138678Skfall /*
262213Sbostic * Copyright (c) 1983, 1993
362213Sbostic * The Regents of the University of California. All rights reserved.
442763Sbostic *
542763Sbostic * %sccs.include.redist.c%
638678Skfall */
738678Skfall
838678Skfall #ifndef lint
942763Sbostic static char Xsccsid[] = "derived from @(#)rcmd.c 5.17 (Berkeley) 6/27/88";
10*64297Smckusick static char sccsid[] = "@(#)kcmd.c 8.2 (Berkeley) 08/19/93";
1142763Sbostic #endif /* not lint */
1238678Skfall
1338678Skfall #include <sys/param.h>
1438678Skfall #include <sys/file.h>
1538678Skfall #include <sys/socket.h>
1638678Skfall #include <sys/stat.h>
1738678Skfall
1838678Skfall #include <netinet/in.h>
1958470Sbostic #include <arpa/inet.h>
2038678Skfall
2141760Skfall #include <kerberosIV/des.h>
2240683Sbostic #include <kerberosIV/krb.h>
2340683Sbostic #include <kerberosIV/kparse.h>
2458470Sbostic
2558470Sbostic #include <ctype.h>
2658470Sbostic #include <errno.h>
2758470Sbostic #include <netdb.h>
2840683Sbostic #include <pwd.h>
2958470Sbostic #include <signal.h>
3040683Sbostic #include <stdio.h>
3158470Sbostic #include <stdlib.h>
3258470Sbostic #include <string.h>
3358470Sbostic #include <unistd.h>
3438678Skfall
3558470Sbostic #include "krb.h"
3658470Sbostic
3758470Sbostic #ifndef MAXHOSTNAMELEN
3838678Skfall #define MAXHOSTNAMELEN 64
3938678Skfall #endif
4038678Skfall
4138678Skfall #define START_PORT 5120 /* arbitrary */
4238678Skfall
4358470Sbostic int getport __P((int *));
4458470Sbostic
4558470Sbostic int
kcmd(sock,ahost,rport,locuser,remuser,cmd,fd2p,ticket,service,realm,cred,schedule,msg_data,laddr,faddr,authopts)4638678Skfall kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, ticket, service, realm,
4758470Sbostic cred, schedule, msg_data, laddr, faddr, authopts)
4858470Sbostic int *sock;
4958470Sbostic char **ahost;
5058470Sbostic u_short rport;
5158470Sbostic char *locuser, *remuser, *cmd;
5258470Sbostic int *fd2p;
5358470Sbostic KTEXT ticket;
5458470Sbostic char *service;
5558470Sbostic char *realm;
5658470Sbostic CREDENTIALS *cred;
5758470Sbostic Key_schedule schedule;
5858470Sbostic MSG_DAT *msg_data;
5958470Sbostic struct sockaddr_in *laddr, *faddr;
6058470Sbostic long authopts;
6138678Skfall {
6238678Skfall int s, timo = 1, pid;
6338678Skfall long oldmask;
6438678Skfall struct sockaddr_in sin, from;
6538678Skfall char c;
6638678Skfall #ifdef ATHENA_COMPAT
6738678Skfall int lport = IPPORT_RESERVED - 1;
6838678Skfall #else
6938678Skfall int lport = START_PORT;
7058470Sbostic #endif
7138678Skfall struct hostent *hp;
7238678Skfall int rc;
7338678Skfall char *host_save;
7438678Skfall int status;
7538678Skfall
7638678Skfall pid = getpid();
7738678Skfall hp = gethostbyname(*ahost);
7858470Sbostic if (hp == NULL) {
7938678Skfall /* fprintf(stderr, "%s: unknown host\n", *ahost); */
8038678Skfall return (-1);
8138678Skfall }
8238678Skfall
8358470Sbostic host_save = malloc(strlen(hp->h_name) + 1);
8458470Sbostic strcpy(host_save, hp->h_name);
8558470Sbostic *ahost = host_save;
8638678Skfall
87*64297Smckusick #ifdef KERBEROS
8858470Sbostic /* If realm is null, look up from table */
8958470Sbostic if (realm == NULL || realm[0] == '\0')
9058470Sbostic realm = krb_realmofhost(host_save);
91*64297Smckusick #endif /* KERBEROS */
9238678Skfall
9338678Skfall oldmask = sigblock(sigmask(SIGURG));
9438678Skfall for (;;) {
9558529Sleres s = getport(&lport);
9638678Skfall if (s < 0) {
9738678Skfall if (errno == EAGAIN)
9838842Skfall fprintf(stderr,
9938842Skfall "kcmd(socket): All ports in use\n");
10038678Skfall else
10138842Skfall perror("kcmd: socket");
10238678Skfall sigsetmask(oldmask);
10338678Skfall return (-1);
10438678Skfall }
10538678Skfall fcntl(s, F_SETOWN, pid);
10638678Skfall sin.sin_family = hp->h_addrtype;
10738678Skfall #if defined(ultrix) || defined(sun)
10838678Skfall bcopy(hp->h_addr, (caddr_t)&sin.sin_addr, hp->h_length);
10938678Skfall #else
11038678Skfall bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr, hp->h_length);
11158470Sbostic #endif
11238678Skfall sin.sin_port = rport;
11358470Sbostic if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
11438678Skfall break;
11538678Skfall (void) close(s);
11638678Skfall if (errno == EADDRINUSE) {
11738678Skfall lport--;
11838678Skfall continue;
11938678Skfall }
12058529Sleres /*
12158529Sleres * don't wait very long for Kerberos rcmd.
12258529Sleres */
12358529Sleres if (errno == ECONNREFUSED && timo <= 4) {
12438842Skfall /* sleep(timo); don't wait at all here */
12538678Skfall timo *= 2;
12638678Skfall continue;
12738678Skfall }
12838678Skfall #if !(defined(ultrix) || defined(sun))
12938678Skfall if (hp->h_addr_list[1] != NULL) {
13038678Skfall int oerrno = errno;
13138678Skfall
13238678Skfall fprintf(stderr,
13338842Skfall "kcmd: connect to address %s: ",
13438842Skfall inet_ntoa(sin.sin_addr));
13538678Skfall errno = oerrno;
13658470Sbostic perror(NULL);
13738678Skfall hp->h_addr_list++;
13838678Skfall bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr,
13938678Skfall hp->h_length);
14038678Skfall fprintf(stderr, "Trying %s...\n",
14138678Skfall inet_ntoa(sin.sin_addr));
14238678Skfall continue;
14338678Skfall }
14438678Skfall #endif /* !(defined(ultrix) || defined(sun)) */
14538678Skfall if (errno != ECONNREFUSED)
14638678Skfall perror(hp->h_name);
14738678Skfall sigsetmask(oldmask);
14838678Skfall return (-1);
14938678Skfall }
15038678Skfall lport--;
15138678Skfall if (fd2p == 0) {
15238678Skfall write(s, "", 1);
15338678Skfall lport = 0;
15438678Skfall } else {
15538678Skfall char num[8];
15658470Sbostic int s2 = getport(&lport), s3;
15758470Sbostic int len = sizeof(from);
15838678Skfall
15958470Sbostic if (s2 < 0) {
16058470Sbostic status = -1;
16138678Skfall goto bad;
16258470Sbostic }
16338678Skfall listen(s2, 1);
16438678Skfall (void) sprintf(num, "%d", lport);
16558470Sbostic if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
16638842Skfall perror("kcmd(write): setting up stderr");
16738678Skfall (void) close(s2);
16858470Sbostic status = -1;
16938678Skfall goto bad;
17038678Skfall }
17138678Skfall s3 = accept(s2, (struct sockaddr *)&from, &len);
17238678Skfall (void) close(s2);
17338678Skfall if (s3 < 0) {
17438842Skfall perror("kcmd:accept");
17538678Skfall lport = 0;
17638678Skfall status = -1;
17738678Skfall goto bad;
17838678Skfall }
17938678Skfall *fd2p = s3;
18038678Skfall from.sin_port = ntohs((u_short)from.sin_port);
18138678Skfall if (from.sin_family != AF_INET ||
18238678Skfall from.sin_port >= IPPORT_RESERVED) {
18338678Skfall fprintf(stderr,
18438842Skfall "kcmd(socket): protocol failure in circuit setup.\n");
18558470Sbostic status = -1;
18638678Skfall goto bad2;
18738678Skfall }
18838678Skfall }
18958470Sbostic /*
19058470Sbostic * Kerberos-authenticated service. Don't have to send locuser,
19158470Sbostic * since its already in the ticket, and we'll extract it on
19258470Sbostic * the other side.
19358470Sbostic */
19458470Sbostic /* (void) write(s, locuser, strlen(locuser)+1); */
19538678Skfall
19658470Sbostic /* set up the needed stuff for mutual auth, but only if necessary */
19758470Sbostic if (authopts & KOPT_DO_MUTUAL) {
19858470Sbostic int sin_len;
19958470Sbostic *faddr = sin;
20038678Skfall
20158470Sbostic sin_len = sizeof(struct sockaddr_in);
20258470Sbostic if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
20358470Sbostic perror("kcmd(getsockname)");
20458470Sbostic status = -1;
20558470Sbostic goto bad2;
20658470Sbostic }
20738678Skfall }
208*64297Smckusick #ifdef KERBEROS
20958470Sbostic if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
21038678Skfall realm, (unsigned long) getpid(), msg_data,
21138678Skfall cred, schedule,
21238678Skfall laddr,
21338678Skfall faddr,
21438678Skfall "KCMDV0.1")) != KSUCCESS)
21558470Sbostic goto bad2;
216*64297Smckusick #endif /* KERBEROS */
21738678Skfall
21838678Skfall (void) write(s, remuser, strlen(remuser)+1);
21938678Skfall (void) write(s, cmd, strlen(cmd)+1);
22038678Skfall
22158470Sbostic if ((rc = read(s, &c, 1)) != 1) {
22258470Sbostic if (rc == -1)
22358470Sbostic perror(*ahost);
22458470Sbostic else
22558470Sbostic fprintf(stderr,"kcmd: bad connection with remote host\n");
22658470Sbostic status = -1;
22738678Skfall goto bad2;
22838678Skfall }
22958470Sbostic if (c != '\0') {
23038678Skfall while (read(s, &c, 1) == 1) {
23138678Skfall (void) write(2, &c, 1);
23238678Skfall if (c == '\n')
23338678Skfall break;
23438678Skfall }
23558470Sbostic status = -1;
23638678Skfall goto bad2;
23738678Skfall }
23838678Skfall sigsetmask(oldmask);
23958470Sbostic *sock = s;
24058470Sbostic return (KSUCCESS);
24138678Skfall bad2:
24238678Skfall if (lport)
24338678Skfall (void) close(*fd2p);
24438678Skfall bad:
24538678Skfall (void) close(s);
24638678Skfall sigsetmask(oldmask);
24758470Sbostic return (status);
24838678Skfall }
24938678Skfall
25058470Sbostic int
getport(alport)25138678Skfall getport(alport)
25238678Skfall int *alport;
25338678Skfall {
25438678Skfall struct sockaddr_in sin;
25538678Skfall int s;
25638678Skfall
25738678Skfall sin.sin_family = AF_INET;
25838678Skfall sin.sin_addr.s_addr = INADDR_ANY;
25938678Skfall s = socket(AF_INET, SOCK_STREAM, 0);
26038678Skfall if (s < 0)
26138678Skfall return (-1);
26238678Skfall for (;;) {
26338678Skfall sin.sin_port = htons((u_short)*alport);
26458470Sbostic if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
26538678Skfall return (s);
26638678Skfall if (errno != EADDRINUSE) {
26738678Skfall (void) close(s);
26838678Skfall return (-1);
26938678Skfall }
27038678Skfall (*alport)--;
27138678Skfall #ifdef ATHENA_COMPAT
27238678Skfall if (*alport == IPPORT_RESERVED/2) {
27338678Skfall #else
27438678Skfall if (*alport == IPPORT_RESERVED) {
27558470Sbostic #endif
27638678Skfall (void) close(s);
27738678Skfall errno = EAGAIN; /* close */
27838678Skfall return (-1);
27938678Skfall }
28038678Skfall }
28138678Skfall }
282