AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
[Path to passwd program.])
-dnl XXX - quick hack, should disappear before anyone notices :).
-dnl XXX - I just read the above message :).
-if test "$ac_cv_func_ruserok" = "yes"; then
- AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
- AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
-fi
-
AC_ARG_ENABLE(shadowgrp,
[AS_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
[case "${enableval}" in
pwdcheck.c \
pwmem.c \
remove_tree.c \
- rlogin.c \
root_flag.c \
run_part.h \
run_part.c \
/* remove_tree.c */
extern int remove_tree (const char *root, bool remove_root);
-/* rlogin.c */
-extern int do_rlogin(const char *remote_host, char *name, size_t namesize,
- char *term, size_t termsize);
-
/* root_flag.c */
extern void process_root_flag (const char* short_opt, int argc, char **argv);
+++ /dev/null
-/*
- * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ifdef RLOGIN
-
-#ident "$Id$"
-
-#include "prototypes.h"
-#include "defines.h"
-#include <stdio.h>
-#include <pwd.h>
-#include <netdb.h>
-
-#include "atoi/str2i.h"
-
-
-static struct {
- int spd_name;
- int spd_baud;
-} speed_table[] =
-{
- { B50, 50},
- { B75, 75},
- { B110, 110},
- { B134, 134},
- { B150, 150},
- { B200, 200},
- { B300, 300},
- { B600, 600},
- { B1200, 1200},
- { B1800, 1800},
- { B2400, 2400},
- { B4800, 4800},
- { B9600, 9600},
- { B19200, 19200},
- { B38400, 38400},
- { -1, -1}
-};
-
-
-static void
-get_remote_string(char *buf, size_t size)
-{
- for (;;) {
- if (read (0, buf, 1) != 1) {
- exit (EXIT_FAILURE);
- }
- if ('\0' == *buf) {
- return;
- }
- --size;
- if (size > 0) {
- ++buf;
- }
- }
- /*NOTREACHED*/
-}
-
-
-int
-do_rlogin(const char *remote_host, char *name, size_t namesize, char *term,
- size_t termsize)
-{
- struct passwd *pwd;
- char remote_name[32];
- char *cp;
- unsigned long remote_speed = 9600;
- int speed_name = B9600;
- int i;
- TERMIO termio;
-
- get_remote_string(remote_name, sizeof(remote_name));
- get_remote_string(name, namesize);
- get_remote_string(term, termsize);
-
- cp = strchr (term, '/');
- if (NULL != cp) {
- *cp = '\0';
- cp++;
-
- if (str2ul(&remote_speed, cp) == -1)
- remote_speed = 9600;
- }
- for (i = 0;
- ( (speed_table[i].spd_baud != remote_speed)
- && (speed_table[i].spd_name != -1));
- i++);
-
- if (-1 != speed_table[i].spd_name) {
- speed_name = speed_table[i].spd_name;
- }
-
- /*
- * Put the terminal in cooked mode with echo turned on.
- */
-
- GTTY (0, &termio);
- termio.c_iflag |= ICRNL | IXON;
- termio.c_oflag |= OPOST | ONLCR;
- termio.c_lflag |= ICANON | ECHO | ECHOE;
-#ifdef CBAUD
- termio.c_cflag = (termio.c_cflag & ~CBAUD) | speed_name;
-#else
- termio.c_cflag = (termio.c_cflag) | speed_name;
-#endif
- STTY (0, &termio);
-
- pwd = getpwnam (name); /* local, no need for xgetpwnam */
- if (NULL == pwd) {
- return 0;
- }
-
- /*
- * ruserok() returns 0 for success on modern systems, and 1 on
- * older ones. If you are having trouble with people logging
- * in without giving a required password, THIS is the culprit -
- * go fix the #define in config.h.
- */
-
-#ifndef RUSEROK
- return 0;
-#else
- return ruserok (remote_host, pwd->pw_uid == 0,
- remote_name, name) == RUSEROK;
-#endif
-}
-#endif /* RLOGIN */
<para>Preserve environment.</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>
- <option>-r</option>
- </term>
- <listitem>
- <para>Perform autologin protocol for rlogin.</para>
- </listitem>
- </varlistentry>
</variablelist>
<para>
lib/pwio.c
lib/pwmem.c
lib/remove_tree.c
-lib/rlogin.c
lib/root_flag.c
lib/salt.c
lib/selinux.c
static bool pflg = false;
static bool fflg = false;
-#ifdef RLOGIN
-static bool rflg = false;
-#else /* RLOGIN */
-#define rflg false
-#endif /* !RLOGIN */
static bool hflg = false;
static bool preauth_flag = false;
* usage - print login command usage and exit
*
* login [ name ]
- * login -r hostname (for rlogind)
* login -h hostname (for telnetd, etc.)
* login -f name (for pre-authenticated login: datakit, xterm, etc.)
*/
exit (1);
}
fprintf (stderr, _(" %s [-p] [-h host] [-f name]\n"), Prog);
-#ifdef RLOGIN
- fprintf (stderr, _(" %s [-p] -r host\n"), Prog);
-#endif /* RLOGIN */
exit (1);
}
/*
* Check the flags for proper form. Every argument starting with
* "-" must be exactly two characters long. This closes all the
- * clever rlogin, telnet, and getty holes.
+ * clever telnet, and getty holes.
*/
for (arg = 1; arg < argc; arg++) {
if (argv[arg][0] == '-' && strlen (argv[arg]) > 2) {
hostname = optarg;
reason = PW_TELNET;
break;
-#ifdef RLOGIN
- case 'r':
- rflg = true;
- hostname = optarg;
- reason = PW_RLOGIN;
- break;
-#endif /* RLOGIN */
case 'p':
pflg = true;
break;
}
}
-#ifdef RLOGIN
- /*
- * Neither -h nor -f should be combined with -r.
- */
-
- if (rflg && (hflg || fflg)) {
- usage ();
- }
-#endif /* RLOGIN */
-
/*
* Allow authentication bypass only if real UID is zero.
*/
- if ((rflg || fflg || hflg) && !amroot) {
+ if ((fflg || hflg) && !amroot) {
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
exit (1);
}
++optind;
}
-#ifdef RLOGIN
- if (rflg && (NULL != username)) {
- usage ();
- }
-#endif /* RLOGIN */
if (fflg && (NULL == username)) {
usage ();
}
* the flags which login supports are
*
* -p - preserve the environment
- * -r - perform autologin protocol for rlogin
* -f - do not perform authentication, user is preauthenticated
* -h - the name of the remote host
*/
# if defined(ENABLE_LASTLOG)
char ptime[80];
# endif
-#endif
-#if defined(RLOGIN)
- char term[128] = "";
#endif
/*
is_console = console (tty);
#endif
- if (rflg || hflg) {
+ if (hflg) {
/*
* Add remote hostname to the environment. I think
* (not sure) I saw it once on Irix. --marekm
if (hflg) {
reason = PW_RLOGIN;
}
-#ifdef RLOGIN
- if (rflg) {
- size_t max_size;
-
- max_size = login_name_max_size();
- assert (NULL == username);
- username = XMALLOC(max_size, char);
- username[max_size - 1] = '\0';
- if (do_rlogin(hostname, username, max_size, term, sizeof(term)))
- {
- preauth_flag = true;
- } else {
- free (username);
- username = NULL;
- }
- }
-#endif /* RLOGIN */
OPENLOG (Prog);
}
}
-#ifdef RLOGIN
- if (term[0] != '\0') {
- addenv ("TERM", term);
- } else
-#endif /* RLOGIN */
- {
- /* preserve TERM from getty */
- if (!pflg) {
- tmp = getenv ("TERM");
- if (NULL != tmp) {
- addenv ("TERM", tmp);
- }
+ /* preserve TERM from getty */
+ if (!pflg) {
+ tmp = getenv ("TERM");
+ if (NULL != tmp) {
+ addenv ("TERM", tmp);
}
}
set_env (argc - optind, &argv[optind]);
}
- if (rflg || hflg) {
+ if (hflg) {
cp = hostname;
} else if ((host != NULL) && (host[0] != '\0')) {
cp = host;
}
/*
- * The -r and -f flags provide a name which has already
+ * The -f flag provides a name which has already
* been authenticated by some server.
*/
if (preauth_flag) {
(void) puts (_("Login incorrect"));
- /* allow only one attempt with -r or -f */
- if (rflg || fflg || (retries <= 0)) {
+ /* allow only one attempt with -f */
+ if (fflg || (retries <= 0)) {
closelog ();
exit (1);
}
+++ /dev/null
-#!/usr/bin/expect -f
-
-# This is a script for repeatedly logging into the localhost
-# using `rlogin` in order to apparently see a symptoms described
-# in bug #332198.
-# As described in the bug log, sometimes `rlogind` will fail to
-# establish a connection, because it starts "login" process and
-# the latter fails with "unable to determine TTY name, got /dev/pts/1"
-# message.
-#
-# BUGS
-#
-# * the script rlogins to localhost
-# * the script doesn't handle passwdord prompt, because it's intended
-# to use .rhosts auth and expects shell prompt immediately after
-# `rlogin`
-# * the regexp for shell prompt is hardcoded
-
-log_user 0
-match_max 8192
-
-while {1} {
- set rlogin_spawn [spawn rlogin localhost]
- if { $rlogin_spawn == 0 } { exit 1 }
- expect {
- -timeout 10 -re "^.*(Last login\[^\r\n\]*).*\n(\[^\r\n\]*\[#$\] )$" {
- send_error "$expect_out(1,string)\n"
- send_error "$expect_out(2,string)\n"
-# send_error "$expect_out(0,string)\n"
- }
- timeout {
- send_error "TIMEOUT/prompt\n"
- send_error "$expect_out(buffer)\n"
- send_error "RETRYING\n"
- log_user 1
- send "tty /\r"
- expect -timeout 2 -re "^.*\r?\n(\[^\r\n\]*# )$" {}
- send "tty /\r"
- expect -timeout 2 -re "^.*\r?\n(\[^\r\n\]*# )$" {}
- send_error "\n"
- exit 2
- }
- }
- send "tty\r"
- expect {
- -timeout 4 -re "tty\r?\n(\[^\r\n\]*)\r?\n(\[^\r\n\]*\[#$\] )$" {
- send_error "$expect_out(2,string)$expect_out(1,string)\n"
-# send_error "$expect_out(0,string)\n"
- }
- timeout { send_error "TIMEOUT/tty\n" ; exit 3 }
- }
- send "exit\r"
- expect {
- -timeout 2 eof {
-# send_error "OK4: EOF\n"
- }
- timeout { send_error "TIMEOUT/eof\n" ; exit 4 }
- }
- wait
-}
-# vi: set sw=4:
projects / thirdparty / shadow.git / commitdiff
