search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tools/llvm: Do not build with symbols
[minix3.git] / lib / libc / net / rcmd.c
blob74904c30e84185e3e4513d517dc44af8a80b8ad9
1 /* $NetBSD: rcmd.c,v 1.68 2012/07/14 15:06:26 darrenr Exp $ */
2
3 /*
4 * Copyright (c) 1983, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 #if defined(LIBC_SCCS) && !defined(lint)
34 #if 0
35 static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
36 #else
37 __RCSID("$NetBSD: rcmd.c,v 1.68 2012/07/14 15:06:26 darrenr Exp $");
38 #endif
39 #endif /* LIBC_SCCS and not lint */
40
41 #ifdef _LIBC
42 #include "namespace.h"
43 #endif
44 #include <sys/param.h>
45 #include <sys/socket.h>
46 #include <sys/stat.h>
47 #include <sys/poll.h>
48 #include <sys/wait.h>
49
50 #include <netinet/in.h>
51 #if !defined(__minix)
52 #include <rpc/rpc.h>
53 #endif /* !defined(__minix) */
54 #include <arpa/inet.h>
55 #include <netgroup.h>
56
57 #include <assert.h>
58 #include <ctype.h>
59 #include <err.h>
60 #include <errno.h>
61 #include <fcntl.h>
62 #include <grp.h>
63 #include <netdb.h>
64 #include <paths.h>
65 #include <pwd.h>
66 #include <signal.h>
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <string.h>
70 #include <syslog.h>
71 #include <unistd.h>
72
73 #include "pathnames.h"
74
75 int orcmd(char **, u_int, const char *, const char *, const char *, int *);
76 int orcmd_af(char **, u_int, const char *, const char *, const char *,
77 int *, int);
78 int __ivaliduser(FILE *, u_int32_t, const char *, const char *);
79 int __ivaliduser_sa(FILE *, const struct sockaddr *, socklen_t,
80 const char *, const char *);
81 static int rshrcmd(int, char **, u_int32_t, const char *,
82 const char *, const char *, int *, const char *);
83 static int resrcmd(struct addrinfo *, char **, u_int32_t, const char *,
84 const char *, const char *, int *);
85 static int __icheckhost(const struct sockaddr *, socklen_t,
86 const char *);
87 static char *__gethostloop(const struct sockaddr *, socklen_t);
88
89 int
90 rcmd(char **ahost, int rport, const char *locuser, const char *remuser,
91 const char *cmd, int *fd2p)
92 {
93
94 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
95 }
96
97 int
98 rcmd_af(char **ahost, int rport, const char *locuser, const char *remuser,
99 const char *cmd, int *fd2p, int af)
100 {
101 static char hbuf[MAXHOSTNAMELEN];
102 char pbuf[NI_MAXSERV];
103 struct addrinfo hints, *res;
104 int error;
105 struct servent *sp;
106
107 _DIAGASSERT(ahost != NULL);
108 _DIAGASSERT(locuser != NULL);
109 _DIAGASSERT(remuser != NULL);
110 _DIAGASSERT(cmd != NULL);
111 /* fd2p may be NULL */
112
113 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
114 memset(&hints, 0, sizeof(hints));
115 hints.ai_family = af;
116 hints.ai_socktype = SOCK_STREAM;
117 hints.ai_flags = AI_CANONNAME;
118 error = getaddrinfo(*ahost, pbuf, &hints, &res);
119 if (error) {
120 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/
121 return -1;
122 }
123 if (res->ai_canonname) {
124 /*
125 * Canonicalise hostname.
126 * XXX: Should we really do this?
127 */
128 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
129 *ahost = hbuf;
130 }
131
132 /*
133 * Check if rport is the same as the shell port, and that the fd2p. If
134 * it is not, the program isn't expecting 'rsh' and so we can't use the
135 * RCMD_CMD environment.
136 */
137 sp = getservbyname("shell", "tcp");
138 if (sp != NULL && sp->s_port == rport)
139 error = rshrcmd(af, ahost, (u_int32_t)rport,
140 locuser, remuser, cmd, fd2p, getenv("RCMD_CMD"));
141 else
142 error = resrcmd(res, ahost, (u_int32_t)rport,
143 locuser, remuser, cmd, fd2p);
144 freeaddrinfo(res);
145 return error;
146 }
147
148 /* this is simply a wrapper around hprcmd() that handles ahost first */
149 int
150 orcmd(char **ahost, u_int rport, const char *locuser, const char *remuser,
151 const char *cmd, int *fd2p)
152 {
153 return orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
154 }
155
156 int
157 orcmd_af(char **ahost, u_int rport, const char *locuser, const char *remuser,
158 const char *cmd, int *fd2p, int af)
159 {
160 static char hbuf[MAXHOSTNAMELEN];
161 char pbuf[NI_MAXSERV];
162 struct addrinfo hints, *res;
163 int error;
164
165 _DIAGASSERT(ahost != NULL);
166 _DIAGASSERT(locuser != NULL);
167 _DIAGASSERT(remuser != NULL);
168 _DIAGASSERT(cmd != NULL);
169 /* fd2p may be NULL */
170
171 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
172 memset(&hints, 0, sizeof(hints));
173 hints.ai_family = af;
174 hints.ai_socktype = SOCK_STREAM;
175 hints.ai_flags = AI_CANONNAME;
176 error = getaddrinfo(*ahost, pbuf, &hints, &res);
177 if (error) {
178 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/
179 return -1;
180 }
181 if (res->ai_canonname) {
182 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
183 *ahost = hbuf;
184 }
185
186 error = resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p);
187 freeaddrinfo(res);
188 return error;
189 }
190
191 /*ARGSUSED*/
192 static int
193 resrcmd(struct addrinfo *res, char **ahost, u_int32_t rport,
194 const char *locuser, const char *remuser, const char *cmd, int *fd2p)
195 {
196 struct addrinfo *r;
197 struct sockaddr_storage from;
198 struct pollfd reads[2];
199 #if defined(__minix)
200 /* No support for OOB data in Minix. */
201 #else
202 sigset_t nmask, omask;
203 #endif /* defined(__minix) */
204 pid_t pid;
205 int s, lport, timo;
206 int pollr;
207 char c;
208 int refused;
209
210 _DIAGASSERT(res != NULL);
211 _DIAGASSERT(ahost != NULL);
212 _DIAGASSERT(locuser != NULL);
213 _DIAGASSERT(remuser != NULL);
214 _DIAGASSERT(cmd != NULL);
215 /* fd2p may be NULL */
216
217 r = res;
218 refused = 0;
219 pid = getpid();
220 #if !defined(__minix)
221 /* Minix has no support for OOB data,
222 no need to block SIGURG. */
223 sigemptyset(&nmask);
224 sigaddset(&nmask, SIGURG);
225 if (sigprocmask(SIG_BLOCK, &nmask, &omask) == -1)
226 return -1;
227 #endif /* !defined(__minix) */
228 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
229 s = rresvport_af(&lport, r->ai_family);
230 if (s < 0) {
231 if (errno == EAGAIN)
232 warnx("rcmd: socket: All ports in use");
233 else
234 warn("rcmd: socket");
235 if (r->ai_next) {
236 r = r->ai_next;
237 continue;
238 } else {
239 #if !defined(__minix)
240 (void)sigprocmask(SIG_SETMASK, &omask, NULL);
241 #endif /* !defined(__minix) */
242 return -1;
243 }
244 }
245 #if !defined(__minix)
246 /* No OOB support in Minix. */
247 fcntl(s, F_SETOWN, pid);
248 #endif /* !defined(__minix) */
249 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
250 break;
251 (void)close(s);
252 if (errno == EADDRINUSE) {
253 lport--;
254 continue;
255 } else if (errno == ECONNREFUSED)
256 refused++;
257 if (r->ai_next) {
258 int oerrno = errno;
259 char hbuf[NI_MAXHOST];
260 const int niflags = NI_NUMERICHOST;
261
262 hbuf[0] = '\0';
263 if (getnameinfo(r->ai_addr, r->ai_addrlen,
264 hbuf, (socklen_t)sizeof(hbuf), NULL, 0, niflags) !=
265 0)
266 strlcpy(hbuf, "(invalid)", sizeof(hbuf));
267 errno = oerrno;
268 warn("rcmd: connect to address %s", hbuf);
269 r = r->ai_next;
270 hbuf[0] = '\0';
271 if (getnameinfo(r->ai_addr, r->ai_addrlen,
272 hbuf, (socklen_t)sizeof(hbuf), NULL, 0, niflags) !=
273 0)
274 strlcpy(hbuf, "(invalid)", sizeof(hbuf));
275 (void)fprintf(stderr, "Trying %s...\n", hbuf);
276 continue;
277 }
278 if (refused && timo <= 16) {
279 (void)sleep((unsigned int)timo);
280 timo *= 2;
281 r = res;
282 refused = 0;
283 continue;
284 }
285 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
286 strerror(errno));
287 #if !defined(__minix)
288 /* No OOB support in Minix. */
289 (void)sigprocmask(SIG_SETMASK, &omask, NULL);
290 #endif /* !defined(__minix) */
291 return -1;
292 }
293 lport--;
294 if (fd2p == 0) {
295 write(s, "", 1);
296 lport = 0;
297 } else {
298 char num[8];
299 int s2 = rresvport_af(&lport, r->ai_family), s3;
300 socklen_t len = sizeof(from);
301
302 if (s2 < 0)
303 goto bad;
304 listen(s2, 1);
305 (void)snprintf(num, sizeof(num), "%d", lport);
306 if (write(s, num, strlen(num) + 1) !=
307 (ssize_t) (strlen(num) + 1)) {
308 warn("rcmd: write (setting up stderr)");
309 (void)close(s2);
310 goto bad;
311 }
312 reads[0].fd = s;
313 reads[0].events = POLLIN;
314 reads[1].fd = s2;
315 reads[1].events = POLLIN;
316 errno = 0;
317 pollr = poll(reads, 2, INFTIM);
318 if (pollr < 1 || (reads[1].revents & POLLIN) == 0) {
319 if (errno != 0)
320 warn("poll: setting up stderr");
321 else
322 warnx(
323 "poll: protocol failure in circuit setup");
324 (void)close(s2);
325 goto bad;
326 }
327 s3 = accept(s2, (struct sockaddr *)(void *)&from, &len);
328 (void)close(s2);
329 if (s3 < 0) {
330 warn("rcmd: accept");
331 lport = 0;
332 goto bad;
333 }
334 *fd2p = s3;
335 switch (((struct sockaddr *)(void *)&from)->sa_family) {
336 case AF_INET:
337 #ifdef INET6
338 case AF_INET6:
339 #endif
340 if (getnameinfo((struct sockaddr *)(void *)&from, len,
341 NULL, 0, num, (socklen_t)sizeof(num),
342 NI_NUMERICSERV) != 0 ||
343 (atoi(num) >= IPPORT_RESERVED ||
344 atoi(num) < IPPORT_RESERVED / 2)) {
345 warnx(
346 "rcmd: protocol failure in circuit setup.");
347 goto bad2;
348 }
349 break;
350 default:
351 break;
352 }
353 }
354
355 (void)write(s, locuser, strlen(locuser)+1);
356 (void)write(s, remuser, strlen(remuser)+1);
357 (void)write(s, cmd, strlen(cmd)+1);
358 if (read(s, &c, 1) != 1) {
359 warn("%s", *ahost);
360 goto bad2;
361 }
362 if (c != 0) {
363 while (read(s, &c, 1) == 1) {
364 (void)write(STDERR_FILENO, &c, 1);
365 if (c == '\n')
366 break;
367 }
368 goto bad2;
369 }
370 #if !defined(__minix)
371 (void)sigprocmask(SIG_SETMASK, &omask, NULL);
372 #endif /* !defined(__minix) */
373 return s;
374 bad2:
375 if (lport)
376 (void)close(*fd2p);
377 bad:
378 (void)close(s);
379 #if !defined(__minix)
380 (void)sigprocmask(SIG_SETMASK, &omask, NULL);
381 #endif /* !defined(__minix) */
382 return -1;
383 }
384
385 /*
386 * based on code written by Chris Siebenmann <cks@utcc.utoronto.ca>
387 */
388 /* ARGSUSED */
389 static int
390 rshrcmd(int af, char **ahost, u_int32_t rport, const char *locuser,
391 const char *remuser, const char *cmd, int *fd2p, const char *rshcmd)
392 {
393 pid_t pid;
394 int sp[2], ep[2];
395 char *p;
396 struct passwd *pw, pwres;
397 char pwbuf[1024];
398
399 _DIAGASSERT(ahost != NULL);
400 _DIAGASSERT(locuser != NULL);
401 _DIAGASSERT(remuser != NULL);
402 _DIAGASSERT(cmd != NULL);
403 /* fd2p may be NULL */
404
405 /* What rsh/shell to use. */
406 if (rshcmd == NULL)
407 rshcmd = _PATH_BIN_RCMD;
408
409 /* locuser must exist on this host. */
410 if (getpwnam_r(locuser, &pwres, pwbuf, sizeof(pwbuf), &pw) != 0 ||
411 pw == NULL) {
412 warnx("%s: unknown user: %s", __func__, locuser);
413 return -1;
414 }
415
416 /* get a socketpair we'll use for stdin and stdout. */
417 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sp) < 0) {
418 warn("%s: socketpair", __func__);
419 return -1;
420 }
421 /* we will use this for the fd2 pointer */
422 if (fd2p) {
423 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, ep) < 0) {
424 warn("%s: socketpair", __func__);
425 return -1;
426 }
427 *fd2p = ep[0];
428 }
429
430 pid = fork();
431 if (pid < 0) {
432 warn("%s: fork", __func__);
433 return -1;
434 }
435 if (pid == 0) {
436 /*
437 * child
438 * - we use sp[1] to be stdin/stdout, and close sp[0]
439 * - with fd2p, we use ep[1] for stderr, and close ep[0]
440 */
441 (void)close(sp[0]);
442 if (dup2(sp[1], 0) < 0 || dup2(0, 1) < 0) {
443 warn("%s: dup2", __func__);
444 _exit(1);
445 }
446 (void)close(sp[1]);
447 if (fd2p) {
448 if (dup2(ep[1], 2) < 0) {
449 warn("%s: dup2", __func__);
450 _exit(1);
451 }
452 (void)close(ep[0]);
453 (void)close(ep[1]);
454 } else if (dup2(0, 2) < 0) {
455 warn("%s: dup2", __func__);
456 _exit(1);
457 }
458 /* fork again to lose parent. */
459 pid = fork();
460 if (pid < 0) {
461 warn("%s: second fork", __func__);
462 _exit(1);
463 }
464 if (pid > 0)
465 _exit(0);
466
467 /* Orphan. Become local user for rshprog. */
468 if (setuid(pw->pw_uid)) {
469 warn("%s: setuid(%lu)", __func__, (u_long)pw->pw_uid);
470 _exit(1);
471 }
472
473 /*
474 * If we are rcmd'ing to "localhost" as the same user as we
475 * are, then avoid running remote shell for efficiency.
476 */
477 if (strcmp(*ahost, "localhost") == 0 &&
478 strcmp(locuser, remuser) == 0) {
479 if (pw->pw_shell[0] == '\0')
480 rshcmd = _PATH_BSHELL;
481 else
482 rshcmd = pw->pw_shell;
483 p = strrchr(rshcmd, '/');
484 execlp(rshcmd, p ? p + 1 : rshcmd, "-c", cmd, NULL);
485 } else {
486 const char *program;
487 program = strrchr(rshcmd, '/');
488 program = program ? program + 1 : rshcmd;
489 switch (af) {
490 case AF_INET:
491 execlp(rshcmd, program, "-4", "-l", remuser,
492 *ahost, cmd, NULL);
493 break;
494
495 case AF_INET6:
496 execlp(rshcmd, program, "-6", "-l", remuser,
497 *ahost, cmd, NULL);
498 break;
499
500 default:
501 /* typically AF_UNSPEC, plus whatever */
502 execlp(rshcmd, program, "-l", remuser,
503 *ahost, cmd, NULL);
504 break;
505 }
506 }
507 warn("%s: exec %s", __func__, rshcmd);
508 _exit(1);
509 }
510 /* Parent */
511 (void)close(sp[1]);
512 if (fd2p)
513 (void)close(ep[1]);
514
515 (void)waitpid(pid, NULL, 0);
516 return sp[0];
517 }
518
519 int
520 rresvport(int *alport)
521 {
522
523 _DIAGASSERT(alport != NULL);
524
525 return rresvport_af(alport, AF_INET);
526 }
527
528 int
529 rresvport_af(int *alport, int family)
530 {
531 return rresvport_af_addr(alport, family, NULL);
532 }
533
534 int
535 rresvport_af_addr(int *alport, int family, void *addr)
536 {
537 struct sockaddr_storage ss;
538 struct sockaddr *sa;
539 socklen_t salen;
540 int s;
541 u_int16_t *portp;
542
543 _DIAGASSERT(alport != NULL);
544
545 memset(&ss, 0, sizeof(ss));
546 sa = (struct sockaddr *)(void *)&ss;
547 switch (family) {
548 case AF_INET:
549 #ifdef BSD4_4
550 sa->sa_len =
551 #endif
552 salen = sizeof(struct sockaddr_in);
553 if (addr)
554 ((struct sockaddr_in *)(void *)sa)->sin_addr =
555 ((struct sockaddr_in *)addr)->sin_addr;
556 portp = &((struct sockaddr_in *)(void *)sa)->sin_port;
557 break;
558 #ifdef INET6
559 case AF_INET6:
560 #ifdef BSD4_4
561 sa->sa_len =
562 #endif
563 salen = sizeof(struct sockaddr_in6);
564 if (addr)
565 ((struct sockaddr_in6 *)(void *)sa)->sin6_addr =
566 ((struct sockaddr_in6 *)addr)->sin6_addr;
567 portp = &((struct sockaddr_in6 *)(void *)sa)->sin6_port;
568 break;
569 #endif
570 default:
571 errno = EAFNOSUPPORT;
572 return -1;
573 }
574 sa->sa_family = family;
575 s = socket(family, SOCK_STREAM, 0);
576 if (s < 0)
577 return -1;
578 #if defined(BSD4_4) && !defined(__minix)
579 switch (family) {
580 case AF_INET:
581 case AF_INET6:
582 *portp = 0;
583 if (bindresvport(s, (struct sockaddr_in *)(void *)sa) < 0) {
584 int sverr = errno;
585
586 (void)close(s);
587 errno = sverr;
588 return -1;
589 }
590 *alport = (int)ntohs(*portp);
591 return s;
592 default:
593 /* is it necessary to try keep code for other AFs? */
594 break;
595 }
596 #endif
597 for (;;) {
598 *portp = htons((u_short)*alport);
599 if (bind(s, sa, salen) >= 0)
600 return s;
601 if (errno != EADDRINUSE) {
602 (void)close(s);
603 return -1;
604 }
605 (*alport)--;
606 if (*alport == IPPORT_RESERVED/2) {
607 (void)close(s);
608 errno = EAGAIN; /* close */
609 return -1;
610 }
611 }
612 }
613
614 int __check_rhosts_file = 1;
615 const char *__rcmd_errstr;
616
617 int
618 ruserok(const char *rhost, int superuser, const char *ruser, const char *luser)
619 {
620 struct addrinfo hints, *res, *r;
621 int error;
622
623 _DIAGASSERT(rhost != NULL);
624 _DIAGASSERT(ruser != NULL);
625 _DIAGASSERT(luser != NULL);
626
627 memset(&hints, 0, sizeof(hints));
628 hints.ai_family = PF_UNSPEC;
629 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
630 error = getaddrinfo(rhost, "0", &hints, &res);
631 if (error)
632 return -1;
633
634 for (r = res; r; r = r->ai_next) {
635 if (iruserok_sa(r->ai_addr, (int)r->ai_addrlen, superuser,
636 ruser, luser) == 0) {
637 freeaddrinfo(res);
638 return 0;
639 }
640 }
641 freeaddrinfo(res);
642 return -1;
643 }
644
645 /*
646 * New .rhosts strategy: We are passed an ip address. We spin through
647 * hosts.equiv and .rhosts looking for a match. When the .rhosts only
648 * has ip addresses, we don't have to trust a nameserver. When it
649 * contains hostnames, we spin through the list of addresses the nameserver
650 * gives us and look for a match.
651 *
652 * Returns 0 if ok, -1 if not ok.
653 */
654 int
655 iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
656 {
657 struct sockaddr_in irsin;
658
659 memset(&irsin, 0, sizeof(irsin));
660 irsin.sin_family = AF_INET;
661 #ifdef BSD4_4
662 irsin.sin_len = sizeof(irsin);
663 #endif
664 memcpy(&irsin.sin_addr, &raddr, sizeof(irsin.sin_addr));
665 return iruserok_sa(&irsin, (socklen_t)sizeof(irsin), superuser, ruser,
666 luser);
667 }
668
669 /*
670 * 2nd and 3rd arguments are typed like this, to avoid dependency between
671 * unistd.h and sys/socket.h. There's no better way.
672 */
673 int
674 iruserok_sa(const void *raddr, int rlen, int superuser, const char *ruser,
675 const char *luser)
676 {
677 const struct sockaddr *sa;
678 struct stat sbuf;
679 struct passwd *pwd, pwres;
680 FILE *hostf;
681 uid_t uid;
682 gid_t gid;
683 int isvaliduser;
684 char pbuf[MAXPATHLEN];
685 char pwbuf[1024];
686
687 _DIAGASSERT(raddr != NULL);
688 _DIAGASSERT(ruser != NULL);
689 _DIAGASSERT(luser != NULL);
690
691 sa = raddr;
692
693 __rcmd_errstr = NULL;
694
695 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
696
697 if (hostf) {
698 if (__ivaliduser_sa(hostf, sa, (socklen_t)rlen, luser,
699 ruser) == 0) {
700 (void)fclose(hostf);
701 return 0;
702 }
703 (void)fclose(hostf);
704 }
705
706 isvaliduser = -1;
707 if (__check_rhosts_file || superuser) {
708
709 if (getpwnam_r(luser, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0
710 || pwd == NULL)
711 return -1;
712 (void)strlcpy(pbuf, pwd->pw_dir, sizeof(pbuf));
713 (void)strlcat(pbuf, "/.rhosts", sizeof(pbuf));
714
715 /*
716 * Change effective uid while opening and reading .rhosts.
717 * If root and reading an NFS mounted file system, can't
718 * read files that are protected read/write owner only.
719 */
720 uid = geteuid();
721 gid = getegid();
722 (void)setegid(pwd->pw_gid);
723 initgroups(pwd->pw_name, pwd->pw_gid);
724 (void)seteuid(pwd->pw_uid);
725 hostf = fopen(pbuf, "r");
726
727 if (hostf != NULL) {
728 /*
729 * If not a regular file, or is owned by someone other
730 * than user or root or if writable by anyone but the
731 * owner, quit.
732 */
733 if (lstat(pbuf, &sbuf) < 0)
734 __rcmd_errstr = ".rhosts lstat failed";
735 else if (!S_ISREG(sbuf.st_mode))
736 __rcmd_errstr = ".rhosts not regular file";
737 else if (fstat(fileno(hostf), &sbuf) < 0)
738 __rcmd_errstr = ".rhosts fstat failed";
739 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
740 __rcmd_errstr = "bad .rhosts owner";
741 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
742 __rcmd_errstr =
743 ".rhosts writable by other than owner";
744 else
745 isvaliduser =
746 __ivaliduser_sa(hostf, sa, (socklen_t)rlen,
747 luser, ruser);
748
749 (void)fclose(hostf);
750 }
751 (void)seteuid(uid);
752 (void)setegid(gid);
753
754 }
755 return isvaliduser;
756 }
757
758 /*
759 * XXX
760 * Don't make static, used by lpd(8). We will be able to change the function
761 * into static function, when we bump libc major #.
762 *
763 * Returns 0 if ok, -1 if not ok.
764 */
765 #ifdef notdef /*_LIBC*/
766 static
767 #endif
768 int
769 __ivaliduser(FILE *hostf, u_int32_t raddr, const char *luser,
770 const char *ruser)
771 {
772 struct sockaddr_in ivusin;
773
774 memset(&ivusin, 0, sizeof(ivusin));
775 ivusin.sin_family = AF_INET;
776 #ifdef BSD4_4
777 ivusin.sin_len = sizeof(ivusin);
778 #endif
779 memcpy(&ivusin.sin_addr, &raddr, sizeof(ivusin.sin_addr));
780 return __ivaliduser_sa(hostf, (struct sockaddr *)(void *)&ivusin,
781 (socklen_t)sizeof(ivusin), luser, ruser);
782 }
783
784 #ifdef notdef /*_LIBC*/
785 static
786 #endif
787 int
788 __ivaliduser_sa(FILE *hostf, const struct sockaddr *raddr, socklen_t salen,
789 const char *luser, const char *ruser)
790 {
791 char *user, *p;
792 int ch;
793 char buf[MAXHOSTNAMELEN + 128]; /* host + login */
794 const char *auser, *ahost;
795 int hostok, userok;
796 char *rhost = NULL;
797 int firsttime = 1;
798 char domain[MAXHOSTNAMELEN];
799
800 getdomainname(domain, sizeof(domain));
801
802 _DIAGASSERT(hostf != NULL);
803 _DIAGASSERT(luser != NULL);
804 _DIAGASSERT(ruser != NULL);
805
806 while (fgets(buf, (int)sizeof(buf), hostf)) {
807 p = buf;
808 /* Skip lines that are too long. */
809 if (strchr(p, '\n') == NULL) {
810 while ((ch = getc(hostf)) != '\n' && ch != EOF)
811 ;
812 continue;
813 }
814 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
815 *p = isupper((unsigned char)*p) ?
816 tolower((unsigned char)*p) : *p;
817 p++;
818 }
819 if (*p == ' ' || *p == '\t') {
820 *p++ = '\0';
821 while (*p == ' ' || *p == '\t')
822 p++;
823 user = p;
824 while (*p != '\n' && *p != ' ' &&
825 *p != '\t' && *p != '\0')
826 p++;
827 } else
828 user = p;
829 *p = '\0';
830
831 if (p == buf)
832 continue;
833
834 auser = *user ? user : luser;
835 ahost = buf;
836
837 if (ahost[0] == '+')
838 switch (ahost[1]) {
839 case '\0':
840 hostok = 1;
841 break;
842
843 case '@':
844 if (firsttime) {
845 rhost = __gethostloop(raddr, salen);
846 firsttime = 0;
847 }
848 if (rhost)
849 hostok = innetgr(&ahost[2], rhost,
850 NULL, domain);
851 else
852 hostok = 0;
853 break;
854
855 default:
856 hostok = __icheckhost(raddr, salen, &ahost[1]);
857 break;
858 }
859 else if (ahost[0] == '-')
860 switch (ahost[1]) {
861 case '\0':
862 hostok = -1;
863 break;
864
865 case '@':
866 if (firsttime) {
867 rhost = __gethostloop(raddr, salen);
868 firsttime = 0;
869 }
870 if (rhost)
871 hostok = -innetgr(&ahost[2], rhost,
872 NULL, domain);
873 else
874 hostok = 0;
875 break;
876
877 default:
878 hostok =
879 -__icheckhost(raddr, salen, &ahost[1]);
880 break;
881 }
882 else
883 hostok = __icheckhost(raddr, salen, ahost);
884
885
886 if (auser[0] == '+')
887 switch (auser[1]) {
888 case '\0':
889 userok = 1;
890 break;
891
892 case '@':
893 userok = innetgr(&auser[2], NULL, ruser,
894 domain);
895 break;
896
897 default:
898 userok = strcmp(ruser, &auser[1]) == 0;
899 break;
900 }
901 else if (auser[0] == '-')
902 switch (auser[1]) {
903 case '\0':
904 userok = -1;
905 break;
906
907 case '@':
908 userok = -innetgr(&auser[2], NULL, ruser,
909 domain);
910 break;
911
912 default:
913 userok =
914 -(strcmp(ruser, &auser[1]) == 0 ? 1 : 0);
915 break;
916 }
917 else
918 userok = strcmp(ruser, auser) == 0;
919
920 /* Check if one component did not match */
921 if (hostok == 0 || userok == 0)
922 continue;
923
924 /* Check if we got a forbidden pair */
925 if (userok == -1 || hostok == -1)
926 return -1;
927
928 /* Check if we got a valid pair */
929 if (hostok == 1 && userok == 1)
930 return 0;
931 }
932 return -1;
933 }
934
935 /*
936 * Returns "true" if match, 0 if no match.
937 */
938 static int
939 __icheckhost(const struct sockaddr *raddr, socklen_t salen, const char *lhost)
940 {
941 struct addrinfo hints, *res, *r;
942 char h1[NI_MAXHOST], h2[NI_MAXHOST];
943 int error;
944 const int niflags = NI_NUMERICHOST;
945
946 _DIAGASSERT(raddr != NULL);
947 _DIAGASSERT(lhost != NULL);
948
949 h1[0] = '\0';
950 if (getnameinfo(raddr, salen, h1, (socklen_t)sizeof(h1), NULL, 0,
951 niflags) != 0)
952 return 0;
953
954 /* Resolve laddr into sockaddr */
955 memset(&hints, 0, sizeof(hints));
956 hints.ai_family = raddr->sa_family;
957 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
958 res = NULL;
959 error = getaddrinfo(lhost, "0", &hints, &res);
960 if (error)
961 return 0;
962
963 /*
964 * Try string comparisons between raddr and laddr.
965 */
966 for (r = res; r; r = r->ai_next) {
967 h2[0] = '\0';
968 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2,
969 (socklen_t)sizeof(h2), NULL, 0, niflags) != 0)
970 continue;
971 if (strcmp(h1, h2) == 0) {
972 freeaddrinfo(res);
973 return 1;
974 }
975 }
976
977 /* No match. */
978 freeaddrinfo(res);
979 return 0;
980 }
981
982 /*
983 * Return the hostname associated with the supplied address.
984 * Do a reverse lookup as well for security. If a loop cannot
985 * be found, pack the numeric IP address into the string.
986 */
987 static char *
988 __gethostloop(const struct sockaddr *raddr, socklen_t salen)
989 {
990 static char remotehost[NI_MAXHOST];
991 char h1[NI_MAXHOST], h2[NI_MAXHOST];
992 struct addrinfo hints, *res, *r;
993 int error;
994 const int niflags = NI_NUMERICHOST;
995
996 _DIAGASSERT(raddr != NULL);
997
998 h1[0] = remotehost[0] = '\0';
999 if (getnameinfo(raddr, salen, remotehost, (socklen_t)sizeof(remotehost),
1000 NULL, 0, NI_NAMEREQD) != 0)
1001 return NULL;
1002 if (getnameinfo(raddr, salen, h1, (socklen_t)sizeof(h1), NULL, 0,
1003 niflags) != 0)
1004 return NULL;
1005
1006 /*
1007 * Look up the name and check that the supplied
1008 * address is in the list
1009 */
1010 memset(&hints, 0, sizeof(hints));
1011 hints.ai_family = raddr->sa_family;
1012 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
1013 hints.ai_flags = AI_CANONNAME;
1014 res = NULL;
1015 error = getaddrinfo(remotehost, "0", &hints, &res);
1016 if (error)
1017 return NULL;
1018
1019 for (r = res; r; r = r->ai_next) {
1020 h2[0] = '\0';
1021 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2,
1022 (socklen_t)sizeof(h2), NULL, 0, niflags) != 0)
1023 continue;
1024 if (strcmp(h1, h2) == 0) {
1025 freeaddrinfo(res);
1026 return remotehost;
1027 }
1028 }
1029
1030 /*
1031 * either the DNS adminstrator has made a configuration
1032 * mistake, or someone has attempted to spoof us
1033 */
1034 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
1035 h1, res->ai_canonname ? res->ai_canonname : remotehost);
1036 freeaddrinfo(res);
1037 return NULL;
1038 }
MINIX 3 (repo.or.cz mirror)