122347Spst/* insecure.c: The opieinsecure() library function.
222347Spst
329964Sache%%% portions-copyright-cmetz-96
492914SmarkmPortions of this software are Copyright 1996-1999 by Craig Metz, All Rights
522347SpstReserved. The Inner Net License Version 2 applies to these portions of
622347Spstthe software.
722347SpstYou should have received a copy of the license with this software. If
822347Spstyou didn't get a copy, you may request one from <license@inner.net>.
922347Spst
1022347SpstPortions of this software are Copyright 1995 by Randall Atkinson and Dan
1122347SpstMcDonald, All Rights Reserved. All Rights under this copyright are assigned
1222347Spstto the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
1322347SpstLicense Agreement applies to this software.
1422347Spst
1522347Spst        History:
1622347Spst
1792914Smarkm	Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems.
1892914Smarkm	     Handle unterminated ut_host.
1929964Sache	Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent().
2022347Spst	Modified by cmetz for OPIE 2.3. Added result caching. Use
2122347Spst	     __opiegetutmpentry(). Ifdef around ut_host check. Eliminate
2222347Spst	     unused variable.
2322347Spst	Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
2422347Spst             Allow IP loopback. DISPLAY and ut_host must match exactly,
2522347Spst             not just the part before the colon. Added work-around for
2622347Spst             Sun CDE dtterm bug. Leave the environment as it was
2722347Spst             found. Use uname().
2822347Spst        Created at NRL for OPIE 2.2 from opiesubr.c. Fixed pointer
2922347Spst             assignment that should have been a comparison.
3082495Sache
3182495Sache$FreeBSD$
3282495Sache
3322347Spst*/
3422347Spst#include "opie_cfg.h"
3522347Spst
3622347Spst#include <stdio.h>
3722347Spst#include <string.h>
3822347Spst#include <stdlib.h>	/* ANSI C standard library */
3922347Spst#include <sys/param.h>
4022347Spst#include <unistd.h>
4122347Spst
4222347Spst#if DOUTMPX
4322347Spst#include <utmpx.h>
4422347Spst#define utmp utmpx
4529964Sache#define endutent endutxent
46202086Sed#else
47202086Sed#include <utmp.h>
4822347Spst#endif	/* DOUTMPX */
4922347Spst
5022347Spst#if HAVE_SYS_UTSNAME_H
5122347Spst#include <sys/utsname.h>
5222347Spst#endif /* HAVE_SYS_UTSNAME_H */
5322347Spst
5422347Spst#include "opie.h"
5522347Spst
5629964Sachechar *remote_terms[] = { "xterm", "xterms", "kterm", NULL };
5729964Sache
5822347Spstint opieinsecure FUNCTION_NOARGS
5922347Spst{
6022347Spst#ifndef NO_INSECURE_CHECK
6122347Spst  char *display_name;
6222347Spst  char *s;
6322347Spst  char *term_name;
6422347Spst  int  insecure = 0;
6592914Smarkm#if HAVE_UT_HOST || DOUTMPX
6622347Spst  struct utmp utmp;
6792914Smarkm#endif /* HAVE_UT_HOST || DOUTMPX */
6822347Spst  static int result = -1;
6922347Spst
7022347Spst  if (result != -1)
7122347Spst    return result;
7222347Spst
7382495Sache  if (getenv("SSH_CLIENT") != NULL)
7482495Sache	return (result = 0);
7522347Spst  display_name = (char *) getenv("DISPLAY");
7622347Spst  term_name = (char *) getenv("TERM");
7722347Spst
7822347Spst  if (display_name) {
7922347Spst    insecure = 1;
8022347Spst    if (s = strchr(display_name, ':')) {
8122347Spst      int n = s - display_name;
8222347Spst      if (!n)
8322347Spst	insecure = 0;
8422347Spst      else {
8522347Spst	if (!strncmp("unix", display_name, n))
8622347Spst	  insecure = 0;
8722347Spst        else if (!strncmp("localhost", display_name, n))
8822347Spst	    insecure = 0;
8922347Spst        else if (!strncmp("loopback", display_name, n))
9022347Spst	    insecure = 0;
9122347Spst        else if (!strncmp("127.0.0.1", display_name, n))
9222347Spst	    insecure = 0;
9322347Spst	else {
9422347Spst          struct utsname utsname;
9522347Spst
9622347Spst	  if (!uname(&utsname)) {
9722347Spst	    if (!strncmp(utsname.nodename, display_name, n))
9822347Spst	      insecure = 0;
9922347Spst	    else {
10022347Spst	      if (s = strchr(display_name, '.')) {
10122347Spst		int n2 = s - display_name;
10222347Spst                if (n < n2)
10322347Spst                  n2 = n;
10429964Sache		if (!strncmp(utsname.nodename, display_name, n2))
10522347Spst		  insecure = 0;
10622347Spst	      } /* endif display_name is '.' */
10722347Spst	    } /* endif hostname != display_name */
10822347Spst	  } /* endif was able to get hostname */
10922347Spst	} /* endif display_name == UNIX */
11022347Spst      }
11122347Spst    }
11222347Spst    } /* endif display_name == ":" */
11322347Spst    if (insecure)
11422347Spst      return (result = 1);
11522347Spst
11622347Spst  /* If no DISPLAY variable exists and TERM=xterm,
11722347Spst     then we probably have an xterm executing on a remote system
11822347Spst     with an rlogin or telnet to our system.  If it were a local
11922347Spst     xterm, then the DISPLAY environment variable would
12022347Spst     have to exist. rja */
12129964Sache  if (!display_name && term_name) {
12229964Sache    int i;
12329964Sache    for (i = 0; remote_terms[i]; i++)
12429964Sache      if (!strcmp(term_name, remote_terms[i]))
12529964Sache        return (result = 1);
12629964Sache  };
12722347Spst
12892914Smarkm#if HAVE_UT_HOST || DOUTMPX
12959118Skris  if (isatty(0)) {
13059118Skris    memset(&utmp, 0, sizeof(struct utmp));
13159118Skris    {
13259118Skris      int i = __opiegetutmpentry(ttyname(0), &utmp);
13359118Skris      endutent();
13459118Skris      if (!i && utmp.ut_host[0]) {
13592914Smarkm	char host[sizeof(utmp.ut_host) + 1];
13659118Skris	insecure = 1;
13722347Spst
13892914Smarkm	strncpy(host, utmp.ut_host, sizeof(utmp.ut_host));
13992914Smarkm	host[sizeof(utmp.ut_host)] = 0;
14092914Smarkm
14192914Smarkm	if (s = strchr(host, ':')) {
14292914Smarkm	  int n = s - host;
14359118Skris	  if (!n)
14459118Skris	    insecure = 0;
14559118Skris	  else
14659118Skris	    if (display_name) {
14792914Smarkm	      if (!strncmp(host, display_name, n))
14859118Skris		insecure = 0;
14992914Smarkm#if 1 /* def SOLARIS */
15059118Skris	      else
15192914Smarkm		if (s = strchr(host, ' ')) {
15259118Skris		  *s = ':';
15359118Skris		  if (s = strchr(s + 1, ' '))
15459118Skris		    *s = '.';
15592914Smarkm		  if (!strncmp(host, display_name, n))
15659118Skris		    insecure = 0;
15759118Skris		}
15822347Spst#endif /* SOLARIS */
15959118Skris	    }
16059118Skris	}
16159118Skris      }
16259118Skris    };
16329964Sache  };
16492914Smarkm#endif /* HAVE_UT_HOST || DOUTMPX */
16522347Spst  if (insecure)
16622347Spst    return (result = 1);
16722347Spst
16822347Spst  return (result = 0);
16922347Spst#else /* NO_INSECURE_CHECK */
17022347Spst  return 0;
17122347Spst#endif /* NO_INSECURE_CHECK */
17222347Spst}
173