summaryrefslogtreecommitdiff
path: root/src/lib/libc/net/rcmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libc/net/rcmd.c')
-rw-r--r--src/lib/libc/net/rcmd.c558
1 files changed, 366 insertions, 192 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index e0310031b0..30ca6710c4 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
1/* $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $ */
2
3/* 1/*
2 * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
4 * Copyright (c) 1983, 1993, 1994 3 * Copyright (c) 1983, 1993, 1994
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
6 * 5 *
@@ -12,11 +11,7 @@
12 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software 14 * 3. Neither the name of the University nor the names of its contributors
16 * must display the following acknowledgement:
17 * This product includes software developed by the University of
18 * California, Berkeley and its contributors.
19 * 4. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software 15 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission. 16 * without specific prior written permission.
22 * 17 *
@@ -33,14 +28,6 @@
33 * SUCH DAMAGE. 28 * SUCH DAMAGE.
34 */ 29 */
35 30
36#if defined(LIBC_SCCS) && !defined(lint)
37#if 0
38static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
39#else
40static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
41#endif
42#endif /* LIBC_SCCS and not lint */
43
44#include <sys/param.h> 31#include <sys/param.h>
45#include <sys/socket.h> 32#include <sys/socket.h>
46#include <sys/stat.h> 33#include <sys/stat.h>
@@ -57,35 +44,84 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
57#include <stdio.h> 44#include <stdio.h>
58#include <ctype.h> 45#include <ctype.h>
59#include <string.h> 46#include <string.h>
47#include <syslog.h>
48#include <stdlib.h>
49#include <netgroup.h>
60 50
61int __ivaliduser __P((FILE *, u_long, const char *, const char *)); 51int __ivaliduser(FILE *, in_addr_t, const char *, const char *);
62static int __icheckhost __P((u_long, const char *)); 52int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
53 const char *, const char *);
54static int __icheckhost(struct sockaddr *, socklen_t, const char *);
55static char *__gethostloop(struct sockaddr *, socklen_t);
56
57int
58rcmd(char **ahost, int rport, const char *locuser, const char *remuser,
59 const char *cmd, int *fd2p)
60{
61 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
62}
63 63
64int 64int
65rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 65rcmd_af(char **ahost, int porta, const char *locuser, const char *remuser,
66 char **ahost; 66 const char *cmd, int *fd2p, int af)
67 u_short rport;
68 const char *locuser, *remuser, *cmd;
69 int *fd2p;
70{ 67{
71 struct hostent *hp; 68 static char hbuf[MAXHOSTNAMELEN];
72 struct sockaddr_in sin, from; 69 char pbuf[NI_MAXSERV];
73 fd_set reads; 70 struct addrinfo hints, *res, *r;
74 long oldmask; 71 int error;
72 struct sockaddr_storage from;
73 fd_set *readsp = NULL;
74 sigset_t oldmask, mask;
75 pid_t pid; 75 pid_t pid;
76 int s, lport, timo; 76 int s, lport, timo;
77 char c; 77 char c, *p;
78 int refused;
79 in_port_t rport = porta;
80
81 /* call rcmdsh() with specified remote shell if appropriate. */
82 if (!issetugid() && (p = getenv("RSH")) && *p) {
83 struct servent *sp = getservbyname("shell", "tcp");
84
85 if (sp && sp->s_port == rport)
86 return (rcmdsh(ahost, rport, locuser, remuser,
87 cmd, p));
88 }
89
90 /* use rsh(1) if non-root and remote port is shell. */
91 if (geteuid()) {
92 struct servent *sp = getservbyname("shell", "tcp");
93
94 if (sp && sp->s_port == rport)
95 return (rcmdsh(ahost, rport, locuser, remuser,
96 cmd, NULL));
97 }
78 98
79 pid = getpid(); 99 pid = getpid();
80 hp = gethostbyname(*ahost); 100 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
81 if (hp == NULL) { 101 memset(&hints, 0, sizeof(hints));
82 herror(*ahost); 102 hints.ai_family = af;
103 hints.ai_socktype = SOCK_STREAM;
104 hints.ai_flags = AI_CANONNAME;
105 error = getaddrinfo(*ahost, pbuf, &hints, &res);
106 if (error) {
107#if 0
108 warnx("%s: %s", *ahost, gai_strerror(error));
109#endif
83 return (-1); 110 return (-1);
84 } 111 }
85 *ahost = hp->h_name; 112 if (res->ai_canonname) {
86 oldmask = sigblock(sigmask(SIGURG)); 113 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
114 *ahost = hbuf;
115 } else
116 ; /*XXX*/
117
118 r = res;
119 refused = 0;
120 sigemptyset(&mask);
121 sigaddset(&mask, SIGURG);
122 sigprocmask(SIG_BLOCK, &mask, &oldmask);
87 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 123 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
88 s = rresvport(&lport); 124 s = rresvport_af(&lport, r->ai_family);
89 if (s < 0) { 125 if (s < 0) {
90 if (errno == EAGAIN) 126 if (errno == EAGAIN)
91 (void)fprintf(stderr, 127 (void)fprintf(stderr,
@@ -93,54 +129,84 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
93 else 129 else
94 (void)fprintf(stderr, "rcmd: socket: %s\n", 130 (void)fprintf(stderr, "rcmd: socket: %s\n",
95 strerror(errno)); 131 strerror(errno));
96 sigsetmask(oldmask); 132 if (r->ai_next) {
97 return (-1); 133 r = r->ai_next;
134 continue;
135 } else {
136 sigprocmask(SIG_SETMASK, &oldmask, NULL);
137 freeaddrinfo(res);
138 return (-1);
139 }
98 } 140 }
99 fcntl(s, F_SETOWN, pid); 141 fcntl(s, F_SETOWN, pid);
100 sin.sin_len = sizeof(struct sockaddr_in); 142 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
101 sin.sin_family = hp->h_addrtype;
102 sin.sin_port = rport;
103 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
104 if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
105 break; 143 break;
106 (void)close(s); 144 (void)close(s);
107 if (errno == EADDRINUSE) { 145 if (errno == EADDRINUSE) {
108 lport--; 146 lport--;
109 continue; 147 continue;
110 } 148 }
111 if (errno == ECONNREFUSED && timo <= 16) { 149 if (errno == ECONNREFUSED)
112 (void)sleep(timo); 150 refused++;
113 timo *= 2; 151 if (r->ai_next) {
114 continue;
115 }
116 if (hp->h_addr_list[1] != NULL) {
117 int oerrno = errno; 152 int oerrno = errno;
118 153 char hbuf[NI_MAXHOST];
119 (void)fprintf(stderr, "connect to address %s: ", 154 const int niflags = NI_NUMERICHOST;
120 inet_ntoa(sin.sin_addr)); 155
156 hbuf[0] = '\0';
157 if (getnameinfo(r->ai_addr, r->ai_addrlen,
158 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
159 strlcpy(hbuf, "(invalid)", sizeof hbuf);
160 (void)fprintf(stderr, "connect to address %s: ", hbuf);
121 errno = oerrno; 161 errno = oerrno;
122 perror(0); 162 perror(0);
123 hp->h_addr_list++; 163 r = r->ai_next;
124 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length); 164 hbuf[0] = '\0';
125 (void)fprintf(stderr, "Trying %s...\n", 165 if (getnameinfo(r->ai_addr, r->ai_addrlen,
126 inet_ntoa(sin.sin_addr)); 166 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
167 strlcpy(hbuf, "(invalid)", sizeof hbuf);
168 (void)fprintf(stderr, "Trying %s...\n", hbuf);
127 continue; 169 continue;
128 } 170 }
129 (void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno)); 171 if (refused && timo <= 16) {
130 sigsetmask(oldmask); 172 (void)sleep(timo);
173 timo *= 2;
174 r = res;
175 refused = 0;
176 continue;
177 }
178 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
179 strerror(errno));
180 sigprocmask(SIG_SETMASK, &oldmask, NULL);
181 freeaddrinfo(res);
131 return (-1); 182 return (-1);
132 } 183 }
184 /* given "af" can be PF_UNSPEC, we need the real af for "s" */
185 af = r->ai_family;
186 freeaddrinfo(res);
187#if 0
188 /*
189 * try to rresvport() to the same port. This will make rresvport()
190 * fail it's first bind, resulting in it choosing a random port.
191 */
133 lport--; 192 lport--;
193#endif
134 if (fd2p == 0) { 194 if (fd2p == 0) {
135 write(s, "", 1); 195 write(s, "", 1);
136 lport = 0; 196 lport = 0;
137 } else { 197 } else {
138 char num[8]; 198 char num[8];
139 int s2 = rresvport(&lport), s3; 199 int s2 = rresvport_af(&lport, af), s3;
140 int len = sizeof(from); 200 socklen_t len = sizeof(from);
201 int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
141 202
142 if (s2 < 0) 203 if (s2 < 0)
143 goto bad; 204 goto bad;
205 readsp = (fd_set *)malloc(fdssize);
206 if (readsp == NULL) {
207 close(s2);
208 goto bad;
209 }
144 listen(s2, 1); 210 listen(s2, 1);
145 (void)snprintf(num, sizeof(num), "%d", lport); 211 (void)snprintf(num, sizeof(num), "%d", lport);
146 if (write(s, num, strlen(num)+1) != strlen(num)+1) { 212 if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +216,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
150 (void)close(s2); 216 (void)close(s2);
151 goto bad; 217 goto bad;
152 } 218 }
153 FD_ZERO(&reads); 219again:
154 FD_SET(s, &reads); 220 bzero(readsp, fdssize);
155 FD_SET(s2, &reads); 221 FD_SET(s, readsp);
222 FD_SET(s2, readsp);
156 errno = 0; 223 errno = 0;
157 if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 || 224 if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
158 !FD_ISSET(s2, &reads)) { 225 !FD_ISSET(s2, readsp)) {
159 if (errno != 0) 226 if (errno != 0)
160 (void)fprintf(stderr, 227 (void)fprintf(stderr,
161 "rcmd: select (setting up stderr): %s\n", 228 "rcmd: select (setting up stderr): %s\n",
@@ -167,21 +234,48 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
167 goto bad; 234 goto bad;
168 } 235 }
169 s3 = accept(s2, (struct sockaddr *)&from, &len); 236 s3 = accept(s2, (struct sockaddr *)&from, &len);
170 (void)close(s2);
171 if (s3 < 0) { 237 if (s3 < 0) {
172 (void)fprintf(stderr, 238 (void)fprintf(stderr,
173 "rcmd: accept: %s\n", strerror(errno)); 239 "rcmd: accept: %s\n", strerror(errno));
174 lport = 0; 240 lport = 0;
241 close(s2);
175 goto bad; 242 goto bad;
176 } 243 }
244
245 /*
246 * XXX careful for ftp bounce attacks. If discovered, shut them
247 * down and check for the real auxiliary channel to connect.
248 */
249 switch (from.ss_family) {
250 case AF_INET:
251 case AF_INET6:
252 if (getnameinfo((struct sockaddr *)&from, len,
253 NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
254 atoi(num) != 20) {
255 break;
256 }
257 close(s3);
258 goto again;
259 default:
260 break;
261 }
262 (void)close(s2);
263
177 *fd2p = s3; 264 *fd2p = s3;
178 from.sin_port = ntohs(from.sin_port); 265 switch (from.ss_family) {
179 if (from.sin_family != AF_INET || 266 case AF_INET:
180 from.sin_port >= IPPORT_RESERVED || 267 case AF_INET6:
181 from.sin_port < IPPORT_RESERVED / 2) { 268 if (getnameinfo((struct sockaddr *)&from, len,
182 (void)fprintf(stderr, 269 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
183 "socket: protocol failure in circuit setup.\n"); 270 (atoi(num) >= IPPORT_RESERVED ||
184 goto bad2; 271 atoi(num) < IPPORT_RESERVED / 2)) {
272 (void)fprintf(stderr,
273 "socket: protocol failure in circuit setup.\n");
274 goto bad2;
275 }
276 break;
277 default:
278 break;
185 } 279 }
186 } 280 }
187 (void)write(s, locuser, strlen(locuser)+1); 281 (void)write(s, locuser, strlen(locuser)+1);
@@ -200,70 +294,44 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
200 } 294 }
201 goto bad2; 295 goto bad2;
202 } 296 }
203 sigsetmask(oldmask); 297 sigprocmask(SIG_SETMASK, &oldmask, NULL);
298 free(readsp);
204 return (s); 299 return (s);
205bad2: 300bad2:
206 if (lport) 301 if (lport)
207 (void)close(*fd2p); 302 (void)close(*fd2p);
208bad: 303bad:
304 if (readsp)
305 free(readsp);
209 (void)close(s); 306 (void)close(s);
210 sigsetmask(oldmask); 307 sigprocmask(SIG_SETMASK, &oldmask, NULL);
211 return (-1); 308 return (-1);
212} 309}
213 310
214int
215rresvport(alport)
216 int *alport;
217{
218 struct sockaddr_in sin;
219 int s;
220
221 sin.sin_len = sizeof(struct sockaddr_in);
222 sin.sin_family = AF_INET;
223 sin.sin_addr.s_addr = INADDR_ANY;
224 s = socket(AF_INET, SOCK_STREAM, 0);
225 if (s < 0)
226 return (-1);
227 for (;;) {
228 sin.sin_port = htons((u_short)*alport);
229 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
230 return (s);
231 if (errno != EADDRINUSE) {
232 (void)close(s);
233 return (-1);
234 }
235 (*alport)--;
236 if (*alport == IPPORT_RESERVED/2) {
237 (void)close(s);
238 errno = EAGAIN; /* close */
239 return (-1);
240 }
241 }
242}
243
244int __check_rhosts_file = 1; 311int __check_rhosts_file = 1;
245char *__rcmd_errstr; 312char *__rcmd_errstr;
246 313
247int 314int
248ruserok(rhost, superuser, ruser, luser) 315ruserok(const char *rhost, int superuser, const char *ruser, const char *luser)
249 const char *rhost, *ruser, *luser;
250 int superuser;
251{ 316{
252 struct hostent *hp; 317 struct addrinfo hints, *res, *r;
253 char **ap; 318 int error;
254 int i; 319
255#define MAXADDRS 35 320 memset(&hints, 0, sizeof(hints));
256 u_long addrs[MAXADDRS + 1]; 321 hints.ai_family = PF_UNSPEC;
257 322 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
258 if ((hp = gethostbyname(rhost)) == NULL) 323 error = getaddrinfo(rhost, "0", &hints, &res);
324 if (error)
259 return (-1); 325 return (-1);
260 for (i = 0, ap = hp->h_addr_list; *ap && i < MAXADDRS; ++ap, ++i)
261 bcopy(*ap, &addrs[i], sizeof(addrs[i]));
262 addrs[i] = 0;
263 326
264 for (i = 0; i < MAXADDRS && addrs[i]; i++) 327 for (r = res; r; r = r->ai_next) {
265 if (iruserok(addrs[i], superuser, ruser, luser) == 0) 328 if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
329 luser) == 0) {
330 freeaddrinfo(res);
266 return (0); 331 return (0);
332 }
333 }
334 freeaddrinfo(res);
267 return (-1); 335 return (-1);
268} 336}
269 337
@@ -277,12 +345,24 @@ ruserok(rhost, superuser, ruser, luser)
277 * Returns 0 if ok, -1 if not ok. 345 * Returns 0 if ok, -1 if not ok.
278 */ 346 */
279int 347int
280iruserok(raddr, superuser, ruser, luser) 348iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
281 u_long raddr;
282 int superuser;
283 const char *ruser, *luser;
284{ 349{
285 register char *cp; 350 struct sockaddr_in sin;
351
352 memset(&sin, 0, sizeof(sin));
353 sin.sin_family = AF_INET;
354 sin.sin_len = sizeof(struct sockaddr_in);
355 memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
356 return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
357 luser);
358}
359
360int
361iruserok_sa(const void *raddr, int rlen, int superuser, const char *ruser,
362 const char *luser)
363{
364 struct sockaddr *sa;
365 char *cp;
286 struct stat sbuf; 366 struct stat sbuf;
287 struct passwd *pwd; 367 struct passwd *pwd;
288 FILE *hostf; 368 FILE *hostf;
@@ -290,22 +370,26 @@ iruserok(raddr, superuser, ruser, luser)
290 int first; 370 int first;
291 char pbuf[MAXPATHLEN]; 371 char pbuf[MAXPATHLEN];
292 372
373 sa = (struct sockaddr *)raddr;
293 first = 1; 374 first = 1;
294 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); 375 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
295again: 376again:
296 if (hostf) { 377 if (hostf) {
297 if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { 378 if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
298 (void)fclose(hostf); 379 (void)fclose(hostf);
299 return (0); 380 return (0);
300 } 381 }
301 (void)fclose(hostf); 382 (void)fclose(hostf);
302 } 383 }
303 if (first == 1 && (__check_rhosts_file || superuser)) { 384 if (first == 1 && (__check_rhosts_file || superuser)) {
385 int len;
386
304 first = 0; 387 first = 0;
305 if ((pwd = getpwnam(luser)) == NULL) 388 if ((pwd = getpwnam(luser)) == NULL)
306 return (-1); 389 return (-1);
307 (void)strcpy(pbuf, pwd->pw_dir); 390 len = snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
308 (void)strcat(pbuf, "/.rhosts"); 391 if (len < 0 || len >= sizeof pbuf)
392 return (-1);
309 393
310 /* 394 /*
311 * Change effective uid while opening .rhosts. If root and 395 * Change effective uid while opening .rhosts. If root and
@@ -333,7 +417,7 @@ again:
333 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) 417 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
334 cp = "bad .rhosts owner"; 418 cp = "bad .rhosts owner";
335 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) 419 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
336 cp = ".rhosts writeable by other than owner"; 420 cp = ".rhosts writable by other than owner";
337 /* If there were any problems, quit. */ 421 /* If there were any problems, quit. */
338 if (cp) { 422 if (cp) {
339 __rcmd_errstr = cp; 423 __rcmd_errstr = cp;
@@ -352,41 +436,58 @@ again:
352 * Returns 0 if ok, -1 if not ok. 436 * Returns 0 if ok, -1 if not ok.
353 */ 437 */
354int 438int
355__ivaliduser(hostf, raddr, luser, ruser) 439__ivaliduser(FILE *hostf, in_addr_t raddrl, const char *luser,
356 FILE *hostf; 440 const char *ruser)
357 u_long raddr; 441{
358 const char *luser, *ruser; 442 struct sockaddr_in sin;
443
444 memset(&sin, 0, sizeof(sin));
445 sin.sin_family = AF_INET;
446 sin.sin_len = sizeof(struct sockaddr_in);
447 memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
448 return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
449 luser, ruser);
450}
451
452int
453__ivaliduser_sa(FILE *hostf, struct sockaddr *raddr, socklen_t salen,
454 const char *luser, const char *ruser)
359{ 455{
360 register char *user, *p; 456 char *user, *p;
361 int ch; 457 char *buf;
362 char buf[MAXHOSTNAMELEN + 128]; /* host + login */
363 const char *auser, *ahost; 458 const char *auser, *ahost;
364 int hostok, userok; 459 int hostok, userok;
365 char rhost[MAXHOSTNAMELEN]; 460 char *rhost = (char *)-1;
366 struct hostent *hp;
367 char domain[MAXHOSTNAMELEN]; 461 char domain[MAXHOSTNAMELEN];
462 size_t buflen;
368 463
369 getdomainname(domain, sizeof(domain)); 464 getdomainname(domain, sizeof(domain));
370 465
371 while (fgets(buf, sizeof(buf), hostf)) { 466 while ((buf = fgetln(hostf, &buflen))) {
372 p = buf; 467 p = buf;
373 /* Skip lines that are too long. */ 468 if (*p == '#')
374 if (strchr(p, '\n') == NULL) {
375 while ((ch = getc(hostf)) != '\n' && ch != EOF);
376 continue; 469 continue;
377 } 470 while (p < buf + buflen && *p != '\n' && *p != ' ' && *p != '\t') {
378 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 471 if (!isprint(*p))
472 goto bail;
379 *p = isupper(*p) ? tolower(*p) : *p; 473 *p = isupper(*p) ? tolower(*p) : *p;
380 p++; 474 p++;
381 } 475 }
476 if (p >= buf + buflen)
477 continue;
382 if (*p == ' ' || *p == '\t') { 478 if (*p == ' ' || *p == '\t') {
383 *p++ = '\0'; 479 *p++ = '\0';
384 while (*p == ' ' || *p == '\t') 480 while (p < buf + buflen && (*p == ' ' || *p == '\t'))
385 p++; 481 p++;
482 if (p >= buf + buflen)
483 continue;
386 user = p; 484 user = p;
387 while (*p != '\n' && *p != ' ' && 485 while (p < buf + buflen && *p != '\n' && *p != ' ' &&
388 *p != '\t' && *p != '\0') 486 *p != '\t') {
487 if (!isprint(*p))
488 goto bail;
389 p++; 489 p++;
490 }
390 } else 491 } else
391 user = p; 492 user = p;
392 *p = '\0'; 493 *p = '\0';
@@ -397,27 +498,29 @@ __ivaliduser(hostf, raddr, luser, ruser)
397 auser = *user ? user : luser; 498 auser = *user ? user : luser;
398 ahost = buf; 499 ahost = buf;
399 500
400 if ((hp = gethostbyaddr((char *) &raddr, 501 if (strlen(ahost) >= MAXHOSTNAMELEN)
401 sizeof(raddr), AF_INET)) == NULL) { 502 continue;
402 abort();
403 return -1;
404 }
405 (void) strncpy(rhost, hp->h_name, sizeof(rhost));
406 rhost[sizeof(rhost) - 1] = '\0';
407 503
504 /*
505 * innetgr() must lookup a hostname (we do not attempt
506 * to change the semantics so that netgroups may have
507 * #.#.#.# addresses in the list.)
508 */
408 if (ahost[0] == '+') 509 if (ahost[0] == '+')
409 switch (ahost[1]) { 510 switch (ahost[1]) {
410 case '\0': 511 case '\0':
411 hostok = 1; 512 hostok = 1;
412 break; 513 break;
413
414 case '@': 514 case '@':
415 hostok = innetgr(&ahost[2], rhost, NULL, 515 if (rhost == (char *)-1)
416 domain); 516 rhost = __gethostloop(raddr, salen);
517 hostok = 0;
518 if (rhost)
519 hostok = innetgr(&ahost[2], rhost,
520 NULL, domain);
417 break; 521 break;
418
419 default: 522 default:
420 hostok = __icheckhost(raddr, &ahost[1]); 523 hostok = __icheckhost(raddr, salen, &ahost[1]);
421 break; 524 break;
422 } 525 }
423 else if (ahost[0] == '-') 526 else if (ahost[0] == '-')
@@ -425,18 +528,20 @@ __ivaliduser(hostf, raddr, luser, ruser)
425 case '\0': 528 case '\0':
426 hostok = -1; 529 hostok = -1;
427 break; 530 break;
428
429 case '@': 531 case '@':
430 hostok = -innetgr(&ahost[2], rhost, NULL, 532 if (rhost == (char *)-1)
431 domain); 533 rhost = __gethostloop(raddr, salen);
534 hostok = 0;
535 if (rhost)
536 hostok = -innetgr(&ahost[2], rhost,
537 NULL, domain);
432 break; 538 break;
433
434 default: 539 default:
435 hostok = -__icheckhost(raddr, &ahost[1]); 540 hostok = -__icheckhost(raddr, salen, &ahost[1]);
436 break; 541 break;
437 } 542 }
438 else 543 else
439 hostok = __icheckhost(raddr, ahost); 544 hostok = __icheckhost(raddr, salen, ahost);
440 545
441 546
442 if (auser[0] == '+') 547 if (auser[0] == '+')
@@ -444,14 +549,12 @@ __ivaliduser(hostf, raddr, luser, ruser)
444 case '\0': 549 case '\0':
445 userok = 1; 550 userok = 1;
446 break; 551 break;
447
448 case '@': 552 case '@':
449 userok = innetgr(&auser[2], NULL, ruser, 553 userok = innetgr(&auser[2], NULL, ruser,
450 domain); 554 domain);
451 break; 555 break;
452
453 default: 556 default:
454 userok = strcmp(ruser, &auser[1]) == 0; 557 userok = strcmp(ruser, &auser[1]) ? 0 : 1;
455 break; 558 break;
456 } 559 }
457 else if (auser[0] == '-') 560 else if (auser[0] == '-')
@@ -459,59 +562,130 @@ __ivaliduser(hostf, raddr, luser, ruser)
459 case '\0': 562 case '\0':
460 userok = -1; 563 userok = -1;
461 break; 564 break;
462
463 case '@': 565 case '@':
464 userok = -innetgr(&auser[2], NULL, ruser, 566 userok = -innetgr(&auser[2], NULL, ruser,
465 domain); 567 domain);
466 break; 568 break;
467
468 default: 569 default:
469 userok = -(strcmp(ruser, &auser[1]) == 0); 570 userok = strcmp(ruser, &auser[1]) ? 0 : -1;
470 break; 571 break;
471 } 572 }
472 else 573 else
473 userok = strcmp(ruser, auser) == 0; 574 userok = strcmp(ruser, auser) ? 0 : 1;
474 575
475 /* Check if one component did not match */ 576 /* Check if one component did not match */
476 if (hostok == 0 || userok == 0) 577 if (hostok == 0 || userok == 0)
477 continue; 578 continue;
478 579
479 /* Check if we got a forbidden pair */ 580 /* Check if we got a forbidden pair */
480 if (userok == -1 || hostok == -1) 581 if (userok <= -1 || hostok <= -1)
481 return -1; 582 return (-1);
482 583
483 /* Check if we got a valid pair */ 584 /* Check if we got a valid pair */
484 if (hostok == 1 && userok == 1) 585 if (hostok >= 1 && userok >= 1)
485 return 0; 586 return (0);
486 } 587 }
487 return -1; 588bail:
589 return (-1);
488} 590}
489 591
490/* 592/*
491 * Returns "true" if match, 0 if no match. 593 * Returns "true" if match, 0 if no match. If we do not find any
594 * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
492 */ 595 */
493static int 596static int
494__icheckhost(raddr, lhost) 597__icheckhost(struct sockaddr *raddr, socklen_t salen, const char *lhost)
495 u_long raddr;
496 const char *lhost;
497{ 598{
498 register struct hostent *hp; 599 struct addrinfo hints, *res, *r;
499 register u_long laddr; 600 char h1[NI_MAXHOST], h2[NI_MAXHOST];
500 register char **pp; 601 int error;
501 602 const int niflags = NI_NUMERICHOST;
502 /* Try for raw ip address first. */ 603
503 if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) 604 h1[0] = '\0';
504 return (raddr == laddr); 605 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
606 niflags) != 0)
607 return (0);
505 608
506 /* Better be a hostname. */ 609 /* Resolve laddr into sockaddr */
507 if ((hp = gethostbyname(lhost)) == NULL) 610 memset(&hints, 0, sizeof(hints));
611 hints.ai_family = raddr->sa_family;
612 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
613 res = NULL;
614 error = getaddrinfo(lhost, "0", &hints, &res);
615 if (error)
508 return (0); 616 return (0);
509 617
510 /* Spin through ip addresses. */ 618 /*
511 for (pp = hp->h_addr_list; *pp; ++pp) 619 * Try string comparisons between raddr and laddr.
512 if (!bcmp(&raddr, *pp, sizeof(u_long))) 620 */
621 for (r = res; r; r = r->ai_next) {
622 h2[0] = '\0';
623 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
624 NULL, 0, niflags) != 0)
625 continue;
626 if (strcmp(h1, h2) == 0) {
627 freeaddrinfo(res);
513 return (1); 628 return (1);
629 }
630 }
514 631
515 /* No match. */ 632 /* No match. */
633 freeaddrinfo(res);
516 return (0); 634 return (0);
517} 635}
636
637/*
638 * Return the hostname associated with the supplied address.
639 * Do a reverse lookup as well for security. If a loop cannot
640 * be found, pack the result of inet_ntoa() into the string.
641 */
642static char *
643__gethostloop(struct sockaddr *raddr, socklen_t salen)
644{
645 static char remotehost[NI_MAXHOST];
646 char h1[NI_MAXHOST], h2[NI_MAXHOST];
647 struct addrinfo hints, *res, *r;
648 int error;
649 const int niflags = NI_NUMERICHOST;
650
651 h1[0] = remotehost[0] = '\0';
652 if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
653 NULL, 0, NI_NAMEREQD) != 0)
654 return (NULL);
655 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
656 niflags) != 0)
657 return (NULL);
658
659 /*
660 * Look up the name and check that the supplied
661 * address is in the list
662 */
663 memset(&hints, 0, sizeof(hints));
664 hints.ai_family = raddr->sa_family;
665 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
666 hints.ai_flags = AI_CANONNAME;
667 res = NULL;
668 error = getaddrinfo(remotehost, "0", &hints, &res);
669 if (error)
670 return (NULL);
671
672 for (r = res; r; r = r->ai_next) {
673 h2[0] = '\0';
674 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
675 NULL, 0, niflags) != 0)
676 continue;
677 if (strcmp(h1, h2) == 0) {
678 freeaddrinfo(res);
679 return (remotehost);
680 }
681 }
682
683 /*
684 * either the DNS adminstrator has made a configuration
685 * mistake, or someone has attempted to spoof us
686 */
687 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
688 h1, res->ai_canonname ? res->ai_canonname : remotehost);
689 freeaddrinfo(res);
690 return (NULL);
691}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-28 13:18:38 +0000