1 files changed, 162 insertions, 376 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index e0310031b0..d566e0ca4c 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
-/*      $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $        */
 /*
+ * Copyright (c) 1995, 1996, 1998 Theo de Raadt.  All rights reserved.
 * Copyright (c) 1983, 1993, 1994
 *      The Regents of the University of California.  All rights reserved.
 *
@@ -12,11 +11,7 @@
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
+ * 3. Neither the name of the University nor the names of its contributors
- *    must display the following acknowledgement:
- *      This product includes software developed by the University of
- *      California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
@@ -33,14 +28,6 @@
 * SUCH DAMAGE.
 */
-#if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)rcmd.c      8.3 (Berkeley) 3/26/94";
-#else
-static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
-#endif
-#endif /* LIBC_SCCS and not lint */
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ -57,35 +44,77 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
 #include <stdio.h>
 #include <ctype.h>
 #include <string.h>
+#include <syslog.h>
+#include <stdlib.h>
-int     __ivaliduser __P((FILE *, u_long, const char *, const char *));
+int
-static int __icheckhost __P((u_long, const char *));
+rcmd(char **ahost, int rport, const char *locuser, const char *remuser,
+    const char *cmd, int *fd2p)
+{
+        return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
+}
 int
-rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
+rcmd_af(char **ahost, int porta, const char *locuser, const char *remuser,
-        char **ahost;
+    const char *cmd, int *fd2p, int af)
-        u_short rport;
-        const char *locuser, *remuser, *cmd;
-        int *fd2p;
 {
-        struct hostent *hp;
+        static char hbuf[MAXHOSTNAMELEN];
-        struct sockaddr_in sin, from;
+        char pbuf[NI_MAXSERV];
-        fd_set reads;
+        struct addrinfo hints, *res, *r;
-        long oldmask;
+        int error;
+        struct sockaddr_storage from;
+        fd_set *readsp = NULL;
+        sigset_t oldmask, mask;
        pid_t pid;
        int s, lport, timo;
-        char c;
+        char c, *p;
+        int refused;
+        in_port_t rport = porta;
+        /* call rcmdsh() with specified remote shell if appropriate. */
+        if (!issetugid() && (p = getenv("RSH")) && *p) {
+                struct servent *sp = getservbyname("shell", "tcp");
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, p));
+        }
+        /* use rsh(1) if non-root and remote port is shell. */
+        if (geteuid()) {
+                struct servent *sp = getservbyname("shell", "tcp");
+                if (sp && sp->s_port == rport)
+                        return (rcmdsh(ahost, rport, locuser, remuser,
+                            cmd, NULL));
+        }
        pid = getpid();
-        hp = gethostbyname(*ahost);
+        snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
-        if (hp == NULL) {
+        memset(&hints, 0, sizeof(hints));
-                herror(*ahost);
+        hints.ai_family = af;
+        hints.ai_socktype = SOCK_STREAM;
+        hints.ai_flags = AI_CANONNAME;
+        error = getaddrinfo(*ahost, pbuf, &hints, &res);
+        if (error) {
+#if 0
+                warnx("%s: %s", *ahost, gai_strerror(error));
+#endif
                return (-1);
        }
-        *ahost = hp->h_name;
+        if (res->ai_canonname) {
-        oldmask = sigblock(sigmask(SIGURG));
+                strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
+                *ahost = hbuf;
+        } else
+                ; /*XXX*/
+        r = res;
+        refused = 0;
+        sigemptyset(&mask);
+        sigaddset(&mask, SIGURG);
+        sigprocmask(SIG_BLOCK, &mask, &oldmask);
        for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
-                s = rresvport(&lport);
+                s = rresvport_af(&lport, r->ai_family);
                if (s < 0) {
                        if (errno == EAGAIN)
                                (void)fprintf(stderr,
@@ -93,54 +122,84 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                        else
                                (void)fprintf(stderr, "rcmd: socket: %s\n",
                                    strerror(errno));
-                        sigsetmask(oldmask);
+                        if (r->ai_next) {
-                        return (-1);
+                                r = r->ai_next;
+                                continue;
+                        } else {
+                                sigprocmask(SIG_SETMASK, &oldmask, NULL);
+                                freeaddrinfo(res);
+                                return (-1);
+                        }
                }
                fcntl(s, F_SETOWN, pid);
-                sin.sin_len = sizeof(struct sockaddr_in);
+                if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
-                sin.sin_family = hp->h_addrtype;
-                sin.sin_port = rport;
-                bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
-                if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
                        break;
                (void)close(s);
                if (errno == EADDRINUSE) {
                        lport--;
                        continue;
                }
-                if (errno == ECONNREFUSED && timo <= 16) {
+                if (errno == ECONNREFUSED)
-                        (void)sleep(timo);
+                        refused++;
-                        timo *= 2;
+                if (r->ai_next) {
-                        continue;
-                }
-                if (hp->h_addr_list[1] != NULL) {
                        int oerrno = errno;
+                        char hbuf[NI_MAXHOST];
-                        (void)fprintf(stderr, "connect to address %s: ",
+                        const int niflags = NI_NUMERICHOST;
-                            inet_ntoa(sin.sin_addr));
+                        hbuf[0] = '\0';
+                        if (getnameinfo(r->ai_addr, r->ai_addrlen,
+                            hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
+                                strlcpy(hbuf, "(invalid)", sizeof hbuf);
+                        (void)fprintf(stderr, "connect to address %s: ", hbuf);
                        errno = oerrno;
                        perror(0);
-                        hp->h_addr_list++;
+                        r = r->ai_next;
-                        bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
+                        hbuf[0] = '\0';
-                        (void)fprintf(stderr, "Trying %s...\n",
+                        if (getnameinfo(r->ai_addr, r->ai_addrlen,
-                            inet_ntoa(sin.sin_addr));
+                            hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
+                                strlcpy(hbuf, "(invalid)", sizeof hbuf);
+                        (void)fprintf(stderr, "Trying %s...\n", hbuf);
                        continue;
                }
-                (void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno));
+                if (refused && timo <= 16) {
-                sigsetmask(oldmask);
+                        (void)sleep(timo);
+                        timo *= 2;
+                        r = res;
+                        refused = 0;
+                        continue;
+                }
+                (void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
+                    strerror(errno));
+                sigprocmask(SIG_SETMASK, &oldmask, NULL);
+                freeaddrinfo(res);
                return (-1);
        }
+        /* given "af" can be PF_UNSPEC, we need the real af for "s" */
+        af = r->ai_family;
+        freeaddrinfo(res);
+#if 0
+        /*
+         * try to rresvport() to the same port. This will make rresvport()
+         * fail it's first bind, resulting in it choosing a random port.
+         */
        lport--;
+#endif
        if (fd2p == 0) {
                write(s, "", 1);
                lport = 0;
        } else {
                char num[8];
-                int s2 = rresvport(&lport), s3;
+                int s2 = rresvport_af(&lport, af), s3;
-                int len = sizeof(from);
+                socklen_t len = sizeof(from);
+                int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
                if (s2 < 0)
                        goto bad;
+                readsp = (fd_set *)malloc(fdssize);
+                if (readsp == NULL) {
+                        close(s2);
+                        goto bad;
+                }
                listen(s2, 1);
                (void)snprintf(num, sizeof(num), "%d", lport);
                if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +209,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                        (void)close(s2);
                        goto bad;
                }
-                FD_ZERO(&reads);
+again:
-                FD_SET(s, &reads);
+                bzero(readsp, fdssize);
-                FD_SET(s2, &reads);
+                FD_SET(s, readsp);
+                FD_SET(s2, readsp);
                errno = 0;
-                if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 ||
+                if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
-                    !FD_ISSET(s2, &reads)) {
+                    !FD_ISSET(s2, readsp)) {
                        if (errno != 0)
                                (void)fprintf(stderr,
                                    "rcmd: select (setting up stderr): %s\n",
@@ -167,21 +227,48 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                        goto bad;
                }
                s3 = accept(s2, (struct sockaddr *)&from, &len);
-                (void)close(s2);
                if (s3 < 0) {
                        (void)fprintf(stderr,
                            "rcmd: accept: %s\n", strerror(errno));
                        lport = 0;
+                        close(s2);
                        goto bad;
                }
+                /*
+                 * XXX careful for ftp bounce attacks. If discovered, shut them
+                 * down and check for the real auxiliary channel to connect.
+                 */
+                switch (from.ss_family) {
+                case AF_INET:
+                case AF_INET6:
+                        if (getnameinfo((struct sockaddr *)&from, len,
+                            NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
+                            atoi(num) != 20) {
+                                break;
+                        }
+                        close(s3);
+                        goto again;
+                default:
+                        break;
+                }
+                (void)close(s2);
                *fd2p = s3;
-                from.sin_port = ntohs(from.sin_port);
+                switch (from.ss_family) {
-                if (from.sin_family != AF_INET ||
+                case AF_INET:
-                    from.sin_port >= IPPORT_RESERVED ||
+                case AF_INET6:
-                    from.sin_port < IPPORT_RESERVED / 2) {
+                        if (getnameinfo((struct sockaddr *)&from, len,
-                        (void)fprintf(stderr,
+                            NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 ||
-                            "socket: protocol failure in circuit setup.\n");
+                            (atoi(num) >= IPPORT_RESERVED ||
-                        goto bad2;
+                             atoi(num) < IPPORT_RESERVED / 2)) {
+                                (void)fprintf(stderr,
+                                    "socket: protocol failure in circuit setup.\n");
+                                goto bad2;
+                        }
+                        break;
+                default:
+                        break;
                }
        }
        (void)write(s, locuser, strlen(locuser)+1);
@@ -200,318 +287,17 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                }
                goto bad2;
        }
-        sigsetmask(oldmask);
+        sigprocmask(SIG_SETMASK, &oldmask, NULL);
+        free(readsp);
        return (s);
 bad2:
        if (lport)
                (void)close(*fd2p);
 bad:
+        if (readsp)
+                free(readsp);
        (void)close(s);
-        sigsetmask(oldmask);
+        sigprocmask(SIG_SETMASK, &oldmask, NULL);
-        return (-1);
-}
-int
-rresvport(alport)
-        int *alport;
-{
-        struct sockaddr_in sin;
-        int s;
-        sin.sin_len = sizeof(struct sockaddr_in);
-        sin.sin_family = AF_INET;
-        sin.sin_addr.s_addr = INADDR_ANY;
-        s = socket(AF_INET, SOCK_STREAM, 0);
-        if (s < 0)
-                return (-1);
-        for (;;) {
-                sin.sin_port = htons((u_short)*alport);
-                if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
-                        return (s);
-                if (errno != EADDRINUSE) {
-                        (void)close(s);
-                        return (-1);
-                }
-                (*alport)--;
-                if (*alport == IPPORT_RESERVED/2) {
-                        (void)close(s);
-                        errno = EAGAIN;         /* close */
-                        return (-1);
-                }
-        }
-}
-int     __check_rhosts_file = 1;
-char    *__rcmd_errstr;
-int
-ruserok(rhost, superuser, ruser, luser)
-        const char *rhost, *ruser, *luser;
-        int superuser;
-{
-        struct hostent *hp;
-        char **ap;
-        int i;
-#define MAXADDRS        35
-        u_long addrs[MAXADDRS + 1];
-        if ((hp = gethostbyname(rhost)) == NULL)
-                return (-1);
-        for (i = 0, ap = hp->h_addr_list; *ap && i < MAXADDRS; ++ap, ++i)
-                bcopy(*ap, &addrs[i], sizeof(addrs[i]));
-        addrs[i] = 0;
-        for (i = 0; i < MAXADDRS && addrs[i]; i++)
-                if (iruserok(addrs[i], superuser, ruser, luser) == 0)
-                        return (0);
-        return (-1);
-}
-/*
- * New .rhosts strategy: We are passed an ip address. We spin through
- * hosts.equiv and .rhosts looking for a match. When the .rhosts only
- * has ip addresses, we don't have to trust a nameserver.  When it
- * contains hostnames, we spin through the list of addresses the nameserver
- * gives us and look for a match.
- *
- * Returns 0 if ok, -1 if not ok.
- */
-int
-iruserok(raddr, superuser, ruser, luser)
-        u_long raddr;
-        int superuser;
-        const char *ruser, *luser;
-{
-        register char *cp;
-        struct stat sbuf;
-        struct passwd *pwd;
-        FILE *hostf;
-        uid_t uid;
-        int first;
-        char pbuf[MAXPATHLEN];
-        first = 1;
-        hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
-again:
-        if (hostf) {
-                if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
-                        (void)fclose(hostf);
-                        return (0);
-                }
-                (void)fclose(hostf);
-        }
-        if (first == 1 && (__check_rhosts_file || superuser)) {
-                first = 0;
-                if ((pwd = getpwnam(luser)) == NULL)
-                        return (-1);
-                (void)strcpy(pbuf, pwd->pw_dir);
-                (void)strcat(pbuf, "/.rhosts");
-                /*
-                 * Change effective uid while opening .rhosts.  If root and
-                 * reading an NFS mounted file system, can't read files that
-                 * are protected read/write owner only.
-                 */
-                uid = geteuid();
-                (void)seteuid(pwd->pw_uid);
-                hostf = fopen(pbuf, "r");
-                (void)seteuid(uid);
-                if (hostf == NULL)
-                        return (-1);
-                /*
-                 * If not a regular file, or is owned by someone other than
-                 * user or root or if writeable by anyone but the owner, quit.
-                 */
-                cp = NULL;
-                if (lstat(pbuf, &sbuf) < 0)
-                        cp = ".rhosts lstat failed";
-                else if (!S_ISREG(sbuf.st_mode))
-                        cp = ".rhosts not regular file";
-                else if (fstat(fileno(hostf), &sbuf) < 0)
-                        cp = ".rhosts fstat failed";
-                else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
-                        cp = "bad .rhosts owner";
-                else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
-                        cp = ".rhosts writeable by other than owner";
-                /* If there were any problems, quit. */
-                if (cp) {
-                        __rcmd_errstr = cp;
-                        (void)fclose(hostf);
-                        return (-1);
-                }
-                goto again;
-        }
        return (-1);
 }
-/*
- * XXX
- * Don't make static, used by lpd(8).
- *
- * Returns 0 if ok, -1 if not ok.
- */
-int
-__ivaliduser(hostf, raddr, luser, ruser)
-        FILE *hostf;
-        u_long raddr;
-        const char *luser, *ruser;
-{
-        register char *user, *p;
-        int ch;
-        char buf[MAXHOSTNAMELEN + 128];         /* host + login */
-        const char *auser, *ahost;
-        int hostok, userok;
-        char rhost[MAXHOSTNAMELEN];
-        struct hostent *hp;
-        char domain[MAXHOSTNAMELEN];
-        getdomainname(domain, sizeof(domain));
-        while (fgets(buf, sizeof(buf), hostf)) {
-                p = buf;
-                /* Skip lines that are too long. */
-                if (strchr(p, '\n') == NULL) {
-                        while ((ch = getc(hostf)) != '\n' && ch != EOF);
-                        continue;
-                }
-                while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
-                        *p = isupper(*p) ? tolower(*p) : *p;
-                        p++;
-                }
-                if (*p == ' ' || *p == '\t') {
-                        *p++ = '\0';
-                        while (*p == ' ' || *p == '\t')
-                                p++;
-                        user = p;
-                        while (*p != '\n' && *p != ' ' &&
-                            *p != '\t' && *p != '\0')
-                                p++;
-                } else
-                        user = p;
-                *p = '\0';
-                if (p == buf)
-                        continue;
-                auser = *user ? user : luser;
-                ahost = buf;
-                if ((hp = gethostbyaddr((char *) &raddr,
-                                        sizeof(raddr), AF_INET)) == NULL) {
-                        abort();
-                        return -1;
-                }
-                (void) strncpy(rhost, hp->h_name, sizeof(rhost));
-                rhost[sizeof(rhost) - 1] = '\0';
-                if (ahost[0] == '+')
-                        switch (ahost[1]) {
-                        case '\0':
-                                hostok = 1;
-                                break;
-                        case '@':
-                                hostok = innetgr(&ahost[2], rhost, NULL,
-                                                 domain);
-                                break;
-                        default:
-                                hostok = __icheckhost(raddr, &ahost[1]);
-                                break;
-                        }
-                else if (ahost[0] == '-')
-                        switch (ahost[1]) {
-                        case '\0':
-                                hostok = -1;
-                                break;
-                        case '@':
-                                hostok = -innetgr(&ahost[2], rhost, NULL,
-                                                  domain);
-                                break;
-                        default:
-                                hostok = -__icheckhost(raddr, &ahost[1]);
-                                break;
-                        }
-                else
-                        hostok = __icheckhost(raddr, ahost);
-                if (auser[0] == '+')
-                        switch (auser[1]) {
-                        case '\0':
-                                userok = 1;
-                                break;
-                        case '@':
-                                userok = innetgr(&auser[2], NULL, ruser,
-                                                 domain);
-                                break;
-                        default:
-                                userok = strcmp(ruser, &auser[1]) == 0;
-                                break;
-                        }
-                else if (auser[0] == '-')
-                        switch (auser[1]) {
-                        case '\0':
-                                userok = -1;
-                                break;
-                        case '@':
-                                userok = -innetgr(&auser[2], NULL, ruser,
-                                                  domain);
-                                break;
-                        default:
-                                userok = -(strcmp(ruser, &auser[1]) == 0);
-                                break;
-                        }
-                else
-                        userok = strcmp(ruser, auser) == 0;
-                /* Check if one component did not match */
-                if (hostok == 0 || userok == 0)
-                        continue;
-                /* Check if we got a forbidden pair */
-                if (userok == -1 || hostok == -1)
-                        return -1;
-                /* Check if we got a valid pair */
-                if (hostok == 1 && userok == 1)
-                        return 0;
-        }
-        return -1;
-}
-/*
- * Returns "true" if match, 0 if no match.
- */
-static int
-__icheckhost(raddr, lhost)
-        u_long raddr;
-        const char *lhost;
-{
-        register struct hostent *hp;
-        register u_long laddr;
-        register char **pp;
-        /* Try for raw ip address first. */
-        if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1)
-                return (raddr == laddr);
-        /* Better be a hostname. */
-        if ((hp = gethostbyname(lhost)) == NULL)
-                return (0);
-        /* Spin through ip addresses. */
-        for (pp = hp->h_addr_list; *pp; ++pp)
-                if (!bcmp(&raddr, *pp, sizeof(u_long)))
-                        return (1);
-        /* No match. */
-        return (0);
-}

diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c index e0310031b0..d566e0ca4c 100644 --- a/src/lib/libc/net/rcmd.c +++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
1	/* $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $ */
2
3	/*	1	/*
		2	* Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
4	* Copyright (c) 1983, 1993, 1994	3	* Copyright (c) 1983, 1993, 1994
5	* The Regents of the University of California. All rights reserved.	4	* The Regents of the University of California. All rights reserved.
6	*	5	*
@@ -12,11 +11,7 @@
12	* 2. Redistributions in binary form must reproduce the above copyright	11	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in the	12	* notice, this list of conditions and the following disclaimer in the
14	* documentation and/or other materials provided with the distribution.	13	* documentation and/or other materials provided with the distribution.
15	* 3. All advertising materials mentioning features or use of this software	14	* 3. Neither the name of the University nor the names of its contributors
16	* must display the following acknowledgement:
17	* This product includes software developed by the University of
18	* California, Berkeley and its contributors.
19	* 4. Neither the name of the University nor the names of its contributors
20	* may be used to endorse or promote products derived from this software	15	* may be used to endorse or promote products derived from this software
21	* without specific prior written permission.	16	* without specific prior written permission.
22	*	17	*
@@ -33,14 +28,6 @@
33	* SUCH DAMAGE.	28	* SUCH DAMAGE.
34	*/	29	*/
35		30
36	#if defined(LIBC_SCCS) && !defined(lint)
37	#if 0
38	static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
39	#else
40	static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
41	#endif
42	#endif /* LIBC_SCCS and not lint */
43
44	#include <sys/param.h>	31	#include <sys/param.h>
45	#include <sys/socket.h>	32	#include <sys/socket.h>
46	#include <sys/stat.h>	33	#include <sys/stat.h>
@@ -57,35 +44,77 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
57	#include <stdio.h>	44	#include <stdio.h>
58	#include <ctype.h>	45	#include <ctype.h>
59	#include <string.h>	46	#include <string.h>
		47	#include <syslog.h>
		48	#include <stdlib.h>
60		49
61	int __ivaliduser __P((FILE , u_long, const char , const char *));	50	int
62	static int __icheckhost __P((u_long, const char *));	51	rcmd(char *ahost, int rport, const char locuser, const char *remuser,
		52	const char cmd, int fd2p)
		53	{
		54	return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
		55	}
63		56
64	int	57	int
65	rcmd(ahost, rport, locuser, remuser, cmd, fd2p)	58	rcmd_af(char *ahost, int porta, const char locuser, const char *remuser,
66	char **ahost;	59	const char cmd, int fd2p, int af)
67	u_short rport;
68	const char locuser, remuser, *cmd;
69	int *fd2p;
70	{	60	{
71	struct hostent *hp;	61	static char hbuf[MAXHOSTNAMELEN];
72	struct sockaddr_in sin, from;	62	char pbuf[NI_MAXSERV];
73	fd_set reads;	63	struct addrinfo hints, res, r;
74	long oldmask;	64	int error;
		65	struct sockaddr_storage from;
		66	fd_set *readsp = NULL;
		67	sigset_t oldmask, mask;
75	pid_t pid;	68	pid_t pid;
76	int s, lport, timo;	69	int s, lport, timo;
77	char c;	70	char c, *p;
		71	int refused;
		72	in_port_t rport = porta;
		73
		74	/* call rcmdsh() with specified remote shell if appropriate. */
		75	if (!issetugid() && (p = getenv("RSH")) && *p) {
		76	struct servent *sp = getservbyname("shell", "tcp");
		77
		78	if (sp && sp->s_port == rport)
		79	return (rcmdsh(ahost, rport, locuser, remuser,
		80	cmd, p));
		81	}
		82
		83	/* use rsh(1) if non-root and remote port is shell. */
		84	if (geteuid()) {
		85	struct servent *sp = getservbyname("shell", "tcp");
		86
		87	if (sp && sp->s_port == rport)
		88	return (rcmdsh(ahost, rport, locuser, remuser,
		89	cmd, NULL));
		90	}
78		91
79	pid = getpid();	92	pid = getpid();
80	hp = gethostbyname(*ahost);	93	snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport));
81	if (hp == NULL) {	94	memset(&hints, 0, sizeof(hints));
82	herror(*ahost);	95	hints.ai_family = af;
		96	hints.ai_socktype = SOCK_STREAM;
		97	hints.ai_flags = AI_CANONNAME;
		98	error = getaddrinfo(*ahost, pbuf, &hints, &res);
		99	if (error) {
		100	#if 0
		101	warnx("%s: %s", *ahost, gai_strerror(error));
		102	#endif
83	return (-1);	103	return (-1);
84	}	104	}
85	*ahost = hp->h_name;	105	if (res->ai_canonname) {
86	oldmask = sigblock(sigmask(SIGURG));	106	strlcpy(hbuf, res->ai_canonname, sizeof(hbuf));
		107	*ahost = hbuf;
		108	} else
		109	; /XXX/
		110
		111	r = res;
		112	refused = 0;
		113	sigemptyset(&mask);
		114	sigaddset(&mask, SIGURG);
		115	sigprocmask(SIG_BLOCK, &mask, &oldmask);
87	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {	116	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
88	s = rresvport(&lport);	117	s = rresvport_af(&lport, r->ai_family);
89	if (s < 0) {	118	if (s < 0) {
90	if (errno == EAGAIN)	119	if (errno == EAGAIN)
91	(void)fprintf(stderr,	120	(void)fprintf(stderr,
@@ -93,54 +122,84 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
93	else	122	else
94	(void)fprintf(stderr, "rcmd: socket: %s\n",	123	(void)fprintf(stderr, "rcmd: socket: %s\n",
95	strerror(errno));	124	strerror(errno));
96	sigsetmask(oldmask);	125	if (r->ai_next) {
97	return (-1);	126	r = r->ai_next;
		127	continue;
		128	} else {
		129	sigprocmask(SIG_SETMASK, &oldmask, NULL);
		130	freeaddrinfo(res);
		131	return (-1);
		132	}
98	}	133	}
99	fcntl(s, F_SETOWN, pid);	134	fcntl(s, F_SETOWN, pid);
100	sin.sin_len = sizeof(struct sockaddr_in);	135	if (connect(s, r->ai_addr, r->ai_addrlen) >= 0)
101	sin.sin_family = hp->h_addrtype;
102	sin.sin_port = rport;
103	bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
104	if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
105	break;	136	break;
106	(void)close(s);	137	(void)close(s);
107	if (errno == EADDRINUSE) {	138	if (errno == EADDRINUSE) {
108	lport--;	139	lport--;
109	continue;	140	continue;
110	}	141	}
111	if (errno == ECONNREFUSED && timo <= 16) {	142	if (errno == ECONNREFUSED)
112	(void)sleep(timo);	143	refused++;
113	timo *= 2;	144	if (r->ai_next) {
114	continue;
115	}
116	if (hp->h_addr_list[1] != NULL) {
117	int oerrno = errno;	145	int oerrno = errno;
118		146	char hbuf[NI_MAXHOST];
119	(void)fprintf(stderr, "connect to address %s: ",	147	const int niflags = NI_NUMERICHOST;
120	inet_ntoa(sin.sin_addr));	148
		149	hbuf[0] = '\0';
		150	if (getnameinfo(r->ai_addr, r->ai_addrlen,
		151	hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
		152	strlcpy(hbuf, "(invalid)", sizeof hbuf);
		153	(void)fprintf(stderr, "connect to address %s: ", hbuf);
121	errno = oerrno;	154	errno = oerrno;
122	perror(0);	155	perror(0);
123	hp->h_addr_list++;	156	r = r->ai_next;
124	bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);	157	hbuf[0] = '\0';
125	(void)fprintf(stderr, "Trying %s...\n",	158	if (getnameinfo(r->ai_addr, r->ai_addrlen,
126	inet_ntoa(sin.sin_addr));	159	hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
		160	strlcpy(hbuf, "(invalid)", sizeof hbuf);
		161	(void)fprintf(stderr, "Trying %s...\n", hbuf);
127	continue;	162	continue;
128	}	163	}
129	(void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno));	164	if (refused && timo <= 16) {
130	sigsetmask(oldmask);	165	(void)sleep(timo);
		166	timo *= 2;
		167	r = res;
		168	refused = 0;
		169	continue;
		170	}
		171	(void)fprintf(stderr, "%s: %s\n", res->ai_canonname,
		172	strerror(errno));
		173	sigprocmask(SIG_SETMASK, &oldmask, NULL);
		174	freeaddrinfo(res);
131	return (-1);	175	return (-1);
132	}	176	}
		177	/* given "af" can be PF_UNSPEC, we need the real af for "s" */
		178	af = r->ai_family;
		179	freeaddrinfo(res);
		180	#if 0
		181	/*
		182	* try to rresvport() to the same port. This will make rresvport()
		183	* fail it's first bind, resulting in it choosing a random port.
		184	*/
133	lport--;	185	lport--;
		186	#endif
134	if (fd2p == 0) {	187	if (fd2p == 0) {
135	write(s, "", 1);	188	write(s, "", 1);
136	lport = 0;	189	lport = 0;
137	} else {	190	} else {
138	char num[8];	191	char num[8];
139	int s2 = rresvport(&lport), s3;	192	int s2 = rresvport_af(&lport, af), s3;
140	int len = sizeof(from);	193	socklen_t len = sizeof(from);
		194	int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
141		195
142	if (s2 < 0)	196	if (s2 < 0)
143	goto bad;	197	goto bad;
		198	readsp = (fd_set *)malloc(fdssize);
		199	if (readsp == NULL) {
		200	close(s2);
		201	goto bad;
		202	}
144	listen(s2, 1);	203	listen(s2, 1);
145	(void)snprintf(num, sizeof(num), "%d", lport);	204	(void)snprintf(num, sizeof(num), "%d", lport);
146	if (write(s, num, strlen(num)+1) != strlen(num)+1) {	205	if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +209,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
150	(void)close(s2);	209	(void)close(s2);
151	goto bad;	210	goto bad;
152	}	211	}
153	FD_ZERO(&reads);	212	again:
154	FD_SET(s, &reads);	213	bzero(readsp, fdssize);
155	FD_SET(s2, &reads);	214	FD_SET(s, readsp);
		215	FD_SET(s2, readsp);
156	errno = 0;	216	errno = 0;
157	if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 \|\|	217	if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 \|\|
158	!FD_ISSET(s2, &reads)) {	218	!FD_ISSET(s2, readsp)) {
159	if (errno != 0)	219	if (errno != 0)
160	(void)fprintf(stderr,	220	(void)fprintf(stderr,
161	"rcmd: select (setting up stderr): %s\n",	221	"rcmd: select (setting up stderr): %s\n",
@@ -167,21 +227,48 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
167	goto bad;	227	goto bad;
168	}	228	}
169	s3 = accept(s2, (struct sockaddr *)&from, &len);	229	s3 = accept(s2, (struct sockaddr *)&from, &len);
170	(void)close(s2);
171	if (s3 < 0) {	230	if (s3 < 0) {
172	(void)fprintf(stderr,	231	(void)fprintf(stderr,
173	"rcmd: accept: %s\n", strerror(errno));	232	"rcmd: accept: %s\n", strerror(errno));
174	lport = 0;	233	lport = 0;
		234	close(s2);
175	goto bad;	235	goto bad;
176	}	236	}
		237
		238	/*
		239	* XXX careful for ftp bounce attacks. If discovered, shut them
		240	* down and check for the real auxiliary channel to connect.
		241	*/
		242	switch (from.ss_family) {
		243	case AF_INET:
		244	case AF_INET6:
		245	if (getnameinfo((struct sockaddr *)&from, len,
		246	NULL, 0, num, sizeof(num), NI_NUMERICSERV) == 0 &&
		247	atoi(num) != 20) {
		248	break;
		249	}
		250	close(s3);
		251	goto again;
		252	default:
		253	break;
		254	}
		255	(void)close(s2);
		256
177	*fd2p = s3;	257	*fd2p = s3;
178	from.sin_port = ntohs(from.sin_port);	258	switch (from.ss_family) {
179	if (from.sin_family != AF_INET \|\|	259	case AF_INET:
180	from.sin_port >= IPPORT_RESERVED \|\|	260	case AF_INET6:
181	from.sin_port < IPPORT_RESERVED / 2) {	261	if (getnameinfo((struct sockaddr *)&from, len,
182	(void)fprintf(stderr,	262	NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 \|\|
183	"socket: protocol failure in circuit setup.\n");	263	(atoi(num) >= IPPORT_RESERVED \|\|
184	goto bad2;	264	atoi(num) < IPPORT_RESERVED / 2)) {
		265	(void)fprintf(stderr,
		266	"socket: protocol failure in circuit setup.\n");
		267	goto bad2;
		268	}
		269	break;
		270	default:
		271	break;
185	}	272	}
186	}	273	}
187	(void)write(s, locuser, strlen(locuser)+1);	274	(void)write(s, locuser, strlen(locuser)+1);
@@ -200,318 +287,17 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
200	}	287	}
201	goto bad2;	288	goto bad2;
202	}	289	}
203	sigsetmask(oldmask);	290	sigprocmask(SIG_SETMASK, &oldmask, NULL);
		291	free(readsp);
204	return (s);	292	return (s);
205	bad2:	293	bad2:
206	if (lport)	294	if (lport)
207	(void)close(*fd2p);	295	(void)close(*fd2p);
208	bad:	296	bad:
		297	if (readsp)
		298	free(readsp);
209	(void)close(s);	299	(void)close(s);
210	sigsetmask(oldmask);	300	sigprocmask(SIG_SETMASK, &oldmask, NULL);
211	return (-1);
212	}
213
214	int
215	rresvport(alport)
216	int *alport;
217	{
218	struct sockaddr_in sin;
219	int s;
220
221	sin.sin_len = sizeof(struct sockaddr_in);
222	sin.sin_family = AF_INET;
223	sin.sin_addr.s_addr = INADDR_ANY;
224	s = socket(AF_INET, SOCK_STREAM, 0);
225	if (s < 0)
226	return (-1);
227	for (;;) {
228	sin.sin_port = htons((u_short)*alport);
229	if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
230	return (s);
231	if (errno != EADDRINUSE) {
232	(void)close(s);
233	return (-1);
234	}
235	(*alport)--;
236	if (*alport == IPPORT_RESERVED/2) {
237	(void)close(s);
238	errno = EAGAIN; /* close */
239	return (-1);
240	}
241	}
242	}
243
244	int __check_rhosts_file = 1;
245	char *__rcmd_errstr;
246
247	int
248	ruserok(rhost, superuser, ruser, luser)
249	const char rhost, ruser, *luser;
250	int superuser;
251	{
252	struct hostent *hp;
253	char **ap;
254	int i;
255	#define MAXADDRS 35
256	u_long addrs[MAXADDRS + 1];
257
258	if ((hp = gethostbyname(rhost)) == NULL)
259	return (-1);
260	for (i = 0, ap = hp->h_addr_list; *ap && i < MAXADDRS; ++ap, ++i)
261	bcopy(*ap, &addrs[i], sizeof(addrs[i]));
262	addrs[i] = 0;
263
264	for (i = 0; i < MAXADDRS && addrs[i]; i++)
265	if (iruserok(addrs[i], superuser, ruser, luser) == 0)
266	return (0);
267	return (-1);
268	}
269
270	/*
271	* New .rhosts strategy: We are passed an ip address. We spin through
272	* hosts.equiv and .rhosts looking for a match. When the .rhosts only
273	* has ip addresses, we don't have to trust a nameserver. When it
274	* contains hostnames, we spin through the list of addresses the nameserver
275	* gives us and look for a match.
276	*
277	* Returns 0 if ok, -1 if not ok.
278	*/
279	int
280	iruserok(raddr, superuser, ruser, luser)
281	u_long raddr;
282	int superuser;
283	const char ruser, luser;
284	{
285	register char *cp;
286	struct stat sbuf;
287	struct passwd *pwd;
288	FILE *hostf;
289	uid_t uid;
290	int first;
291	char pbuf[MAXPATHLEN];
292
293	first = 1;
294	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
295	again:
296	if (hostf) {
297	if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
298	(void)fclose(hostf);
299	return (0);
300	}
301	(void)fclose(hostf);
302	}
303	if (first == 1 && (__check_rhosts_file \|\| superuser)) {
304	first = 0;
305	if ((pwd = getpwnam(luser)) == NULL)
306	return (-1);
307	(void)strcpy(pbuf, pwd->pw_dir);
308	(void)strcat(pbuf, "/.rhosts");
309
310	/*
311	* Change effective uid while opening .rhosts. If root and
312	* reading an NFS mounted file system, can't read files that
313	* are protected read/write owner only.
314	*/
315	uid = geteuid();
316	(void)seteuid(pwd->pw_uid);
317	hostf = fopen(pbuf, "r");
318	(void)seteuid(uid);
319
320	if (hostf == NULL)
321	return (-1);
322	/*
323	* If not a regular file, or is owned by someone other than
324	* user or root or if writeable by anyone but the owner, quit.
325	*/
326	cp = NULL;
327	if (lstat(pbuf, &sbuf) < 0)
328	cp = ".rhosts lstat failed";
329	else if (!S_ISREG(sbuf.st_mode))
330	cp = ".rhosts not regular file";
331	else if (fstat(fileno(hostf), &sbuf) < 0)
332	cp = ".rhosts fstat failed";
333	else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
334	cp = "bad .rhosts owner";
335	else if (sbuf.st_mode & (S_IWGRP\|S_IWOTH))
336	cp = ".rhosts writeable by other than owner";
337	/* If there were any problems, quit. */
338	if (cp) {
339	__rcmd_errstr = cp;
340	(void)fclose(hostf);
341	return (-1);
342	}
343	goto again;
344	}
345	return (-1);	301	return (-1);
346	}	302	}
347		303
348	/*
349	* XXX
350	* Don't make static, used by lpd(8).
351	*
352	* Returns 0 if ok, -1 if not ok.
353	*/
354	int
355	__ivaliduser(hostf, raddr, luser, ruser)
356	FILE *hostf;
357	u_long raddr;
358	const char luser, ruser;
359	{
360	register char user, p;
361	int ch;
362	char buf[MAXHOSTNAMELEN + 128]; /* host + login */
363	const char auser, ahost;
364	int hostok, userok;
365	char rhost[MAXHOSTNAMELEN];
366	struct hostent *hp;
367	char domain[MAXHOSTNAMELEN];
368
369	getdomainname(domain, sizeof(domain));
370
371	while (fgets(buf, sizeof(buf), hostf)) {
372	p = buf;
373	/* Skip lines that are too long. */
374	if (strchr(p, '\n') == NULL) {
375	while ((ch = getc(hostf)) != '\n' && ch != EOF);
376	continue;
377	}
378	while (p != '\n' && p != ' ' && p != '\t' && p != '\0') {
379	p = isupper(p) ? tolower(p) : p;
380	p++;
381	}
382	if (p == ' ' \|\| p == '\t') {
383	*p++ = '\0';
384	while (p == ' ' \|\| p == '\t')
385	p++;
386	user = p;
387	while (p != '\n' && p != ' ' &&
388	p != '\t' && p != '\0')
389	p++;
390	} else
391	user = p;
392	*p = '\0';
393
394	if (p == buf)
395	continue;
396
397	auser = *user ? user : luser;
398	ahost = buf;
399
400	if ((hp = gethostbyaddr((char *) &raddr,
401	sizeof(raddr), AF_INET)) == NULL) {
402	abort();
403	return -1;
404	}
405	(void) strncpy(rhost, hp->h_name, sizeof(rhost));
406	rhost[sizeof(rhost) - 1] = '\0';
407
408	if (ahost[0] == '+')
409	switch (ahost[1]) {
410	case '\0':
411	hostok = 1;
412	break;
413
414	case '@':
415	hostok = innetgr(&ahost[2], rhost, NULL,
416	domain);
417	break;
418
419	default:
420	hostok = __icheckhost(raddr, &ahost[1]);
421	break;
422	}
423	else if (ahost[0] == '-')
424	switch (ahost[1]) {
425	case '\0':
426	hostok = -1;
427	break;
428
429	case '@':
430	hostok = -innetgr(&ahost[2], rhost, NULL,
431	domain);
432	break;
433
434	default:
435	hostok = -__icheckhost(raddr, &ahost[1]);
436	break;
437	}
438	else
439	hostok = __icheckhost(raddr, ahost);
440
441
442	if (auser[0] == '+')
443	switch (auser[1]) {
444	case '\0':
445	userok = 1;
446	break;
447
448	case '@':
449	userok = innetgr(&auser[2], NULL, ruser,
450	domain);
451	break;
452
453	default:
454	userok = strcmp(ruser, &auser[1]) == 0;
455	break;
456	}
457	else if (auser[0] == '-')
458	switch (auser[1]) {
459	case '\0':
460	userok = -1;
461	break;
462
463	case '@':
464	userok = -innetgr(&auser[2], NULL, ruser,
465	domain);
466	break;
467
468	default:
469	userok = -(strcmp(ruser, &auser[1]) == 0);
470	break;
471	}
472	else
473	userok = strcmp(ruser, auser) == 0;
474
475	/* Check if one component did not match */
476	if (hostok == 0 \|\| userok == 0)
477	continue;
478
479	/* Check if we got a forbidden pair */
480	if (userok == -1 \|\| hostok == -1)
481	return -1;
482
483	/* Check if we got a valid pair */
484	if (hostok == 1 && userok == 1)
485	return 0;
486	}
487	return -1;
488	}
489
490	/*
491	* Returns "true" if match, 0 if no match.
492	*/
493	static int
494	__icheckhost(raddr, lhost)
495	u_long raddr;
496	const char *lhost;
497	{
498	register struct hostent *hp;
499	register u_long laddr;
500	register char **pp;
501
502	/* Try for raw ip address first. */
503	if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1)
504	return (raddr == laddr);
505
506	/* Better be a hostname. */
507	if ((hp = gethostbyname(lhost)) == NULL)
508	return (0);
509
510	/* Spin through ip addresses. */
511	for (pp = hp->h_addr_list; *pp; ++pp)
512	if (!bcmp(&raddr, *pp, sizeof(u_long)))
513	return (1);
514
515	/* No match. */
516	return (0);
517	}