Last update: Wed Mar 31 21:39:01 MET DST 1993

This archive contains source to rsh and rlogin daemons that perform
tcp/ip daemon wrapper style logging and access control, that log the
remote and local user name, too.

The programs are drop-in replacements for SunOS 4.x, Ultrix 4.[2-3] and
SunOS 5.[01] (Solaris 2.[01]). They are derived from sources on the
43BSD NET/1 tape, released 1989. The stuff from vendors must be even
older! The next major release will hopefully be something more recent.

Main improvement over previous versions: the rlogin daemon will now
work with existing /bin/login commands (but it can still be used with
the fascist login command that is provided with this archive).

Some of the programs use the libwrap.a library that comes with recent
tcp/ip daemon wrapper (log_tcp) implementations. In order to build, you
will have to do a

	setenv LOG_TCP directory_with_the_libwrap.a_library

Modified versions of BSD 4.3+ r-command daemons, hacked to report remote
host/user names:

	rlogind	logging and access control in the style of the tcp 
		wrapper (log_tcp) package. This program logs with
		priority daemon.info.

	rshd	logging and access control in the style of the tcp 
		wrapper (log_tcp) package. This program logs with
		priority daemon.info.

Other modified BSD 4.3+ stuff:

	login	hacked for SunOS 4.x, Ultrix 4.x, SunOS 5.x, with 
		optional access control on a per (user,host) or per 
		(user, tty) basis, fbtab(5) security, and with 
		fascist login failure logging. This program logs
		with priority auth.debug.

	telnetd	pretty dumb BSD 4.3 telnetd. No access control or logging, 
		but compatible with SunOS 4.x, Ultrix 4.x, SunOS 5.x.

	lib	additional routines used by login and by some daemons.

The README* files in the respective subdirectories give details.

Please report any problems to:

	Wietse Venema (wietse@wzv.win.tue.nl)
	Eindhoven University of Technology
	Eindhoven, The Netherlands

Change log:

901218	Fixed a problem with NOFLSH in login.c that caused interrupts
	to not flush the terminal input queue.

910209	Added per-user login access control.

911128	Added support to login for SunOS 4.x style /etc/fbtab, a table 
	of devices whose protection and ownership is to be adjusted
	when a user logs in.

920609	Added tcp wrapper (log_tcp) style access control to rlogind and
	rshd. Improved the remote host name verification code. Added the
	LD_xxx environment fix to login.

920624	Login no longer just dies when the connection is broken, but first
	reports a login failure. This exposes an old cracker's trick.

921029	Ported to Ultrix 4.2. Most of the work was finding out why the
	login process did not have a controlling terminal.

921208	Ported to Solaris 2.0. rlogind can now work with the /bin/login 
	that comes with most UNIXes. This was desirable because not
	everyone is in a position to replace /bin/login.  Moreover,
	some SYSV logins can't even support the '-f' option at all (or
	everyone could login without a password). 2alpha version released.

921229	Tested with Solaris 2.1; some cleanups after looking at modified
	4.4BSD sources from Charles Hedrick (hedrick@cs.rutgers.edu).
	The sources can be found on farside.rutgers.edu.

930103	Most of the sensible SYSV login features implemented. Frozen after 
	check, check and double check. The source really suffered from
	porting and has become too ugly. It becomes a lot more readable
	after running through the unifdef program. Version 2beta released.

930119  Version 2 released after compatibility patches: rshd path; 
	disabling the local domain stripping in login.c; cleanup
	utmpx file after rejecting an rlogin connection.

930221	Added group support to the login access control code, so that we
	can disallow off-site logins to wheel group members.  Group
	matches work only for accounts that are explicitly listed in
	the group file: the matching is not based on group id values.

930222	Stole the code for the EXCEPT operator from the tcp wrapper.
	This, and the previous change, allows me to replace:

		# Disallow non-local logins into the wheel accounts
		+:foo bar baz:LOCAL .my.domain
		-:foo bar baz:ALL

	into the much easier to understand:

		-:wheel:ALL EXCEPT LOCAL .my.domain

	Assuming, of course, that the default is to permit access.

930331	Added per-program hints on how to configure syslogd.
	Added __svr4__ to the Solaris CFLAGS macro because the
	unbundled C compiler does not define it.
