Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Add blacklist support to rlogind

Reviewed by: rpaulo
Approved by: rpaulo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D6593

rlogin(1): Replace select(2) with poll(2).

Obtanied from: NetBSD (CVS Rev. 1.27 - 1.28)

Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.

Reviewed by: imp
MFC after: 1 week

Replace index() and rindex() calls with strchr() and strrchr().

The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.

Add __unused

Add a new libc function: cfmakesane(3).

I've noticed various terminal emulators that need to obtain a sane
default termios structure use very complex `hacks'. Even though POSIX
doesn't provide any functionality for this, extend our termios API with
cfmakesane(3), which is similar to the commonly supported cfmakeraw(3),
except that it fills the termios structure with sane defaults.

Change all code in our base system to use this function, instead of
depending on <sys/ttydefaults.h> to provide TTYDEF_*.

Remove `dead code' from rlogind.

- It shouldn't call logwtmp(). Applications like login(1) already make
sure both login and logout entries are written to the storage.
- There's no need to restore permissions on the pseudo-terminal, since
it should be garbage collected by the kernel.

NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.

Spell SHUT_RDWR as SHUT_RDWR not 2 as the how argument to shutdown(2).

Fix most cases where the address of an int is passed to a function expecting a
socklen_t * argument.

Removed Kerberos remnants.

Fix a sign/unsigned comparison.

Use <paths.h> rather than "pathnames.h", and fix a couple of whitespace nits.

Sponsored by: DARPA, NAI Labs

o __P removal
o register removal
o use new style prototypes and function definitions

Handle snprintf() returning < -1.

Handle snprintf() returning -1.

MFC after: 2 weeks

Use STD{ERR,IN,OUT}_FILENO instead of their numeric values. The
definitions are more readable, and it's possible that they're
more portable to pathalogical platforms.

Submitted by: David Hill <david@phobia.ms>

MFS: Silence compilation warnings.

Removed broken PAM support from rshd(8) and rlogind(8). rshd does
not allocate a pty(4) so it is not suitable at all for interactive
PAM modules. rlogind calls login(1) which is already PAM enabled.

Approved by: markm

Make it compile without -DNO_PAM again.

sprintf() -> snprintf() paranoia.

Make compilable without -DINET6.
With shut up unused variable warnings.

PR: bin/20225
Submitted by: Paul Herman <pherman@frenchfries.net>

sync iruserok() extension API with other BSDs

Some of rcmd related function is need to be updated to
support IPv6. Some of them are already updated as standard
document. But there is also several de-facto functions and
they are not listed in standard documents.
They are,

iruserok() (used by rlogind, rshd)
ruserok() (used by kerberos, etc)

KAME package updated those functions in original way.

iruserok_af()
ruserok_af()

But recently there was discussion on IETF IPng mailing
list about how to sync those API, and it is decided,

-Those function is not standard and not documented.
-But let BSDs sync their API as de-facto.

And after some discussion, it is announced that

-add update to iruserok() as iruserok_sa()
-no ruserok() API change(it is only updated internaly)

So I sync those API before 4.0 is released.
The changes are,
-prototype changes
-ruserok() internal update (use iruserok_sa() inside)
-removal of ruserok_af()
-change iruserok_af() as static functioin, and also prefix the name with __.
-add iruserok_sa() (Just call __iruserok_af() inside)
-adding flag AI_ALL to getipnodebyaddr() called from __icheckhost().
This is necessary to support IPv4 communication via AF_INET6 socket
could be correctly authenticated via iruserok_sa()
-irusreok_af() call is replaced to iruserok_sa() call
in rlogind, and rshd.

Approved by: jkh

several tcp apps IPv6 update
-inetd
-rshd
-rlogind
-telnetd
-rsh
-rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project

Fix for new Kerberos4. Make a fist cut at PAM-ising while I'm here.

$Id$ -> $FreeBSD$

Ufff. cflags -> chflags. I could have sworn this change has been in
my last three successful make buildworlds...

Noticed by: phk

Remove all flags from devices before we try to assert ownership and
set permissions.

Bug not fixed:
We silently ignore failures of chflags, chmod and chown.

More egcs warning fixes:
o main returns int not void
o use return 0 at end of main when needed
o use braces to avoid potentially ambiguous else
o don't default to type int (and also remove a useless register
modifier).

Reviewed by: obrien and chuckr

Ensure that things returned by gethostname() and
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde

Use realhostname() rather than various combinations of
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.

As previously threatened, clean up the rshd -a option and make it default
on rshd and rlogind. However, note that:
1: rshd used to drop a connection with -a if the hostname != ip address.
This is unneeded, because iruserok() does it's own checking.
It was also wrong if .rhosts had an explicit IP address in it,
connections would be dropped from that host solely because the DNS was
mismatched even though it was explicitly intended to work by IP address.
2: rlogind and rshd check the hostname mappings by default now because that
is what goes into the utmp/wtmp and logs. If the hostname != ip address,
then it uses the IP address for logging/utmp/wtmp purposes. There isn't
much point logging ficticious hostnames.
3: rshd -a is now accepted (but ignored) for compatability. If you really
want to make life miserable for people with bad reverse DNS, use tcpd in
paranoid mode (which is questionable anyway, given DNS ttl tweaking).

Sort #includes. Add rcsid. Add man page section in .Xrefs.

Changes for the new KTH Kerberos.
Also make -Wall a bit quieter.

compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.

Fix various buffer overflows that may or may not be exploitable.

Fixes PR 2588

Reviewed by: Dan Cross?
Submitted by: Julian Assange

Revert $FreeBSD$ to $Id$

Some patches for source routed packets from OpenBSD.
Rev 1.16 deraadt:
do not warn about valid options; invalid options correctly quit
Rev 1.15 deraadt:
need not clear options since bad ones cause exit;
provos@ws1.physnet.uni-hamburg.de
Rev 1.14 deraadt:
IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed
out by provos@wserver.physnet.uni-hamburg.de. also another 1-char
buffer overflow.

Reviewed by: Peter Wemm
Obtained from: OpenSBD

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

add forgotten $Id$

Fix some compilation warnings.

#include <kerberosIV/des.h> -> #include <des.h>

Rename des_set_key -> des_set_key_krb. (libdes conflict)

Fix typo.

It is not necessary to check if a '-' is in lusername., Checking if
lusername starts with a '-' is enough. Otherwise, no users with a '-'
in there name can use rlogin.

Stop rlogind from bogusly ignoring an explicit .rhosts file for root.
It still correctly ignores hosts.equiv. This is now consistant with rshd.

Added a -D option to set the TCP_NODELAY socket option. This improves
responsiveness at the expense of some additional network traffic.

Kerberos can now deal with multi-homed clients.

Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions. This ensures
that packets only leave the *authenticated* interface. Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>

Remove trailing whitespace.

Plug security hole that was already fixed in 1.1. It prevents
user from specifying their hostname when rlogin()-ing in
(using rlogin -f-h<host>)

Reviewed by:
Submitted by:

This commit was generated by cvs2svn to compensate for changes in r1592,
which included commits to RCS files with non-trunk default branches.

BSD 4.4 Lite Libexec Sources