1 /* $NetBSD: rcmd.c,v 1.51 2002/11/17 20:49:33 itojun Exp $ */ 2 3 /* 4 * Copyright (c) 1997 Matthew R. Green. 5 * Copyright (c) 1983, 1993, 1994 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37 #include <sys/cdefs.h> 38 #if defined(LIBC_SCCS) && !defined(lint) 39 #if 0 40 static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94"; 41 #else 42 __RCSID("$NetBSD: rcmd.c,v 1.51 2002/11/17 20:49:33 itojun Exp $"); 43 #endif 44 #endif /* LIBC_SCCS and not lint */ 45 46 #ifdef _LIBC 47 #include "namespace.h" 48 #endif 49 #include <sys/param.h> 50 #include <sys/socket.h> 51 #include <sys/stat.h> 52 #include <sys/poll.h> 53 #include <sys/wait.h> 54 55 #include <netinet/in.h> 56 #include <rpc/rpc.h> 57 #include <arpa/inet.h> 58 #include <netgroup.h> 59 60 #include <assert.h> 61 #include <ctype.h> 62 #include <err.h> 63 #include <errno.h> 64 #include <fcntl.h> 65 #include <grp.h> 66 #include <netdb.h> 67 #include <paths.h> 68 #include <pwd.h> 69 #include <signal.h> 70 #include <stdio.h> 71 #include <stdlib.h> 72 #include <string.h> 73 #include <syslog.h> 74 #include <unistd.h> 75 76 #include "pathnames.h" 77 78 int orcmd __P((char **, u_int, const char *, const char *, const char *, 79 int *)); 80 int orcmd_af __P((char **, u_int, const char *, const char *, const char *, 81 int *, int)); 82 int __ivaliduser __P((FILE *, u_int32_t, const char *, const char *)); 83 int __ivaliduser_sa __P((FILE *, struct sockaddr *, socklen_t, const char *, 84 const char *)); 85 static int rshrcmd __P((char **, u_int32_t, const char *, const char *, 86 const char *, int *, const char *)); 87 static int resrcmd __P((struct addrinfo *, char **, u_int32_t, const char *, 88 const char *, const char *, int *)); 89 static int __icheckhost __P((struct sockaddr *, socklen_t, const char *)); 90 static char *__gethostloop __P((struct sockaddr *, socklen_t)); 91 92 int 93 rcmd(ahost, rport, locuser, remuser, cmd, fd2p) 94 char **ahost; 95 u_short rport; 96 const char *locuser, *remuser, *cmd; 97 int *fd2p; 98 { 99 100 return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET); 101 } 102 103 int 104 rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) 105 char **ahost; 106 u_short rport; 107 const char *locuser, *remuser, *cmd; 108 int *fd2p; 109 int af; 110 { 111 static char hbuf[MAXHOSTNAMELEN]; 112 char pbuf[NI_MAXSERV]; 113 struct addrinfo hints, *res; 114 int error; 115 struct servent *sp; 116 117 _DIAGASSERT(ahost != NULL); 118 _DIAGASSERT(locuser != NULL); 119 _DIAGASSERT(remuser != NULL); 120 _DIAGASSERT(cmd != NULL); 121 /* fd2p may be NULL */ 122 123 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport)); 124 memset(&hints, 0, sizeof(hints)); 125 hints.ai_family = af; 126 hints.ai_socktype = SOCK_STREAM; 127 hints.ai_flags = AI_CANONNAME; 128 error = getaddrinfo(*ahost, pbuf, &hints, &res); 129 if (error) { 130 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/ 131 return (-1); 132 } 133 if (res->ai_canonname) { 134 /* 135 * Canonicalise hostname. 136 * XXX: Should we really do this? 137 */ 138 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf)); 139 *ahost = hbuf; 140 } 141 142 /* 143 * Check if rport is the same as the shell port, and that the fd2p. If 144 * it is not, the program isn't expecting 'rsh' and so we can't use the 145 * RCMD_CMD environment. 146 */ 147 sp = getservbyname("shell", "tcp"); 148 if (sp != NULL && sp->s_port == rport) 149 error = rshrcmd(ahost, (u_int32_t)rport, 150 locuser, remuser, cmd, fd2p, getenv("RCMD_CMD")); 151 else 152 error = resrcmd(res, ahost, (u_int32_t)rport, 153 locuser, remuser, cmd, fd2p); 154 freeaddrinfo(res); 155 return (error); 156 } 157 158 /* this is simply a wrapper around hprcmd() that handles ahost first */ 159 int 160 orcmd(ahost, rport, locuser, remuser, cmd, fd2p) 161 char **ahost; 162 u_int rport; 163 const char *locuser, *remuser, *cmd; 164 int *fd2p; 165 { 166 return orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET); 167 } 168 169 int 170 orcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) 171 char **ahost; 172 u_int rport; 173 const char *locuser, *remuser, *cmd; 174 int *fd2p; 175 int af; 176 { 177 static char hbuf[MAXHOSTNAMELEN]; 178 char pbuf[NI_MAXSERV]; 179 struct addrinfo hints, *res; 180 int error; 181 182 _DIAGASSERT(ahost != NULL); 183 _DIAGASSERT(locuser != NULL); 184 _DIAGASSERT(remuser != NULL); 185 _DIAGASSERT(cmd != NULL); 186 /* fd2p may be NULL */ 187 188 snprintf(pbuf, sizeof(pbuf), "%u", ntohs(rport)); 189 memset(&hints, 0, sizeof(hints)); 190 hints.ai_family = af; 191 hints.ai_socktype = SOCK_STREAM; 192 hints.ai_flags = AI_CANONNAME; 193 error = getaddrinfo(*ahost, pbuf, &hints, &res); 194 if (error) { 195 warnx("%s: %s", *ahost, gai_strerror(error)); /*XXX*/ 196 return (-1); 197 } 198 if (res->ai_canonname) { 199 strlcpy(hbuf, res->ai_canonname, sizeof(hbuf)); 200 *ahost = hbuf; 201 } 202 203 error = resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p); 204 freeaddrinfo(res); 205 return (error); 206 } 207 208 /*ARGSUSED*/ 209 static int 210 resrcmd(res, ahost, rport, locuser, remuser, cmd, fd2p) 211 struct addrinfo *res; 212 char **ahost; 213 u_int32_t rport; 214 const char *locuser, *remuser, *cmd; 215 int *fd2p; 216 { 217 struct addrinfo *r; 218 struct sockaddr_storage from; 219 struct pollfd reads[2]; 220 sigset_t nmask, omask; 221 pid_t pid; 222 int s, lport, timo; 223 int pollr; 224 char c; 225 int refused; 226 227 _DIAGASSERT(res != NULL); 228 _DIAGASSERT(ahost != NULL); 229 _DIAGASSERT(locuser != NULL); 230 _DIAGASSERT(remuser != NULL); 231 _DIAGASSERT(cmd != NULL); 232 /* fd2p may be NULL */ 233 234 r = res; 235 refused = 0; 236 pid = getpid(); 237 sigemptyset(&nmask); 238 sigaddset(&nmask, SIGURG); 239 if (sigprocmask(SIG_BLOCK, &nmask, &omask) == -1) 240 return -1; 241 for (timo = 1, lport = IPPORT_RESERVED - 1;;) { 242 s = rresvport_af(&lport, r->ai_family); 243 if (s < 0) { 244 if (errno == EAGAIN) 245 warnx("rcmd: socket: All ports in use"); 246 else 247 warn("rcmd: socket"); 248 if (r->ai_next) { 249 r = r->ai_next; 250 continue; 251 } else { 252 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 253 return (-1); 254 } 255 } 256 fcntl(s, F_SETOWN, pid); 257 if (connect(s, r->ai_addr, r->ai_addrlen) >= 0) 258 break; 259 (void)close(s); 260 if (errno == EADDRINUSE) { 261 lport--; 262 continue; 263 } else if (errno == ECONNREFUSED) 264 refused++; 265 if (r->ai_next) { 266 int oerrno = errno; 267 char hbuf[NI_MAXHOST]; 268 #ifdef NI_WITHSCOPEID 269 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; 270 #else 271 const int niflags = NI_NUMERICHOST; 272 #endif 273 274 hbuf[0] = '\0'; 275 if (getnameinfo(r->ai_addr, r->ai_addrlen, 276 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0) 277 strlcpy(hbuf, "(invalid)", sizeof(hbuf)); 278 warnx("rcmd: connect to address %s", hbuf); 279 errno = oerrno; 280 perror(0); 281 r = r->ai_next; 282 hbuf[0] = '\0'; 283 if (getnameinfo(r->ai_addr, r->ai_addrlen, 284 hbuf, sizeof(hbuf), NULL, 0, niflags) != 0) 285 strlcpy(hbuf, "(invalid)", sizeof(hbuf)); 286 (void)fprintf(stderr, "Trying %s...\n", hbuf); 287 continue; 288 } 289 if (refused && timo <= 16) { 290 (void)sleep((unsigned int)timo); 291 timo *= 2; 292 r = res; 293 refused = 0; 294 continue; 295 } 296 (void)fprintf(stderr, "%s: %s\n", res->ai_canonname, 297 strerror(errno)); 298 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 299 return (-1); 300 } 301 lport--; 302 if (fd2p == 0) { 303 write(s, "", 1); 304 lport = 0; 305 } else { 306 char num[8]; 307 int s2 = rresvport_af(&lport, r->ai_family), s3; 308 socklen_t len = sizeof(from); 309 310 if (s2 < 0) 311 goto bad; 312 listen(s2, 1); 313 (void)snprintf(num, sizeof(num), "%d", lport); 314 if (write(s, num, strlen(num) + 1) != 315 (ssize_t) (strlen(num) + 1)) { 316 warn("rcmd: write (setting up stderr)"); 317 (void)close(s2); 318 goto bad; 319 } 320 reads[0].fd = s; 321 reads[0].events = POLLIN; 322 reads[1].fd = s2; 323 reads[1].events = POLLIN; 324 errno = 0; 325 pollr = poll(reads, 2, INFTIM); 326 if (pollr < 1 || (reads[1].revents & POLLIN) == 0) { 327 if (errno != 0) 328 warn("poll: setting up stderr"); 329 else 330 warnx("poll: protocol failure in circuit setup"); 331 (void)close(s2); 332 goto bad; 333 } 334 s3 = accept(s2, (struct sockaddr *)(void *)&from, &len); 335 (void)close(s2); 336 if (s3 < 0) { 337 warn("rcmd: accept"); 338 lport = 0; 339 goto bad; 340 } 341 *fd2p = s3; 342 switch (((struct sockaddr *)(void *)&from)->sa_family) { 343 case AF_INET: 344 #ifdef INET6 345 case AF_INET6: 346 #endif 347 if (getnameinfo((struct sockaddr *)(void *)&from, len, 348 NULL, 0, num, sizeof(num), NI_NUMERICSERV) != 0 || 349 (atoi(num) >= IPPORT_RESERVED || 350 atoi(num) < IPPORT_RESERVED / 2)) { 351 warnx("rcmd: protocol failure in circuit setup."); 352 goto bad2; 353 } 354 break; 355 default: 356 break; 357 } 358 } 359 360 (void)write(s, locuser, strlen(locuser)+1); 361 (void)write(s, remuser, strlen(remuser)+1); 362 (void)write(s, cmd, strlen(cmd)+1); 363 if (read(s, &c, 1) != 1) { 364 warn("%s", *ahost); 365 goto bad2; 366 } 367 if (c != 0) { 368 while (read(s, &c, 1) == 1) { 369 (void)write(STDERR_FILENO, &c, 1); 370 if (c == '\n') 371 break; 372 } 373 goto bad2; 374 } 375 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 376 return (s); 377 bad2: 378 if (lport) 379 (void)close(*fd2p); 380 bad: 381 (void)close(s); 382 (void)sigprocmask(SIG_SETMASK, &omask, NULL); 383 return (-1); 384 } 385 386 /* 387 * based on code written by Chris Siebenmann <cks@utcc.utoronto.ca> 388 */ 389 /* ARGSUSED */ 390 static int 391 rshrcmd(ahost, rport, locuser, remuser, cmd, fd2p, rshcmd) 392 char **ahost; 393 u_int32_t rport; 394 const char *locuser, *remuser, *cmd; 395 int *fd2p; 396 const char *rshcmd; 397 { 398 pid_t pid; 399 int sp[2], ep[2]; 400 char *p; 401 struct passwd *pw; 402 403 _DIAGASSERT(ahost != NULL); 404 _DIAGASSERT(locuser != NULL); 405 _DIAGASSERT(remuser != NULL); 406 _DIAGASSERT(cmd != NULL); 407 /* fd2p may be NULL */ 408 409 /* What rsh/shell to use. */ 410 if (rshcmd == NULL) 411 rshcmd = _PATH_BIN_RCMD; 412 413 /* locuser must exist on this host. */ 414 if ((pw = getpwnam(locuser)) == NULL) { 415 warnx("rshrcmd: unknown user: %s", locuser); 416 return(-1); 417 } 418 419 /* get a socketpair we'll use for stdin and stdout. */ 420 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sp) < 0) { 421 warn("rshrcmd: socketpair"); 422 return (-1); 423 } 424 /* we will use this for the fd2 pointer */ 425 if (fd2p) { 426 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, ep) < 0) { 427 warn("rshrcmd: socketpair"); 428 return (-1); 429 } 430 *fd2p = ep[0]; 431 } 432 433 pid = fork(); 434 if (pid < 0) { 435 warn("rshrcmd: fork"); 436 return (-1); 437 } 438 if (pid == 0) { 439 /* 440 * child 441 * - we use sp[1] to be stdin/stdout, and close sp[0] 442 * - with fd2p, we use ep[1] for stderr, and close ep[0] 443 */ 444 (void)close(sp[0]); 445 if (dup2(sp[1], 0) < 0 || dup2(0, 1) < 0) { 446 warn("rshrcmd: dup2"); 447 _exit(1); 448 } 449 if (fd2p) { 450 if (dup2(ep[1], 2) < 0) { 451 warn("rshrcmd: dup2"); 452 _exit(1); 453 } 454 (void)close(ep[0]); 455 (void)close(ep[1]); 456 } else if (dup2(0, 2) < 0) { 457 warn("rshrcmd: dup2"); 458 _exit(1); 459 } 460 /* fork again to lose parent. */ 461 pid = fork(); 462 if (pid < 0) { 463 warn("rshrcmd: second fork"); 464 _exit(1); 465 } 466 if (pid > 0) 467 _exit(0); 468 469 /* Orphan. Become local user for rshprog. */ 470 if (setuid(pw->pw_uid)) { 471 warn("rshrcmd: setuid(%lu)", (u_long)pw->pw_uid); 472 _exit(1); 473 } 474 475 /* 476 * If we are rcmd'ing to "localhost" as the same user as we are, 477 * then avoid running remote shell for efficiency. 478 */ 479 if (strcmp(*ahost, "localhost") == 0 && 480 strcmp(locuser, remuser) == 0) { 481 if (pw->pw_shell[0] == '\0') 482 rshcmd = _PATH_BSHELL; 483 else 484 rshcmd = pw->pw_shell; 485 p = strrchr(rshcmd, '/'); 486 execlp(rshcmd, p ? p + 1 : rshcmd, "-c", cmd, NULL); 487 } else { 488 p = strrchr(rshcmd, '/'); 489 execlp(rshcmd, p ? p + 1 : rshcmd, *ahost, "-l", 490 remuser, cmd, NULL); 491 } 492 warn("rshrcmd: exec %s", rshcmd); 493 _exit(1); 494 } 495 /* Parent */ 496 (void)close(sp[1]); 497 if (fd2p) 498 (void)close(ep[1]); 499 500 (void)waitpid(pid, NULL, 0); 501 return (sp[0]); 502 } 503 504 int 505 rresvport(alport) 506 int *alport; 507 { 508 509 _DIAGASSERT(alport != NULL); 510 511 return rresvport_af(alport, AF_INET); 512 } 513 514 int 515 rresvport_af(alport, family) 516 int *alport; 517 int family; 518 { 519 struct sockaddr_storage ss; 520 struct sockaddr *sa; 521 int salen; 522 int s; 523 u_int16_t *portp; 524 525 _DIAGASSERT(alport != NULL); 526 527 memset(&ss, 0, sizeof(ss)); 528 sa = (struct sockaddr *)(void *)&ss; 529 switch (family) { 530 case AF_INET: 531 #ifdef BSD4_4 532 sa->sa_len = 533 #endif 534 salen = sizeof(struct sockaddr_in); 535 portp = &((struct sockaddr_in *)(void *)sa)->sin_port; 536 break; 537 #ifdef INET6 538 case AF_INET6: 539 #ifdef BSD4_4 540 sa->sa_len = 541 #endif 542 salen = sizeof(struct sockaddr_in6); 543 portp = &((struct sockaddr_in6 *)(void *)sa)->sin6_port; 544 break; 545 #endif 546 default: 547 portp = NULL; 548 return EAFNOSUPPORT; 549 } 550 sa->sa_family = family; 551 s = socket(family, SOCK_STREAM, 0); 552 if (s < 0) 553 return (-1); 554 #ifdef BSD4_4 555 switch (family) { 556 case AF_INET: 557 case AF_INET6: 558 *portp = 0; 559 if (bindresvport(s, (struct sockaddr_in *)(void *)sa) < 0) { 560 int sverr = errno; 561 562 (void)close(s); 563 errno = sverr; 564 return (-1); 565 } 566 *alport = (int)ntohs(*portp); 567 return (s); 568 default: 569 /* is it necessary to try keep code for other AFs? */ 570 break; 571 } 572 #endif 573 for (;;) { 574 *portp = htons((u_short)*alport); 575 if (bind(s, sa, (socklen_t)salen) >= 0) 576 return (s); 577 if (errno != EADDRINUSE) { 578 (void)close(s); 579 return (-1); 580 } 581 (*alport)--; 582 if (*alport == IPPORT_RESERVED/2) { 583 (void)close(s); 584 errno = EAGAIN; /* close */ 585 return (-1); 586 } 587 } 588 } 589 590 int __check_rhosts_file = 1; 591 char *__rcmd_errstr; 592 593 int 594 ruserok(rhost, superuser, ruser, luser) 595 const char *rhost, *ruser, *luser; 596 int superuser; 597 { 598 struct addrinfo hints, *res, *r; 599 int error; 600 601 _DIAGASSERT(rhost != NULL); 602 _DIAGASSERT(ruser != NULL); 603 _DIAGASSERT(luser != NULL); 604 605 memset(&hints, 0, sizeof(hints)); 606 hints.ai_family = PF_UNSPEC; 607 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 608 error = getaddrinfo(rhost, "0", &hints, &res); 609 if (error) 610 return (-1); 611 612 for (r = res; r; r = r->ai_next) { 613 if (iruserok_sa(r->ai_addr, (int)r->ai_addrlen, superuser, 614 ruser, luser) == 0) { 615 freeaddrinfo(res); 616 return (0); 617 } 618 } 619 freeaddrinfo(res); 620 return (-1); 621 } 622 623 /* 624 * New .rhosts strategy: We are passed an ip address. We spin through 625 * hosts.equiv and .rhosts looking for a match. When the .rhosts only 626 * has ip addresses, we don't have to trust a nameserver. When it 627 * contains hostnames, we spin through the list of addresses the nameserver 628 * gives us and look for a match. 629 * 630 * Returns 0 if ok, -1 if not ok. 631 */ 632 int 633 iruserok(raddr, superuser, ruser, luser) 634 u_int32_t raddr; 635 int superuser; 636 const char *ruser, *luser; 637 { 638 struct sockaddr_in irsin; 639 640 memset(&irsin, 0, sizeof(irsin)); 641 irsin.sin_family = AF_INET; 642 #ifdef BSD4_4 643 irsin.sin_len = sizeof(struct sockaddr_in); 644 #endif 645 memcpy(&irsin.sin_addr, &raddr, sizeof(irsin.sin_addr)); 646 return iruserok_sa(&irsin, sizeof(struct sockaddr_in), superuser, ruser, 647 luser); 648 } 649 650 /* 651 * 2nd and 3rd arguments are typed like this, to avoid dependency between 652 * unistd.h and sys/socket.h. There's no better way. 653 */ 654 int 655 iruserok_sa(raddr, rlen, superuser, ruser, luser) 656 const void *raddr; 657 int rlen; 658 int superuser; 659 const char *ruser, *luser; 660 { 661 struct sockaddr *sa; 662 register char *cp; 663 struct stat sbuf; 664 struct passwd *pwd; 665 FILE *hostf; 666 uid_t uid; 667 gid_t gid; 668 int first; 669 char pbuf[MAXPATHLEN]; 670 671 _DIAGASSERT(raddr != NULL); 672 _DIAGASSERT(ruser != NULL); 673 _DIAGASSERT(luser != NULL); 674 675 /*LINTED const castaway*/ 676 sa = (struct sockaddr *)(void *)raddr; 677 678 first = 1; 679 hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); 680 again: 681 if (hostf) { 682 if (__ivaliduser_sa(hostf, sa, (socklen_t)rlen, luser, 683 ruser) == 0) { 684 (void)fclose(hostf); 685 return (0); 686 } 687 (void)fclose(hostf); 688 } 689 if (first == 1 && (__check_rhosts_file || superuser)) { 690 first = 0; 691 if ((pwd = getpwnam(luser)) == NULL) 692 return (-1); 693 (void)strlcpy(pbuf, pwd->pw_dir, sizeof(pbuf)); 694 (void)strlcat(pbuf, "/.rhosts", sizeof(pbuf)); 695 696 /* 697 * Change effective uid while opening .rhosts. If root and 698 * reading an NFS mounted file system, can't read files that 699 * are protected read/write owner only. 700 */ 701 uid = geteuid(); 702 gid = getegid(); 703 (void)setegid(pwd->pw_gid); 704 initgroups(pwd->pw_name, pwd->pw_gid); 705 (void)seteuid(pwd->pw_uid); 706 hostf = fopen(pbuf, "r"); 707 (void)seteuid(uid); 708 (void)setegid(gid); 709 710 if (hostf == NULL) 711 return (-1); 712 /* 713 * If not a regular file, or is owned by someone other than 714 * user or root or if writeable by anyone but the owner, quit. 715 */ 716 cp = NULL; 717 if (lstat(pbuf, &sbuf) < 0) 718 cp = ".rhosts lstat failed"; 719 else if (!S_ISREG(sbuf.st_mode)) 720 cp = ".rhosts not regular file"; 721 else if (fstat(fileno(hostf), &sbuf) < 0) 722 cp = ".rhosts fstat failed"; 723 else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) 724 cp = "bad .rhosts owner"; 725 else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) 726 cp = ".rhosts writeable by other than owner"; 727 /* If there were any problems, quit. */ 728 if (cp) { 729 __rcmd_errstr = cp; 730 (void)fclose(hostf); 731 return (-1); 732 } 733 goto again; 734 } 735 return (-1); 736 } 737 738 /* 739 * XXX 740 * Don't make static, used by lpd(8). We will be able to change the function 741 * into static function, when we bump libc major #. 742 * 743 * Returns 0 if ok, -1 if not ok. 744 */ 745 #ifdef notdef /*_LIBC*/ 746 static 747 #endif 748 int 749 __ivaliduser(hostf, raddr, luser, ruser) 750 FILE *hostf; 751 u_int32_t raddr; 752 const char *luser, *ruser; 753 { 754 struct sockaddr_in ivusin; 755 756 memset(&ivusin, 0, sizeof(ivusin)); 757 ivusin.sin_family = AF_INET; 758 #ifdef BSD4_4 759 ivusin.sin_len = sizeof(struct sockaddr_in); 760 #endif 761 memcpy(&ivusin.sin_addr, &raddr, sizeof(ivusin.sin_addr)); 762 return __ivaliduser_sa(hostf, (struct sockaddr *)(void *)&ivusin, 763 sizeof(struct sockaddr_in), luser, ruser); 764 } 765 766 #ifdef notdef /*_LIBC*/ 767 static 768 #endif 769 int 770 __ivaliduser_sa(hostf, raddr, salen, luser, ruser) 771 FILE *hostf; 772 struct sockaddr *raddr; 773 socklen_t salen; 774 const char *luser, *ruser; 775 { 776 register char *user, *p; 777 int ch; 778 char buf[MAXHOSTNAMELEN + 128]; /* host + login */ 779 const char *auser, *ahost; 780 int hostok, userok; 781 char *rhost = NULL; 782 int firsttime = 1; 783 char domain[MAXHOSTNAMELEN]; 784 785 getdomainname(domain, sizeof(domain)); 786 787 _DIAGASSERT(hostf != NULL); 788 _DIAGASSERT(luser != NULL); 789 _DIAGASSERT(ruser != NULL); 790 791 while (fgets(buf, sizeof(buf), hostf)) { 792 p = buf; 793 /* Skip lines that are too long. */ 794 if (strchr(p, '\n') == NULL) { 795 while ((ch = getc(hostf)) != '\n' && ch != EOF) 796 ; 797 continue; 798 } 799 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 800 *p = isupper((unsigned char)*p) ? 801 tolower((unsigned char)*p) : *p; 802 p++; 803 } 804 if (*p == ' ' || *p == '\t') { 805 *p++ = '\0'; 806 while (*p == ' ' || *p == '\t') 807 p++; 808 user = p; 809 while (*p != '\n' && *p != ' ' && 810 *p != '\t' && *p != '\0') 811 p++; 812 } else 813 user = p; 814 *p = '\0'; 815 816 if (p == buf) 817 continue; 818 819 auser = *user ? user : luser; 820 ahost = buf; 821 822 if (ahost[0] == '+') 823 switch (ahost[1]) { 824 case '\0': 825 hostok = 1; 826 break; 827 828 case '@': 829 if (firsttime) { 830 rhost = __gethostloop(raddr, salen); 831 firsttime = 0; 832 } 833 if (rhost) 834 hostok = innetgr(&ahost[2], rhost, 835 NULL, domain); 836 else 837 hostok = 0; 838 break; 839 840 default: 841 hostok = __icheckhost(raddr, salen, &ahost[1]); 842 break; 843 } 844 else if (ahost[0] == '-') 845 switch (ahost[1]) { 846 case '\0': 847 hostok = -1; 848 break; 849 850 case '@': 851 if (firsttime) { 852 rhost = __gethostloop(raddr, salen); 853 firsttime = 0; 854 } 855 if (rhost) 856 hostok = -innetgr(&ahost[2], rhost, 857 NULL, domain); 858 else 859 hostok = 0; 860 break; 861 862 default: 863 hostok = -__icheckhost(raddr, salen, &ahost[1]); 864 break; 865 } 866 else 867 hostok = __icheckhost(raddr, salen, ahost); 868 869 870 if (auser[0] == '+') 871 switch (auser[1]) { 872 case '\0': 873 userok = 1; 874 break; 875 876 case '@': 877 userok = innetgr(&auser[2], NULL, ruser, 878 domain); 879 break; 880 881 default: 882 userok = strcmp(ruser, &auser[1]) == 0; 883 break; 884 } 885 else if (auser[0] == '-') 886 switch (auser[1]) { 887 case '\0': 888 userok = -1; 889 break; 890 891 case '@': 892 userok = -innetgr(&auser[2], NULL, ruser, 893 domain); 894 break; 895 896 default: 897 userok = 898 -(strcmp(ruser, &auser[1]) == 0 ? 1 : 0); 899 break; 900 } 901 else 902 userok = strcmp(ruser, auser) == 0; 903 904 /* Check if one component did not match */ 905 if (hostok == 0 || userok == 0) 906 continue; 907 908 /* Check if we got a forbidden pair */ 909 if (userok == -1 || hostok == -1) 910 return -1; 911 912 /* Check if we got a valid pair */ 913 if (hostok == 1 && userok == 1) 914 return 0; 915 } 916 return -1; 917 } 918 919 /* 920 * Returns "true" if match, 0 if no match. 921 * 922 * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion 923 * if af == AF_INET6. 924 */ 925 static int 926 __icheckhost(raddr, salen, lhost) 927 struct sockaddr *raddr; 928 socklen_t salen; 929 const char *lhost; 930 { 931 struct addrinfo hints, *res, *r; 932 char h1[NI_MAXHOST], h2[NI_MAXHOST]; 933 int error; 934 #ifdef NI_WITHSCOPEID 935 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; 936 #else 937 const int niflags = NI_NUMERICHOST; 938 #endif 939 940 _DIAGASSERT(raddr != NULL); 941 _DIAGASSERT(lhost != NULL); 942 943 h1[0] = '\0'; 944 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0, 945 niflags) != 0) 946 return (0); 947 948 /* Resolve laddr into sockaddr */ 949 memset(&hints, 0, sizeof(hints)); 950 hints.ai_family = raddr->sa_family; 951 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 952 res = NULL; 953 error = getaddrinfo(lhost, "0", &hints, &res); 954 if (error) 955 return (0); 956 957 /* 958 * Try string comparisons between raddr and laddr. 959 */ 960 for (r = res; r; r = r->ai_next) { 961 h2[0] = '\0'; 962 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), 963 NULL, 0, niflags) != 0) 964 continue; 965 if (strcmp(h1, h2) == 0) { 966 freeaddrinfo(res); 967 return (1); 968 } 969 } 970 971 /* No match. */ 972 freeaddrinfo(res); 973 return (0); 974 } 975 976 /* 977 * Return the hostname associated with the supplied address. 978 * Do a reverse lookup as well for security. If a loop cannot 979 * be found, pack the numeric IP address into the string. 980 * 981 * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion 982 * if af == AF_INET6. 983 */ 984 static char * 985 __gethostloop(raddr, salen) 986 struct sockaddr *raddr; 987 socklen_t salen; 988 { 989 static char remotehost[NI_MAXHOST]; 990 char h1[NI_MAXHOST], h2[NI_MAXHOST]; 991 struct addrinfo hints, *res, *r; 992 int error; 993 #ifdef NI_WITHSCOPEID 994 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; 995 #else 996 const int niflags = NI_NUMERICHOST; 997 #endif 998 999 _DIAGASSERT(raddr != NULL); 1000 1001 h1[0] = remotehost[0] = '\0'; 1002 if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost), 1003 NULL, 0, NI_NAMEREQD) != 0) 1004 return (NULL); 1005 if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0, 1006 niflags) != 0) 1007 return (NULL); 1008 1009 /* 1010 * Look up the name and check that the supplied 1011 * address is in the list 1012 */ 1013 memset(&hints, 0, sizeof(hints)); 1014 hints.ai_family = raddr->sa_family; 1015 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 1016 hints.ai_flags = AI_CANONNAME; 1017 res = NULL; 1018 error = getaddrinfo(remotehost, "0", &hints, &res); 1019 if (error) 1020 return (NULL); 1021 1022 for (r = res; r; r = r->ai_next) { 1023 h2[0] = '\0'; 1024 if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), 1025 NULL, 0, niflags) != 0) 1026 continue; 1027 if (strcmp(h1, h2) == 0) { 1028 freeaddrinfo(res); 1029 return (remotehost); 1030 } 1031 } 1032 1033 /* 1034 * either the DNS adminstrator has made a configuration 1035 * mistake, or someone has attempted to spoof us 1036 */ 1037 syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s", 1038 h1, res->ai_canonname ? res->ai_canonname : remotehost); 1039 freeaddrinfo(res); 1040 return (NULL); 1041 } 1042