summaryrefslogtreecommitdiff
path: root/src/lib/libc/net/rcmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libc/net/rcmd.c')
-rw-r--r--src/lib/libc/net/rcmd.c552
1 files changed, 363 insertions, 189 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index e0310031b0..bfe8c3ae56 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
1/* $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $ */
2
3/* 1/*
2 * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
4 * Copyright (c) 1983, 1993, 1994 3 * Copyright (c) 1983, 1993, 1994
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
6 * 5 *
@@ -12,11 +11,7 @@
12 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software 14 * 3. Neither the name of the University nor the names of its contributors
16 * must display the following acknowledgement:
17 * This product includes software developed by the University of
18 * California, Berkeley and its contributors.
19 * 4. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software 15 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission. 16 * without specific prior written permission.
22 * 17 *
@@ -34,11 +29,7 @@
34 */ 29 */
35 30
36#if defined(LIBC_SCCS) && !defined(lint) 31#if defined(LIBC_SCCS) && !defined(lint)
37#if 0 32static char *rcsid = "$OpenBSD: rcmd.c,v 1.52 2005/03/25 13:24:12 otto Exp $";
38static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
39#else
40static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
41#endif
42#endif /* LIBC_SCCS and not lint */ 33#endif /* LIBC_SCCS and not lint */
43 34
44#include <sys/param.h> 35#include <sys/param.h>
@@ -57,35 +48,84 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
57#include <stdio.h> 48#include <stdio.h>
58#include <ctype.h> 49#include <ctype.h>
59#include <string.h> 50#include <string.h>
51#include <syslog.h>
52#include <stdlib.h>
53#include <netgroup.h>
54
55int __ivaliduser(FILE *, in_addr_t, const char *, const char *);
56int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
57 const char *, const char *);
58static int __icheckhost(struct sockaddr *, socklen_t, const char *);
59static char *__gethostloop(struct sockaddr *, socklen_t);
60 60
61int __ivaliduser __P((FILE *, u_long, const char *, const char *)); 61int
62static int __icheckhost __P((u_long, const char *)); 62rcmd(char **ahost, int rport, const char *locuser, const char *remuser,
63 const char *cmd, int *fd2p)
64{
65 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
66}
63 67
64int 68int
65rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 69rcmd_af(char **ahost, int porta, const char *locuser, const char *remuser,
66 char **ahost; 70 const char *cmd, int *fd2p, int af)
67 u_short rport;
68 const char *locuser, *remuser, *cmd;
69 int *fd2p;
70{ 71{
71 struct hostent *hp; 72 static char hbuf[MAXHOSTNAMELEN];
72 struct sockaddr_in sin, from; 73 char pbuf[NI_MAXSERV];
73 fd_set reads; 74 struct addrinfo hints, *res, *r;
74 long oldmask; 75 int error;
76 struct sockaddr_storage from;
77 fd_set *readsp = NULL;
78 sigset_t oldmask, mask;
75 pid_t pid; 79 pid_t pid;
76 int s, lport, timo; 80 int s, lport, timo;
77 char c; 81 char c, *p;
82 int refused;
83 in_port_t rport = porta;
84
85 /* call rcmdsh() with specified remote shell if appropriate. */
86 if (!issetugid() && (p = getenv("RSH")) && *p) {
87 struct servent *sp = getservbyname("shell", "tcp");
88
89 if (sp && sp->s_port == rport)
90 return (rcmdsh(ahost, rport, locuser, remuser,
91 cmd, p));
92 }
93
94 /* use rsh(1) if non-root and remote port is shell. */
95 if (geteuid()) {
96 struct servent *sp = getservbyname("shell", "tcp");
97
98 if (sp && sp->s_port == rport)
99 return (rcmdsh(ahost, rport, locuser, remuser,
100 cmd, NULL));
101 }
78 102
79 pid = getpid(); 103 pid = getpid();
80 hp = gethostbyname(*ahost); 104 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
81 if (hp == NULL) { 105 memset(&hints, 0, sizeof(hints));
82 herror(*ahost); 106 hints.ai_family = af;
107 hints.ai_socktype = SOCK_STREAM;
108 hints.ai_flags = AI_CANONNAME;
109 error = getaddrinfo(*ahost, pbuf, &hints, &res);
110 if (error) {
111#if 0
112 warnx("%s: %s", *ahost, gai_strerror(error));
113#endif
83 return (-1); 114 return (-1);
84 } 115 }
85 *ahost = hp->h_name; 116 if (res->ai_canonname) {
86 oldmask = sigblock(sigmask(SIGURG)); 117 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
118 *ahost = hbuf;
119 } else
120 ; /*XXX*/
121
122 r = res;
123 refused = 0;
124 sigemptyset(&mask);
125 sigaddset(&mask, SIGURG);
126 oldmask = sigprocmask(SIG_BLOCK, &mask, &oldmask);
87 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 127 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
88 s = rresvport(&lport); 128 s = rresvport_af(&lport, r->ai_family);
89 if (s < 0) { 129 if (s < 0) {
90 if (errno == EAGAIN) 130 if (errno == EAGAIN)
91 (void)fprintf(stderr, 131 (void)fprintf(stderr,
@@ -93,54 +133,84 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
93 else 133 else
94 (void)fprintf(stderr, "rcmd: socket: %s\n", 134 (void)fprintf(stderr, "rcmd: socket: %s\n",
95 strerror(errno)); 135 strerror(errno));
96 sigsetmask(oldmask); 136 if (r->ai_next) {
97 return (-1); 137 r = r->ai_next;
138 continue;
139 } else {
140 sigprocmask(SIG_SETMASK, &oldmask, NULL);
141 freeaddrinfo(res);
142 return (-1);
143 }
98 } 144 }
99 fcntl(s, F_SETOWN, pid); 145 fcntl(s, F_SETOWN, pid);
100 sin.sin_len = sizeof(struct sockaddr_in); 146 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
101 sin.sin_family = hp->h_addrtype;
102 sin.sin_port = rport;
103 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
104 if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
105 break; 147 break;
106 (void)close(s); 148 (void)close(s);
107 if (errno == EADDRINUSE) { 149 if (errno == EADDRINUSE) {
108 lport--; 150 lport--;
109 continue; 151 continue;
110 } 152 }
111 if (errno == ECONNREFUSED && timo <= 16) { 153 if (errno == ECONNREFUSED)
112 (void)sleep(timo); 154 refused++;
113 timo *= 2; 155 if (r->ai_next) {
114 continue;
115 }
116 if (hp->h_addr_list[1] != NULL) {
117 int oerrno = errno; 156 int oerrno = errno;
118 157 char hbuf[NI_MAXHOST];
119 (void)fprintf(stderr, "connect to address %s: ", 158 const int niflags = NI_NUMERICHOST;
120 inet_ntoa(sin.sin_addr)); 159
160 hbuf[0] = '\0';
161 if (getnameinfo(r->ai_addr, r->ai_addrlen,
162 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
163 strlcpy(hbuf, "(invalid)", sizeof hbuf);
164 (void)fprintf(stderr, "connect to address %s: ", hbuf);
121 errno = oerrno; 165 errno = oerrno;
122 perror(0); 166 perror(0);
123 hp->h_addr_list++; 167 r = r->ai_next;
124 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length); 168 hbuf[0] = '\0';
125 (void)fprintf(stderr, "Trying %s...\n", 169 if (getnameinfo(r->ai_addr, r->ai_addrlen,
126 inet_ntoa(sin.sin_addr)); 170 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
171 strlcpy(hbuf, "(invalid)", sizeof hbuf);
172 (void)fprintf(stderr, "Trying %s...\n", hbuf);
127 continue; 173 continue;
128 } 174 }
129 (void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno)); 175 if (refused && timo <= 16) {
130 sigsetmask(oldmask); 176 (void)sleep(timo);
177 timo *= 2;
178 r = res;
179 refused = 0;
180 continue;
181 }
182 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
183 strerror(errno));
184 sigprocmask(SIG_SETMASK, &oldmask, NULL);
185 freeaddrinfo(res);
131 return (-1); 186 return (-1);
132 } 187 }
188 /* given "af" can be PF_UNSPEC, we need the real af for "s" */
189 af = r->ai_family;
190 freeaddrinfo(res);
191#if 0
192 /*
193 * try to rresvport() to the same port. This will make rresvport()
194 * fail it's first bind, resulting in it choosing a random port.
195 */
133 lport--; 196 lport--;
197#endif
134 if (fd2p == 0) { 198 if (fd2p == 0) {
135 write(s, "", 1); 199 write(s, "", 1);
136 lport = 0; 200 lport = 0;
137 } else { 201 } else {
138 char num[8]; 202 char num[8];
139 int s2 = rresvport(&lport), s3; 203 int s2 = rresvport_af(&lport, af), s3;
140 int len = sizeof(from); 204 socklen_t len = sizeof(from);
205 int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
141 206
142 if (s2 < 0) 207 if (s2 < 0)
143 goto bad; 208 goto bad;
209 readsp = (fd_set *)malloc(fdssize);
210 if (readsp == NULL) {
211 close(s2);
212 goto bad;
213 }
144 listen(s2, 1); 214 listen(s2, 1);
145 (void)snprintf(num, sizeof(num), "%d", lport); 215 (void)snprintf(num, sizeof(num), "%d", lport);
146 if (write(s, num, strlen(num)+1) != strlen(num)+1) { 216 if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +220,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
150 (void)close(s2); 220 (void)close(s2);
151 goto bad; 221 goto bad;
152 } 222 }
153 FD_ZERO(&reads); 223again:
154 FD_SET(s, &reads); 224 bzero(readsp, fdssize);
155 FD_SET(s2, &reads); 225 FD_SET(s, readsp);
226 FD_SET(s2, readsp);
156 errno = 0; 227 errno = 0;
157 if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 || 228 if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
158 !FD_ISSET(s2, &reads)) { 229 !FD_ISSET(s2, readsp)) {
159 if (errno != 0) 230 if (errno != 0)
160 (void)fprintf(stderr, 231 (void)fprintf(stderr,
161 "rcmd: select (setting up stderr): %s\n", 232 "rcmd: select (setting up stderr): %s\n",
@@ -167,21 +238,48 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
167 goto bad; 238 goto bad;
168 } 239 }
169 s3 = accept(s2, (struct sockaddr *)&from, &len); 240 s3 = accept(s2, (struct sockaddr *)&from, &len);
170 (void)close(s2);
171 if (s3 < 0) { 241 if (s3 < 0) {
172 (void)fprintf(stderr, 242 (void)fprintf(stderr,
173 "rcmd: accept: %s\n", strerror(errno)); 243 "rcmd: accept: %s\n", strerror(errno));
174 lport = 0; 244 lport = 0;
245 close(s2);
175 goto bad; 246 goto bad;
176 } 247 }
248
249 /*
250 * XXX careful for ftp bounce attacks. If discovered, shut them
251 * down and check for the real auxiliary channel to connect.
252 */
253 switch (from.ss_family) {
254 case AF_INET:
255 case AF_INET6:
256 if (getnameinfo((struct sockaddr *)&from, len,
257 NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
258 atoi(num) != 20) {
259 break;
260 }
261 close(s3);
262 goto again;
263 default:
264 break;
265 }
266 (void)close(s2);
267
177 *fd2p = s3; 268 *fd2p = s3;
178 from.sin_port = ntohs(from.sin_port); 269 switch (from.ss_family) {
179 if (from.sin_family != AF_INET || 270 case AF_INET:
180 from.sin_port >= IPPORT_RESERVED || 271 case AF_INET6:
181 from.sin_port < IPPORT_RESERVED / 2) { 272 if (getnameinfo((struct sockaddr *)&from, len,
182 (void)fprintf(stderr, 273 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
183 "socket: protocol failure in circuit setup.\n"); 274 (atoi(num) >= IPPORT_RESERVED ||
184 goto bad2; 275 atoi(num) < IPPORT_RESERVED / 2)) {
276 (void)fprintf(stderr,
277 "socket: protocol failure in circuit setup.\n");
278 goto bad2;
279 }
280 break;
281 default:
282 break;
185 } 283 }
186 } 284 }
187 (void)write(s, locuser, strlen(locuser)+1); 285 (void)write(s, locuser, strlen(locuser)+1);
@@ -200,70 +298,44 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
200 } 298 }
201 goto bad2; 299 goto bad2;
202 } 300 }
203 sigsetmask(oldmask); 301 sigprocmask(SIG_SETMASK, &oldmask, NULL);
302 free(readsp);
204 return (s); 303 return (s);
205bad2: 304bad2:
206 if (lport) 305 if (lport)
207 (void)close(*fd2p); 306 (void)close(*fd2p);
208bad: 307bad:
308 if (readsp)
309 free(readsp);
209 (void)close(s); 310 (void)close(s);
210 sigsetmask(oldmask); 311 sigprocmask(SIG_SETMASK, &oldmask, NULL);
211 return (-1); 312 return (-1);
212} 313}
213 314
214int
215rresvport(alport)
216 int *alport;
217{
218 struct sockaddr_in sin;
219 int s;
220
221 sin.sin_len = sizeof(struct sockaddr_in);
222 sin.sin_family = AF_INET;
223 sin.sin_addr.s_addr = INADDR_ANY;
224 s = socket(AF_INET, SOCK_STREAM, 0);
225 if (s < 0)
226 return (-1);
227 for (;;) {
228 sin.sin_port = htons((u_short)*alport);
229 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
230 return (s);
231 if (errno != EADDRINUSE) {
232 (void)close(s);
233 return (-1);
234 }
235 (*alport)--;
236 if (*alport == IPPORT_RESERVED/2) {
237 (void)close(s);
238 errno = EAGAIN; /* close */
239 return (-1);
240 }
241 }
242}
243
244int __check_rhosts_file = 1; 315int __check_rhosts_file = 1;
245char *__rcmd_errstr; 316char *__rcmd_errstr;
246 317
247int 318int
248ruserok(rhost, superuser, ruser, luser) 319ruserok(const char *rhost, int superuser, const char *ruser, const char *luser)
249 const char *rhost, *ruser, *luser;
250 int superuser;
251{ 320{
252 struct hostent *hp; 321 struct addrinfo hints, *res, *r;
253 char **ap; 322 int error;
254 int i; 323
255#define MAXADDRS 35 324 memset(&hints, 0, sizeof(hints));
256 u_long addrs[MAXADDRS + 1]; 325 hints.ai_family = PF_UNSPEC;
257 326 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
258 if ((hp = gethostbyname(rhost)) == NULL) 327 error = getaddrinfo(rhost, "0", &hints, &res);
328 if (error)
259 return (-1); 329 return (-1);
260 for (i = 0, ap = hp->h_addr_list; *ap && i < MAXADDRS; ++ap, ++i)
261 bcopy(*ap, &addrs[i], sizeof(addrs[i]));
262 addrs[i] = 0;
263 330
264 for (i = 0; i < MAXADDRS && addrs[i]; i++) 331 for (r = res; r; r = r->ai_next) {
265 if (iruserok(addrs[i], superuser, ruser, luser) == 0) 332 if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
333 luser) == 0) {
334 freeaddrinfo(res);
266 return (0); 335 return (0);
336 }
337 }
338 freeaddrinfo(res);
267 return (-1); 339 return (-1);
268} 340}
269 341
@@ -277,12 +349,24 @@ ruserok(rhost, superuser, ruser, luser)
277 * Returns 0 if ok, -1 if not ok. 349 * Returns 0 if ok, -1 if not ok.
278 */ 350 */
279int 351int
280iruserok(raddr, superuser, ruser, luser) 352iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
281 u_long raddr; 353{
282 int superuser; 354 struct sockaddr_in sin;
283 const char *ruser, *luser; 355
356 memset(&sin, 0, sizeof(sin));
357 sin.sin_family = AF_INET;
358 sin.sin_len = sizeof(struct sockaddr_in);
359 memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
360 return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
361 luser);
362}
363
364int
365iruserok_sa(const void *raddr, int rlen, int superuser, const char *ruser,
366 const char *luser)
284{ 367{
285 register char *cp; 368 struct sockaddr *sa;
369 char *cp;
286 struct stat sbuf; 370 struct stat sbuf;
287 struct passwd *pwd; 371 struct passwd *pwd;
288 FILE *hostf; 372 FILE *hostf;
@@ -290,11 +374,12 @@ iruserok(raddr, superuser, ruser, luser)
290 int first; 374 int first;
291 char pbuf[MAXPATHLEN]; 375 char pbuf[MAXPATHLEN];
292 376
377 sa = (struct sockaddr *)raddr;
293 first = 1; 378 first = 1;
294 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); 379 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
295again: 380again:
296 if (hostf) { 381 if (hostf) {
297 if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { 382 if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
298 (void)fclose(hostf); 383 (void)fclose(hostf);
299 return (0); 384 return (0);
300 } 385 }
@@ -304,8 +389,7 @@ again:
304 first = 0; 389 first = 0;
305 if ((pwd = getpwnam(luser)) == NULL) 390 if ((pwd = getpwnam(luser)) == NULL)
306 return (-1); 391 return (-1);
307 (void)strcpy(pbuf, pwd->pw_dir); 392 snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
308 (void)strcat(pbuf, "/.rhosts");
309 393
310 /* 394 /*
311 * Change effective uid while opening .rhosts. If root and 395 * Change effective uid while opening .rhosts. If root and
@@ -333,7 +417,7 @@ again:
333 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) 417 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
334 cp = "bad .rhosts owner"; 418 cp = "bad .rhosts owner";
335 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) 419 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
336 cp = ".rhosts writeable by other than owner"; 420 cp = ".rhosts writable by other than owner";
337 /* If there were any problems, quit. */ 421 /* If there were any problems, quit. */
338 if (cp) { 422 if (cp) {
339 __rcmd_errstr = cp; 423 __rcmd_errstr = cp;
@@ -352,41 +436,58 @@ again:
352 * Returns 0 if ok, -1 if not ok. 436 * Returns 0 if ok, -1 if not ok.
353 */ 437 */
354int 438int
355__ivaliduser(hostf, raddr, luser, ruser) 439__ivaliduser(FILE *hostf, in_addr_t raddrl, const char *luser,
356 FILE *hostf; 440 const char *ruser)
357 u_long raddr; 441{
358 const char *luser, *ruser; 442 struct sockaddr_in sin;
443
444 memset(&sin, 0, sizeof(sin));
445 sin.sin_family = AF_INET;
446 sin.sin_len = sizeof(struct sockaddr_in);
447 memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
448 return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
449 luser, ruser);
450}
451
452int
453__ivaliduser_sa(FILE *hostf, struct sockaddr *raddr, socklen_t salen,
454 const char *luser, const char *ruser)
359{ 455{
360 register char *user, *p; 456 char *user, *p;
361 int ch; 457 char *buf;
362 char buf[MAXHOSTNAMELEN + 128]; /* host + login */
363 const char *auser, *ahost; 458 const char *auser, *ahost;
364 int hostok, userok; 459 int hostok, userok;
365 char rhost[MAXHOSTNAMELEN]; 460 char *rhost = (char *)-1;
366 struct hostent *hp;
367 char domain[MAXHOSTNAMELEN]; 461 char domain[MAXHOSTNAMELEN];
462 size_t buflen;
368 463
369 getdomainname(domain, sizeof(domain)); 464 getdomainname(domain, sizeof(domain));
370 465
371 while (fgets(buf, sizeof(buf), hostf)) { 466 while ((buf = fgetln(hostf, &buflen))) {
372 p = buf; 467 p = buf;
373 /* Skip lines that are too long. */ 468 if (*p == '#')
374 if (strchr(p, '\n') == NULL) {
375 while ((ch = getc(hostf)) != '\n' && ch != EOF);
376 continue; 469 continue;
377 } 470 while (p < buf + buflen && *p != '\n' && *p != ' ' && *p != '\t') {
378 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 471 if (!isprint(*p))
472 goto bail;
379 *p = isupper(*p) ? tolower(*p) : *p; 473 *p = isupper(*p) ? tolower(*p) : *p;
380 p++; 474 p++;
381 } 475 }
476 if (p >= buf + buflen)
477 continue;
382 if (*p == ' ' || *p == '\t') { 478 if (*p == ' ' || *p == '\t') {
383 *p++ = '\0'; 479 *p++ = '\0';
384 while (*p == ' ' || *p == '\t') 480 while (p < buf + buflen && (*p == ' ' || *p == '\t'))
385 p++; 481 p++;
482 if (p >= buf + buflen)
483 continue;
386 user = p; 484 user = p;
387 while (*p != '\n' && *p != ' ' && 485 while (p < buf + buflen && *p != '\n' && *p != ' ' &&
388 *p != '\t' && *p != '\0') 486 *p != '\t') {
487 if (!isprint(*p))
488 goto bail;
389 p++; 489 p++;
490 }
390 } else 491 } else
391 user = p; 492 user = p;
392 *p = '\0'; 493 *p = '\0';
@@ -397,27 +498,29 @@ __ivaliduser(hostf, raddr, luser, ruser)
397 auser = *user ? user : luser; 498 auser = *user ? user : luser;
398 ahost = buf; 499 ahost = buf;
399 500
400 if ((hp = gethostbyaddr((char *) &raddr, 501 if (strlen(ahost) >= MAXHOSTNAMELEN)
401 sizeof(raddr), AF_INET)) == NULL) { 502 continue;
402 abort();
403 return -1;
404 }
405 (void) strncpy(rhost, hp->h_name, sizeof(rhost));
406 rhost[sizeof(rhost) - 1] = '\0';
407 503
504 /*
505 * innetgr() must lookup a hostname (we do not attempt
506 * to change the semantics so that netgroups may have
507 * #.#.#.# addresses in the list.)
508 */
408 if (ahost[0] == '+') 509 if (ahost[0] == '+')
409 switch (ahost[1]) { 510 switch (ahost[1]) {
410 case '\0': 511 case '\0':
411 hostok = 1; 512 hostok = 1;
412 break; 513 break;
413
414 case '@': 514 case '@':
415 hostok = innetgr(&ahost[2], rhost, NULL, 515 if (rhost == (char *)-1)
416 domain); 516 rhost = __gethostloop(raddr, salen);
517 hostok = 0;
518 if (rhost)
519 hostok = innetgr(&ahost[2], rhost,
520 NULL, domain);
417 break; 521 break;
418
419 default: 522 default:
420 hostok = __icheckhost(raddr, &ahost[1]); 523 hostok = __icheckhost(raddr, salen, &ahost[1]);
421 break; 524 break;
422 } 525 }
423 else if (ahost[0] == '-') 526 else if (ahost[0] == '-')
@@ -425,18 +528,20 @@ __ivaliduser(hostf, raddr, luser, ruser)
425 case '\0': 528 case '\0':
426 hostok = -1; 529 hostok = -1;
427 break; 530 break;
428
429 case '@': 531 case '@':
430 hostok = -innetgr(&ahost[2], rhost, NULL, 532 if (rhost == (char *)-1)
431 domain); 533 rhost = __gethostloop(raddr, salen);
534 hostok = 0;
535 if (rhost)
536 hostok = -innetgr(&ahost[2], rhost,
537 NULL, domain);
432 break; 538 break;
433
434 default: 539 default:
435 hostok = -__icheckhost(raddr, &ahost[1]); 540 hostok = -__icheckhost(raddr, salen, &ahost[1]);
436 break; 541 break;
437 } 542 }
438 else 543 else
439 hostok = __icheckhost(raddr, ahost); 544 hostok = __icheckhost(raddr, salen, ahost);
440 545
441 546
442 if (auser[0] == '+') 547 if (auser[0] == '+')
@@ -444,14 +549,12 @@ __ivaliduser(hostf, raddr, luser, ruser)
444 case '\0': 549 case '\0':
445 userok = 1; 550 userok = 1;
446 break; 551 break;
447
448 case '@': 552 case '@':
449 userok = innetgr(&auser[2], NULL, ruser, 553 userok = innetgr(&auser[2], NULL, ruser,
450 domain); 554 domain);
451 break; 555 break;
452
453 default: 556 default:
454 userok = strcmp(ruser, &auser[1]) == 0; 557 userok = strcmp(ruser, &auser[1]) ? 0 : 1;
455 break; 558 break;
456 } 559 }
457 else if (auser[0] == '-') 560 else if (auser[0] == '-')
@@ -459,59 +562,130 @@ __ivaliduser(hostf, raddr, luser, ruser)
459 case '\0': 562 case '\0':
460 userok = -1; 563 userok = -1;
461 break; 564 break;
462
463 case '@': 565 case '@':
464 userok = -innetgr(&auser[2], NULL, ruser, 566 userok = -innetgr(&auser[2], NULL, ruser,
465 domain); 567 domain);
466 break; 568 break;
467
468 default: 569 default:
469 userok = -(strcmp(ruser, &auser[1]) == 0); 570 userok = strcmp(ruser, &auser[1]) ? 0 : -1;
470 break; 571 break;
471 } 572 }
472 else 573 else
473 userok = strcmp(ruser, auser) == 0; 574 userok = strcmp(ruser, auser) ? 0 : 1;
474 575
475 /* Check if one component did not match */ 576 /* Check if one component did not match */
476 if (hostok == 0 || userok == 0) 577 if (hostok == 0 || userok == 0)
477 continue; 578 continue;
478 579
479 /* Check if we got a forbidden pair */ 580 /* Check if we got a forbidden pair */
480 if (userok == -1 || hostok == -1) 581 if (userok <= -1 || hostok <= -1)
481 return -1; 582 return (-1);
482 583
483 /* Check if we got a valid pair */ 584 /* Check if we got a valid pair */
484 if (hostok == 1 && userok == 1) 585 if (hostok >= 1 && userok >= 1)
485 return 0; 586 return (0);
486 } 587 }
487 return -1; 588bail:
589 return (-1);
488} 590}
489 591
490/* 592/*
491 * Returns "true" if match, 0 if no match. 593 * Returns "true" if match, 0 if no match. If we do not find any
594 * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
492 */ 595 */
493static int 596static int
494__icheckhost(raddr, lhost) 597__icheckhost(struct sockaddr *raddr, socklen_t salen, const char *lhost)
495 u_long raddr;
496 const char *lhost;
497{ 598{
498 register struct hostent *hp; 599 struct addrinfo hints, *res, *r;
499 register u_long laddr; 600 char h1[NI_MAXHOST], h2[NI_MAXHOST];
500 register char **pp; 601 int error;
501 602 const int niflags = NI_NUMERICHOST;
502 /* Try for raw ip address first. */ 603
503 if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) 604 h1[0] = '\0';
504 return (raddr == laddr); 605 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
606 niflags) != 0)
607 return (0);
505 608
506 /* Better be a hostname. */ 609 /* Resolve laddr into sockaddr */
507 if ((hp = gethostbyname(lhost)) == NULL) 610 memset(&hints, 0, sizeof(hints));
611 hints.ai_family = raddr->sa_family;
612 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
613 res = NULL;
614 error = getaddrinfo(lhost, "0", &hints, &res);
615 if (error)
508 return (0); 616 return (0);
509 617
510 /* Spin through ip addresses. */ 618 /*
511 for (pp = hp->h_addr_list; *pp; ++pp) 619 * Try string comparisons between raddr and laddr.
512 if (!bcmp(&raddr, *pp, sizeof(u_long))) 620 */
621 for (r = res; r; r = r->ai_next) {
622 h2[0] = '\0';
623 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
624 NULL, 0, niflags) != 0)
625 continue;
626 if (strcmp(h1, h2) == 0) {
627 freeaddrinfo(res);
513 return (1); 628 return (1);
629 }
630 }
514 631
515 /* No match. */ 632 /* No match. */
633 freeaddrinfo(res);
516 return (0); 634 return (0);
517} 635}
636
637/*
638 * Return the hostname associated with the supplied address.
639 * Do a reverse lookup as well for security. If a loop cannot
640 * be found, pack the result of inet_ntoa() into the string.
641 */
642static char *
643__gethostloop(struct sockaddr *raddr, socklen_t salen)
644{
645 static char remotehost[NI_MAXHOST];
646 char h1[NI_MAXHOST], h2[NI_MAXHOST];
647 struct addrinfo hints, *res, *r;
648 int error;
649 const int niflags = NI_NUMERICHOST;
650
651 h1[0] = remotehost[0] = '\0';
652 if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
653 NULL, 0, NI_NAMEREQD) != 0)
654 return (NULL);
655 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
656 niflags) != 0)
657 return (NULL);
658
659 /*
660 * Look up the name and check that the supplied
661 * address is in the list
662 */
663 memset(&hints, 0, sizeof(hints));
664 hints.ai_family = raddr->sa_family;
665 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
666 hints.ai_flags = AI_CANONNAME;
667 res = NULL;
668 error = getaddrinfo(remotehost, "0", &hints, &res);
669 if (error)
670 return (NULL);
671
672 for (r = res; r; r = r->ai_next) {
673 h2[0] = '\0';
674 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
675 NULL, 0, niflags) != 0)
676 continue;
677 if (strcmp(h1, h2) == 0) {
678 freeaddrinfo(res);
679 return (remotehost);
680 }
681 }
682
683 /*
684 * either the DNS adminstrator has made a configuration
685 * mistake, or someone has attempted to spoof us
686 */
687 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
688 h1, res->ai_canonname ? res->ai_canonname : remotehost);
689 freeaddrinfo(res);
690 return (NULL);
691}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-03 14:31:32 +0000