rshd.c revision 1.20
1 /* $NetBSD: rshd.c,v 1.20 2000/10/10 19:54:39 is Exp $ */ 2 3 /* 4 * Copyright (C) 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by WIDE Project and 18 * its contributors. 19 * 4. Neither the name of the project nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 /*- 37 * Copyright (c) 1988, 1989, 1992, 1993, 1994 38 * The Regents of the University of California. All rights reserved. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. All advertising materials mentioning features or use of this software 49 * must display the following acknowledgement: 50 * This product includes software developed by the University of 51 * California, Berkeley and its contributors. 52 * 4. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 */ 68 69 #include <sys/cdefs.h> 70 #ifndef lint 71 __COPYRIGHT("@(#) Copyright (c) 1988, 1989, 1992, 1993, 1994\n\ 72 The Regents of the University of California. All rights reserved.\n"); 73 #if 0 74 static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; 75 #else 76 __RCSID("$NetBSD: rshd.c,v 1.20 2000/10/10 19:54:39 is Exp $"); 77 #endif 78 #endif /* not lint */ 79 80 /* 81 * remote shell server: 82 * [port]\0 83 * remuser\0 84 * locuser\0 85 * command\0 86 * data 87 */ 88 #include <sys/param.h> 89 #include <sys/ioctl.h> 90 #include <sys/time.h> 91 #include <sys/socket.h> 92 93 #include <netinet/in.h> 94 #include <arpa/inet.h> 95 #include <netdb.h> 96 97 #include <errno.h> 98 #include <fcntl.h> 99 #include <paths.h> 100 #include <pwd.h> 101 #include <signal.h> 102 #include <stdio.h> 103 #include <stdlib.h> 104 #include <string.h> 105 #include <syslog.h> 106 #include <unistd.h> 107 #ifdef LOGIN_CAP 108 #include <login_cap.h> 109 #endif 110 111 int keepalive = 1; 112 int check_all; 113 int log_success; /* If TRUE, log all successful accesses */ 114 int sent_null; 115 116 void doit __P((struct sockaddr *)); 117 void error __P((const char *, ...)) 118 __attribute__((__format__(__printf__, 1, 2))); 119 void getstr __P((char *, int, char *)); 120 int local_domain __P((char *)); 121 char *topdomain __P((char *)); 122 void usage __P((void)); 123 int main __P((int, char *[])); 124 125 #define OPTIONS "alnL" 126 127 int 128 main(argc, argv) 129 int argc; 130 char *argv[]; 131 { 132 extern int __check_rhosts_file; 133 struct linger linger; 134 int ch, on = 1, fromlen; 135 struct sockaddr_storage from; 136 137 openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); 138 139 opterr = 0; 140 while ((ch = getopt(argc, argv, OPTIONS)) != -1) 141 switch (ch) { 142 case 'a': 143 check_all = 1; 144 break; 145 case 'l': 146 __check_rhosts_file = 0; 147 break; 148 case 'n': 149 keepalive = 0; 150 break; 151 case 'L': 152 log_success = 1; 153 break; 154 case '?': 155 default: 156 usage(); 157 break; 158 } 159 160 argc -= optind; 161 argv += optind; 162 163 fromlen = sizeof (from); /* xxx */ 164 if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { 165 syslog(LOG_ERR, "getpeername: %m"); 166 _exit(1); 167 } 168 #if 0 169 if (((struct sockaddr *)&from)->sa_family == AF_INET6 && 170 IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr) && 171 sizeof(struct sockaddr_in) <= sizeof(from)) { 172 struct sockaddr_in sin; 173 struct sockaddr_in6 *sin6; 174 const int off = sizeof(struct sockaddr_in6) - 175 sizeof(struct sockaddr_in); 176 177 sin6 = (struct sockaddr_in6 *)&from; 178 memset(&sin, 0, sizeof(sin)); 179 sin.sin_family = AF_INET; 180 sin.sin_len = sizeof(struct sockaddr_in); 181 memcpy(&sin.sin_addr, &sin6->sin6_addr.s6_addr[off], 182 sizeof(sin.sin_addr)); 183 memcpy(&from, &sin, sizeof(sin)); 184 fromlen = sin.sin_len; 185 } 186 #else 187 if (((struct sockaddr *)&from)->sa_family == AF_INET6 && 188 IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr)) { 189 char hbuf[NI_MAXHOST]; 190 if (getnameinfo((struct sockaddr *)&from, fromlen, hbuf, 191 sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0) { 192 strncpy(hbuf, "invalid", sizeof(hbuf)); 193 } 194 syslog(LOG_ERR, "malformed \"from\" address (v4 mapped, %s)\n", 195 hbuf); 196 exit(1); 197 } 198 #endif 199 if (keepalive && 200 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, 201 sizeof(on)) < 0) 202 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 203 linger.l_onoff = 1; 204 linger.l_linger = 60; /* XXX */ 205 if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, 206 sizeof (linger)) < 0) 207 syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); 208 doit((struct sockaddr *)&from); 209 /* NOTREACHED */ 210 #ifdef __GNUC__ 211 exit(0); 212 #endif 213 } 214 215 char username[20] = "USER="; 216 char homedir[64] = "HOME="; 217 char shell[64] = "SHELL="; 218 char path[100] = "PATH="; 219 char *envinit[] = 220 {homedir, shell, path, username, 0}; 221 char **environ; 222 223 void 224 doit(fromp) 225 struct sockaddr *fromp; 226 { 227 extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ 228 struct passwd *pwd; 229 in_port_t port; 230 fd_set ready, readfrom; 231 int cc, nfd, pv[2], pid, s = -1; /* XXX gcc */ 232 int one = 1; 233 char *hostname, *errorstr, *errorhost = NULL; /* XXX gcc */ 234 const char *cp; 235 char sig, buf[BUFSIZ]; 236 char cmdbuf[NCARGS+1], locuser[16], remuser[16]; 237 char remotehost[2 * MAXHOSTNAMELEN + 1]; 238 char hostnamebuf[2 * MAXHOSTNAMELEN + 1]; 239 #ifdef LOGIN_CAP 240 login_cap_t *lc; 241 #endif 242 char naddr[NI_MAXHOST]; 243 char saddr[NI_MAXHOST]; 244 char raddr[NI_MAXHOST]; 245 char pbuf[NI_MAXSERV]; 246 int af = fromp->sa_family; 247 u_int16_t *portp; 248 struct addrinfo hints, *res, *res0; 249 int gaierror; 250 #ifdef NI_WITHSCOPEID 251 const int niflags = NI_NUMERICHOST | NI_NUMERICSERV | NI_WITHSCOPEID; 252 #else 253 const int niflags = NI_NUMERICHOST | NI_NUMERICSERV; 254 #endif 255 256 (void) signal(SIGINT, SIG_DFL); 257 (void) signal(SIGQUIT, SIG_DFL); 258 (void) signal(SIGTERM, SIG_DFL); 259 #ifdef DEBUG 260 { int t = open(_PATH_TTY, 2); 261 if (t >= 0) { 262 ioctl(t, TIOCNOTTY, (char *)0); 263 (void) close(t); 264 } 265 } 266 #endif 267 switch (af) { 268 case AF_INET: 269 portp = &((struct sockaddr_in *)fromp)->sin_port; 270 break; 271 #ifdef INET6 272 case AF_INET6: 273 portp = &((struct sockaddr_in6 *)fromp)->sin6_port; 274 break; 275 #endif 276 default: 277 syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", af); 278 exit(1); 279 } 280 if (getnameinfo(fromp, fromp->sa_len, naddr, sizeof(naddr), 281 pbuf, sizeof(pbuf), niflags) != 0) { 282 syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", af); 283 exit(1); 284 } 285 #ifdef IP_OPTIONS 286 if (af == AF_INET) 287 { 288 u_char optbuf[BUFSIZ/3], *cp; 289 char lbuf[BUFSIZ], *lp; 290 int optsize = sizeof(optbuf), ipproto; 291 struct protoent *ip; 292 293 if ((ip = getprotobyname("ip")) != NULL) 294 ipproto = ip->p_proto; 295 else 296 ipproto = IPPROTO_IP; 297 if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) && 298 optsize != 0) { 299 lp = lbuf; 300 for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) 301 sprintf(lp, " %2.2x", *cp); 302 syslog(LOG_NOTICE, 303 "Connection received from %s using IP options (ignored):%s", 304 naddr, lbuf); 305 if (setsockopt(0, ipproto, IP_OPTIONS, 306 (char *)NULL, optsize) != 0) { 307 syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m"); 308 exit(1); 309 } 310 } 311 } 312 #endif 313 314 if (ntohs(*portp) >= IPPORT_RESERVED 315 || ntohs(*portp) < IPPORT_RESERVED/2) { 316 syslog(LOG_NOTICE|LOG_AUTH, 317 "Connection from %s on illegal port %u", 318 naddr, ntohs(*portp)); 319 exit(1); 320 } 321 322 (void) alarm(60); 323 port = 0; 324 for (;;) { 325 char c; 326 327 if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { 328 if (cc < 0) 329 syslog(LOG_NOTICE, "read: %m"); 330 shutdown(0, 1+1); 331 exit(1); 332 } 333 if (c == 0) 334 break; 335 port = port * 10 + c - '0'; 336 } 337 338 (void) alarm(0); 339 if (port != 0) { 340 int lport = IPPORT_RESERVED - 1; 341 s = rresvport_af(&lport, af); 342 if (s < 0) { 343 syslog(LOG_ERR, "can't get stderr port: %m"); 344 exit(1); 345 } 346 if (port >= IPPORT_RESERVED) { 347 syslog(LOG_ERR, "2nd port not reserved\n"); 348 exit(1); 349 } 350 *portp = htons(port); 351 if (connect(s, (struct sockaddr *)fromp, fromp->sa_len) < 0) { 352 syslog(LOG_INFO, "connect second port %d: %m", port); 353 exit(1); 354 } 355 } 356 357 358 #ifdef notdef 359 /* from inetd, socket is already on 0, 1, 2 */ 360 dup2(f, 0); 361 dup2(f, 1); 362 dup2(f, 2); 363 #endif 364 errorstr = NULL; 365 if (getnameinfo(fromp, fromp->sa_len, saddr, sizeof(saddr), 366 NULL, 0, NI_NAMEREQD) == 0) { 367 /* 368 * If name returned by getnameinfo is in our domain, 369 * attempt to verify that we haven't been fooled by someone 370 * in a remote net; look up the name and check that this 371 * address corresponds to the name. 372 */ 373 hostname = saddr; 374 if (check_all || local_domain(saddr)) { 375 strncpy(remotehost, saddr, sizeof(remotehost) - 1); 376 remotehost[sizeof(remotehost) - 1] = 0; 377 errorhost = remotehost; 378 memset(&hints, 0, sizeof(hints)); 379 hints.ai_family = fromp->sa_family; 380 hints.ai_socktype = SOCK_STREAM; 381 hints.ai_flags = AI_CANONNAME; 382 gaierror = getaddrinfo(remotehost, pbuf, &hints, &res0); 383 if (gaierror) { 384 syslog(LOG_INFO, 385 "Couldn't look up address for %s: %s", 386 remotehost, gai_strerror(gaierror)); 387 errorstr = 388 "Couldn't look up address for your host (%s)\n"; 389 hostname = naddr; 390 } else { 391 for (res = res0; res; res = res->ai_next) { 392 if (res->ai_family != fromp->sa_family) 393 continue; 394 if (res->ai_addrlen != fromp->sa_len) 395 continue; 396 if (getnameinfo(res->ai_addr, 397 res->ai_addrlen, 398 raddr, sizeof(raddr), NULL, 0, 399 niflags) == 0 400 && strcmp(naddr, raddr) == 0) { 401 hostname = res->ai_canonname 402 ? res->ai_canonname 403 : saddr; 404 break; 405 } 406 } 407 if (res == NULL) { 408 syslog(LOG_NOTICE, 409 "Host addr %s not listed for host %s", 410 naddr, res0->ai_canonname 411 ? res0->ai_canonname 412 : saddr); 413 errorstr = 414 "Host address mismatch for %s\n"; 415 hostname = naddr; 416 } 417 freeaddrinfo(res0); 418 } 419 } 420 hostname = strncpy(hostnamebuf, hostname, 421 sizeof(hostnamebuf) - 1); 422 } else { 423 errorhost = hostname = strncpy(hostnamebuf, 424 naddr, sizeof(hostnamebuf) - 1); 425 } 426 427 hostnamebuf[sizeof(hostnamebuf) - 1] = '\0'; 428 429 getstr(remuser, sizeof(remuser), "remuser"); 430 getstr(locuser, sizeof(locuser), "locuser"); 431 getstr(cmdbuf, sizeof(cmdbuf), "command"); 432 setpwent(); 433 pwd = getpwnam(locuser); 434 if (pwd == NULL) { 435 syslog(LOG_INFO|LOG_AUTH, 436 "%s@%s as %s: unknown login. cmd='%.80s'", 437 remuser, hostname, locuser, cmdbuf); 438 if (errorstr == NULL) 439 errorstr = "Login incorrect.\n"; 440 goto fail; 441 } 442 #ifdef LOGIN_CAP 443 lc = login_getclass(pwd ? pwd->pw_class : NULL); 444 #endif 445 446 if (chdir(pwd->pw_dir) < 0) { 447 #ifdef LOGIN_CAP 448 if (chdir("/") < 0 || 449 login_getcapbool(lc, "requirehome", pwd->pw_uid ? 1 : 0)) { 450 syslog(LOG_INFO|LOG_AUTH, 451 "%s@%s as %s: no home directory. cmd='%.80s'", 452 remuser, hostname, locuser, cmdbuf); 453 error("No remote home directory.\n"); 454 exit(0); 455 } 456 #else 457 (void) chdir("/"); 458 #ifdef notdef 459 syslog(LOG_INFO|LOG_AUTH, 460 "%s@%s as %s: no home directory. cmd='%.80s'", 461 remuser, hostname, locuser, cmdbuf); 462 error("No remote directory.\n"); 463 exit(1); 464 #endif /* notdef */ 465 #endif /* LOGIN_CAP */ 466 } 467 468 469 if (errorstr || 470 (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && 471 iruserok_sa(fromp, fromp->sa_len, pwd->pw_uid == 0, remuser, 472 locuser) < 0)) { 473 if (__rcmd_errstr) 474 syslog(LOG_INFO|LOG_AUTH, 475 "%s@%s as %s: permission denied (%s). cmd='%.80s'", 476 remuser, hostname, locuser, __rcmd_errstr, 477 cmdbuf); 478 else 479 syslog(LOG_INFO|LOG_AUTH, 480 "%s@%s as %s: permission denied. cmd='%.80s'", 481 remuser, hostname, locuser, cmdbuf); 482 fail: 483 if (errorstr == NULL) 484 errorstr = "Permission denied.\n"; 485 error(errorstr, errorhost); 486 exit(1); 487 } 488 489 if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { 490 error("Logins currently disabled.\n"); 491 exit(1); 492 } 493 494 (void) write(STDERR_FILENO, "\0", 1); 495 sent_null = 1; 496 497 if (port) { 498 if (pipe(pv) < 0) { 499 error("Can't make pipe.\n"); 500 exit(1); 501 } 502 pid = fork(); 503 if (pid == -1) { 504 error("Can't fork; try again.\n"); 505 exit(1); 506 } 507 if (pid) { 508 { 509 (void) close(0); 510 (void) close(1); 511 } 512 (void) close(2); 513 (void) close(pv[1]); 514 515 FD_ZERO(&readfrom); 516 FD_SET(s, &readfrom); 517 FD_SET(pv[0], &readfrom); 518 if (pv[0] > s) 519 nfd = pv[0]; 520 else 521 nfd = s; 522 ioctl(pv[0], FIONBIO, (char *)&one); 523 524 /* should set s nbio! */ 525 nfd++; 526 do { 527 ready = readfrom; 528 if (select(nfd, &ready, (fd_set *)0, 529 (fd_set *)0, (struct timeval *)0) < 0) 530 break; 531 if (FD_ISSET(s, &ready)) { 532 int ret; 533 534 ret = read(s, &sig, 1); 535 if (ret <= 0) 536 FD_CLR(s, &readfrom); 537 else 538 killpg(pid, sig); 539 } 540 if (FD_ISSET(pv[0], &ready)) { 541 errno = 0; 542 cc = read(pv[0], buf, sizeof(buf)); 543 if (cc <= 0) { 544 shutdown(s, 1+1); 545 FD_CLR(pv[0], &readfrom); 546 } else { 547 (void) write(s, buf, cc); 548 } 549 } 550 551 } while (FD_ISSET(s, &readfrom) || 552 FD_ISSET(pv[0], &readfrom)); 553 exit(0); 554 } 555 setpgrp(0, getpid()); 556 (void) close(s); 557 (void) close(pv[0]); 558 dup2(pv[1], 2); 559 close(pv[1]); 560 } 561 #if BSD > 43 562 if (setlogin(pwd->pw_name) < 0) 563 syslog(LOG_ERR, "setlogin() failed: %m"); 564 #endif 565 566 if (*pwd->pw_shell == '\0') 567 pwd->pw_shell = _PATH_BSHELL; 568 #ifdef LOGIN_CAP 569 { 570 char *sh; 571 572 if((sh = login_getcapstr(lc, "shell", NULL, NULL))) { 573 if(!(sh = strdup(sh))) { 574 syslog(LOG_NOTICE, "Cannot alloc mem"); 575 exit(1); 576 } 577 pwd->pw_shell = sh; 578 } 579 } 580 #endif 581 environ = envinit; 582 strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); 583 strcat(path, _PATH_DEFPATH); 584 strncat(shell, pwd->pw_shell, sizeof(shell)-7); 585 strncat(username, pwd->pw_name, sizeof(username)-6); 586 #ifdef LOGIN_CAP 587 if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) { 588 syslog(LOG_ERR, "setusercontext: %m"); 589 exit(1); 590 } 591 login_close(lc); 592 #else 593 (void) setgid((gid_t)pwd->pw_gid); 594 initgroups(pwd->pw_name, pwd->pw_gid); 595 (void) setuid((uid_t)pwd->pw_uid); 596 #endif 597 598 endpwent(); 599 if (log_success || pwd->pw_uid == 0) { 600 syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", 601 remuser, hostname, locuser, cmdbuf); 602 } 603 cp = strrchr(pwd->pw_shell, '/'); 604 if (cp) 605 cp++; 606 else 607 cp = pwd->pw_shell; 608 execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); 609 perror(pwd->pw_shell); 610 exit(1); 611 } 612 613 /* 614 * Report error to client. Note: can't be used until second socket has 615 * connected to client, or older clients will hang waiting for that 616 * connection first. 617 */ 618 #if __STDC__ 619 #include <stdarg.h> 620 #else 621 #include <varargs.h> 622 #endif 623 624 void 625 #if __STDC__ 626 error(const char *fmt, ...) 627 #else 628 error(fmt, va_alist) 629 char *fmt; 630 va_dcl 631 #endif 632 { 633 va_list ap; 634 int len; 635 char *bp, buf[BUFSIZ]; 636 #if __STDC__ 637 va_start(ap, fmt); 638 #else 639 va_start(ap); 640 #endif 641 bp = buf; 642 if (sent_null == 0) { 643 *bp++ = 1; 644 len = 1; 645 } else 646 len = 0; 647 (void)vsnprintf(bp, sizeof(buf) - 1, fmt, ap); 648 (void)write(STDERR_FILENO, buf, len + strlen(bp)); 649 } 650 651 void 652 getstr(buf, cnt, err) 653 char *buf, *err; 654 int cnt; 655 { 656 char c; 657 658 do { 659 if (read(STDIN_FILENO, &c, 1) != 1) 660 exit(1); 661 *buf++ = c; 662 if (--cnt == 0) { 663 error("%s too long\n", err); 664 exit(1); 665 } 666 } while (c != 0); 667 } 668 669 /* 670 * Check whether host h is in our local domain, 671 * defined as sharing the last two components of the domain part, 672 * or the entire domain part if the local domain has only one component. 673 * If either name is unqualified (contains no '.'), 674 * assume that the host is local, as it will be 675 * interpreted as such. 676 */ 677 int 678 local_domain(h) 679 char *h; 680 { 681 char localhost[MAXHOSTNAMELEN + 1]; 682 char *p1, *p2; 683 684 localhost[0] = 0; 685 (void)gethostname(localhost, sizeof(localhost)); 686 localhost[sizeof(localhost) - 1] = '\0'; 687 p1 = topdomain(localhost); 688 p2 = topdomain(h); 689 if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2)) 690 return (1); 691 return (0); 692 } 693 694 char * 695 topdomain(h) 696 char *h; 697 { 698 char *p, *maybe = NULL; 699 int dots = 0; 700 701 for (p = h + strlen(h); p >= h; p--) { 702 if (*p == '.') { 703 if (++dots == 2) 704 return (p); 705 maybe = p; 706 } 707 } 708 return (maybe); 709 } 710 711 void 712 usage() 713 { 714 715 syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS); 716 exit(2); 717 } 718
Indexes created Fri Sep 26 20:09:58 GMT 2025