1 /*-
2 * Copyright (c) 1988, 1989, 1992, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
4 *
5 * %sccs.include.redist.c%
6 */
7
8 #ifndef lint
9 static char copyright[] =
10 "@(#) Copyright (c) 1988, 1989, 1992, 1993, 1994\n\
11 The Regents of the University of California. All rights reserved.\n";
12 #endif /* not lint */
13
14 #ifndef lint
15 static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 04/06/94";
16 #endif /* not lint */
17
18 /*
19 * remote shell server:
20 * [port]\0
21 * remuser\0
22 * locuser\0
23 * command\0
24 * data
25 */
26 #include <sys/param.h>
27 #include <sys/ioctl.h>
28 #include <sys/time.h>
29 #include <sys/socket.h>
30
31 #include <netinet/in.h>
32 #include <arpa/inet.h>
33 #include <netdb.h>
34
35 #include <errno.h>
36 #include <fcntl.h>
37 #include <paths.h>
38 #include <pwd.h>
39 #include <signal.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <syslog.h>
44 #include <unistd.h>
45
46 int keepalive = 1;
47 int check_all;
48 int log_success; /* If TRUE, log all successful accesses */
49 int sent_null;
50
51 void doit __P((struct sockaddr_in *));
52 void error __P((const char *, ...));
53 void getstr __P((char *, int, char *));
54 int local_domain __P((char *));
55 char *topdomain __P((char *));
56 void usage __P((void));
57
58 #ifdef KERBEROS
59 #include <kerberosIV/des.h>
60 #include <kerberosIV/krb.h>
61 #define VERSION_SIZE 9
62 #define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n"
63 #define OPTIONS "alnkvxL"
64 char authbuf[sizeof(AUTH_DAT)];
65 char tickbuf[sizeof(KTEXT_ST)];
66 int doencrypt, use_kerberos, vacuous;
67 Key_schedule schedule;
68 #else
69 #define OPTIONS "alnL"
70 #endif
71
72 int
main(argc,argv)73 main(argc, argv)
74 int argc;
75 char *argv[];
76 {
77 extern int __check_rhosts_file;
78 struct linger linger;
79 int ch, on = 1, fromlen;
80 struct sockaddr_in from;
81
82 openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
83
84 opterr = 0;
85 while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
86 switch (ch) {
87 case 'a':
88 check_all = 1;
89 break;
90 case 'l':
91 __check_rhosts_file = 0;
92 break;
93 case 'n':
94 keepalive = 0;
95 break;
96 #ifdef KERBEROS
97 case 'k':
98 use_kerberos = 1;
99 break;
100
101 case 'v':
102 vacuous = 1;
103 break;
104
105 #ifdef CRYPT
106 case 'x':
107 doencrypt = 1;
108 break;
109 #endif
110 #endif
111 case 'L':
112 log_success = 1;
113 break;
114 case '?':
115 default:
116 usage();
117 break;
118 }
119
120 argc -= optind;
121 argv += optind;
122
123 #ifdef KERBEROS
124 if (use_kerberos && vacuous) {
125 syslog(LOG_ERR, "only one of -k and -v allowed");
126 exit(2);
127 }
128 #ifdef CRYPT
129 if (doencrypt && !use_kerberos) {
130 syslog(LOG_ERR, "-k is required for -x");
131 exit(2);
132 }
133 #endif
134 #endif
135
136 fromlen = sizeof (from);
137 if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
138 syslog(LOG_ERR, "getpeername: %m");
139 _exit(1);
140 }
141 if (keepalive &&
142 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
143 sizeof(on)) < 0)
144 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
145 linger.l_onoff = 1;
146 linger.l_linger = 60; /* XXX */
147 if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger,
148 sizeof (linger)) < 0)
149 syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
150 doit(&from);
151 /* NOTREACHED */
152 }
153
154 char username[20] = "USER=";
155 char homedir[64] = "HOME=";
156 char shell[64] = "SHELL=";
157 char path[100] = "PATH=";
158 char *envinit[] =
159 {homedir, shell, path, username, 0};
160 char **environ;
161
162 void
doit(fromp)163 doit(fromp)
164 struct sockaddr_in *fromp;
165 {
166 extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
167 struct hostent *hp;
168 struct passwd *pwd;
169 u_short port;
170 fd_set ready, readfrom;
171 int cc, nfd, pv[2], pid, s;
172 int one = 1;
173 char *hostname, *errorstr, *errorhost;
174 char *cp, sig, buf[BUFSIZ];
175 char cmdbuf[NCARGS+1], locuser[16], remuser[16];
176 char remotehost[2 * MAXHOSTNAMELEN + 1];
177
178 #ifdef KERBEROS
179 AUTH_DAT *kdata = (AUTH_DAT *) NULL;
180 KTEXT ticket = (KTEXT) NULL;
181 char instance[INST_SZ], version[VERSION_SIZE];
182 struct sockaddr_in fromaddr;
183 int rc;
184 long authopts;
185 int pv1[2], pv2[2];
186 fd_set wready, writeto;
187
188 fromaddr = *fromp;
189 #endif
190
191 (void) signal(SIGINT, SIG_DFL);
192 (void) signal(SIGQUIT, SIG_DFL);
193 (void) signal(SIGTERM, SIG_DFL);
194 #ifdef DEBUG
195 { int t = open(_PATH_TTY, 2);
196 if (t >= 0) {
197 ioctl(t, TIOCNOTTY, (char *)0);
198 (void) close(t);
199 }
200 }
201 #endif
202 fromp->sin_port = ntohs((u_short)fromp->sin_port);
203 if (fromp->sin_family != AF_INET) {
204 syslog(LOG_ERR, "malformed \"from\" address (af %d)\n",
205 fromp->sin_family);
206 exit(1);
207 }
208 #ifdef IP_OPTIONS
209 {
210 u_char optbuf[BUFSIZ/3], *cp;
211 char lbuf[BUFSIZ], *lp;
212 int optsize = sizeof(optbuf), ipproto;
213 struct protoent *ip;
214
215 if ((ip = getprotobyname("ip")) != NULL)
216 ipproto = ip->p_proto;
217 else
218 ipproto = IPPROTO_IP;
219 if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) &&
220 optsize != 0) {
221 lp = lbuf;
222 for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
223 sprintf(lp, " %2.2x", *cp);
224 syslog(LOG_NOTICE,
225 "Connection received from %s using IP options (ignored):%s",
226 inet_ntoa(fromp->sin_addr), lbuf);
227 if (setsockopt(0, ipproto, IP_OPTIONS,
228 (char *)NULL, optsize) != 0) {
229 syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
230 exit(1);
231 }
232 }
233 }
234 #endif
235
236 #ifdef KERBEROS
237 if (!use_kerberos)
238 #endif
239 if (fromp->sin_port >= IPPORT_RESERVED ||
240 fromp->sin_port < IPPORT_RESERVED/2) {
241 syslog(LOG_NOTICE|LOG_AUTH,
242 "Connection from %s on illegal port %u",
243 inet_ntoa(fromp->sin_addr),
244 fromp->sin_port);
245 exit(1);
246 }
247
248 (void) alarm(60);
249 port = 0;
250 for (;;) {
251 char c;
252 if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
253 if (cc < 0)
254 syslog(LOG_NOTICE, "read: %m");
255 shutdown(0, 1+1);
256 exit(1);
257 }
258 if (c== 0)
259 break;
260 port = port * 10 + c - '0';
261 }
262
263 (void) alarm(0);
264 if (port != 0) {
265 int lport = IPPORT_RESERVED - 1;
266 s = rresvport(&lport);
267 if (s < 0) {
268 syslog(LOG_ERR, "can't get stderr port: %m");
269 exit(1);
270 }
271 #ifdef KERBEROS
272 if (!use_kerberos)
273 #endif
274 if (port >= IPPORT_RESERVED) {
275 syslog(LOG_ERR, "2nd port not reserved\n");
276 exit(1);
277 }
278 fromp->sin_port = htons(port);
279 if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
280 syslog(LOG_INFO, "connect second port %d: %m", port);
281 exit(1);
282 }
283 }
284
285 #ifdef KERBEROS
286 if (vacuous) {
287 error("rshd: remote host requires Kerberos authentication\n");
288 exit(1);
289 }
290 #endif
291
292 #ifdef notdef
293 /* from inetd, socket is already on 0, 1, 2 */
294 dup2(f, 0);
295 dup2(f, 1);
296 dup2(f, 2);
297 #endif
298 errorstr = NULL;
299 hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr),
300 fromp->sin_family);
301 if (hp) {
302 /*
303 * If name returned by gethostbyaddr is in our domain,
304 * attempt to verify that we haven't been fooled by someone
305 * in a remote net; look up the name and check that this
306 * address corresponds to the name.
307 */
308 hostname = hp->h_name;
309 #ifdef KERBEROS
310 if (!use_kerberos)
311 #endif
312 if (check_all || local_domain(hp->h_name)) {
313 strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1);
314 remotehost[sizeof(remotehost) - 1] = 0;
315 errorhost = remotehost;
316 hp = gethostbyname(remotehost);
317 if (hp == NULL) {
318 syslog(LOG_INFO,
319 "Couldn't look up address for %s",
320 remotehost);
321 errorstr =
322 "Couldn't look up address for your host (%s)\n";
323 hostname = inet_ntoa(fromp->sin_addr);
324 } else for (; ; hp->h_addr_list++) {
325 if (hp->h_addr_list[0] == NULL) {
326 syslog(LOG_NOTICE,
327 "Host addr %s not listed for host %s",
328 inet_ntoa(fromp->sin_addr),
329 hp->h_name);
330 errorstr =
331 "Host address mismatch for %s\n";
332 hostname = inet_ntoa(fromp->sin_addr);
333 break;
334 }
335 if (!bcmp(hp->h_addr_list[0],
336 (caddr_t)&fromp->sin_addr,
337 sizeof(fromp->sin_addr))) {
338 hostname = hp->h_name;
339 break;
340 }
341 }
342 }
343 } else
344 errorhost = hostname = inet_ntoa(fromp->sin_addr);
345
346 #ifdef KERBEROS
347 if (use_kerberos) {
348 kdata = (AUTH_DAT *) authbuf;
349 ticket = (KTEXT) tickbuf;
350 authopts = 0L;
351 strcpy(instance, "*");
352 version[VERSION_SIZE - 1] = '\0';
353 #ifdef CRYPT
354 if (doencrypt) {
355 struct sockaddr_in local_addr;
356 rc = sizeof(local_addr);
357 if (getsockname(0, (struct sockaddr *)&local_addr,
358 &rc) < 0) {
359 syslog(LOG_ERR, "getsockname: %m");
360 error("rlogind: getsockname: %m");
361 exit(1);
362 }
363 authopts = KOPT_DO_MUTUAL;
364 rc = krb_recvauth(authopts, 0, ticket,
365 "rcmd", instance, &fromaddr,
366 &local_addr, kdata, "", schedule,
367 version);
368 des_set_key(kdata->session, schedule);
369 } else
370 #endif
371 rc = krb_recvauth(authopts, 0, ticket, "rcmd",
372 instance, &fromaddr,
373 (struct sockaddr_in *) 0,
374 kdata, "", (bit_64 *) 0, version);
375 if (rc != KSUCCESS) {
376 error("Kerberos authentication failure: %s\n",
377 krb_err_txt[rc]);
378 exit(1);
379 }
380 } else
381 #endif
382 getstr(remuser, sizeof(remuser), "remuser");
383
384 getstr(locuser, sizeof(locuser), "locuser");
385 getstr(cmdbuf, sizeof(cmdbuf), "command");
386 setpwent();
387 pwd = getpwnam(locuser);
388 if (pwd == NULL) {
389 syslog(LOG_INFO|LOG_AUTH,
390 "%s@%s as %s: unknown login. cmd='%.80s'",
391 remuser, hostname, locuser, cmdbuf);
392 if (errorstr == NULL)
393 errorstr = "Login incorrect.\n";
394 goto fail;
395 }
396 if (chdir(pwd->pw_dir) < 0) {
397 (void) chdir("/");
398 #ifdef notdef
399 syslog(LOG_INFO|LOG_AUTH,
400 "%s@%s as %s: no home directory. cmd='%.80s'",
401 remuser, hostname, locuser, cmdbuf);
402 error("No remote directory.\n");
403 exit(1);
404 #endif
405 }
406
407 #ifdef KERBEROS
408 if (use_kerberos) {
409 if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') {
410 if (kuserok(kdata, locuser) != 0) {
411 syslog(LOG_INFO|LOG_AUTH,
412 "Kerberos rsh denied to %s.%s@%s",
413 kdata->pname, kdata->pinst, kdata->prealm);
414 error("Permission denied.\n");
415 exit(1);
416 }
417 }
418 } else
419 #endif
420
421 if (errorstr ||
422 pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
423 iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
424 remuser, locuser) < 0) {
425 if (__rcmd_errstr)
426 syslog(LOG_INFO|LOG_AUTH,
427 "%s@%s as %s: permission denied (%s). cmd='%.80s'",
428 remuser, hostname, locuser, __rcmd_errstr,
429 cmdbuf);
430 else
431 syslog(LOG_INFO|LOG_AUTH,
432 "%s@%s as %s: permission denied. cmd='%.80s'",
433 remuser, hostname, locuser, cmdbuf);
434 fail:
435 if (errorstr == NULL)
436 errorstr = "Permission denied.\n";
437 error(errorstr, errorhost);
438 exit(1);
439 }
440
441 if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) {
442 error("Logins currently disabled.\n");
443 exit(1);
444 }
445
446 (void) write(STDERR_FILENO, "\0", 1);
447 sent_null = 1;
448
449 if (port) {
450 if (pipe(pv) < 0) {
451 error("Can't make pipe.\n");
452 exit(1);
453 }
454 #ifdef CRYPT
455 #ifdef KERBEROS
456 if (doencrypt) {
457 if (pipe(pv1) < 0) {
458 error("Can't make 2nd pipe.\n");
459 exit(1);
460 }
461 if (pipe(pv2) < 0) {
462 error("Can't make 3rd pipe.\n");
463 exit(1);
464 }
465 }
466 #endif
467 #endif
468 pid = fork();
469 if (pid == -1) {
470 error("Can't fork; try again.\n");
471 exit(1);
472 }
473 if (pid) {
474 #ifdef CRYPT
475 #ifdef KERBEROS
476 if (doencrypt) {
477 static char msg[] = SECURE_MESSAGE;
478 (void) close(pv1[1]);
479 (void) close(pv2[1]);
480 des_write(s, msg, sizeof(msg) - 1);
481
482 } else
483 #endif
484 #endif
485 {
486 (void) close(0);
487 (void) close(1);
488 }
489 (void) close(2);
490 (void) close(pv[1]);
491
492 FD_ZERO(&readfrom);
493 FD_SET(s, &readfrom);
494 FD_SET(pv[0], &readfrom);
495 if (pv[0] > s)
496 nfd = pv[0];
497 else
498 nfd = s;
499 #ifdef CRYPT
500 #ifdef KERBEROS
501 if (doencrypt) {
502 FD_ZERO(&writeto);
503 FD_SET(pv2[0], &writeto);
504 FD_SET(pv1[0], &readfrom);
505
506 nfd = MAX(nfd, pv2[0]);
507 nfd = MAX(nfd, pv1[0]);
508 } else
509 #endif
510 #endif
511 ioctl(pv[0], FIONBIO, (char *)&one);
512
513 /* should set s nbio! */
514 nfd++;
515 do {
516 ready = readfrom;
517 #ifdef CRYPT
518 #ifdef KERBEROS
519 if (doencrypt) {
520 wready = writeto;
521 if (select(nfd, &ready,
522 &wready, (fd_set *) 0,
523 (struct timeval *) 0) < 0)
524 break;
525 } else
526 #endif
527 #endif
528 if (select(nfd, &ready, (fd_set *)0,
529 (fd_set *)0, (struct timeval *)0) < 0)
530 break;
531 if (FD_ISSET(s, &ready)) {
532 int ret;
533 #ifdef CRYPT
534 #ifdef KERBEROS
535 if (doencrypt)
536 ret = des_read(s, &sig, 1);
537 else
538 #endif
539 #endif
540 ret = read(s, &sig, 1);
541 if (ret <= 0)
542 FD_CLR(s, &readfrom);
543 else
544 killpg(pid, sig);
545 }
546 if (FD_ISSET(pv[0], &ready)) {
547 errno = 0;
548 cc = read(pv[0], buf, sizeof(buf));
549 if (cc <= 0) {
550 shutdown(s, 1+1);
551 FD_CLR(pv[0], &readfrom);
552 } else {
553 #ifdef CRYPT
554 #ifdef KERBEROS
555 if (doencrypt)
556 (void)
557 des_write(s, buf, cc);
558 else
559 #endif
560 #endif
561 (void)
562 write(s, buf, cc);
563 }
564 }
565 #ifdef CRYPT
566 #ifdef KERBEROS
567 if (doencrypt && FD_ISSET(pv1[0], &ready)) {
568 errno = 0;
569 cc = read(pv1[0], buf, sizeof(buf));
570 if (cc <= 0) {
571 shutdown(pv1[0], 1+1);
572 FD_CLR(pv1[0], &readfrom);
573 } else
574 (void) des_write(STDOUT_FILENO,
575 buf, cc);
576 }
577
578 if (doencrypt && FD_ISSET(pv2[0], &wready)) {
579 errno = 0;
580 cc = des_read(STDIN_FILENO,
581 buf, sizeof(buf));
582 if (cc <= 0) {
583 shutdown(pv2[0], 1+1);
584 FD_CLR(pv2[0], &writeto);
585 } else
586 (void) write(pv2[0], buf, cc);
587 }
588 #endif
589 #endif
590
591 } while (FD_ISSET(s, &readfrom) ||
592 #ifdef CRYPT
593 #ifdef KERBEROS
594 (doencrypt && FD_ISSET(pv1[0], &readfrom)) ||
595 #endif
596 #endif
597 FD_ISSET(pv[0], &readfrom));
598 exit(0);
599 }
600 setpgrp(0, getpid());
601 (void) close(s);
602 (void) close(pv[0]);
603 #ifdef CRYPT
604 #ifdef KERBEROS
605 if (doencrypt) {
606 close(pv1[0]); close(pv2[0]);
607 dup2(pv1[1], 1);
608 dup2(pv2[1], 0);
609 close(pv1[1]);
610 close(pv2[1]);
611 }
612 #endif
613 #endif
614 dup2(pv[1], 2);
615 close(pv[1]);
616 }
617 if (*pwd->pw_shell == '\0')
618 pwd->pw_shell = _PATH_BSHELL;
619 #if BSD > 43
620 if (setlogin(pwd->pw_name) < 0)
621 syslog(LOG_ERR, "setlogin() failed: %m");
622 #endif
623 (void) setgid((gid_t)pwd->pw_gid);
624 initgroups(pwd->pw_name, pwd->pw_gid);
625 (void) setuid((uid_t)pwd->pw_uid);
626 environ = envinit;
627 strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
628 strcat(path, _PATH_DEFPATH);
629 strncat(shell, pwd->pw_shell, sizeof(shell)-7);
630 strncat(username, pwd->pw_name, sizeof(username)-6);
631 cp = strrchr(pwd->pw_shell, '/');
632 if (cp)
633 cp++;
634 else
635 cp = pwd->pw_shell;
636 endpwent();
637 if (log_success || pwd->pw_uid == 0) {
638 #ifdef KERBEROS
639 if (use_kerberos)
640 syslog(LOG_INFO|LOG_AUTH,
641 "Kerberos shell from %s.%s@%s on %s as %s, cmd='%.80s'",
642 kdata->pname, kdata->pinst, kdata->prealm,
643 hostname, locuser, cmdbuf);
644 else
645 #endif
646 syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
647 remuser, hostname, locuser, cmdbuf);
648 }
649 execl(pwd->pw_shell, cp, "-c", cmdbuf, 0);
650 perror(pwd->pw_shell);
651 exit(1);
652 }
653
654 /*
655 * Report error to client. Note: can't be used until second socket has
656 * connected to client, or older clients will hang waiting for that
657 * connection first.
658 */
659 #if __STDC__
660 #include <stdarg.h>
661 #else
662 #include <varargs.h>
663 #endif
664
665 void
666 #if __STDC__
error(const char * fmt,...)667 error(const char *fmt, ...)
668 #else
669 error(fmt, va_alist)
670 char *fmt;
671 va_dcl
672 #endif
673 {
674 va_list ap;
675 int len;
676 char *bp, buf[BUFSIZ];
677 #if __STDC__
678 va_start(ap, fmt);
679 #else
680 va_start(ap);
681 #endif
682 bp = buf;
683 if (sent_null == 0) {
684 *bp++ = 1;
685 len = 1;
686 } else
687 len = 0;
688 (void)vsnprintf(bp, sizeof(buf) - 1, fmt, ap);
689 (void)write(STDERR_FILENO, buf, len + strlen(bp));
690 }
691
692 void
getstr(buf,cnt,err)693 getstr(buf, cnt, err)
694 char *buf, *err;
695 int cnt;
696 {
697 char c;
698
699 do {
700 if (read(STDIN_FILENO, &c, 1) != 1)
701 exit(1);
702 *buf++ = c;
703 if (--cnt == 0) {
704 error("%s too long\n", err);
705 exit(1);
706 }
707 } while (c != 0);
708 }
709
710 /*
711 * Check whether host h is in our local domain,
712 * defined as sharing the last two components of the domain part,
713 * or the entire domain part if the local domain has only one component.
714 * If either name is unqualified (contains no '.'),
715 * assume that the host is local, as it will be
716 * interpreted as such.
717 */
718 int
local_domain(h)719 local_domain(h)
720 char *h;
721 {
722 char localhost[MAXHOSTNAMELEN];
723 char *p1, *p2;
724
725 localhost[0] = 0;
726 (void) gethostname(localhost, sizeof(localhost));
727 p1 = topdomain(localhost);
728 p2 = topdomain(h);
729 if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2))
730 return (1);
731 return (0);
732 }
733
734 char *
topdomain(h)735 topdomain(h)
736 char *h;
737 {
738 char *p, *maybe = NULL;
739 int dots = 0;
740
741 for (p = h + strlen(h); p >= h; p--) {
742 if (*p == '.') {
743 if (++dots == 2)
744 return (p);
745 maybe = p;
746 }
747 }
748 return (maybe);
749 }
750
751 void
usage()752 usage()
753 {
754
755 syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS);
756 exit(2);
757 }
758