Context Navigation

source: rtems/cpukit/libnetworking/libc/rcmd.c @ 396b80e

4.115

Last change on this file since 396b80e was 396b80e, checked in by Ralf Corsépius <ralf.corsepius@…>, on 03/02/12 at 08:31:38

2012-03-02 Ralf Corsépius <ralf.corsepius@…>

configure.ac: Check for rcmd in unistd.h.
libnetworking/libc/rcmd.c: Build iff rcmd is declared in unistd.h. Change rcmd's decl to match with Linux/FreeBSD's decl.

Property mode set to 100644

File size: 13.2 KB

Line
1	/*
2	* Copyright (c) 1983, 1993, 1994
3	* The Regents of the University of California. All rights reserved.
4	*
5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions
7	* are met:
8	* 1. Redistributions of source code must retain the above copyright
9	* notice, this list of conditions and the following disclaimer.
10	* 2. Redistributions in binary form must reproduce the above copyright
11	* notice, this list of conditions and the following disclaimer in the
12	* documentation and/or other materials provided with the distribution.
13	* 3. All advertising materials mentioning features or use of this software
14	* must display the following acknowledgement:
15	* This product includes software developed by the University of
16	* California, Berkeley and its contributors.
17	* 4. Neither the name of the University nor the names of its contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*
33	* $Id$
34	*/
35
36	#if HAVE_CONFIG_H
37	#include "config.h"
38	#endif
39
40	#if HAVE_DECL_RCMD
41
42	#include <sys/param.h>
43	#include <sys/socket.h>
44	#include <sys/stat.h>
45
46	#include <netinet/in.h>
47	#include <arpa/inet.h>
48
49	#include <signal.h>
50	#include <fcntl.h>
51	#include <netdb.h>
52	#include <unistd.h>
53	#include <pwd.h>
54	#include <errno.h>
55	#include <stdio.h>
56	#include <ctype.h>
57	#include <string.h>
58	#include <rpc/rpc.h>
59	#include <sys/select.h>
60	#ifdef YP
61	#include <rpcsvc/yp_prot.h>
62	#include <rpcsvc/ypclnt.h>
63	#endif
64
65	#ifndef __rtems__
66	extern int innetgr( const char , const char , const char , const char );
67	#endif
68
69	#define max(a, b) ((a > b) ? a : b)
70
71	#ifdef __rtems__
72	int rresvport(int *alport);
73	#define bzero(a,s) memset((a),0,(s))
74	#define bcmp memcmp
75	#define bcopy(s,d,i) memcpy(d,s,i)
76	#else /* __rtems__ */
77
78	int __ivaliduser(FILE , u_int32_t, const char , const char *);
79	static int __icheckhost(const struct sockaddr , socklen_t, const char );
80
81	#endif
82
83	int
84	rcmd(
85	char **ahost,
86	int rport,
87	const char *locuser,
88	const char *remuser,
89	const char *cmd,
90	int *fd2p )
91	{
92	struct hostent *hp;
93	struct sockaddr_in sin, from;
94	fd_set reads;
95	#ifndef __rtems__
96	long oldmask;
97	#endif
98	pid_t pid;
99	int s, lport, timo;
100	char c;
101
102	pid = getpid();
103	hp = gethostbyname(*ahost);
104	if (hp == NULL) {
105	herror(*ahost);
106	return (-1);
107	}
108	*ahost = hp->h_name;
109	#ifndef __rtems__
110	oldmask = sigblock(sigmask(SIGURG));
111	#endif
112	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
113	s = rresvport(&lport);
114	if (s < 0) {
115	if (errno == EAGAIN)
116	(void)fprintf(stderr,
117	"rcmd: socket: All ports in use\n");
118	else
119	(void)fprintf(stderr, "rcmd: socket: %s\n",
120	strerror(errno));
121	#ifndef __rtems__
122	sigsetmask(oldmask);
123	#endif
124	return (-1);
125	}
126	fcntl(s, F_SETOWN, pid);
127	bzero(&sin, sizeof sin);
128	sin.sin_len = sizeof(struct sockaddr_in);
129	sin.sin_family = hp->h_addrtype;
130	sin.sin_port = rport;
131	bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr));
132	if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
133	break;
134	(void)close(s);
135	if (errno == EADDRINUSE) {
136	lport--;
137	continue;
138	}
139	if (errno == ECONNREFUSED && timo <= 16) {
140	(void)sleep(timo);
141	timo *= 2;
142	continue;
143	}
144	if (hp->h_addr_list[1] != NULL) {
145	int oerrno = errno;
146
147	(void)fprintf(stderr, "connect to address %s: ",
148	inet_ntoa(sin.sin_addr));
149	errno = oerrno;
150	perror(0);
151	hp->h_addr_list++;
152	bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr));
153	(void)fprintf(stderr, "Trying %s...\n",
154	inet_ntoa(sin.sin_addr));
155	continue;
156	}
157	(void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno));
158	#ifndef __rtems__
159	sigsetmask(oldmask);
160	#endif
161	return (-1);
162	}
163	lport--;
164	if (fd2p == 0) {
165	write(s, "", 1);
166	lport = 0;
167	} else {
168	char num[8];
169	int s2 = rresvport(&lport), s3;
170	socklen_t len = sizeof(from);
171	int nfds;
172
173	if (s2 < 0)
174	goto bad;
175	listen(s2, 1);
176	(void)snprintf(num, sizeof(num), "%d", lport);
177	if (write(s, num, strlen(num)+1) != strlen(num)+1) {
178	(void)fprintf(stderr,
179	"rcmd: write (setting up stderr): %s\n",
180	strerror(errno));
181	(void)close(s2);
182	goto bad;
183	}
184	nfds = max(s, s2)+1;
185	if(nfds > FD_SETSIZE) {
186	fprintf(stderr, "rcmd: too many files\n");
187	(void)close(s2);
188	goto bad;
189	}
190	again:
191	FD_ZERO(&reads);
192	FD_SET(s, &reads);
193	FD_SET(s2, &reads);
194	errno = 0;
195	if (select(nfds, &reads, 0, 0, 0) < 1 \|\| !FD_ISSET(s2, &reads)){
196	if (errno != 0)
197	(void)fprintf(stderr,
198	"rcmd: select (setting up stderr): %s\n",
199	strerror(errno));
200	else
201	(void)fprintf(stderr,
202	"select: protocol failure in circuit setup\n");
203	(void)close(s2);
204	goto bad;
205	}
206	s3 = accept(s2, (struct sockaddr *)&from, &len);
207	/*
208	* XXX careful for ftp bounce attacks. If discovered, shut them
209	* down and check for the real auxiliary channel to connect.
210	*/
211	if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
212	close(s3);
213	goto again;
214	}
215	(void)close(s2);
216	if (s3 < 0) {
217	(void)fprintf(stderr,
218	"rcmd: accept: %s\n", strerror(errno));
219	lport = 0;
220	goto bad;
221	}
222	*fd2p = s3;
223	from.sin_port = ntohs((u_short)from.sin_port);
224	if (from.sin_family != AF_INET \|\|
225	from.sin_port >= IPPORT_RESERVED \|\|
226	from.sin_port < IPPORT_RESERVED / 2) {
227	(void)fprintf(stderr,
228	"socket: protocol failure in circuit setup.\n");
229	goto bad2;
230	}
231	}
232	(void)write(s, locuser, strlen(locuser)+1);
233	(void)write(s, remuser, strlen(remuser)+1);
234	(void)write(s, cmd, strlen(cmd)+1);
235	if (read(s, &c, 1) != 1) {
236	(void)fprintf(stderr,
237	"rcmd: %s: %s\n", *ahost, strerror(errno));
238	goto bad2;
239	}
240	if (c != 0) {
241	while (read(s, &c, 1) == 1) {
242	(void)write(STDERR_FILENO, &c, 1);
243	if (c == '\n')
244	break;
245	}
246	goto bad2;
247	}
248	#ifndef __rtems__
249	sigsetmask(oldmask);
250	#endif
251	return (s);
252	bad2:
253	if (lport)
254	(void)close(*fd2p);
255	bad:
256	(void)close(s);
257	#ifndef __rtems__
258	sigsetmask(oldmask);
259	#endif
260	return (-1);
261	}
262
263	int
264	rresvport(int *alport )
265	{
266	struct sockaddr_in sin;
267	int s;
268
269	bzero(&sin, sizeof sin);
270	sin.sin_len = sizeof(struct sockaddr_in);
271	sin.sin_family = AF_INET;
272	sin.sin_addr.s_addr = INADDR_ANY;
273	s = socket(AF_INET, SOCK_STREAM, 0);
274	if (s < 0)
275	return (-1);
276	#if 0 /* compat_exact_traditional_rresvport_semantics */
277	sin.sin_port = htons((u_short)*alport);
278	if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
279	return (s);
280	if (errno != EADDRINUSE) {
281	(void)close(s);
282	return (-1);
283	}
284	#endif
285	sin.sin_port = 0;
286	if (bindresvport(s, &sin) == -1) {
287	(void)close(s);
288	return (-1);
289	}
290	*alport = (int)ntohs(sin.sin_port);
291	return (s);
292	}
293
294	#ifndef __rtems__
295	int __check_rhosts_file = 1;
296	char *__rcmd_errstr;
297
298	int
299	ruserok(rhost, superuser, ruser, luser)
300	const char rhost, ruser, *luser;
301	int superuser;
302	{
303	struct hostent *hp;
304	u_long addr;
305	char **ap;
306
307	if ((hp = gethostbyname(rhost)) == NULL)
308	return (-1);
309	for (ap = hp->h_addr_list; *ap; ++ap) {
310	bcopy(*ap, &addr, sizeof(addr));
311	if (iruserok(addr, superuser, ruser, luser) == 0)
312	return (0);
313	}
314	return (-1);
315	}
316
317	/*
318	* New .rhosts strategy: We are passed an ip address. We spin through
319	* hosts.equiv and .rhosts looking for a match. When the .rhosts only
320	* has ip addresses, we don't have to trust a nameserver. When it
321	* contains hostnames, we spin through the list of addresses the nameserver
322	* gives us and look for a match.
323	*
324	* Returns 0 if ok, -1 if not ok.
325	*/
326	int
327	iruserok(raddr, superuser, ruser, luser)
328	u_long raddr;
329	int superuser;
330	const char ruser, luser;
331	{
332	register char *cp;
333	struct stat sbuf;
334	struct passwd *pwd;
335	FILE *hostf;
336	uid_t uid;
337	int first;
338	char pbuf[MAXPATHLEN];
339
340	first = 1;
341	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
342	again:
343	if (hostf) {
344	if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
345	(void)fclose(hostf);
346	return (0);
347	}
348	(void)fclose(hostf);
349	}
350	if (first == 1 && (__check_rhosts_file \|\| superuser)) {
351	first = 0;
352	if ((pwd = getpwnam(luser)) == NULL)
353	return (-1);
354	(void)strcpy(pbuf, pwd->pw_dir);
355	(void)strcat(pbuf, "/.rhosts");
356
357	/*
358	* Change effective uid while opening .rhosts. If root and
359	* reading an NFS mounted file system, can't read files that
360	* are protected read/write owner only.
361	*/
362	uid = geteuid();
363	(void)seteuid(pwd->pw_uid);
364	hostf = fopen(pbuf, "r");
365	(void)seteuid(uid);
366
367	if (hostf == NULL)
368	return (-1);
369	/*
370	* If not a regular file, or is owned by someone other than
371	* user or root or if writeable by anyone but the owner, quit.
372	*/
373	cp = NULL;
374	if (lstat(pbuf, &sbuf) < 0)
375	cp = ".rhosts lstat failed";
376	else if (!S_ISREG(sbuf.st_mode))
377	cp = ".rhosts not regular file";
378	else if (fstat(fileno(hostf), &sbuf) < 0)
379	cp = ".rhosts fstat failed";
380	else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
381	cp = "bad .rhosts owner";
382	else if (sbuf.st_mode & (S_IWGRP\|S_IWOTH))
383	cp = ".rhosts writeable by other than owner";
384	/* If there were any problems, quit. */
385	if (cp) {
386	__rcmd_errstr = cp;
387	(void)fclose(hostf);
388	return (-1);
389	}
390	goto again;
391	}
392	return (-1);
393	}
394
395	/*
396	* XXX
397	* Don't make static, used by lpd(8).
398	*
399	* Returns 0 if ok, -1 if not ok.
400	*/
401	int
402	__ivaliduser(hostf, raddr, luser, ruser)
403	FILE *hostf;
404	u_long raddr;
405	const char luser, ruser;
406	{
407	register char user, p;
408	int ch;
409	char buf[MAXHOSTNAMELEN + 128]; /* host + login */
410	char hname[MAXHOSTNAMELEN];
411	struct hostent *hp;
412	/* Presumed guilty until proven innocent. */
413	int userok = 0, hostok = 0;
414	#ifdef YP
415	char *ypdomain;
416
417	if (yp_get_default_domain(&ypdomain))
418	ypdomain = NULL;
419	#else
420	#define ypdomain NULL
421	#endif
422	/* We need to get the damn hostname back for netgroup matching. */
423	if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
424	AF_INET)) == NULL)
425	return (-1);
426	strncpy(hname, hp->h_name, sizeof(hname));
427	hname[sizeof(hname) - 1] = '\0';
428
429	while (fgets(buf, sizeof(buf), hostf)) {
430	p = buf;
431	/* Skip lines that are too long. */
432	if (strchr(p, '\n') == NULL) {
433	while ((ch = getc(hostf)) != '\n' && ch != EOF);
434	continue;
435	}
436	if (p == '\n' \|\| p == '#') {
437	/* comment... */
438	continue;
439	}
440	while (p != '\n' && p != ' ' && p != '\t' && p != '\0') {
441	p = isupper(p) ? tolower(p) : p;
442	p++;
443	}
444	if (p == ' ' \|\| p == '\t') {
445	*p++ = '\0';
446	while (p == ' ' \|\| p == '\t')
447	p++;
448	user = p;
449	while (p != '\n' && p != ' ' &&
450	p != '\t' && p != '\0')
451	p++;
452	} else
453	user = p;
454	*p = '\0';
455	/*
456	* Do +/- and +@/-@ checking. This looks really nasty,
457	* but it matches SunOS's behavior so far as I can tell.
458	*/
459	switch(buf[0]) {
460	case '+':
461	if (!buf[1]) { /* '+' matches all hosts */
462	hostok = 1;
463	break;
464	}
465	if (buf[1] == '@') /* match a host by netgroup */
466	hostok = innetgr((char *)&buf[2],
467	(char *)&hname, NULL, ypdomain);
468	else /* match a host by addr */
469	hostok = __icheckhost(raddr,(char *)&buf[1]);
470	break;
471	case '-': /* reject '-' hosts and all their users */
472	if (buf[1] == '@') {
473	if (innetgr((char *)&buf[2],
474	(char *)&hname, NULL, ypdomain))
475	return(-1);
476	} else {
477	if (__icheckhost(raddr,(char *)&buf[1]))
478	return(-1);
479	}
480	break;
481	default: /* if no '+' or '-', do a simple match */
482	hostok = __icheckhost(raddr, buf);
483	break;
484	}
485	switch(*user) {
486	case '+':
487	if (!(user+1)) { / '+' matches all users */
488	userok = 1;
489	break;
490	}
491	if ((user+1) == '@') / match a user by netgroup */
492	userok = innetgr(user+2, NULL, ruser, ypdomain);
493	else /* match a user by direct specification */
494	userok = !(strcmp(ruser, user+1));
495	break;
496	case '-': /* if we matched a hostname, */
497	if (hostok) { /* check for user field rejections */
498	if (!*(user+1))
499	return(-1);
500	if (*(user+1) == '@') {
501	if (innetgr(user+2, NULL,
502	ruser, ypdomain))
503	return(-1);
504	} else {
505	if (!strcmp(ruser, user+1))
506	return(-1);
507	}
508	}
509	break;
510	default: /* no rejections: try to match the user */
511	if (hostok)
512	userok = !(strcmp(ruser,*user ? user : luser));
513	break;
514	}
515	if (hostok && userok)
516	return(0);
517	}
518	return (-1);
519	}
520
521	/*
522	* Returns "true" if match, 0 if no match.
523	*/
524	static int
525	__icheckhost(raddr, lhost)
526	u_long raddr;
527	register char *lhost;
528	{
529	register struct hostent *hp;
530	register u_long laddr;
531	register char **pp;
532
533	/* Try for raw ip address first. */
534	if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1)
535	return (raddr == laddr);
536
537	/* Better be a hostname. */
538	if ((hp = gethostbyname(lhost)) == NULL)
539	return (0);
540
541	/* Spin through ip addresses. */
542	for (pp = hp->h_addr_list; *pp; ++pp)
543	if (!bcmp(&raddr, *pp, sizeof(u_long)))
544	return (1);
545
546	/* No match. */
547	return (0);
548	}
549	#endif
550	#endif

Note: See TracBrowser for help on using the repository browser.

Download in other formats: