document non-literal format strings

Default to WARNS=4
Exceptions that need a lower level are:
getty ld.elf_so lfs_cleanerd makewhatis telnetd tftpd
hpropd ipropd-master ipropd-slave kadmind kpasswdd

branches: 1.17.28;
KNF, WARNS == 3. Reported by John Nemeth

branches: 1.16.2;
Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications. The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.

PAMify.

Only compile in IPv6 support if ${USE_INET6} != "no"

MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).

revert previous; this *DOES* use -lutil

don't need -lutil here

IPv6 support.

declare -DLOGIN_CAP in CPPFLAGS, not in CFLAGS.

Login.conf-ify rshd. Heavily inspired by FreeBSD.

merge lite-2 Makefiles (rcsids), and turn on WARNS for all of libexec.

WARNS?=1

specify man pages the new way.

kill kerberos and stream encryption support, so it's exportable.

clean up import, RCS ids

don't need -lutil

Add RCS identifiers.

branches: 1.1.1;
Initial revision

Remove workaround for ancient HTML generation code.

Bump date for previous, and some minor cleanup while here.

* Add ssh(1), sshd(8) and hosts_access(5) to SEE ALSO list.
(What would one look at for Kerberos?)
* Be a bit more explicit about the security implications of rsh & friends,
as suggested by Steven M. Bellovin and OK'd by Christos Zoulas

Code is not using gethostbyaddr any longer, but getnameinfo.
Fix references. Addresses part of PR 26337 by Peter Postma.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22284, verified by myself.

.Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.

Begin new sentences on new lines.
Patch from Robert Elz (kre at munnari oz au).

Generate <>& symbolically. I'm avoiding .../dist/... directories for now.

Whitespace nits.

document IPv4 mapped address twists.
- ftp(1): treats IPv4 mapped destination as IPv4 peer, not native IPv6 peer.
this does not support network with SIIT translator.
- rshd(8)/rlogind(8): rejects accesses from IPv4 mapped peer, to avoid
possible abuse of IPv4 mapped addr (rshd/rlogind use source address-based
auth so it is important to check the condition).

branches: 1.9.2;
Login.conf-ify rshd. Heavily inspired by FreeBSD.

More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages. Many more to
come.

fix bad .Xr references

Fix .Nm usage.

WARNS?=1

clean up import, RCS ids

add '-L' flag, for those of us who are *really* paranoid...
Logs all rsh commands (including failed ones).

Add RCS indentifiers.

branches: 1.1.1;
Initial revision

fix to compile without USE_PAM. (unused variables)

bin/46703: BSD r-commands use wrong source address for stderr
http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=46703
Bump libc minor for the addition of rresvport_af_addr()

branches: 1.49.2;
PR/45542: Henning Petersen: Misplaced parenthesis in rshd.c

Use static. Don't manipulate environ directly, just reset it and use
setenv.

fix sign-compare issue

branches: 1.46.6;
Remove the \n and tabs from the __COPYRIGHT() strings.

branches: 1.45.6;
convert __attribute__s to applicable cdefs.h macros

branches: 1.44.10;
change (mostly) int to socklen_t. GCC 4 doesn't like that int and
socklen_t are different signness.

check pwd != NULL

- use getpwnam_r

KNF, WARNS == 3. Reported by John Nemeth

branches: 1.40.2;
Handle the regular case too, not only the error case.

- Don't call pam functions after pam_end().
- Only call wait for our own pid.
- Improve error checking.
- Reorder some code to minimize diffs with FreeBSD.

Remove unnecessary cast.

Sort options.

Avoid source routing ip options. Described in:
http://www.citi.umich.edu/u/provos/papers/secnet-spoof.txt

Add missing goto badlogin; noticed by: Hisashi T Fujinaka

PAMify.

NI_WITHSCOPEID was not picked up by IETF standardization process

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22284, verified by myself.

use TCP_NODELAY

string manipulation cleanup

Call setsid() before (setusercontext() calls) setlogin() so we don't change
the username of inetd and everyone else that is logged in.
(approved by christos)

null commit

poll.h, not sys/poll.h

select() -> poll()

ANSIfy.
Lose \n from syslog messages.
strncpy() -> strlcpy().
Correct last arg to execl (NULL, not 0).
(From OpenBSD)

va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.

fix nested extern

- use SHUT_RDWR instead of 1+1 for the 2nd arg to shutdown()
- use LOG_ERR for fatal errors
- don't use LOG_ODELAY, it's the default

do not refer free'ed memory region. KAME PR 302 from ryo@iij.ad.jp

Format string cleanups by sommerfeld.

branches: 1.19.4;
reject conneciton attempt from IPv4 mapped address, just in case.
I thought of supporting it, however, rejected due to possible complication.
i prefer the safer side here... (code available, commented out)

IPv6 support.

Login.conf-ify rshd. Heavily inspired by FreeBSD.

branches: 1.16.2;
bzero->memset, bcopy->memcpy, bcmp->memcmp

const poisoning.

- use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames

Cosmetic changes; fix more indentation (just added/deleted white spaces).

fix indenting of a block

Compare a return value of getopt() against -1 instead of EOF.

WARNS?=1

Fix:
Save hostname in a permanent buffer, otherwise ruserok()
can trash it if it calls gethostbyname() or inet_ntoa().
Repeat by:
Add entries in .rhosts and login from a machine that does
not have an entry there. Notice that the error message
in syslog contains the last hostname in .rhosts and not
the original remote hostname.

kill kerberos and stream encryption support, so it's exportable.

clean up import, RCS ids

Add underscore to _check_rhosts_file

didn't apply that patch verbatim, and needless to say, i biffed it.

fix from vdlinden@fwi.uva.nl (Frank van der Linden) to prevent null deref

add '-L' flag, for those of us who are *really* paranoid...
Logs all rsh commands (including failed ones).

Add RCS identifiers.

branches: 1.1.1;
Initial revision