1 files changed, 691 insertions, 0 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
new file mode 100644
index 0000000000..30ca6710c4
--- /dev/null
+++ b/src/lib/libc/net/rcmd.c
@@ -0,0 +1,691 @@
+/*
+ * Copyright (c) 1995, 1996, 1998 Theo de Raadt.  All rights reserved.
+ * Copyright (c) 1983, 1993, 1994
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <netdb.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <syslog.h>
+#include <stdlib.h>
+#include <netgroup.h>
+int     __ivaliduser(FILE *, in_addr_t, const char *, const char *);
+int     __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
+            const char *, const char *);
+static int __icheckhost(struct sockaddr *, socklen_t, const char *);
+static char *__gethostloop(struct sockaddr *, socklen_t);
+int
+rcmd(char **ahost, int rport, const char *locuser, const char *remuser,
+    const char *cmd, int *fd2p)
+{
+        return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
+}
+int
+rcmd_af(char **ahost, int porta, const char *locuser, const char *remuser,
+    const char *cmd, int *fd2p, int af)
+{
+        static char hbuf[MAXHOSTNAMELEN];
+        char pbuf[NI_MAXSERV];
+        struct addrinfo hints, *res, *r;
+        int error;
+        struct sockaddr_storage from;
+        fd_set *readsp = NULL;
+        sigset_t oldmask, mask;
+        pid_t pid;
+        int s, lport, timo;
+        char c, *p;
+        int refused;
+        in_port_t rport = porta;
+        /* call rcmdsh() with specified remote shell if appropriate. */
+        if (!issetugid() && (p = getenv("RSH")) && *p) {
+                struct servent *sp = getservbyname("shell", "tcp");
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, p));
+        }
+        /* use rsh(1) if non-root and remote port is shell. */
+        if (geteuid()) {
+                struct servent *sp = getservbyname("shell", "tcp");
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, NULL));
+        }
+        pid = getpid();
+        snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = af;
+        hints.ai_socktype = SOCK_STREAM;
+        hints.ai_flags = AI_CANONNAME;
+        error = getaddrinfo(*ahost, pbuf, &hints, &res);
+        if (error) {
+#if 0
+                warnx("%s: %s", *ahost, gai_strerror(error));
+#endif
+                return (-1);
+        }
+        if (res->ai_canonname) {
+                strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
+                *ahost = hbuf;
+        } else
+                ; /*XXX*/
+        r = res;
+        refused = 0;
+        sigemptyset(&mask);
+        sigaddset(&mask, SIGURG);
+        sigprocmask(SIG_BLOCK, &mask, &oldmask);
+        for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
+                s = rresvport_af(&lport, r->ai_family);
+                if (s < 0) {
+                        if (errno == EAGAIN)
+                                (void)fprintf(stderr,
+                                    "rcmd: socket: All ports in use\n");
+                        else
+                                (void)fprintf(stderr, "rcmd: socket: %s\n",
+                                    strerror(errno));
+                        if (r->ai_next) {
+                                r = r->ai_next;
+                                continue;
+                        } else {
+                                sigprocmask(SIG_SETMASK, &oldmask, NULL);
+                                freeaddrinfo(res);
+                                return (-1);
+                        }
+                }
+                fcntl(s, F_SETOWN, pid);
+                if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
+                        break;
+                (void)close(s);
+                if (errno == EADDRINUSE) {
+                        lport--;
+                        continue;
+                }
+                if (errno == ECONNREFUSED)
+                        refused++;
+                if (r->ai_next) {
+                        int oerrno = errno;
+                        char hbuf[NI_MAXHOST];
+                        const int niflags = NI_NUMERICHOST;
+                        hbuf[0] = '\0';
+                        if (getnameinfo(r->ai_addr, r->ai_addrlen,
+                            hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
+                                strlcpy(hbuf, "(invalid)", sizeof hbuf);
+                        (void)fprintf(stderr, "connect to address %s: ", hbuf);
+                        errno = oerrno;
+                        perror(0);
+                        r = r->ai_next;
+                        hbuf[0] = '\0';
+                        if (getnameinfo(r->ai_addr, r->ai_addrlen,
+                            hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
+                                strlcpy(hbuf, "(invalid)", sizeof hbuf);
+                        (void)fprintf(stderr, "Trying %s...\n", hbuf);
+                        continue;
+                }
+                if (refused && timo <= 16) {
+                        (void)sleep(timo);
+                        timo *= 2;
+                        r = res;
+                        refused = 0;
+                        continue;
+                }
+                (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
+                    strerror(errno));
+                sigprocmask(SIG_SETMASK, &oldmask, NULL);
+                freeaddrinfo(res);
+                return (-1);
+        }
+        /* given "af" can be PF_UNSPEC, we need the real af for "s" */
+        af = r->ai_family;
+        freeaddrinfo(res);
+#if 0
+        /*
+         * try to rresvport() to the same port. This will make rresvport()
+         * fail it's first bind, resulting in it choosing a random port.
+         */
+        lport--;
+#endif
+        if (fd2p == 0) {
+                write(s, "", 1);
+                lport = 0;
+        } else {
+                char num[8];
+                int s2 = rresvport_af(&lport, af), s3;
+                socklen_t len = sizeof(from);
+                int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
+                if (s2 < 0)
+                        goto bad;
+                readsp = (fd_set *)malloc(fdssize);
+                if (readsp == NULL) {
+                        close(s2);
+                        goto bad;
+                }
+                listen(s2, 1);
+                (void)snprintf(num, sizeof(num), "%d", lport);
+                if (write(s, num, strlen(num)+1) != strlen(num)+1) {
+                        (void)fprintf(stderr,
+                            "rcmd: write (setting up stderr): %s\n",
+                            strerror(errno));
+                        (void)close(s2);
+                        goto bad;
+                }
+again:
+                bzero(readsp, fdssize);
+                FD_SET(s, readsp);
+                FD_SET(s2, readsp);
+                errno = 0;
+                if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
+                    !FD_ISSET(s2, readsp)) {
+                        if (errno != 0)
+                                (void)fprintf(stderr,
+                                    "rcmd: select (setting up stderr): %s\n",
+                                    strerror(errno));
+                        else
+                                (void)fprintf(stderr,
+                                "select: protocol failure in circuit setup\n");
+                        (void)close(s2);
+                        goto bad;
+                }
+                s3 = accept(s2, (struct sockaddr *)&from, &len);
+                if (s3 < 0) {
+                        (void)fprintf(stderr,
+                            "rcmd: accept: %s\n", strerror(errno));
+                        lport = 0;
+                        close(s2);
+                        goto bad;
+                }
+                /*
+                 * XXX careful for ftp bounce attacks. If discovered, shut them
+                 * down and check for the real auxiliary channel to connect.
+                 */
+                switch (from.ss_family) {
+                case AF_INET:
+                case AF_INET6:
+                        if (getnameinfo((struct sockaddr *)&from, len,
+                            NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
+                            atoi(num) != 20) {
+                                break;
+                        }
+                        close(s3);
+                        goto again;
+                default:
+                        break;
+                }
+                (void)close(s2);
+                *fd2p = s3;
+                switch (from.ss_family) {
+                case AF_INET:
+                case AF_INET6:
+                        if (getnameinfo((struct sockaddr *)&from, len,
+                            NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
+                            (atoi(num) >= IPPORT_RESERVED ||
+                             atoi(num) < IPPORT_RESERVED / 2)) {
+                                (void)fprintf(stderr,
+                                    "socket: protocol failure in circuit setup.\n");
+                                goto bad2;
+                        }
+                        break;
+                default:
+                        break;
+                }
+        }
+        (void)write(s, locuser, strlen(locuser)+1);
+        (void)write(s, remuser, strlen(remuser)+1);
+        (void)write(s, cmd, strlen(cmd)+1);
+        if (read(s, &c, 1) != 1) {
+                (void)fprintf(stderr,
+                    "rcmd: %s: %s\n", *ahost, strerror(errno));
+                goto bad2;
+        }
+        if (c != 0) {
+                while (read(s, &c, 1) == 1) {
+                        (void)write(STDERR_FILENO, &c, 1);
+                        if (c == '\n')
+                                break;
+                }
+                goto bad2;
+        }
+        sigprocmask(SIG_SETMASK, &oldmask, NULL);
+        free(readsp);
+        return (s);
+bad2:
+        if (lport)
+                (void)close(*fd2p);
+bad:
+        if (readsp)
+                free(readsp);
+        (void)close(s);
+        sigprocmask(SIG_SETMASK, &oldmask, NULL);
+        return (-1);
+}
+int     __check_rhosts_file = 1;
+char    *__rcmd_errstr;
+int
+ruserok(const char *rhost, int superuser, const char *ruser, const char *luser)
+{
+        struct addrinfo hints, *res, *r;
+        int error;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = PF_UNSPEC;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        error = getaddrinfo(rhost, "0", &hints, &res);
+        if (error)
+                return (-1);
+        for (r = res; r; r = r->ai_next) {
+                if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
+                    luser) == 0) {
+                        freeaddrinfo(res);
+                        return (0);
+                }
+        }
+        freeaddrinfo(res);
+        return (-1);
+}
+/*
+ * New .rhosts strategy: We are passed an ip address. We spin through
+ * hosts.equiv and .rhosts looking for a match. When the .rhosts only
+ * has ip addresses, we don't have to trust a nameserver.  When it
+ * contains hostnames, we spin through the list of addresses the nameserver
+ * gives us and look for a match.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
+{
+        struct sockaddr_in sin;
+        memset(&sin, 0, sizeof(sin));
+        sin.sin_family = AF_INET;
+        sin.sin_len = sizeof(struct sockaddr_in);
+        memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
+        return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
+                    luser);
+}
+int
+iruserok_sa(const void *raddr, int rlen, int superuser, const char *ruser,
+    const char *luser)
+{
+        struct sockaddr *sa;
+        char *cp;
+        struct stat sbuf;
+        struct passwd *pwd;
+        FILE *hostf;
+        uid_t uid;
+        int first;
+        char pbuf[MAXPATHLEN];
+        sa = (struct sockaddr *)raddr;
+        first = 1;
+        hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
+again:
+        if (hostf) {
+                if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
+                        (void)fclose(hostf);
+                        return (0);
+                }
+                (void)fclose(hostf);
+        }
+        if (first == 1 && (__check_rhosts_file || superuser)) {
+                int len;
+                first = 0;
+                if ((pwd = getpwnam(luser)) == NULL)
+                        return (-1);
+                len = snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
+                if (len < 0 || len >= sizeof pbuf)
+                        return (-1);
+                /*
+                 * Change effective uid while opening .rhosts.  If root and
+                 * reading an NFS mounted file system, can't read files that
+                 * are protected read/write owner only.
+                 */
+                uid = geteuid();
+                (void)seteuid(pwd->pw_uid);
+                hostf = fopen(pbuf, "r");
+                (void)seteuid(uid);
+                if (hostf == NULL)
+                        return (-1);
+                /*
+                 * If not a regular file, or is owned by someone other than
+                 * user or root or if writeable by anyone but the owner, quit.
+                 */
+                cp = NULL;
+                if (lstat(pbuf, &sbuf) < 0)
+                        cp = ".rhosts lstat failed";
+                else if (!S_ISREG(sbuf.st_mode))
+                        cp = ".rhosts not regular file";
+                else if (fstat(fileno(hostf), &sbuf) < 0)
+                        cp = ".rhosts fstat failed";
+                else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
+                        cp = "bad .rhosts owner";
+                else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
+                        cp = ".rhosts writable by other than owner";
+                /* If there were any problems, quit. */
+                if (cp) {
+                        __rcmd_errstr = cp;
+                        (void)fclose(hostf);
+                        return (-1);
+                }
+                goto again;
+        }
+        return (-1);
+}
+/*
+ * XXX
+ * Don't make static, used by lpd(8).
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+__ivaliduser(FILE *hostf, in_addr_t raddrl, const char *luser,
+    const char *ruser)
+{
+        struct sockaddr_in sin;
+        memset(&sin, 0, sizeof(sin));
+        sin.sin_family = AF_INET;
+        sin.sin_len = sizeof(struct sockaddr_in);
+        memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
+        return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
+                    luser, ruser);
+}
+int
+__ivaliduser_sa(FILE *hostf, struct sockaddr *raddr, socklen_t salen,
+    const char *luser, const char *ruser)
+{
+        char *user, *p;
+        char *buf;
+        const char *auser, *ahost;
+        int hostok, userok;
+        char *rhost = (char *)-1;
+        char domain[MAXHOSTNAMELEN];
+        size_t buflen;
+        getdomainname(domain, sizeof(domain));
+        while ((buf = fgetln(hostf, &buflen))) {
+                p = buf;
+                if (*p == '#')
+                        continue;
+                while (p < buf + buflen && *p != '\n' && *p != ' ' && *p != '\t') {
+                        if (!isprint(*p))
+                                goto bail;
+                        *p = isupper(*p) ? tolower(*p) : *p;
+                        p++;
+                }
+                if (p >= buf + buflen)
+                        continue;
+                if (*p == ' ' || *p == '\t') {
+                        *p++ = '\0';
+                        while (p < buf + buflen && (*p == ' ' || *p == '\t'))
+                                p++;
+                        if (p >= buf + buflen)
+                                continue;
+                        user = p;
+                        while (p < buf + buflen && *p != '\n' && *p != ' ' &&
+                            *p != '\t') {
+                                if (!isprint(*p))
+                                        goto bail;
+                                p++;
+                        }
+                } else
+                        user = p;
+                *p = '\0';
+                if (p == buf)
+                        continue;
+                auser = *user ? user : luser;
+                ahost = buf;
+                if (strlen(ahost) >= MAXHOSTNAMELEN)
+                        continue;
+                /*
+                 * innetgr() must lookup a hostname (we do not attempt
+                 * to change the semantics so that netgroups may have
+                 * #.#.#.# addresses in the list.)
+                 */
+                if (ahost[0] == '+')
+                        switch (ahost[1]) {
+                        case '\0':
+                                hostok = 1;
+                                break;
+                        case '@':
+                                if (rhost == (char *)-1)
+                                        rhost = __gethostloop(raddr, salen);
+                                hostok = 0;
+                                if (rhost)
+                                        hostok = innetgr(&ahost[2], rhost,
+                                            NULL, domain);
+                                break;
+                        default:
+                                hostok = __icheckhost(raddr, salen, &ahost[1]);
+                                break;
+                        }
+                else if (ahost[0] == '-')
+                        switch (ahost[1]) {
+                        case '\0':
+                                hostok = -1;
+                                break;
+                        case '@':
+                                if (rhost == (char *)-1)
+                                        rhost = __gethostloop(raddr, salen);
+                                hostok = 0;
+                                if (rhost)
+                                        hostok = -innetgr(&ahost[2], rhost,
+                                            NULL, domain);
+                                break;
+                        default:
+                                hostok = -__icheckhost(raddr, salen, &ahost[1]);
+                                break;
+                        }
+                else
+                        hostok = __icheckhost(raddr, salen, ahost);
+                if (auser[0] == '+')
+                        switch (auser[1]) {
+                        case '\0':
+                                userok = 1;
+                                break;
+                        case '@':
+                                userok = innetgr(&auser[2], NULL, ruser,
+                                    domain);
+                                break;
+                        default:
+                                userok = strcmp(ruser, &auser[1]) ? 0 : 1;
+                                break;
+                        }
+                else if (auser[0] == '-')
+                        switch (auser[1]) {
+                        case '\0':
+                                userok = -1;
+                                break;
+                        case '@':
+                                userok = -innetgr(&auser[2], NULL, ruser,
+                                    domain);
+                                break;
+                        default:
+                                userok = strcmp(ruser, &auser[1]) ? 0 : -1;
+                                break;
+                        }
+                else
+                        userok = strcmp(ruser, auser) ? 0 : 1;
+                /* Check if one component did not match */
+                if (hostok == 0 || userok == 0)
+                        continue;
+                /* Check if we got a forbidden pair */
+                if (userok <= -1 || hostok <= -1)
+                        return (-1);
+                /* Check if we got a valid pair */
+                if (hostok >= 1 && userok >= 1)
+                        return (0);
+        }
+bail:
+        return (-1);
+}
+/*
+ * Returns "true" if match, 0 if no match.  If we do not find any
+ * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
+ */
+static int
+__icheckhost(struct sockaddr *raddr, socklen_t salen, const char *lhost)
+{
+        struct addrinfo hints, *res, *r;
+        char h1[NI_MAXHOST], h2[NI_MAXHOST];
+        int error;
+        const int niflags = NI_NUMERICHOST;
+        h1[0] = '\0';
+        if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
+            niflags) != 0)
+                return (0);
+        /* Resolve laddr into sockaddr */
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = raddr->sa_family;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        res = NULL;
+        error = getaddrinfo(lhost, "0", &hints, &res);
+        if (error)
+                return (0);
+        /*
+         * Try string comparisons between raddr and laddr.
+         */
+        for (r = res; r; r = r->ai_next) {
+                h2[0] = '\0';
+                if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
+                    NULL, 0, niflags) != 0)
+                        continue;
+                if (strcmp(h1, h2) == 0) {
+                        freeaddrinfo(res);
+                        return (1);
+                }
+        }
+        /* No match. */
+        freeaddrinfo(res);
+        return (0);
+}
+/*
+ * Return the hostname associated with the supplied address.
+ * Do a reverse lookup as well for security. If a loop cannot
+ * be found, pack the result of inet_ntoa() into the string.
+ */
+static char *
+__gethostloop(struct sockaddr *raddr, socklen_t salen)
+{
+        static char remotehost[NI_MAXHOST];
+        char h1[NI_MAXHOST], h2[NI_MAXHOST];
+        struct addrinfo hints, *res, *r;
+        int error;
+        const int niflags = NI_NUMERICHOST;
+        h1[0] = remotehost[0] = '\0';
+        if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
+            NULL, 0, NI_NAMEREQD) != 0)
+                return (NULL);
+        if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
+            niflags) != 0)
+                return (NULL);
+        /*
+         * Look up the name and check that the supplied
+         * address is in the list
+         */
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = raddr->sa_family;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        hints.ai_flags = AI_CANONNAME;
+        res = NULL;
+        error = getaddrinfo(remotehost, "0", &hints, &res);
+        if (error)
+                return (NULL);
+        for (r = res; r; r = r->ai_next) {
+                h2[0] = '\0';
+                if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
+                    NULL, 0, niflags) != 0)
+                        continue;
+                if (strcmp(h1, h2) == 0) {
+                        freeaddrinfo(res);
+                        return (remotehost);
+                }
+        }
+        /*
+         * either the DNS adminstrator has made a configuration
+         * mistake, or someone has attempted to spoof us
+         */
+        syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
+            h1, res->ai_canonname ? res->ai_canonname : remotehost);
+        freeaddrinfo(res);
+        return (NULL);
+}

diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c new file mode 100644 index 0000000000..30ca6710c4 --- /dev/null +++ b/src/lib/libc/net/rcmd.c
@@ -0,0 +1,691 @@
	1	/*
	2	* Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
	3	* Copyright (c) 1983, 1993, 1994
	4	* The Regents of the University of California. All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	* 3. Neither the name of the University nor the names of its contributors
	15	* may be used to endorse or promote products derived from this software
	16	* without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	19	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	20	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	21	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	22	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	23	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	24	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	26	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	27	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	28	* SUCH DAMAGE.
	29	*/
	30
	31	#include <sys/param.h>
	32	#include <sys/socket.h>
	33	#include <sys/stat.h>
	34
	35	#include <netinet/in.h>
	36	#include <arpa/inet.h>
	37
	38	#include <signal.h>
	39	#include <fcntl.h>
	40	#include <netdb.h>
	41	#include <unistd.h>
	42	#include <pwd.h>
	43	#include <errno.h>
	44	#include <stdio.h>
	45	#include <ctype.h>
	46	#include <string.h>
	47	#include <syslog.h>
	48	#include <stdlib.h>
	49	#include <netgroup.h>
	50
	51	int __ivaliduser(FILE , in_addr_t, const char , const char *);
	52	int __ivaliduser_sa(FILE , struct sockaddr , socklen_t,
	53	const char , const char );
	54	static int __icheckhost(struct sockaddr , socklen_t, const char );
	55	static char __gethostloop(struct sockaddr , socklen_t);
	56
	57	int
	58	rcmd(char *ahost, int rport, const char locuser, const char *remuser,
	59	const char cmd, int fd2p)
	60	{
	61	return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
	62	}
	63
	64	int
	65	rcmd_af(char *ahost, int porta, const char locuser, const char *remuser,
	66	const char cmd, int fd2p, int af)
	67	{
	68	static char hbuf[MAXHOSTNAMELEN];
	69	char pbuf[NI_MAXSERV];
	70	struct addrinfo hints, res, r;
	71	int error;
	72	struct sockaddr_storage from;
	73	fd_set *readsp = NULL;
	74	sigset_t oldmask, mask;
	75	pid_t pid;
	76	int s, lport, timo;
	77	char c, *p;
	78	int refused;
	79	in_port_t rport = porta;
	80
	81	/* call rcmdsh() with specified remote shell if appropriate. */
	82	if (!issetugid() && (p = getenv("RSH")) && *p) {
	83	struct servent *sp = getservbyname("shell", "tcp");
	84
	85	if (sp && sp->s_port == rport)
	86	return (rcmdsh(ahost, rport, locuser, remuser,
	87	cmd, p));
	88	}
	89
	90	/* use rsh(1) if non-root and remote port is shell. */
	91	if (geteuid()) {
	92	struct servent *sp = getservbyname("shell", "tcp");
	93
	94	if (sp && sp->s_port == rport)
	95	return (rcmdsh(ahost, rport, locuser, remuser,
	96	cmd, NULL));
	97	}
	98
	99	pid = getpid();
	100	snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
	101	memset(&hints, 0, sizeof(hints));
	102	hints.ai_family = af;
	103	hints.ai_socktype = SOCK_STREAM;
	104	hints.ai_flags = AI_CANONNAME;
	105	error = getaddrinfo(*ahost, pbuf, &hints, &res);
	106	if (error) {
	107	#if 0
	108	warnx("%s: %s", *ahost, gai_strerror(error));
	109	#endif
	110	return (-1);
	111	}
	112	if (res->ai_canonname) {
	113	strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
	114	*ahost = hbuf;
	115	} else
	116	; /XXX/
	117
	118	r = res;
	119	refused = 0;
	120	sigemptyset(&mask);
	121	sigaddset(&mask, SIGURG);
	122	sigprocmask(SIG_BLOCK, &mask, &oldmask);
	123	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
	124	s = rresvport_af(&lport, r->ai_family);
	125	if (s < 0) {
	126	if (errno == EAGAIN)
	127	(void)fprintf(stderr,
	128	"rcmd: socket: All ports in use\n");
	129	else
	130	(void)fprintf(stderr, "rcmd: socket: %s\n",
	131	strerror(errno));
	132	if (r->ai_next) {
	133	r = r->ai_next;
	134	continue;
	135	} else {
	136	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	137	freeaddrinfo(res);
	138	return (-1);
	139	}
	140	}
	141	fcntl(s, F_SETOWN, pid);
	142	if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
	143	break;
	144	(void)close(s);
	145	if (errno == EADDRINUSE) {
	146	lport--;
	147	continue;
	148	}
	149	if (errno == ECONNREFUSED)
	150	refused++;
	151	if (r->ai_next) {
	152	int oerrno = errno;
	153	char hbuf[NI_MAXHOST];
	154	const int niflags = NI_NUMERICHOST;
	155
	156	hbuf[0] = '\0';
	157	if (getnameinfo(r->ai_addr, r->ai_addrlen,
	158	hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
	159	strlcpy(hbuf, "(invalid)", sizeof hbuf);
	160	(void)fprintf(stderr, "connect to address %s: ", hbuf);
	161	errno = oerrno;
	162	perror(0);
	163	r = r->ai_next;
	164	hbuf[0] = '\0';
	165	if (getnameinfo(r->ai_addr, r->ai_addrlen,
	166	hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
	167	strlcpy(hbuf, "(invalid)", sizeof hbuf);
	168	(void)fprintf(stderr, "Trying %s...\n", hbuf);
	169	continue;
	170	}
	171	if (refused && timo <= 16) {
	172	(void)sleep(timo);
	173	timo *= 2;
	174	r = res;
	175	refused = 0;
	176	continue;
	177	}
	178	(void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
	179	strerror(errno));
	180	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	181	freeaddrinfo(res);
	182	return (-1);
	183	}
	184	/* given "af" can be PF_UNSPEC, we need the real af for "s" */
	185	af = r->ai_family;
	186	freeaddrinfo(res);
	187	#if 0
	188	/*
	189	* try to rresvport() to the same port. This will make rresvport()
	190	* fail it's first bind, resulting in it choosing a random port.
	191	*/
	192	lport--;
	193	#endif
	194	if (fd2p == 0) {
	195	write(s, "", 1);
	196	lport = 0;
	197	} else {
	198	char num[8];
	199	int s2 = rresvport_af(&lport, af), s3;
	200	socklen_t len = sizeof(from);
	201	int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
	202
	203	if (s2 < 0)
	204	goto bad;
	205	readsp = (fd_set *)malloc(fdssize);
	206	if (readsp == NULL) {
	207	close(s2);
	208	goto bad;
	209	}
	210	listen(s2, 1);
	211	(void)snprintf(num, sizeof(num), "%d", lport);
	212	if (write(s, num, strlen(num)+1) != strlen(num)+1) {
	213	(void)fprintf(stderr,
	214	"rcmd: write (setting up stderr): %s\n",
	215	strerror(errno));
	216	(void)close(s2);
	217	goto bad;
	218	}
	219	again:
	220	bzero(readsp, fdssize);
	221	FD_SET(s, readsp);
	222	FD_SET(s2, readsp);
	223	errno = 0;
	224	if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 \|\|
	225	!FD_ISSET(s2, readsp)) {
	226	if (errno != 0)
	227	(void)fprintf(stderr,
	228	"rcmd: select (setting up stderr): %s\n",
	229	strerror(errno));
	230	else
	231	(void)fprintf(stderr,
	232	"select: protocol failure in circuit setup\n");
	233	(void)close(s2);
	234	goto bad;
	235	}
	236	s3 = accept(s2, (struct sockaddr *)&from, &len);
	237	if (s3 < 0) {
	238	(void)fprintf(stderr,
	239	"rcmd: accept: %s\n", strerror(errno));
	240	lport = 0;
	241	close(s2);
	242	goto bad;
	243	}
	244
	245	/*
	246	* XXX careful for ftp bounce attacks. If discovered, shut them
	247	* down and check for the real auxiliary channel to connect.
	248	*/
	249	switch (from.ss_family) {
	250	case AF_INET:
	251	case AF_INET6:
	252	if (getnameinfo((struct sockaddr *)&from, len,
	253	NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
	254	atoi(num) != 20) {
	255	break;
	256	}
	257	close(s3);
	258	goto again;
	259	default:
	260	break;
	261	}
	262	(void)close(s2);
	263
	264	*fd2p = s3;
	265	switch (from.ss_family) {
	266	case AF_INET:
	267	case AF_INET6:
	268	if (getnameinfo((struct sockaddr *)&from, len,
	269	NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 \|\|
	270	(atoi(num) >= IPPORT_RESERVED \|\|
	271	atoi(num) < IPPORT_RESERVED / 2)) {
	272	(void)fprintf(stderr,
	273	"socket: protocol failure in circuit setup.\n");
	274	goto bad2;
	275	}
	276	break;
	277	default:
	278	break;
	279	}
	280	}
	281	(void)write(s, locuser, strlen(locuser)+1);
	282	(void)write(s, remuser, strlen(remuser)+1);
	283	(void)write(s, cmd, strlen(cmd)+1);
	284	if (read(s, &c, 1) != 1) {
	285	(void)fprintf(stderr,
	286	"rcmd: %s: %s\n", *ahost, strerror(errno));
	287	goto bad2;
	288	}
	289	if (c != 0) {
	290	while (read(s, &c, 1) == 1) {
	291	(void)write(STDERR_FILENO, &c, 1);
	292	if (c == '\n')
	293	break;
	294	}
	295	goto bad2;
	296	}
	297	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	298	free(readsp);
	299	return (s);
	300	bad2:
	301	if (lport)
	302	(void)close(*fd2p);
	303	bad:
	304	if (readsp)
	305	free(readsp);
	306	(void)close(s);
	307	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	308	return (-1);
	309	}
	310
	311	int __check_rhosts_file = 1;
	312	char *__rcmd_errstr;
	313
	314	int
	315	ruserok(const char rhost, int superuser, const char ruser, const char *luser)
	316	{
	317	struct addrinfo hints, res, r;
	318	int error;
	319
	320	memset(&hints, 0, sizeof(hints));
	321	hints.ai_family = PF_UNSPEC;
	322	hints.ai_socktype = SOCK_DGRAM; /dummy/
	323	error = getaddrinfo(rhost, "0", &hints, &res);
	324	if (error)
	325	return (-1);
	326
	327	for (r = res; r; r = r->ai_next) {
	328	if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
	329	luser) == 0) {
	330	freeaddrinfo(res);
	331	return (0);
	332	}
	333	}
	334	freeaddrinfo(res);
	335	return (-1);
	336	}
	337
	338	/*
	339	* New .rhosts strategy: We are passed an ip address. We spin through
	340	* hosts.equiv and .rhosts looking for a match. When the .rhosts only
	341	* has ip addresses, we don't have to trust a nameserver. When it
	342	* contains hostnames, we spin through the list of addresses the nameserver
	343	* gives us and look for a match.
	344	*
	345	* Returns 0 if ok, -1 if not ok.
	346	*/
	347	int
	348	iruserok(u_int32_t raddr, int superuser, const char ruser, const char luser)
	349	{
	350	struct sockaddr_in sin;
	351
	352	memset(&sin, 0, sizeof(sin));
	353	sin.sin_family = AF_INET;
	354	sin.sin_len = sizeof(struct sockaddr_in);
	355	memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
	356	return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
	357	luser);
	358	}
	359
	360	int
	361	iruserok_sa(const void raddr, int rlen, int superuser, const char ruser,
	362	const char *luser)
	363	{
	364	struct sockaddr *sa;
	365	char *cp;
	366	struct stat sbuf;
	367	struct passwd *pwd;
	368	FILE *hostf;
	369	uid_t uid;
	370	int first;
	371	char pbuf[MAXPATHLEN];
	372
	373	sa = (struct sockaddr *)raddr;
	374	first = 1;
	375	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
	376	again:
	377	if (hostf) {
	378	if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
	379	(void)fclose(hostf);
	380	return (0);
	381	}
	382	(void)fclose(hostf);
	383	}
	384	if (first == 1 && (__check_rhosts_file \|\| superuser)) {
	385	int len;
	386
	387	first = 0;
	388	if ((pwd = getpwnam(luser)) == NULL)
	389	return (-1);
	390	len = snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
	391	if (len < 0 \|\| len >= sizeof pbuf)
	392	return (-1);
	393
	394	/*
	395	* Change effective uid while opening .rhosts. If root and
	396	* reading an NFS mounted file system, can't read files that
	397	* are protected read/write owner only.
	398	*/
	399	uid = geteuid();
	400	(void)seteuid(pwd->pw_uid);
	401	hostf = fopen(pbuf, "r");
	402	(void)seteuid(uid);
	403
	404	if (hostf == NULL)
	405	return (-1);
	406	/*
	407	* If not a regular file, or is owned by someone other than
	408	* user or root or if writeable by anyone but the owner, quit.
	409	*/
	410	cp = NULL;
	411	if (lstat(pbuf, &sbuf) < 0)
	412	cp = ".rhosts lstat failed";
	413	else if (!S_ISREG(sbuf.st_mode))
	414	cp = ".rhosts not regular file";
	415	else if (fstat(fileno(hostf), &sbuf) < 0)
	416	cp = ".rhosts fstat failed";
	417	else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
	418	cp = "bad .rhosts owner";
	419	else if (sbuf.st_mode & (S_IWGRP\|S_IWOTH))
	420	cp = ".rhosts writable by other than owner";
	421	/* If there were any problems, quit. */
	422	if (cp) {
	423	__rcmd_errstr = cp;
	424	(void)fclose(hostf);
	425	return (-1);
	426	}
	427	goto again;
	428	}
	429	return (-1);
	430	}
	431
	432	/*
	433	* XXX
	434	* Don't make static, used by lpd(8).
	435	*
	436	* Returns 0 if ok, -1 if not ok.
	437	*/
	438	int
	439	__ivaliduser(FILE hostf, in_addr_t raddrl, const char luser,
	440	const char *ruser)
	441	{
	442	struct sockaddr_in sin;
	443
	444	memset(&sin, 0, sizeof(sin));
	445	sin.sin_family = AF_INET;
	446	sin.sin_len = sizeof(struct sockaddr_in);
	447	memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
	448	return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
	449	luser, ruser);
	450	}
	451
	452	int
	453	__ivaliduser_sa(FILE hostf, struct sockaddr raddr, socklen_t salen,
	454	const char luser, const char ruser)
	455	{
	456	char user, p;
	457	char *buf;
	458	const char auser, ahost;
	459	int hostok, userok;
	460	char rhost = (char )-1;
	461	char domain[MAXHOSTNAMELEN];
	462	size_t buflen;
	463
	464	getdomainname(domain, sizeof(domain));
	465
	466	while ((buf = fgetln(hostf, &buflen))) {
	467	p = buf;
	468	if (*p == '#')
	469	continue;
	470	while (p < buf + buflen && p != '\n' && p != ' ' && *p != '\t') {
	471	if (!isprint(*p))
	472	goto bail;
	473	p = isupper(p) ? tolower(p) : p;
	474	p++;
	475	}
	476	if (p >= buf + buflen)
	477	continue;
	478	if (p == ' ' \|\| p == '\t') {
	479	*p++ = '\0';
	480	while (p < buf + buflen && (p == ' ' \|\| p == '\t'))
	481	p++;
	482	if (p >= buf + buflen)
	483	continue;
	484	user = p;
	485	while (p < buf + buflen && p != '\n' && p != ' ' &&
	486	*p != '\t') {
	487	if (!isprint(*p))
	488	goto bail;
	489	p++;
	490	}
	491	} else
	492	user = p;
	493	*p = '\0';
	494
	495	if (p == buf)
	496	continue;
	497
	498	auser = *user ? user : luser;
	499	ahost = buf;
	500
	501	if (strlen(ahost) >= MAXHOSTNAMELEN)
	502	continue;
	503
	504	/*
	505	* innetgr() must lookup a hostname (we do not attempt
	506	* to change the semantics so that netgroups may have
	507	* #.#.#.# addresses in the list.)
	508	*/
	509	if (ahost[0] == '+')
	510	switch (ahost[1]) {
	511	case '\0':
	512	hostok = 1;
	513	break;
	514	case '@':
	515	if (rhost == (char *)-1)
	516	rhost = __gethostloop(raddr, salen);
	517	hostok = 0;
	518	if (rhost)
	519	hostok = innetgr(&ahost[2], rhost,
	520	NULL, domain);
	521	break;
	522	default:
	523	hostok = __icheckhost(raddr, salen, &ahost[1]);
	524	break;
	525	}
	526	else if (ahost[0] == '-')
	527	switch (ahost[1]) {
	528	case '\0':
	529	hostok = -1;
	530	break;
	531	case '@':
	532	if (rhost == (char *)-1)
	533	rhost = __gethostloop(raddr, salen);
	534	hostok = 0;
	535	if (rhost)
	536	hostok = -innetgr(&ahost[2], rhost,
	537	NULL, domain);
	538	break;
	539	default:
	540	hostok = -__icheckhost(raddr, salen, &ahost[1]);
	541	break;
	542	}
	543	else
	544	hostok = __icheckhost(raddr, salen, ahost);
	545
	546
	547	if (auser[0] == '+')
	548	switch (auser[1]) {
	549	case '\0':
	550	userok = 1;
	551	break;
	552	case '@':
	553	userok = innetgr(&auser[2], NULL, ruser,
	554	domain);
	555	break;
	556	default:
	557	userok = strcmp(ruser, &auser[1]) ? 0 : 1;
	558	break;
	559	}
	560	else if (auser[0] == '-')
	561	switch (auser[1]) {
	562	case '\0':
	563	userok = -1;
	564	break;
	565	case '@':
	566	userok = -innetgr(&auser[2], NULL, ruser,
	567	domain);
	568	break;
	569	default:
	570	userok = strcmp(ruser, &auser[1]) ? 0 : -1;
	571	break;
	572	}
	573	else
	574	userok = strcmp(ruser, auser) ? 0 : 1;
	575
	576	/* Check if one component did not match */
	577	if (hostok == 0 \|\| userok == 0)
	578	continue;
	579
	580	/* Check if we got a forbidden pair */
	581	if (userok <= -1 \|\| hostok <= -1)
	582	return (-1);
	583
	584	/* Check if we got a valid pair */
	585	if (hostok >= 1 && userok >= 1)
	586	return (0);
	587	}
	588	bail:
	589	return (-1);
	590	}
	591
	592	/*
	593	* Returns "true" if match, 0 if no match. If we do not find any
	594	* semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
	595	*/
	596	static int
	597	__icheckhost(struct sockaddr raddr, socklen_t salen, const char lhost)
	598	{
	599	struct addrinfo hints, res, r;
	600	char h1[NI_MAXHOST], h2[NI_MAXHOST];
	601	int error;
	602	const int niflags = NI_NUMERICHOST;
	603
	604	h1[0] = '\0';
	605	if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
	606	niflags) != 0)
	607	return (0);
	608
	609	/* Resolve laddr into sockaddr */
	610	memset(&hints, 0, sizeof(hints));
	611	hints.ai_family = raddr->sa_family;
	612	hints.ai_socktype = SOCK_DGRAM; /dummy/
	613	res = NULL;
	614	error = getaddrinfo(lhost, "0", &hints, &res);
	615	if (error)
	616	return (0);
	617
	618	/*
	619	* Try string comparisons between raddr and laddr.
	620	*/
	621	for (r = res; r; r = r->ai_next) {
	622	h2[0] = '\0';
	623	if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
	624	NULL, 0, niflags) != 0)
	625	continue;
	626	if (strcmp(h1, h2) == 0) {
	627	freeaddrinfo(res);
	628	return (1);
	629	}
	630	}
	631
	632	/* No match. */
	633	freeaddrinfo(res);
	634	return (0);
	635	}
	636
	637	/*
	638	* Return the hostname associated with the supplied address.
	639	* Do a reverse lookup as well for security. If a loop cannot
	640	* be found, pack the result of inet_ntoa() into the string.
	641	*/
	642	static char *
	643	__gethostloop(struct sockaddr *raddr, socklen_t salen)
	644	{
	645	static char remotehost[NI_MAXHOST];
	646	char h1[NI_MAXHOST], h2[NI_MAXHOST];
	647	struct addrinfo hints, res, r;
	648	int error;
	649	const int niflags = NI_NUMERICHOST;
	650
	651	h1[0] = remotehost[0] = '\0';
	652	if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
	653	NULL, 0, NI_NAMEREQD) != 0)
	654	return (NULL);
	655	if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
	656	niflags) != 0)
	657	return (NULL);
	658
	659	/*
	660	* Look up the name and check that the supplied
	661	* address is in the list
	662	*/
	663	memset(&hints, 0, sizeof(hints));
	664	hints.ai_family = raddr->sa_family;
	665	hints.ai_socktype = SOCK_DGRAM; /dummy/
	666	hints.ai_flags = AI_CANONNAME;
	667	res = NULL;
	668	error = getaddrinfo(remotehost, "0", &hints, &res);
	669	if (error)
	670	return (NULL);
	671
	672	for (r = res; r; r = r->ai_next) {
	673	h2[0] = '\0';
	674	if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
	675	NULL, 0, niflags) != 0)
	676	continue;
	677	if (strcmp(h1, h2) == 0) {
	678	freeaddrinfo(res);
	679	return (remotehost);
	680	}
	681	}
	682
	683	/*
	684	* either the DNS adminstrator has made a configuration
	685	* mistake, or someone has attempted to spoof us
	686	*/
	687	syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
	688	h1, res->ai_canonname ? res->ai_canonname : remotehost);
	689	freeaddrinfo(res);
	690	return (NULL);
	691	}