summaryrefslogtreecommitdiff
path: root/src/lib/libc/net/rcmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libc/net/rcmd.c')
-rw-r--r--src/lib/libc/net/rcmd.c554
1 files changed, 362 insertions, 192 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index e0310031b0..e2b9199492 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
1/* $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $ */
2
3/* 1/*
2 * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
4 * Copyright (c) 1983, 1993, 1994 3 * Copyright (c) 1983, 1993, 1994
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
6 * 5 *
@@ -12,11 +11,7 @@
12 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software 14 * 3. Neither the name of the University nor the names of its contributors
16 * must display the following acknowledgement:
17 * This product includes software developed by the University of
18 * California, Berkeley and its contributors.
19 * 4. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software 15 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission. 16 * without specific prior written permission.
22 * 17 *
@@ -33,14 +28,6 @@
33 * SUCH DAMAGE. 28 * SUCH DAMAGE.
34 */ 29 */
35 30
36#if defined(LIBC_SCCS) && !defined(lint)
37#if 0
38static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
39#else
40static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
41#endif
42#endif /* LIBC_SCCS and not lint */
43
44#include <sys/param.h> 31#include <sys/param.h>
45#include <sys/socket.h> 32#include <sys/socket.h>
46#include <sys/stat.h> 33#include <sys/stat.h>
@@ -57,35 +44,84 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
57#include <stdio.h> 44#include <stdio.h>
58#include <ctype.h> 45#include <ctype.h>
59#include <string.h> 46#include <string.h>
47#include <syslog.h>
48#include <stdlib.h>
49#include <netgroup.h>
60 50
61int __ivaliduser __P((FILE *, u_long, const char *, const char *)); 51int __ivaliduser(FILE *, in_addr_t, const char *, const char *);
62static int __icheckhost __P((u_long, const char *)); 52int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
53 const char *, const char *);
54static int __icheckhost(struct sockaddr *, socklen_t, const char *);
55static char *__gethostloop(struct sockaddr *, socklen_t);
56
57int
58rcmd(char **ahost, int rport, const char *locuser, const char *remuser,
59 const char *cmd, int *fd2p)
60{
61 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
62}
63 63
64int 64int
65rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 65rcmd_af(char **ahost, int porta, const char *locuser, const char *remuser,
66 char **ahost; 66 const char *cmd, int *fd2p, int af)
67 u_short rport;
68 const char *locuser, *remuser, *cmd;
69 int *fd2p;
70{ 67{
71 struct hostent *hp; 68 static char hbuf[MAXHOSTNAMELEN];
72 struct sockaddr_in sin, from; 69 char pbuf[NI_MAXSERV];
73 fd_set reads; 70 struct addrinfo hints, *res, *r;
74 long oldmask; 71 int error;
72 struct sockaddr_storage from;
73 fd_set *readsp = NULL;
74 sigset_t oldmask, mask;
75 pid_t pid; 75 pid_t pid;
76 int s, lport, timo; 76 int s, lport, timo;
77 char c; 77 char c, *p;
78 int refused;
79 in_port_t rport = porta;
80
81 /* call rcmdsh() with specified remote shell if appropriate. */
82 if (!issetugid() && (p = getenv("RSH")) && *p) {
83 struct servent *sp = getservbyname("shell", "tcp");
84
85 if (sp && sp->s_port == rport)
86 return (rcmdsh(ahost, rport, locuser, remuser,
87 cmd, p));
88 }
89
90 /* use rsh(1) if non-root and remote port is shell. */
91 if (geteuid()) {
92 struct servent *sp = getservbyname("shell", "tcp");
93
94 if (sp && sp->s_port == rport)
95 return (rcmdsh(ahost, rport, locuser, remuser,
96 cmd, NULL));
97 }
78 98
79 pid = getpid(); 99 pid = getpid();
80 hp = gethostbyname(*ahost); 100 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
81 if (hp == NULL) { 101 memset(&hints, 0, sizeof(hints));
82 herror(*ahost); 102 hints.ai_family = af;
103 hints.ai_socktype = SOCK_STREAM;
104 hints.ai_flags = AI_CANONNAME;
105 error = getaddrinfo(*ahost, pbuf, &hints, &res);
106 if (error) {
107#if 0
108 warnx("%s: %s", *ahost, gai_strerror(error));
109#endif
83 return (-1); 110 return (-1);
84 } 111 }
85 *ahost = hp->h_name; 112 if (res->ai_canonname) {
86 oldmask = sigblock(sigmask(SIGURG)); 113 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
114 *ahost = hbuf;
115 } else
116 ; /*XXX*/
117
118 r = res;
119 refused = 0;
120 sigemptyset(&mask);
121 sigaddset(&mask, SIGURG);
122 sigprocmask(SIG_BLOCK, &mask, &oldmask);
87 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 123 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
88 s = rresvport(&lport); 124 s = rresvport_af(&lport, r->ai_family);
89 if (s < 0) { 125 if (s < 0) {
90 if (errno == EAGAIN) 126 if (errno == EAGAIN)
91 (void)fprintf(stderr, 127 (void)fprintf(stderr,
@@ -93,54 +129,84 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
93 else 129 else
94 (void)fprintf(stderr, "rcmd: socket: %s\n", 130 (void)fprintf(stderr, "rcmd: socket: %s\n",
95 strerror(errno)); 131 strerror(errno));
96 sigsetmask(oldmask); 132 if (r->ai_next) {
97 return (-1); 133 r = r->ai_next;
134 continue;
135 } else {
136 sigprocmask(SIG_SETMASK, &oldmask, NULL);
137 freeaddrinfo(res);
138 return (-1);
139 }
98 } 140 }
99 fcntl(s, F_SETOWN, pid); 141 fcntl(s, F_SETOWN, pid);
100 sin.sin_len = sizeof(struct sockaddr_in); 142 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
101 sin.sin_family = hp->h_addrtype;
102 sin.sin_port = rport;
103 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
104 if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
105 break; 143 break;
106 (void)close(s); 144 (void)close(s);
107 if (errno == EADDRINUSE) { 145 if (errno == EADDRINUSE) {
108 lport--; 146 lport--;
109 continue; 147 continue;
110 } 148 }
111 if (errno == ECONNREFUSED && timo <= 16) { 149 if (errno == ECONNREFUSED)
112 (void)sleep(timo); 150 refused++;
113 timo *= 2; 151 if (r->ai_next) {
114 continue;
115 }
116 if (hp->h_addr_list[1] != NULL) {
117 int oerrno = errno; 152 int oerrno = errno;
118 153 char hbuf[NI_MAXHOST];
119 (void)fprintf(stderr, "connect to address %s: ", 154 const int niflags = NI_NUMERICHOST;
120 inet_ntoa(sin.sin_addr)); 155
156 hbuf[0] = '\0';
157 if (getnameinfo(r->ai_addr, r->ai_addrlen,
158 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
159 strlcpy(hbuf, "(invalid)", sizeof hbuf);
160 (void)fprintf(stderr, "connect to address %s: ", hbuf);
121 errno = oerrno; 161 errno = oerrno;
122 perror(0); 162 perror(0);
123 hp->h_addr_list++; 163 r = r->ai_next;
124 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length); 164 hbuf[0] = '\0';
125 (void)fprintf(stderr, "Trying %s...\n", 165 if (getnameinfo(r->ai_addr, r->ai_addrlen,
126 inet_ntoa(sin.sin_addr)); 166 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
167 strlcpy(hbuf, "(invalid)", sizeof hbuf);
168 (void)fprintf(stderr, "Trying %s...\n", hbuf);
127 continue; 169 continue;
128 } 170 }
129 (void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno)); 171 if (refused && timo <= 16) {
130 sigsetmask(oldmask); 172 (void)sleep(timo);
173 timo *= 2;
174 r = res;
175 refused = 0;
176 continue;
177 }
178 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
179 strerror(errno));
180 sigprocmask(SIG_SETMASK, &oldmask, NULL);
181 freeaddrinfo(res);
131 return (-1); 182 return (-1);
132 } 183 }
184 /* given "af" can be PF_UNSPEC, we need the real af for "s" */
185 af = r->ai_family;
186 freeaddrinfo(res);
187#if 0
188 /*
189 * try to rresvport() to the same port. This will make rresvport()
190 * fail it's first bind, resulting in it choosing a random port.
191 */
133 lport--; 192 lport--;
193#endif
134 if (fd2p == 0) { 194 if (fd2p == 0) {
135 write(s, "", 1); 195 write(s, "", 1);
136 lport = 0; 196 lport = 0;
137 } else { 197 } else {
138 char num[8]; 198 char num[8];
139 int s2 = rresvport(&lport), s3; 199 int s2 = rresvport_af(&lport, af), s3;
140 int len = sizeof(from); 200 socklen_t len = sizeof(from);
201 int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
141 202
142 if (s2 < 0) 203 if (s2 < 0)
143 goto bad; 204 goto bad;
205 readsp = (fd_set *)malloc(fdssize);
206 if (readsp == NULL) {
207 close(s2);
208 goto bad;
209 }
144 listen(s2, 1); 210 listen(s2, 1);
145 (void)snprintf(num, sizeof(num), "%d", lport); 211 (void)snprintf(num, sizeof(num), "%d", lport);
146 if (write(s, num, strlen(num)+1) != strlen(num)+1) { 212 if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +216,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
150 (void)close(s2); 216 (void)close(s2);
151 goto bad; 217 goto bad;
152 } 218 }
153 FD_ZERO(&reads); 219again:
154 FD_SET(s, &reads); 220 bzero(readsp, fdssize);
155 FD_SET(s2, &reads); 221 FD_SET(s, readsp);
222 FD_SET(s2, readsp);
156 errno = 0; 223 errno = 0;
157 if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 || 224 if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
158 !FD_ISSET(s2, &reads)) { 225 !FD_ISSET(s2, readsp)) {
159 if (errno != 0) 226 if (errno != 0)
160 (void)fprintf(stderr, 227 (void)fprintf(stderr,
161 "rcmd: select (setting up stderr): %s\n", 228 "rcmd: select (setting up stderr): %s\n",
@@ -167,21 +234,48 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
167 goto bad; 234 goto bad;
168 } 235 }
169 s3 = accept(s2, (struct sockaddr *)&from, &len); 236 s3 = accept(s2, (struct sockaddr *)&from, &len);
170 (void)close(s2);
171 if (s3 < 0) { 237 if (s3 < 0) {
172 (void)fprintf(stderr, 238 (void)fprintf(stderr,
173 "rcmd: accept: %s\n", strerror(errno)); 239 "rcmd: accept: %s\n", strerror(errno));
174 lport = 0; 240 lport = 0;
241 close(s2);
175 goto bad; 242 goto bad;
176 } 243 }
244
245 /*
246 * XXX careful for ftp bounce attacks. If discovered, shut them
247 * down and check for the real auxiliary channel to connect.
248 */
249 switch (from.ss_family) {
250 case AF_INET:
251 case AF_INET6:
252 if (getnameinfo((struct sockaddr *)&from, len,
253 NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
254 atoi(num) != 20) {
255 break;
256 }
257 close(s3);
258 goto again;
259 default:
260 break;
261 }
262 (void)close(s2);
263
177 *fd2p = s3; 264 *fd2p = s3;
178 from.sin_port = ntohs(from.sin_port); 265 switch (from.ss_family) {
179 if (from.sin_family != AF_INET || 266 case AF_INET:
180 from.sin_port >= IPPORT_RESERVED || 267 case AF_INET6:
181 from.sin_port < IPPORT_RESERVED / 2) { 268 if (getnameinfo((struct sockaddr *)&from, len,
182 (void)fprintf(stderr, 269 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
183 "socket: protocol failure in circuit setup.\n"); 270 (atoi(num) >= IPPORT_RESERVED ||
184 goto bad2; 271 atoi(num) < IPPORT_RESERVED / 2)) {
272 (void)fprintf(stderr,
273 "socket: protocol failure in circuit setup.\n");
274 goto bad2;
275 }
276 break;
277 default:
278 break;
185 } 279 }
186 } 280 }
187 (void)write(s, locuser, strlen(locuser)+1); 281 (void)write(s, locuser, strlen(locuser)+1);
@@ -200,70 +294,44 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
200 } 294 }
201 goto bad2; 295 goto bad2;
202 } 296 }
203 sigsetmask(oldmask); 297 sigprocmask(SIG_SETMASK, &oldmask, NULL);
298 free(readsp);
204 return (s); 299 return (s);
205bad2: 300bad2:
206 if (lport) 301 if (lport)
207 (void)close(*fd2p); 302 (void)close(*fd2p);
208bad: 303bad:
304 if (readsp)
305 free(readsp);
209 (void)close(s); 306 (void)close(s);
210 sigsetmask(oldmask); 307 sigprocmask(SIG_SETMASK, &oldmask, NULL);
211 return (-1); 308 return (-1);
212} 309}
213 310
214int
215rresvport(alport)
216 int *alport;
217{
218 struct sockaddr_in sin;
219 int s;
220
221 sin.sin_len = sizeof(struct sockaddr_in);
222 sin.sin_family = AF_INET;
223 sin.sin_addr.s_addr = INADDR_ANY;
224 s = socket(AF_INET, SOCK_STREAM, 0);
225 if (s < 0)
226 return (-1);
227 for (;;) {
228 sin.sin_port = htons((u_short)*alport);
229 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
230 return (s);
231 if (errno != EADDRINUSE) {
232 (void)close(s);
233 return (-1);
234 }
235 (*alport)--;
236 if (*alport == IPPORT_RESERVED/2) {
237 (void)close(s);
238 errno = EAGAIN; /* close */
239 return (-1);
240 }
241 }
242}
243
244int __check_rhosts_file = 1; 311int __check_rhosts_file = 1;
245char *__rcmd_errstr; 312char *__rcmd_errstr;
246 313
247int 314int
248ruserok(rhost, superuser, ruser, luser) 315ruserok(const char *rhost, int superuser, const char *ruser, const char *luser)
249 const char *rhost, *ruser, *luser;
250 int superuser;
251{ 316{
252 struct hostent *hp; 317 struct addrinfo hints, *res, *r;
253 char **ap; 318 int error;
254 int i; 319
255#define MAXADDRS 35 320 memset(&hints, 0, sizeof(hints));
256 u_long addrs[MAXADDRS + 1]; 321 hints.ai_family = PF_UNSPEC;
257 322 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
258 if ((hp = gethostbyname(rhost)) == NULL) 323 error = getaddrinfo(rhost, "0", &hints, &res);
324 if (error)
259 return (-1); 325 return (-1);
260 for (i = 0, ap = hp->h_addr_list; *ap && i < MAXADDRS; ++ap, ++i)
261 bcopy(*ap, &addrs[i], sizeof(addrs[i]));
262 addrs[i] = 0;
263 326
264 for (i = 0; i < MAXADDRS && addrs[i]; i++) 327 for (r = res; r; r = r->ai_next) {
265 if (iruserok(addrs[i], superuser, ruser, luser) == 0) 328 if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
329 luser) == 0) {
330 freeaddrinfo(res);
266 return (0); 331 return (0);
332 }
333 }
334 freeaddrinfo(res);
267 return (-1); 335 return (-1);
268} 336}
269 337
@@ -277,12 +345,24 @@ ruserok(rhost, superuser, ruser, luser)
277 * Returns 0 if ok, -1 if not ok. 345 * Returns 0 if ok, -1 if not ok.
278 */ 346 */
279int 347int
280iruserok(raddr, superuser, ruser, luser) 348iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
281 u_long raddr; 349{
282 int superuser; 350 struct sockaddr_in sin;
283 const char *ruser, *luser; 351
352 memset(&sin, 0, sizeof(sin));
353 sin.sin_family = AF_INET;
354 sin.sin_len = sizeof(struct sockaddr_in);
355 memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
356 return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
357 luser);
358}
359
360int
361iruserok_sa(const void *raddr, int rlen, int superuser, const char *ruser,
362 const char *luser)
284{ 363{
285 register char *cp; 364 struct sockaddr *sa;
365 char *cp;
286 struct stat sbuf; 366 struct stat sbuf;
287 struct passwd *pwd; 367 struct passwd *pwd;
288 FILE *hostf; 368 FILE *hostf;
@@ -290,11 +370,12 @@ iruserok(raddr, superuser, ruser, luser)
290 int first; 370 int first;
291 char pbuf[MAXPATHLEN]; 371 char pbuf[MAXPATHLEN];
292 372
373 sa = (struct sockaddr *)raddr;
293 first = 1; 374 first = 1;
294 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); 375 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
295again: 376again:
296 if (hostf) { 377 if (hostf) {
297 if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { 378 if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
298 (void)fclose(hostf); 379 (void)fclose(hostf);
299 return (0); 380 return (0);
300 } 381 }
@@ -304,8 +385,7 @@ again:
304 first = 0; 385 first = 0;
305 if ((pwd = getpwnam(luser)) == NULL) 386 if ((pwd = getpwnam(luser)) == NULL)
306 return (-1); 387 return (-1);
307 (void)strcpy(pbuf, pwd->pw_dir); 388 snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
308 (void)strcat(pbuf, "/.rhosts");
309 389
310 /* 390 /*
311 * Change effective uid while opening .rhosts. If root and 391 * Change effective uid while opening .rhosts. If root and
@@ -333,7 +413,7 @@ again:
333 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) 413 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
334 cp = "bad .rhosts owner"; 414 cp = "bad .rhosts owner";
335 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) 415 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
336 cp = ".rhosts writeable by other than owner"; 416 cp = ".rhosts writable by other than owner";
337 /* If there were any problems, quit. */ 417 /* If there were any problems, quit. */
338 if (cp) { 418 if (cp) {
339 __rcmd_errstr = cp; 419 __rcmd_errstr = cp;
@@ -352,41 +432,58 @@ again:
352 * Returns 0 if ok, -1 if not ok. 432 * Returns 0 if ok, -1 if not ok.
353 */ 433 */
354int 434int
355__ivaliduser(hostf, raddr, luser, ruser) 435__ivaliduser(FILE *hostf, in_addr_t raddrl, const char *luser,
356 FILE *hostf; 436 const char *ruser)
357 u_long raddr; 437{
358 const char *luser, *ruser; 438 struct sockaddr_in sin;
439
440 memset(&sin, 0, sizeof(sin));
441 sin.sin_family = AF_INET;
442 sin.sin_len = sizeof(struct sockaddr_in);
443 memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
444 return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
445 luser, ruser);
446}
447
448int
449__ivaliduser_sa(FILE *hostf, struct sockaddr *raddr, socklen_t salen,
450 const char *luser, const char *ruser)
359{ 451{
360 register char *user, *p; 452 char *user, *p;
361 int ch; 453 char *buf;
362 char buf[MAXHOSTNAMELEN + 128]; /* host + login */
363 const char *auser, *ahost; 454 const char *auser, *ahost;
364 int hostok, userok; 455 int hostok, userok;
365 char rhost[MAXHOSTNAMELEN]; 456 char *rhost = (char *)-1;
366 struct hostent *hp;
367 char domain[MAXHOSTNAMELEN]; 457 char domain[MAXHOSTNAMELEN];
458 size_t buflen;
368 459
369 getdomainname(domain, sizeof(domain)); 460 getdomainname(domain, sizeof(domain));
370 461
371 while (fgets(buf, sizeof(buf), hostf)) { 462 while ((buf = fgetln(hostf, &buflen))) {
372 p = buf; 463 p = buf;
373 /* Skip lines that are too long. */ 464 if (*p == '#')
374 if (strchr(p, '\n') == NULL) {
375 while ((ch = getc(hostf)) != '\n' && ch != EOF);
376 continue; 465 continue;
377 } 466 while (p < buf + buflen && *p != '\n' && *p != ' ' && *p != '\t') {
378 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 467 if (!isprint(*p))
468 goto bail;
379 *p = isupper(*p) ? tolower(*p) : *p; 469 *p = isupper(*p) ? tolower(*p) : *p;
380 p++; 470 p++;
381 } 471 }
472 if (p >= buf + buflen)
473 continue;
382 if (*p == ' ' || *p == '\t') { 474 if (*p == ' ' || *p == '\t') {
383 *p++ = '\0'; 475 *p++ = '\0';
384 while (*p == ' ' || *p == '\t') 476 while (p < buf + buflen && (*p == ' ' || *p == '\t'))
385 p++; 477 p++;
478 if (p >= buf + buflen)
479 continue;
386 user = p; 480 user = p;
387 while (*p != '\n' && *p != ' ' && 481 while (p < buf + buflen && *p != '\n' && *p != ' ' &&
388 *p != '\t' && *p != '\0') 482 *p != '\t') {
483 if (!isprint(*p))
484 goto bail;
389 p++; 485 p++;
486 }
390 } else 487 } else
391 user = p; 488 user = p;
392 *p = '\0'; 489 *p = '\0';
@@ -397,27 +494,29 @@ __ivaliduser(hostf, raddr, luser, ruser)
397 auser = *user ? user : luser; 494 auser = *user ? user : luser;
398 ahost = buf; 495 ahost = buf;
399 496
400 if ((hp = gethostbyaddr((char *) &raddr, 497 if (strlen(ahost) >= MAXHOSTNAMELEN)
401 sizeof(raddr), AF_INET)) == NULL) { 498 continue;
402 abort();
403 return -1;
404 }
405 (void) strncpy(rhost, hp->h_name, sizeof(rhost));
406 rhost[sizeof(rhost) - 1] = '\0';
407 499
500 /*
501 * innetgr() must lookup a hostname (we do not attempt
502 * to change the semantics so that netgroups may have
503 * #.#.#.# addresses in the list.)
504 */
408 if (ahost[0] == '+') 505 if (ahost[0] == '+')
409 switch (ahost[1]) { 506 switch (ahost[1]) {
410 case '\0': 507 case '\0':
411 hostok = 1; 508 hostok = 1;
412 break; 509 break;
413
414 case '@': 510 case '@':
415 hostok = innetgr(&ahost[2], rhost, NULL, 511 if (rhost == (char *)-1)
416 domain); 512 rhost = __gethostloop(raddr, salen);
513 hostok = 0;
514 if (rhost)
515 hostok = innetgr(&ahost[2], rhost,
516 NULL, domain);
417 break; 517 break;
418
419 default: 518 default:
420 hostok = __icheckhost(raddr, &ahost[1]); 519 hostok = __icheckhost(raddr, salen, &ahost[1]);
421 break; 520 break;
422 } 521 }
423 else if (ahost[0] == '-') 522 else if (ahost[0] == '-')
@@ -425,18 +524,20 @@ __ivaliduser(hostf, raddr, luser, ruser)
425 case '\0': 524 case '\0':
426 hostok = -1; 525 hostok = -1;
427 break; 526 break;
428
429 case '@': 527 case '@':
430 hostok = -innetgr(&ahost[2], rhost, NULL, 528 if (rhost == (char *)-1)
431 domain); 529 rhost = __gethostloop(raddr, salen);
530 hostok = 0;
531 if (rhost)
532 hostok = -innetgr(&ahost[2], rhost,
533 NULL, domain);
432 break; 534 break;
433
434 default: 535 default:
435 hostok = -__icheckhost(raddr, &ahost[1]); 536 hostok = -__icheckhost(raddr, salen, &ahost[1]);
436 break; 537 break;
437 } 538 }
438 else 539 else
439 hostok = __icheckhost(raddr, ahost); 540 hostok = __icheckhost(raddr, salen, ahost);
440 541
441 542
442 if (auser[0] == '+') 543 if (auser[0] == '+')
@@ -444,14 +545,12 @@ __ivaliduser(hostf, raddr, luser, ruser)
444 case '\0': 545 case '\0':
445 userok = 1; 546 userok = 1;
446 break; 547 break;
447
448 case '@': 548 case '@':
449 userok = innetgr(&auser[2], NULL, ruser, 549 userok = innetgr(&auser[2], NULL, ruser,
450 domain); 550 domain);
451 break; 551 break;
452
453 default: 552 default:
454 userok = strcmp(ruser, &auser[1]) == 0; 553 userok = strcmp(ruser, &auser[1]) ? 0 : 1;
455 break; 554 break;
456 } 555 }
457 else if (auser[0] == '-') 556 else if (auser[0] == '-')
@@ -459,59 +558,130 @@ __ivaliduser(hostf, raddr, luser, ruser)
459 case '\0': 558 case '\0':
460 userok = -1; 559 userok = -1;
461 break; 560 break;
462
463 case '@': 561 case '@':
464 userok = -innetgr(&auser[2], NULL, ruser, 562 userok = -innetgr(&auser[2], NULL, ruser,
465 domain); 563 domain);
466 break; 564 break;
467
468 default: 565 default:
469 userok = -(strcmp(ruser, &auser[1]) == 0); 566 userok = strcmp(ruser, &auser[1]) ? 0 : -1;
470 break; 567 break;
471 } 568 }
472 else 569 else
473 userok = strcmp(ruser, auser) == 0; 570 userok = strcmp(ruser, auser) ? 0 : 1;
474 571
475 /* Check if one component did not match */ 572 /* Check if one component did not match */
476 if (hostok == 0 || userok == 0) 573 if (hostok == 0 || userok == 0)
477 continue; 574 continue;
478 575
479 /* Check if we got a forbidden pair */ 576 /* Check if we got a forbidden pair */
480 if (userok == -1 || hostok == -1) 577 if (userok <= -1 || hostok <= -1)
481 return -1; 578 return (-1);
482 579
483 /* Check if we got a valid pair */ 580 /* Check if we got a valid pair */
484 if (hostok == 1 && userok == 1) 581 if (hostok >= 1 && userok >= 1)
485 return 0; 582 return (0);
486 } 583 }
487 return -1; 584bail:
585 return (-1);
488} 586}
489 587
490/* 588/*
491 * Returns "true" if match, 0 if no match. 589 * Returns "true" if match, 0 if no match. If we do not find any
590 * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
492 */ 591 */
493static int 592static int
494__icheckhost(raddr, lhost) 593__icheckhost(struct sockaddr *raddr, socklen_t salen, const char *lhost)
495 u_long raddr;
496 const char *lhost;
497{ 594{
498 register struct hostent *hp; 595 struct addrinfo hints, *res, *r;
499 register u_long laddr; 596 char h1[NI_MAXHOST], h2[NI_MAXHOST];
500 register char **pp; 597 int error;
501 598 const int niflags = NI_NUMERICHOST;
502 /* Try for raw ip address first. */ 599
503 if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) 600 h1[0] = '\0';
504 return (raddr == laddr); 601 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
602 niflags) != 0)
603 return (0);
505 604
506 /* Better be a hostname. */ 605 /* Resolve laddr into sockaddr */
507 if ((hp = gethostbyname(lhost)) == NULL) 606 memset(&hints, 0, sizeof(hints));
607 hints.ai_family = raddr->sa_family;
608 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
609 res = NULL;
610 error = getaddrinfo(lhost, "0", &hints, &res);
611 if (error)
508 return (0); 612 return (0);
509 613
510 /* Spin through ip addresses. */ 614 /*
511 for (pp = hp->h_addr_list; *pp; ++pp) 615 * Try string comparisons between raddr and laddr.
512 if (!bcmp(&raddr, *pp, sizeof(u_long))) 616 */
617 for (r = res; r; r = r->ai_next) {
618 h2[0] = '\0';
619 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
620 NULL, 0, niflags) != 0)
621 continue;
622 if (strcmp(h1, h2) == 0) {
623 freeaddrinfo(res);
513 return (1); 624 return (1);
625 }
626 }
514 627
515 /* No match. */ 628 /* No match. */
629 freeaddrinfo(res);
516 return (0); 630 return (0);
517} 631}
632
633/*
634 * Return the hostname associated with the supplied address.
635 * Do a reverse lookup as well for security. If a loop cannot
636 * be found, pack the result of inet_ntoa() into the string.
637 */
638static char *
639__gethostloop(struct sockaddr *raddr, socklen_t salen)
640{
641 static char remotehost[NI_MAXHOST];
642 char h1[NI_MAXHOST], h2[NI_MAXHOST];
643 struct addrinfo hints, *res, *r;
644 int error;
645 const int niflags = NI_NUMERICHOST;
646
647 h1[0] = remotehost[0] = '\0';
648 if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
649 NULL, 0, NI_NAMEREQD) != 0)
650 return (NULL);
651 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
652 niflags) != 0)
653 return (NULL);
654
655 /*
656 * Look up the name and check that the supplied
657 * address is in the list
658 */
659 memset(&hints, 0, sizeof(hints));
660 hints.ai_family = raddr->sa_family;
661 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
662 hints.ai_flags = AI_CANONNAME;
663 res = NULL;
664 error = getaddrinfo(remotehost, "0", &hints, &res);
665 if (error)
666 return (NULL);
667
668 for (r = res; r; r = r->ai_next) {
669 h2[0] = '\0';
670 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
671 NULL, 0, niflags) != 0)
672 continue;
673 if (strcmp(h1, h2) == 0) {
674 freeaddrinfo(res);
675 return (remotehost);
676 }
677 }
678
679 /*
680 * either the DNS adminstrator has made a configuration
681 * mistake, or someone has attempted to spoof us
682 */
683 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
684 h1, res->ai_canonname ? res->ai_canonname : remotehost);
685 freeaddrinfo(res);
686 return (NULL);
687}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-01 05:13:33 +0000