1120492Sfjoe/* 2120492Sfjoe * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan 3120492Sfjoe * (Royal Institute of Technology, Stockholm, Sweden). 4120492Sfjoe * All rights reserved. 5120492Sfjoe * 6120492Sfjoe * Redistribution and use in source and binary forms, with or without 7120492Sfjoe * modification, are permitted provided that the following conditions 8120492Sfjoe * are met: 9120492Sfjoe * 10120492Sfjoe * 1. Redistributions of source code must retain the above copyright 11120492Sfjoe * notice, this list of conditions and the following disclaimer. 12120492Sfjoe * 13120492Sfjoe * 2. Redistributions in binary form must reproduce the above copyright 14120492Sfjoe * notice, this list of conditions and the following disclaimer in the 15120492Sfjoe * documentation and/or other materials provided with the distribution. 16120492Sfjoe * 17120492Sfjoe * 3. Neither the name of the Institute nor the names of its contributors 18120492Sfjoe * may be used to endorse or promote products derived from this software 19120492Sfjoe * without specific prior written permission. 20120492Sfjoe * 21120492Sfjoe * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22120492Sfjoe * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23120492Sfjoe * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24120492Sfjoe * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25120492Sfjoe * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26120492Sfjoe * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27120492Sfjoe * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28120492Sfjoe * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29120492Sfjoe * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30120492Sfjoe * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31120492Sfjoe * SUCH DAMAGE. 32120492Sfjoe */ 33120492Sfjoe 34120492Sfjoe#include "rsh_locl.h" 35120492Sfjoe#include "login_locl.h" 36120492SfjoeRCSID("$Id: rshd.c 21515 2007-07-12 12:47:07Z lha $"); 37120492Sfjoe 38120492Sfjoeint 39120492Sfjoelogin_access( struct passwd *user, char *from); 40120492Sfjoeint 41120492Sfjoeread_limits_conf(const char *file, const struct passwd *pwd); 42120492Sfjoe 43120492Sfjoe#ifdef NEED_IRUSEROK_PROTO 44120492Sfjoeint iruserok(uint32_t, int, const char *, const char *); 45120492Sfjoe#endif 46120492Sfjoe 47120492Sfjoeenum auth_method auth_method; 48120492Sfjoe 49120492Sfjoe#ifdef KRB5 50120492Sfjoekrb5_context context; 51120492Sfjoekrb5_keyblock *keyblock; 52120492Sfjoekrb5_crypto crypto; 53120492Sfjoe#endif 54120492Sfjoe 55120492Sfjoe#ifdef KRB4 56120492Sfjoedes_key_schedule schedule; 57120492Sfjoedes_cblock iv; 58120492Sfjoe#endif 59120492Sfjoe 60120492Sfjoe#ifdef KRB5 61120492Sfjoekrb5_ccache ccache, ccache2; 62120492Sfjoeint kerberos_status = 0; 63120492Sfjoe#endif 64120492Sfjoe 65120492Sfjoeint do_encrypt = 0; 66120492Sfjoe 67120492Sfjoestatic int do_unique_tkfile = 0; 68120492Sfjoestatic char tkfile[MAXPATHLEN] = ""; 69120492Sfjoe 70120492Sfjoestatic int do_inetd = 1; 71120492Sfjoestatic char *port_str; 72120492Sfjoestatic int do_rhosts = 1; 73120492Sfjoestatic int do_kerberos = 0; 74120492Sfjoe#define DO_KRB4 2 75120492Sfjoe#define DO_KRB5 4 76120492Sfjoestatic int do_vacuous = 0; 77120492Sfjoestatic int do_log = 1; 78120492Sfjoestatic int do_newpag = 1; 79120492Sfjoestatic int do_addr_verify = 0; 80120492Sfjoestatic int do_keepalive = 1; 81120492Sfjoestatic int do_version; 82120492Sfjoestatic int do_help = 0; 83120492Sfjoe 84120492Sfjoestatic void 85120492Sfjoesyslog_and_die (const char *m, ...) 86120492Sfjoe __attribute__ ((format (printf, 1, 2))); 87120492Sfjoe 88120492Sfjoestatic void 89120492Sfjoesyslog_and_die (const char *m, ...) 90120492Sfjoe{ 91120492Sfjoe va_list args; 92120492Sfjoe 93120492Sfjoe va_start(args, m); 94120492Sfjoe vsyslog (LOG_ERR, m, args); 95120492Sfjoe va_end(args); 96120492Sfjoe exit (1); 97120492Sfjoe} 98120492Sfjoe 99120492Sfjoestatic void 100120492Sfjoefatal (int, const char*, const char *, ...) 101120492Sfjoe __attribute__ ((noreturn, format (printf, 3, 4))); 102120492Sfjoe 103120492Sfjoestatic void 104120492Sfjoefatal (int sock, const char *what, const char *m, ...) 105120492Sfjoe{ 106120492Sfjoe va_list args; 107120492Sfjoe char buf[BUFSIZ]; 108120492Sfjoe size_t len; 109120492Sfjoe 110120492Sfjoe *buf = 1; 111120492Sfjoe va_start(args, m); 112120492Sfjoe len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args); 113120492Sfjoe len = min(len, sizeof(buf) - 1); 114120492Sfjoe va_end(args); 115120492Sfjoe if(what != NULL) 116120492Sfjoe syslog (LOG_ERR, "%s: %m: %s", what, buf + 1); 117120492Sfjoe else 118120492Sfjoe syslog (LOG_ERR, "%s", buf + 1); 119120492Sfjoe net_write (sock, buf, len + 1); 120120492Sfjoe exit (1); 121120492Sfjoe} 122120492Sfjoe 123120492Sfjoestatic char * 124120492Sfjoeread_str (int s, size_t sz, char *expl) 125120492Sfjoe{ 126120492Sfjoe char *str = malloc(sz); 127120492Sfjoe char *p = str; 128120492Sfjoe if(str == NULL) 129120492Sfjoe fatal(s, NULL, "%s too long", expl); 130120492Sfjoe while(p < str + sz) { 131120492Sfjoe if(net_read(s, p, 1) != 1) 132120492Sfjoe syslog_and_die("read: %m"); 133120492Sfjoe if(*p == '\0') 134120492Sfjoe return str; 135120492Sfjoe p++; 136120492Sfjoe } 137120492Sfjoe fatal(s, NULL, "%s too long", expl); 138120492Sfjoe} 139120492Sfjoe 140120492Sfjoestatic int 141120492Sfjoerecv_bsd_auth (int s, u_char *buf, 142120492Sfjoe struct sockaddr_in *thisaddr, 143120492Sfjoe struct sockaddr_in *thataddr, 144120492Sfjoe char **client_username, 145120492Sfjoe char **server_username, 146120492Sfjoe char **cmd) 147120492Sfjoe{ 148120492Sfjoe struct passwd *pwd; 149120492Sfjoe 150120492Sfjoe *client_username = read_str (s, USERNAME_SZ, "local username"); 151120492Sfjoe *server_username = read_str (s, USERNAME_SZ, "remote username"); 152120492Sfjoe *cmd = read_str (s, ARG_MAX + 1, "command"); 153120492Sfjoe pwd = getpwnam(*server_username); 154120492Sfjoe if (pwd == NULL) 155120492Sfjoe fatal(s, NULL, "Login incorrect."); 156120492Sfjoe if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0, 157120492Sfjoe *client_username, *server_username)) 158120492Sfjoe fatal(s, NULL, "Login incorrect."); 159120492Sfjoe return 0; 160120492Sfjoe} 161120492Sfjoe 162120492Sfjoe#ifdef KRB4 163120492Sfjoestatic int 164120492Sfjoerecv_krb4_auth (int s, u_char *buf, 165120492Sfjoe struct sockaddr *thisaddr, 166120492Sfjoe struct sockaddr *thataddr, 167120492Sfjoe char **client_username, 168120492Sfjoe char **server_username, 169120492Sfjoe char **cmd) 170120492Sfjoe{ 171120492Sfjoe int status; 172120492Sfjoe int32_t options; 173120492Sfjoe KTEXT_ST ticket; 174120492Sfjoe AUTH_DAT auth; 175120492Sfjoe char instance[INST_SZ + 1]; 176120492Sfjoe char version[KRB_SENDAUTH_VLEN + 1]; 177120492Sfjoe 178120492Sfjoe if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0) 179120492Sfjoe return -1; 180120492Sfjoe if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) != 181120492Sfjoe KRB_SENDAUTH_VLEN - 4) 182120492Sfjoe syslog_and_die ("reading auth info: %m"); 183120492Sfjoe if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) 184120492Sfjoe syslog_and_die("unrecognized auth protocol: %.8s", buf); 185120492Sfjoe 186120492Sfjoe options = KOPT_IGNORE_PROTOCOL; 187120492Sfjoe if (do_encrypt) 188120492Sfjoe options |= KOPT_DO_MUTUAL; 189120492Sfjoe k_getsockinst (s, instance, sizeof(instance)); 190120492Sfjoe status = krb_recvauth (options, 191120492Sfjoe s, 192120492Sfjoe &ticket, 193 "rcmd", 194 instance, 195 (struct sockaddr_in *)thataddr, 196 (struct sockaddr_in *)thisaddr, 197 &auth, 198 "", 199 schedule, 200 version); 201 if (status != KSUCCESS) 202 syslog_and_die ("recvauth: %s", krb_get_err_text(status)); 203 if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0) 204 syslog_and_die ("bad version: %s", version); 205 206 *server_username = read_str (s, USERNAME_SZ, "remote username"); 207 if (kuserok (&auth, *server_username) != 0) 208 fatal (s, NULL, "Permission denied."); 209 *cmd = read_str (s, ARG_MAX + 1, "command"); 210 211 syslog(LOG_INFO|LOG_AUTH, 212 "kerberos v4 shell from %s on %s as %s, cmd '%.80s'", 213 krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm), 214 215 inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr), 216 *server_username, 217 *cmd); 218 219 memcpy (iv, auth.session, sizeof(iv)); 220 221 return 0; 222} 223 224#endif /* KRB4 */ 225 226#ifdef KRB5 227static int 228save_krb5_creds (int s, 229 krb5_auth_context auth_context, 230 krb5_principal client) 231 232{ 233 int ret; 234 krb5_data remote_cred; 235 236 krb5_data_zero (&remote_cred); 237 ret= krb5_read_message (context, (void *)&s, &remote_cred); 238 if (ret) { 239 krb5_data_free(&remote_cred); 240 return 0; 241 } 242 if (remote_cred.length == 0) 243 return 0; 244 245 ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); 246 if (ret) { 247 krb5_data_free(&remote_cred); 248 return 0; 249 } 250 251 krb5_cc_initialize(context,ccache,client); 252 ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred); 253 if(ret != 0) 254 syslog(LOG_INFO|LOG_AUTH, 255 "reading creds: %s", krb5_get_err_text(context, ret)); 256 krb5_data_free (&remote_cred); 257 if (ret) 258 return 0; 259 return 1; 260} 261 262static void 263krb5_start_session (void) 264{ 265 krb5_error_code ret; 266 char *estr; 267 268 ret = krb5_cc_resolve (context, tkfile, &ccache2); 269 if (ret) { 270 estr = krb5_get_error_string(context); 271 syslog(LOG_WARNING, "resolve cred cache %s: %s", 272 tkfile, 273 estr ? estr : krb5_get_err_text(context, ret)); 274 free(estr); 275 krb5_cc_destroy(context, ccache); 276 return; 277 } 278 279 ret = krb5_cc_copy_cache (context, ccache, ccache2); 280 if (ret) { 281 estr = krb5_get_error_string(context); 282 syslog(LOG_WARNING, "storing credentials: %s", 283 estr ? estr : krb5_get_err_text(context, ret)); 284 free(estr); 285 krb5_cc_destroy(context, ccache); 286 return ; 287 } 288 289 krb5_cc_close(context, ccache2); 290 krb5_cc_destroy(context, ccache); 291 return; 292} 293 294static int protocol_version; 295 296static krb5_boolean 297match_kcmd_version(const void *data, const char *version) 298{ 299 if(strcmp(version, KCMD_NEW_VERSION) == 0) { 300 protocol_version = 2; 301 return TRUE; 302 } 303 if(strcmp(version, KCMD_OLD_VERSION) == 0) { 304 protocol_version = 1; 305 key_usage = KRB5_KU_OTHER_ENCRYPTED; 306 return TRUE; 307 } 308 return FALSE; 309} 310 311 312static int 313recv_krb5_auth (int s, u_char *buf, 314 struct sockaddr *thisaddr, 315 struct sockaddr *thataddr, 316 char **client_username, 317 char **server_username, 318 char **cmd) 319{ 320 uint32_t len; 321 krb5_auth_context auth_context = NULL; 322 krb5_ticket *ticket; 323 krb5_error_code status; 324 krb5_data cksum_data; 325 krb5_principal server; 326 char *str; 327 328 if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0) 329 return -1; 330 len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]); 331 332 if (net_read(s, buf, len) != len) 333 syslog_and_die ("reading auth info: %m"); 334 if (len != sizeof(KRB5_SENDAUTH_VERSION) 335 || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) 336 syslog_and_die ("bad sendauth version: %.8s", buf); 337 338 status = krb5_sock_to_principal (context, 339 s, 340 "host", 341 KRB5_NT_SRV_HST, 342 &server); 343 if (status) 344 syslog_and_die ("krb5_sock_to_principal: %s", 345 krb5_get_err_text(context, status)); 346 347 status = krb5_recvauth_match_version(context, 348 &auth_context, 349 &s, 350 match_kcmd_version, 351 NULL, 352 server, 353 KRB5_RECVAUTH_IGNORE_VERSION, 354 NULL, 355 &ticket); 356 krb5_free_principal (context, server); 357 if (status) 358 syslog_and_die ("krb5_recvauth: %s", 359 krb5_get_err_text(context, status)); 360 361 *server_username = read_str (s, USERNAME_SZ, "remote username"); 362 *cmd = read_str (s, ARG_MAX + 1, "command"); 363 *client_username = read_str (s, ARG_MAX + 1, "local username"); 364 365 if(protocol_version == 2) { 366 status = krb5_auth_con_getremotesubkey(context, auth_context, 367 &keyblock); 368 if(status != 0 || keyblock == NULL) 369 syslog_and_die("failed to get remote subkey"); 370 } else if(protocol_version == 1) { 371 status = krb5_auth_con_getkey (context, auth_context, &keyblock); 372 if(status != 0 || keyblock == NULL) 373 syslog_and_die("failed to get key"); 374 } 375 if (status != 0 || keyblock == NULL) 376 syslog_and_die ("krb5_auth_con_getkey: %s", 377 krb5_get_err_text(context, status)); 378 379 status = krb5_crypto_init(context, keyblock, 0, &crypto); 380 if(status) 381 syslog_and_die("krb5_crypto_init: %s", 382 krb5_get_err_text(context, status)); 383 384 385 cksum_data.length = asprintf (&str, 386 "%u:%s%s", 387 ntohs(socket_get_port (thisaddr)), 388 *cmd, 389 *server_username); 390 if (str == NULL) 391 syslog_and_die ("asprintf: out of memory"); 392 cksum_data.data = str; 393 394 status = krb5_verify_authenticator_checksum(context, 395 auth_context, 396 cksum_data.data, 397 cksum_data.length); 398 399 if (status) 400 syslog_and_die ("krb5_verify_authenticator_checksum: %s", 401 krb5_get_err_text(context, status)); 402 403 free (cksum_data.data); 404 405 if (strncmp (*client_username, "-u ", 3) == 0) { 406 do_unique_tkfile = 1; 407 memmove (*client_username, *client_username + 3, 408 strlen(*client_username) - 2); 409 } 410 411 if (strncmp (*client_username, "-U ", 3) == 0) { 412 char *end, *temp_tkfile; 413 414 do_unique_tkfile = 1; 415 if (strncmp (*client_username + 3, "FILE:", 5) == 0) { 416 temp_tkfile = tkfile; 417 } else { 418 strlcpy (tkfile, "FILE:", sizeof(tkfile)); 419 temp_tkfile = tkfile + 5; 420 } 421 end = strchr(*client_username + 3,' '); 422 if (end == NULL) 423 syslog_and_die("missing argument after -U"); 424 snprintf(temp_tkfile, sizeof(tkfile) - (temp_tkfile - tkfile), 425 "%.*s", 426 (int)(end - *client_username - 3), 427 *client_username + 3); 428 memmove (*client_username, end + 1, strlen(end+1)+1); 429 } 430 431 kerberos_status = save_krb5_creds (s, auth_context, ticket->client); 432 433 if(!krb5_kuserok (context, 434 ticket->client, 435 *server_username)) 436 fatal (s, NULL, "Permission denied."); 437 438 if (strncmp (*cmd, "-x ", 3) == 0) { 439 do_encrypt = 1; 440 memmove (*cmd, *cmd + 3, strlen(*cmd) - 2); 441 } else { 442 if(do_encrypt) 443 fatal (s, NULL, "Encryption is required."); 444 do_encrypt = 0; 445 } 446 447 { 448 char *name; 449 450 if (krb5_unparse_name (context, ticket->client, &name) == 0) { 451 char addr_str[256]; 452 453 if (inet_ntop (thataddr->sa_family, 454 socket_get_address (thataddr), 455 addr_str, sizeof(addr_str)) == NULL) 456 strlcpy (addr_str, "unknown address", 457 sizeof(addr_str)); 458 459 syslog(LOG_INFO|LOG_AUTH, 460 "kerberos v5 shell from %s on %s as %s, cmd '%.80s'", 461 name, 462 addr_str, 463 *server_username, 464 *cmd); 465 free (name); 466 } 467 } 468 469 return 0; 470} 471#endif /* KRB5 */ 472 473static void 474rshd_loop (int from0, int to0, 475 int to1, int from1, 476 int to2, int from2, 477 int have_errsock) 478{ 479 fd_set real_readset; 480 int max_fd; 481 int count = 2; 482 char *buf; 483 484 if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE) 485 errx (1, "fd too large"); 486 487#ifdef KRB5 488 if(auth_method == AUTH_KRB5 && protocol_version == 2) 489 init_ivecs(0, have_errsock); 490#endif 491 492 FD_ZERO(&real_readset); 493 FD_SET(from0, &real_readset); 494 FD_SET(from1, &real_readset); 495 FD_SET(from2, &real_readset); 496 max_fd = max(from0, max(from1, from2)) + 1; 497 498 buf = malloc(max(RSHD_BUFSIZ, RSH_BUFSIZ)); 499 if (buf == NULL) 500 syslog_and_die("out of memory"); 501 502 for (;;) { 503 int ret; 504 fd_set readset = real_readset; 505 506 ret = select (max_fd, &readset, NULL, NULL, NULL); 507 if (ret < 0) { 508 if (errno == EINTR) 509 continue; 510 else 511 syslog_and_die ("select: %m"); 512 } 513 if (FD_ISSET(from0, &readset)) { 514 ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]); 515 if (ret < 0) 516 syslog_and_die ("read: %m"); 517 else if (ret == 0) { 518 close (from0); 519 close (to0); 520 FD_CLR(from0, &real_readset); 521 } else 522 net_write (to0, buf, ret); 523 } 524 if (FD_ISSET(from1, &readset)) { 525 ret = read (from1, buf, RSH_BUFSIZ); 526 if (ret < 0) 527 syslog_and_die ("read: %m"); 528 else if (ret == 0) { 529 close (from1); 530 close (to1); 531 FD_CLR(from1, &real_readset); 532 if (--count == 0) 533 exit (0); 534 } else 535 do_write (to1, buf, ret, ivec_out[0]); 536 } 537 if (FD_ISSET(from2, &readset)) { 538 ret = read (from2, buf, RSH_BUFSIZ); 539 if (ret < 0) 540 syslog_and_die ("read: %m"); 541 else if (ret == 0) { 542 close (from2); 543 close (to2); 544 FD_CLR(from2, &real_readset); 545 if (--count == 0) 546 exit (0); 547 } else 548 do_write (to2, buf, ret, ivec_out[1]); 549 } 550 } 551} 552 553/* 554 * Used by `setup_copier' to create some pipe-like means of 555 * communcation. Real pipes would probably be the best thing, but 556 * then the shell doesn't understand it's talking to rshd. If 557 * socketpair doesn't work everywhere, some autoconf magic would have 558 * to be added here. 559 * 560 * If it fails creating the `pipe', it aborts by calling fatal. 561 */ 562 563static void 564pipe_a_like (int fd[2]) 565{ 566 if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0) 567 fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed."); 568} 569 570/* 571 * Start a child process and leave the parent copying data to and from it. */ 572 573static void 574setup_copier (int have_errsock) 575{ 576 int p0[2], p1[2], p2[2]; 577 pid_t pid; 578 579 pipe_a_like(p0); 580 pipe_a_like(p1); 581 pipe_a_like(p2); 582 pid = fork (); 583 if (pid < 0) 584 fatal (STDOUT_FILENO, "fork", "Could not create child process."); 585 if (pid == 0) { /* child */ 586 close (p0[1]); 587 close (p1[0]); 588 close (p2[0]); 589 dup2 (p0[0], STDIN_FILENO); 590 dup2 (p1[1], STDOUT_FILENO); 591 dup2 (p2[1], STDERR_FILENO); 592 close (p0[0]); 593 close (p1[1]); 594 close (p2[1]); 595 } else { /* parent */ 596 close (p0[0]); 597 close (p1[1]); 598 close (p2[1]); 599 600 if (net_write (STDOUT_FILENO, "", 1) != 1) 601 fatal (STDOUT_FILENO, "net_write", "Write failure."); 602 603 rshd_loop (STDIN_FILENO, p0[1], 604 STDOUT_FILENO, p1[0], 605 STDERR_FILENO, p2[0], 606 have_errsock); 607 } 608} 609 610/* 611 * Is `port' a ``reserverd'' port? 612 */ 613 614static int 615is_reserved(u_short port) 616{ 617 return ntohs(port) < IPPORT_RESERVED; 618} 619 620/* 621 * Set the necessary part of the environment in `env'. 622 */ 623 624static void 625setup_environment (char ***env, const struct passwd *pwd) 626{ 627 int i, j, path; 628 char **e; 629 630 i = 0; 631 path = 0; 632 *env = NULL; 633 634 i = read_environment(_PATH_ETC_ENVIRONMENT, env); 635 e = *env; 636 for (j = 0; j < i; j++) { 637 if (!strncmp(e[j], "PATH=", 5)) { 638 path = 1; 639 } 640 } 641 642 e = *env; 643 e = realloc(e, (i + 7) * sizeof(char *)); 644 645 if (asprintf (&e[i++], "USER=%s", pwd->pw_name) == -1) 646 syslog_and_die ("asprintf: out of memory"); 647 if (asprintf (&e[i++], "HOME=%s", pwd->pw_dir) == -1) 648 syslog_and_die ("asprintf: out of memory"); 649 if (asprintf (&e[i++], "SHELL=%s", pwd->pw_shell) == -1) 650 syslog_and_die ("asprintf: out of memory"); 651 if (! path) { 652 if (asprintf (&e[i++], "PATH=%s", _PATH_DEFPATH) == -1) 653 syslog_and_die ("asprintf: out of memory"); 654 } 655 asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy"); 656 if (do_unique_tkfile) 657 if (asprintf (&e[i++], "KRB5CCNAME=%s", tkfile) == -1) 658 syslog_and_die ("asprintf: out of memory"); 659 e[i++] = NULL; 660 *env = e; 661} 662 663static void 664doit (void) 665{ 666 u_char buf[BUFSIZ]; 667 u_char *p; 668 struct sockaddr_storage thisaddr_ss; 669 struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss; 670 struct sockaddr_storage thataddr_ss; 671 struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss; 672 struct sockaddr_storage erraddr_ss; 673 struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss; 674 socklen_t thisaddr_len, thataddr_len; 675 int port; 676 int errsock = -1; 677 char *client_user = NULL, *server_user = NULL, *cmd = NULL; 678 struct passwd *pwd; 679 int s = STDIN_FILENO; 680 char **env; 681 int ret; 682 char that_host[NI_MAXHOST]; 683 684 thisaddr_len = sizeof(thisaddr_ss); 685 if (getsockname (s, thisaddr, &thisaddr_len) < 0) 686 syslog_and_die("getsockname: %m"); 687 thataddr_len = sizeof(thataddr_ss); 688 if (getpeername (s, thataddr, &thataddr_len) < 0) 689 syslog_and_die ("getpeername: %m"); 690 691 /* check for V4MAPPED addresses? */ 692 693 if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr))) 694 fatal(s, NULL, "Permission denied."); 695 696 p = buf; 697 port = 0; 698 for(;;) { 699 if (net_read (s, p, 1) != 1) 700 syslog_and_die ("reading port number: %m"); 701 if (*p == '\0') 702 break; 703 else if (isdigit(*p)) 704 port = port * 10 + *p - '0'; 705 else 706 syslog_and_die ("non-digit in port number: %c", *p); 707 } 708 709 if (do_kerberos == 0 && !is_reserved(htons(port))) 710 fatal(s, NULL, "Permission denied."); 711 712 if (port) { 713 int priv_port = IPPORT_RESERVED - 1; 714 715 /* 716 * There's no reason to require a ``privileged'' port number 717 * here, but for some reason the brain dead rsh clients 718 * do... :-( 719 */ 720 721 erraddr->sa_family = thataddr->sa_family; 722 socket_set_address_and_port (erraddr, 723 socket_get_address (thataddr), 724 htons(port)); 725 726 /* 727 * we only do reserved port for IPv4 728 */ 729 730 if (erraddr->sa_family == AF_INET) 731 errsock = rresvport (&priv_port); 732 else 733 errsock = socket (erraddr->sa_family, SOCK_STREAM, 0); 734 if (errsock < 0) 735 syslog_and_die ("socket: %m"); 736 if (connect (errsock, 737 erraddr, 738 socket_sockaddr_size (erraddr)) < 0) { 739 syslog (LOG_WARNING, "connect: %m"); 740 close (errsock); 741 } 742 } 743 744 if(do_kerberos) { 745 if (net_read (s, buf, 4) != 4) 746 syslog_and_die ("reading auth info: %m"); 747 748#ifdef KRB4 749 if ((do_kerberos & DO_KRB4) && 750 recv_krb4_auth (s, buf, thisaddr, thataddr, 751 &client_user, 752 &server_user, 753 &cmd) == 0) 754 auth_method = AUTH_KRB4; 755 else 756#endif /* KRB4 */ 757#ifdef KRB5 758 if((do_kerberos & DO_KRB5) && 759 recv_krb5_auth (s, buf, thisaddr, thataddr, 760 &client_user, 761 &server_user, 762 &cmd) == 0) 763 auth_method = AUTH_KRB5; 764 else 765#endif /* KRB5 */ 766 syslog_and_die ("unrecognized auth protocol: %x %x %x %x", 767 buf[0], buf[1], buf[2], buf[3]); 768 } else { 769 if(recv_bsd_auth (s, buf, 770 (struct sockaddr_in *)thisaddr, 771 (struct sockaddr_in *)thataddr, 772 &client_user, 773 &server_user, 774 &cmd) == 0) { 775 auth_method = AUTH_BROKEN; 776 if(do_vacuous) { 777 printf("Remote host requires Kerberos authentication\n"); 778 exit(0); 779 } 780 } else 781 syslog_and_die("recv_bsd_auth failed"); 782 } 783 784 if (client_user == NULL || server_user == NULL || cmd == NULL) 785 syslog_and_die("mising client/server/cmd"); 786 787 pwd = getpwnam (server_user); 788 if (pwd == NULL) 789 fatal (s, NULL, "Login incorrect."); 790 791 if (*pwd->pw_shell == '\0') 792 pwd->pw_shell = _PATH_BSHELL; 793 794 if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0) 795 fatal (s, NULL, "Login disabled."); 796 797 798 ret = getnameinfo_verified (thataddr, thataddr_len, 799 that_host, sizeof(that_host), 800 NULL, 0, 0); 801 if (ret) 802 fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret)); 803 804 if (login_access(pwd, that_host) == 0) { 805 syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s", 806 server_user, that_host); 807 fatal(s, NULL, "Permission denied."); 808 } 809 810#ifdef HAVE_GETSPNAM 811 { 812 struct spwd *sp; 813 long today; 814 815 sp = getspnam(server_user); 816 if (sp != NULL) { 817 today = time(0)/(24L * 60 * 60); 818 if (sp->sp_expire > 0) 819 if (today > sp->sp_expire) 820 fatal(s, NULL, "Account has expired."); 821 } 822 } 823#endif 824 825 826#ifdef HAVE_SETLOGIN 827 if (setlogin(pwd->pw_name) < 0) 828 syslog(LOG_ERR, "setlogin() failed: %m"); 829#endif 830 831#ifdef HAVE_SETPCRED 832 if (setpcred (pwd->pw_name, NULL) == -1) 833 syslog(LOG_ERR, "setpcred() failure: %m"); 834#endif /* HAVE_SETPCRED */ 835 836 /* Apply limits if not root */ 837 if(pwd->pw_uid != 0) { 838 const char *file = _PATH_LIMITS_CONF; 839 read_limits_conf(file, pwd); 840 } 841 842 if (initgroups (pwd->pw_name, pwd->pw_gid) < 0) 843 fatal (s, "initgroups", "Login incorrect."); 844 845 if (setgid(pwd->pw_gid) < 0) 846 fatal (s, "setgid", "Login incorrect."); 847 848 if (setuid (pwd->pw_uid) < 0) 849 fatal (s, "setuid", "Login incorrect."); 850 851 if (chdir (pwd->pw_dir) < 0) 852 fatal (s, "chdir", "Remote directory."); 853 854 if (errsock >= 0) { 855 if (dup2 (errsock, STDERR_FILENO) < 0) 856 fatal (s, "dup2", "Cannot dup stderr."); 857 close (errsock); 858 } else { 859 if (dup2 (STDOUT_FILENO, STDERR_FILENO) < 0) 860 fatal (s, "dup2", "Cannot dup stderr."); 861 } 862 863#ifdef KRB5 864 { 865 int fd; 866 867 if (!do_unique_tkfile) 868 snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu", 869 (unsigned long)pwd->pw_uid); 870 else if (*tkfile=='\0') { 871 snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX"); 872 fd = mkstemp(tkfile+5); 873 close(fd); 874 unlink(tkfile+5); 875 } 876 877 if (kerberos_status) 878 krb5_start_session(); 879 } 880#endif 881 882 setup_environment (&env, pwd); 883 884 if (do_encrypt) { 885 setup_copier (errsock >= 0); 886 } else { 887 if (net_write (s, "", 1) != 1) 888 fatal (s, "net_write", "write failed"); 889 } 890 891#if defined(KRB4) || defined(KRB5) 892 if(k_hasafs()) { 893 char cell[64]; 894 895 if(do_newpag) 896 k_setpag(); 897#ifdef KRB4 898 if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0) 899 krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir); 900 krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir); 901#endif 902 903#ifdef KRB5 904 /* XXX */ 905 if (kerberos_status) { 906 krb5_ccache ccache; 907 krb5_error_code status; 908 909 status = krb5_cc_resolve (context, tkfile, &ccache); 910 if (!status) { 911 if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0) 912 krb5_afslog_uid_home(context, ccache, cell, NULL, 913 pwd->pw_uid, pwd->pw_dir); 914 krb5_afslog_uid_home(context, ccache, NULL, NULL, 915 pwd->pw_uid, pwd->pw_dir); 916 krb5_cc_close (context, ccache); 917 } 918 } 919#endif /* KRB5 */ 920 } 921#endif /* KRB5 || KRB4 */ 922 execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env); 923 err(1, "exec %s", pwd->pw_shell); 924} 925 926struct getargs args[] = { 927 { NULL, 'a', arg_flag, &do_addr_verify }, 928 { "keepalive", 'n', arg_negative_flag, &do_keepalive }, 929 { "inetd", 'i', arg_negative_flag, &do_inetd, 930 "Not started from inetd" }, 931#if defined(KRB4) || defined(KRB5) 932 { "kerberos", 'k', arg_flag, &do_kerberos, 933 "Implement kerberised services" }, 934 { "encrypt", 'x', arg_flag, &do_encrypt, 935 "Implement encrypted service" }, 936#endif 937 { "rhosts", 'l', arg_negative_flag, &do_rhosts, 938 "Don't check users .rhosts" }, 939 { "port", 'p', arg_string, &port_str, "Use this port", 940 "port" }, 941 { "vacuous", 'v', arg_flag, &do_vacuous, 942 "Don't accept non-kerberised connections" }, 943#if defined(KRB4) || defined(KRB5) 944 { NULL, 'P', arg_negative_flag, &do_newpag, 945 "Don't put process in new PAG" }, 946#endif 947 /* compatibility flag: */ 948 { NULL, 'L', arg_flag, &do_log }, 949 { "version", 0, arg_flag, &do_version }, 950 { "help", 0, arg_flag, &do_help } 951}; 952 953static void 954usage (int ret) 955{ 956 if(isatty(STDIN_FILENO)) 957 arg_printusage (args, 958 sizeof(args) / sizeof(args[0]), 959 NULL, 960 ""); 961 else 962 syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname()); 963 exit (ret); 964} 965 966 967int 968main(int argc, char **argv) 969{ 970 int optind = 0; 971 int on = 1; 972 973 setprogname (argv[0]); 974 roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH); 975 976 if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, 977 &optind)) 978 usage(1); 979 980 if(do_help) 981 usage (0); 982 983 if (do_version) { 984 print_version(NULL); 985 exit(0); 986 } 987 988#if defined(KRB4) || defined(KRB5) 989 if (do_encrypt) 990 do_kerberos = 1; 991 992 if(do_kerberos) 993 do_kerberos = DO_KRB4 | DO_KRB5; 994#endif 995 996#ifdef KRB5 997 if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0) 998 do_kerberos &= ~DO_KRB5; 999#endif 1000 1001 if (!do_inetd) { 1002 int error; 1003 struct addrinfo *ai = NULL, hints; 1004 char portstr[NI_MAXSERV]; 1005 1006 memset (&hints, 0, sizeof(hints)); 1007 hints.ai_flags = AI_PASSIVE; 1008 hints.ai_socktype = SOCK_STREAM; 1009 hints.ai_family = PF_UNSPEC; 1010 1011 if(port_str != NULL) { 1012 error = getaddrinfo (NULL, port_str, &hints, &ai); 1013 if (error) 1014 errx (1, "getaddrinfo: %s", gai_strerror (error)); 1015 } 1016 if (ai == NULL) { 1017#if defined(KRB4) || defined(KRB5) 1018 if (do_kerberos) { 1019 if (do_encrypt) { 1020 error = getaddrinfo(NULL, "ekshell", &hints, &ai); 1021 if(error == EAI_NONAME) { 1022 snprintf(portstr, sizeof(portstr), "%d", 545); 1023 error = getaddrinfo(NULL, portstr, &hints, &ai); 1024 } 1025 if(error) 1026 errx (1, "getaddrinfo: %s", gai_strerror (error)); 1027 } else { 1028 error = getaddrinfo(NULL, "kshell", &hints, &ai); 1029 if(error == EAI_NONAME) { 1030 snprintf(portstr, sizeof(portstr), "%d", 544); 1031 error = getaddrinfo(NULL, portstr, &hints, &ai); 1032 } 1033 if(error) 1034 errx (1, "getaddrinfo: %s", gai_strerror (error)); 1035 } 1036 } else 1037#endif 1038 { 1039 error = getaddrinfo(NULL, "shell", &hints, &ai); 1040 if(error == EAI_NONAME) { 1041 snprintf(portstr, sizeof(portstr), "%d", 514); 1042 error = getaddrinfo(NULL, portstr, &hints, &ai); 1043 } 1044 if(error) 1045 errx (1, "getaddrinfo: %s", gai_strerror (error)); 1046 } 1047 } 1048 mini_inetd_addrinfo (ai); 1049 freeaddrinfo(ai); 1050 } 1051 1052 if (do_keepalive && 1053 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, 1054 sizeof(on)) < 0) 1055 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 1056 1057 /* set SO_LINGER? */ 1058 1059 signal (SIGPIPE, SIG_IGN); 1060 1061 doit (); 1062 return 0; 1063} 1064