From owner-freebsd-current  Mon Nov 20 12:56:16 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id MAA06070
          for current-outgoing; Mon, 20 Nov 1995 12:56:16 -0800
Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA06061
          for <current@FreeBSD.ORG>; Mon, 20 Nov 1995 12:56:10 -0800
Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id NAA01992; Mon, 20 Nov 1995 13:54:15 -0700
From: Terry Lambert <terry@lambert.org>
Message-Id: <199511202054.NAA01992@phaeton.artisoft.com>
Subject: Re: rlogind wont allow root without password... rshd will.
To: peter@jhome.DIALix.COM (Peter Wemm)
Date: Mon, 20 Nov 1995 13:54:15 -0700 (MST)
Cc: terry@lambert.org, current@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.91.951120111343.28345A-100000@jhome.DIALix.COM> from "Peter Wemm" at Nov 20, 95 11:23:39 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1106      
Sender: owner-current@FreeBSD.ORG
Precedence: bulk

> rshd is working perfectly..  It is correctly ignoring hosts.equiv (via 
> iruserok() etc in libc) but is allowing explicit configuration in the 
> .rhosts file of root.

Ah.  This is more information.

> This is what I want to change:
> 
> Index: rlogind.c
> ===================================================================
> RCS file: /home/ncvs/src/libexec/rlogind/rlogind.c,v
> retrieving revision 1.5
> diff -u -5 -r1.5 rlogind.c
> --- rlogind.c	1995/10/15 03:40:57	1.5
> +++ rlogind.c	1995/11/20 03:19:24
> @@ -585,14 +585,13 @@
>  	getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
>  
>  	pwd = getpwnam(lusername);
>  	if (pwd == NULL)
>  		return (-1);
> -	if (pwd->pw_uid == 0)
> -		return (-1);
>  	/* XXX why don't we syslog() failure? */
> -	return (iruserok(dest->sin_addr.s_addr, 0, rusername, lusername));
> +	return (iruserok(dest->sin_addr.s_addr, pwd->pw_uid == 0,
> +		rusername, lusername));
>  }

OK, I buy this change.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.