diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-07-31 09:15:54 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-07-31 09:15:54 +0000 |
| commit | 070f8244dbf0193ebec12bf53efc81f0b21bfd22 (patch) | |
| tree | e28d578154445dfd25e8843d2954889d818f41ec | |
| parent | f8a2b758ffe991a178b1954e1c67d690e0cef123 (diff) | |
ah heck, impliment -a flag and turn it on by default. kills netbsd pr#1295
| -rw-r--r-- | libexec/rlogind/rlogind.8 | 5 | ||||
| -rw-r--r-- | libexec/rlogind/rlogind.c | 29 |
2 files changed, 30 insertions, 4 deletions
diff --git a/libexec/rlogind/rlogind.8 b/libexec/rlogind/rlogind.8 index b8341b43717..2f5872d8a08 100644 --- a/libexec/rlogind/rlogind.8 +++ b/libexec/rlogind/rlogind.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)rlogind.8 8.1 (Berkeley) 6/4/93 -.\" $Id: rlogind.8,v 1.2 1996/07/31 09:05:14 deraadt Exp $ +.\" $Id: rlogind.8,v 1.3 1996/07/31 09:15:52 deraadt Exp $ .\" .Dd June 4, 1993 .Dt RLOGIND 8 @@ -51,6 +51,9 @@ with authentication based on privileged port numbers from trusted hosts. Options supported by .Nm rlogind : .Bl -tag -width Ds +.It Fl a +Ask hostname for verification. This flag is ignored; this feature is +always enabled. .It Fl l Prevent any authentication based on the user's .Dq Pa .rhosts diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c index 69004d7bc31..cc89ab8d087 100644 --- a/libexec/rlogind/rlogind.c +++ b/libexec/rlogind/rlogind.c @@ -39,7 +39,7 @@ static char copyright[] = #ifndef lint /* from: static char sccsid[] = "@(#)rlogind.c 8.1 (Berkeley) 6/4/93"; */ -static char *rcsid = "$Id: rlogind.c,v 1.5 1996/07/31 09:05:15 deraadt Exp $"; +static char *rcsid = "$Id: rlogind.c,v 1.6 1996/07/31 09:15:53 deraadt Exp $"; #endif /* not lint */ /* @@ -90,9 +90,9 @@ u_char tick_buf[sizeof(KTEXT_ST)]; Key_schedule schedule; int doencrypt, retval, use_kerberos, vacuous; -#define ARGSTR "lnkvx" +#define ARGSTR "alnkvx" #else -#define ARGSTR "ln" +#define ARGSTR "aln" #endif /* KERBEROS */ char *env[2]; @@ -101,6 +101,7 @@ char lusername[NMAX+1], rusername[NMAX+1]; static char term[64] = "TERM="; #define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */ int keepalive = 1; +int check_all = 1; struct passwd *pwd; @@ -131,6 +132,9 @@ main(argc, argv) opterr = 0; while ((ch = getopt(argc, argv, ARGSTR)) != EOF) switch (ch) { + case 'a': + /* check_all = 1; */ + break; case 'l': __check_rhosts_file = 0; break; @@ -215,6 +219,25 @@ doit(f, fromp) else strncpy(hostname, inet_ntoa(fromp->sin_addr), sizeof hostname); + if (check_all) { + int good = 0; + + hp = gethostbyname(hostname); + if (hp) { + for (; good == 0 && hp->h_addr_list[0] != NULL; + hp->h_addr_list++) + if (!bcmp(hp->h_addr_list[0], + (caddr_t)&fromp->sin_addr, + sizeof(fromp->sin_addr))) + good = 1; + } + + /* aha, the DNS looks spoofed */ + if (hp == NULL || good == 0) + strncpy(hostname, inet_ntoa(fromp->sin_addr), + sizeof hostname); + } + #ifdef KERBEROS if (use_kerberos) { retval = do_krb_login(fromp); |