summaryrefslogtreecommitdiff
path: root/src/lib/libc/net/rcmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libc/net/rcmd.c')
-rw-r--r--src/lib/libc/net/rcmd.c553
1 files changed, 382 insertions, 171 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index e0310031b0..769e85e0a4 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
1/* $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $ */
2
3/* 1/*
2 * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
4 * Copyright (c) 1983, 1993, 1994 3 * Copyright (c) 1983, 1993, 1994
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
6 * 5 *
@@ -12,11 +11,7 @@
12 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software 14 * 3. Neither the name of the University nor the names of its contributors
16 * must display the following acknowledgement:
17 * This product includes software developed by the University of
18 * California, Berkeley and its contributors.
19 * 4. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software 15 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission. 16 * without specific prior written permission.
22 * 17 *
@@ -34,11 +29,7 @@
34 */ 29 */
35 30
36#if defined(LIBC_SCCS) && !defined(lint) 31#if defined(LIBC_SCCS) && !defined(lint)
37#if 0 32static char *rcsid = "$OpenBSD: rcmd.c,v 1.48 2003/09/25 21:14:46 millert Exp $";
38static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
39#else
40static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
41#endif
42#endif /* LIBC_SCCS and not lint */ 33#endif /* LIBC_SCCS and not lint */
43 34
44#include <sys/param.h> 35#include <sys/param.h>
@@ -57,35 +48,90 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
57#include <stdio.h> 48#include <stdio.h>
58#include <ctype.h> 49#include <ctype.h>
59#include <string.h> 50#include <string.h>
51#include <syslog.h>
52#include <stdlib.h>
53#include <netgroup.h>
60 54
61int __ivaliduser __P((FILE *, u_long, const char *, const char *)); 55int __ivaliduser(FILE *, in_addr_t, const char *, const char *);
62static int __icheckhost __P((u_long, const char *)); 56int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
57 const char *, const char *);
58static int __icheckhost(struct sockaddr *, socklen_t, const char *);
59static char *__gethostloop(struct sockaddr *, socklen_t);
63 60
64int 61int
65rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 62rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
66 char **ahost; 63 char **ahost;
67 u_short rport; 64 in_port_t rport;
65 const char *locuser, *remuser, *cmd;
66 int *fd2p;
67{
68 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
69}
70
71int
72rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af)
73 char **ahost;
74 in_port_t rport;
68 const char *locuser, *remuser, *cmd; 75 const char *locuser, *remuser, *cmd;
69 int *fd2p; 76 int *fd2p;
77 int af;
70{ 78{
71 struct hostent *hp; 79 static char hbuf[MAXHOSTNAMELEN];
72 struct sockaddr_in sin, from; 80 char pbuf[NI_MAXSERV];
73 fd_set reads; 81 struct addrinfo hints, *res, *r;
74 long oldmask; 82 int error;
83 struct sockaddr_storage from;
84 fd_set *readsp = NULL;
85 sigset_t oldmask, mask;
75 pid_t pid; 86 pid_t pid;
76 int s, lport, timo; 87 int s, lport, timo;
77 char c; 88 char c, *p;
89 int refused;
90
91 /* call rcmdsh() with specified remote shell if appropriate. */
92 if (!issetugid() && (p = getenv("RSH")) && *p) {
93 struct servent *sp = getservbyname("shell", "tcp");
94
95 if (sp && sp->s_port == rport)
96 return (rcmdsh(ahost, rport, locuser, remuser,
97 cmd, p));
98 }
99
100 /* use rsh(1) if non-root and remote port is shell. */
101 if (geteuid()) {
102 struct servent *sp = getservbyname("shell", "tcp");
103
104 if (sp && sp->s_port == rport)
105 return (rcmdsh(ahost, rport, locuser, remuser,
106 cmd, NULL));
107 }
78 108
79 pid = getpid(); 109 pid = getpid();
80 hp = gethostbyname(*ahost); 110 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
81 if (hp == NULL) { 111 memset(&hints, 0, sizeof(hints));
82 herror(*ahost); 112 hints.ai_family = af;
113 hints.ai_socktype = SOCK_STREAM;
114 hints.ai_flags = AI_CANONNAME;
115 error = getaddrinfo(*ahost, pbuf, &hints, &res);
116 if (error) {
117#if 0
118 warnx("%s: %s", *ahost, gai_strerror(error));
119#endif
83 return (-1); 120 return (-1);
84 } 121 }
85 *ahost = hp->h_name; 122 if (res->ai_canonname) {
86 oldmask = sigblock(sigmask(SIGURG)); 123 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
124 *ahost = hbuf;
125 } else
126 ; /*XXX*/
127
128 r = res;
129 refused = 0;
130 sigemptyset(&mask);
131 sigaddset(&mask, SIGURG);
132 oldmask = sigprocmask(SIG_BLOCK, &mask, &oldmask);
87 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 133 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
88 s = rresvport(&lport); 134 s = rresvport_af(&lport, r->ai_family);
89 if (s < 0) { 135 if (s < 0) {
90 if (errno == EAGAIN) 136 if (errno == EAGAIN)
91 (void)fprintf(stderr, 137 (void)fprintf(stderr,
@@ -93,54 +139,86 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
93 else 139 else
94 (void)fprintf(stderr, "rcmd: socket: %s\n", 140 (void)fprintf(stderr, "rcmd: socket: %s\n",
95 strerror(errno)); 141 strerror(errno));
96 sigsetmask(oldmask); 142 if (r->ai_next) {
97 return (-1); 143 r = r->ai_next;
144 continue;
145 } else {
146 sigprocmask(SIG_SETMASK, &oldmask, NULL);
147 freeaddrinfo(res);
148 return (-1);
149 }
98 } 150 }
99 fcntl(s, F_SETOWN, pid); 151 fcntl(s, F_SETOWN, pid);
100 sin.sin_len = sizeof(struct sockaddr_in); 152 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
101 sin.sin_family = hp->h_addrtype;
102 sin.sin_port = rport;
103 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
104 if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
105 break; 153 break;
106 (void)close(s); 154 (void)close(s);
107 if (errno == EADDRINUSE) { 155 if (errno == EADDRINUSE) {
108 lport--; 156 lport--;
109 continue; 157 continue;
110 } 158 }
111 if (errno == ECONNREFUSED && timo <= 16) { 159 if (errno == ECONNREFUSED)
112 (void)sleep(timo); 160 refused++;
113 timo *= 2; 161 if (r->ai_next) {
114 continue;
115 }
116 if (hp->h_addr_list[1] != NULL) {
117 int oerrno = errno; 162 int oerrno = errno;
163 char hbuf[NI_MAXHOST];
164#ifdef NI_WITHSCOPEID
165 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
166#else
167 const int niflags = NI_NUMERICHOST;
168#endif
118 169
119 (void)fprintf(stderr, "connect to address %s: ", 170 hbuf[0] = '\0';
120 inet_ntoa(sin.sin_addr)); 171 if (getnameinfo(r->ai_addr, r->ai_addrlen,
172 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
173 strlcpy(hbuf, "(invalid)", sizeof hbuf);
174 (void)fprintf(stderr, "connect to address %s: ", hbuf);
121 errno = oerrno; 175 errno = oerrno;
122 perror(0); 176 perror(0);
123 hp->h_addr_list++; 177 r = r->ai_next;
124 bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length); 178 hbuf[0] = '\0';
125 (void)fprintf(stderr, "Trying %s...\n", 179 if (getnameinfo(r->ai_addr, r->ai_addrlen,
126 inet_ntoa(sin.sin_addr)); 180 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
181 strlcpy(hbuf, "(invalid)", sizeof hbuf);
182 (void)fprintf(stderr, "Trying %s...\n", hbuf);
183 continue;
184 }
185 if (refused && timo <= 16) {
186 (void)sleep(timo);
187 timo *= 2;
188 r = res;
189 refused = 0;
127 continue; 190 continue;
128 } 191 }
129 (void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno)); 192 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
130 sigsetmask(oldmask); 193 strerror(errno));
194 sigprocmask(SIG_SETMASK, &oldmask, NULL);
195 freeaddrinfo(res);
131 return (-1); 196 return (-1);
132 } 197 }
198 /* given "af" can be PF_UNSPEC, we need the real af for "s" */
199 af = r->ai_family;
200 freeaddrinfo(res);
201#if 0
202 /*
203 * try to rresvport() to the same port. This will make rresvport()
204 * fail it's first bind, resulting in it choosing a random port.
205 */
133 lport--; 206 lport--;
207#endif
134 if (fd2p == 0) { 208 if (fd2p == 0) {
135 write(s, "", 1); 209 write(s, "", 1);
136 lport = 0; 210 lport = 0;
137 } else { 211 } else {
138 char num[8]; 212 char num[8];
139 int s2 = rresvport(&lport), s3; 213 int s2 = rresvport_af(&lport, af), s3;
140 int len = sizeof(from); 214 socklen_t len = sizeof(from);
215 int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
141 216
142 if (s2 < 0) 217 if (s2 < 0)
143 goto bad; 218 goto bad;
219 readsp = (fd_set *)malloc(fdssize);
220 if (readsp == NULL)
221 goto bad;
144 listen(s2, 1); 222 listen(s2, 1);
145 (void)snprintf(num, sizeof(num), "%d", lport); 223 (void)snprintf(num, sizeof(num), "%d", lport);
146 if (write(s, num, strlen(num)+1) != strlen(num)+1) { 224 if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +228,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
150 (void)close(s2); 228 (void)close(s2);
151 goto bad; 229 goto bad;
152 } 230 }
153 FD_ZERO(&reads); 231again:
154 FD_SET(s, &reads); 232 bzero(readsp, fdssize);
155 FD_SET(s2, &reads); 233 FD_SET(s, readsp);
234 FD_SET(s2, readsp);
156 errno = 0; 235 errno = 0;
157 if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 || 236 if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
158 !FD_ISSET(s2, &reads)) { 237 !FD_ISSET(s2, readsp)) {
159 if (errno != 0) 238 if (errno != 0)
160 (void)fprintf(stderr, 239 (void)fprintf(stderr,
161 "rcmd: select (setting up stderr): %s\n", 240 "rcmd: select (setting up stderr): %s\n",
@@ -167,6 +246,23 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
167 goto bad; 246 goto bad;
168 } 247 }
169 s3 = accept(s2, (struct sockaddr *)&from, &len); 248 s3 = accept(s2, (struct sockaddr *)&from, &len);
249 /*
250 * XXX careful for ftp bounce attacks. If discovered, shut them
251 * down and check for the real auxiliary channel to connect.
252 */
253 switch (from.ss_family) {
254 case AF_INET:
255 case AF_INET6:
256 if (getnameinfo((struct sockaddr *)&from, len,
257 NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
258 atoi(num) != 20) {
259 break;
260 }
261 close(s3);
262 goto again;
263 default:
264 break;
265 }
170 (void)close(s2); 266 (void)close(s2);
171 if (s3 < 0) { 267 if (s3 < 0) {
172 (void)fprintf(stderr, 268 (void)fprintf(stderr,
@@ -175,13 +271,20 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
175 goto bad; 271 goto bad;
176 } 272 }
177 *fd2p = s3; 273 *fd2p = s3;
178 from.sin_port = ntohs(from.sin_port); 274 switch (from.ss_family) {
179 if (from.sin_family != AF_INET || 275 case AF_INET:
180 from.sin_port >= IPPORT_RESERVED || 276 case AF_INET6:
181 from.sin_port < IPPORT_RESERVED / 2) { 277 if (getnameinfo((struct sockaddr *)&from, len,
182 (void)fprintf(stderr, 278 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
183 "socket: protocol failure in circuit setup.\n"); 279 (atoi(num) >= IPPORT_RESERVED ||
184 goto bad2; 280 atoi(num) < IPPORT_RESERVED / 2)) {
281 (void)fprintf(stderr,
282 "socket: protocol failure in circuit setup.\n");
283 goto bad2;
284 }
285 break;
286 default:
287 break;
185 } 288 }
186 } 289 }
187 (void)write(s, locuser, strlen(locuser)+1); 290 (void)write(s, locuser, strlen(locuser)+1);
@@ -200,47 +303,20 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
200 } 303 }
201 goto bad2; 304 goto bad2;
202 } 305 }
203 sigsetmask(oldmask); 306 sigprocmask(SIG_SETMASK, &oldmask, NULL);
307 free(readsp);
204 return (s); 308 return (s);
205bad2: 309bad2:
206 if (lport) 310 if (lport)
207 (void)close(*fd2p); 311 (void)close(*fd2p);
208bad: 312bad:
313 if (readsp)
314 free(readsp);
209 (void)close(s); 315 (void)close(s);
210 sigsetmask(oldmask); 316 sigprocmask(SIG_SETMASK, &oldmask, NULL);
211 return (-1); 317 return (-1);
212} 318}
213 319
214int
215rresvport(alport)
216 int *alport;
217{
218 struct sockaddr_in sin;
219 int s;
220
221 sin.sin_len = sizeof(struct sockaddr_in);
222 sin.sin_family = AF_INET;
223 sin.sin_addr.s_addr = INADDR_ANY;
224 s = socket(AF_INET, SOCK_STREAM, 0);
225 if (s < 0)
226 return (-1);
227 for (;;) {
228 sin.sin_port = htons((u_short)*alport);
229 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
230 return (s);
231 if (errno != EADDRINUSE) {
232 (void)close(s);
233 return (-1);
234 }
235 (*alport)--;
236 if (*alport == IPPORT_RESERVED/2) {
237 (void)close(s);
238 errno = EAGAIN; /* close */
239 return (-1);
240 }
241 }
242}
243
244int __check_rhosts_file = 1; 320int __check_rhosts_file = 1;
245char *__rcmd_errstr; 321char *__rcmd_errstr;
246 322
@@ -249,21 +325,24 @@ ruserok(rhost, superuser, ruser, luser)
249 const char *rhost, *ruser, *luser; 325 const char *rhost, *ruser, *luser;
250 int superuser; 326 int superuser;
251{ 327{
252 struct hostent *hp; 328 struct addrinfo hints, *res, *r;
253 char **ap; 329 int error;
254 int i; 330
255#define MAXADDRS 35 331 memset(&hints, 0, sizeof(hints));
256 u_long addrs[MAXADDRS + 1]; 332 hints.ai_family = PF_UNSPEC;
257 333 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
258 if ((hp = gethostbyname(rhost)) == NULL) 334 error = getaddrinfo(rhost, "0", &hints, &res);
335 if (error)
259 return (-1); 336 return (-1);
260 for (i = 0, ap = hp->h_addr_list; *ap && i < MAXADDRS; ++ap, ++i)
261 bcopy(*ap, &addrs[i], sizeof(addrs[i]));
262 addrs[i] = 0;
263 337
264 for (i = 0; i < MAXADDRS && addrs[i]; i++) 338 for (r = res; r; r = r->ai_next) {
265 if (iruserok(addrs[i], superuser, ruser, luser) == 0) 339 if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
340 luser) == 0) {
341 freeaddrinfo(res);
266 return (0); 342 return (0);
343 }
344 }
345 freeaddrinfo(res);
267 return (-1); 346 return (-1);
268} 347}
269 348
@@ -278,10 +357,28 @@ ruserok(rhost, superuser, ruser, luser)
278 */ 357 */
279int 358int
280iruserok(raddr, superuser, ruser, luser) 359iruserok(raddr, superuser, ruser, luser)
281 u_long raddr; 360 u_int32_t raddr;
282 int superuser; 361 int superuser;
283 const char *ruser, *luser; 362 const char *ruser, *luser;
284{ 363{
364 struct sockaddr_in sin;
365
366 memset(&sin, 0, sizeof(sin));
367 sin.sin_family = AF_INET;
368 sin.sin_len = sizeof(struct sockaddr_in);
369 memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
370 return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
371 luser);
372}
373
374int
375iruserok_sa(raddr, rlen, superuser, ruser, luser)
376 const void *raddr;
377 int rlen;
378 int superuser;
379 const char *ruser, *luser;
380{
381 struct sockaddr *sa;
285 register char *cp; 382 register char *cp;
286 struct stat sbuf; 383 struct stat sbuf;
287 struct passwd *pwd; 384 struct passwd *pwd;
@@ -290,11 +387,12 @@ iruserok(raddr, superuser, ruser, luser)
290 int first; 387 int first;
291 char pbuf[MAXPATHLEN]; 388 char pbuf[MAXPATHLEN];
292 389
390 sa = (struct sockaddr *)raddr;
293 first = 1; 391 first = 1;
294 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); 392 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
295again: 393again:
296 if (hostf) { 394 if (hostf) {
297 if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { 395 if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
298 (void)fclose(hostf); 396 (void)fclose(hostf);
299 return (0); 397 return (0);
300 } 398 }
@@ -304,8 +402,7 @@ again:
304 first = 0; 402 first = 0;
305 if ((pwd = getpwnam(luser)) == NULL) 403 if ((pwd = getpwnam(luser)) == NULL)
306 return (-1); 404 return (-1);
307 (void)strcpy(pbuf, pwd->pw_dir); 405 snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
308 (void)strcat(pbuf, "/.rhosts");
309 406
310 /* 407 /*
311 * Change effective uid while opening .rhosts. If root and 408 * Change effective uid while opening .rhosts. If root and
@@ -333,7 +430,7 @@ again:
333 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) 430 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
334 cp = "bad .rhosts owner"; 431 cp = "bad .rhosts owner";
335 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) 432 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
336 cp = ".rhosts writeable by other than owner"; 433 cp = ".rhosts writable by other than owner";
337 /* If there were any problems, quit. */ 434 /* If there were any problems, quit. */
338 if (cp) { 435 if (cp) {
339 __rcmd_errstr = cp; 436 __rcmd_errstr = cp;
@@ -352,41 +449,63 @@ again:
352 * Returns 0 if ok, -1 if not ok. 449 * Returns 0 if ok, -1 if not ok.
353 */ 450 */
354int 451int
355__ivaliduser(hostf, raddr, luser, ruser) 452__ivaliduser(hostf, raddrl, luser, ruser)
453 FILE *hostf;
454 in_addr_t raddrl;
455 const char *luser, *ruser;
456{
457 struct sockaddr_in sin;
458
459 memset(&sin, 0, sizeof(sin));
460 sin.sin_family = AF_INET;
461 sin.sin_len = sizeof(struct sockaddr_in);
462 memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
463 return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
464 luser, ruser);
465}
466
467int
468__ivaliduser_sa(hostf, raddr, salen, luser, ruser)
356 FILE *hostf; 469 FILE *hostf;
357 u_long raddr; 470 struct sockaddr *raddr;
471 socklen_t salen;
358 const char *luser, *ruser; 472 const char *luser, *ruser;
359{ 473{
360 register char *user, *p; 474 register char *user, *p;
361 int ch; 475 char *buf;
362 char buf[MAXHOSTNAMELEN + 128]; /* host + login */
363 const char *auser, *ahost; 476 const char *auser, *ahost;
364 int hostok, userok; 477 int hostok, userok;
365 char rhost[MAXHOSTNAMELEN]; 478 char *rhost = (char *)-1;
366 struct hostent *hp;
367 char domain[MAXHOSTNAMELEN]; 479 char domain[MAXHOSTNAMELEN];
480 size_t buflen;
368 481
369 getdomainname(domain, sizeof(domain)); 482 getdomainname(domain, sizeof(domain));
370 483
371 while (fgets(buf, sizeof(buf), hostf)) { 484 while ((buf = fgetln(hostf, &buflen))) {
372 p = buf; 485 p = buf;
373 /* Skip lines that are too long. */ 486 if (*p == '#')
374 if (strchr(p, '\n') == NULL) {
375 while ((ch = getc(hostf)) != '\n' && ch != EOF);
376 continue; 487 continue;
377 } 488 while (p < buf + buflen && *p != '\n' && *p != ' ' && *p != '\t') {
378 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 489 if (!isprint(*p))
490 goto bail;
379 *p = isupper(*p) ? tolower(*p) : *p; 491 *p = isupper(*p) ? tolower(*p) : *p;
380 p++; 492 p++;
381 } 493 }
494 if (p >= buf + buflen)
495 continue;
382 if (*p == ' ' || *p == '\t') { 496 if (*p == ' ' || *p == '\t') {
383 *p++ = '\0'; 497 *p++ = '\0';
384 while (*p == ' ' || *p == '\t') 498 while (p < buf + buflen && (*p == ' ' || *p == '\t'))
385 p++; 499 p++;
500 if (p >= buf + buflen)
501 continue;
386 user = p; 502 user = p;
387 while (*p != '\n' && *p != ' ' && 503 while (p < buf + buflen && *p != '\n' && *p != ' ' &&
388 *p != '\t' && *p != '\0') 504 *p != '\t') {
505 if (!isprint(*p))
506 goto bail;
389 p++; 507 p++;
508 }
390 } else 509 } else
391 user = p; 510 user = p;
392 *p = '\0'; 511 *p = '\0';
@@ -397,27 +516,29 @@ __ivaliduser(hostf, raddr, luser, ruser)
397 auser = *user ? user : luser; 516 auser = *user ? user : luser;
398 ahost = buf; 517 ahost = buf;
399 518
400 if ((hp = gethostbyaddr((char *) &raddr, 519 if (strlen(ahost) >= MAXHOSTNAMELEN)
401 sizeof(raddr), AF_INET)) == NULL) { 520 continue;
402 abort();
403 return -1;
404 }
405 (void) strncpy(rhost, hp->h_name, sizeof(rhost));
406 rhost[sizeof(rhost) - 1] = '\0';
407 521
522 /*
523 * innetgr() must lookup a hostname (we do not attempt
524 * to change the semantics so that netgroups may have
525 * #.#.#.# addresses in the list.)
526 */
408 if (ahost[0] == '+') 527 if (ahost[0] == '+')
409 switch (ahost[1]) { 528 switch (ahost[1]) {
410 case '\0': 529 case '\0':
411 hostok = 1; 530 hostok = 1;
412 break; 531 break;
413
414 case '@': 532 case '@':
415 hostok = innetgr(&ahost[2], rhost, NULL, 533 if (rhost == (char *)-1)
416 domain); 534 rhost = __gethostloop(raddr, salen);
535 hostok = 0;
536 if (rhost)
537 hostok = innetgr(&ahost[2], rhost,
538 NULL, domain);
417 break; 539 break;
418
419 default: 540 default:
420 hostok = __icheckhost(raddr, &ahost[1]); 541 hostok = __icheckhost(raddr, salen, &ahost[1]);
421 break; 542 break;
422 } 543 }
423 else if (ahost[0] == '-') 544 else if (ahost[0] == '-')
@@ -425,18 +546,20 @@ __ivaliduser(hostf, raddr, luser, ruser)
425 case '\0': 546 case '\0':
426 hostok = -1; 547 hostok = -1;
427 break; 548 break;
428
429 case '@': 549 case '@':
430 hostok = -innetgr(&ahost[2], rhost, NULL, 550 if (rhost == (char *)-1)
431 domain); 551 rhost = __gethostloop(raddr, salen);
552 hostok = 0;
553 if (rhost)
554 hostok = -innetgr(&ahost[2], rhost,
555 NULL, domain);
432 break; 556 break;
433
434 default: 557 default:
435 hostok = -__icheckhost(raddr, &ahost[1]); 558 hostok = -__icheckhost(raddr, salen, &ahost[1]);
436 break; 559 break;
437 } 560 }
438 else 561 else
439 hostok = __icheckhost(raddr, ahost); 562 hostok = __icheckhost(raddr, salen, ahost);
440 563
441 564
442 if (auser[0] == '+') 565 if (auser[0] == '+')
@@ -444,14 +567,12 @@ __ivaliduser(hostf, raddr, luser, ruser)
444 case '\0': 567 case '\0':
445 userok = 1; 568 userok = 1;
446 break; 569 break;
447
448 case '@': 570 case '@':
449 userok = innetgr(&auser[2], NULL, ruser, 571 userok = innetgr(&auser[2], NULL, ruser,
450 domain); 572 domain);
451 break; 573 break;
452
453 default: 574 default:
454 userok = strcmp(ruser, &auser[1]) == 0; 575 userok = strcmp(ruser, &auser[1]) ? 0 : 1;
455 break; 576 break;
456 } 577 }
457 else if (auser[0] == '-') 578 else if (auser[0] == '-')
@@ -459,59 +580,149 @@ __ivaliduser(hostf, raddr, luser, ruser)
459 case '\0': 580 case '\0':
460 userok = -1; 581 userok = -1;
461 break; 582 break;
462
463 case '@': 583 case '@':
464 userok = -innetgr(&auser[2], NULL, ruser, 584 userok = -innetgr(&auser[2], NULL, ruser,
465 domain); 585 domain);
466 break; 586 break;
467
468 default: 587 default:
469 userok = -(strcmp(ruser, &auser[1]) == 0); 588 userok = strcmp(ruser, &auser[1]) ? 0 : -1;
470 break; 589 break;
471 } 590 }
472 else 591 else
473 userok = strcmp(ruser, auser) == 0; 592 userok = strcmp(ruser, auser) ? 0 : 1;
474 593
475 /* Check if one component did not match */ 594 /* Check if one component did not match */
476 if (hostok == 0 || userok == 0) 595 if (hostok == 0 || userok == 0)
477 continue; 596 continue;
478 597
479 /* Check if we got a forbidden pair */ 598 /* Check if we got a forbidden pair */
480 if (userok == -1 || hostok == -1) 599 if (userok <= -1 || hostok <= -1)
481 return -1; 600 return (-1);
482 601
483 /* Check if we got a valid pair */ 602 /* Check if we got a valid pair */
484 if (hostok == 1 && userok == 1) 603 if (hostok >= 1 && userok >= 1)
485 return 0; 604 return (0);
486 } 605 }
487 return -1; 606bail:
607 return (-1);
488} 608}
489 609
490/* 610/*
491 * Returns "true" if match, 0 if no match. 611 * Returns "true" if match, 0 if no match. If we do not find any
612 * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
613 *
614 * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion
615 * if af == AF_INET6.
492 */ 616 */
493static int 617static int
494__icheckhost(raddr, lhost) 618__icheckhost(raddr, salen, lhost)
495 u_long raddr; 619 struct sockaddr *raddr;
620 socklen_t salen;
496 const char *lhost; 621 const char *lhost;
497{ 622{
498 register struct hostent *hp; 623 struct addrinfo hints, *res, *r;
499 register u_long laddr; 624 char h1[NI_MAXHOST], h2[NI_MAXHOST];
500 register char **pp; 625 int error;
626#ifdef NI_WITHSCOPEID
627 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
628#else
629 const int niflags = NI_NUMERICHOST;
630#endif
501 631
502 /* Try for raw ip address first. */ 632 h1[0] = '\0';
503 if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) 633 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
504 return (raddr == laddr); 634 niflags) != 0)
635 return (0);
505 636
506 /* Better be a hostname. */ 637 /* Resolve laddr into sockaddr */
507 if ((hp = gethostbyname(lhost)) == NULL) 638 memset(&hints, 0, sizeof(hints));
639 hints.ai_family = raddr->sa_family;
640 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
641 res = NULL;
642 error = getaddrinfo(lhost, "0", &hints, &res);
643 if (error)
508 return (0); 644 return (0);
509 645
510 /* Spin through ip addresses. */ 646 /*
511 for (pp = hp->h_addr_list; *pp; ++pp) 647 * Try string comparisons between raddr and laddr.
512 if (!bcmp(&raddr, *pp, sizeof(u_long))) 648 */
649 for (r = res; r; r = r->ai_next) {
650 h2[0] = '\0';
651 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
652 NULL, 0, niflags) != 0)
653 continue;
654 if (strcmp(h1, h2) == 0) {
655 freeaddrinfo(res);
513 return (1); 656 return (1);
657 }
658 }
514 659
515 /* No match. */ 660 /* No match. */
661 freeaddrinfo(res);
516 return (0); 662 return (0);
517} 663}
664
665/*
666 * Return the hostname associated with the supplied address.
667 * Do a reverse lookup as well for security. If a loop cannot
668 * be found, pack the result of inet_ntoa() into the string.
669 *
670 * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion
671 * if af == AF_INET6.
672 */
673static char *
674__gethostloop(raddr, salen)
675 struct sockaddr *raddr;
676 socklen_t salen;
677{
678 static char remotehost[NI_MAXHOST];
679 char h1[NI_MAXHOST], h2[NI_MAXHOST];
680 struct addrinfo hints, *res, *r;
681 int error;
682#ifdef NI_WITHSCOPEID
683 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
684#else
685 const int niflags = NI_NUMERICHOST;
686#endif
687
688 h1[0] = remotehost[0] = '\0';
689 if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
690 NULL, 0, NI_NAMEREQD) != 0)
691 return (NULL);
692 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
693 niflags) != 0)
694 return (NULL);
695
696 /*
697 * Look up the name and check that the supplied
698 * address is in the list
699 */
700 memset(&hints, 0, sizeof(hints));
701 hints.ai_family = raddr->sa_family;
702 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
703 hints.ai_flags = AI_CANONNAME;
704 res = NULL;
705 error = getaddrinfo(remotehost, "0", &hints, &res);
706 if (error)
707 return (NULL);
708
709 for (r = res; r; r = r->ai_next) {
710 h2[0] = '\0';
711 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
712 NULL, 0, niflags) != 0)
713 continue;
714 if (strcmp(h1, h2) == 0) {
715 freeaddrinfo(res);
716 return (remotehost);
717 }
718 }
719
720 /*
721 * either the DNS adminstrator has made a configuration
722 * mistake, or someone has attempted to spoof us
723 */
724 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
725 h1, res->ai_canonname ? res->ai_canonname : remotehost);
726 freeaddrinfo(res);
727 return (NULL);
728}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-01 01:02:52 +0000