Date: Wed, 08 Nov 2000 17:04:25 -0700 From: Warner Losh <imp@village.org> To: audit@freebsd.org Subject: Please review Message-ID: <200011090004.RAA34374@harmony.village.org>
next in thread | raw e-mail | index | archive | help
I'd like to commit the following change to -current and eventually stable. It adds the -N flag which restores the old behavior wrt null passwords. Turns out that for a lot of reasons, we need this for our products. We don't want to trust other hosts, unless the account has no password. This is different than + + in subtle ways, and the user list is going to be volatile from machine to machine and over time. Warner Index: rshd.c =================================================================== RCS file: /base/FreeBSD-tsc-4/libexec/rshd/rshd.c,v retrieving revision 1.1.1.4 diff -u -r1.1.1.4 rshd.c --- rshd.c 2000/07/28 17:54:16 1.1.1.4 +++ rshd.c 2000/11/08 23:49:21 @@ -87,6 +87,7 @@ int keepalive = 1; int log_success; /* If TRUE, log all successful accesses */ +int no_null_password = 1; int sent_null; int no_delay; #ifdef CRYPT @@ -117,7 +118,7 @@ extern int auth_pam __P((char *)); #endif -#define OPTIONS "alnDL" +#define OPTIONS "alnDLN" int main(argc, argv) @@ -154,6 +155,9 @@ case 'L': log_success = 1; break; + case 'N': + no_null_password = 0; + break; case '?': default: usage(); @@ -399,8 +403,10 @@ if (errorstr || (pwd->pw_expire && time(NULL) >= pwd->pw_expire) || - iruserok_sa(fromp, fromp->su_len, pwd->pw_uid == 0, - remuser, locuser) < 0) { + ((no_null_password || + (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0')) && + iruserok_sa(fromp, fromp->su_len, pwd->pw_uid == 0, + remuser, locuser) < 0)) { if (__rcmd_errstr) syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011090004.RAA34374>