insecure.c revision 92914
169626Sru/* insecure.c: The opieinsecure() library function. 269626Sru 369626Sru%%% portions-copyright-cmetz-96 469626SruPortions of this software are Copyright 1996-1999 by Craig Metz, All Rights 569626SruReserved. The Inner Net License Version 2 applies to these portions of 6151497Sruthe software. 769626SruYou should have received a copy of the license with this software. If 8114402Sruyou didn't get a copy, you may request one from <license@inner.net>. 9151497Sru 10151497SruPortions of this software are Copyright 1995 by Randall Atkinson and Dan 1169626SruMcDonald, All Rights Reserved. All Rights under this copyright are assigned 1269626Sruto the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 1369626SruLicense Agreement applies to this software. 1469626Sru 1569626Sru History: 1669626Sru 1769626Sru Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems. 1869626Sru Handle unterminated ut_host. 1969626Sru Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent(). 2069626Sru Modified by cmetz for OPIE 2.3. Added result caching. Use 2169626Sru __opiegetutmpentry(). Ifdef around ut_host check. Eliminate 2269626Sru unused variable. 2369626Sru Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. 24151497Sru Allow IP loopback. DISPLAY and ut_host must match exactly, 25151497Sru not just the part before the colon. Added work-around for 2669626Sru Sun CDE dtterm bug. Leave the environment as it was 27151497Sru found. Use uname(). 28151497Sru Created at NRL for OPIE 2.2 from opiesubr.c. Fixed pointer 29151497Sru assignment that should have been a comparison. 3069626Sru 3169626Sru$FreeBSD: head/contrib/opie/libopie/insecure.c 92914 2002-03-21 23:42:52Z markm $ 3269626Sru 33151497Sru*/ 34104862Sru#include "opie_cfg.h" 35151497Sru 36151497Sru#include <stdio.h> 3769626Sru#include <string.h> 38151497Sru#include <stdlib.h> /* ANSI C standard library */ 3969626Sru#include <sys/param.h> 4069626Sru#include <unistd.h> 4169626Sru 4269626Sru#include <utmp.h> 4369626Sru#if DOUTMPX 4469626Sru#include <utmpx.h> 4569626Sru#define utmp utmpx 4669626Sru#define endutent endutxent 4769626Sru#endif /* DOUTMPX */ 4869626Sru 4969626Sru#if HAVE_SYS_UTSNAME_H 50104862Sru#include <sys/utsname.h> 51104862Sru#endif /* HAVE_SYS_UTSNAME_H */ 5269626Sru 5369626Sru#include "opie.h" 54151497Sru 55114402Sruchar *remote_terms[] = { "xterm", "xterms", "kterm", NULL }; 56114402Sru 57114402Sruint opieinsecure FUNCTION_NOARGS 58151497Sru{ 59151497Sru#ifndef NO_INSECURE_CHECK 6069626Sru char *display_name; 61151497Sru char *s; 6269626Sru char *term_name; 6369626Sru int insecure = 0; 6469626Sru#if HAVE_UT_HOST || DOUTMPX 6569626Sru struct utmp utmp; 6669626Sru#endif /* HAVE_UT_HOST || DOUTMPX */ 6769626Sru static int result = -1; 6869626Sru 6969626Sru if (result != -1) 70114402Sru return result; 71114402Sru 72114402Sru if (getenv("SSH_CLIENT") != NULL) 73151497Sru return (result = 0); 74114402Sru display_name = (char *) getenv("DISPLAY"); 75114402Sru term_name = (char *) getenv("TERM"); 76114402Sru 77151497Sru if (display_name) { 7869626Sru insecure = 1; 7969626Sru if (s = strchr(display_name, ':')) { 8069626Sru int n = s - display_name; 8169626Sru if (!n) 8269626Sru insecure = 0; 8369626Sru else { 8469626Sru if (!strncmp("unix", display_name, n)) 8569626Sru insecure = 0; 8669626Sru else if (!strncmp("localhost", display_name, n)) 87151497Sru insecure = 0; 88114402Sru else if (!strncmp("loopback", display_name, n)) 89114402Sru insecure = 0; 9069626Sru else if (!strncmp("127.0.0.1", display_name, n)) 91151497Sru insecure = 0; 92151497Sru else { 9369626Sru struct utsname utsname; 94114402Sru 95151497Sru if (!uname(&utsname)) { 96151497Sru if (!strncmp(utsname.nodename, display_name, n)) 97114402Sru insecure = 0; 9869626Sru else { 99151497Sru if (s = strchr(display_name, '.')) { 10069626Sru int n2 = s - display_name; 10169626Sru if (n < n2) 10269626Sru n2 = n; 10369626Sru if (!strncmp(utsname.nodename, display_name, n2)) 10469626Sru insecure = 0; 10569626Sru } /* endif display_name is '.' */ 10669626Sru } /* endif hostname != display_name */ 107151497Sru } /* endif was able to get hostname */ 108151497Sru } /* endif display_name == UNIX */ 109151497Sru } 110151497Sru } 111151497Sru } /* endif display_name == ":" */ 112151497Sru if (insecure) 113151497Sru return (result = 1); 114151497Sru 115151497Sru /* If no DISPLAY variable exists and TERM=xterm, 11669626Sru then we probably have an xterm executing on a remote system 11769626Sru with an rlogin or telnet to our system. If it were a local 11869626Sru xterm, then the DISPLAY environment variable would 11969626Sru have to exist. rja */ 12069626Sru if (!display_name && term_name) { 12169626Sru int i; 12269626Sru for (i = 0; remote_terms[i]; i++) 12369626Sru if (!strcmp(term_name, remote_terms[i])) 12469626Sru return (result = 1); 12569626Sru }; 12669626Sru 12769626Sru#if HAVE_UT_HOST || DOUTMPX 12869626Sru if (isatty(0)) { 12969626Sru memset(&utmp, 0, sizeof(struct utmp)); 13069626Sru { 13169626Sru int i = __opiegetutmpentry(ttyname(0), &utmp); 13269626Sru endutent(); 13369626Sru if (!i && utmp.ut_host[0]) { 13469626Sru char host[sizeof(utmp.ut_host) + 1]; 13569626Sru insecure = 1; 13669626Sru 13769626Sru strncpy(host, utmp.ut_host, sizeof(utmp.ut_host)); 13869626Sru host[sizeof(utmp.ut_host)] = 0; 13969626Sru 14069626Sru if (s = strchr(host, ':')) { 14169626Sru int n = s - host; 14269626Sru if (!n) 14369626Sru insecure = 0; 14469626Sru else 14569626Sru if (display_name) { 14669626Sru if (!strncmp(host, display_name, n)) 14769626Sru insecure = 0; 14869626Sru#if 1 /* def SOLARIS */ 14969626Sru else 15069626Sru if (s = strchr(host, ' ')) { 15169626Sru *s = ':'; 15269626Sru if (s = strchr(s + 1, ' ')) 15369626Sru *s = '.'; 15469626Sru if (!strncmp(host, display_name, n)) 15569626Sru insecure = 0; 156114402Sru } 157114402Sru#endif /* SOLARIS */ 158114402Sru } 159114402Sru } 160114402Sru } 161114402Sru }; 162114402Sru }; 163114402Sru#endif /* HAVE_UT_HOST || DOUTMPX */ 164114402Sru if (insecure) 165114402Sru return (result = 1); 166151497Sru 167151497Sru return (result = 0); 168151497Sru#else /* NO_INSECURE_CHECK */ 169151497Sru return 0; 17069626Sru#endif /* NO_INSECURE_CHECK */ 17169626Sru} 17269626Sru