rshd should give the same error message when the user doesn't exist

as for when there is no .rhosts/hosts.equiv.  With a different
error message an information gathering attack can be done.
Noted by David Holland <dholland@eecs.harvard.edu>.

2 files changed, 5 insertions, 6 deletions

diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8
index 8af0725bd02..83a0252075f 100644
--- a/libexec/rshd/rshd.8
+++ b/libexec/rshd/rshd.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     from: @(#)rshd.8	8.1 (Berkeley) 6/4/93
-.\"	$Id: rshd.8,v 1.2 1996/07/13 11:23:17 deraadt Exp $
+.\"	$Id: rshd.8,v 1.3 1997/06/15 05:10:39 millert Exp $
 .\"
 .Dd June 4, 1993
 .Dt RSHD 8
@@ -188,14 +188,13 @@ longer than 16 characters.
 .It Sy Command too long  .
 The command line passed exceeds the size of the argument
 list (as configured into the system).
-.It Sy Login incorrect.
-No password file entry for the user name existed.
 .It Sy Remote directory.
 The 
 .Xr chdir
 command to the home directory failed.
 .It Sy Permission denied.
-The authentication procedure described above failed.
+The authentication procedure described above failed or
+there is no password file entry for the specified user.
 .It Sy Can't make pipe.
 The pipe needed for the 
 .Em stderr ,
diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index a825e70a61e..694f2bb4550 100644
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c
@@ -39,7 +39,7 @@ static char copyright[] =
 
 #ifndef lint
 /* from: static char sccsid[] = "@(#)rshd.c	8.2 (Berkeley) 4/6/94"; */
-static char *rcsid = "$Id: rshd.c,v 1.16 1997/02/13 22:32:46 deraadt Exp $";
+static char *rcsid = "$Id: rshd.c,v 1.17 1997/06/15 05:10:39 millert Exp $";
 #endif /* not lint */
 
 /*
@@ -426,7 +426,7 @@ doit(fromp)
 		    "%s@%s as %s: unknown login. cmd='%.80s'",
 		    remuser, hostname, locuser, cmdbuf);
 		if (errorstr == NULL)
-			errorstr = "Login incorrect.\n";
+			errorstr = "Permission denied.\n";
 		goto fail;
 	}