
1061 |
++static int token(void); |
1062 |
++ |
1063 |
++#define MACBUF_LEN 4096 |
1064 |
++ |
1065 |
++#define DEFAULT 1 |
1066 |
++#define LOGIN 2 |
1067 |
++#define PASSWD 3 |
1068 |
++#define ACCOUNT 4 |
1069 |
++#define MACDEF 5 |
1070 |
++#define ID 10 |
1071 |
++#define MACH 11 |
1072 |
++ |
1073 |
++static char tokval[100]; |
1074 |
++ |
1075 |
++static struct toktab { |
1076 |
++ const char *tokstr; |
1077 |
++ int tval; |
1078 |
++} toktab[]= { |
1079 |
++ { "default", DEFAULT }, |
1080 |
++ { "login", LOGIN }, |
1081 |
++ { "password", PASSWD }, |
1082 |
++ { "passwd", PASSWD }, |
1083 |
++ { "account", ACCOUNT }, |
1084 |
++ { "machine", MACH }, |
1085 |
++ { "macdef", MACDEF }, |
1086 |
++ { NULL, 0 } |
1087 |
++}; |
1088 |
++ |
1089 |
++int |
1090 |
++xruserpass(const char *host, char **aname, char **apass) |
1091 |
++{ |
1092 |
++ const char *hdir; |
1093 |
++ char buf[BUFSIZ], *tmp; |
1094 |
++ char myname[MAXHOSTNAMELEN]; |
1095 |
++ const char *mydomain; |
1096 |
++ int t, usedefault = 0; |
1097 |
++ struct stat stb; |
1098 |
++ |
1099 |
++ hdir = getenv("HOME"); |
1100 |
++ if (hdir == NULL) |
1101 |
++ hdir = "."; |
1102 |
++ snprintf(buf, sizeof(buf), "%s/.netrc", hdir); |
1103 |
++ cfile = fopen(buf, "r"); |
1104 |
++ if (cfile == NULL) { |
1105 |
++ if (errno != ENOENT) |
1106 |
++ perror(buf); |
1107 |
++ return(0); |
1108 |
++ } |
1109 |
++ if (gethostname(myname, sizeof(myname)) < 0) |
1110 |
++ myname[0] = '\0'; |
1111 |
++ if ((mydomain = strchr(myname, '.')) == NULL) |
1112 |
++ mydomain = ""; |
1113 |
++next: |
1114 |
++ while ((t = token())) switch(t) { |
1115 |
++ |
1116 |
++ case DEFAULT: |
1117 |
++ usedefault = 1; |
1118 |
++ /* FALL THROUGH */ |
1119 |
++ |
1120 |
++ case MACH: |
1121 |
++ if (!usedefault) { |
1122 |
++ if (token() != ID) |
1123 |
++ continue; |
1124 |
++ /* |
1125 |
++ * Allow match of incompletely-specified host in |
1126 |
++ * local domain. |
1127 |
++ */ |
1128 |
++ if (strcasecmp(host, tokval) == 0) |
1129 |
++ goto match; |
1130 |
++ if ((tmp = index(host, '.')) != NULL && |
1131 |
++ strcasecmp(tmp, mydomain) == 0 && |
1132 |
++ strncasecmp(host, tokval, tmp - host) == 0 && |
1133 |
++ tokval[tmp - host] == '\0') |
1134 |
++ goto match; |
1135 |
++ continue; |
1136 |
++ } |
1137 |
++ match: |
1138 |
++ while ((t = token()) && t != MACH && t != DEFAULT) switch(t) { |
1139 |
++ |
1140 |
++ case LOGIN: |
1141 |
++ if (token()) { |
1142 |
++ if (*aname == 0) { |
1143 |
++ *aname = malloc((unsigned) strlen(tokval) + 1); |
1144 |
++ (void) strcpy(*aname, tokval); |
1145 |
++ } else { |
1146 |
++ if (strcmp(*aname, tokval)) |
1147 |
++ goto next; |
1148 |
++ } |
1149 |
++ } |
1150 |
++ break; |
1151 |
++ case PASSWD: |
1152 |
++ if (*aname==NULL) { |
1153 |
++ fprintf(stderr, "Error: `password' must follow `login' in .netrc\n"); |
1154 |
++ goto bad; |
1155 |
++ } |
1156 |
++ if (strcmp(*aname, "anonymous") && |
1157 |
++ fstat(fileno(cfile), &stb) >= 0 && |
1158 |
++ (stb.st_mode & 077) != 0) { |
1159 |
++ fprintf(stderr, "Error - .netrc file not correct permissions.\n"); |
1160 |
++ fprintf(stderr, "Remove password or correct mode (should be 600).\n"); |
1161 |
++ goto bad; |
1162 |
++ } |
1163 |
++ if (token() && *apass == 0) { |
1164 |
++ *apass = malloc((unsigned) strlen(tokval) + 1); |
1165 |
++ (void) strcpy(*apass, tokval); |
1166 |
++ } |
1167 |
++ break; |
1168 |
++ case ACCOUNT: |
1169 |
++ break; |
1170 |
++ case MACDEF: |
1171 |
++ break; |
1172 |
++ default: |
1173 |
++ fprintf(stderr, "Unknown .netrc keyword %s\n", tokval); |
1174 |
++ break; |
1175 |
++ } |
1176 |
++ goto done; |
1177 |
++ } |
1178 |
++done: |
1179 |
++ (void) fclose(cfile); |
1180 |
++ return(0); |
1181 |
++bad: |
1182 |
++ (void) fclose(cfile); |
1183 |
++ return(-1); |
1184 |
++} |
1185 |
++ |
1186 |
++static |
1187 |
++int |
1188 |
++token(void) |
1189 |
++{ |
1190 |
++ char *cp; |
1191 |
++ int c; |
1192 |
++ struct toktab *t; |
1193 |
++ |
1194 |
++ if (feof(cfile)) |
1195 |
++ return (0); |
1196 |
++ while ((c = getc(cfile)) != EOF && |
1197 |
++ (c == '\n' || c == '\t' || c == ' ' || c == ',')) |
1198 |
++ continue; |
1199 |
++ if (c == EOF) |
1200 |
++ return (0); |
1201 |
++ cp = tokval; |
1202 |
++ if (c == '"') { |
1203 |
++ while ((c = getc(cfile)) != EOF && c != '"') { |
1204 |
++ if (c == '\\') |
1205 |
++ c = getc(cfile); |
1206 |
++ *cp++ = c; |
1207 |
++ } |
1208 |
++ } else { |
1209 |
++ *cp++ = c; |
1210 |
++ while ((c = getc(cfile)) != EOF |
1211 |
++ && c != '\n' && c != '\t' && c != ' ' && c != ',') { |
1212 |
++ if (c == '\\') |
1213 |
++ c = getc(cfile); |
1214 |
++ *cp++ = c; |
1215 |
++ } |
1216 |
++ } |
1217 |
++ *cp = 0; |
1218 |
++ if (tokval[0] == 0) |
1219 |
++ return (0); |
1220 |
++ for (t = toktab; t->tokstr; t++) |
1221 |
++ if (!strcmp(t->tokstr, tokval)) |
1222 |
++ return (t->tval); |
1223 |
++ return (ID); |
1224 |
++} |
1225 |
+--- a/rexec/rexec.c |
1226 |
++++ b/rexec/rexec.c |
1227 |
+@@ -100,6 +100,8 @@ |
1228 |
+ void echo_sig(int sig); |
1229 |
+ void safe_write_error(const char *message); |
1230 |
+ |
1231 |
++int xruserpass(const char *host, char **aname, char **apass); |
1232 |
++ |
1233 |
+ /* These need to be global for signal passing. */ |
1234 |
+ int aux_sock=-1; /* Socket for auxiliary channel. */ |
1235 |
+ int extra_error = 1; /* Setup special channel for standard error? */ |
1236 |
+@@ -165,7 +167,10 @@ |
1237 |
+ a newline. */ |
1238 |
+ passwd = getpass("Password: "); |
1239 |
+ } else { |
1240 |
+- |
1241 |
++ if (xruserpass(host, &user_name, &passwd) < 0) { |
1242 |
++ user_name = NULL; |
1243 |
++ passwd = NULL; |
1244 |
++ } |
1245 |
+ if ( user_name == NULL ) |
1246 |
+ user_name = getenv("REXEC_USER"); |
1247 |
+ if ( user_name == NULL ) { |
1248 |
+--- a/rexec/Makefile.netrc |
1249 |
++++ b/rexec/Makefile |
1250 |
+@@ -11,7 +11,7 @@ |
1251 |
+ |
1252 |
+ all: rexec |
1253 |
+ |
1254 |
+-rexec: rexec.c |
1255 |
++rexec: rexec.o ruserpass.o |
1256 |
+ |
1257 |
+ rexec.1: |
1258 |
+ |
1259 |
|
1260 |
diff --git a/net-misc/netkit-rsh/files/patches/160_all_pam-sess.patch b/net-misc/netkit-rsh/files/patches/160_all_pam-sess.patch |
1261 |
new file mode 100644 |
1262 |
index 00000000000..e0d416576d1 |
1263 |
--- /dev/null |
1264 |
+++ b/net-misc/netkit-rsh/files/patches/160_all_pam-sess.patch |
1265 |
@@ -0,0 +1,12 @@ |
1266 |
+--- a/rexecd/rexecd.c |
1267 |
++++ b/rexecd/rexecd.c |
1268 |
+@@ -307,6 +307,9 @@ |
1269 |
+ PAM_BAIL; |
1270 |
+ pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED); |
1271 |
+ PAM_BAIL; |
1272 |
++ pam_error = pam_open_session(pamh, 0); |
1273 |
++ PAM_BAIL; |
1274 |
++ pam_close_session(pamh, 0); |
1275 |
+ pam_end(pamh, PAM_SUCCESS); |
1276 |
+ /* If this point is reached, the user has been authenticated. */ |
1277 |
+ setpwent(); |
1278 |
|
1279 |
diff --git a/net-misc/netkit-rsh/files/patches/170_all_errno.patch b/net-misc/netkit-rsh/files/patches/170_all_errno.patch |
1280 |
new file mode 100644 |
1281 |
index 00000000000..32b1d0ee01d |
1282 |
--- /dev/null |
1283 |
+++ b/net-misc/netkit-rsh/files/patches/170_all_errno.patch |
1284 |
@@ -0,0 +1,51 @@ |
1285 |
+--- a/rcp/rcp.c |
1286 |
++++ b/rcp/rcp.c |
1287 |
+@@ -613,6 +613,7 @@ |
1288 |
+ struct stat stb; |
1289 |
+ struct timeval tv[2]; |
1290 |
+ enum { YES, NO, DISPLAYED } wrerr; |
1291 |
++ int werrno = 0; |
1292 |
+ BUF *bp; |
1293 |
+ off_t i, j, size; |
1294 |
+ char ch, *targ; |
1295 |
+@@ -766,6 +767,7 @@ |
1296 |
+ cp = bp->buf; |
1297 |
+ count = 0; |
1298 |
+ wrerr = NO; |
1299 |
++ werrno = 0; |
1300 |
+ for (i = 0; i < size; i += BUFSIZ) { |
1301 |
+ amt = BUFSIZ; |
1302 |
+ if (i + amt > size) |
1303 |
+@@ -784,16 +786,20 @@ |
1304 |
+ } while (amt > 0); |
1305 |
+ if (count == bp->cnt) { |
1306 |
+ if (wrerr == NO && |
1307 |
+- write(ofd, bp->buf, count) != count) |
1308 |
++ write(ofd, bp->buf, count) != count) { |
1309 |
+ wrerr = YES; |
1310 |
++ werrno = errno; |
1311 |
++ } |
1312 |
+ count = 0; |
1313 |
+ cp = bp->buf; |
1314 |
+ } |
1315 |
+ } |
1316 |
+ if (count != 0 && wrerr == NO && |
1317 |
+- write(ofd, bp->buf, count) != count) |
1318 |
++ write(ofd, bp->buf, count) != count) { |
1319 |
+ wrerr = YES; |
1320 |
+- if (ftruncate(ofd, size)) { |
1321 |
++ werrno = errno; |
1322 |
++ } |
1323 |
++ if (wrerr == NO && ftruncate(ofd, size)) { |
1324 |
+ error("rcp: can't truncate %s: %s\n", np, |
1325 |
+ strerror(errno)); |
1326 |
+ wrerr = DISPLAYED; |
1327 |
+@@ -810,7 +816,7 @@ |
1328 |
+ } |
1329 |
+ switch(wrerr) { |
1330 |
+ case YES: |
1331 |
+- error("rcp: %s: %s\n", np, strerror(errno)); |
1332 |
++ error("rcp: %s: %s\n", np, strerror(werrno)); |
1333 |
+ break; |
1334 |
+ case NO: |
1335 |
+ (void)write(rem, "", 1); |
1336 |
|
1337 |
diff --git a/net-misc/netkit-rsh/files/patches/180_all_rexec-sig.patch b/net-misc/netkit-rsh/files/patches/180_all_rexec-sig.patch |
1338 |
new file mode 100644 |
1339 |
index 00000000000..4896bfa2349 |
1340 |
--- /dev/null |
1341 |
+++ b/net-misc/netkit-rsh/files/patches/180_all_rexec-sig.patch |
1342 |
@@ -0,0 +1,17 @@ |
1343 |
+--- a/rexec/rexec.c |
1344 |
++++ b/rexec/rexec.c |
1345 |
+@@ -434,10 +434,10 @@ |
1346 |
+ break; |
1347 |
+ default: |
1348 |
+ if ( sigaction(sig, NULL, &action) < 0 ) |
1349 |
+- { |
1350 |
+- perror(progname); |
1351 |
+- exit(1); |
1352 |
+- } |
1353 |
++ /* in the signal(7) you can found "...except SIGKILL and SIGSTOP", |
1354 |
++ * but we detect problems with more signals... |
1355 |
++ */ |
1356 |
++ return; |
1357 |
+ if ( action.sa_handler != SIG_IGN ) |
1358 |
+ { |
1359 |
+ action.sa_handler = handler; |
1360 |
|
1361 |
diff --git a/net-misc/netkit-rsh/files/patches/190_all_nohost.patch b/net-misc/netkit-rsh/files/patches/190_all_nohost.patch |
1362 |
new file mode 100644 |
1363 |
index 00000000000..8258eb10576 |
1364 |
--- /dev/null |
1365 |
+++ b/net-misc/netkit-rsh/files/patches/190_all_nohost.patch |
1366 |
@@ -0,0 +1,63 @@ |
1367 |
+--- a/rexecd/rexecd.8 |
1368 |
++++ b/rexecd/rexecd.8 |
1369 |
+@@ -40,6 +40,16 @@ |
1370 |
+ .Nd remote execution server |
1371 |
+ .Sh SYNOPSIS |
1372 |
+ .Nm rexecd |
1373 |
++[ |
1374 |
++\fB\-D\fP |
1375 |
++] |
1376 |
++.Sh OPTIONS |
1377 |
++.Nm Rexec |
1378 |
++accepts one option: |
1379 |
++.Pp |
1380 |
++.Bl -tag -width Ds |
1381 |
++.It Sy -D |
1382 |
++Disable reverse DNS look up and in the log will be used client IP addresses. |
1383 |
+ .Sh DESCRIPTION |
1384 |
+ .Nm Rexecd |
1385 |
+ is the server for the |
1386 |
+--- a/rexecd/rexecd.c |
1387 |
++++ b/rexecd/rexecd.c |
1388 |
+@@ -82,7 +82,9 @@ |
1389 |
+ #include <string.h> |
1390 |
+ #include <paths.h> |
1391 |
+ #include <grp.h> |
1392 |
+- |
1393 |
++#include <arpa/inet.h> |
1394 |
++ |
1395 |
++ |
1396 |
+ #ifdef USE_SHADOW |
1397 |
+ #include <shadow.h> |
1398 |
+ #endif |
1399 |
+@@ -141,16 +143,22 @@ |
1400 |
+ refuse(&from_host); |
1401 |
+ remote = hosts_info(&from_host); |
1402 |
+ #else |
1403 |
++ if (argc > 1 && argv[1] && strcmp(argv[1], "-D")==0) |
1404 |
+ { |
1405 |
+- struct hostent *h = gethostbyaddr((const char *)&from.sin_addr, |
1406 |
+- sizeof(struct in_addr), |
1407 |
+- AF_INET); |
1408 |
+- if (!h || !h->h_name) { |
1409 |
+- write(0, "\1Where are you?\n", 16); |
1410 |
+- return 1; |
1411 |
++ /* use IP in logs -- this is workaround */ |
1412 |
++ remote = strdup(inet_ntoa(from.sin_addr)); |
1413 |
+ } |
1414 |
+- /* Be advised that this may be utter nonsense. */ |
1415 |
+- remote = strdup(h->h_name); |
1416 |
++ else |
1417 |
++ { |
1418 |
++ struct hostent *h = gethostbyaddr((const char *)&from.sin_addr, |
1419 |
++ sizeof(struct in_addr), |
1420 |
++ AF_INET); |
1421 |
++ if (!h || !h->h_name) { |
1422 |
++ write(0, "\1Where are you?\n", 16); |
1423 |
++ return 1; |
1424 |
++ } |
1425 |
++ /* Be advised that this may be utter nonsense. */ |
1426 |
++ remote = strdup(h->h_name); |
1427 |
+ } |
1428 |
+ #endif |
1429 |
+ syslog(allow_severity, "connect from %.128s", remote); |
1430 |
|
1431 |
diff --git a/net-misc/netkit-rsh/files/patches/200_all_ignchld.patch b/net-misc/netkit-rsh/files/patches/200_all_ignchld.patch |
1432 |
new file mode 100644 |
1433 |
index 00000000000..f916458d47d |
1434 |
--- /dev/null |
1435 |
+++ b/net-misc/netkit-rsh/files/patches/200_all_ignchld.patch |
1436 |
@@ -0,0 +1,22 @@ |
1437 |
+--- a/rlogind/rlogind.c |
1438 |
++++ b/rlogind/rlogind.c |
1439 |
+@@ -440,7 +440,7 @@ |
1440 |
+ ioctl(master, TIOCPKT, &on); |
1441 |
+ signal(SIGCHLD, cleanup); |
1442 |
+ protocol(netfd, master); |
1443 |
+- signal(SIGCHLD, SIG_IGN); |
1444 |
++ signal(SIGCHLD, SIG_DFL); |
1445 |
+ cleanup(0); |
1446 |
+ } |
1447 |
+ |
1448 |
+--- a/rlogin/rlogin.c |
1449 |
++++ b/rlogin/rlogin.c |
1450 |
+@@ -523,7 +523,7 @@ |
1451 |
+ stop(char cmdc) |
1452 |
+ { |
1453 |
+ mode(0); |
1454 |
+- signal(SIGCHLD, SIG_IGN); |
1455 |
++ signal(SIGCHLD, SIG_DFL); |
1456 |
+ kill(cmdc == defsusp ? 0 : getpid(), SIGTSTP); |
1457 |
+ signal(SIGCHLD, catch_child); |
1458 |
+ mode(1); |
1459 |
|
1460 |
diff --git a/net-misc/netkit-rsh/files/patches/210_all_checkdir-r1.patch b/net-misc/netkit-rsh/files/patches/210_all_checkdir-r1.patch |
1461 |
new file mode 100644 |
1462 |
index 00000000000..4fde4031550 |
1463 |
--- /dev/null |
1464 |
+++ b/net-misc/netkit-rsh/files/patches/210_all_checkdir-r1.patch |
1465 |
@@ -0,0 +1,23 @@ |
1466 |
+--- a/rcp/rcp.c |
1467 |
++++ b/rcp/rcp.c |
1468 |
+@@ -716,6 +716,11 @@ |
1469 |
+ size = size * 10 + (*cp++ - '0'); |
1470 |
+ if (*cp++ != ' ') |
1471 |
+ SCREWUP("size not delimited"); |
1472 |
++ if (*cp == '\0' || strchr(cp, '/') != NULL || |
1473 |
++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { |
1474 |
++ error("error: unexpected filename: %s", cp); |
1475 |
++ exit(1); |
1476 |
++ } |
1477 |
+ if (targisdir) { |
1478 |
+ static char *namebuf; |
1479 |
+ static int cursize; |
1480 |
+@@ -735,6 +739,8 @@ |
1481 |
+ np = targ; |
1482 |
+ exists = stat(np, &stb) == 0; |
1483 |
+ if (buf[0] == 'D') { |
1484 |
++ if (!iamrecursive) |
1485 |
++ SCREWUP("received directory without -r"); |
1486 |
+ if (exists) { |
1487 |
+ if ((stb.st_mode&S_IFMT) != S_IFDIR) { |
1488 |
+ errno = ENOTDIR; |
1489 |
|
1490 |
diff --git a/net-misc/netkit-rsh/files/patches/220_all_fbsd.patch b/net-misc/netkit-rsh/files/patches/220_all_fbsd.patch |
1491 |
new file mode 100644 |
1492 |
index 00000000000..3b108c17f4a |
1493 |
--- /dev/null |
1494 |
+++ b/net-misc/netkit-rsh/files/patches/220_all_fbsd.patch |
1495 |
@@ -0,0 +1,222 @@ |
1496 |
+--- a/configure |
1497 |
++++ b/configure |
1498 |
+@@ -368,9 +368,35 @@ |
1499 |
+ |
1500 |
+ ################################################## |
1501 |
+ |
1502 |
++echo -n 'Checking for rexec... ' |
1503 |
++cat <<EOF >__conftest.c |
1504 |
++int main() { rexec(0, 0, 0, 0, 0, 0); } |
1505 |
++ |
1506 |
++EOF |
1507 |
++ |
1508 |
++if ( |
1509 |
++ $CC $CFLAGS __conftest.c -o __conftest || exit 1 |
1510 |
++ ) >/dev/null 2>&1; then |
1511 |
++ echo 'yes' |
1512 |
++else |
1513 |
++ if ( |
1514 |
++ $CC $CFLAGS __conftest.c -lcompat -o __conftest || exit 1 |
1515 |
++ ) >/dev/null 2>&1; then |
1516 |
++ echo '-lcompat' |
1517 |
++ LIBS="$LIBS -lcompat" |
1518 |
++ else |
1519 |
++ echo 'no' |
1520 |
++ echo 'This package requires rexec.' |
1521 |
++ rm -f __conftest* |
1522 |
++ exit |
1523 |
++ fi |
1524 |
++fi |
1525 |
++rm -f __conftest* |
1526 |
++ |
1527 |
++################################################## |
1528 |
++ |
1529 |
+ echo -n 'Checking for forkpty... ' |
1530 |
+ cat <<EOF >__conftest.c |
1531 |
+-#include <pty.h> |
1532 |
+ int main() { forkpty(0, 0, 0, 0); } |
1533 |
+ |
1534 |
+ EOF |
1535 |
+--- a/rcp/rcp.c |
1536 |
++++ b/rcp/rcp.c |
1537 |
+@@ -50,6 +50,7 @@ |
1538 |
+ #include <sys/ioctl.h> |
1539 |
+ #include <sys/socket.h> |
1540 |
+ #include <sys/wait.h> |
1541 |
++#include <netinet/in_systm.h> |
1542 |
+ #include <netinet/in.h> |
1543 |
+ #include <netinet/ip.h> |
1544 |
+ #include <dirent.h> |
1545 |
+@@ -100,7 +101,7 @@ |
1546 |
+ static void error(const char *fmt, ...); |
1547 |
+ |
1548 |
+ int |
1549 |
+-main(int argc, char *argv[]) |
1550 |
++main(int argc, char *argv[], char **env) |
1551 |
+ { |
1552 |
+ struct servent *sp; |
1553 |
+ int ch, fflag, tflag; |
1554 |
+@@ -108,8 +109,8 @@ |
1555 |
+ const char *shell; |
1556 |
+ char *null = NULL; |
1557 |
+ |
1558 |
+- saved_environ = __environ; |
1559 |
+- __environ = &null; |
1560 |
++ saved_environ = env; |
1561 |
++ env = &null; |
1562 |
+ |
1563 |
+ fflag = tflag = 0; |
1564 |
+ while ((ch = getopt(argc, argv, OPTIONS)) != EOF) |
1565 |
+--- a/rexec/Makefile |
1566 |
++++ b/rexec/Makefile |
1567 |
+@@ -12,6 +12,7 @@ |
1568 |
+ all: rexec |
1569 |
+ |
1570 |
+ rexec: rexec.o ruserpass.o |
1571 |
++ $(CC) $(CFLAGS) $(LDFLAGS) $^ $(LIBS) -o $@ |
1572 |
+ |
1573 |
+ rexec.1: |
1574 |
+ |
1575 |
+--- a/rexec/ruserpass.c |
1576 |
++++ b/rexec/ruserpass.c |
1577 |
+@@ -39,6 +39,7 @@ |
1578 |
+ |
1579 |
+ #include <stdio.h> |
1580 |
+ #include <stdlib.h> |
1581 |
++#include <sys/types.h> |
1582 |
+ #include <utmp.h> |
1583 |
+ #include <ctype.h> |
1584 |
+ #include <sys/stat.h> |
1585 |
+--- a/rexecd/rexecd.c |
1586 |
++++ b/rexecd/rexecd.c |
1587 |
+@@ -76,7 +76,9 @@ |
1588 |
+ #include <errno.h> |
1589 |
+ #include <syslog.h> |
1590 |
+ #include <unistd.h> |
1591 |
++#if defined(__GLIBC__) |
1592 |
+ #include <crypt.h> /* apparently necessary in some glibcs */ |
1593 |
++#endif |
1594 |
+ #include <stdio.h> |
1595 |
+ #include <stdlib.h> |
1596 |
+ #include <string.h> |
1597 |
+--- a/rlogin/rlogin.c |
1598 |
++++ b/rlogin/rlogin.c |
1599 |
+@@ -56,6 +56,7 @@ |
1600 |
+ #include <sys/resource.h> |
1601 |
+ #include <sys/wait.h> |
1602 |
+ #include <sys/ioctl.h> |
1603 |
++#include <netinet/in_systm.h> |
1604 |
+ #include <netinet/in.h> |
1605 |
+ #include <netinet/ip.h> |
1606 |
+ #include <netdb.h> |
1607 |
+@@ -96,6 +97,13 @@ |
1608 |
+ #define SIGUSR1 30 |
1609 |
+ #endif |
1610 |
+ |
1611 |
++#ifndef TABDLY |
1612 |
++#define TABDLY OXTABS |
1613 |
++#endif |
1614 |
++#ifndef TAB3 |
1615 |
++#define TAB3 OXTABS |
1616 |
++#endif |
1617 |
++ |
1618 |
+ struct termios defmodes; |
1619 |
+ struct termios ixon_state; |
1620 |
+ static int eight, litout, rem; |
1621 |
+@@ -172,7 +180,7 @@ |
1622 |
+ } |
1623 |
+ |
1624 |
+ int |
1625 |
+-main(int argc, char **argv) |
1626 |
++main(int argc, char **argv, char **env) |
1627 |
+ { |
1628 |
+ struct passwd *pw; |
1629 |
+ struct servent *sp; |
1630 |
+@@ -265,7 +273,7 @@ |
1631 |
+ } |
1632 |
+ else snprintf(term, sizeof(term), "%.256s", t); |
1633 |
+ |
1634 |
+- __environ = &null; |
1635 |
++ env = &null; |
1636 |
+ |
1637 |
+ get_window_size(0, &winsize); |
1638 |
+ |
1639 |
+@@ -421,7 +429,7 @@ |
1640 |
+ void |
1641 |
+ catch_child(int ignore) |
1642 |
+ { |
1643 |
+- union wait status; |
1644 |
++ int status; |
1645 |
+ int pid; |
1646 |
+ |
1647 |
+ (void)ignore; |
1648 |
+@@ -432,7 +440,7 @@ |
1649 |
+ return; |
1650 |
+ /* if the child (reader) dies, just quit */ |
1651 |
+ if (pid < 0 || (pid == childpid && !WIFSTOPPED(status))) |
1652 |
+- done((int)(status.w_termsig | status.w_retcode)); |
1653 |
++ done((int)(WTERMSIG(status) | WEXITSTATUS(status))); |
1654 |
+ } |
1655 |
+ /* NOTREACHED */ |
1656 |
+ } |
1657 |
+--- a/rlogind/auth.c |
1658 |
++++ b/rlogind/auth.c |
1659 |
+@@ -31,6 +31,7 @@ |
1660 |
+ * SUCH DAMAGE. |
1661 |
+ */ |
1662 |
+ |
1663 |
++#include <stdio.h> |
1664 |
+ #include <sys/types.h> |
1665 |
+ #include <pwd.h> |
1666 |
+ |
1667 |
+@@ -190,7 +191,7 @@ |
1668 |
+ #include <sys/socket.h> /* for ruserok() in libc5 (!) */ |
1669 |
+ #include <netdb.h> /* for ruserok() in glibc (!) */ |
1670 |
+ |
1671 |
+-#if defined(__GLIBC__) && (__GLIBC__ >= 2) |
1672 |
++#if !(defined(__GLIBC__) && (__GLIBC__ < 2)) |
1673 |
+ #define _check_rhosts_file __check_rhosts_file |
1674 |
+ #endif |
1675 |
+ extern int _check_rhosts_file; |
1676 |
+--- a/rsh/rsh.c |
1677 |
++++ b/rsh/rsh.c |
1678 |
+@@ -69,7 +69,7 @@ |
1679 |
+ static void usage(void); |
1680 |
+ |
1681 |
+ int |
1682 |
+-main(int argc, char *argv[]) |
1683 |
++main(int argc, char *argv[], char **env) |
1684 |
+ { |
1685 |
+ struct passwd *pw; |
1686 |
+ struct servent *sp; |
1687 |
+@@ -80,8 +80,8 @@ |
1688 |
+ char *null = NULL; |
1689 |
+ char **saved_environ; |
1690 |
+ |
1691 |
+- saved_environ = __environ; |
1692 |
+- __environ = &null; |
1693 |
++ saved_environ = env; |
1694 |
++ env = &null; |
1695 |
+ |
1696 |
+ argoff = asrsh = dflag = nflag = 0; |
1697 |
+ one = 1; |
1698 |
+--- a/rshd/rshd.c |
1699 |
++++ b/rshd/rshd.c |
1700 |
+@@ -80,7 +80,7 @@ |
1701 |
+ #include <ctype.h> |
1702 |
+ #include <assert.h> |
1703 |
+ |
1704 |
+-#if defined(__GLIBC__) && (__GLIBC__ >= 2) |
1705 |
++#if !(defined(__GLIBC__) && (__GLIBC__ < 2)) |
1706 |
+ #define _check_rhosts_file __check_rhosts_file |
1707 |
+ #endif |
1708 |
+ |
1709 |
+@@ -420,7 +420,7 @@ |
1710 |
+ stderr_parent(sock, pv[0], pid); |
1711 |
+ /* NOTREACHED */ |
1712 |
+ } |
1713 |
+- setpgrp(); |
1714 |
++ setpgid(0,0); |
1715 |
+ close(sock); |
1716 |
+ close(pv[0]); |
1717 |
+ dup2(pv[1], 2); |
1718 |
|
1719 |
diff --git a/net-misc/netkit-rsh/files/patches/230_all_MAX_ARG.patch b/net-misc/netkit-rsh/files/patches/230_all_MAX_ARG.patch |
1720 |
new file mode 100644 |
1721 |
index 00000000000..1b069b5c5e4 |
1722 |
--- /dev/null |
1723 |
+++ b/net-misc/netkit-rsh/files/patches/230_all_MAX_ARG.patch |
1724 |
@@ -0,0 +1,96 @@ |
1725 |
+fix building when ARG_MAX is not defined |
1726 |
+ |
1727 |
+patch by Tom-Steve Watzke |
1728 |
+ |
1729 |
+http://bugs.gentoo.org/225341 |
1730 |
+ |
1731 |
+--- a/rexecd/rexecd.c |
1732 |
++++ b/rexecd/rexecd.c |
1733 |
+@@ -85,6 +85,7 @@ char rcsid[] = |
1734 |
+ #include <paths.h> |
1735 |
+ #include <grp.h> |
1736 |
+ #include <arpa/inet.h> |
1737 |
++#include <limits.h> |
1738 |
+ |
1739 |
+ |
1740 |
+ #ifdef USE_SHADOW |
1741 |
+@@ -233,7 +234,8 @@ static struct pam_conv PAM_conversation = { |
1742 |
+ static void |
1743 |
+ doit(struct sockaddr_in *fromp) |
1744 |
+ { |
1745 |
+- char cmdbuf[ARG_MAX+1]; |
1746 |
++ char *cmdbuf; |
1747 |
++ int cmdbuflen; |
1748 |
+ char user[16], pass[16]; |
1749 |
+ struct passwd *pwd; |
1750 |
+ int s = -1; |
1751 |
+@@ -252,6 +254,15 @@ doit(struct sockaddr_in *fromp) |
1752 |
+ #endif |
1753 |
+ #endif /* USE_PAM */ |
1754 |
+ |
1755 |
++ cmdbuflen = sysconf(_SC_ARG_MAX); |
1756 |
++ if (cmdbuflen < _POSIX_ARG_MAX) |
1757 |
++ cmdbuflen = _POSIX_ARG_MAX; |
1758 |
++ cmdbuf = malloc(cmdbuflen); |
1759 |
++ if (cmdbuf == NULL) { |
1760 |
++ syslog(LOG_ERR, "unable to malloc(%i) for command buffer: %s", cmdbuflen, strerror(errno)); |
1761 |
++ fatal("out of memory\n"); |
1762 |
++ } |
1763 |
++ |
1764 |
+ signal(SIGINT, SIG_DFL); |
1765 |
+ signal(SIGQUIT, SIG_DFL); |
1766 |
+ signal(SIGTERM, SIG_DFL); |
1767 |
+@@ -301,7 +312,7 @@ doit(struct sockaddr_in *fromp) |
1768 |
+ |
1769 |
+ getstr(user, sizeof(user), "username too long\n"); |
1770 |
+ getstr(pass, sizeof(pass), "password too long\n"); |
1771 |
+- getstr(cmdbuf, sizeof(cmdbuf), "command too long\n"); |
1772 |
++ getstr(cmdbuf, cmdbuflen, "command too long\n"); |
1773 |
+ #ifdef USE_PAM |
1774 |
+ #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \ |
1775 |
+ pam_end(pamh, pam_error); exit(1); \ |
1776 |
+--- a/rshd/rshd.c |
1777 |
++++ b/rshd/rshd.c |
1778 |
+@@ -79,6 +79,7 @@ char rcsid[] = |
1779 |
+ #include <stdarg.h> |
1780 |
+ #include <ctype.h> |
1781 |
+ #include <assert.h> |
1782 |
++#include <limits.h> |
1783 |
+ |
1784 |
+ #if !(defined(__GLIBC__) && (__GLIBC__ < 2)) |
1785 |
+ #define _check_rhosts_file __check_rhosts_file |
1786 |
+@@ -337,7 +338,8 @@ static const char *findhostname(struct sockaddr_in *fromp, |
1787 |
+ static void |
1788 |
+ doit(struct sockaddr_in *fromp) |
1789 |
+ { |
1790 |
+- char cmdbuf[ARG_MAX+1]; |
1791 |
++ char *cmdbuf; |
1792 |
++ int cmdbuflen; |
1793 |
+ const char *theshell, *shellname; |
1794 |
+ char locuser[16], remuser[16]; |
1795 |
+ struct passwd *pwd; |
1796 |
+@@ -346,6 +348,15 @@ doit(struct sockaddr_in *fromp) |
1797 |
+ u_short port; |
1798 |
+ int pv[2], pid, ifd; |
1799 |
+ |
1800 |
++ cmdbuflen = sysconf(_SC_ARG_MAX); |
1801 |
++ if (cmdbuflen < _POSIX_ARG_MAX) |
1802 |
++ cmdbuflen = _POSIX_ARG_MAX; |
1803 |
++ cmdbuf = malloc(cmdbuflen); |
1804 |
++ if (cmdbuf == NULL) { |
1805 |
++ syslog(LOG_ERR, "unable to malloc(%i) for command buffer: %s", cmdbuflen, strerror(errno)); |
1806 |
++ exit(1); |
1807 |
++ } |
1808 |
++ |
1809 |
+ signal(SIGINT, SIG_DFL); |
1810 |
+ signal(SIGQUIT, SIG_DFL); |
1811 |
+ signal(SIGTERM, SIG_DFL); |
1812 |
+@@ -382,7 +393,7 @@ doit(struct sockaddr_in *fromp) |
1813 |
+ |
1814 |
+ getstr(remuser, sizeof(remuser), "remuser"); |
1815 |
+ getstr(locuser, sizeof(locuser), "locuser"); |
1816 |
+- getstr(cmdbuf, sizeof(cmdbuf), "command"); |
1817 |
++ getstr(cmdbuf, cmdbuflen, "command"); |
1818 |
+ if (!strcmp(locuser, "root")) paranoid = 1; |
1819 |
+ |
1820 |
+ hostname = findhostname(fromp, remuser, locuser, cmdbuf); |
1821 |
|
1822 |
diff --git a/net-misc/netkit-rsh/metadata.xml b/net-misc/netkit-rsh/metadata.xml |
1823 |
index 7a38bb90096..d095ed4b8f8 100644 |
1824 |
--- a/net-misc/netkit-rsh/metadata.xml |
1825 |
+++ b/net-misc/netkit-rsh/metadata.xml |
1826 |
@@ -1,5 +1,12 @@ |
1827 |
<?xml version="1.0" encoding="UTF-8"?> |
1828 |
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
1829 |
<pkgmetadata> |
1830 |
- <!-- maintainer-needed --> |
1831 |
+ <maintainer type="person" proxied="yes"> |
1832 |
+ <email>hlein@×××××××××.com</email> |
1833 |
+ <name>Hank Leininger</name> |
1834 |
+ </maintainer> |
1835 |
+ <maintainer type="project" proxied="proxy"> |
1836 |
+ <email>proxy-maint@g.o</email> |
1837 |
+ <name>Proxy Maintainers</name> |
1838 |
+ </maintainer> |
1839 |
</pkgmetadata> |
1840 |
|
1841 |
diff --git a/net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild b/net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild |
1842 |
new file mode 100644 |
1843 |
index 00000000000..d8a316de1ce |
1844 |
--- /dev/null |
1845 |
+++ b/net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild |
1846 |
@@ -0,0 +1,78 @@ |
1847 |
+# Copyright 1999-2021 Gentoo Authors |
1848 |
+# Distributed under the terms of the GNU General Public License v2 |
1849 |
+ |
1850 |
+EAPI=7 |
1851 |
+ |
1852 |
+inherit pam toolchain-funcs fcaps |
1853 |
+ |
1854 |
+DESCRIPTION="Netkit's Remote Shell Suite: rexec{,d} rlogin{,d} rsh{,d}" |
1855 |
+HOMEPAGE="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/" |
1856 |
+SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${P}.tar.gz |
1857 |
+ mirror://gentoo/rexec-1.5.tar.gz" |
1858 |
+ |
1859 |
+LICENSE="BSD" |
1860 |
+SLOT="0" |
1861 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" |
1862 |
+IUSE="pam" |
1863 |
+ |
1864 |
+RDEPEND=" |
1865 |
+ sys-libs/ncurses:= |
1866 |
+ pam? ( >=sys-auth/pambase-20080219.1 )" |
1867 |
+DEPEND="${RDEPEND}" |
1868 |
+BDEPEND="app-arch/xz-utils" |
1869 |
+ |
1870 |
+PATCHES=( |
1871 |
+ "${FILESDIR}"/patches/ |
1872 |
+) |
1873 |
+ |
1874 |
+FILECAPS=( cap_net_bind_service usr/bin/r{cp,login,sh} ) |
1875 |
+ |
1876 |
+src_prepare() { |
1877 |
+ # This must happen before patches are applied |
1878 |
+ rm -r rexec || die |
1879 |
+ mv ../rexec rexec || die |
1880 |
+ |
1881 |
+ default |
1882 |
+ |
1883 |
+ if tc-is-cross-compiler ; then |
1884 |
+ # Can't do runtime tests when cross-compiling |
1885 |
+ sed -i -e "s|./__conftest|: ./__conftest|" configure || die |
1886 |
+ fi |
1887 |
+} |
1888 |
+ |
1889 |
+src_configure() { |
1890 |
+ tc-export CC |
1891 |
+ ${CONFIG_SHELL:-/bin/sh} ./configure $(usex pam '' '--without-pam') || die |
1892 |
+ |
1893 |
+ sed -i \ |
1894 |
+ -e "s|-pipe -O2|${CFLAGS}|" \ |
1895 |
+ -e "/^LDFLAGS=$/d" \ |
1896 |
+ -e "s|-Wpointer-arith||" \ |
1897 |
+ MCONFIG || die |
1898 |
+} |
1899 |
+ |
1900 |
+src_install() { |
1901 |
+ insinto /etc/xinetd.d |
1902 |
+ |
1903 |
+ local b |
1904 |
+ for b in rcp rexec{,d} rlogin{,d} rsh{,d} ; do |
1905 |
+ if [[ ${b} == *d ]] ; then |
1906 |
+ dosbin ${b}/${b} |
1907 |
+ dosym ${b} /usr/sbin/in.${b} |
1908 |
+ doman ${b}/${b}.8 |
1909 |
+ else |
1910 |
+ dobin ${b}/${b} |
1911 |
+ doman ${b}/${b}.1 |
1912 |
+ if [[ ${b} != rcp ]]; then |
1913 |
+ newins "${FILESDIR}"/${b}.xinetd ${b} |
1914 |
+ |
1915 |
+ if use pam; then |
1916 |
+ newpamd "${FILESDIR}/${b}.pamd-pambase" ${b} |
1917 |
+ fi |
1918 |
+ fi |
1919 |
+ fi |
1920 |
+ done |
1921 |
+ |
1922 |
+ dodoc README ChangeLog BUGS |
1923 |
+ newdoc rexec/README README.rexec |
1924 |
+} |