mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-12-29 13:22:21 +01:00
164 lines
3.4 KiB
Diff
164 lines
3.4 KiB
Diff
--- appl/rsh/rsh.c.orig
|
|
+++ b/appl/rsh/rsh.c
|
|
@@ -399,6 +399,8 @@
|
|
|
|
#endif /* KRB5 */
|
|
|
|
+#ifdef BROKEN_AUTH
|
|
+
|
|
static int
|
|
send_broken_auth(int s,
|
|
struct sockaddr *thisaddr,
|
|
@@ -428,6 +430,8 @@
|
|
return 0;
|
|
}
|
|
|
|
+#endif /* BROKEN_AUTH */
|
|
+
|
|
static int
|
|
proto (int s, int errsock,
|
|
const char *hostname, const char *local_user, const char *remote_user,
|
|
@@ -629,6 +633,8 @@
|
|
return res;
|
|
}
|
|
|
|
+#ifdef BROKEN_AUTH
|
|
+
|
|
static int
|
|
doit_broken (int argc,
|
|
char **argv,
|
|
@@ -702,6 +708,8 @@
|
|
}
|
|
}
|
|
|
|
+#endif
|
|
+
|
|
#if defined(KRB5)
|
|
static int
|
|
doit (const char *hostname,
|
|
@@ -796,7 +804,9 @@
|
|
{ "protocol", 'P', arg_string, &protocol_version_str,
|
|
"Protocol version [krb5]", "protocol" },
|
|
#endif
|
|
+#ifdef BROKEN_AUTH
|
|
{ "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
|
|
+#endif
|
|
#if defined(KRB5)
|
|
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
|
|
{ NULL, 'z', arg_negative_flag, &do_encrypt,
|
|
@@ -831,8 +841,10 @@
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
+#ifdef BROKEN_AUTH
|
|
int priv_port1, priv_port2;
|
|
int priv_socket1, priv_socket2;
|
|
+#endif
|
|
int argindex = 0;
|
|
int error;
|
|
struct addrinfo hints, *ai;
|
|
@@ -848,9 +860,11 @@
|
|
#endif
|
|
uid_t uid;
|
|
|
|
+#ifdef BROKEN_AUTH
|
|
priv_port1 = priv_port2 = IPPORT_RESERVED-1;
|
|
priv_socket1 = rresvport(&priv_port1);
|
|
priv_socket2 = rresvport(&priv_port2);
|
|
+#endif
|
|
uid = getuid ();
|
|
if (setuid (uid) || (uid != 0 && setuid(0) == 0))
|
|
err (1, "setuid");
|
|
@@ -907,6 +921,7 @@
|
|
|
|
#endif
|
|
|
|
+#ifdef BROKEN_AUTH
|
|
if (use_only_broken) {
|
|
#ifdef KRB5
|
|
use_v5 = 0;
|
|
@@ -918,6 +933,7 @@
|
|
errx (1, "unable to bind reserved port: is rsh setuid root?");
|
|
use_broken = 0;
|
|
}
|
|
+#endif
|
|
|
|
#if defined(KRB5)
|
|
if (do_encrypt == 1 && use_only_broken)
|
|
@@ -956,8 +972,10 @@
|
|
}
|
|
|
|
if (argindex == argc) {
|
|
+#ifdef BROKEN_AUTH
|
|
close (priv_socket1);
|
|
close (priv_socket2);
|
|
+#endif
|
|
argv[0] = "rlogin";
|
|
execvp ("rlogin", argv);
|
|
err (1, "execvp rlogin");
|
|
@@ -1004,6 +1022,7 @@
|
|
freeaddrinfo(ai);
|
|
}
|
|
#endif
|
|
+#ifdef BROKEN_AUTH
|
|
if (ret && use_broken) {
|
|
memset (&hints, 0, sizeof(hints));
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
@@ -1027,6 +1046,7 @@
|
|
cmd, cmd_len);
|
|
freeaddrinfo(ai);
|
|
}
|
|
+#endif
|
|
free(cmd);
|
|
return ret;
|
|
}
|
|
--- appl/rsh/rshd.c.orig
|
|
+++ b/appl/rsh/rshd.c
|
|
@@ -131,6 +131,7 @@
|
|
fatal(s, NULL, "%s too long", expl);
|
|
}
|
|
|
|
+#ifdef BROKEN_AUTH
|
|
static int
|
|
recv_bsd_auth (int s, u_char *buf,
|
|
struct sockaddr_in *thisaddr,
|
|
@@ -152,6 +153,7 @@
|
|
fatal(s, NULL, "Login incorrect.");
|
|
return 0;
|
|
}
|
|
+#endif
|
|
|
|
#ifdef KRB5
|
|
static int
|
|
@@ -658,10 +660,11 @@
|
|
/*
|
|
* we only do reserved port for IPv4
|
|
*/
|
|
-
|
|
+#ifdef BROKEN_AUTH
|
|
if (erraddr->sa_family == AF_INET)
|
|
errsock = rresvport (&priv_port);
|
|
else
|
|
+#endif
|
|
errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
|
|
if (errsock < 0)
|
|
syslog_and_die ("socket: %s", strerror(errno));
|
|
@@ -689,6 +692,7 @@
|
|
syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
|
|
buf[0], buf[1], buf[2], buf[3]);
|
|
} else {
|
|
+#ifdef BROKEN_AUTH
|
|
if(recv_bsd_auth (s, buf,
|
|
(struct sockaddr_in *)thisaddr,
|
|
(struct sockaddr_in *)thataddr,
|
|
@@ -702,6 +706,9 @@
|
|
}
|
|
} else
|
|
syslog_and_die("recv_bsd_auth failed");
|
|
+#else
|
|
+ syslog_and_die("recv_bsd_auth is disabled for security reasons");
|
|
+#endif
|
|
}
|
|
|
|
if (client_user == NULL || server_user == NULL || cmd == NULL)
|