rshd.c revision 1.14
1 /* $NetBSD: rshd.c,v 1.14 1998/07/06 06:48:56 mrg Exp $ */ 2 3 /*- 4 * Copyright (c) 1988, 1989, 1992, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #ifndef lint 38 __COPYRIGHT("@(#) Copyright (c) 1988, 1989, 1992, 1993, 1994\n\ 39 The Regents of the University of California. All rights reserved.\n"); 40 #if 0 41 static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; 42 #else 43 __RCSID("$NetBSD: rshd.c,v 1.14 1998/07/06 06:48:56 mrg Exp $"); 44 #endif 45 #endif /* not lint */ 46 47 /* 48 * remote shell server: 49 * [port]\0 50 * remuser\0 51 * locuser\0 52 * command\0 53 * data 54 */ 55 #include <sys/param.h> 56 #include <sys/ioctl.h> 57 #include <sys/time.h> 58 #include <sys/socket.h> 59 60 #include <netinet/in.h> 61 #include <arpa/inet.h> 62 #include <netdb.h> 63 64 #include <errno.h> 65 #include <fcntl.h> 66 #include <paths.h> 67 #include <pwd.h> 68 #include <signal.h> 69 #include <stdio.h> 70 #include <stdlib.h> 71 #include <string.h> 72 #include <syslog.h> 73 #include <unistd.h> 74 75 int keepalive = 1; 76 int check_all; 77 int log_success; /* If TRUE, log all successful accesses */ 78 int sent_null; 79 80 void doit __P((struct sockaddr_in *)); 81 void error __P((const char *, ...)); 82 void getstr __P((char *, int, char *)); 83 int local_domain __P((char *)); 84 char *topdomain __P((char *)); 85 void usage __P((void)); 86 int main __P((int, char *[])); 87 88 #define OPTIONS "alnL" 89 90 int 91 main(argc, argv) 92 int argc; 93 char *argv[]; 94 { 95 extern int __check_rhosts_file; 96 struct linger linger; 97 int ch, on = 1, fromlen; 98 struct sockaddr_in from; 99 100 openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); 101 102 opterr = 0; 103 while ((ch = getopt(argc, argv, OPTIONS)) != -1) 104 switch (ch) { 105 case 'a': 106 check_all = 1; 107 break; 108 case 'l': 109 __check_rhosts_file = 0; 110 break; 111 case 'n': 112 keepalive = 0; 113 break; 114 case 'L': 115 log_success = 1; 116 break; 117 case '?': 118 default: 119 usage(); 120 break; 121 } 122 123 argc -= optind; 124 argv += optind; 125 126 127 fromlen = sizeof (from); 128 if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { 129 syslog(LOG_ERR, "getpeername: %m"); 130 _exit(1); 131 } 132 if (keepalive && 133 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, 134 sizeof(on)) < 0) 135 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 136 linger.l_onoff = 1; 137 linger.l_linger = 60; /* XXX */ 138 if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, 139 sizeof (linger)) < 0) 140 syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); 141 doit(&from); 142 /* NOTREACHED */ 143 #ifdef __GNUC__ 144 exit(0); 145 #endif 146 } 147 148 char username[20] = "USER="; 149 char homedir[64] = "HOME="; 150 char shell[64] = "SHELL="; 151 char path[100] = "PATH="; 152 char *envinit[] = 153 {homedir, shell, path, username, 0}; 154 char **environ; 155 156 void 157 doit(fromp) 158 struct sockaddr_in *fromp; 159 { 160 extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ 161 struct hostent *hp; 162 struct passwd *pwd; 163 in_port_t port; 164 fd_set ready, readfrom; 165 int cc, nfd, pv[2], pid, s = -1; /* XXX gcc */ 166 int one = 1; 167 char *hostname, *errorstr, *errorhost = NULL; /* XXX gcc */ 168 char *cp, sig, buf[BUFSIZ]; 169 char cmdbuf[NCARGS+1], locuser[16], remuser[16]; 170 char remotehost[2 * MAXHOSTNAMELEN + 1]; 171 char hostnamebuf[2 * MAXHOSTNAMELEN + 1]; 172 173 174 (void) signal(SIGINT, SIG_DFL); 175 (void) signal(SIGQUIT, SIG_DFL); 176 (void) signal(SIGTERM, SIG_DFL); 177 #ifdef DEBUG 178 { int t = open(_PATH_TTY, 2); 179 if (t >= 0) { 180 ioctl(t, TIOCNOTTY, (char *)0); 181 (void) close(t); 182 } 183 } 184 #endif 185 fromp->sin_port = ntohs((in_port_t)fromp->sin_port); 186 if (fromp->sin_family != AF_INET) { 187 syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", 188 fromp->sin_family); 189 exit(1); 190 } 191 #ifdef IP_OPTIONS 192 { 193 u_char optbuf[BUFSIZ/3], *cp; 194 char lbuf[BUFSIZ], *lp; 195 int optsize = sizeof(optbuf), ipproto; 196 struct protoent *ip; 197 198 if ((ip = getprotobyname("ip")) != NULL) 199 ipproto = ip->p_proto; 200 else 201 ipproto = IPPROTO_IP; 202 if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) && 203 optsize != 0) { 204 lp = lbuf; 205 for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) 206 sprintf(lp, " %2.2x", *cp); 207 syslog(LOG_NOTICE, 208 "Connection received from %s using IP options (ignored):%s", 209 inet_ntoa(fromp->sin_addr), lbuf); 210 if (setsockopt(0, ipproto, IP_OPTIONS, 211 (char *)NULL, optsize) != 0) { 212 syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m"); 213 exit(1); 214 } 215 } 216 } 217 #endif 218 219 if (fromp->sin_port >= IPPORT_RESERVED || 220 fromp->sin_port < IPPORT_RESERVED/2) { 221 syslog(LOG_NOTICE|LOG_AUTH, 222 "Connection from %s on illegal port %u", 223 inet_ntoa(fromp->sin_addr), fromp->sin_port); 224 exit(1); 225 } 226 227 (void) alarm(60); 228 port = 0; 229 for (;;) { 230 char c; 231 232 if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { 233 if (cc < 0) 234 syslog(LOG_NOTICE, "read: %m"); 235 shutdown(0, 1+1); 236 exit(1); 237 } 238 if (c == 0) 239 break; 240 port = port * 10 + c - '0'; 241 } 242 243 (void) alarm(0); 244 if (port != 0) { 245 int lport = IPPORT_RESERVED - 1; 246 s = rresvport(&lport); 247 if (s < 0) { 248 syslog(LOG_ERR, "can't get stderr port: %m"); 249 exit(1); 250 } 251 if (port >= IPPORT_RESERVED) { 252 syslog(LOG_ERR, "2nd port not reserved\n"); 253 exit(1); 254 } 255 fromp->sin_port = htons(port); 256 if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) { 257 syslog(LOG_INFO, "connect second port %d: %m", port); 258 exit(1); 259 } 260 } 261 262 263 #ifdef notdef 264 /* from inetd, socket is already on 0, 1, 2 */ 265 dup2(f, 0); 266 dup2(f, 1); 267 dup2(f, 2); 268 #endif 269 errorstr = NULL; 270 hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr), 271 fromp->sin_family); 272 if (hp) { 273 /* 274 * If name returned by gethostbyaddr is in our domain, 275 * attempt to verify that we haven't been fooled by someone 276 * in a remote net; look up the name and check that this 277 * address corresponds to the name. 278 */ 279 hostname = hp->h_name; 280 if (check_all || local_domain(hp->h_name)) { 281 strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1); 282 remotehost[sizeof(remotehost) - 1] = 0; 283 errorhost = remotehost; 284 hp = gethostbyname(remotehost); 285 if (hp == NULL) { 286 syslog(LOG_INFO, 287 "Couldn't look up address for %s", 288 remotehost); 289 errorstr = 290 "Couldn't look up address for your host (%s)\n"; 291 hostname = inet_ntoa(fromp->sin_addr); 292 } else for (; ; hp->h_addr_list++) { 293 if (hp->h_addr_list[0] == NULL) { 294 syslog(LOG_NOTICE, 295 "Host addr %s not listed for host %s", 296 inet_ntoa(fromp->sin_addr), 297 hp->h_name); 298 errorstr = 299 "Host address mismatch for %s\n"; 300 hostname = inet_ntoa(fromp->sin_addr); 301 break; 302 } 303 if (!bcmp(hp->h_addr_list[0], 304 (caddr_t)&fromp->sin_addr, 305 sizeof(fromp->sin_addr))) { 306 hostname = hp->h_name; 307 break; 308 } 309 } 310 } 311 hostname = strncpy(hostnamebuf, hostname, 312 sizeof(hostnamebuf) - 1); 313 } else 314 errorhost = hostname = strncpy(hostnamebuf, 315 inet_ntoa(fromp->sin_addr), sizeof(hostnamebuf) - 1); 316 317 hostnamebuf[sizeof(hostnamebuf) - 1] = '\0'; 318 319 getstr(remuser, sizeof(remuser), "remuser"); 320 getstr(locuser, sizeof(locuser), "locuser"); 321 getstr(cmdbuf, sizeof(cmdbuf), "command"); 322 setpwent(); 323 pwd = getpwnam(locuser); 324 if (pwd == NULL) { 325 syslog(LOG_INFO|LOG_AUTH, 326 "%s@%s as %s: unknown login. cmd='%.80s'", 327 remuser, hostname, locuser, cmdbuf); 328 if (errorstr == NULL) 329 errorstr = "Login incorrect.\n"; 330 goto fail; 331 } 332 if (chdir(pwd->pw_dir) < 0) { 333 (void) chdir("/"); 334 #ifdef notdef 335 syslog(LOG_INFO|LOG_AUTH, 336 "%s@%s as %s: no home directory. cmd='%.80s'", 337 remuser, hostname, locuser, cmdbuf); 338 error("No remote directory.\n"); 339 exit(1); 340 #endif 341 } 342 343 344 if (errorstr || 345 (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && 346 iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0, 347 remuser, locuser) < 0)) { 348 if (__rcmd_errstr) 349 syslog(LOG_INFO|LOG_AUTH, 350 "%s@%s as %s: permission denied (%s). cmd='%.80s'", 351 remuser, hostname, locuser, __rcmd_errstr, 352 cmdbuf); 353 else 354 syslog(LOG_INFO|LOG_AUTH, 355 "%s@%s as %s: permission denied. cmd='%.80s'", 356 remuser, hostname, locuser, cmdbuf); 357 fail: 358 if (errorstr == NULL) 359 errorstr = "Permission denied.\n"; 360 error(errorstr, errorhost); 361 exit(1); 362 } 363 364 if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { 365 error("Logins currently disabled.\n"); 366 exit(1); 367 } 368 369 (void) write(STDERR_FILENO, "\0", 1); 370 sent_null = 1; 371 372 if (port) { 373 if (pipe(pv) < 0) { 374 error("Can't make pipe.\n"); 375 exit(1); 376 } 377 pid = fork(); 378 if (pid == -1) { 379 error("Can't fork; try again.\n"); 380 exit(1); 381 } 382 if (pid) { 383 { 384 (void) close(0); 385 (void) close(1); 386 } 387 (void) close(2); 388 (void) close(pv[1]); 389 390 FD_ZERO(&readfrom); 391 FD_SET(s, &readfrom); 392 FD_SET(pv[0], &readfrom); 393 if (pv[0] > s) 394 nfd = pv[0]; 395 else 396 nfd = s; 397 ioctl(pv[0], FIONBIO, (char *)&one); 398 399 /* should set s nbio! */ 400 nfd++; 401 do { 402 ready = readfrom; 403 if (select(nfd, &ready, (fd_set *)0, 404 (fd_set *)0, (struct timeval *)0) < 0) 405 break; 406 if (FD_ISSET(s, &ready)) { 407 int ret; 408 409 ret = read(s, &sig, 1); 410 if (ret <= 0) 411 FD_CLR(s, &readfrom); 412 else 413 killpg(pid, sig); 414 } 415 if (FD_ISSET(pv[0], &ready)) { 416 errno = 0; 417 cc = read(pv[0], buf, sizeof(buf)); 418 if (cc <= 0) { 419 shutdown(s, 1+1); 420 FD_CLR(pv[0], &readfrom); 421 } else { 422 (void) write(s, buf, cc); 423 } 424 } 425 426 } while (FD_ISSET(s, &readfrom) || 427 FD_ISSET(pv[0], &readfrom)); 428 exit(0); 429 } 430 setpgrp(0, getpid()); 431 (void) close(s); 432 (void) close(pv[0]); 433 dup2(pv[1], 2); 434 close(pv[1]); 435 } 436 if (*pwd->pw_shell == '\0') 437 pwd->pw_shell = _PATH_BSHELL; 438 #if BSD > 43 439 if (setlogin(pwd->pw_name) < 0) 440 syslog(LOG_ERR, "setlogin() failed: %m"); 441 #endif 442 (void) setgid((gid_t)pwd->pw_gid); 443 initgroups(pwd->pw_name, pwd->pw_gid); 444 (void) setuid((uid_t)pwd->pw_uid); 445 environ = envinit; 446 strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); 447 strcat(path, _PATH_DEFPATH); 448 strncat(shell, pwd->pw_shell, sizeof(shell)-7); 449 strncat(username, pwd->pw_name, sizeof(username)-6); 450 cp = strrchr(pwd->pw_shell, '/'); 451 if (cp) 452 cp++; 453 else 454 cp = pwd->pw_shell; 455 endpwent(); 456 if (log_success || pwd->pw_uid == 0) { 457 syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", 458 remuser, hostname, locuser, cmdbuf); 459 } 460 execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); 461 perror(pwd->pw_shell); 462 exit(1); 463 } 464 465 /* 466 * Report error to client. Note: can't be used until second socket has 467 * connected to client, or older clients will hang waiting for that 468 * connection first. 469 */ 470 #if __STDC__ 471 #include <stdarg.h> 472 #else 473 #include <varargs.h> 474 #endif 475 476 void 477 #if __STDC__ 478 error(const char *fmt, ...) 479 #else 480 error(fmt, va_alist) 481 char *fmt; 482 va_dcl 483 #endif 484 { 485 va_list ap; 486 int len; 487 char *bp, buf[BUFSIZ]; 488 #if __STDC__ 489 va_start(ap, fmt); 490 #else 491 va_start(ap); 492 #endif 493 bp = buf; 494 if (sent_null == 0) { 495 *bp++ = 1; 496 len = 1; 497 } else 498 len = 0; 499 (void)vsnprintf(bp, sizeof(buf) - 1, fmt, ap); 500 (void)write(STDERR_FILENO, buf, len + strlen(bp)); 501 } 502 503 void 504 getstr(buf, cnt, err) 505 char *buf, *err; 506 int cnt; 507 { 508 char c; 509 510 do { 511 if (read(STDIN_FILENO, &c, 1) != 1) 512 exit(1); 513 *buf++ = c; 514 if (--cnt == 0) { 515 error("%s too long\n", err); 516 exit(1); 517 } 518 } while (c != 0); 519 } 520 521 /* 522 * Check whether host h is in our local domain, 523 * defined as sharing the last two components of the domain part, 524 * or the entire domain part if the local domain has only one component. 525 * If either name is unqualified (contains no '.'), 526 * assume that the host is local, as it will be 527 * interpreted as such. 528 */ 529 int 530 local_domain(h) 531 char *h; 532 { 533 char localhost[MAXHOSTNAMELEN + 1]; 534 char *p1, *p2; 535 536 localhost[0] = 0; 537 (void)gethostname(localhost, sizeof(localhost)); 538 localhost[sizeof(localhost) - 1] = '\0'; 539 p1 = topdomain(localhost); 540 p2 = topdomain(h); 541 if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2)) 542 return (1); 543 return (0); 544 } 545 546 char * 547 topdomain(h) 548 char *h; 549 { 550 char *p, *maybe = NULL; 551 int dots = 0; 552 553 for (p = h + strlen(h); p >= h; p--) { 554 if (*p == '.') { 555 if (++dots == 2) 556 return (p); 557 maybe = p; 558 } 559 } 560 return (maybe); 561 } 562 563 void 564 usage() 565 { 566 567 syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS); 568 exit(2); 569 } 570
Indexes created Mon Sep 22 13:09:51 GMT 2025