Index: ObsoleteFiles.inc =================================================================== --- ObsoleteFiles.inc +++ ObsoleteFiles.inc @@ -38,6 +38,18 @@ # xargs -n1 | sort | uniq -d; # done +# 20171003: remove RCMDS +OLD_FILES+=bin/rcp +OLD_FILES+=rescue/rcp +OLD_FILES+=usr/bin/rlogin +OLD_FILES+=usr/bin/rsh +OLD_FILES+=usr/libexec/rlogind +OLD_FILES+=usr/libexec/rshd +OLD_FILES+=usr/share/man/man1/rcp.1.gz +OLD_FILES+=usr/share/man/man1/rlogin.1.gz +OLD_FILES+=usr/share/man/man1/rsh.1.gz +OLD_FILES+=usr/share/man/man8/rlogind.8.gz +OLD_FILES+=usr/share/man/man8/rshd.8.gz # 20171003: remove RCMDS OLD_FILES+=bin/rcp OLD_FILES+=rescue/rcp Index: lib/libpam/modules/modules.inc =================================================================== --- lib/libpam/modules/modules.inc +++ lib/libpam/modules/modules.inc @@ -24,7 +24,6 @@ .if ${MK_RADIUS_SUPPORT} != "no" MODULES += pam_radius .endif -MODULES += pam_rhosts MODULES += pam_rootok MODULES += pam_securetty MODULES += pam_self Index: lib/libpam/modules/pam_rhosts/Makefile =================================================================== --- lib/libpam/modules/pam_rhosts/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -# $FreeBSD$ - -LIB= pam_rhosts -SRCS= pam_rhosts.c -MAN= pam_rhosts.8 - -.include Index: lib/libpam/modules/pam_rhosts/Makefile.depend =================================================================== --- lib/libpam/modules/pam_rhosts/Makefile.depend +++ /dev/null @@ -1,19 +0,0 @@ -# $FreeBSD$ -# Autogenerated - do NOT edit! - -DIRDEPS = \ - gnu/lib/csu \ - gnu/lib/libgcc \ - include \ - include/xlocale \ - lib/${CSU_DIR} \ - lib/libc \ - lib/libcompiler_rt \ - lib/libpam/libpam \ - - -.include - -.if ${DEP_RELDIR} == ${_DEP_RELDIR} -# local dependencies - needed for -jN in clean tree -.endif Index: lib/libpam/modules/pam_rhosts/pam_rhosts.8 =================================================================== --- lib/libpam/modules/pam_rhosts/pam_rhosts.8 +++ /dev/null @@ -1,95 +0,0 @@ -.\" Copyright (c) 2001 Mark R V Murray -.\" All rights reserved. -.\" Copyright (c) 2001 Networks Associates Technology, Inc. -.\" All rights reserved. -.\" -.\" Portions of this software were developed for the FreeBSD Project by -.\" ThinkSec AS and NAI Labs, the Security Research Division of Network -.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 -.\" ("CBOSS"), as part of the DARPA CHATS research program. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote -.\" products derived from this software without specific prior written -.\" permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd December 5, 2001 -.Dt PAM_RHOSTS 8 -.Os -.Sh NAME -.Nm pam_rhosts -.Nd Rhosts PAM module -.Sh SYNOPSIS -.Op Ar service-name -.Ar module-type -.Ar control-flag -.Pa pam_rhosts -.Op Ar options -.Sh DESCRIPTION -The rhosts authentication service module for PAM, -.Nm -provides functionality for only one PAM category: -authentication. -In terms of the -.Ar module-type -parameter, this is the -.Dq Li auth -feature. -.Ss Rhosts Authentication Module -The Rhosts authentication component -.Pq Fn pam_sm_authenticate , -returns success if and only if the target user's UID is not 0 and the -remote host and user are listed in -.Pa /etc/hosts.equiv -or in the target user's -.Pa ~/.rhosts . -.Pp -The following options may be passed to the authentication module: -.Bl -tag -width ".Cm allow_root" -.It Cm debug -.Xr syslog 3 -debugging information at -.Dv LOG_DEBUG -level. -.It Cm no_warn -suppress warning messages to the user. -These messages include reasons why the user's authentication attempt -was declined. -.It Cm allow_root -do not automatically fail if the target user's UID is 0. -.El -.Sh SEE ALSO -.Xr hosts.equiv 5 , -.Xr pam.conf 5 , -.Xr pam 8 -.Sh AUTHORS -The -.Nm -module and this manual page were developed for the -.Fx -Project by -ThinkSec AS and NAI Labs, the Security Research Division of Network -Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 -.Pq Dq CBOSS , -as part of the DARPA CHATS research program. Index: lib/libpam/modules/pam_rhosts/pam_rhosts.c =================================================================== --- lib/libpam/modules/pam_rhosts/pam_rhosts.c +++ /dev/null @@ -1,95 +0,0 @@ -/*- - * Copyright (c) 2002 Danny Braniss - * All rights reserved. - * Copyright (c) 2001,2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include - -#define PAM_SM_AUTH -#include -#include -#include - -#define OPT_ALLOW_ROOT "allow_root" - -PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) -{ - struct passwd *pw; - const char *user; - const void *ruser, *rhost; - int err, superuser; - - err = pam_get_user(pamh, &user, NULL); - if (err != PAM_SUCCESS) - return (err); - - if ((pw = getpwnam(user)) == NULL) - return (PAM_USER_UNKNOWN); - if (pw->pw_uid == 0 && - openpam_get_option(pamh, OPT_ALLOW_ROOT) == NULL) - return (PAM_AUTH_ERR); - - err = pam_get_item(pamh, PAM_RUSER, &ruser); - if (err != PAM_SUCCESS) - return (PAM_AUTH_ERR); - - err = pam_get_item(pamh, PAM_RHOST, &rhost); - if (err != PAM_SUCCESS) - return (PAM_AUTH_ERR); - - superuser = (strcmp(user, "root") == 0); - err = ruserok(rhost, superuser, ruser, user); - if (err != 0) - return (PAM_AUTH_ERR); - - return (PAM_SUCCESS); -} - -PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) -{ - - return (PAM_SUCCESS); -} - -PAM_MODULE_ENTRY("pam_rhosts");