122347Spst/* insecure.c: The opieinsecure() library function. 222347Spst 329964Sache%%% portions-copyright-cmetz-96 492914SmarkmPortions of this software are Copyright 1996-1999 by Craig Metz, All Rights 522347SpstReserved. The Inner Net License Version 2 applies to these portions of 622347Spstthe software. 722347SpstYou should have received a copy of the license with this software. If 822347Spstyou didn't get a copy, you may request one from <license@inner.net>. 922347Spst 1022347SpstPortions of this software are Copyright 1995 by Randall Atkinson and Dan 1122347SpstMcDonald, All Rights Reserved. All Rights under this copyright are assigned 1222347Spstto the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 1322347SpstLicense Agreement applies to this software. 1422347Spst 1522347Spst History: 1622347Spst 1792914Smarkm Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems. 1892914Smarkm Handle unterminated ut_host. 1929964Sache Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent(). 2022347Spst Modified by cmetz for OPIE 2.3. Added result caching. Use 2122347Spst __opiegetutmpentry(). Ifdef around ut_host check. Eliminate 2222347Spst unused variable. 2322347Spst Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. 2422347Spst Allow IP loopback. DISPLAY and ut_host must match exactly, 2522347Spst not just the part before the colon. Added work-around for 2622347Spst Sun CDE dtterm bug. Leave the environment as it was 2722347Spst found. Use uname(). 2822347Spst Created at NRL for OPIE 2.2 from opiesubr.c. Fixed pointer 2922347Spst assignment that should have been a comparison. 3082495Sache 3182495Sache$FreeBSD$ 3282495Sache 3322347Spst*/ 3422347Spst#include "opie_cfg.h" 3522347Spst 3622347Spst#include <stdio.h> 3722347Spst#include <string.h> 3822347Spst#include <stdlib.h> /* ANSI C standard library */ 3922347Spst#include <sys/param.h> 4022347Spst#include <unistd.h> 4122347Spst 4222347Spst#if DOUTMPX 4322347Spst#include <utmpx.h> 4422347Spst#define utmp utmpx 4529964Sache#define endutent endutxent 46202086Sed#else 47202086Sed#include <utmp.h> 4822347Spst#endif /* DOUTMPX */ 4922347Spst 5022347Spst#if HAVE_SYS_UTSNAME_H 5122347Spst#include <sys/utsname.h> 5222347Spst#endif /* HAVE_SYS_UTSNAME_H */ 5322347Spst 5422347Spst#include "opie.h" 5522347Spst 5629964Sachechar *remote_terms[] = { "xterm", "xterms", "kterm", NULL }; 5729964Sache 5822347Spstint opieinsecure FUNCTION_NOARGS 5922347Spst{ 6022347Spst#ifndef NO_INSECURE_CHECK 6122347Spst char *display_name; 6222347Spst char *s; 6322347Spst char *term_name; 6422347Spst int insecure = 0; 6592914Smarkm#if HAVE_UT_HOST || DOUTMPX 6622347Spst struct utmp utmp; 6792914Smarkm#endif /* HAVE_UT_HOST || DOUTMPX */ 6822347Spst static int result = -1; 6922347Spst 7022347Spst if (result != -1) 7122347Spst return result; 7222347Spst 7382495Sache if (getenv("SSH_CLIENT") != NULL) 7482495Sache return (result = 0); 7522347Spst display_name = (char *) getenv("DISPLAY"); 7622347Spst term_name = (char *) getenv("TERM"); 7722347Spst 7822347Spst if (display_name) { 7922347Spst insecure = 1; 8022347Spst if (s = strchr(display_name, ':')) { 8122347Spst int n = s - display_name; 8222347Spst if (!n) 8322347Spst insecure = 0; 8422347Spst else { 8522347Spst if (!strncmp("unix", display_name, n)) 8622347Spst insecure = 0; 8722347Spst else if (!strncmp("localhost", display_name, n)) 8822347Spst insecure = 0; 8922347Spst else if (!strncmp("loopback", display_name, n)) 9022347Spst insecure = 0; 9122347Spst else if (!strncmp("127.0.0.1", display_name, n)) 9222347Spst insecure = 0; 9322347Spst else { 9422347Spst struct utsname utsname; 9522347Spst 9622347Spst if (!uname(&utsname)) { 9722347Spst if (!strncmp(utsname.nodename, display_name, n)) 9822347Spst insecure = 0; 9922347Spst else { 10022347Spst if (s = strchr(display_name, '.')) { 10122347Spst int n2 = s - display_name; 10222347Spst if (n < n2) 10322347Spst n2 = n; 10429964Sache if (!strncmp(utsname.nodename, display_name, n2)) 10522347Spst insecure = 0; 10622347Spst } /* endif display_name is '.' */ 10722347Spst } /* endif hostname != display_name */ 10822347Spst } /* endif was able to get hostname */ 10922347Spst } /* endif display_name == UNIX */ 11022347Spst } 11122347Spst } 11222347Spst } /* endif display_name == ":" */ 11322347Spst if (insecure) 11422347Spst return (result = 1); 11522347Spst 11622347Spst /* If no DISPLAY variable exists and TERM=xterm, 11722347Spst then we probably have an xterm executing on a remote system 11822347Spst with an rlogin or telnet to our system. If it were a local 11922347Spst xterm, then the DISPLAY environment variable would 12022347Spst have to exist. rja */ 12129964Sache if (!display_name && term_name) { 12229964Sache int i; 12329964Sache for (i = 0; remote_terms[i]; i++) 12429964Sache if (!strcmp(term_name, remote_terms[i])) 12529964Sache return (result = 1); 12629964Sache }; 12722347Spst 12892914Smarkm#if HAVE_UT_HOST || DOUTMPX 12959118Skris if (isatty(0)) { 13059118Skris memset(&utmp, 0, sizeof(struct utmp)); 13159118Skris { 13259118Skris int i = __opiegetutmpentry(ttyname(0), &utmp); 13359118Skris endutent(); 13459118Skris if (!i && utmp.ut_host[0]) { 13592914Smarkm char host[sizeof(utmp.ut_host) + 1]; 13659118Skris insecure = 1; 13722347Spst 13892914Smarkm strncpy(host, utmp.ut_host, sizeof(utmp.ut_host)); 13992914Smarkm host[sizeof(utmp.ut_host)] = 0; 14092914Smarkm 14192914Smarkm if (s = strchr(host, ':')) { 14292914Smarkm int n = s - host; 14359118Skris if (!n) 14459118Skris insecure = 0; 14559118Skris else 14659118Skris if (display_name) { 14792914Smarkm if (!strncmp(host, display_name, n)) 14859118Skris insecure = 0; 14992914Smarkm#if 1 /* def SOLARIS */ 15059118Skris else 15192914Smarkm if (s = strchr(host, ' ')) { 15259118Skris *s = ':'; 15359118Skris if (s = strchr(s + 1, ' ')) 15459118Skris *s = '.'; 15592914Smarkm if (!strncmp(host, display_name, n)) 15659118Skris insecure = 0; 15759118Skris } 15822347Spst#endif /* SOLARIS */ 15959118Skris } 16059118Skris } 16159118Skris } 16259118Skris }; 16329964Sache }; 16492914Smarkm#endif /* HAVE_UT_HOST || DOUTMPX */ 16522347Spst if (insecure) 16622347Spst return (result = 1); 16722347Spst 16822347Spst return (result = 0); 16922347Spst#else /* NO_INSECURE_CHECK */ 17022347Spst return 0; 17122347Spst#endif /* NO_INSECURE_CHECK */ 17222347Spst} 173