1 /* $NetBSD: rcmd.c,v 1.65 2007/01/03 11:46:22 ws Exp $ */ 2 3 /* 4 * Copyright (c) 1983, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 #if defined(LIBC_SCCS) && !defined(lint) 34 #if 0 35 static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94"; 36 #else 37 __RCSID("$NetBSD: rcmd.c,v 1.65 2007/01/03 11:46:22 ws Exp $"); 38 #endif 39 #endif /* LIBC_SCCS and not lint */ 40 41 #ifdef _LIBC 42 #include "namespace.h" 43 #endif 44 #include <sys/param.h> 45 #include <sys/socket.h> 46 #include <sys/stat.h> 47 #include <sys/poll.h> 48 #include <sys/wait.h> 49 50 #include <netinet/in.h> 51 #ifndef __minix 52 #include <rpc/rpc.h> 53 #endif 54 #include <arpa/inet.h> 55 #include <netgroup.h> 56 57 #include <assert.h> 58 #include <ctype.h> 59 #include <err.h> 60 #include <errno.h> 61 #include <fcntl.h> 62 #include <grp.h> 63 #include <netdb.h> 64 #include <paths.h> 65 #include <pwd.h> 66 #include <signal.h> 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <syslog.h> 71 #include <unistd.h> 72 73 #include "pathnames.h" 74 75 int orcmd __P((char **, u_int, const char *, const char *, const char *, 76 int *)); 77 int orcmd_af __P((char **, u_int, const char *, const char *, const char *, 78 int *, int)); 79 int __ivaliduser __P((FILE *, u_int32_t, const char *, const char *)); 80 int __ivaliduser_sa __P((FILE *, const struct sockaddr *, socklen_t, 81 const char *, const char *)); 82 static int rshrcmd __P((char **, u_int32_t, const char *, const char *, 83 const char *, int *, const char *)); 84 static int resrcmd __P((struct addrinfo *, char **, u_int32_t, const char *, 85 const char *, const char *, int *)); 86 static int __icheckhost __P((const struct sockaddr *, socklen_t, 87 const char *)); 88 static char *__gethostloop __P((const struct sockaddr *, socklen_t)); 89 90 int 91 rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 92 char **ahost; 93 u_short rport; 94 const char *locuser, *remuser, *cmd; 95 int *fd2p; 96 { 97 98 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET); 99 } 100 101 int 102 rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) 103 char **ahost; 104 u_short rport; 105 const char *locuser, *remuser, *cmd; 106 int *fd2p; 107 int af; 108 { 109 static char hbuf[MAXHOSTNAMELEN]; 110 char pbuf[NI_MAXSERV]; 111 struct addrinfo hints, *res; 112 int error; 113 struct servent *sp; 114 115 _DIAGASSERT(ahost != NULL); 116 _DIAGASSERT(locuser != NULL); 117 _DIAGASSERT(remuser != NULL); 118 _DIAGASSERT(cmd != NULL); 119 /* fd2p may be NULL */ 120 121 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport)); 122 memset(&hints, 0, sizeof(hints)); 123 hints.ai_family = af; 124 hints.ai_socktype = SOCK_STREAM; 125 hints.ai_flags = AI_CANONNAME; 126 error = getaddrinfo(*ahost, pbuf, &hints, &res); 127 if (error) { 128 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/ 129 return (-1); 130 } 131 if (res->ai_canonname) { 132 /* 133 * Canonicalise hostname. 134 * XXX: Should we really do this? 135 */ 136 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf)); 137 *ahost = hbuf; 138 } 139 140 /* 141 * Check if rport is the same as the shell port, and that the fd2p. If 142 * it is not, the program isn't expecting 'rsh' and so we can't use the 143 * RCMD_CMD environment. 144 */ 145 sp = getservbyname("shell", "tcp"); 146 if (sp != NULL && sp->s_port == rport) 147 error = rshrcmd(ahost, (u_int32_t)rport, 148 locuser, remuser, cmd, fd2p, getenv("RCMD_CMD")); 149 else 150 error = resrcmd(res, ahost, (u_int32_t)rport, 151 locuser, remuser, cmd, fd2p); 152 freeaddrinfo(res); 153 return (error); 154 } 155 156 /* this is simply a wrapper around hprcmd() that handles ahost first */ 157 int 158 orcmd(ahost, rport, locuser, remuser, cmd, fd2p) 159 char **ahost; 160 u_int rport; 161 const char *locuser, *remuser, *cmd; 162 int *fd2p; 163 { 164 return orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET); 165 } 166 167 int 168 orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) 169 char **ahost; 170 u_int rport; 171 const char *locuser, *remuser, *cmd; 172 int *fd2p; 173 int af; 174 { 175 static char hbuf[MAXHOSTNAMELEN]; 176 char pbuf[NI_MAXSERV]; 177 struct addrinfo hints, *res; 178 int error; 179 180 _DIAGASSERT(ahost != NULL); 181 _DIAGASSERT(locuser != NULL); 182 _DIAGASSERT(remuser != NULL); 183 _DIAGASSERT(cmd != NULL); 184 /* fd2p may be NULL */ 185 186 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport)); 187 memset(&hints, 0, sizeof(hints)); 188 hints.ai_family = af; 189 hints.ai_socktype = SOCK_STREAM; 190 hints.ai_flags = AI_CANONNAME; 191 error = getaddrinfo(*ahost, pbuf, &hints, &res); 192 if (error) { 193 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/ 194 return (-1); 195 } 196 if (res->ai_canonname) { 197 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf)); 198 *ahost = hbuf; 199 } 200 201 error = resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p); 202 freeaddrinfo(res); 203 return (error); 204 } 205 206 /*ARGSUSED*/ 207 static int 208 resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p) 209 struct addrinfo *res; 210 char **ahost; 211 u_int32_t rport; 212 const char *locuser, *remuser, *cmd; 213 int *fd2p; 214 { 215 struct addrinfo *r; 216 struct sockaddr_storage from; 217 struct pollfd reads[2]; 218 #ifdef __minix 219 /* No support for OOB data in Minix. */ 220 #else 221 sigset_t nmask, omask; 222 #endif /* !__minix */ 223 pid_t pid; 224 int s, lport, timo; 225 int pollr; 226 char c; 227 int refused; 228 229 _DIAGASSERT(res != NULL); 230 _DIAGASSERT(ahost != NULL); 231 _DIAGASSERT(locuser != NULL); 232 _DIAGASSERT(remuser != NULL); 233 _DIAGASSERT(cmd != NULL); 234 /* fd2p may be NULL */ 235 236 r = res; 237 refused = 0; 238 pid = getpid(); 239 #ifndef __minix 240 /* Minix has no support for OOB data, 241 no need to block SIGURG. */ 242 sigemptyset(&nmask); 243 sigaddset(&nmask, SIGURG); 244 if (sigprocmask(SIG_BLOCK, &nmask, &omask) == -1) 245 return -1; 246 #endif /* !__minix */ 247 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 248 s = rresvport_af(&lport, r->ai_family); 249 if (s < 0) { 250 if (errno == EAGAIN) 251 warnx("rcmd: socket: All ports in use"); 252 else 253 warn("rcmd: socket"); 254 if (r->ai_next) { 255 r = r->ai_next; 256 continue; 257 } else { 258 #ifndef __minix 259 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 260 #endif /* !__minix */ 261 return (-1); 262 } 263 } 264 #ifndef __minix 265 /* No OOB support in Minix. */ 266 fcntl(s, F_SETOWN, pid); 267 #endif /* !__minix */ 268 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0) 269 break; 270 (void)close(s); 271 if (errno == EADDRINUSE) { 272 lport--; 273 continue; 274 } else if (errno == ECONNREFUSED) 275 refused++; 276 if (r->ai_next) { 277 int oerrno = errno; 278 char hbuf[NI_MAXHOST]; 279 const int niflags = NI_NUMERICHOST; 280 281 hbuf[0] = '\0'; 282 if (getnameinfo(r->ai_addr, r->ai_addrlen, 283 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0) 284 strlcpy(hbuf, "(invalid)", sizeof(hbuf)); 285 errno = oerrno; 286 warn("rcmd: connect to address %s", hbuf); 287 r = r->ai_next; 288 hbuf[0] = '\0'; 289 if (getnameinfo(r->ai_addr, r->ai_addrlen, 290 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0) 291 strlcpy(hbuf, "(invalid)", sizeof(hbuf)); 292 (void)fprintf(stderr, "Trying %s...\n", hbuf); 293 continue; 294 } 295 if (refused && timo <= 16) { 296 (void)sleep((unsigned int)timo); 297 timo *= 2; 298 r = res; 299 refused = 0; 300 continue; 301 } 302 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname, 303 strerror(errno)); 304 #ifndef __minix 305 /* No OOB support in Minix. */ 306 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 307 #endif /* !__minix */ 308 return (-1); 309 } 310 lport--; 311 if (fd2p == 0) { 312 write(s, "", 1); 313 lport = 0; 314 } else { 315 char num[8]; 316 int s2 = rresvport_af(&lport, r->ai_family), s3; 317 socklen_t len = sizeof(from); 318 319 if (s2 < 0) 320 goto bad; 321 listen(s2, 1); 322 (void)snprintf(num, sizeof(num), "%d", lport); 323 if (write(s, num, strlen(num) + 1) != 324 (ssize_t) (strlen(num) + 1)) { 325 warn("rcmd: write (setting up stderr)"); 326 (void)close(s2); 327 goto bad; 328 } 329 reads[0].fd = s; 330 reads[0].events = POLLIN; 331 reads[1].fd = s2; 332 reads[1].events = POLLIN; 333 errno = 0; 334 pollr = poll(reads, 2, INFTIM); 335 if (pollr < 1 || (reads[1].revents & POLLIN) == 0) { 336 if (errno != 0) 337 warn("poll: setting up stderr"); 338 else 339 warnx("poll: protocol failure in circuit setup"); 340 (void)close(s2); 341 goto bad; 342 } 343 s3 = accept(s2, (struct sockaddr *)(void *)&from, &len); 344 (void)close(s2); 345 if (s3 < 0) { 346 warn("rcmd: accept"); 347 lport = 0; 348 goto bad; 349 } 350 *fd2p = s3; 351 switch (((struct sockaddr *)(void *)&from)->sa_family) { 352 case AF_INET: 353 #ifdef INET6 354 case AF_INET6: 355 #endif 356 if (getnameinfo((struct sockaddr *)(void *)&from, len, 357 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 || 358 (atoi(num) >= IPPORT_RESERVED || 359 atoi(num) < IPPORT_RESERVED / 2)) { 360 warnx("rcmd: protocol failure in circuit setup."); 361 goto bad2; 362 } 363 break; 364 default: 365 break; 366 } 367 } 368 369 (void)write(s, locuser, strlen(locuser)+1); 370 (void)write(s, remuser, strlen(remuser)+1); 371 (void)write(s, cmd, strlen(cmd)+1); 372 if (read(s, &c, 1) != 1) { 373 warn("%s", *ahost); 374 goto bad2; 375 } 376 if (c != 0) { 377 while (read(s, &c, 1) == 1) { 378 (void)write(STDERR_FILENO, &c, 1); 379 if (c == '\n') 380 break; 381 } 382 goto bad2; 383 } 384 #ifndef __minix 385 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 386 #endif /* __minix */ 387 return (s); 388 bad2: 389 if (lport) 390 (void)close(*fd2p); 391 bad: 392 (void)close(s); 393 #ifndef __minix 394 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 395 #endif /* __minix */ 396 return (-1); 397 } 398 399 /* 400 * based on code written by Chris Siebenmann <cks@utcc.utoronto.ca> 401 */ 402 /* ARGSUSED */ 403 static int 404 rshrcmd(ahost, rport, locuser, remuser, cmd, fd2p, rshcmd) 405 char **ahost; 406 u_int32_t rport; 407 const char *locuser, *remuser, *cmd; 408 int *fd2p; 409 const char *rshcmd; 410 { 411 pid_t pid; 412 int sp[2], ep[2]; 413 char *p; 414 struct passwd *pw, pwres; 415 char pwbuf[1024]; 416 417 _DIAGASSERT(ahost != NULL); 418 _DIAGASSERT(locuser != NULL); 419 _DIAGASSERT(remuser != NULL); 420 _DIAGASSERT(cmd != NULL); 421 /* fd2p may be NULL */ 422 423 /* What rsh/shell to use. */ 424 if (rshcmd == NULL) 425 rshcmd = _PATH_BIN_RCMD; 426 427 /* locuser must exist on this host. */ 428 if (getpwnam_r(locuser, &pwres, pwbuf, sizeof(pwbuf), &pw) != 0 || 429 pw == NULL) { 430 warnx("rshrcmd: unknown user: %s", locuser); 431 return(-1); 432 } 433 434 /* get a socketpair we'll use for stdin and stdout. */ 435 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sp) < 0) { 436 warn("rshrcmd: socketpair"); 437 return (-1); 438 } 439 /* we will use this for the fd2 pointer */ 440 if (fd2p) { 441 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, ep) < 0) { 442 warn("rshrcmd: socketpair"); 443 return (-1); 444 } 445 *fd2p = ep[0]; 446 } 447 448 pid = fork(); 449 if (pid < 0) { 450 warn("rshrcmd: fork"); 451 return (-1); 452 } 453 if (pid == 0) { 454 /* 455 * child 456 * - we use sp[1] to be stdin/stdout, and close sp[0] 457 * - with fd2p, we use ep[1] for stderr, and close ep[0] 458 */ 459 (void)close(sp[0]); 460 if (dup2(sp[1], 0) < 0 || dup2(0, 1) < 0) { 461 warn("rshrcmd: dup2"); 462 _exit(1); 463 } 464 (void)close(sp[1]); 465 if (fd2p) { 466 if (dup2(ep[1], 2) < 0) { 467 warn("rshrcmd: dup2"); 468 _exit(1); 469 } 470 (void)close(ep[0]); 471 (void)close(ep[1]); 472 } else if (dup2(0, 2) < 0) { 473 warn("rshrcmd: dup2"); 474 _exit(1); 475 } 476 /* fork again to lose parent. */ 477 pid = fork(); 478 if (pid < 0) { 479 warn("rshrcmd: second fork"); 480 _exit(1); 481 } 482 if (pid > 0) 483 _exit(0); 484 485 /* Orphan. Become local user for rshprog. */ 486 if (setuid(pw->pw_uid)) { 487 warn("rshrcmd: setuid(%lu)", (u_long)pw->pw_uid); 488 _exit(1); 489 } 490 491 /* 492 * If we are rcmd'ing to "localhost" as the same user as we are, 493 * then avoid running remote shell for efficiency. 494 */ 495 if (strcmp(*ahost, "localhost") == 0 && 496 strcmp(locuser, remuser) == 0) { 497 if (pw->pw_shell[0] == '\0') 498 rshcmd = _PATH_BSHELL; 499 else 500 rshcmd = pw->pw_shell; 501 p = strrchr(rshcmd, '/'); 502 execlp(rshcmd, p ? p + 1 : rshcmd, "-c", cmd, NULL); 503 } else { 504 p = strrchr(rshcmd, '/'); 505 execlp(rshcmd, p ? p + 1 : rshcmd, *ahost, "-l", 506 remuser, cmd, NULL); 507 } 508 warn("rshrcmd: exec %s", rshcmd); 509 _exit(1); 510 } 511 /* Parent */ 512 (void)close(sp[1]); 513 if (fd2p) 514 (void)close(ep[1]); 515 516 (void)waitpid(pid, NULL, 0); 517 return (sp[0]); 518 } 519 520 int 521 rresvport(alport) 522 int *alport; 523 { 524 525 _DIAGASSERT(alport != NULL); 526 527 return rresvport_af(alport, AF_INET); 528 } 529 530 int 531 rresvport_af(alport, family) 532 int *alport; 533 int family; 534 { 535 struct sockaddr_storage ss; 536 struct sockaddr *sa; 537 int salen; 538 int s; 539 u_int16_t *portp; 540 541 _DIAGASSERT(alport != NULL); 542 543 memset(&ss, 0, sizeof(ss)); 544 sa = (struct sockaddr *)(void *)&ss; 545 switch (family) { 546 case AF_INET: 547 #ifdef BSD4_4 548 sa->sa_len = 549 #endif 550 salen = sizeof(struct sockaddr_in); 551 portp = &((struct sockaddr_in *)(void *)sa)->sin_port; 552 break; 553 #ifdef INET6 554 case AF_INET6: 555 #ifdef BSD4_4 556 sa->sa_len = 557 #endif 558 salen = sizeof(struct sockaddr_in6); 559 portp = &((struct sockaddr_in6 *)(void *)sa)->sin6_port; 560 break; 561 #endif 562 default: 563 errno = EAFNOSUPPORT; 564 return (-1); 565 } 566 sa->sa_family = family; 567 s = socket(family, SOCK_STREAM, 0); 568 if (s < 0) 569 return (-1); 570 #ifdef BSD4_4 571 switch (family) { 572 case AF_INET: 573 case AF_INET6: 574 *portp = 0; 575 if (bindresvport(s, (struct sockaddr_in *)(void *)sa) < 0) { 576 int sverr = errno; 577 578 (void)close(s); 579 errno = sverr; 580 return (-1); 581 } 582 *alport = (int)ntohs(*portp); 583 return (s); 584 default: 585 /* is it necessary to try keep code for other AFs? */ 586 break; 587 } 588 #endif 589 for (;;) { 590 *portp = htons((u_short)*alport); 591 if (bind(s, sa, (socklen_t)salen) >= 0) 592 return (s); 593 if (errno != EADDRINUSE) { 594 (void)close(s); 595 return (-1); 596 } 597 (*alport)--; 598 if (*alport == IPPORT_RESERVED/2) { 599 (void)close(s); 600 errno = EAGAIN; /* close */ 601 return (-1); 602 } 603 } 604 } 605 606 int __check_rhosts_file = 1; 607 const char *__rcmd_errstr; 608 609 int 610 ruserok(rhost, superuser, ruser, luser) 611 const char *rhost, *ruser, *luser; 612 int superuser; 613 { 614 struct addrinfo hints, *res, *r; 615 int error; 616 617 _DIAGASSERT(rhost != NULL); 618 _DIAGASSERT(ruser != NULL); 619 _DIAGASSERT(luser != NULL); 620 621 memset(&hints, 0, sizeof(hints)); 622 hints.ai_family = PF_UNSPEC; 623 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 624 error = getaddrinfo(rhost, "0", &hints, &res); 625 if (error) 626 return (-1); 627 628 for (r = res; r; r = r->ai_next) { 629 if (iruserok_sa(r->ai_addr, (int)r->ai_addrlen, superuser, 630 ruser, luser) == 0) { 631 freeaddrinfo(res); 632 return (0); 633 } 634 } 635 freeaddrinfo(res); 636 return (-1); 637 } 638 639 /* 640 * New .rhosts strategy: We are passed an ip address. We spin through 641 * hosts.equiv and .rhosts looking for a match. When the .rhosts only 642 * has ip addresses, we don't have to trust a nameserver. When it 643 * contains hostnames, we spin through the list of addresses the nameserver 644 * gives us and look for a match. 645 * 646 * Returns 0 if ok, -1 if not ok. 647 */ 648 int 649 iruserok(raddr, superuser, ruser, luser) 650 u_int32_t raddr; 651 int superuser; 652 const char *ruser, *luser; 653 { 654 struct sockaddr_in irsin; 655 656 memset(&irsin, 0, sizeof(irsin)); 657 irsin.sin_family = AF_INET; 658 #ifdef BSD4_4 659 irsin.sin_len = sizeof(struct sockaddr_in); 660 #endif 661 memcpy(&irsin.sin_addr, &raddr, sizeof(irsin.sin_addr)); 662 return iruserok_sa(&irsin, sizeof(struct sockaddr_in), superuser, ruser, 663 luser); 664 } 665 666 /* 667 * 2nd and 3rd arguments are typed like this, to avoid dependency between 668 * unistd.h and sys/socket.h. There's no better way. 669 */ 670 int 671 iruserok_sa(raddr, rlen, superuser, ruser, luser) 672 const void *raddr; 673 int rlen; 674 int superuser; 675 const char *ruser, *luser; 676 { 677 const struct sockaddr *sa; 678 struct stat sbuf; 679 struct passwd *pwd, pwres; 680 FILE *hostf; 681 uid_t uid; 682 gid_t gid; 683 int isvaliduser; 684 char pbuf[MAXPATHLEN]; 685 char pwbuf[1024]; 686 687 _DIAGASSERT(raddr != NULL); 688 _DIAGASSERT(ruser != NULL); 689 _DIAGASSERT(luser != NULL); 690 691 sa = raddr; 692 693 __rcmd_errstr = NULL; 694 695 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); 696 697 if (hostf) { 698 if (__ivaliduser_sa(hostf, sa, (socklen_t)rlen, luser, 699 ruser) == 0) { 700 (void)fclose(hostf); 701 return (0); 702 } 703 (void)fclose(hostf); 704 } 705 706 isvaliduser = -1; 707 if (__check_rhosts_file || superuser) { 708 709 if (getpwnam_r(luser, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 710 || pwd == NULL) 711 return (-1); 712 (void)strlcpy(pbuf, pwd->pw_dir, sizeof(pbuf)); 713 (void)strlcat(pbuf, "/.rhosts", sizeof(pbuf)); 714 715 /* 716 * Change effective uid while opening and reading .rhosts. 717 * If root and reading an NFS mounted file system, can't 718 * read files that are protected read/write owner only. 719 */ 720 uid = geteuid(); 721 gid = getegid(); 722 (void)setegid(pwd->pw_gid); 723 initgroups(pwd->pw_name, pwd->pw_gid); 724 (void)seteuid(pwd->pw_uid); 725 hostf = fopen(pbuf, "r"); 726 727 if (hostf != NULL) { 728 /* 729 * If not a regular file, or is owned by someone other 730 * than user or root or if writable by anyone but the 731 * owner, quit. 732 */ 733 if (lstat(pbuf, &sbuf) < 0) 734 __rcmd_errstr = ".rhosts lstat failed"; 735 else if (!S_ISREG(sbuf.st_mode)) 736 __rcmd_errstr = ".rhosts not regular file"; 737 else if (fstat(fileno(hostf), &sbuf) < 0) 738 __rcmd_errstr = ".rhosts fstat failed"; 739 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) 740 __rcmd_errstr = "bad .rhosts owner"; 741 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) 742 __rcmd_errstr = 743 ".rhosts writable by other than owner"; 744 else 745 isvaliduser = 746 __ivaliduser_sa(hostf, sa, (socklen_t)rlen, 747 luser, ruser); 748 749 (void)fclose(hostf); 750 } 751 (void)seteuid(uid); 752 (void)setegid(gid); 753 754 } 755 return (isvaliduser); 756 } 757 758 /* 759 * XXX 760 * Don't make static, used by lpd(8). We will be able to change the function 761 * into static function, when we bump libc major #. 762 * 763 * Returns 0 if ok, -1 if not ok. 764 */ 765 #ifdef notdef /*_LIBC*/ 766 static 767 #endif 768 int 769 __ivaliduser(hostf, raddr, luser, ruser) 770 FILE *hostf; 771 u_int32_t raddr; 772 const char *luser, *ruser; 773 { 774 struct sockaddr_in ivusin; 775 776 memset(&ivusin, 0, sizeof(ivusin)); 777 ivusin.sin_family = AF_INET; 778 #ifdef BSD4_4 779 ivusin.sin_len = sizeof(struct sockaddr_in); 780 #endif 781 memcpy(&ivusin.sin_addr, &raddr, sizeof(ivusin.sin_addr)); 782 return __ivaliduser_sa(hostf, (struct sockaddr *)(void *)&ivusin, 783 sizeof(struct sockaddr_in), luser, ruser); 784 } 785 786 #ifdef notdef /*_LIBC*/ 787 static 788 #endif 789 int 790 __ivaliduser_sa(hostf, raddr, salen, luser, ruser) 791 FILE *hostf; 792 const struct sockaddr *raddr; 793 socklen_t salen; 794 const char *luser, *ruser; 795 { 796 register char *user, *p; 797 int ch; 798 char buf[MAXHOSTNAMELEN + 128]; /* host + login */ 799 const char *auser, *ahost; 800 int hostok, userok; 801 char *rhost = NULL; 802 int firsttime = 1; 803 char domain[MAXHOSTNAMELEN]; 804 805 getdomainname(domain, sizeof(domain)); 806 807 _DIAGASSERT(hostf != NULL); 808 _DIAGASSERT(luser != NULL); 809 _DIAGASSERT(ruser != NULL); 810 811 while (fgets(buf, sizeof(buf), hostf)) { 812 p = buf; 813 /* Skip lines that are too long. */ 814 if (strchr(p, '\n') == NULL) { 815 while ((ch = getc(hostf)) != '\n' && ch != EOF) 816 ; 817 continue; 818 } 819 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 820 *p = isupper((unsigned char)*p) ? 821 tolower((unsigned char)*p) : *p; 822 p++; 823 } 824 if (*p == ' ' || *p == '\t') { 825 *p++ = '\0'; 826 while (*p == ' ' || *p == '\t') 827 p++; 828 user = p; 829 while (*p != '\n' && *p != ' ' && 830 *p != '\t' && *p != '\0') 831 p++; 832 } else 833 user = p; 834 *p = '\0'; 835 836 if (p == buf) 837 continue; 838 839 auser = *user ? user : luser; 840 ahost = buf; 841 842 if (ahost[0] == '+') 843 switch (ahost[1]) { 844 case '\0': 845 hostok = 1; 846 break; 847 848 case '@': 849 if (firsttime) { 850 rhost = __gethostloop(raddr, salen); 851 firsttime = 0; 852 } 853 if (rhost) 854 hostok = innetgr(&ahost[2], rhost, 855 NULL, domain); 856 else 857 hostok = 0; 858 break; 859 860 default: 861 hostok = __icheckhost(raddr, salen, &ahost[1]); 862 break; 863 } 864 else if (ahost[0] == '-') 865 switch (ahost[1]) { 866 case '\0': 867 hostok = -1; 868 break; 869 870 case '@': 871 if (firsttime) { 872 rhost = __gethostloop(raddr, salen); 873 firsttime = 0; 874 } 875 if (rhost) 876 hostok = -innetgr(&ahost[2], rhost, 877 NULL, domain); 878 else 879 hostok = 0; 880 break; 881 882 default: 883 hostok = -__icheckhost(raddr, salen, &ahost[1]); 884 break; 885 } 886 else 887 hostok = __icheckhost(raddr, salen, ahost); 888 889 890 if (auser[0] == '+') 891 switch (auser[1]) { 892 case '\0': 893 userok = 1; 894 break; 895 896 case '@': 897 userok = innetgr(&auser[2], NULL, ruser, 898 domain); 899 break; 900 901 default: 902 userok = strcmp(ruser, &auser[1]) == 0; 903 break; 904 } 905 else if (auser[0] == '-') 906 switch (auser[1]) { 907 case '\0': 908 userok = -1; 909 break; 910 911 case '@': 912 userok = -innetgr(&auser[2], NULL, ruser, 913 domain); 914 break; 915 916 default: 917 userok = 918 -(strcmp(ruser, &auser[1]) == 0 ? 1 : 0); 919 break; 920 } 921 else 922 userok = strcmp(ruser, auser) == 0; 923 924 /* Check if one component did not match */ 925 if (hostok == 0 || userok == 0) 926 continue; 927 928 /* Check if we got a forbidden pair */ 929 if (userok == -1 || hostok == -1) 930 return -1; 931 932 /* Check if we got a valid pair */ 933 if (hostok == 1 && userok == 1) 934 return 0; 935 } 936 return -1; 937 } 938 939 /* 940 * Returns "true" if match, 0 if no match. 941 */ 942 static int 943 __icheckhost(raddr, salen, lhost) 944 const struct sockaddr *raddr; 945 socklen_t salen; 946 const char *lhost; 947 { 948 struct addrinfo hints, *res, *r; 949 char h1[NI_MAXHOST], h2[NI_MAXHOST]; 950 int error; 951 const int niflags = NI_NUMERICHOST; 952 953 _DIAGASSERT(raddr != NULL); 954 _DIAGASSERT(lhost != NULL); 955 956 h1[0] = '\0'; 957 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0, 958 niflags) != 0) 959 return (0); 960 961 /* Resolve laddr into sockaddr */ 962 memset(&hints, 0, sizeof(hints)); 963 hints.ai_family = raddr->sa_family; 964 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 965 res = NULL; 966 error = getaddrinfo(lhost, "0", &hints, &res); 967 if (error) 968 return (0); 969 970 /* 971 * Try string comparisons between raddr and laddr. 972 */ 973 for (r = res; r; r = r->ai_next) { 974 h2[0] = '\0'; 975 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), 976 NULL, 0, niflags) != 0) 977 continue; 978 if (strcmp(h1, h2) == 0) { 979 freeaddrinfo(res); 980 return (1); 981 } 982 } 983 984 /* No match. */ 985 freeaddrinfo(res); 986 return (0); 987 } 988 989 /* 990 * Return the hostname associated with the supplied address. 991 * Do a reverse lookup as well for security. If a loop cannot 992 * be found, pack the numeric IP address into the string. 993 */ 994 static char * 995 __gethostloop(raddr, salen) 996 const struct sockaddr *raddr; 997 socklen_t salen; 998 { 999 static char remotehost[NI_MAXHOST]; 1000 char h1[NI_MAXHOST], h2[NI_MAXHOST]; 1001 struct addrinfo hints, *res, *r; 1002 int error; 1003 const int niflags = NI_NUMERICHOST; 1004 1005 _DIAGASSERT(raddr != NULL); 1006 1007 h1[0] = remotehost[0] = '\0'; 1008 if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost), 1009 NULL, 0, NI_NAMEREQD) != 0) 1010 return (NULL); 1011 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0, 1012 niflags) != 0) 1013 return (NULL); 1014 1015 /* 1016 * Look up the name and check that the supplied 1017 * address is in the list 1018 */ 1019 memset(&hints, 0, sizeof(hints)); 1020 hints.ai_family = raddr->sa_family; 1021 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 1022 hints.ai_flags = AI_CANONNAME; 1023 res = NULL; 1024 error = getaddrinfo(remotehost, "0", &hints, &res); 1025 if (error) 1026 return (NULL); 1027 1028 for (r = res; r; r = r->ai_next) { 1029 h2[0] = '\0'; 1030 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), 1031 NULL, 0, niflags) != 0) 1032 continue; 1033 if (strcmp(h1, h2) == 0) { 1034 freeaddrinfo(res); 1035 return (remotehost); 1036 } 1037 } 1038 1039 /* 1040 * either the DNS adminstrator has made a configuration 1041 * mistake, or someone has attempted to spoof us 1042 */ 1043 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s", 1044 h1, res->ai_canonname ? res->ai_canonname : remotehost); 1045 freeaddrinfo(res); 1046 return (NULL); 1047 } 1048