From owner-freebsd-bugs  Tue Nov 10 17:30:02 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA18261
          for freebsd-bugs-outgoing; Tue, 10 Nov 1998 17:30:02 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA18211
          for <freebsd-bugs@FreeBSD.org>; Tue, 10 Nov 1998 17:29:58 -0800 (PST)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id RAA29997;
	Tue, 10 Nov 1998 17:30:01 -0800 (PST)
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA18166
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Nov 1998 17:29:37 -0800 (PST)
          (envelope-from cschuber@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.9.1/8.8.8) id RAA13977
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Nov 1998 17:29:16 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda13975; Tue Nov 10 17:29:11 1998
Received: (from cschuber@localhost)
	by passer.osg.gov.bc.ca (8.9.1/8.9.1) id RAA20476;
	Tue, 10 Nov 1998 17:29:10 -0800 (PST)
Message-Id: <199811110129.RAA20476@passer.osg.gov.bc.ca>
Date: Tue, 10 Nov 1998 17:29:10 -0800 (PST)
From: Cy Schubert <cschuber@uumail.gov.bc.ca>
Reply-To: cschuber@uumail.gov.bc.ca
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/8646: Implement rlogind -a option
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         8646
>Category:       bin
>Synopsis:       Implement rlogind -a option
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 10 17:30:01 PST 1998
>Last-Modified:
>Originator:     Cy Schubert
>Organization:
ITSD, Province of British Columbia
>Release:        FreeBSD 2.2.7-RELEASE i386
>Environment:

	FreeBSD passer.osg.gov.bc.ca 2.2.7-RELEASE FreeBSD 2.2.7-RELEASE #0: Sat Oct 31 09:54:11 PST 1998     root@passer.osg.gov.bc.ca:/opt/usr_src-227/src/sys/compile/PASSER  i386

>Description:

	Implement rshd's -a option in rlogind.  Hopefully this will
	provide a little better security.

>How-To-Repeat:

	N/A

>Fix:
	

--- /usr/src/libexec/rlogind/rlogind.c	Sun Jul 19 03:57:45 1998
+++ /tmp/libexec/rlogind/rlogind.c	Tue Nov 10 17:26:38 1998
@@ -215,6 +215,8 @@
 	int authenticated = 0;
 	register struct hostent *hp;
 	char hostname[2 * MAXHOSTNAMELEN + 1];
+	char remotehost[2 * MAXHOSTNAMELEN + 1];
+	char *errorstr = NULL;
 	char c;
 
 	alarm(60);
@@ -229,14 +231,58 @@
 
 	alarm(0);
 	fromp->sin_port = ntohs((u_short)fromp->sin_port);
+	errorstr = NULL;
 	hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof(struct in_addr),
 	    fromp->sin_family);
 	if (hp) {
 		(void)strncpy(hostname, hp->h_name, sizeof(hostname));
+		(void)strncpy(hostname, hp->h_name, sizeof(hostname) - 1);
+		hostname[sizeof(hostname) - 1] = 0;
+#ifdef	KERBEROS
+		if (!use_kerberos)
+#endif
+		if (check_all || local_domain(hp->h_name)) {
+			strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1);
+			remotehost[sizeof(remotehost) - 1] = 0;
+			hp = gethostbyname(remotehost);
+			if (hp == NULL) {
+				syslog(LOG_INFO,
+				    "couldn't look up address for %s",
+				    remotehost);
+				errorstr =
+				"Couldn't look up address for your host (%s)\n";
+				strncpy(hostname, inet_ntoa(fromp->sin_addr),
+					sizeof(hostname) - 1);
+				hostname[sizeof(hostname) - 1] = 0;
+			} else for (; ; hp->h_addr_list++) {
+				if (hp->h_addr_list[0] == NULL) {
+					syslog(LOG_NOTICE,
+					  "host addr %s not listed for host %s",
+					    inet_ntoa(fromp->sin_addr),
+					    hp->h_name);
+					errorstr =
+					    "Host address mismatch for %s\n";
+					strncpy(hostname, inet_ntoa(fromp->sin_addr),
+						sizeof(hostname) - 1);
+					hostname[sizeof(hostname) - 1] = 0;
+					break;
+				}
+				if (!bcmp(hp->h_addr_list[0],
+				    (caddr_t)&fromp->sin_addr,
+				    sizeof(fromp->sin_addr))) {
+					(void)strncpy(hostname, remotehost, sizeof(hostname) - 1);
+					hostname[sizeof(hostname) - 1] = 0;
+					break;
+				}
+			}
+			if (errorstr)
+				fatal(f,errorstr,0);
+		}
 	} else {
-		(void)strncpy(hostname, inet_ntoa(fromp->sin_addr), sizeof(hostname));
+		(void)strncpy(hostname, inet_ntoa(fromp->sin_addr),
+			sizeof(hostname) - 1);
+		hostname[sizeof(hostname) - 1] = 0;
 	}
-	hostname[sizeof(hostname) - 1] = '\0';
 
 #ifdef	KERBEROS
 	if (use_kerberos) {
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message