rshd.c revision 1.32
1 1.32 agc /* $NetBSD: rshd.c,v 1.32 2003/08/07 09:46:49 agc Exp $ */ 2 1.18 itojun 3 1.18 itojun /* 4 1.18 itojun * Copyright (C) 1998 WIDE Project. 5 1.18 itojun * All rights reserved. 6 1.18 itojun * 7 1.18 itojun * Redistribution and use in source and binary forms, with or without 8 1.18 itojun * modification, are permitted provided that the following conditions 9 1.18 itojun * are met: 10 1.18 itojun * 1. Redistributions of source code must retain the above copyright 11 1.18 itojun * notice, this list of conditions and the following disclaimer. 12 1.18 itojun * 2. Redistributions in binary form must reproduce the above copyright 13 1.18 itojun * notice, this list of conditions and the following disclaimer in the 14 1.18 itojun * documentation and/or other materials provided with the distribution. 15 1.18 itojun * 3. All advertising materials mentioning features or use of this software 16 1.18 itojun * must display the following acknowledgement: 17 1.18 itojun * This product includes software developed by WIDE Project and 18 1.18 itojun * its contributors. 19 1.18 itojun * 4. Neither the name of the project nor the names of its contributors 20 1.18 itojun * may be used to endorse or promote products derived from this software 21 1.18 itojun * without specific prior written permission. 22 1.18 itojun * 23 1.18 itojun * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 24 1.18 itojun * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.18 itojun * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.18 itojun * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 27 1.18 itojun * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.18 itojun * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.18 itojun * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.18 itojun * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.18 itojun * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.18 itojun * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.18 itojun * SUCH DAMAGE. 34 1.18 itojun */ 35 1.10 mrg 36 1.1 cgd /*- 37 1.7 cgd * Copyright (c) 1988, 1989, 1992, 1993, 1994 38 1.7 cgd * The Regents of the University of California. All rights reserved. 39 1.1 cgd * 40 1.1 cgd * Redistribution and use in source and binary forms, with or without 41 1.1 cgd * modification, are permitted provided that the following conditions 42 1.1 cgd * are met: 43 1.1 cgd * 1. Redistributions of source code must retain the above copyright 44 1.1 cgd * notice, this list of conditions and the following disclaimer. 45 1.1 cgd * 2. Redistributions in binary form must reproduce the above copyright 46 1.1 cgd * notice, this list of conditions and the following disclaimer in the 47 1.1 cgd * documentation and/or other materials provided with the distribution. 48 1.32 agc * 3. Neither the name of the University nor the names of its contributors 49 1.1 cgd * may be used to endorse or promote products derived from this software 50 1.1 cgd * without specific prior written permission. 51 1.1 cgd * 52 1.1 cgd * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 53 1.1 cgd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 54 1.1 cgd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 55 1.1 cgd * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 56 1.1 cgd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 57 1.1 cgd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 58 1.1 cgd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 59 1.1 cgd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 60 1.1 cgd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 61 1.1 cgd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 62 1.1 cgd * SUCH DAMAGE. 63 1.1 cgd */ 64 1.1 cgd 65 1.10 mrg #include <sys/cdefs.h> 66 1.1 cgd #ifndef lint 67 1.10 mrg __COPYRIGHT("@(#) Copyright (c) 1988, 1989, 1992, 1993, 1994\n\ 68 1.10 mrg The Regents of the University of California. All rights reserved.\n"); 69 1.10 mrg #if 0 70 1.10 mrg static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; 71 1.10 mrg #else 72 1.32 agc __RCSID("$NetBSD: rshd.c,v 1.32 2003/08/07 09:46:49 agc Exp $"); 73 1.10 mrg #endif 74 1.1 cgd #endif /* not lint */ 75 1.1 cgd 76 1.1 cgd /* 77 1.1 cgd * remote shell server: 78 1.1 cgd * [port]\0 79 1.1 cgd * remuser\0 80 1.1 cgd * locuser\0 81 1.1 cgd * command\0 82 1.1 cgd * data 83 1.1 cgd */ 84 1.1 cgd #include <sys/param.h> 85 1.1 cgd #include <sys/ioctl.h> 86 1.1 cgd #include <sys/time.h> 87 1.7 cgd #include <sys/socket.h> 88 1.1 cgd 89 1.1 cgd #include <netinet/in.h> 90 1.31 joff #include <netinet/tcp.h> 91 1.1 cgd #include <arpa/inet.h> 92 1.1 cgd #include <netdb.h> 93 1.1 cgd 94 1.7 cgd #include <errno.h> 95 1.7 cgd #include <fcntl.h> 96 1.7 cgd #include <paths.h> 97 1.1 cgd #include <pwd.h> 98 1.7 cgd #include <signal.h> 99 1.1 cgd #include <stdio.h> 100 1.1 cgd #include <stdlib.h> 101 1.1 cgd #include <string.h> 102 1.7 cgd #include <syslog.h> 103 1.7 cgd #include <unistd.h> 104 1.27 itojun #include <poll.h> 105 1.17 mjl #ifdef LOGIN_CAP 106 1.17 mjl #include <login_cap.h> 107 1.17 mjl #endif 108 1.1 cgd 109 1.1 cgd int keepalive = 1; 110 1.7 cgd int check_all; 111 1.7 cgd int log_success; /* If TRUE, log all successful accesses */ 112 1.1 cgd int sent_null; 113 1.1 cgd 114 1.18 itojun void doit __P((struct sockaddr *)); 115 1.20 is void error __P((const char *, ...)) 116 1.20 is __attribute__((__format__(__printf__, 1, 2))); 117 1.7 cgd void getstr __P((char *, int, char *)); 118 1.7 cgd int local_domain __P((char *)); 119 1.7 cgd char *topdomain __P((char *)); 120 1.7 cgd void usage __P((void)); 121 1.10 mrg int main __P((int, char *[])); 122 1.7 cgd 123 1.3 cgd #define OPTIONS "alnL" 124 1.23 christos extern int __check_rhosts_file; 125 1.23 christos extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ 126 1.1 cgd 127 1.7 cgd int 128 1.25 mjl main(int argc, char *argv[]) 129 1.1 cgd { 130 1.1 cgd struct linger linger; 131 1.1 cgd int ch, on = 1, fromlen; 132 1.18 itojun struct sockaddr_storage from; 133 1.31 joff struct protoent *proto; 134 1.1 cgd 135 1.22 lukem openlog("rshd", LOG_PID, LOG_DAEMON); 136 1.1 cgd 137 1.1 cgd opterr = 0; 138 1.11 enami while ((ch = getopt(argc, argv, OPTIONS)) != -1) 139 1.1 cgd switch (ch) { 140 1.1 cgd case 'a': 141 1.1 cgd check_all = 1; 142 1.1 cgd break; 143 1.1 cgd case 'l': 144 1.6 pk __check_rhosts_file = 0; 145 1.1 cgd break; 146 1.1 cgd case 'n': 147 1.1 cgd keepalive = 0; 148 1.1 cgd break; 149 1.3 cgd case 'L': 150 1.7 cgd log_success = 1; 151 1.3 cgd break; 152 1.1 cgd case '?': 153 1.1 cgd default: 154 1.1 cgd usage(); 155 1.7 cgd break; 156 1.1 cgd } 157 1.1 cgd 158 1.1 cgd argc -= optind; 159 1.1 cgd argv += optind; 160 1.1 cgd 161 1.18 itojun fromlen = sizeof (from); /* xxx */ 162 1.1 cgd if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { 163 1.1 cgd syslog(LOG_ERR, "getpeername: %m"); 164 1.25 mjl exit(1); 165 1.1 cgd } 166 1.19 itojun #if 0 167 1.19 itojun if (((struct sockaddr *)&from)->sa_family == AF_INET6 && 168 1.19 itojun IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr) && 169 1.19 itojun sizeof(struct sockaddr_in) <= sizeof(from)) { 170 1.19 itojun struct sockaddr_in sin; 171 1.19 itojun struct sockaddr_in6 *sin6; 172 1.19 itojun const int off = sizeof(struct sockaddr_in6) - 173 1.19 itojun sizeof(struct sockaddr_in); 174 1.19 itojun 175 1.19 itojun sin6 = (struct sockaddr_in6 *)&from; 176 1.19 itojun memset(&sin, 0, sizeof(sin)); 177 1.19 itojun sin.sin_family = AF_INET; 178 1.19 itojun sin.sin_len = sizeof(struct sockaddr_in); 179 1.19 itojun memcpy(&sin.sin_addr, &sin6->sin6_addr.s6_addr[off], 180 1.19 itojun sizeof(sin.sin_addr)); 181 1.19 itojun memcpy(&from, &sin, sizeof(sin)); 182 1.19 itojun fromlen = sin.sin_len; 183 1.19 itojun } 184 1.19 itojun #else 185 1.19 itojun if (((struct sockaddr *)&from)->sa_family == AF_INET6 && 186 1.19 itojun IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr)) { 187 1.19 itojun char hbuf[NI_MAXHOST]; 188 1.19 itojun if (getnameinfo((struct sockaddr *)&from, fromlen, hbuf, 189 1.19 itojun sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0) { 190 1.30 itojun strlcpy(hbuf, "invalid", sizeof(hbuf)); 191 1.19 itojun } 192 1.25 mjl syslog(LOG_ERR, "malformed \"from\" address (v4 mapped, %s)", 193 1.19 itojun hbuf); 194 1.19 itojun exit(1); 195 1.19 itojun } 196 1.19 itojun #endif 197 1.1 cgd if (keepalive && 198 1.1 cgd setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, 199 1.1 cgd sizeof(on)) < 0) 200 1.1 cgd syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 201 1.1 cgd linger.l_onoff = 1; 202 1.1 cgd linger.l_linger = 60; /* XXX */ 203 1.1 cgd if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, 204 1.1 cgd sizeof (linger)) < 0) 205 1.1 cgd syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); 206 1.31 joff proto = getprotobyname("tcp"); 207 1.31 joff setsockopt(0, proto->p_proto, TCP_NODELAY, &on, sizeof(on)); 208 1.18 itojun doit((struct sockaddr *)&from); 209 1.7 cgd /* NOTREACHED */ 210 1.10 mrg #ifdef __GNUC__ 211 1.10 mrg exit(0); 212 1.10 mrg #endif 213 1.1 cgd } 214 1.1 cgd 215 1.1 cgd char username[20] = "USER="; 216 1.1 cgd char homedir[64] = "HOME="; 217 1.1 cgd char shell[64] = "SHELL="; 218 1.1 cgd char path[100] = "PATH="; 219 1.1 cgd char *envinit[] = 220 1.1 cgd {homedir, shell, path, username, 0}; 221 1.1 cgd char **environ; 222 1.1 cgd 223 1.7 cgd void 224 1.25 mjl doit(struct sockaddr *fromp) 225 1.1 cgd { 226 1.1 cgd struct passwd *pwd; 227 1.14 mrg in_port_t port; 228 1.26 mycroft struct pollfd set[2]; 229 1.26 mycroft int cc, pv[2], pid, s = -1; /* XXX gcc */ 230 1.1 cgd int one = 1; 231 1.10 mrg char *hostname, *errorstr, *errorhost = NULL; /* XXX gcc */ 232 1.15 mycroft const char *cp; 233 1.15 mycroft char sig, buf[BUFSIZ]; 234 1.7 cgd char cmdbuf[NCARGS+1], locuser[16], remuser[16]; 235 1.1 cgd char remotehost[2 * MAXHOSTNAMELEN + 1]; 236 1.9 christos char hostnamebuf[2 * MAXHOSTNAMELEN + 1]; 237 1.17 mjl #ifdef LOGIN_CAP 238 1.17 mjl login_cap_t *lc; 239 1.17 mjl #endif 240 1.18 itojun char naddr[NI_MAXHOST]; 241 1.18 itojun char saddr[NI_MAXHOST]; 242 1.18 itojun char raddr[NI_MAXHOST]; 243 1.18 itojun char pbuf[NI_MAXSERV]; 244 1.18 itojun int af = fromp->sa_family; 245 1.18 itojun u_int16_t *portp; 246 1.18 itojun struct addrinfo hints, *res, *res0; 247 1.18 itojun int gaierror; 248 1.18 itojun #ifdef NI_WITHSCOPEID 249 1.18 itojun const int niflags = NI_NUMERICHOST | NI_NUMERICSERV | NI_WITHSCOPEID; 250 1.18 itojun #else 251 1.18 itojun const int niflags = NI_NUMERICHOST | NI_NUMERICSERV; 252 1.18 itojun #endif 253 1.1 cgd 254 1.1 cgd (void) signal(SIGINT, SIG_DFL); 255 1.1 cgd (void) signal(SIGQUIT, SIG_DFL); 256 1.1 cgd (void) signal(SIGTERM, SIG_DFL); 257 1.1 cgd #ifdef DEBUG 258 1.1 cgd { int t = open(_PATH_TTY, 2); 259 1.1 cgd if (t >= 0) { 260 1.1 cgd ioctl(t, TIOCNOTTY, (char *)0); 261 1.1 cgd (void) close(t); 262 1.1 cgd } 263 1.1 cgd } 264 1.1 cgd #endif 265 1.18 itojun switch (af) { 266 1.18 itojun case AF_INET: 267 1.18 itojun portp = &((struct sockaddr_in *)fromp)->sin_port; 268 1.18 itojun break; 269 1.18 itojun #ifdef INET6 270 1.18 itojun case AF_INET6: 271 1.18 itojun portp = &((struct sockaddr_in6 *)fromp)->sin6_port; 272 1.18 itojun break; 273 1.18 itojun #endif 274 1.18 itojun default: 275 1.25 mjl syslog(LOG_ERR, "malformed \"from\" address (af %d)", af); 276 1.18 itojun exit(1); 277 1.18 itojun } 278 1.18 itojun if (getnameinfo(fromp, fromp->sa_len, naddr, sizeof(naddr), 279 1.18 itojun pbuf, sizeof(pbuf), niflags) != 0) { 280 1.25 mjl syslog(LOG_ERR, "malformed \"from\" address (af %d)", af); 281 1.1 cgd exit(1); 282 1.1 cgd } 283 1.1 cgd #ifdef IP_OPTIONS 284 1.18 itojun if (af == AF_INET) 285 1.1 cgd { 286 1.1 cgd u_char optbuf[BUFSIZ/3], *cp; 287 1.30 itojun char lbuf[BUFSIZ], *lp, *ep; 288 1.1 cgd int optsize = sizeof(optbuf), ipproto; 289 1.1 cgd struct protoent *ip; 290 1.1 cgd 291 1.1 cgd if ((ip = getprotobyname("ip")) != NULL) 292 1.1 cgd ipproto = ip->p_proto; 293 1.1 cgd else 294 1.1 cgd ipproto = IPPROTO_IP; 295 1.1 cgd if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) && 296 1.1 cgd optsize != 0) { 297 1.1 cgd lp = lbuf; 298 1.30 itojun ep = lbuf + sizeof(lbuf); 299 1.1 cgd for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) 300 1.30 itojun snprintf(lp, ep - lp, " %2.2x", *cp); 301 1.1 cgd syslog(LOG_NOTICE, 302 1.1 cgd "Connection received from %s using IP options (ignored):%s", 303 1.18 itojun naddr, lbuf); 304 1.1 cgd if (setsockopt(0, ipproto, IP_OPTIONS, 305 1.1 cgd (char *)NULL, optsize) != 0) { 306 1.1 cgd syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m"); 307 1.1 cgd exit(1); 308 1.1 cgd } 309 1.1 cgd } 310 1.1 cgd } 311 1.1 cgd #endif 312 1.1 cgd 313 1.18 itojun if (ntohs(*portp) >= IPPORT_RESERVED 314 1.18 itojun || ntohs(*portp) < IPPORT_RESERVED/2) { 315 1.13 enami syslog(LOG_NOTICE|LOG_AUTH, 316 1.13 enami "Connection from %s on illegal port %u", 317 1.18 itojun naddr, ntohs(*portp)); 318 1.13 enami exit(1); 319 1.13 enami } 320 1.1 cgd 321 1.1 cgd (void) alarm(60); 322 1.1 cgd port = 0; 323 1.1 cgd for (;;) { 324 1.1 cgd char c; 325 1.13 enami 326 1.7 cgd if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { 327 1.1 cgd if (cc < 0) 328 1.22 lukem syslog(LOG_ERR, "read: %m"); 329 1.22 lukem shutdown(0, SHUT_RDWR); 330 1.1 cgd exit(1); 331 1.1 cgd } 332 1.13 enami if (c == 0) 333 1.1 cgd break; 334 1.1 cgd port = port * 10 + c - '0'; 335 1.1 cgd } 336 1.1 cgd 337 1.1 cgd (void) alarm(0); 338 1.1 cgd if (port != 0) { 339 1.1 cgd int lport = IPPORT_RESERVED - 1; 340 1.18 itojun s = rresvport_af(&lport, af); 341 1.1 cgd if (s < 0) { 342 1.1 cgd syslog(LOG_ERR, "can't get stderr port: %m"); 343 1.1 cgd exit(1); 344 1.1 cgd } 345 1.12 lukem if (port >= IPPORT_RESERVED) { 346 1.25 mjl syslog(LOG_ERR, "2nd port not reserved"); 347 1.12 lukem exit(1); 348 1.12 lukem } 349 1.18 itojun *portp = htons(port); 350 1.18 itojun if (connect(s, (struct sockaddr *)fromp, fromp->sa_len) < 0) { 351 1.22 lukem syslog(LOG_ERR, "connect second port %d: %m", port); 352 1.1 cgd exit(1); 353 1.1 cgd } 354 1.1 cgd } 355 1.1 cgd 356 1.1 cgd 357 1.1 cgd #ifdef notdef 358 1.1 cgd /* from inetd, socket is already on 0, 1, 2 */ 359 1.1 cgd dup2(f, 0); 360 1.1 cgd dup2(f, 1); 361 1.1 cgd dup2(f, 2); 362 1.1 cgd #endif 363 1.7 cgd errorstr = NULL; 364 1.18 itojun if (getnameinfo(fromp, fromp->sa_len, saddr, sizeof(saddr), 365 1.18 itojun NULL, 0, NI_NAMEREQD) == 0) { 366 1.1 cgd /* 367 1.18 itojun * If name returned by getnameinfo is in our domain, 368 1.1 cgd * attempt to verify that we haven't been fooled by someone 369 1.1 cgd * in a remote net; look up the name and check that this 370 1.1 cgd * address corresponds to the name. 371 1.1 cgd */ 372 1.18 itojun hostname = saddr; 373 1.21 itojun res0 = NULL; 374 1.18 itojun if (check_all || local_domain(saddr)) { 375 1.25 mjl strlcpy(remotehost, saddr, sizeof(remotehost)); 376 1.1 cgd errorhost = remotehost; 377 1.18 itojun memset(&hints, 0, sizeof(hints)); 378 1.18 itojun hints.ai_family = fromp->sa_family; 379 1.18 itojun hints.ai_socktype = SOCK_STREAM; 380 1.18 itojun hints.ai_flags = AI_CANONNAME; 381 1.18 itojun gaierror = getaddrinfo(remotehost, pbuf, &hints, &res0); 382 1.18 itojun if (gaierror) { 383 1.22 lukem syslog(LOG_NOTICE, 384 1.18 itojun "Couldn't look up address for %s: %s", 385 1.18 itojun remotehost, gai_strerror(gaierror)); 386 1.1 cgd errorstr = 387 1.1 cgd "Couldn't look up address for your host (%s)\n"; 388 1.18 itojun hostname = naddr; 389 1.18 itojun } else { 390 1.18 itojun for (res = res0; res; res = res->ai_next) { 391 1.18 itojun if (res->ai_family != fromp->sa_family) 392 1.18 itojun continue; 393 1.18 itojun if (res->ai_addrlen != fromp->sa_len) 394 1.18 itojun continue; 395 1.18 itojun if (getnameinfo(res->ai_addr, 396 1.18 itojun res->ai_addrlen, 397 1.18 itojun raddr, sizeof(raddr), NULL, 0, 398 1.18 itojun niflags) == 0 399 1.18 itojun && strcmp(naddr, raddr) == 0) { 400 1.18 itojun hostname = res->ai_canonname 401 1.18 itojun ? res->ai_canonname 402 1.18 itojun : saddr; 403 1.18 itojun break; 404 1.18 itojun } 405 1.18 itojun } 406 1.18 itojun if (res == NULL) { 407 1.1 cgd syslog(LOG_NOTICE, 408 1.1 cgd "Host addr %s not listed for host %s", 409 1.18 itojun naddr, res0->ai_canonname 410 1.18 itojun ? res0->ai_canonname 411 1.18 itojun : saddr); 412 1.1 cgd errorstr = 413 1.1 cgd "Host address mismatch for %s\n"; 414 1.18 itojun hostname = naddr; 415 1.1 cgd } 416 1.1 cgd } 417 1.1 cgd } 418 1.25 mjl strlcpy(hostnamebuf, hostname, sizeof(hostnamebuf)); 419 1.25 mjl hostname = hostnamebuf; 420 1.21 itojun if (res0) 421 1.21 itojun freeaddrinfo(res0); 422 1.18 itojun } else { 423 1.25 mjl strlcpy(hostnamebuf, naddr, sizeof(hostnamebuf)); 424 1.25 mjl errorhost = hostname = hostnamebuf; 425 1.18 itojun } 426 1.1 cgd 427 1.9 christos getstr(remuser, sizeof(remuser), "remuser"); 428 1.1 cgd getstr(locuser, sizeof(locuser), "locuser"); 429 1.1 cgd getstr(cmdbuf, sizeof(cmdbuf), "command"); 430 1.1 cgd setpwent(); 431 1.1 cgd pwd = getpwnam(locuser); 432 1.1 cgd if (pwd == NULL) { 433 1.7 cgd syslog(LOG_INFO|LOG_AUTH, 434 1.7 cgd "%s@%s as %s: unknown login. cmd='%.80s'", 435 1.7 cgd remuser, hostname, locuser, cmdbuf); 436 1.1 cgd if (errorstr == NULL) 437 1.25 mjl errorstr = "Permission denied.\n"; 438 1.1 cgd goto fail; 439 1.1 cgd } 440 1.17 mjl #ifdef LOGIN_CAP 441 1.17 mjl lc = login_getclass(pwd ? pwd->pw_class : NULL); 442 1.17 mjl #endif 443 1.17 mjl 444 1.1 cgd if (chdir(pwd->pw_dir) < 0) { 445 1.17 mjl #ifdef LOGIN_CAP 446 1.17 mjl if (chdir("/") < 0 || 447 1.17 mjl login_getcapbool(lc, "requirehome", pwd->pw_uid ? 1 : 0)) { 448 1.17 mjl syslog(LOG_INFO|LOG_AUTH, 449 1.17 mjl "%s@%s as %s: no home directory. cmd='%.80s'", 450 1.17 mjl remuser, hostname, locuser, cmdbuf); 451 1.17 mjl error("No remote home directory.\n"); 452 1.17 mjl exit(0); 453 1.17 mjl } 454 1.17 mjl #else 455 1.1 cgd (void) chdir("/"); 456 1.1 cgd #ifdef notdef 457 1.7 cgd syslog(LOG_INFO|LOG_AUTH, 458 1.7 cgd "%s@%s as %s: no home directory. cmd='%.80s'", 459 1.7 cgd remuser, hostname, locuser, cmdbuf); 460 1.1 cgd error("No remote directory.\n"); 461 1.1 cgd exit(1); 462 1.17 mjl #endif /* notdef */ 463 1.17 mjl #endif /* LOGIN_CAP */ 464 1.1 cgd } 465 1.1 cgd 466 1.1 cgd 467 1.13 enami if (errorstr || 468 1.13 enami (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && 469 1.18 itojun iruserok_sa(fromp, fromp->sa_len, pwd->pw_uid == 0, remuser, 470 1.18 itojun locuser) < 0)) { 471 1.13 enami if (__rcmd_errstr) 472 1.13 enami syslog(LOG_INFO|LOG_AUTH, 473 1.7 cgd "%s@%s as %s: permission denied (%s). cmd='%.80s'", 474 1.13 enami remuser, hostname, locuser, __rcmd_errstr, 475 1.13 enami cmdbuf); 476 1.13 enami else 477 1.13 enami syslog(LOG_INFO|LOG_AUTH, 478 1.7 cgd "%s@%s as %s: permission denied. cmd='%.80s'", 479 1.13 enami remuser, hostname, locuser, cmdbuf); 480 1.1 cgd fail: 481 1.13 enami if (errorstr == NULL) 482 1.13 enami errorstr = "Permission denied.\n"; 483 1.13 enami error(errorstr, errorhost); 484 1.13 enami exit(1); 485 1.13 enami } 486 1.1 cgd 487 1.1 cgd if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { 488 1.1 cgd error("Logins currently disabled.\n"); 489 1.1 cgd exit(1); 490 1.1 cgd } 491 1.1 cgd 492 1.7 cgd (void) write(STDERR_FILENO, "\0", 1); 493 1.1 cgd sent_null = 1; 494 1.1 cgd 495 1.1 cgd if (port) { 496 1.1 cgd if (pipe(pv) < 0) { 497 1.1 cgd error("Can't make pipe.\n"); 498 1.1 cgd exit(1); 499 1.1 cgd } 500 1.1 cgd pid = fork(); 501 1.1 cgd if (pid == -1) { 502 1.1 cgd error("Can't fork; try again.\n"); 503 1.1 cgd exit(1); 504 1.1 cgd } 505 1.1 cgd if (pid) { 506 1.1 cgd { 507 1.7 cgd (void) close(0); 508 1.7 cgd (void) close(1); 509 1.1 cgd } 510 1.7 cgd (void) close(2); 511 1.7 cgd (void) close(pv[1]); 512 1.1 cgd 513 1.26 mycroft set[0].fd = s; 514 1.26 mycroft set[0].events = POLLIN; 515 1.26 mycroft set[1].fd = pv[0]; 516 1.26 mycroft set[1].events = POLLIN; 517 1.13 enami ioctl(pv[0], FIONBIO, (char *)&one); 518 1.1 cgd 519 1.1 cgd /* should set s nbio! */ 520 1.1 cgd do { 521 1.26 mycroft if (poll(set, 2, INFTIM) < 0) 522 1.13 enami break; 523 1.26 mycroft if (set[0].revents & POLLIN) { 524 1.1 cgd int ret; 525 1.13 enami 526 1.13 enami ret = read(s, &sig, 1); 527 1.1 cgd if (ret <= 0) 528 1.26 mycroft set[0].events = 0; 529 1.1 cgd else 530 1.1 cgd killpg(pid, sig); 531 1.1 cgd } 532 1.26 mycroft if (set[1].revents & POLLIN) { 533 1.1 cgd errno = 0; 534 1.1 cgd cc = read(pv[0], buf, sizeof(buf)); 535 1.1 cgd if (cc <= 0) { 536 1.22 lukem shutdown(s, SHUT_RDWR); 537 1.26 mycroft set[1].events = 0; 538 1.1 cgd } else { 539 1.13 enami (void) write(s, buf, cc); 540 1.1 cgd } 541 1.1 cgd } 542 1.1 cgd 543 1.26 mycroft } while ((set[0].revents | set[1].revents) & POLLIN); 544 1.1 cgd exit(0); 545 1.1 cgd } 546 1.7 cgd (void) close(s); 547 1.7 cgd (void) close(pv[0]); 548 1.1 cgd dup2(pv[1], 2); 549 1.1 cgd close(pv[1]); 550 1.1 cgd } 551 1.29 dsl setsid(); 552 1.17 mjl 553 1.17 mjl if (*pwd->pw_shell == '\0') 554 1.17 mjl pwd->pw_shell = _PATH_BSHELL; 555 1.17 mjl #ifdef LOGIN_CAP 556 1.17 mjl { 557 1.17 mjl char *sh; 558 1.17 mjl 559 1.17 mjl if((sh = login_getcapstr(lc, "shell", NULL, NULL))) { 560 1.17 mjl if(!(sh = strdup(sh))) { 561 1.22 lukem syslog(LOG_ERR, "Cannot alloc mem"); 562 1.17 mjl exit(1); 563 1.17 mjl } 564 1.17 mjl pwd->pw_shell = sh; 565 1.17 mjl } 566 1.17 mjl } 567 1.17 mjl #endif 568 1.1 cgd environ = envinit; 569 1.30 itojun strlcat(homedir, pwd->pw_dir, sizeof(homedir)); 570 1.30 itojun strlcat(path, _PATH_DEFPATH, sizeof(path)); 571 1.30 itojun strlcat(shell, pwd->pw_shell, sizeof(shell)); 572 1.30 itojun strlcat(username, pwd->pw_name, sizeof(username)); 573 1.17 mjl #ifdef LOGIN_CAP 574 1.17 mjl if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) { 575 1.17 mjl syslog(LOG_ERR, "setusercontext: %m"); 576 1.17 mjl exit(1); 577 1.17 mjl } 578 1.17 mjl login_close(lc); 579 1.17 mjl #else 580 1.17 mjl (void) setgid((gid_t)pwd->pw_gid); 581 1.17 mjl initgroups(pwd->pw_name, pwd->pw_gid); 582 1.17 mjl (void) setuid((uid_t)pwd->pw_uid); 583 1.17 mjl #endif 584 1.17 mjl 585 1.17 mjl endpwent(); 586 1.17 mjl if (log_success || pwd->pw_uid == 0) { 587 1.17 mjl syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", 588 1.17 mjl remuser, hostname, locuser, cmdbuf); 589 1.17 mjl } 590 1.7 cgd cp = strrchr(pwd->pw_shell, '/'); 591 1.1 cgd if (cp) 592 1.1 cgd cp++; 593 1.1 cgd else 594 1.1 cgd cp = pwd->pw_shell; 595 1.25 mjl execl(pwd->pw_shell, cp, "-c", cmdbuf, NULL); 596 1.1 cgd perror(pwd->pw_shell); 597 1.1 cgd exit(1); 598 1.1 cgd } 599 1.1 cgd 600 1.1 cgd /* 601 1.7 cgd * Report error to client. Note: can't be used until second socket has 602 1.7 cgd * connected to client, or older clients will hang waiting for that 603 1.7 cgd * connection first. 604 1.1 cgd */ 605 1.25 mjl 606 1.7 cgd #include <stdarg.h> 607 1.7 cgd 608 1.25 mjl void error(const char *fmt, ...) 609 1.1 cgd { 610 1.7 cgd va_list ap; 611 1.7 cgd int len; 612 1.7 cgd char *bp, buf[BUFSIZ]; 613 1.7 cgd va_start(ap, fmt); 614 1.7 cgd bp = buf; 615 1.7 cgd if (sent_null == 0) { 616 1.1 cgd *bp++ = 1; 617 1.7 cgd len = 1; 618 1.7 cgd } else 619 1.7 cgd len = 0; 620 1.7 cgd (void)vsnprintf(bp, sizeof(buf) - 1, fmt, ap); 621 1.7 cgd (void)write(STDERR_FILENO, buf, len + strlen(bp)); 622 1.24 wiz va_end(ap); 623 1.1 cgd } 624 1.1 cgd 625 1.7 cgd void 626 1.25 mjl getstr(char *buf, int cnt, char *err) 627 1.1 cgd { 628 1.1 cgd char c; 629 1.1 cgd 630 1.1 cgd do { 631 1.7 cgd if (read(STDIN_FILENO, &c, 1) != 1) 632 1.1 cgd exit(1); 633 1.1 cgd *buf++ = c; 634 1.1 cgd if (--cnt == 0) { 635 1.1 cgd error("%s too long\n", err); 636 1.1 cgd exit(1); 637 1.1 cgd } 638 1.1 cgd } while (c != 0); 639 1.1 cgd } 640 1.1 cgd 641 1.1 cgd /* 642 1.1 cgd * Check whether host h is in our local domain, 643 1.1 cgd * defined as sharing the last two components of the domain part, 644 1.1 cgd * or the entire domain part if the local domain has only one component. 645 1.1 cgd * If either name is unqualified (contains no '.'), 646 1.1 cgd * assume that the host is local, as it will be 647 1.1 cgd * interpreted as such. 648 1.1 cgd */ 649 1.7 cgd int 650 1.25 mjl local_domain(char *h) 651 1.1 cgd { 652 1.14 mrg char localhost[MAXHOSTNAMELEN + 1]; 653 1.7 cgd char *p1, *p2; 654 1.1 cgd 655 1.1 cgd localhost[0] = 0; 656 1.14 mrg (void)gethostname(localhost, sizeof(localhost)); 657 1.14 mrg localhost[sizeof(localhost) - 1] = '\0'; 658 1.1 cgd p1 = topdomain(localhost); 659 1.1 cgd p2 = topdomain(h); 660 1.1 cgd if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2)) 661 1.7 cgd return (1); 662 1.7 cgd return (0); 663 1.1 cgd } 664 1.1 cgd 665 1.1 cgd char * 666 1.25 mjl topdomain(char *h) 667 1.1 cgd { 668 1.7 cgd char *p, *maybe = NULL; 669 1.1 cgd int dots = 0; 670 1.1 cgd 671 1.1 cgd for (p = h + strlen(h); p >= h; p--) { 672 1.1 cgd if (*p == '.') { 673 1.1 cgd if (++dots == 2) 674 1.1 cgd return (p); 675 1.1 cgd maybe = p; 676 1.1 cgd } 677 1.1 cgd } 678 1.1 cgd return (maybe); 679 1.1 cgd } 680 1.1 cgd 681 1.7 cgd void 682 1.25 mjl usage(void) 683 1.1 cgd { 684 1.7 cgd 685 1.1 cgd syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS); 686 1.7 cgd exit(2); 687 1.1 cgd } 688
Indexes created Fri Sep 26 08:10:20 GMT 2025