1 files changed, 691 insertions, 0 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
new file mode 100644
index 0000000000..bfe8c3ae56
--- /dev/null
+++ b/src/lib/libc/net/rcmd.c
@@ -0,0 +1,691 @@
+/*
+ * Copyright (c) 1995, 1996, 1998 Theo de Raadt.  All rights reserved.
+ * Copyright (c) 1983, 1993, 1994
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: rcmd.c,v 1.52 2005/03/25 13:24:12 otto Exp $";
+#endif /* LIBC_SCCS and not lint */
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <netdb.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <syslog.h>
+#include <stdlib.h>
+#include <netgroup.h>
+int     __ivaliduser(FILE *, in_addr_t, const char *, const char *);
+int     __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
+            const char *, const char *);
+static int __icheckhost(struct sockaddr *, socklen_t, const char *);
+static char *__gethostloop(struct sockaddr *, socklen_t);
+int
+rcmd(char **ahost, int rport, const char *locuser, const char *remuser,
+    const char *cmd, int *fd2p)
+{
+        return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
+}
+int
+rcmd_af(char **ahost, int porta, const char *locuser, const char *remuser,
+    const char *cmd, int *fd2p, int af)
+{
+        static char hbuf[MAXHOSTNAMELEN];
+        char pbuf[NI_MAXSERV];
+        struct addrinfo hints, *res, *r;
+        int error;
+        struct sockaddr_storage from;
+        fd_set *readsp = NULL;
+        sigset_t oldmask, mask;
+        pid_t pid;
+        int s, lport, timo;
+        char c, *p;
+        int refused;
+        in_port_t rport = porta;
+        /* call rcmdsh() with specified remote shell if appropriate. */
+        if (!issetugid() && (p = getenv("RSH")) && *p) {
+                struct servent *sp = getservbyname("shell", "tcp");
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, p));
+        }
+        /* use rsh(1) if non-root and remote port is shell. */
+        if (geteuid()) {
+                struct servent *sp = getservbyname("shell", "tcp");
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, NULL));
+        }
+        pid = getpid();
+        snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = af;
+        hints.ai_socktype = SOCK_STREAM;
+        hints.ai_flags = AI_CANONNAME;
+        error = getaddrinfo(*ahost, pbuf, &hints, &res);
+        if (error) {
+#if 0
+                warnx("%s: %s", *ahost, gai_strerror(error));
+#endif
+                return (-1);
+        }
+        if (res->ai_canonname) {
+                strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
+                *ahost = hbuf;
+        } else
+                ; /*XXX*/
+        r = res;
+        refused = 0;
+        sigemptyset(&mask);
+        sigaddset(&mask, SIGURG);
+        oldmask = sigprocmask(SIG_BLOCK, &mask, &oldmask);
+        for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
+                s = rresvport_af(&lport, r->ai_family);
+                if (s < 0) {
+                        if (errno == EAGAIN)
+                                (void)fprintf(stderr,
+                                    "rcmd: socket: All ports in use\n");
+                        else
+                                (void)fprintf(stderr, "rcmd: socket: %s\n",
+                                    strerror(errno));
+                        if (r->ai_next) {
+                                r = r->ai_next;
+                                continue;
+                        } else {
+                                sigprocmask(SIG_SETMASK, &oldmask, NULL);
+                                freeaddrinfo(res);
+                                return (-1);
+                        }
+                }
+                fcntl(s, F_SETOWN, pid);
+                if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
+                        break;
+                (void)close(s);
+                if (errno == EADDRINUSE) {
+                        lport--;
+                        continue;
+                }
+                if (errno == ECONNREFUSED)
+                        refused++;
+                if (r->ai_next) {
+                        int oerrno = errno;
+                        char hbuf[NI_MAXHOST];
+                        const int niflags = NI_NUMERICHOST;
+                        hbuf[0] = '\0';
+                        if (getnameinfo(r->ai_addr, r->ai_addrlen,
+                            hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
+                                strlcpy(hbuf, "(invalid)", sizeof hbuf);
+                        (void)fprintf(stderr, "connect to address %s: ", hbuf);
+                        errno = oerrno;
+                        perror(0);
+                        r = r->ai_next;
+                        hbuf[0] = '\0';
+                        if (getnameinfo(r->ai_addr, r->ai_addrlen,
+                            hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
+                                strlcpy(hbuf, "(invalid)", sizeof hbuf);
+                        (void)fprintf(stderr, "Trying %s...\n", hbuf);
+                        continue;
+                }
+                if (refused && timo <= 16) {
+                        (void)sleep(timo);
+                        timo *= 2;
+                        r = res;
+                        refused = 0;
+                        continue;
+                }
+                (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
+                    strerror(errno));
+                sigprocmask(SIG_SETMASK, &oldmask, NULL);
+                freeaddrinfo(res);
+                return (-1);
+        }
+        /* given "af" can be PF_UNSPEC, we need the real af for "s" */
+        af = r->ai_family;
+        freeaddrinfo(res);
+#if 0
+        /*
+         * try to rresvport() to the same port. This will make rresvport()
+         * fail it's first bind, resulting in it choosing a random port.
+         */
+        lport--;
+#endif
+        if (fd2p == 0) {
+                write(s, "", 1);
+                lport = 0;
+        } else {
+                char num[8];
+                int s2 = rresvport_af(&lport, af), s3;
+                socklen_t len = sizeof(from);
+                int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
+                if (s2 < 0)
+                        goto bad;
+                readsp = (fd_set *)malloc(fdssize);
+                if (readsp == NULL) {
+                        close(s2);
+                        goto bad;
+                }
+                listen(s2, 1);
+                (void)snprintf(num, sizeof(num), "%d", lport);
+                if (write(s, num, strlen(num)+1) != strlen(num)+1) {
+                        (void)fprintf(stderr,
+                            "rcmd: write (setting up stderr): %s\n",
+                            strerror(errno));
+                        (void)close(s2);
+                        goto bad;
+                }
+again:
+                bzero(readsp, fdssize);
+                FD_SET(s, readsp);
+                FD_SET(s2, readsp);
+                errno = 0;
+                if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
+                    !FD_ISSET(s2, readsp)) {
+                        if (errno != 0)
+                                (void)fprintf(stderr,
+                                    "rcmd: select (setting up stderr): %s\n",
+                                    strerror(errno));
+                        else
+                                (void)fprintf(stderr,
+                                "select: protocol failure in circuit setup\n");
+                        (void)close(s2);
+                        goto bad;
+                }
+                s3 = accept(s2, (struct sockaddr *)&from, &len);
+                if (s3 < 0) {
+                        (void)fprintf(stderr,
+                            "rcmd: accept: %s\n", strerror(errno));
+                        lport = 0;
+                        close(s2);
+                        goto bad;
+                }
+                /*
+                 * XXX careful for ftp bounce attacks. If discovered, shut them
+                 * down and check for the real auxiliary channel to connect.
+                 */
+                switch (from.ss_family) {
+                case AF_INET:
+                case AF_INET6:
+                        if (getnameinfo((struct sockaddr *)&from, len,
+                            NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
+                            atoi(num) != 20) {
+                                break;
+                        }
+                        close(s3);
+                        goto again;
+                default:
+                        break;
+                }
+                (void)close(s2);
+                *fd2p = s3;
+                switch (from.ss_family) {
+                case AF_INET:
+                case AF_INET6:
+                        if (getnameinfo((struct sockaddr *)&from, len,
+                            NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
+                            (atoi(num) >= IPPORT_RESERVED ||
+                             atoi(num) < IPPORT_RESERVED / 2)) {
+                                (void)fprintf(stderr,
+                                    "socket: protocol failure in circuit setup.\n");
+                                goto bad2;
+                        }
+                        break;
+                default:
+                        break;
+                }
+        }
+        (void)write(s, locuser, strlen(locuser)+1);
+        (void)write(s, remuser, strlen(remuser)+1);
+        (void)write(s, cmd, strlen(cmd)+1);
+        if (read(s, &c, 1) != 1) {
+                (void)fprintf(stderr,
+                    "rcmd: %s: %s\n", *ahost, strerror(errno));
+                goto bad2;
+        }
+        if (c != 0) {
+                while (read(s, &c, 1) == 1) {
+                        (void)write(STDERR_FILENO, &c, 1);
+                        if (c == '\n')
+                                break;
+                }
+                goto bad2;
+        }
+        sigprocmask(SIG_SETMASK, &oldmask, NULL);
+        free(readsp);
+        return (s);
+bad2:
+        if (lport)
+                (void)close(*fd2p);
+bad:
+        if (readsp)
+                free(readsp);
+        (void)close(s);
+        sigprocmask(SIG_SETMASK, &oldmask, NULL);
+        return (-1);
+}
+int     __check_rhosts_file = 1;
+char    *__rcmd_errstr;
+int
+ruserok(const char *rhost, int superuser, const char *ruser, const char *luser)
+{
+        struct addrinfo hints, *res, *r;
+        int error;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = PF_UNSPEC;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        error = getaddrinfo(rhost, "0", &hints, &res);
+        if (error)
+                return (-1);
+        for (r = res; r; r = r->ai_next) {
+                if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
+                    luser) == 0) {
+                        freeaddrinfo(res);
+                        return (0);
+                }
+        }
+        freeaddrinfo(res);
+        return (-1);
+}
+/*
+ * New .rhosts strategy: We are passed an ip address. We spin through
+ * hosts.equiv and .rhosts looking for a match. When the .rhosts only
+ * has ip addresses, we don't have to trust a nameserver.  When it
+ * contains hostnames, we spin through the list of addresses the nameserver
+ * gives us and look for a match.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
+{
+        struct sockaddr_in sin;
+        memset(&sin, 0, sizeof(sin));
+        sin.sin_family = AF_INET;
+        sin.sin_len = sizeof(struct sockaddr_in);
+        memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
+        return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
+                    luser);
+}
+int
+iruserok_sa(const void *raddr, int rlen, int superuser, const char *ruser,
+    const char *luser)
+{
+        struct sockaddr *sa;
+        char *cp;
+        struct stat sbuf;
+        struct passwd *pwd;
+        FILE *hostf;
+        uid_t uid;
+        int first;
+        char pbuf[MAXPATHLEN];
+        sa = (struct sockaddr *)raddr;
+        first = 1;
+        hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
+again:
+        if (hostf) {
+                if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
+                        (void)fclose(hostf);
+                        return (0);
+                }
+                (void)fclose(hostf);
+        }
+        if (first == 1 && (__check_rhosts_file || superuser)) {
+                first = 0;
+                if ((pwd = getpwnam(luser)) == NULL)
+                        return (-1);
+                snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
+                /*
+                 * Change effective uid while opening .rhosts.  If root and
+                 * reading an NFS mounted file system, can't read files that
+                 * are protected read/write owner only.
+                 */
+                uid = geteuid();
+                (void)seteuid(pwd->pw_uid);
+                hostf = fopen(pbuf, "r");
+                (void)seteuid(uid);
+                if (hostf == NULL)
+                        return (-1);
+                /*
+                 * If not a regular file, or is owned by someone other than
+                 * user or root or if writeable by anyone but the owner, quit.
+                 */
+                cp = NULL;
+                if (lstat(pbuf, &sbuf) < 0)
+                        cp = ".rhosts lstat failed";
+                else if (!S_ISREG(sbuf.st_mode))
+                        cp = ".rhosts not regular file";
+                else if (fstat(fileno(hostf), &sbuf) < 0)
+                        cp = ".rhosts fstat failed";
+                else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
+                        cp = "bad .rhosts owner";
+                else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
+                        cp = ".rhosts writable by other than owner";
+                /* If there were any problems, quit. */
+                if (cp) {
+                        __rcmd_errstr = cp;
+                        (void)fclose(hostf);
+                        return (-1);
+                }
+                goto again;
+        }
+        return (-1);
+}
+/*
+ * XXX
+ * Don't make static, used by lpd(8).
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+__ivaliduser(FILE *hostf, in_addr_t raddrl, const char *luser,
+    const char *ruser)
+{
+        struct sockaddr_in sin;
+        memset(&sin, 0, sizeof(sin));
+        sin.sin_family = AF_INET;
+        sin.sin_len = sizeof(struct sockaddr_in);
+        memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
+        return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
+                    luser, ruser);
+}
+int
+__ivaliduser_sa(FILE *hostf, struct sockaddr *raddr, socklen_t salen,
+    const char *luser, const char *ruser)
+{
+        char *user, *p;
+        char *buf;
+        const char *auser, *ahost;
+        int hostok, userok;
+        char *rhost = (char *)-1;
+        char domain[MAXHOSTNAMELEN];
+        size_t buflen;
+        getdomainname(domain, sizeof(domain));
+        while ((buf = fgetln(hostf, &buflen))) {
+                p = buf;
+                if (*p == '#')
+                        continue;
+                while (p < buf + buflen && *p != '\n' && *p != ' ' && *p != '\t') {
+                        if (!isprint(*p))
+                                goto bail;
+                        *p = isupper(*p) ? tolower(*p) : *p;
+                        p++;
+                }
+                if (p >= buf + buflen)
+                        continue;
+                if (*p == ' ' || *p == '\t') {
+                        *p++ = '\0';
+                        while (p < buf + buflen && (*p == ' ' || *p == '\t'))
+                                p++;
+                        if (p >= buf + buflen)
+                                continue;
+                        user = p;
+                        while (p < buf + buflen && *p != '\n' && *p != ' ' &&
+                            *p != '\t') {
+                                if (!isprint(*p))
+                                        goto bail;
+                                p++;
+                        }
+                } else
+                        user = p;
+                *p = '\0';
+                if (p == buf)
+                        continue;
+                auser = *user ? user : luser;
+                ahost = buf;
+                if (strlen(ahost) >= MAXHOSTNAMELEN)
+                        continue;
+                /*
+                 * innetgr() must lookup a hostname (we do not attempt
+                 * to change the semantics so that netgroups may have
+                 * #.#.#.# addresses in the list.)
+                 */
+                if (ahost[0] == '+')
+                        switch (ahost[1]) {
+                        case '\0':
+                                hostok = 1;
+                                break;
+                        case '@':
+                                if (rhost == (char *)-1)
+                                        rhost = __gethostloop(raddr, salen);
+                                hostok = 0;
+                                if (rhost)
+                                        hostok = innetgr(&ahost[2], rhost,
+                                            NULL, domain);
+                                break;
+                        default:
+                                hostok = __icheckhost(raddr, salen, &ahost[1]);
+                                break;
+                        }
+                else if (ahost[0] == '-')
+                        switch (ahost[1]) {
+                        case '\0':
+                                hostok = -1;
+                                break;
+                        case '@':
+                                if (rhost == (char *)-1)
+                                        rhost = __gethostloop(raddr, salen);
+                                hostok = 0;
+                                if (rhost)
+                                        hostok = -innetgr(&ahost[2], rhost,
+                                            NULL, domain);
+                                break;
+                        default:
+                                hostok = -__icheckhost(raddr, salen, &ahost[1]);
+                                break;
+                        }
+                else
+                        hostok = __icheckhost(raddr, salen, ahost);
+                if (auser[0] == '+')
+                        switch (auser[1]) {
+                        case '\0':
+                                userok = 1;
+                                break;
+                        case '@':
+                                userok = innetgr(&auser[2], NULL, ruser,
+                                    domain);
+                                break;
+                        default:
+                                userok = strcmp(ruser, &auser[1]) ? 0 : 1;
+                                break;
+                        }
+                else if (auser[0] == '-')
+                        switch (auser[1]) {
+                        case '\0':
+                                userok = -1;
+                                break;
+                        case '@':
+                                userok = -innetgr(&auser[2], NULL, ruser,
+                                    domain);
+                                break;
+                        default:
+                                userok = strcmp(ruser, &auser[1]) ? 0 : -1;
+                                break;
+                        }
+                else
+                        userok = strcmp(ruser, auser) ? 0 : 1;
+                /* Check if one component did not match */
+                if (hostok == 0 || userok == 0)
+                        continue;
+                /* Check if we got a forbidden pair */
+                if (userok <= -1 || hostok <= -1)
+                        return (-1);
+                /* Check if we got a valid pair */
+                if (hostok >= 1 && userok >= 1)
+                        return (0);
+        }
+bail:
+        return (-1);
+}
+/*
+ * Returns "true" if match, 0 if no match.  If we do not find any
+ * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
+ */
+static int
+__icheckhost(struct sockaddr *raddr, socklen_t salen, const char *lhost)
+{
+        struct addrinfo hints, *res, *r;
+        char h1[NI_MAXHOST], h2[NI_MAXHOST];
+        int error;
+        const int niflags = NI_NUMERICHOST;
+        h1[0] = '\0';
+        if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
+            niflags) != 0)
+                return (0);
+        /* Resolve laddr into sockaddr */
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = raddr->sa_family;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        res = NULL;
+        error = getaddrinfo(lhost, "0", &hints, &res);
+        if (error)
+                return (0);
+        /*
+         * Try string comparisons between raddr and laddr.
+         */
+        for (r = res; r; r = r->ai_next) {
+                h2[0] = '\0';
+                if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
+                    NULL, 0, niflags) != 0)
+                        continue;
+                if (strcmp(h1, h2) == 0) {
+                        freeaddrinfo(res);
+                        return (1);
+                }
+        }
+        /* No match. */
+        freeaddrinfo(res);
+        return (0);
+}
+/*
+ * Return the hostname associated with the supplied address.
+ * Do a reverse lookup as well for security. If a loop cannot
+ * be found, pack the result of inet_ntoa() into the string.
+ */
+static char *
+__gethostloop(struct sockaddr *raddr, socklen_t salen)
+{
+        static char remotehost[NI_MAXHOST];
+        char h1[NI_MAXHOST], h2[NI_MAXHOST];
+        struct addrinfo hints, *res, *r;
+        int error;
+        const int niflags = NI_NUMERICHOST;
+        h1[0] = remotehost[0] = '\0';
+        if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
+            NULL, 0, NI_NAMEREQD) != 0)
+                return (NULL);
+        if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
+            niflags) != 0)
+                return (NULL);
+        /*
+         * Look up the name and check that the supplied
+         * address is in the list
+         */
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = raddr->sa_family;
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        hints.ai_flags = AI_CANONNAME;
+        res = NULL;
+        error = getaddrinfo(remotehost, "0", &hints, &res);
+        if (error)
+                return (NULL);
+        for (r = res; r; r = r->ai_next) {
+                h2[0] = '\0';
+                if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
+                    NULL, 0, niflags) != 0)
+                        continue;
+                if (strcmp(h1, h2) == 0) {
+                        freeaddrinfo(res);
+                        return (remotehost);
+                }
+        }
+        /*
+         * either the DNS adminstrator has made a configuration
+         * mistake, or someone has attempted to spoof us
+         */
+        syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
+            h1, res->ai_canonname ? res->ai_canonname : remotehost);
+        freeaddrinfo(res);
+        return (NULL);
+}

diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c new file mode 100644 index 0000000000..bfe8c3ae56 --- /dev/null +++ b/src/lib/libc/net/rcmd.c
@@ -0,0 +1,691 @@
	1	/*
	2	* Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
	3	* Copyright (c) 1983, 1993, 1994
	4	* The Regents of the University of California. All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	* 3. Neither the name of the University nor the names of its contributors
	15	* may be used to endorse or promote products derived from this software
	16	* without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	19	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	20	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	21	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	22	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	23	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	24	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	26	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	27	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	28	* SUCH DAMAGE.
	29	*/
	30
	31	#if defined(LIBC_SCCS) && !defined(lint)
	32	static char *rcsid = "$OpenBSD: rcmd.c,v 1.52 2005/03/25 13:24:12 otto Exp $";
	33	#endif /* LIBC_SCCS and not lint */
	34
	35	#include <sys/param.h>
	36	#include <sys/socket.h>
	37	#include <sys/stat.h>
	38
	39	#include <netinet/in.h>
	40	#include <arpa/inet.h>
	41
	42	#include <signal.h>
	43	#include <fcntl.h>
	44	#include <netdb.h>
	45	#include <unistd.h>
	46	#include <pwd.h>
	47	#include <errno.h>
	48	#include <stdio.h>
	49	#include <ctype.h>
	50	#include <string.h>
	51	#include <syslog.h>
	52	#include <stdlib.h>
	53	#include <netgroup.h>
	54
	55	int __ivaliduser(FILE , in_addr_t, const char , const char *);
	56	int __ivaliduser_sa(FILE , struct sockaddr , socklen_t,
	57	const char , const char );
	58	static int __icheckhost(struct sockaddr , socklen_t, const char );
	59	static char __gethostloop(struct sockaddr , socklen_t);
	60
	61	int
	62	rcmd(char *ahost, int rport, const char locuser, const char *remuser,
	63	const char cmd, int fd2p)
	64	{
	65	return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
	66	}
	67
	68	int
	69	rcmd_af(char *ahost, int porta, const char locuser, const char *remuser,
	70	const char cmd, int fd2p, int af)
	71	{
	72	static char hbuf[MAXHOSTNAMELEN];
	73	char pbuf[NI_MAXSERV];
	74	struct addrinfo hints, res, r;
	75	int error;
	76	struct sockaddr_storage from;
	77	fd_set *readsp = NULL;
	78	sigset_t oldmask, mask;
	79	pid_t pid;
	80	int s, lport, timo;
	81	char c, *p;
	82	int refused;
	83	in_port_t rport = porta;
	84
	85	/* call rcmdsh() with specified remote shell if appropriate. */
	86	if (!issetugid() && (p = getenv("RSH")) && *p) {
	87	struct servent *sp = getservbyname("shell", "tcp");
	88
	89	if (sp && sp->s_port == rport)
	90	return (rcmdsh(ahost, rport, locuser, remuser,
	91	cmd, p));
	92	}
	93
	94	/* use rsh(1) if non-root and remote port is shell. */
	95	if (geteuid()) {
	96	struct servent *sp = getservbyname("shell", "tcp");
	97
	98	if (sp && sp->s_port == rport)
	99	return (rcmdsh(ahost, rport, locuser, remuser,
	100	cmd, NULL));
	101	}
	102
	103	pid = getpid();
	104	snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
	105	memset(&hints, 0, sizeof(hints));
	106	hints.ai_family = af;
	107	hints.ai_socktype = SOCK_STREAM;
	108	hints.ai_flags = AI_CANONNAME;
	109	error = getaddrinfo(*ahost, pbuf, &hints, &res);
	110	if (error) {
	111	#if 0
	112	warnx("%s: %s", *ahost, gai_strerror(error));
	113	#endif
	114	return (-1);
	115	}
	116	if (res->ai_canonname) {
	117	strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
	118	*ahost = hbuf;
	119	} else
	120	; /XXX/
	121
	122	r = res;
	123	refused = 0;
	124	sigemptyset(&mask);
	125	sigaddset(&mask, SIGURG);
	126	oldmask = sigprocmask(SIG_BLOCK, &mask, &oldmask);
	127	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
	128	s = rresvport_af(&lport, r->ai_family);
	129	if (s < 0) {
	130	if (errno == EAGAIN)
	131	(void)fprintf(stderr,
	132	"rcmd: socket: All ports in use\n");
	133	else
	134	(void)fprintf(stderr, "rcmd: socket: %s\n",
	135	strerror(errno));
	136	if (r->ai_next) {
	137	r = r->ai_next;
	138	continue;
	139	} else {
	140	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	141	freeaddrinfo(res);
	142	return (-1);
	143	}
	144	}
	145	fcntl(s, F_SETOWN, pid);
	146	if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
	147	break;
	148	(void)close(s);
	149	if (errno == EADDRINUSE) {
	150	lport--;
	151	continue;
	152	}
	153	if (errno == ECONNREFUSED)
	154	refused++;
	155	if (r->ai_next) {
	156	int oerrno = errno;
	157	char hbuf[NI_MAXHOST];
	158	const int niflags = NI_NUMERICHOST;
	159
	160	hbuf[0] = '\0';
	161	if (getnameinfo(r->ai_addr, r->ai_addrlen,
	162	hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
	163	strlcpy(hbuf, "(invalid)", sizeof hbuf);
	164	(void)fprintf(stderr, "connect to address %s: ", hbuf);
	165	errno = oerrno;
	166	perror(0);
	167	r = r->ai_next;
	168	hbuf[0] = '\0';
	169	if (getnameinfo(r->ai_addr, r->ai_addrlen,
	170	hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
	171	strlcpy(hbuf, "(invalid)", sizeof hbuf);
	172	(void)fprintf(stderr, "Trying %s...\n", hbuf);
	173	continue;
	174	}
	175	if (refused && timo <= 16) {
	176	(void)sleep(timo);
	177	timo *= 2;
	178	r = res;
	179	refused = 0;
	180	continue;
	181	}
	182	(void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
	183	strerror(errno));
	184	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	185	freeaddrinfo(res);
	186	return (-1);
	187	}
	188	/* given "af" can be PF_UNSPEC, we need the real af for "s" */
	189	af = r->ai_family;
	190	freeaddrinfo(res);
	191	#if 0
	192	/*
	193	* try to rresvport() to the same port. This will make rresvport()
	194	* fail it's first bind, resulting in it choosing a random port.
	195	*/
	196	lport--;
	197	#endif
	198	if (fd2p == 0) {
	199	write(s, "", 1);
	200	lport = 0;
	201	} else {
	202	char num[8];
	203	int s2 = rresvport_af(&lport, af), s3;
	204	socklen_t len = sizeof(from);
	205	int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
	206
	207	if (s2 < 0)
	208	goto bad;
	209	readsp = (fd_set *)malloc(fdssize);
	210	if (readsp == NULL) {
	211	close(s2);
	212	goto bad;
	213	}
	214	listen(s2, 1);
	215	(void)snprintf(num, sizeof(num), "%d", lport);
	216	if (write(s, num, strlen(num)+1) != strlen(num)+1) {
	217	(void)fprintf(stderr,
	218	"rcmd: write (setting up stderr): %s\n",
	219	strerror(errno));
	220	(void)close(s2);
	221	goto bad;
	222	}
	223	again:
	224	bzero(readsp, fdssize);
	225	FD_SET(s, readsp);
	226	FD_SET(s2, readsp);
	227	errno = 0;
	228	if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 \|\|
	229	!FD_ISSET(s2, readsp)) {
	230	if (errno != 0)
	231	(void)fprintf(stderr,
	232	"rcmd: select (setting up stderr): %s\n",
	233	strerror(errno));
	234	else
	235	(void)fprintf(stderr,
	236	"select: protocol failure in circuit setup\n");
	237	(void)close(s2);
	238	goto bad;
	239	}
	240	s3 = accept(s2, (struct sockaddr *)&from, &len);
	241	if (s3 < 0) {
	242	(void)fprintf(stderr,
	243	"rcmd: accept: %s\n", strerror(errno));
	244	lport = 0;
	245	close(s2);
	246	goto bad;
	247	}
	248
	249	/*
	250	* XXX careful for ftp bounce attacks. If discovered, shut them
	251	* down and check for the real auxiliary channel to connect.
	252	*/
	253	switch (from.ss_family) {
	254	case AF_INET:
	255	case AF_INET6:
	256	if (getnameinfo((struct sockaddr *)&from, len,
	257	NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
	258	atoi(num) != 20) {
	259	break;
	260	}
	261	close(s3);
	262	goto again;
	263	default:
	264	break;
	265	}
	266	(void)close(s2);
	267
	268	*fd2p = s3;
	269	switch (from.ss_family) {
	270	case AF_INET:
	271	case AF_INET6:
	272	if (getnameinfo((struct sockaddr *)&from, len,
	273	NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 \|\|
	274	(atoi(num) >= IPPORT_RESERVED \|\|
	275	atoi(num) < IPPORT_RESERVED / 2)) {
	276	(void)fprintf(stderr,
	277	"socket: protocol failure in circuit setup.\n");
	278	goto bad2;
	279	}
	280	break;
	281	default:
	282	break;
	283	}
	284	}
	285	(void)write(s, locuser, strlen(locuser)+1);
	286	(void)write(s, remuser, strlen(remuser)+1);
	287	(void)write(s, cmd, strlen(cmd)+1);
	288	if (read(s, &c, 1) != 1) {
	289	(void)fprintf(stderr,
	290	"rcmd: %s: %s\n", *ahost, strerror(errno));
	291	goto bad2;
	292	}
	293	if (c != 0) {
	294	while (read(s, &c, 1) == 1) {
	295	(void)write(STDERR_FILENO, &c, 1);
	296	if (c == '\n')
	297	break;
	298	}
	299	goto bad2;
	300	}
	301	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	302	free(readsp);
	303	return (s);
	304	bad2:
	305	if (lport)
	306	(void)close(*fd2p);
	307	bad:
	308	if (readsp)
	309	free(readsp);
	310	(void)close(s);
	311	sigprocmask(SIG_SETMASK, &oldmask, NULL);
	312	return (-1);
	313	}
	314
	315	int __check_rhosts_file = 1;
	316	char *__rcmd_errstr;
	317
	318	int
	319	ruserok(const char rhost, int superuser, const char ruser, const char *luser)
	320	{
	321	struct addrinfo hints, res, r;
	322	int error;
	323
	324	memset(&hints, 0, sizeof(hints));
	325	hints.ai_family = PF_UNSPEC;
	326	hints.ai_socktype = SOCK_DGRAM; /dummy/
	327	error = getaddrinfo(rhost, "0", &hints, &res);
	328	if (error)
	329	return (-1);
	330
	331	for (r = res; r; r = r->ai_next) {
	332	if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
	333	luser) == 0) {
	334	freeaddrinfo(res);
	335	return (0);
	336	}
	337	}
	338	freeaddrinfo(res);
	339	return (-1);
	340	}
	341
	342	/*
	343	* New .rhosts strategy: We are passed an ip address. We spin through
	344	* hosts.equiv and .rhosts looking for a match. When the .rhosts only
	345	* has ip addresses, we don't have to trust a nameserver. When it
	346	* contains hostnames, we spin through the list of addresses the nameserver
	347	* gives us and look for a match.
	348	*
	349	* Returns 0 if ok, -1 if not ok.
	350	*/
	351	int
	352	iruserok(u_int32_t raddr, int superuser, const char ruser, const char luser)
	353	{
	354	struct sockaddr_in sin;
	355
	356	memset(&sin, 0, sizeof(sin));
	357	sin.sin_family = AF_INET;
	358	sin.sin_len = sizeof(struct sockaddr_in);
	359	memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
	360	return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
	361	luser);
	362	}
	363
	364	int
	365	iruserok_sa(const void raddr, int rlen, int superuser, const char ruser,
	366	const char *luser)
	367	{
	368	struct sockaddr *sa;
	369	char *cp;
	370	struct stat sbuf;
	371	struct passwd *pwd;
	372	FILE *hostf;
	373	uid_t uid;
	374	int first;
	375	char pbuf[MAXPATHLEN];
	376
	377	sa = (struct sockaddr *)raddr;
	378	first = 1;
	379	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
	380	again:
	381	if (hostf) {
	382	if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) {
	383	(void)fclose(hostf);
	384	return (0);
	385	}
	386	(void)fclose(hostf);
	387	}
	388	if (first == 1 && (__check_rhosts_file \|\| superuser)) {
	389	first = 0;
	390	if ((pwd = getpwnam(luser)) == NULL)
	391	return (-1);
	392	snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir);
	393
	394	/*
	395	* Change effective uid while opening .rhosts. If root and
	396	* reading an NFS mounted file system, can't read files that
	397	* are protected read/write owner only.
	398	*/
	399	uid = geteuid();
	400	(void)seteuid(pwd->pw_uid);
	401	hostf = fopen(pbuf, "r");
	402	(void)seteuid(uid);
	403
	404	if (hostf == NULL)
	405	return (-1);
	406	/*
	407	* If not a regular file, or is owned by someone other than
	408	* user or root or if writeable by anyone but the owner, quit.
	409	*/
	410	cp = NULL;
	411	if (lstat(pbuf, &sbuf) < 0)
	412	cp = ".rhosts lstat failed";
	413	else if (!S_ISREG(sbuf.st_mode))
	414	cp = ".rhosts not regular file";
	415	else if (fstat(fileno(hostf), &sbuf) < 0)
	416	cp = ".rhosts fstat failed";
	417	else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
	418	cp = "bad .rhosts owner";
	419	else if (sbuf.st_mode & (S_IWGRP\|S_IWOTH))
	420	cp = ".rhosts writable by other than owner";
	421	/* If there were any problems, quit. */
	422	if (cp) {
	423	__rcmd_errstr = cp;
	424	(void)fclose(hostf);
	425	return (-1);
	426	}
	427	goto again;
	428	}
	429	return (-1);
	430	}
	431
	432	/*
	433	* XXX
	434	* Don't make static, used by lpd(8).
	435	*
	436	* Returns 0 if ok, -1 if not ok.
	437	*/
	438	int
	439	__ivaliduser(FILE hostf, in_addr_t raddrl, const char luser,
	440	const char *ruser)
	441	{
	442	struct sockaddr_in sin;
	443
	444	memset(&sin, 0, sizeof(sin));
	445	sin.sin_family = AF_INET;
	446	sin.sin_len = sizeof(struct sockaddr_in);
	447	memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
	448	return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
	449	luser, ruser);
	450	}
	451
	452	int
	453	__ivaliduser_sa(FILE hostf, struct sockaddr raddr, socklen_t salen,
	454	const char luser, const char ruser)
	455	{
	456	char user, p;
	457	char *buf;
	458	const char auser, ahost;
	459	int hostok, userok;
	460	char rhost = (char )-1;
	461	char domain[MAXHOSTNAMELEN];
	462	size_t buflen;
	463
	464	getdomainname(domain, sizeof(domain));
	465
	466	while ((buf = fgetln(hostf, &buflen))) {
	467	p = buf;
	468	if (*p == '#')
	469	continue;
	470	while (p < buf + buflen && p != '\n' && p != ' ' && *p != '\t') {
	471	if (!isprint(*p))
	472	goto bail;
	473	p = isupper(p) ? tolower(p) : p;
	474	p++;
	475	}
	476	if (p >= buf + buflen)
	477	continue;
	478	if (p == ' ' \|\| p == '\t') {
	479	*p++ = '\0';
	480	while (p < buf + buflen && (p == ' ' \|\| p == '\t'))
	481	p++;
	482	if (p >= buf + buflen)
	483	continue;
	484	user = p;
	485	while (p < buf + buflen && p != '\n' && p != ' ' &&
	486	*p != '\t') {
	487	if (!isprint(*p))
	488	goto bail;
	489	p++;
	490	}
	491	} else
	492	user = p;
	493	*p = '\0';
	494
	495	if (p == buf)
	496	continue;
	497
	498	auser = *user ? user : luser;
	499	ahost = buf;
	500
	501	if (strlen(ahost) >= MAXHOSTNAMELEN)
	502	continue;
	503
	504	/*
	505	* innetgr() must lookup a hostname (we do not attempt
	506	* to change the semantics so that netgroups may have
	507	* #.#.#.# addresses in the list.)
	508	*/
	509	if (ahost[0] == '+')
	510	switch (ahost[1]) {
	511	case '\0':
	512	hostok = 1;
	513	break;
	514	case '@':
	515	if (rhost == (char *)-1)
	516	rhost = __gethostloop(raddr, salen);
	517	hostok = 0;
	518	if (rhost)
	519	hostok = innetgr(&ahost[2], rhost,
	520	NULL, domain);
	521	break;
	522	default:
	523	hostok = __icheckhost(raddr, salen, &ahost[1]);
	524	break;
	525	}
	526	else if (ahost[0] == '-')
	527	switch (ahost[1]) {
	528	case '\0':
	529	hostok = -1;
	530	break;
	531	case '@':
	532	if (rhost == (char *)-1)
	533	rhost = __gethostloop(raddr, salen);
	534	hostok = 0;
	535	if (rhost)
	536	hostok = -innetgr(&ahost[2], rhost,
	537	NULL, domain);
	538	break;
	539	default:
	540	hostok = -__icheckhost(raddr, salen, &ahost[1]);
	541	break;
	542	}
	543	else
	544	hostok = __icheckhost(raddr, salen, ahost);
	545
	546
	547	if (auser[0] == '+')
	548	switch (auser[1]) {
	549	case '\0':
	550	userok = 1;
	551	break;
	552	case '@':
	553	userok = innetgr(&auser[2], NULL, ruser,
	554	domain);
	555	break;
	556	default:
	557	userok = strcmp(ruser, &auser[1]) ? 0 : 1;
	558	break;
	559	}
	560	else if (auser[0] == '-')
	561	switch (auser[1]) {
	562	case '\0':
	563	userok = -1;
	564	break;
	565	case '@':
	566	userok = -innetgr(&auser[2], NULL, ruser,
	567	domain);
	568	break;
	569	default:
	570	userok = strcmp(ruser, &auser[1]) ? 0 : -1;
	571	break;
	572	}
	573	else
	574	userok = strcmp(ruser, auser) ? 0 : 1;
	575
	576	/* Check if one component did not match */
	577	if (hostok == 0 \|\| userok == 0)
	578	continue;
	579
	580	/* Check if we got a forbidden pair */
	581	if (userok <= -1 \|\| hostok <= -1)
	582	return (-1);
	583
	584	/* Check if we got a valid pair */
	585	if (hostok >= 1 && userok >= 1)
	586	return (0);
	587	}
	588	bail:
	589	return (-1);
	590	}
	591
	592	/*
	593	* Returns "true" if match, 0 if no match. If we do not find any
	594	* semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
	595	*/
	596	static int
	597	__icheckhost(struct sockaddr raddr, socklen_t salen, const char lhost)
	598	{
	599	struct addrinfo hints, res, r;
	600	char h1[NI_MAXHOST], h2[NI_MAXHOST];
	601	int error;
	602	const int niflags = NI_NUMERICHOST;
	603
	604	h1[0] = '\0';
	605	if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
	606	niflags) != 0)
	607	return (0);
	608
	609	/* Resolve laddr into sockaddr */
	610	memset(&hints, 0, sizeof(hints));
	611	hints.ai_family = raddr->sa_family;
	612	hints.ai_socktype = SOCK_DGRAM; /dummy/
	613	res = NULL;
	614	error = getaddrinfo(lhost, "0", &hints, &res);
	615	if (error)
	616	return (0);
	617
	618	/*
	619	* Try string comparisons between raddr and laddr.
	620	*/
	621	for (r = res; r; r = r->ai_next) {
	622	h2[0] = '\0';
	623	if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
	624	NULL, 0, niflags) != 0)
	625	continue;
	626	if (strcmp(h1, h2) == 0) {
	627	freeaddrinfo(res);
	628	return (1);
	629	}
	630	}
	631
	632	/* No match. */
	633	freeaddrinfo(res);
	634	return (0);
	635	}
	636
	637	/*
	638	* Return the hostname associated with the supplied address.
	639	* Do a reverse lookup as well for security. If a loop cannot
	640	* be found, pack the result of inet_ntoa() into the string.
	641	*/
	642	static char *
	643	__gethostloop(struct sockaddr *raddr, socklen_t salen)
	644	{
	645	static char remotehost[NI_MAXHOST];
	646	char h1[NI_MAXHOST], h2[NI_MAXHOST];
	647	struct addrinfo hints, res, r;
	648	int error;
	649	const int niflags = NI_NUMERICHOST;
	650
	651	h1[0] = remotehost[0] = '\0';
	652	if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost),
	653	NULL, 0, NI_NAMEREQD) != 0)
	654	return (NULL);
	655	if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0,
	656	niflags) != 0)
	657	return (NULL);
	658
	659	/*
	660	* Look up the name and check that the supplied
	661	* address is in the list
	662	*/
	663	memset(&hints, 0, sizeof(hints));
	664	hints.ai_family = raddr->sa_family;
	665	hints.ai_socktype = SOCK_DGRAM; /dummy/
	666	hints.ai_flags = AI_CANONNAME;
	667	res = NULL;
	668	error = getaddrinfo(remotehost, "0", &hints, &res);
	669	if (error)
	670	return (NULL);
	671
	672	for (r = res; r; r = r->ai_next) {
	673	h2[0] = '\0';
	674	if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2),
	675	NULL, 0, niflags) != 0)
	676	continue;
	677	if (strcmp(h1, h2) == 0) {
	678	freeaddrinfo(res);
	679	return (remotehost);
	680	}
	681	}
	682
	683	/*
	684	* either the DNS adminstrator has made a configuration
	685	* mistake, or someone has attempted to spoof us
	686	*/
	687	syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
	688	h1, res->ai_canonname ? res->ai_canonname : remotehost);
	689	freeaddrinfo(res);
	690	return (NULL);
	691	}