Context Navigation

rshd.c@ 4

Last change on this file since 4 was 4, checked in by Paul Smedley, 10 years ago
heimdal: applied os2 patches, added conf.cmd
File size: 25.3 KB

Line
1	/*
2	* Copyright (c) 1997-2007 Kungliga Tekniska HÃ¶gskolan
3	* (Royal Institute of Technology, Stockholm, Sweden).
4	* All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* 3. Neither the name of the Institute nor the names of its contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*/
33
34	#include "rsh_locl.h"
35	#include "login_locl.h"
36	RCSID("$Id$");
37
38	int
39	login_access( struct passwd user, char from);
40	int
41	read_limits_conf(const char file, const struct passwd pwd);
42
43	#ifdef NEED_IRUSEROK_PROTO
44	int iruserok(uint32_t, int, const char , const char );
45	#endif
46
47	enum auth_method auth_method;
48
49	#ifdef KRB5
50	krb5_context context;
51	krb5_keyblock *keyblock;
52	krb5_crypto crypto;
53	#endif
54
55	#ifdef KRB5
56	krb5_ccache ccache, ccache2;
57	int kerberos_status = 0;
58	#endif
59
60	int do_encrypt = 0;
61
62	static int do_unique_tkfile = 0;
63	static char tkfile[MAXPATHLEN] = "";
64
65	static int do_inetd = 1;
66	static char *port_str;
67	static int do_rhosts = 1;
68	static int do_kerberos = 0;
69	#define DO_KRB5 4
70	static int do_vacuous = 0;
71	static int do_log = 1;
72	static int do_newpag = 1;
73	static int do_addr_verify = 0;
74	static int do_keepalive = 1;
75	static int do_version;
76	static int do_help = 0;
77
78	static void
79	syslog_and_die (const char *m, ...)
80	__attribute__ ((format (printf, 1, 2)));
81
82	static void
83	syslog_and_die (const char *m, ...)
84	{
85	va_list args;
86
87	va_start(args, m);
88	vsyslog (LOG_ERR, m, args);
89	va_end(args);
90	exit (1);
91	}
92
93	static void
94	fatal (int, const char, const char , ...)
95	__attribute__ ((noreturn, format (printf, 3, 4)));
96
97	static void
98	fatal (int sock, const char what, const char m, ...)
99	{
100	va_list args;
101	char buf[BUFSIZ];
102	size_t len;
103
104	*buf = 1;
105	va_start(args, m);
106	len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args);
107	len = min(len, sizeof(buf) - 1);
108	va_end(args);
109	if(what != NULL)
110	syslog (LOG_ERR, "%s: %s: %s", what, strerror(errno), buf + 1);
111	else
112	syslog (LOG_ERR, "%s", buf + 1);
113	net_write (sock, buf, len + 1);
114	exit (1);
115	}
116
117	static char *
118	read_str (int s, size_t sz, char *expl)
119	{
120	char *str = malloc(sz);
121	char *p = str;
122	if(str == NULL)
123	fatal(s, NULL, "%s too long", expl);
124	while(p < str + sz) {
125	if(net_read(s, p, 1) != 1)
126	syslog_and_die("read: %s", strerror(errno));
127	if(*p == '\0')
128	return str;
129	p++;
130	}
131	fatal(s, NULL, "%s too long", expl);
132	}
133
134	static int
135	recv_bsd_auth (int s, u_char *buf,
136	struct sockaddr_in *thisaddr,
137	struct sockaddr_in *thataddr,
138	char **client_username,
139	char **server_username,
140	char **cmd)
141	{
142	struct passwd *pwd;
143
144	*client_username = read_str (s, USERNAME_SZ, "local username");
145	*server_username = read_str (s, USERNAME_SZ, "remote username");
146	*cmd = read_str (s, ARG_MAX + 1, "command");
147	pwd = getpwnam(*server_username);
148	if (pwd == NULL)
149	fatal(s, NULL, "Login incorrect.");
150	if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0,
151	client_username, server_username))
152	fatal(s, NULL, "Login incorrect.");
153	return 0;
154	}
155
156	#ifdef KRB5
157	static int
158	save_krb5_creds (int s,
159	krb5_auth_context auth_context,
160	krb5_principal client)
161
162	{
163	int ret;
164	krb5_data remote_cred;
165
166	krb5_data_zero (&remote_cred);
167	ret= krb5_read_message (context, (void *)&s, &remote_cred);
168	if (ret) {
169	krb5_data_free(&remote_cred);
170	return 0;
171	}
172	if (remote_cred.length == 0)
173	return 0;
174
175	ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache);
176	if (ret) {
177	krb5_data_free(&remote_cred);
178	return 0;
179	}
180
181	krb5_cc_initialize(context,ccache,client);
182	ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
183	if(ret != 0)
184	syslog(LOG_INFO\|LOG_AUTH,
185	"reading creds: %s", krb5_get_err_text(context, ret));
186	krb5_data_free (&remote_cred);
187	if (ret)
188	return 0;
189	return 1;
190	}
191
192	static void
193	krb5_start_session (void)
194	{
195	krb5_error_code ret;
196	char *estr;
197
198	ret = krb5_cc_resolve (context, tkfile, &ccache2);
199	if (ret) {
200	estr = krb5_get_error_string(context);
201	syslog(LOG_WARNING, "resolve cred cache %s: %s",
202	tkfile,
203	estr ? estr : krb5_get_err_text(context, ret));
204	free(estr);
205	krb5_cc_destroy(context, ccache);
206	return;
207	}
208
209	ret = krb5_cc_copy_cache (context, ccache, ccache2);
210	if (ret) {
211	estr = krb5_get_error_string(context);
212	syslog(LOG_WARNING, "storing credentials: %s",
213	estr ? estr : krb5_get_err_text(context, ret));
214	free(estr);
215	krb5_cc_destroy(context, ccache);
216	return ;
217	}
218
219	krb5_cc_close(context, ccache2);
220	krb5_cc_destroy(context, ccache);
221	return;
222	}
223
224	static int protocol_version;
225
226	static krb5_boolean
227	match_kcmd_version(const void data, const char version)
228	{
229	if(strcmp(version, KCMD_NEW_VERSION) == 0) {
230	protocol_version = 2;
231	return TRUE;
232	}
233	if(strcmp(version, KCMD_OLD_VERSION) == 0) {
234	protocol_version = 1;
235	key_usage = KRB5_KU_OTHER_ENCRYPTED;
236	return TRUE;
237	}
238	return FALSE;
239	}
240
241
242	static int
243	recv_krb5_auth (int s, u_char *buf,
244	struct sockaddr *thisaddr,
245	struct sockaddr *thataddr,
246	char **client_username,
247	char **server_username,
248	char **cmd)
249	{
250	uint32_t len;
251	krb5_auth_context auth_context = NULL;
252	krb5_ticket *ticket;
253	krb5_error_code status;
254	krb5_data cksum_data;
255	krb5_principal server;
256	char *str;
257
258	if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
259	return -1;
260	len = (buf[0] << 24) \| (buf[1] << 16) \| (buf[2] << 8) \| (buf[3]);
261
262	if (net_read(s, buf, len) != len)
263	syslog_and_die ("reading auth info: %s", strerror(errno));
264	if (len != sizeof(KRB5_SENDAUTH_VERSION)
265	\|\| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
266	syslog_and_die ("bad sendauth version: %.8s", buf);
267
268	status = krb5_sock_to_principal (context,
269	s,
270	"host",
271	KRB5_NT_SRV_HST,
272	&server);
273	if (status)
274	syslog_and_die ("krb5_sock_to_principal: %s",
275	krb5_get_err_text(context, status));
276
277	status = krb5_recvauth_match_version(context,
278	&auth_context,
279	&s,
280	match_kcmd_version,
281	NULL,
282	server,
283	KRB5_RECVAUTH_IGNORE_VERSION,
284	NULL,
285	&ticket);
286	krb5_free_principal (context, server);
287	if (status)
288	syslog_and_die ("krb5_recvauth: %s",
289	krb5_get_err_text(context, status));
290
291	*server_username = read_str (s, USERNAME_SZ, "remote username");
292	*cmd = read_str (s, ARG_MAX + 1, "command");
293	*client_username = read_str (s, ARG_MAX + 1, "local username");
294
295	if(protocol_version == 2) {
296	status = krb5_auth_con_getremotesubkey(context, auth_context,
297	&keyblock);
298	if(status != 0 \|\| keyblock == NULL)
299	syslog_and_die("failed to get remote subkey");
300	} else if(protocol_version == 1) {
301	status = krb5_auth_con_getkey (context, auth_context, &keyblock);
302	if(status != 0 \|\| keyblock == NULL)
303	syslog_and_die("failed to get key");
304	}
305	if (status != 0 \|\| keyblock == NULL)
306	syslog_and_die ("krb5_auth_con_getkey: %s",
307	krb5_get_err_text(context, status));
308
309	status = krb5_crypto_init(context, keyblock, 0, &crypto);
310	if(status)
311	syslog_and_die("krb5_crypto_init: %s",
312	krb5_get_err_text(context, status));
313
314
315	cksum_data.length = asprintf (&str,
316	"%u:%s%s",
317	ntohs(socket_get_port (thisaddr)),
318	*cmd,
319	*server_username);
320	if (str == NULL)
321	syslog_and_die ("asprintf: out of memory");
322	cksum_data.data = str;
323
324	status = krb5_verify_authenticator_checksum(context,
325	auth_context,
326	cksum_data.data,
327	cksum_data.length);
328
329	if (status)
330	syslog_and_die ("krb5_verify_authenticator_checksum: %s",
331	krb5_get_err_text(context, status));
332
333	free (cksum_data.data);
334
335	if (strncmp (*client_username, "-u ", 3) == 0) {
336	do_unique_tkfile = 1;
337	memmove (client_username, client_username + 3,
338	strlen(*client_username) - 2);
339	}
340
341	if (strncmp (*client_username, "-U ", 3) == 0) {
342	char end, temp_tkfile;
343
344	do_unique_tkfile = 1;
345	if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
346	temp_tkfile = tkfile;
347	} else {
348	strlcpy (tkfile, "FILE:", sizeof(tkfile));
349	temp_tkfile = tkfile + 5;
350	}
351	end = strchr(*client_username + 3,' ');
352	if (end == NULL)
353	syslog_and_die("missing argument after -U");
354	snprintf(temp_tkfile, sizeof(tkfile) - (temp_tkfile - tkfile),
355	"%.*s",
356	(int)(end - *client_username - 3),
357	*client_username + 3);
358	memmove (*client_username, end + 1, strlen(end+1)+1);
359	}
360
361	kerberos_status = save_krb5_creds (s, auth_context, ticket->client);
362
363	if(!krb5_kuserok (context,
364	ticket->client,
365	*server_username))
366	fatal (s, NULL, "Permission denied.");
367
368	if (strncmp (*cmd, "-x ", 3) == 0) {
369	do_encrypt = 1;
370	memmove (cmd, cmd + 3, strlen(*cmd) - 2);
371	} else {
372	if(do_encrypt)
373	fatal (s, NULL, "Encryption is required.");
374	do_encrypt = 0;
375	}
376
377	{
378	char *name;
379
380	if (krb5_unparse_name (context, ticket->client, &name) == 0) {
381	char addr_str[256];
382
383	if (inet_ntop (thataddr->sa_family,
384	socket_get_address (thataddr),
385	addr_str, sizeof(addr_str)) == NULL)
386	strlcpy (addr_str, "unknown address",
387	sizeof(addr_str));
388
389	syslog(LOG_INFO\|LOG_AUTH,
390	"kerberos v5 shell from %s on %s as %s, cmd '%.80s'",
391	name,
392	addr_str,
393	*server_username,
394	*cmd);
395	free (name);
396	}
397	}
398
399	krb5_auth_con_free(context, auth_context);
400
401	return 0;
402	}
403	#endif /* KRB5 */
404
405	static void
406	rshd_loop (int from0, int to0,
407	int to1, int from1,
408	int to2, int from2,
409	int have_errsock)
410	{
411	fd_set real_readset;
412	int max_fd;
413	int count = 2;
414	char *buf;
415
416	if(from0 >= FD_SETSIZE \|\| from1 >= FD_SETSIZE \|\| from2 >= FD_SETSIZE)
417	errx (1, "fd too large");
418
419	#ifdef KRB5
420	if(auth_method == AUTH_KRB5 && protocol_version == 2)
421	init_ivecs(0, have_errsock);
422	#endif
423
424	FD_ZERO(&real_readset);
425	FD_SET(from0, &real_readset);
426	FD_SET(from1, &real_readset);
427	FD_SET(from2, &real_readset);
428	max_fd = max(from0, max(from1, from2)) + 1;
429
430	buf = malloc(max(RSHD_BUFSIZ, RSH_BUFSIZ));
431	if (buf == NULL)
432	syslog_and_die("out of memory");
433
434	for (;;) {
435	int ret;
436	fd_set readset = real_readset;
437
438	ret = select (max_fd, &readset, NULL, NULL, NULL);
439	if (ret < 0) {
440	if (errno == EINTR)
441	continue;
442	else
443	syslog_and_die ("select: %s", strerror(errno));
444	}
445	if (FD_ISSET(from0, &readset)) {
446	ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]);
447	if (ret < 0)
448	syslog_and_die ("read: %s", strerror(errno));
449	else if (ret == 0) {
450	close (from0);
451	close (to0);
452	FD_CLR(from0, &real_readset);
453	} else
454	net_write (to0, buf, ret);
455	}
456	if (FD_ISSET(from1, &readset)) {
457	ret = read (from1, buf, RSH_BUFSIZ);
458	if (ret < 0)
459	syslog_and_die ("read: %s", strerror(errno));
460	else if (ret == 0) {
461	close (from1);
462	close (to1);
463	FD_CLR(from1, &real_readset);
464	if (--count == 0)
465	exit (0);
466	} else
467	do_write (to1, buf, ret, ivec_out[0]);
468	}
469	if (FD_ISSET(from2, &readset)) {
470	ret = read (from2, buf, RSH_BUFSIZ);
471	if (ret < 0)
472	syslog_and_die ("read: %s", strerror(errno));
473	else if (ret == 0) {
474	close (from2);
475	close (to2);
476	FD_CLR(from2, &real_readset);
477	if (--count == 0)
478	exit (0);
479	} else
480	do_write (to2, buf, ret, ivec_out[1]);
481	}
482	}
483	}
484
485	/*
486	* Used by `setup_copier' to create some pipe-like means of
487	* communcation. Real pipes would probably be the best thing, but
488	* then the shell doesn't understand it's talking to rshd. If
489	* socketpair doesn't work everywhere, some autoconf magic would have
490	* to be added here.
491	*
492	* If it fails creating the `pipe', it aborts by calling fatal.
493	*/
494
495	static void
496	pipe_a_like (int fd[2])
497	{
498	if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0)
499	fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed.");
500	}
501
502	/*
503	* Start a child process and leave the parent copying data to and from it. */
504
505	static void
506	setup_copier (int have_errsock)
507	{
508	int p0[2], p1[2], p2[2];
509	pid_t pid;
510
511	pipe_a_like(p0);
512	pipe_a_like(p1);
513	pipe_a_like(p2);
514	pid = fork ();
515	if (pid < 0)
516	fatal (STDOUT_FILENO, "fork", "Could not create child process.");
517	if (pid == 0) { /* child */
518	close (p0[1]);
519	close (p1[0]);
520	close (p2[0]);
521	dup2 (p0[0], STDIN_FILENO);
522	dup2 (p1[1], STDOUT_FILENO);
523	dup2 (p2[1], STDERR_FILENO);
524	close (p0[0]);
525	close (p1[1]);
526	close (p2[1]);
527	} else { /* parent */
528	close (p0[0]);
529	close (p1[1]);
530	close (p2[1]);
531
532	if (net_write (STDOUT_FILENO, "", 1) != 1)
533	fatal (STDOUT_FILENO, "net_write", "Write failure.");
534
535	rshd_loop (STDIN_FILENO, p0[1],
536	STDOUT_FILENO, p1[0],
537	STDERR_FILENO, p2[0],
538	have_errsock);
539	}
540	}
541
542	/*
543	* Is `port' a ``reserverd'' port?
544	*/
545
546	static int
547	is_reserved(u_short port)
548	{
549	return ntohs(port) < IPPORT_RESERVED;
550	}
551
552	/*
553	* Set the necessary part of the environment in `env'.
554	*/
555
556	static void
557	setup_environment (char **env, const struct passwd pwd)
558	{
559	int i, j, path;
560	char **e;
561
562	i = 0;
563	path = 0;
564	*env = NULL;
565
566	i = read_environment(_PATH_ETC_ENVIRONMENT, env);
567	e = *env;
568	for (j = 0; j < i; j++) {
569	if (!strncmp(e[j], "PATH=", 5)) {
570	path = 1;
571	}
572	}
573
574	e = *env;
575	e = realloc(e, (i + 7) * sizeof(char *));
576
577	if (asprintf (&e[i++], "USER=%s", pwd->pw_name) == -1)
578	syslog_and_die ("asprintf: out of memory");
579	if (asprintf (&e[i++], "HOME=%s", pwd->pw_dir) == -1)
580	syslog_and_die ("asprintf: out of memory");
581	if (asprintf (&e[i++], "SHELL=%s", pwd->pw_shell) == -1)
582	syslog_and_die ("asprintf: out of memory");
583	if (! path) {
584	if (asprintf (&e[i++], "PATH=%s", _PATH_DEFPATH) == -1)
585	syslog_and_die ("asprintf: out of memory");
586	}
587	asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy");
588	if (do_unique_tkfile)
589	if (asprintf (&e[i++], "KRB5CCNAME=%s", tkfile) == -1)
590	syslog_and_die ("asprintf: out of memory");
591	e[i++] = NULL;
592	*env = e;
593	}
594
595	static void
596	doit (void)
597	{
598	u_char buf[BUFSIZ];
599	u_char *p;
600	struct sockaddr_storage thisaddr_ss;
601	struct sockaddr thisaddr = (struct sockaddr )&thisaddr_ss;
602	struct sockaddr_storage thataddr_ss;
603	struct sockaddr thataddr = (struct sockaddr )&thataddr_ss;
604	struct sockaddr_storage erraddr_ss;
605	struct sockaddr erraddr = (struct sockaddr )&erraddr_ss;
606	socklen_t thisaddr_len, thataddr_len;
607	int port;
608	int errsock = -1;
609	char client_user = NULL, server_user = NULL, *cmd = NULL;
610	struct passwd *pwd;
611	int s = STDIN_FILENO;
612	char **env;
613	int ret;
614	char that_host[NI_MAXHOST];
615
616	thisaddr_len = sizeof(thisaddr_ss);
617	if (getsockname (s, thisaddr, &thisaddr_len) < 0)
618	syslog_and_die("getsockname: %s", strerror(errno));
619	thataddr_len = sizeof(thataddr_ss);
620	if (getpeername (s, thataddr, &thataddr_len) < 0)
621	syslog_and_die ("getpeername: %s", strerror(errno));
622
623	/* check for V4MAPPED addresses? */
624
625	if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
626	fatal(s, NULL, "Permission denied.");
627
628	p = buf;
629	port = 0;
630	for(;;) {
631	if (net_read (s, p, 1) != 1)
632	syslog_and_die ("reading port number: %s", strerror(errno));
633	if (*p == '\0')
634	break;
635	else if (isdigit(*p))
636	port = port * 10 + *p - '0';
637	else
638	syslog_and_die ("non-digit in port number: %c", *p);
639	}
640
641	if (do_kerberos == 0 && !is_reserved(htons(port)))
642	fatal(s, NULL, "Permission denied.");
643
644	if (port) {
645	int priv_port = IPPORT_RESERVED - 1;
646
647	/*
648	* There's no reason to require a ``privileged'' port number
649	* here, but for some reason the brain dead rsh clients
650	* do... :-(
651	*/
652
653	erraddr->sa_family = thataddr->sa_family;
654	socket_set_address_and_port (erraddr,
655	socket_get_address (thataddr),
656	htons(port));
657
658	/*
659	* we only do reserved port for IPv4
660	*/
661
662	#ifndef __OS2__
663	if (erraddr->sa_family == AF_INET)
664	errsock = rresvport (&priv_port);
665	else
666	#endif
667	errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
668	if (errsock < 0)
669	syslog_and_die ("socket: %s", strerror(errno));
670	if (connect (errsock,
671	erraddr,
672	socket_sockaddr_size (erraddr)) < 0) {
673	syslog (LOG_WARNING, "connect: %s", strerror(errno));
674	close (errsock);
675	}
676	}
677
678	if(do_kerberos) {
679	if (net_read (s, buf, 4) != 4)
680	syslog_and_die ("reading auth info: %s", strerror(errno));
681
682	#ifdef KRB5
683	if((do_kerberos & DO_KRB5) &&
684	recv_krb5_auth (s, buf, thisaddr, thataddr,
685	&client_user,
686	&server_user,
687	&cmd) == 0)
688	auth_method = AUTH_KRB5;
689	else
690	#endif /* KRB5 */
691	syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
692	buf[0], buf[1], buf[2], buf[3]);
693	} else {
694	if(recv_bsd_auth (s, buf,
695	(struct sockaddr_in *)thisaddr,
696	(struct sockaddr_in *)thataddr,
697	&client_user,
698	&server_user,
699	&cmd) == 0) {
700	auth_method = AUTH_BROKEN;
701	if(do_vacuous) {
702	printf("Remote host requires Kerberos authentication\n");
703	exit(0);
704	}
705	} else
706	syslog_and_die("recv_bsd_auth failed");
707	}
708
709	if (client_user == NULL \|\| server_user == NULL \|\| cmd == NULL)
710	syslog_and_die("mising client/server/cmd");
711
712	pwd = getpwnam (server_user);
713	if (pwd == NULL)
714	fatal (s, NULL, "Login incorrect.");
715
716	if (*pwd->pw_shell == '\0')
717	pwd->pw_shell = _PATH_BSHELL;
718
719	if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
720	fatal (s, NULL, "Login disabled.");
721
722
723	ret = getnameinfo_verified (thataddr, thataddr_len,
724	that_host, sizeof(that_host),
725	NULL, 0, 0);
726	if (ret)
727	fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret));
728
729	if (login_access(pwd, that_host) == 0) {
730	syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
731	server_user, that_host);
732	fatal(s, NULL, "Permission denied.");
733	}
734
735	#ifdef HAVE_GETSPNAM
736	{
737	struct spwd *sp;
738	long today;
739
740	sp = getspnam(server_user);
741	if (sp != NULL) {
742	today = time(0)/(24L * 60 * 60);
743	if (sp->sp_expire > 0)
744	if (today > sp->sp_expire)
745	fatal(s, NULL, "Account has expired.");
746	}
747	}
748	#endif
749
750
751	#ifdef HAVE_SETLOGIN
752	if (setlogin(pwd->pw_name) < 0)
753	syslog(LOG_ERR, "setlogin() failed: %s", strerror(errno));
754	#endif
755
756	#ifdef HAVE_SETPCRED
757	if (setpcred (pwd->pw_name, NULL) == -1)
758	syslog(LOG_ERR, "setpcred() failure: %s", strerror(errno));
759	#endif /* HAVE_SETPCRED */
760
761	/* Apply limits if not root */
762	if(pwd->pw_uid != 0) {
763	const char *file = _PATH_LIMITS_CONF;
764	read_limits_conf(file, pwd);
765	}
766
767	if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
768	fatal (s, "initgroups", "Login incorrect.");
769
770	if (setgid(pwd->pw_gid) < 0)
771	fatal (s, "setgid", "Login incorrect.");
772
773	if (setuid (pwd->pw_uid) < 0)
774	fatal (s, "setuid", "Login incorrect.");
775
776	if (chdir (pwd->pw_dir) < 0)
777	fatal (s, "chdir", "Remote directory.");
778
779	if (errsock >= 0) {
780	if (dup2 (errsock, STDERR_FILENO) < 0)
781	fatal (s, "dup2", "Cannot dup stderr.");
782	close (errsock);
783	} else {
784	if (dup2 (STDOUT_FILENO, STDERR_FILENO) < 0)
785	fatal (s, "dup2", "Cannot dup stderr.");
786	}
787
788	#ifdef KRB5
789	{
790	int fd;
791
792	if (!do_unique_tkfile)
793	snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu",
794	(unsigned long)pwd->pw_uid);
795	else if (*tkfile=='\0') {
796	snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
797	fd = mkstemp(tkfile+5);
798	close(fd);
799	unlink(tkfile+5);
800	}
801
802	if (kerberos_status)
803	krb5_start_session();
804	}
805	#endif
806
807	setup_environment (&env, pwd);
808
809	if (do_encrypt) {
810	setup_copier (errsock >= 0);
811	} else {
812	if (net_write (s, "", 1) != 1)
813	fatal (s, "net_write", "write failed");
814	}
815
816	#if defined(KRB5)
817	if(k_hasafs()) {
818	char cell[64];
819
820	if(do_newpag)
821	k_setpag();
822
823	/* XXX */
824	if (kerberos_status) {
825	krb5_ccache ccache;
826	krb5_error_code status;
827
828	status = krb5_cc_resolve (context, tkfile, &ccache);
829	if (!status) {
830	if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
831	krb5_afslog_uid_home(context, ccache, cell, NULL,
832	pwd->pw_uid, pwd->pw_dir);
833	krb5_afslog_uid_home(context, ccache, NULL, NULL,
834	pwd->pw_uid, pwd->pw_dir);
835	krb5_cc_close (context, ccache);
836	}
837	}
838	}
839	#endif /* KRB5 */
840	execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
841	err(1, "exec %s", pwd->pw_shell);
842	}
843
844	struct getargs args[] = {
845	{ NULL, 'a', arg_flag, &do_addr_verify },
846	{ "keepalive", 'n', arg_negative_flag, &do_keepalive },
847	{ "inetd", 'i', arg_negative_flag, &do_inetd,
848	"Not started from inetd" },
849	#if defined(KRB5)
850	{ "kerberos", 'k', arg_flag, &do_kerberos,
851	"Implement kerberised services" },
852	{ "encrypt", 'x', arg_flag, &do_encrypt,
853	"Implement encrypted service" },
854	#endif
855	{ "rhosts", 'l', arg_negative_flag, &do_rhosts,
856	"Don't check users .rhosts" },
857	{ "port", 'p', arg_string, &port_str, "Use this port",
858	"port" },
859	{ "vacuous", 'v', arg_flag, &do_vacuous,
860	"Don't accept non-kerberised connections" },
861	#if defined(KRB5)
862	{ NULL, 'P', arg_negative_flag, &do_newpag,
863	"Don't put process in new PAG" },
864	#endif
865	/* compatibility flag: */
866	{ NULL, 'L', arg_flag, &do_log },
867	{ "version", 0, arg_flag, &do_version },
868	{ "help", 0, arg_flag, &do_help }
869	};
870
871	static void
872	usage (int ret)
873	{
874	if(isatty(STDIN_FILENO))
875	arg_printusage (args,
876	sizeof(args) / sizeof(args[0]),
877	NULL,
878	"");
879	else
880	syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname());
881	exit (ret);
882	}
883
884
885	int
886	main(int argc, char **argv)
887	{
888	int optind = 0;
889	int on = 1;
890
891	setprogname (argv[0]);
892	roken_openlog ("rshd", LOG_ODELAY \| LOG_PID, LOG_AUTH);
893
894	if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv,
895	&optind))
896	usage(1);
897
898	if(do_help)
899	usage (0);
900
901	if (do_version) {
902	print_version(NULL);
903	exit(0);
904	}
905
906	#if defined(KRB5)
907	if (do_encrypt)
908	do_kerberos = 1;
909
910	if(do_kerberos)
911	do_kerberos = DO_KRB5;
912	#endif
913
914	#ifdef KRB5
915	if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
916	do_kerberos &= ~DO_KRB5;
917	#endif
918
919	if (!do_inetd) {
920	int error;
921	struct addrinfo *ai = NULL, hints;
922	char portstr[NI_MAXSERV];
923
924	memset (&hints, 0, sizeof(hints));
925	hints.ai_flags = AI_PASSIVE;
926	hints.ai_socktype = SOCK_STREAM;
927	hints.ai_family = PF_UNSPEC;
928
929	if(port_str != NULL) {
930	error = getaddrinfo (NULL, port_str, &hints, &ai);
931	if (error)
932	errx (1, "getaddrinfo: %s", gai_strerror (error));
933	}
934	if (ai == NULL) {
935	#if defined(KRB5)
936	if (do_kerberos) {
937	if (do_encrypt) {
938	error = getaddrinfo(NULL, "ekshell", &hints, &ai);
939	if(error == EAI_NONAME) {
940	snprintf(portstr, sizeof(portstr), "%d", 545);
941	error = getaddrinfo(NULL, portstr, &hints, &ai);
942	}
943	if(error)
944	errx (1, "getaddrinfo: %s", gai_strerror (error));
945	} else {
946	error = getaddrinfo(NULL, "kshell", &hints, &ai);
947	if(error == EAI_NONAME) {
948	snprintf(portstr, sizeof(portstr), "%d", 544);
949	error = getaddrinfo(NULL, portstr, &hints, &ai);
950	}
951	if(error)
952	errx (1, "getaddrinfo: %s", gai_strerror (error));
953	}
954	} else
955	#endif
956	{
957	error = getaddrinfo(NULL, "shell", &hints, &ai);
958	if(error == EAI_NONAME) {
959	snprintf(portstr, sizeof(portstr), "%d", 514);
960	error = getaddrinfo(NULL, portstr, &hints, &ai);
961	}
962	if(error)
963	errx (1, "getaddrinfo: %s", gai_strerror (error));
964	}
965	}
966	mini_inetd_addrinfo (ai, NULL);
967	freeaddrinfo(ai);
968	}
969
970	if (do_keepalive &&
971	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
972	sizeof(on)) < 0)
973	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %s", strerror(errno));
974
975	/* set SO_LINGER? */
976
977	signal (SIGPIPE, SIG_IGN);
978
979	doit ();
980	return 0;
981	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: heimdal/trunk/appl/rsh/rshd.c@ 4

Download in other formats: