2 * Copyright (c) 1983, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #if defined(LIBC_SCCS) && !defined(lint)
31 static char sccsid
[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
32 #endif /* LIBC_SCCS and not lint */
34 #include <sys/param.h>
36 #include <sys/socket.h>
39 #include <netinet/in.h>
40 #include <arpa/inet.h>
56 int __ivaliduser
__P ((FILE *, u_int32_t
, const char *, const char *));
57 static int __ivaliduser2
__P ((FILE *, u_int32_t
, const char *, const char *,
59 static int iruserok2 (u_int32_t raddr
, int superuser
, const char *ruser
,
60 const char *luser
, const char *rhost
);
61 int iruserok (u_int32_t raddr
, int superuser
, const char *ruser
,
66 rcmd(ahost
, rport
, locuser
, remuser
, cmd
, fd2p
)
69 const char *locuser
, *remuser
, *cmd
;
72 struct hostent hostbuf
, *hp
;
75 struct sockaddr_in sin
, from
;
86 tmphstbuf
= __alloca (hstbuflen
);
87 while (__gethostbyname_r (*ahost
, &hostbuf
, tmphstbuf
, hstbuflen
,
90 if (herr
!= NETDB_INTERNAL
|| errno
!= ERANGE
)
98 /* Enlarge the buffer. */
100 tmphstbuf
= __alloca (hstbuflen
);
103 pfd
[0].events
= POLLIN
;
104 pfd
[1].events
= POLLIN
;
107 oldmask
= __sigblock(sigmask(SIGURG
));
108 for (timo
= 1, lport
= IPPORT_RESERVED
- 1;;) {
109 s
= rresvport(&lport
);
112 (void)fprintf(stderr
,
113 _("rcmd: socket: All ports in use\n"));
115 (void)fprintf(stderr
, "rcmd: socket: %m\n");
116 __sigsetmask(oldmask
);
119 __fcntl(s
, F_SETOWN
, pid
);
120 sin
.sin_family
= hp
->h_addrtype
;
121 bcopy(hp
->h_addr_list
[0], &sin
.sin_addr
,
122 MIN (sizeof (sin
.sin_addr
), hp
->h_length
));
123 sin
.sin_port
= rport
;
124 if (__connect(s
, (struct sockaddr
*)&sin
, sizeof(sin
)) >= 0)
127 if (errno
== EADDRINUSE
) {
131 if (errno
== ECONNREFUSED
&& timo
<= 16) {
136 if (hp
->h_addr_list
[1] != NULL
) {
139 (void)fprintf(stderr
, _("connect to address %s: "),
140 inet_ntoa(sin
.sin_addr
));
141 __set_errno (oerrno
);
144 bcopy(hp
->h_addr_list
[0], &sin
.sin_addr
,
145 MIN (sizeof (sin
.sin_addr
), hp
->h_length
));
146 (void)fprintf(stderr
, _("Trying %s...\n"),
147 inet_ntoa(sin
.sin_addr
));
150 (void)fprintf(stderr
, "%s: %m\n", hp
->h_name
);
151 __sigsetmask(oldmask
);
160 int s2
= rresvport(&lport
), s3
;
161 size_t len
= sizeof(from
);
166 (void)__snprintf(num
, sizeof(num
), "%d", lport
);
167 if (__write(s
, num
, strlen(num
)+1) != strlen(num
)+1) {
168 (void)fprintf(stderr
,
169 _("rcmd: write (setting up stderr): %m\n"));
176 if (__poll (pfd
, 2, -1) < 1 || (pfd
[1].revents
& POLLIN
) == 0){
178 (void)fprintf(stderr
,
179 _("rcmd: poll (setting up stderr): %m\n"));
181 (void)fprintf(stderr
,
182 _("poll: protocol failure in circuit setup\n"));
186 s3
= accept(s2
, (struct sockaddr
*)&from
, &len
);
189 (void)fprintf(stderr
,
190 "rcmd: accept: %m\n");
195 from
.sin_port
= ntohs((u_short
)from
.sin_port
);
196 if (from
.sin_family
!= AF_INET
||
197 from
.sin_port
>= IPPORT_RESERVED
||
198 from
.sin_port
< IPPORT_RESERVED
/ 2) {
199 (void)fprintf(stderr
,
200 _("socket: protocol failure in circuit setup\n"));
204 (void)__write(s
, locuser
, strlen(locuser
)+1);
205 (void)__write(s
, remuser
, strlen(remuser
)+1);
206 (void)__write(s
, cmd
, strlen(cmd
)+1);
207 if (__read(s
, &c
, 1) != 1) {
208 (void)fprintf(stderr
,
209 "rcmd: %s: %m\n", *ahost
);
213 while (__read(s
, &c
, 1) == 1) {
214 (void)__write(STDERR_FILENO
, &c
, 1);
220 __sigsetmask(oldmask
);
224 (void)__close(*fd2p
);
227 __sigsetmask(oldmask
);
235 struct sockaddr_in sin
;
238 sin
.sin_family
= AF_INET
;
239 sin
.sin_addr
.s_addr
= INADDR_ANY
;
240 s
= __socket(AF_INET
, SOCK_STREAM
, 0);
244 sin
.sin_port
= htons((u_short
)*alport
);
245 if (bind(s
, (struct sockaddr
*)&sin
, sizeof(sin
)) >= 0)
247 if (errno
!= EADDRINUSE
) {
252 if (*alport
== IPPORT_RESERVED
/2) {
254 __set_errno (EAGAIN
); /* close */
260 int __check_rhosts_file
= 1;
264 ruserok(rhost
, superuser
, ruser
, luser
)
265 const char *rhost
, *ruser
, *luser
;
268 struct hostent hostbuf
, *hp
;
276 buffer
= __alloca (buflen
);
278 while (__gethostbyname_r (rhost
, &hostbuf
, buffer
, buflen
, &hp
, &herr
)
281 if (herr
!= NETDB_INTERNAL
|| errno
!= ERANGE
)
285 /* Enlarge the buffer. */
287 buffer
= __alloca (buflen
);
290 for (ap
= hp
->h_addr_list
; *ap
; ++ap
) {
291 bcopy(*ap
, &addr
, sizeof(addr
));
292 if (iruserok2(addr
, superuser
, ruser
, luser
, rhost
) == 0)
298 /* Extremely paranoid file open function. */
300 iruserfopen (char *file
, uid_t okuser
)
306 /* If not a regular file, if owned by someone other than user or
307 root, if writeable by anyone but the owner, or if hardlinked
310 if (__lxstat (_STAT_VER
, file
, &st
))
311 cp
= _("lstat failed");
312 else if (!S_ISREG (st
.st_mode
))
313 cp
= _("not regular file");
316 res
= fopen (file
, "r");
318 cp
= _("cannot open");
319 else if (__fxstat (_STAT_VER
, fileno (res
), &st
) < 0)
320 cp
= _("fstat failed");
321 else if (st
.st_uid
&& st
.st_uid
!= okuser
)
323 else if (st
.st_mode
& (S_IWGRP
|S_IWOTH
))
324 cp
= _("writeable by other than owner");
325 else if (st
.st_nlink
> 1)
326 cp
= _("hard linked somewhere");
329 /* If there were any problems, quit. */
342 * New .rhosts strategy: We are passed an ip address. We spin through
343 * hosts.equiv and .rhosts looking for a match. When the .rhosts only
344 * has ip addresses, we don't have to trust a nameserver. When it
345 * contains hostnames, we spin through the list of addresses the nameserver
346 * gives us and look for a match.
348 * Returns 0 if ok, -1 if not ok.
351 iruserok2 (raddr
, superuser
, ruser
, luser
, rhost
)
354 const char *ruser
, *luser
, *rhost
;
360 hostf
= iruserfopen (_PATH_HEQUIV
, 0);
364 isbad
= __ivaliduser2 (hostf
, raddr
, luser
, ruser
, rhost
);
371 if (__check_rhosts_file
|| superuser
)
374 struct passwd pwdbuf
, *pwd
;
376 size_t buflen
= __sysconf (_SC_GETPW_R_SIZE_MAX
);
377 char *buffer
= __alloca (buflen
);
380 if (__getpwnam_r (luser
, &pwdbuf
, buffer
, buflen
, &pwd
) != 0
384 dirlen
= strlen (pwd
->pw_dir
);
385 pbuf
= alloca (dirlen
+ sizeof "/.rhosts");
386 __mempcpy (__mempcpy (pbuf
, pwd
->pw_dir
, dirlen
),
387 "/.rhosts", sizeof "/.rhosts");
389 /* Change effective uid while reading .rhosts. If root and
390 reading an NFS mounted file system, can't read files that
391 are protected read/write owner only. */
393 seteuid (pwd
->pw_uid
);
394 hostf
= iruserfopen (pbuf
, pwd
->pw_uid
);
398 isbad
= __ivaliduser2 (hostf
, raddr
, luser
, ruser
, rhost
);
408 /* This is the exported version. */
410 iruserok (raddr
, superuser
, ruser
, luser
)
413 const char *ruser
, *luser
;
415 return iruserok2 (raddr
, superuser
, ruser
, luser
, "-");
420 * Don't make static, used by lpd(8).
422 * This function is not used anymore. It is only present because lpd(8)
423 * calls it (!?!). We simply call __invaliduser2() with an illegal rhost
424 * argument. This means that netgroups won't work in .rhost/hosts.equiv
425 * files. If you want lpd to work with netgroups, fix lpd to use ruserok()
427 * Returns 0 if ok, -1 if not ok.
430 __ivaliduser(hostf
, raddr
, luser
, ruser
)
433 const char *luser
, *ruser
;
435 return __ivaliduser2(hostf
, raddr
, luser
, ruser
, "-");
439 /* Returns 1 on positive match, 0 on no match, -1 on negative match. */
442 __icheckhost (raddr
, lhost
, rhost
)
447 struct hostent hostbuf
, *hp
;
453 int negate
=1; /* Multiply return with this to get -1 instead of 1 */
456 /* Check nis netgroup. */
457 if (strncmp ("+@", lhost
, 2) == 0)
458 return innetgr (&lhost
[2], rhost
, NULL
, NULL
);
460 if (strncmp ("-@", lhost
, 2) == 0)
461 return -innetgr (&lhost
[2], rhost
, NULL
, NULL
);
464 if (strncmp ("-", lhost
,1) == 0) {
467 } else if (strcmp ("+",lhost
) == 0) {
468 return 1; /* asking for trouble, but ok.. */
471 /* Try for raw ip address first. */
472 if (isdigit (*lhost
) && (long) (laddr
= inet_addr (lhost
)) != -1)
473 return negate
* (! (raddr
^ laddr
));
475 /* Better be a hostname. */
477 buffer
= __alloca (buflen
);
479 while (__gethostbyname_r (lhost
, &hostbuf
, buffer
, buflen
, &hp
, &herr
)
481 if (herr
!= NETDB_INTERNAL
|| errno
!= ERANGE
)
484 /* Enlarge the buffer. */
486 buffer
= __alloca (buflen
);
489 __set_errno (save_errno
);
493 /* Spin through ip addresses. */
494 for (pp
= hp
->h_addr_list
; *pp
; ++pp
)
495 if (!memcmp (&raddr
, *pp
, sizeof (u_int32_t
)))
502 /* Returns 1 on positive match, 0 on no match, -1 on negative match. */
505 __icheckuser (luser
, ruser
)
506 const char *luser
, *ruser
;
509 luser is user entry from .rhosts/hosts.equiv file
510 ruser is user id on remote host
515 if (strncmp ("+@", luser
, 2) == 0)
516 return innetgr (&luser
[2], NULL
, ruser
, NULL
);
518 if (strncmp ("-@", luser
,2) == 0)
519 return -innetgr (&luser
[2], NULL
, ruser
, NULL
);
522 if (strncmp ("-", luser
, 1) == 0)
523 return -(strcmp (&luser
[1], ruser
) == 0);
526 if (strcmp ("+", luser
) == 0)
529 /* simple string match */
530 return strcmp (ruser
, luser
) == 0;
534 * Returns 1 for blank lines (or only comment lines) and 0 otherwise
540 while (*p
&& isspace (*p
)) {
544 return (*p
== '\0' || *p
== '#') ? 1 : 0 ;
548 * Returns 0 if positive match, -1 if _not_ ok.
551 __ivaliduser2(hostf
, raddr
, luser
, ruser
, rhost
)
554 const char *luser
, *ruser
, *rhost
;
556 register const char *user
;
563 while (__getline (&buf
, &bufsize
, hostf
) > 0) {
564 buf
[bufsize
- 1] = '\0'; /* Make sure it's terminated. */
567 /* Skip empty or comment lines */
572 /* Skip lines that are too long. */
573 if (strchr (p
, '\n') == NULL
) {
574 int ch
= getc_unlocked (hostf
);
576 while (ch
!= '\n' && ch
!= EOF
)
577 ch
= getc_unlocked (hostf
);
581 for (;*p
&& !isspace(*p
); ++p
) {
585 /* Next we want to find the permitted name for the remote user. */
586 if (*p
== ' ' || *p
== '\t') {
587 /* <nul> terminate hostname and skip spaces */
588 for (*p
++='\0'; *p
&& isspace (*p
); ++p
);
590 user
= p
; /* this is the user's name */
591 while (*p
&& !isspace (*p
))
592 ++p
; /* find end of user's name */
596 *p
= '\0'; /* <nul> terminate username (+host?) */
598 /* buf -> host(?) ; user -> username(?) */
600 /* First check host part */
601 hcheck
= __icheckhost (raddr
, buf
, rhost
);
607 /* Then check user part */
611 ucheck
= __icheckuser (user
, ruser
);
613 /* Positive 'host user' match? */
619 /* Negative 'host -user' match? */
623 /* Neither, go on looking for match */