1 /* $NetBSD: rcmd.c,v 1.38 2000/01/31 10:23:03 itojun Exp $ */ 2 3 /* 4 * Copyright (c) 1997 Matthew R. Green. 5 * Copyright (c) 1983, 1993, 1994 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37 #include <sys/cdefs.h> 38 #if defined(LIBC_SCCS) && !defined(lint) 39 #if 0 40 static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94"; 41 #else 42 __RCSID("$NetBSD: rcmd.c,v 1.38 2000/01/31 10:23:03 itojun Exp $"); 43 #endif 44 #endif /* LIBC_SCCS and not lint */ 45 46 #include "namespace.h" 47 #include <sys/param.h> 48 #include <sys/socket.h> 49 #include <sys/stat.h> 50 #include <sys/poll.h> 51 #include <sys/wait.h> 52 53 #include <netinet/in.h> 54 #include <rpc/rpc.h> 55 #include <arpa/inet.h> 56 #include <netgroup.h> 57 58 #include <assert.h> 59 #include <ctype.h> 60 #include <err.h> 61 #include <errno.h> 62 #include <fcntl.h> 63 #include <grp.h> 64 #include <netdb.h> 65 #include <paths.h> 66 #include <pwd.h> 67 #include <signal.h> 68 #include <stdio.h> 69 #include <stdlib.h> 70 #include <string.h> 71 #include <syslog.h> 72 #include <unistd.h> 73 74 #include "pathnames.h" 75 76 int orcmd __P((char **, u_int, const char *, const char *, const char *, 77 int *)); 78 int orcmd_af __P((char **, u_int, const char *, const char *, const char *, 79 int *, int)); 80 int __ivaliduser __P((FILE *, u_int32_t, const char *, const char *)); 81 int __ivaliduser_sa __P((FILE *, struct sockaddr *, const char *, 82 const char *)); 83 static int rshrcmd __P((char **, u_int32_t, const char *, const char *, 84 const char *, int *, const char *)); 85 static int resrcmd __P((struct addrinfo *, char **, u_int32_t, const char *, 86 const char *, const char *, int *)); 87 static int __icheckhost __P((struct sockaddr *, const char *)); 88 static char *__gethostloop __P((struct sockaddr *)); 89 90 int 91 rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 92 char **ahost; 93 u_short rport; 94 const char *locuser, *remuser, *cmd; 95 int *fd2p; 96 { 97 98 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET); 99 } 100 101 int 102 rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) 103 char **ahost; 104 u_short rport; 105 const char *locuser, *remuser, *cmd; 106 int *fd2p; 107 int af; 108 { 109 static char hbuf[MAXHOSTNAMELEN]; 110 char pbuf[NI_MAXSERV]; 111 struct addrinfo hints, *res; 112 int error; 113 struct servent *sp; 114 115 _DIAGASSERT(ahost != NULL); 116 _DIAGASSERT(locuser != NULL); 117 _DIAGASSERT(remuser != NULL); 118 _DIAGASSERT(cmd != NULL); 119 /* fd2p may be NULL */ 120 121 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport)); 122 memset(&hints, 0, sizeof(hints)); 123 hints.ai_family = af; 124 hints.ai_socktype = SOCK_STREAM; 125 hints.ai_flags = AI_CANONNAME; 126 error = getaddrinfo(*ahost, pbuf, &hints, &res); 127 if (error) { 128 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/ 129 return (-1); 130 } 131 if (res->ai_canonname) { 132 /* 133 * Canonicalise hostname. 134 * XXX: Should we really do this? 135 */ 136 strncpy(hbuf, res->ai_canonname, sizeof(hbuf) - 1); 137 hbuf[sizeof(hbuf) - 1] = '\0'; 138 *ahost = hbuf; 139 } 140 141 /* 142 * Check if rport is the same as the shell port, and that the fd2p. If 143 * it is not, the program isn't expecting 'rsh' and so we can't use the 144 * RCMD_CMD environment. 145 */ 146 sp = getservbyname("shell", "tcp"); 147 if (sp != NULL && sp->s_port == rport) 148 error = rshrcmd(ahost, (u_int32_t)rport, 149 locuser, remuser, cmd, fd2p, getenv("RCMD_CMD")); 150 else 151 error = resrcmd(res, ahost, (u_int32_t)rport, 152 locuser, remuser, cmd, fd2p); 153 freeaddrinfo(res); 154 return (error); 155 } 156 157 /* this is simply a wrapper around hprcmd() that handles ahost first */ 158 int 159 orcmd(ahost, rport, locuser, remuser, cmd, fd2p) 160 char **ahost; 161 u_int rport; 162 const char *locuser, *remuser, *cmd; 163 int *fd2p; 164 { 165 return orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET); 166 } 167 168 int 169 orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) 170 char **ahost; 171 u_int rport; 172 const char *locuser, *remuser, *cmd; 173 int *fd2p; 174 int af; 175 { 176 static char hbuf[MAXHOSTNAMELEN]; 177 char pbuf[NI_MAXSERV]; 178 struct addrinfo hints, *res; 179 int error; 180 181 _DIAGASSERT(ahost != NULL); 182 _DIAGASSERT(locuser != NULL); 183 _DIAGASSERT(remuser != NULL); 184 _DIAGASSERT(cmd != NULL); 185 /* fd2p may be NULL */ 186 187 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport)); 188 memset(&hints, 0, sizeof(hints)); 189 hints.ai_family = af; 190 hints.ai_socktype = SOCK_STREAM; 191 hints.ai_flags = AI_CANONNAME; 192 error = getaddrinfo(*ahost, pbuf, &hints, &res); 193 if (error) { 194 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/ 195 return (-1); 196 } 197 if (res->ai_canonname) { 198 strncpy(hbuf, res->ai_canonname, sizeof(hbuf) - 1); 199 hbuf[sizeof(hbuf) - 1] = '\0'; 200 *ahost = hbuf; 201 } 202 203 error = resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p); 204 freeaddrinfo(res); 205 return (error); 206 } 207 208 static int 209 resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p) 210 struct addrinfo *res; 211 char **ahost; 212 u_int32_t rport; 213 const char *locuser, *remuser, *cmd; 214 int *fd2p; 215 { 216 struct addrinfo *r; 217 struct sockaddr_storage from; 218 struct pollfd reads[2]; 219 sigset_t nmask, omask; 220 pid_t pid; 221 int s, lport, timo; 222 int pollr; 223 char c; 224 225 _DIAGASSERT(res != NULL); 226 _DIAGASSERT(ahost != NULL); 227 _DIAGASSERT(locuser != NULL); 228 _DIAGASSERT(remuser != NULL); 229 _DIAGASSERT(cmd != NULL); 230 /* fd2p may be NULL */ 231 232 r = res; 233 pid = getpid(); 234 sigemptyset(&nmask); 235 sigaddset(&nmask, SIGURG); 236 if (sigprocmask(SIG_BLOCK, &nmask, &omask) == -1) 237 return -1; 238 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 239 s = rresvport_af(&lport, r->ai_family); 240 if (s < 0) { 241 if (errno == EAGAIN) 242 warnx("rcmd: socket: All ports in use"); 243 else 244 warn("rcmd: socket"); 245 if (r->ai_next) { 246 r = r->ai_next; 247 continue; 248 } else { 249 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 250 return (-1); 251 } 252 } 253 fcntl(s, F_SETOWN, pid); 254 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0) 255 break; 256 (void)close(s); 257 if (errno == EADDRINUSE) { 258 lport--; 259 continue; 260 } 261 if (errno == ECONNREFUSED && timo <= 16) { 262 (void)sleep((unsigned int)timo); 263 timo *= 2; 264 continue; 265 } 266 if (r->ai_next) { 267 int oerrno = errno; 268 char hbuf[NI_MAXHOST]; 269 #ifdef NI_WITHSCOPEID 270 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; 271 #else 272 const int niflags = NI_NUMERICHOST; 273 #endif 274 275 hbuf[0] = '\0'; 276 if (getnameinfo(r->ai_addr, r->ai_addrlen, 277 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0) 278 strcpy(hbuf, "(invalid)"); 279 warnx("rcmd: connect to address %s", hbuf); 280 errno = oerrno; 281 perror(0); 282 r = r->ai_next; 283 hbuf[0] = '\0'; 284 if (getnameinfo(r->ai_addr, r->ai_addrlen, 285 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0) 286 strcpy(hbuf, "(invalid)"); 287 (void)fprintf(stderr, "Trying %s...\n", hbuf); 288 continue; 289 } 290 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname, 291 strerror(errno)); 292 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 293 return (-1); 294 } 295 lport--; 296 if (fd2p == 0) { 297 write(s, "", 1); 298 lport = 0; 299 } else { 300 char num[8]; 301 int s2 = rresvport_af(&lport, r->ai_family), s3; 302 socklen_t len = sizeof(from); 303 304 if (s2 < 0) 305 goto bad; 306 listen(s2, 1); 307 (void)snprintf(num, sizeof(num), "%d", lport); 308 if (write(s, num, strlen(num) + 1) != strlen(num) + 1) { 309 warn("rcmd: write (setting up stderr)"); 310 (void)close(s2); 311 goto bad; 312 } 313 reads[0].fd = s; 314 reads[0].events = POLLIN; 315 reads[1].fd = s2; 316 reads[1].events = POLLIN; 317 errno = 0; 318 pollr = poll(reads, 2, INFTIM); 319 if (pollr < 1 || (reads[1].revents & POLLIN) == 0) { 320 if (errno != 0) 321 warn("poll: setting up stderr"); 322 else 323 warnx("poll: protocol failure in circuit setup"); 324 (void)close(s2); 325 goto bad; 326 } 327 s3 = accept(s2, (struct sockaddr *)(void *)&from, &len); 328 (void)close(s2); 329 if (s3 < 0) { 330 warn("rcmd: accept"); 331 lport = 0; 332 goto bad; 333 } 334 *fd2p = s3; 335 switch (((struct sockaddr *)&from)->sa_family) { 336 case AF_INET: 337 #ifdef INET6 338 case AF_INET6: 339 #endif 340 if (getnameinfo((struct sockaddr *)&from, len, 341 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 || 342 (atoi(num) >= IPPORT_RESERVED || 343 atoi(num) < IPPORT_RESERVED / 2)) { 344 warnx("rcmd: protocol failure in circuit setup."); 345 goto bad2; 346 } 347 break; 348 default: 349 break; 350 } 351 } 352 353 (void)write(s, locuser, strlen(locuser)+1); 354 (void)write(s, remuser, strlen(remuser)+1); 355 (void)write(s, cmd, strlen(cmd)+1); 356 if (read(s, &c, 1) != 1) { 357 warn("%s", *ahost); 358 goto bad2; 359 } 360 if (c != 0) { 361 while (read(s, &c, 1) == 1) { 362 (void)write(STDERR_FILENO, &c, 1); 363 if (c == '\n') 364 break; 365 } 366 goto bad2; 367 } 368 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 369 return (s); 370 bad2: 371 if (lport) 372 (void)close(*fd2p); 373 bad: 374 (void)close(s); 375 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 376 return (-1); 377 } 378 379 /* 380 * based on code written by Chris Siebenmann <cks@utcc.utoronto.ca> 381 */ 382 /* ARGSUSED */ 383 static int 384 rshrcmd(ahost, rport, locuser, remuser, cmd, fd2p, rshcmd) 385 char **ahost; 386 u_int32_t rport; 387 const char *locuser, *remuser, *cmd; 388 int *fd2p; 389 const char *rshcmd; 390 { 391 pid_t pid; 392 int sp[2], ep[2]; 393 char *p; 394 struct passwd *pw; 395 396 _DIAGASSERT(ahost != NULL); 397 _DIAGASSERT(locuser != NULL); 398 _DIAGASSERT(remuser != NULL); 399 _DIAGASSERT(cmd != NULL); 400 /* fd2p may be NULL */ 401 402 /* What rsh/shell to use. */ 403 if (rshcmd == NULL) 404 rshcmd = _PATH_BIN_RCMD; 405 406 /* locuser must exist on this host. */ 407 if ((pw = getpwnam(locuser)) == NULL) { 408 warnx("rshrcmd: unknown user: %s", locuser); 409 return(-1); 410 } 411 412 /* get a socketpair we'll use for stdin and stdout. */ 413 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sp) < 0) { 414 warn("rshrcmd: socketpair"); 415 return (-1); 416 } 417 /* we will use this for the fd2 pointer */ 418 if (fd2p) { 419 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, ep) < 0) { 420 warn("rshrcmd: socketpair"); 421 return (-1); 422 } 423 *fd2p = ep[0]; 424 } 425 426 pid = fork(); 427 if (pid < 0) { 428 warn("rshrcmd: fork"); 429 return (-1); 430 } 431 if (pid == 0) { 432 /* 433 * child 434 * - we use sp[1] to be stdin/stdout, and close sp[0] 435 * - with fd2p, we use ep[1] for stderr, and close ep[0] 436 */ 437 (void)close(sp[0]); 438 if (dup2(sp[1], 0) < 0 || dup2(0, 1) < 0) { 439 warn("rshrcmd: dup2"); 440 _exit(1); 441 } 442 if (fd2p) { 443 if (dup2(ep[1], 2) < 0) { 444 warn("rshrcmd: dup2"); 445 _exit(1); 446 } 447 (void)close(ep[0]); 448 (void)close(ep[1]); 449 } else if (dup2(0, 2) < 0) { 450 warn("rshrcmd: dup2"); 451 _exit(1); 452 } 453 /* fork again to lose parent. */ 454 pid = fork(); 455 if (pid < 0) { 456 warn("rshrcmd: second fork"); 457 _exit(1); 458 } 459 if (pid > 0) 460 _exit(0); 461 462 /* Orphan. Become local user for rshprog. */ 463 if (setuid(pw->pw_uid)) { 464 warn("rshrcmd: setuid(%lu)", (u_long)pw->pw_uid); 465 _exit(1); 466 } 467 468 /* 469 * If we are rcmd'ing to "localhost" as the same user as we are, 470 * then avoid running remote shell for efficiency. 471 */ 472 if (strcmp(*ahost, "localhost") == 0 && 473 strcmp(locuser, remuser) == 0) { 474 if (pw->pw_shell[0] == '\0') 475 rshcmd = _PATH_BSHELL; 476 else 477 rshcmd = pw->pw_shell; 478 p = strrchr(rshcmd, '/'); 479 execlp(rshcmd, p ? p + 1 : rshcmd, "-c", cmd, NULL); 480 } else { 481 p = strrchr(rshcmd, '/'); 482 execlp(rshcmd, p ? p + 1 : rshcmd, *ahost, "-l", 483 remuser, cmd, NULL); 484 } 485 warn("rshrcmd: exec %s", rshcmd); 486 _exit(1); 487 } 488 /* Parent */ 489 (void)close(sp[1]); 490 if (fd2p) 491 (void)close(ep[1]); 492 493 (void)waitpid(pid, NULL, 0); 494 return (sp[0]); 495 } 496 497 int 498 rresvport(alport) 499 int *alport; 500 { 501 502 _DIAGASSERT(alport != NULL); 503 504 return rresvport_af(alport, AF_INET); 505 } 506 507 int 508 rresvport_af(alport, family) 509 int *alport; 510 int family; 511 { 512 struct sockaddr_storage ss; 513 struct sockaddr *sa; 514 int salen; 515 int s; 516 u_int16_t *portp; 517 518 _DIAGASSERT(alport != NULL); 519 520 memset(&ss, 0, sizeof(ss)); 521 sa = (struct sockaddr *)&ss; 522 switch (family) { 523 case AF_INET: 524 #ifdef BSD4_4 525 sa->sa_len = 526 #endif 527 salen = sizeof(struct sockaddr_in); 528 portp = &((struct sockaddr_in *)sa)->sin_port; 529 break; 530 #ifdef INET6 531 case AF_INET6: 532 #ifdef BSD4_4 533 sa->sa_len = 534 #endif 535 salen = sizeof(struct sockaddr_in6); 536 portp = &((struct sockaddr_in6 *)sa)->sin6_port; 537 break; 538 #endif 539 default: 540 portp = NULL; 541 return EAFNOSUPPORT; 542 } 543 sa->sa_family = family; 544 s = socket(family, SOCK_STREAM, 0); 545 if (s < 0) 546 return (-1); 547 #ifdef BSD4_4 548 switch (family) { 549 case AF_INET: 550 case AF_INET6: 551 *portp = 0; 552 if (bindresvport(s, (struct sockaddr_in *)sa) < 0) { 553 int sverr = errno; 554 555 (void)close(s); 556 errno = sverr; 557 return (-1); 558 } 559 *alport = (int)ntohs(*portp); 560 return (s); 561 default: 562 /* is it necessary to try keep code for other AFs? */ 563 break; 564 } 565 #endif 566 for (;;) { 567 *portp = htons((u_short)*alport); 568 if (bind(s, sa, (socklen_t)salen) >= 0) 569 return (s); 570 if (errno != EADDRINUSE) { 571 (void)close(s); 572 return (-1); 573 } 574 (*alport)--; 575 if (*alport == IPPORT_RESERVED/2) { 576 (void)close(s); 577 errno = EAGAIN; /* close */ 578 return (-1); 579 } 580 } 581 } 582 583 int __check_rhosts_file = 1; 584 char *__rcmd_errstr; 585 586 int 587 ruserok(rhost, superuser, ruser, luser) 588 const char *rhost, *ruser, *luser; 589 int superuser; 590 { 591 struct addrinfo hints, *res, *r; 592 int error; 593 594 _DIAGASSERT(rhost != NULL); 595 _DIAGASSERT(ruser != NULL); 596 _DIAGASSERT(luser != NULL); 597 598 memset(&hints, 0, sizeof(hints)); 599 hints.ai_family = PF_UNSPEC; 600 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 601 error = getaddrinfo(rhost, "0", &hints, &res); 602 if (error) 603 return (-1); 604 605 for (r = res; r; r = r->ai_next) { 606 if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser, 607 luser) == 0) { 608 freeaddrinfo(res); 609 return (0); 610 } 611 } 612 freeaddrinfo(res); 613 return (-1); 614 } 615 616 /* 617 * New .rhosts strategy: We are passed an ip address. We spin through 618 * hosts.equiv and .rhosts looking for a match. When the .rhosts only 619 * has ip addresses, we don't have to trust a nameserver. When it 620 * contains hostnames, we spin through the list of addresses the nameserver 621 * gives us and look for a match. 622 * 623 * Returns 0 if ok, -1 if not ok. 624 */ 625 int 626 iruserok(raddr, superuser, ruser, luser) 627 u_int32_t raddr; 628 int superuser; 629 const char *ruser, *luser; 630 { 631 struct sockaddr_in sin; 632 633 memset(&sin, 0, sizeof(sin)); 634 sin.sin_family = AF_INET; 635 sin.sin_len = sizeof(struct sockaddr_in); 636 memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr)); 637 return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, luser, 638 ruser); 639 } 640 641 /* 642 * 2nd and 3rd arguments are typed like this, to avoid dependency between 643 * unistd.h and sys/socket.h. There's no better way. 644 */ 645 int 646 iruserok_sa(raddr, rlen, superuser, ruser, luser) 647 const void *raddr; 648 int rlen; 649 int superuser; 650 const char *ruser, *luser; 651 { 652 struct sockaddr *sa; 653 register char *cp; 654 struct stat sbuf; 655 struct passwd *pwd; 656 FILE *hostf; 657 uid_t uid; 658 gid_t gid; 659 int first; 660 char pbuf[MAXPATHLEN]; 661 662 _DIAGASSERT(raddr != NULL); 663 _DIAGASSERT(ruser != NULL); 664 _DIAGASSERT(luser != NULL); 665 666 sa = (struct sockaddr *)raddr; 667 #ifdef lint 668 rlen = rlen; 669 #endif 670 671 first = 1; 672 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); 673 again: 674 if (hostf) { 675 if (__ivaliduser_sa(hostf, sa, luser, ruser) == 0) { 676 (void)fclose(hostf); 677 return (0); 678 } 679 (void)fclose(hostf); 680 } 681 if (first == 1 && (__check_rhosts_file || superuser)) { 682 first = 0; 683 if ((pwd = getpwnam(luser)) == NULL) 684 return (-1); 685 (void)strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); 686 (void)strncat(pbuf, "/.rhosts", sizeof(pbuf) - strlen(pbuf) - 1); 687 688 /* 689 * Change effective uid while opening .rhosts. If root and 690 * reading an NFS mounted file system, can't read files that 691 * are protected read/write owner only. 692 */ 693 uid = geteuid(); 694 gid = getegid(); 695 (void)setegid(pwd->pw_gid); 696 initgroups(pwd->pw_name, pwd->pw_gid); 697 (void)seteuid(pwd->pw_uid); 698 hostf = fopen(pbuf, "r"); 699 (void)seteuid(uid); 700 (void)setegid(gid); 701 702 if (hostf == NULL) 703 return (-1); 704 /* 705 * If not a regular file, or is owned by someone other than 706 * user or root or if writeable by anyone but the owner, quit. 707 */ 708 cp = NULL; 709 if (lstat(pbuf, &sbuf) < 0) 710 cp = ".rhosts lstat failed"; 711 else if (!S_ISREG(sbuf.st_mode)) 712 cp = ".rhosts not regular file"; 713 else if (fstat(fileno(hostf), &sbuf) < 0) 714 cp = ".rhosts fstat failed"; 715 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) 716 cp = "bad .rhosts owner"; 717 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) 718 cp = ".rhosts writeable by other than owner"; 719 /* If there were any problems, quit. */ 720 if (cp) { 721 __rcmd_errstr = cp; 722 (void)fclose(hostf); 723 return (-1); 724 } 725 goto again; 726 } 727 return (-1); 728 } 729 730 /* 731 * XXX 732 * Don't make static, used by lpd(8). 733 * 734 * Returns 0 if ok, -1 if not ok. 735 */ 736 int 737 __ivaliduser(hostf, raddr, luser, ruser) 738 FILE *hostf; 739 u_int32_t raddr; 740 const char *luser, *ruser; 741 { 742 struct sockaddr_in sin; 743 744 memset(&sin, 0, sizeof(sin)); 745 sin.sin_family = AF_INET; 746 sin.sin_len = sizeof(struct sockaddr_in); 747 memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr)); 748 return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, luser, ruser); 749 } 750 751 int 752 __ivaliduser_sa(hostf, raddr, luser, ruser) 753 FILE *hostf; 754 struct sockaddr *raddr; 755 const char *luser, *ruser; 756 { 757 register char *user, *p; 758 int ch; 759 char buf[MAXHOSTNAMELEN + 128]; /* host + login */ 760 const char *auser, *ahost; 761 int hostok, userok; 762 char *rhost = NULL; 763 int firsttime = 1; 764 char domain[MAXHOSTNAMELEN]; 765 766 getdomainname(domain, sizeof(domain)); 767 768 _DIAGASSERT(hostf != NULL); 769 _DIAGASSERT(luser != NULL); 770 _DIAGASSERT(ruser != NULL); 771 772 while (fgets(buf, sizeof(buf), hostf)) { 773 p = buf; 774 /* Skip lines that are too long. */ 775 if (strchr(p, '\n') == NULL) { 776 while ((ch = getc(hostf)) != '\n' && ch != EOF) 777 ; 778 continue; 779 } 780 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 781 *p = isupper((unsigned char)*p) ? tolower(*p) : *p; 782 p++; 783 } 784 if (*p == ' ' || *p == '\t') { 785 *p++ = '\0'; 786 while (*p == ' ' || *p == '\t') 787 p++; 788 user = p; 789 while (*p != '\n' && *p != ' ' && 790 *p != '\t' && *p != '\0') 791 p++; 792 } else 793 user = p; 794 *p = '\0'; 795 796 if (p == buf) 797 continue; 798 799 auser = *user ? user : luser; 800 ahost = buf; 801 802 if (ahost[0] == '+') 803 switch (ahost[1]) { 804 case '\0': 805 hostok = 1; 806 break; 807 808 case '@': 809 if (firsttime) { 810 rhost = __gethostloop(raddr); 811 firsttime = 0; 812 } 813 if (rhost) 814 hostok = innetgr(&ahost[2], rhost, 815 NULL, domain); 816 else 817 hostok = 0; 818 break; 819 820 default: 821 hostok = __icheckhost(raddr, &ahost[1]); 822 break; 823 } 824 else if (ahost[0] == '-') 825 switch (ahost[1]) { 826 case '\0': 827 hostok = -1; 828 break; 829 830 case '@': 831 if (firsttime) { 832 rhost = __gethostloop(raddr); 833 firsttime = 0; 834 } 835 if (rhost) 836 hostok = -innetgr(&ahost[2], rhost, 837 NULL, domain); 838 else 839 hostok = 0; 840 break; 841 842 default: 843 hostok = -__icheckhost(raddr, &ahost[1]); 844 break; 845 } 846 else 847 hostok = __icheckhost(raddr, ahost); 848 849 850 if (auser[0] == '+') 851 switch (auser[1]) { 852 case '\0': 853 userok = 1; 854 break; 855 856 case '@': 857 userok = innetgr(&auser[2], NULL, ruser, 858 domain); 859 break; 860 861 default: 862 userok = strcmp(ruser, &auser[1]) == 0; 863 break; 864 } 865 else if (auser[0] == '-') 866 switch (auser[1]) { 867 case '\0': 868 userok = -1; 869 break; 870 871 case '@': 872 userok = -innetgr(&auser[2], NULL, ruser, 873 domain); 874 break; 875 876 default: 877 userok = 878 -(strcmp(ruser, &auser[1]) == 0 ? 1 : 0); 879 break; 880 } 881 else 882 userok = strcmp(ruser, auser) == 0; 883 884 /* Check if one component did not match */ 885 if (hostok == 0 || userok == 0) 886 continue; 887 888 /* Check if we got a forbidden pair */ 889 if (userok == -1 || hostok == -1) 890 return -1; 891 892 /* Check if we got a valid pair */ 893 if (hostok == 1 && userok == 1) 894 return 0; 895 } 896 return -1; 897 } 898 899 /* 900 * Returns "true" if match, 0 if no match. 901 * 902 * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion 903 * if af == AF_INET6. 904 */ 905 static int 906 __icheckhost(raddr, lhost) 907 struct sockaddr *raddr; 908 const char *lhost; 909 { 910 struct addrinfo hints, *res, *r; 911 char h1[NI_MAXHOST], h2[NI_MAXHOST]; 912 int error; 913 #ifdef NI_WITHSCOPEID 914 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; 915 #else 916 const int niflags = NI_NUMERICHOST; 917 #endif 918 919 _DIAGASSERT(raddr != NULL); 920 _DIAGASSERT(lhost != NULL); 921 922 h1[0] = '\0'; 923 if (getnameinfo(raddr, raddr->sa_len, h1, sizeof(h1), NULL, 0, 924 niflags) != 0) 925 return (0); 926 927 /* Resolve laddr into sockaddr */ 928 memset(&hints, 0, sizeof(hints)); 929 hints.ai_family = raddr->sa_family; 930 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 931 res = NULL; 932 error = getaddrinfo(lhost, "0", &hints, &res); 933 if (error) 934 return (0); 935 936 /* 937 * Try string comparisons between raddr and laddr. 938 */ 939 for (r = res; r; r = r->ai_next) { 940 h2[0] = '\0'; 941 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), 942 NULL, 0, niflags) != 0) 943 continue; 944 if (strcmp(h1, h2) == 0) { 945 freeaddrinfo(res); 946 return (1); 947 } 948 } 949 950 /* No match. */ 951 freeaddrinfo(res); 952 return (0); 953 } 954 955 /* 956 * Return the hostname associated with the supplied address. 957 * Do a reverse lookup as well for security. If a loop cannot 958 * be found, pack the numeric IP address into the string. 959 * 960 * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion 961 * if af == AF_INET6. 962 */ 963 static char * 964 __gethostloop(raddr) 965 struct sockaddr *raddr; 966 { 967 static char remotehost[NI_MAXHOST]; 968 char h1[NI_MAXHOST], h2[NI_MAXHOST]; 969 struct addrinfo hints, *res, *r; 970 int error; 971 #ifdef NI_WITHSCOPEID 972 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; 973 #else 974 const int niflags = NI_NUMERICHOST; 975 #endif 976 977 _DIAGASSERT(raddr != NULL); 978 979 h1[0] = remotehost[0] = '\0'; 980 if (getnameinfo(raddr, raddr->sa_len, remotehost, sizeof(remotehost), 981 NULL, 0, NI_NAMEREQD) != 0) 982 return (NULL); 983 if (getnameinfo(raddr, raddr->sa_len, h1, sizeof(h1), NULL, 0, 984 niflags) != 0) 985 return (NULL); 986 987 /* 988 * Look up the name and check that the supplied 989 * address is in the list 990 */ 991 memset(&hints, 0, sizeof(hints)); 992 hints.ai_family = raddr->sa_family; 993 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 994 hints.ai_flags = AI_CANONNAME; 995 res = NULL; 996 error = getaddrinfo(remotehost, "0", &hints, &res); 997 if (error) 998 return (NULL); 999 1000 for (r = res; r; r = r->ai_next) { 1001 h2[0] = '\0'; 1002 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), 1003 NULL, 0, niflags) != 0) 1004 continue; 1005 if (strcmp(h1, h2) == 0) { 1006 freeaddrinfo(res); 1007 return (remotehost); 1008 } 1009 } 1010 1011 /* 1012 * either the DNS adminstrator has made a configuration 1013 * mistake, or someone has attempted to spoof us 1014 */ 1015 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s", 1016 h1, res->ai_canonname ? res->ai_canonname : remotehost); 1017 freeaddrinfo(res); 1018 return (NULL); 1019 } 1020