121163Sdist /* 221163Sdist * Copyright (c) 1983 Regents of the University of California. 321163Sdist * All rights reserved. The Berkeley software License Agreement 421163Sdist * specifies the terms and conditions for redistribution. 521163Sdist */ 621163Sdist 76442Swnj #ifndef lint 821163Sdist char copyright[] = 921163Sdist "@(#) Copyright (c) 1983 Regents of the University of California.\n\ 1021163Sdist All rights reserved.\n"; 1121163Sdist #endif not lint 126442Swnj 1321163Sdist #ifndef lint 14*27902Slepreau static char sccsid[] = "@(#)rexecd.c 5.4 (Berkeley) 05/09/86"; 1521163Sdist #endif not lint 1621163Sdist 176442Swnj #include <sys/ioctl.h> 186442Swnj #include <sys/param.h> 196442Swnj #include <sys/socket.h> 20*27902Slepreau #include <sys/time.h> 219200Ssam 229200Ssam #include <netinet/in.h> 239200Ssam 249200Ssam #include <stdio.h> 256442Swnj #include <errno.h> 266442Swnj #include <pwd.h> 276442Swnj #include <signal.h> 289200Ssam #include <netdb.h> 296442Swnj 306442Swnj extern errno; 316442Swnj struct passwd *getpwnam(); 32*27902Slepreau char *crypt(), *rindex(), *strncat(), *sprintf(); 33*27902Slepreau /*VARARGS1*/ 346442Swnj int error(); 35*27902Slepreau 366442Swnj /* 376442Swnj * remote execute server: 386442Swnj * username\0 396442Swnj * password\0 406442Swnj * command\0 416442Swnj * data 426442Swnj */ 43*27902Slepreau /*ARGSUSED*/ 446442Swnj main(argc, argv) 456442Swnj int argc; 466442Swnj char **argv; 476442Swnj { 486442Swnj struct sockaddr_in from; 4916368Skarels int fromlen; 506442Swnj 5116368Skarels fromlen = sizeof (from); 5216368Skarels if (getpeername(0, &from, &fromlen) < 0) { 5316368Skarels fprintf(stderr, "%s: ", argv[0]); 5416368Skarels perror("getpeername"); 559200Ssam exit(1); 569200Ssam } 5716368Skarels doit(0, &from); 586442Swnj } 596442Swnj 606442Swnj char username[20] = "USER="; 616442Swnj char homedir[64] = "HOME="; 626442Swnj char shell[64] = "SHELL="; 636442Swnj char *envinit[] = 646442Swnj {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", username, 0}; 656442Swnj char **environ; 666442Swnj 676442Swnj struct sockaddr_in asin = { AF_INET }; 686442Swnj 696442Swnj doit(f, fromp) 706442Swnj int f; 716442Swnj struct sockaddr_in *fromp; 726442Swnj { 736442Swnj char cmdbuf[NCARGS+1], *cp, *namep; 746442Swnj char user[16], pass[16]; 756442Swnj struct passwd *pwd; 766442Swnj int s; 776442Swnj short port; 786442Swnj int pv[2], pid, ready, readfrom, cc; 796442Swnj char buf[BUFSIZ], sig; 806442Swnj int one = 1; 816442Swnj 826442Swnj (void) signal(SIGINT, SIG_DFL); 836442Swnj (void) signal(SIGQUIT, SIG_DFL); 846442Swnj (void) signal(SIGTERM, SIG_DFL); 856442Swnj #ifdef DEBUG 866442Swnj { int t = open("/dev/tty", 2); 876442Swnj if (t >= 0) { 886442Swnj ioctl(t, TIOCNOTTY, (char *)0); 896442Swnj (void) close(t); 906442Swnj } 916442Swnj } 926442Swnj #endif 936442Swnj dup2(f, 0); 946442Swnj dup2(f, 1); 956442Swnj dup2(f, 2); 966442Swnj (void) alarm(60); 976442Swnj port = 0; 986442Swnj for (;;) { 996442Swnj char c; 1006442Swnj if (read(f, &c, 1) != 1) 1016442Swnj exit(1); 1026442Swnj if (c == 0) 1036442Swnj break; 1046442Swnj port = port * 10 + c - '0'; 1056442Swnj } 1066442Swnj (void) alarm(0); 1076442Swnj if (port != 0) { 10825294Sbloom s = socket(AF_INET, SOCK_STREAM, 0); 1096442Swnj if (s < 0) 1106442Swnj exit(1); 11125294Sbloom if (bind(s, &asin, sizeof (asin)) < 0) 1129257Ssam exit(1); 1136442Swnj (void) alarm(60); 1149257Ssam fromp->sin_port = htons((u_short)port); 115*27902Slepreau if (connect(s, fromp, sizeof (*fromp)) < 0) 1166442Swnj exit(1); 1176442Swnj (void) alarm(0); 1186442Swnj } 1196442Swnj getstr(user, sizeof(user), "username"); 1206442Swnj getstr(pass, sizeof(pass), "password"); 1216442Swnj getstr(cmdbuf, sizeof(cmdbuf), "command"); 1226442Swnj setpwent(); 1236442Swnj pwd = getpwnam(user); 1246442Swnj if (pwd == NULL) { 1256442Swnj error("Login incorrect.\n"); 1266442Swnj exit(1); 1276442Swnj } 1286442Swnj endpwent(); 1296442Swnj if (*pwd->pw_passwd != '\0') { 1306442Swnj namep = crypt(pass, pwd->pw_passwd); 1316442Swnj if (strcmp(namep, pwd->pw_passwd)) { 1326442Swnj error("Password incorrect.\n"); 1336442Swnj exit(1); 1346442Swnj } 1356442Swnj } 1366442Swnj if (chdir(pwd->pw_dir) < 0) { 1376442Swnj error("No remote directory.\n"); 1386442Swnj exit(1); 1396442Swnj } 1406442Swnj (void) write(2, "\0", 1); 1416442Swnj if (port) { 1426442Swnj (void) pipe(pv); 1436442Swnj pid = fork(); 1446442Swnj if (pid == -1) { 1456442Swnj error("Try again.\n"); 1466442Swnj exit(1); 1476442Swnj } 1486442Swnj if (pid) { 1496442Swnj (void) close(0); (void) close(1); (void) close(2); 1506442Swnj (void) close(f); (void) close(pv[1]); 1516442Swnj readfrom = (1<<s) | (1<<pv[0]); 1526442Swnj ioctl(pv[1], FIONBIO, (char *)&one); 1536442Swnj /* should set s nbio! */ 1546442Swnj do { 1556442Swnj ready = readfrom; 156*27902Slepreau (void) select(16, &ready, (fd_set *)0, 157*27902Slepreau (fd_set *)0, (struct timeval *)0); 1586442Swnj if (ready & (1<<s)) { 1596442Swnj if (read(s, &sig, 1) <= 0) 1606442Swnj readfrom &= ~(1<<s); 1616442Swnj else 1626442Swnj killpg(pid, sig); 1636442Swnj } 1646442Swnj if (ready & (1<<pv[0])) { 1656442Swnj cc = read(pv[0], buf, sizeof (buf)); 1666442Swnj if (cc <= 0) { 16710193Ssam shutdown(s, 1+1); 1686442Swnj readfrom &= ~(1<<pv[0]); 1696442Swnj } else 1706442Swnj (void) write(s, buf, cc); 1716442Swnj } 1726442Swnj } while (readfrom); 1736442Swnj exit(0); 1746442Swnj } 1756442Swnj setpgrp(0, getpid()); 1766442Swnj (void) close(s); (void)close(pv[0]); 1776442Swnj dup2(pv[1], 2); 1786442Swnj } 1796442Swnj if (*pwd->pw_shell == '\0') 1806442Swnj pwd->pw_shell = "/bin/sh"; 18117184Sralph if (f > 2) 18217184Sralph (void) close(f); 183*27902Slepreau (void) setgid((gid_t)pwd->pw_gid); 1849200Ssam initgroups(pwd->pw_name, pwd->pw_gid); 185*27902Slepreau (void) setuid((uid_t)pwd->pw_uid); 1866442Swnj environ = envinit; 1876442Swnj strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); 1886442Swnj strncat(shell, pwd->pw_shell, sizeof(shell)-7); 1896442Swnj strncat(username, pwd->pw_name, sizeof(username)-6); 1906442Swnj cp = rindex(pwd->pw_shell, '/'); 1916442Swnj if (cp) 1926442Swnj cp++; 1936442Swnj else 1946442Swnj cp = pwd->pw_shell; 1956442Swnj execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); 1966442Swnj perror(pwd->pw_shell); 1976442Swnj exit(1); 1986442Swnj } 1996442Swnj 200*27902Slepreau /*VARARGS1*/ 2016442Swnj error(fmt, a1, a2, a3) 2026442Swnj char *fmt; 2036442Swnj int a1, a2, a3; 2046442Swnj { 2056442Swnj char buf[BUFSIZ]; 2066442Swnj 2076442Swnj buf[0] = 1; 2086442Swnj (void) sprintf(buf+1, fmt, a1, a2, a3); 2096442Swnj (void) write(2, buf, strlen(buf)); 2106442Swnj } 2116442Swnj 2126442Swnj getstr(buf, cnt, err) 2136442Swnj char *buf; 2146442Swnj int cnt; 2156442Swnj char *err; 2166442Swnj { 2176442Swnj char c; 2186442Swnj 2196442Swnj do { 2206442Swnj if (read(0, &c, 1) != 1) 2216442Swnj exit(1); 2226442Swnj *buf++ = c; 2236442Swnj if (--cnt == 0) { 2246442Swnj error("%s too long\n", err); 2256442Swnj exit(1); 2266442Swnj } 2276442Swnj } while (c != 0); 2286442Swnj } 229