From ffac078d0b2e6f34494822b0167f7db5a36789ba Mon Sep 17 00:00:00 2001 From: Lauri Tirkkonen Date: Mon, 7 Aug 2017 16:27:26 +0300 Subject: [PATCH] remove rcmd(3socket) interfaces and rmt(1m) also remove some leftover rexd/rsh/rlogin references. casualties include: - in.rexecd(1m) - pam_rhosts_auth(5) - ufsdump(1m) and ufsrestore(1m) remote mode --- include/netdb.h | 12 - include/unistd.h | 12 - share/man/man1/login.1 | 33 +- share/man/man1m/Makefile | 2 - share/man/man1m/in.rexecd.1m | 179 ----- share/man/man1m/rmt.1m | 155 ---- share/man/man1m/ufsdump.1m | 21 - share/man/man1m/ufsrestore.1m | 11 - share/man/man3lib/libpam.3lib | 12 +- share/man/man3socket/Makefile | 2 - share/man/man3socket/rcmd.3socket | 173 ----- share/man/man3socket/rexec.3socket | 110 --- share/man/man4/pam.conf.4 | 30 +- share/man/man5/Makefile | 1 - share/man/man5/pam_rhosts_auth.5 | 67 -- usr/src/cmd/Makefile | 1 - usr/src/cmd/auditrecord/audit_record_attr.txt | 31 - usr/src/cmd/backup/dump/Makefile | 2 +- usr/src/cmd/backup/dump/dump.h | 1 - usr/src/cmd/backup/dump/dumpmain.c | 17 - usr/src/cmd/backup/dump/dumptape.c | 241 ++---- usr/src/cmd/backup/include/rmt.h | 64 -- usr/src/cmd/backup/lib/Makefile | 9 +- usr/src/cmd/backup/lib/myrcmd.c | 286 -------- usr/src/cmd/backup/lib/rmtlib.c | 541 -------------- usr/src/cmd/backup/restore/Makefile | 2 +- usr/src/cmd/backup/restore/tape.c | 145 ++-- usr/src/cmd/cmd-inet/usr.sbin/Makefile | 12 +- usr/src/cmd/cmd-inet/usr.sbin/in.rexecd.c | 570 --------------- usr/src/cmd/cmd-inet/usr.sbin/rexec.xml | 115 --- usr/src/cmd/login/login.c | 109 +-- usr/src/cmd/login/login_audit.c | 5 +- usr/src/cmd/rmt/Makefile | 50 -- usr/src/cmd/rmt/rmt.c | 505 ------------- usr/src/lib/libast/Makefile.com | 1 - .../lib/libast/amd64/src/lib/libast/FEATURE/uwin | 1 - usr/src/lib/libast/common/features/uwin | 2 +- usr/src/lib/libast/common/uwin/rcmd.c | 571 --------------- .../lib/libast/i386/src/lib/libast/FEATURE/uwin | 1 - .../lib/libast/sparc/src/lib/libast/FEATURE/uwin | 1 - .../lib/libast/sparcv9/src/lib/libast/FEATURE/uwin | 1 - usr/src/lib/libbsm/Makefile.com | 3 - usr/src/lib/libbsm/audit_event.txt | 4 - usr/src/lib/libbsm/common/adt.xml | 6 - usr/src/lib/libbsm/common/audit_private.h | 33 - usr/src/lib/libbsm/common/audit_rexd.c | 377 ---------- usr/src/lib/libbsm/common/audit_rexecd.c | 341 --------- usr/src/lib/libbsm/common/audit_rshd.c | 234 ------ usr/src/lib/libbsm/common/mapfile-vers | 9 - usr/src/lib/libc/amd64/Makefile | 2 +- usr/src/lib/libc/i386/Makefile.com | 2 +- usr/src/lib/libc/port/inet/rcmd.c | 813 --------------------- usr/src/lib/libc/port/inet/rexec.c | 187 ----- usr/src/lib/libc/port/mapfile-vers | 8 - usr/src/lib/libresolv/netdb.h | 10 - usr/src/lib/libsocket/common/mapfile-vers | 8 - usr/src/lib/pam_modules/Makefile | 1 - usr/src/lib/pam_modules/rhosts_auth/Makefile | 54 -- usr/src/lib/pam_modules/rhosts_auth/Makefile.com | 42 -- usr/src/lib/pam_modules/rhosts_auth/amd64/Makefile | 32 - usr/src/lib/pam_modules/rhosts_auth/i386/Makefile | 32 - usr/src/lib/pam_modules/rhosts_auth/mapfile-vers | 47 -- usr/src/lib/pam_modules/rhosts_auth/rhosts_auth.c | 116 --- usr/src/lib/pam_modules/rhosts_auth/sparc/Makefile | 32 - .../lib/pam_modules/rhosts_auth/sparcv9/Makefile | 33 - .../manifests/service-network-network-clients.mf | 2 - .../manifests/service-network-network-servers.mf | 4 - .../pkg/manifests/system-library.man3socket.inc | 2 - usr/src/pkg/manifests/system-library.man5.inc | 1 - usr/src/pkg/manifests/system-library.mf | 5 - 70 files changed, 144 insertions(+), 6400 deletions(-) delete mode 100644 share/man/man1m/in.rexecd.1m delete mode 100644 share/man/man1m/rmt.1m delete mode 100644 share/man/man3socket/rcmd.3socket delete mode 100644 share/man/man3socket/rexec.3socket delete mode 100644 share/man/man5/pam_rhosts_auth.5 delete mode 100644 usr/src/cmd/backup/include/rmt.h delete mode 100644 usr/src/cmd/backup/lib/myrcmd.c delete mode 100644 usr/src/cmd/backup/lib/rmtlib.c delete mode 100644 usr/src/cmd/cmd-inet/usr.sbin/in.rexecd.c delete mode 100644 usr/src/cmd/cmd-inet/usr.sbin/rexec.xml delete mode 100644 usr/src/cmd/rmt/Makefile delete mode 100644 usr/src/cmd/rmt/rmt.c delete mode 100644 usr/src/lib/libast/common/uwin/rcmd.c delete mode 100644 usr/src/lib/libbsm/common/audit_rexd.c delete mode 100644 usr/src/lib/libbsm/common/audit_rexecd.c delete mode 100644 usr/src/lib/libbsm/common/audit_rshd.c delete mode 100644 usr/src/lib/libc/port/inet/rcmd.c delete mode 100644 usr/src/lib/libc/port/inet/rexec.c delete mode 100644 usr/src/lib/pam_modules/rhosts_auth/Makefile delete mode 100644 usr/src/lib/pam_modules/rhosts_auth/Makefile.com delete mode 100644 usr/src/lib/pam_modules/rhosts_auth/amd64/Makefile delete mode 100644 usr/src/lib/pam_modules/rhosts_auth/i386/Makefile delete mode 100644 usr/src/lib/pam_modules/rhosts_auth/mapfile-vers delete mode 100644 usr/src/lib/pam_modules/rhosts_auth/rhosts_auth.c delete mode 100644 usr/src/lib/pam_modules/rhosts_auth/sparc/Makefile delete mode 100644 usr/src/lib/pam_modules/rhosts_auth/sparcv9/Makefile diff --git a/include/netdb.h b/include/netdb.h index 7ae777d353..9ca31553c7 100644 --- a/include/netdb.h +++ b/include/netdb.h @@ -330,18 +330,6 @@ int getnameinfo(const struct sockaddr *_RESTRICT_KYWD, int getnetgrent(char **, char **, char **); int setnetgrent(const char *); int endnetgrent(void); -int rcmd(char **, unsigned short, - const char *, const char *, const char *, int *); -int rcmd_af(char **, unsigned short, - const char *, const char *, const char *, int *, int); -int rresvport_af(int *, int); -int rresvport_addr(int *, struct sockaddr_storage *); -int rexec(char **, unsigned short, - const char *, const char *, const char *, int *); -int rexec_af(char **, unsigned short, - const char *, const char *, const char *, int *, int); -int rresvport(int *); -int ruserok(const char *, int, const char *, const char *); /* BIND */ struct hostent *gethostbyname2(const char *, int); void herror(const char *); diff --git a/include/unistd.h b/include/unistd.h index 19340f027b..486a213a53 100644 --- a/include/unistd.h +++ b/include/unistd.h @@ -454,11 +454,6 @@ extern int ptrace(int, pid_t, int, int); defined(__EXTENSIONS__) extern ssize_t pwrite(int, const void *, size_t, off_t); #endif -#if !defined(__XOPEN_OR_POSIX) || defined(__EXTENSIONS__) -/* per RFC 3542; This is also defined in netdb.h */ -extern int rcmd_af(char **, unsigned short, const char *, const char *, - const char *, int *, int); -#endif extern ssize_t read(int, void *, size_t); #if !defined(__XOPEN_OR_POSIX) || \ defined(_XPG4_2) || defined(__EXTENSIONS__) @@ -479,15 +474,8 @@ using std::rename; #endif /* (!defined(__XOPEN_OR_POSIX) || (defined(_XPG3)... */ #if !defined(__XOPEN_OR_POSIX) || defined(__EXTENSIONS__) extern int resolvepath(const char *, char *, size_t); -/* per RFC 3542; This is also defined in netdb.h */ -extern int rexec_af(char **, unsigned short, const char *, const char *, - const char *, int *, int); #endif /* !defined(__XOPEN_OR_POSIX)|| defined(__EXTENSIONS__) */ extern int rmdir(const char *); -#if !defined(__XOPEN_OR_POSIX) || defined(__EXTENSIONS__) -/* per RFC 3542; This is also defined in netdb.h */ -extern int rresvport_af(int *, int); -#endif #if !defined(__XOPEN_OR_POSIX) || (defined(_XPG4_2) && !defined(_XPG6)) || \ defined(__EXTENSIONS__) diff --git a/share/man/man1/login.1 b/share/man/man1/login.1 index 551304804c..d5d2a569a0 100644 --- a/share/man/man1/login.1 +++ b/share/man/man1/login.1 @@ -12,7 +12,7 @@ login \- sign on to the system .nf \fBlogin\fR [\fB-p\fR] [\fB-d\fR \fIdevice\fR] [\fB-R\fR \fIrepository\fR] [\fB-s\fR \fIservice\fR] [\fB-t\fR \fIterminal\fR] [\fB-u\fR \fIidentity\fR] [\fB-U\fR \fIruser\fR] - [\fB-h\fR \fIhostname\fR \fI[terminal]\fR | \fB-r\fR \fIhostname\fR] + [\fB-h\fR \fIhostname\fR \fI[terminal]\fR | \fIhostname\fR] [\fIname\fR [\fIenviron\fR]...] .fi @@ -197,10 +197,6 @@ other password required pam_authtok_store.so.1 If there are no entries for the service, then the entries for the \fBother\fR service is used. If multiple authentication modules are listed, then the user can be prompted for multiple passwords. -.sp -.LP -When \fBlogin\fR is invoked through \fBrlogind\fR or \fBtelnetd\fR, the service -name used by \fBPAM\fR is \fBrlogin\fR or \fBtelnet\fR, respectively. .SH OPTIONS .LP The following options are supported: @@ -243,15 +239,6 @@ Used to pass environment variables to the login shell. .sp .ne 2 .na -\fB\fB-r\fR \fIhostname\fR\fR -.ad -.RS 26n -Used by \fBin.rlogind\fR(1M) to pass information about the remote host. -.RE - -.sp -.ne 2 -.na \fB\fB-R\fR \fIrepository\fR\fR .ad .RS 26n @@ -283,20 +270,6 @@ name. For Kerberized login sessions, this is the Kerberos principal name associated with the user. .RE -.sp -.ne 2 -.na -\fB\fB-U\fR \fIruser\fR\fR -.ad -.RS 26n -Indicates the name of the person attempting to login on the remote side of the -rlogin connection. When \fBin.rlogind\fR(1M) is operating in Kerberized mode, -that daemon processes the terminal and remote user name information prior to -invoking \fBlogin\fR, so the "\fBruser\fR" data is indicated using this command -line parameter. Normally (non-Kerberos authenticated \fBrlogin\fR), the -\fBlogin\fR daemon reads the remote user information from the client. -.RE - .SH EXIT STATUS .LP The following exit values are returned: @@ -632,9 +605,9 @@ Interface Stability Committed .SH SEE ALSO .LP \fBcsh\fR(1), \fBexit\fR(1), \fBksh\fR(1), \fBksh93\fR(1), \fBmail\fR(1), -\fBmailx\fR(1), \fBnewgrp\fR(1), \fBpasswd\fR(1), \fBrlogin\fR(1), +\fBmailx\fR(1), \fBnewgrp\fR(1), \fBpasswd\fR(1), \fBrsh\fR(1), \fBsh\fR(1), \fBshell_builtins\fR(1), \fBtelnet\fR(1), -\fBumask\fR(1), \fBin.rlogind\fR(1M), \fBin.telnetd\fR(1M), \fBlogins\fR(1M), +\fBumask\fR(1), \fBin.telnetd\fR(1M), \fBlogins\fR(1M), \fBquota\fR(1M), \fBsu\fR(1M), \fBsulogin\fR(1M), \fBsyslogd\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBpam\fR(3PAM), \fBrcmd\fR(3SOCKET), \fBsyslog\fR(3C), \fBttyname\fR(3C), \fBauth_attr\fR(4), \fBexec_attr\fR(4), diff --git a/share/man/man1m/Makefile b/share/man/man1m/Makefile index c11cfdac5d..42d4dd4492 100644 --- a/share/man/man1m/Makefile +++ b/share/man/man1m/Makefile @@ -165,7 +165,6 @@ MAN = 6to4relay.1m \ in.ndpd.1m \ in.rarpd.1m \ in.rdisc.1m \ - in.rexecd.1m \ in.ripngd.1m \ in.routed.1m \ in.rwhod.1m \ @@ -335,7 +334,6 @@ MAN = 6to4relay.1m \ rem_drv.1m \ repquota.1m \ rmmount.1m \ - rmt.1m \ rmvolmgr.1m \ roleadd.1m \ roledel.1m \ diff --git a/share/man/man1m/in.rexecd.1m b/share/man/man1m/in.rexecd.1m deleted file mode 100644 index aa0031afa7..0000000000 --- a/share/man/man1m/in.rexecd.1m +++ /dev/null @@ -1,179 +0,0 @@ -'\" te -.\" Copyright 1989 AT&T -.\" Copyright (C) 2004, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH IN.REXECD 1M "Nov 4, 2004" -.SH NAME -in.rexecd, rexecd \- remote execution server -.SH SYNOPSIS -.LP -.nf -\fBin.rexecd\fR -.fi - -.SH DESCRIPTION -.sp -.LP -\fBin.rexecd\fR is the server for the \fBrexec\fR(3SOCKET) routine. The server -provides remote execution facilities with authentication based on user names -and passwords. It is invoked automatically as needed by \fBinetd\fR(1M), and -then executes the following protocol: -.RS +4 -.TP -1. -The server reads characters from the socket up to a null (\fB\e0\fR) byte. -The resultant string is interpreted as an \fBASCII\fR number, base 10. -.RE -.RS +4 -.TP -2. -If the number received in step 1 is non-zero, it is interpreted as the port -number of a secondary stream to be used for the \fBstderr\fR. A second -connection is then created to the specified port on the client's machine. -.RE -.RS +4 -.TP -3. -A null terminated user name of at most 16 characters is retrieved on the -initial socket. -.RE -.RS +4 -.TP -4. -A null terminated password of at most 16 characters is retrieved on the -initial socket. -.RE -.RS +4 -.TP -5. -A null terminated command to be passed to a shell is retrieved on the -initial socket. The length of the command is limited by the upper bound on the -size of the system's argument list. -.RE -.RS +4 -.TP -6. -\fBrexecd\fR then validates the user as is done at login time and, if the -authentication was successful, changes to the user's home directory, and -establishes the user and group protections of the user. If any of these steps -fail the connection is aborted and a diagnostic message is returned. -.RE -.RS +4 -.TP -7. -A null byte is returned on the connection associated with the \fBstderr\fR -and the command line is passed to the normal login shell of the user. The -shell inherits the network connections established by \fBrexecd\fR. -.RE -.SH USAGE -.sp -.LP -\fBin.rexecd\fR and \fBrexecd\fR are IPv6-enabled. See \fBip6\fR(7P). -.SH SEE ALSO -.sp -.LP -\fBsvcs\fR(1), \fBinetd\fR(1M), \fBinetadm\fR(1M), \fBsvcadm\fR(1M), -\fBrexec\fR(3SOCKET), \fBattributes\fR(5), \fBsmf\fR(5), \fBip6\fR(7P) -.SH DIAGNOSTICS -.sp -.LP -All diagnostic messages are returned on the connection associated with the -\fBstderr\fR, after which any network connections are closed. An error is -indicated by a leading byte with a value of 1 (0 is returned in step 7 above -upon successful completion of all the steps prior to the command execution). -.sp -.ne 2 -.na -\fB\fBusername too long\fR\fR -.ad -.RS 24n -The name is longer than 16 characters. -.RE - -.sp -.ne 2 -.na -\fB\fBpassword too long\fR\fR -.ad -.RS 24n -The password is longer than 16 characters. -.RE - -.sp -.ne 2 -.na -\fB\fBcommand too long\fR\fR -.ad -.RS 24n -The command line passed exceeds the size of the argument list (as configured -into the system). -.RE - -.sp -.ne 2 -.na -\fB\fBLogin incorrect.\fR\fR -.ad -.RS 24n -No password file entry for the user name existed. -.RE - -.sp -.ne 2 -.na -\fB\fBPassword incorrect.\fR\fR -.ad -.RS 24n -The wrong password was supplied. -.RE - -.sp -.ne 2 -.na -\fB\fBNo remote directory.\fR\fR -.ad -.RS 24n -The \fBchdir\fR command to the home directory failed. -.RE - -.sp -.ne 2 -.na -\fB\fBTry again.\fR\fR -.ad -.RS 24n -A \fBfork\fR by the server failed. -.RE - -.sp -.ne 2 -.na -\fB\fB/usr/bin/sh: ...\fR\fR -.ad -.RS 24n -The user's login shell could not be started. -.RE - -.SH NOTES -.sp -.LP -The \fBin.rexecd\fR service is managed by the service management facility, -\fBsmf\fR(5), under the service identifier: -.sp -.in +2 -.nf -svc:/network/rexec:default -.fi -.in -2 -.sp - -.sp -.LP -Administrative actions on this service, such as enabling, disabling, or -requesting restart, can be performed using \fBsvcadm\fR(1M). Responsibility for -initiating and restarting this service is delegated to \fBinetd\fR(1M). Use -\fBinetadm\fR(1M) to make configuration changes and to view configuration -information for this service. The service's status can be queried using the -\fBsvcs\fR(1) command. diff --git a/share/man/man1m/rmt.1m b/share/man/man1m/rmt.1m deleted file mode 100644 index 1aa7557997..0000000000 --- a/share/man/man1m/rmt.1m +++ /dev/null @@ -1,155 +0,0 @@ -'\" te -.\" Copyright (c) 1983 Regents of the University -.\" of California. All rights reserved. The Berkeley software License Agreement -.\" specifies the terms and conditions for redistribution. Copyright (c) 1995 -.\" Sun Microsystems, Inc. All Rights Reserved. -.\" from UCB 4.3 -.TH RMT 1M "Nov 6, 2000" -.SH NAME -rmt \- remote magtape protocol module -.SH SYNOPSIS -.LP -.nf -\fB/usr/sbin/rmt\fR -.fi - -.SH DESCRIPTION -.LP -\fBrmt\fR is a program used by the remote dump and restore programs in -manipulating a magnetic tape drive through an interprocess communication -connection. \fBrmt\fR is normally started up with an \fBrexec\fR(3SOCKET) or -\fBrcmd\fR(3SOCKET) call. -.sp -.LP -The \fBrmt\fR program accepts requests that are specific to the manipulation of -magnetic tapes, performs the commands, then responds with a status indication. -All responses are in \fBASCII\fR and in one of two forms. Successful commands -have responses of: -.sp -.in +2 -.nf - -.fi -.in -2 -.sp - -.sp -.ne 2 -.na -\fB\fBA\fR\fInumber\fR\fB\en\fR\fR -.ad -.RS 14n -where \fInumber\fR is an \fBASCII\fR representation of a decimal number. -.RE - -.sp -.LP -Unsuccessful commands are responded to with: -.sp -.ne 2 -.na -\fB\fBE\fR\fIerror-number\fR\fB\en\fR\fIerror-message\fR\fB\en\fR\fR -.ad -.sp .6 -.RS 4n -where \fIerror-number\fR is one of the possible error numbers described in -\fBIntro\fR(3), and \fIerror-message\fR is the corresponding error string as -printed from a call to \fBperror\fR(3C). -.RE - -.sp -.LP - The protocol consists of the following commands: -.sp -.ne 2 -.na -\fB\fBS\en\fR\fR -.ad -.RS 25n -Return the status of the open device, as obtained with a \fBMTIOCGET\fR -\fBioctl\fR call. If the operation was successful, an "ack" is sent with the -size of the status buffer, then the status buffer is sent (in binary). -.RE - -.sp -.ne 2 -.na -\fB\fBC\fR\fIdevice\fR\fB\en\fR\fR -.ad -.RS 25n -Close the currently open device. The \fIdevice\fR specified is ignored. -.RE - -.sp -.ne 2 -.na -\fB\fBI\fR\fIoperation\fR\fB\en\fR\fIcount\fR\fB\en\fR\fR -.ad -.RS 25n -Perform a \fBMTIOCOP\fR \fBioctl\fR(2) command using the specified parameters. -The parameters are interpreted as the \fBASCII\fR representations of the -decimal values to place in the \fImt_op\fR and \fImt_count\fR fields of the -structure used in the \fBioctl\fR call. When the operation is successful the -return value is the \fIcount\fR parameter. -.RE - -.sp -.ne 2 -.na -\fB\fBL\fR\fIoffset\fR\fB\en\fR\fBwhence\fR\fB\en\fR\fR -.ad -.RS 25n -Perform an \fBlseek\fR(2) operation using the specified parameters. The -response value is returned from the \fBlseek\fR call. -.RE - -.sp -.ne 2 -.na -\fB\fBO\fR\fIdevice\fR\fB\en\fR\fImode\fR\fB\en\fR\fR -.ad -.RS 25n -Open the specified \fIdevice\fR using the indicated \fImode\fR. \fIdevice\fR is -a full pathname, and \fImode\fR is an \fBASCII\fR representation of a decimal -number suitable for passing to \fBopen\fR(9E). If a device is already open, it -is closed before a new open is performed. -.RE - -.sp -.ne 2 -.na -\fB\fBR\fR\fIcount\fR\fB\en\fR\fR -.ad -.RS 25n -Read \fIcount\fR bytes of data from the open device. \fBrmt\fR performs the -requested \fBread\fR(9E) and responds with \fBA\fR\fIcount-read\en\fR if the -read was successful; otherwise an error in standard format is returned. If the -read was successful, the data read is sent. -.RE - -.sp -.ne 2 -.na -\fB\fBW\fR\fIcount\fR\fB\en\fR\fR -.ad -.RS 25n -Write data onto the open device. \fBrmt\fR reads \fIcount\fR bytes from the -connection, aborting if a premature \fBEOF\fR is encountered. The response -value is returned from the \fBwrite\fR(9E) call. -.RE - -.sp -.LP -Any other command causes \fBrmt\fR to exit. -.SH SEE ALSO -.LP -\fBufsdump\fR(1M), \fBufsrestore\fR(1M), \fBIntro\fR(3), \fBioctl\fR(2), -\fBlseek\fR(2), \fBperror \fR(3C), \fBrcmd\fR(3SOCKET), \fBrexec\fR(3SOCKET), -\fBattributes\fR(5), \fBmtio\fR(7I), \fBopen\fR(9E), \fBread\fR(9E), -\fBwrite\fR(9E) -.SH DIAGNOSTICS -.LP -All responses are of the form described above. -.SH BUGS -.LP -Do not use this for a remote file access protocol. diff --git a/share/man/man1m/ufsdump.1m b/share/man/man1m/ufsdump.1m index 10303c00f3..7765e3a5fd 100644 --- a/share/man/man1m/ufsdump.1m +++ b/share/man/man1m/ufsdump.1m @@ -168,17 +168,6 @@ Diskette. Dump to diskette. Dump file. Use \fIdump_file\fR as the file to dump to, instead of \fB/dev/rmt/0\fR. If \fIdump_file\fR is specified as \fB\(mi\fR, dump to standard output. -.sp -If the name of the file is of the form \fImachine\fR\fB:\fR\fIdevice,\fR the -dump is done from the specified machine over the network using \fBrmt\fR(1M). -Since \fBufsdump\fR is normally run by root, the name of the local machine must -appear in the \fB/.rhosts\fR file of the remote machine. If the file is -specified as \fIuser\fR\fB@\fR\fImachine\fR\fB:\fR\fIdevice,\fR \fBufsdump\fR -will attempt to execute as the specified user on the remote machine. The -specified user must have a \fB\&.rhosts\fR file on the remote machine that -allows the user invoking the command from the local machine to access the -remote machine. -.RE .sp .ne 2 @@ -550,16 +539,6 @@ to find group \fBsys\fR .sp .ne 2 .na -\fB\fB/etc/hosts\fR\fR -.ad -.sp .6 -.RS 4n -to gain access to remote system with drive -.RE - -.sp -.ne 2 -.na \fB\fB/etc/vfstab\fR\fR .ad .sp .6 diff --git a/share/man/man1m/ufsrestore.1m b/share/man/man1m/ufsrestore.1m index 22a74d6ecd..f5e9fb9c3d 100644 --- a/share/man/man1m/ufsrestore.1m +++ b/share/man/man1m/ufsrestore.1m @@ -199,17 +199,6 @@ example# ufsdump 0f \(mi /dev/rdsk/c0t0d0s7 \e .in -2 .sp -If the name of the file is of the form \fImachine\fR\fB:\fR\fIdevice\fR, the -restore is done from the specified machine over the network using -\fBrmt\fR(1M). Since \fBufsrestore\fR is normally run by root, the name of the -local machine must appear in the \fB/.rhosts\fR file of the remote machine. If -the file is specified as \fIuser\fR\fB@\fR\fImachine\fR\fB:\fR\fIdevice\fR, -\fBufsrestore\fR will attempt to execute as the specified user on the remote -machine. The specified user must have a \fB\&.rhosts\fR file on the remote -machine that allows the user invoking the command from the local machine to -access the remote machine. -.RE - .sp .ne 2 .na diff --git a/share/man/man3lib/libpam.3lib b/share/man/man3lib/libpam.3lib index 4de65a5f31..fc05a48232 100644 --- a/share/man/man3lib/libpam.3lib +++ b/share/man/man3lib/libpam.3lib @@ -75,16 +75,6 @@ authentication management \fBPAM\fR module for dialups .sp .ne 2 .na -\fB\fB/usr/lib/security/pam_rhosts_auth.so.1\fR\fR -.ad -.sp .6 -.RS 4n -authentication management \fBPAM\fR modules that use \fBruserok()\fR -.RE - -.sp -.ne 2 -.na \fB\fB/usr/lib/security/pam_sample.so.1\fR\fR .ad .sp .6 @@ -114,7 +104,7 @@ MT Level MT-Safe with exceptions \fBpvs\fR(1), \fBIntro\fR(3), \fBpam\fR(3PAM), \fBpam.conf\fR(4), \fBattributes\fR(5), \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dial_auth\fR(5), \fBpam_dhkeys\fR(5), -\fBpam_passwd_auth\fR(5), \fBpam_rhosts_auth\fR(5), \fBpam_sample\fR(5), +\fBpam_passwd_auth\fR(5), \fBpam_sample\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), \fBpam_unix_session\fR(5) .SH NOTES .sp diff --git a/share/man/man3socket/Makefile b/share/man/man3socket/Makefile index 40d9f01187..7bbba0ebb0 100644 --- a/share/man/man3socket/Makefile +++ b/share/man/man3socket/Makefile @@ -12,8 +12,6 @@ MAN = byteorder.3socket \ inet.3socket \ inet6_opt.3socket \ inet6_rth.3socket \ - rcmd.3socket \ - rexec.3socket \ sctp_bindx.3socket \ sctp_getladdrs.3socket \ sctp_getpaddrs.3socket \ diff --git a/share/man/man3socket/rcmd.3socket b/share/man/man3socket/rcmd.3socket deleted file mode 100644 index 0f9d6d7b60..0000000000 --- a/share/man/man3socket/rcmd.3socket +++ /dev/null @@ -1,173 +0,0 @@ -'\" te -.\" Copyright (c) 1983 Regents of the University of California. All rights reserved. The Berkeley software License Agreement specifies the terms and conditions for redistribution. -.\" Copyright (C) 2004, Sun Microsystems, Inc. All Rights Reserved -.TH RCMD 3SOCKET "Feb 10, 2004" -.SH NAME -rcmd, rcmd_af, rresvport, rresvport_af, ruserok \- routines for returning a -stream to a remote command -.SH SYNOPSIS -.LP -.nf -\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR... [ \fIlibrary\fR... ] -#include -#include - -\fBint\fR \fBrcmd\fR(\fBchar **\fR\fIahost\fR, \fBunsigned short\fR \fIinport\fR, \fBconst char *\fR\fIluser\fR, - \fBconst char *\fR\fIruser\fR, \fBconst char *\fR\fIcmd\fR, \fBint *\fR\fIfd2p\fR); -.fi - -.LP -.nf -\fBint\fR \fBrcmd_af\fR(\fBchar **\fR\fIahost\fR, \fBunsigned short\fR \fIinport\fR, \fBconst char *\fR\fIluser\fR, - \fBconst char *\fR\fIruser\fR, \fBconst char *\fR\fIcmd\fR, \fBint *\fR\fIfd2p\fR, \fBint\fR \fIaf\fR); -.fi - -.LP -.nf -\fBint\fR \fBrresvport\fR(\fBint *\fR\fIport\fR); -.fi - -.LP -.nf -\fBint\fR \fBrresvport_af\fR(\fBint *\fR\fIport\fR, \fBint\fR \fIaf\fR); -.fi - -.LP -.nf -\fBint\fR \fBruserok\fR(\fBconst char *\fR\fIrhost\fR, \fBint\fR \fIsuser\fR, \fBconst char *\fR\fIruser\fR, - \fBconst char *\fR\fIluser\fR); -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBrcmd()\fR function is used by the superuser to execute a command on a -remote machine with an authentication scheme based on reserved port numbers. An -\fBAF_INET\fR socket is returned with \fBrcmd()\fR. The \fBrcmd_af()\fR -function supports \fBAF_INET\fR, \fBAF_INET6\fR or \fBAF_UNSPEC\fR for the -address family. An application can choose which type of socket is returned by -passing \fBAF_INET\fR or \fBAF_INET6\fR as the address family. The use of -\fBAF_UNSPEC\fR means that the caller will accept any address family. Choosing -\fBAF_UNSPEC\fR provides a socket that best suits the connectivity to the -remote host. -.sp -.LP -The \fBrresvport()\fR function returns a descriptor to a socket with an address -in the privileged port space. The \fBrresvport_af()\fR function is the -equivalent to \fBrresvport()\fR, except that you can choose \fBAF_INET\fR or -\fBAF_INET6\fR as the socket address family to be returned by -\fBrresvport_af()\fR. \fBAF_UNSPEC\fR does not apply to the \fBrresvport()\fR -function. -.sp -.LP -The \fBruserok()\fR function is a routine used by servers to authenticate -clients that request as service with \fBrcmd\fR. -.sp -.LP -All of these functions are present in the same file and are used by the -\fBin.rshd\fR(1M) server among others. -.sp -.LP -The \fBrcmd()\fR and \fBrcmd_af()\fR functions look up the host \fI*ahost\fR -using \fBgetaddrinfo\fR(3SOCKET) and return \fB\(mi1\fR if the host does not -exist. Otherwise, *\fIahost\fR is set to the standard name of the host and a -connection is established to a server residing at the Internet port -\fIinport\fR. -.sp -.LP -If the connection succeeds, a socket in the Internet domain of type -\fBSOCK_STREAM\fR is returned to the caller. The socket is given to the remote -command as standard input (file descriptor 0) and standard output (file -descriptor 1). If \fIfd2p\fR is non-zero, an auxiliary channel to a control -process is set up and a descriptor for it is placed in \fI*fd2p\fR. The control -process returns diagnostic output file (descriptor 2) from the command on the -auxiliary channel. The control process also accepts bytes on this channel as -signal numbers to be forwarded to the process group of the command. If -\fIfd2p\fR is 0, the standard error (file descriptor 2) of the remote command -is made the same as its standard output. No provision is made for sending -arbitrary signals to the remote process, other than possibly sending -out-of-band data. -.sp -.LP -The protocol is described in detail in \fBin.rshd\fR(1M). -.sp -.LP -The \fBrresvport()\fR and \fBrresvport_af()\fR functions are used to obtain a -socket bound to a privileged port number. The socket is suitable for use by -\fBrcmd()\fR and \fBrresvport_af()\fR and several other routines. Privileged -Internet ports are those in the range 1 to 1023. Only the superuser is allowed -to bind a socket to a privileged port number. The application must pass in -\fIport\fR, which must be in the range 512 to 1023. The system first tries to -bind to that port number. If it fails, the system then tries to bind to -another unused privileged port, if one is available. -.sp -.LP -The \fBruserok()\fR function takes a remote host name returned by the -\fBgethostbyaddr()\fR function with two user names and a flag to indicate -whether the local user's name is that of the superuser. See -\fBgethostbyname\fR(3NSL). The \fBruserok()\fR function then checks the files -\fB/etc/hosts.equiv\fR and possibly \fB\&.rhosts\fR in the local user's home -directory to see if the request for service is allowed. A \fB0\fR value is -returned if the machine name is listed in the \fB/etc/hosts.equiv\fR file, or -if the host and remote user name are found in the \fB\&.rhosts\fR file. -Otherwise, the \fBruserok()\fR function returns \fB\(mi1\fR\&. If the superuser -flag is \fB1\fR, the \fB/etc/hosts.equiv\fR is not checked. -.sp -.LP -The error code \fBEAGAIN\fR is overloaded to mean "All network ports in use." -.SH RETURN VALUES -.sp -.LP -The \fBrcmd()\fR and \fBrcmd_af()\fR functions return a valid socket descriptor -upon success. The functions returns \fB\(mi1\fR upon error and print a -diagnostic message to standard error. -.sp -.LP -The \fBrresvport()\fR and \fBrresvport_af()\fR functions return a valid, bound -socket descriptor upon success. The functions return \fB\(mi1\fR upon error -with the global value \fIerrno\fR set according to the reason for failure. -.SH FILES -.sp -.ne 2 -.na -\fB\fB/etc/hosts.equiv\fR\fR -.ad -.RS 20n -system trusted hosts and users -.RE - -.sp -.ne 2 -.na -\fB\fB~/.rhosts\fR\fR -.ad -.RS 20n -user's trusted hosts and users -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -MT-Level Unsafe -.TE - -.sp -.LP -This interface is Unsafe in multithreaded applications. Unsafe interfaces -should be called only from the main thread. -.SH SEE ALSO -.sp -.LP -\fBrlogin\fR(1), \fBrsh\fR(1), \fBin.rexecd\fR(1M), \fBin.rshd\fR(1M), -\fBIntro\fR(2), \fBgetaddrinfo\fR(3SOCKET), \fBgethostbyname\fR(3NSL), -\fBrexec\fR(3SOCKET), \fBattributes\fR(5) diff --git a/share/man/man3socket/rexec.3socket b/share/man/man3socket/rexec.3socket deleted file mode 100644 index bbebf7b7fb..0000000000 --- a/share/man/man3socket/rexec.3socket +++ /dev/null @@ -1,110 +0,0 @@ -'\" te -.\" Copyright 1989 AT&T -.\" Copyright (C) 2004, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH REXEC 3SOCKET "Feb 10, 2004" -.SH NAME -rexec, rexec_af \- return stream to a remote command -.SH SYNOPSIS -.LP -.nf -\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR... [ \fIlibrary\fR... ] -#include -#include - -\fBint\fR \fBrexec\fR(\fBchar **\fR\fIahost\fR, \fBunsigned short\fR \fIinport\fR, \fBconst char *\fR\fIuser\fR, - \fBconst char *\fR\fIpasswd\fR, \fBconst char *\fR\fIcmd\fR, \fBint *\fR\fIfd2p\fR); -.fi - -.LP -.nf -\fBint\fR \fBrexec_af\fR(\fBchar **\fR\fIahost\fR, \fBunsigned short\fR \fIinport\fR, \fBconst char *\fR\fIuser\fR, - \fBconst char *\fR\fIpasswd\fR, \fBconst char *\fR\fIcmd\fR, \fBint *\fR\fIfd2p\fR, \fBint\fR \fIaf\fR); -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBrexec()\fR and \fBrexec_af()\fR functions look up the host \fIahost\fR -using \fBgetaddrinfo\fR(3SOCKET) and return \fB\(mi1\fR if the host does not -exist. Otherwise \fIahost\fR is set to the standard name of the host. The -username and password are used in remote host authentication. When a username -and password are not specified, the \fB\&.netrc\fR file in the user's home -directory is searched for the appropriate information. If the search fails, the -user is prompted for the information. -.sp -.LP -The \fBrexec()\fR function always returns a socket of the \fBAF_INET\fR address -family. The \fBrexec_af()\fR function supports \fBAF_INET\fR, \fBAF_INET6\fR, -or \fBAF_UNSPEC\fR for the address family. An application can choose which type -of socket is returned by passing \fBAF_INET\fR or \fBAF_INET6\fR as the address -family. The use of \fBAF_UNSPEC\fR means that the caller will accept any -address family. Choosing \fBAF_UNSPEC\fR provides a socket that best suits the -connectivity to the remote host. -.sp -.LP -The port \fIinport\fR specifies which \fBDARPA\fR Internet port to use for the -connection. The port number used must be in network byte order, as supplied by -a call to \fBhtons\fR(3XNET). The protocol for connection is described in -detail in \fBin.rexecd\fR(1M). -.sp -.LP -If the call succeeds, a socket of type \fBSOCK_STREAM\fR is returned to the -caller, and given to the remote command as its standard input and standard -output. If \fIfd2p\fR is non-zero, an auxiliary channel to a control process is -set up and a file descriptor for it is placed in *\fIfd2p\fR. The control -process returns diagnostic output (file descriptor 2), from the command on the -auxiliary channel. The control process also accepts bytes on this channel as -signal numbers to be forwarded to the process group of the command. If -\fIfd2p\fR is 0, the standard error (file descriptor 2) of the remote command -is made the same as its standard output. No provision is made for sending -arbitrary signals to the remote process, other than possibly sending -out-of-band data. -.sp -.LP -There is no way to specify options to the \fBsocket()\fR call made by the -\fBrexec()\fR or \fBrexec_af()\fRfunctions. -.SH RETURN VALUES -.sp -.LP -If \fBrexec()\fR succeeds, a file descriptor number is returned of the socket -type \fBSOCK_STREAM\fR and the address family \fBAF_INET\fR. The parameter -*\fIahost\fR is set to the standard name of the host. If the value of -\fIfd2p\fR is other than \fBNULL\fR, a file descriptor number is placed in -*\fIfd2p\fR which represents the standard error stream of the command. -.sp -.LP -If \fBrexec_af()\fR succeeds, the routine returns a file descriptor number of -the socket type \fBSOCK_STREAM\fR in the address family \fBAF_INET\fR or -\fBAF_INET6\fR, as determined by the value of the \fIaf\fR parameter. -.sp -.LP -If either \fBrexec()\fR or \fBrexec_af()\fR fails, \fB\(mi1\fR is returned. -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -MT-Level Unsafe -.TE - -.sp -.LP -This interface is Unsafe in multithreaded applications. Unsafe interfaces -should be called only from the main thread. -.SH SEE ALSO -.sp -.LP -\fBin.rexecd\fR(1M), \fBgetaddrinfo\fR(3SOCKET), \fBgethostbyname\fR(3NSL), -\fBgetservbyname\fR(3SOCKET), \fBhtonl\fR(3XNET), \fBsocket\fR(3SOCKET), -\fBattributes\fR(5) diff --git a/share/man/man4/pam.conf.4 b/share/man/man4/pam.conf.4 index e14d504658..274f20358c 100644 --- a/share/man/man4/pam.conf.4 +++ b/share/man/man4/pam.conf.4 @@ -120,8 +120,7 @@ other password required pam_authtok_store.so.1 .sp .LP -\fIservice_name\fR denotes the service (for example, \fBlogin\fR, -\fBdtlogin\fR, or \fBrlogin\fR). +\fIservice_name\fR denotes the service (for example, \fBlogin\fR). .sp .LP The keyword, "\fBother\fR," indicates the module that all other applications @@ -267,8 +266,8 @@ system administrator may enter system maintenance mode to correct or restore the file. .sp .LP -The following is a sample configuration file that stacks the \fBsu\fR, -\fBlogin\fR, and \fBrlogin\fR services. +The following is a sample configuration file that stacks the \fBsu\fR and +\fBlogin\fR services. .sp .in +2 .nf @@ -282,11 +281,6 @@ login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 login auth optional pam_inhouse.so.1 - -rlogin auth sufficient pam_rhosts_auth.so.1 -rlogin auth requisite pam_authtok_get.so.1 -rlogin auth required pam_dhkeys.so.1 -rlogin auth required pam_unix_auth.so.1 .fi .in -2 @@ -312,15 +306,6 @@ even if \fBinhouse\fR authentication fails, assuming the modules stacked above succeeded. .sp .LP -In the case of \fBrlogin\fR, the \fBsufficient\fR keyword for -\fIcontrol_flag\fR specifies that if the \fBrhosts\fR authentication check -succeeds, then \fBPAM\fR should return success to \fBrlogin\fR and \fBrlogin\fR -should not prompt the user for a password. The other authentication modules, -which are in the stack, will only be invoked if the \fBrhosts\fR check fails. -This gives the system administrator the flexibility to determine if -\fBrhosts\fR alone is sufficient enough to authenticate a remote user. -.sp -.LP Some modules return \fBPAM_IGNORE\fR in certain situations. In these cases the \fBPAM\fR framework ignores the entire entry in \fBpam.conf\fR regardless of whether or not it is \fBbinding\fR, \fBrequisite\fR, \fBrequired\fR, @@ -415,11 +400,6 @@ The \fBpam.conf\fR file and consists of: login auth include unix_common login auth required pam_dial_auth.so.1 # -# rlogin service (explicit because of pam_rhost_auth) -# -rlogin auth sufficient pam_rhosts_auth.so.1 -rlogin auth include unix_common -# # Default definitions for Authentication management # Used when service name is not explicitly mentioned # @@ -463,8 +443,8 @@ Interface Stability See Below. The format is Stable. The contents has no stability attributes. .SH SEE ALSO .LP -\fBlogin\fR(1), \fBpasswd\fR(1), \fBin.rlogind\fR(1M), -\fBin.rshd\fR(1M), \fBin.telnetd\fR(1M), \fBin.uucpd\fR(1M), \fBinit\fR(1M), +\fBlogin\fR(1), \fBpasswd\fR(1), +\fBin.telnetd\fR(1M), \fBin.uucpd\fR(1M), \fBinit\fR(1M), \fBsac\fR(1M), \fBttymon\fR(1M), \fBsu\fR(1M), \fBpam\fR(3PAM), \fBsyslog\fR(3C), \fBlibpam\fR(3LIB), \fBattributes\fR(5), \fBenviron\fR(5), \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5), diff --git a/share/man/man5/Makefile b/share/man/man5/Makefile index b61a1f7f79..a854bcf42d 100644 --- a/share/man/man5/Makefile +++ b/share/man/man5/Makefile @@ -63,7 +63,6 @@ MAN = Intro.5 \ pam_ldap.5 \ pam_list.5 \ pam_passwd_auth.5 \ - pam_rhosts_auth.5 \ pam_roles.5 \ pam_sample.5 \ pam_smb_passwd.5 \ diff --git a/share/man/man5/pam_rhosts_auth.5 b/share/man/man5/pam_rhosts_auth.5 deleted file mode 100644 index c568c1ab4c..0000000000 --- a/share/man/man5/pam_rhosts_auth.5 +++ /dev/null @@ -1,67 +0,0 @@ -'\" te -.\" Copyright (c) 1995, Sun Microsystems, Inc. -.\" All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH PAM_RHOSTS_AUTH 5 "Oct 28, 1996" -.SH NAME -pam_rhosts_auth \- authentication management PAM module using ruserok() -.SH SYNOPSIS -.LP -.nf -\fB/usr/lib/security/pam_rhosts_auth.so.1\fR -.fi - -.SH DESCRIPTION -.sp -.LP -The rhosts \fBPAM\fR module, \fB/usr/lib/security/pam_rhosts_auth.so.1\fR, -authenticates a user via the \fBrlogin\fR authentication protocol. Only -\fBpam_sm_authenticate()\fR is implemented within this module. -\fBpam_sm_authenticate()\fR uses the \fBruserok\fR(3SOCKET) library function to -authenticate the \fBrlogin\fR or \fBrsh\fR user. \fBpam_sm_setcred()\fR is a -null function. -.sp -.LP -\fB/usr/lib/security/pam_rhosts_auth.so.1\fR is designed to be stacked on top -of the \fB/usr/lib/security/pam_unix.so.1\fR module for both the \fBrlogin\fR -and \fBrsh\fR services. This module is normally configured as \fIsufficient\fR -so that subsequent authentication is performed only on failure of -\fBpam_sm_authenticate()\fR. The following option may be passed in to this -service module: -.sp -.ne 2 -.na -\fB\fBdebug\fR \fR -.ad -.RS 10n -\fBsyslog\fR(3C) debugging information at \fBLOG_DEBUG\fR level. -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -MT Level MT-Safe with exceptions -.TE - -.SH SEE ALSO -.sp -.LP -\fBpam\fR(3PAM), \fBpam_authenticate\fR(3PAM), \fBruserok\fR(3SOCKET), -\fBsyslog\fR(3C), \fBlibpam\fR(3LIB), \fBpam.conf\fR(4), \fBattributes\fR(5) -.SH NOTES -.sp -.LP -The interfaces in \fBlibpam()\fR are MT-Safe only if each thread within the -multi-threaded application uses its own \fBPAM\fR handle. diff --git a/usr/src/cmd/Makefile b/usr/src/cmd/Makefile index 936e43b7e0..a4e96fda53 100644 --- a/usr/src/cmd/Makefile +++ b/usr/src/cmd/Makefile @@ -327,7 +327,6 @@ COMMON_SUBDIRS= \ rmdir \ rmformat \ rmmount \ - rmt \ rmvolmgr \ roles \ rpcbind \ diff --git a/usr/src/cmd/auditrecord/audit_record_attr.txt b/usr/src/cmd/auditrecord/audit_record_attr.txt index e0667127a2..1a678288f6 100644 --- a/usr/src/cmd/auditrecord/audit_record_attr.txt +++ b/usr/src/cmd/auditrecord/audit_record_attr.txt @@ -2296,37 +2296,6 @@ label=AUE_reboot_solaris # subject,tuser1,root,other,root,other,10422,497,0 0 tmach2 # return,success,0 -label=AUE_rexd - program=/usr/sbin/rpc.rexd - title=rpc.rexd - format=[text]1:text2:text3:[text]4:[text]5 - comment=error message (failure only): - comment="Remote execution requested by:" hostname: - comment="Username:" username: - comment="User id:" user ID (failure only): - comment="Command line:" command attempted -# See audit_rexd.c - -label=AUE_rexecd - program=/usr/sbin/rpc.rexecd - title=rpc.rexecd - format=[text]1:text2:text3:text4 - comment=error message (failure only): - comment="Remote execution requested by:" hostname: - comment="Username:" username: - comment="Command line:" command attempted -# See audit_rexecd.c - -label=AUE_rshd - program=/usr/sbin/in.rshd - title=in.rshd - format=text1:text2:[text]3:[text]4 - comment="cmd" command: - comment="remote user" remote user: - comment="local user" local user: - comment=failure message -# See audit_rshd.c - label=AUE_shutdown_solaris title=shutdown program=/usr/ucb/shutdown diff --git a/usr/src/cmd/backup/dump/Makefile b/usr/src/cmd/backup/dump/Makefile index 8f2e5c1305..dc83dcdc5a 100644 --- a/usr/src/cmd/backup/dump/Makefile +++ b/usr/src/cmd/backup/dump/Makefile @@ -57,7 +57,7 @@ ROLLPOFILES= roll_log.po HEADERS= ../../../../../include/protocols/dumprestore.h \ ../../fs.d/ufs/roll_log/roll_log.h ../include/byteorder.h \ ../include/memutils.h \ - ../include/rmt.h dump.h dumpusg.h + dump.h dumpusg.h CLOBBERFILES += $(PRODUCT) $(DEBUGPRODUCTS) dumpdates diff --git a/usr/src/cmd/backup/dump/dump.h b/usr/src/cmd/backup/dump/dump.h index ff410f67cd..2ed5638a9c 100644 --- a/usr/src/cmd/backup/dump/dump.h +++ b/usr/src/cmd/backup/dump/dump.h @@ -109,7 +109,6 @@ char *disk; /* name of the disk file */ char *dname; /* name to put in /etc/dumpdates */ int disk_dynamic; /* true if disk refers to dynamic storage */ char *tape; /* name of the tape file */ -char *host; /* name of the remote tape host (may be "user@host") */ char *dumpdev; /* hostname:device for current volume */ char *sdumpdev; /* short form of dumpdev (no user name if remote) */ char *increm; /* name of file containing incremental information */ diff --git a/usr/src/cmd/backup/dump/dumpmain.c b/usr/src/cmd/backup/dump/dumpmain.c index f3453b61f3..b1d816f4b6 100644 --- a/usr/src/cmd/backup/dump/dumpmain.c +++ b/usr/src/cmd/backup/dump/dumpmain.c @@ -34,7 +34,6 @@ */ #include "dump.h" -#include #include #include #include @@ -93,8 +92,6 @@ main(int argc, char *argv[]) int32_t new_mult = 0; time32_t snapdate; - host = NULL; - if (myname = strrchr(argv[0], '/')) myname++; else @@ -568,20 +565,6 @@ main(int argc, char *argv[]) if (cartridge) tsize *= tracks; } - rmtinit(msg, Exit); - if (host) { - char *cp = strchr(host, '@'); - if (cp == NULL) - cp = host; - else - cp++; - - if (rmthost(host, ntrec) == 0) { - msg(gettext("Cannot connect to tape host `%s'\n"), cp); - dumpabort(); - /*NOTREACHED*/ - } - } if (signal(SIGHUP, sigAbort) == SIG_IGN) (void) signal(SIGHUP, SIG_IGN); if (signal(SIGTRAP, sigAbort) == SIG_IGN) diff --git a/usr/src/cmd/backup/dump/dumptape.c b/usr/src/cmd/backup/dump/dumptape.c index 06f8a94c32..6d0a63fe80 100644 --- a/usr/src/cmd/backup/dump/dumptape.c +++ b/usr/src/cmd/backup/dump/dumptape.c @@ -32,9 +32,9 @@ */ #include "dump.h" -#include #include #include +#include #include #include #include @@ -1032,25 +1032,7 @@ nextdevice() { char *cp; - if (host != NULL) /* we set the host only once in ufsdump */ - return; - - host = NULL; - if (strchr(tape, ':')) { - if (diskette) { - msg(gettext("Cannot do remote dump to diskette\n")); - Exit(X_ABORT); - } - host = tape; - tape = strchr(host, ':'); - *tape++ = 0; - cp = strchr(host, '@'); /* user@host? */ - if (cp != NULL) - cp++; - else - cp = host; - } else - cp = spcl.c_host; + cp = spcl.c_host; /* * dumpdev is provided for use in prompts and is of * the form: @@ -1090,34 +1072,14 @@ isrewind(int f) int unit; int rewind; - if (host) { - c = strrchr(tape, '/'); - if (c == NULL) - c = tape; - else - c++; - /* - * If the last component begins or ends with an 'n', it is - * assumed to be a non-rewind device. - */ - if (c[0] == 'n' || c[strlen(c)-1] == 'n') - rewind = 0; - else if ((strstr(tape, "mt") || strstr(tape, "st")) && - sscanf(tape, "%*[a-zA-Z/]%d", &unit) == 1 && - (unit & MT_NOREWIND)) - rewind = 0; - else - rewind = 1; - } else { - if (fstat64(f, &sbuf) < 0) { - msg(gettext( - "Cannot obtain status of output device `%s'\n"), - tape); - dumpabort(); - /*NOTREACHED*/ - } - rewind = minor(sbuf.st_rdev) & MT_NOREWIND ? 0 : 1; + if (fstat64(f, &sbuf) < 0) { + msg(gettext( + "Cannot obtain status of output device `%s'\n"), + tape); + dumpabort(); + /*NOTREACHED*/ } + rewind = minor(sbuf.st_rdev) & MT_NOREWIND ? 0 : 1; return (rewind); } @@ -1153,19 +1115,13 @@ just_rewind() * Space to the end of the tape. * Backup first in case we already read the EOF. */ - if (host) { - (void) rmtioctl(MTBSR, 1); - if (rmtioctl(MTEOM, 1) < 0) - (void) rmtioctl(MTFSF, 1); - } else { - static struct mtop bsr = { MTBSR, 1 }; - static struct mtop eom = { MTEOM, 1 }; - static struct mtop fsf = { MTFSF, 1 }; + static struct mtop bsr = { MTBSR, 1 }; + static struct mtop eom = { MTEOM, 1 }; + static struct mtop fsf = { MTFSF, 1 }; - (void) ioctl(to, MTIOCTOP, &bsr); - if (ioctl(to, MTIOCTOP, &eom) < 0) - (void) ioctl(to, MTIOCTOP, &fsf); - } + (void) ioctl(to, MTIOCTOP, &bsr); + if (ioctl(to, MTIOCTOP, &eom) < 0) + (void) ioctl(to, MTIOCTOP, &fsf); } /* @@ -1190,12 +1146,7 @@ trewind() close_rewind(); } else { just_rewind(); - if (host) - rmtclose(); - else { - (void) close(to); - to = -1; - } + (void) close(to); } } @@ -1220,21 +1171,15 @@ close_rewind() /* tape is probably rewinding */ msg(rewinding); } - if (host) { - if (offline || autoload) - (void) rmtioctl(MTOFFL, 0); - rmtclose(); - } else { - if (offline || autoload) { - static struct mtop offl = { MTOFFL, 0 }; + if (offline || autoload) { + static struct mtop offl = { MTOFFL, 0 }; - (void) ioctl(to, MTIOCTOP, &offl); - if (diskette) - (void) ioctl(to, FDEJECT, 0); - } - (void) close(to); - to = -1; + (void) ioctl(to, MTIOCTOP, &offl); + if (diskette) + (void) ioctl(to, FDEJECT, 0); } + (void) close(to); + to = -1; } void @@ -1253,23 +1198,6 @@ changevol() filenum = 1; nextdevice(); (void) strcpy(spcl.c_label, tlabel); - if (host) { - char *rhost = host; - char *cp = strchr(host, '@'); - if (cp == NULL) - cp = host; - else - cp++; - - if (rmthost(rhost, ntrec) == 0) { - msg(gettext("Cannot connect to tape host `%s'\n"), cp); - dumpabort(); - /*NOTREACHED*/ - } - if (rhost != host) - free(rhost); - } - /* * Make volume switching as automatic as possible * while avoiding overwriting volumes. We will @@ -1303,22 +1231,15 @@ changevol() * Exabyte 8200 under 2.7 on an Ultra 2). */ for (tries = 0; tries < autoload_tries; tries++) { - if (host) { - if (rmtopen(tape, O_RDONLY) >= 0) { - rmtclose(); - return; - } - } else { - int f, m; - - m = (access(tape, F_OK) == 0) ? 0 : O_CREAT; - if ((f = doingverify ? - safe_device_open(tape, O_RDONLY, 0600) : - safe_device_open(tape, O_RDONLY|m, 0600)) - >= 0) { - (void) close(f); - return; - } + int f, m; + + m = (access(tape, F_OK) == 0) ? 0 : O_CREAT; + if ((f = doingverify ? + safe_device_open(tape, O_RDONLY, 0600) : + safe_device_open(tape, O_RDONLY|m, 0600)) + >= 0) { + (void) close(f); + return; } (void) sleep(autoload_period); } @@ -1530,8 +1451,7 @@ restore_check_point: dumpdev); if (doingverify) { /* 1 for stdout */ - while ((to = host ? rmtopen(tape, O_RDONLY) : - pipeout ? 1 : + while ((to = pipeout ? 1 : safe_device_open(tape, O_RDONLY, 0600)) < 0) { perror(tape); if (autoload) { @@ -1555,21 +1475,14 @@ restore_check_point: * reverse direction and one in the forward * direction) before the verify pass. */ - if (host) { - if (rmtioctl(MTBSF, 2) >= 0) - (void) rmtioctl(MTFSF, 1); - else - (void) rmtioctl(MTNBSF, 1); - } else { - static struct mtop bsf = { MTBSF, 2 }; - static struct mtop fsf = { MTFSF, 1 }; - static struct mtop nbsf = { MTNBSF, 1 }; + static struct mtop bsf = { MTBSF, 2 }; + static struct mtop fsf = { MTFSF, 1 }; + static struct mtop nbsf = { MTNBSF, 1 }; - if (ioctl(to, MTIOCTOP, &bsf) >= 0) - (void) ioctl(to, MTIOCTOP, &fsf); - else - (void) ioctl(to, MTIOCTOP, &nbsf); - } + if (ioctl(to, MTIOCTOP, &bsf) >= 0) + (void) ioctl(to, MTIOCTOP, &fsf); + else + (void) ioctl(to, MTIOCTOP, &nbsf); } else { /* * XXX Add logic to test for "tape" being a @@ -1594,8 +1507,8 @@ restore_check_point: (void) sigvec(SIGALRM, &sv, &osv); (void) alarm(15); } - while ((to = host ? rmtopen(tape, O_WRONLY) : - safe_device_open(tape, O_WRONLY, 0600)) < 0) + while ((to = safe_device_open(tape, O_WRONLY, + 0600)) < 0) (void) sleep(10); (void) alarm(0); (void) sigvec(SIGALRM, &osv, @@ -1609,10 +1522,8 @@ restore_check_point: */ if (pipeout) to = 1; - else while ((to = host ? - rmtopen(tape, O_WRONLY) : - safe_device_open(tape, O_WRONLY|m, 0600)) - < 0) + else while ((to = safe_device_open(tape, + O_WRONLY|m, 0600)) < 0) if (!query_once(buf, 1)) { dumpabort(); /*NOTREACHED*/ @@ -1620,8 +1531,7 @@ restore_check_point: } } if (!pipeout) { - tapeout = host ? rmtstatus(&mt) >= 0 : - ioctl(to, MTIOCGET, &mt) >= 0; /* set state */ + tapeout = ioctl(to, MTIOCGET, &mt) >= 0; /* set state */ /* * Make sure the tape is positioned * where it is supposed to be @@ -2074,21 +1984,13 @@ dowrite(int cmd) tp = begin->b_data; (void) sighold(SIGUSR1); - if (host) { - if (!doingverify) - siz = rmtwrite(tp, writesize); - else if ((siz = rmtread(rbuf, writesize)) == - writesize && bcmp(rbuf, tp, writesize)) - siz = -1; - } else { - if (!doingverify) - siz = write(to, tp, writesize); - else if ((siz = read(to, rbuf, writesize)) == - writesize && bcmp(rbuf, tp, writesize)) - siz = -1; - if (siz < 0 && diskette && errno == ENOSPC) - siz = 0; /* really EOF */ - } + if (!doingverify) + siz = write(to, tp, writesize); + else if ((siz = read(to, rbuf, writesize)) == + writesize && bcmp(rbuf, tp, writesize)) + siz = -1; + if (siz < 0 && diskette && errno == ENOSPC) + siz = 0; /* really EOF */ (void) sigrelse(SIGUSR1); if (siz < 0 || (pipeout && siz != writesize)) { @@ -2406,8 +2308,7 @@ positiontape(char *msgbuf) * To avoid writing tape marks at inappropriate places, we open the * device read-only, position it, close it, and reopen it for writing. */ - while ((to = host ? rmtopen(tape, O_RDONLY) : - safe_device_open(tape, O_RDONLY|m, 0600)) < 0) { + while ((to = safe_device_open(tape, O_RDONLY|m, 0600)) < 0) { if (autoload) { if (!query_once(msgbuf, 1)) { dumpabort(); @@ -2421,33 +2322,19 @@ positiontape(char *msgbuf) } } - if (host) { - if (rmtstatus(&mt) >= 0 && - rmtioctl(MTREW, 1) >= 0 && - filenum > 1) { - msg(info, dumpdev, filenum); - if (rmtioctl(MTFSF, filenum-1) < 0) { - msg(fail, filenum); - dumpabort(); - /*NOTREACHED*/ - } - } - rmtclose(); - } else { - if (ioctl(to, MTIOCGET, &mt) >= 0 && - ioctl(to, MTIOCTOP, &rew) >= 0 && - filenum > 1) { - msg(info, dumpdev, filenum); - fsf.mt_count = filenum - 1; - if (ioctl(to, MTIOCTOP, &fsf) < 0) { - msg(fail, filenum); - dumpabort(); - /*NOTREACHED*/ - } + if (ioctl(to, MTIOCGET, &mt) >= 0 && + ioctl(to, MTIOCTOP, &rew) >= 0 && + filenum > 1) { + msg(info, dumpdev, filenum); + fsf.mt_count = filenum - 1; + if (ioctl(to, MTIOCTOP, &fsf) < 0) { + msg(fail, filenum); + dumpabort(); + /*NOTREACHED*/ } - (void) close(to); - to = -1; } + (void) close(to); + to = -1; free(info); free(fail); diff --git a/usr/src/cmd/backup/include/rmt.h b/usr/src/cmd/backup/include/rmt.h deleted file mode 100644 index f8657f3f18..0000000000 --- a/usr/src/cmd/backup/include/rmt.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 1991,1998 by Sun Microsystems, Inc. - * All rights reserved. - */ - -#ifndef _RMT_H -#define _RMT_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef __STDC__ -extern void rmtinit(void (*)(const char *, ...), void (*)(int)); -extern int rmthost(char *, uint_t); -extern int rmtopen(char *, int); -extern void rmtclose(void); -extern int rmtstatus(struct mtget *); -extern int rmtread(char *, uint_t); -extern int rmtwrite(char *, uint_t); -extern int rmtseek(int, int); -extern int rmtioctl(int, long); -#else -extern void rmtinit(); -extern int rmthost(); -extern int rmtopen(); -extern void rmtclose(); -extern int rmtstatus(); -extern int rmtread(); -extern int rmtwrite(); -extern int rmtseek(); -extern int rmtioctl(); -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* _RMT_H */ diff --git a/usr/src/cmd/backup/lib/Makefile b/usr/src/cmd/backup/lib/Makefile index 2cc53d55f4..f6adb0ee08 100644 --- a/usr/src/cmd/backup/lib/Makefile +++ b/usr/src/cmd/backup/lib/Makefile @@ -45,17 +45,16 @@ SRCDIR = . LIBS= $(LIBRARY) HDRS= ../include/byteorder.h \ - ../include/memutils.h ../include/myrcmd.h \ - ../../../../../include/protocols/dumprestore.h \ - ../include/rmt.h + ../include/memutils.h \ + ../../../../../include/protocols/dumprestore.h + YFILE= getdate.y YSRC= getdate.c CLOBBERFILES += $(LIBS) $(GLIB) -LOBJS= rmtlib.o myrcmd.o \ - $(YSRC:%.c=%.o) \ +LOBJS= $(YSRC:%.c=%.o) \ byteorder.o memutils.o $(RPC_CLNT:%.c=%.o) $(RPC_XDR:%.c=%.o) OBJECTS= $(LOBJS) diff --git a/usr/src/cmd/backup/lib/myrcmd.c b/usr/src/cmd/backup/lib/myrcmd.c deleted file mode 100644 index 492245f387..0000000000 --- a/usr/src/cmd/backup/lib/myrcmd.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 1999 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ -/* All Rights Reserved */ - -/* - * Portions of this source code were derived from Berkeley 4.3 BSD - * under license from the Regents of the University of California. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include - -#include - -#define index(s, c) strchr(s, c) -char *strchr(); - -char *inet_ntoa(); - -char myrcmd_stderr[1024]; - -int -myrcmd(char **ahost, unsigned short rport, char *locuser, char *remuser, - char *cmd) -{ - uint_t loclen, remlen, cmdlen; - int s, timo, retval; - int tries = 0; - pid_t pid; - struct sockaddr_in sin; - char c; - int lport; - int saverr; - struct hostent *hp; - sigset_t oldmask; - sigset_t newmask; - struct sigaction oldaction; - struct sigaction newaction; - static struct hostent numhp; - static char numhostname[32]; /* big enough for "255.255.255.255" */ - struct in_addr numaddr; - struct in_addr *numaddrlist[2]; - - myrcmd_stderr[0] = '\0'; /* empty error string */ - pid = getpid(); - hp = gethostbyname(*ahost); - if (hp == 0) { - char *straddr; - - bzero((char *)numaddrlist, sizeof (numaddrlist)); - if ((numaddr.s_addr = inet_addr(*ahost)) == (in_addr_t)-1) { - (void) snprintf(myrcmd_stderr, sizeof (myrcmd_stderr), - gettext("%s: unknown host\n"), *ahost); - return (MYRCMD_NOHOST); - } else { - bzero((char *)&numhp, sizeof (numhp)); - bzero(numhostname, sizeof (numhostname)); - - if ((straddr = inet_ntoa(numaddr)) == NULL) { - (void) snprintf(myrcmd_stderr, - sizeof (myrcmd_stderr), - gettext("%s: unknown host\n"), *ahost); - return (MYRCMD_NOHOST); - } - (void) strncpy(numhostname, straddr, - sizeof (numhostname)); - numhostname[sizeof (numhostname) - 1] = '\0'; - numhp.h_name = numhostname; - numhp.h_addrtype = AF_INET; - numhp.h_length = sizeof (numaddr); - numaddrlist[0] = &numaddr; - numaddrlist[1] = NULL; - numhp.h_addr_list = (char **)numaddrlist; - hp = &numhp; - } - } - *ahost = hp->h_name; - - /* This provides a bounds-test for the bcopy()s below. */ - if ((unsigned)(hp->h_length) > sizeof (sin.sin_addr)) { - (void) snprintf(myrcmd_stderr, sizeof (myrcmd_stderr), - gettext("rcmd: address size: %d larger than limit %d\n"), - hp->h_length, sizeof (sin.sin_addr)); - return (MYRCMD_EBAD); - } - - /* ignore SIGPIPE */ - bzero((char *)&newaction, sizeof (newaction)); - newaction.sa_handler = SIG_IGN; - newaction.sa_flags = SA_ONSTACK; - (void) sigaction(SIGPIPE, &newaction, &oldaction); - - /* block SIGURG */ - bzero((char *)&newmask, sizeof (newmask)); - (void) sigaddset(&newmask, SIGURG); - (void) sigprocmask(SIG_BLOCK, &newmask, &oldmask); -again: - timo = 1; - /* - * Use 0 as lport means that rresvport() will bind to a port in - * the anonymous priviledged port range. - */ - lport = 0; - for (;;) { - s = rresvport(&lport); - if (s < 0) { - int err; - - if (errno == EAGAIN) { - (void) snprintf(myrcmd_stderr, - sizeof (myrcmd_stderr), - gettext("socket: All ports in use\n")); - err = MYRCMD_ENOPORT; - } else { - saverr = errno; - (void) snprintf(myrcmd_stderr, - sizeof (myrcmd_stderr), - gettext("rcmd: socket: %s\n"), - strerror(saverr)); - err = MYRCMD_ENOSOCK; - } - /* restore original SIGPIPE handler */ - (void) sigaction(SIGPIPE, &oldaction, NULL); - - /* restore original signal mask */ - (void) sigprocmask(SIG_SETMASK, &oldmask, NULL); - return (err); - } - /* Can't fail, according to fcntl(2) */ - (void) fcntl(s, F_SETOWN, pid); - sin.sin_family = hp->h_addrtype; - bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr, hp->h_length); - sin.sin_port = rport; - if (connect(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0) - break; - saverr = errno; - (void) close(s); - if (saverr == EADDRINUSE) { - continue; - } - if (saverr == ECONNREFUSED && timo <= 16) { - sleep(timo); - timo *= 2; - continue; - } - if (hp->h_addr_list[1] != NULL) { - saverr = errno; - - fprintf(stderr, - gettext("connect to address %s: "), - inet_ntoa(sin.sin_addr)); - errno = saverr; - perror(0); - hp->h_addr_list++; - bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr, - hp->h_length); - fprintf(stderr, gettext("Trying %s...\n"), - inet_ntoa(sin.sin_addr)); - continue; - } - (void) snprintf(myrcmd_stderr, sizeof (myrcmd_stderr), - "%s: %s\n", hp->h_name, strerror(saverr)); - /* restore original SIGPIPE handler */ - (void) sigaction(SIGPIPE, &oldaction, - NULL); - - /* restore original signal mask */ - (void) sigprocmask(SIG_SETMASK, &oldmask, (sigset_t *)0); - return (MYRCMD_ENOCONNECT); - } - if (write(s, "", 1) < 0) { - (void) close(s); - return (MYRCMD_ENOCONNECT); - } - - loclen = strlen(locuser) + 1; - remlen = strlen(remuser) + 1; - cmdlen = strlen(cmd) + 1; - - if (((retval = write(s, locuser, loclen)) != loclen) || - ((retval = write(s, remuser, remlen)) != remlen) || - ((retval = write(s, cmd, cmdlen)) != cmdlen)) { - if (retval == -1) - (void) snprintf(myrcmd_stderr, sizeof (myrcmd_stderr), - "write: %s\n", strerror(errno)); - else - (void) snprintf(myrcmd_stderr, sizeof (myrcmd_stderr), - gettext("write unexpectedly truncated\n")); - goto bad; - } - retval = read(s, &c, 1); - if (retval != 1) { - if (retval == 0) { - /* - * Solaris 2.0 bug alert. Sometimes, if the - * tapehost is a Solaris 2.0 system, the connection - * will be dropped at this point. Let's try again, - * three times, before we throw in the towel. - */ - if (++tries < 3) { - (void) close(s); - goto again; - } - (void) snprintf(myrcmd_stderr, sizeof (myrcmd_stderr), - gettext("Protocol error, %s closed connection\n"), - *ahost); - } else if (retval < 0) { - (void) snprintf(myrcmd_stderr, sizeof (myrcmd_stderr), - "%s: %s\n", *ahost, strerror(errno)); - } else { - (void) snprintf(myrcmd_stderr, sizeof (myrcmd_stderr), - gettext("Protocol error, %s sent %d bytes\n"), - *ahost, retval); - } - goto bad; - } - if (c != 0) { - char *cp = myrcmd_stderr; - char *ecp = &myrcmd_stderr[sizeof (myrcmd_stderr) - 1]; - - while (read(s, &c, 1) == 1) { - *cp++ = c; - if (c == '\n' || cp >= ecp) - break; - } - *cp = '\0'; - goto bad; - } - /* restore original SIGPIPE handler */ - (void) sigaction(SIGPIPE, &oldaction, NULL); - - /* restore original signal mask */ - (void) sigprocmask(SIG_SETMASK, &oldmask, (sigset_t *)0); - return (s); -bad: - (void) close(s); - /* restore original SIGPIPE handler */ - (void) sigaction(SIGPIPE, &oldaction, NULL); - - /* restore original signal mask */ - (void) sigprocmask(SIG_SETMASK, &oldmask, (sigset_t *)0); - return (MYRCMD_EBAD); -} diff --git a/usr/src/cmd/backup/lib/rmtlib.c b/usr/src/cmd/backup/lib/rmtlib.c deleted file mode 100644 index 56ea7f21a2..0000000000 --- a/usr/src/cmd/backup/lib/rmtlib.c +++ /dev/null @@ -1,541 +0,0 @@ -/*LINTLIBRARY*/ -/*PROTOLIB1*/ -/* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -/* - * Copyright (c) 1980 Regents of the University of California. - * All rights reserved. The Berkeley software License Agreement - * specifies the terms and conditions for redistribution. - */ - -/* line below is from UCB 5.4 12/11/85 */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define sigvec sigaction -#define sv_handler sa_handler - -#include - -extern int32_t tp_bsize; - -#define TS_CLOSED 0 -#define TS_OPEN 1 - -static int rmtstate = TS_CLOSED; -static int rmtape = -1; -static int rmtversion = 0; -static char *rmtpeer, *rmtpeer_malloc; -static uint_t ntrec; /* blocking factor on tape */ - -static char *domainname = "hsm_libdump"; /* for dgettext() */ - -#ifdef __STDC__ -static void rmtmsg(const char *, ...); /* package print routine */ -static void rmtconnaborted(int); -static void rmtgetconn(void); -static int rmtstatus_extended(struct mtget *); -static int rmtioctl_extended(int, long); -static int map_extended_ioctl(int); -static int okname(char *); -static int rmtcall(char *, char *); -static int rmtreply(char *); -static int rmtpush(char *, uint_t); -static void rmtgets(char *, int); - -static void (*print)(const char *, ...); /* print routine */ -static void (*Exit)(int); /* exit routine */ -#else -static void rmtmsg(); -static void rmtconnaborted(); -static void rmtgetconn(); -static int okname(); -static int rmtstatus_extended(); -static int rmtioctl_extended(); -static int map_extended_ioctl(); -static int rmtcall(); -static int rmtreply(); -static int rmtpush(); -static void rmtgets(); - -static void (*print)(); -static void (*Exit)(); -#endif - -/* - * Get a program-specific print and exit routine into - * the package. This is primarily for dump's benefit. - * This routine is optional -- if not called the two - * default to fprintf(stderr) and exit. - */ -#ifdef __STDC__ -void -rmtinit( - void (*errmsg)(const char *, ...), /* print routine */ - void (*errexit)(int)) /* exit routine */ -#else -void -rmtinit(void (*errmsg)(), void (*errexit)()) -#endif -{ - print = errmsg; - Exit = errexit; -} - -int -rmthost(char *host, uint_t blocksize) -{ - struct sigvec sv; - -#ifdef __STDC__ - if (print == (void (*)(const char *, ...))0) -#else - if (print == (void (*)())0) -#endif - print = rmtmsg; -#ifdef __STDC__ - if (Exit == (void (*)(int))0) -#else - if (Exit == (void (*)())0) -#endif - Exit = exit; - if (rmtape >= 0 && rmtstate != TS_OPEN) { - (void) close(rmtape); - rmtape = -1; - } - if (rmtpeer_malloc) - (void) free(rmtpeer_malloc); - rmtpeer = rmtpeer_malloc = strdup(host); - if (rmtpeer == NULL) - return (0); - ntrec = blocksize; - sv.sa_flags = SA_RESTART; - (void) sigemptyset(&sv.sa_mask); - sv.sv_handler = rmtconnaborted; - (void) sigvec(SIGPIPE, &sv, NULL); - rmtgetconn(); - if (rmtape < 0) - return (0); - return (1); -} - -/*ARGSUSED*/ -static void -rmtconnaborted(int sig) -{ - print(dgettext(domainname, "Lost connection to remote host.\n")); - Exit(1); -} - -static void -#ifdef __STDC__ -rmtgetconn(void) -#else -rmtgetconn() -#endif -{ - static struct servent *sp = 0; - static struct passwd *pwd = 0; - char *tuser, *host, *device; - uint_t size; - - if (sp == 0) { - sp = getservbyname("shell", "tcp"); - if (sp == 0) { - print(dgettext(domainname, - "shell/tcp: unknown service\n")); - Exit(1); - } - pwd = getpwuid(getuid()); - if (pwd == 0) { - print(dgettext(domainname, - "Cannot find password entry for uid %d\n"), - getuid()); - Exit(1); - } - } - /* Was strrchr(), be consistent with dump */ - host = strchr(rmtpeer, '@'); - if (host) { - tuser = rmtpeer; - *host++ = 0; - rmtpeer = host; - if (!okname(tuser)) - Exit(1); - } else { - host = rmtpeer; - tuser = pwd->pw_name; - } - /* Was strrchr() - be consistent with dump and restore */ - device = strchr(host, ':'); - if (device) - *device = 0; /* throw away device name */ - /* - * myrcmd() replaces the contents of rmtpeer with a pointer - * to a static copy of the canonical host name. However, - * since we never refer to rmtpeer again (other than to - * overwrite it in the next rmthost() invocation), we don't - * really care. - */ - /* LINTED sp->s_port is an int, even though port numbers are 1..65535 */ - rmtape = myrcmd(&rmtpeer, (ushort_t)sp->s_port, pwd->pw_name, - tuser, "/etc/rmt"); - if (rmtape < 0) { - if (*myrcmd_stderr) - print("%s", myrcmd_stderr); - } else { - size = ntrec * tp_bsize; - while (size > tp_bsize && - setsockopt(rmtape, SOL_SOCKET, SO_SNDBUF, (char *)&size, - sizeof (size)) < 0) - size -= tp_bsize; - } -} - -static int -okname(char *cp0) -{ - char *cp; - uchar_t c; - - for (cp = cp0; *cp; cp++) { - c = (uchar_t)*cp; - if (!isascii(c) || !(isalnum(c) || c == '_' || c == '-')) { - print(dgettext(domainname, - "invalid user name %s\n"), cp0); - return (0); - } - } - return (1); -} - -int -rmtopen(char *tape, int mode) -{ - struct mtget mt; - char buf[256]; - int fd; - - (void) snprintf(buf, sizeof (buf), "O%s\n%d\n", tape, mode); - rmtstate = TS_OPEN; - fd = rmtcall(tape, buf); - if (fd != -1) { - /* see if the rmt server supports the extended protocol */ - rmtversion = rmtioctl(-1, 0); - - /* - * Some rmt daemons apparently close the connection - * when they get a bogus ioctl. See 1210852 (ignore - * the evaluation). Make sure we can still talk to - * the device, re-opening it if necessary. - */ - if (rmtversion < 1) { - if (rmtstatus(&mt) < 0) { - rmtclose(); - rmtgetconn(); - rmtversion = 0; - } - } - } - return (fd); -} - -void -#ifdef __STDC__ -rmtclose(void) -#else -rmtclose() -#endif -{ - if (rmtstate != TS_OPEN) - return; - (void) rmtcall("close", "C\n"); - rmtstate = TS_CLOSED; -} - -int -rmtstatus(struct mtget *mt) -{ - char *buf = (char *)mt; - int n, i, cc; - - if (rmtversion > 0) - return (rmtstatus_extended(mt)); - - n = rmtcall("status", "S"); - if (n < 0) { - return (-1); - } - if ((unsigned)n > sizeof (*mt)) { - print(dgettext(domainname, - "rmtstatus: expected response size %d, got %d\n"), - sizeof (struct mtget), n); - print(dgettext(domainname, - "This means the remote rmt daemon is not compatible.\n")); - rmtconnaborted(0); - } - i = 0; - while (i < n) { - cc = read(rmtape, buf+i, n - i); - if (cc <= 0) - rmtconnaborted(0); - i += cc; - } - return (n); -} - -static int -rmtstatus_extended(struct mtget *mt) -{ - if ((mt->mt_type = rmtcall("status", "sT")) == -1) - return (-1); - mt->mt_dsreg = rmtcall("status", "sD"); - mt->mt_erreg = rmtcall("status", "sE"); - mt->mt_resid = rmtcall("status", "sR"); - mt->mt_fileno = rmtcall("status", "sF"); - mt->mt_blkno = rmtcall("status", "sB"); - mt->mt_flags = rmtcall("status", "sf"); - mt->mt_bf = rmtcall("status", "sb"); - return (0); -} - -int -rmtread(char *buf, uint_t count) -{ - char line[30]; - int n, i, cc; - - (void) snprintf(line, sizeof (line), "R%d\n", count); - n = rmtcall("read", line); - if (n < 0) { - return (-1); - } - if (n > count) { - print(dgettext(domainname, - "rmtread: expected response size %d, got %d\n"), - count, n); - print(dgettext(domainname, - "This means the remote rmt daemon is not compatible.\n")); - rmtconnaborted(0); - } - i = 0; - while (i < n) { - cc = read(rmtape, buf+i, n - i); - if (cc <= 0) - rmtconnaborted(0); - i += cc; - } - return (n); -} - -int -rmtwrite(char *buf, uint_t count) -{ - int retval; - char line[64]; /* numbers can get big */ - - (void) snprintf(line, sizeof (line), "W%d\n", count); - retval = rmtpush(line, strlen(line)); - if (retval <= 0) - return (-1); - - retval = rmtpush(buf, count); - if (retval <= 0) - return (-1); - - return (rmtreply("write")); -} - -int -rmtpush(char *buf, uint_t count) -{ - int retval; - - do { - retval = write(rmtape, buf, count); - buf += retval; - count -= retval; - } while (count && retval > 0); - - return (retval); -} - -int -rmtseek(int offset, int pos) -{ - char line[80]; - - (void) snprintf(line, sizeof (line), "L%d\n%d\n", offset, pos); - return (rmtcall("seek", line)); -} - -int -rmtioctl(int cmd, long count) -{ - char buf[256]; - int xcmd; - - if (count < 0) - return (-1); - - if ((xcmd = map_extended_ioctl(cmd)) != -1) - return (rmtioctl_extended(xcmd, count)); - - (void) snprintf(buf, sizeof (buf), "I%d\n%ld\n", cmd, count); - return (rmtcall("ioctl", buf)); -} - -/* - * Map from the standard Sun ioctl commands into the extended version, - * if possible. - */ -static int -map_extended_ioctl(int cmd) -{ - int xcmd; - - if (rmtversion <= 0) - return (-1); /* extended protocol not supported */ - - switch (cmd) { - case MTRETEN: - xcmd = 2; - break; - case MTERASE: - xcmd = 3; - break; - case MTEOM: - xcmd = 4; - break; - case MTNBSF: - xcmd = 5; - break; - default: - xcmd = -1; /* not supported */ - break; - } - return (xcmd); -} - -static int -rmtioctl_extended(int cmd, long count) -{ - char buf[256]; - - (void) snprintf(buf, sizeof (buf), "i%d\n%ld\n", cmd, count); - return (rmtcall("ioctl", buf)); -} - -static int -rmtcall(char *cmd, char *buf) -{ - if (rmtpush(buf, strlen(buf)) != strlen(buf)) - rmtconnaborted(0); - return (rmtreply(cmd)); -} - -static int -rmtreply(char *cmd) -{ - char code[30], emsg[BUFSIZ]; - - rmtgets(code, sizeof (code)); - if (*code == 'E' || *code == 'F') { - rmtgets(emsg, sizeof (emsg)); - /* - * don't print error message for ioctl or status; - * or if we are opening up a full path (i.e. device) - * and the tape is not loaded (EIO error) - */ - if (strcmp(cmd, "ioctl") != 0 && - strcmp(cmd, "status") != 0 && - !(cmd[0] == '/' && atoi(code + 1) == EIO)) - print("%s: %s\n", cmd, emsg); - errno = atoi(code + 1); - if (*code == 'F') { - rmtstate = TS_CLOSED; - return (-1); - } - return (-1); - } - if (*code != 'A') { - print(dgettext(domainname, - "Protocol to remote tape server botched (code %s?).\n"), - code); - rmtconnaborted(0); - } - return (atoi(code + 1)); -} - -static void -rmtgets(char *cp, int len) -{ - int i, n; - - n = recv(rmtape, cp, len-1, MSG_PEEK); - for (i = 0; i < n; i++) - if (cp[i] == '\n') - break; - n = i + 1; /* characters to read at once */ - for (i = 0; i < len; i += n, n = 1) { - n = read(rmtape, cp, n); - if (n <= 0) - rmtconnaborted(0); - cp += n; - if (cp[-1] == '\n') { - cp[-1] = '\0'; - return; - } - } - print(dgettext(domainname, - "Protocol to remote tape server botched (in rmtgets).\n")); - rmtconnaborted(0); -} - -#ifdef __STDC__ -#include - -/* VARARGS1 */ -static void -rmtmsg(const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - (void) vfprintf(stderr, fmt, args); - (void) fflush(stderr); -} -#else -#include - -/* VARARGS */ -static void -rmtmsg(va_dcl) -{ - va_list args; - char *fmt; - - va_start(args); - fmt = va_arg(args, char *); - (void) vfprintf(stderr, fmt, args); - (void) fflush(stderr); -} -#endif diff --git a/usr/src/cmd/backup/restore/Makefile b/usr/src/cmd/backup/restore/Makefile index c97dc287be..a42c36ddd7 100644 --- a/usr/src/cmd/backup/restore/Makefile +++ b/usr/src/cmd/backup/restore/Makefile @@ -33,7 +33,7 @@ POFILE= ufsrestore.po # XXX automatically generate the list when needed. HEADERS= ../../../../../include/protocols/dumprestore.h \ ../include/byteorder.h ../include/memutils.h \ - ../include/rmt.h restore.h + restore.h CLOBBERFILES += $(PRODUCT) $(DEBUGPRODUCTS) diff --git a/usr/src/cmd/backup/restore/tape.c b/usr/src/cmd/backup/restore/tape.c index 9d136bebc3..504d774df2 100644 --- a/usr/src/cmd/backup/restore/tape.c +++ b/usr/src/cmd/backup/restore/tape.c @@ -15,7 +15,6 @@ #include #include "restore.h" #include -#include #include #include #include @@ -35,7 +34,6 @@ int mt = -1; static int continuemap = 0; char magtape[BUFSIZ]; int pipein = 0; -char *host; /* used in dumprmt.c */ daddr32_t rec_position; static char *archivefile; /* used in metamucil.c */ static int bct; /* block # index into tape record buffer */ @@ -101,58 +99,42 @@ setinput(char *source, char *archive) done(1); } - if (strchr(source, ':')) { - char *tape; - - host = source; - tape = strchr(host, ':'); - *tape++ = '\0'; - if (strlen(tape) > (sizeof (magtape) - 1)) { - (void) fprintf(stderr, gettext("Tape name too long\n")); - done(1); - } - (void) strcpy(magtape, tape); - if (rmthost(host, ntrec) == 0) - done(1); - } else { - if (strlen(source) > (sizeof (magtape) - 1)) { - (void) fprintf(stderr, gettext("Tape name too long\n")); - done(1); - } - /* Not remote, no need for privileges */ - __priv_relinquish(); - host = NULL; - if (strcmp(source, "-") == 0) { - /* - * Since input is coming from a pipe we must establish - * our own connection to the terminal. - */ - terminal = fopen("/dev/tty", "r"); + if (strlen(source) > (sizeof (magtape) - 1)) { + (void) fprintf(stderr, gettext("Tape name too long\n")); + done(1); + } + /* Not remote, no need for privileges */ + __priv_relinquish(); + if (strcmp(source, "-") == 0) { + /* + * Since input is coming from a pipe we must establish + * our own connection to the terminal. + */ + terminal = fopen("/dev/tty", "r"); + if (terminal == NULL) { + int saverr = errno; + char *msg = + gettext("Cannot open(\"/dev/tty\")"); + errno = saverr; + perror(msg); + terminal = fopen("/dev/null", "r"); if (terminal == NULL) { - int saverr = errno; - char *msg = - gettext("Cannot open(\"/dev/tty\")"); + saverr = errno; + msg = gettext( + "Cannot open(\"/dev/null\")"); errno = saverr; perror(msg); - terminal = fopen("/dev/null", "r"); - if (terminal == NULL) { - saverr = errno; - msg = gettext( - "Cannot open(\"/dev/null\")"); - errno = saverr; - perror(msg); - done(1); - } - } - pipein++; - if (archive) { - (void) fprintf(stderr, gettext( - "Cannot specify an archive file when reading from a pipe\n")); done(1); } } - (void) strcpy(magtape, source); + pipein++; + if (archive) { + (void) fprintf(stderr, gettext( + "Cannot specify an archive file when reading from a pipe\n")); + done(1); + } } + (void) strcpy(magtape, source); } void @@ -195,12 +177,6 @@ setup(void) done(1); } volno = 0; - } else if (host) { - if ((mt = rmtopen(magtape, O_RDONLY)) < 0) { - perror(magtape); - done(1); - } - volno = 1; } else { if (pipein) mt = 0; @@ -526,14 +502,9 @@ with the last volume and work towards the first.\n")); * the device once without prompting to enable unattended * operation. */ - if (host) - (void) fprintf(stderr, gettext( -"Mount volume %d\nthen enter volume name on host %s (default: %s) "), - newvol, host, magtape); - else - (void) fprintf(stderr, gettext( - "Mount volume %d\nthen enter volume name (default: %s) "), - newvol, magtape); + (void) fprintf(stderr, gettext( + "Mount volume %d\nthen enter volume name (default: %s) "), + newvol, magtape); (void) fflush(stderr); /* LINTED tbfsize is limited to a few MB */ (void) fgets(tbf, (int)tbfsize, terminal); @@ -550,9 +521,7 @@ with the last volume and work towards the first.\n")); if (magtape[i - 1] == '\n') magtape[i - 1] = '\0'; } - if ((host != NULL && (mt = rmtopen(magtape, O_RDONLY)) == -1) || - (host == NULL && - (mt = open(magtape, O_RDONLY|O_LARGEFILE)) == -1)) { + if ((mt = open(magtape, O_RDONLY|O_LARGEFILE)) == -1) { int error = errno; (void) fprintf(stderr, gettext("Cannot open %s: %s\n"), magtape, strerror(error)); @@ -686,10 +655,7 @@ setdumpnum(void) } tcom.mt_op = MTFSF; tcom.mt_count = dumpnum - 1; - if (host) - retval = rmtioctl(MTFSF, dumpnum - 1); - else - retval = ioctl(mt, (int)MTIOCTOP, (char *)&tcom); + retval = ioctl(mt, (int)MTIOCTOP, (char *)&tcom); if (retval < 0) perror("ioctl MTFSF"); } @@ -1515,10 +1481,7 @@ top: cnt = ntrec*tp_bsize; rd = 0; getmore: - if (host) - i = rmtread(&tbf[rd], cnt); - else - i = read(mt, &tbf[rd], cnt); + i = read(mt, &tbf[rd], cnt); /* * Check for mid-tape short read error. * If found, return rest of buffer. @@ -1581,9 +1544,7 @@ getmore: /* LINTED: unsigned->signed conversion ok */ i = (int)(ntrec*tp_bsize); bzero(tbf, (size_t)i); - if ((host != 0 && rmtseek(i, 1) < 0) || - (host == 0 && (lseek64(mt, (offset_t)i, 1) == - (off64_t)-1))) { + if (lseek64(mt, (offset_t)i, 1) == (off64_t)-1) { perror(gettext("continuation failed")); done(1); } @@ -1646,10 +1607,7 @@ findtapeblksize(int arfile) /*LINTED [tbf = malloc()]*/ ((struct s_spcl *)&tbf[i * tp_bsize])->c_magic = 0; bct = 0; - if (host && arfile == TAPE_FILE) - tape_rec_size = rmtread(tbf, ntrec * tp_bsize); - else - tape_rec_size = read(mt, tbf, ntrec * tp_bsize); + tape_rec_size = read(mt, tbf, ntrec * tp_bsize); recsread++; rec_position++; if (tape_rec_size == (ssize_t)-1) { @@ -1693,11 +1651,7 @@ closemt(int mode) return; if (offline || mode == FORCE_OFFLINE) (void) fprintf(stderr, gettext("Rewinding tape\n")); - if (host) { - if (offline || mode == FORCE_OFFLINE) - (void) rmtioctl(MTOFFL, 1); - rmtclose(); - } else if (pipein) { + if (pipein) { char buffy[MAXBSIZE]; while (read(mt, buffy, sizeof (buffy)) > 0) { @@ -2075,19 +2029,11 @@ autoload_tape(void) (void) fprintf(stderr, gettext("Attempting to autoload next volume\n")); for (tries = 0; tries < autoload_tries; tries++) { - if (host) { - if (rmtopen(magtape, O_RDONLY) >= 0) { - rmtclose(); - result = 1; - break; - } - } else { - if ((fd = open(magtape, O_RDONLY|O_LARGEFILE, - 0600)) >= 0) { - (void) close(fd); - result = 1; - break; - } + if ((fd = open(magtape, O_RDONLY|O_LARGEFILE, + 0600)) >= 0) { + (void) close(fd); + result = 1; + break; } (void) sleep(autoload_period); } @@ -2096,10 +2042,7 @@ autoload_tape(void) (void) fprintf(stderr, gettext("Autoload timed out\n")); } else { - if ((host != NULL && - (mt = rmtopen(magtape, O_RDONLY)) == -1) || - (host == NULL && - (mt = open(magtape, O_RDONLY|O_LARGEFILE)) == -1)) { + if ((mt = open(magtape, O_RDONLY|O_LARGEFILE)) == -1) { (void) fprintf(stderr, gettext( "Autoload could not re-open tape\n")); result = 0; diff --git a/usr/src/cmd/cmd-inet/usr.sbin/Makefile b/usr/src/cmd/cmd-inet/usr.sbin/Makefile index 1261c6325e..9e98373e08 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/Makefile +++ b/usr/src/cmd/cmd-inet/usr.sbin/Makefile @@ -27,24 +27,24 @@ SYNCPROG= syncinit syncloop syncstat PROG= 6to4relay arp if_mpadm \ - in.comsat in.fingerd in.rarpd in.rexecd \ + in.comsat in.fingerd in.rarpd \ in.rwhod in.telnetd in.tftpd ipaddrsel \ ndp $(SYNCPROG) -MANIFEST= rarp.xml telnet.xml comsat.xml finger.xml rexec.xml +MANIFEST= rarp.xml telnet.xml comsat.xml finger.xml SVCMETHOD= svc-sockfilter ROOTFS_PROG= hostconfig route soconfig SBINLINKS= hostconfig route RPCSVCPROG= hostconfig -AUDITPROG= in.rexecd in.telnetd -PAMPROG= in.rexecd in.telnetd +AUDITPROG= in.telnetd +PAMPROG= in.telnetd SOCKETPROG= 6to4relay arp hostconfig if_mpadm in.comsat \ - in.fingerd in.rarpd in.rexecd \ + in.fingerd in.rarpd \ in.rwhod in.telnetd in.tftpd ipaddrsel ndp route NSLPROG= 6to4relay arp hostconfig in.comsat in.rarpd \ - in.rexecd in.rwhod in.telnetd \ + in.rwhod in.telnetd \ in.tftpd ipaddrsel ndp route CMDPROG= in.telnetd K5PROGS= in.telnetd diff --git a/usr/src/cmd/cmd-inet/usr.sbin/in.rexecd.c b/usr/src/cmd/cmd-inet/usr.sbin/in.rexecd.c deleted file mode 100644 index df1e2f8cdc..0000000000 --- a/usr/src/cmd/cmd-inet/usr.sbin/in.rexecd.c +++ /dev/null @@ -1,570 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* Copyright (c) 1983-1989 AT&T */ -/* All Rights Reserved */ - -/* - * Portions of this source code were derived from Berkeley 4.3 BSD - * under license from the Regents of the University of California. - */ - -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef SYSV -#include -#endif /* SYSV */ - -#ifndef NCARGS -#define NCARGS 5120 -#endif /* NCARGS */ - -#ifdef SYSV -#define rindex strrchr -#define killpg(a, b) kill(-(a), (b)) -#else -char *sprintf(); -#endif /* SYSV */ - -#define MAXFD(A, B) ((A) > (B) ? (A) : (B)) -#define _PATH_DEFAULT_LOGIN "/etc/default/login" - -static void error(char *fmt, ...); -static void doit(int f, struct sockaddr_storage *fromp); -static void getstr(char *buf, int cnt, char *err); - -static int legalenvvar(char *s); - -/* Function decls. for functions not in any header file. (Grrrr.) */ -extern int audit_rexecd_setup(void); -extern int audit_rexecd_success(char *, char *, char *); -extern int audit_rexecd_fail(char *, char *, char *, char *); -extern int audit_settid(int); /* set termnal ID */ - -/* PAM conversation function */ -static int rexec_conv(int, struct pam_message **, - struct pam_response **, void *); - -static pam_handle_t *pamh; /* authentication handle */ -static struct pam_conv conv = { - rexec_conv, - NULL - }; - -/* - * remote execute server: - * username\0 - * password\0 - * command\0 - * data - * - * in.rexecd has been modified to run as the user invoking it. Hence there is no - * need to limit any privileges. - */ -/*ARGSUSED*/ -int -main(int argc, char **argv) -{ - struct sockaddr_storage from; - socklen_t fromlen; - - openlog("rexec", LOG_PID | LOG_ODELAY, LOG_DAEMON); - (void) audit_rexecd_setup(); /* BSM */ - fromlen = (socklen_t)sizeof (from); - if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { - (void) fprintf(stderr, "%s: ", argv[0]); - perror("getpeername"); - exit(1); - } - - if (audit_settid(0) != 0) { - perror("settid"); - exit(1); - } - - doit(0, &from); - return (0); -} - -static char username[20] = "USER="; -static char homedir[64] = "HOME="; -static char shell[64] = "SHELL="; - -static char *envinit[] = -#ifdef SYSV - {homedir, shell, (char *)0, username, - (char *)0, (char *)0, (char *)0, (char *)0, - (char *)0, (char *)0, (char *)0, (char *)0, - (char *)0, (char *)0, (char *)0, (char *)0, - (char *)0, (char *)0, (char *)0, (char *)0, - (char *)0}; -#define ENVINIT_PATH 2 /* position of PATH in envinit[] */ -#define PAM_ENV_ELIM 16 /* max PAM environment variables */ - -/* - * See PSARC opinion 1992/025 - */ -static char userpath[] = "PATH=/usr/bin:"; -static char rootpath[] = "PATH=/usr/sbin:/usr/bin"; -#else - {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", username, 0}; -#endif /* SYSV */ - -static struct sockaddr_storage asin; -static char pass[16]; - -static void -doit(int f, struct sockaddr_storage *fromp) -{ - char cmdbuf[NCARGS+1], *cp; - char user[16]; - char hostname [MAXHOSTNAMELEN + 1]; - struct passwd *pwd, pw_data; - char pwdbuf[NSS_BUFLEN_PASSWD]; - int s; - ushort_t port; - pid_t pid; - int pv[2], cc; - fd_set readfrom, ready; - char buf[BUFSIZ], sig; - int one = 1; - int idx = 0, end_env = 0; - char **pam_env; - int status = PAM_AUTH_ERR; - char abuf[INET6_ADDRSTRLEN]; - struct in_addr v4dst; - socklen_t fromplen; - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; - int pam_flags = 0; - - (void) signal(SIGINT, SIG_DFL); - (void) signal(SIGQUIT, SIG_DFL); - (void) signal(SIGTERM, SIG_DFL); -#ifdef DEBUG - { - int t = open("/dev/tty", 2); - if (t >= 0) { -#ifdef SYSV - (void) setsid(); -#else - (void) ioctl(t, TIOCNOTTY, (char *)0); -#endif /* SYSV */ - (void) close(t); - } - } -#endif - if (fromp->ss_family == AF_INET) { - sin = (struct sockaddr_in *)fromp; - fromplen = sizeof (struct sockaddr_in); - asin.ss_family = AF_INET; /* used for bind */ - } else if (fromp->ss_family == AF_INET6) { - sin6 = (struct sockaddr_in6 *)fromp; - fromplen = sizeof (struct sockaddr_in6); - asin.ss_family = AF_INET6; /* used for bind */ - } else { - syslog(LOG_ERR, "unknown address family %d\n", - fromp->ss_family); - exit(1); - } - /* - * store common info. for audit record - */ - - if (getnameinfo((const struct sockaddr *) fromp, fromplen, hostname, - sizeof (hostname), NULL, 0, 0) != 0) { - if (fromp->ss_family == AF_INET6) { - if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { - struct in_addr ipv4_addr; - - IN6_V4MAPPED_TO_INADDR(&sin6->sin6_addr, - &ipv4_addr); - inet_ntop(AF_INET, &ipv4_addr, abuf, - sizeof (abuf)); - } else { - inet_ntop(AF_INET6, &sin6->sin6_addr, - abuf, sizeof (abuf)); - } - } else if (fromp->ss_family == AF_INET) { - inet_ntop(AF_INET, &sin->sin_addr, - abuf, sizeof (abuf)); - } - (void) strncpy(hostname, abuf, sizeof (hostname)); - } - (void) dup2(f, 0); - (void) dup2(f, 1); - (void) dup2(f, 2); - (void) alarm(60); - port = 0; - for (;;) { - char c; - if (read(f, &c, 1) != 1) - exit(1); - if (c == 0) - break; - port = port * 10 + c - '0'; - } - (void) alarm(0); - if (port != 0) { - s = socket(fromp->ss_family, SOCK_STREAM, 0); - if (s < 0) - exit(1); - if (bind(s, (struct sockaddr *)&asin, fromplen) < 0) - exit(1); - (void) alarm(60); - if (fromp->ss_family == AF_INET) { - sin->sin_port = htons((ushort_t)port); - } else if (fromp->ss_family == AF_INET6) { - sin6->sin6_port = htons((ushort_t)port); - } - if (connect(s, (struct sockaddr *)fromp, fromplen) < 0) - exit(1); - (void) alarm(0); - } - getstr(user, sizeof (user), "username"); - getstr(pass, sizeof (pass), "password"); - getstr(cmdbuf, sizeof (cmdbuf), "command"); - - getpwnam_r(user, &pw_data, pwdbuf, sizeof (pwdbuf), &pwd); - if (pwd == NULL) { - (void) audit_rexecd_fail("Login incorrect", hostname, user, - cmdbuf); /* BSM */ - error("Login incorrect.\n"); - exit(1); - } - - if (defopen(_PATH_DEFAULT_LOGIN) == 0) { - int flags; - char *p; - flags = defcntl(DC_GETFLAGS, 0); - TURNOFF(flags, DC_CASE); - (void) defcntl(DC_SETFLAGS, flags); - if ((p = defread("PASSREQ=")) != NULL && - strcasecmp(p, "YES") == 0) { - pam_flags |= PAM_DISALLOW_NULL_AUTHTOK; - } - defopen(NULL); - } - - if (pam_start("rexec", user, &conv, &pamh) != PAM_SUCCESS) { - exit(1); - } - if (pam_set_item(pamh, PAM_RHOST, hostname) != PAM_SUCCESS) { - exit(1); - } - - if ((status = pam_authenticate(pamh, pam_flags)) != PAM_SUCCESS) { - switch (status) { - case PAM_USER_UNKNOWN: - (void) audit_rexecd_fail("Login incorrect", hostname, - user, cmdbuf); /* BSM */ - error("Login incorrect.\n"); - break; - default: - (void) audit_rexecd_fail("Password incorrect", hostname, - user, cmdbuf); /* BSM */ - error("Password incorrect.\n"); - } - pam_end(pamh, status); - exit(1); - } - if ((status = pam_acct_mgmt(pamh, pam_flags)) != PAM_SUCCESS) { - (void) audit_rexecd_fail("Account or Password Expired", - hostname, user, cmdbuf); - switch (status) { - case PAM_NEW_AUTHTOK_REQD: - error("Password Expired.\n"); - break; - case PAM_PERM_DENIED: - error("Account Expired.\n"); - break; - case PAM_AUTHTOK_EXPIRED: - error("Password Expired.\n"); - break; - default: - error("Login incorrect.\n"); - break; - } - pam_end(pamh, status); - exit(1); - } - - (void) write(2, "\0", 1); - - if (setgid((gid_t)pwd->pw_gid) < 0) { - (void) audit_rexecd_fail("Can't setgid", hostname, - user, cmdbuf); /* BSM */ - error("setgid"); - pam_end(pamh, PAM_ABORT); - exit(1); - } - (void) initgroups(pwd->pw_name, pwd->pw_gid); - - if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { - (void) audit_rexecd_fail("Unable to establish credentials", - hostname, user, cmdbuf); /* BSM */ - error("Unable to establish credentials.\n"); - pam_end(pamh, PAM_SUCCESS); - } - - (void) audit_rexecd_success(hostname, user, cmdbuf); /* BSM */ - - if (setuid((uid_t)pwd->pw_uid) < 0) { - (void) audit_rexecd_fail("Can't setuid", hostname, - user, cmdbuf); /* BSM */ - error("setuid"); - pam_end(pamh, PAM_ABORT); - exit(1); - } - - - if (port) { - (void) pipe(pv); - pid = fork(); - if (pid == (pid_t)-1) { - error("Try again.\n"); - pam_end(pamh, PAM_ABORT); - exit(1); - } - if (pid) { - /* - * since the daemon is running as the user no need - * to prune privileges. - */ - (void) close(0); (void) close(1); (void) close(2); - (void) close(f); (void) close(pv[1]); - FD_ZERO(&readfrom); - FD_SET(s, &readfrom); - FD_SET(pv[0], &readfrom); - (void) ioctl(pv[0], FIONBIO, (char *)&one); - /* should set s nbio! */ - do { - ready = readfrom; - if (select(MAXFD(s, pv[0])+1, &ready, NULL, - NULL, NULL) < 0) { - perror("select:"); - exit(1); - } - if (FD_ISSET(s, &ready)) { - if (read(s, &sig, 1) <= 0) - FD_CLR(s, &readfrom); - else - (void) killpg(pid, sig); - } - if (FD_ISSET(pv[0], &ready)) { - cc = read(pv[0], buf, sizeof (buf)); - if (cc <= 0) { - (void) shutdown(s, 1+1); - FD_CLR(pv[0], &readfrom); - } else - (void) write(s, buf, cc); - } - } while (FD_ISSET(s, &readfrom) || - FD_ISSET(pv[0], &readfrom)); - exit(0); - } - /* setpgrp(0, getpid()); */ - (void) setsid(); /* Should be the same as above. */ - (void) close(s); (void)close(pv[0]); - (void) dup2(pv[1], 2); - } - - if (*pwd->pw_shell == '\0') - pwd->pw_shell = "/bin/sh"; - if (f > 2) - (void) close(f); - /* Change directory only after becoming the appropriate user. */ - if (chdir(pwd->pw_dir) < 0) { - error("No remote directory.\n"); - pam_end(pamh, PAM_ABORT); - exit(1); - } -#ifdef SYSV - if (pwd->pw_uid) - envinit[ENVINIT_PATH] = userpath; - else - envinit[ENVINIT_PATH] = rootpath; -#endif /* SYSV */ - (void) strncat(homedir, pwd->pw_dir, sizeof (homedir) - 6); - (void) strncat(shell, pwd->pw_shell, sizeof (shell) - 7); - (void) strncat(username, pwd->pw_name, sizeof (username) - 6); - - /* - * add PAM environment variables set by modules - * -- only allowed 16 (PAM_ENV_ELIM) - * -- check to see if the environment variable is legal - */ - for (end_env = 0; envinit[end_env] != 0; end_env++) - ; - if ((pam_env = pam_getenvlist(pamh)) != 0) { - while (pam_env[idx] != 0) { - if (idx < PAM_ENV_ELIM && - legalenvvar(pam_env[idx])) { - envinit[end_env + idx] = pam_env[idx]; - } - idx++; - } - } - - pam_end(pamh, PAM_SUCCESS); - - cp = rindex(pwd->pw_shell, '/'); - if (cp) - cp++; - else - cp = pwd->pw_shell; - (void) execle(pwd->pw_shell, cp, "-c", cmdbuf, (char *)0, envinit); - perror(pwd->pw_shell); - exit(1); -} - -static void -getstr(char *buf, int cnt, char *err) -{ - char c; - - do { - if (read(0, &c, 1) != 1) - exit(1); - *buf++ = c; - if (--cnt == 0) { - error("%s too long\n", err); - exit(1); - } - } while (c != 0); -} - -static void -error(char *fmt, ...) -{ - va_list ap; - char buf[BUFSIZ]; - - buf[0] = 1; - va_start(ap, fmt); - (void) vsprintf(buf+1, fmt, ap); - va_end(ap); - (void) write(2, buf, strlen(buf)); -} - -static char *illegal[] = { - "SHELL=", - "HOME=", - "LOGNAME=", -#ifndef NO_MAIL - "MAIL=", -#endif - "CDPATH=", - "IFS=", - "PATH=", - "USER=", - 0 -}; - -/* - * legalenvvar - can PAM insert this environmental variable? - */ - -static int -legalenvvar(char *s) -{ - register char **p; - - for (p = illegal; *p; p++) - if (strncmp(s, *p, strlen(*p)) == 0) - return (0); - - if (s[0] == 'L' && s[1] == 'D' && s[2] == '_') - return (0); - - return (1); -} - -/* - * rexec_conv - This is the conv (conversation) function called from - * a PAM authentication module to print error messages - * or garner information from the user. - */ - -/* ARGSUSED3 */ -static int -rexec_conv(int num_msg, struct pam_message **msg, - struct pam_response **response, void *appdata_ptr) -{ - struct pam_message *m; - struct pam_response *r; - int i; - - if (num_msg <= 0) - return (PAM_CONV_ERR); - - *response = calloc(num_msg, sizeof (struct pam_response)); - if (*response == NULL) - return (PAM_BUF_ERR); - - m = *msg; - r = *response; - - if (m->msg_style == PAM_PROMPT_ECHO_OFF) { - if (pass[0] != '\0') { - r->resp = strdup(pass); - if (r->resp == NULL) { - /* free responses */ - r = *response; - for (i = 0; i < num_msg; i++, r++) { - free(r->resp); - } - free(*response); - *response = NULL; - return (PAM_BUF_ERR); - } - } - } - - return (PAM_SUCCESS); -} diff --git a/usr/src/cmd/cmd-inet/usr.sbin/rexec.xml b/usr/src/cmd/cmd-inet/usr.sbin/rexec.xml deleted file mode 100644 index 98f83f3102..0000000000 --- a/usr/src/cmd/cmd-inet/usr.sbin/rexec.xml +++ /dev/null @@ -1,115 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/usr/src/cmd/login/login.c b/usr/src/cmd/login/login.c index 470cdec338..8c98357fdc 100644 --- a/usr/src/cmd/login/login.c +++ b/usr/src/cmd/login/login.c @@ -318,16 +318,14 @@ static boolean_t pflag = B_FALSE; static boolean_t uflag = B_FALSE; static boolean_t Rflag = B_FALSE; static boolean_t sflag = B_FALSE; -static boolean_t Uflag = B_FALSE; static boolean_t tflag = B_FALSE; static boolean_t hflag = B_FALSE; -static boolean_t rflag = B_FALSE; static boolean_t zflag = B_FALSE; /* * Remote login support */ -static char rusername[NMAX+1], lusername[NMAX+1]; +static char lusername[NMAX+1]; static char terminal[MAXPATHLEN]; /* @@ -349,7 +347,6 @@ static pam_handle_t *pamh; /* Authentication handle */ static void turn_on_logging(void); static void defaults(void); static void usage(void); -static void process_rlogin(void); static void login_authenticate(); static void setup_credentials(void); static void adjust_nice(void); @@ -500,12 +497,6 @@ main(int argc, char *argv[], char **renvp) openlog("login", 0, LOG_AUTH); /* - * Do special processing for -r (rlogin) flag - */ - if (rflag) - process_rlogin(); - - /* * validate user */ /* we are already authenticated. fill in what we must, then continue */ @@ -581,7 +572,7 @@ main(int argc, char *argv[], char **renvp) if (chdir(pwd->pw_dir) == 0) silent = (access(HUSHLOGIN, F_OK) == 0); /* - * NOTE: telnetd and rlogind rely upon this updating of utmpx + * NOTE: telnetd relies upon this updating of utmpx * to indicate that the authentication completed successfully, * pam_open_session was called and therefore they are required to * call pam_close_session. @@ -1349,7 +1340,7 @@ get_options(int argc, char *argv[]) break; case 'h': - if (hflag || rflag || zflag) { + if (hflag || zflag) { (void) fprintf(stderr, flags_message); login_exit(1); } @@ -1372,16 +1363,6 @@ get_options(int argc, char *argv[]) SCPYL(progname, "telnet"); break; - case 'r': - if (hflag || rflag || zflag) { - (void) fprintf(stderr, flags_message); - login_exit(1); - } - rflag = B_TRUE; - SCPYL(remote_host, optarg); - SCPYL(progname, "rlogin"); - break; - case 'p': pflag = B_TRUE; break; @@ -1437,21 +1418,8 @@ get_options(int argc, char *argv[]) SCPYL(terminal, optarg); tflag = B_TRUE; break; - case 'U': - /* - * Kerberized rlogind may fork us with - * -U "" if the rlogin client used the "-a" - * option to send a NULL username. This is done - * to force login to prompt for a user/password. - * However, if Kerberos auth was used, we dont need - * to prompt, so we will accept the option and - * handle the situation later. - */ - SCPYL(rusername, optarg); - Uflag = B_TRUE; - break; case 'z': - if (hflag || rflag || zflag) { + if (hflag || zflag) { (void) fprintf(stderr, flags_message); login_exit(1); } @@ -1514,8 +1482,8 @@ usage(void) (void) fprintf(stderr, "usage:\n" " login [-p] [-d device] [-R repository] [-s service]\n" - "\t[-t terminal] [-u identity] [-U ruser]\n" - "\t[-h hostname [terminal] | -r hostname] [name [environ]...]\n"); + "\t[-t terminal] [-u identity]\n" + "\t[-h hostname [terminal]] [name [environ]...]\n"); } @@ -1564,59 +1532,6 @@ doremoteterm(char *term) } /* - * Process_rlogin - Does the work that rlogin and telnet - * need done - */ -static void -process_rlogin(void) -{ - /* - * If a Kerberized rlogin was initiated, then these fields - * must be read by rlogin daemon itself and passed down via - * cmd line args. - */ - if (!Uflag && !strlen(rusername)) - getstr(rusername, sizeof (rusername), "remuser"); - if (!strlen(lusername)) - getstr(lusername, sizeof (lusername), "locuser"); - if (!tflag && !strlen(terminal)) - getstr(terminal, sizeof (terminal), "Terminal type"); - - if (strlen(terminal)) - doremoteterm(terminal); - - /* fflag has precedence over stuff passed by rlogind */ - if (fflag || getuid()) { - pwd = &nouser; - return; - } else { - if (pam_set_item(pamh, PAM_USER, lusername) != PAM_SUCCESS) - login_exit(1); - - pwd = getpwnam(lusername); - if (pwd == NULL) { - pwd = &nouser; - return; - } - } - - /* - * Update PAM on the user name - */ - if (strlen(lusername) && - pam_set_item(pamh, PAM_USER, lusername) != PAM_SUCCESS) - login_exit(1); - - if (strlen(rusername) && - pam_set_item(pamh, PAM_RUSER, rusername) != PAM_SUCCESS) - login_exit(1); - - SCPYL(user_name, lusername); - envp = &zero; - lusername[0] = '\0'; -} - -/* * *** Account validation routines *** * */ @@ -1906,9 +1821,7 @@ setup_credentials(void) static uint_t get_audit_id(void) { - if (rflag) - return (ADT_rlogin); - else if (hflag) + if (hflag) return (ADT_telnet); else if (zflag) return (ADT_zlogin); @@ -2004,7 +1917,7 @@ update_utmpx_entry(int sublogin, boolean_t silent) (void) time(&utmpx.ut_tv.tv_sec); utmpx.ut_pid = getpid(); - if (rflag || hflag) { + if (hflag) { SCPYN(utmpx.ut_host, remote_host); tmplen = strlen(remote_host) + 1; if (tmplen < sizeof (utmpx.ut_host)) @@ -2053,7 +1966,7 @@ update_utmpx_entry(int sublogin, boolean_t silent) if (!sublogin) { /* * no utmpx entry already setup - * (init or rlogind/telnetd) + * (init or telnetd) */ (void) puts(errmsg); @@ -2161,9 +2074,7 @@ establish_user_environment(char **renvp) (void) memcpy(&envinit[basicenv], newenv, sizeof (newenv)); /* Set up environment */ - if (rflag) { - ENVSTRNCAT(term, terminal); - } else if (hflag) { + if (hflag) { if (strlen(terminal)) { ENVSTRNCAT(term, terminal); } diff --git a/usr/src/cmd/login/login_audit.c b/usr/src/cmd/login/login_audit.c index 73b97a9c8b..e8b1208175 100644 --- a/usr/src/cmd/login/login_audit.c +++ b/usr/src/cmd/login/login_audit.c @@ -49,7 +49,7 @@ static void audit_logout(adt_session_data_t *); */ /* - * There is no information passed to login.c from rlogin or telnet + * There is no information passed to login.c from telnet * about the terminal id. They both set the tid before they * exec login; the value is picked up by adt_start_session() and is * carefully *not* overwritten by adt_load_hostname(). @@ -102,7 +102,6 @@ audit_success(uint_t event_id, struct passwd *pwd, char *optional_text) if (adt_audit_enabled()) { switch (event_id) { case ADT_login: - case ADT_rlogin: case ADT_telnet: case ADT_zlogin: audit_logout(ah); /* fork to catch logout */ @@ -222,7 +221,7 @@ audit_failure(uint_t event_id, int failure_code, struct passwd *pwd, gid = pwd->pw_gid; } /* - * If this is a remote login, in.rlogind or in.telnetd has + * If this is a remote login, in.telnetd has * already set the terminal id, in which case * adt_load_hostname() will use the preset terminal id and * ignore hostname. (If no remote host and ttyname is NULL, diff --git a/usr/src/cmd/rmt/Makefile b/usr/src/cmd/rmt/Makefile deleted file mode 100644 index 171c0ff3f3..0000000000 --- a/usr/src/cmd/rmt/Makefile +++ /dev/null @@ -1,50 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# ident "%Z%%M% %I% %E% SMI" -# -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# cmd/rmt/Makefile -# - -PROG= rmt - -include ../Makefile.cmd - -RELUSRSBIN= ../usr/sbin -ROOTSYMLINK= $(ROOTETC)/$(PROG) - -.KEEP_STATE: - -all: $(PROG) - -install: all $(ROOTUSRSBINPROG) $(ROOTSYMLINK) - -$(ROOTSYMLINK): - -$(RM) $@; $(SYMLINK) $(RELUSRSBIN)/$(PROG) $@ - -clean: - - -include ../Makefile.targ diff --git a/usr/src/cmd/rmt/rmt.c b/usr/src/cmd/rmt/rmt.c deleted file mode 100644 index a7a844ca82..0000000000 --- a/usr/src/cmd/rmt/rmt.c +++ /dev/null @@ -1,505 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * Multi-process streaming 4.3bsd /etc/rmt server. - * Has three locks (for stdin, stdout, and the tape) - * that are passed by signals and received by sigpause(). - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static sigset_t cmdmask, maskall, newmask; -static sigset_t sendmask, tapemask; - -static struct mtop mtop; -static struct mtget mtget; -static jmp_buf sjbuf; - -#define RECV SIGIO -#define TAPE SIGURG -#define SEND SIGALRM -#define ERROR SIGTERM -#define OPEN SIGUSR1 -#define CLOSE SIGUSR2 - -/* - * Support for Version 1 of the extended RMT protocol: - * Placing RMTIVERSION (-1) into the mt_op field of the ioctl ('I') - * request will return the current version of the RMT protocol that - * the server supports. For servers that don't support Version 1, - * an error is returned and the client knows to only use Version 0 - * (stock BSD) calls, which include mt_op values in the range of [0-7]. - * - * Note: The RMTIVERSION request must be made in order for the extended - * protocol commands to be recognized. - */ -#define RMTIVERSION -1 -#define RMT_VERSION 1 - -/* - * These requests are made to the extended RMT protocol by specifying the - * new 'i' command of RMT Protocol Version 1. They are intended to allow - * an intelligent client to communicate with both BSD and Solaris RMT - * servers heterogeneously. The 'i' command taks an mtop structure as - * argument, exactly like the 'I' command does. - */ -#define RMTICACHE 0 -#define RMTINOCACHE 1 -#define RMTIRETEN 2 -#define RMTIERASE 3 -#define RMTIEOM 4 -#define RMTINBSF 5 - -/* - * These requests are made to the extended RMT protocol by specifying the - * new 's' command of RMT Protocol Version 1. They are intended to allow - * an intelligent client to obtain "mt status" information with both BSD - * and Solaris RMT servers heterogeneously. They return the requested - * piece of the mtget structure as an ascii integer. The request is made - * by sending the required character immediately after the 's' character - * without any trailing newline. A single ascii integer is returned, else - * an error is returned. - */ -#define MTS_TYPE 'T' /* mtget.mt_type */ -#define MTS_DSREG 'D' /* mtget.mt_dsreg */ -#define MTS_ERREG 'E' /* mtget.mt_erreg */ -#define MTS_RESID 'R' /* mtget.mt_resid */ -#define MTS_FILENO 'F' /* mtget.mt_fileno */ -#define MTS_BLKNO 'B' /* mtget.mt_blkno */ -#define MTS_FLAGS 'f' /* mtget.mt_flags */ -#define MTS_BF 'b' /* mtget.mt_bf */ - -#define MAXCHILD 1 -static pid_t childpid[MAXCHILD]; -static int children; - -static int tape = -1; -static size_t maxrecsize = 0; -static char *record; - -#define SSIZE 64 -static char pos[SSIZE], op[SSIZE], mode[SSIZE], count[SSIZE]; -static char device[MAXPATHLEN]; - -static FILE *debug; -#define DEBUG(f) if (debug) (void) fprintf(debug, (f)) -#define DEBUG1(f, a) if (debug) (void) fprintf(debug, (f), (a)) -#define DEBUG2(f, a, b) if (debug) (void) fprintf(debug, (f), (a), (b)) -#define DEBUG3(f, a, b, c) if (debug) \ - (void) fprintf(debug, (f), (a), (b), (c)) - -static char key; - -#ifdef __STDC__ -static void respond(offset_t, int); -static void getstring(char *, size_t); -static void checkbuf(size_t); -#else -static void respond(); -static void getstring(); -static void checkbuf(); -#endif - -static void -catch(int sig) -{ - switch (sig) { - default: return; - case OPEN: key = 'O'; break; - case CLOSE: key = 'C'; break; - case ERROR: key = 'E'; break; - } - (void) sigprocmask(SIG_SETMASK, &maskall, (sigset_t *)0); - longjmp(sjbuf, 1); -} - -int -main(int argc, char *argv[]) -{ - struct sigaction sa; - pid_t parent = getpid(), next = parent; - int saverr; - offset_t rval; - ssize_t cc; - size_t n, i; - - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */ -#define TEXT_DOMAIN "SYS_TEST" -#endif - (void) textdomain(TEXT_DOMAIN); - - if (argc > 1) { - if ((debug = fopen(argv[1], "w")) == NULL) - exit(1); - setbuf(debug, NULL); - } - (void) sigemptyset(&maskall); - (void) sigaddset(&maskall, RECV); - (void) sigaddset(&maskall, OPEN); - (void) sigaddset(&maskall, CLOSE); - (void) sigaddset(&maskall, ERROR); - (void) sigaddset(&maskall, TAPE); - (void) sigaddset(&maskall, SEND); - - tapemask = maskall; - (void) sigdelset(&tapemask, TAPE); - - sendmask = maskall; - (void) sigdelset(&sendmask, SEND); - - (void) sigemptyset(&cmdmask); - (void) sigaddset(&cmdmask, TAPE); - (void) sigaddset(&cmdmask, SEND); - - (void) sigemptyset(&sa.sa_mask); - - sa.sa_handler = catch; - sa.sa_flags = SA_RESTART; - (void) sigaction(RECV, &sa, NULL); - (void) sigaction(SEND, &sa, NULL); - (void) sigaction(TAPE, &sa, NULL); - (void) sigaction(OPEN, &sa, NULL); - (void) sigaction(CLOSE, &sa, NULL); - (void) sigaction(ERROR, &sa, NULL); - - (void) sigprocmask(SIG_SETMASK, &maskall, (sigset_t *)0); - - (void) kill(parent, TAPE); - (void) kill(parent, SEND); - - while (read(0, &key, 1) == 1) { - switch (key) { - case 'L': /* lseek */ - getstring(count, sizeof (count)); - getstring(pos, sizeof (pos)); - DEBUG2("rmtd: L %s %s\n", count, pos); - (void) kill(next, RECV); - (void) sigsuspend(&tapemask); - rval = llseek(tape, atoll(count), atoi(pos)); - saverr = errno; - (void) kill(next, TAPE); - (void) sigsuspend(&sendmask); - respond(rval, saverr); - break; - - case 'I': /* ioctl */ - case 'i': { /* extended version ioctl */ - int bad = 0; - - getstring(op, sizeof (op)); - getstring(count, sizeof (count)); - DEBUG3("rmtd: %c %s %s\n", key, op, count); - mtop.mt_op = atoi(op); - mtop.mt_count = atoi(count); - if (key == 'i') { - /* - * Map the supported compatibility defines - * into real ioctl values. - */ - switch (mtop.mt_op) { - case RMTICACHE: - case RMTINOCACHE: /* not support on Sun */ - bad = 1; - break; - case RMTIRETEN: - mtop.mt_op = MTRETEN; - break; - case RMTIERASE: - mtop.mt_op = MTERASE; - break; - case RMTIEOM: - mtop.mt_op = MTEOM; - break; - case RMTINBSF: - mtop.mt_op = MTNBSF; - break; - default: - bad = 1; - break; - } - } - if (bad) { - respond(-1LL, EINVAL); - } else { - (void) kill(next, RECV); - (void) sigsuspend(&tapemask); - if (mtop.mt_op == RMTIVERSION) { - mtop.mt_count = RMT_VERSION; - rval = (offset_t)mtop.mt_count; - } else { - rval = (offset_t)ioctl(tape, MTIOCTOP, - (char *)&mtop); - } - saverr = errno; - (void) kill(next, TAPE); - (void) sigsuspend(&sendmask); - respond(rval < 0 ? - rval : (offset_t)mtop.mt_count, - saverr); - } - break; - } - - case 'S': /* status */ - case 's': { /* extended status */ - char skey; - - DEBUG1("rmtd: %c\n", key); - if (key == 's') { - if (read(0, &skey, 1) != 1) - continue; - } - (void) kill(next, RECV); - (void) sigsuspend(&tapemask); - errno = 0; - rval = (offset_t)ioctl(tape, MTIOCGET, (char *)&mtget); - saverr = errno; - (void) kill(next, TAPE); - (void) sigsuspend(&sendmask); - if (rval < 0) - respond(rval, saverr); - else { - if (key == 's') { /* extended status */ - DEBUG1("rmtd: s%c\n", key); - switch (skey) { - case MTS_TYPE: - respond( - (offset_t)mtget.mt_type, - saverr); - break; - case MTS_DSREG: - respond( - (offset_t)mtget.mt_dsreg, - saverr); - break; - case MTS_ERREG: - respond( - (offset_t)mtget.mt_erreg, - saverr); - break; - case MTS_RESID: - respond( - (offset_t)mtget.mt_resid, - saverr); - break; - case MTS_FILENO: - respond( - (offset_t)mtget.mt_fileno, - saverr); - break; - case MTS_BLKNO: - respond( - (offset_t)mtget.mt_blkno, - saverr); - break; - case MTS_FLAGS: - respond( - (offset_t)mtget.mt_flags, - saverr); - break; - case MTS_BF: - respond((offset_t)mtget.mt_bf, - saverr); - break; - default: - respond(-1LL, EINVAL); - break; - } - } else { - respond((offset_t)sizeof (mtget), - saverr); - (void) write(1, (char *)&mtget, - sizeof (mtget)); - } - } - break; - } - - case 'W': - getstring(count, sizeof (count)); - n = (size_t)atol(count); - checkbuf(n); - DEBUG1("rmtd: W %s\n", count); - for (i = 0; i < n; i += (size_t)cc) { - cc = read(0, &record[i], n - i); - if (cc <= 0) { - DEBUG1(gettext("%s: premature eof\n"), - "rmtd"); - exit(2); - } - } - (void) kill(next, RECV); - (void) sigsuspend(&tapemask); - rval = (offset_t)write(tape, record, n); - saverr = errno; - (void) kill(next, TAPE); - (void) sigsuspend(&sendmask); - respond(rval, saverr); - break; - - case 'R': - getstring(count, sizeof (count)); - n = (size_t)atol(count); - checkbuf(n); - DEBUG1("rmtd: R %s\n", count); - (void) kill(next, RECV); - (void) sigsuspend(&tapemask); - rval = (offset_t)read(tape, record, n); - saverr = errno; - (void) kill(next, TAPE); - (void) sigsuspend(&sendmask); - respond(rval, saverr); - (void) write(1, record, (size_t)rval); - break; - - default: - DEBUG2(gettext("%s: garbage command '%c'\n"), - "rmtd", key); - /*FALLTHROUGH*/ - - case 'C': - case 'O': - /* rendezvous back into a single process */ - if (setjmp(sjbuf) == 0 || getpid() != parent) { - (void) sigsuspend(&tapemask); - (void) sigsuspend(&sendmask); - (void) kill(parent, key == 'O' ? OPEN : - key == 'C' ? CLOSE : ERROR); - (void) sigemptyset(&newmask); - (void) sigsuspend(&newmask); - } - while (children > 0) { - (void) kill(childpid[--children], SIGKILL); - while (wait(NULL) != childpid[children]) - ; - } - next = parent; - if (key == 'C') { - getstring(device, sizeof (device)); - DEBUG1("rmtd: C %s\n", device); - rval = (offset_t)close(tape); - respond(rval, errno); - (void) kill(parent, TAPE); - (void) kill(parent, SEND); - continue; - } - if (key != 'O') /* garbage command */ - exit(3); - (void) close(tape); - getstring(device, sizeof (device)); - getstring(mode, sizeof (mode)); - DEBUG2("rmtd: O %s %s\n", device, mode); - /* - * Due to incompatibilities in the - * assignment of mode bits between - * BSD and System V, we strip all - * but the read/write bits. However, - * we also want to handle things larger - * than 2GB, so we also force O_LARGEFILE. - */ - tape = open(device, O_LARGEFILE | - (atoi(mode) & (O_RDONLY|O_WRONLY|O_RDWR))); - respond((offset_t)tape, errno); - if (tape >= 0) /* fork off */ - while (children < MAXCHILD && - (childpid[children] = fork()) > 0) - next = childpid[children++]; - if (next == parent) { - (void) kill(parent, RECV); - (void) kill(parent, TAPE); - (void) kill(parent, SEND); - } - (void) sigsuspend(&cmdmask); - continue; - } - (void) kill(next, SEND); - (void) sigsuspend(&cmdmask); - } - (void) kill(next, RECV); - return (0); -} - -static void -respond(offset_t rval, int Errno) -{ - char resp[SSIZE]; - char *errstr = strerror(Errno); - - if (rval < 0) { - (void) snprintf(resp, SSIZE, "E%d\n%s\n", Errno, errstr); - DEBUG2("rmtd: E %d (%s)\n", Errno, errstr); - } else { - (void) snprintf(resp, SSIZE, "A%lld\n", rval); - DEBUG1("rmtd: A %lld\n", rval); - } - resp[SSIZE - 1] = '\0'; - (void) write(1, resp, (int)strlen(resp)); -} - -static void -getstring(char *cp, size_t size) -{ - char *limit = cp + size - 1; - - cp--; /* nullify first increment */ - do { - cp++; - if (read(0, cp, 1) != 1) - exit(0); - } while ((*cp != '\n') && (cp < limit)); - *cp = '\0'; -} - -static void -checkbuf(size_t size) -{ - if (size <= maxrecsize) - return; - if (record != 0) - free(record); - if ((record = malloc(size)) == NULL) { - DEBUG2(gettext("%s: cannot allocate %ld-byte buffer\n"), - size, "rmtd"); - exit(4); - } - maxrecsize = size; -} diff --git a/usr/src/lib/libast/Makefile.com b/usr/src/lib/libast/Makefile.com index 5376483266..1181886440 100644 --- a/usr/src/lib/libast/Makefile.com +++ b/usr/src/lib/libast/Makefile.com @@ -591,7 +591,6 @@ OBJECTS += \ common/uwin/log__L.o \ common/uwin/rand48.o \ common/uwin/random.o \ - common/uwin/rcmd.o \ common/uwin/rint.o \ common/uwin/support.o \ common/vec/vecargs.o \ diff --git a/usr/src/lib/libast/amd64/src/lib/libast/FEATURE/uwin b/usr/src/lib/libast/amd64/src/lib/libast/FEATURE/uwin index 4364a133ab..62454b215f 100644 --- a/usr/src/lib/libast/amd64/src/lib/libast/FEATURE/uwin +++ b/usr/src/lib/libast/amd64/src/lib/libast/FEATURE/uwin @@ -6,7 +6,6 @@ #define _lib_crypt 1 /* crypt() in default lib(s) */ #define _lib_getpass 1 /* getpass() in default lib(s) */ #define _lib_random 1 /* random() in default lib(s) */ -#define _lib_rcmd 1 /* rcmd() in default lib(s) */ #define _lib_srand48 1 /* srand48() in default lib(s) */ #define _lib_logb 1 /* logb() in default lib(s) */ #define _lib_finite 1 /* finite() in default lib(s) */ diff --git a/usr/src/lib/libast/common/features/uwin b/usr/src/lib/libast/common/features/uwin index 9ff3ab078f..d4c17b8a06 100644 --- a/usr/src/lib/libast/common/features/uwin +++ b/usr/src/lib/libast/common/features/uwin @@ -1,5 +1,5 @@ lib a64l,acosh,asinh,atanh,cbrt,ceil,crypt,erf,exp,expm1,floor -lib gamma,getpass,lgamma,log,log1p,random,rcmd,rint,srand48 +lib gamma,getpass,lgamma,log,log1p,random,rint,srand48 lib copysign,logb,finite,drem,sqrt,ilogb,remainder,scalb lib _copysign,_finite,_scalb,__iob_func,_p__iob,__p__iob diff --git a/usr/src/lib/libast/common/uwin/rcmd.c b/usr/src/lib/libast/common/uwin/rcmd.c deleted file mode 100644 index 2efb82b8f3..0000000000 --- a/usr/src/lib/libast/common/uwin/rcmd.c +++ /dev/null @@ -1,571 +0,0 @@ -#include "FEATURE/uwin" - -#if !_UWIN || _lib_rcmd - -void _STUB_rcmd(){} - -#else - -/* - * Copyright (c) 1983 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)rcmd.c 5.17 (Berkeley) 6/27/88"; -#endif /* LIBC_SCCS and not lint */ - -#include "rlib.h" -#include -#include -#include -#if 1 -#define _PATH_HEQUIV "/etc/hosts.equiv" -#endif -#include - -#if NLS -#include "nl_types.h" -#endif - -#ifdef YP -#include -extern void setnetgrent(const char *); -extern void endnetgrent(void); -extern int getnetgrent(char **, char **, char **); -static char *nisdomain = NULL; -static int _checknetgrouphost(const char *, const char *, int); -static int _checknetgroupuser(const char *, const char *); -#endif - -#if defined(__EXPORT__) -#define extern __EXPORT__ -#endif - -extern int rresvport(int *alport) -{ - struct sockaddr_in sin; - int s; - - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; - s = socket(AF_INET, SOCK_STREAM, 0); - if (s < 0) - return (-1); - for (;;) { - sin.sin_port = htons((u_short)*alport); - if (bind(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0) - return (s); - if (errno != EADDRINUSE) { - (void) close(s); - return (-1); - } - (*alport)--; - if (*alport == IPPORT_RESERVED/2) { - (void) close(s); - errno = EAGAIN; /* close */ - return (-1); - } - } -} - -extern int rcmd(char **ahost, unsigned short rport, const char *locuser, const char *remuser, const char *cmd, int *fd2p) -{ - int s, timo = 1; -#ifdef F_SETOWN - pid_t pid; -#endif -#ifdef _POSIX_SOURCE - sigset_t set, oset; -#else - long oldmask; -#endif - struct sockaddr_in sin, from; - char c; - int lport = IPPORT_RESERVED - 1; - struct hostent *hp; - -#if NLS - libc_nls_init(); -#endif - -#ifdef F_SETOWN - pid = getpid(); -#endif - hp = gethostbyname(*ahost); - if (hp == 0) { -#if NLS - fprintf(stderr, "%s: %s\n", *ahost, - catgets(_libc_cat, HerrorListSet, - 2, "unknown host")); -#else - fprintf(stderr, "%s: unknown host\n", *ahost); -#endif - return (-1); - } - *ahost = hp->h_name; -#ifdef SIGURG -#ifdef _POSIX_SOURCE - sigemptyset (&set); - sigaddset (&set, SIGURG); - sigprocmask (SIG_BLOCK, &set, &oset); -#else - oldmask = sigblock(sigmask(SIGURG)); -#endif -#endif - for (;;) { - s = rresvport(&lport); - if (s < 0) { - if (errno == EAGAIN) -#if NLS - fprintf(stderr, "socket: %s\n", - catgets(_libc_cat, NetMiscSet, - NetMiscAllPortsInUse, - "All ports in use")); -#else - fprintf(stderr, "socket: All ports in use\n"); -#endif - else -#if NLS - perror(catgets(_libc_cat, NetMiscSet, - NetMiscRcmdSocket, - "rcmd: socket")); -#else -perror("rcmd: socket"); -#endif -#ifdef SIGURG -#ifdef _POSIX_SOURCE -sigprocmask (SIG_SETMASK, &oset, -(sigset_t *)NULL); -#else -sigsetmask(oldmask); -#endif -#endif -return (-1); - } -#ifdef F_SETOWN - fcntl(s, F_SETOWN, pid); -#endif - sin.sin_family = hp->h_addrtype; - bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr, hp->h_length); - sin.sin_port = rport; - if (connect(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0) - break; - (void) close(s); - if (errno == EADDRINUSE) { - lport--; - continue; - } - if (errno == ECONNREFUSED && timo <= 16) { - sleep(timo); - timo *= 2; - continue; - } - if (hp->h_addr_list[1] != NULL) { - int oerrno = errno; - - fprintf(stderr, -#if NLS - "%s %s: ", catgets(_libc_cat, NetMiscSet, - NetMiscAllPortsInUse, - "connect to address"), - inet_ntoa(sin.sin_addr)); - -#else - - "connect to address %s: ", inet_ntoa(sin.sin_addr)); -#endif - errno = oerrno; - perror(0); - hp->h_addr_list++; - bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr, - hp->h_length); - -#if NLS - fprintf(stderr, catgets(_libc_cat, NetMiscSet, - NetMiscTrying, - "Trying %s...\n"), -#else - fprintf(stderr, "Trying %s...\n", -#endif - inet_ntoa(sin.sin_addr)); - continue; - } - perror(hp->h_name); -#ifdef SIGURG -#ifdef _POSIX_SOURCE - sigprocmask (SIG_SETMASK, &oset, (sigset_t *)NULL); -#else - sigsetmask(oldmask); -#endif -#endif - return (-1); - } - lport--; - if (fd2p == 0) { - write(s, "", 1); - lport = 0; - } else { - char num[8]; - int s2 = rresvport(&lport), s3; - int len = sizeof (from); - - if (s2 < 0) - goto bad; - listen(s2, 1); - (void) snprintf(num, sizeof(num), "%d", lport); - if (write(s, num, strlen(num)+1) != strlen(num)+1) { -#if NLS - perror(catgets(_libc_cat, NetMiscSet, - NetMiscSettingUpStderr, - "write: setting up stderr")); -#else - perror("write: setting up stderr"); -#endif - (void) close(s2); - goto bad; - } - s3 = accept(s2, (struct sockaddr *)&from, &len); - (void) close(s2); - if (s3 < 0) { -#if NLS - perror(catgets(_libc_cat, NetMiscSet, - NetMiscAccept, - "accept")); -#else - perror("accept"); -#endif - lport = 0; - goto bad; - } - *fd2p = s3; - from.sin_port = ntohs((u_short)from.sin_port); - if (from.sin_family != AF_INET || - from.sin_port >= IPPORT_RESERVED) { - fprintf(stderr, -#if NLS - "%s\n", - catgets(_libc_cat, NetMiscSet, - NetMiscProtocolFailure, - "socket: protocol failure in circuit setup.")); -#else - "socket: protocol failure in circuit setup.\n"); -#endif - goto bad2; - } - } - (void) write(s, locuser, strlen(locuser)+1); - (void) write(s, remuser, strlen(remuser)+1); - (void) write(s, cmd, strlen(cmd)+1); - if (read(s, &c, 1) != 1) { - perror(*ahost); - goto bad2; - } - if (c != 0) { - while (read(s, &c, 1) == 1) { - (void) write(2, &c, 1); - if (c == '\n') - break; - } - goto bad2; - } -#ifdef SIGURG -#ifdef _POSIX_SOURCE - sigprocmask (SIG_SETMASK, &oset, (sigset_t *)NULL); -#else - sigsetmask(oldmask); -#endif -#endif - return (s); -bad2: - if (lport) - (void) close(*fd2p); -bad: - (void) close(s); -#ifdef SIGURG -#ifdef _POSIX_SOURCE - sigprocmask (SIG_SETMASK, &oset, (sigset_t *)NULL); -#else - sigsetmask(oldmask); -#endif -#endif - return (-1); -} - -extern int ruserok(const char *rhost, int superuser, const char *ruser, const char *luser) -{ - FILE *hostf; - char fhost[MAXHOSTNAMELEN]; - int first = 1; - register const char *sp; - register char *p; - int baselen = -1; - uid_t saveuid; - - saveuid = geteuid(); - sp = rhost; - p = fhost; - while (*sp) { - if (*sp == '.') { - if (baselen == -1) - baselen = sp - rhost; - *p++ = *sp++; - } else { - *p++ = isupper(*sp) ? tolower(*sp++) : *sp++; - } - } - *p = '\0'; - hostf = superuser ? (FILE *)0 : fopen(_PATH_HEQUIV, "r"); -again: - if (hostf) { - if (!_validuser(hostf, fhost, luser, ruser, baselen)) { - (void) fclose(hostf); - seteuid(saveuid); - return(0); - } - (void) fclose(hostf); - } - if (first == 1) { - struct stat sbuf; - struct passwd *pwd; - char pbuf[MAXPATHLEN]; - - first = 0; - if ((pwd = getpwnam(luser)) == NULL) - return(-1); - (void)strcpy(pbuf, pwd->pw_dir); - (void)strcat(pbuf, "/.rhosts"); - (void)seteuid(pwd->pw_uid); - if ((hostf = fopen(pbuf, "r")) == NULL) { - seteuid(saveuid); - return(-1); - } - (void)fstat(fileno(hostf), &sbuf); - if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) { - fclose(hostf); - seteuid(saveuid); - return(-1); - } - goto again; - } - seteuid(saveuid); - return (-1); -} - -int -_validuser(FILE *hostf, const char *rhost, const char *luser, -const char *ruser, int baselen) -{ - char *user; - char ahost[MAXHOSTNAMELEN]; - register char *p; - int hostvalid = 0; - int uservalid = 0; - - while (fgets(ahost, sizeof (ahost), hostf)) { - /* We need to get rid of all comments. */ - p = strchr (ahost, '#'); - if (p) *p = '\0'; - p = ahost; - while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { - *p = isupper(*p) ? tolower(*p) : *p; - p++; - } - if (*p == ' ' || *p == '\t') { - *p++ = '\0'; - while (*p == ' ' || *p == '\t') - p++; - user = p; - while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') - p++; - } else - user = p; - *p = '\0'; - /* Adding new authentication -Nilendu */ - - /* enable all host for + entry */ - if ('+' == ahost[0] && '\0' == ahost[1] ) - hostvalid = 1; - - /* enable all user for + entry */ - if ('+' == user[0] && '\0' == user[1] ) - uservalid = 1; - - /* disable all host for - entry */ - if ('-' == ahost[0] && '\0' == ahost[1] ) - hostvalid = 0; - - /* disable all user for - entry */ - if ('-' == user[0] && '\0' == user[1] ) - uservalid = 0; - - -#ifdef YP - /* disable host from -hostname entry */ - if ('-' == ahost[0] && '@' != ahost[1] - && _checkhost(rhost, &ahost[1], baselen)) - return -1; - /* disable host from -@netgroup entry for host */ - if ('-' == ahost[0] && '@' == ahost[1] && '\0' != ahost[2] - && _checknetgrouphost(rhost, &ahost[2], baselen)) - return -1; - /* disable user from -user entry */ - if ('\0' != *user && user[0] == '-' && user[1] != '@' - && !strcmp(&user[1], ruser)) - return -1; - /* disable user from -@netgroup entry for user */ - if ('\0' != *user && user[0] == '-' && user[1] == '@' - && user[2] != '\0' && _checknetgroupuser(ruser, &user[2])) - return -1; - /* enable host from +@netgroup entry for host */ - if ('+' == ahost[0] && '@' == ahost[1] && '\0' != ahost[2]) - hostvalid = _checknetgrouphost(rhost, &ahost[2], baselen); - else - hostvalid = _checkhost(rhost, ahost, baselen); - /* enable user from +@netgroup entry for user */ - if ('\0' != *user && user[0] == '+' - && user[1] == '@' && user[2] != '\0') - uservalid = _checknetgroupuser(ruser, &user[2]); - else - uservalid = !strcmp(ruser, *user ? user : luser); - - if (hostvalid && uservalid) - return 0; -#else - hostvalid = hostvalid ? 1 : _checkhost(rhost, ahost, baselen); - uservalid = uservalid ? 1 : !stricmp(ruser,*user ? user : luser); - if (hostvalid && uservalid) - return 0; - -#endif /* YP */ - hostvalid = uservalid = 0; - } - return (-1); -} - -int -_checkhost(const char *rhost, const char *lhost, int len) -{ - static char ldomain[MAXHOSTNAMELEN + 1]; - static char *domainp = NULL; - static int nodomain = 0; - register char *cp; - - if (len == -1) - return(!strcmp(rhost, lhost)); - if (strncmp(rhost, lhost, len)) - return(0); - if (!strcmp(rhost, lhost)) - return(1); - if (*(lhost + len) != '\0') - return(0); - if (nodomain) - return(0); - if (!domainp) { - if (gethostname(ldomain, sizeof(ldomain)) == -1) { - nodomain = 1; - return(0); - } - ldomain[MAXHOSTNAMELEN] = '\0'; - if ((domainp = index(ldomain, '.')) == NULL) { - nodomain = 1; - return(0); - } - for (cp = ++domainp; *cp; ++cp) - if (isupper(*cp)) - *cp = tolower(*cp); - } - return(!strcmp(domainp, rhost + len +1)); -} - -#ifdef YP -static int -_checknetgrouphost(const char *rhost, const char *netgr, int baselen) -{ - char *host, *user, *domain; - int status; - - if (NULL == nisdomain) - yp_get_default_domain(&nisdomain); - - setnetgrent(netgr); - while (1) - { - while (1 == (status = getnetgrent(&host, &user, &domain)) - && NULL == host - && NULL != domain - && 0 != strcmp(domain, nisdomain)) - ; /* find valid host entry */ - - if (0 == status || NULL == host) - { - endnetgrent(); - return 0; - } - - if(1 == _checkhost(rhost, host, baselen)) - { - endnetgrent(); - return 1; - } - } -} - -static int -_checknetgroupuser(const char *ruser, const char *netgr) -{ - char *host, *user, *domain; - int status; - - if (NULL == nisdomain) - yp_get_default_domain(&nisdomain); - - setnetgrent(netgr); - while (1) - { - while (1 == (status = getnetgrent(&host, &user, &domain)) - && NULL == user - && NULL != domain - && 0 != strcmp(domain, nisdomain)) - ; /* find valid user entry */ - - if (0 == status || NULL == user) - { - endnetgrent(); - return 0; - } - - if(0 == strcmp(ruser, user)) - { - endnetgrent(); - return 1; - } - } -} -#endif /* YP */ - -#endif diff --git a/usr/src/lib/libast/i386/src/lib/libast/FEATURE/uwin b/usr/src/lib/libast/i386/src/lib/libast/FEATURE/uwin index 521f137e48..58ee66160a 100644 --- a/usr/src/lib/libast/i386/src/lib/libast/FEATURE/uwin +++ b/usr/src/lib/libast/i386/src/lib/libast/FEATURE/uwin @@ -6,7 +6,6 @@ #define _lib_crypt 1 /* crypt() in default lib(s) */ #define _lib_getpass 1 /* getpass() in default lib(s) */ #define _lib_random 1 /* random() in default lib(s) */ -#define _lib_rcmd 1 /* rcmd() in default lib(s) */ #define _lib_srand48 1 /* srand48() in default lib(s) */ #define _lib_logb 1 /* logb() in default lib(s) */ #define _lib_finite 1 /* finite() in default lib(s) */ diff --git a/usr/src/lib/libast/sparc/src/lib/libast/FEATURE/uwin b/usr/src/lib/libast/sparc/src/lib/libast/FEATURE/uwin index 1ca4ebb903..7bd2fde7e8 100644 --- a/usr/src/lib/libast/sparc/src/lib/libast/FEATURE/uwin +++ b/usr/src/lib/libast/sparc/src/lib/libast/FEATURE/uwin @@ -6,7 +6,6 @@ #define _lib_crypt 1 /* crypt() in default lib(s) */ #define _lib_getpass 1 /* getpass() in default lib(s) */ #define _lib_random 1 /* random() in default lib(s) */ -#define _lib_rcmd 1 /* rcmd() in default lib(s) */ #define _lib_srand48 1 /* srand48() in default lib(s) */ #define _lib_logb 1 /* logb() in default lib(s) */ #define _lib_finite 1 /* finite() in default lib(s) */ diff --git a/usr/src/lib/libast/sparcv9/src/lib/libast/FEATURE/uwin b/usr/src/lib/libast/sparcv9/src/lib/libast/FEATURE/uwin index e87d2d4513..f2e5cb1d16 100644 --- a/usr/src/lib/libast/sparcv9/src/lib/libast/FEATURE/uwin +++ b/usr/src/lib/libast/sparcv9/src/lib/libast/FEATURE/uwin @@ -6,7 +6,6 @@ #define _lib_crypt 1 /* crypt() in default lib(s) */ #define _lib_getpass 1 /* getpass() in default lib(s) */ #define _lib_random 1 /* random() in default lib(s) */ -#define _lib_rcmd 1 /* rcmd() in default lib(s) */ #define _lib_srand48 1 /* srand48() in default lib(s) */ #define _lib_logb 1 /* logb() in default lib(s) */ #define _lib_finite 1 /* finite() in default lib(s) */ diff --git a/usr/src/lib/libbsm/Makefile.com b/usr/src/lib/libbsm/Makefile.com index 609b76aec0..63f9db8851 100644 --- a/usr/src/lib/libbsm/Makefile.com +++ b/usr/src/lib/libbsm/Makefile.com @@ -47,9 +47,6 @@ OBJECTS= adr.o \ audit_mountd.o \ audit_plugin.o \ audit_reboot.o \ - audit_rexd.o \ - audit_rexecd.o \ - audit_rshd.o \ audit_scf.o \ audit_settid.o \ audit_shutdown.o \ diff --git a/usr/src/lib/libbsm/audit_event.txt b/usr/src/lib/libbsm/audit_event.txt index 9c685edd59..e7f46e4bb7 100644 --- a/usr/src/lib/libbsm/audit_event.txt +++ b/usr/src/lib/libbsm/audit_event.txt @@ -374,16 +374,12 @@ 6152:AUE_login:login - local:lo 6153:AUE_logout:logout:lo 6154:AUE_telnet:login - telnet:lo -6155:AUE_rlogin:login - rlogin:lo 6156:AUE_mountd_mount:mount:na 6157:AUE_mountd_umount:unmount:na -6158:AUE_rshd:rsh access:lo 6159:AUE_su:su:lo 6160:AUE_halt_solaris:halt(1m):ss 6161:AUE_reboot_solaris:reboot(1m):ss -6162:AUE_rexecd:rexecd:lo 6163:AUE_passwd:passwd:lo -6164:AUE_rexd:rexd:lo 6165:AUE_ftpd:ftp access:lo 6166:AUE_init_solaris:init(1m):ss 6167:AUE_uadmin_solaris:uadmin(1m):no diff --git a/usr/src/lib/libbsm/common/adt.xml b/usr/src/lib/libbsm/common/adt.xml index 8292b3893b..0a65f76cb8 100644 --- a/usr/src/lib/libbsm/common/adt.xml +++ b/usr/src/lib/libbsm/common/adt.xml @@ -622,12 +622,6 @@ Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. login(1) dtlogin - - rlogin - /usr/sbin/login - login(1) - rlogin - telnet login diff --git a/usr/src/lib/libbsm/common/audit_private.h b/usr/src/lib/libbsm/common/audit_private.h index 90a15d376a..6860e06cc5 100644 --- a/usr/src/lib/libbsm/common/audit_private.h +++ b/usr/src/lib/libbsm/common/audit_private.h @@ -47,11 +47,7 @@ extern "C" { /* * audit_settid.c * interface users - * rexecd - * rlogind - * rshd * telnetd - * rexd */ extern int audit_settid(int); @@ -79,24 +75,6 @@ extern void audit_ftpd_unknown(char *uname); extern void audit_ftpd_logout(void); /* - * audit_rexecd.c - * interface user - * rexecd - */ -extern void audit_rexecd_setup(void); -extern void audit_rexecd_success(char *, char *, char *); -extern void audit_rexecd_fail(char *, char *, char *, char *); - -/* - * audit_rshd.c - * interface user - * rshd - */ -extern int audit_rshd_setup(void); -extern int audit_rshd_success(char *, char *, char *, char *); -extern int audit_rshd_fail(char *, char *, char *, char *, char *); - -/* * audit_at.c * interface users * atrm @@ -168,17 +146,6 @@ extern int audit_reboot_setup(void); extern int audit_reboot_success(void); extern int audit_reboot_fail(void); -/* - * audit_rexd.c - * interface users - * rpc.rexd - */ -extern void audit_rexd_fail(char *, char *, char *, uid_t, gid_t, - char *, char **); -extern void audit_rexd_success(char *, char *, uid_t, gid_t, - char *, char **); -extern void audit_rexd_setup(void); - #ifdef __cplusplus } #endif diff --git a/usr/src/lib/libbsm/common/audit_rexd.c b/usr/src/lib/libbsm/common/audit_rexd.c deleted file mode 100644 index 41251f916b..0000000000 --- a/usr/src/lib/libbsm/common/audit_rexd.c +++ /dev/null @@ -1,377 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "generic.h" - -#ifdef C2_DEBUG -#define dprintf(x) { (void) printf x; } -#else -#define dprintf(x) -#endif - -#define UNKNOWN_CMD "???" - -static au_event_t event; -static int audit_rexd_status = 0; - -static char * -build_cmd(char **cmd) -{ - int i, l; - char *r; - - if (cmd == NULL) - return (NULL); - /* count the total length of command line */ - for (i = 0, l = 0; cmd[i] != NULL; i++) - l += strlen(cmd[i]) + 1; - - if (l == 0) - return (NULL); - r = malloc(l); - if (r != NULL) { - for (i = 0; cmd[i] != NULL; i++) { - (void) strcat(r, cmd[i]); - if (cmd[i + 1] != NULL) - (void) strcat(r, " "); - } - } - return (r); -} - -static int -selected(uid, user, event, sf) -uid_t uid; -char *user; -au_event_t event; -int sf; -{ - int sorf; - struct au_mask mask; - - mask.am_success = mask.am_failure = 0; - if (uid > MAXEPHUID) { - /* get non-attrib flags */ - (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)); - } else { - (void) au_user_mask(user, &mask); - } - - if (sf == 0) { - sorf = AU_PRS_SUCCESS; - } else if (sf == -1) { - sorf = AU_PRS_FAILURE; - } else { - sorf = AU_PRS_BOTH; - } - - return (au_preselect(event, &mask, sorf, AU_PRS_REREAD)); -} - -void -audit_rexd_setup() -{ - dprintf(("audit_rexd_setup()\n")); - - event = AUE_rexd; -} - -/* ARGSUSED */ -static void -audit_rexd_session_setup(char *name, char *mach, uid_t uid) -{ - int rc; - au_mask_t mask; - struct auditinfo_addr info; - - if (getaudit_addr(&info, sizeof (info)) < 0) { - perror("getaudit_addr"); - exit(1); - } - - info.ai_auid = uid; - info.ai_asid = getpid(); - - mask.am_success = 0; - mask.am_failure = 0; - - (void) au_user_mask(name, &mask); - - info.ai_mask.am_success = mask.am_success; - info.ai_mask.am_failure = mask.am_failure; - - rc = setaudit_addr(&info, sizeof (info)); - if (rc < 0) { - perror("setaudit_addr"); - } -} - -void -audit_rexd_fail(msg, hostname, user, uid, gid, shell, cmd) - char *msg; /* message containing failure information */ - char *hostname; /* hostname of machine requesting service */ - char *user; /* username of user requesting service */ - uid_t uid; /* user id of user requesting service */ - gid_t gid; /* group of user requesting service */ - char *shell; /* login shell of user requesting service */ - char **cmd; /* argv to be executed locally */ -{ - int rd; /* audit record descriptor */ - char buf[256]; /* temporary buffer */ - char *tbuf; /* temporary buffer */ - int tlen; - const char *gtxt; /* gettext return value */ - pid_t pid; - char *cmdbuf; - char *audit_cmd[2] = {NULL, NULL}; - int dont_free = 0; - struct auditinfo_addr info; - - dprintf(("audit_rexd_fail()\n")); - - /* - * check if audit_rexd_fail() or audit_rexd_success() - * have been called already. - */ - if (audit_rexd_status == 1) { - return; - } - - if (cannot_audit(0)) { - return; - } - - /* - * set status to prevent multiple calls - * to audit_rexd_fail() and audit_rexd_success() - */ - audit_rexd_status = 1; - - /* determine if we're preselected */ - if (!selected(uid, user, event, -1)) - return; - - pid = getpid(); - - if (getaudit_addr(&info, sizeof (info)) < 0) { - perror("getaudit_addr"); - exit(1); - } - - rd = au_open(); - - /* add subject token */ - (void) au_write(rd, - au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, - &info.ai_termid)); - /* add reason for failure */ - (void) au_write(rd, au_to_text(msg)); - - /* add hostname of machine requesting service */ - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "Remote execution requested by: %s"), hostname); - (void) au_write(rd, au_to_text(buf)); - - /* add username of user requesting service */ - if (user == NULL) - user = "???"; - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "Username: %s"), user); - (void) au_write(rd, au_to_text(buf)); - - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "User id: %d"), uid); - (void) au_write(rd, au_to_text(buf)); - - if (cmd == NULL) { - audit_cmd[0] = shell; - cmd = audit_cmd; - } - - cmdbuf = build_cmd(cmd); - if (cmdbuf == NULL) { - cmdbuf = UNKNOWN_CMD; - dont_free = 1; - } - - gtxt = dgettext(bsm_dom, "Command line: %s"); - /* over estimate of size of buffer needed (%s is replaced) */ - tlen = strlen(cmdbuf) + strlen(gtxt) + 1; - - if ((tbuf = malloc(tlen)) == NULL) { - (void) au_close(rd, 0, 0); - return; - } - (void) snprintf(tbuf, tlen, gtxt, cmdbuf); - (void) au_write(rd, au_to_text(tbuf)); - (void) free(tbuf); - if (!dont_free) - (void) free(cmdbuf); - - /* add return token */ -#ifdef _LP64 - (void) au_write(rd, au_to_return64(-1, (int64_t)0)); -#else - (void) au_write(rd, au_to_return32(-1, (int32_t)0)); -#endif - - /* write audit record */ - if (au_close(rd, 1, event) < 0) { - (void) au_close(rd, 0, 0); - return; - } -} - -void -audit_rexd_success(hostname, user, uid, gid, shell, cmd) -char *hostname; /* hostname of machine requesting service */ -char *user; /* username of user requesting service, may be NULL */ -uid_t uid; /* user id of user requesting service */ -gid_t gid; /* group of user requesting service */ -char *shell; /* login shell of user requesting service */ -char **cmd; /* argv to be executed locally, may be NULL */ -{ - int rd; /* audit record descriptor */ - char buf[256]; /* temporary buffer */ - char *tbuf; /* temporary buffer */ - int tlen; - const char *gtxt; - pid_t pid; - char *cmdbuf; - char *audit_cmd[2] = {NULL, NULL}; - int dont_free = 0; - struct auditinfo_addr info; - char *empty = ""; - - dprintf(("audit_rexd_success()\n")); - - /* - * check if audit_rexd_fail() or audit_rexd_success() - * have been called already. - */ - if (audit_rexd_status == 1) { - return; - } - - if (cannot_audit(0)) { - return; - } - - /* a little bullet proofing... */ - - if (hostname == NULL) - hostname = empty; - if (shell == NULL) - shell = empty; - - /* - * set status to prevent multiple calls - * to audit_rexd_fail() and audit_rexd_success() - */ - audit_rexd_status = 1; - - /* determine if we're preselected */ - if (!selected(uid, user, event, 0)) - goto rexd_audit_session; - - pid = getpid(); - - if (getaudit_addr(&info, sizeof (info)) < 0) { - perror("getaudit_addr"); - exit(1); - } - - rd = au_open(); - - /* add subject token */ - (void) au_write(rd, - au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, - &info.ai_termid)); - /* add hostname of machine requesting service */ - - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "Remote execution requested by: %s"), hostname); - (void) au_write(rd, au_to_text(buf)); - - /* add username at machine requesting service */ - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "Username: %s"), user); - (void) au_write(rd, au_to_text(buf)); - - if (cmd == NULL) { - audit_cmd[0] = shell; - cmd = audit_cmd; - } - - cmdbuf = build_cmd(cmd); - if (cmdbuf == NULL) { - cmdbuf = UNKNOWN_CMD; - dont_free = 1; - } - - gtxt = dgettext(bsm_dom, "Command line: %s"); - tlen = strlen(cmdbuf) + strlen(gtxt) + 1; - - if ((tbuf = malloc(tlen)) == NULL) { - (void) au_close(rd, 0, 0); - goto rexd_audit_session; - } - - (void) snprintf(tbuf, tlen, gtxt, cmdbuf); - (void) au_write(rd, au_to_text(tbuf)); - (void) free(tbuf); - if (!dont_free) - (void) free(cmdbuf); - - /* add return token */ -#ifdef _LP64 - (void) au_write(rd, au_to_return64(0, (int64_t)0)); -#else - (void) au_write(rd, au_to_return32(0, (int32_t)0)); -#endif - - /* write audit record */ - if (au_close(rd, 1, event) < 0) { - (void) au_close(rd, 0, 0); - } - -rexd_audit_session: - audit_rexd_session_setup(user, hostname, uid); -} diff --git a/usr/src/lib/libbsm/common/audit_rexecd.c b/usr/src/lib/libbsm/common/audit_rexecd.c deleted file mode 100644 index f040c297dc..0000000000 --- a/usr/src/lib/libbsm/common/audit_rexecd.c +++ /dev/null @@ -1,341 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "generic.h" - -#ifdef C2_DEBUG -#define dprintf(x) { (void) printf x; } -#else -#define dprintf(x) -#endif - -static au_event_t event; -static int audit_rexecd_status = 0; - -static int -selected(uid, user, event, sf) -uid_t uid; -char *user; -au_event_t event; -int sf; -{ - int sorf; - struct au_mask mask; - - mask.am_success = mask.am_failure = 0; - if (uid > MAXEPHUID) { - /* get non-attrib flags */ - (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)); - } else { - (void) au_user_mask(user, &mask); - } - - if (sf == 0) { - sorf = AU_PRS_SUCCESS; - } else if (sf == -1) { - sorf = AU_PRS_FAILURE; - } else { - sorf = AU_PRS_BOTH; - } - - return (au_preselect(event, &mask, sorf, AU_PRS_REREAD)); -} - -void -audit_rexecd_setup() -{ - dprintf(("audit_rexecd_setup()\n")); - - event = AUE_rexecd; -} - - -static void -audit_rexecd_session_setup(char *name, char *mach, uid_t uid) -{ - int rc; - au_mask_t mask; - struct auditinfo_addr info; - uint32_t addr[4], type; - - info.ai_auid = uid; - info.ai_asid = getpid(); - - mask.am_success = 0; - mask.am_failure = 0; - - (void) au_user_mask(name, &mask); - - info.ai_mask.am_success = mask.am_success; - info.ai_mask.am_failure = mask.am_failure; - - rc = aug_get_machine(mach, addr, &type); - if (rc < 0) { - perror("get address"); - } - info.ai_termid.at_port = aug_get_port(); - info.ai_termid.at_type = type; - info.ai_termid.at_addr[0] = addr[0]; - info.ai_termid.at_addr[1] = addr[1]; - info.ai_termid.at_addr[2] = addr[2]; - info.ai_termid.at_addr[3] = addr[3]; - - rc = setaudit_addr(&info, sizeof (info)); - if (rc < 0) { - perror("setaudit"); - } -} - -void -audit_rexecd_fail(msg, hostname, user, cmdbuf) -char *msg; /* message containing failure information */ -char *hostname; /* hostname of machine requesting service */ -char *user; /* username of user requesting service */ -char *cmdbuf; /* command line to be executed locally */ -{ - int rd; /* audit record descriptor */ - char buf[256]; /* temporary buffer */ - char *tbuf; /* temporary buffer */ - int tlen; - const char *gtxt; - uid_t uid; - gid_t gid; - pid_t pid; - au_tid_addr_t tid; - struct passwd *pwd; - uint32_t addr[4], type; - int rc; - - dprintf(("audit_rexecd_fail()\n")); - - /* - * check if audit_rexecd_fail() or audit_rexecd_success() - * have been called already. - */ - if (audit_rexecd_status == 1) { - return; - } - - if (cannot_audit(0)) { - return; - } - - /* - * set status to prevent multiple calls - * to audit_rexecd_fail() and audit_rexecd_success() - */ - audit_rexecd_status = 1; - - pwd = getpwnam(user); - if (pwd == NULL) { - uid = (uid_t)-1; - gid = (gid_t)-1; - } else { - uid = pwd->pw_uid; - gid = pwd->pw_gid; - } - - /* determine if we're preselected */ - if (!selected(uid, user, event, -1)) - return; - - pid = getpid(); - rc = aug_get_machine(hostname, addr, &type); - if (rc < 0) { - perror("get address"); - } - - tid.at_port = aug_get_port(); - tid.at_addr[0] = addr[0]; - tid.at_addr[1] = addr[1]; - tid.at_addr[2] = addr[2]; - tid.at_addr[3] = addr[3]; - tid.at_type = type; - - rd = au_open(); - - /* add subject token */ - (void) au_write(rd, - au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, &tid)); - - /* add reason for failure */ - (void) au_write(rd, au_to_text(msg)); - - /* add hostname of machine requesting service */ - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "Remote execution requested by: %s"), hostname); - (void) au_write(rd, au_to_text(buf)); - - /* add username of user requesting service */ - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "Username: %s"), user); - (void) au_write(rd, au_to_text(buf)); - - /* add command line to be executed locally */ - gtxt = dgettext(bsm_dom, "Command line: %s"); - tlen = strlen(gtxt) + strlen(cmdbuf) + 1; - if ((tbuf = malloc(tlen)) == NULL) { - (void) au_close(rd, 0, 0); - return; - } - (void) snprintf(tbuf, tlen, gtxt, cmdbuf); - (void) au_write(rd, au_to_text(tbuf)); - (void) free(tbuf); - - /* add return token */ -#ifdef _LP64 - (void) au_write(rd, au_to_return64(-1, (int64_t)0)); -#else - (void) au_write(rd, au_to_return32(-1, (int32_t)0)); -#endif - - /* write audit record */ - if (au_close(rd, 1, event) < 0) { - (void) au_close(rd, 0, 0); - return; - } -} - -void -audit_rexecd_success(hostname, user, cmdbuf) -char *hostname; /* hostname of machine requesting service */ -char *user; /* username of user requesting service */ -char *cmdbuf; /* command line to be executed locally */ -{ - int rd; /* audit record descriptor */ - char buf[256]; /* temporary buffer */ - char *tbuf; /* temporary buffer */ - int tlen; - const char *gtxt; - uid_t uid; - gid_t gid; - pid_t pid; - au_tid_addr_t tid; - struct passwd *pwd; - uint32_t addr[4], type; - int rc; - - dprintf(("audit_rexecd_success()\n")); - - /* - * check if audit_rexecd_fail() or audit_rexecd_success() - * have been called already. - */ - if (audit_rexecd_status == 1) { - return; - } - - if (cannot_audit(0)) { - return; - } - - /* - * set status to prevent multiple calls - * to audit_rexecd_fail() and audit_rexecd_success() - */ - audit_rexecd_status = 1; - - pwd = getpwnam(user); - if (pwd == NULL) { - uid = (uid_t)-1; - gid = (gid_t)-1; - } else { - uid = pwd->pw_uid; - gid = pwd->pw_gid; - } - - /* determine if we're preselected */ - if (!selected(uid, user, event, 0)) - goto rexecd_audit_session; - - pid = getpid(); - rc = aug_get_machine(hostname, addr, &type); - if (rc < 0) { - perror("get address"); - } - - tid.at_port = aug_get_port(); - tid.at_addr[0] = addr[0]; - tid.at_addr[1] = addr[1]; - tid.at_addr[2] = addr[2]; - tid.at_addr[3] = addr[3]; - tid.at_type = type; - - rd = au_open(); - - /* add subject token */ - (void) au_write(rd, - au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, &tid)); - - /* add hostname of machine requesting service */ - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "Remote execution requested by: %s"), hostname); - (void) au_write(rd, au_to_text(buf)); - - /* add username at machine requesting service */ - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "Username: %s"), user); - (void) au_write(rd, au_to_text(buf)); - - /* add command line to be executed locally */ - gtxt = dgettext(bsm_dom, "Command line: %s"); - tlen = strlen(gtxt) + strlen(cmdbuf) + 1; - if ((tbuf = malloc(tlen)) == NULL) { - (void) au_close(rd, 0, 0); - } else { - (void) snprintf(tbuf, tlen, gtxt, cmdbuf); - (void) au_write(rd, au_to_text(tbuf)); - (void) free(tbuf); - - /* add return token */ -#ifdef _LP64 - (void) au_write(rd, au_to_return64(0, (int64_t)0)); -#else - (void) au_write(rd, au_to_return32(0, (int32_t)0)); -#endif - - /* write audit record */ - if (au_close(rd, 1, event) < 0) { - (void) au_close(rd, 0, 0); - } - } - -rexecd_audit_session: - audit_rexecd_session_setup(user, hostname, uid); -} diff --git a/usr/src/lib/libbsm/common/audit_rshd.c b/usr/src/lib/libbsm/common/audit_rshd.c deleted file mode 100644 index 6b61e3500b..0000000000 --- a/usr/src/lib/libbsm/common/audit_rshd.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static au_event_t rshd_event; /* audit event number */ -static uint32_t rshd_addr[4]; /* peer address */ - -static void generate_record(char *, char *, char *, int, char *); -static void setup_session(char *); -static int selected(uid_t, char *, au_event_t, int); - -int -audit_rshd_setup() -{ - rshd_event = AUE_rshd; - return (0); -} - -/* ARGSUSED */ -int -audit_rshd_fail(msg, hostname, remuser, locuser, cmdbuf) -char *msg; /* message containing failure information */ -char *hostname; /* hostname of machine requesting service */ -char *remuser; /* username at machine requesting service */ -char *locuser; /* username of local machine */ -char *cmdbuf; /* command line to be executed locally */ -{ - if (cannot_audit(0)) { - return (0); - } - generate_record(remuser, locuser, cmdbuf, -1, msg); - return (0); -} - -/* ARGSUSED */ -int -audit_rshd_success(hostname, remuser, locuser, cmdbuf) -char *hostname; /* hostname of machine requesting service */ -char *remuser; /* username at machine requesting service */ -char *locuser; /* username at local machine */ -char *cmdbuf; /* command line to be executed locally */ -{ - if (cannot_audit(0)) { - return (0); - } - generate_record(remuser, locuser, cmdbuf, 0, ""); - setup_session(locuser); - return (0); -} - - -#include - -static void -generate_record(char *remuser, /* username at machine requesting service */ - char *locuser, /* username of local machine */ - char *cmdbuf, /* command line to be executed locally */ - int sf_flag, /* success (0) or failure (-1) flag */ - char *msg) /* message containing failure information */ -{ - int rd; /* audit record descriptor */ - char buf[256]; /* temporary buffer */ - char *tbuf; /* temporary buffer */ - int tlen; - const char *gtxt; - uid_t uid; - gid_t gid; - pid_t pid; - struct passwd *pwd; - struct auditinfo_addr info; - - if (cannot_audit(0)) { - return; - } - - pwd = getpwnam(locuser); - if (pwd == NULL) { - uid = (uid_t)-1; - gid = (gid_t)-1; - } else { - uid = pwd->pw_uid; - gid = pwd->pw_gid; - } - - if (!selected(uid, locuser, rshd_event, sf_flag)) - return; - - pid = getpid(); - - /* see if terminal id already set */ - if (getaudit_addr(&info, sizeof (info)) < 0) { - perror("getaudit"); - } - rd = au_open(); - - (void) au_write(rd, au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, - &info.ai_termid)); - - gtxt = dgettext(bsm_dom, "cmd %s"); - tlen = strlen(gtxt) + strlen(cmdbuf) + 1; - if ((tbuf = malloc(tlen)) == NULL) { - (void) au_close(rd, 0, 0); - return; - } - (void) snprintf(tbuf, tlen, gtxt, cmdbuf); - (void) au_write(rd, au_to_text(tbuf)); - (void) free(tbuf); - - if (strcmp(remuser, locuser) != 0) { - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "remote user %s"), remuser); - (void) au_write(rd, au_to_text(buf)); - } - - if (sf_flag == -1) { - (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, - "local user %s"), locuser); - (void) au_write(rd, au_to_text(buf)); - (void) au_write(rd, au_to_text(msg)); - } - -#ifdef _LP64 - (void) au_write(rd, au_to_return64(sf_flag, (int64_t)0)); -#else - (void) au_write(rd, au_to_return32(sf_flag, (int32_t)0)); -#endif - - if (au_close(rd, 1, rshd_event) < 0) { - (void) au_close(rd, 0, 0); - } -} - -static int -selected(uid_t uid, char *locuser, au_event_t event, int sf) -{ - int sorf; - struct au_mask mask; - - mask.am_success = mask.am_failure = 0; - if (uid > MAXEPHUID) { - /* get non-attrib flags */ - (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)); - } else { - (void) au_user_mask(locuser, &mask); - } - - if (sf == 0) { - sorf = AU_PRS_SUCCESS; - } else if (sf == -1) { - sorf = AU_PRS_FAILURE; - } else { - sorf = AU_PRS_BOTH; - } - - return (au_preselect(event, &mask, sorf, AU_PRS_REREAD)); -} - -static void -setup_session(char *locuser) -{ - int rc; - struct auditinfo_addr info; - au_mask_t mask; - uid_t uid; - struct passwd *pwd; - - pwd = getpwnam(locuser); - if (pwd == NULL) - uid = (uid_t)-1; - else - uid = pwd->pw_uid; - - /* see if terminal id already set */ - if (getaudit_addr(&info, sizeof (info)) < 0) { - perror("getaudit"); - } - - info.ai_auid = uid; - info.ai_asid = getpid(); - - mask.am_success = 0; - mask.am_failure = 0; - (void) au_user_mask(locuser, &mask); - - info.ai_mask.am_success = mask.am_success; - info.ai_mask.am_failure = mask.am_failure; - - rshd_addr[0] = info.ai_termid.at_addr[0]; - rshd_addr[1] = info.ai_termid.at_addr[1]; - rshd_addr[2] = info.ai_termid.at_addr[2]; - rshd_addr[3] = info.ai_termid.at_addr[3]; - - rc = setaudit_addr(&info, sizeof (info)); - if (rc < 0) { - perror("setaudit"); - } -} diff --git a/usr/src/lib/libbsm/common/mapfile-vers b/usr/src/lib/libbsm/common/mapfile-vers index cc2d0c7d13..17d398ff63 100644 --- a/usr/src/lib/libbsm/common/mapfile-vers +++ b/usr/src/lib/libbsm/common/mapfile-vers @@ -214,15 +214,6 @@ SYMBOL_VERSION SUNWprivate_1.1 { audit_reboot_fail; audit_reboot_setup; audit_reboot_success; - audit_rexd_fail; - audit_rexd_setup; - audit_rexd_success; - audit_rexecd_fail; - audit_rexecd_setup; - audit_rexecd_success; - audit_rshd_fail; - audit_rshd_setup; - audit_rshd_success; audit_settid; audit_shutdown_fail; audit_shutdown_setup; diff --git a/usr/src/lib/libc/amd64/Makefile b/usr/src/lib/libc/amd64/Makefile index 212d91b154..23a838c3a7 100644 --- a/usr/src/lib/libc/amd64/Makefile +++ b/usr/src/lib/libc/amd64/Makefile @@ -730,7 +730,7 @@ PORTINET= bindresvport.o bootparams_getbyname.o ether_addr.o \ getprotoent.o getprotoent_r.o getservbyname_r.o getservent.o \ getservent_r.o inet_lnaof.o inet_mkaddr.o inet_network.o \ inet6_opt.o inet6_rthdr.o interface_id.o link_addr.o \ - netmasks.o rcmd.o rexec.o ruserpass.o sourcefilter.o \ + netmasks.o ruserpass.o sourcefilter.o \ getifaddrs.o PORTLOCALE= \ diff --git a/usr/src/lib/libc/i386/Makefile.com b/usr/src/lib/libc/i386/Makefile.com index 4b03304551..ee26eaeeea 100644 --- a/usr/src/lib/libc/i386/Makefile.com +++ b/usr/src/lib/libc/i386/Makefile.com @@ -781,7 +781,7 @@ PORTINET= bindresvport.o bootparams_getbyname.o ether_addr.o \ getprotoent.o getprotoent_r.o getservbyname_r.o getservent.o \ getservent_r.o inet_lnaof.o inet_mkaddr.o inet_network.o \ inet6_opt.o inet6_rthdr.o interface_id.o link_addr.o \ - netmasks.o rcmd.o rexec.o ruserpass.o sourcefilter.o \ + netmasks.o ruserpass.o sourcefilter.o \ getifaddrs.o PORTLOCALE= \ diff --git a/usr/src/lib/libc/port/inet/rcmd.c b/usr/src/lib/libc/port/inet/rcmd.c deleted file mode 100644 index 2b6b62e4cf..0000000000 --- a/usr/src/lib/libc/port/inet/rcmd.c +++ /dev/null @@ -1,813 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ -/* All Rights Reserved */ - -/* - * University Copyright- Copyright (c) 1982, 1986, 1988 - * The Regents of the University of California - * All Rights Reserved - * - * University Acknowledgment- Portions of this document are derived from - * software developed by the University of California, Berkeley, and its - * contributors. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#ifdef SYSV -#define bcopy(s1, s2, len) (void) memcpy(s2, s1, len) -#define bzero(s, len) (void) memset(s, 0, len) -#define index(s, c) strchr(s, c) -char *strchr(); -#else -char *index(); -#endif /* SYSV */ - -extern int usingypmap(); - -static int _validuser(FILE *hostf, char *rhost, const char *luser, - const char *ruser, int baselen); -static int _checkhost(char *rhost, char *lhost, int len); - - -#ifdef NIS -static char *domain; -#endif - -int rcmd(char **ahost, unsigned short rport, const char *locuser, - const char *remuser, const char *cmd, int *fd2p) -{ - int rcmd_ret; - - rcmd_ret = rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, - AF_INET); - return (rcmd_ret); -} - -int rcmd_af(char **ahost, unsigned short rport, const char *locuser, - const char *remuser, const char *cmd, int *fd2p, int af) -{ - int s, timo = 1; - ssize_t retval; - pid_t pid; - struct sockaddr_storage caddr, faddr; - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; - struct addrinfo hints; - struct addrinfo *res, *resp; - size_t addrlen; - int rc; -#define MAX_SHORTSTRLEN 6 - char aport[MAX_SHORTSTRLEN]; - char c; - int lport = 0; -#ifdef SYSV - sigset_t oldmask; - sigset_t newmask; - struct sigaction oldaction; - struct sigaction newaction; -#else - int oldmask; -#endif /* SYSV */ - fd_set fdset; - int selret; - char *addr; - static char hostname[MAXHOSTNAMELEN]; - socklen_t len; - char abuf[INET6_ADDRSTRLEN]; - - if (!(af == AF_INET || af == AF_INET6 || af == AF_UNSPEC)) { - errno = EAFNOSUPPORT; - return (-1); - } - - pid = getpid(); - memset(&hints, 0, sizeof (hints)); - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_CANONNAME; - if (af == AF_INET6) { - hints.ai_flags |= AI_V4MAPPED; - hints.ai_family = AF_UNSPEC; - } else { - hints.ai_family = af; - } - (void) snprintf(aport, MAX_SHORTSTRLEN, "%u", ntohs(rport)); - rc = getaddrinfo(*ahost, aport, &hints, &res); - if (rc != 0) { - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, "%s: unknown host%s\n"), - *ahost, rc == EAI_AGAIN ? " (try again later)" : ""); - return (-1); - } - resp = res; - (void) strlcpy(hostname, res->ai_canonname, MAXHOSTNAMELEN); - *ahost = hostname; -#ifdef SYSV - /* ignore SIGPIPE */ - bzero((char *)&newaction, sizeof (newaction)); - newaction.sa_handler = SIG_IGN; - (void) sigaction(SIGPIPE, &newaction, &oldaction); - - /* block SIGURG */ - bzero((char *)&newmask, sizeof (newmask)); - (void) sigaddset(&newmask, SIGURG); - (void) sigprocmask(SIG_BLOCK, &newmask, &oldmask); -#else - oldmask = _sigblock(sigmask(SIGURG)); -#endif /* SYSV */ - for (;;) { - s = rresvport_af(&lport, res->ai_family); - if (s < 0) { - int af = res->ai_family; - - /* - * See if we have any addresses of a different type - * to try. - */ - while (res != NULL && res->ai_family == af) - res = res->ai_next; - - if (res != NULL) - continue; - - if (errno == EAGAIN) - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, - "socket: All ports in use\n")); - else - perror("rcmd: socket"); -#ifdef SYSV - /* restore original SIGPIPE handler */ - (void) sigaction(SIGPIPE, &oldaction, NULL); - - /* restore original signal mask */ - (void) sigprocmask(SIG_SETMASK, &oldmask, - (sigset_t *)0); -#else - sigsetmask(oldmask); -#endif /* SYSV */ - freeaddrinfo(resp); - return (-1); - } - bzero((char *)&caddr, sizeof (caddr)); - bcopy(res->ai_addr, &caddr, res->ai_addrlen); - addrlen = res->ai_addrlen; - if (af == AF_INET6 && res->ai_addr->sa_family == AF_INET) { - struct in6_addr ia6; - struct sockaddr_in6 *in6addr; - IN6_INADDR_TO_V4MAPPED(&((struct sockaddr_in *) - res->ai_addr)->sin_addr, &ia6); - in6addr = (struct sockaddr_in6 *)&caddr; - in6addr->sin6_addr = ia6; - in6addr->sin6_family = AF_INET6; - addrlen = sizeof (struct sockaddr_in6); - } - (void) fcntl(s, F_SETOWN, pid); - if (connect(s, (struct sockaddr *)&caddr, addrlen) >= 0) - break; - (void) close(s); - if (errno == EADDRINUSE) { - lport = 0; - continue; - } - if (errno == ECONNREFUSED && timo <= 16) { - (void) sleep(timo); - timo *= 2; - continue; - } - if (res->ai_next != NULL) { - int oerrno = errno; - if (res->ai_addr->sa_family == AF_INET6) - addr = (char *)&((struct sockaddr_in6 *) - res->ai_addr)->sin6_addr; - else - addr = (char *)&((struct sockaddr_in *) - res->ai_addr)->sin_addr; - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, "connect to address %s: "), - inet_ntop(res->ai_addr->sa_family, addr, - abuf, sizeof (abuf))); - errno = oerrno; - perror(0); - res = res->ai_next; - if (res->ai_addr->sa_family == AF_INET6) - addr = (char *)&((struct sockaddr_in6 *) - res->ai_addr)->sin6_addr; - else - addr = (char *)&((struct sockaddr_in *) - res->ai_addr)->sin_addr; - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, "Trying %s...\n"), - inet_ntop(res->ai_addr->sa_family, addr, - abuf, sizeof (abuf))); - continue; - } - perror(*ahost); - freeaddrinfo(resp); -#ifdef SYSV - /* restore original SIGPIPE handler */ - (void) sigaction(SIGPIPE, &oldaction, NULL); - - /* restore original signal mask */ - (void) sigprocmask(SIG_SETMASK, &oldmask, (sigset_t *)0); -#else - sigsetmask(oldmask); -#endif /* SYSV */ - return (-1); - } - lport = 0; - if (fd2p == 0) { - (void) write(s, "", 1); - } else { - int s2 = rresvport_af(&lport, res->ai_family), s3; - - len = (socklen_t)sizeof (faddr); - - if (s2 < 0) - goto bad; - (void) listen(s2, 1); - (void) snprintf(aport, MAX_SHORTSTRLEN, "%d", lport); - if (write(s, aport, strlen(aport)+1) != strlen(aport)+1) { - perror(dgettext(TEXT_DOMAIN, - "write: setting up stderr")); - (void) close(s2); - goto bad; - } - FD_ZERO(&fdset); - FD_SET(s, &fdset); - FD_SET(s2, &fdset); - while ((selret = select(FD_SETSIZE, &fdset, (fd_set *)0, - (fd_set *)0, NULL)) > 0) { - if (FD_ISSET(s, &fdset)) { - /* - * Something's wrong: we should get no - * data on this connection at this point, - * so we assume that the connection has - * gone away. - */ - (void) close(s2); - goto bad; - } - if (FD_ISSET(s2, &fdset)) { - /* - * We assume this is an incoming connect - * request and proceed normally. - */ - s3 = accept(s2, (struct sockaddr *)&faddr, - &len); - FD_CLR(s2, &fdset); - (void) close(s2); - if (s3 < 0) { - perror("accept"); - lport = 0; - goto bad; - } - else - break; - } - } - if (selret == -1) { - /* - * This should not happen, and we treat it as - * a fatal error. - */ - (void) close(s2); - goto bad; - } - - *fd2p = s3; - switch (faddr.ss_family) { - case AF_INET: - sin = (struct sockaddr_in *)&faddr; - if (ntohs(sin->sin_port) >= IPPORT_RESERVED) { - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, - "socket: protocol failure in circuit " - "setup.\n")); - goto bad2; - } - break; - case AF_INET6: - sin6 = (struct sockaddr_in6 *)&faddr; - if (ntohs(sin6->sin6_port) >= IPPORT_RESERVED) { - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, - "socket: protocol failure in circuit " - "setup.\n")); - goto bad2; - } - break; - default: - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, - "socket: protocol failure in circuit setup.\n")); - goto bad2; - } - } - (void) write(s, locuser, strlen(locuser)+1); - (void) write(s, remuser, strlen(remuser)+1); - (void) write(s, cmd, strlen(cmd)+1); - retval = read(s, &c, 1); - if (retval != 1) { - if (retval == 0) { - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, - "Protocol error, %s closed connection\n"), - *ahost); - } else if (retval < 0) { - perror(*ahost); - } else { - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, - "Protocol error, %s sent %d bytes\n"), - *ahost, retval); - } - goto bad2; - } - if (c != 0) { - while (read(s, &c, 1) == 1) { - (void) write(2, &c, 1); - if (c == '\n') - break; - } - goto bad2; - } -#ifdef SYSV - /* restore original SIGPIPE handler */ - (void) sigaction(SIGPIPE, &oldaction, NULL); - - /* restore original signal mask */ - (void) sigprocmask(SIG_SETMASK, &oldmask, (sigset_t *)0); -#else - sigsetmask(oldmask); -#endif /* SYSV */ - freeaddrinfo(resp); - return (s); -bad2: - if (lport) - (void) close(*fd2p); -bad: - (void) close(s); -#ifdef SYSV - /* restore original SIGPIPE handler */ - (void) sigaction(SIGPIPE, &oldaction, NULL); - - /* restore original signal mask */ - (void) sigprocmask(SIG_SETMASK, &oldmask, (sigset_t *)0); -#else - sigsetmask(oldmask); -#endif /* SYSV */ - freeaddrinfo(resp); - return (-1); -} - -static int -_rresvport_addr(int *alport, struct sockaddr_storage *addr) -{ - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; - int s; - socklen_t len; - int on = 1; - int off = 0; - - if (addr->ss_family == AF_INET) { - sin = (struct sockaddr_in *)addr; - len = sizeof (struct sockaddr_in); - } else if (addr->ss_family == AF_INET6) { - sin6 = (struct sockaddr_in6 *)addr; - len = sizeof (struct sockaddr_in6); - } else { - errno = EAFNOSUPPORT; - return (-1); - } - s = socket(addr->ss_family, SOCK_STREAM, 0); - if (s < 0) - return (-1); - - /* - * Set SO_EXCLBIND to get a "unique" port, which is not bound - * to any other sockets. - */ - if (setsockopt(s, SOL_SOCKET, SO_EXCLBIND, &on, sizeof (on)) < 0) { - (void) close(s); - return (-1); - } - - /* Try to bind() to the given port first. */ - if (*alport != 0) { - if (addr->ss_family == AF_INET) { - sin->sin_port = htons((ushort_t)*alport); - } else { - sin6->sin6_port = htons((ushort_t)*alport); - } - if (bind(s, (struct sockaddr *)addr, len) >= 0) { - /* To be safe, need to turn off SO_EXCLBIND. */ - (void) setsockopt(s, SOL_SOCKET, SO_EXCLBIND, &off, - sizeof (off)); - return (s); - } - if (errno != EADDRINUSE) { - (void) close(s); - return (-1); - } - } - - /* - * If no port is given or the above bind() does not succeed, set - * TCP_ANONPRIVBIND option to ask the kernel to pick a port in the - * priviledged range for us. - */ - if (setsockopt(s, IPPROTO_TCP, TCP_ANONPRIVBIND, &on, - sizeof (on)) < 0) { - (void) close(s); - return (-1); - } - if (addr->ss_family == AF_INET) { - sin->sin_port = 0; - } else { - sin6->sin6_port = 0; - } - if (bind(s, (struct sockaddr *)addr, len) >= 0) { - /* - * We need to tell the caller what the port is. - */ - if (getsockname(s, (struct sockaddr *)addr, &len) < 0) { - (void) close(s); - return (-1); - } - switch (addr->ss_family) { - case AF_INET6: - sin6 = (struct sockaddr_in6 *)addr; - *alport = ntohs(sin6->sin6_port); - break; - case AF_INET: - sin = (struct sockaddr_in *)addr; - *alport = ntohs(sin->sin_port); - break; - } - - /* - * To be safe, always turn off these options when we are done. - */ - (void) setsockopt(s, IPPROTO_TCP, TCP_ANONPRIVBIND, &off, - sizeof (off)); - (void) setsockopt(s, SOL_SOCKET, SO_EXCLBIND, &off, - sizeof (off)); - return (s); - } - (void) close(s); - return (-1); -} - -int -rresvport_addr(int *alport, struct sockaddr_storage *addr) -{ - int res, err; - - (void) __priv_bracket(PRIV_ON); - - res = _rresvport_addr(alport, addr); - - err = errno; - (void) __priv_bracket(PRIV_OFF); - errno = err; - - return (res); -} - -int -rresvport_af(int *alport, int af) -{ - struct sockaddr_storage laddr; - - bzero(&laddr, sizeof (laddr)); - if (af == AF_INET || af == AF_INET6) { - laddr.ss_family = (sa_family_t)af; - } else { - errno = EAFNOSUPPORT; - return (-1); - } - return (rresvport_addr(alport, &laddr)); -} - -int -rresvport(int *alport) -{ - return (rresvport_af(alport, AF_INET)); -} - -int -ruserok(const char *rhost, int superuser, const char *ruser, const char *luser) -{ - FILE *hostf; - char fhost[MAXHOSTNAMELEN]; - const char *sp; - char *p; - int baselen = -1; - - struct stat64 sbuf; - struct passwd *pwd; - char pbuf[MAXPATHLEN]; - uid_t uid = (uid_t)-1; - gid_t gid = (gid_t)-1; - int maxgrp = getgroups(0, NULL); - gid_t *grouplist = alloca(maxgrp * sizeof (gid_t)); - int ngroups; - - sp = rhost; - p = fhost; - while (*sp) { - if (*sp == '.') { - if (baselen == -1) - baselen = (int)(sp - rhost); - *p++ = *sp++; - } else { - *p++ = isupper(*sp) ? tolower(*sp++) : *sp++; - } - } - *p = '\0'; - - /* check /etc/hosts.equiv */ - if (!superuser) { - if ((hostf = fopen("/etc/hosts.equiv", "rF")) != NULL) { - if (!_validuser(hostf, fhost, luser, ruser, baselen)) { - (void) fclose(hostf); - return (0); - } - (void) fclose(hostf); - } - } - - /* check ~/.rhosts */ - - if ((pwd = getpwnam(luser)) == NULL) - return (-1); - (void) strcpy(pbuf, pwd->pw_dir); - (void) strcat(pbuf, "/.rhosts"); - - /* - * Read .rhosts as the local user to avoid NFS mapping the root uid - * to something that can't read .rhosts. - */ - gid = getegid(); - uid = geteuid(); - if ((ngroups = getgroups(maxgrp, grouplist)) == -1) - return (-1); - - (void) setegid(pwd->pw_gid); - initgroups(pwd->pw_name, pwd->pw_gid); - (void) seteuid(pwd->pw_uid); - if ((hostf = fopen(pbuf, "rF")) == NULL) { - if (gid != (gid_t)-1) - (void) setegid(gid); - if (uid != (uid_t)-1) - (void) seteuid(uid); - setgroups(ngroups, grouplist); - return (-1); - } - (void) fstat64(fileno(hostf), &sbuf); - if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) { - (void) fclose(hostf); - if (gid != (gid_t)-1) - (void) setegid(gid); - if (uid != (uid_t)-1) - (void) seteuid(uid); - setgroups(ngroups, grouplist); - return (-1); - } - - if (!_validuser(hostf, fhost, luser, ruser, baselen)) { - (void) fclose(hostf); - if (gid != (gid_t)-1) - (void) setegid(gid); - if (uid != (uid_t)-1) - (void) seteuid(uid); - setgroups(ngroups, grouplist); - return (0); - } - - (void) fclose(hostf); - if (gid != (gid_t)-1) - (void) setegid(gid); - if (uid != (uid_t)-1) - (void) seteuid(uid); - setgroups(ngroups, grouplist); - return (-1); -} - -static int -_validuser(FILE *hostf, char *rhost, const char *luser, - const char *ruser, int baselen) -{ - char *user; - char ahost[BUFSIZ]; - char *uchost = NULL; - int hostmatch, usermatch; - char *p; - -#ifdef NIS - if (domain == NULL) { - (void) usingypmap(&domain, NULL); - } -#endif /* NIS */ - - while (fgets(ahost, (int)sizeof (ahost), hostf)) { - uchost = NULL; - hostmatch = usermatch = 0; - p = ahost; - /* - * We can get a line bigger than our buffer. If so we skip - * the offending line. - */ - if (strchr(p, '\n') == NULL) { - while (fgets(ahost, (int)sizeof (ahost), hostf) && - strchr(ahost, '\n') == NULL) - ; - continue; - } - while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { - /* - * Both host and user ``names'' can be netgroups, - * and must have their case preserved. Case is - * preserved for user names because we break out - * of this loop when finding a field separator. - * To do so for host names, we must make a copy of - * the host name field. - */ - if (isupper(*p)) { - if (uchost == NULL) - uchost = strdup(ahost); - *p = tolower(*p); - } - p++; - } - if (*p != '\0' && uchost != NULL) - uchost[p - ahost] = '\0'; - if (*p == ' ' || *p == '\t') { - *p++ = '\0'; - while (*p == ' ' || *p == '\t') - p++; - user = p; - while (*p != '\n' && *p != ' ' && *p != '\t' && - *p != '\0') - p++; - } else - user = p; - *p = '\0'; - if (ahost[0] == '+' && ahost[1] == 0) - hostmatch = 1; -#ifdef NIS - else if (ahost[0] == '+' && ahost[1] == '@') - if (uchost != NULL) - hostmatch = innetgr(uchost + 2, rhost, - NULL, domain); - else - hostmatch = innetgr(ahost + 2, rhost, - NULL, domain); - else if (ahost[0] == '-' && ahost[1] == '@') { - if (uchost != NULL) { - if (innetgr(uchost + 2, rhost, NULL, domain)) - break; - } else { - if (innetgr(ahost + 2, rhost, NULL, domain)) - break; - } - } -#endif /* NIS */ - else if (ahost[0] == '-') { - if (_checkhost(rhost, ahost+1, baselen)) - break; - } - else - hostmatch = _checkhost(rhost, ahost, baselen); - if (user[0]) { - if (user[0] == '+' && user[1] == 0) - usermatch = 1; -#ifdef NIS - else if (user[0] == '+' && user[1] == '@') - usermatch = innetgr(user+2, NULL, - ruser, domain); - else if (user[0] == '-' && user[1] == '@') { - if (hostmatch && - innetgr(user+2, NULL, ruser, domain)) - break; - } -#endif /* NIS */ - else if (user[0] == '-') { - if (hostmatch && (strcmp(user+1, ruser) == 0)) - break; - } - else - usermatch = (strcmp(user, ruser) == 0); - } - else - usermatch = (strcmp(ruser, luser) == 0); - if (uchost != NULL) - free(uchost); - if (hostmatch && usermatch) - return (0); - } - - if (uchost != NULL) - free(uchost); - return (-1); -} - -static int -_checkhost(char *rhost, char *lhost, int len) -{ - static char *ldomain; - static char *domainp; - static int nodomain; - char *cp; - - if (ldomain == NULL) { - ldomain = (char *)malloc(MAXHOSTNAMELEN+1); - if (ldomain == 0) - return (0); - } - - if (len == -1) - return (strcmp(rhost, lhost) == 0); - if (strncmp(rhost, lhost, len)) - return (0); - if (strcmp(rhost, lhost) == 0) - return (1); - if (*(lhost + len) != '\0') - return (0); - if (nodomain) - return (0); - if (!domainp) { - /* - * "domainp" points after the first dot in the host name - */ - if (gethostname(ldomain, MAXHOSTNAMELEN) == -1) { - nodomain = 1; - return (0); - } - ldomain[MAXHOSTNAMELEN] = '\0'; - if ((domainp = index(ldomain, '.')) == NULL) { - nodomain = 1; - return (0); - } - domainp++; - cp = domainp; - while (*cp) { - *cp = isupper(*cp) ? tolower(*cp) : *cp; - cp++; - } - } - return (strcmp(domainp, rhost + len + 1) == 0); -} diff --git a/usr/src/lib/libc/port/inet/rexec.c b/usr/src/lib/libc/port/inet/rexec.c deleted file mode 100644 index 63f8180219..0000000000 --- a/usr/src/lib/libc/port/inet/rexec.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ -/* All Rights Reserved */ - -/* - * University Copyright- Copyright (c) 1982, 1986, 1988 - * The Regents of the University of California - * All Rights Reserved - * - * University Acknowledgment- Portions of this document are derived from - * software developed by the University of California, Berkeley, and its - * contributors. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include -#include - -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifdef SYSV -#define bcopy(a, b, c) (void) memcpy((b), (a), (c)) -#endif - -#define MAX_SHORTSTRLEN 6 - -void _ruserpass(const char *host, char **aname, char **apass); - -int rexec(char **ahost, unsigned short rport, const char *name, - const char *pass, const char *cmd, int *fd2p) -{ - return (rexec_af(ahost, rport, name, pass, cmd, fd2p, AF_INET)); -} - -int rexec_af(char **ahost, unsigned short rport, const char *name, - const char *pass, const char *cmd, int *fd2p, int af) -{ - int s, timo = 1, s3; - char c; - ushort_t port; - static char hostname[MAXHOSTNAMELEN]; - int rc; - struct addrinfo *res; - struct addrinfo hints; - char aport[MAX_SHORTSTRLEN]; - - if (!(af == AF_INET || af == AF_INET6 || af == AF_UNSPEC)) { - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, "%d: Address family not " - "supported\n"), af); - errno = EAFNOSUPPORT; - return (-1); - } - memset(&hints, 0, sizeof (hints)); - (void) snprintf(aport, MAX_SHORTSTRLEN, "%u", ntohs(rport)); - hints.ai_flags = AI_CANONNAME|AI_ADDRCONFIG|AI_V4MAPPED; - hints.ai_socktype = SOCK_STREAM; - hints.ai_family = af; - rc = getaddrinfo(*ahost, aport, &hints, &res); - - if (rc != 0) { - (void) fprintf(stderr, - dgettext(TEXT_DOMAIN, "%s: unknown host\n"), - *ahost); - return (-1); - } - (void) strlcpy(hostname, res->ai_canonname, MAXHOSTNAMELEN); - *ahost = hostname; - _ruserpass(res->ai_canonname, (char **)&name, (char **)&pass); -retry: - s = socket(res->ai_addr->sa_family, res->ai_socktype, res->ai_protocol); - if (s < 0) { - perror("rexec: socket"); - freeaddrinfo(res); - return (-1); - } - if (connect(s, res->ai_addr, res->ai_addrlen) != 0) { - if (errno == ECONNREFUSED && timo <= 16) { - (void) close(s); - (void) sleep(timo); - timo *= 2; - goto retry; - } - perror(*ahost); - (void) close(s); - freeaddrinfo(res); - return (-1); - } - if (fd2p == 0) { - (void) write(s, "", 1); - port = 0; - } else { - int s2; - socklen_t sin2len; - struct sockaddr_storage sin2, from; - - s2 = socket(res->ai_family, SOCK_STREAM, 0); - if (s2 < 0) { - (void) close(s); - freeaddrinfo(res); - return (-1); - } - (void) listen(s2, 1); - sin2len = (socklen_t)sizeof (sin2); - if (getsockname(s2, (struct sockaddr *)&sin2, &sin2len) < 0) { - perror("getsockname"); - (void) close(s2); - goto bad; - } - if (res->ai_family == AF_INET6) { - port = ntohs(((struct sockaddr_in6 *)&sin2)->sin6_port); - } else { - port = ntohs(((struct sockaddr_in *)&sin2)->sin_port); - } - (void) snprintf(aport, MAX_SHORTSTRLEN, "%u", port); - (void) write(s, aport, strlen(aport)+1); - { - socklen_t len = (socklen_t)sizeof (from); - s3 = accept(s2, (struct sockaddr *)&from, &len); - (void) close(s2); - if (s3 < 0) { - perror("accept"); - port = 0; - goto bad; - } - } - *fd2p = s3; - } - (void) write(s, name, strlen(name) + 1); - /* should public key encypt the password here */ - (void) write(s, pass, strlen(pass) + 1); - (void) write(s, cmd, strlen(cmd) + 1); - if (read(s, &c, 1) != 1) { - perror(*ahost); - goto bad; - } - if (c != 0) { - while (read(s, &c, 1) == 1) { - (void) write(2, &c, 1); - if (c == '\n') - break; - } - goto bad; - } - freeaddrinfo(res); - return (s); -bad: - if (port) - (void) close(*fd2p); - (void) close(s); - freeaddrinfo(res); - return (-1); -} diff --git a/usr/src/lib/libc/port/mapfile-vers b/usr/src/lib/libc/port/mapfile-vers index 18c38236b7..bf0e134ce0 100644 --- a/usr/src/lib/libc/port/mapfile-vers +++ b/usr/src/lib/libc/port/mapfile-vers @@ -3425,9 +3425,6 @@ $endif if_indextoname; if_nameindex; if_nametoindex; - rcmd_af; - rexec_af; - rresvport_af; __xnet_bind; __xnet_connect; __xnet_getsockopt; @@ -3458,10 +3455,6 @@ $endif getservbyport_r; getservent; getservent_r; - rcmd; - rexec; - rresvport; - ruserok; setnetent; setprotoent; setservent; @@ -3508,7 +3501,6 @@ $endif getnetmaskbynet; bindresvport; bootparams_getbyname; - rresvport_addr; _ruserpass; # FIXME: pending a name for our OS, these symbols originally from libnsl are # marked private. diff --git a/usr/src/lib/libresolv/netdb.h b/usr/src/lib/libresolv/netdb.h index 82fa0d37a2..9f9c9cab81 100644 --- a/usr/src/lib/libresolv/netdb.h +++ b/usr/src/lib/libresolv/netdb.h @@ -138,12 +138,6 @@ int setprotoent(int); int endprotoent(void); int setnetgrent(const char *); int endnetgrent(void); -int rcmd(char **ahost, unsigned short inport, - const char *luser, const char *ruser, const char *cmd, int *fd2p); -int rexec(char **ahost, unsigned short inport, - const char *user, const char *passwd, const char *cmd, int *fd2p); -int rresvport(int *); -int ruserok(const char *rhost, int suser, const char *ruser, const char *luser); #else struct hostent *gethostbyname_r(); struct hostent *gethostbyaddr_r(); @@ -185,10 +179,6 @@ int setprotoent(); int endprotoent(); int setnetgrent(); int endnetgrent(); -int rcmd(); -int rexec(); -int rresvport(); -int ruserok(); #endif /* diff --git a/usr/src/lib/libsocket/common/mapfile-vers b/usr/src/lib/libsocket/common/mapfile-vers index 94a1ba1909..4227afd802 100644 --- a/usr/src/lib/libsocket/common/mapfile-vers +++ b/usr/src/lib/libsocket/common/mapfile-vers @@ -95,9 +95,6 @@ SYMBOL_VERSION SUNW_1.4 { if_nametoindex { TYPE = FUNCTION }; in6addr_any { TYPE = DATA; SIZE = 0x10 }; in6addr_loopback { TYPE = DATA; SIZE = 0x10 }; - rcmd_af { TYPE = FUNCTION }; - rexec_af { TYPE = FUNCTION }; - rresvport_af { TYPE = FUNCTION }; } SUNW_1.3; # Due to mistakes made early in the history of this library, there are @@ -154,10 +151,6 @@ SYMBOL_VERSION SUNW_0.7 { htons { TYPE = FUNCTION }; ntohl { TYPE = FUNCTION }; ntohs { TYPE = FUNCTION }; - rcmd { TYPE = FUNCTION }; - rexec { TYPE = FUNCTION }; - rresvport { TYPE = FUNCTION }; - ruserok { TYPE = FUNCTION }; setnetent { TYPE = FUNCTION }; setprotoent { TYPE = FUNCTION }; setservent { TYPE = FUNCTION }; @@ -228,7 +221,6 @@ SYMBOL_VERSION SUNWprivate_1.1 { global: bindresvport { TYPE = FUNCTION }; bootparams_getbyname { TYPE = FUNCTION }; - rresvport_addr { TYPE = FUNCTION }; _ruserpass { TYPE = FUNCTION }; local: *; diff --git a/usr/src/lib/pam_modules/Makefile b/usr/src/lib/pam_modules/Makefile index 79fdd852b2..f899d704c5 100644 --- a/usr/src/lib/pam_modules/Makefile +++ b/usr/src/lib/pam_modules/Makefile @@ -42,7 +42,6 @@ SUBDIRS = \ ldap \ list \ passwd_auth \ - rhosts_auth \ roles \ sample \ smb \ diff --git a/usr/src/lib/pam_modules/rhosts_auth/Makefile b/usr/src/lib/pam_modules/rhosts_auth/Makefile deleted file mode 100644 index 7bdce584f2..0000000000 --- a/usr/src/lib/pam_modules/rhosts_auth/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2006 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../../Makefile.lib - -TEXT_DOMAIN= SUNW_OST_SYSOSPAM -POFILE= rhosts_auth.po -MSGFILES= rhosts_auth.c - -SUBDIRS= $(MACH) -$(BUILD64)SUBDIRS += $(MACH64) - -all := TARGET= all -clean := TARGET= clean -clobber := TARGET= clobber -install := TARGET= install - -.KEEP_STATE: - -all clean clobber install: $(SUBDIRS) - -_msg: $(MSGDOMAINPOFILE) - -$(SUBDIRS): FRC - @cd $@; pwd; $(MAKE) $(TARGET) - -FRC: - -include $(SRC)/Makefile.msg.targ -include ../../Makefile.targ diff --git a/usr/src/lib/pam_modules/rhosts_auth/Makefile.com b/usr/src/lib/pam_modules/rhosts_auth/Makefile.com deleted file mode 100644 index 853dc345b1..0000000000 --- a/usr/src/lib/pam_modules/rhosts_auth/Makefile.com +++ /dev/null @@ -1,42 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# usr/src/lib/pam_modules/rhosts_auth/Makefile.com -# -#ident "%Z%%M% %I% %E% SMI" -# - -LIBRARY= pam_rhosts_auth.a -VERS= .1 -OBJECTS= rhosts_auth.o - -include ../../Makefile.pam_modules - -LDLIBS += -lpam -lc - -all: $(LIBS) - - -include $(SRC)/lib/Makefile.targ diff --git a/usr/src/lib/pam_modules/rhosts_auth/amd64/Makefile b/usr/src/lib/pam_modules/rhosts_auth/amd64/Makefile deleted file mode 100644 index bcb7ba401a..0000000000 --- a/usr/src/lib/pam_modules/rhosts_auth/amd64/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com -include ../../../Makefile.lib.64 - -install: all $(ROOTLIBS64) $(ROOTLINKS64) diff --git a/usr/src/lib/pam_modules/rhosts_auth/i386/Makefile b/usr/src/lib/pam_modules/rhosts_auth/i386/Makefile deleted file mode 100644 index 16dca7f51b..0000000000 --- a/usr/src/lib/pam_modules/rhosts_auth/i386/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -#ident "%Z%%M% %I% %E% SMI" -# -# pam_modules/rhosts_auth/i386/Makefile - -include ../Makefile.com - -install: all $(ROOTLIBS) $(ROOTLINKS) diff --git a/usr/src/lib/pam_modules/rhosts_auth/mapfile-vers b/usr/src/lib/pam_modules/rhosts_auth/mapfile-vers deleted file mode 100644 index f4950dcf15..0000000000 --- a/usr/src/lib/pam_modules/rhosts_auth/mapfile-vers +++ /dev/null @@ -1,47 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. -# - -# -# MAPFILE HEADER START -# -# WARNING: STOP NOW. DO NOT MODIFY THIS FILE. -# Object versioning must comply with the rules detailed in -# -# usr/src/lib/README.mapfiles -# -# You should not be making modifications here until you've read the most current -# copy of that file. If you need help, contact a gatekeeper for guidance. -# -# MAPFILE HEADER END -# - -$mapfile_version 2 - -SYMBOL_VERSION SUNW_1.1 { - global: - pam_sm_authenticate; - pam_sm_setcred; - local: - *; -}; diff --git a/usr/src/lib/pam_modules/rhosts_auth/rhosts_auth.c b/usr/src/lib/pam_modules/rhosts_auth/rhosts_auth.c deleted file mode 100644 index 4388bb6c0f..0000000000 --- a/usr/src/lib/pam_modules/rhosts_auth/rhosts_auth.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -extern int ruserok(const char *, int, const char *, const char *); - -/* - * pam_sm_authenticate - Checks if the user is allowed remote access - */ -/*ARGSUSED*/ -int -pam_sm_authenticate( - pam_handle_t *pamh, - int flags, - int argc, - const char **argv) -{ - char *host = NULL, *lusername = NULL; - struct passwd pwd; - struct passwd *pwdp; - char pwd_buffer[1024]; - int is_superuser; - char *rusername; - int i; - int debug = 0; - - for (i = 0; i < argc; i++) { - if (strcasecmp(argv[i], "debug") == 0) - debug = 1; - else - syslog(LOG_DEBUG, "illegal option %s", argv[i]); - } - - if (pam_get_item(pamh, PAM_USER, (void **) &lusername) != PAM_SUCCESS) - return (PAM_SERVICE_ERR); - if (pam_get_item(pamh, PAM_RHOST, (void **) &host) != PAM_SUCCESS) - return (PAM_SERVICE_ERR); - if (pam_get_item(pamh, PAM_RUSER, (void **)&rusername) != PAM_SUCCESS) - return (PAM_SERVICE_ERR); - - if (lusername == NULL || *lusername == '\0') - return (PAM_USER_UNKNOWN); - if (rusername == NULL || *rusername == '\0') - return (PAM_AUTH_ERR); - if (host == NULL || *host == '\0') - return (PAM_AUTH_ERR); - - if (debug) { - syslog(LOG_DEBUG, - "rhosts authenticate: user = %s, host = %s", - lusername, host); - } - - getpwnam_r(lusername, &pwd, pwd_buffer, sizeof (pwd_buffer), &pwdp); - if (!pwdp) - return (PAM_USER_UNKNOWN); - - if (pwd.pw_uid == 0) - is_superuser = 1; - else - is_superuser = 0; - - return (ruserok(host, is_superuser, rusername, lusername) - == -1 ? PAM_AUTH_ERR : PAM_SUCCESS); - -} - -/* - * dummy pam_sm_setcred - does nothing - */ -/*ARGSUSED*/ -int -pam_sm_setcred( - pam_handle_t *pamh, - int flags, - int argc, - const char **argv) -{ - return (PAM_IGNORE); -} diff --git a/usr/src/lib/pam_modules/rhosts_auth/sparc/Makefile b/usr/src/lib/pam_modules/rhosts_auth/sparc/Makefile deleted file mode 100644 index b8a51e006b..0000000000 --- a/usr/src/lib/pam_modules/rhosts_auth/sparc/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -#ident "%Z%%M% %I% %E% SMI" -# -# pam_modules/rhosts_auth/sparc/Makefile - -include ../Makefile.com - -install: all $(ROOTLIBS) $(ROOTLINKS) diff --git a/usr/src/lib/pam_modules/rhosts_auth/sparcv9/Makefile b/usr/src/lib/pam_modules/rhosts_auth/sparcv9/Makefile deleted file mode 100644 index 3d98b827b6..0000000000 --- a/usr/src/lib/pam_modules/rhosts_auth/sparcv9/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -#ident "%Z%%M% %I% %E% SMI" -# -# pam_modules/rhosts_auth/sparcv9/Makefile - -include ../Makefile.com -include ../../../Makefile.lib.64 - -install: all $(ROOTLIBS64) $(ROOTLINKS64) diff --git a/usr/src/pkg/manifests/service-network-network-clients.mf b/usr/src/pkg/manifests/service-network-network-clients.mf index 8077cd8529..37c40ffb19 100644 --- a/usr/src/pkg/manifests/service-network-network-clients.mf +++ b/usr/src/pkg/manifests/service-network-network-clients.mf @@ -42,7 +42,6 @@ file path=usr/bin/rup mode=0555 file path=usr/bin/ruptime mode=0555 file path=usr/bin/rusers mode=0555 file path=usr/bin/whois mode=0555 -file path=usr/sbin/rmt mode=0555 file path=usr/sbin/rwall mode=0555 file path=usr/sbin/snoop mode=0555 file path=usr/sbin/spray mode=0555 @@ -52,7 +51,6 @@ file path=usr/share/man/man1/ruptime.1 file path=usr/share/man/man1/rusers.1 file path=usr/share/man/man1/whois.1 file path=usr/share/man/man1m/rdate.1m -file path=usr/share/man/man1m/rmt.1m file path=usr/share/man/man1m/rwall.1m file path=usr/share/man/man1m/snoop.1m file path=usr/share/man/man1m/spray.1m diff --git a/usr/src/pkg/manifests/service-network-network-servers.mf b/usr/src/pkg/manifests/service-network-network-servers.mf index 406487d1e3..efddbbb828 100644 --- a/usr/src/pkg/manifests/service-network-network-servers.mf +++ b/usr/src/pkg/manifests/service-network-network-servers.mf @@ -51,7 +51,6 @@ dir path=usr/share/man/man1m dir path=usr/share/man/man4 file path=lib/svc/manifest/network/comsat.xml group=sys mode=0444 file path=lib/svc/manifest/network/finger.xml group=sys mode=0444 -file path=lib/svc/manifest/network/rexec.xml group=sys mode=0444 file path=lib/svc/manifest/network/rpc/rstat.xml group=sys mode=0444 file path=lib/svc/manifest/network/rpc/rusers.xml group=sys mode=0444 file path=lib/svc/manifest/network/rpc/spray.xml group=sys mode=0444 @@ -66,7 +65,6 @@ file path=usr/lib/netsvc/rwall/rpc.rwalld mode=0555 file path=usr/lib/netsvc/spray/rpc.sprayd mode=0555 file path=usr/sbin/in.comsat mode=0555 file path=usr/sbin/in.fingerd mode=0555 -file path=usr/sbin/in.rexecd mode=0555 file path=usr/sbin/in.rwhod mode=0555 file path=usr/sbin/in.talkd mode=0555 file path=usr/share/man/man1/finger.1 @@ -74,7 +72,6 @@ file path=usr/share/man/man1/rwho.1 file path=usr/share/man/man1/talk.1 file path=usr/share/man/man1m/in.comsat.1m file path=usr/share/man/man1m/in.fingerd.1m -file path=usr/share/man/man1m/in.rexecd.1m file path=usr/share/man/man1m/in.rwhod.1m file path=usr/share/man/man1m/in.talkd.1m file path=usr/share/man/man1m/rpc.rstatd.1m @@ -86,4 +83,3 @@ license cr_Sun license=cr_Sun license lic_CDDL license=lic_CDDL license usr/src/cmd/cmd-inet/usr.sbin/THIRDPARTYLICENSE.comsat \ license=usr/src/cmd/cmd-inet/usr.sbin/THIRDPARTYLICENSE.comsat -link path=etc/rmt target=../usr/sbin/rmt diff --git a/usr/src/pkg/manifests/system-library.man3socket.inc b/usr/src/pkg/manifests/system-library.man3socket.inc index 62b80f9062..0702202103 100644 --- a/usr/src/pkg/manifests/system-library.man3socket.inc +++ b/usr/src/pkg/manifests/system-library.man3socket.inc @@ -29,8 +29,6 @@ file path=usr/share/man/man3socket/if_nametoindex.3socket file path=usr/share/man/man3socket/inet.3socket file path=usr/share/man/man3socket/inet6_opt.3socket file path=usr/share/man/man3socket/inet6_rth.3socket -file path=usr/share/man/man3socket/rcmd.3socket -file path=usr/share/man/man3socket/rexec.3socket file path=usr/share/man/man3socket/sctp_bindx.3socket file path=usr/share/man/man3socket/sctp_getladdrs.3socket file path=usr/share/man/man3socket/sctp_getpaddrs.3socket diff --git a/usr/src/pkg/manifests/system-library.man5.inc b/usr/src/pkg/manifests/system-library.man5.inc index 037a3c30d0..c2ff2a0c2d 100644 --- a/usr/src/pkg/manifests/system-library.man5.inc +++ b/usr/src/pkg/manifests/system-library.man5.inc @@ -48,7 +48,6 @@ file path=usr/share/man/man5/pam_dial_auth.5 file path=usr/share/man/man5/pam_ldap.5 file path=usr/share/man/man5/pam_list.5 file path=usr/share/man/man5/pam_passwd_auth.5 -file path=usr/share/man/man5/pam_rhosts_auth.5 file path=usr/share/man/man5/pam_roles.5 file path=usr/share/man/man5/pam_sample.5 file path=usr/share/man/man5/pam_timestamp.5 diff --git a/usr/src/pkg/manifests/system-library.mf b/usr/src/pkg/manifests/system-library.mf index acb7b3eae0..ebfef71290 100644 --- a/usr/src/pkg/manifests/system-library.mf +++ b/usr/src/pkg/manifests/system-library.mf @@ -482,7 +482,6 @@ file path=usr/lib/security/$(ARCH64)/pam_dial_auth.so.1 file path=usr/lib/security/$(ARCH64)/pam_ldap.so.1 file path=usr/lib/security/$(ARCH64)/pam_list.so.1 file path=usr/lib/security/$(ARCH64)/pam_passwd_auth.so.1 -file path=usr/lib/security/$(ARCH64)/pam_rhosts_auth.so.1 file path=usr/lib/security/$(ARCH64)/pam_roles.so.1 file path=usr/lib/security/$(ARCH64)/pam_sample.so.1 file path=usr/lib/security/$(ARCH64)/pam_timestamp.so.1 @@ -510,7 +509,6 @@ file path=usr/lib/security/pam_dial_auth.so.1 file path=usr/lib/security/pam_ldap.so.1 file path=usr/lib/security/pam_list.so.1 file path=usr/lib/security/pam_passwd_auth.so.1 -file path=usr/lib/security/pam_rhosts_auth.so.1 file path=usr/lib/security/pam_roles.so.1 file path=usr/lib/security/pam_sample.so.1 file path=usr/lib/security/pam_timestamp.so.1 @@ -1213,8 +1211,6 @@ link path=usr/lib/security/$(ARCH64)/pam_ldap.so target=./pam_ldap.so.1 link path=usr/lib/security/$(ARCH64)/pam_list.so target=./pam_list.so.1 link path=usr/lib/security/$(ARCH64)/pam_passwd_auth.so \ target=./pam_passwd_auth.so.1 -link path=usr/lib/security/$(ARCH64)/pam_rhosts_auth.so \ - target=./pam_rhosts_auth.so.1 link path=usr/lib/security/$(ARCH64)/pam_roles.so target=./pam_roles.so.1 link path=usr/lib/security/$(ARCH64)/pam_sample.so target=./pam_sample.so.1 link path=usr/lib/security/$(ARCH64)/pam_timestamp.so \ @@ -1252,7 +1248,6 @@ link path=usr/lib/security/pam_dial_auth.so target=./pam_dial_auth.so.1 link path=usr/lib/security/pam_ldap.so target=./pam_ldap.so.1 link path=usr/lib/security/pam_list.so target=./pam_list.so.1 link path=usr/lib/security/pam_passwd_auth.so target=./pam_passwd_auth.so.1 -link path=usr/lib/security/pam_rhosts_auth.so target=./pam_rhosts_auth.so.1 link path=usr/lib/security/pam_roles.so target=./pam_roles.so.1 link path=usr/lib/security/pam_sample.so target=./pam_sample.so.1 link path=usr/lib/security/pam_timestamp.so target=./pam_timestamp.so.1 -- 2.11.4.GIT