| rlogind.c (51433) | rlogind.c (56590) |
|---|---|
| 1/*- 2 * Copyright (c) 1983, 1988, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 28 unchanged lines hidden (view full) --- 37 The Regents of the University of California. All rights reserved.\n"; 38#endif /* not lint */ 39 40#ifndef lint 41#if 0 42static const char sccsid[] = "@(#)rlogind.c 8.1 (Berkeley) 6/4/93"; 43#endif 44static const char rcsid[] = | 1/*- 2 * Copyright (c) 1983, 1988, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 28 unchanged lines hidden (view full) --- 37 The Regents of the University of California. All rights reserved.\n"; 38#endif /* not lint */ 39 40#ifndef lint 41#if 0 42static const char sccsid[] = "@(#)rlogind.c 8.1 (Berkeley) 6/4/93"; 43#endif 44static const char rcsid[] = |
| 45 "$FreeBSD: head/libexec/rlogind/rlogind.c 51433 1999-09-19 22:05:32Z markm $"; | 45 "$FreeBSD: head/libexec/rlogind/rlogind.c 56590 2000-01-25 14:52:10Z shin $"; |
| 46#endif /* not lint */ 47 48/* 49 * remote login server: 50 * \0 51 * remuser\0 52 * locuser\0 53 * terminal_type/speed\0 --- 32 unchanged lines hidden (view full) --- 86#endif 87 88#ifndef TIOCPKT_WINDOW 89#define TIOCPKT_WINDOW 0x80 90#endif 91 92#define ARGSTR "Dalnx" 93 | 46#endif /* not lint */ 47 48/* 49 * remote login server: 50 * \0 51 * remuser\0 52 * locuser\0 53 * terminal_type/speed\0 --- 32 unchanged lines hidden (view full) --- 86#endif 87 88#ifndef TIOCPKT_WINDOW 89#define TIOCPKT_WINDOW 0x80 90#endif 91 92#define ARGSTR "Dalnx" 93 |
| 94/* wrapper for KAME-special getnameinfo() */ 95#ifndef NI_WITHSCOPEID 96#define NI_WITHSCOPEID 0 97#endif 98 |
|
| 94char *env[2]; 95#define NMAX 30 96char lusername[NMAX+1], rusername[NMAX+1]; 97static char term[64] = "TERM="; 98#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */ 99int keepalive = 1; 100int check_all = 0; 101int no_delay; 102 103struct passwd *pwd; 104 | 99char *env[2]; 100#define NMAX 30 101char lusername[NMAX+1], rusername[NMAX+1]; 102static char term[64] = "TERM="; 103#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */ 104int keepalive = 1; 105int check_all = 0; 106int no_delay; 107 108struct passwd *pwd; 109 |
| 105void doit __P((int, struct sockaddr_in *)); | 110union sockunion { 111 struct sockinet { 112 u_char si_len; 113 u_char si_family; 114 u_short si_port; 115 } su_si; 116 struct sockaddr_in su_sin; 117 struct sockaddr_in6 su_sin6; 118}; 119#define su_len su_si.si_len 120#define su_family su_si.si_family 121#define su_port su_si.si_port 122 123void doit __P((int, union sockunion *)); |
| 106int control __P((int, char *, int)); 107void protocol __P((int, int)); 108void cleanup __P((int)); 109void fatal __P((int, char *, int)); | 124int control __P((int, char *, int)); 125void protocol __P((int, int)); 126void cleanup __P((int)); 127void fatal __P((int, char *, int)); |
| 110int do_rlogin __P((struct sockaddr_in *)); | 128int do_rlogin __P((union sockunion *)); |
| 111void getstr __P((char *, int, char *)); 112void setup_term __P((int)); 113int do_krb_login __P((struct sockaddr_in *)); 114void usage __P((void)); 115 116#ifndef NO_PAM 117extern int auth_pam __P((char *)); 118#endif 119 120int 121main(argc, argv) 122 int argc; 123 char *argv[]; 124{ 125 extern int __check_rhosts_file; | 129void getstr __P((char *, int, char *)); 130void setup_term __P((int)); 131int do_krb_login __P((struct sockaddr_in *)); 132void usage __P((void)); 133 134#ifndef NO_PAM 135extern int auth_pam __P((char *)); 136#endif 137 138int 139main(argc, argv) 140 int argc; 141 char *argv[]; 142{ 143 extern int __check_rhosts_file; |
| 126 struct sockaddr_in from; | 144 union sockunion from; |
| 127 int ch, fromlen, on; 128 129 openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); 130 131 opterr = 0; 132 while ((ch = getopt(argc, argv, ARGSTR)) != -1) 133 switch (ch) { 134 case 'D': --- 28 unchanged lines hidden (view full) --- 163 } 164 on = 1; 165 if (keepalive && 166 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) 167 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 168 if (no_delay && 169 setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0) 170 syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); | 145 int ch, fromlen, on; 146 147 openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); 148 149 opterr = 0; 150 while ((ch = getopt(argc, argv, ARGSTR)) != -1) 151 switch (ch) { 152 case 'D': --- 28 unchanged lines hidden (view full) --- 181 } 182 on = 1; 183 if (keepalive && 184 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) 185 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 186 if (no_delay && 187 setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0) 188 syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); |
| 189 if (from.su_family == AF_INET) 190 { |
|
| 171 on = IPTOS_LOWDELAY; 172 if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0) 173 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); | 191 on = IPTOS_LOWDELAY; 192 if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0) 193 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); |
| 194 } |
|
| 174 175 doit(0, &from); 176 return 0; 177} 178 179int child; 180int netf; 181char line[MAXPATHLEN]; 182int confirmed; 183 184struct winsize win = { 0, 0, 0, 0 }; 185 186 187void 188doit(f, fromp) 189 int f; | 195 196 doit(0, &from); 197 return 0; 198} 199 200int child; 201int netf; 202char line[MAXPATHLEN]; 203int confirmed; 204 205struct winsize win = { 0, 0, 0, 0 }; 206 207 208void 209doit(f, fromp) 210 int f; |
| 190 struct sockaddr_in *fromp; | 211 union sockunion *fromp; |
| 191{ 192 int master, pid, on = 1; 193 int authenticated = 0; | 212{ 213 int master, pid, on = 1; 214 int authenticated = 0; |
| 194 char hostname[MAXHOSTNAMELEN]; | 215 char hostname[2 * MAXHOSTNAMELEN + 1]; 216 char nameinfo[2 * INET6_ADDRSTRLEN + 1]; |
| 195 char c; 196 197 alarm(60); 198 read(f, &c, 1); 199 200 if (c != 0) 201 exit(1); 202 203 alarm(0); | 217 char c; 218 219 alarm(60); 220 read(f, &c, 1); 221 222 if (c != 0) 223 exit(1); 224 225 alarm(0); |
| 204 fromp->sin_port = ntohs((u_short)fromp->sin_port); 205 realhostname(hostname, sizeof(hostname) - 1, &fromp->sin_addr); | 226 227 realhostname_sa(hostname, sizeof(hostname) - 1, 228 (struct sockaddr *)fromp, fromp->su_len); 229 /* error check ? */ 230 fromp->su_port = ntohs((u_short)fromp->su_port); |
| 206 hostname[sizeof(hostname) - 1] = '\0'; 207 208 { | 231 hostname[sizeof(hostname) - 1] = '\0'; 232 233 { |
| 209 if (fromp->sin_family != AF_INET || 210 fromp->sin_port >= IPPORT_RESERVED || 211 fromp->sin_port < IPPORT_RESERVED/2) { | 234 if ((fromp->su_family != AF_INET && 235#ifdef INET6 236 fromp->su_family != AF_INET6 237#endif 238 ) || 239 fromp->su_port >= IPPORT_RESERVED || 240 fromp->su_port < IPPORT_RESERVED/2) { 241 getnameinfo((struct sockaddr *)fromp, 242 fromp->su_len, 243 nameinfo, sizeof(nameinfo), NULL, 0, 244 NI_NUMERICHOST|NI_WITHSCOPEID); 245 /* error check ? */ |
| 212 syslog(LOG_NOTICE, "Connection from %s on illegal port", | 246 syslog(LOG_NOTICE, "Connection from %s on illegal port", |
| 213 inet_ntoa(fromp->sin_addr)); | 247 nameinfo); |
| 214 fatal(f, "Permission denied", 0); 215 } 216#ifdef IP_OPTIONS | 248 fatal(f, "Permission denied", 0); 249 } 250#ifdef IP_OPTIONS |
| 217 { | 251 if (fromp->su_family == AF_INET) 252 { |
| 218 u_char optbuf[BUFSIZ/3]; 219 int optsize = sizeof(optbuf), ipproto, i; 220 struct protoent *ip; 221 222 if ((ip = getprotobyname("ip")) != NULL) 223 ipproto = ip->p_proto; 224 else 225 ipproto = IPPROTO_IP; 226 if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, 227 &optsize) == 0 && optsize != 0) { 228 for (i = 0; i < optsize; ) { 229 u_char c = optbuf[i]; 230 if (c == IPOPT_LSRR || c == IPOPT_SSRR) { 231 syslog(LOG_NOTICE, 232 "Connection refused from %s with IP option %s", | 253 u_char optbuf[BUFSIZ/3]; 254 int optsize = sizeof(optbuf), ipproto, i; 255 struct protoent *ip; 256 257 if ((ip = getprotobyname("ip")) != NULL) 258 ipproto = ip->p_proto; 259 else 260 ipproto = IPPROTO_IP; 261 if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, 262 &optsize) == 0 && optsize != 0) { 263 for (i = 0; i < optsize; ) { 264 u_char c = optbuf[i]; 265 if (c == IPOPT_LSRR || c == IPOPT_SSRR) { 266 syslog(LOG_NOTICE, 267 "Connection refused from %s with IP option %s", |
| 233 inet_ntoa(fromp->sin_addr), | 268 inet_ntoa(fromp->su_sin.sin_addr), |
| 234 c == IPOPT_LSRR ? "LSRR" : "SSRR"); 235 exit(1); 236 } 237 if (c == IPOPT_EOL) 238 break; 239 i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; 240 } 241 } | 269 c == IPOPT_LSRR ? "LSRR" : "SSRR"); 270 exit(1); 271 } 272 if (c == IPOPT_EOL) 273 break; 274 i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; 275 } 276 } |
| 242 } | 277 } |
| 243#endif 244 if (do_rlogin(fromp) == 0) 245 authenticated++; 246 } 247 if (confirmed == 0) { 248 write(f, "", 1); 249 confirmed = 1; /* we sent the null! */ 250 } --- 277 unchanged lines hidden (view full) --- 528 else 529 len = sprintf(bp, "rlogind: %s.\r\n", msg); 530 (void) write(f, buf, bp + len - buf); 531 exit(1); 532} 533 534int 535do_rlogin(dest) | 278#endif 279 if (do_rlogin(fromp) == 0) 280 authenticated++; 281 } 282 if (confirmed == 0) { 283 write(f, "", 1); 284 confirmed = 1; /* we sent the null! */ 285 } --- 277 unchanged lines hidden (view full) --- 563 else 564 len = sprintf(bp, "rlogind: %s.\r\n", msg); 565 (void) write(f, buf, bp + len - buf); 566 exit(1); 567} 568 569int 570do_rlogin(dest) |
| 536 struct sockaddr_in *dest; | 571 union sockunion *dest; |
| 537{ 538 int retval; | 572{ 573 int retval; |
| 574 int af; 575 char *addr; |
|
| 539 540 getstr(rusername, sizeof(rusername), "remuser too long"); 541 getstr(lusername, sizeof(lusername), "locuser too long"); 542 getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); 543 544#ifndef NO_PAM 545 retval = auth_pam(lusername); 546 --- 7 unchanged lines hidden (view full) --- 554 exit(1); 555 } 556 } 557#endif 558 pwd = getpwnam(lusername); 559 if (pwd == NULL) 560 return (-1); 561 /* XXX why don't we syslog() failure? */ | 576 577 getstr(rusername, sizeof(rusername), "remuser too long"); 578 getstr(lusername, sizeof(lusername), "locuser too long"); 579 getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); 580 581#ifndef NO_PAM 582 retval = auth_pam(lusername); 583 --- 7 unchanged lines hidden (view full) --- 591 exit(1); 592 } 593 } 594#endif 595 pwd = getpwnam(lusername); 596 if (pwd == NULL) 597 return (-1); 598 /* XXX why don't we syslog() failure? */ |
| 562 return (iruserok(dest->sin_addr.s_addr, pwd->pw_uid == 0, 563 rusername, lusername)); | 599 600 af = dest->su_family; 601 switch (af) { 602 case AF_INET: 603 addr = (char *)&dest->su_sin.sin_addr; 604 break; 605#ifdef INET6 606 case AF_INET6: 607 addr = (char *)&dest->su_sin6.sin6_addr; 608 break; 609#endif 610 default: 611 return -1; /*EAFNOSUPPORT*/ 612 } 613 614 return (iruserok_af(addr, pwd->pw_uid == 0, rusername, lusername, af)); |
| 564} 565 566void 567getstr(buf, cnt, errmsg) 568 char *buf; 569 int cnt; 570 char *errmsg; 571{ --- 59 unchanged lines hidden --- | 615} 616 617void 618getstr(buf, cnt, errmsg) 619 char *buf; 620 int cnt; 621 char *errmsg; 622{ --- 59 unchanged lines hidden --- |