12007-07-12 Love Hörnquist Åstrand <lha@it.su.se> 2 3 * rsh.c: Fix pointer vs strict alias rules. 4 5 * rshd.c: Fix pointer vs strict alias rules. 6 72007-01-04 Love Hörnquist Åstrand <lha@it.su.se> 8 9 * rshd.c: Declare iruserok if needed, based on bug report from 10 David Love. 11 122006-11-14 Love Hörnquist Åstrand <lha@it.su.se> 13 14 * rsh_locl.h: Forward decl. 15 162006-10-14 Love Hörnquist Åstrand <lha@it.su.se> 17 18 * rsh_locl.h: Include "crypto-headers.h". 19 202006-10-07 Love Hörnquist Åstrand <lha@it.su.se> 21 22 * Makefile.am: Add man_MANS to EXTRA_DIST 23 242006-04-27 Love Hörnquist Åstrand <lha@it.su.se> 25 26 * Makefile.am: rshd_SOURCES += add limits_conf.c 27 28 * rsh_locl.h: Include "loginpaths.h" 29 30 * rshd.c: Read limits from limits.confon non-root login, patch 31 from Daniel Ahlin 32 332006-02-27 Johan Danielsson <joda@pdc.kth.se> 34 35 * rshd.8: grammar (from Thomas Klausner) 36 372006-01-31 Johan Danielsson <joda@pdc.kth.se> 38 39 * rshd.c (krb5_start_session): syslog failures to store cred cache 40 412005-12-21 Love Hörnquist Åstrand <lha@it.su.se> 42 43 * rshd.c (doit): move creation of users ticket file to later to 44 avoid seteuid/setuid dance. this breaks DCE, so remove support for 45 it completely. 46 472005-10-22 Love Hörnquist Åstrand <lha@it.su.se> 48 49 * rshd.c: Check return value from asprintf instead of string != 50 NULL since it undefined behavior on Linux. From Björn Sandell 51 52 * rsh.c: Check return value from asprintf instead of string != 53 NULL since it undefined behavior on Linux. From Björn Sandell 54 552005-06-08 Love Hörnquist Åstrand <lha@it.su.se> 56 57 * rshd.c: init some important variables and check that they are 58 set checking authentication, all to please gcc 59 602005-05-27 Love Hörnquist Åstrand <lha@it.su.se> 61 62 * rshd.c: case uid_t to unsigned long in printf format 63 642005-04-27 Love Hörnquist Åstrand <lha@it.su.se> 65 66 * rsh_locl.h: Use larger buffer for recving data to be compatible 67 with older versions of heimdal (0.4 branch specificly) 68 69 * rshd.c: Use larger buffer for recving data to be compatible with 70 older versions of heimdal (0.4 branch specificly) 71 722005-04-25 Love Hörnquist Åstrand <lha@it.su.se> 73 74 * rshd.c: use snprintf to format tkfile 75 762005-04-24 Love Hörnquist Åstrand <lha@it.su.se> 77 78 * rsh.c: use strlcat 79 80 * rsh.c: use strlcpy 81 82 * rsh_locl.h: forward declaration for private structures 83 842005-04-20 Love Hörnquist Åstrand <lha@it.su.se> 85 86 * rsh.c: cast size_t to unsigned long 87 882004-09-21 Johan Danielsson <joda@pdc.kth.se> 89 90 * rshd.c: rename loop to rshd_loop 91 92 * rshd.c: pass errsock status to init_ivecs 93 94 * rsh.c: rename loop() to rsh_loop() 95 96 * rsh.c (loop): pass errsock status to init_ivecs 97 98 * common.c (init_ivecs): if we don't have an errsock the ivecs 99 should point to the same data 100 101 * rshd.c: if we don't have an errsock, dup stdout to stderr (this 102 would normally be done by inetd, but not by mini_inetd). 103 104 * rshd.c: move keepalive setting to after setting up sockets 105 1062004-02-20 Johan Danielsson <joda@pdc.kth.se> 107 108 * rsh.1: reorder and document some options 109 110 * rsh_locl.h: include kafs.h if krb4 || krb5 111 112 * rsh.c: reorder some options 113 1142003-09-04 Johan Danielsson <joda@pdc.kth.se> 115 116 * rsh.1: document -d 117 1182003-08-19 Johan Danielsson <joda@pdc.kth.se> 119 120 * rshd.c: -P also with KRB5 121 1222003-04-22 Love Hörnquist Åstrand <lha@it.su.se> 123 124 * rsh.1: replace > with \*[Gt] 125 1262003-04-16 Johan Danielsson <joda@pdc.kth.se> 127 128 * rsh.c: use krb5_appdefault to get defaults for forward and 129 encrypt 130 131 * rshd.c: use ARG_MAX + 1 132 133 * rshd.c (read_str): return allocated string 134 135 * rsh_locl.h: set NCARGS to 8k if undefined 136 1372003-03-23 Assar Westerlund <assar@kth.se> 138 139 * rsh.c (loop): only check errsock if it's valid 140 1412003-03-18 Love Love Hörnquist Åstrand <lha@it.su.se> 142 143 * rshd.c: do krb5_afslog when compling with afs support 144 145 * rsh_locl.h: always include kafs.h 146 1472002-11-22 Johan Danielsson <joda@pdc.kth.se> 148 149 * rshd.8: clarify -x and kerberos 5 150 1512002-11-01 Johan Danielsson <joda@pdc.kth.se> 152 153 * rsh_locl.h: bump COMMAND_SZ to NCARGS+1 154 1552002-09-04 Johan Danielsson <joda@pdc.kth.se> 156 157 * rsh.c: free some memory 158 1592002-09-04 Assar Westerlund <assar@kth.se> 160 161 * common.c: krb5_crypto_block_size -> krb5_crypto_getblocksize 162 1632002-09-04 Johan Danielsson <joda@pdc.kth.se> 164 165 * rsh.1: document -P 166 1672002-09-03 Johan Danielsson <joda@pdc.kth.se> 168 169 * rsh.c: revert to protocol v1 if not asked for specific protocol 170 171 * rshd.c: handle protocol version 2 172 173 * rsh.c: handle protocol version 2 174 175 * common.c: handle protocol version 2 176 177 * rsh_locl.h: handle protocol version 2 178 1792002-02-18 Johan Danielsson <joda@pdc.kth.se> 180 181 * rshd.c: don't show options that doesn't apply 182 183 * rsh.c: don't show options that doesn't apply 184 185 * rsh_locl.h: if we're not building with any kerberos support, 186 just call read/write directly 187 188 * common.c: if we're not building with any kerberos support, just 189 call read/write directly 190 191 * rshd.c: make this build without krb5; also use the addrinfo 192 interface to mini_inetd, and set the keepalive option if requested 193 194 * rsh.c: make this build without krb5 195 196 * rsh_locl.h: make this build without krb5 197 198 * common.c: make this build without krb5 199 2002001-11-30 Johan Danielsson <joda@pdc.kth.se> 201 202 * rshd.c: make the syslog messages somewhat more informative 203 2042001-08-15 Johan Danielsson <joda@pdc.kth.se> 205 206 * rsh.c: only complain about encryption flag when old 207 authentication is requested 208 2092001-08-07 Johan Danielsson <joda@pdc.kth.se> 210 211 * rsh.c: don't try broken auth if rresvport failed; try to give 212 some more informative error messages 213 2142001-07-31 Johan Danielsson <joda@pdc.kth.se> 215 216 * rshd.8: add an EXAMPLE 217 * rshd.8: manual page 218 * rshd.c: add some compat flags 219 * rsh.1: manual page 220 * rsh.c: iff -d, set the SO_DEBUG flags of the stdout and stderr 221 socket; implement parsing user@host 222 2232001-07-19 Assar Westerlund <assar@sics.se> 224 225 * rshd.c (fatal): use vsnprintf correctly 226 2272001-02-07 Assar Westerlund <assar@sics.se> 228 229 * Makefile.am: add login_access 230 * rshd.c (login_access): add prototype 231 (syslog_and_die, fatal): add printf attributes 232 (*): AIX -> _AIX 233 (doit): use login_access 234 based on patches from Ake Sandgren <ake@cs.umu.se> 235 2362001-01-09 Assar Westerlund <assar@sics.se> 237 238 * rshd.c (save_krb5_creds): use krb5_rd_cred2 instead of 239 krb5_rd_cred 240 2412000-12-31 Assar Westerlund <assar@sics.se> 242 243 * rshd.c (main): handle krb5_init_context failure consistently 244 * rsh.c (main): handle krb5_init_context failure consistently 245 2462000-12-05 Johan Danielsson <joda@pdc.kth.se> 247 248 * rshd.c: require encryption if passed -x 249 2502000-11-15 Assar Westerlund <assar@sics.se> 251 252 * rshd.c (loop): check that the fd's aren't too large to select on 253 * rsh.c (loop, proto): check that the fd's aren't too large to 254 select on 255 2562000-08-10 Assar Westerlund <assar@sics.se> 257 258 * rsh.c: move code to do config/command parsing correctly. 259 2602000-08-09 Assar Westerlund <assar@sics.se> 261 262 * rsh.c (main): only fetch stuff from krb5.conf when no option has 263 been given 264 2652000-08-01 Assar Westerlund <assar@sics.se> 266 267 * rsh.c (doit): loop until we create an error socket of an 268 supported socket family 269 2702000-07-02 Assar Westerlund <assar@sics.se> 271 272 * rshd.c: DCE stuff from Ake Sandgren <ake@cs.umu.se> 273 do not call syslog with a variable as format string 274 275 * rsh_locl.h (_PATH_ETC_ENVIRONMENT): add 276 2772000-06-09 Assar Westerlund <assar@sics.se> 278 279 * rsh.c (main): work-around for setuid and capabilities bug fixed 280 in Linux 2.2.16 281 2822000-06-06 Johan Danielsson <joda@pdc.kth.se> 283 284 * rsh.c: nuke long option from -z 285 286 * rsh.c: don't try to encrypt if auth is broken (Daniel Kouril) 287 2882000-06-03 Assar Westerlund <assar@sics.se> 289 290 * rshd.c (doit): check return value of getspnam. From 291 <haba@pdc.kth.se> 292 2932000-05-23 Assar Westerlund <assar@sics.se> 294 295 * rsh.c (proto): select on the normal socket when waiting for the 296 daemon to connect back to the stderr port, so that we discover 297 when data arrives there before. when that happens, we assume that 298 the daemon did not manage to connect (because of NAT/whatever) and 299 continue as if `-e' was given 300 * rshd.c (doit): if we fail to connect back to the stderr port, 301 act as if `-e' was given on the client side, i.e. without the 302 special TCP-connection. This tries to make things better when 303 running the head against a NAT wall, for example. 304 3052000-02-07 Assar Westerlund <assar@sics.se> 306 307 * Makefile.am (LDADD): make sure we use the heimdal libdes 308 3092000-02-06 Assar Westerlund <assar@sics.se> 310 311 * *: conditionalize des stuff on KRB4 312 3131999-12-16 Assar Westerlund <assar@sics.se> 314 315 * rsh.c (doit): addrinfo returned from getaddrinfo() is not usable 316 directly as hints. copy it and set AI_PASSIVE. 317 3181999-11-20 Assar Westerlund <assar@sics.se> 319 320 * rsh.c (main): remember to close the priviledged sockets before 321 calling rlogin 322 3231999-11-02 Assar Westerlund <assar@sics.se> 324 325 * rsh.c (main): redo the v4/v5 selection for consistency. -4 -> 326 try only v4 -5 -> try only v5 none, -45 -> try v5, v4 327 3281999-10-26 Assar Westerlund <assar@sics.se> 329 330 * rshd.c (main): ignore SIGPIPE 331 332 * common.c (do_read): the encoded length can be longer than the 333 buffer being used, allocate memory for it dynamically. From Brian 334 A May <bmay@dgs.monash.edu.au> 335 3361999-10-14 Assar Westerlund <assar@sics.se> 337 338 * rsh.c (proto): be more careful and don't print errno when read() 339 returns 0 340 3411999-09-20 Assar Westerlund <assar@sics.se> 342 343 * rshd.c (recv_krb4_auth): set `iv' 344 3451999-08-16 Assar Westerlund <assar@sics.se> 346 347 * common.c (do_read): be careful with the return value from 348 krb5_net_read 349 3501999-08-05 Assar Westerlund <assar@sics.se> 351 352 * rsh.c: call freehostent 353 354 * rsh.c: remove some dead code 355 3561999-08-04 Assar Westerlund <assar@sics.se> 357 358 * rshd.c: re-write the handling of forwarded credentials and 359 stuff. From Miroslav Ruda <ruda@ics.muni.cz> 360 361 * rsh_locl.h: always include kafs.h 362 363 * rsh.c: add `-z' and `-G' options 364 365 * rsh.c (loop): shutdown one side of the TCP connection on EOF. 366 From Brian A May <bmay@dgs.monash.edu.au> 367 368 * common.c (do_read): handle EOF. From Brian A May 369 <bmay@dgs.monash.edu.au> 370 3711999-08-01 Assar Westerlund <assar@sics.se> 372 373 * rsh.c: const fixes 374 3751999-07-29 Assar Westerlund <assar@sics.se> 376 377 * rshd.c: v6-ify 378 379 * rsh.c: v6-ify 380 3811999-07-28 Assar Westerlund <assar@sics.se> 382 383 * rsh_locl.h: move around kafs.h 384 3851999-07-24 Assar Westerlund <assar@sics.se> 386 387 * rsh_locl.h: <shadow.h> 388 389 * rsh.c, rshd.c: improve forwarding and implement unique ccache on 390 server. From Miroslav Ruda <ruda@ics.muni.cz> 391 3921999-07-03 Assar Westerlund <assar@sics.se> 393 394 * rsh.c (construct_command): handle argc == 0 for generality 395 3961999-06-23 Assar Westerlund <assar@sics.se> 397 398 * rsh.c: new option `-e' for not trying to open an stderr socket 399 4001999-06-17 Assar Westerlund <assar@sics.se> 401 402 * rsh_locl.h (RSH_BUFSIZ): bump to 16 * 1024 to be sure that we 403 don't leave any data inside des_enc_read. (that constant should 404 really be exported in some way...) 405 4061999-06-15 Assar Westerlund <assar@sics.se> 407 408 * rsh.c: use get_default_username and resulting const pollution 409 4101999-05-21 Assar Westerlund <assar@sics.se> 411 412 * rsh.c (main): try $USERNAME 413 4141999-05-14 Assar Westerlund <assar@sics.se> 415 416 * rshd.c (doit): afslog correctly 417 4181999-05-11 Assar Westerlund <assar@sics.se> 419 420 * rsh.c (main): add fallback to rlogin 421 4221999-05-10 Assar Westerlund <assar@sics.se> 423 424 * rsh.c (send_krb5_auth): call krb5_sendauth with ccache == NULL. 425 check return value from krb5_crypto_init 426 427 * common.c (do_write, do_read): always return -1 for failure 428 (net_write, net_read): remove. they already exist in libroken 429 4301999-05-09 Assar Westerlund <assar@sics.se> 431 432 * rsh.c: make sure it tries with all other authentication methods 433 after one has failed 434 * rsh.c (main): detect the case of no command given. 435 4361999-04-11 Assar Westerlund <assar@sics.se> 437 438 * rsh.c: new option --forwardable. use print_version 439 440Sat Apr 10 17:10:55 1999 Assar Westerlund <assar@sics.se> 441 442 * rshd.c (setup_copier): use `socketpair' instead of `pipe'. Some 443 shells don't think it's a rsh session if they find a pipe at the 444 other end. 445 (setup_environment): add SSH_CLIENT just to make bash happy 446 447 * common.c (do_read): use krb5_get_wrapped_length 448 449Wed Mar 24 03:59:42 1999 Assar Westerlund <assar@sics.se> 450 451 * rsh.c (loop): more braces to make gcc happy 452 453Tue Mar 23 17:08:32 1999 Johan Danielsson <joda@hella.pdc.kth.se> 454 455 * rsh_locl.h: kafs.h 456 457 * rshd.c: add `-P', `-v', and `-L' flags 458 459Thu Mar 18 11:37:24 1999 Johan Danielsson <joda@hella.pdc.kth.se> 460 461 * Makefile.am: include Makefile.am.common 462 463Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se> 464 465 * appl/rsh/rshd.c: update to new crypto framework 466 467 * appl/rsh/rsh_locl.h: update to new crypto framework 468 469 * appl/rsh/rsh.c: update to new crypto framework 470 471 * appl/rsh/common.c: update to new crypto framework 472 473Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> 474 475 * appl/rsh/rsh.c (main): initialize host 476 477 * appl/rsh/rshd.c (recv_krb5_auth): disable `do_encrypt' if not 478 encrypting. 479 480Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se> 481 482 * appl/rsh/rsh.c: kludges for parsing `rsh hostname -l user' 483 484Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se> 485 486 * appl/rsh/rshd.c: use krb5_verify_authenticator_checksum 487 488Sat Apr 18 21:13:06 1998 Johan Danielsson <joda@emma.pdc.kth.se> 489 490 * appl/rsh/rsh.c: Don't try v5 if (only) `-4' is specified. 491 492Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se> 493 494 * appl/rsh/rshd.c (recv_krb5_auth): swap the order of the 495 `local_user' and the `remote_user' 496 497 * appl/rsh/rsh.c (send_krb5_auth): swap the order of the 498 `local_user' and the `remote_user' 499 500Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se> 501 502 * appl/rsh/rshd.c: updated to use getarg. 503 changed `struct fd_set' to `fd_set'. 504 implemented broken/BSD authentication (requires iruserok) 505 506Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se> 507 508 * appl/rsh/rsh_locl.h: add AUTH_BROKEN and PATH_RSH 509 510 * appl/rsh/Makefile.am: set BINDIR 511 512 * appl/rsh/rsh.c: implemented BSD-style reserved port 513 `authentication' 514 515Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se> 516 517 * appl/rsh/rshd.c: syslog remote shells 518 519Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se> 520 521 * appl/rshd/rshd.c: Use `krb5_sock_to_principal'. Send server 522 parameter to krb5_rd_req/krb5_recvauth. Set addresses in 523 auth_context. 524 525Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se> 526 527 * appl/rsh/rshd.c: implement forwarding 528 529 * appl/rsh/rsh.c: Use getarg. Implement forwarding. 530 531Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se> 532 533 * appl/rsh: Conditionalize the krb4-support. 534 535Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se> 536 537 * appl/rsh/rsh.c: use the correct user for the checksum 538 539Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se> 540 541 * appl/rsh/rshd.c: Now works. Also implementd encryption and 542 `-p'. 543 544 * appl/rsh/common.c: new file 545 546Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se> 547 548 * appl/rsh: New program. 549 550