search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
This commit was manufactured by cvs2svn to create tag
[heimdal.git] / appl / rsh / rshd.c
blobf23a29b2e6ed34eabed23042b411f5cf73f1ede0
1 /*
2 * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "rsh_locl.h"
35 RCSID("$Id$");
36
37 int
38 login_access( struct passwd *user, char *from);
39
40 enum auth_method auth_method;
41
42 #ifdef KRB5
43 krb5_context context;
44 krb5_keyblock *keyblock;
45 krb5_crypto crypto;
46 #endif
47
48 #ifdef KRB4
49 des_key_schedule schedule;
50 des_cblock iv;
51 #endif
52
53 #ifdef KRB5
54 krb5_ccache ccache, ccache2;
55 int kerberos_status = 0;
56 #endif
57
58 int do_encrypt = 0;
59
60 static int do_unique_tkfile = 0;
61 static char tkfile[MAXPATHLEN] = "";
62
63 static int do_inetd = 1;
64 static char *port_str;
65 static int do_rhosts = 1;
66 static int do_kerberos = 0;
67 #define DO_KRB4 2
68 #define DO_KRB5 4
69 static int do_vacuous = 0;
70 static int do_log = 1;
71 static int do_newpag = 1;
72 static int do_addr_verify = 0;
73 static int do_keepalive = 1;
74 static int do_version;
75 static int do_help = 0;
76
77 static void
78 syslog_and_die (const char *m, ...)
79 __attribute__ ((format (printf, 1, 2)));
80
81 static void
82 syslog_and_die (const char *m, ...)
83 {
84 va_list args;
85
86 va_start(args, m);
87 vsyslog (LOG_ERR, m, args);
88 va_end(args);
89 exit (1);
90 }
91
92 static void
93 fatal (int, const char*, const char *, ...)
94 __attribute__ ((noreturn, format (printf, 3, 4)));
95
96 static void
97 fatal (int sock, const char *what, const char *m, ...)
98 {
99 va_list args;
100 char buf[BUFSIZ];
101 size_t len;
102
103 *buf = 1;
104 va_start(args, m);
105 len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args);
106 len = min(len, sizeof(buf) - 1);
107 va_end(args);
108 if(what != NULL)
109 syslog (LOG_ERR, "%s: %m: %s", what, buf + 1);
110 else
111 syslog (LOG_ERR, "%s", buf + 1);
112 net_write (sock, buf, len + 1);
113 exit (1);
114 }
115
116 static char *
117 read_str (int s, size_t sz, char *expl)
118 {
119 char *str = malloc(sz);
120 char *p = str;
121 if(str == NULL)
122 fatal(s, NULL, "%s too long", expl);
123 while(p < str + sz) {
124 if(net_read(s, p, 1) != 1)
125 syslog_and_die("read: %m");
126 if(*p == '\0')
127 return str;
128 p++;
129 }
130 fatal(s, NULL, "%s too long", expl);
131 }
132
133 static int
134 recv_bsd_auth (int s, u_char *buf,
135 struct sockaddr_in *thisaddr,
136 struct sockaddr_in *thataddr,
137 char **client_username,
138 char **server_username,
139 char **cmd)
140 {
141 struct passwd *pwd;
142
143 *client_username = read_str (s, USERNAME_SZ, "local username");
144 *server_username = read_str (s, USERNAME_SZ, "remote username");
145 *cmd = read_str (s, ARG_MAX + 1, "command");
146 pwd = getpwnam(*server_username);
147 if (pwd == NULL)
148 fatal(s, NULL, "Login incorrect.");
149 if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0,
150 *client_username, *server_username))
151 fatal(s, NULL, "Login incorrect.");
152 return 0;
153 }
154
155 #ifdef KRB4
156 static int
157 recv_krb4_auth (int s, u_char *buf,
158 struct sockaddr *thisaddr,
159 struct sockaddr *thataddr,
160 char **client_username,
161 char **server_username,
162 char **cmd)
163 {
164 int status;
165 int32_t options;
166 KTEXT_ST ticket;
167 AUTH_DAT auth;
168 char instance[INST_SZ + 1];
169 char version[KRB_SENDAUTH_VLEN + 1];
170
171 if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
172 return -1;
173 if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
174 KRB_SENDAUTH_VLEN - 4)
175 syslog_and_die ("reading auth info: %m");
176 if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
177 syslog_and_die("unrecognized auth protocol: %.8s", buf);
178
179 options = KOPT_IGNORE_PROTOCOL;
180 if (do_encrypt)
181 options |= KOPT_DO_MUTUAL;
182 k_getsockinst (s, instance, sizeof(instance));
183 status = krb_recvauth (options,
184 s,
185 &ticket,
186 "rcmd",
187 instance,
188 (struct sockaddr_in *)thataddr,
189 (struct sockaddr_in *)thisaddr,
190 &auth,
191 "",
192 schedule,
193 version);
194 if (status != KSUCCESS)
195 syslog_and_die ("recvauth: %s", krb_get_err_text(status));
196 if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
197 syslog_and_die ("bad version: %s", version);
198
199 *server_username = read_str (s, USERNAME_SZ, "remote username");
200 if (kuserok (&auth, *server_username) != 0)
201 fatal (s, NULL, "Permission denied.");
202 *cmd = read_str (s, ARG_MAX + 1, "command");
203
204 syslog(LOG_INFO|LOG_AUTH,
205 "kerberos v4 shell from %s on %s as %s, cmd '%.80s'",
206 krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm),
207
208 inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr),
209 *server_username,
210 *cmd);
211
212 memcpy (iv, auth.session, sizeof(iv));
213
214 return 0;
215 }
216
217 #endif /* KRB4 */
218
219 #ifdef KRB5
220 static int
221 save_krb5_creds (int s,
222 krb5_auth_context auth_context,
223 krb5_principal client)
224
225 {
226 int ret;
227 krb5_data remote_cred;
228
229 krb5_data_zero (&remote_cred);
230 ret= krb5_read_message (context, (void *)&s, &remote_cred);
231 if (ret) {
232 krb5_data_free(&remote_cred);
233 return 0;
234 }
235 if (remote_cred.length == 0)
236 return 0;
237
238 ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
239 if (ret) {
240 krb5_data_free(&remote_cred);
241 return 0;
242 }
243
244 krb5_cc_initialize(context,ccache,client);
245 ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
246 if(ret != 0)
247 syslog(LOG_INFO|LOG_AUTH,
248 "reading creds: %s", krb5_get_err_text(context, ret));
249 krb5_data_free (&remote_cred);
250 if (ret)
251 return 0;
252 return 1;
253 }
254
255 static void
256 krb5_start_session (void)
257 {
258 krb5_error_code ret;
259 char *estr;
260
261 ret = krb5_cc_resolve (context, tkfile, &ccache2);
262 if (ret) {
263 estr = krb5_get_error_string(context);
264 syslog(LOG_WARNING, "resolve cred cache %s: %s",
265 tkfile,
266 estr ? estr : krb5_get_err_text(context, ret));
267 free(estr);
268 krb5_cc_destroy(context, ccache);
269 return;
270 }
271
272 ret = krb5_cc_copy_cache (context, ccache, ccache2);
273 if (ret) {
274 estr = krb5_get_error_string(context);
275 syslog(LOG_WARNING, "storing credentials: %s",
276 estr ? estr : krb5_get_err_text(context, ret));
277 free(estr);
278 krb5_cc_destroy(context, ccache);
279 return ;
280 }
281
282 krb5_cc_close(context, ccache2);
283 krb5_cc_destroy(context, ccache);
284 return;
285 }
286
287 static int protocol_version;
288
289 static krb5_boolean
290 match_kcmd_version(const void *data, const char *version)
291 {
292 if(strcmp(version, KCMD_NEW_VERSION) == 0) {
293 protocol_version = 2;
294 return TRUE;
295 }
296 if(strcmp(version, KCMD_OLD_VERSION) == 0) {
297 protocol_version = 1;
298 key_usage = KRB5_KU_OTHER_ENCRYPTED;
299 return TRUE;
300 }
301 return FALSE;
302 }
303
304
305 static int
306 recv_krb5_auth (int s, u_char *buf,
307 struct sockaddr *thisaddr,
308 struct sockaddr *thataddr,
309 char **client_username,
310 char **server_username,
311 char **cmd)
312 {
313 u_int32_t len;
314 krb5_auth_context auth_context = NULL;
315 krb5_ticket *ticket;
316 krb5_error_code status;
317 krb5_data cksum_data;
318 krb5_principal server;
319
320 if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
321 return -1;
322 len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
323
324 if (net_read(s, buf, len) != len)
325 syslog_and_die ("reading auth info: %m");
326 if (len != sizeof(KRB5_SENDAUTH_VERSION)
327 || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
328 syslog_and_die ("bad sendauth version: %.8s", buf);
329
330 status = krb5_sock_to_principal (context,
331 s,
332 "host",
333 KRB5_NT_SRV_HST,
334 &server);
335 if (status)
336 syslog_and_die ("krb5_sock_to_principal: %s",
337 krb5_get_err_text(context, status));
338
339 status = krb5_recvauth_match_version(context,
340 &auth_context,
341 &s,
342 match_kcmd_version,
343 NULL,
344 server,
345 KRB5_RECVAUTH_IGNORE_VERSION,
346 NULL,
347 &ticket);
348 krb5_free_principal (context, server);
349 if (status)
350 syslog_and_die ("krb5_recvauth: %s",
351 krb5_get_err_text(context, status));
352
353 *server_username = read_str (s, USERNAME_SZ, "remote username");
354 *cmd = read_str (s, ARG_MAX + 1, "command");
355 *client_username = read_str (s, ARG_MAX + 1, "local username");
356
357 if(protocol_version == 2) {
358 status = krb5_auth_con_getremotesubkey(context, auth_context,
359 &keyblock);
360 if(status != 0 || keyblock == NULL)
361 syslog_and_die("failed to get remote subkey");
362 } else if(protocol_version == 1) {
363 status = krb5_auth_con_getkey (context, auth_context, &keyblock);
364 if(status != 0 || keyblock == NULL)
365 syslog_and_die("failed to get key");
366 }
367 if (status != 0 || keyblock == NULL)
368 syslog_and_die ("krb5_auth_con_getkey: %s",
369 krb5_get_err_text(context, status));
370
371 status = krb5_crypto_init(context, keyblock, 0, &crypto);
372 if(status)
373 syslog_and_die("krb5_crypto_init: %s",
374 krb5_get_err_text(context, status));
375
376
377 cksum_data.length = asprintf ((char **)&cksum_data.data,
378 "%u:%s%s",
379 ntohs(socket_get_port (thisaddr)),
380 *cmd,
381 *server_username);
382 if (cksum_data.length == -1)
383 syslog_and_die ("asprintf: out of memory");
384
385 status = krb5_verify_authenticator_checksum(context,
386 auth_context,
387 cksum_data.data,
388 cksum_data.length);
389
390 if (status)
391 syslog_and_die ("krb5_verify_authenticator_checksum: %s",
392 krb5_get_err_text(context, status));
393
394 free (cksum_data.data);
395
396 if (strncmp (*client_username, "-u ", 3) == 0) {
397 do_unique_tkfile = 1;
398 memmove (*client_username, *client_username + 3,
399 strlen(*client_username) - 2);
400 }
401
402 if (strncmp (*client_username, "-U ", 3) == 0) {
403 char *end, *temp_tkfile;
404
405 do_unique_tkfile = 1;
406 if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
407 temp_tkfile = tkfile;
408 } else {
409 strlcpy (tkfile, "FILE:", sizeof(tkfile));
410 temp_tkfile = tkfile + 5;
411 }
412 end = strchr(*client_username + 3,' ');
413 if (end == NULL)
414 syslog_and_die("missing argument after -U");
415 snprintf(temp_tkfile, sizeof(tkfile) - (temp_tkfile - tkfile),
416 "%.*s",
417 (int)(end - *client_username - 3),
418 *client_username + 3);
419 memmove (*client_username, end + 1, strlen(end+1)+1);
420 }
421
422 kerberos_status = save_krb5_creds (s, auth_context, ticket->client);
423
424 if(!krb5_kuserok (context,
425 ticket->client,
426 *server_username))
427 fatal (s, NULL, "Permission denied.");
428
429 if (strncmp (*cmd, "-x ", 3) == 0) {
430 do_encrypt = 1;
431 memmove (*cmd, *cmd + 3, strlen(*cmd) - 2);
432 } else {
433 if(do_encrypt)
434 fatal (s, NULL, "Encryption is required.");
435 do_encrypt = 0;
436 }
437
438 {
439 char *name;
440
441 if (krb5_unparse_name (context, ticket->client, &name) == 0) {
442 char addr_str[256];
443
444 if (inet_ntop (thataddr->sa_family,
445 socket_get_address (thataddr),
446 addr_str, sizeof(addr_str)) == NULL)
447 strlcpy (addr_str, "unknown address",
448 sizeof(addr_str));
449
450 syslog(LOG_INFO|LOG_AUTH,
451 "kerberos v5 shell from %s on %s as %s, cmd '%.80s'",
452 name,
453 addr_str,
454 *server_username,
455 *cmd);
456 free (name);
457 }
458 }
459
460 return 0;
461 }
462 #endif /* KRB5 */
463
464 static void
465 rshd_loop (int from0, int to0,
466 int to1, int from1,
467 int to2, int from2,
468 int have_errsock)
469 {
470 fd_set real_readset;
471 int max_fd;
472 int count = 2;
473 char *buf;
474
475 if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
476 errx (1, "fd too large");
477
478 #ifdef KRB5
479 if(auth_method == AUTH_KRB5 && protocol_version == 2)
480 init_ivecs(0, have_errsock);
481 #endif
482
483 FD_ZERO(&real_readset);
484 FD_SET(from0, &real_readset);
485 FD_SET(from1, &real_readset);
486 FD_SET(from2, &real_readset);
487 max_fd = max(from0, max(from1, from2)) + 1;
488
489 buf = malloc(max(RSHD_BUFSIZ, RSH_BUFSIZ));
490 if (buf == NULL)
491 syslog_and_die("out of memory");
492
493 for (;;) {
494 int ret;
495 fd_set readset = real_readset;
496
497 ret = select (max_fd, &readset, NULL, NULL, NULL);
498 if (ret < 0) {
499 if (errno == EINTR)
500 continue;
501 else
502 syslog_and_die ("select: %m");
503 }
504 if (FD_ISSET(from0, &readset)) {
505 ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]);
506 if (ret < 0)
507 syslog_and_die ("read: %m");
508 else if (ret == 0) {
509 close (from0);
510 close (to0);
511 FD_CLR(from0, &real_readset);
512 } else
513 net_write (to0, buf, ret);
514 }
515 if (FD_ISSET(from1, &readset)) {
516 ret = read (from1, buf, RSH_BUFSIZ);
517 if (ret < 0)
518 syslog_and_die ("read: %m");
519 else if (ret == 0) {
520 close (from1);
521 close (to1);
522 FD_CLR(from1, &real_readset);
523 if (--count == 0)
524 exit (0);
525 } else
526 do_write (to1, buf, ret, ivec_out[0]);
527 }
528 if (FD_ISSET(from2, &readset)) {
529 ret = read (from2, buf, RSH_BUFSIZ);
530 if (ret < 0)
531 syslog_and_die ("read: %m");
532 else if (ret == 0) {
533 close (from2);
534 close (to2);
535 FD_CLR(from2, &real_readset);
536 if (--count == 0)
537 exit (0);
538 } else
539 do_write (to2, buf, ret, ivec_out[1]);
540 }
541 }
542 }
543
544 /*
545 * Used by `setup_copier' to create some pipe-like means of
546 * communcation. Real pipes would probably be the best thing, but
547 * then the shell doesn't understand it's talking to rshd. If
548 * socketpair doesn't work everywhere, some autoconf magic would have
549 * to be added here.
550 *
551 * If it fails creating the `pipe', it aborts by calling fatal.
552 */
553
554 static void
555 pipe_a_like (int fd[2])
556 {
557 if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0)
558 fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed.");
559 }
560
561 /*
562 * Start a child process and leave the parent copying data to and from it. */
563
564 static void
565 setup_copier (int have_errsock)
566 {
567 int p0[2], p1[2], p2[2];
568 pid_t pid;
569
570 pipe_a_like(p0);
571 pipe_a_like(p1);
572 pipe_a_like(p2);
573 pid = fork ();
574 if (pid < 0)
575 fatal (STDOUT_FILENO, "fork", "Could not create child process.");
576 if (pid == 0) { /* child */
577 close (p0[1]);
578 close (p1[0]);
579 close (p2[0]);
580 dup2 (p0[0], STDIN_FILENO);
581 dup2 (p1[1], STDOUT_FILENO);
582 dup2 (p2[1], STDERR_FILENO);
583 close (p0[0]);
584 close (p1[1]);
585 close (p2[1]);
586 } else { /* parent */
587 close (p0[0]);
588 close (p1[1]);
589 close (p2[1]);
590
591 if (net_write (STDOUT_FILENO, "", 1) != 1)
592 fatal (STDOUT_FILENO, "net_write", "Write failure.");
593
594 rshd_loop (STDIN_FILENO, p0[1],
595 STDOUT_FILENO, p1[0],
596 STDERR_FILENO, p2[0],
597 have_errsock);
598 }
599 }
600
601 /*
602 * Is `port' a ``reserverd'' port?
603 */
604
605 static int
606 is_reserved(u_short port)
607 {
608 return ntohs(port) < IPPORT_RESERVED;
609 }
610
611 /*
612 * Set the necessary part of the environment in `env'.
613 */
614
615 static void
616 setup_environment (char ***env, const struct passwd *pwd)
617 {
618 int i, j, path;
619 char **e;
620
621 i = 0;
622 path = 0;
623 *env = NULL;
624
625 i = read_environment(_PATH_ETC_ENVIRONMENT, env);
626 e = *env;
627 for (j = 0; j < i; j++) {
628 if (!strncmp(e[j], "PATH=", 5)) {
629 path = 1;
630 }
631 }
632
633 e = *env;
634 e = realloc(e, (i + 7) * sizeof(char *));
635
636 if (asprintf (&e[i++], "USER=%s", pwd->pw_name) == -1)
637 syslog_and_die ("asprintf: out of memory");
638 if (asprintf (&e[i++], "HOME=%s", pwd->pw_dir) == -1)
639 syslog_and_die ("asprintf: out of memory");
640 if (asprintf (&e[i++], "SHELL=%s", pwd->pw_shell) == -1)
641 syslog_and_die ("asprintf: out of memory");
642 if (! path) {
643 if (asprintf (&e[i++], "PATH=%s", _PATH_DEFPATH) == -1)
644 syslog_and_die ("asprintf: out of memory");
645 }
646 asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy");
647 if (do_unique_tkfile)
648 if (asprintf (&e[i++], "KRB5CCNAME=%s", tkfile) == -1)
649 syslog_and_die ("asprintf: out of memory");
650 e[i++] = NULL;
651 *env = e;
652 }
653
654 static void
655 doit (void)
656 {
657 u_char buf[BUFSIZ];
658 u_char *p;
659 struct sockaddr_storage thisaddr_ss;
660 struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
661 struct sockaddr_storage thataddr_ss;
662 struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
663 struct sockaddr_storage erraddr_ss;
664 struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
665 socklen_t thisaddr_len, thataddr_len;
666 int port;
667 int errsock = -1;
668 char *client_user = NULL, *server_user = NULL, *cmd = NULL;
669 struct passwd *pwd;
670 int s = STDIN_FILENO;
671 char **env;
672 int ret;
673 char that_host[NI_MAXHOST];
674
675 thisaddr_len = sizeof(thisaddr_ss);
676 if (getsockname (s, thisaddr, &thisaddr_len) < 0)
677 syslog_and_die("getsockname: %m");
678 thataddr_len = sizeof(thataddr_ss);
679 if (getpeername (s, thataddr, &thataddr_len) < 0)
680 syslog_and_die ("getpeername: %m");
681
682 /* check for V4MAPPED addresses? */
683
684 if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
685 fatal(s, NULL, "Permission denied.");
686
687 p = buf;
688 port = 0;
689 for(;;) {
690 if (net_read (s, p, 1) != 1)
691 syslog_and_die ("reading port number: %m");
692 if (*p == '\0')
693 break;
694 else if (isdigit(*p))
695 port = port * 10 + *p - '0';
696 else
697 syslog_and_die ("non-digit in port number: %c", *p);
698 }
699
700 if (do_kerberos == 0 && !is_reserved(htons(port)))
701 fatal(s, NULL, "Permission denied.");
702
703 if (port) {
704 int priv_port = IPPORT_RESERVED - 1;
705
706 /*
707 * There's no reason to require a ``privileged'' port number
708 * here, but for some reason the brain dead rsh clients
709 * do... :-(
710 */
711
712 erraddr->sa_family = thataddr->sa_family;
713 socket_set_address_and_port (erraddr,
714 socket_get_address (thataddr),
715 htons(port));
716
717 /*
718 * we only do reserved port for IPv4
719 */
720
721 if (erraddr->sa_family == AF_INET)
722 errsock = rresvport (&priv_port);
723 else
724 errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
725 if (errsock < 0)
726 syslog_and_die ("socket: %m");
727 if (connect (errsock,
728 erraddr,
729 socket_sockaddr_size (erraddr)) < 0) {
730 syslog (LOG_WARNING, "connect: %m");
731 close (errsock);
732 }
733 }
734
735 if(do_kerberos) {
736 if (net_read (s, buf, 4) != 4)
737 syslog_and_die ("reading auth info: %m");
738
739 #ifdef KRB4
740 if ((do_kerberos & DO_KRB4) &&
741 recv_krb4_auth (s, buf, thisaddr, thataddr,
742 &client_user,
743 &server_user,
744 &cmd) == 0)
745 auth_method = AUTH_KRB4;
746 else
747 #endif /* KRB4 */
748 #ifdef KRB5
749 if((do_kerberos & DO_KRB5) &&
750 recv_krb5_auth (s, buf, thisaddr, thataddr,
751 &client_user,
752 &server_user,
753 &cmd) == 0)
754 auth_method = AUTH_KRB5;
755 else
756 #endif /* KRB5 */
757 syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
758 buf[0], buf[1], buf[2], buf[3]);
759 } else {
760 if(recv_bsd_auth (s, buf,
761 (struct sockaddr_in *)thisaddr,
762 (struct sockaddr_in *)thataddr,
763 &client_user,
764 &server_user,
765 &cmd) == 0) {
766 auth_method = AUTH_BROKEN;
767 if(do_vacuous) {
768 printf("Remote host requires Kerberos authentication\n");
769 exit(0);
770 }
771 } else
772 syslog_and_die("recv_bsd_auth failed");
773 }
774
775 if (client_user == NULL || server_user == NULL || cmd == NULL)
776 syslog_and_die("mising client/server/cmd");
777
778 pwd = getpwnam (server_user);
779 if (pwd == NULL)
780 fatal (s, NULL, "Login incorrect.");
781
782 if (*pwd->pw_shell == '\0')
783 pwd->pw_shell = _PATH_BSHELL;
784
785 if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
786 fatal (s, NULL, "Login disabled.");
787
788
789 ret = getnameinfo_verified (thataddr, thataddr_len,
790 that_host, sizeof(that_host),
791 NULL, 0, 0);
792 if (ret)
793 fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret));
794
795 if (login_access(pwd, that_host) == 0) {
796 syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
797 server_user, that_host);
798 fatal(s, NULL, "Permission denied.");
799 }
800
801 #ifdef HAVE_GETSPNAM
802 {
803 struct spwd *sp;
804 long today;
805
806 sp = getspnam(server_user);
807 if (sp != NULL) {
808 today = time(0)/(24L * 60 * 60);
809 if (sp->sp_expire > 0)
810 if (today > sp->sp_expire)
811 fatal(s, NULL, "Account has expired.");
812 }
813 }
814 #endif
815
816
817 #ifdef HAVE_SETLOGIN
818 if (setlogin(pwd->pw_name) < 0)
819 syslog(LOG_ERR, "setlogin() failed: %m");
820 #endif
821
822 #ifdef HAVE_SETPCRED
823 if (setpcred (pwd->pw_name, NULL) == -1)
824 syslog(LOG_ERR, "setpcred() failure: %m");
825 #endif /* HAVE_SETPCRED */
826
827 if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
828 fatal (s, "initgroups", "Login incorrect.");
829
830 if (setgid(pwd->pw_gid) < 0)
831 fatal (s, "setgid", "Login incorrect.");
832
833 if (setuid (pwd->pw_uid) < 0)
834 fatal (s, "setuid", "Login incorrect.");
835
836 if (chdir (pwd->pw_dir) < 0)
837 fatal (s, "chdir", "Remote directory.");
838
839 if (errsock >= 0) {
840 if (dup2 (errsock, STDERR_FILENO) < 0)
841 fatal (s, "dup2", "Cannot dup stderr.");
842 close (errsock);
843 } else {
844 if (dup2 (STDOUT_FILENO, STDERR_FILENO) < 0)
845 fatal (s, "dup2", "Cannot dup stderr.");
846 }
847
848 #ifdef KRB5
849 {
850 int fd;
851
852 if (!do_unique_tkfile)
853 snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu",
854 (unsigned long)pwd->pw_uid);
855 else if (*tkfile=='\0') {
856 snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
857 fd = mkstemp(tkfile+5);
858 close(fd);
859 unlink(tkfile+5);
860 }
861
862 if (kerberos_status)
863 krb5_start_session();
864 }
865 #endif
866
867 setup_environment (&env, pwd);
868
869 if (do_encrypt) {
870 setup_copier (errsock >= 0);
871 } else {
872 if (net_write (s, "", 1) != 1)
873 fatal (s, "net_write", "write failed");
874 }
875
876 #if defined(KRB4) || defined(KRB5)
877 if(k_hasafs()) {
878 char cell[64];
879
880 if(do_newpag)
881 k_setpag();
882 #ifdef KRB4
883 if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
884 krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
885 krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir);
886 #endif
887
888 #ifdef KRB5
889 /* XXX */
890 if (kerberos_status) {
891 krb5_ccache ccache;
892 krb5_error_code status;
893
894 status = krb5_cc_resolve (context, tkfile, &ccache);
895 if (!status) {
896 if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
897 krb5_afslog_uid_home(context, ccache, cell, NULL,
898 pwd->pw_uid, pwd->pw_dir);
899 krb5_afslog_uid_home(context, ccache, NULL, NULL,
900 pwd->pw_uid, pwd->pw_dir);
901 krb5_cc_close (context, ccache);
902 }
903 }
904 #endif /* KRB5 */
905 }
906 #endif /* KRB5 || KRB4 */
907 execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
908 err(1, "exec %s", pwd->pw_shell);
909 }
910
911 struct getargs args[] = {
912 { NULL, 'a', arg_flag, &do_addr_verify },
913 { "keepalive", 'n', arg_negative_flag, &do_keepalive },
914 { "inetd", 'i', arg_negative_flag, &do_inetd,
915 "Not started from inetd" },
916 #if defined(KRB4) || defined(KRB5)
917 { "kerberos", 'k', arg_flag, &do_kerberos,
918 "Implement kerberised services" },
919 { "encrypt", 'x', arg_flag, &do_encrypt,
920 "Implement encrypted service" },
921 #endif
922 { "rhosts", 'l', arg_negative_flag, &do_rhosts,
923 "Don't check users .rhosts" },
924 { "port", 'p', arg_string, &port_str, "Use this port",
925 "port" },
926 { "vacuous", 'v', arg_flag, &do_vacuous,
927 "Don't accept non-kerberised connections" },
928 #if defined(KRB4) || defined(KRB5)
929 { NULL, 'P', arg_negative_flag, &do_newpag,
930 "Don't put process in new PAG" },
931 #endif
932 /* compatibility flag: */
933 { NULL, 'L', arg_flag, &do_log },
934 { "version", 0, arg_flag, &do_version },
935 { "help", 0, arg_flag, &do_help }
936 };
937
938 static void
939 usage (int ret)
940 {
941 if(isatty(STDIN_FILENO))
942 arg_printusage (args,
943 sizeof(args) / sizeof(args[0]),
944 NULL,
945 "");
946 else
947 syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname());
948 exit (ret);
949 }
950
951
952 int
953 main(int argc, char **argv)
954 {
955 int optind = 0;
956 int on = 1;
957
958 setprogname (argv[0]);
959 roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
960
961 if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv,
962 &optind))
963 usage(1);
964
965 if(do_help)
966 usage (0);
967
968 if (do_version) {
969 print_version(NULL);
970 exit(0);
971 }
972
973 #if defined(KRB4) || defined(KRB5)
974 if (do_encrypt)
975 do_kerberos = 1;
976
977 if(do_kerberos)
978 do_kerberos = DO_KRB4 | DO_KRB5;
979 #endif
980
981 #ifdef KRB5
982 if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
983 do_kerberos &= ~DO_KRB5;
984 #endif
985
986 if (!do_inetd) {
987 int error;
988 struct addrinfo *ai = NULL, hints;
989 char portstr[NI_MAXSERV];
990
991 memset (&hints, 0, sizeof(hints));
992 hints.ai_flags = AI_PASSIVE;
993 hints.ai_socktype = SOCK_STREAM;
994 hints.ai_family = PF_UNSPEC;
995
996 if(port_str != NULL) {
997 error = getaddrinfo (NULL, port_str, &hints, &ai);
998 if (error)
999 errx (1, "getaddrinfo: %s", gai_strerror (error));
1000 }
1001 if (ai == NULL) {
1002 #if defined(KRB4) || defined(KRB5)
1003 if (do_kerberos) {
1004 if (do_encrypt) {
1005 error = getaddrinfo(NULL, "ekshell", &hints, &ai);
1006 if(error == EAI_NONAME) {
1007 snprintf(portstr, sizeof(portstr), "%d", 545);
1008 error = getaddrinfo(NULL, portstr, &hints, &ai);
1009 }
1010 if(error)
1011 errx (1, "getaddrinfo: %s", gai_strerror (error));
1012 } else {
1013 error = getaddrinfo(NULL, "kshell", &hints, &ai);
1014 if(error == EAI_NONAME) {
1015 snprintf(portstr, sizeof(portstr), "%d", 544);
1016 error = getaddrinfo(NULL, portstr, &hints, &ai);
1017 }
1018 if(error)
1019 errx (1, "getaddrinfo: %s", gai_strerror (error));
1020 }
1021 } else
1022 #endif
1023 {
1024 error = getaddrinfo(NULL, "shell", &hints, &ai);
1025 if(error == EAI_NONAME) {
1026 snprintf(portstr, sizeof(portstr), "%d", 514);
1027 error = getaddrinfo(NULL, portstr, &hints, &ai);
1028 }
1029 if(error)
1030 errx (1, "getaddrinfo: %s", gai_strerror (error));
1031 }
1032 }
1033 mini_inetd_addrinfo (ai);
1034 freeaddrinfo(ai);
1035 }
1036
1037 if (do_keepalive &&
1038 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
1039 sizeof(on)) < 0)
1040 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
1041
1042 /* set SO_LINGER? */
1043
1044 signal (SIGPIPE, SIG_IGN);
1045
1046 doit ();
1047 return 0;
1048 }
Heimdal