search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libutil: add O_NOCTTY back to old pty open code
[minix.git] / lib / libc / net / rcmd.c
blobe70c2f9e7ed2ab0300e2336c0f63d9d189a00bc0
1 /* $NetBSD: rcmd.c,v 1.65 2007/01/03 11:46:22 ws Exp $ */
2
3 /*
4 * Copyright (c) 1983, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 #if defined(LIBC_SCCS) && !defined(lint)
34 #if 0
35 static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
36 #else
37 __RCSID("$NetBSD: rcmd.c,v 1.65 2007/01/03 11:46:22 ws Exp $");
38 #endif
39 #endif /* LIBC_SCCS and not lint */
40
41 #ifdef _LIBC
42 #include "namespace.h"
43 #endif
44 #include <sys/param.h>
45 #include <sys/socket.h>
46 #include <sys/stat.h>
47 #include <sys/poll.h>
48 #include <sys/wait.h>
49
50 #include <netinet/in.h>
51 #ifndef __minix
52 #include <rpc/rpc.h>
53 #endif
54 #include <arpa/inet.h>
55 #include <netgroup.h>
56
57 #include <assert.h>
58 #include <ctype.h>
59 #include <err.h>
60 #include <errno.h>
61 #include <fcntl.h>
62 #include <grp.h>
63 #include <netdb.h>
64 #include <paths.h>
65 #include <pwd.h>
66 #include <signal.h>
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <string.h>
70 #include <syslog.h>
71 #include <unistd.h>
72
73 #include "pathnames.h"
74
75 int orcmd __P((char **, u_int, const char *, const char *, const char *,
76 int *));
77 int orcmd_af __P((char **, u_int, const char *, const char *, const char *,
78 int *, int));
79 int __ivaliduser __P((FILE *, u_int32_t, const char *, const char *));
80 int __ivaliduser_sa __P((FILE *, const struct sockaddr *, socklen_t,
81 const char *, const char *));
82 static int rshrcmd __P((char **, u_int32_t, const char *, const char *,
83 const char *, int *, const char *));
84 static int resrcmd __P((struct addrinfo *, char **, u_int32_t, const char *,
85 const char *, const char *, int *));
86 static int __icheckhost __P((const struct sockaddr *, socklen_t,
87 const char *));
88 static char *__gethostloop __P((const struct sockaddr *, socklen_t));
89
90 int
91 rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
92 char **ahost;
93 u_short rport;
94 const char *locuser, *remuser, *cmd;
95 int *fd2p;
96 {
97
98 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
99 }
100
101 int
102 rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af)
103 char **ahost;
104 u_short rport;
105 const char *locuser, *remuser, *cmd;
106 int *fd2p;
107 int af;
108 {
109 static char hbuf[MAXHOSTNAMELEN];
110 char pbuf[NI_MAXSERV];
111 struct addrinfo hints, *res;
112 int error;
113 struct servent *sp;
114
115 _DIAGASSERT(ahost != NULL);
116 _DIAGASSERT(locuser != NULL);
117 _DIAGASSERT(remuser != NULL);
118 _DIAGASSERT(cmd != NULL);
119 /* fd2p may be NULL */
120
121 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
122 memset(&hints, 0, sizeof(hints));
123 hints.ai_family = af;
124 hints.ai_socktype = SOCK_STREAM;
125 hints.ai_flags = AI_CANONNAME;
126 error = getaddrinfo(*ahost, pbuf, &hints, &res);
127 if (error) {
128 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/
129 return (-1);
130 }
131 if (res->ai_canonname) {
132 /*
133 * Canonicalise hostname.
134 * XXX: Should we really do this?
135 */
136 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
137 *ahost = hbuf;
138 }
139
140 /*
141 * Check if rport is the same as the shell port, and that the fd2p. If
142 * it is not, the program isn't expecting 'rsh' and so we can't use the
143 * RCMD_CMD environment.
144 */
145 sp = getservbyname("shell", "tcp");
146 if (sp != NULL && sp->s_port == rport)
147 error = rshrcmd(ahost, (u_int32_t)rport,
148 locuser, remuser, cmd, fd2p, getenv("RCMD_CMD"));
149 else
150 error = resrcmd(res, ahost, (u_int32_t)rport,
151 locuser, remuser, cmd, fd2p);
152 freeaddrinfo(res);
153 return (error);
154 }
155
156 /* this is simply a wrapper around hprcmd() that handles ahost first */
157 int
158 orcmd(ahost, rport, locuser, remuser, cmd, fd2p)
159 char **ahost;
160 u_int rport;
161 const char *locuser, *remuser, *cmd;
162 int *fd2p;
163 {
164 return orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
165 }
166
167 int
168 orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af)
169 char **ahost;
170 u_int rport;
171 const char *locuser, *remuser, *cmd;
172 int *fd2p;
173 int af;
174 {
175 static char hbuf[MAXHOSTNAMELEN];
176 char pbuf[NI_MAXSERV];
177 struct addrinfo hints, *res;
178 int error;
179
180 _DIAGASSERT(ahost != NULL);
181 _DIAGASSERT(locuser != NULL);
182 _DIAGASSERT(remuser != NULL);
183 _DIAGASSERT(cmd != NULL);
184 /* fd2p may be NULL */
185
186 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
187 memset(&hints, 0, sizeof(hints));
188 hints.ai_family = af;
189 hints.ai_socktype = SOCK_STREAM;
190 hints.ai_flags = AI_CANONNAME;
191 error = getaddrinfo(*ahost, pbuf, &hints, &res);
192 if (error) {
193 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/
194 return (-1);
195 }
196 if (res->ai_canonname) {
197 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
198 *ahost = hbuf;
199 }
200
201 error = resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p);
202 freeaddrinfo(res);
203 return (error);
204 }
205
206 /*ARGSUSED*/
207 static int
208 resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p)
209 struct addrinfo *res;
210 char **ahost;
211 u_int32_t rport;
212 const char *locuser, *remuser, *cmd;
213 int *fd2p;
214 {
215 struct addrinfo *r;
216 struct sockaddr_storage from;
217 struct pollfd reads[2];
218 #ifdef __minix
219 /* No support for OOB data in Minix. */
220 #else
221 sigset_t nmask, omask;
222 #endif /* !__minix */
223 pid_t pid;
224 int s, lport, timo;
225 int pollr;
226 char c;
227 int refused;
228
229 _DIAGASSERT(res != NULL);
230 _DIAGASSERT(ahost != NULL);
231 _DIAGASSERT(locuser != NULL);
232 _DIAGASSERT(remuser != NULL);
233 _DIAGASSERT(cmd != NULL);
234 /* fd2p may be NULL */
235
236 r = res;
237 refused = 0;
238 pid = getpid();
239 #ifndef __minix
240 /* Minix has no support for OOB data,
241 no need to block SIGURG. */
242 sigemptyset(&nmask);
243 sigaddset(&nmask, SIGURG);
244 if (sigprocmask(SIG_BLOCK, &nmask, &omask) == -1)
245 return -1;
246 #endif /* !__minix */
247 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
248 s = rresvport_af(&lport, r->ai_family);
249 if (s < 0) {
250 if (errno == EAGAIN)
251 warnx("rcmd: socket: All ports in use");
252 else
253 warn("rcmd: socket");
254 if (r->ai_next) {
255 r = r->ai_next;
256 continue;
257 } else {
258 #ifndef __minix
259 (void)sigprocmask(SIG_SETMASK, &omask, NULL);
260 #endif /* !__minix */
261 return (-1);
262 }
263 }
264 #ifndef __minix
265 /* No OOB support in Minix. */
266 fcntl(s, F_SETOWN, pid);
267 #endif /* !__minix */
268 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
269 break;
270 (void)close(s);
271 if (errno == EADDRINUSE) {
272 lport--;
273 continue;
274 } else if (errno == ECONNREFUSED)
275 refused++;
276 if (r->ai_next) {
277 int oerrno = errno;
278 char hbuf[NI_MAXHOST];
279 const int niflags = NI_NUMERICHOST;
280
281 hbuf[0] = '\0';
282 if (getnameinfo(r->ai_addr, r->ai_addrlen,
283 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
284 strlcpy(hbuf, "(invalid)", sizeof(hbuf));
285 errno = oerrno;
286 warn("rcmd: connect to address %s", hbuf);
287 r = r->ai_next;
288 hbuf[0] = '\0';
289 if (getnameinfo(r->ai_addr, r->ai_addrlen,
290 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
291 strlcpy(hbuf, "(invalid)", sizeof(hbuf));
292 (void)fprintf(stderr, "Trying %s...\n", hbuf);
293 continue;
294 }
295 if (refused && timo <= 16) {
296 (void)sleep((unsigned int)timo);
297 timo *= 2;
298 r = res;
299 refused = 0;
300 continue;
301 }
302 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
303 strerror(errno));
304 #ifndef __minix
305 /* No OOB support in Minix. */
306 (void)sigprocmask(SIG_SETMASK, &omask, NULL);
307 #endif /* !__minix */
308 return (-1);
309 }
310 lport--;
311 if (fd2p == 0) {
312 write(s, "", 1);
313 lport = 0;
314 } else {
315 char num[8];
316 int s2 = rresvport_af(&lport, r->ai_family), s3;
317 socklen_t len = sizeof(from);
318
319 if (s2 < 0)
320 goto bad;
321 listen(s2, 1);
322 (void)snprintf(num, sizeof(num), "%d", lport);
323 if (write(s, num, strlen(num) + 1) !=
324 (ssize_t) (strlen(num) + 1)) {
325 warn("rcmd: write (setting up stderr)");
326 (void)close(s2);
327 goto bad;
328 }
329 reads[0].fd = s;
330 reads[0].events = POLLIN;
331 reads[1].fd = s2;
332 reads[1].events = POLLIN;
333 errno = 0;
334 pollr = poll(reads, 2, INFTIM);
335 if (pollr < 1 || (reads[1].revents & POLLIN) == 0) {
336 if (errno != 0)
337 warn("poll: setting up stderr");
338 else
339 warnx("poll: protocol failure in circuit setup");
340 (void)close(s2);
341 goto bad;
342 }
343 s3 = accept(s2, (struct sockaddr *)(void *)&from, &len);
344 (void)close(s2);
345 if (s3 < 0) {
346 warn("rcmd: accept");
347 lport = 0;
348 goto bad;
349 }
350 *fd2p = s3;
351 switch (((struct sockaddr *)(void *)&from)->sa_family) {
352 case AF_INET:
353 #ifdef INET6
354 case AF_INET6:
355 #endif
356 if (getnameinfo((struct sockaddr *)(void *)&from, len,
357 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
358 (atoi(num) >= IPPORT_RESERVED ||
359 atoi(num) < IPPORT_RESERVED / 2)) {
360 warnx("rcmd: protocol failure in circuit setup.");
361 goto bad2;
362 }
363 break;
364 default:
365 break;
366 }
367 }
368
369 (void)write(s, locuser, strlen(locuser)+1);
370 (void)write(s, remuser, strlen(remuser)+1);
371 (void)write(s, cmd, strlen(cmd)+1);
372 if (read(s, &c, 1) != 1) {
373 warn("%s", *ahost);
374 goto bad2;
375 }
376 if (c != 0) {
377 while (read(s, &c, 1) == 1) {
378 (void)write(STDERR_FILENO, &c, 1);
379 if (c == '\n')
380 break;
381 }
382 goto bad2;
383 }
384 #ifndef __minix
385 (void)sigprocmask(SIG_SETMASK, &omask, NULL);
386 #endif /* __minix */
387 return (s);
388 bad2:
389 if (lport)
390 (void)close(*fd2p);
391 bad:
392 (void)close(s);
393 #ifndef __minix
394 (void)sigprocmask(SIG_SETMASK, &omask, NULL);
395 #endif /* __minix */
396 return (-1);
397 }
398
399 /*
400 * based on code written by Chris Siebenmann <cks@utcc.utoronto.ca>
401 */
402 /* ARGSUSED */
403 static int
404 rshrcmd(ahost, rport, locuser, remuser, cmd, fd2p, rshcmd)
405 char **ahost;
406 u_int32_t rport;
407 const char *locuser, *remuser, *cmd;
408 int *fd2p;
409 const char *rshcmd;
410 {
411 pid_t pid;
412 int sp[2], ep[2];
413 char *p;
414 struct passwd *pw, pwres;
415 char pwbuf[1024];
416
417 _DIAGASSERT(ahost != NULL);
418 _DIAGASSERT(locuser != NULL);
419 _DIAGASSERT(remuser != NULL);
420 _DIAGASSERT(cmd != NULL);
421 /* fd2p may be NULL */
422
423 /* What rsh/shell to use. */
424 if (rshcmd == NULL)
425 rshcmd = _PATH_BIN_RCMD;
426
427 /* locuser must exist on this host. */
428 if (getpwnam_r(locuser, &pwres, pwbuf, sizeof(pwbuf), &pw) != 0 ||
429 pw == NULL) {
430 warnx("rshrcmd: unknown user: %s", locuser);
431 return(-1);
432 }
433
434 /* get a socketpair we'll use for stdin and stdout. */
435 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sp) < 0) {
436 warn("rshrcmd: socketpair");
437 return (-1);
438 }
439 /* we will use this for the fd2 pointer */
440 if (fd2p) {
441 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, ep) < 0) {
442 warn("rshrcmd: socketpair");
443 return (-1);
444 }
445 *fd2p = ep[0];
446 }
447
448 pid = fork();
449 if (pid < 0) {
450 warn("rshrcmd: fork");
451 return (-1);
452 }
453 if (pid == 0) {
454 /*
455 * child
456 * - we use sp[1] to be stdin/stdout, and close sp[0]
457 * - with fd2p, we use ep[1] for stderr, and close ep[0]
458 */
459 (void)close(sp[0]);
460 if (dup2(sp[1], 0) < 0 || dup2(0, 1) < 0) {
461 warn("rshrcmd: dup2");
462 _exit(1);
463 }
464 (void)close(sp[1]);
465 if (fd2p) {
466 if (dup2(ep[1], 2) < 0) {
467 warn("rshrcmd: dup2");
468 _exit(1);
469 }
470 (void)close(ep[0]);
471 (void)close(ep[1]);
472 } else if (dup2(0, 2) < 0) {
473 warn("rshrcmd: dup2");
474 _exit(1);
475 }
476 /* fork again to lose parent. */
477 pid = fork();
478 if (pid < 0) {
479 warn("rshrcmd: second fork");
480 _exit(1);
481 }
482 if (pid > 0)
483 _exit(0);
484
485 /* Orphan. Become local user for rshprog. */
486 if (setuid(pw->pw_uid)) {
487 warn("rshrcmd: setuid(%lu)", (u_long)pw->pw_uid);
488 _exit(1);
489 }
490
491 /*
492 * If we are rcmd'ing to "localhost" as the same user as we are,
493 * then avoid running remote shell for efficiency.
494 */
495 if (strcmp(*ahost, "localhost") == 0 &&
496 strcmp(locuser, remuser) == 0) {
497 if (pw->pw_shell[0] == '\0')
498 rshcmd = _PATH_BSHELL;
499 else
500 rshcmd = pw->pw_shell;
501 p = strrchr(rshcmd, '/');
502 execlp(rshcmd, p ? p + 1 : rshcmd, "-c", cmd, NULL);
503 } else {
504 p = strrchr(rshcmd, '/');
505 execlp(rshcmd, p ? p + 1 : rshcmd, *ahost, "-l",
506 remuser, cmd, NULL);
507 }
508 warn("rshrcmd: exec %s", rshcmd);
509 _exit(1);
510 }
511 /* Parent */
512 (void)close(sp[1]);
513 if (fd2p)
514 (void)close(ep[1]);
515
516 (void)waitpid(pid, NULL, 0);
517 return (sp[0]);
518 }
519
520 int
521 rresvport(alport)
522 int *alport;
523 {
524
525 _DIAGASSERT(alport != NULL);
526
527 return rresvport_af(alport, AF_INET);
528 }
529
530 int
531 rresvport_af(alport, family)
532 int *alport;
533 int family;
534 {
535 struct sockaddr_storage ss;
536 struct sockaddr *sa;
537 int salen;
538 int s;
539 u_int16_t *portp;
540
541 _DIAGASSERT(alport != NULL);
542
543 memset(&ss, 0, sizeof(ss));
544 sa = (struct sockaddr *)(void *)&ss;
545 switch (family) {
546 case AF_INET:
547 #ifdef BSD4_4
548 sa->sa_len =
549 #endif
550 salen = sizeof(struct sockaddr_in);
551 portp = &((struct sockaddr_in *)(void *)sa)->sin_port;
552 break;
553 #ifdef INET6
554 case AF_INET6:
555 #ifdef BSD4_4
556 sa->sa_len =
557 #endif
558 salen = sizeof(struct sockaddr_in6);
559 portp = &((struct sockaddr_in6 *)(void *)sa)->sin6_port;
560 break;
561 #endif
562 default:
563 errno = EAFNOSUPPORT;
564 return (-1);
565 }
566 sa->sa_family = family;
567 s = socket(family, SOCK_STREAM, 0);
568 if (s < 0)
569 return (-1);
570 #ifdef BSD4_4
571 switch (family) {
572 case AF_INET:
573 case AF_INET6:
574 *portp = 0;
575 if (bindresvport(s, (struct sockaddr_in *)(void *)sa) < 0) {
576 int sverr = errno;
577
578 (void)close(s);
579 errno = sverr;
580 return (-1);
581 }
582 *alport = (int)ntohs(*portp);
583 return (s);
584 default:
585 /* is it necessary to try keep code for other AFs? */
586 break;
587 }
588 #endif
589 for (;;) {
590 *portp = htons((u_short)*alport);
591 if (bind(s, sa, (socklen_t)salen) >= 0)
592 return (s);
593 if (errno != EADDRINUSE) {
594 (void)close(s);
595 return (-1);
596 }
597 (*alport)--;
598 if (*alport == IPPORT_RESERVED/2) {
599 (void)close(s);
600 errno = EAGAIN; /* close */
601 return (-1);
602 }
603 }
604 }
605
606 int __check_rhosts_file = 1;
607 const char *__rcmd_errstr;
608
609 int
610 ruserok(rhost, superuser, ruser, luser)
611 const char *rhost, *ruser, *luser;
612 int superuser;
613 {
614 struct addrinfo hints, *res, *r;
615 int error;
616
617 _DIAGASSERT(rhost != NULL);
618 _DIAGASSERT(ruser != NULL);
619 _DIAGASSERT(luser != NULL);
620
621 memset(&hints, 0, sizeof(hints));
622 hints.ai_family = PF_UNSPEC;
623 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
624 error = getaddrinfo(rhost, "0", &hints, &res);
625 if (error)
626 return (-1);
627
628 for (r = res; r; r = r->ai_next) {
629 if (iruserok_sa(r->ai_addr, (int)r->ai_addrlen, superuser,
630 ruser, luser) == 0) {
631 freeaddrinfo(res);
632 return (0);
633 }
634 }
635 freeaddrinfo(res);
636 return (-1);
637 }
638
639 /*
640 * New .rhosts strategy: We are passed an ip address. We spin through
641 * hosts.equiv and .rhosts looking for a match. When the .rhosts only
642 * has ip addresses, we don't have to trust a nameserver. When it
643 * contains hostnames, we spin through the list of addresses the nameserver
644 * gives us and look for a match.
645 *
646 * Returns 0 if ok, -1 if not ok.
647 */
648 int
649 iruserok(raddr, superuser, ruser, luser)
650 u_int32_t raddr;
651 int superuser;
652 const char *ruser, *luser;
653 {
654 struct sockaddr_in irsin;
655
656 memset(&irsin, 0, sizeof(irsin));
657 irsin.sin_family = AF_INET;
658 #ifdef BSD4_4
659 irsin.sin_len = sizeof(struct sockaddr_in);
660 #endif
661 memcpy(&irsin.sin_addr, &raddr, sizeof(irsin.sin_addr));
662 return iruserok_sa(&irsin, sizeof(struct sockaddr_in), superuser, ruser,
663 luser);
664 }
665
666 /*
667 * 2nd and 3rd arguments are typed like this, to avoid dependency between
668 * unistd.h and sys/socket.h. There's no better way.
669 */
670 int
671 iruserok_sa(raddr, rlen, superuser, ruser, luser)
672 const void *raddr;
673 int rlen;
674 int superuser;
675 const char *ruser, *luser;
676 {
677 const struct sockaddr *sa;
678 struct stat sbuf;
679 struct passwd *pwd, pwres;
680 FILE *hostf;
681 uid_t uid;
682 gid_t gid;
683 int isvaliduser;
684 char pbuf[MAXPATHLEN];
685 char pwbuf[1024];
686
687 _DIAGASSERT(raddr != NULL);
688 _DIAGASSERT(ruser != NULL);
689 _DIAGASSERT(luser != NULL);
690
691 sa = raddr;
692
693 __rcmd_errstr = NULL;
694
695 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
696
697 if (hostf) {
698 if (__ivaliduser_sa(hostf, sa, (socklen_t)rlen, luser,
699 ruser) == 0) {
700 (void)fclose(hostf);
701 return (0);
702 }
703 (void)fclose(hostf);
704 }
705
706 isvaliduser = -1;
707 if (__check_rhosts_file || superuser) {
708
709 if (getpwnam_r(luser, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0
710 || pwd == NULL)
711 return (-1);
712 (void)strlcpy(pbuf, pwd->pw_dir, sizeof(pbuf));
713 (void)strlcat(pbuf, "/.rhosts", sizeof(pbuf));
714
715 /*
716 * Change effective uid while opening and reading .rhosts.
717 * If root and reading an NFS mounted file system, can't
718 * read files that are protected read/write owner only.
719 */
720 uid = geteuid();
721 gid = getegid();
722 (void)setegid(pwd->pw_gid);
723 initgroups(pwd->pw_name, pwd->pw_gid);
724 (void)seteuid(pwd->pw_uid);
725 hostf = fopen(pbuf, "r");
726
727 if (hostf != NULL) {
728 /*
729 * If not a regular file, or is owned by someone other
730 * than user or root or if writable by anyone but the
731 * owner, quit.
732 */
733 if (lstat(pbuf, &sbuf) < 0)
734 __rcmd_errstr = ".rhosts lstat failed";
735 else if (!S_ISREG(sbuf.st_mode))
736 __rcmd_errstr = ".rhosts not regular file";
737 else if (fstat(fileno(hostf), &sbuf) < 0)
738 __rcmd_errstr = ".rhosts fstat failed";
739 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
740 __rcmd_errstr = "bad .rhosts owner";
741 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
742 __rcmd_errstr =
743 ".rhosts writable by other than owner";
744 else
745 isvaliduser =
746 __ivaliduser_sa(hostf, sa, (socklen_t)rlen,
747 luser, ruser);
748
749 (void)fclose(hostf);
750 }
751 (void)seteuid(uid);
752 (void)setegid(gid);
753
754 }
755 return (isvaliduser);
756 }
757
758 /*
759 * XXX
760 * Don't make static, used by lpd(8). We will be able to change the function
761 * into static function, when we bump libc major #.
762 *
763 * Returns 0 if ok, -1 if not ok.
764 */
765 #ifdef notdef /*_LIBC*/
766 static
767 #endif
768 int
769 __ivaliduser(hostf, raddr, luser, ruser)
770 FILE *hostf;
771 u_int32_t raddr;
772 const char *luser, *ruser;
773 {
774 struct sockaddr_in ivusin;
775
776 memset(&ivusin, 0, sizeof(ivusin));
777 ivusin.sin_family = AF_INET;
778 #ifdef BSD4_4
779 ivusin.sin_len = sizeof(struct sockaddr_in);
780 #endif
781 memcpy(&ivusin.sin_addr, &raddr, sizeof(ivusin.sin_addr));
782 return __ivaliduser_sa(hostf, (struct sockaddr *)(void *)&ivusin,
783 sizeof(struct sockaddr_in), luser, ruser);
784 }
785
786 #ifdef notdef /*_LIBC*/
787 static
788 #endif
789 int
790 __ivaliduser_sa(hostf, raddr, salen, luser, ruser)
791 FILE *hostf;
792 const struct sockaddr *raddr;
793 socklen_t salen;
794 const char *luser, *ruser;
795 {
796 register char *user, *p;
797 int ch;
798 char buf[MAXHOSTNAMELEN + 128]; /* host + login */
799 const char *auser, *ahost;
800 int hostok, userok;
801 char *rhost = NULL;
802 int firsttime = 1;
803 char domain[MAXHOSTNAMELEN];
804
805 getdomainname(domain, sizeof(domain));
806
807 _DIAGASSERT(hostf != NULL);
808 _DIAGASSERT(luser != NULL);
809 _DIAGASSERT(ruser != NULL);
810
811 while (fgets(buf, sizeof(buf), hostf)) {
812 p = buf;
813 /* Skip lines that are too long. */
814 if (strchr(p, '\n') == NULL) {
815 while ((ch = getc(hostf)) != '\n' && ch != EOF)
816 ;
817 continue;
818 }
819 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
820 *p = isupper((unsigned char)*p) ?
821 tolower((unsigned char)*p) : *p;
822 p++;
823 }
824 if (*p == ' ' || *p == '\t') {
825 *p++ = '\0';
826 while (*p == ' ' || *p == '\t')
827 p++;
828 user = p;
829 while (*p != '\n' && *p != ' ' &&
830 *p != '\t' && *p != '\0')
831 p++;
832 } else
833 user = p;
834 *p = '\0';
835
836 if (p == buf)
837 continue;
838
839 auser = *user ? user : luser;
840 ahost = buf;
841
842 if (ahost[0] == '+')
843 switch (ahost[1]) {
844 case '\0':
845 hostok = 1;
846 break;
847
848 case '@':
849 if (firsttime) {
850 rhost = __gethostloop(raddr, salen);
851 firsttime = 0;
852 }
853 if (rhost)
854 hostok = innetgr(&ahost[2], rhost,
855 NULL, domain);
856 else
857 hostok = 0;
858 break;
859
860 default:
861 hostok = __icheckhost(raddr, salen, &ahost[1]);
862 break;
863 }
864 else if (ahost[0] == '-')
865 switch (ahost[1]) {
866 case '\0':
867 hostok = -1;
868 break;
869
870 case '@':
871 if (firsttime) {
872 rhost = __gethostloop(raddr, salen);
873 firsttime = 0;
874 }
875 if (rhost)
876 hostok = -innetgr(&ahost[2], rhost,
877 NULL, domain);
878 else
879 hostok = 0;
880 break;
881
882 default:
883 hostok = -__icheckhost(raddr, salen, &ahost[1]);
884 break;
885 }
886 else
887 hostok = __icheckhost(raddr, salen, ahost);
888
889
890 if (auser[0] == '+')
891 switch (auser[1]) {
892 case '\0':
893 userok = 1;
894 break;
895
896 case '@':
897 userok = innetgr(&auser[2], NULL, ruser,
898 domain);
899 break;
900
901 default:
902 userok = strcmp(ruser, &auser[1]) == 0;
903 break;
904 }
905 else if (auser[0] == '-')
906 switch (auser[1]) {
907 case '\0':
908 userok = -1;
909 break;
910
911 case '@':
912 userok = -innetgr(&auser[2], NULL, ruser,
913 domain);
914 break;
915
916 default:
917 userok =
918 -(strcmp(ruser, &auser[1]) == 0 ? 1 : 0);
919 break;
920 }
921 else
922 userok = strcmp(ruser, auser) == 0;
923
924 /* Check if one component did not match */
925 if (hostok == 0 || userok == 0)
926 continue;
927
928 /* Check if we got a forbidden pair */
929 if (userok == -1 || hostok == -1)
930 return -1;
931
932 /* Check if we got a valid pair */
933 if (hostok == 1 && userok == 1)
934 return 0;
935 }
936 return -1;
937 }
938
939 /*
940 * Returns "true" if match, 0 if no match.
941 */
942 static int
943 __icheckhost(raddr, salen, lhost)
944 const struct sockaddr *raddr;
945 socklen_t salen;
946 const char *lhost;
947 {
948 struct addrinfo hints, *res, *r;
949 char h1[NI_MAXHOST], h2[NI_MAXHOST];
950 int error;
951 const int niflags = NI_NUMERICHOST;
952
953 _DIAGASSERT(raddr != NULL);
954 _DIAGASSERT(lhost != NULL);
955
956 h1[0] = '\0';
957 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
958 niflags) != 0)
959 return (0);
960
961 /* Resolve laddr into sockaddr */
962 memset(&hints, 0, sizeof(hints));
963 hints.ai_family = raddr->sa_family;
964 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
965 res = NULL;
966 error = getaddrinfo(lhost, "0", &hints, &res);
967 if (error)
968 return (0);
969
970 /*
971 * Try string comparisons between raddr and laddr.
972 */
973 for (r = res; r; r = r->ai_next) {
974 h2[0] = '\0';
975 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
976 NULL, 0, niflags) != 0)
977 continue;
978 if (strcmp(h1, h2) == 0) {
979 freeaddrinfo(res);
980 return (1);
981 }
982 }
983
984 /* No match. */
985 freeaddrinfo(res);
986 return (0);
987 }
988
989 /*
990 * Return the hostname associated with the supplied address.
991 * Do a reverse lookup as well for security. If a loop cannot
992 * be found, pack the numeric IP address into the string.
993 */
994 static char *
995 __gethostloop(raddr, salen)
996 const struct sockaddr *raddr;
997 socklen_t salen;
998 {
999 static char remotehost[NI_MAXHOST];
1000 char h1[NI_MAXHOST], h2[NI_MAXHOST];
1001 struct addrinfo hints, *res, *r;
1002 int error;
1003 const int niflags = NI_NUMERICHOST;
1004
1005 _DIAGASSERT(raddr != NULL);
1006
1007 h1[0] = remotehost[0] = '\0';
1008 if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
1009 NULL, 0, NI_NAMEREQD) != 0)
1010 return (NULL);
1011 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
1012 niflags) != 0)
1013 return (NULL);
1014
1015 /*
1016 * Look up the name and check that the supplied
1017 * address is in the list
1018 */
1019 memset(&hints, 0, sizeof(hints));
1020 hints.ai_family = raddr->sa_family;
1021 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
1022 hints.ai_flags = AI_CANONNAME;
1023 res = NULL;
1024 error = getaddrinfo(remotehost, "0", &hints, &res);
1025 if (error)
1026 return (NULL);
1027
1028 for (r = res; r; r = r->ai_next) {
1029 h2[0] = '\0';
1030 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
1031 NULL, 0, niflags) != 0)
1032 continue;
1033 if (strcmp(h1, h2) == 0) {
1034 freeaddrinfo(res);
1035 return (remotehost);
1036 }
1037 }
1038
1039 /*
1040 * either the DNS adminstrator has made a configuration
1041 * mistake, or someone has attempted to spoof us
1042 */
1043 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
1044 h1, res->ai_canonname ? res->ai_canonname : remotehost);
1045 freeaddrinfo(res);
1046 return (NULL);
1047 }
MINIX 3 (repo.or.cz mirror)