* Copyright (c) 1988, 1989 The Regents of the University of California.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
"@(#) Copyright (c) 1988, 1989 The Regents of the University of California.\n\
static char sccsid
[] = "@(#)rshd.c 5.38 (Berkeley) 3/2/91";
* $Source: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v $
* $Header: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v
* 5.2 89/07/31 19:30:04 kfall Exp $
char *index(), *rindex(), *strncat();
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n"
char authbuf
[sizeof(AUTH_DAT
)];
char tickbuf
[sizeof(KTEXT_ST
)];
int doencrypt
, use_kerberos
, vacuous
;
extern int opterr
, optind
;
extern int _check_rhosts_file
;
openlog("rshd", LOG_PID
| LOG_ODELAY
, LOG_DAEMON
);
while ((ch
= getopt(argc
, argv
, OPTIONS
)) != EOF
)
if (use_kerberos
&& vacuous
) {
syslog(LOG_ERR
, "only one of -k and -v allowed");
if (doencrypt
&& !use_kerberos
) {
syslog(LOG_ERR
, "-k is required for -x");
if (getpeername(0, (struct sockaddr
*)&from
, &fromlen
) < 0) {
syslog(LOG_ERR
, "getpeername: %m");
setsockopt(0, SOL_SOCKET
, SO_KEEPALIVE
, (char *)&on
,
syslog(LOG_WARNING
, "setsockopt (SO_KEEPALIVE): %m");
linger
.l_linger
= 60; /* XXX */
if (setsockopt(0, SOL_SOCKET
, SO_LINGER
, (char *)&linger
,
syslog(LOG_WARNING
, "setsockopt (SO_LINGER): %m");
char username
[20] = "USER=";
char homedir
[64] = "HOME=";
char shell
[64] = "SHELL=";
char path
[100] = "PATH=";
{homedir
, shell
, path
, username
, 0};
struct sockaddr_in
*fromp
;
char cmdbuf
[NCARGS
+1], *cp
;
char locuser
[16], remuser
[16];
char *hostname
, *errorstr
= NULL
, *errorhost
;
char remotehost
[2 * MAXHOSTNAMELEN
+ 1];
AUTH_DAT
*kdata
= (AUTH_DAT
*) NULL
;
KTEXT ticket
= (KTEXT
) NULL
;
char instance
[INST_SZ
], version
[VERSION_SIZE
];
struct sockaddr_in fromaddr
;
(void) signal(SIGINT
, SIG_DFL
);
(void) signal(SIGQUIT
, SIG_DFL
);
(void) signal(SIGTERM
, SIG_DFL
);
{ int t
= open(_PATH_TTY
, 2);
ioctl(t
, TIOCNOTTY
, (char *)0);
fromp
->sin_port
= ntohs((u_short
)fromp
->sin_port
);
if (fromp
->sin_family
!= AF_INET
) {
syslog(LOG_ERR
, "malformed \"from\" address (af %d)\n",
u_char optbuf
[BUFSIZ
/3], *cp
;
int optsize
= sizeof(optbuf
), ipproto
;
if ((ip
= getprotobyname("ip")) != NULL
)
if (!getsockopt(0, ipproto
, IP_OPTIONS
, (char *)optbuf
, &optsize
) &&
for (cp
= optbuf
; optsize
> 0; cp
++, optsize
--, lp
+= 3)
sprintf(lp
, " %2.2x", *cp
);
"Connection received from %s using IP options (ignored):%s",
inet_ntoa(fromp
->sin_addr
), lbuf
);
if (setsockopt(0, ipproto
, IP_OPTIONS
,
(char *)NULL
, optsize
) != 0) {
syslog(LOG_ERR
, "setsockopt IP_OPTIONS NULL: %m");
if (fromp
->sin_port
>= IPPORT_RESERVED
||
fromp
->sin_port
< IPPORT_RESERVED
/2) {
syslog(LOG_NOTICE
|LOG_AUTH
,
"Connection from %s on illegal port",
inet_ntoa(fromp
->sin_addr
));
if ((cc
= read(0, &c
, 1)) != 1) {
syslog(LOG_NOTICE
, "read: %m");
port
= port
* 10 + c
- '0';
int lport
= IPPORT_RESERVED
- 1;
syslog(LOG_ERR
, "can't get stderr port: %m");
if (port
>= IPPORT_RESERVED
) {
syslog(LOG_ERR
, "2nd port not reserved\n");
fromp
->sin_port
= htons(port
);
if (connect(s
, (struct sockaddr
*)fromp
, sizeof (*fromp
)) < 0) {
syslog(LOG_INFO
, "connect second port: %m");
error("rshd: remote host requires Kerberos authentication\n");
/* from inetd, socket is already on 0, 1, 2 */
hp
= gethostbyaddr((char *)&fromp
->sin_addr
, sizeof (struct in_addr
),
* If name returned by gethostbyaddr is in our domain,
* attempt to verify that we haven't been fooled by someone
* in a remote net; look up the name and check that this
* address corresponds to the name.
if (check_all
|| local_domain(hp
->h_name
)) {
strncpy(remotehost
, hp
->h_name
, sizeof(remotehost
) - 1);
remotehost
[sizeof(remotehost
) - 1] = 0;
hp
= gethostbyname(remotehost
);
"Couldn't look up address for %s",
"Couldn't look up address for your host (%s)\n";
hostname
= inet_ntoa(fromp
->sin_addr
);
} else for (; ; hp
->h_addr_list
++) {
if (hp
->h_addr_list
[0] == NULL
) {
"Host addr %s not listed for host %s",
inet_ntoa(fromp
->sin_addr
),
"Host address mismatch for %s\n";
hostname
= inet_ntoa(fromp
->sin_addr
);
if (!bcmp(hp
->h_addr_list
[0],
(caddr_t
)&fromp
->sin_addr
,
sizeof(fromp
->sin_addr
))) {
errorhost
= hostname
= inet_ntoa(fromp
->sin_addr
);
kdata
= (AUTH_DAT
*) authbuf
;
ticket
= (KTEXT
) tickbuf
;
version
[VERSION_SIZE
- 1] = '\0';
struct sockaddr_in local_addr
;
if (getsockname(0, (struct sockaddr
*)&local_addr
,
syslog(LOG_ERR
, "getsockname: %m");
error("rlogind: getsockname: %m");
authopts
= KOPT_DO_MUTUAL
;
rc
= krb_recvauth(authopts
, 0, ticket
,
"rcmd", instance
, &fromaddr
,
&local_addr
, kdata
, "", schedule
,
des_set_key(kdata
->session
, schedule
);
rc
= krb_recvauth(authopts
, 0, ticket
, "rcmd",
(struct sockaddr_in
*) 0,
kdata
, "", (bit_64
*) 0, version
);
error("Kerberos authentication failure: %s\n",
getstr(remuser
, sizeof(remuser
), "remuser");
getstr(locuser
, sizeof(locuser
), "locuser");
getstr(cmdbuf
, sizeof(cmdbuf
), "command");
errorstr
= "Login incorrect.\n";
if (chdir(pwd
->pw_dir
) < 0) {
error("No remote directory.\n");
if (pwd
->pw_passwd
!= 0 && *pwd
->pw_passwd
!= '\0') {
if (kuserok(kdata
, locuser
) != 0) {
syslog(LOG_NOTICE
|LOG_AUTH
,
"Kerberos rsh denied to %s.%s@%s",
kdata
->pname
, kdata
->pinst
, kdata
->prealm
);
error("Permission denied.\n");
pwd
->pw_passwd
!= 0 && *pwd
->pw_passwd
!= '\0' &&
ruserok(hostname
, pwd
->pw_uid
== 0, remuser
, locuser
) < 0) {
errorstr
= "Permission denied.\n";
error(errorstr
, errorhost
);
if (pwd
->pw_uid
&& !access(_PATH_NOLOGIN
, F_OK
)) {
error("Logins currently disabled.\n");
(void) write(2, "\0", 1);
error("Can't make pipe.\n");
error("Can't make 2nd pipe.\n");
error("Can't make 3rd pipe.\n");
error("Can't fork; try again.\n");
static char msg
[] = SECURE_MESSAGE
;
des_write(s
, msg
, sizeof(msg
));
(void) close(0); (void) close(1);
(void) close(2); (void) close(pv
[1]);
FD_SET(pv
[0], &readfrom
);
FD_SET(pv2
[0], &writeto
);
FD_SET(pv1
[0], &readfrom
);
ioctl(pv
[0], FIONBIO
, (char *)&one
);
(struct timeval
*) 0) < 0)
if (select(nfd
, &ready
, (fd_set
*)0,
(fd_set
*)0, (struct timeval
*)0) < 0)
if (FD_ISSET(s
, &ready
)) {
ret
= des_read(s
, &sig
, 1);
if (FD_ISSET(pv
[0], &ready
)) {
cc
= read(pv
[0], buf
, sizeof(buf
));
FD_CLR(pv
[0], &readfrom
);
if (doencrypt
&& FD_ISSET(pv1
[0], &ready
)) {
cc
= read(pv1
[0], buf
, sizeof(buf
));
FD_CLR(pv1
[0], &readfrom
);
(void) des_write(1, buf
, cc
);
if (doencrypt
&& FD_ISSET(pv2
[0], &wready
)) {
cc
= des_read(0, buf
, sizeof(buf
));
FD_CLR(pv2
[0], &writeto
);
(void) write(pv2
[0], buf
, cc
);
} while (FD_ISSET(s
, &readfrom
) ||
(doencrypt
&& FD_ISSET(pv1
[0], &readfrom
)) ||
FD_ISSET(pv
[0], &readfrom
));
(void) close(s
); (void) close(pv
[0]);
close(pv1
[0]); close(pv2
[0]);
if (*pwd
->pw_shell
== '\0')
pwd
->pw_shell
= _PATH_BSHELL
;
if (setlogin(pwd
->pw_name
) < 0)
syslog(LOG_ERR
, "setlogin() failed: %m");
(void) setgid((gid_t
)pwd
->pw_gid
);
initgroups(pwd
->pw_name
, pwd
->pw_gid
);
(void) setuid((uid_t
)pwd
->pw_uid
);
strncat(homedir
, pwd
->pw_dir
, sizeof(homedir
)-6);
strcat(path
, _PATH_DEFPATH
);
strncat(shell
, pwd
->pw_shell
, sizeof(shell
)-7);
strncat(username
, pwd
->pw_name
, sizeof(username
)-6);
cp
= rindex(pwd
->pw_shell
, '/');
syslog(LOG_INFO
|LOG_AUTH
,
"ROOT Kerberos shell from %s.%s@%s on %s, comm: %s\n",
kdata
->pname
, kdata
->pinst
, kdata
->prealm
,
syslog(LOG_INFO
|LOG_AUTH
,
"ROOT shell from %s@%s, comm: %s\n",
remuser
, hostname
, cmdbuf
);
execl(pwd
->pw_shell
, cp
, "-c", cmdbuf
, 0);
* Report error to client.
* Note: can't be used until second socket has connected
* to client, or older clients will hang waiting
* for that connection first.
char buf
[BUFSIZ
], *bp
= buf
;
(void) sprintf(bp
, fmt
, a1
, a2
, a3
);
(void) write(2, buf
, strlen(buf
));
error("%s too long\n", err
);
* Check whether host h is in our local domain,
* defined as sharing the last two components of the domain part,
* or the entire domain part if the local domain has only one component.
* If either name is unqualified (contains no '.'),
* assume that the host is local, as it will be
char localhost
[MAXHOSTNAMELEN
];
char *p1
, *p2
, *topdomain();
(void) gethostname(localhost
, sizeof(localhost
));
p1
= topdomain(localhost
);
if (p1
== NULL
|| p2
== NULL
|| !strcasecmp(p1
, p2
))
for (p
= h
+ strlen(h
); p
>= h
; p
--) {
syslog(LOG_ERR
, "usage: rshd [-%s]", OPTIONS
);