summaryrefslogtreecommitdiff
path: root/src/lib/libc/net/rcmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libc/net/rcmd.c')
-rw-r--r--src/lib/libc/net/rcmd.c268
1 files changed, 179 insertions, 89 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index e0310031b0..c933f5b447 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -1,6 +1,5 @@
1/* $NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $ */
2
3/* 1/*
2 * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
4 * Copyright (c) 1983, 1993, 1994 3 * Copyright (c) 1983, 1993, 1994
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
6 * 5 *
@@ -16,6 +15,7 @@
16 * must display the following acknowledgement: 15 * must display the following acknowledgement:
17 * This product includes software developed by the University of 16 * This product includes software developed by the University of
18 * California, Berkeley and its contributors. 17 * California, Berkeley and its contributors.
18 * This product includes software developed by Theo de Raadt.
19 * 4. Neither the name of the University nor the names of its contributors 19 * 4. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software 20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission. 21 * without specific prior written permission.
@@ -34,11 +34,7 @@
34 */ 34 */
35 35
36#if defined(LIBC_SCCS) && !defined(lint) 36#if defined(LIBC_SCCS) && !defined(lint)
37#if 0 37static char *rcsid = "$OpenBSD: rcmd.c,v 1.31 1998/03/19 00:30:05 millert Exp $";
38static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
39#else
40static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
41#endif
42#endif /* LIBC_SCCS and not lint */ 38#endif /* LIBC_SCCS and not lint */
43 39
44#include <sys/param.h> 40#include <sys/param.h>
@@ -57,24 +53,46 @@ static char *rcsid = "$NetBSD: rcmd.c,v 1.12 1995/06/03 22:33:34 mycroft Exp $";
57#include <stdio.h> 53#include <stdio.h>
58#include <ctype.h> 54#include <ctype.h>
59#include <string.h> 55#include <string.h>
56#include <syslog.h>
57#include <stdlib.h>
58#include <netgroup.h>
60 59
61int __ivaliduser __P((FILE *, u_long, const char *, const char *)); 60int __ivaliduser __P((FILE *, in_addr_t, const char *, const char *));
62static int __icheckhost __P((u_long, const char *)); 61static int __icheckhost __P((u_int32_t, const char *));
62static char *__gethostloop __P((u_int32_t));
63 63
64int 64int
65rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 65rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
66 char **ahost; 66 char **ahost;
67 u_short rport; 67 in_port_t rport;
68 const char *locuser, *remuser, *cmd; 68 const char *locuser, *remuser, *cmd;
69 int *fd2p; 69 int *fd2p;
70{ 70{
71 struct hostent *hp; 71 struct hostent *hp;
72 struct sockaddr_in sin, from; 72 struct sockaddr_in sin, from;
73 fd_set reads; 73 fd_set *readsp = NULL;
74 long oldmask; 74 int oldmask;
75 pid_t pid; 75 pid_t pid;
76 int s, lport, timo; 76 int s, lport, timo;
77 char c; 77 char c, *p;
78
79 /* call rcmdsh() with specified remote shell if appropriate. */
80 if (!issetugid() && (p = getenv("RSH"))) {
81 struct servent *sp = getservbyname("shell", "tcp");
82
83 if (sp && sp->s_port == rport)
84 return (rcmdsh(ahost, rport, locuser, remuser,
85 cmd, p));
86 }
87
88 /* use rsh(1) if non-root and remote port is shell. */
89 if (geteuid()) {
90 struct servent *sp = getservbyname("shell", "tcp");
91
92 if (sp && sp->s_port == rport)
93 return (rcmdsh(ahost, rport, locuser, remuser,
94 cmd, NULL));
95 }
78 96
79 pid = getpid(); 97 pid = getpid();
80 hp = gethostbyname(*ahost); 98 hp = gethostbyname(*ahost);
@@ -83,6 +101,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
83 return (-1); 101 return (-1);
84 } 102 }
85 *ahost = hp->h_name; 103 *ahost = hp->h_name;
104
86 oldmask = sigblock(sigmask(SIGURG)); 105 oldmask = sigblock(sigmask(SIGURG));
87 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 106 for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
88 s = rresvport(&lport); 107 s = rresvport(&lport);
@@ -97,6 +116,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
97 return (-1); 116 return (-1);
98 } 117 }
99 fcntl(s, F_SETOWN, pid); 118 fcntl(s, F_SETOWN, pid);
119 bzero(&sin, sizeof sin);
100 sin.sin_len = sizeof(struct sockaddr_in); 120 sin.sin_len = sizeof(struct sockaddr_in);
101 sin.sin_family = hp->h_addrtype; 121 sin.sin_family = hp->h_addrtype;
102 sin.sin_port = rport; 122 sin.sin_port = rport;
@@ -130,7 +150,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
130 sigsetmask(oldmask); 150 sigsetmask(oldmask);
131 return (-1); 151 return (-1);
132 } 152 }
153#if 0
154 /*
155 * try to rresvport() to the same port. This will make rresvport()
156 * fail it's first bind, resulting in it choosing a random port.
157 */
133 lport--; 158 lport--;
159#endif
134 if (fd2p == 0) { 160 if (fd2p == 0) {
135 write(s, "", 1); 161 write(s, "", 1);
136 lport = 0; 162 lport = 0;
@@ -138,9 +164,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
138 char num[8]; 164 char num[8];
139 int s2 = rresvport(&lport), s3; 165 int s2 = rresvport(&lport), s3;
140 int len = sizeof(from); 166 int len = sizeof(from);
167 int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask);
141 168
142 if (s2 < 0) 169 if (s2 < 0)
143 goto bad; 170 goto bad;
171 readsp = (fd_set *)malloc(fdssize);
172 if (readsp == NULL)
173 goto bad;
144 listen(s2, 1); 174 listen(s2, 1);
145 (void)snprintf(num, sizeof(num), "%d", lport); 175 (void)snprintf(num, sizeof(num), "%d", lport);
146 if (write(s, num, strlen(num)+1) != strlen(num)+1) { 176 if (write(s, num, strlen(num)+1) != strlen(num)+1) {
@@ -150,12 +180,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
150 (void)close(s2); 180 (void)close(s2);
151 goto bad; 181 goto bad;
152 } 182 }
153 FD_ZERO(&reads); 183again:
154 FD_SET(s, &reads); 184 bzero(readsp, fdssize);
155 FD_SET(s2, &reads); 185 FD_SET(s, readsp);
186 FD_SET(s2, readsp);
156 errno = 0; 187 errno = 0;
157 if (select(MAX(s, s2) + 1, &reads, 0, 0, 0) < 1 || 188 if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 ||
158 !FD_ISSET(s2, &reads)) { 189 !FD_ISSET(s2, readsp)) {
159 if (errno != 0) 190 if (errno != 0)
160 (void)fprintf(stderr, 191 (void)fprintf(stderr,
161 "rcmd: select (setting up stderr): %s\n", 192 "rcmd: select (setting up stderr): %s\n",
@@ -167,6 +198,14 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
167 goto bad; 198 goto bad;
168 } 199 }
169 s3 = accept(s2, (struct sockaddr *)&from, &len); 200 s3 = accept(s2, (struct sockaddr *)&from, &len);
201 /*
202 * XXX careful for ftp bounce attacks. If discovered, shut them
203 * down and check for the real auxiliary channel to connect.
204 */
205 if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
206 close(s3);
207 goto again;
208 }
170 (void)close(s2); 209 (void)close(s2);
171 if (s3 < 0) { 210 if (s3 < 0) {
172 (void)fprintf(stderr, 211 (void)fprintf(stderr,
@@ -201,11 +240,14 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
201 goto bad2; 240 goto bad2;
202 } 241 }
203 sigsetmask(oldmask); 242 sigsetmask(oldmask);
243 free(readsp);
204 return (s); 244 return (s);
205bad2: 245bad2:
206 if (lport) 246 if (lport)
207 (void)close(*fd2p); 247 (void)close(*fd2p);
208bad: 248bad:
249 if (readsp)
250 free(readsp);
209 (void)close(s); 251 (void)close(s);
210 sigsetmask(oldmask); 252 sigsetmask(oldmask);
211 return (-1); 253 return (-1);
@@ -218,27 +260,29 @@ rresvport(alport)
218 struct sockaddr_in sin; 260 struct sockaddr_in sin;
219 int s; 261 int s;
220 262
263 bzero(&sin, sizeof sin);
221 sin.sin_len = sizeof(struct sockaddr_in); 264 sin.sin_len = sizeof(struct sockaddr_in);
222 sin.sin_family = AF_INET; 265 sin.sin_family = AF_INET;
223 sin.sin_addr.s_addr = INADDR_ANY; 266 sin.sin_addr.s_addr = INADDR_ANY;
224 s = socket(AF_INET, SOCK_STREAM, 0); 267 s = socket(AF_INET, SOCK_STREAM, 0);
225 if (s < 0) 268 if (s < 0)
226 return (-1); 269 return (-1);
227 for (;;) { 270 sin.sin_port = htons((in_port_t)*alport);
228 sin.sin_port = htons((u_short)*alport); 271 if (*alport < IPPORT_RESERVED - 1) {
229 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) 272 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
230 return (s); 273 return (s);
231 if (errno != EADDRINUSE) { 274 if (errno != EADDRINUSE) {
232 (void)close(s); 275 (void)close(s);
233 return (-1); 276 return (-1);
234 } 277 }
235 (*alport)--;
236 if (*alport == IPPORT_RESERVED/2) {
237 (void)close(s);
238 errno = EAGAIN; /* close */
239 return (-1);
240 }
241 } 278 }
279 sin.sin_port = 0;
280 if (bindresvport(s, &sin) == -1) {
281 (void)close(s);
282 return (-1);
283 }
284 *alport = (int)ntohs(sin.sin_port);
285 return (s);
242} 286}
243 287
244int __check_rhosts_file = 1; 288int __check_rhosts_file = 1;
@@ -253,7 +297,7 @@ ruserok(rhost, superuser, ruser, luser)
253 char **ap; 297 char **ap;
254 int i; 298 int i;
255#define MAXADDRS 35 299#define MAXADDRS 35
256 u_long addrs[MAXADDRS + 1]; 300 u_int32_t addrs[MAXADDRS + 1];
257 301
258 if ((hp = gethostbyname(rhost)) == NULL) 302 if ((hp = gethostbyname(rhost)) == NULL)
259 return (-1); 303 return (-1);
@@ -262,7 +306,7 @@ ruserok(rhost, superuser, ruser, luser)
262 addrs[i] = 0; 306 addrs[i] = 0;
263 307
264 for (i = 0; i < MAXADDRS && addrs[i]; i++) 308 for (i = 0; i < MAXADDRS && addrs[i]; i++)
265 if (iruserok(addrs[i], superuser, ruser, luser) == 0) 309 if (iruserok((in_addr_t)addrs[i], superuser, ruser, luser) == 0)
266 return (0); 310 return (0);
267 return (-1); 311 return (-1);
268} 312}
@@ -278,7 +322,7 @@ ruserok(rhost, superuser, ruser, luser)
278 */ 322 */
279int 323int
280iruserok(raddr, superuser, ruser, luser) 324iruserok(raddr, superuser, ruser, luser)
281 u_long raddr; 325 u_int32_t raddr;
282 int superuser; 326 int superuser;
283 const char *ruser, *luser; 327 const char *ruser, *luser;
284{ 328{
@@ -352,41 +396,47 @@ again:
352 * Returns 0 if ok, -1 if not ok. 396 * Returns 0 if ok, -1 if not ok.
353 */ 397 */
354int 398int
355__ivaliduser(hostf, raddr, luser, ruser) 399__ivaliduser(hostf, raddrl, luser, ruser)
356 FILE *hostf; 400 FILE *hostf;
357 u_long raddr; 401 in_addr_t raddrl;
358 const char *luser, *ruser; 402 const char *luser, *ruser;
359{ 403{
360 register char *user, *p; 404 register char *user, *p;
361 int ch; 405 char *buf;
362 char buf[MAXHOSTNAMELEN + 128]; /* host + login */
363 const char *auser, *ahost; 406 const char *auser, *ahost;
364 int hostok, userok; 407 int hostok, userok;
365 char rhost[MAXHOSTNAMELEN]; 408 char *rhost = (char *)-1;
366 struct hostent *hp;
367 char domain[MAXHOSTNAMELEN]; 409 char domain[MAXHOSTNAMELEN];
410 u_int32_t raddr = (u_int32_t)raddrl;
411 size_t buflen;
368 412
369 getdomainname(domain, sizeof(domain)); 413 getdomainname(domain, sizeof(domain));
370 414
371 while (fgets(buf, sizeof(buf), hostf)) { 415 while ((buf = fgetln(hostf, &buflen))) {
372 p = buf; 416 p = buf;
373 /* Skip lines that are too long. */ 417 if (*p == '#')
374 if (strchr(p, '\n') == NULL) {
375 while ((ch = getc(hostf)) != '\n' && ch != EOF);
376 continue; 418 continue;
377 } 419 while (*p != '\n' && *p != ' ' && *p != '\t' && p < buf + buflen) {
378 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 420 if (!isprint(*p))
421 goto bail;
379 *p = isupper(*p) ? tolower(*p) : *p; 422 *p = isupper(*p) ? tolower(*p) : *p;
380 p++; 423 p++;
381 } 424 }
425 if (p >= buf + buflen)
426 continue;
382 if (*p == ' ' || *p == '\t') { 427 if (*p == ' ' || *p == '\t') {
383 *p++ = '\0'; 428 *p++ = '\0';
384 while (*p == ' ' || *p == '\t') 429 while ((*p == ' ' || *p == '\t') && p < buf + buflen)
385 p++; 430 p++;
431 if (p >= buf + buflen)
432 continue;
386 user = p; 433 user = p;
387 while (*p != '\n' && *p != ' ' && 434 while (*p != '\n' && *p != ' ' &&
388 *p != '\t' && *p != '\0') 435 *p != '\t' && p < buf + buflen) {
436 if (!isprint(*p))
437 goto bail;
389 p++; 438 p++;
439 }
390 } else 440 } else
391 user = p; 441 user = p;
392 *p = '\0'; 442 *p = '\0';
@@ -397,25 +447,27 @@ __ivaliduser(hostf, raddr, luser, ruser)
397 auser = *user ? user : luser; 447 auser = *user ? user : luser;
398 ahost = buf; 448 ahost = buf;
399 449
400 if ((hp = gethostbyaddr((char *) &raddr, 450 if (strlen(ahost) >= MAXHOSTNAMELEN)
401 sizeof(raddr), AF_INET)) == NULL) { 451 continue;
402 abort();
403 return -1;
404 }
405 (void) strncpy(rhost, hp->h_name, sizeof(rhost));
406 rhost[sizeof(rhost) - 1] = '\0';
407 452
453 /*
454 * innetgr() must lookup a hostname (we do not attempt
455 * to change the semantics so that netgroups may have
456 * #.#.#.# addresses in the list.)
457 */
408 if (ahost[0] == '+') 458 if (ahost[0] == '+')
409 switch (ahost[1]) { 459 switch (ahost[1]) {
410 case '\0': 460 case '\0':
411 hostok = 1; 461 hostok = 1;
412 break; 462 break;
413
414 case '@': 463 case '@':
415 hostok = innetgr(&ahost[2], rhost, NULL, 464 if (rhost == (char *)-1)
416 domain); 465 rhost = __gethostloop(raddr);
466 hostok = 0;
467 if (rhost)
468 hostok = innetgr(&ahost[2], rhost,
469 NULL, domain);
417 break; 470 break;
418
419 default: 471 default:
420 hostok = __icheckhost(raddr, &ahost[1]); 472 hostok = __icheckhost(raddr, &ahost[1]);
421 break; 473 break;
@@ -425,12 +477,14 @@ __ivaliduser(hostf, raddr, luser, ruser)
425 case '\0': 477 case '\0':
426 hostok = -1; 478 hostok = -1;
427 break; 479 break;
428
429 case '@': 480 case '@':
430 hostok = -innetgr(&ahost[2], rhost, NULL, 481 if (rhost == (char *)-1)
431 domain); 482 rhost = __gethostloop(raddr);
483 hostok = 0;
484 if (rhost)
485 hostok = -innetgr(&ahost[2], rhost,
486 NULL, domain);
432 break; 487 break;
433
434 default: 488 default:
435 hostok = -__icheckhost(raddr, &ahost[1]); 489 hostok = -__icheckhost(raddr, &ahost[1]);
436 break; 490 break;
@@ -444,14 +498,12 @@ __ivaliduser(hostf, raddr, luser, ruser)
444 case '\0': 498 case '\0':
445 userok = 1; 499 userok = 1;
446 break; 500 break;
447
448 case '@': 501 case '@':
449 userok = innetgr(&auser[2], NULL, ruser, 502 userok = innetgr(&auser[2], NULL, ruser,
450 domain); 503 domain);
451 break; 504 break;
452
453 default: 505 default:
454 userok = strcmp(ruser, &auser[1]) == 0; 506 userok = strcmp(ruser, &auser[1]) ? 0 : 1;
455 break; 507 break;
456 } 508 }
457 else if (auser[0] == '-') 509 else if (auser[0] == '-')
@@ -459,59 +511,97 @@ __ivaliduser(hostf, raddr, luser, ruser)
459 case '\0': 511 case '\0':
460 userok = -1; 512 userok = -1;
461 break; 513 break;
462
463 case '@': 514 case '@':
464 userok = -innetgr(&auser[2], NULL, ruser, 515 userok = -innetgr(&auser[2], NULL, ruser,
465 domain); 516 domain);
466 break; 517 break;
467
468 default: 518 default:
469 userok = -(strcmp(ruser, &auser[1]) == 0); 519 userok = strcmp(ruser, &auser[1]) ? 0 : -1;
470 break; 520 break;
471 } 521 }
472 else 522 else
473 userok = strcmp(ruser, auser) == 0; 523 userok = strcmp(ruser, auser) ? 0 : 1;
474 524
475 /* Check if one component did not match */ 525 /* Check if one component did not match */
476 if (hostok == 0 || userok == 0) 526 if (hostok == 0 || userok == 0)
477 continue; 527 continue;
478 528
479 /* Check if we got a forbidden pair */ 529 /* Check if we got a forbidden pair */
480 if (userok == -1 || hostok == -1) 530 if (userok <= -1 || hostok <= -1)
481 return -1; 531 return (-1);
482 532
483 /* Check if we got a valid pair */ 533 /* Check if we got a valid pair */
484 if (hostok == 1 && userok == 1) 534 if (hostok >= 1 && userok >= 1)
485 return 0; 535 return (0);
486 } 536 }
487 return -1; 537bail:
538 return (-1);
488} 539}
489 540
490/* 541/*
491 * Returns "true" if match, 0 if no match. 542 * Returns "true" if match, 0 if no match. If we do not find any
543 * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work.
492 */ 544 */
493static int 545static int
494__icheckhost(raddr, lhost) 546__icheckhost(raddr, lhost)
495 u_long raddr; 547 u_int32_t raddr;
496 const char *lhost; 548 const char *lhost;
497{ 549{
498 register struct hostent *hp; 550 register struct hostent *hp;
499 register u_long laddr;
500 register char **pp; 551 register char **pp;
552 struct in_addr in;
553
554 hp = gethostbyname(lhost);
555 if (hp != NULL) {
556 /* Spin through ip addresses. */
557 for (pp = hp->h_addr_list; *pp; ++pp)
558 if (!bcmp(&raddr, *pp, sizeof(raddr)))
559 return (1);
560 }
501 561
502 /* Try for raw ip address first. */ 562 in.s_addr = raddr;
503 if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) 563 if (strcmp(lhost, inet_ntoa(in)) == 0)
504 return (raddr == laddr); 564 return (1);
505
506 /* Better be a hostname. */
507 if ((hp = gethostbyname(lhost)) == NULL)
508 return (0);
509
510 /* Spin through ip addresses. */
511 for (pp = hp->h_addr_list; *pp; ++pp)
512 if (!bcmp(&raddr, *pp, sizeof(u_long)))
513 return (1);
514
515 /* No match. */
516 return (0); 565 return (0);
517} 566}
567
568/*
569 * Return the hostname associated with the supplied address.
570 * Do a reverse lookup as well for security. If a loop cannot
571 * be found, pack the result of inet_ntoa() into the string.
572 */
573static char *
574__gethostloop(raddr)
575 u_int32_t raddr;
576{
577 static char remotehost[MAXHOSTNAMELEN];
578 struct hostent *hp;
579 struct in_addr in;
580
581 hp = gethostbyaddr((char *) &raddr, sizeof(raddr), AF_INET);
582 if (hp == NULL)
583 return (NULL);
584
585 /*
586 * Look up the name and check that the supplied
587 * address is in the list
588 */
589 strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1);
590 remotehost[sizeof(remotehost) - 1] = '\0';
591 hp = gethostbyname(remotehost);
592 if (hp == NULL)
593 return (NULL);
594
595 for (; hp->h_addr_list[0] != NULL; hp->h_addr_list++)
596 if (!bcmp(hp->h_addr_list[0], (caddr_t)&raddr, sizeof(raddr)))
597 return (remotehost);
598
599 /*
600 * either the DNS adminstrator has made a configuration
601 * mistake, or someone has attempted to spoof us
602 */
603 in.s_addr = raddr;
604 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s",
605 inet_ntoa(in), hp->h_name);
606 return (NULL);
607}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-09 18:52:39 +0000