2 * Copyright (C) 1998 WIDE Project.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * Copyright (c) 1983, 1993, 1994
31 * The Regents of the University of California. All rights reserved.
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 4. Neither the name of the University nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 #if defined(LIBC_SCCS) && !defined(lint)
59 static char sccsid
[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
60 #endif /* LIBC_SCCS and not lint */
62 #include <sys/param.h>
64 #include <sys/socket.h>
67 #include <netinet/in.h>
68 #include <arpa/inet.h>
78 #include <stdio_ext.h>
87 int __ivaliduser (FILE *, u_int32_t
, const char *, const char *);
88 static int __validuser2_sa (FILE *, struct sockaddr
*, size_t,
89 const char *, const char *, const char *);
90 static int ruserok2_sa (struct sockaddr
*ra
, size_t ralen
,
91 int superuser
, const char *ruser
,
92 const char *luser
, const char *rhost
);
93 static int ruserok_sa (struct sockaddr
*ra
, size_t ralen
,
94 int superuser
, const char *ruser
,
96 int iruserok_af (const void *raddr
, int superuser
, const char *ruser
,
97 const char *luser
, sa_family_t af
);
98 int iruserok (u_int32_t raddr
, int superuser
, const char *ruser
,
101 libc_hidden_proto (iruserok_af
)
103 libc_freeres_ptr(static char *ahostbuf
);
106 rcmd_af(ahost
, rport
, locuser
, remuser
, cmd
, fd2p
, af
)
109 const char *locuser
, *remuser
, *cmd
;
113 char paddr
[INET6_ADDRSTRLEN
];
114 struct addrinfo hints
, *res
, *ai
;
115 struct sockaddr_storage from
;
116 struct pollfd pfd
[2];
119 int s
, lport
, timo
, error
;
125 if (af
!= AF_INET
&& af
!= AF_INET6
&& af
!= AF_UNSPEC
)
127 __set_errno (EAFNOSUPPORT
);
133 memset(&hints
, '\0', sizeof(hints
));
134 hints
.ai_flags
= AI_CANONNAME
;
135 hints
.ai_family
= af
;
136 hints
.ai_socktype
= SOCK_STREAM
;
137 (void)__snprintf(num
, sizeof(num
), "%d", ntohs(rport
));
138 error
= getaddrinfo(*ahost
, num
, &hints
, &res
);
140 if (error
== EAI_NONAME
&& *ahost
!= NULL
) {
141 if (_IO_fwide (stderr
, 0) > 0)
142 __fwprintf(stderr
, L
"%s: Unknown host\n",
145 fprintf(stderr
, "%s: Unknown host\n", *ahost
);
147 if (_IO_fwide (stderr
, 0) > 0)
148 __fwprintf(stderr
, L
"rcmd: getaddrinfo: %s\n",
149 gai_strerror(error
));
151 fprintf(stderr
, "rcmd: getaddrinfo: %s\n",
152 gai_strerror(error
));
157 pfd
[0].events
= POLLIN
;
158 pfd
[1].events
= POLLIN
;
160 if (res
->ai_canonname
){
162 ahostbuf
= strdup (res
->ai_canonname
);
163 if (ahostbuf
== NULL
) {
164 if (_IO_fwide (stderr
, 0) > 0)
165 __fwprintf(stderr
, L
"%s",
166 _("rcmd: Cannot allocate memory\n"));
168 fputs(_("rcmd: Cannot allocate memory\n"),
177 oldmask
= __sigblock(sigmask(SIGURG
));
178 for (timo
= 1, lport
= IPPORT_RESERVED
- 1;;) {
181 s
= rresvport_af(&lport
, ai
->ai_family
);
183 if (errno
== EAGAIN
) {
184 if (_IO_fwide (stderr
, 0) > 0)
185 __fwprintf(stderr
, L
"%s",
186 _("rcmd: socket: All ports in use\n"));
188 fputs(_("rcmd: socket: All ports in use\n"),
191 if (_IO_fwide (stderr
, 0) > 0)
193 L
"rcmd: socket: %m\n");
195 fprintf(stderr
, "rcmd: socket: %m\n");
197 __sigsetmask(oldmask
);
201 __fcntl(s
, F_SETOWN
, pid
);
202 if (__connect(s
, ai
->ai_addr
, ai
->ai_addrlen
) >= 0)
205 if (errno
== EADDRINUSE
) {
209 if (errno
== ECONNREFUSED
)
211 if (ai
->ai_next
!= NULL
) {
215 getnameinfo(ai
->ai_addr
, ai
->ai_addrlen
,
216 paddr
, sizeof(paddr
),
220 if (__asprintf (&buf
, _("connect to address %s: "),
223 if (_IO_fwide (stderr
, 0) > 0)
224 __fwprintf(stderr
, L
"%s", buf
);
229 __set_errno (oerrno
);
232 getnameinfo(ai
->ai_addr
, ai
->ai_addrlen
,
233 paddr
, sizeof(paddr
),
236 if (__asprintf (&buf
, _("Trying %s...\n"), paddr
) >= 0)
238 if (_IO_fwide (stderr
, 0) > 0)
239 __fwprintf (stderr
, L
"%s", buf
);
246 if (refused
&& timo
<= 16) {
254 if (_IO_fwide (stderr
, 0) > 0)
255 (void)__fwprintf(stderr
, L
"%s: %s\n", *ahost
,
257 errbuf
, sizeof (errbuf
)));
259 (void)fprintf(stderr
, "%s: %s\n", *ahost
,
261 errbuf
, sizeof (errbuf
)));
262 __sigsetmask(oldmask
);
271 int s2
= rresvport_af(&lport
, ai
->ai_family
), s3
;
272 socklen_t len
= ai
->ai_addrlen
;
277 (void)__snprintf(num
, sizeof(num
), "%d", lport
);
278 if (__write(s
, num
, strlen(num
)+1) != (ssize_t
)strlen(num
)+1) {
281 if (__asprintf (&buf
, _("\
282 rcmd: write (setting up stderr): %m\n")) >= 0)
284 if (_IO_fwide (stderr
, 0) > 0)
285 __fwprintf(stderr
, L
"%s", buf
);
296 if (__poll (pfd
, 2, -1) < 1 || (pfd
[1].revents
& POLLIN
) == 0){
300 && __asprintf(&buf
, _("\
301 rcmd: poll (setting up stderr): %m\n")) >= 0)
303 && __asprintf(&buf
, _("\
304 poll: protocol failure in circuit setup\n")) >= 0))
306 if (_IO_fwide (stderr
, 0) > 0)
307 __fwprintf (stderr
, L
"%s", buf
);
315 s3
= TEMP_FAILURE_RETRY (accept(s2
, (struct sockaddr
*)&from
,
317 switch (from
.ss_family
) {
319 rport
= ntohs(((struct sockaddr_in
*)&from
)->sin_port
);
322 rport
= ntohs(((struct sockaddr_in6
*)&from
)->sin6_port
);
330 if (_IO_fwide (stderr
, 0) > 0)
331 (void)__fwprintf(stderr
,
332 L
"rcmd: accept: %m\n");
334 (void)fprintf(stderr
,
335 "rcmd: accept: %m\n");
341 if (rport
>= IPPORT_RESERVED
|| rport
< IPPORT_RESERVED
/ 2){
344 if (__asprintf(&buf
, _("\
345 socket: protocol failure in circuit setup\n")) >= 0)
347 if (_IO_fwide (stderr
, 0) > 0)
348 __fwprintf (stderr
, L
"%s", buf
);
356 struct iovec iov
[3] =
358 [0] = { .iov_base
= (void *) locuser
,
359 .iov_len
= strlen (locuser
) + 1 },
360 [1] = { .iov_base
= (void *) remuser
,
361 .iov_len
= strlen (remuser
) + 1 },
362 [2] = { .iov_base
= (void *) cmd
,
363 .iov_len
= strlen (cmd
) + 1 }
365 (void) TEMP_FAILURE_RETRY (__writev (s
, iov
, 3));
366 n
= TEMP_FAILURE_RETRY (__read(s
, &c
, 1));
371 && __asprintf(&buf
, _("rcmd: %s: short read"),
374 && __asprintf(&buf
, "rcmd: %s: %m\n", *ahost
) >= 0))
376 if (_IO_fwide (stderr
, 0) > 0)
377 __fwprintf (stderr
, L
"%s", buf
);
385 while (__read(s
, &c
, 1) == 1) {
386 (void)__write(STDERR_FILENO
, &c
, 1);
392 __sigsetmask(oldmask
);
397 (void)__close(*fd2p
);
400 __sigsetmask(oldmask
);
404 libc_hidden_def (rcmd_af
)
407 rcmd(ahost
, rport
, locuser
, remuser
, cmd
, fd2p
)
410 const char *locuser
, *remuser
, *cmd
;
413 return rcmd_af (ahost
, rport
, locuser
, remuser
, cmd
, fd2p
, AF_INET
);
417 rresvport_af(alport
, family
)
421 struct sockaddr_storage ss
;
428 len
= sizeof(struct sockaddr_in
);
429 sport
= &((struct sockaddr_in
*)&ss
)->sin_port
;
432 len
= sizeof(struct sockaddr_in6
);
433 sport
= &((struct sockaddr_in6
*)&ss
)->sin6_port
;
436 __set_errno (EAFNOSUPPORT
);
439 s
= __socket(family
, SOCK_STREAM
, 0);
443 memset (&ss
, '\0', sizeof(ss
));
447 ss
.ss_family
= family
;
449 /* Ignore invalid values. */
450 if (*alport
< IPPORT_RESERVED
/ 2)
451 *alport
= IPPORT_RESERVED
/ 2;
452 else if (*alport
>= IPPORT_RESERVED
)
453 *alport
= IPPORT_RESERVED
- 1;
457 *sport
= htons((uint16_t) *alport
);
458 if (__bind(s
, (struct sockaddr
*)&ss
, len
) >= 0)
460 if (errno
!= EADDRINUSE
) {
464 if ((*alport
)-- == IPPORT_RESERVED
/2)
465 *alport
= IPPORT_RESERVED
- 1;
466 } while (*alport
!= start
);
468 __set_errno (EAGAIN
);
471 libc_hidden_def (rresvport_af
)
477 return rresvport_af(alport
, AF_INET
);
480 int __check_rhosts_file
= 1;
484 ruserok_af(rhost
, superuser
, ruser
, luser
, af
)
485 const char *rhost
, *ruser
, *luser
;
489 struct addrinfo hints
, *res
, *res0
;
493 memset (&hints
, '\0', sizeof(hints
));
494 hints
.ai_family
= af
;
495 gai
= getaddrinfo(rhost
, NULL
, &hints
, &res0
);
499 for (res
=res0
; res
; res
=res
->ai_next
)
500 if (ruserok2_sa(res
->ai_addr
, res
->ai_addrlen
,
501 superuser
, ruser
, luser
, rhost
) == 0){
508 libc_hidden_def (ruserok_af
)
511 ruserok(rhost
, superuser
, ruser
, luser
)
512 const char *rhost
, *ruser
, *luser
;
515 return ruserok_af(rhost
, superuser
, ruser
, luser
, AF_INET
);
518 /* Extremely paranoid file open function. */
520 iruserfopen (const char *file
, uid_t okuser
)
526 /* If not a regular file, if owned by someone other than user or
527 root, if writeable by anyone but the owner, or if hardlinked
530 if (__lxstat64 (_STAT_VER
, file
, &st
))
531 cp
= _("lstat failed");
532 else if (!S_ISREG (st
.st_mode
))
533 cp
= _("not regular file");
536 res
= fopen (file
, "rc");
538 cp
= _("cannot open");
539 else if (__fxstat64 (_STAT_VER
, fileno (res
), &st
) < 0)
540 cp
= _("fstat failed");
541 else if (st
.st_uid
&& st
.st_uid
!= okuser
)
543 else if (st
.st_mode
& (S_IWGRP
|S_IWOTH
))
544 cp
= _("writeable by other than owner");
545 else if (st
.st_nlink
> 1)
546 cp
= _("hard linked somewhere");
549 /* If there were any problems, quit. */
558 /* No threads use this stream. */
559 __fsetlocking (res
, FSETLOCKING_BYCALLER
);
565 * New .rhosts strategy: We are passed an ip address. We spin through
566 * hosts.equiv and .rhosts looking for a match. When the .rhosts only
567 * has ip addresses, we don't have to trust a nameserver. When it
568 * contains hostnames, we spin through the list of addresses the nameserver
569 * gives us and look for a match.
571 * Returns 0 if ok, -1 if not ok.
574 ruserok2_sa (ra
, ralen
, superuser
, ruser
, luser
, rhost
)
578 const char *ruser
, *luser
, *rhost
;
584 hostf
= iruserfopen (_PATH_HEQUIV
, 0);
588 isbad
= __validuser2_sa (hostf
, ra
, ralen
, luser
, ruser
, rhost
);
595 if (__check_rhosts_file
|| superuser
)
598 struct passwd pwdbuf
, *pwd
;
600 size_t buflen
= __sysconf (_SC_GETPW_R_SIZE_MAX
);
601 char *buffer
= __alloca (buflen
);
604 if (__getpwnam_r (luser
, &pwdbuf
, buffer
, buflen
, &pwd
) != 0
608 dirlen
= strlen (pwd
->pw_dir
);
609 pbuf
= alloca (dirlen
+ sizeof "/.rhosts");
610 __mempcpy (__mempcpy (pbuf
, pwd
->pw_dir
, dirlen
),
611 "/.rhosts", sizeof "/.rhosts");
613 /* Change effective uid while reading .rhosts. If root and
614 reading an NFS mounted file system, can't read files that
615 are protected read/write owner only. */
617 seteuid (pwd
->pw_uid
);
618 hostf
= iruserfopen (pbuf
, pwd
->pw_uid
);
622 isbad
= __validuser2_sa (hostf
, ra
, ralen
, luser
, ruser
, rhost
);
632 * ruserok_sa() is now discussed on ipng, so
633 * currently disabled for external use
635 static int ruserok_sa(ra
, ralen
, superuser
, ruser
, luser
)
639 const char *ruser
, *luser
;
641 return ruserok2_sa(ra
, ralen
, superuser
, ruser
, luser
, "-");
644 /* This is the exported version. */
646 iruserok_af (raddr
, superuser
, ruser
, luser
, af
)
649 const char *ruser
, *luser
;
652 struct sockaddr_storage ra
;
655 memset (&ra
, '\0', sizeof(ra
));
658 ((struct sockaddr_in
*)&ra
)->sin_family
= AF_INET
;
659 memcpy (&(((struct sockaddr_in
*)&ra
)->sin_addr
), raddr
,
660 sizeof(struct in_addr
));
661 ralen
= sizeof(struct sockaddr_in
);
664 ((struct sockaddr_in6
*)&ra
)->sin6_family
= AF_INET6
;
665 memcpy (&(((struct sockaddr_in6
*)&ra
)->sin6_addr
), raddr
,
666 sizeof(struct in6_addr
));
667 ralen
= sizeof(struct sockaddr_in6
);
672 return ruserok_sa ((struct sockaddr
*)&ra
, ralen
, superuser
, ruser
, luser
);
674 libc_hidden_def (iruserok_af
)
677 iruserok (raddr
, superuser
, ruser
, luser
)
680 const char *ruser
, *luser
;
682 return iruserok_af (&raddr
, superuser
, ruser
, luser
, AF_INET
);
687 * Don't make static, used by lpd(8).
689 * This function is not used anymore. It is only present because lpd(8)
690 * calls it (!?!). We simply call __invaliduser2() with an illegal rhost
691 * argument. This means that netgroups won't work in .rhost/hosts.equiv
692 * files. If you want lpd to work with netgroups, fix lpd to use ruserok()
694 * Returns 0 if ok, -1 if not ok.
697 __ivaliduser(hostf
, raddr
, luser
, ruser
)
700 const char *luser
, *ruser
;
702 struct sockaddr_in ra
;
703 memset(&ra
, '\0', sizeof(ra
));
704 ra
.sin_family
= AF_INET
;
705 ra
.sin_addr
.s_addr
= raddr
;
706 return __validuser2_sa(hostf
, (struct sockaddr
*)&ra
, sizeof(ra
),
711 /* Returns 1 on positive match, 0 on no match, -1 on negative match. */
714 __checkhost_sa (struct sockaddr
*ra
, size_t ralen
, char *lhost
,
717 struct addrinfo hints
, *res0
, *res
;
718 char raddr
[INET6_ADDRSTRLEN
];
720 int negate
=1; /* Multiply return with this to get -1 instead of 1 */
722 /* Check nis netgroup. */
723 if (strncmp ("+@", lhost
, 2) == 0)
724 return innetgr (&lhost
[2], rhost
, NULL
, NULL
);
726 if (strncmp ("-@", lhost
, 2) == 0)
727 return -innetgr (&lhost
[2], rhost
, NULL
, NULL
);
730 if (strncmp ("-", lhost
,1) == 0) {
733 } else if (strcmp ("+",lhost
) == 0) {
734 return 1; /* asking for trouble, but ok.. */
737 /* Try for raw ip address first. */
739 if (getnameinfo(ra
, ralen
,
740 raddr
, sizeof(raddr
), NULL
, 0,
742 && strcmp(raddr
, lhost
) == 0)
745 /* Better be a hostname. */
747 memset(&hints
, '\0', sizeof(hints
));
748 hints
.ai_family
= ra
->sa_family
;
749 if (getaddrinfo(lhost
, NULL
, &hints
, &res0
) == 0){
750 /* Spin through ip addresses. */
751 for (res
= res0
; res
; res
= res
->ai_next
)
753 if (res
->ai_family
== ra
->sa_family
754 && !memcmp(res
->ai_addr
, ra
, res
->ai_addrlen
))
762 return negate
* match
;
765 /* Returns 1 on positive match, 0 on no match, -1 on negative match. */
768 __icheckuser (const char *luser
, const char *ruser
)
771 luser is user entry from .rhosts/hosts.equiv file
772 ruser is user id on remote host
776 if (strncmp ("+@", luser
, 2) == 0)
777 return innetgr (&luser
[2], NULL
, ruser
, NULL
);
779 if (strncmp ("-@", luser
,2) == 0)
780 return -innetgr (&luser
[2], NULL
, ruser
, NULL
);
783 if (strncmp ("-", luser
, 1) == 0)
784 return -(strcmp (&luser
[1], ruser
) == 0);
787 if (strcmp ("+", luser
) == 0)
790 /* simple string match */
791 return strcmp (ruser
, luser
) == 0;
795 * Returns 1 for blank lines (or only comment lines) and 0 otherwise
800 while (*p
&& isspace (*p
)) {
804 return (*p
== '\0' || *p
== '#') ? 1 : 0 ;
808 * Returns 0 if positive match, -1 if _not_ ok.
811 __validuser2_sa(hostf
, ra
, ralen
, luser
, ruser
, rhost
)
815 const char *luser
, *ruser
, *rhost
;
817 register const char *user
;
824 while (__getline (&buf
, &bufsize
, hostf
) > 0) {
825 buf
[bufsize
- 1] = '\0'; /* Make sure it's terminated. */
828 /* Skip empty or comment lines */
833 for (;*p
&& !isspace(*p
); ++p
) {
837 /* Next we want to find the permitted name for the remote user. */
838 if (*p
== ' ' || *p
== '\t') {
839 /* <nul> terminate hostname and skip spaces */
840 for (*p
++='\0'; *p
&& isspace (*p
); ++p
);
842 user
= p
; /* this is the user's name */
843 while (*p
&& !isspace (*p
))
844 ++p
; /* find end of user's name */
848 *p
= '\0'; /* <nul> terminate username (+host?) */
850 /* buf -> host(?) ; user -> username(?) */
852 /* First check host part */
853 hcheck
= __checkhost_sa (ra
, ralen
, buf
, rhost
);
859 /* Then check user part */
863 ucheck
= __icheckuser (user
, ruser
);
865 /* Positive 'host user' match? */
871 /* Negative 'host -user' match? */
875 /* Neither, go on looking for match */