Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

clean up import, RCS ids

This commit is contained in:
cgd 1994-06-05 15:33:20 +00:00
parent 7972ccad6f
commit 2efe726b86
3 changed files with 142 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libexec/rshd/Makefile
View File

@ -1,9 +1,12 @@
# from: @(#)Makefile 5.6 (Berkeley) 9/27/90
# $Id: Makefile,v 1.3 1994/01/28 00:32:35 cgd Exp $
# from: @(#)Makefile 8.1 (Berkeley) 6/4/93
# $Id: Makefile,v 1.4 1994/06/05 15:33:20 cgd Exp $
PROG= rshd
SRCS= rshd.c
CFLAGS+=-DKERBEROS -DCRYPT
SRCS= rshd.c des_rw.c
MAN8= rshd.0
DPADD= ${LIBKRB} ${LIBDES}
LDADD= -lkrb -ldes
.PATH: ${.CURDIR}/../../usr.bin/rlogin
.include <bsd.prog.mk>

22
libexec/rshd/rshd.8
View File

@ -1,5 +1,5 @@
.\" Copyright (c) 1983, 1989, 1991 The Regents of the University of California.
.\" All rights reserved.
.\" Copyright (c) 1983, 1989, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
@ -29,10 +29,10 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" from: @(#)rshd.8 6.11 (Berkeley) 4/20/91
.\" $Id: rshd.8,v 1.3 1993/12/23 09:05:45 cgd Exp $
.\" from: @(#)rshd.8 8.1 (Berkeley) 6/4/93
.\" $Id: rshd.8,v 1.4 1994/06/05 15:33:23 cgd Exp $
.\"
.Dd April 20, 1991
.Dd June 4, 1993
.Dt RSHD 8
.Os BSD 4.2
.Sh NAME
@ -129,6 +129,11 @@ option prevents
from doing any validation based on the user's ``.rhosts'' file,
unless the user is the superuser.
.It
If the file
.Pa /etc/nologin
exists and the user is not the superuser,
the connection is closed.
.It
A null byte is returned on the initial socket
and the command line is passed to the normal login
shell of the user. The
@ -143,21 +148,20 @@ option is present.
The use of keepalive messages allows sessions to be timed out
if the client crashes or becomes unreachable.
.Pp
The
The
.Fl L
option causes all successful accesses to be logged to
.Xr syslogd 8
as
.Li auth.info
messages and all failed accesses to be logged as
.Li auth.notice .
messages.
.Sh DIAGNOSTICS
Except for the last one listed below,
all diagnostic messages
are returned on the initial socket,
after which any network connections are closed.
An error is indicated by a leading byte with a value of
1 (0 is returned in step 9 above upon successful completion
1 (0 is returned in step 10 above upon successful completion
of all the steps prior to the execution of the login shell).
.Bl -tag -width indent
.It Sy Locuser too long.

225
libexec/rshd/rshd.c
View File

@ -1,6 +1,6 @@
/*-
* Copyright (c) 1988, 1989 The Regents of the University of California.
* All rights reserved.
* Copyright (c) 1988, 1989, 1992, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -32,23 +32,16 @@
*/
#ifndef lint
char copyright[] =
"@(#) Copyright (c) 1988, 1989 The Regents of the University of California.\n\
All rights reserved.\n";
static char copyright[] =
"@(#) Copyright (c) 1988, 1989, 1992, 1993, 1994\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#ifndef lint
/*static char sccsid[] = "from: @(#)rshd.c 5.38 (Berkeley) 3/2/91";*/
static char rcsid[] = "$Id: rshd.c,v 1.6 1994/05/19 22:54:19 pk Exp $";
/* from: static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; */
static char *rcsid = "$Id: rshd.c,v 1.7 1994/06/05 15:33:24 cgd Exp $";
#endif /* not lint */
/*
* From:
* $Source: /cvsroot/src/libexec/rshd/rshd.c,v $
* $Header: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v
* 5.2 89/07/31 19:30:04 kfall Exp $
*/
/*
* remote shell server:
* [port]\0
@ -60,39 +53,41 @@ static char rcsid[] = "$Id: rshd.c,v 1.6 1994/05/19 22:54:19 pk Exp $";
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <fcntl.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <pwd.h>
#include <syslog.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <paths.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <paths.h>
#include <syslog.h>
#include <unistd.h>
int keepalive = 1;
int check_all = 0;
int paranoid = 0;
char *index(), *rindex(), *strncat();
/*VARARGS1*/
int error();
int check_all;
int log_success; /* If TRUE, log all successful accesses */
int sent_null;
void doit __P((struct sockaddr_in *));
void error __P((const char *, ...));
void getstr __P((char *, int, char *));
int local_domain __P((char *));
char *topdomain __P((char *));
void usage __P((void));
#ifdef KERBEROS
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#define VERSION_SIZE 9
#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n"
#define OPTIONS "alknvxL"
#define OPTIONS "alnkvxL"
char authbuf[sizeof(AUTH_DAT)];
char tickbuf[sizeof(KTEXT_ST)];
int doencrypt, use_kerberos, vacuous;
@ -101,12 +96,11 @@ Key_schedule schedule;
#define OPTIONS "alnL"
#endif
/*ARGSUSED*/
int
main(argc, argv)
int argc;
char **argv;
char *argv[];
{
extern int opterr, optind;
extern int __check_rhosts_file;
struct linger linger;
int ch, on = 1, fromlen;
@ -120,11 +114,9 @@ main(argc, argv)
case 'a':
check_all = 1;
break;
case 'l':
__check_rhosts_file = 0;
break;
case 'n':
keepalive = 0;
break;
@ -143,15 +135,13 @@ main(argc, argv)
break;
#endif
#endif
case 'L':
paranoid = 1;
log_success = 1;
break;
case '?':
default:
usage();
exit(2);
break;
}
argc -= optind;
@ -185,6 +175,7 @@ main(argc, argv)
sizeof (linger)) < 0)
syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
doit(&from);
/* NOTREACHED */
}
char username[20] = "USER=";
@ -195,21 +186,20 @@ char *envinit[] =
{homedir, shell, path, username, 0};
char **environ;
void
doit(fromp)
struct sockaddr_in *fromp;
{
char cmdbuf[NCARGS+1], *cp;
char locuser[16], remuser[16];
struct passwd *pwd;
int s;
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
struct hostent *hp;
char *hostname, *errorstr = NULL, *errorhost;
struct passwd *pwd;
u_short port;
int pv[2], pid, cc;
int nfd;
fd_set ready, readfrom;
char buf[BUFSIZ], sig;
int cc, nfd, pv[2], pid, s;
int one = 1;
char *hostname, *errorstr, *errorhost;
char *cp, sig, buf[BUFSIZ];
char cmdbuf[NCARGS+1], locuser[16], remuser[16];
char remotehost[2 * MAXHOSTNAMELEN + 1];
#ifdef KERBEROS
@ -276,8 +266,9 @@ doit(fromp)
if (fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE|LOG_AUTH,
"Connection from %s on illegal port",
inet_ntoa(fromp->sin_addr));
"Connection from %s on illegal port %u",
inet_ntoa(fromp->sin_addr),
fromp->sin_port);
exit(1);
}
@ -285,7 +276,7 @@ doit(fromp)
port = 0;
for (;;) {
char c;
if ((cc = read(0, &c, 1)) != 1) {
if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
if (cc < 0)
syslog(LOG_NOTICE, "read: %m");
shutdown(0, 1+1);
@ -313,7 +304,7 @@ doit(fromp)
}
fromp->sin_port = htons(port);
if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
syslog(LOG_INFO, "connect second port: %m");
syslog(LOG_INFO, "connect second port %d: %m", port);
exit(1);
}
}
@ -331,6 +322,7 @@ doit(fromp)
dup2(f, 1);
dup2(f, 2);
#endif
errorstr = NULL;
hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr),
fromp->sin_family);
if (hp) {
@ -348,9 +340,6 @@ doit(fromp)
strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1);
remotehost[sizeof(remotehost) - 1] = 0;
errorhost = remotehost;
#ifdef RES_DNSRCH
_res.options &= ~RES_DNSRCH;
#endif
hp = gethostbyname(remotehost);
if (hp == NULL) {
syslog(LOG_INFO,
@ -424,6 +413,9 @@ doit(fromp)
setpwent();
pwd = getpwnam(locuser);
if (pwd == NULL) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: unknown login. cmd='%.80s'",
remuser, hostname, locuser, cmdbuf);
if (errorstr == NULL)
errorstr = "Login incorrect.\n";
goto fail;
@ -431,6 +423,9 @@ doit(fromp)
if (chdir(pwd->pw_dir) < 0) {
(void) chdir("/");
#ifdef notdef
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: no home directory. cmd='%.80s'",
remuser, hostname, locuser, cmdbuf);
error("No remote directory.\n");
exit(1);
#endif
@ -440,10 +435,9 @@ doit(fromp)
if (use_kerberos) {
if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') {
if (kuserok(kdata, locuser) != 0) {
syslog(LOG_NOTICE|LOG_AUTH,
"Kerberos shell denied to %s.%s@%s on %s as %s: cmd='%s'; %s",
kdata->pname, kdata->pinst, kdata->prealm,
hostname, locuser, cmdbuf, errorstr);
syslog(LOG_INFO|LOG_AUTH,
"Kerberos rsh denied to %s.%s@%s",
kdata->pname, kdata->pinst, kdata->prealm);
error("Permission denied.\n");
exit(1);
}
@ -453,18 +447,20 @@ doit(fromp)
if (errorstr ||
pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) {
iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
remuser, locuser) < 0) {
if (__rcmd_errstr)
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
remuser, hostname, locuser, __rcmd_errstr,
cmdbuf);
else
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied. cmd='%.80s'",
remuser, hostname, locuser, cmdbuf);
fail:
if (errorstr == NULL)
errorstr = "Permission denied.\n";
/* log the (failed) rsh request, if paranoid */
if (paranoid || (pwd && pwd->pw_uid == 0))
syslog(LOG_INFO|LOG_AUTH,
"rsh denied to %s@%s as %s: cmd='%s'; %s",
remuser, hostname, locuser, cmdbuf,
errorstr);
error(errorstr, errorhost);
exit(1);
}
@ -474,7 +470,7 @@ fail:
exit(1);
}
(void) write(2, "\0", 1);
(void) write(STDERR_FILENO, "\0", 1);
sent_null = 1;
if (port) {
@ -508,15 +504,17 @@ fail:
static char msg[] = SECURE_MESSAGE;
(void) close(pv1[1]);
(void) close(pv2[1]);
des_write(s, msg, sizeof(msg));
des_write(s, msg, sizeof(msg) - 1);
} else
#endif
#endif
{
(void) close(0); (void) close(1);
(void) close(0);
(void) close(1);
}
(void) close(2); (void) close(pv[1]);
(void) close(2);
(void) close(pv[1]);
FD_ZERO(&readfrom);
FD_SET(s, &readfrom);
@ -600,12 +598,14 @@ fail:
shutdown(pv1[0], 1+1);
FD_CLR(pv1[0], &readfrom);
} else
(void) des_write(1, buf, cc);
(void) des_write(STDOUT_FILENO,
buf, cc);
}
if (doencrypt && FD_ISSET(pv2[0], &wready)) {
errno = 0;
cc = des_read(0, buf, sizeof(buf));
cc = des_read(STDIN_FILENO,
buf, sizeof(buf));
if (cc <= 0) {
shutdown(pv2[0], 1+1);
FD_CLR(pv2[0], &writeto);
@ -625,7 +625,8 @@ fail:
exit(0);
}
setpgrp(0, getpid());
(void) close(s); (void) close(pv[0]);
(void) close(s);
(void) close(pv[0]);
#ifdef CRYPT
#ifdef KERBEROS
if (doencrypt) {
@ -654,59 +655,76 @@ fail:
strcat(path, _PATH_DEFPATH);
strncat(shell, pwd->pw_shell, sizeof(shell)-7);
strncat(username, pwd->pw_name, sizeof(username)-6);
cp = rindex(pwd->pw_shell, '/');
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
endpwent();
if (paranoid || pwd->pw_uid == 0) {
if (log_success || pwd->pw_uid == 0) {
#ifdef KERBEROS
if (use_kerberos)
syslog(LOG_INFO|LOG_AUTH,
"Kerberos shell from %s.%s@%s on %s as %s: cmd='%s'",
kdata->pname, kdata->pinst, kdata->prealm,
hostname, locuser, cmdbuf);
"Kerberos shell from %s.%s@%s on %s as %s, cmd='%.80s'",
kdata->pname, kdata->pinst, kdata->prealm,
hostname, locuser, cmdbuf);
else
#endif
syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%s'",
syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
remuser, hostname, locuser, cmdbuf);
}
execl(pwd->pw_shell, cp, "-c", cmdbuf, 0);
perror(pwd->pw_shell);
exit(1);
}
/*
* Report error to client.
* Note: can't be used until second socket has connected
* to client, or older clients will hang waiting
* for that connection first.
* Report error to client. Note: can't be used until second socket has
* connected to client, or older clients will hang waiting for that
* connection first.
*/
/*VARARGS1*/
error(fmt, a1, a2, a3)
char *fmt;
int a1, a2, a3;
{
char buf[BUFSIZ], *bp = buf;
#if __STDC__
#include <stdarg.h>
#else
#include <varargs.h>
#endif
if (sent_null == 0)
void
#if __STDC__
error(const char *fmt, ...)
#else
error(fmt, va_alist)
char *fmt;
va_dcl
#endif
{
va_list ap;
int len;
char *bp, buf[BUFSIZ];
#if __STDC__
va_start(ap, fmt);
#else
va_start(ap);
#endif
bp = buf;
if (sent_null == 0) {
*bp++ = 1;
(void) sprintf(bp, fmt, a1, a2, a3);
(void) write(2, buf, strlen(buf));
len = 1;
} else
len = 0;
(void)vsnprintf(bp, sizeof(buf) - 1, fmt, ap);
(void)write(STDERR_FILENO, buf, len + strlen(bp));
}
void
getstr(buf, cnt, err)
char *buf;
char *buf, *err;
int cnt;
char *err;
{
char c;
do {
if (read(0, &c, 1) != 1)
if (read(STDIN_FILENO, &c, 1) != 1)
exit(1);
*buf++ = c;
if (--cnt == 0) {
@ -724,27 +742,27 @@ getstr(buf, cnt, err)
* assume that the host is local, as it will be
* interpreted as such.
*/
int
local_domain(h)
char *h;
{
char localhost[MAXHOSTNAMELEN];
char *p1, *p2, *topdomain();
char *p1, *p2;
localhost[0] = 0;
(void) gethostname(localhost, sizeof(localhost));
p1 = topdomain(localhost);
p2 = topdomain(h);
if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2))
return(1);
return(0);
return (1);
return (0);
}
char *
topdomain(h)
char *h;
{
register char *p;
char *maybe = NULL;
char *p, *maybe = NULL;
int dots = 0;
for (p = h + strlen(h); p >= h; p--) {
@ -757,7 +775,10 @@ topdomain(h)
return (maybe);
}
void
usage()
{
syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS);
exit(2);
}