search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updated to fedora-glibc-20050721T0814
[glibc.git] / inet / rcmd.c
blobda6c070764398386732bb174f0e4eccb3ee2c9f8
1 /*
2 * Copyright (C) 1998 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29 /*
30 * Copyright (c) 1983, 1993, 1994
31 * The Regents of the University of California. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 4. Neither the name of the University nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58 #if defined(LIBC_SCCS) && !defined(lint)
59 static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
60 #endif /* LIBC_SCCS and not lint */
61
62 #include <sys/param.h>
63 #include <sys/poll.h>
64 #include <sys/socket.h>
65 #include <sys/stat.h>
66
67 #include <netinet/in.h>
68 #include <arpa/inet.h>
69
70 #include <alloca.h>
71 #include <signal.h>
72 #include <fcntl.h>
73 #include <netdb.h>
74 #include <unistd.h>
75 #include <pwd.h>
76 #include <errno.h>
77 #include <stdio.h>
78 #include <stdio_ext.h>
79 #include <ctype.h>
80 #include <string.h>
81 #include <libintl.h>
82 #include <stdlib.h>
83 #include <wchar.h>
84 #include <sys/uio.h>
85
86
87 int __ivaliduser (FILE *, u_int32_t, const char *, const char *);
88 static int __validuser2_sa (FILE *, struct sockaddr *, size_t,
89 const char *, const char *, const char *);
90 static int ruserok2_sa (struct sockaddr *ra, size_t ralen,
91 int superuser, const char *ruser,
92 const char *luser, const char *rhost);
93 static int ruserok_sa (struct sockaddr *ra, size_t ralen,
94 int superuser, const char *ruser,
95 const char *luser);
96 int iruserok_af (const void *raddr, int superuser, const char *ruser,
97 const char *luser, sa_family_t af);
98 int iruserok (u_int32_t raddr, int superuser, const char *ruser,
99 const char *luser);
100
101 libc_hidden_proto (iruserok_af)
102
103 libc_freeres_ptr(static char *ahostbuf);
104
105 int
106 rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af)
107 char **ahost;
108 u_short rport;
109 const char *locuser, *remuser, *cmd;
110 int *fd2p;
111 sa_family_t af;
112 {
113 char paddr[INET6_ADDRSTRLEN];
114 struct addrinfo hints, *res, *ai;
115 struct sockaddr_storage from;
116 struct pollfd pfd[2];
117 int32_t oldmask;
118 pid_t pid;
119 int s, lport, timo, error;
120 char c;
121 int refused;
122 char num[8];
123 ssize_t n;
124
125 if (af != AF_INET && af != AF_INET6 && af != AF_UNSPEC)
126 {
127 __set_errno (EAFNOSUPPORT);
128 return -1;
129 }
130
131 pid = __getpid();
132
133 memset(&hints, '\0', sizeof(hints));
134 hints.ai_flags = AI_CANONNAME;
135 hints.ai_family = af;
136 hints.ai_socktype = SOCK_STREAM;
137 (void)__snprintf(num, sizeof(num), "%d", ntohs(rport));
138 error = getaddrinfo(*ahost, num, &hints, &res);
139 if (error) {
140 if (error == EAI_NONAME && *ahost != NULL)
141 __fxprintf(NULL, "%s: Unknown host\n", *ahost);
142 else
143 __fxprintf(NULL, "rcmd: getaddrinfo: %s\n",
144 gai_strerror(error));
145
146 return -1;
147 }
148
149 pfd[0].events = POLLIN;
150 pfd[1].events = POLLIN;
151
152 if (res->ai_canonname){
153 free (ahostbuf);
154 ahostbuf = strdup (res->ai_canonname);
155 if (ahostbuf == NULL) {
156 __fxprintf(NULL, "%s",
157 _("rcmd: Cannot allocate memory\n"));
158 return -1;
159 }
160 *ahost = ahostbuf;
161 } else
162 *ahost = NULL;
163 ai = res;
164 refused = 0;
165 oldmask = __sigblock(sigmask(SIGURG));
166 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
167 char errbuf[200];
168
169 s = rresvport_af(&lport, ai->ai_family);
170 if (s < 0) {
171 if (errno == EAGAIN)
172 __fxprintf(NULL, "%s", _("\
173 rcmd: socket: All ports in use\n"));
174 else
175 __fxprintf(NULL, "rcmd: socket: %m\n");
176
177 __sigsetmask(oldmask);
178 freeaddrinfo(res);
179 return -1;
180 }
181 __fcntl(s, F_SETOWN, pid);
182 if (__connect(s, ai->ai_addr, ai->ai_addrlen) >= 0)
183 break;
184 (void)__close(s);
185 if (errno == EADDRINUSE) {
186 lport--;
187 continue;
188 }
189 if (errno == ECONNREFUSED)
190 refused = 1;
191 if (ai->ai_next != NULL) {
192 int oerrno = errno;
193 char *buf = NULL;
194
195 getnameinfo(ai->ai_addr, ai->ai_addrlen,
196 paddr, sizeof(paddr),
197 NULL, 0,
198 NI_NUMERICHOST);
199
200 if (__asprintf (&buf, _("connect to address %s: "),
201 paddr) >= 0)
202 {
203 __fxprintf(NULL, "%s", buf);
204 free (buf);
205 }
206 __set_errno (oerrno);
207 perror(0);
208 ai = ai->ai_next;
209 getnameinfo(ai->ai_addr, ai->ai_addrlen,
210 paddr, sizeof(paddr),
211 NULL, 0,
212 NI_NUMERICHOST);
213 if (__asprintf (&buf, _("Trying %s...\n"), paddr) >= 0)
214 {
215 __fxprintf (NULL, "%s", buf);
216 free (buf);
217 }
218 continue;
219 }
220 if (refused && timo <= 16) {
221 (void)__sleep(timo);
222 timo *= 2;
223 ai = res;
224 refused = 0;
225 continue;
226 }
227 freeaddrinfo(res);
228 (void)__fxprintf(NULL, "%s: %s\n", *ahost,
229 __strerror_r(errno, errbuf, sizeof (errbuf)));
230 __sigsetmask(oldmask);
231 return -1;
232 }
233 lport--;
234 if (fd2p == 0) {
235 __write(s, "", 1);
236 lport = 0;
237 } else {
238 char num[8];
239 int s2 = rresvport_af(&lport, ai->ai_family), s3;
240 socklen_t len = ai->ai_addrlen;
241
242 if (s2 < 0)
243 goto bad;
244 __listen(s2, 1);
245 (void)__snprintf(num, sizeof(num), "%d", lport);
246 if (__write(s, num, strlen(num)+1) != (ssize_t)strlen(num)+1) {
247 char *buf = NULL;
248
249 if (__asprintf (&buf, _("\
250 rcmd: write (setting up stderr): %m\n")) >= 0)
251 {
252 __fxprintf(NULL, "%s", buf);
253 free (buf);
254 }
255 (void)__close(s2);
256 goto bad;
257 }
258 pfd[0].fd = s;
259 pfd[1].fd = s2;
260 __set_errno (0);
261 if (__poll (pfd, 2, -1) < 1 || (pfd[1].revents & POLLIN) == 0){
262 char *buf = NULL;
263
264 if ((errno != 0
265 && __asprintf(&buf, _("\
266 rcmd: poll (setting up stderr): %m\n")) >= 0)
267 || (errno == 0
268 && __asprintf(&buf, _("\
269 poll: protocol failure in circuit setup\n")) >= 0))
270 {
271 __fxprintf (NULL, "%s", buf);
272 free (buf);
273 }
274 (void)__close(s2);
275 goto bad;
276 }
277 s3 = TEMP_FAILURE_RETRY (accept(s2, (struct sockaddr *)&from,
278 &len));
279 switch (from.ss_family) {
280 case AF_INET:
281 rport = ntohs(((struct sockaddr_in *)&from)->sin_port);
282 break;
283 case AF_INET6:
284 rport = ntohs(((struct sockaddr_in6 *)&from)->sin6_port);
285 break;
286 default:
287 rport = 0;
288 break;
289 }
290 (void)__close(s2);
291 if (s3 < 0) {
292 (void)__fxprintf(NULL, "rcmd: accept: %m\n");
293 lport = 0;
294 goto bad;
295 }
296 *fd2p = s3;
297
298 if (rport >= IPPORT_RESERVED || rport < IPPORT_RESERVED / 2){
299 char *buf = NULL;
300
301 if (__asprintf(&buf, _("\
302 socket: protocol failure in circuit setup\n")) >= 0)
303 {
304 __fxprintf (NULL, "%s", buf);
305 free (buf);
306 }
307 goto bad2;
308 }
309 }
310 struct iovec iov[3] =
311 {
312 [0] = { .iov_base = (void *) locuser,
313 .iov_len = strlen (locuser) + 1 },
314 [1] = { .iov_base = (void *) remuser,
315 .iov_len = strlen (remuser) + 1 },
316 [2] = { .iov_base = (void *) cmd,
317 .iov_len = strlen (cmd) + 1 }
318 };
319 (void) TEMP_FAILURE_RETRY (__writev (s, iov, 3));
320 n = TEMP_FAILURE_RETRY (__read(s, &c, 1));
321 if (n != 1) {
322 char *buf = NULL;
323
324 if ((n == 0
325 && __asprintf(&buf, _("rcmd: %s: short read"),
326 *ahost) >= 0)
327 || (n != 0
328 && __asprintf(&buf, "rcmd: %s: %m\n", *ahost) >= 0))
329 {
330 __fxprintf (NULL, "%s", buf);
331 free (buf);
332 }
333 goto bad2;
334 }
335 if (c != 0) {
336 while (__read(s, &c, 1) == 1) {
337 (void)__write(STDERR_FILENO, &c, 1);
338 if (c == '\n')
339 break;
340 }
341 goto bad2;
342 }
343 __sigsetmask(oldmask);
344 freeaddrinfo(res);
345 return s;
346 bad2:
347 if (lport)
348 (void)__close(*fd2p);
349 bad:
350 (void)__close(s);
351 __sigsetmask(oldmask);
352 freeaddrinfo(res);
353 return -1;
354 }
355 libc_hidden_def (rcmd_af)
356
357 int
358 rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
359 char **ahost;
360 u_short rport;
361 const char *locuser, *remuser, *cmd;
362 int *fd2p;
363 {
364 return rcmd_af (ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
365 }
366
367 int
368 rresvport_af(alport, family)
369 int *alport;
370 sa_family_t family;
371 {
372 struct sockaddr_storage ss;
373 int s;
374 size_t len;
375 uint16_t *sport;
376
377 switch(family){
378 case AF_INET:
379 len = sizeof(struct sockaddr_in);
380 sport = &((struct sockaddr_in *)&ss)->sin_port;
381 break;
382 case AF_INET6:
383 len = sizeof(struct sockaddr_in6);
384 sport = &((struct sockaddr_in6 *)&ss)->sin6_port;
385 break;
386 default:
387 __set_errno (EAFNOSUPPORT);
388 return -1;
389 }
390 s = __socket(family, SOCK_STREAM, 0);
391 if (s < 0)
392 return -1;
393
394 memset (&ss, '\0', sizeof(ss));
395 #ifdef SALEN
396 ss.__ss_len = len;
397 #endif
398 ss.ss_family = family;
399
400 /* Ignore invalid values. */
401 if (*alport < IPPORT_RESERVED / 2)
402 *alport = IPPORT_RESERVED / 2;
403 else if (*alport >= IPPORT_RESERVED)
404 *alport = IPPORT_RESERVED - 1;
405
406 int start = *alport;
407 do {
408 *sport = htons((uint16_t) *alport);
409 if (__bind(s, (struct sockaddr *)&ss, len) >= 0)
410 return s;
411 if (errno != EADDRINUSE) {
412 (void)__close(s);
413 return -1;
414 }
415 if ((*alport)-- == IPPORT_RESERVED/2)
416 *alport = IPPORT_RESERVED - 1;
417 } while (*alport != start);
418 (void)__close(s);
419 __set_errno (EAGAIN);
420 return -1;
421 }
422 libc_hidden_def (rresvport_af)
423
424 int
425 rresvport(alport)
426 int *alport;
427 {
428 return rresvport_af(alport, AF_INET);
429 }
430
431 int __check_rhosts_file = 1;
432 char *__rcmd_errstr;
433
434 int
435 ruserok_af(rhost, superuser, ruser, luser, af)
436 const char *rhost, *ruser, *luser;
437 int superuser;
438 sa_family_t af;
439 {
440 struct addrinfo hints, *res, *res0;
441 int gai;
442 int ret;
443
444 memset (&hints, '\0', sizeof(hints));
445 hints.ai_family = af;
446 gai = getaddrinfo(rhost, NULL, &hints, &res0);
447 if (gai)
448 return -1;
449 ret = -1;
450 for (res=res0; res; res=res->ai_next)
451 if (ruserok2_sa(res->ai_addr, res->ai_addrlen,
452 superuser, ruser, luser, rhost) == 0){
453 ret = 0;
454 break;
455 }
456 freeaddrinfo(res0);
457 return (ret);
458 }
459 libc_hidden_def (ruserok_af)
460
461 int
462 ruserok(rhost, superuser, ruser, luser)
463 const char *rhost, *ruser, *luser;
464 int superuser;
465 {
466 return ruserok_af(rhost, superuser, ruser, luser, AF_INET);
467 }
468
469 /* Extremely paranoid file open function. */
470 static FILE *
471 iruserfopen (const char *file, uid_t okuser)
472 {
473 struct stat64 st;
474 char *cp = NULL;
475 FILE *res = NULL;
476
477 /* If not a regular file, if owned by someone other than user or
478 root, if writeable by anyone but the owner, or if hardlinked
479 anywhere, quit. */
480 cp = NULL;
481 if (__lxstat64 (_STAT_VER, file, &st))
482 cp = _("lstat failed");
483 else if (!S_ISREG (st.st_mode))
484 cp = _("not regular file");
485 else
486 {
487 res = fopen (file, "rc");
488 if (!res)
489 cp = _("cannot open");
490 else if (__fxstat64 (_STAT_VER, fileno (res), &st) < 0)
491 cp = _("fstat failed");
492 else if (st.st_uid && st.st_uid != okuser)
493 cp = _("bad owner");
494 else if (st.st_mode & (S_IWGRP|S_IWOTH))
495 cp = _("writeable by other than owner");
496 else if (st.st_nlink > 1)
497 cp = _("hard linked somewhere");
498 }
499
500 /* If there were any problems, quit. */
501 if (cp != NULL)
502 {
503 __rcmd_errstr = cp;
504 if (res)
505 fclose (res);
506 return NULL;
507 }
508
509 /* No threads use this stream. */
510 __fsetlocking (res, FSETLOCKING_BYCALLER);
511
512 return res;
513 }
514
515 /*
516 * New .rhosts strategy: We are passed an ip address. We spin through
517 * hosts.equiv and .rhosts looking for a match. When the .rhosts only
518 * has ip addresses, we don't have to trust a nameserver. When it
519 * contains hostnames, we spin through the list of addresses the nameserver
520 * gives us and look for a match.
521 *
522 * Returns 0 if ok, -1 if not ok.
523 */
524 static int
525 ruserok2_sa (ra, ralen, superuser, ruser, luser, rhost)
526 struct sockaddr *ra;
527 size_t ralen;
528 int superuser;
529 const char *ruser, *luser, *rhost;
530 {
531 FILE *hostf = NULL;
532 int isbad = -1;
533
534 if (!superuser)
535 hostf = iruserfopen (_PATH_HEQUIV, 0);
536
537 if (hostf)
538 {
539 isbad = __validuser2_sa (hostf, ra, ralen, luser, ruser, rhost);
540 fclose (hostf);
541
542 if (!isbad)
543 return 0;
544 }
545
546 if (__check_rhosts_file || superuser)
547 {
548 char *pbuf;
549 struct passwd pwdbuf, *pwd;
550 size_t dirlen;
551 size_t buflen = __sysconf (_SC_GETPW_R_SIZE_MAX);
552 char *buffer = __alloca (buflen);
553 uid_t uid;
554
555 if (__getpwnam_r (luser, &pwdbuf, buffer, buflen, &pwd) != 0
556 || pwd == NULL)
557 return -1;
558
559 dirlen = strlen (pwd->pw_dir);
560 pbuf = alloca (dirlen + sizeof "/.rhosts");
561 __mempcpy (__mempcpy (pbuf, pwd->pw_dir, dirlen),
562 "/.rhosts", sizeof "/.rhosts");
563
564 /* Change effective uid while reading .rhosts. If root and
565 reading an NFS mounted file system, can't read files that
566 are protected read/write owner only. */
567 uid = __geteuid ();
568 seteuid (pwd->pw_uid);
569 hostf = iruserfopen (pbuf, pwd->pw_uid);
570
571 if (hostf != NULL)
572 {
573 isbad = __validuser2_sa (hostf, ra, ralen, luser, ruser, rhost);
574 fclose (hostf);
575 }
576
577 seteuid (uid);
578 return isbad;
579 }
580 return -1;
581 }
582 /*
583 * ruserok_sa() is now discussed on ipng, so
584 * currently disabled for external use
585 */
586 static int ruserok_sa(ra, ralen, superuser, ruser, luser)
587 struct sockaddr *ra;
588 size_t ralen;
589 int superuser;
590 const char *ruser, *luser;
591 {
592 return ruserok2_sa(ra, ralen, superuser, ruser, luser, "-");
593 }
594
595 /* This is the exported version. */
596 int
597 iruserok_af (raddr, superuser, ruser, luser, af)
598 const void *raddr;
599 int superuser;
600 const char *ruser, *luser;
601 sa_family_t af;
602 {
603 struct sockaddr_storage ra;
604 size_t ralen;
605
606 memset (&ra, '\0', sizeof(ra));
607 switch (af){
608 case AF_INET:
609 ((struct sockaddr_in *)&ra)->sin_family = AF_INET;
610 memcpy (&(((struct sockaddr_in *)&ra)->sin_addr), raddr,
611 sizeof(struct in_addr));
612 ralen = sizeof(struct sockaddr_in);
613 break;
614 case AF_INET6:
615 ((struct sockaddr_in6 *)&ra)->sin6_family = AF_INET6;
616 memcpy (&(((struct sockaddr_in6 *)&ra)->sin6_addr), raddr,
617 sizeof(struct in6_addr));
618 ralen = sizeof(struct sockaddr_in6);
619 break;
620 default:
621 return 0;
622 }
623 return ruserok_sa ((struct sockaddr *)&ra, ralen, superuser, ruser, luser);
624 }
625 libc_hidden_def (iruserok_af)
626
627 int
628 iruserok (raddr, superuser, ruser, luser)
629 u_int32_t raddr;
630 int superuser;
631 const char *ruser, *luser;
632 {
633 return iruserok_af (&raddr, superuser, ruser, luser, AF_INET);
634 }
635
636 /*
637 * XXX
638 * Don't make static, used by lpd(8).
639 *
640 * This function is not used anymore. It is only present because lpd(8)
641 * calls it (!?!). We simply call __invaliduser2() with an illegal rhost
642 * argument. This means that netgroups won't work in .rhost/hosts.equiv
643 * files. If you want lpd to work with netgroups, fix lpd to use ruserok()
644 * or PAM.
645 * Returns 0 if ok, -1 if not ok.
646 */
647 int
648 __ivaliduser(hostf, raddr, luser, ruser)
649 FILE *hostf;
650 u_int32_t raddr;
651 const char *luser, *ruser;
652 {
653 struct sockaddr_in ra;
654 memset(&ra, '\0', sizeof(ra));
655 ra.sin_family = AF_INET;
656 ra.sin_addr.s_addr = raddr;
657 return __validuser2_sa(hostf, (struct sockaddr *)&ra, sizeof(ra),
658 luser, ruser, "-");
659 }
660
661
662 /* Returns 1 on positive match, 0 on no match, -1 on negative match. */
663 static int
664 internal_function
665 __checkhost_sa (struct sockaddr *ra, size_t ralen, char *lhost,
666 const char *rhost)
667 {
668 struct addrinfo hints, *res0, *res;
669 char raddr[INET6_ADDRSTRLEN];
670 int match;
671 int negate=1; /* Multiply return with this to get -1 instead of 1 */
672
673 /* Check nis netgroup. */
674 if (strncmp ("+@", lhost, 2) == 0)
675 return innetgr (&lhost[2], rhost, NULL, NULL);
676
677 if (strncmp ("-@", lhost, 2) == 0)
678 return -innetgr (&lhost[2], rhost, NULL, NULL);
679
680 /* -host */
681 if (strncmp ("-", lhost,1) == 0) {
682 negate = -1;
683 lhost++;
684 } else if (strcmp ("+",lhost) == 0) {
685 return 1; /* asking for trouble, but ok.. */
686 }
687
688 /* Try for raw ip address first. */
689 /* XXX */
690 if (getnameinfo(ra, ralen,
691 raddr, sizeof(raddr), NULL, 0,
692 NI_NUMERICHOST) == 0
693 && strcmp(raddr, lhost) == 0)
694 return negate;
695
696 /* Better be a hostname. */
697 match = 0;
698 memset(&hints, '\0', sizeof(hints));
699 hints.ai_family = ra->sa_family;
700 if (getaddrinfo(lhost, NULL, &hints, &res0) == 0){
701 /* Spin through ip addresses. */
702 for (res = res0; res; res = res->ai_next)
703 {
704 if (res->ai_family == ra->sa_family
705 && !memcmp(res->ai_addr, ra, res->ai_addrlen))
706 {
707 match = 1;
708 break;
709 }
710 }
711 freeaddrinfo (res0);
712 }
713 return negate * match;
714 }
715
716 /* Returns 1 on positive match, 0 on no match, -1 on negative match. */
717 static int
718 internal_function
719 __icheckuser (const char *luser, const char *ruser)
720 {
721 /*
722 luser is user entry from .rhosts/hosts.equiv file
723 ruser is user id on remote host
724 */
725
726 /* [-+]@netgroup */
727 if (strncmp ("+@", luser, 2) == 0)
728 return innetgr (&luser[2], NULL, ruser, NULL);
729
730 if (strncmp ("-@", luser,2) == 0)
731 return -innetgr (&luser[2], NULL, ruser, NULL);
732
733 /* -user */
734 if (strncmp ("-", luser, 1) == 0)
735 return -(strcmp (&luser[1], ruser) == 0);
736
737 /* + */
738 if (strcmp ("+", luser) == 0)
739 return 1;
740
741 /* simple string match */
742 return strcmp (ruser, luser) == 0;
743 }
744
745 /*
746 * Returns 1 for blank lines (or only comment lines) and 0 otherwise
747 */
748 static int
749 __isempty (char *p)
750 {
751 while (*p && isspace (*p)) {
752 ++p;
753 }
754
755 return (*p == '\0' || *p == '#') ? 1 : 0 ;
756 }
757
758 /*
759 * Returns 0 if positive match, -1 if _not_ ok.
760 */
761 static int
762 __validuser2_sa(hostf, ra, ralen, luser, ruser, rhost)
763 FILE *hostf;
764 struct sockaddr *ra;
765 size_t ralen;
766 const char *luser, *ruser, *rhost;
767 {
768 register const char *user;
769 register char *p;
770 int hcheck, ucheck;
771 char *buf = NULL;
772 size_t bufsize = 0;
773 int retval = -1;
774
775 while (__getline (&buf, &bufsize, hostf) > 0) {
776 buf[bufsize - 1] = '\0'; /* Make sure it's terminated. */
777 p = buf;
778
779 /* Skip empty or comment lines */
780 if (__isempty (p)) {
781 continue;
782 }
783
784 for (;*p && !isspace(*p); ++p) {
785 *p = _tolower (*p);
786 }
787
788 /* Next we want to find the permitted name for the remote user. */
789 if (*p == ' ' || *p == '\t') {
790 /* <nul> terminate hostname and skip spaces */
791 for (*p++='\0'; *p && isspace (*p); ++p);
792
793 user = p; /* this is the user's name */
794 while (*p && !isspace (*p))
795 ++p; /* find end of user's name */
796 } else
797 user = p;
798
799 *p = '\0'; /* <nul> terminate username (+host?) */
800
801 /* buf -> host(?) ; user -> username(?) */
802
803 /* First check host part */
804 hcheck = __checkhost_sa (ra, ralen, buf, rhost);
805
806 if (hcheck < 0)
807 break;
808
809 if (hcheck) {
810 /* Then check user part */
811 if (! (*user))
812 user = luser;
813
814 ucheck = __icheckuser (user, ruser);
815
816 /* Positive 'host user' match? */
817 if (ucheck > 0) {
818 retval = 0;
819 break;
820 }
821
822 /* Negative 'host -user' match? */
823 if (ucheck < 0)
824 break;
825
826 /* Neither, go on looking for match */
827 }
828 }
829
830 if (buf != NULL)
831 free (buf);
832
833 return retval;
834 }
sources.redhat.com git mirror of glibc CVS