1 files changed, 728 insertions, 0 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
new file mode 100644
index 0000000000..769e85e0a4
--- /dev/null
+++ b/src/lib/libc/net/rcmd.c
@@ -0,0 +1,728 @@
+/*
+ * Copyright (c) 1995, 1996, 1998 Theo de Raadt.  All rights reserved.
+ * Copyright (c) 1983, 1993, 1994
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: rcmd.c,v 1.48 2003/09/25 21:14:46 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <netdb.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <syslog.h>
+#include <stdlib.h>
+#include <netgroup.h>
+int     __ivaliduser(FILE *, in_addr_t, const char *, const char *);
+int     __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
+            const char *, const char *);
+static int __icheckhost(struct sockaddr *, socklen_t, const char *);
+static char *__gethostloop(struct sockaddr *, socklen_t);
+int
+rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
+        char **ahost;
+        in_port_t rport;
+        const char *locuser, *remuser, *cmd;
+        int *fd2p;
+{
+        return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
+}
+int
+rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af)
+        char **ahost;
+        in_port_t rport;
+        const char *locuser, *remuser, *cmd;
+        int *fd2p;
+        int af;
+{
+        static char hbuf[MAXHOSTNAMELEN];
+        char pbuf[NI_MAXSERV];
+        struct addrinfo hints, *res, *r;
+        int error;
+        struct sockaddr_storage from;
+        fd_set *readsp = NULL;
+        sigset_t oldmask, mask;
+        pid_t pid;
+        int s, lport, timo;
+        char c, *p;
+        int refused;
+        /* call rcmdsh() with specified remote shell if appropriate. */
+        if (!issetugid() && (p = getenv("RSH")) && *p) {
+                struct servent *sp = getservbyname("shell", "tcp");
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, p));
+        }
+        /* use rsh(1) if non-root and remote port is shell. */
+        if (geteuid()) {
+                struct servent *sp = getservbyname("shell", "tcp");
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, NULL));
+        }
+        pid = getpid();
+        snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = af;
+        hints.ai_socktype = SOCK_STREAM;
+        hints.ai_flags = AI_CANONNAME;
+        error = getaddrinfo(*ahost, pbuf, &hints, &res);
+        if (error) {
+#if 0
+                warnx("%s: %s", *ahost, gai_strerror(error));
+#endif
+                return (-1);
+        }
+        if (res->ai_canonname) {
+                strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
+                *ahost = hbuf;
+        } else
+                ; /*XXX*/
+        r = res;
+        refused = 0;
+        sigemptyset(&mask);
+        sigaddset(&mask, SIGURG);
+        oldmask = sigprocmask(SIG_BLOCK, &mask, &oldmask);
+        for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
+                s = rresvport_af(&lport, r->ai_family);
+                if (s < 0) {
+                        if (errno == EAGAIN)
+                                (void)fprintf(stderr,
+                                    "rcmd: socket: All ports in use\n");
+                        else
+                                (void)fprintf(stderr, "rcmd: socket: %s\n",
+                                    strerror(errno));
+                        if (r->ai_next) {
+                                r = r->ai_next;
+                                continue;
+                        } else {
+                                sigprocmask(SIG_SETMASK, &oldmask, NULL);
+                                freeaddrinfo(res);
+                                return (-1);
+                        }
+                }
+                fcntl(s, F_SETOWN, pid);
+                if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
+                        break;
+                (void)close(s);
+                if (errno == EADDRINUSE) {
+                        lport--;
+                        continue;
+                }
+                if (errno == ECONNREFUSED)
+                        refused++;
+                if (r->ai_next) {
+                        int oerrno = errno;
+                        char hbuf[NI_MAXHOST];
+#ifdef NI_WITHSCOPEID
+                        const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
+#else
+                        const int niflags = NI_NUMERICHOST;
+#endif
+                        hbuf[0] = '\0';
+                        if (getnameinfo(r->ai_addr, r->ai_addrlen,
+                            hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
+                                strlcpy(hbuf, "(invalid)", sizeof hbuf);
+                        (void)fprintf(stderr, "connect to address %s: ", hbuf);
+                        errno = oerrno;
+                        perror(0);
+                        r = r->ai_next;
+                        hbuf[0] = '\0';
+                        if (getnameinfo(r->ai_addr, r->ai_addrlen,
+                            hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
+                                strlcpy(hbuf, "(invalid)", sizeof hbuf);
+                        (void)fprintf(stderr, "Trying %s...\n", hbuf);
+                        continue;
+                }
+                if (refused && timo <= 16) {
+                        (void)sleep(timo);
+                        timo *= 2;
+                        r = res;
+                        refused = 0;
+                        continue;
+                }
+                (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
+                    strerror(errno));
+                sigprocmask(SIG_SETMASK, &oldmask, NULL);
+                freeaddrinfo(res);
+                return (-1);
+        }
+        /* given "af" can be PF_UNSPEC, we need the real af for "s" */
+        af = r->ai_family;
+        freeaddrinfo(res);
+#if 0
+        /*
+         * try to rresvport() to the same port. This will make rresvport()
+         * fail it's first bind, resulting in it choosing a random port.
+         */
+        lport--;
+#endif
+        if (fd2p == 0) {
+                write(s, "", 1);
+                lport = 0;
+        } else {
+                char num[8];
+                int s2 = rresvport_af(&lport, af), s3;
+                socklen_t len = sizeof(from);
+                int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
+                if (s2 < 0)
+                        goto bad;
+                readsp = (fd_set *)malloc(fdssize);
+                if (readsp == NULL)
+                        goto bad;
+                listen(s2, 1);
+                (void)snprintf(num, sizeof(num), "%d", lport);
+                if (write(s, num, strlen(num)+1) != strlen(num)+1) {
+                        (void)fprintf(stderr,
+                            "rcmd: write (setting up stderr): %s\n",
+                            strerror(errno));
+                        (void)close(s2);
+                        goto bad;
+                }
+again:
+                bzero(readsp, fdssize);
+                FD_SET(s, readsp);
+                FD_SET(s2, readsp);
+                errno = 0;
+                if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
+                    !FD_ISSET(s2, readsp)) {
+                        if (errno != 0)
+                                (void)fprintf(stderr,
+                                    "rcmd: select (setting up stderr): %s\n",
+                                    strerror(errno));
+                        else
+                                (void)fprintf(stderr,
+                                "select: protocol failure in circuit setup\n");
+                        (void)close(s2);
+                        goto bad;
+                }
+                s3 = accept(s2, (struct sockaddr *)&from, &len);
+                /*
+                 * XXX careful for ftp bounce attacks. If discovered, shut them
+                 * down and check for the real auxiliary channel to connect.
+                 */
+                switch (from.ss_family) {
+                case AF_INET:
+                case AF_INET6:
+                        if (getnameinfo((struct sockaddr *)&from, len,
+                            NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
+                            atoi(num) != 20) {
+                                break;
+                        }
+                        close(s3);
+                        goto again;
+                default:
+                        break;
+                }
+                (void)close(s2);
+                if (s3 < 0) {
+                        (void)fprintf(stderr,
+                            "rcmd: accept: %s\n", strerror(errno));
+                        lport = 0;
+                        goto bad;
+                }
+                *fd2p = s3;
+                switch (from.ss_family) {
+                case AF_INET:
+                case AF_INET6:
+                        if (getnameinfo((struct sockaddr *)&from, len,
+                            NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
+                            (atoi(num) >= IPPORT_RESERVED ||
+                             atoi(num) < IPPORT_RESERVED / 2)) {
+                                (void)fprintf(stderr,
+                                    "socket: protocol failure in circuit setup.\n");
+                                goto bad2;
+                        }
+                        break;
+                default:
+                        break;
+                }
+        }
+        (void)write(s, locuser, strlen(locuser)+1);
+        (void)write(s, remuser, strlen(remuser)+1);
+        (void)write(s, cmd, strlen(cmd)+1);
+        if (read(s, &c, 1) != 1) {
+                (void)fprintf(stderr,
+                    "rcmd: %s: %s\n", *ahost, strerror(errno));
+                goto bad2;
+        }
+        if (c != 0) {
+                while (read(s, &c, 1) == 1) {
+                        (void)write(STDERR_FILENO, &c, 1);
+                        if (c == '\n')
+                                break;
+                }
+                goto bad2;
+        }
+        sigprocmask(SIG_SETMASK, &oldmask, NULL);
+        free(readsp);
+        return (s);
+bad2:
+        if (lport)
+                (void)close(*fd2p);
+bad:
+        if (readsp)
+                free(readsp);
+        (void)close(s);
+        sigprocmask(SIG_SETMASK, &oldmask, NULL);
+        return (-1);
+}
+int     __check_rhosts_file = 1;
+char    *__rcmd_errstr;
+int
+ruserok(rhost, superuser, ruser, luser)
+        const char *rhost, *ruser, *luser;
+        int superuser;
+{
+        struct addrinfo hints, *res, *r;
+        int error;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = PF_UNSPEC;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        error = getaddrinfo(rhost, "0", &hints, &res);
+        if (error)
+                return (-1);
+        for (r = res; r; r = r->ai_next) {
+                if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
+                    luser) == 0) {
+                        freeaddrinfo(res);
+                        return (0);
+                }
+        }
+        freeaddrinfo(res);
+        return (-1);
+}
+/*
+ * New .rhosts strategy: We are passed an ip address. We spin through
+ * hosts.equiv and .rhosts looking for a match. When the .rhosts only
+ * has ip addresses, we don't have to trust a nameserver.  When it
+ * contains hostnames, we spin through the list of addresses the nameserver
+ * gives us and look for a match.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+iruserok(raddr, superuser, ruser, luser)
+        u_int32_t raddr;
+        int superuser;
+        const char *ruser, *luser;
+{
+        struct sockaddr_in sin;
+        memset(&sin, 0, sizeof(sin));
+        sin.sin_family = AF_INET;
+        sin.sin_len = sizeof(struct sockaddr_in);
+        memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
+        return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
+                    luser);
+}
+int
+iruserok_sa(raddr, rlen, superuser, ruser, luser)
+        const void *raddr;
+        int rlen;
+        int superuser;
+        const char *ruser, *luser;
+{
+        struct sockaddr *sa;
+        register char *cp;
+        struct stat sbuf;
+        struct passwd *pwd;
+        FILE *hostf;
+        uid_t uid;
+        int first;
+        char pbuf[MAXPATHLEN];
+        sa = (struct sockaddr *)raddr;
+        first = 1;
+        hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
+again:
+        if (hostf) {
+                if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
+                        (void)fclose(hostf);
+                        return (0);
+                }
+                (void)fclose(hostf);
+        }
+        if (first == 1 && (__check_rhosts_file || superuser)) {
+                first = 0;
+                if ((pwd = getpwnam(luser)) == NULL)
+                        return (-1);
+                snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
+                /*
+                 * Change effective uid while opening .rhosts.  If root and
+                 * reading an NFS mounted file system, can't read files that
+                 * are protected read/write owner only.
+                 */
+                uid = geteuid();
+                (void)seteuid(pwd->pw_uid);
+                hostf = fopen(pbuf, "r");
+                (void)seteuid(uid);
+                if (hostf == NULL)
+                        return (-1);
+                /*
+                 * If not a regular file, or is owned by someone other than
+                 * user or root or if writeable by anyone but the owner, quit.
+                 */
+                cp = NULL;
+                if (lstat(pbuf, &sbuf) < 0)
+                        cp = ".rhosts lstat failed";
+                else if (!S_ISREG(sbuf.st_mode))
+                        cp = ".rhosts not regular file";
+                else if (fstat(fileno(hostf), &sbuf) < 0)
+                        cp = ".rhosts fstat failed";
+                else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
+                        cp = "bad .rhosts owner";
+                else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
+                        cp = ".rhosts writable by other than owner";
+                /* If there were any problems, quit. */
+                if (cp) {
+                        __rcmd_errstr = cp;
+                        (void)fclose(hostf);
+                        return (-1);
+                }
+                goto again;
+        }
+        return (-1);
+}
+/*
+ * XXX
+ * Don't make static, used by lpd(8).
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+__ivaliduser(hostf, raddrl, luser, ruser)
+        FILE *hostf;
+        in_addr_t raddrl;
+        const char *luser, *ruser;
+{
+        struct sockaddr_in sin;
+        memset(&sin, 0, sizeof(sin));
+        sin.sin_family = AF_INET;
+        sin.sin_len = sizeof(struct sockaddr_in);
+        memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
+        return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
+                    luser, ruser);
+}
+int
+__ivaliduser_sa(hostf, raddr, salen, luser, ruser)
+        FILE *hostf;
+        struct sockaddr *raddr;
+        socklen_t salen;
+        const char *luser, *ruser;
+{
+        register char *user, *p;
+        char *buf;
+        const char *auser, *ahost;
+        int hostok, userok;
+        char *rhost = (char *)-1;
+        char domain[MAXHOSTNAMELEN];
+        size_t buflen;
+        getdomainname(domain, sizeof(domain));
+        while ((buf = fgetln(hostf, &buflen))) {
+                p = buf;
+                if (*p == '#')
+                        continue;
+                while (p < buf + buflen && *p != '\n' && *p != ' ' && *p != '\t') {
+                        if (!isprint(*p))
+                                goto bail;
+                        *p = isupper(*p) ? tolower(*p) : *p;
+                        p++;
+                }
+                if (p >= buf + buflen)
+                        continue;
+                if (*p == ' ' || *p == '\t') {
+                        *p++ = '\0';
+                        while (p < buf + buflen && (*p == ' ' || *p == '\t'))
+                                p++;
+                        if (p >= buf + buflen)
+                                continue;
+                        user = p;
+                        while (p < buf + buflen && *p != '\n' && *p != ' ' &&
+                            *p != '\t') {
+                                if (!isprint(*p))
+                                        goto bail;
+                                p++;
+                        }
+                } else
+                        user = p;
+                *p = '\0';
+                if (p == buf)
+                        continue;
+                auser = *user ? user : luser;
+                ahost = buf;
+                if (strlen(ahost) >= MAXHOSTNAMELEN)
+                        continue;
+                /*
+                 * innetgr() must lookup a hostname (we do not attempt
+                 * to change the semantics so that netgroups may have
+                 * #.#.#.# addresses in the list.)
+                 */
+                if (ahost[0] == '+')
+                        switch (ahost[1]) {
+                        case '\0':
+                                hostok = 1;
+                                break;
+                        case '@':
+                                if (rhost == (char *)-1)
+                                        rhost = __gethostloop(raddr, salen);
+                                hostok = 0;
+                                if (rhost)
+                                        hostok = innetgr(&ahost[2], rhost,
+                                            NULL, domain);
+                                break;
+                        default:
+                                hostok = __icheckhost(raddr, salen, &ahost[1]);
+                                break;
+                        }
+                else if (ahost[0] == '-')
+                        switch (ahost[1]) {
+                        case '\0':
+                                hostok = -1;
+                                break;
+                        case '@':
+                                if (rhost == (char *)-1)
+                                        rhost = __gethostloop(raddr, salen);
+                                hostok = 0;
+                                if (rhost)
+                                        hostok = -innetgr(&ahost[2], rhost,
+                                            NULL, domain);
+                                break;
+                        default:
+                                hostok = -__icheckhost(raddr, salen, &ahost[1]);
+                                break;
+                        }
+                else
+                        hostok = __icheckhost(raddr, salen, ahost);
+                if (auser[0] == '+')
+                        switch (auser[1]) {
+                        case '\0':
+                                userok = 1;
+                                break;
+                        case '@':
+                                userok = innetgr(&auser[2], NULL, ruser,
+                                    domain);
+                                break;
+                        default:
+                                userok = strcmp(ruser, &auser[1]) ? 0 : 1;
+                                break;
+                        }
+                else if (auser[0] == '-')
+                        switch (auser[1]) {
+                        case '\0':
+                                userok = -1;
+                                break;
+                        case '@':
+                                userok = -innetgr(&auser[2], NULL, ruser,
+                                    domain);
+                                break;
+                        default:
+                                userok = strcmp(ruser, &auser[1]) ? 0 : -1;
+                                break;
+                        }
+                else
+                        userok = strcmp(ruser, auser) ? 0 : 1;
+                /* Check if one component did not match */
+                if (hostok == 0 || userok == 0)
+                        continue;
+                /* Check if we got a forbidden pair */
+                if (userok <= -1 || hostok <= -1)
+                        return (-1);
+                /* Check if we got a valid pair */
+                if (hostok >= 1 && userok >= 1)
+                        return (0);
+        }
+bail:
+        return (-1);
+}
+/*
+ * Returns "true" if match, 0 if no match.  If we do not find any
+ * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
+ *
+ * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion
+ * if af == AF_INET6.
+ */
+static int
+__icheckhost(raddr, salen, lhost)
+        struct sockaddr *raddr;
+        socklen_t salen;
+        const char *lhost;
+{
+        struct addrinfo hints, *res, *r;
+        char h1[NI_MAXHOST], h2[NI_MAXHOST];
+        int error;
+#ifdef NI_WITHSCOPEID
+        const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
+#else
+        const int niflags = NI_NUMERICHOST;
+#endif
+        h1[0] = '\0';
+        if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
+            niflags) != 0)
+                return (0);
+        /* Resolve laddr into sockaddr */
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = raddr->sa_family;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        res = NULL;
+        error = getaddrinfo(lhost, "0", &hints, &res);
+        if (error)
+                return (0);
+        /*
+         * Try string comparisons between raddr and laddr.
+         */
+        for (r = res; r; r = r->ai_next) {
+                h2[0] = '\0';
+                if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
+                    NULL, 0, niflags) != 0)
+                        continue;
+                if (strcmp(h1, h2) == 0) {
+                        freeaddrinfo(res);
+                        return (1);
+                }
+        }
+        /* No match. */
+        freeaddrinfo(res);
+        return (0);
+}
+/*
+ * Return the hostname associated with the supplied address.
+ * Do a reverse lookup as well for security. If a loop cannot
+ * be found, pack the result of inet_ntoa() into the string.
+ *
+ * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion
+ * if af == AF_INET6.
+ */
+static char *
+__gethostloop(raddr, salen)
+        struct sockaddr *raddr;
+        socklen_t salen;
+{
+        static char remotehost[NI_MAXHOST];
+        char h1[NI_MAXHOST], h2[NI_MAXHOST];
+        struct addrinfo hints, *res, *r;
+        int error;
+#ifdef NI_WITHSCOPEID
+        const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
+#else
+        const int niflags = NI_NUMERICHOST;
+#endif
+        h1[0] = remotehost[0] = '\0';
+        if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
+            NULL, 0, NI_NAMEREQD) != 0)
+                return (NULL);
+        if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
+            niflags) != 0)
+                return (NULL);
+        /*
+         * Look up the name and check that the supplied
+         * address is in the list
+         */
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = raddr->sa_family;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        hints.ai_flags = AI_CANONNAME;
+        res = NULL;
+        error = getaddrinfo(remotehost, "0", &hints, &res);
+        if (error)
+                return (NULL);
+        for (r = res; r; r = r->ai_next) {
+                h2[0] = '\0';
+                if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
+                    NULL, 0, niflags) != 0)
+                        continue;
+                if (strcmp(h1, h2) == 0) {
+                        freeaddrinfo(res);
+                        return (remotehost);
+                }
+        }
+        /*
+         * either the DNS adminstrator has made a configuration
+         * mistake, or someone has attempted to spoof us
+         */
+        syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
+            h1, res->ai_canonname ? res->ai_canonname : remotehost);
+        freeaddrinfo(res);
+        return (NULL);
+}

diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c new file mode 100644 index 0000000000..769e85e0a4 --- /dev/null +++ b/src/lib/libc/net/rcmd.c
@@ -0,0 +1,728 @@
	1	/*
	2	* Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
	3	* Copyright (c) 1983, 1993, 1994
	4	* The Regents of the University of California. All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	* 3. Neither the name of the University nor the names of its contributors
	15	* may be used to endorse or promote products derived from this software
	16	* without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	19	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	20	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	21	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	22	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	23	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	24	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	26	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	27	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	28	* SUCH DAMAGE.
	29	*/
	30
	31	#if defined(LIBC_SCCS) && !defined(lint)
	32	static char *rcsid = "$OpenBSD: rcmd.c,v 1.48 2003/09/25 21:14:46 millert Exp $";
	33	#endif /* LIBC_SCCS and not lint */
	34
	35	#include <sys/param.h>
	36	#include <sys/socket.h>
	37	#include <sys/stat.h>
	38
	39	#include <netinet/in.h>
	40	#include <arpa/inet.h>
	41
	42	#include <signal.h>
	43	#include <fcntl.h>
	44	#include <netdb.h>
	45	#include <unistd.h>
	46	#include <pwd.h>
	47	#include <errno.h>
	48	#include <stdio.h>
	49	#include <ctype.h>
	50	#include <string.h>
	51	#include <syslog.h>
	52	#include <stdlib.h>
	53	#include <netgroup.h>
	54
	55	int __ivaliduser(FILE , in_addr_t, const char , const char *);
	56	int __ivaliduser_sa(FILE , struct sockaddr , socklen_t,
	57	const char , const char );
	58	static int __icheckhost(struct sockaddr , socklen_t, const char );
	59	static char __gethostloop(struct sockaddr , socklen_t);
	60
	61	int
	62	rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
	63	char **ahost;
	64	in_port_t rport;
	65	const char locuser, remuser, *cmd;
	66	int *fd2p;
	67	{
	68	return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
	69	}
	70
	71	int
	72	rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af)
	73	char **ahost;
	74	in_port_t rport;
	75	const char locuser, remuser, *cmd;
	76	int *fd2p;
	77	int af;
	78	{
	79	static char hbuf[MAXHOSTNAMELEN];
	80	char pbuf[NI_MAXSERV];
	81	struct addrinfo hints, res, r;
	82	int error;
	83	struct sockaddr_storage from;
	84	fd_set *readsp = NULL;
	85	sigset_t oldmask, mask;
	86	pid_t pid;
	87	int s, lport, timo;
	88	char c, *p;
	89	int refused;
	90
	91	/* call rcmdsh() with specified remote shell if appropriate. */
	92	if (!issetugid() && (p = getenv("RSH")) && *p) {
	93	struct servent *sp = getservbyname("shell", "tcp");
	94
	95	if (sp && sp->s_port == rport)
	96	return (rcmdsh(ahost, rport, locuser, remuser,
	97	cmd, p));
	98	}
	99
	100	/* use rsh(1) if non-root and remote port is shell. */
	101	if (geteuid()) {
	102	struct servent *sp = getservbyname("shell", "tcp");
	103
	104	if (sp && sp->s_port == rport)
	105	return (rcmdsh(ahost, rport, locuser, remuser,
	106	cmd, NULL));
	107	}
	108
	109	pid = getpid();
	110	snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
	111	memset(&hints, 0, sizeof(hints));
	112	hints.ai_family = af;
	113	hints.ai_socktype = SOCK_STREAM;
	114	hints.ai_flags = AI_CANONNAME;
	115	error = getaddrinfo(*ahost, pbuf, &hints, &res);
	116	if (error) {
	117	#if 0
	118	warnx("%s: %s", *ahost, gai_strerror(error));
	119	#endif
	120	return (-1);
	121	}
	122	if (res->ai_canonname) {
	123	strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
	124	*ahost = hbuf;
	125	} else
	126	; /XXX/
	127
	128	r = res;
	129	refused = 0;
	130	sigemptyset(&mask);
	131	sigaddset(&mask, SIGURG);
	132	oldmask = sigprocmask(SIG_BLOCK, &mask, &oldmask);
	133	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
	134	s = rresvport_af(&lport, r->ai_family);
	135	if (s < 0) {
	136	if (errno == EAGAIN)
	137	(void)fprintf(stderr,
	138	"rcmd: socket: All ports in use\n");
	139	else
	140	(void)fprintf(stderr, "rcmd: socket: %s\n",
	141	strerror(errno));
	142	if (r->ai_next) {
	143	r = r->ai_next;
	144	continue;
	145	} else {
	146	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	147	freeaddrinfo(res);
	148	return (-1);
	149	}
	150	}
	151	fcntl(s, F_SETOWN, pid);
	152	if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
	153	break;
	154	(void)close(s);
	155	if (errno == EADDRINUSE) {
	156	lport--;
	157	continue;
	158	}
	159	if (errno == ECONNREFUSED)
	160	refused++;
	161	if (r->ai_next) {
	162	int oerrno = errno;
	163	char hbuf[NI_MAXHOST];
	164	#ifdef NI_WITHSCOPEID
	165	const int niflags = NI_NUMERICHOST \| NI_WITHSCOPEID;
	166	#else
	167	const int niflags = NI_NUMERICHOST;
	168	#endif
	169
	170	hbuf[0] = '\0';
	171	if (getnameinfo(r->ai_addr, r->ai_addrlen,
	172	hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
	173	strlcpy(hbuf, "(invalid)", sizeof hbuf);
	174	(void)fprintf(stderr, "connect to address %s: ", hbuf);
	175	errno = oerrno;
	176	perror(0);
	177	r = r->ai_next;
	178	hbuf[0] = '\0';
	179	if (getnameinfo(r->ai_addr, r->ai_addrlen,
	180	hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
	181	strlcpy(hbuf, "(invalid)", sizeof hbuf);
	182	(void)fprintf(stderr, "Trying %s...\n", hbuf);
	183	continue;
	184	}
	185	if (refused && timo <= 16) {
	186	(void)sleep(timo);
	187	timo *= 2;
	188	r = res;
	189	refused = 0;
	190	continue;
	191	}
	192	(void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
	193	strerror(errno));
	194	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	195	freeaddrinfo(res);
	196	return (-1);
	197	}
	198	/* given "af" can be PF_UNSPEC, we need the real af for "s" */
	199	af = r->ai_family;
	200	freeaddrinfo(res);
	201	#if 0
	202	/*
	203	* try to rresvport() to the same port. This will make rresvport()
	204	* fail it's first bind, resulting in it choosing a random port.
	205	*/
	206	lport--;
	207	#endif
	208	if (fd2p == 0) {
	209	write(s, "", 1);
	210	lport = 0;
	211	} else {
	212	char num[8];
	213	int s2 = rresvport_af(&lport, af), s3;
	214	socklen_t len = sizeof(from);
	215	int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
	216
	217	if (s2 < 0)
	218	goto bad;
	219	readsp = (fd_set *)malloc(fdssize);
	220	if (readsp == NULL)
	221	goto bad;
	222	listen(s2, 1);
	223	(void)snprintf(num, sizeof(num), "%d", lport);
	224	if (write(s, num, strlen(num)+1) != strlen(num)+1) {
	225	(void)fprintf(stderr,
	226	"rcmd: write (setting up stderr): %s\n",
	227	strerror(errno));
	228	(void)close(s2);
	229	goto bad;
	230	}
	231	again:
	232	bzero(readsp, fdssize);
	233	FD_SET(s, readsp);
	234	FD_SET(s2, readsp);
	235	errno = 0;
	236	if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 \|\|
	237	!FD_ISSET(s2, readsp)) {
	238	if (errno != 0)
	239	(void)fprintf(stderr,
	240	"rcmd: select (setting up stderr): %s\n",
	241	strerror(errno));
	242	else
	243	(void)fprintf(stderr,
	244	"select: protocol failure in circuit setup\n");
	245	(void)close(s2);
	246	goto bad;
	247	}
	248	s3 = accept(s2, (struct sockaddr *)&from, &len);
	249	/*
	250	* XXX careful for ftp bounce attacks. If discovered, shut them
	251	* down and check for the real auxiliary channel to connect.
	252	*/
	253	switch (from.ss_family) {
	254	case AF_INET:
	255	case AF_INET6:
	256	if (getnameinfo((struct sockaddr *)&from, len,
	257	NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
	258	atoi(num) != 20) {
	259	break;
	260	}
	261	close(s3);
	262	goto again;
	263	default:
	264	break;
	265	}
	266	(void)close(s2);
	267	if (s3 < 0) {
	268	(void)fprintf(stderr,
	269	"rcmd: accept: %s\n", strerror(errno));
	270	lport = 0;
	271	goto bad;
	272	}
	273	*fd2p = s3;
	274	switch (from.ss_family) {
	275	case AF_INET:
	276	case AF_INET6:
	277	if (getnameinfo((struct sockaddr *)&from, len,
	278	NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 \|\|
	279	(atoi(num) >= IPPORT_RESERVED \|\|
	280	atoi(num) < IPPORT_RESERVED / 2)) {
	281	(void)fprintf(stderr,
	282	"socket: protocol failure in circuit setup.\n");
	283	goto bad2;
	284	}
	285	break;
	286	default:
	287	break;
	288	}
	289	}
	290	(void)write(s, locuser, strlen(locuser)+1);
	291	(void)write(s, remuser, strlen(remuser)+1);
	292	(void)write(s, cmd, strlen(cmd)+1);
	293	if (read(s, &c, 1) != 1) {
	294	(void)fprintf(stderr,
	295	"rcmd: %s: %s\n", *ahost, strerror(errno));
	296	goto bad2;
	297	}
	298	if (c != 0) {
	299	while (read(s, &c, 1) == 1) {
	300	(void)write(STDERR_FILENO, &c, 1);
	301	if (c == '\n')
	302	break;
	303	}
	304	goto bad2;
	305	}
	306	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	307	free(readsp);
	308	return (s);
	309	bad2:
	310	if (lport)
	311	(void)close(*fd2p);
	312	bad:
	313	if (readsp)
	314	free(readsp);
	315	(void)close(s);
	316	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	317	return (-1);
	318	}
	319
	320	int __check_rhosts_file = 1;
	321	char *__rcmd_errstr;
	322
	323	int
	324	ruserok(rhost, superuser, ruser, luser)
	325	const char rhost, ruser, *luser;
	326	int superuser;
	327	{
	328	struct addrinfo hints, res, r;
	329	int error;
	330
	331	memset(&hints, 0, sizeof(hints));
	332	hints.ai_family = PF_UNSPEC;
	333	hints.ai_socktype = SOCK_DGRAM; /dummy/
	334	error = getaddrinfo(rhost, "0", &hints, &res);
	335	if (error)
	336	return (-1);
	337
	338	for (r = res; r; r = r->ai_next) {
	339	if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
	340	luser) == 0) {
	341	freeaddrinfo(res);
	342	return (0);
	343	}
	344	}
	345	freeaddrinfo(res);
	346	return (-1);
	347	}
	348
	349	/*
	350	* New .rhosts strategy: We are passed an ip address. We spin through
	351	* hosts.equiv and .rhosts looking for a match. When the .rhosts only
	352	* has ip addresses, we don't have to trust a nameserver. When it
	353	* contains hostnames, we spin through the list of addresses the nameserver
	354	* gives us and look for a match.
	355	*
	356	* Returns 0 if ok, -1 if not ok.
	357	*/
	358	int
	359	iruserok(raddr, superuser, ruser, luser)
	360	u_int32_t raddr;
	361	int superuser;
	362	const char ruser, luser;
	363	{
	364	struct sockaddr_in sin;
	365
	366	memset(&sin, 0, sizeof(sin));
	367	sin.sin_family = AF_INET;
	368	sin.sin_len = sizeof(struct sockaddr_in);
	369	memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
	370	return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
	371	luser);
	372	}
	373
	374	int
	375	iruserok_sa(raddr, rlen, superuser, ruser, luser)
	376	const void *raddr;
	377	int rlen;
	378	int superuser;
	379	const char ruser, luser;
	380	{
	381	struct sockaddr *sa;
	382	register char *cp;
	383	struct stat sbuf;
	384	struct passwd *pwd;
	385	FILE *hostf;
	386	uid_t uid;
	387	int first;
	388	char pbuf[MAXPATHLEN];
	389
	390	sa = (struct sockaddr *)raddr;
	391	first = 1;
	392	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
	393	again:
	394	if (hostf) {
	395	if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
	396	(void)fclose(hostf);
	397	return (0);
	398	}
	399	(void)fclose(hostf);
	400	}
	401	if (first == 1 && (__check_rhosts_file \|\| superuser)) {
	402	first = 0;
	403	if ((pwd = getpwnam(luser)) == NULL)
	404	return (-1);
	405	snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
	406
	407	/*
	408	* Change effective uid while opening .rhosts. If root and
	409	* reading an NFS mounted file system, can't read files that
	410	* are protected read/write owner only.
	411	*/
	412	uid = geteuid();
	413	(void)seteuid(pwd->pw_uid);
	414	hostf = fopen(pbuf, "r");
	415	(void)seteuid(uid);
	416
	417	if (hostf == NULL)
	418	return (-1);
	419	/*
	420	* If not a regular file, or is owned by someone other than
	421	* user or root or if writeable by anyone but the owner, quit.
	422	*/
	423	cp = NULL;
	424	if (lstat(pbuf, &sbuf) < 0)
	425	cp = ".rhosts lstat failed";
	426	else if (!S_ISREG(sbuf.st_mode))
	427	cp = ".rhosts not regular file";
	428	else if (fstat(fileno(hostf), &sbuf) < 0)
	429	cp = ".rhosts fstat failed";
	430	else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
	431	cp = "bad .rhosts owner";
	432	else if (sbuf.st_mode & (S_IWGRP\|S_IWOTH))
	433	cp = ".rhosts writable by other than owner";
	434	/* If there were any problems, quit. */
	435	if (cp) {
	436	__rcmd_errstr = cp;
	437	(void)fclose(hostf);
	438	return (-1);
	439	}
	440	goto again;
	441	}
	442	return (-1);
	443	}
	444
	445	/*
	446	* XXX
	447	* Don't make static, used by lpd(8).
	448	*
	449	* Returns 0 if ok, -1 if not ok.
	450	*/
	451	int
	452	__ivaliduser(hostf, raddrl, luser, ruser)
	453	FILE *hostf;
	454	in_addr_t raddrl;
	455	const char luser, ruser;
	456	{
	457	struct sockaddr_in sin;
	458
	459	memset(&sin, 0, sizeof(sin));
	460	sin.sin_family = AF_INET;
	461	sin.sin_len = sizeof(struct sockaddr_in);
	462	memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
	463	return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
	464	luser, ruser);
	465	}
	466
	467	int
	468	__ivaliduser_sa(hostf, raddr, salen, luser, ruser)
	469	FILE *hostf;
	470	struct sockaddr *raddr;
	471	socklen_t salen;
	472	const char luser, ruser;
	473	{
	474	register char user, p;
	475	char *buf;
	476	const char auser, ahost;
	477	int hostok, userok;
	478	char rhost = (char )-1;
	479	char domain[MAXHOSTNAMELEN];
	480	size_t buflen;
	481
	482	getdomainname(domain, sizeof(domain));
	483
	484	while ((buf = fgetln(hostf, &buflen))) {
	485	p = buf;
	486	if (*p == '#')
	487	continue;
	488	while (p < buf + buflen && p != '\n' && p != ' ' && *p != '\t') {
	489	if (!isprint(*p))
	490	goto bail;
	491	p = isupper(p) ? tolower(p) : p;
	492	p++;
	493	}
	494	if (p >= buf + buflen)
	495	continue;
	496	if (p == ' ' \|\| p == '\t') {
	497	*p++ = '\0';
	498	while (p < buf + buflen && (p == ' ' \|\| p == '\t'))
	499	p++;
	500	if (p >= buf + buflen)
	501	continue;
	502	user = p;
	503	while (p < buf + buflen && p != '\n' && p != ' ' &&
	504	*p != '\t') {
	505	if (!isprint(*p))
	506	goto bail;
	507	p++;
	508	}
	509	} else
	510	user = p;
	511	*p = '\0';
	512
	513	if (p == buf)
	514	continue;
	515
	516	auser = *user ? user : luser;
	517	ahost = buf;
	518
	519	if (strlen(ahost) >= MAXHOSTNAMELEN)
	520	continue;
	521
	522	/*
	523	* innetgr() must lookup a hostname (we do not attempt
	524	* to change the semantics so that netgroups may have
	525	* #.#.#.# addresses in the list.)
	526	*/
	527	if (ahost[0] == '+')
	528	switch (ahost[1]) {
	529	case '\0':
	530	hostok = 1;
	531	break;
	532	case '@':
	533	if (rhost == (char *)-1)
	534	rhost = __gethostloop(raddr, salen);
	535	hostok = 0;
	536	if (rhost)
	537	hostok = innetgr(&ahost[2], rhost,
	538	NULL, domain);
	539	break;
	540	default:
	541	hostok = __icheckhost(raddr, salen, &ahost[1]);
	542	break;
	543	}
	544	else if (ahost[0] == '-')
	545	switch (ahost[1]) {
	546	case '\0':
	547	hostok = -1;
	548	break;
	549	case '@':
	550	if (rhost == (char *)-1)
	551	rhost = __gethostloop(raddr, salen);
	552	hostok = 0;
	553	if (rhost)
	554	hostok = -innetgr(&ahost[2], rhost,
	555	NULL, domain);
	556	break;
	557	default:
	558	hostok = -__icheckhost(raddr, salen, &ahost[1]);
	559	break;
	560	}
	561	else
	562	hostok = __icheckhost(raddr, salen, ahost);
	563
	564
	565	if (auser[0] == '+')
	566	switch (auser[1]) {
	567	case '\0':
	568	userok = 1;
	569	break;
	570	case '@':
	571	userok = innetgr(&auser[2], NULL, ruser,
	572	domain);
	573	break;
	574	default:
	575	userok = strcmp(ruser, &auser[1]) ? 0 : 1;
	576	break;
	577	}
	578	else if (auser[0] == '-')
	579	switch (auser[1]) {
	580	case '\0':
	581	userok = -1;
	582	break;
	583	case '@':
	584	userok = -innetgr(&auser[2], NULL, ruser,
	585	domain);
	586	break;
	587	default:
	588	userok = strcmp(ruser, &auser[1]) ? 0 : -1;
	589	break;
	590	}
	591	else
	592	userok = strcmp(ruser, auser) ? 0 : 1;
	593
	594	/* Check if one component did not match */
	595	if (hostok == 0 \|\| userok == 0)
	596	continue;
	597
	598	/* Check if we got a forbidden pair */
	599	if (userok <= -1 \|\| hostok <= -1)
	600	return (-1);
	601
	602	/* Check if we got a valid pair */
	603	if (hostok >= 1 && userok >= 1)
	604	return (0);
	605	}
	606	bail:
	607	return (-1);
	608	}
	609
	610	/*
	611	* Returns "true" if match, 0 if no match. If we do not find any
	612	* semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
	613	*
	614	* NI_WITHSCOPEID is useful for comparing sin6_scope_id portion
	615	* if af == AF_INET6.
	616	*/
	617	static int
	618	__icheckhost(raddr, salen, lhost)
	619	struct sockaddr *raddr;
	620	socklen_t salen;
	621	const char *lhost;
	622	{
	623	struct addrinfo hints, res, r;
	624	char h1[NI_MAXHOST], h2[NI_MAXHOST];
	625	int error;
	626	#ifdef NI_WITHSCOPEID
	627	const int niflags = NI_NUMERICHOST \| NI_WITHSCOPEID;
	628	#else
	629	const int niflags = NI_NUMERICHOST;
	630	#endif
	631
	632	h1[0] = '\0';
	633	if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
	634	niflags) != 0)
	635	return (0);
	636
	637	/* Resolve laddr into sockaddr */
	638	memset(&hints, 0, sizeof(hints));
	639	hints.ai_family = raddr->sa_family;
	640	hints.ai_socktype = SOCK_DGRAM; /dummy/
	641	res = NULL;
	642	error = getaddrinfo(lhost, "0", &hints, &res);
	643	if (error)
	644	return (0);
	645
	646	/*
	647	* Try string comparisons between raddr and laddr.
	648	*/
	649	for (r = res; r; r = r->ai_next) {
	650	h2[0] = '\0';
	651	if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
	652	NULL, 0, niflags) != 0)
	653	continue;
	654	if (strcmp(h1, h2) == 0) {
	655	freeaddrinfo(res);
	656	return (1);
	657	}
	658	}
	659
	660	/* No match. */
	661	freeaddrinfo(res);
	662	return (0);
	663	}
	664
	665	/*
	666	* Return the hostname associated with the supplied address.
	667	* Do a reverse lookup as well for security. If a loop cannot
	668	* be found, pack the result of inet_ntoa() into the string.
	669	*
	670	* NI_WITHSCOPEID is useful for comparing sin6_scope_id portion
	671	* if af == AF_INET6.
	672	*/
	673	static char *
	674	__gethostloop(raddr, salen)
	675	struct sockaddr *raddr;
	676	socklen_t salen;
	677	{
	678	static char remotehost[NI_MAXHOST];
	679	char h1[NI_MAXHOST], h2[NI_MAXHOST];
	680	struct addrinfo hints, res, r;
	681	int error;
	682	#ifdef NI_WITHSCOPEID
	683	const int niflags = NI_NUMERICHOST \| NI_WITHSCOPEID;
	684	#else
	685	const int niflags = NI_NUMERICHOST;
	686	#endif
	687
	688	h1[0] = remotehost[0] = '\0';
	689	if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
	690	NULL, 0, NI_NAMEREQD) != 0)
	691	return (NULL);
	692	if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
	693	niflags) != 0)
	694	return (NULL);
	695
	696	/*
	697	* Look up the name and check that the supplied
	698	* address is in the list
	699	*/
	700	memset(&hints, 0, sizeof(hints));
	701	hints.ai_family = raddr->sa_family;
	702	hints.ai_socktype = SOCK_DGRAM; /dummy/
	703	hints.ai_flags = AI_CANONNAME;
	704	res = NULL;
	705	error = getaddrinfo(remotehost, "0", &hints, &res);
	706	if (error)
	707	return (NULL);
	708
	709	for (r = res; r; r = r->ai_next) {
	710	h2[0] = '\0';
	711	if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
	712	NULL, 0, niflags) != 0)
	713	continue;
	714	if (strcmp(h1, h2) == 0) {
	715	freeaddrinfo(res);
	716	return (remotehost);
	717	}
	718	}
	719
	720	/*
	721	* either the DNS adminstrator has made a configuration
	722	* mistake, or someone has attempted to spoof us
	723	*/
	724	syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
	725	h1, res->ai_canonname ? res->ai_canonname : remotehost);
	726	freeaddrinfo(res);
	727	return (NULL);
	728	}