Date: Wed, 08 Nov 2000 17:04:25 -0700 From: Warner Losh <imp@village.org> To: audit@freebsd.org Subject: Please review Message-ID: <200011090004.RAA34374@harmony.village.org>
next in thread | raw e-mail | index | archive | help
I'd like to commit the following change to -current and eventually
stable. It adds the -N flag which restores the old behavior wrt null
passwords. Turns out that for a lot of reasons, we need this for our
products. We don't want to trust other hosts, unless the account has
no password. This is different than + + in subtle ways, and the user
list is going to be volatile from machine to machine and over time.
Warner
Index: rshd.c
===================================================================
RCS file: /base/FreeBSD-tsc-4/libexec/rshd/rshd.c,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 rshd.c
--- rshd.c 2000/07/28 17:54:16 1.1.1.4
+++ rshd.c 2000/11/08 23:49:21
@@ -87,6 +87,7 @@
int keepalive = 1;
int log_success; /* If TRUE, log all successful accesses */
+int no_null_password = 1;
int sent_null;
int no_delay;
#ifdef CRYPT
@@ -117,7 +118,7 @@
extern int auth_pam __P((char *));
#endif
-#define OPTIONS "alnDL"
+#define OPTIONS "alnDLN"
int
main(argc, argv)
@@ -154,6 +155,9 @@
case 'L':
log_success = 1;
break;
+ case 'N':
+ no_null_password = 0;
+ break;
case '?':
default:
usage();
@@ -399,8 +403,10 @@
if (errorstr ||
(pwd->pw_expire && time(NULL) >= pwd->pw_expire) ||
- iruserok_sa(fromp, fromp->su_len, pwd->pw_uid == 0,
- remuser, locuser) < 0) {
+ ((no_null_password ||
+ (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0')) &&
+ iruserok_sa(fromp, fromp->su_len, pwd->pw_uid == 0,
+ remuser, locuser) < 0)) {
if (__rcmd_errstr)
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011090004.RAA34374>