rsh.c revision 1.23
1 /* $NetBSD: rsh.c,v 1.23 2004/10/16 02:03:54 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 1983, 1990, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 #ifndef lint 34 __COPYRIGHT("@(#) Copyright (c) 1983, 1990, 1993, 1994\n\ 35 The Regents of the University of California. All rights reserved.\n"); 36 #endif /* not lint */ 37 38 #ifndef lint 39 #if 0 40 static char sccsid[] = "@(#)rsh.c 8.4 (Berkeley) 4/29/95"; 41 #else 42 __RCSID("$NetBSD: rsh.c,v 1.23 2004/10/16 02:03:54 christos Exp $"); 43 #endif 44 #endif /* not lint */ 45 46 #include <sys/types.h> 47 #include <sys/socket.h> 48 #include <sys/ioctl.h> 49 #include <sys/file.h> 50 #include <poll.h> 51 52 #include <netinet/in.h> 53 #include <netinet/tcp.h> 54 #include <netdb.h> 55 56 #include <err.h> 57 #include <errno.h> 58 #include <limits.h> 59 #include <pwd.h> 60 #include <signal.h> 61 #include <stdarg.h> 62 #include <stdio.h> 63 #include <stdlib.h> 64 #include <string.h> 65 #include <unistd.h> 66 67 #include "pathnames.h" 68 #include "getport.h" 69 70 #ifdef KERBEROS 71 #include <des.h> 72 #include <kerberosIV/krb.h> 73 74 CREDENTIALS cred; 75 Key_schedule schedule; 76 int use_kerberos = 1, doencrypt; 77 char dst_realm_buf[REALM_SZ], *dest_realm; 78 79 void warning(const char *, ...); 80 #endif 81 82 /* 83 * rsh - remote shell 84 */ 85 int remerr; 86 87 static int sigs[] = { SIGINT, SIGTERM, SIGQUIT }; 88 89 char *copyargs(char **); 90 void sendsig(int); 91 int checkfd(struct pollfd *, int); 92 void talk(int, sigset_t *, pid_t, int); 93 void usage(void); 94 int main(int, char **); 95 #ifdef IN_RCMD 96 int orcmd(char **, int, const char *, 97 const char *, const char *, int *); 98 int orcmd_af(char **, int, const char *, 99 const char *, const char *, int *, int); 100 #endif 101 102 int 103 main(int argc, char **argv) 104 { 105 struct passwd *pw; 106 struct servent *sp; 107 sigset_t oset, nset; 108 struct protoent *proto; 109 110 #ifdef IN_RCMD 111 char *locuser = 0, *loop; 112 #endif /* IN_RCMD */ 113 int argoff, asrsh, ch, dflag, nflag, one, rem, i; 114 pid_t pid; 115 uid_t uid; 116 char *args, *host, *p, *user, *name; 117 char *service = NULL; 118 119 argoff = asrsh = dflag = nflag = 0; 120 one = 1; 121 host = user = NULL; 122 sp = NULL; 123 124 #ifndef IN_RCMD 125 /* 126 * If called as something other than "rsh" use it as the host name, 127 * only for rsh. 128 */ 129 if (strcmp(getprogname(), "rsh") == 0) 130 asrsh = 1; 131 else { 132 host = strdup(getprogname()); 133 if (host == NULL) 134 err(1, NULL); 135 } 136 #endif /* IN_RCMD */ 137 138 /* handle "rsh host flags" */ 139 if (!host && argc > 2 && argv[1][0] != '-') { 140 host = argv[1]; 141 argoff = 1; 142 } 143 144 #ifdef IN_RCMD 145 if ((loop = getenv("RCMD_LOOP")) && strcmp(loop, "YES") == 0) 146 warnx("rcmd appears to be looping!"); 147 148 putenv("RCMD_LOOP=YES"); 149 150 # ifdef KERBEROS 151 # ifdef CRYPT 152 # define OPTIONS "8KLdek:l:np:u:wx" 153 # else 154 # define OPTIONS "8KLdek:l:np:u:w" 155 # endif 156 # else 157 # define OPTIONS "8KLdel:np:u:w" 158 # endif 159 160 #else /* IN_RCMD */ 161 162 # ifdef KERBEROS 163 # ifdef CRYPT 164 # define OPTIONS "8KLdek:l:np:wx" 165 # else 166 # define OPTIONS "8KLdek:l:np:w" 167 # endif 168 # else 169 # define OPTIONS "8KLdel:np:w" 170 # endif 171 172 #endif /* IN_RCMD */ 173 174 if (!(pw = getpwuid(uid = getuid()))) 175 errx(1, "unknown user id"); 176 177 if ((name = strdup(pw->pw_name)) == NULL) 178 err(1, "malloc"); 179 while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1) 180 switch(ch) { 181 case 'K': 182 #ifdef KERBEROS 183 use_kerberos = 0; 184 #endif 185 break; 186 case 'L': /* -8Lew are ignored to allow rlogin aliases */ 187 case 'e': 188 case 'w': 189 case '8': 190 break; 191 case 'd': 192 dflag = 1; 193 break; 194 case 'l': 195 user = optarg; 196 break; 197 #ifdef KERBEROS 198 case 'k': 199 strlcpy(dest_realm_buf, optarg, sizeof(dest_realm_buf)); 200 dest_realm = dst_realm_buf; 201 break; 202 #endif 203 case 'n': 204 nflag = 1; 205 break; 206 case 'p': 207 sp = getport(optarg, "tcp"); 208 break; 209 #ifdef IN_RCMD 210 case 'u': 211 if (getuid() != 0 && optarg && name && 212 strcmp(name, optarg) != 0) 213 errx(1,"only super user can use the -u option"); 214 locuser = optarg; 215 break; 216 #endif /* IN_RCMD */ 217 #ifdef KERBEROS 218 #ifdef CRYPT 219 case 'x': 220 doencrypt = 1; 221 des_set_key((des_cblock *) cred.session, schedule); 222 break; 223 #endif 224 #endif 225 case '?': 226 default: 227 usage(); 228 } 229 optind += argoff; 230 231 /* if haven't gotten a host yet, do so */ 232 if (!host && !(host = argv[optind++])) 233 usage(); 234 235 /* if no further arguments, must have been called as rlogin. */ 236 if (!argv[optind]) { 237 #ifdef IN_RCMD 238 usage(); 239 #else 240 if (asrsh) 241 *argv = __UNCONST("rlogin"); 242 execv(_PATH_RLOGIN, argv); 243 err(1, "can't exec %s", _PATH_RLOGIN); 244 #endif 245 } 246 247 argc -= optind; 248 argv += optind; 249 250 /* Accept user1@host format, though "-l user2" overrides user1 */ 251 p = strchr(host, '@'); 252 if (p) { 253 *p = '\0'; 254 if (!user && p > host) 255 user = host; 256 host = p + 1; 257 if (*host == '\0') 258 usage(); 259 } 260 if (!user) 261 user = name; 262 263 #ifdef KERBEROS 264 #ifdef CRYPT 265 /* -x turns off -n */ 266 if (doencrypt) 267 nflag = 0; 268 #endif 269 #endif 270 271 args = copyargs(argv); 272 273 #ifdef KERBEROS 274 if (use_kerberos) { 275 if (sp == NULL) { 276 sp = getservbyname((doencrypt ? "ekshell" : "kshell"), "tcp"); 277 } 278 if (sp == NULL) { 279 use_kerberos = 0; 280 warning("can't get entry for %s/tcp service", 281 doencrypt ? "ekshell" : "kshell"); 282 } 283 } 284 #endif 285 if (sp == NULL) 286 sp = getservbyname("shell", "tcp"); 287 if (sp == NULL) 288 errx(1, "shell/tcp: unknown service"); 289 290 #ifdef KERBEROS 291 try_connect: 292 if (use_kerberos) { 293 #if 1 294 struct hostent *hp; 295 296 /* fully qualify hostname (needed for krb_realmofhost) */ 297 hp = gethostbyname(host); 298 if (hp != NULL && !(host = strdup(hp->h_name))) 299 err(1, "strdup"); 300 #endif 301 302 rem = KSUCCESS; 303 errno = 0; 304 if (dest_realm == NULL) 305 dest_realm = krb_realmofhost(host); 306 307 #ifdef CRYPT 308 if (doencrypt) 309 rem = krcmd_mutual(&host, sp->s_port, user, args, 310 &remerr, dest_realm, &cred, schedule); 311 else 312 #endif 313 rem = krcmd(&host, sp->s_port, user, args, &remerr, 314 dest_realm); 315 if (rem < 0) { 316 use_kerberos = 0; 317 sp = getservbyname("shell", "tcp"); 318 if (sp == NULL) 319 errx(1, "shell/tcp: unknown service"); 320 if (errno == ECONNREFUSED) 321 warning("remote host doesn't support Kerberos"); 322 if (errno == ENOENT) 323 warning("can't provide Kerberos auth data"); 324 goto try_connect; 325 } 326 } else { 327 if (doencrypt) 328 errx(1, "the -x flag requires Kerberos authentication."); 329 #ifdef IN_RCMD 330 rem = orcmd_af(&host, sp->s_port, locuser ? locuser : 331 #else 332 rem = rcmd_af(&host, sp->s_port, 333 #endif 334 name, 335 user, args, &remerr, PF_UNSPEC); 336 } 337 #else /* KERBEROS */ 338 339 #ifdef IN_RCMD 340 rem = orcmd_af(&host, sp->s_port, locuser ? locuser : 341 #else 342 rem = rcmd_af(&host, sp->s_port, 343 #endif 344 name, user, args, &remerr, PF_UNSPEC); 345 #endif /* KERBEROS */ 346 (void)free(name); 347 348 if (rem < 0) 349 exit(1); 350 351 if (remerr < 0) 352 errx(1, "can't establish stderr"); 353 if (dflag) { 354 if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, &one, 355 sizeof(one)) < 0) 356 warn("setsockopt remote"); 357 if (setsockopt(remerr, SOL_SOCKET, SO_DEBUG, &one, 358 sizeof(one)) < 0) 359 warn("setsockopt stderr"); 360 } 361 proto = getprotobyname("tcp"); 362 setsockopt(rem, proto->p_proto, TCP_NODELAY, &one, sizeof(one)); 363 setsockopt(remerr, proto->p_proto, TCP_NODELAY, &one, sizeof(one)); 364 365 366 (void) setuid(uid); 367 368 (void) sigemptyset(&nset); 369 for (i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++) 370 (void) sigaddset(&nset, sigs[i]); 371 372 (void) sigprocmask(SIG_BLOCK, &nset, &oset); 373 374 for (i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++) { 375 struct sigaction sa; 376 377 if (sa.sa_handler != SIG_IGN) { 378 sa.sa_handler = sendsig; 379 (void) sigaction(sigs[i], &sa, NULL); 380 } 381 } 382 383 if (!nflag) { 384 pid = fork(); 385 if (pid < 0) 386 err(1, "fork"); 387 } 388 else 389 pid = -1; 390 391 #if defined(KERBEROS) && defined(CRYPT) 392 if (!doencrypt) 393 #endif 394 { 395 (void)ioctl(remerr, FIONBIO, &one); 396 (void)ioctl(rem, FIONBIO, &one); 397 } 398 399 talk(nflag, &oset, pid, rem); 400 401 if (!nflag) 402 (void)kill(pid, SIGKILL); 403 exit(0); 404 } 405 406 int 407 checkfd(struct pollfd *fdp, int outfd) 408 { 409 int nr, nw; 410 char buf[BUFSIZ]; 411 412 if (fdp->revents & (POLLNVAL|POLLERR|POLLHUP)) 413 return -1; 414 415 if ((fdp->revents & POLLIN) == 0) 416 return 0; 417 418 errno = 0; 419 #if defined(KERBEROS) && defined(CRYPT) 420 if (doencrypt) 421 nr = des_read(fdp->fd, buf, sizeof buf); 422 else 423 #endif 424 nr = read(fdp->fd, buf, sizeof buf); 425 426 if (nr <= 0) { 427 if (errno != EAGAIN) 428 return -1; 429 else 430 return 0; 431 } 432 else { 433 char *bc = buf; 434 while (nr) { 435 if ((nw = write(outfd, bc, nr)) <= 0) 436 return -1; 437 nr -= nw; 438 bc += nw; 439 } 440 return 0; 441 } 442 } 443 444 void 445 talk(int nflag, sigset_t *oset, __pid_t pid, int rem) 446 { 447 int nr, nw, nfds; 448 struct pollfd fds[2], *fdp = &fds[0]; 449 char *bp, buf[BUFSIZ]; 450 451 452 if (!nflag && pid == 0) { 453 (void)close(remerr); 454 455 fdp->events = POLLOUT|POLLNVAL|POLLERR|POLLHUP; 456 fdp->fd = rem; 457 nr = 0; 458 bp = buf; 459 460 for (;;) { 461 errno = 0; 462 463 if (nr == 0) { 464 if ((nr = read(0, buf, sizeof buf)) == 0) 465 goto done; 466 if (nr == -1) { 467 if (errno == EIO) 468 goto done; 469 if (errno == EINTR) 470 continue; 471 err(1, "read"); 472 } 473 bp = buf; 474 } 475 476 rewrite: if (poll(fdp, 1, INFTIM) == -1) { 477 if (errno != EINTR) 478 err(1, "poll"); 479 goto rewrite; 480 } 481 482 if (fdp->revents & (POLLNVAL|POLLERR|POLLHUP)) 483 err(1, "poll"); 484 485 if ((fdp->revents & POLLOUT) == 0) 486 goto rewrite; 487 488 #if defined(KERBEROS) && defined(CRYPT) 489 if (doencrypt) 490 nw = des_write(rem, bp, nr); 491 else 492 #endif 493 nw = write(rem, bp, nr); 494 495 if (nw < 0) { 496 if (errno == EAGAIN) 497 continue; 498 err(1, "write"); 499 } 500 bp += nw; 501 nr -= nw; 502 } 503 done: 504 (void)shutdown(rem, 1); 505 exit(0); 506 } 507 508 (void) sigprocmask(SIG_SETMASK, oset, NULL); 509 fds[0].events = fds[1].events = POLLIN|POLLNVAL|POLLERR|POLLHUP; 510 fds[0].fd = remerr; 511 fds[1].fd = rem; 512 fdp = &fds[0]; 513 nfds = 2; 514 do { 515 if (poll(fdp, nfds, INFTIM) == -1) { 516 if (errno != EINTR) 517 err(1, "poll"); 518 continue; 519 } 520 if (fds[0].events != 0 && checkfd(&fds[0], 2) == -1) { 521 nfds--; 522 fds[0].events = 0; 523 fdp = &fds[1]; 524 } 525 if (fds[1].events != 0 && checkfd(&fds[1], 1) == -1) { 526 nfds--; 527 fds[1].events = 0; 528 } 529 } 530 while (nfds); 531 } 532 533 void 534 sendsig(int sig) 535 { 536 char signo; 537 538 signo = sig; 539 #ifdef KERBEROS 540 #ifdef CRYPT 541 if (doencrypt) 542 (void)des_write(remerr, &signo, 1); 543 else 544 #endif 545 #endif 546 (void)write(remerr, &signo, 1); 547 } 548 549 #ifdef KERBEROS 550 /* VARARGS */ 551 void 552 warning(const char *fmt, ...) 553 { 554 va_list ap; 555 556 va_start(ap, fmt); 557 (void) fprintf(stderr, "%s: warning, using standard rsh: ", 558 getprogname()); 559 (void) vfprintf(stderr, fmt, ap); 560 va_end(ap); 561 (void) fprintf(stderr, ".\n"); 562 } 563 #endif 564 565 char * 566 copyargs(char **argv) 567 { 568 int cc; 569 char **ap, *args, *p, *ep; 570 571 cc = 0; 572 for (ap = argv; *ap; ++ap) 573 cc += strlen(*ap) + 1; 574 if (!(args = malloc((u_int)cc))) 575 err(1, "malloc"); 576 ep = args + cc; 577 for (p = args, *p = '\0', ap = argv; *ap; ++ap) { 578 (void)strlcpy(p, *ap, ep - p); 579 p += strlen(p); 580 if (ap[1]) 581 *p++ = ' '; 582 } 583 *p = '\0'; 584 return (args); 585 } 586 587 void 588 usage(void) 589 { 590 591 (void)fprintf(stderr, 592 "usage: %s [-nd%s]%s[-l login] [-p port]%s [login@]host %s\n", getprogname(), 593 #ifdef KERBEROS 594 #ifdef CRYPT 595 "x", " [-k realm] ", 596 #else 597 "", " [-k realm] ", 598 #endif 599 #else 600 "", " ", 601 #endif 602 #ifdef IN_RCMD 603 " [-u locuser]", "command" 604 #else 605 "", "[command]" 606 #endif 607 ); 608 exit(1); 609 } 610
Indexes created Tue Sep 23 14:10:03 GMT 2025