xref: /original-bsd/lib/libc/net/rcmd.c (revision 860e07fc) 
1 /*
2  * Copyright (c) 1983 Regents of the University of California.
3  * All rights reserved.
4  *
5  * %sccs.include.redist.c%
6  */
7 
8 #if defined(LIBC_SCCS) && !defined(lint)
9 static char sccsid[] = "@(#)rcmd.c	5.26 (Berkeley) 06/30/92";
10 #endif /* LIBC_SCCS and not lint */
11 
12 #include <sys/param.h>
13 #include <sys/socket.h>
14 #include <sys/stat.h>
15 
16 #include <netinet/in.h>
17 #include <arpa/inet.h>
18 
19 #include <signal.h>
20 #include <fcntl.h>
21 #include <netdb.h>
22 #include <unistd.h>
23 #include <pwd.h>
24 #include <errno.h>
25 #include <stdio.h>
26 #include <ctype.h>
27 #include <string.h>
28 
29 int	__ivaliduser __P((FILE *, u_long, const char *, const char *));
30 static int __icheckhost __P((u_long, char *));
31 
32 int
33 rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
34 	char **ahost;
35 	u_short rport;
36 	const char *locuser, *remuser, *cmd;
37 	int *fd2p;
38 {
39 	struct hostent *hp;
40 	struct sockaddr_in sin, from;
41 	fd_set reads;
42 	long oldmask;
43 	int s, lport, pid, timo;
44 	char c;
45 
46 	pid = getpid();
47 	hp = gethostbyname(*ahost);
48 	if (hp == NULL) {
49 		herror(*ahost);
50 		return (-1);
51 	}
52 	*ahost = hp->h_name;
53 	oldmask = sigblock(sigmask(SIGURG));
54 	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
55 		s = rresvport(&lport);
56 		if (s < 0) {
57 			if (errno == EAGAIN)
58 				(void)fprintf(stderr,
59 				    "rcmd: socket: All ports in use\n");
60 			else
61 				(void)fprintf(stderr, "rcmd: socket: %s\n",
62 				    strerror(errno));
63 			sigsetmask(oldmask);
64 			return (-1);
65 		}
66 		fcntl(s, F_SETOWN, pid);
67 		sin.sin_family = hp->h_addrtype;
68 		bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
69 		sin.sin_port = rport;
70 		if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
71 			break;
72 		(void)close(s);
73 		if (errno == EADDRINUSE) {
74 			lport--;
75 			continue;
76 		}
77 		if (errno == ECONNREFUSED && timo <= 16) {
78 			(void)sleep(timo);
79 			timo *= 2;
80 			continue;
81 		}
82 		if (hp->h_addr_list[1] != NULL) {
83 			int oerrno = errno;
84 
85 			(void)fprintf(stderr, "connect to address %s: ",
86 			    inet_ntoa(sin.sin_addr));
87 			errno = oerrno;
88 			perror(0);
89 			hp->h_addr_list++;
90 			bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
91 			(void)fprintf(stderr, "Trying %s...\n",
92 			    inet_ntoa(sin.sin_addr));
93 			continue;
94 		}
95 		(void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno));
96 		sigsetmask(oldmask);
97 		return (-1);
98 	}
99 	lport--;
100 	if (fd2p == 0) {
101 		write(s, "", 1);
102 		lport = 0;
103 	} else {
104 		char num[8];
105 		int s2 = rresvport(&lport), s3;
106 		int len = sizeof(from);
107 
108 		if (s2 < 0)
109 			goto bad;
110 		listen(s2, 1);
111 		(void)snprintf(num, sizeof(num), "%d", lport);
112 		if (write(s, num, strlen(num)+1) != strlen(num)+1) {
113 			(void)fprintf(stderr,
114 			    "rcmd: write (setting up stderr): %s\n",
115 			    strerror(errno));
116 			(void)close(s2);
117 			goto bad;
118 		}
119 		FD_ZERO(&reads);
120 		FD_SET(s, &reads);
121 		FD_SET(s2, &reads);
122 		errno = 0;
123 		if (select(32, &reads, 0, 0, 0) < 1 || !FD_ISSET(s2, &reads)) {
124 			if (errno != 0)
125 				(void)fprintf(stderr,
126 				    "rcmd: select (setting up stderr): %s\n",
127 				    strerror(errno));
128 			else
129 				(void)fprintf(stderr,
130 				"select: protocol failure in circuit setup\n");
131 			(void)close(s2);
132 			goto bad;
133 		}
134 		s3 = accept(s2, (struct sockaddr *)&from, &len);
135 		(void)close(s2);
136 		if (s3 < 0) {
137 			(void)fprintf(stderr,
138 			    "rcmd: accept: %s\n", strerror(errno));
139 			lport = 0;
140 			goto bad;
141 		}
142 		*fd2p = s3;
143 		from.sin_port = ntohs((u_short)from.sin_port);
144 		if (from.sin_family != AF_INET ||
145 		    from.sin_port >= IPPORT_RESERVED ||
146 		    from.sin_port < IPPORT_RESERVED / 2) {
147 			(void)fprintf(stderr,
148 			    "socket: protocol failure in circuit setup.\n");
149 			goto bad2;
150 		}
151 	}
152 	(void)write(s, locuser, strlen(locuser)+1);
153 	(void)write(s, remuser, strlen(remuser)+1);
154 	(void)write(s, cmd, strlen(cmd)+1);
155 	if (read(s, &c, 1) != 1) {
156 		(void)fprintf(stderr,
157 		    "rcmd: %s: %s\n", *ahost, strerror(errno));
158 		goto bad2;
159 	}
160 	if (c != 0) {
161 		while (read(s, &c, 1) == 1) {
162 			(void) write(2, &c, 1);
163 			if (c == '\n')
164 				break;
165 		}
166 		goto bad2;
167 	}
168 	sigsetmask(oldmask);
169 	return (s);
170 bad2:
171 	if (lport)
172 		(void)close(*fd2p);
173 bad:
174 	(void)close(s);
175 	sigsetmask(oldmask);
176 	return (-1);
177 }
178 
179 int
180 rresvport(alport)
181 	int *alport;
182 {
183 	struct sockaddr_in sin;
184 	int s;
185 
186 	sin.sin_family = AF_INET;
187 	sin.sin_addr.s_addr = INADDR_ANY;
188 	s = socket(AF_INET, SOCK_STREAM, 0);
189 	if (s < 0)
190 		return (-1);
191 	for (;;) {
192 		sin.sin_port = htons((u_short)*alport);
193 		if (bind(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0)
194 			return (s);
195 		if (errno != EADDRINUSE) {
196 			(void)close(s);
197 			return (-1);
198 		}
199 		(*alport)--;
200 		if (*alport == IPPORT_RESERVED/2) {
201 			(void)close(s);
202 			errno = EAGAIN;		/* close */
203 			return (-1);
204 		}
205 	}
206 }
207 
208 int	__check_rhosts_file = 1;
209 char	*__rcmd_errstr;
210 
211 int
212 ruserok(rhost, superuser, ruser, luser)
213 	const char *rhost, *ruser, *luser;
214 	int superuser;
215 {
216 	struct hostent *hp;
217 	u_long addr;
218 	char **ap;
219 
220 	if ((hp = gethostbyname(rhost)) == NULL)
221 		return (-1);
222 	for (ap = hp->h_addr_list; *ap; ++ap) {
223 		bcopy(*ap, &addr, sizeof(addr));
224 		if (iruserok(addr, superuser, ruser, luser) == 0)
225 			return (0);
226 	}
227 	return (-1);
228 }
229 
230 /*
231  * New .rhosts strategy: We are passed an ip address. We spin through
232  * hosts.equiv and .rhosts looking for a match. When the .rhosts only
233  * has ip addresses, we don't have to trust a nameserver.  When it
234  * contains hostnames, we spin through the list of addresses the nameserver
235  * gives us and look for a match.
236  *
237  * Returns 0 if ok, -1 if not ok.
238  */
239 int
240 iruserok(raddr, superuser, ruser, luser)
241 	u_long raddr;
242 	int superuser;
243 	const char *ruser, *luser;
244 {
245 	register char *cp;
246 	struct stat sbuf;
247 	struct passwd *pwd;
248 	FILE *hostf;
249 	uid_t uid;
250 	int first;
251 	char pbuf[MAXPATHLEN];
252 
253 	first = 1;
254 	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
255 again:
256 	if (hostf) {
257 		if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
258 			(void)fclose(hostf);
259 			return (0);
260 		}
261 		(void)fclose(hostf);
262 	}
263 	if (first == 1 && (__check_rhosts_file || superuser)) {
264 		first = 0;
265 		if ((pwd = getpwnam(luser)) == NULL)
266 			return (-1);
267 		(void)strcpy(pbuf, pwd->pw_dir);
268 		(void)strcat(pbuf, "/.rhosts");
269 
270 		/*
271 		 * Change effective uid while opening .rhosts.  If root and
272 		 * reading an NFS mounted file system, can't read files that
273 		 * are protected read/write owner only.
274 		 */
275 		uid = geteuid();
276 		(void)seteuid(pwd->pw_uid);
277 		hostf = fopen(pbuf, "r");
278 		(void)seteuid(uid);
279 
280 		if (hostf == NULL)
281 			return (-1);
282 		/*
283 		 * If not a regular file, or is owned by someone other than
284 		 * user or root or if writeable by anyone but the owner, quit.
285 		 */
286 		cp = NULL;
287 		if (lstat(pbuf, &sbuf) < 0)
288 			cp = ".rhosts lstat failed";
289 		else if ((sbuf.st_mode & S_IFMT) != S_IFREG)
290 			cp = ".rhosts not regular file";
291 		else if (fstat(fileno(hostf), &sbuf) < 0)
292 			cp = ".rhosts fstat failed";
293 		else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
294 			cp = "bad .rhosts owner";
295 		else if (sbuf.st_mode & 022)
296 			cp = "bad .rhosts permissions";
297 		/* If there were any problems, quit. */
298 		if (cp) {
299 			__rcmd_errstr = cp;
300 			(void)fclose(hostf);
301 			return (-1);
302 		}
303 		goto again;
304 	}
305 	return (-1);
306 }
307 
308 /*
309  * XXX
310  * Don't make static, used by lpd(8).
311  *
312  * Returns 0 if ok, -1 if not ok.
313  */
314 int
315 __ivaliduser(hostf, raddr, luser, ruser)
316 	FILE *hostf;
317 	u_long raddr;
318 	const char *luser, *ruser;
319 {
320 	register char *user, *p;
321 	char ahost[MAXHOSTNAMELEN];
322 
323 	while (fgets(ahost, sizeof(ahost), hostf)) {
324 		p = ahost;
325 		while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
326 			*p = isupper(*p) ? tolower(*p) : *p;
327 			p++;
328 		}
329 		if (*p == ' ' || *p == '\t') {
330 			*p++ = '\0';
331 			while (*p == ' ' || *p == '\t')
332 				p++;
333 			user = p;
334 			while (*p != '\n' && *p != ' ' &&
335 			    *p != '\t' && *p != '\0')
336 				p++;
337 		} else
338 			user = p;
339 		*p = '\0';
340 		if (__icheckhost(raddr, ahost) &&
341 		    strcmp(ruser, *user ? user : luser) == 0) {
342 			return (0);
343 		}
344 	}
345 	return (-1);
346 }
347 
348 /*
349  * Returns "true" if match, 0 if no match.
350  */
351 static int
352 __icheckhost(raddr, lhost)
353 	u_long raddr;
354 	register char *lhost;
355 {
356 	register struct hostent *hp;
357 	register u_long laddr;
358 	register char **pp;
359 
360 	/* Try for raw ip address first. */
361 	if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1)
362 		return (raddr == laddr);
363 
364 	/* Better be a hostname. */
365 	if ((hp = gethostbyname(lhost)) == NULL)
366 		return (0);
367 
368 	/* Spin through ip addresses. */
369 	for (pp = hp->h_addr_list; *pp; ++pp)
370 		if (!bcmp(&raddr, *pp, sizeof(u_long)))
371 			return (1);
372 
373 	/* No match. */
374 	return (0);
375 }
376