1 | /* |
---|
2 | * Copyright (c) 1983, 1993, 1994 |
---|
3 | * The Regents of the University of California. All rights reserved. |
---|
4 | * |
---|
5 | * Redistribution and use in source and binary forms, with or without |
---|
6 | * modification, are permitted provided that the following conditions |
---|
7 | * are met: |
---|
8 | * 1. Redistributions of source code must retain the above copyright |
---|
9 | * notice, this list of conditions and the following disclaimer. |
---|
10 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
11 | * notice, this list of conditions and the following disclaimer in the |
---|
12 | * documentation and/or other materials provided with the distribution. |
---|
13 | * 3. All advertising materials mentioning features or use of this software |
---|
14 | * must display the following acknowledgement: |
---|
15 | * This product includes software developed by the University of |
---|
16 | * California, Berkeley and its contributors. |
---|
17 | * 4. Neither the name of the University nor the names of its contributors |
---|
18 | * may be used to endorse or promote products derived from this software |
---|
19 | * without specific prior written permission. |
---|
20 | * |
---|
21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
---|
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
---|
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
31 | * SUCH DAMAGE. |
---|
32 | */ |
---|
33 | |
---|
34 | #if defined(LIBC_SCCS) && !defined(lint) |
---|
35 | static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94"; |
---|
36 | #endif /* LIBC_SCCS and not lint */ |
---|
37 | |
---|
38 | #include <sys/param.h> |
---|
39 | #include <sys/socket.h> |
---|
40 | #include <sys/stat.h> |
---|
41 | |
---|
42 | #include <netinet/in.h> |
---|
43 | #include <arpa/inet.h> |
---|
44 | |
---|
45 | #include <signal.h> |
---|
46 | #include <fcntl.h> |
---|
47 | #include <netdb.h> |
---|
48 | #include <unistd.h> |
---|
49 | #include <pwd.h> |
---|
50 | #include <errno.h> |
---|
51 | #include <stdio.h> |
---|
52 | #include <ctype.h> |
---|
53 | #include <string.h> |
---|
54 | #ifdef YP |
---|
55 | #include <rpc/rpc.h> |
---|
56 | #include <rpcsvc/yp_prot.h> |
---|
57 | #include <rpcsvc/ypclnt.h> |
---|
58 | #endif |
---|
59 | |
---|
60 | extern int innetgr __P(( const char *, const char *, const char *, const char * )); |
---|
61 | |
---|
62 | #define max(a, b) ((a > b) ? a : b) |
---|
63 | |
---|
64 | int __ivaliduser __P((FILE *, u_long, const char *, const char *)); |
---|
65 | static int __icheckhost __P((u_long, char *)); |
---|
66 | |
---|
67 | int |
---|
68 | rcmd(ahost, rport, locuser, remuser, cmd, fd2p) |
---|
69 | char **ahost; |
---|
70 | u_short rport; |
---|
71 | const char *locuser, *remuser, *cmd; |
---|
72 | int *fd2p; |
---|
73 | { |
---|
74 | struct hostent *hp; |
---|
75 | struct sockaddr_in sin, from; |
---|
76 | fd_set reads; |
---|
77 | long oldmask; |
---|
78 | pid_t pid; |
---|
79 | int s, lport, timo; |
---|
80 | char c; |
---|
81 | |
---|
82 | pid = getpid(); |
---|
83 | hp = gethostbyname(*ahost); |
---|
84 | if (hp == NULL) { |
---|
85 | herror(*ahost); |
---|
86 | return (-1); |
---|
87 | } |
---|
88 | *ahost = hp->h_name; |
---|
89 | oldmask = sigblock(sigmask(SIGURG)); |
---|
90 | for (timo = 1, lport = IPPORT_RESERVED - 1;;) { |
---|
91 | s = rresvport(&lport); |
---|
92 | if (s < 0) { |
---|
93 | if (errno == EAGAIN) |
---|
94 | (void)fprintf(stderr, |
---|
95 | "rcmd: socket: All ports in use\n"); |
---|
96 | else |
---|
97 | (void)fprintf(stderr, "rcmd: socket: %s\n", |
---|
98 | strerror(errno)); |
---|
99 | sigsetmask(oldmask); |
---|
100 | return (-1); |
---|
101 | } |
---|
102 | fcntl(s, F_SETOWN, pid); |
---|
103 | bzero(&sin, sizeof sin); |
---|
104 | sin.sin_len = sizeof(struct sockaddr_in); |
---|
105 | sin.sin_family = hp->h_addrtype; |
---|
106 | sin.sin_port = rport; |
---|
107 | bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr)); |
---|
108 | if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) |
---|
109 | break; |
---|
110 | (void)close(s); |
---|
111 | if (errno == EADDRINUSE) { |
---|
112 | lport--; |
---|
113 | continue; |
---|
114 | } |
---|
115 | if (errno == ECONNREFUSED && timo <= 16) { |
---|
116 | (void)sleep(timo); |
---|
117 | timo *= 2; |
---|
118 | continue; |
---|
119 | } |
---|
120 | if (hp->h_addr_list[1] != NULL) { |
---|
121 | int oerrno = errno; |
---|
122 | |
---|
123 | (void)fprintf(stderr, "connect to address %s: ", |
---|
124 | inet_ntoa(sin.sin_addr)); |
---|
125 | errno = oerrno; |
---|
126 | perror(0); |
---|
127 | hp->h_addr_list++; |
---|
128 | bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr)); |
---|
129 | (void)fprintf(stderr, "Trying %s...\n", |
---|
130 | inet_ntoa(sin.sin_addr)); |
---|
131 | continue; |
---|
132 | } |
---|
133 | (void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno)); |
---|
134 | sigsetmask(oldmask); |
---|
135 | return (-1); |
---|
136 | } |
---|
137 | lport--; |
---|
138 | if (fd2p == 0) { |
---|
139 | write(s, "", 1); |
---|
140 | lport = 0; |
---|
141 | } else { |
---|
142 | char num[8]; |
---|
143 | int s2 = rresvport(&lport), s3; |
---|
144 | int len = sizeof(from); |
---|
145 | int nfds; |
---|
146 | |
---|
147 | if (s2 < 0) |
---|
148 | goto bad; |
---|
149 | listen(s2, 1); |
---|
150 | (void)snprintf(num, sizeof(num), "%d", lport); |
---|
151 | if (write(s, num, strlen(num)+1) != strlen(num)+1) { |
---|
152 | (void)fprintf(stderr, |
---|
153 | "rcmd: write (setting up stderr): %s\n", |
---|
154 | strerror(errno)); |
---|
155 | (void)close(s2); |
---|
156 | goto bad; |
---|
157 | } |
---|
158 | nfds = max(s, s2)+1; |
---|
159 | if(nfds > FD_SETSIZE) { |
---|
160 | fprintf(stderr, "rcmd: too many files\n"); |
---|
161 | (void)close(s2); |
---|
162 | goto bad; |
---|
163 | } |
---|
164 | again: |
---|
165 | FD_ZERO(&reads); |
---|
166 | FD_SET(s, &reads); |
---|
167 | FD_SET(s2, &reads); |
---|
168 | errno = 0; |
---|
169 | if (select(nfds, &reads, 0, 0, 0) < 1 || !FD_ISSET(s2, &reads)){ |
---|
170 | if (errno != 0) |
---|
171 | (void)fprintf(stderr, |
---|
172 | "rcmd: select (setting up stderr): %s\n", |
---|
173 | strerror(errno)); |
---|
174 | else |
---|
175 | (void)fprintf(stderr, |
---|
176 | "select: protocol failure in circuit setup\n"); |
---|
177 | (void)close(s2); |
---|
178 | goto bad; |
---|
179 | } |
---|
180 | s3 = accept(s2, (struct sockaddr *)&from, &len); |
---|
181 | /* |
---|
182 | * XXX careful for ftp bounce attacks. If discovered, shut them |
---|
183 | * down and check for the real auxiliary channel to connect. |
---|
184 | */ |
---|
185 | if (from.sin_family == AF_INET && from.sin_port == htons(20)) { |
---|
186 | close(s3); |
---|
187 | goto again; |
---|
188 | } |
---|
189 | (void)close(s2); |
---|
190 | if (s3 < 0) { |
---|
191 | (void)fprintf(stderr, |
---|
192 | "rcmd: accept: %s\n", strerror(errno)); |
---|
193 | lport = 0; |
---|
194 | goto bad; |
---|
195 | } |
---|
196 | *fd2p = s3; |
---|
197 | from.sin_port = ntohs((u_short)from.sin_port); |
---|
198 | if (from.sin_family != AF_INET || |
---|
199 | from.sin_port >= IPPORT_RESERVED || |
---|
200 | from.sin_port < IPPORT_RESERVED / 2) { |
---|
201 | (void)fprintf(stderr, |
---|
202 | "socket: protocol failure in circuit setup.\n"); |
---|
203 | goto bad2; |
---|
204 | } |
---|
205 | } |
---|
206 | (void)write(s, locuser, strlen(locuser)+1); |
---|
207 | (void)write(s, remuser, strlen(remuser)+1); |
---|
208 | (void)write(s, cmd, strlen(cmd)+1); |
---|
209 | if (read(s, &c, 1) != 1) { |
---|
210 | (void)fprintf(stderr, |
---|
211 | "rcmd: %s: %s\n", *ahost, strerror(errno)); |
---|
212 | goto bad2; |
---|
213 | } |
---|
214 | if (c != 0) { |
---|
215 | while (read(s, &c, 1) == 1) { |
---|
216 | (void)write(STDERR_FILENO, &c, 1); |
---|
217 | if (c == '\n') |
---|
218 | break; |
---|
219 | } |
---|
220 | goto bad2; |
---|
221 | } |
---|
222 | sigsetmask(oldmask); |
---|
223 | return (s); |
---|
224 | bad2: |
---|
225 | if (lport) |
---|
226 | (void)close(*fd2p); |
---|
227 | bad: |
---|
228 | (void)close(s); |
---|
229 | sigsetmask(oldmask); |
---|
230 | return (-1); |
---|
231 | } |
---|
232 | |
---|
233 | int |
---|
234 | rresvport(alport) |
---|
235 | int *alport; |
---|
236 | { |
---|
237 | struct sockaddr_in sin; |
---|
238 | int s; |
---|
239 | |
---|
240 | bzero(&sin, sizeof sin); |
---|
241 | sin.sin_len = sizeof(struct sockaddr_in); |
---|
242 | sin.sin_family = AF_INET; |
---|
243 | sin.sin_addr.s_addr = INADDR_ANY; |
---|
244 | s = socket(AF_INET, SOCK_STREAM, 0); |
---|
245 | if (s < 0) |
---|
246 | return (-1); |
---|
247 | #if 0 /* compat_exact_traditional_rresvport_semantics */ |
---|
248 | sin.sin_port = htons((u_short)*alport); |
---|
249 | if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) |
---|
250 | return (s); |
---|
251 | if (errno != EADDRINUSE) { |
---|
252 | (void)close(s); |
---|
253 | return (-1); |
---|
254 | } |
---|
255 | #endif |
---|
256 | sin.sin_port = 0; |
---|
257 | if (bindresvport(s, &sin) == -1) { |
---|
258 | (void)close(s); |
---|
259 | return (-1); |
---|
260 | } |
---|
261 | *alport = (int)ntohs(sin.sin_port); |
---|
262 | return (s); |
---|
263 | } |
---|
264 | |
---|
265 | int __check_rhosts_file = 1; |
---|
266 | char *__rcmd_errstr; |
---|
267 | |
---|
268 | int |
---|
269 | ruserok(rhost, superuser, ruser, luser) |
---|
270 | const char *rhost, *ruser, *luser; |
---|
271 | int superuser; |
---|
272 | { |
---|
273 | struct hostent *hp; |
---|
274 | u_long addr; |
---|
275 | char **ap; |
---|
276 | |
---|
277 | if ((hp = gethostbyname(rhost)) == NULL) |
---|
278 | return (-1); |
---|
279 | for (ap = hp->h_addr_list; *ap; ++ap) { |
---|
280 | bcopy(*ap, &addr, sizeof(addr)); |
---|
281 | if (iruserok(addr, superuser, ruser, luser) == 0) |
---|
282 | return (0); |
---|
283 | } |
---|
284 | return (-1); |
---|
285 | } |
---|
286 | |
---|
287 | /* |
---|
288 | * New .rhosts strategy: We are passed an ip address. We spin through |
---|
289 | * hosts.equiv and .rhosts looking for a match. When the .rhosts only |
---|
290 | * has ip addresses, we don't have to trust a nameserver. When it |
---|
291 | * contains hostnames, we spin through the list of addresses the nameserver |
---|
292 | * gives us and look for a match. |
---|
293 | * |
---|
294 | * Returns 0 if ok, -1 if not ok. |
---|
295 | */ |
---|
296 | int |
---|
297 | iruserok(raddr, superuser, ruser, luser) |
---|
298 | u_long raddr; |
---|
299 | int superuser; |
---|
300 | const char *ruser, *luser; |
---|
301 | { |
---|
302 | register char *cp; |
---|
303 | struct stat sbuf; |
---|
304 | struct passwd *pwd; |
---|
305 | FILE *hostf; |
---|
306 | uid_t uid; |
---|
307 | int first; |
---|
308 | char pbuf[MAXPATHLEN]; |
---|
309 | |
---|
310 | first = 1; |
---|
311 | hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); |
---|
312 | again: |
---|
313 | if (hostf) { |
---|
314 | if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { |
---|
315 | (void)fclose(hostf); |
---|
316 | return (0); |
---|
317 | } |
---|
318 | (void)fclose(hostf); |
---|
319 | } |
---|
320 | if (first == 1 && (__check_rhosts_file || superuser)) { |
---|
321 | first = 0; |
---|
322 | if ((pwd = getpwnam(luser)) == NULL) |
---|
323 | return (-1); |
---|
324 | (void)strcpy(pbuf, pwd->pw_dir); |
---|
325 | (void)strcat(pbuf, "/.rhosts"); |
---|
326 | |
---|
327 | /* |
---|
328 | * Change effective uid while opening .rhosts. If root and |
---|
329 | * reading an NFS mounted file system, can't read files that |
---|
330 | * are protected read/write owner only. |
---|
331 | */ |
---|
332 | uid = geteuid(); |
---|
333 | (void)seteuid(pwd->pw_uid); |
---|
334 | hostf = fopen(pbuf, "r"); |
---|
335 | (void)seteuid(uid); |
---|
336 | |
---|
337 | if (hostf == NULL) |
---|
338 | return (-1); |
---|
339 | /* |
---|
340 | * If not a regular file, or is owned by someone other than |
---|
341 | * user or root or if writeable by anyone but the owner, quit. |
---|
342 | */ |
---|
343 | cp = NULL; |
---|
344 | if (lstat(pbuf, &sbuf) < 0) |
---|
345 | cp = ".rhosts lstat failed"; |
---|
346 | else if (!S_ISREG(sbuf.st_mode)) |
---|
347 | cp = ".rhosts not regular file"; |
---|
348 | else if (fstat(fileno(hostf), &sbuf) < 0) |
---|
349 | cp = ".rhosts fstat failed"; |
---|
350 | else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) |
---|
351 | cp = "bad .rhosts owner"; |
---|
352 | else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) |
---|
353 | cp = ".rhosts writeable by other than owner"; |
---|
354 | /* If there were any problems, quit. */ |
---|
355 | if (cp) { |
---|
356 | __rcmd_errstr = cp; |
---|
357 | (void)fclose(hostf); |
---|
358 | return (-1); |
---|
359 | } |
---|
360 | goto again; |
---|
361 | } |
---|
362 | return (-1); |
---|
363 | } |
---|
364 | |
---|
365 | /* |
---|
366 | * XXX |
---|
367 | * Don't make static, used by lpd(8). |
---|
368 | * |
---|
369 | * Returns 0 if ok, -1 if not ok. |
---|
370 | */ |
---|
371 | int |
---|
372 | __ivaliduser(hostf, raddr, luser, ruser) |
---|
373 | FILE *hostf; |
---|
374 | u_long raddr; |
---|
375 | const char *luser, *ruser; |
---|
376 | { |
---|
377 | register char *user, *p; |
---|
378 | int ch; |
---|
379 | char buf[MAXHOSTNAMELEN + 128]; /* host + login */ |
---|
380 | char hname[MAXHOSTNAMELEN]; |
---|
381 | struct hostent *hp; |
---|
382 | /* Presumed guilty until proven innocent. */ |
---|
383 | int userok = 0, hostok = 0; |
---|
384 | #ifdef YP |
---|
385 | char *ypdomain; |
---|
386 | |
---|
387 | if (yp_get_default_domain(&ypdomain)) |
---|
388 | ypdomain = NULL; |
---|
389 | #else |
---|
390 | #define ypdomain NULL |
---|
391 | #endif |
---|
392 | /* We need to get the damn hostname back for netgroup matching. */ |
---|
393 | if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long), |
---|
394 | AF_INET)) == NULL) |
---|
395 | return (-1); |
---|
396 | strncpy(hname, hp->h_name, sizeof(hname)); |
---|
397 | hname[sizeof(hname) - 1] = '\0'; |
---|
398 | |
---|
399 | while (fgets(buf, sizeof(buf), hostf)) { |
---|
400 | p = buf; |
---|
401 | /* Skip lines that are too long. */ |
---|
402 | if (strchr(p, '\n') == NULL) { |
---|
403 | while ((ch = getc(hostf)) != '\n' && ch != EOF); |
---|
404 | continue; |
---|
405 | } |
---|
406 | if (*p == '\n' || *p == '#') { |
---|
407 | /* comment... */ |
---|
408 | continue; |
---|
409 | } |
---|
410 | while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { |
---|
411 | *p = isupper(*p) ? tolower(*p) : *p; |
---|
412 | p++; |
---|
413 | } |
---|
414 | if (*p == ' ' || *p == '\t') { |
---|
415 | *p++ = '\0'; |
---|
416 | while (*p == ' ' || *p == '\t') |
---|
417 | p++; |
---|
418 | user = p; |
---|
419 | while (*p != '\n' && *p != ' ' && |
---|
420 | *p != '\t' && *p != '\0') |
---|
421 | p++; |
---|
422 | } else |
---|
423 | user = p; |
---|
424 | *p = '\0'; |
---|
425 | /* |
---|
426 | * Do +/- and +@/-@ checking. This looks really nasty, |
---|
427 | * but it matches SunOS's behavior so far as I can tell. |
---|
428 | */ |
---|
429 | switch(buf[0]) { |
---|
430 | case '+': |
---|
431 | if (!buf[1]) { /* '+' matches all hosts */ |
---|
432 | hostok = 1; |
---|
433 | break; |
---|
434 | } |
---|
435 | if (buf[1] == '@') /* match a host by netgroup */ |
---|
436 | hostok = innetgr((char *)&buf[2], |
---|
437 | (char *)&hname, NULL, ypdomain); |
---|
438 | else /* match a host by addr */ |
---|
439 | hostok = __icheckhost(raddr,(char *)&buf[1]); |
---|
440 | break; |
---|
441 | case '-': /* reject '-' hosts and all their users */ |
---|
442 | if (buf[1] == '@') { |
---|
443 | if (innetgr((char *)&buf[2], |
---|
444 | (char *)&hname, NULL, ypdomain)) |
---|
445 | return(-1); |
---|
446 | } else { |
---|
447 | if (__icheckhost(raddr,(char *)&buf[1])) |
---|
448 | return(-1); |
---|
449 | } |
---|
450 | break; |
---|
451 | default: /* if no '+' or '-', do a simple match */ |
---|
452 | hostok = __icheckhost(raddr, buf); |
---|
453 | break; |
---|
454 | } |
---|
455 | switch(*user) { |
---|
456 | case '+': |
---|
457 | if (!*(user+1)) { /* '+' matches all users */ |
---|
458 | userok = 1; |
---|
459 | break; |
---|
460 | } |
---|
461 | if (*(user+1) == '@') /* match a user by netgroup */ |
---|
462 | userok = innetgr(user+2, NULL, ruser, ypdomain); |
---|
463 | else /* match a user by direct specification */ |
---|
464 | userok = !(strcmp(ruser, user+1)); |
---|
465 | break; |
---|
466 | case '-': /* if we matched a hostname, */ |
---|
467 | if (hostok) { /* check for user field rejections */ |
---|
468 | if (!*(user+1)) |
---|
469 | return(-1); |
---|
470 | if (*(user+1) == '@') { |
---|
471 | if (innetgr(user+2, NULL, |
---|
472 | ruser, ypdomain)) |
---|
473 | return(-1); |
---|
474 | } else { |
---|
475 | if (!strcmp(ruser, user+1)) |
---|
476 | return(-1); |
---|
477 | } |
---|
478 | } |
---|
479 | break; |
---|
480 | default: /* no rejections: try to match the user */ |
---|
481 | if (hostok) |
---|
482 | userok = !(strcmp(ruser,*user ? user : luser)); |
---|
483 | break; |
---|
484 | } |
---|
485 | if (hostok && userok) |
---|
486 | return(0); |
---|
487 | } |
---|
488 | return (-1); |
---|
489 | } |
---|
490 | |
---|
491 | /* |
---|
492 | * Returns "true" if match, 0 if no match. |
---|
493 | */ |
---|
494 | static int |
---|
495 | __icheckhost(raddr, lhost) |
---|
496 | u_long raddr; |
---|
497 | register char *lhost; |
---|
498 | { |
---|
499 | register struct hostent *hp; |
---|
500 | register u_long laddr; |
---|
501 | register char **pp; |
---|
502 | |
---|
503 | /* Try for raw ip address first. */ |
---|
504 | if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) |
---|
505 | return (raddr == laddr); |
---|
506 | |
---|
507 | /* Better be a hostname. */ |
---|
508 | if ((hp = gethostbyname(lhost)) == NULL) |
---|
509 | return (0); |
---|
510 | |
---|
511 | /* Spin through ip addresses. */ |
---|
512 | for (pp = hp->h_addr_list; *pp; ++pp) |
---|
513 | if (!bcmp(&raddr, *pp, sizeof(u_long))) |
---|
514 | return (1); |
---|
515 | |
---|
516 | /* No match. */ |
---|
517 | return (0); |
---|
518 | } |
---|