libexec/rlogind/rlogind.c

193323Sed/*-
193323Sed * Copyright (c) 1983, 1988, 1989, 1993
193323Sed *	The Regents of the University of California.  All rights reserved.
193323Sed *
193323Sed * Redistribution and use in source and binary forms, with or without
193323Sed * modification, are permitted provided that the following conditions
193323Sed * are met:
193323Sed * 1. Redistributions of source code must retain the above copyright
193323Sed *    notice, this list of conditions and the following disclaimer.
193323Sed * 2. Redistributions in binary form must reproduce the above copyright
193323Sed *    notice, this list of conditions and the following disclaimer in the
193323Sed *    documentation and/or other materials provided with the distribution.
204961Srdivacky * 3. All advertising materials mentioning features or use of this software
198090Srdivacky *    must display the following acknowledgement:
193323Sed *	This product includes software developed by the University of
206274Srdivacky *	California, Berkeley and its contributors.
206274Srdivacky * 4. Neither the name of the University nor the names of its contributors
193323Sed *    may be used to endorse or promote products derived from this software
218893Sdim *    without specific prior written permission.
198090Srdivacky *
193323Sed * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
204961Srdivacky * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
198090Srdivacky * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
198090Srdivacky * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
204961Srdivacky * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
202878Srdivacky * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
198090Srdivacky * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
218893Sdim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
198090Srdivacky * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
206274Srdivacky * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
198090Srdivacky * SUCH DAMAGE.
207618Srdivacky */
206274Srdivacky
218893Sdim#ifndef lint
205218Srdivackystatic const char copyright[] =
198090Srdivacky"@(#) Copyright (c) 1983, 1988, 1989, 1993\n\
207618Srdivacky	The Regents of the University of California.  All rights reserved.\n";
198090Srdivacky#endif /* not lint */
198090Srdivacky
203954Srdivacky#ifndef lint
202878Srdivacky#if 0
193323Sedstatic const char sccsid[] = "@(#)rlogind.c	8.1 (Berkeley) 6/4/93";
218893Sdim#endif
193323Sedstatic const char rcsid[] =
193323Sed  "$FreeBSD: head/libexec/rlogind/rlogind.c 50476 1999-08-28 00:22:10Z peter $";
207618Srdivacky#endif /* not lint */
207618Srdivacky
207618Srdivacky/*
212904Sdim * remote login server:
210299Sed *	\0
207618Srdivacky *	remuser\0
207618Srdivacky *	locuser\0
208599Srdivacky *	terminal_type/speed\0
208599Srdivacky *	data
208599Srdivacky */
208599Srdivacky
218893Sdim#define	FD_SETSIZE	16		/* don't need many bits for select */
218893Sdim#include <sys/types.h>
218893Sdim#include <sys/param.h>
218893Sdim#include <sys/stat.h>
207618Srdivacky#include <sys/ioctl.h>
207618Srdivacky#include <signal.h>
207618Srdivacky#include <termios.h>
207618Srdivacky
207618Srdivacky#include <sys/socket.h>
193323Sed#include <netinet/in.h>
193323Sed#include <netinet/in_systm.h>
193323Sed#include <netinet/ip.h>
193323Sed#include <netinet/tcp.h>
193323Sed#include <arpa/inet.h>
193323Sed#include <netdb.h>
193323Sed
193323Sed#include <errno.h>
193323Sed#include <libutil.h>
193323Sed#include <pwd.h>
193323Sed#include <syslog.h>
199481Srdivacky#include <stdio.h>
193323Sed#include <stdlib.h>
193323Sed#include <string.h>
193323Sed#include <unistd.h>
193323Sed#include "pathnames.h"
193323Sed
193323Sed#ifndef TIOCPKT_WINDOW
205218Srdivacky#define TIOCPKT_WINDOW 0x80
193323Sed#endif
205218Srdivacky
199989Srdivacky#ifdef	KERBEROS
199989Srdivacky#include <des.h>
210299Sed#include <krb.h>
193323Sed#define	SECURE_MESSAGE "This rlogin session is using DES encryption for all transmissions.\r\n"
210299Sed
193323SedAUTH_DAT	*kdata;
210299SedKTEXT		ticket;
193323Sedu_char		auth_buf[sizeof(AUTH_DAT)];
210299Sedu_char		tick_buf[sizeof(KTEXT_ST)];
193323SedKey_schedule	schedule;
193323Sedint		doencrypt, retval, use_kerberos, vacuous;
193323Sed
193323Sed#define		ARGSTR			"Dalnkvx"
193323Sed#else
199989Srdivacky#define		ARGSTR			"Daln"
193323Sed#endif	/* KERBEROS */
199989Srdivacky
199989Srdivackychar	*env[2];
193323Sed#define	NMAX 30
193323Sedchar	lusername[NMAX+1], rusername[NMAX+1];
199989Srdivackystatic	char term[64] = "TERM=";
193323Sed#define	ENVSIZE	(sizeof("TERM=")-1)	/* skip null for concatenation */
193323Sedint	keepalive = 1;
199989Srdivackyint	check_all = 0;
205218Srdivackyint	no_delay;
199989Srdivacky
199989Srdivackystruct	passwd *pwd;
193323Sed
193323Sedvoid	doit __P((int, struct sockaddr_in *));
193323Sedint	control __P((int, char *, int));
199989Srdivackyvoid	protocol __P((int, int));
193323Sedvoid	cleanup __P((int));
199989Srdivackyvoid	fatal __P((int, char *, int));
193323Sedint	do_rlogin __P((struct sockaddr_in *));
206083Srdivackyvoid	getstr __P((char *, int, char *));
193323Sedvoid	setup_term __P((int));
199989Srdivackyint	do_krb_login __P((struct sockaddr_in *));
199989Srdivackyvoid	usage __P((void));
212904Sdim
212904Sdimint
199989Srdivackymain(argc, argv)
199989Srdivacky	int argc;
199989Srdivacky	char *argv[];
193323Sed{
210299Sed	extern int __check_rhosts_file;
193323Sed	struct sockaddr_in from;
199989Srdivacky	int ch, fromlen, on;
208599Srdivacky
210299Sed	openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
193323Sed
193323Sed	opterr = 0;
199989Srdivacky	while ((ch = getopt(argc, argv, ARGSTR)) != -1)
199989Srdivacky		switch (ch) {
212904Sdim		case 'D':
212904Sdim			no_delay = 1;
212904Sdim			break;
210299Sed		case 'a':
201360Srdivacky			check_all = 1;
201360Srdivacky			break;
201360Srdivacky		case 'l':
199989Srdivacky			__check_rhosts_file = 0;
199989Srdivacky			break;
208599Srdivacky		case 'n':
210299Sed			keepalive = 0;
199989Srdivacky			break;
199989Srdivacky#ifdef KERBEROS
199989Srdivacky		case 'k':
193323Sed			use_kerberos = 1;
199989Srdivacky			break;
199989Srdivacky		case 'v':
199989Srdivacky			vacuous = 1;
193323Sed			break;
199989Srdivacky#ifdef CRYPT
199989Srdivacky		case 'x':
199989Srdivacky			doencrypt = 1;
199989Srdivacky			break;
193323Sed#endif
199989Srdivacky#endif
199989Srdivacky		case '?':
199989Srdivacky		default:
199989Srdivacky			usage();
193323Sed			break;
199989Srdivacky		}
193323Sed	argc -= optind;
193323Sed	argv += optind;
193323Sed
193323Sed#ifdef	KERBEROS
193323Sed	if (use_kerberos && vacuous) {
198892Srdivacky		usage();
193323Sed		fatal(STDERR_FILENO, "only one of -k and -v allowed", 0);
208599Srdivacky	}
208599Srdivacky#endif
193323Sed	fromlen = sizeof (from);
205218Srdivacky	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
208599Srdivacky		syslog(LOG_ERR,"Can't get peer name of remote host: %m");
193323Sed		fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
193323Sed	}
199481Srdivacky	on = 1;
199481Srdivacky	if (keepalive &&
199481Srdivacky	    setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0)
208599Srdivacky		syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
208599Srdivacky	if (no_delay &&
212904Sdim	    setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0)
212904Sdim		syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
212904Sdim	on = IPTOS_LOWDELAY;
212904Sdim	if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
212904Sdim		syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
212904Sdim
212904Sdim	doit(0, &from);
212904Sdim	return 0;
212904Sdim}
212904Sdim
212904Sdimint	child;
212904Sdimint	netf;
212904Sdimchar	line[MAXPATHLEN];
212904Sdimint	confirmed;
212904Sdim
212904Sdimstruct winsize win = { 0, 0, 0, 0 };
212904Sdim
212904Sdim
212904Sdimvoid
212904Sdimdoit(f, fromp)
212904Sdim	int f;
212904Sdim	struct sockaddr_in *fromp;
212904Sdim{
212904Sdim	int master, pid, on = 1;
212904Sdim	int authenticated = 0;
212904Sdim	char hostname[MAXHOSTNAMELEN];
212904Sdim	char c;
212904Sdim
212904Sdim	alarm(60);
212904Sdim	read(f, &c, 1);
212904Sdim
212904Sdim	if (c != 0)
212904Sdim		exit(1);
212904Sdim#ifdef	KERBEROS
212904Sdim	if (vacuous)
212904Sdim		fatal(f, "Remote host requires Kerberos authentication", 0);
212904Sdim#endif
212904Sdim
212904Sdim	alarm(0);
212904Sdim	fromp->sin_port = ntohs((u_short)fromp->sin_port);
212904Sdim	realhostname(hostname, sizeof(hostname) - 1, &fromp->sin_addr);
212904Sdim	hostname[sizeof(hostname) - 1] = '\0';
212904Sdim
212904Sdim#ifdef	KERBEROS
212904Sdim	if (use_kerberos) {
212904Sdim		retval = do_krb_login(fromp);
212904Sdim		if (retval == 0)
212904Sdim			authenticated++;
212904Sdim		else if (retval > 0)
212904Sdim			fatal(f, krb_err_txt[retval], 0);
212904Sdim		write(f, &c, 1);
212904Sdim		confirmed = 1;		/* we sent the null! */
212904Sdim	} else
212904Sdim#endif
212904Sdim	{
212904Sdim		if (fromp->sin_family != AF_INET ||
212904Sdim		    fromp->sin_port >= IPPORT_RESERVED ||
212904Sdim		    fromp->sin_port < IPPORT_RESERVED/2) {
212904Sdim			syslog(LOG_NOTICE, "Connection from %s on illegal port",
212904Sdim				inet_ntoa(fromp->sin_addr));
212904Sdim			fatal(f, "Permission denied", 0);
212904Sdim		}
212904Sdim#ifdef IP_OPTIONS
212904Sdim		{
212904Sdim		u_char optbuf[BUFSIZ/3];
212904Sdim		int optsize = sizeof(optbuf), ipproto, i;
212904Sdim		struct protoent *ip;
193323Sed
193323Sed		if ((ip = getprotobyname("ip")) != NULL)
193323Sed			ipproto = ip->p_proto;
207618Srdivacky		else
207618Srdivacky			ipproto = IPPROTO_IP;
207618Srdivacky		if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf,
207618Srdivacky		    &optsize) == 0 && optsize != 0) {
207618Srdivacky			for (i = 0; i < optsize; ) {
207618Srdivacky				u_char c = optbuf[i];
193323Sed				if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
193323Sed					syslog(LOG_NOTICE,
198892Srdivacky						"Connection refused from %s with IP option %s",
193323Sed						inet_ntoa(fromp->sin_addr),
199989Srdivacky						c == IPOPT_LSRR ? "LSRR" : "SSRR");
203954Srdivacky					exit(1);
212904Sdim				}
199481Srdivacky				if (c == IPOPT_EOL)
198090Srdivacky					break;
198090Srdivacky				i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
207618Srdivacky			}
205218Srdivacky		}
205218Srdivacky		}
205218Srdivacky#endif
205218Srdivacky		if (do_rlogin(fromp) == 0)
207618Srdivacky			authenticated++;
195098Sed	}
195098Sed	if (confirmed == 0) {
193323Sed		write(f, "", 1);
208599Srdivacky		confirmed = 1;		/* we sent the null! */
199481Srdivacky	}
207618Srdivacky#ifdef	KERBEROS
207618Srdivacky#ifdef	CRYPT
193323Sed	if (doencrypt)
193323Sed		(void) des_enc_write(f,
193323Sed				     SECURE_MESSAGE,
193323Sed				     strlen(SECURE_MESSAGE),
199481Srdivacky				     schedule, &kdata->session);
193323Sed#endif
208599Srdivacky#endif
208599Srdivacky	netf = f;
205218Srdivacky
212904Sdim	pid = forkpty(&master, line, NULL, &win);
207618Srdivacky	if (pid < 0) {
207618Srdivacky		if (errno == ENOENT)
207618Srdivacky			fatal(f, "Out of ptys", 0);
207618Srdivacky		else
212904Sdim			fatal(f, "Forkpty", 1);
207618Srdivacky	}
212904Sdim	if (pid == 0) {
207618Srdivacky		if (f > 2)	/* f should always be 0, but... */
207618Srdivacky			(void) close(f);
207618Srdivacky		setup_term(0);
207618Srdivacky		 if (*lusername=='-') {
212904Sdim			syslog(LOG_ERR, "tried to pass user \"%s\" to login",
207618Srdivacky			       lusername);
207618Srdivacky			fatal(STDERR_FILENO, "invalid user", 0);
207618Srdivacky		}
207618Srdivacky		if (authenticated) {
207618Srdivacky#ifdef	KERBEROS
207618Srdivacky			if (use_kerberos && (pwd->pw_uid == 0))
207618Srdivacky				syslog(LOG_INFO|LOG_AUTH,
207618Srdivacky				    "ROOT Kerberos login from %s.%s@%s on %s\n",
207618Srdivacky				    kdata->pname, kdata->pinst, kdata->prealm,
207618Srdivacky				    hostname);
207618Srdivacky#endif
207618Srdivacky
207618Srdivacky			execl(_PATH_LOGIN, "login", "-p",
207618Srdivacky			    "-h", hostname, "-f", lusername, (char *)NULL);
212904Sdim		} else
207618Srdivacky			execl(_PATH_LOGIN, "login", "-p",
212904Sdim			    "-h", hostname, lusername, (char *)NULL);
207618Srdivacky		fatal(STDERR_FILENO, _PATH_LOGIN, 1);
207618Srdivacky		/*NOTREACHED*/
207618Srdivacky	}
207618Srdivacky#ifdef	CRYPT
207618Srdivacky#ifdef	KERBEROS
199481Srdivacky	/*
199481Srdivacky	 * If encrypted, don't turn on NBIO or the des read/write
199481Srdivacky	 * routines will croak.
207618Srdivacky	 */
207618Srdivacky
207618Srdivacky	if (!doencrypt)
207618Srdivacky#endif
207618Srdivacky#endif
207618Srdivacky		ioctl(f, FIONBIO, &on);
212904Sdim	ioctl(master, FIONBIO, &on);
207618Srdivacky	ioctl(master, TIOCPKT, &on);
207618Srdivacky	signal(SIGCHLD, cleanup);
207618Srdivacky	protocol(f, master);
207618Srdivacky	signal(SIGCHLD, SIG_IGN);
207618Srdivacky	cleanup(0);
207618Srdivacky}
199989Srdivacky
193323Sedchar	magic[2] = { 0377, 0377 };
199989Srdivackychar	oobdata[] = {TIOCPKT_WINDOW};
193323Sed
199989Srdivacky/*
193323Sed * Handle a "control" request (signaled by magic being present)
199989Srdivacky * in the data stream.  For now, we are only willing to handle
193323Sed * window size changes.
193323Sed */
193323Sedint
193323Sedcontrol(pty, cp, n)
193323Sed	int pty;
207618Srdivacky	char *cp;
206274Srdivacky	int n;
193323Sed{
193323Sed	struct winsize w;
193323Sed
201360Srdivacky	if (n < 4+sizeof (w) || cp[2] != 's' || cp[3] != 's')
198090Srdivacky		return (0);
208599Srdivacky	oobdata[0] &= ~TIOCPKT_WINDOW;	/* we know he heard */
199481Srdivacky	bcopy(cp+4, (char *)&w, sizeof(w));
199481Srdivacky	w.ws_row = ntohs(w.ws_row);
199481Srdivacky	w.ws_col = ntohs(w.ws_col);
193323Sed	w.ws_xpixel = ntohs(w.ws_xpixel);
193323Sed	w.ws_ypixel = ntohs(w.ws_ypixel);
199481Srdivacky	(void)ioctl(pty, TIOCSWINSZ, &w);
199481Srdivacky	return (4+sizeof (w));
193323Sed}
193323Sed
193323Sed/*
193323Sed * rlogin "protocol" machine.
193323Sed */
193323Sedvoid
193323Sedprotocol(f, p)
193323Sed	register int f, p;
193323Sed{
193323Sed	char pibuf[1024+1], fibuf[1024], *pbp, *fbp;
193323Sed	int pcc = 0, fcc = 0;
193323Sed	int cc, nfd, n;
193323Sed	char cntl;
206274Srdivacky
208599Srdivacky	/*
212904Sdim	 * Must ignore SIGTTOU, otherwise we'll stop
207618Srdivacky	 * when we try and set slave pty's window shape
205218Srdivacky	 * (our controlling tty is the master pty).
212904Sdim	 */
206274Srdivacky	(void) signal(SIGTTOU, SIG_IGN);
206274Srdivacky	send(f, oobdata, 1, MSG_OOB);	/* indicate new rlogin */
212904Sdim	if (f > p)
208599Srdivacky		nfd = f + 1;
210299Sed	else
210299Sed		nfd = p + 1;
210299Sed	if (nfd > FD_SETSIZE) {
210299Sed		syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE");
207618Srdivacky		fatal(f, "internal error (select mask too small)", 0);
193323Sed	}
193323Sed	for (;;) {
206083Srdivacky		fd_set ibits, obits, ebits, *omask;
206083Srdivacky
193323Sed		FD_ZERO(&ebits);
193323Sed		FD_ZERO(&ibits);
205218Srdivacky		FD_ZERO(&obits);
205218Srdivacky		omask = (fd_set *)NULL;
205218Srdivacky		if (fcc) {
205218Srdivacky			FD_SET(p, &obits);
205218Srdivacky			omask = &obits;
206274Srdivacky		} else
205218Srdivacky			FD_SET(f, &ibits);
205218Srdivacky		if (pcc >= 0) {
205218Srdivacky			if (pcc) {
199989Srdivacky				FD_SET(f, &obits);
193323Sed				omask = &obits;
199989Srdivacky			} else
193323Sed				FD_SET(p, &ibits);
193323Sed		}
193323Sed		FD_SET(p, &ebits);
193323Sed		if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) {
193323Sed			if (errno == EINTR)
193323Sed				continue;
193323Sed			fatal(f, "select", 1);
193323Sed		}
193323Sed		if (n == 0) {
193323Sed			/* shouldn't happen... */
193323Sed			sleep(5);
193323Sed			continue;
193323Sed		}
193323Sed#define	pkcontrol(c)	((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
193323Sed		if (FD_ISSET(p, &ebits)) {
193323Sed			cc = read(p, &cntl, 1);
193323Sed			if (cc == 1 && pkcontrol(cntl)) {
193323Sed				cntl |= oobdata[0];
193323Sed				send(f, &cntl, 1, MSG_OOB);
193323Sed				if (cntl & TIOCPKT_FLUSHWRITE) {
199989Srdivacky					pcc = 0;
193323Sed					FD_CLR(p, &ibits);
199989Srdivacky				}
206083Srdivacky			}
193323Sed		}
193323Sed		if (FD_ISSET(f, &ibits)) {
193323Sed#ifdef	CRYPT
199989Srdivacky#ifdef	KERBEROS
193323Sed			if (doencrypt)
199989Srdivacky				fcc = des_enc_read(f, fibuf, sizeof(fibuf),
193323Sed					schedule, &kdata->session);
193323Sed			else
212904Sdim#endif
210299Sed#endif
199989Srdivacky				fcc = read(f, fibuf, sizeof(fibuf));
193323Sed			if (fcc < 0 && errno == EWOULDBLOCK)
193323Sed				fcc = 0;
199989Srdivacky			else {
193323Sed				register char *cp;
199989Srdivacky				int left, n;
193323Sed
193323Sed				if (fcc <= 0)
206083Srdivacky					break;
199989Srdivacky				fbp = fibuf;
193323Sed
193323Sed			top:
200581Srdivacky				for (cp = fibuf; cp < fibuf+fcc-1; cp++)
212904Sdim					if (cp[0] == magic[0] &&
199989Srdivacky					    cp[1] == magic[1]) {
202878Srdivacky						left = fcc - (cp-fibuf);
206083Srdivacky						n = control(p, cp, left);
199989Srdivacky						if (n) {
193323Sed							left -= n;
193323Sed							if (left > 0)
199989Srdivacky								bcopy(cp+n, cp, left);
193323Sed							fcc -= n;
199989Srdivacky							goto top; /* n^2 */
204961Srdivacky						}
206083Srdivacky					}
199989Srdivacky				FD_SET(p, &obits);		/* try write */
193323Sed			}
193323Sed		}
199989Srdivacky
193323Sed		if (FD_ISSET(p, &obits) && fcc > 0) {
199989Srdivacky			cc = write(p, fbp, fcc);
204961Srdivacky			if (cc > 0) {
206083Srdivacky				fcc -= cc;
199989Srdivacky				fbp += cc;
193323Sed			}
193323Sed		}
206274Srdivacky
206274Srdivacky		if (FD_ISSET(p, &ibits)) {
206274Srdivacky			pcc = read(p, pibuf, sizeof (pibuf));
206274Srdivacky			pbp = pibuf;
206274Srdivacky			if (pcc < 0 && errno == EWOULDBLOCK)
206274Srdivacky				pcc = 0;
206274Srdivacky			else if (pcc <= 0)
206274Srdivacky				break;
199989Srdivacky			else if (pibuf[0] == 0) {
193323Sed				pbp++, pcc--;
199989Srdivacky#ifdef	CRYPT
193323Sed#ifdef	KERBEROS
206274Srdivacky				if (!doencrypt)
206083Srdivacky#endif
199989Srdivacky#endif
193323Sed					FD_SET(f, &obits);	/* try write */
193323Sed			} else {
199989Srdivacky				if (pkcontrol(pibuf[0])) {
193323Sed					pibuf[0] |= oobdata[0];
212904Sdim					send(f, &pibuf[0], 1, MSG_OOB);
208599Srdivacky				}
212904Sdim				pcc = 0;
193323Sed			}
193323Sed		}
212904Sdim		if ((FD_ISSET(f, &obits)) && pcc > 0) {
218893Sdim#ifdef	CRYPT
218893Sdim#ifdef	KERBEROS
218893Sdim			if (doencrypt)
193323Sed				cc = des_enc_write(f, pbp, pcc,
199989Srdivacky					schedule, &kdata->session);
199989Srdivacky			else
193323Sed#endif
193323Sed#endif
199989Srdivacky				cc = write(f, pbp, pcc);
193323Sed			if (cc < 0 && errno == EWOULDBLOCK) {
212904Sdim				/*
208599Srdivacky				 * This happens when we try write after read
212904Sdim				 * from p, but some old kernels balk at large
193323Sed				 * writes even when select returns true.
193323Sed				 */
212904Sdim				if (!FD_ISSET(p, &ibits))
218893Sdim					sleep(5);
218893Sdim				continue;
218893Sdim			}
193323Sed			if (cc > 0) {
199989Srdivacky				pcc -= cc;
199989Srdivacky				pbp += cc;
193323Sed			}
198090Srdivacky		}
199989Srdivacky	}
198090Srdivacky}
212904Sdim
208599Srdivackyvoid
212904Sdimcleanup(signo)
198090Srdivacky	int signo;
198090Srdivacky{
212904Sdim	char *p;
198090Srdivacky
198090Srdivacky	p = line + sizeof(_PATH_DEV) - 1;
212904Sdim	if (logout(p))
212904Sdim		logwtmp(p, "", "");
204961Srdivacky	(void)chflags(line, 0);
218893Sdim	(void)chmod(line, 0666);
198090Srdivacky	(void)chown(line, 0, 0);
199989Srdivacky	*p = 'p';
199989Srdivacky	(void)chflags(line, 0);
198090Srdivacky	(void)chmod(line, 0666);
198090Srdivacky	(void)chown(line, 0, 0);
199989Srdivacky	shutdown(netf, 2);
198090Srdivacky	exit(1);
212904Sdim}
208599Srdivacky
212904Sdimvoid
193323Sedfatal(f, msg, syserr)
193323Sed	int f;
212904Sdim	char *msg;
218893Sdim	int syserr;
204961Srdivacky{
218893Sdim	int len;
193323Sed	char buf[BUFSIZ], *bp = buf;
199989Srdivacky
199989Srdivacky	/*
193323Sed	 * Prepend binary one to message if we haven't sent
193323Sed	 * the magic null as confirmation.
201360Srdivacky	 */
201360Srdivacky	if (!confirmed)
212904Sdim		*bp++ = '\01';		/* error indicator */
208599Srdivacky	if (syserr)
212904Sdim		len = sprintf(bp, "rlogind: %s: %s.\r\n",
201360Srdivacky		    msg, strerror(errno));
201360Srdivacky	else
212904Sdim		len = sprintf(bp, "rlogind: %s.\r\n", msg);
218893Sdim	(void) write(f, buf, bp + len - buf);
218893Sdim	exit(1);
212904Sdim}
201360Srdivacky
218893Sdimint
201360Srdivackydo_rlogin(dest)
201360Srdivacky	struct sockaddr_in *dest;
201360Srdivacky{
201360Srdivacky	getstr(rusername, sizeof(rusername), "remuser too long");
201360Srdivacky	getstr(lusername, sizeof(lusername), "locuser too long");
212904Sdim	getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
212904Sdim
212904Sdim	pwd = getpwnam(lusername);
212904Sdim	if (pwd == NULL)
212904Sdim		return (-1);
218893Sdim	/* XXX why don't we syslog() failure? */
218893Sdim	return (iruserok(dest->sin_addr.s_addr, pwd->pw_uid == 0,
212904Sdim		rusername, lusername));
198090Srdivacky}
212904Sdim
212904Sdimvoid
212904Sdimgetstr(buf, cnt, errmsg)
212904Sdim	char *buf;
212904Sdim	int cnt;
212904Sdim	char *errmsg;
198090Srdivacky{
198090Srdivacky	char c;
199989Srdivacky
198090Srdivacky	do {
198090Srdivacky		if (read(0, &c, 1) != 1)
198090Srdivacky			exit(1);
198090Srdivacky		if (--cnt < 0)
199989Srdivacky			fatal(STDOUT_FILENO, errmsg, 0);
198090Srdivacky		*buf++ = c;
198090Srdivacky	} while (c != 0);
212904Sdim}
198090Srdivacky
198090Srdivackyextern	char **environ;
198090Srdivacky
206274Srdivackyvoid
198090Srdivackysetup_term(fd)
206083Srdivacky	int fd;
198090Srdivacky{
198090Srdivacky	register char *cp = index(term+ENVSIZE, '/');
198090Srdivacky	char *speed;
199989Srdivacky	struct termios tt;
198090Srdivacky
218893Sdim#ifndef notyet
199989Srdivacky	tcgetattr(fd, &tt);
198090Srdivacky	if (cp) {
198090Srdivacky		*cp++ = '\0';
198090Srdivacky		speed = cp;
199989Srdivacky		cp = index(speed, '/');
198090Srdivacky		if (cp)
199989Srdivacky			*cp++ = '\0';
199989Srdivacky		cfsetspeed(&tt, atoi(speed));
198090Srdivacky	}
198090Srdivacky
199989Srdivacky	tt.c_iflag = TTYDEF_IFLAG;
198090Srdivacky	tt.c_oflag = TTYDEF_OFLAG;
198090Srdivacky	tt.c_lflag = TTYDEF_LFLAG;
212904Sdim	tcsetattr(fd, TCSAFLUSH, &tt);
212904Sdim#else
198090Srdivacky	if (cp) {
198090Srdivacky		*cp++ = '\0';
199989Srdivacky		speed = cp;
212904Sdim		cp = index(speed, '/');
198090Srdivacky		if (cp)
199989Srdivacky			*cp++ = '\0';
198090Srdivacky		tcgetattr(fd, &tt);
198090Srdivacky		cfsetspeed(&tt, atoi(speed));
198090Srdivacky		tcsetattr(fd, TCSAFLUSH, &tt);
198090Srdivacky	}
199989Srdivacky#endif
198090Srdivacky
198090Srdivacky	env[0] = term;
198090Srdivacky	env[1] = 0;
198090Srdivacky	environ = env;
198090Srdivacky}
198090Srdivacky
198090Srdivacky#ifdef	KERBEROS
198090Srdivacky#define	VERSION_SIZE	9
198090Srdivacky
198090Srdivacky/*
198090Srdivacky * Do the remote kerberos login to the named host with the
199989Srdivacky * given inet address
198090Srdivacky *
198090Srdivacky * Return 0 on valid authorization
198090Srdivacky * Return -1 on valid authentication, no authorization
198090Srdivacky * Return >0 for error conditions
198090Srdivacky */
198090Srdivackyint
198090Srdivackydo_krb_login(dest)
198090Srdivacky	struct sockaddr_in *dest;
198090Srdivacky{
198090Srdivacky	int rc;
198090Srdivacky	char instance[INST_SZ], version[VERSION_SIZE];
198090Srdivacky	long authopts = 0L;	/* !mutual */
198090Srdivacky	struct sockaddr_in faddr;
198090Srdivacky
198090Srdivacky	kdata = (AUTH_DAT *) auth_buf;
198090Srdivacky	ticket = (KTEXT) tick_buf;
198090Srdivacky
198090Srdivacky	instance[0] = '*';
198090Srdivacky	instance[1] = '\0';
198090Srdivacky
198090Srdivacky#ifdef	CRYPT
198090Srdivacky	if (doencrypt) {
198090Srdivacky		rc = sizeof(faddr);
198090Srdivacky		if (getsockname(0, (struct sockaddr *)&faddr, &rc))
198090Srdivacky			return (-1);
198090Srdivacky		authopts = KOPT_DO_MUTUAL;
198090Srdivacky		rc = krb_recvauth(
203954Srdivacky			authopts, 0,
198090Srdivacky			ticket, "rcmd",
198090Srdivacky			instance, dest, &faddr,
198090Srdivacky			kdata, "", schedule, version);
198090Srdivacky		 des_set_key(&kdata->session, schedule);
198090Srdivacky
198090Srdivacky	} else
198090Srdivacky#endif
198090Srdivacky		rc = krb_recvauth(
198090Srdivacky			authopts, 0,
198090Srdivacky			ticket, "rcmd",
198090Srdivacky			instance, dest, (struct sockaddr_in *) 0,
198090Srdivacky			kdata, "", NULL, version);
198090Srdivacky
198090Srdivacky	if (rc != KSUCCESS)
198090Srdivacky		return (rc);
198090Srdivacky
199989Srdivacky	getstr(lusername, sizeof(lusername), "locuser");
198090Srdivacky	/* get the "cmd" in the rcmd protocol */
198090Srdivacky	getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type");
198090Srdivacky
198090Srdivacky	pwd = getpwnam(lusername);
198090Srdivacky	if (pwd == NULL)
199989Srdivacky		return (-1);
198090Srdivacky
198090Srdivacky	/* returns nonzero for no access */
212904Sdim	if (kuserok(kdata, lusername) != 0)
198090Srdivacky		return (-1);
198090Srdivacky
198090Srdivacky	return (0);
198090Srdivacky
212904Sdim}
198090Srdivacky#endif /* KERBEROS */
198090Srdivacky
208599Srdivackyvoid
198090Srdivackyusage()
198090Srdivacky{
198090Srdivacky#ifdef KERBEROS
198090Srdivacky	syslog(LOG_ERR, "usage: rlogind [-Daln] [-k | -v]");
208599Srdivacky#else
198090Srdivacky	syslog(LOG_ERR, "usage: rlogind [-Daln]");
198090Srdivacky#endif
198090Srdivacky}
198090Srdivacky