search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / heimdal / appl / rsh / rshd.c
blob643b41eb7e9251dd7fc4d77ce2c038847d805d3d
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "rsh_locl.h"
35 #include "login_locl.h"
36 __RCSID("$Heimdal: rshd.c 21515 2007-07-12 12:47:07Z lha $"
37 "$NetBSD$");
38
39 int
40 login_access( struct passwd *user, char *from);
41 int
42 read_limits_conf(const char *file, const struct passwd *pwd);
43
44 #ifdef NEED_IRUSEROK_PROTO
45 int iruserok(uint32_t, int, const char *, const char *);
46 #endif
47
48 enum auth_method auth_method;
49
50 #ifdef KRB5
51 krb5_context context;
52 krb5_keyblock *keyblock;
53 krb5_crypto crypto;
54 #endif
55
56 #ifdef KRB4
57 des_key_schedule schedule;
58 des_cblock iv;
59 #endif
60
61 #ifdef KRB5
62 krb5_ccache ccache, ccache2;
63 int kerberos_status = 0;
64 #endif
65
66 int do_encrypt = 0;
67
68 static int do_unique_tkfile = 0;
69 static char tkfile[MAXPATHLEN] = "";
70
71 static int do_inetd = 1;
72 static char *port_str;
73 static int do_rhosts = 1;
74 static int do_kerberos = 0;
75 #define DO_KRB4 2
76 #define DO_KRB5 4
77 static int do_vacuous = 0;
78 static int do_log = 1;
79 static int do_newpag = 1;
80 static int do_addr_verify = 0;
81 static int do_keepalive = 1;
82 static int do_version;
83 static int do_help = 0;
84
85 static void
86 syslog_and_die (const char *m, ...)
87 __attribute__ ((format (printf, 1, 2)));
88
89 static void
90 syslog_and_die (const char *m, ...)
91 {
92 va_list args;
93
94 va_start(args, m);
95 vsyslog (LOG_ERR, m, args);
96 va_end(args);
97 exit (1);
98 }
99
100 static void
101 fatal (int, const char*, const char *, ...)
102 __attribute__ ((noreturn, format (printf, 3, 4)));
103
104 static void
105 fatal (int sock, const char *what, const char *m, ...)
106 {
107 va_list args;
108 char buf[BUFSIZ];
109 size_t len;
110
111 *buf = 1;
112 va_start(args, m);
113 len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args);
114 len = min(len, sizeof(buf) - 1);
115 va_end(args);
116 if(what != NULL)
117 syslog (LOG_ERR, "%s: %m: %s", what, buf + 1);
118 else
119 syslog (LOG_ERR, "%s", buf + 1);
120 net_write (sock, buf, len + 1);
121 exit (1);
122 }
123
124 static char *
125 read_str (int s, size_t sz, char *expl)
126 {
127 char *str = malloc(sz);
128 char *p = str;
129 if(str == NULL)
130 fatal(s, NULL, "%s too long", expl);
131 while(p < str + sz) {
132 if(net_read(s, p, 1) != 1)
133 syslog_and_die("read: %m");
134 if(*p == '\0')
135 return str;
136 p++;
137 }
138 fatal(s, NULL, "%s too long", expl);
139 }
140
141 static int
142 recv_bsd_auth (int s, u_char *buf,
143 struct sockaddr_in *thisaddr,
144 struct sockaddr_in *thataddr,
145 char **client_username,
146 char **server_username,
147 char **cmd)
148 {
149 struct passwd *pwd;
150
151 *client_username = read_str (s, USERNAME_SZ, "local username");
152 *server_username = read_str (s, USERNAME_SZ, "remote username");
153 *cmd = read_str (s, ARG_MAX + 1, "command");
154 pwd = getpwnam(*server_username);
155 if (pwd == NULL)
156 fatal(s, NULL, "Login incorrect.");
157 if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0,
158 *client_username, *server_username))
159 fatal(s, NULL, "Login incorrect.");
160 return 0;
161 }
162
163 #ifdef KRB4
164 static int
165 recv_krb4_auth (int s, u_char *buf,
166 struct sockaddr *thisaddr,
167 struct sockaddr *thataddr,
168 char **client_username,
169 char **server_username,
170 char **cmd)
171 {
172 int status;
173 int32_t options;
174 KTEXT_ST ticket;
175 AUTH_DAT auth;
176 char instance[INST_SZ + 1];
177 char version[KRB_SENDAUTH_VLEN + 1];
178
179 if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
180 return -1;
181 if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
182 KRB_SENDAUTH_VLEN - 4)
183 syslog_and_die ("reading auth info: %m");
184 if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
185 syslog_and_die("unrecognized auth protocol: %.8s", buf);
186
187 options = KOPT_IGNORE_PROTOCOL;
188 if (do_encrypt)
189 options |= KOPT_DO_MUTUAL;
190 k_getsockinst (s, instance, sizeof(instance));
191 status = krb_recvauth (options,
192 s,
193 &ticket,
194 "rcmd",
195 instance,
196 (struct sockaddr_in *)thataddr,
197 (struct sockaddr_in *)thisaddr,
198 &auth,
199 "",
200 schedule,
201 version);
202 if (status != KSUCCESS)
203 syslog_and_die ("recvauth: %s", krb_get_err_text(status));
204 if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
205 syslog_and_die ("bad version: %s", version);
206
207 *server_username = read_str (s, USERNAME_SZ, "remote username");
208 if (kuserok (&auth, *server_username) != 0)
209 fatal (s, NULL, "Permission denied.");
210 *cmd = read_str (s, ARG_MAX + 1, "command");
211
212 syslog(LOG_INFO|LOG_AUTH,
213 "kerberos v4 shell from %s on %s as %s, cmd '%.80s'",
214 krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm),
215
216 inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr),
217 *server_username,
218 *cmd);
219
220 memcpy (iv, auth.session, sizeof(iv));
221
222 return 0;
223 }
224
225 #endif /* KRB4 */
226
227 #ifdef KRB5
228 static int
229 save_krb5_creds (int s,
230 krb5_auth_context auth_context,
231 krb5_principal client)
232
233 {
234 int ret;
235 krb5_data remote_cred;
236
237 krb5_data_zero (&remote_cred);
238 ret= krb5_read_message (context, (void *)&s, &remote_cred);
239 if (ret) {
240 krb5_data_free(&remote_cred);
241 return 0;
242 }
243 if (remote_cred.length == 0)
244 return 0;
245
246 ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
247 if (ret) {
248 krb5_data_free(&remote_cred);
249 return 0;
250 }
251
252 krb5_cc_initialize(context,ccache,client);
253 ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
254 if(ret != 0)
255 syslog(LOG_INFO|LOG_AUTH,
256 "reading creds: %s", krb5_get_err_text(context, ret));
257 krb5_data_free (&remote_cred);
258 if (ret)
259 return 0;
260 return 1;
261 }
262
263 static void
264 krb5_start_session (void)
265 {
266 krb5_error_code ret;
267 char *estr;
268
269 ret = krb5_cc_resolve (context, tkfile, &ccache2);
270 if (ret) {
271 estr = krb5_get_error_string(context);
272 syslog(LOG_WARNING, "resolve cred cache %s: %s",
273 tkfile,
274 estr ? estr : krb5_get_err_text(context, ret));
275 free(estr);
276 krb5_cc_destroy(context, ccache);
277 return;
278 }
279
280 ret = krb5_cc_copy_cache (context, ccache, ccache2);
281 if (ret) {
282 estr = krb5_get_error_string(context);
283 syslog(LOG_WARNING, "storing credentials: %s",
284 estr ? estr : krb5_get_err_text(context, ret));
285 free(estr);
286 krb5_cc_destroy(context, ccache);
287 return ;
288 }
289
290 krb5_cc_close(context, ccache2);
291 krb5_cc_destroy(context, ccache);
292 return;
293 }
294
295 static int protocol_version;
296
297 static krb5_boolean
298 match_kcmd_version(const void *data, const char *version)
299 {
300 if(strcmp(version, KCMD_NEW_VERSION) == 0) {
301 protocol_version = 2;
302 return TRUE;
303 }
304 if(strcmp(version, KCMD_OLD_VERSION) == 0) {
305 protocol_version = 1;
306 key_usage = KRB5_KU_OTHER_ENCRYPTED;
307 return TRUE;
308 }
309 return FALSE;
310 }
311
312
313 static int
314 recv_krb5_auth (int s, u_char *buf,
315 struct sockaddr *thisaddr,
316 struct sockaddr *thataddr,
317 char **client_username,
318 char **server_username,
319 char **cmd)
320 {
321 uint32_t len;
322 krb5_auth_context auth_context = NULL;
323 krb5_ticket *ticket;
324 krb5_error_code status;
325 krb5_data cksum_data;
326 krb5_principal server;
327 char *str;
328
329 if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
330 return -1;
331 len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
332
333 if (net_read(s, buf, len) != len)
334 syslog_and_die ("reading auth info: %m");
335 if (len != sizeof(KRB5_SENDAUTH_VERSION)
336 || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
337 syslog_and_die ("bad sendauth version: %.8s", buf);
338
339 status = krb5_sock_to_principal (context,
340 s,
341 "host",
342 KRB5_NT_SRV_HST,
343 &server);
344 if (status)
345 syslog_and_die ("krb5_sock_to_principal: %s",
346 krb5_get_err_text(context, status));
347
348 status = krb5_recvauth_match_version(context,
349 &auth_context,
350 &s,
351 match_kcmd_version,
352 NULL,
353 server,
354 KRB5_RECVAUTH_IGNORE_VERSION,
355 NULL,
356 &ticket);
357 krb5_free_principal (context, server);
358 if (status)
359 syslog_and_die ("krb5_recvauth: %s",
360 krb5_get_err_text(context, status));
361
362 *server_username = read_str (s, USERNAME_SZ, "remote username");
363 *cmd = read_str (s, ARG_MAX + 1, "command");
364 *client_username = read_str (s, ARG_MAX + 1, "local username");
365
366 if(protocol_version == 2) {
367 status = krb5_auth_con_getremotesubkey(context, auth_context,
368 &keyblock);
369 if(status != 0 || keyblock == NULL)
370 syslog_and_die("failed to get remote subkey");
371 } else if(protocol_version == 1) {
372 status = krb5_auth_con_getkey (context, auth_context, &keyblock);
373 if(status != 0 || keyblock == NULL)
374 syslog_and_die("failed to get key");
375 }
376 if (status != 0 || keyblock == NULL)
377 syslog_and_die ("krb5_auth_con_getkey: %s",
378 krb5_get_err_text(context, status));
379
380 status = krb5_crypto_init(context, keyblock, 0, &crypto);
381 if(status)
382 syslog_and_die("krb5_crypto_init: %s",
383 krb5_get_err_text(context, status));
384
385
386 cksum_data.length = asprintf (&str,
387 "%u:%s%s",
388 ntohs(socket_get_port (thisaddr)),
389 *cmd,
390 *server_username);
391 if (str == NULL)
392 syslog_and_die ("asprintf: out of memory");
393 cksum_data.data = str;
394
395 status = krb5_verify_authenticator_checksum(context,
396 auth_context,
397 cksum_data.data,
398 cksum_data.length);
399
400 if (status)
401 syslog_and_die ("krb5_verify_authenticator_checksum: %s",
402 krb5_get_err_text(context, status));
403
404 free (cksum_data.data);
405
406 if (strncmp (*client_username, "-u ", 3) == 0) {
407 do_unique_tkfile = 1;
408 memmove (*client_username, *client_username + 3,
409 strlen(*client_username) - 2);
410 }
411
412 if (strncmp (*client_username, "-U ", 3) == 0) {
413 char *end, *temp_tkfile;
414
415 do_unique_tkfile = 1;
416 if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
417 temp_tkfile = tkfile;
418 } else {
419 strlcpy (tkfile, "FILE:", sizeof(tkfile));
420 temp_tkfile = tkfile + 5;
421 }
422 end = strchr(*client_username + 3,' ');
423 if (end == NULL)
424 syslog_and_die("missing argument after -U");
425 snprintf(temp_tkfile, sizeof(tkfile) - (temp_tkfile - tkfile),
426 "%.*s",
427 (int)(end - *client_username - 3),
428 *client_username + 3);
429 memmove (*client_username, end + 1, strlen(end+1)+1);
430 }
431
432 kerberos_status = save_krb5_creds (s, auth_context, ticket->client);
433
434 if(!krb5_kuserok (context,
435 ticket->client,
436 *server_username))
437 fatal (s, NULL, "Permission denied.");
438
439 if (strncmp (*cmd, "-x ", 3) == 0) {
440 do_encrypt = 1;
441 memmove (*cmd, *cmd + 3, strlen(*cmd) - 2);
442 } else {
443 if(do_encrypt)
444 fatal (s, NULL, "Encryption is required.");
445 do_encrypt = 0;
446 }
447
448 {
449 char *name;
450
451 if (krb5_unparse_name (context, ticket->client, &name) == 0) {
452 char addr_str[256];
453
454 if (inet_ntop (thataddr->sa_family,
455 socket_get_address (thataddr),
456 addr_str, sizeof(addr_str)) == NULL)
457 strlcpy (addr_str, "unknown address",
458 sizeof(addr_str));
459
460 syslog(LOG_INFO|LOG_AUTH,
461 "kerberos v5 shell from %s on %s as %s, cmd '%.80s'",
462 name,
463 addr_str,
464 *server_username,
465 *cmd);
466 free (name);
467 }
468 }
469
470 return 0;
471 }
472 #endif /* KRB5 */
473
474 static void
475 rshd_loop (int from0, int to0,
476 int to1, int from1,
477 int to2, int from2,
478 int have_errsock)
479 {
480 fd_set real_readset;
481 int max_fd;
482 int count = 2;
483 char *buf;
484
485 if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
486 errx (1, "fd too large");
487
488 #ifdef KRB5
489 if(auth_method == AUTH_KRB5 && protocol_version == 2)
490 init_ivecs(0, have_errsock);
491 #endif
492
493 FD_ZERO(&real_readset);
494 FD_SET(from0, &real_readset);
495 FD_SET(from1, &real_readset);
496 FD_SET(from2, &real_readset);
497 max_fd = max(from0, max(from1, from2)) + 1;
498
499 buf = malloc(max(RSHD_BUFSIZ, RSH_BUFSIZ));
500 if (buf == NULL)
501 syslog_and_die("out of memory");
502
503 for (;;) {
504 int ret;
505 fd_set readset = real_readset;
506
507 ret = select (max_fd, &readset, NULL, NULL, NULL);
508 if (ret < 0) {
509 if (errno == EINTR)
510 continue;
511 else
512 syslog_and_die ("select: %m");
513 }
514 if (FD_ISSET(from0, &readset)) {
515 ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]);
516 if (ret < 0)
517 syslog_and_die ("read: %m");
518 else if (ret == 0) {
519 close (from0);
520 close (to0);
521 FD_CLR(from0, &real_readset);
522 } else
523 net_write (to0, buf, ret);
524 }
525 if (FD_ISSET(from1, &readset)) {
526 ret = read (from1, buf, RSH_BUFSIZ);
527 if (ret < 0)
528 syslog_and_die ("read: %m");
529 else if (ret == 0) {
530 close (from1);
531 close (to1);
532 FD_CLR(from1, &real_readset);
533 if (--count == 0)
534 exit (0);
535 } else
536 do_write (to1, buf, ret, ivec_out[0]);
537 }
538 if (FD_ISSET(from2, &readset)) {
539 ret = read (from2, buf, RSH_BUFSIZ);
540 if (ret < 0)
541 syslog_and_die ("read: %m");
542 else if (ret == 0) {
543 close (from2);
544 close (to2);
545 FD_CLR(from2, &real_readset);
546 if (--count == 0)
547 exit (0);
548 } else
549 do_write (to2, buf, ret, ivec_out[1]);
550 }
551 }
552 }
553
554 /*
555 * Used by `setup_copier' to create some pipe-like means of
556 * communcation. Real pipes would probably be the best thing, but
557 * then the shell doesn't understand it's talking to rshd. If
558 * socketpair doesn't work everywhere, some autoconf magic would have
559 * to be added here.
560 *
561 * If it fails creating the `pipe', it aborts by calling fatal.
562 */
563
564 static void
565 pipe_a_like (int fd[2])
566 {
567 if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0)
568 fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed.");
569 }
570
571 /*
572 * Start a child process and leave the parent copying data to and from it. */
573
574 static void
575 setup_copier (int have_errsock)
576 {
577 int p0[2], p1[2], p2[2];
578 pid_t pid;
579
580 pipe_a_like(p0);
581 pipe_a_like(p1);
582 pipe_a_like(p2);
583 pid = fork ();
584 if (pid < 0)
585 fatal (STDOUT_FILENO, "fork", "Could not create child process.");
586 if (pid == 0) { /* child */
587 close (p0[1]);
588 close (p1[0]);
589 close (p2[0]);
590 dup2 (p0[0], STDIN_FILENO);
591 dup2 (p1[1], STDOUT_FILENO);
592 dup2 (p2[1], STDERR_FILENO);
593 close (p0[0]);
594 close (p1[1]);
595 close (p2[1]);
596 } else { /* parent */
597 close (p0[0]);
598 close (p1[1]);
599 close (p2[1]);
600
601 if (net_write (STDOUT_FILENO, "", 1) != 1)
602 fatal (STDOUT_FILENO, "net_write", "Write failure.");
603
604 rshd_loop (STDIN_FILENO, p0[1],
605 STDOUT_FILENO, p1[0],
606 STDERR_FILENO, p2[0],
607 have_errsock);
608 }
609 }
610
611 /*
612 * Is `port' a ``reserverd'' port?
613 */
614
615 static int
616 is_reserved(u_short port)
617 {
618 return ntohs(port) < IPPORT_RESERVED;
619 }
620
621 /*
622 * Set the necessary part of the environment in `env'.
623 */
624
625 static void
626 setup_environment (char ***env, const struct passwd *pwd)
627 {
628 int i, j, path;
629 char **e;
630
631 i = 0;
632 path = 0;
633 *env = NULL;
634
635 i = read_environment(_PATH_ETC_ENVIRONMENT, env);
636 e = *env;
637 for (j = 0; j < i; j++) {
638 if (!strncmp(e[j], "PATH=", 5)) {
639 path = 1;
640 }
641 }
642
643 e = *env;
644 e = realloc(e, (i + 7) * sizeof(char *));
645
646 if (asprintf (&e[i++], "USER=%s", pwd->pw_name) == -1)
647 syslog_and_die ("asprintf: out of memory");
648 if (asprintf (&e[i++], "HOME=%s", pwd->pw_dir) == -1)
649 syslog_and_die ("asprintf: out of memory");
650 if (asprintf (&e[i++], "SHELL=%s", pwd->pw_shell) == -1)
651 syslog_and_die ("asprintf: out of memory");
652 if (! path) {
653 if (asprintf (&e[i++], "PATH=%s", _PATH_DEFPATH) == -1)
654 syslog_and_die ("asprintf: out of memory");
655 }
656 asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy");
657 if (do_unique_tkfile)
658 if (asprintf (&e[i++], "KRB5CCNAME=%s", tkfile) == -1)
659 syslog_and_die ("asprintf: out of memory");
660 e[i++] = NULL;
661 *env = e;
662 }
663
664 static void
665 doit (void)
666 {
667 u_char buf[BUFSIZ];
668 u_char *p;
669 struct sockaddr_storage thisaddr_ss;
670 struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
671 struct sockaddr_storage thataddr_ss;
672 struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
673 struct sockaddr_storage erraddr_ss;
674 struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
675 socklen_t thisaddr_len, thataddr_len;
676 int port;
677 int errsock = -1;
678 char *client_user = NULL, *server_user = NULL, *cmd = NULL;
679 struct passwd *pwd;
680 int s = STDIN_FILENO;
681 char **env;
682 int ret;
683 char that_host[NI_MAXHOST];
684
685 thisaddr_len = sizeof(thisaddr_ss);
686 if (getsockname (s, thisaddr, &thisaddr_len) < 0)
687 syslog_and_die("getsockname: %m");
688 thataddr_len = sizeof(thataddr_ss);
689 if (getpeername (s, thataddr, &thataddr_len) < 0)
690 syslog_and_die ("getpeername: %m");
691
692 /* check for V4MAPPED addresses? */
693
694 if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
695 fatal(s, NULL, "Permission denied.");
696
697 p = buf;
698 port = 0;
699 for(;;) {
700 if (net_read (s, p, 1) != 1)
701 syslog_and_die ("reading port number: %m");
702 if (*p == '\0')
703 break;
704 else if (isdigit(*p))
705 port = port * 10 + *p - '0';
706 else
707 syslog_and_die ("non-digit in port number: %c", *p);
708 }
709
710 if (do_kerberos == 0 && !is_reserved(htons(port)))
711 fatal(s, NULL, "Permission denied.");
712
713 if (port) {
714 int priv_port = IPPORT_RESERVED - 1;
715
716 /*
717 * There's no reason to require a ``privileged'' port number
718 * here, but for some reason the brain dead rsh clients
719 * do... :-(
720 */
721
722 erraddr->sa_family = thataddr->sa_family;
723 socket_set_address_and_port (erraddr,
724 socket_get_address (thataddr),
725 htons(port));
726
727 /*
728 * we only do reserved port for IPv4
729 */
730
731 if (erraddr->sa_family == AF_INET)
732 errsock = rresvport (&priv_port);
733 else
734 errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
735 if (errsock < 0)
736 syslog_and_die ("socket: %m");
737 if (connect (errsock,
738 erraddr,
739 socket_sockaddr_size (erraddr)) < 0) {
740 syslog (LOG_WARNING, "connect: %m");
741 close (errsock);
742 }
743 }
744
745 if(do_kerberos) {
746 if (net_read (s, buf, 4) != 4)
747 syslog_and_die ("reading auth info: %m");
748
749 #ifdef KRB4
750 if ((do_kerberos & DO_KRB4) &&
751 recv_krb4_auth (s, buf, thisaddr, thataddr,
752 &client_user,
753 &server_user,
754 &cmd) == 0)
755 auth_method = AUTH_KRB4;
756 else
757 #endif /* KRB4 */
758 #ifdef KRB5
759 if((do_kerberos & DO_KRB5) &&
760 recv_krb5_auth (s, buf, thisaddr, thataddr,
761 &client_user,
762 &server_user,
763 &cmd) == 0)
764 auth_method = AUTH_KRB5;
765 else
766 #endif /* KRB5 */
767 syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
768 buf[0], buf[1], buf[2], buf[3]);
769 } else {
770 if(recv_bsd_auth (s, buf,
771 (struct sockaddr_in *)thisaddr,
772 (struct sockaddr_in *)thataddr,
773 &client_user,
774 &server_user,
775 &cmd) == 0) {
776 auth_method = AUTH_BROKEN;
777 if(do_vacuous) {
778 printf("Remote host requires Kerberos authentication\n");
779 exit(0);
780 }
781 } else
782 syslog_and_die("recv_bsd_auth failed");
783 }
784
785 if (client_user == NULL || server_user == NULL || cmd == NULL)
786 syslog_and_die("mising client/server/cmd");
787
788 pwd = getpwnam (server_user);
789 if (pwd == NULL)
790 fatal (s, NULL, "Login incorrect.");
791
792 if (*pwd->pw_shell == '\0')
793 pwd->pw_shell = _PATH_BSHELL;
794
795 if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
796 fatal (s, NULL, "Login disabled.");
797
798
799 ret = getnameinfo_verified (thataddr, thataddr_len,
800 that_host, sizeof(that_host),
801 NULL, 0, 0);
802 if (ret)
803 fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret));
804
805 if (login_access(pwd, that_host) == 0) {
806 syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
807 server_user, that_host);
808 fatal(s, NULL, "Permission denied.");
809 }
810
811 #ifdef HAVE_GETSPNAM
812 {
813 struct spwd *sp;
814 long today;
815
816 sp = getspnam(server_user);
817 if (sp != NULL) {
818 today = time(0)/(24L * 60 * 60);
819 if (sp->sp_expire > 0)
820 if (today > sp->sp_expire)
821 fatal(s, NULL, "Account has expired.");
822 }
823 }
824 #endif
825
826
827 #ifdef HAVE_SETLOGIN
828 if (setlogin(pwd->pw_name) < 0)
829 syslog(LOG_ERR, "setlogin() failed: %m");
830 #endif
831
832 #ifdef HAVE_SETPCRED
833 if (setpcred (pwd->pw_name, NULL) == -1)
834 syslog(LOG_ERR, "setpcred() failure: %m");
835 #endif /* HAVE_SETPCRED */
836
837 /* Apply limits if not root */
838 if(pwd->pw_uid != 0) {
839 const char *file = _PATH_LIMITS_CONF;
840 read_limits_conf(file, pwd);
841 }
842
843 if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
844 fatal (s, "initgroups", "Login incorrect.");
845
846 if (setgid(pwd->pw_gid) < 0)
847 fatal (s, "setgid", "Login incorrect.");
848
849 if (setuid (pwd->pw_uid) < 0)
850 fatal (s, "setuid", "Login incorrect.");
851
852 if (chdir (pwd->pw_dir) < 0)
853 fatal (s, "chdir", "Remote directory.");
854
855 if (errsock >= 0) {
856 if (dup2 (errsock, STDERR_FILENO) < 0)
857 fatal (s, "dup2", "Cannot dup stderr.");
858 close (errsock);
859 } else {
860 if (dup2 (STDOUT_FILENO, STDERR_FILENO) < 0)
861 fatal (s, "dup2", "Cannot dup stderr.");
862 }
863
864 #ifdef KRB5
865 {
866 int fd;
867
868 if (!do_unique_tkfile)
869 snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu",
870 (unsigned long)pwd->pw_uid);
871 else if (*tkfile=='\0') {
872 snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
873 fd = mkstemp(tkfile+5);
874 close(fd);
875 unlink(tkfile+5);
876 }
877
878 if (kerberos_status)
879 krb5_start_session();
880 }
881 #endif
882
883 setup_environment (&env, pwd);
884
885 if (do_encrypt) {
886 setup_copier (errsock >= 0);
887 } else {
888 if (net_write (s, "", 1) != 1)
889 fatal (s, "net_write", "write failed");
890 }
891
892 #if defined(KRB4) || defined(KRB5)
893 if(k_hasafs()) {
894 char cell[64];
895
896 if(do_newpag)
897 k_setpag();
898 #ifdef KRB4
899 if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
900 krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
901 krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir);
902 #endif
903
904 #ifdef KRB5
905 /* XXX */
906 if (kerberos_status) {
907 krb5_ccache ccache;
908 krb5_error_code status;
909
910 status = krb5_cc_resolve (context, tkfile, &ccache);
911 if (!status) {
912 if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
913 krb5_afslog_uid_home(context, ccache, cell, NULL,
914 pwd->pw_uid, pwd->pw_dir);
915 krb5_afslog_uid_home(context, ccache, NULL, NULL,
916 pwd->pw_uid, pwd->pw_dir);
917 krb5_cc_close (context, ccache);
918 }
919 }
920 #endif /* KRB5 */
921 }
922 #endif /* KRB5 || KRB4 */
923 execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
924 err(1, "exec %s", pwd->pw_shell);
925 }
926
927 struct getargs args[] = {
928 { NULL, 'a', arg_flag, &do_addr_verify },
929 { "keepalive", 'n', arg_negative_flag, &do_keepalive },
930 { "inetd", 'i', arg_negative_flag, &do_inetd,
931 "Not started from inetd" },
932 #if defined(KRB4) || defined(KRB5)
933 { "kerberos", 'k', arg_flag, &do_kerberos,
934 "Implement kerberised services" },
935 { "encrypt", 'x', arg_flag, &do_encrypt,
936 "Implement encrypted service" },
937 #endif
938 { "rhosts", 'l', arg_negative_flag, &do_rhosts,
939 "Don't check users .rhosts" },
940 { "port", 'p', arg_string, &port_str, "Use this port",
941 "port" },
942 { "vacuous", 'v', arg_flag, &do_vacuous,
943 "Don't accept non-kerberised connections" },
944 #if defined(KRB4) || defined(KRB5)
945 { NULL, 'P', arg_negative_flag, &do_newpag,
946 "Don't put process in new PAG" },
947 #endif
948 /* compatibility flag: */
949 { NULL, 'L', arg_flag, &do_log },
950 { "version", 0, arg_flag, &do_version },
951 { "help", 0, arg_flag, &do_help }
952 };
953
954 static void
955 usage (int ret)
956 {
957 if(isatty(STDIN_FILENO))
958 arg_printusage (args,
959 sizeof(args) / sizeof(args[0]),
960 NULL,
961 "");
962 else
963 syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname());
964 exit (ret);
965 }
966
967
968 int
969 main(int argc, char **argv)
970 {
971 int optind = 0;
972 int on = 1;
973
974 setprogname (argv[0]);
975 roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
976
977 if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv,
978 &optind))
979 usage(1);
980
981 if(do_help)
982 usage (0);
983
984 if (do_version) {
985 print_version(NULL);
986 exit(0);
987 }
988
989 #if defined(KRB4) || defined(KRB5)
990 if (do_encrypt)
991 do_kerberos = 1;
992
993 if(do_kerberos)
994 do_kerberos = DO_KRB4 | DO_KRB5;
995 #endif
996
997 #ifdef KRB5
998 if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
999 do_kerberos &= ~DO_KRB5;
1000 #endif
1001
1002 if (!do_inetd) {
1003 int error;
1004 struct addrinfo *ai = NULL, hints;
1005 char portstr[NI_MAXSERV];
1006
1007 memset (&hints, 0, sizeof(hints));
1008 hints.ai_flags = AI_PASSIVE;
1009 hints.ai_socktype = SOCK_STREAM;
1010 hints.ai_family = PF_UNSPEC;
1011
1012 if(port_str != NULL) {
1013 error = getaddrinfo (NULL, port_str, &hints, &ai);
1014 if (error)
1015 errx (1, "getaddrinfo: %s", gai_strerror (error));
1016 }
1017 if (ai == NULL) {
1018 #if defined(KRB4) || defined(KRB5)
1019 if (do_kerberos) {
1020 if (do_encrypt) {
1021 error = getaddrinfo(NULL, "ekshell", &hints, &ai);
1022 if(error == EAI_NONAME) {
1023 snprintf(portstr, sizeof(portstr), "%d", 545);
1024 error = getaddrinfo(NULL, portstr, &hints, &ai);
1025 }
1026 if(error)
1027 errx (1, "getaddrinfo: %s", gai_strerror (error));
1028 } else {
1029 error = getaddrinfo(NULL, "kshell", &hints, &ai);
1030 if(error == EAI_NONAME) {
1031 snprintf(portstr, sizeof(portstr), "%d", 544);
1032 error = getaddrinfo(NULL, portstr, &hints, &ai);
1033 }
1034 if(error)
1035 errx (1, "getaddrinfo: %s", gai_strerror (error));
1036 }
1037 } else
1038 #endif
1039 {
1040 error = getaddrinfo(NULL, "shell", &hints, &ai);
1041 if(error == EAI_NONAME) {
1042 snprintf(portstr, sizeof(portstr), "%d", 514);
1043 error = getaddrinfo(NULL, portstr, &hints, &ai);
1044 }
1045 if(error)
1046 errx (1, "getaddrinfo: %s", gai_strerror (error));
1047 }
1048 }
1049 mini_inetd_addrinfo (ai);
1050 freeaddrinfo(ai);
1051 }
1052
1053 if (do_keepalive &&
1054 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
1055 sizeof(on)) < 0)
1056 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
1057
1058 /* set SO_LINGER? */
1059
1060 signal (SIGPIPE, SIG_IGN);
1061
1062 doit ();
1063 return 0;
1064 }
NetBSD on the FriendlyARM MINI2440