1 /* 2 * Copyright (c) 1983 The Regents of the University of California. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms are permitted 6 * provided that the above copyright notice and this paragraph are 7 * duplicated in all such forms and that any documentation, 8 * advertising materials, and other materials related to such 9 * distribution and use acknowledge that the software was developed 10 * by the University of California, Berkeley. The name of the 11 * University may not be used to endorse or promote products derived 12 * from this software without specific prior written permission. 13 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 15 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 16 */ 17 18 #ifndef lint 19 char copyright[] = 20 "@(#) Copyright (c) 1983 The Regents of the University of California.\n\ 21 All rights reserved.\n"; 22 #endif /* not lint */ 23 24 #ifndef lint 25 static char sccsid[] = "@(#)rexecd.c 5.6 (Berkeley) 09/27/88"; 26 #endif /* not lint */ 27 28 #include <sys/ioctl.h> 29 #include <sys/param.h> 30 #include <sys/socket.h> 31 #include <sys/time.h> 32 33 #include <netinet/in.h> 34 35 #include <stdio.h> 36 #include <errno.h> 37 #include <pwd.h> 38 #include <signal.h> 39 #include <netdb.h> 40 41 extern errno; 42 struct passwd *getpwnam(); 43 char *crypt(), *rindex(), *strncat(); 44 /*VARARGS1*/ 45 int error(); 46 47 /* 48 * remote execute server: 49 * username\0 50 * password\0 51 * command\0 52 * data 53 */ 54 /*ARGSUSED*/ 55 main(argc, argv) 56 int argc; 57 char **argv; 58 { 59 struct sockaddr_in from; 60 int fromlen; 61 62 fromlen = sizeof (from); 63 if (getpeername(0, &from, &fromlen) < 0) { 64 fprintf(stderr, "%s: ", argv[0]); 65 perror("getpeername"); 66 exit(1); 67 } 68 doit(0, &from); 69 } 70 71 char username[20] = "USER="; 72 char homedir[64] = "HOME="; 73 char shell[64] = "SHELL="; 74 char *envinit[] = 75 {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", username, 0}; 76 char **environ; 77 78 struct sockaddr_in asin = { AF_INET }; 79 80 doit(f, fromp) 81 int f; 82 struct sockaddr_in *fromp; 83 { 84 char cmdbuf[NCARGS+1], *cp, *namep; 85 char user[16], pass[16]; 86 struct passwd *pwd; 87 int s; 88 short port; 89 int pv[2], pid, ready, readfrom, cc; 90 char buf[BUFSIZ], sig; 91 int one = 1; 92 93 (void) signal(SIGINT, SIG_DFL); 94 (void) signal(SIGQUIT, SIG_DFL); 95 (void) signal(SIGTERM, SIG_DFL); 96 #ifdef DEBUG 97 { int t = open("/dev/tty", 2); 98 if (t >= 0) { 99 ioctl(t, TIOCNOTTY, (char *)0); 100 (void) close(t); 101 } 102 } 103 #endif 104 dup2(f, 0); 105 dup2(f, 1); 106 dup2(f, 2); 107 (void) alarm(60); 108 port = 0; 109 for (;;) { 110 char c; 111 if (read(f, &c, 1) != 1) 112 exit(1); 113 if (c == 0) 114 break; 115 port = port * 10 + c - '0'; 116 } 117 (void) alarm(0); 118 if (port != 0) { 119 s = socket(AF_INET, SOCK_STREAM, 0); 120 if (s < 0) 121 exit(1); 122 if (bind(s, &asin, sizeof (asin)) < 0) 123 exit(1); 124 (void) alarm(60); 125 fromp->sin_port = htons((u_short)port); 126 if (connect(s, fromp, sizeof (*fromp)) < 0) 127 exit(1); 128 (void) alarm(0); 129 } 130 getstr(user, sizeof(user), "username"); 131 getstr(pass, sizeof(pass), "password"); 132 getstr(cmdbuf, sizeof(cmdbuf), "command"); 133 setpwent(); 134 pwd = getpwnam(user); 135 if (pwd == NULL) { 136 error("Login incorrect.\n"); 137 exit(1); 138 } 139 endpwent(); 140 if (*pwd->pw_passwd != '\0') { 141 namep = crypt(pass, pwd->pw_passwd); 142 if (strcmp(namep, pwd->pw_passwd)) { 143 error("Password incorrect.\n"); 144 exit(1); 145 } 146 } 147 if (chdir(pwd->pw_dir) < 0) { 148 error("No remote directory.\n"); 149 exit(1); 150 } 151 (void) write(2, "\0", 1); 152 if (port) { 153 (void) pipe(pv); 154 pid = fork(); 155 if (pid == -1) { 156 error("Try again.\n"); 157 exit(1); 158 } 159 if (pid) { 160 (void) close(0); (void) close(1); (void) close(2); 161 (void) close(f); (void) close(pv[1]); 162 readfrom = (1<<s) | (1<<pv[0]); 163 ioctl(pv[1], FIONBIO, (char *)&one); 164 /* should set s nbio! */ 165 do { 166 ready = readfrom; 167 (void) select(16, &ready, (fd_set *)0, 168 (fd_set *)0, (struct timeval *)0); 169 if (ready & (1<<s)) { 170 if (read(s, &sig, 1) <= 0) 171 readfrom &= ~(1<<s); 172 else 173 killpg(pid, sig); 174 } 175 if (ready & (1<<pv[0])) { 176 cc = read(pv[0], buf, sizeof (buf)); 177 if (cc <= 0) { 178 shutdown(s, 1+1); 179 readfrom &= ~(1<<pv[0]); 180 } else 181 (void) write(s, buf, cc); 182 } 183 } while (readfrom); 184 exit(0); 185 } 186 setpgrp(0, getpid()); 187 (void) close(s); (void)close(pv[0]); 188 dup2(pv[1], 2); 189 } 190 if (*pwd->pw_shell == '\0') 191 pwd->pw_shell = "/bin/sh"; 192 if (f > 2) 193 (void) close(f); 194 (void) setgid((gid_t)pwd->pw_gid); 195 initgroups(pwd->pw_name, pwd->pw_gid); 196 (void) setuid((uid_t)pwd->pw_uid); 197 environ = envinit; 198 strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); 199 strncat(shell, pwd->pw_shell, sizeof(shell)-7); 200 strncat(username, pwd->pw_name, sizeof(username)-6); 201 cp = rindex(pwd->pw_shell, '/'); 202 if (cp) 203 cp++; 204 else 205 cp = pwd->pw_shell; 206 execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); 207 perror(pwd->pw_shell); 208 exit(1); 209 } 210 211 /*VARARGS1*/ 212 error(fmt, a1, a2, a3) 213 char *fmt; 214 int a1, a2, a3; 215 { 216 char buf[BUFSIZ]; 217 218 buf[0] = 1; 219 (void) sprintf(buf+1, fmt, a1, a2, a3); 220 (void) write(2, buf, strlen(buf)); 221 } 222 223 getstr(buf, cnt, err) 224 char *buf; 225 int cnt; 226 char *err; 227 { 228 char c; 229 230 do { 231 if (read(0, &c, 1) != 1) 232 exit(1); 233 *buf++ = c; 234 if (--cnt == 0) { 235 error("%s too long\n", err); 236 exit(1); 237 } 238 } while (c != 0); 239 } 240