rlogind.c revision 66755 
1/*-
2 * Copyright (c) 1983, 1988, 1989, 1993
3 *	The Regents of the University of California.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 *    must display the following acknowledgement:
15 *	This product includes software developed by the University of
16 *	California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#ifndef lint
35static const char copyright[] =
36"@(#) Copyright (c) 1983, 1988, 1989, 1993\n\
37	The Regents of the University of California.  All rights reserved.\n";
38#endif /* not lint */
39
40#ifndef lint
41#if 0
42static const char sccsid[] = "@(#)rlogind.c	8.1 (Berkeley) 6/4/93";
43#endif
44static const char rcsid[] =
45  "$FreeBSD: head/libexec/rlogind/rlogind.c 66755 2000-10-06 17:08:31Z ru $";
46#endif /* not lint */
47
48/*
49 * remote login server:
50 *	\0
51 *	remuser\0
52 *	locuser\0
53 *	terminal_type/speed\0
54 *	data
55 */
56
57#define	FD_SETSIZE	16		/* don't need many bits for select */
58#include <sys/types.h>
59#include <sys/param.h>
60#include <sys/stat.h>
61#include <sys/ioctl.h>
62#include <signal.h>
63#include <termios.h>
64
65#include <sys/socket.h>
66#include <netinet/in.h>
67#include <netinet/in_systm.h>
68#include <netinet/ip.h>
69#include <netinet/tcp.h>
70#include <arpa/inet.h>
71#include <netdb.h>
72
73#include <errno.h>
74#include <libutil.h>
75#include <pwd.h>
76#include <syslog.h>
77#include <stdio.h>
78#include <stdlib.h>
79#include <string.h>
80#include <unistd.h>
81#include "pathnames.h"
82
83#ifndef NO_PAM
84#include <security/pam_appl.h>
85#include <security/pam_misc.h>
86#endif
87
88#ifndef TIOCPKT_WINDOW
89#define TIOCPKT_WINDOW 0x80
90#endif
91
92#define		ARGSTR			"Dalnx"
93
94/* wrapper for KAME-special getnameinfo() */
95#ifndef NI_WITHSCOPEID
96#define	NI_WITHSCOPEID	0
97#endif
98
99char	*env[2];
100#define	NMAX 30
101char	lusername[NMAX+1], rusername[NMAX+1];
102static	char term[64] = "TERM=";
103#define	ENVSIZE	(sizeof("TERM=")-1)	/* skip null for concatenation */
104int	keepalive = 1;
105int	check_all = 0;
106int	no_delay;
107
108struct	passwd *pwd;
109
110union sockunion {
111	struct sockinet {
112		u_char si_len;
113		u_char si_family;
114		u_short si_port;
115	} su_si;
116	struct sockaddr_in  su_sin;
117	struct sockaddr_in6 su_sin6;
118};
119#define su_len		su_si.si_len
120#define su_family	su_si.si_family
121#define su_port		su_si.si_port
122
123void	doit __P((int, union sockunion *));
124int	control __P((int, char *, int));
125void	protocol __P((int, int));
126void	cleanup __P((int));
127void	fatal __P((int, char *, int));
128int	do_rlogin __P((union sockunion *));
129void	getstr __P((char *, int, char *));
130void	setup_term __P((int));
131int	do_krb_login __P((struct sockaddr_in *));
132void	usage __P((void));
133
134#ifndef NO_PAM
135extern int auth_pam __P((char *));
136#endif
137
138int
139main(argc, argv)
140	int argc;
141	char *argv[];
142{
143	extern int __check_rhosts_file;
144	union sockunion from;
145	int ch, fromlen, on;
146
147	openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
148
149	opterr = 0;
150	while ((ch = getopt(argc, argv, ARGSTR)) != -1)
151		switch (ch) {
152		case 'D':
153			no_delay = 1;
154			break;
155		case 'a':
156			check_all = 1;
157			break;
158		case 'l':
159			__check_rhosts_file = 0;
160			break;
161		case 'n':
162			keepalive = 0;
163			break;
164#ifdef CRYPT
165		case 'x':
166			doencrypt = 1;
167			break;
168#endif
169		case '?':
170		default:
171			usage();
172			break;
173		}
174	argc -= optind;
175	argv += optind;
176
177	fromlen = sizeof (from);
178	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
179		syslog(LOG_ERR,"Can't get peer name of remote host: %m");
180		fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
181	}
182	on = 1;
183	if (keepalive &&
184	    setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0)
185		syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
186	if (no_delay &&
187	    setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0)
188		syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
189        if (from.su_family == AF_INET)
190      {
191	on = IPTOS_LOWDELAY;
192	if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
193		syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
194      }
195
196	doit(0, &from);
197	return 0;
198}
199
200int	child;
201int	netf;
202char	line[MAXPATHLEN];
203int	confirmed;
204
205struct winsize win = { 0, 0, 0, 0 };
206
207
208void
209doit(f, fromp)
210	int f;
211	union sockunion *fromp;
212{
213	int master, pid, on = 1;
214	int authenticated = 0;
215	char hostname[2 * MAXHOSTNAMELEN + 1];
216	char nameinfo[2 * INET6_ADDRSTRLEN + 1];
217	char c;
218
219	alarm(60);
220	read(f, &c, 1);
221
222	if (c != 0)
223		exit(1);
224
225	alarm(0);
226
227	realhostname_sa(hostname, sizeof(hostname) - 1,
228			    (struct sockaddr *)fromp, fromp->su_len);
229	/* error check ? */
230	fromp->su_port = ntohs((u_short)fromp->su_port);
231	hostname[sizeof(hostname) - 1] = '\0';
232
233	{
234		if ((fromp->su_family != AF_INET
235#ifdef INET6
236		  && fromp->su_family != AF_INET6
237#endif
238		     ) ||
239		    fromp->su_port >= IPPORT_RESERVED ||
240		    fromp->su_port < IPPORT_RESERVED/2) {
241			getnameinfo((struct sockaddr *)fromp,
242				    fromp->su_len,
243				    nameinfo, sizeof(nameinfo), NULL, 0,
244				    NI_NUMERICHOST|NI_WITHSCOPEID);
245			/* error check ? */
246			syslog(LOG_NOTICE, "Connection from %s on illegal port",
247			       nameinfo);
248			fatal(f, "Permission denied", 0);
249		}
250#ifdef IP_OPTIONS
251		if (fromp->su_family == AF_INET)
252              {
253		u_char optbuf[BUFSIZ/3];
254		int optsize = sizeof(optbuf), ipproto, i;
255		struct protoent *ip;
256
257		if ((ip = getprotobyname("ip")) != NULL)
258			ipproto = ip->p_proto;
259		else
260			ipproto = IPPROTO_IP;
261		if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf,
262		    &optsize) == 0 && optsize != 0) {
263			for (i = 0; i < optsize; ) {
264				u_char c = optbuf[i];
265				if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
266					syslog(LOG_NOTICE,
267						"Connection refused from %s with IP option %s",
268						inet_ntoa(fromp->su_sin.sin_addr),
269						c == IPOPT_LSRR ? "LSRR" : "SSRR");
270					exit(1);
271				}
272				if (c == IPOPT_EOL)
273					break;
274				i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
275			}
276		}
277	      }
278#endif
279		if (do_rlogin(fromp) == 0)
280			authenticated++;
281	}
282	if (confirmed == 0) {
283		write(f, "", 1);
284		confirmed = 1;		/* we sent the null! */
285	}
286#ifdef	CRYPT
287	if (doencrypt)
288		(void) des_enc_write(f,
289				     SECURE_MESSAGE,
290				     strlen(SECURE_MESSAGE),
291				     schedule, &kdata->session);
292#endif
293	netf = f;
294
295	pid = forkpty(&master, line, NULL, &win);
296	if (pid < 0) {
297		if (errno == ENOENT)
298			fatal(f, "Out of ptys", 0);
299		else
300			fatal(f, "Forkpty", 1);
301	}
302	if (pid == 0) {
303		if (f > 2)	/* f should always be 0, but... */
304			(void) close(f);
305		setup_term(0);
306		 if (*lusername=='-') {
307			syslog(LOG_ERR, "tried to pass user \"%s\" to login",
308			       lusername);
309			fatal(STDERR_FILENO, "invalid user", 0);
310		}
311		if (authenticated) {
312			execl(_PATH_LOGIN, "login", "-p",
313			    "-h", hostname, "-f", lusername, (char *)NULL);
314		} else
315			execl(_PATH_LOGIN, "login", "-p",
316			    "-h", hostname, lusername, (char *)NULL);
317		fatal(STDERR_FILENO, _PATH_LOGIN, 1);
318		/*NOTREACHED*/
319	}
320#ifdef	CRYPT
321	/*
322	 * If encrypted, don't turn on NBIO or the des read/write
323	 * routines will croak.
324	 */
325
326	if (!doencrypt)
327#endif
328		ioctl(f, FIONBIO, &on);
329	ioctl(master, FIONBIO, &on);
330	ioctl(master, TIOCPKT, &on);
331	signal(SIGCHLD, cleanup);
332	protocol(f, master);
333	signal(SIGCHLD, SIG_IGN);
334	cleanup(0);
335}
336
337char	magic[2] = { 0377, 0377 };
338char	oobdata[] = {TIOCPKT_WINDOW};
339
340/*
341 * Handle a "control" request (signaled by magic being present)
342 * in the data stream.  For now, we are only willing to handle
343 * window size changes.
344 */
345int
346control(pty, cp, n)
347	int pty;
348	char *cp;
349	int n;
350{
351	struct winsize w;
352
353	if (n < 4+sizeof (w) || cp[2] != 's' || cp[3] != 's')
354		return (0);
355	oobdata[0] &= ~TIOCPKT_WINDOW;	/* we know he heard */
356	bcopy(cp+4, (char *)&w, sizeof(w));
357	w.ws_row = ntohs(w.ws_row);
358	w.ws_col = ntohs(w.ws_col);
359	w.ws_xpixel = ntohs(w.ws_xpixel);
360	w.ws_ypixel = ntohs(w.ws_ypixel);
361	(void)ioctl(pty, TIOCSWINSZ, &w);
362	return (4+sizeof (w));
363}
364
365/*
366 * rlogin "protocol" machine.
367 */
368void
369protocol(f, p)
370	register int f, p;
371{
372	char pibuf[1024+1], fibuf[1024], *pbp, *fbp;
373	int pcc = 0, fcc = 0;
374	int cc, nfd, n;
375	char cntl;
376
377	/*
378	 * Must ignore SIGTTOU, otherwise we'll stop
379	 * when we try and set slave pty's window shape
380	 * (our controlling tty is the master pty).
381	 */
382	(void) signal(SIGTTOU, SIG_IGN);
383	send(f, oobdata, 1, MSG_OOB);	/* indicate new rlogin */
384	if (f > p)
385		nfd = f + 1;
386	else
387		nfd = p + 1;
388	if (nfd > FD_SETSIZE) {
389		syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE");
390		fatal(f, "internal error (select mask too small)", 0);
391	}
392	for (;;) {
393		fd_set ibits, obits, ebits, *omask;
394
395		FD_ZERO(&ebits);
396		FD_ZERO(&ibits);
397		FD_ZERO(&obits);
398		omask = (fd_set *)NULL;
399		if (fcc) {
400			FD_SET(p, &obits);
401			omask = &obits;
402		} else
403			FD_SET(f, &ibits);
404		if (pcc >= 0) {
405			if (pcc) {
406				FD_SET(f, &obits);
407				omask = &obits;
408			} else
409				FD_SET(p, &ibits);
410		}
411		FD_SET(p, &ebits);
412		if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) {
413			if (errno == EINTR)
414				continue;
415			fatal(f, "select", 1);
416		}
417		if (n == 0) {
418			/* shouldn't happen... */
419			sleep(5);
420			continue;
421		}
422#define	pkcontrol(c)	((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
423		if (FD_ISSET(p, &ebits)) {
424			cc = read(p, &cntl, 1);
425			if (cc == 1 && pkcontrol(cntl)) {
426				cntl |= oobdata[0];
427				send(f, &cntl, 1, MSG_OOB);
428				if (cntl & TIOCPKT_FLUSHWRITE) {
429					pcc = 0;
430					FD_CLR(p, &ibits);
431				}
432			}
433		}
434		if (FD_ISSET(f, &ibits)) {
435#ifdef	CRYPT
436			if (doencrypt)
437				fcc = des_enc_read(f, fibuf, sizeof(fibuf),
438					schedule, &kdata->session);
439			else
440#endif
441				fcc = read(f, fibuf, sizeof(fibuf));
442			if (fcc < 0 && errno == EWOULDBLOCK)
443				fcc = 0;
444			else {
445				register char *cp;
446				int left, n;
447
448				if (fcc <= 0)
449					break;
450				fbp = fibuf;
451
452			top:
453				for (cp = fibuf; cp < fibuf+fcc-1; cp++)
454					if (cp[0] == magic[0] &&
455					    cp[1] == magic[1]) {
456						left = fcc - (cp-fibuf);
457						n = control(p, cp, left);
458						if (n) {
459							left -= n;
460							if (left > 0)
461								bcopy(cp+n, cp, left);
462							fcc -= n;
463							goto top; /* n^2 */
464						}
465					}
466				FD_SET(p, &obits);		/* try write */
467			}
468		}
469
470		if (FD_ISSET(p, &obits) && fcc > 0) {
471			cc = write(p, fbp, fcc);
472			if (cc > 0) {
473				fcc -= cc;
474				fbp += cc;
475			}
476		}
477
478		if (FD_ISSET(p, &ibits)) {
479			pcc = read(p, pibuf, sizeof (pibuf));
480			pbp = pibuf;
481			if (pcc < 0 && errno == EWOULDBLOCK)
482				pcc = 0;
483			else if (pcc <= 0)
484				break;
485			else if (pibuf[0] == 0) {
486				pbp++, pcc--;
487#ifdef	CRYPT
488				if (!doencrypt)
489#endif
490					FD_SET(f, &obits);	/* try write */
491			} else {
492				if (pkcontrol(pibuf[0])) {
493					pibuf[0] |= oobdata[0];
494					send(f, &pibuf[0], 1, MSG_OOB);
495				}
496				pcc = 0;
497			}
498		}
499		if ((FD_ISSET(f, &obits)) && pcc > 0) {
500#ifdef	CRYPT
501			if (doencrypt)
502				cc = des_enc_write(f, pbp, pcc,
503					schedule, &kdata->session);
504			else
505#endif
506				cc = write(f, pbp, pcc);
507			if (cc < 0 && errno == EWOULDBLOCK) {
508				/*
509				 * This happens when we try write after read
510				 * from p, but some old kernels balk at large
511				 * writes even when select returns true.
512				 */
513				if (!FD_ISSET(p, &ibits))
514					sleep(5);
515				continue;
516			}
517			if (cc > 0) {
518				pcc -= cc;
519				pbp += cc;
520			}
521		}
522	}
523}
524
525void
526cleanup(signo)
527	int signo;
528{
529	char *p;
530
531	p = line + sizeof(_PATH_DEV) - 1;
532	if (logout(p))
533		logwtmp(p, "", "");
534	(void)chflags(line, 0);
535	(void)chmod(line, 0666);
536	(void)chown(line, 0, 0);
537	*p = 'p';
538	(void)chflags(line, 0);
539	(void)chmod(line, 0666);
540	(void)chown(line, 0, 0);
541	shutdown(netf, 2);
542	exit(1);
543}
544
545void
546fatal(f, msg, syserr)
547	int f;
548	char *msg;
549	int syserr;
550{
551	int len;
552	char buf[BUFSIZ], *bp = buf;
553
554	/*
555	 * Prepend binary one to message if we haven't sent
556	 * the magic null as confirmation.
557	 */
558	if (!confirmed)
559		*bp++ = '\01';		/* error indicator */
560	if (syserr)
561		len = snprintf(bp, sizeof(buf), "rlogind: %s: %s.\r\n",
562		    msg, strerror(errno));
563	else
564		len = snprintf(bp, sizeof(buf), "rlogind: %s.\r\n", msg);
565	(void) write(f, buf, bp + len - buf);
566	exit(1);
567}
568
569int
570do_rlogin(dest)
571	union sockunion *dest;
572{
573#ifndef NO_PAM
574	int retval;
575#endif
576
577	getstr(rusername, sizeof(rusername), "remuser too long");
578	getstr(lusername, sizeof(lusername), "locuser too long");
579	getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
580
581#ifndef  NO_PAM
582	retval = auth_pam(lusername);
583
584	if (retval) {
585		if (retval == -1) {
586			syslog(LOG_ERR, "PAM authentication failed");
587		}
588		else {
589			syslog(LOG_ERR,
590				"User %s failed PAM authentication", lusername);
591			exit(1);
592		}
593	}
594#endif
595	pwd = getpwnam(lusername);
596	if (pwd == NULL)
597		return (-1);
598	/* XXX why don't we syslog() failure? */
599
600	return (iruserok_sa(dest, dest->su_len, pwd->pw_uid == 0, rusername,
601			    lusername));
602}
603
604void
605getstr(buf, cnt, errmsg)
606	char *buf;
607	int cnt;
608	char *errmsg;
609{
610	char c;
611
612	do {
613		if (read(0, &c, 1) != 1)
614			exit(1);
615		if (--cnt < 0)
616			fatal(STDOUT_FILENO, errmsg, 0);
617		*buf++ = c;
618	} while (c != 0);
619}
620
621extern	char **environ;
622
623void
624setup_term(fd)
625	int fd;
626{
627	register char *cp = index(term+ENVSIZE, '/');
628	char *speed;
629	struct termios tt;
630
631#ifndef notyet
632	tcgetattr(fd, &tt);
633	if (cp) {
634		*cp++ = '\0';
635		speed = cp;
636		cp = index(speed, '/');
637		if (cp)
638			*cp++ = '\0';
639		cfsetspeed(&tt, atoi(speed));
640	}
641
642	tt.c_iflag = TTYDEF_IFLAG;
643	tt.c_oflag = TTYDEF_OFLAG;
644	tt.c_lflag = TTYDEF_LFLAG;
645	tcsetattr(fd, TCSAFLUSH, &tt);
646#else
647	if (cp) {
648		*cp++ = '\0';
649		speed = cp;
650		cp = index(speed, '/');
651		if (cp)
652			*cp++ = '\0';
653		tcgetattr(fd, &tt);
654		cfsetspeed(&tt, atoi(speed));
655		tcsetattr(fd, TCSAFLUSH, &tt);
656	}
657#endif
658
659	env[0] = term;
660	env[1] = 0;
661	environ = env;
662}
663
664void
665usage()
666{
667	syslog(LOG_ERR, "usage: rlogind [-" ARGSTR "]");
668}
669