BSD 4_3_Net_2 release

[unix-history] / usr / src / libexec / rshd / rshd.c
diff --git a/usr/src/libexec/rshd/rshd.c b/usr/src/libexec/rshd/rshd.c

index dc80938..f5203ae 100644 (file)
--- a/usr/src/libexec/rshd/rshd.c
+++ b/usr/src/libexec/rshd/rshd.c
@@ -1,38 +1,53 @@
-/*
- * Copyright (c) 1983, 1988, 1989 The Regents of the University of California.
+/*-
+ * Copyright (c) 1988, 1989 The Regents of the University of California.
   * All rights reserved.
   *
   * All rights reserved.
   *
- * Redistribution and use in source and binary forms are permitted provided
- * that: (1) source distributions retain this entire copyright notice and
- * comment, and (2) distributions including binaries display the following
- * acknowledgement:  ``This product includes software developed by the
- * University of California, Berkeley and its contributors'' in the
- * documentation or other materials provided with the distribution and in
- * all advertising materials mentioning features or use of this software.
- * Neither the name of the University nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *     This product includes software developed by the University of
+ *     California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
   */
  
  #ifndef lint
  char copyright[] =
   */
  
  #ifndef lint
  char copyright[] =
-"@(#) Copyright (c) 1983, 1988, 1089 The Regents of the University of California.\n\
+"@(#) Copyright (c) 1988, 1989 The Regents of the University of California.\n\
   All rights reserved.\n";
  #endif /* not lint */
  
  #ifndef lint
   All rights reserved.\n";
  #endif /* not lint */
  
  #ifndef lint
-static char sccsid[] = "@(#)rshd.c     5.34 (Berkeley) 6/29/90";
+static char sccsid[] = "@(#)rshd.c     5.38.1.1 (Berkeley) 8/20/91";
  #endif /* not lint */
  
  #endif /* not lint */
  
-/* From:
+/*
+ * From:
   *     $Source: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v $
   *     $Source: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v $
- *     $Header: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v 5.2 89/07/31 19:30:04 kfall Exp $
+ *     $Header: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v 
+ *             5.2 89/07/31 19:30:04 kfall Exp $
   */
  
   */
  
-
  /*
   * remote shell server:
   *     [port]\0
  /*
   * remote shell server:
   *     [port]\0
@@ -43,23 +58,24 @@ static char sccsid[] = "@(#)rshd.c  5.34 (Berkeley) 6/29/90";
   */
  #include <sys/param.h>
  #include <sys/ioctl.h>
   */
  #include <sys/param.h>
  #include <sys/ioctl.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <sys/signal.h>
  #include <sys/time.h>
  #include <sys/time.h>
+#include <fcntl.h>
+#include <signal.h>
  
  
+#include <sys/socket.h>
  #include <netinet/in.h>
  #include <netinet/in.h>
-
  #include <arpa/inet.h>
  #include <arpa/inet.h>
+#include <netdb.h>
  
  
-#include <stdio.h>
-#include <errno.h>
  #include <pwd.h>
  #include <pwd.h>
-#include <netdb.h>
  #include <syslog.h>
  #include <syslog.h>
-#include "pathnames.h"
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
  
  
-int    errno;
  int    keepalive = 1;
  int    check_all = 0;
  char   *index(), *rindex(), *strncat();
  int    keepalive = 1;
  int    check_all = 0;
  char   *index(), *rindex(), *strncat();
@@ -75,8 +91,7 @@ int   sent_null;
  #define        OPTIONS         "alknvx"
  char   authbuf[sizeof(AUTH_DAT)];
  char   tickbuf[sizeof(KTEXT_ST)];
  #define        OPTIONS         "alknvx"
  char   authbuf[sizeof(AUTH_DAT)];
  char   tickbuf[sizeof(KTEXT_ST)];
-int    use_kerberos = 0, vacuous = 0;
-int    encrypt = 0;
+int    doencrypt, use_kerberos, vacuous;
  Key_schedule   schedule;
  #else
  #define        OPTIONS "aln"
  Key_schedule   schedule;
  #else
  #define        OPTIONS "aln"
@@ -116,9 +131,6 @@ main(argc, argv)
                         vacuous = 1;
                         break;
  
                         vacuous = 1;
                         break;
  
-               case 'x':
-                       encrypt = 1;
-                       break;
  #endif
                 case '?':
                 default:
  #endif
                 case '?':
                 default:
@@ -134,14 +146,10 @@ main(argc, argv)
                 syslog(LOG_ERR, "only one of -k and -v allowed");
                 exit(2);
         }
                 syslog(LOG_ERR, "only one of -k and -v allowed");
                 exit(2);
         }
-       if (encrypt && !use_kerberos) {
-               syslog(LOG_ERR, "-k is required for -x");
-               exit(2);
-       }
  #endif
  
         fromlen = sizeof (from);
  #endif
  
         fromlen = sizeof (from);
-       if (getpeername(0, &from, &fromlen) < 0) {
+       if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
                 syslog(LOG_ERR, "getpeername: %m");
                 _exit(1);
         }
                 syslog(LOG_ERR, "getpeername: %m");
                 _exit(1);
         }
@@ -160,8 +168,9 @@ main(argc, argv)
  char   username[20] = "USER=";
  char   homedir[64] = "HOME=";
  char   shell[64] = "SHELL=";
  char   username[20] = "USER=";
  char   homedir[64] = "HOME=";
  char   shell[64] = "SHELL=";
+char   path[100] = "PATH=";
  char   *envinit[] =
  char   *envinit[] =
-           {homedir, shell, _PATH_DEFPATH, username, 0};
+           {homedir, shell, path, username, 0};
  char   **environ;
  
  doit(fromp)
  char   **environ;
  
  doit(fromp)
@@ -231,7 +240,7 @@ doit(fromp)
                     "Connection received from %s using IP options (ignored):%s",
                     inet_ntoa(fromp->sin_addr), lbuf);
                 if (setsockopt(0, ipproto, IP_OPTIONS,
                     "Connection received from %s using IP options (ignored):%s",
                     inet_ntoa(fromp->sin_addr), lbuf);
                 if (setsockopt(0, ipproto, IP_OPTIONS,
-                   (char *)NULL, &optsize) != 0) {
+                   (char *)NULL, optsize) != 0) {
                         syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
                         exit(1);
                 }
                         syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
                         exit(1);
                 }
@@ -281,7 +290,7 @@ doit(fromp)
                                 exit(1);
                         }
                 fromp->sin_port = htons(port);
                                 exit(1);
                         }
                 fromp->sin_port = htons(port);
-               if (connect(s, fromp, sizeof (*fromp)) < 0) {
+               if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
                         syslog(LOG_INFO, "connect second port: %m");
                         exit(1);
                 }
                         syslog(LOG_INFO, "connect second port: %m");
                         exit(1);
                 }
@@ -354,26 +363,10 @@ doit(fromp)
                 authopts = 0L;
                 strcpy(instance, "*");
                 version[VERSION_SIZE - 1] = '\0';
                 authopts = 0L;
                 strcpy(instance, "*");
                 version[VERSION_SIZE - 1] = '\0';
-               if (encrypt) {
-                       struct sockaddr_in local_addr;
-                       rc = sizeof(local_addr);
-                       if (getsockname(0, &local_addr, &rc) < 0) {
-                               syslog(LOG_ERR, "getsockname: %m");
-                               error("rlogind: getsockname: %m");
-                               exit(1);
-                       }
-                       authopts = KOPT_DO_MUTUAL;
-                       rc = krb_recvauth(authopts, 0, ticket,
-                               "rcmd", instance, &fromaddr,
-                               &local_addr, kdata, "", schedule,
-                               version);
-                       des_set_key(kdata->session, schedule);
-               } else {
                         rc = krb_recvauth(authopts, 0, ticket, "rcmd",
                                 instance, &fromaddr,
                                 (struct sockaddr_in *) 0,
                                 kdata, "", (bit_64 *) 0, version);
                         rc = krb_recvauth(authopts, 0, ticket, "rcmd",
                                 instance, &fromaddr,
                                 (struct sockaddr_in *) 0,
                                 kdata, "", (bit_64 *) 0, version);
-               }
                 if (rc != KSUCCESS) {
                         error("Kerberos authentication failure: %s\n",
                                   krb_err_txt[rc]);
                 if (rc != KSUCCESS) {
                         error("Kerberos authentication failure: %s\n",
                                   krb_err_txt[rc]);
@@ -437,33 +430,12 @@ fail:
                         error("Can't make pipe.\n");
                         exit(1);
                 }
                         error("Can't make pipe.\n");
                         exit(1);
                 }
-#ifdef KERBEROS
-               if (encrypt) {
-                       if (pipe(pv1) < 0) {
-                               error("Can't make 2nd pipe.\n");
-                               exit(1);
-                       }
-                       if (pipe(pv2) < 0) {
-                               error("Can't make 3rd pipe.\n");
-                               exit(1);
-                       }
-               }
-#endif
                 pid = fork();
                 if (pid == -1)  {
                         error("Can't fork; try again.\n");
                         exit(1);
                 }
                 if (pid) {
                 pid = fork();
                 if (pid == -1)  {
                         error("Can't fork; try again.\n");
                         exit(1);
                 }
                 if (pid) {
-#ifdef KERBEROS
-                       if (encrypt) {
-                               static char msg[] = SECURE_MESSAGE;
-                               (void) close(pv1[1]);
-                               (void) close(pv2[1]);
-                               des_write(s, msg, sizeof(msg));
-
-                       } else
-#endif
                         {
                                 (void) close(0); (void) close(1);
                         }
                         {
                                 (void) close(0); (void) close(1);
                         }
@@ -476,41 +448,17 @@ fail:
                                 nfd = pv[0];
                         else
                                 nfd = s;
                                 nfd = pv[0];
                         else
                                 nfd = s;
-#ifdef KERBEROS
-                       if (encrypt) {
-                               FD_ZERO(&writeto);
-                               FD_SET(pv2[0], &writeto);
-                               FD_SET(pv1[0], &readfrom);
-
-                               nfd = MAX(nfd, pv2[0]);
-                               nfd = MAX(nfd, pv1[0]);
-                       } else
-#endif
                                 ioctl(pv[0], FIONBIO, (char *)&one);
  
                         /* should set s nbio! */
                         nfd++;
                         do {
                                 ready = readfrom;
                                 ioctl(pv[0], FIONBIO, (char *)&one);
  
                         /* should set s nbio! */
                         nfd++;
                         do {
                                 ready = readfrom;
-#ifdef KERBEROS
-                               if (encrypt) {
-                                       wready = writeto;
-                                       if (select(nfd, &ready,
-                                           &wready, (fd_set *) 0,
-                                           (struct timeval *) 0) < 0)
-                                               break;
-                               } else
-#endif
                                         if (select(nfd, &ready, (fd_set *)0,
                                           (fd_set *)0, (struct timeval *)0) < 0)
                                                 break;
                                 if (FD_ISSET(s, &ready)) {
                                         int     ret;
                                         if (select(nfd, &ready, (fd_set *)0,
                                           (fd_set *)0, (struct timeval *)0) < 0)
                                                 break;
                                 if (FD_ISSET(s, &ready)) {
                                         int     ret;
-#ifdef KERBEROS
-                                       if (encrypt)
-                                               ret = des_read(s, &sig, 1);
-                                       else
-#endif
                                                 ret = read(s, &sig, 1);
                                         if (ret <= 0)
                                                 FD_CLR(s, &readfrom);
                                                 ret = read(s, &sig, 1);
                                         if (ret <= 0)
                                                 FD_CLR(s, &readfrom);
@@ -524,57 +472,17 @@ fail:
                                                 shutdown(s, 1+1);
                                                 FD_CLR(pv[0], &readfrom);
                                         } else {
                                                 shutdown(s, 1+1);
                                                 FD_CLR(pv[0], &readfrom);
                                         } else {
-#ifdef KERBEROS
-                                               if (encrypt)
-                                                       (void)
-                                                         des_write(s, buf, cc);
-                                               else
-#endif
                                                         (void)
                                                           write(s, buf, cc);
                                         }
                                 }
                                                         (void)
                                                           write(s, buf, cc);
                                         }
                                 }
-#ifdef KERBEROS
-
-                               if (encrypt && FD_ISSET(pv1[0], &ready)) {
-                                       errno = 0;
-                                       cc = read(pv1[0], buf, sizeof(buf));
-                                       if (cc <= 0) {
-                                               shutdown(pv1[0], 1+1);
-                                               FD_CLR(pv1[0], &readfrom);
-                                       } else
-                                               (void) des_write(1, buf, cc);
-                               }
-
-                               if (encrypt && FD_ISSET(pv2[0], &wready)) {
-                                       errno = 0;
-                                       cc = des_read(0, buf, sizeof(buf));
-                                       if (cc <= 0) {
-                                               shutdown(pv2[0], 1+1);
-                                               FD_CLR(pv2[0], &writeto);
-                                       } else
-                                               (void) write(pv2[0], buf, cc);
-                               }
-#endif
  
                         } while (FD_ISSET(s, &readfrom) ||
  
                         } while (FD_ISSET(s, &readfrom) ||
-#ifdef KERBEROS
-                           (encrypt && FD_ISSET(pv1[0], &readfrom)) ||
-#endif
                             FD_ISSET(pv[0], &readfrom));
                         exit(0);
                 }
                 setpgrp(0, getpid());
                 (void) close(s); (void) close(pv[0]);
                             FD_ISSET(pv[0], &readfrom));
                         exit(0);
                 }
                 setpgrp(0, getpid());
                 (void) close(s); (void) close(pv[0]);
-#ifdef KERBEROS
-               if (encrypt) {
-                       close(pv1[0]); close(pv2[0]);
-                       dup2(pv1[1], 1);
-                       dup2(pv2[1], 0);
-                       close(pv1[1]);
-                       close(pv2[1]);
-               }
-#endif
                 dup2(pv[1], 2);
                 close(pv[1]);
         }
                 dup2(pv[1], 2);
                 close(pv[1]);
         }
@@ -589,6 +497,7 @@ fail:
         (void) setuid((uid_t)pwd->pw_uid);
         environ = envinit;
         strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
         (void) setuid((uid_t)pwd->pw_uid);
         environ = envinit;
         strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
+       strcat(path, _PATH_DEFPATH);
         strncat(shell, pwd->pw_shell, sizeof(shell)-7);
         strncat(username, pwd->pw_name, sizeof(username)-6);
         cp = rindex(pwd->pw_shell, '/');
         strncat(shell, pwd->pw_shell, sizeof(shell)-7);
         strncat(username, pwd->pw_name, sizeof(username)-6);
         cp = rindex(pwd->pw_shell, '/');