D6594.1775869913.diff
View Options

	Index: head/libexec/rshd/Makefile
	===================================================================
	--- head/libexec/rshd/Makefile
	+++ head/libexec/rshd/Makefile
	@@ -2,6 +2,9 @@
	# $FreeBSD$

	PACKAGE=rcmds
	+
	+.include <src.opts.mk>
	+
	PROG= rshd
	MAN= rshd.8

	@@ -12,4 +15,10 @@

	LIBADD= util pam

	+.if ${MK_BLACKLIST_SUPPORT} != "no"
	+CFLAGS+= -DUSE_BLACKLIST -I${SRCTOP}/contrib/blacklist/include
	+LIBADD+= blacklist
	+LDFLAGS+=-L${LIBBLACKLISTDIR}
	+.endif
	+
	.include <bsd.prog.mk>
	Index: head/libexec/rshd/rshd.c
	===================================================================
	--- head/libexec/rshd/rshd.c
	+++ head/libexec/rshd/rshd.c
	@@ -88,6 +88,10 @@
	#include <security/openpam.h>
	#include <sys/wait.h>

	+#ifdef USE_BLACKLIST
	+#include <blacklist.h>
	+#endif
	+
	static struct pam_conv pamc = { openpam_nullconv, NULL };
	static pam_handle_t *pamh;
	static int pam_err;
	@@ -252,6 +256,9 @@
	"connection from %s on illegal port %u",
	numericname,
	srcport);
	+#ifdef USE_BLACKLIST
	+ blacklist(1, STDIN_FILENO, "illegal port");
	+#endif
	exit(1);
	}

	@@ -285,6 +292,9 @@
	"2nd socket from %s on unreserved port %u",
	numericname,
	port);
	+#ifdef USE_BLACKLIST
	+ blacklist(1, STDIN_FILENO, "unreserved port");
	+#endif
	exit(1);
	}
	((in_port_t )&fromp->sa_data) = htons(port);
	@@ -309,6 +319,9 @@
	if (pam_err != PAM_SUCCESS) {
	syslog(LOG_ERR\|LOG_AUTH, "pam_start(): %s",
	pam_strerror(pamh, pam_err));
	+#ifdef USE_BLACKLIST
	+ blacklist(1, STDIN_FILENO, "login incorrect");
	+#endif
	rshd_errx(1, "Login incorrect.");
	}

	@@ -316,6 +329,9 @@
	(pam_err = pam_set_item(pamh, PAM_RHOST, rhost)) != PAM_SUCCESS) {
	syslog(LOG_ERR\|LOG_AUTH, "pam_set_item(): %s",
	pam_strerror(pamh, pam_err));
	+#ifdef USE_BLACKLIST
	+ blacklist(1, STDIN_FILENO, "login incorrect");
	+#endif
	rshd_errx(1, "Login incorrect.");
	}

	@@ -332,6 +348,9 @@
	syslog(LOG_INFO\|LOG_AUTH,
	"%s@%s as %s: permission denied (%s). cmd='%.80s'",
	ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf);
	+#ifdef USE_BLACKLIST
	+ blacklist(1, STDIN_FILENO, "permission denied");
	+#endif
	rshd_errx(1, "Login incorrect.");
	}

	@@ -341,6 +360,9 @@
	syslog(LOG_INFO\|LOG_AUTH,
	"%s@%s as %s: unknown login. cmd='%.80s'",
	ruser, rhost, luser, cmdbuf);
	+#ifdef USE_BLACKLIST
	+ blacklist(1, STDIN_FILENO, "unknown login");
	+#endif
	if (errorstr == NULL)
	errorstr = "Login incorrect.";
	rshd_errx(1, errorstr, rhost);
	@@ -373,6 +395,9 @@
	"%s@%s as %s: permission denied (%s). cmd='%.80s'",
	ruser, rhost, luser, __rcmd_errstr,
	cmdbuf);
	+#ifdef USE_BLACKLIST
	+ blacklist(1, STDIN_FILENO, "permission denied");
	+#endif
	rshd_errx(1, "Login incorrect.");
	}
	if (!auth_timeok(lc, time(NULL)))
	@@ -468,6 +493,9 @@
	}
	}

	+#ifdef USE_BLACKLIST
	+ blacklist(0, STDIN_FILENO, "success");
	+#endif
	for (fd = getdtablesize(); fd > 2; fd--)
	(void) close(fd);
	if (setsid() == -1)
	@@ -534,8 +562,12 @@
	if (read(STDIN_FILENO, &c, 1) != 1)
	exit(1);
	*buf++ = c;
	- if (--cnt == 0)
	+ if (--cnt == 0) {
	+#ifdef USE_BLACKLIST
	+ blacklist(1, STDIN_FILENO, "buffer overflow");
	+#endif
	rshd_errx(1, "%s too long", error);
	+ }
	} while (c != 0);
	}

File Metadata

Mime Type: text/plain
Expires: Sat, Apr 11, 1:11 AM (8 h, 39 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28321281
Default Alt Text: D6594.1775869913.diff (3 KB)

D6594.1775869913.diff
No OneTemporary
Actions

D6594.1775869913.diff
View Options

File Metadata

Event Timeline

D6594.1775869913.diffNo OneTemporaryActions

D6594.1775869913.diffView Options

File Metadata

Event Timeline

D6594.1775869913.diff
No OneTemporary
Actions

D6594.1775869913.diff
View Options