From: Alejandro Colomar Date: Fri, 17 May 2024 23:57:40 +0000 (+0200) Subject: Remove support for rlogind in login(1), that is, remove the '-r' flag X-Git-Tag: 4.16.0-rc1~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca046af5d976e9eb835772997ffd594b9ee979aa;p=thirdparty%2Fshadow.git Remove support for rlogind in login(1), that is, remove the '-r' flag The "quick hack" finally disappeared. Probably nobody noticed. ;) (See the changes in for the context of this pun.) Probably everybody uses SSH these days for remote login. Let's remove this insecure method. Closes: Reviewed-by: dkwo Reviewed-by: Iker Pedrosa Cc: "Serge E. Hallyn" Cc: Michael Vetter Cc: Sam James Cc: Benedikt Brinkmann Signed-off-by: Alejandro Colomar --- diff --git a/configure.ac b/configure.ac index 9e4e353a8..5a470e5b3 100644 --- a/configure.ac +++ b/configure.ac @@ -159,13 +159,6 @@ fi]) AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", [Path to passwd program.]) -dnl XXX - quick hack, should disappear before anyone notices :). -dnl XXX - I just read the above message :). -if test "$ac_cv_func_ruserok" = "yes"; then - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) -fi - AC_ARG_ENABLE(shadowgrp, [AS_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])], [case "${enableval}" in diff --git a/lib/Makefile.am b/lib/Makefile.am index 22abb9784..adcd9fbf9 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -119,7 +119,6 @@ libshadow_la_SOURCES = \ pwdcheck.c \ pwmem.c \ remove_tree.c \ - rlogin.c \ root_flag.c \ run_part.h \ run_part.c \ diff --git a/lib/prototypes.h b/lib/prototypes.h index 1307c132f..91ff368b7 100644 --- a/lib/prototypes.h +++ b/lib/prototypes.h @@ -369,10 +369,6 @@ unsigned long csrand_interval (unsigned long min, unsigned long max); /* remove_tree.c */ extern int remove_tree (const char *root, bool remove_root); -/* rlogin.c */ -extern int do_rlogin(const char *remote_host, char *name, size_t namesize, - char *term, size_t termsize); - /* root_flag.c */ extern void process_root_flag (const char* short_opt, int argc, char **argv); diff --git a/lib/rlogin.c b/lib/rlogin.c deleted file mode 100644 index cbc05dd8d..000000000 --- a/lib/rlogin.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh - * SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz - * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko - * SPDX-FileCopyrightText: 2007 - 2008, Nicolas François - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include - -#ifdef RLOGIN - -#ident "$Id$" - -#include "prototypes.h" -#include "defines.h" -#include -#include -#include - -#include "atoi/str2i.h" - - -static struct { - int spd_name; - int spd_baud; -} speed_table[] = -{ - { B50, 50}, - { B75, 75}, - { B110, 110}, - { B134, 134}, - { B150, 150}, - { B200, 200}, - { B300, 300}, - { B600, 600}, - { B1200, 1200}, - { B1800, 1800}, - { B2400, 2400}, - { B4800, 4800}, - { B9600, 9600}, - { B19200, 19200}, - { B38400, 38400}, - { -1, -1} -}; - - -static void -get_remote_string(char *buf, size_t size) -{ - for (;;) { - if (read (0, buf, 1) != 1) { - exit (EXIT_FAILURE); - } - if ('\0' == *buf) { - return; - } - --size; - if (size > 0) { - ++buf; - } - } - /*NOTREACHED*/ -} - - -int -do_rlogin(const char *remote_host, char *name, size_t namesize, char *term, - size_t termsize) -{ - struct passwd *pwd; - char remote_name[32]; - char *cp; - unsigned long remote_speed = 9600; - int speed_name = B9600; - int i; - TERMIO termio; - - get_remote_string(remote_name, sizeof(remote_name)); - get_remote_string(name, namesize); - get_remote_string(term, termsize); - - cp = strchr (term, '/'); - if (NULL != cp) { - *cp = '\0'; - cp++; - - if (str2ul(&remote_speed, cp) == -1) - remote_speed = 9600; - } - for (i = 0; - ( (speed_table[i].spd_baud != remote_speed) - && (speed_table[i].spd_name != -1)); - i++); - - if (-1 != speed_table[i].spd_name) { - speed_name = speed_table[i].spd_name; - } - - /* - * Put the terminal in cooked mode with echo turned on. - */ - - GTTY (0, &termio); - termio.c_iflag |= ICRNL | IXON; - termio.c_oflag |= OPOST | ONLCR; - termio.c_lflag |= ICANON | ECHO | ECHOE; -#ifdef CBAUD - termio.c_cflag = (termio.c_cflag & ~CBAUD) | speed_name; -#else - termio.c_cflag = (termio.c_cflag) | speed_name; -#endif - STTY (0, &termio); - - pwd = getpwnam (name); /* local, no need for xgetpwnam */ - if (NULL == pwd) { - return 0; - } - - /* - * ruserok() returns 0 for success on modern systems, and 1 on - * older ones. If you are having trouble with people logging - * in without giving a required password, THIS is the culprit - - * go fix the #define in config.h. - */ - -#ifndef RUSEROK - return 0; -#else - return ruserok (remote_host, pwd->pw_uid == 0, - remote_name, name) == RUSEROK; -#endif -} -#endif /* RLOGIN */ diff --git a/man/login.1.xml b/man/login.1.xml index 0826b1f01..26e6ea440 100644 --- a/man/login.1.xml +++ b/man/login.1.xml @@ -215,14 +215,6 @@ Preserve environment. - - - - - - Perform autologin protocol for rlogin. - - diff --git a/po/POTFILES.in b/po/POTFILES.in index 9ff6100b7..6d2c0521c 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -53,7 +53,6 @@ lib/pwdcheck.c lib/pwio.c lib/pwmem.c lib/remove_tree.c -lib/rlogin.c lib/root_flag.c lib/salt.c lib/selinux.c diff --git a/src/login.c b/src/login.c index 9fed7b385..3a302983f 100644 --- a/src/login.c +++ b/src/login.c @@ -85,11 +85,6 @@ static struct lastlog ll; static bool pflg = false; static bool fflg = false; -#ifdef RLOGIN -static bool rflg = false; -#else /* RLOGIN */ -#define rflg false -#endif /* !RLOGIN */ static bool hflg = false; static bool preauth_flag = false; @@ -134,7 +129,6 @@ static void exit_handler (int); * usage - print login command usage and exit * * login [ name ] - * login -r hostname (for rlogind) * login -h hostname (for telnetd, etc.) * login -f name (for pre-authenticated login: datakit, xterm, etc.) */ @@ -145,9 +139,6 @@ static void usage (void) exit (1); } fprintf (stderr, _(" %s [-p] [-h host] [-f name]\n"), Prog); -#ifdef RLOGIN - fprintf (stderr, _(" %s [-p] -r host\n"), Prog); -#endif /* RLOGIN */ exit (1); } @@ -271,7 +262,7 @@ static void process_flags (int argc, char *const *argv) /* * Check the flags for proper form. Every argument starting with * "-" must be exactly two characters long. This closes all the - * clever rlogin, telnet, and getty holes. + * clever telnet, and getty holes. */ for (arg = 1; arg < argc; arg++) { if (argv[arg][0] == '-' && strlen (argv[arg]) > 2) { @@ -298,13 +289,6 @@ static void process_flags (int argc, char *const *argv) hostname = optarg; reason = PW_TELNET; break; -#ifdef RLOGIN - case 'r': - rflg = true; - hostname = optarg; - reason = PW_RLOGIN; - break; -#endif /* RLOGIN */ case 'p': pflg = true; break; @@ -313,21 +297,11 @@ static void process_flags (int argc, char *const *argv) } } -#ifdef RLOGIN - /* - * Neither -h nor -f should be combined with -r. - */ - - if (rflg && (hflg || fflg)) { - usage (); - } -#endif /* RLOGIN */ - /* * Allow authentication bypass only if real UID is zero. */ - if ((rflg || fflg || hflg) && !amroot) { + if ((fflg || hflg) && !amroot) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); exit (1); } @@ -342,11 +316,6 @@ static void process_flags (int argc, char *const *argv) ++optind; } -#ifdef RLOGIN - if (rflg && (NULL != username)) { - usage (); - } -#endif /* RLOGIN */ if (fflg && (NULL == username)) { usage (); } @@ -474,7 +443,6 @@ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *use * the flags which login supports are * * -p - preserve the environment - * -r - perform autologin protocol for rlogin * -f - do not perform authentication, user is preauthenticated * -h - the name of the remote host */ @@ -505,9 +473,6 @@ int main (int argc, char **argv) # if defined(ENABLE_LASTLOG) char ptime[80]; # endif -#endif -#if defined(RLOGIN) - char term[128] = ""; #endif /* @@ -559,7 +524,7 @@ int main (int argc, char **argv) is_console = console (tty); #endif - if (rflg || hflg) { + if (hflg) { /* * Add remote hostname to the environment. I think * (not sure) I saw it once on Irix. --marekm @@ -572,23 +537,6 @@ int main (int argc, char **argv) if (hflg) { reason = PW_RLOGIN; } -#ifdef RLOGIN - if (rflg) { - size_t max_size; - - max_size = login_name_max_size(); - assert (NULL == username); - username = XMALLOC(max_size, char); - username[max_size - 1] = '\0'; - if (do_rlogin(hostname, username, max_size, term, sizeof(term))) - { - preauth_flag = true; - } else { - free (username); - username = NULL; - } - } -#endif /* RLOGIN */ OPENLOG (Prog); @@ -623,18 +571,11 @@ int main (int argc, char **argv) } } -#ifdef RLOGIN - if (term[0] != '\0') { - addenv ("TERM", term); - } else -#endif /* RLOGIN */ - { - /* preserve TERM from getty */ - if (!pflg) { - tmp = getenv ("TERM"); - if (NULL != tmp) { - addenv ("TERM", tmp); - } + /* preserve TERM from getty */ + if (!pflg) { + tmp = getenv ("TERM"); + if (NULL != tmp) { + addenv ("TERM", tmp); } } @@ -644,7 +585,7 @@ int main (int argc, char **argv) set_env (argc - optind, &argv[optind]); } - if (rflg || hflg) { + if (hflg) { cp = hostname; } else if ((host != NULL) && (host[0] != '\0')) { cp = host; @@ -954,7 +895,7 @@ int main (int argc, char **argv) } /* - * The -r and -f flags provide a name which has already + * The -f flag provides a name which has already * been authenticated by some server. */ if (preauth_flag) { @@ -1043,8 +984,8 @@ int main (int argc, char **argv) (void) puts (_("Login incorrect")); - /* allow only one attempt with -r or -f */ - if (rflg || fflg || (retries <= 0)) { + /* allow only one attempt with -f */ + if (fflg || (retries <= 0)) { closelog (); exit (1); } diff --git a/tests/bug332198-test.exp b/tests/bug332198-test.exp deleted file mode 100755 index fd365bb6c..000000000 --- a/tests/bug332198-test.exp +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/expect -f - -# This is a script for repeatedly logging into the localhost -# using `rlogin` in order to apparently see a symptoms described -# in bug #332198. -# As described in the bug log, sometimes `rlogind` will fail to -# establish a connection, because it starts "login" process and -# the latter fails with "unable to determine TTY name, got /dev/pts/1" -# message. -# -# BUGS -# -# * the script rlogins to localhost -# * the script doesn't handle passwdord prompt, because it's intended -# to use .rhosts auth and expects shell prompt immediately after -# `rlogin` -# * the regexp for shell prompt is hardcoded - -log_user 0 -match_max 8192 - -while {1} { - set rlogin_spawn [spawn rlogin localhost] - if { $rlogin_spawn == 0 } { exit 1 } - expect { - -timeout 10 -re "^.*(Last login\[^\r\n\]*).*\n(\[^\r\n\]*\[#$\] )$" { - send_error "$expect_out(1,string)\n" - send_error "$expect_out(2,string)\n" -# send_error "$expect_out(0,string)\n" - } - timeout { - send_error "TIMEOUT/prompt\n" - send_error "$expect_out(buffer)\n" - send_error "RETRYING\n" - log_user 1 - send "tty /\r" - expect -timeout 2 -re "^.*\r?\n(\[^\r\n\]*# )$" {} - send "tty /\r" - expect -timeout 2 -re "^.*\r?\n(\[^\r\n\]*# )$" {} - send_error "\n" - exit 2 - } - } - send "tty\r" - expect { - -timeout 4 -re "tty\r?\n(\[^\r\n\]*)\r?\n(\[^\r\n\]*\[#$\] )$" { - send_error "$expect_out(2,string)$expect_out(1,string)\n" -# send_error "$expect_out(0,string)\n" - } - timeout { send_error "TIMEOUT/tty\n" ; exit 3 } - } - send "exit\r" - expect { - -timeout 2 eof { -# send_error "OK4: EOF\n" - } - timeout { send_error "TIMEOUT/eof\n" ; exit 4 } - } - wait -} -# vi: set sw=4: