summaryrefslogtreecommitdiff
path: root/src/lib/libc/net/rcmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libc/net/rcmd.c')
-rw-r--r--src/lib/libc/net/rcmd.c546
1 files changed, 381 insertions, 165 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index e0310031b0..1f2e02c989 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
1/* $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $ */
2
3/* 1/*
2 * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
4 * Copyright (c) 1983, 1993, 1994 3 * Copyright (c) 1983, 1993, 1994
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
6 * 5 *
@@ -16,6 +15,7 @@
16 * must display the following acknowledgement: 15 * must display the following acknowledgement:
17 * This product includes software developed by the University of 16 * This product includes software developed by the University of
18 * California, Berkeley and its contributors. 17 * California, Berkeley and its contributors.
18 * This product includes software developed by Theo de Raadt.
19 * 4. Neither the name of the University nor the names of its contributors 19 * 4. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software 20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission. 21 * without specific prior written permission.
@@ -34,11 +34,7 @@
34 */ 34 */
35 35
36#if defined(LIBC_SCCS) && !defined(lint) 36#if defined(LIBC_SCCS) && !defined(lint)
37#if 0 37static char *rcsid = "$OpenBSD: rcmd.c,v 1.45 2002/12/15 13:27:06 henning Exp $";
38static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
39#else
40static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
41#endif
42#endif /* LIBC_SCCS and not lint */ 38#endif /* LIBC_SCCS and not lint */
43 39
44#include <sys/param.h> 40#include <sys/param.h>
@@ -57,35 +53,90 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
57#include <stdio.h> 53#include <stdio.h>
58#include <ctype.h> 54#include <ctype.h>
59#include <string.h> 55#include <string.h>
56#include <syslog.h>
57#include <stdlib.h>
58#include <netgroup.h>
60 59
61int __ivaliduser __P((FILE *, u_long, const char *, const char *)); 60int __ivaliduser(FILE *, in_addr_t, const char *, const char *);
62static int __icheckhost __P((u_long, const char *)); 61int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
62 const char *, const char *);
63static int __icheckhost(struct sockaddr *, socklen_t, const char *);
64static char *__gethostloop(struct sockaddr *, socklen_t);
63 65
64int 66int
65rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 67rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
66 char **ahost; 68 char **ahost;
67 u_short rport; 69 in_port_t rport;
70 const char *locuser, *remuser, *cmd;
71 int *fd2p;
72{
73 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
74}
75
76int
77rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af)
78 char **ahost;
79 in_port_t rport;
68 const char *locuser, *remuser, *cmd; 80 const char *locuser, *remuser, *cmd;
69 int *fd2p; 81 int *fd2p;
82 int af;
70{ 83{
71 struct hostent *hp; 84 static char hbuf[MAXHOSTNAMELEN];
72 struct sockaddr_in sin, from; 85 char pbuf[NI_MAXSERV];
73 fd_set reads; 86 struct addrinfo hints, *res, *r;
74 long oldmask; 87 int error;
88 struct sockaddr_storage from;
89 fd_set *readsp = NULL;
90 sigset_t oldmask, mask;
75 pid_t pid; 91 pid_t pid;
76 int s, lport, timo; 92 int s, lport, timo;
77 char c; 93 char c, *p;
94 int refused;
95
96 /* call rcmdsh() with specified remote shell if appropriate. */
97 if (!issetugid() && (p = getenv("RSH")) && *p) {
98 struct servent *sp = getservbyname("shell", "tcp");
99
100 if (sp && sp->s_port == rport)
101 return (rcmdsh(ahost, rport, locuser, remuser,
102 cmd, p));
103 }
104
105 /* use rsh(1) if non-root and remote port is shell. */
106 if (geteuid()) {
107 struct servent *sp = getservbyname("shell", "tcp");
108
109 if (sp && sp->s_port == rport)
110 return (rcmdsh(ahost, rport, locuser, remuser,
111 cmd, NULL));
112 }
78 113
79 pid = getpid(); 114 pid = getpid();
80 hp = gethostbyname(*ahost); 115 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
81 if (hp == NULL) { 116 memset(&hints, 0, sizeof(hints));
82 herror(*ahost); 117 hints.ai_family = af;
118 hints.ai_socktype = SOCK_STREAM;
119 hints.ai_flags = AI_CANONNAME;
120 error = getaddrinfo(*ahost, pbuf, &hints, &res);
121 if (error) {
122#if 0
123 warnx("%s: %s", *ahost, gai_strerror(error));
124#endif
83 return (-1); 125 return (-1);
84 } 126 }
85 *ahost = hp->h_name; 127 if (res->ai_canonname) {
86 oldmask = sigblock(sigmask(SIGURG)); 128 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
129 *ahost = hbuf;
130 } else
131 ; /*XXX*/
132
133 r = res;
134 refused = 0;
135 sigemptyset(&mask);
136 sigaddset(&mask, SIGURG);
137 oldmask = sigprocmask(SIG_BLOCK, &mask, &oldmask);
87 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 138 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
88 s = rresvport(&lport); 139 s = rresvport_af(&lport, r->ai_family);
89 if (s < 0) { 140 if (s < 0) {
90 if (errno == EAGAIN) 141 if (errno == EAGAIN)
91 (void)fprintf(stderr, 142 (void)fprintf(stderr,
@@ -93,54 +144,86 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
93 else 144 else
94 (void)fprintf(stderr, "rcmd: socket: %s\n", 145 (void)fprintf(stderr, "rcmd: socket: %s\n",
95 strerror(errno)); 146 strerror(errno));
96 sigsetmask(oldmask); 147 if (r->ai_next) {
97 return (-1); 148 r = r->ai_next;
149 continue;
150 } else {
151 sigprocmask(SIG_SETMASK, &oldmask, NULL);
152 freeaddrinfo(res);
153 return (-1);
154 }
98 } 155 }
99 fcntl(s, F_SETOWN, pid); 156 fcntl(s, F_SETOWN, pid);
100 sin.sin_len = sizeof(struct sockaddr_in); 157 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
101 sin.sin_family = hp->h_addrtype;
102 sin.sin_port = rport;
103 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
104 if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
105 break; 158 break;
106 (void)close(s); 159 (void)close(s);
107 if (errno == EADDRINUSE) { 160 if (errno == EADDRINUSE) {
108 lport--; 161 lport--;
109 continue; 162 continue;
110 } 163 }
111 if (errno == ECONNREFUSED && timo <= 16) { 164 if (errno == ECONNREFUSED)
112 (void)sleep(timo); 165 refused++;
113 timo *= 2; 166 if (r->ai_next) {
114 continue;
115 }
116 if (hp->h_addr_list[1] != NULL) {
117 int oerrno = errno; 167 int oerrno = errno;
168 char hbuf[NI_MAXHOST];
169#ifdef NI_WITHSCOPEID
170 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
171#else
172 const int niflags = NI_NUMERICHOST;
173#endif
118 174
119 (void)fprintf(stderr, "connect to address %s: ", 175 hbuf[0] = '\0';
120 inet_ntoa(sin.sin_addr)); 176 if (getnameinfo(r->ai_addr, r->ai_addrlen,
177 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
178 strlcpy(hbuf, "(invalid)", sizeof hbuf);
179 (void)fprintf(stderr, "connect to address %s: ", hbuf);
121 errno = oerrno; 180 errno = oerrno;
122 perror(0); 181 perror(0);
123 hp->h_addr_list++; 182 r = r->ai_next;
124 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length); 183 hbuf[0] = '\0';
125 (void)fprintf(stderr, "Trying %s...\n", 184 if (getnameinfo(r->ai_addr, r->ai_addrlen,
126 inet_ntoa(sin.sin_addr)); 185 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
186 strlcpy(hbuf, "(invalid)", sizeof hbuf);
187 (void)fprintf(stderr, "Trying %s...\n", hbuf);
188 continue;
189 }
190 if (refused && timo <= 16) {
191 (void)sleep(timo);
192 timo *= 2;
193 r = res;
194 refused = 0;
127 continue; 195 continue;
128 } 196 }
129 (void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno)); 197 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
130 sigsetmask(oldmask); 198 strerror(errno));
199 sigprocmask(SIG_SETMASK, &oldmask, NULL);
200 freeaddrinfo(res);
131 return (-1); 201 return (-1);
132 } 202 }
203 /* given "af" can be PF_UNSPEC, we need the real af for "s" */
204 af = r->ai_family;
205 freeaddrinfo(res);
206#if 0
207 /*
208 * try to rresvport() to the same port. This will make rresvport()
209 * fail it's first bind, resulting in it choosing a random port.
210 */
133 lport--; 211 lport--;
212#endif
134 if (fd2p == 0) { 213 if (fd2p == 0) {
135 write(s, "", 1); 214 write(s, "", 1);
136 lport = 0; 215 lport = 0;
137 } else { 216 } else {
138 char num[8]; 217 char num[8];
139 int s2 = rresvport(&lport), s3; 218 int s2 = rresvport_af(&lport, af), s3;
140 int len = sizeof(from); 219 socklen_t len = sizeof(from);
220 int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
141 221
142 if (s2 < 0) 222 if (s2 < 0)
143 goto bad; 223 goto bad;
224 readsp = (fd_set *)malloc(fdssize);
225 if (readsp == NULL)
226 goto bad;
144 listen(s2, 1); 227 listen(s2, 1);
145 (void)snprintf(num, sizeof(num), "%d", lport); 228 (void)snprintf(num, sizeof(num), "%d", lport);
146 if (write(s, num, strlen(num)+1) != strlen(num)+1) { 229 if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +233,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
150 (void)close(s2); 233 (void)close(s2);
151 goto bad; 234 goto bad;
152 } 235 }
153 FD_ZERO(&reads); 236again:
154 FD_SET(s, &reads); 237 bzero(readsp, fdssize);
155 FD_SET(s2, &reads); 238 FD_SET(s, readsp);
239 FD_SET(s2, readsp);
156 errno = 0; 240 errno = 0;
157 if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 || 241 if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
158 !FD_ISSET(s2, &reads)) { 242 !FD_ISSET(s2, readsp)) {
159 if (errno != 0) 243 if (errno != 0)
160 (void)fprintf(stderr, 244 (void)fprintf(stderr,
161 "rcmd: select (setting up stderr): %s\n", 245 "rcmd: select (setting up stderr): %s\n",
@@ -167,6 +251,23 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
167 goto bad; 251 goto bad;
168 } 252 }
169 s3 = accept(s2, (struct sockaddr *)&from, &len); 253 s3 = accept(s2, (struct sockaddr *)&from, &len);
254 /*
255 * XXX careful for ftp bounce attacks. If discovered, shut them
256 * down and check for the real auxiliary channel to connect.
257 */
258 switch (from.ss_family) {
259 case AF_INET:
260 case AF_INET6:
261 if (getnameinfo((struct sockaddr *)&from, len,
262 NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
263 atoi(num) != 20) {
264 break;
265 }
266 close(s3);
267 goto again;
268 default:
269 break;
270 }
170 (void)close(s2); 271 (void)close(s2);
171 if (s3 < 0) { 272 if (s3 < 0) {
172 (void)fprintf(stderr, 273 (void)fprintf(stderr,
@@ -175,13 +276,20 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
175 goto bad; 276 goto bad;
176 } 277 }
177 *fd2p = s3; 278 *fd2p = s3;
178 from.sin_port = ntohs(from.sin_port); 279 switch (from.ss_family) {
179 if (from.sin_family != AF_INET || 280 case AF_INET:
180 from.sin_port >= IPPORT_RESERVED || 281 case AF_INET6:
181 from.sin_port < IPPORT_RESERVED / 2) { 282 if (getnameinfo((struct sockaddr *)&from, len,
182 (void)fprintf(stderr, 283 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
183 "socket: protocol failure in circuit setup.\n"); 284 (atoi(num) >= IPPORT_RESERVED ||
184 goto bad2; 285 atoi(num) < IPPORT_RESERVED / 2)) {
286 (void)fprintf(stderr,
287 "socket: protocol failure in circuit setup.\n");
288 goto bad2;
289 }
290 break;
291 default:
292 break;
185 } 293 }
186 } 294 }
187 (void)write(s, locuser, strlen(locuser)+1); 295 (void)write(s, locuser, strlen(locuser)+1);
@@ -200,47 +308,20 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
200 } 308 }
201 goto bad2; 309 goto bad2;
202 } 310 }
203 sigsetmask(oldmask); 311 sigprocmask(SIG_SETMASK, &oldmask, NULL);
312 free(readsp);
204 return (s); 313 return (s);
205bad2: 314bad2:
206 if (lport) 315 if (lport)
207 (void)close(*fd2p); 316 (void)close(*fd2p);
208bad: 317bad:
318 if (readsp)
319 free(readsp);
209 (void)close(s); 320 (void)close(s);
210 sigsetmask(oldmask); 321 sigprocmask(SIG_SETMASK, &oldmask, NULL);
211 return (-1); 322 return (-1);
212} 323}
213 324
214int
215rresvport(alport)
216 int *alport;
217{
218 struct sockaddr_in sin;
219 int s;
220
221 sin.sin_len = sizeof(struct sockaddr_in);
222 sin.sin_family = AF_INET;
223 sin.sin_addr.s_addr = INADDR_ANY;
224 s = socket(AF_INET, SOCK_STREAM, 0);
225 if (s < 0)
226 return (-1);
227 for (;;) {
228 sin.sin_port = htons((u_short)*alport);
229 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
230 return (s);
231 if (errno != EADDRINUSE) {
232 (void)close(s);
233 return (-1);
234 }
235 (*alport)--;
236 if (*alport == IPPORT_RESERVED/2) {
237 (void)close(s);
238 errno = EAGAIN; /* close */
239 return (-1);
240 }
241 }
242}
243
244int __check_rhosts_file = 1; 325int __check_rhosts_file = 1;
245char *__rcmd_errstr; 326char *__rcmd_errstr;
246 327
@@ -249,21 +330,24 @@ ruserok(rhost, superuser, ruser, luser)
249 const char *rhost, *ruser, *luser; 330 const char *rhost, *ruser, *luser;
250 int superuser; 331 int superuser;
251{ 332{
252 struct hostent *hp; 333 struct addrinfo hints, *res, *r;
253 char **ap; 334 int error;
254 int i; 335
255#define MAXADDRS 35 336 memset(&hints, 0, sizeof(hints));
256 u_long addrs[MAXADDRS + 1]; 337 hints.ai_family = PF_UNSPEC;
257 338 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
258 if ((hp = gethostbyname(rhost)) == NULL) 339 error = getaddrinfo(rhost, "0", &hints, &res);
340 if (error)
259 return (-1); 341 return (-1);
260 for (i = 0, ap = hp->h_addr_list; *ap && i < MAXADDRS; ++ap, ++i)
261 bcopy(*ap, &addrs[i], sizeof(addrs[i]));
262 addrs[i] = 0;
263 342
264 for (i = 0; i < MAXADDRS && addrs[i]; i++) 343 for (r = res; r; r = r->ai_next) {
265 if (iruserok(addrs[i], superuser, ruser, luser) == 0) 344 if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
345 luser) == 0) {
346 freeaddrinfo(res);
266 return (0); 347 return (0);
348 }
349 }
350 freeaddrinfo(res);
267 return (-1); 351 return (-1);
268} 352}
269 353
@@ -278,10 +362,28 @@ ruserok(rhost, superuser, ruser, luser)
278 */ 362 */
279int 363int
280iruserok(raddr, superuser, ruser, luser) 364iruserok(raddr, superuser, ruser, luser)
281 u_long raddr; 365 u_int32_t raddr;
282 int superuser; 366 int superuser;
283 const char *ruser, *luser; 367 const char *ruser, *luser;
284{ 368{
369 struct sockaddr_in sin;
370
371 memset(&sin, 0, sizeof(sin));
372 sin.sin_family = AF_INET;
373 sin.sin_len = sizeof(struct sockaddr_in);
374 memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
375 return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
376 luser);
377}
378
379int
380iruserok_sa(raddr, rlen, superuser, ruser, luser)
381 const void *raddr;
382 int rlen;
383 int superuser;
384 const char *ruser, *luser;
385{
386 struct sockaddr *sa;
285 register char *cp; 387 register char *cp;
286 struct stat sbuf; 388 struct stat sbuf;
287 struct passwd *pwd; 389 struct passwd *pwd;
@@ -290,11 +392,12 @@ iruserok(raddr, superuser, ruser, luser)
290 int first; 392 int first;
291 char pbuf[MAXPATHLEN]; 393 char pbuf[MAXPATHLEN];
292 394
395 sa = (struct sockaddr *)raddr;
293 first = 1; 396 first = 1;
294 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); 397 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
295again: 398again:
296 if (hostf) { 399 if (hostf) {
297 if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { 400 if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
298 (void)fclose(hostf); 401 (void)fclose(hostf);
299 return (0); 402 return (0);
300 } 403 }
@@ -304,8 +407,7 @@ again:
304 first = 0; 407 first = 0;
305 if ((pwd = getpwnam(luser)) == NULL) 408 if ((pwd = getpwnam(luser)) == NULL)
306 return (-1); 409 return (-1);
307 (void)strcpy(pbuf, pwd->pw_dir); 410 snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
308 (void)strcat(pbuf, "/.rhosts");
309 411
310 /* 412 /*
311 * Change effective uid while opening .rhosts. If root and 413 * Change effective uid while opening .rhosts. If root and
@@ -333,7 +435,7 @@ again:
333 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) 435 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
334 cp = "bad .rhosts owner"; 436 cp = "bad .rhosts owner";
335 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) 437 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
336 cp = ".rhosts writeable by other than owner"; 438 cp = ".rhosts writable by other than owner";
337 /* If there were any problems, quit. */ 439 /* If there were any problems, quit. */
338 if (cp) { 440 if (cp) {
339 __rcmd_errstr = cp; 441 __rcmd_errstr = cp;
@@ -352,41 +454,63 @@ again:
352 * Returns 0 if ok, -1 if not ok. 454 * Returns 0 if ok, -1 if not ok.
353 */ 455 */
354int 456int
355__ivaliduser(hostf, raddr, luser, ruser) 457__ivaliduser(hostf, raddrl, luser, ruser)
458 FILE *hostf;
459 in_addr_t raddrl;
460 const char *luser, *ruser;
461{
462 struct sockaddr_in sin;
463
464 memset(&sin, 0, sizeof(sin));
465 sin.sin_family = AF_INET;
466 sin.sin_len = sizeof(struct sockaddr_in);
467 memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
468 return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
469 luser, ruser);
470}
471
472int
473__ivaliduser_sa(hostf, raddr, salen, luser, ruser)
356 FILE *hostf; 474 FILE *hostf;
357 u_long raddr; 475 struct sockaddr *raddr;
476 socklen_t salen;
358 const char *luser, *ruser; 477 const char *luser, *ruser;
359{ 478{
360 register char *user, *p; 479 register char *user, *p;
361 int ch; 480 char *buf;
362 char buf[MAXHOSTNAMELEN + 128]; /* host + login */
363 const char *auser, *ahost; 481 const char *auser, *ahost;
364 int hostok, userok; 482 int hostok, userok;
365 char rhost[MAXHOSTNAMELEN]; 483 char *rhost = (char *)-1;
366 struct hostent *hp;
367 char domain[MAXHOSTNAMELEN]; 484 char domain[MAXHOSTNAMELEN];
485 size_t buflen;
368 486
369 getdomainname(domain, sizeof(domain)); 487 getdomainname(domain, sizeof(domain));
370 488
371 while (fgets(buf, sizeof(buf), hostf)) { 489 while ((buf = fgetln(hostf, &buflen))) {
372 p = buf; 490 p = buf;
373 /* Skip lines that are too long. */ 491 if (*p == '#')
374 if (strchr(p, '\n') == NULL) {
375 while ((ch = getc(hostf)) != '\n' && ch != EOF);
376 continue; 492 continue;
377 } 493 while (*p != '\n' && *p != ' ' && *p != '\t' && p < buf + buflen) {
378 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 494 if (!isprint(*p))
495 goto bail;
379 *p = isupper(*p) ? tolower(*p) : *p; 496 *p = isupper(*p) ? tolower(*p) : *p;
380 p++; 497 p++;
381 } 498 }
499 if (p >= buf + buflen)
500 continue;
382 if (*p == ' ' || *p == '\t') { 501 if (*p == ' ' || *p == '\t') {
383 *p++ = '\0'; 502 *p++ = '\0';
384 while (*p == ' ' || *p == '\t') 503 while ((*p == ' ' || *p == '\t') && p < buf + buflen)
385 p++; 504 p++;
505 if (p >= buf + buflen)
506 continue;
386 user = p; 507 user = p;
387 while (*p != '\n' && *p != ' ' && 508 while (*p != '\n' && *p != ' ' &&
388 *p != '\t' && *p != '\0') 509 *p != '\t' && p < buf + buflen) {
510 if (!isprint(*p))
511 goto bail;
389 p++; 512 p++;
513 }
390 } else 514 } else
391 user = p; 515 user = p;
392 *p = '\0'; 516 *p = '\0';
@@ -397,27 +521,29 @@ __ivaliduser(hostf, raddr, luser, ruser)
397 auser = *user ? user : luser; 521 auser = *user ? user : luser;
398 ahost = buf; 522 ahost = buf;
399 523
400 if ((hp = gethostbyaddr((char *) &raddr, 524 if (strlen(ahost) >= MAXHOSTNAMELEN)
401 sizeof(raddr), AF_INET)) == NULL) { 525 continue;
402 abort();
403 return -1;
404 }
405 (void) strncpy(rhost, hp->h_name, sizeof(rhost));
406 rhost[sizeof(rhost) - 1] = '\0';
407 526
527 /*
528 * innetgr() must lookup a hostname (we do not attempt
529 * to change the semantics so that netgroups may have
530 * #.#.#.# addresses in the list.)
531 */
408 if (ahost[0] == '+') 532 if (ahost[0] == '+')
409 switch (ahost[1]) { 533 switch (ahost[1]) {
410 case '\0': 534 case '\0':
411 hostok = 1; 535 hostok = 1;
412 break; 536 break;
413
414 case '@': 537 case '@':
415 hostok = innetgr(&ahost[2], rhost, NULL, 538 if (rhost == (char *)-1)
416 domain); 539 rhost = __gethostloop(raddr, salen);
540 hostok = 0;
541 if (rhost)
542 hostok = innetgr(&ahost[2], rhost,
543 NULL, domain);
417 break; 544 break;
418
419 default: 545 default:
420 hostok = __icheckhost(raddr, &ahost[1]); 546 hostok = __icheckhost(raddr, salen, &ahost[1]);
421 break; 547 break;
422 } 548 }
423 else if (ahost[0] == '-') 549 else if (ahost[0] == '-')
@@ -425,18 +551,20 @@ __ivaliduser(hostf, raddr, luser, ruser)
425 case '\0': 551 case '\0':
426 hostok = -1; 552 hostok = -1;
427 break; 553 break;
428
429 case '@': 554 case '@':
430 hostok = -innetgr(&ahost[2], rhost, NULL, 555 if (rhost == (char *)-1)
431 domain); 556 rhost = __gethostloop(raddr, salen);
557 hostok = 0;
558 if (rhost)
559 hostok = -innetgr(&ahost[2], rhost,
560 NULL, domain);
432 break; 561 break;
433
434 default: 562 default:
435 hostok = -__icheckhost(raddr, &ahost[1]); 563 hostok = -__icheckhost(raddr, salen, &ahost[1]);
436 break; 564 break;
437 } 565 }
438 else 566 else
439 hostok = __icheckhost(raddr, ahost); 567 hostok = __icheckhost(raddr, salen, ahost);
440 568
441 569
442 if (auser[0] == '+') 570 if (auser[0] == '+')
@@ -444,14 +572,12 @@ __ivaliduser(hostf, raddr, luser, ruser)
444 case '\0': 572 case '\0':
445 userok = 1; 573 userok = 1;
446 break; 574 break;
447
448 case '@': 575 case '@':
449 userok = innetgr(&auser[2], NULL, ruser, 576 userok = innetgr(&auser[2], NULL, ruser,
450 domain); 577 domain);
451 break; 578 break;
452
453 default: 579 default:
454 userok = strcmp(ruser, &auser[1]) == 0; 580 userok = strcmp(ruser, &auser[1]) ? 0 : 1;
455 break; 581 break;
456 } 582 }
457 else if (auser[0] == '-') 583 else if (auser[0] == '-')
@@ -459,59 +585,149 @@ __ivaliduser(hostf, raddr, luser, ruser)
459 case '\0': 585 case '\0':
460 userok = -1; 586 userok = -1;
461 break; 587 break;
462
463 case '@': 588 case '@':
464 userok = -innetgr(&auser[2], NULL, ruser, 589 userok = -innetgr(&auser[2], NULL, ruser,
465 domain); 590 domain);
466 break; 591 break;
467
468 default: 592 default:
469 userok = -(strcmp(ruser, &auser[1]) == 0); 593 userok = strcmp(ruser, &auser[1]) ? 0 : -1;
470 break; 594 break;
471 } 595 }
472 else 596 else
473 userok = strcmp(ruser, auser) == 0; 597 userok = strcmp(ruser, auser) ? 0 : 1;
474 598
475 /* Check if one component did not match */ 599 /* Check if one component did not match */
476 if (hostok == 0 || userok == 0) 600 if (hostok == 0 || userok == 0)
477 continue; 601 continue;
478 602
479 /* Check if we got a forbidden pair */ 603 /* Check if we got a forbidden pair */
480 if (userok == -1 || hostok == -1) 604 if (userok <= -1 || hostok <= -1)
481 return -1; 605 return (-1);
482 606
483 /* Check if we got a valid pair */ 607 /* Check if we got a valid pair */
484 if (hostok == 1 && userok == 1) 608 if (hostok >= 1 && userok >= 1)
485 return 0; 609 return (0);
486 } 610 }
487 return -1; 611bail:
612 return (-1);
488} 613}
489 614
490/* 615/*
491 * Returns "true" if match, 0 if no match. 616 * Returns "true" if match, 0 if no match. If we do not find any
617 * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
618 *
619 * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion
620 * if af == AF_INET6.
492 */ 621 */
493static int 622static int
494__icheckhost(raddr, lhost) 623__icheckhost(raddr, salen, lhost)
495 u_long raddr; 624 struct sockaddr *raddr;
625 socklen_t salen;
496 const char *lhost; 626 const char *lhost;
497{ 627{
498 register struct hostent *hp; 628 struct addrinfo hints, *res, *r;
499 register u_long laddr; 629 char h1[NI_MAXHOST], h2[NI_MAXHOST];
500 register char **pp; 630 int error;
631#ifdef NI_WITHSCOPEID
632 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
633#else
634 const int niflags = NI_NUMERICHOST;
635#endif
501 636
502 /* Try for raw ip address first. */ 637 h1[0] = '\0';
503 if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) 638 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
504 return (raddr == laddr); 639 niflags) != 0)
640 return (0);
505 641
506 /* Better be a hostname. */ 642 /* Resolve laddr into sockaddr */
507 if ((hp = gethostbyname(lhost)) == NULL) 643 memset(&hints, 0, sizeof(hints));
644 hints.ai_family = raddr->sa_family;
645 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
646 res = NULL;
647 error = getaddrinfo(lhost, "0", &hints, &res);
648 if (error)
508 return (0); 649 return (0);
509 650
510 /* Spin through ip addresses. */ 651 /*
511 for (pp = hp->h_addr_list; *pp; ++pp) 652 * Try string comparisons between raddr and laddr.
512 if (!bcmp(&raddr, *pp, sizeof(u_long))) 653 */
654 for (r = res; r; r = r->ai_next) {
655 h2[0] = '\0';
656 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
657 NULL, 0, niflags) != 0)
658 continue;
659 if (strcmp(h1, h2) == 0) {
660 freeaddrinfo(res);
513 return (1); 661 return (1);
662 }
663 }
514 664
515 /* No match. */ 665 /* No match. */
666 freeaddrinfo(res);
516 return (0); 667 return (0);
517} 668}
669
670/*
671 * Return the hostname associated with the supplied address.
672 * Do a reverse lookup as well for security. If a loop cannot
673 * be found, pack the result of inet_ntoa() into the string.
674 *
675 * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion
676 * if af == AF_INET6.
677 */
678static char *
679__gethostloop(raddr, salen)
680 struct sockaddr *raddr;
681 socklen_t salen;
682{
683 static char remotehost[NI_MAXHOST];
684 char h1[NI_MAXHOST], h2[NI_MAXHOST];
685 struct addrinfo hints, *res, *r;
686 int error;
687#ifdef NI_WITHSCOPEID
688 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
689#else
690 const int niflags = NI_NUMERICHOST;
691#endif
692
693 h1[0] = remotehost[0] = '\0';
694 if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
695 NULL, 0, NI_NAMEREQD) != 0)
696 return (NULL);
697 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
698 niflags) != 0)
699 return (NULL);
700
701 /*
702 * Look up the name and check that the supplied
703 * address is in the list
704 */
705 memset(&hints, 0, sizeof(hints));
706 hints.ai_family = raddr->sa_family;
707 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
708 hints.ai_flags = AI_CANONNAME;
709 res = NULL;
710 error = getaddrinfo(remotehost, "0", &hints, &res);
711 if (error)
712 return (NULL);
713
714 for (r = res; r; r = r->ai_next) {
715 h2[0] = '\0';
716 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
717 NULL, 0, niflags) != 0)
718 continue;
719 if (strcmp(h1, h2) == 0) {
720 freeaddrinfo(res);
721 return (remotehost);
722 }
723 }
724
725 /*
726 * either the DNS adminstrator has made a configuration
727 * mistake, or someone has attempted to spoof us
728 */
729 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
730 h1, res->ai_canonname ? res->ai_canonname : remotehost);
731 freeaddrinfo(res);
732 return (NULL);
733}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-01 19:22:00 +0000