1 /* 2 * Copyright (c) 1983 The Regents of the University of California. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms are permitted 6 * provided that the above copyright notice and this paragraph are 7 * duplicated in all such forms and that any documentation, 8 * advertising materials, and other materials related to such 9 * distribution and use acknowledge that the software was developed 10 * by the University of California, Berkeley. The name of the 11 * University may not be used to endorse or promote products derived 12 * from this software without specific prior written permission. 13 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 15 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 16 */ 17 18 #ifndef lint 19 char copyright[] = 20 "@(#) Copyright (c) 1983 The Regents of the University of California.\n\ 21 All rights reserved.\n"; 22 #endif /* not lint */ 23 24 #ifndef lint 25 static char sccsid[] = "@(#)rexecd.c 5.9 (Berkeley) 05/11/89"; 26 #endif /* not lint */ 27 28 #include <sys/ioctl.h> 29 #include <sys/param.h> 30 #include <sys/socket.h> 31 #include <sys/time.h> 32 33 #include <netinet/in.h> 34 35 #include <stdio.h> 36 #include <errno.h> 37 #include <pwd.h> 38 #include <signal.h> 39 #include <netdb.h> 40 #include "pathnames.h" 41 42 extern int errno; 43 struct passwd *getpwnam(); 44 char *crypt(), *rindex(), *strncat(); 45 /*VARARGS1*/ 46 int error(); 47 48 /* 49 * remote execute server: 50 * username\0 51 * password\0 52 * command\0 53 * data 54 */ 55 /*ARGSUSED*/ 56 main(argc, argv) 57 int argc; 58 char **argv; 59 { 60 struct sockaddr_in from; 61 int fromlen; 62 63 fromlen = sizeof (from); 64 if (getpeername(0, &from, &fromlen) < 0) { 65 fprintf(stderr, "%s: ", argv[0]); 66 perror("getpeername"); 67 exit(1); 68 } 69 doit(0, &from); 70 } 71 72 char username[20] = "USER="; 73 char homedir[64] = "HOME="; 74 char shell[64] = "SHELL="; 75 char *envinit[] = 76 {homedir, shell, _PATH_DEFPATH, username, 0}; 77 char **environ; 78 79 struct sockaddr_in asin = { AF_INET }; 80 81 doit(f, fromp) 82 int f; 83 struct sockaddr_in *fromp; 84 { 85 char cmdbuf[NCARGS+1], *cp, *namep; 86 char user[16], pass[16]; 87 struct passwd *pwd; 88 int s; 89 u_short port; 90 int pv[2], pid, ready, readfrom, cc; 91 char buf[BUFSIZ], sig; 92 int one = 1; 93 94 (void) signal(SIGINT, SIG_DFL); 95 (void) signal(SIGQUIT, SIG_DFL); 96 (void) signal(SIGTERM, SIG_DFL); 97 #ifdef DEBUG 98 { int t = open(_PATH_TTY, 2); 99 if (t >= 0) { 100 ioctl(t, TIOCNOTTY, (char *)0); 101 (void) close(t); 102 } 103 } 104 #endif 105 dup2(f, 0); 106 dup2(f, 1); 107 dup2(f, 2); 108 (void) alarm(60); 109 port = 0; 110 for (;;) { 111 char c; 112 if (read(f, &c, 1) != 1) 113 exit(1); 114 if (c == 0) 115 break; 116 port = port * 10 + c - '0'; 117 } 118 (void) alarm(0); 119 if (port != 0) { 120 s = socket(AF_INET, SOCK_STREAM, 0); 121 if (s < 0) 122 exit(1); 123 if (bind(s, &asin, sizeof (asin)) < 0) 124 exit(1); 125 (void) alarm(60); 126 fromp->sin_port = htons(port); 127 if (connect(s, fromp, sizeof (*fromp)) < 0) 128 exit(1); 129 (void) alarm(0); 130 } 131 getstr(user, sizeof(user), "username"); 132 getstr(pass, sizeof(pass), "password"); 133 getstr(cmdbuf, sizeof(cmdbuf), "command"); 134 setpwent(); 135 pwd = getpwnam(user); 136 if (pwd == NULL) { 137 error("Login incorrect.\n"); 138 exit(1); 139 } 140 endpwent(); 141 if (*pwd->pw_passwd != '\0') { 142 namep = crypt(pass, pwd->pw_passwd); 143 if (strcmp(namep, pwd->pw_passwd)) { 144 error("Password incorrect.\n"); 145 exit(1); 146 } 147 } 148 if (chdir(pwd->pw_dir) < 0) { 149 error("No remote directory.\n"); 150 exit(1); 151 } 152 (void) write(2, "\0", 1); 153 if (port) { 154 (void) pipe(pv); 155 pid = fork(); 156 if (pid == -1) { 157 error("Try again.\n"); 158 exit(1); 159 } 160 if (pid) { 161 (void) close(0); (void) close(1); (void) close(2); 162 (void) close(f); (void) close(pv[1]); 163 readfrom = (1<<s) | (1<<pv[0]); 164 ioctl(pv[1], FIONBIO, (char *)&one); 165 /* should set s nbio! */ 166 do { 167 ready = readfrom; 168 (void) select(16, &ready, (fd_set *)0, 169 (fd_set *)0, (struct timeval *)0); 170 if (ready & (1<<s)) { 171 if (read(s, &sig, 1) <= 0) 172 readfrom &= ~(1<<s); 173 else 174 killpg(pid, sig); 175 } 176 if (ready & (1<<pv[0])) { 177 cc = read(pv[0], buf, sizeof (buf)); 178 if (cc <= 0) { 179 shutdown(s, 1+1); 180 readfrom &= ~(1<<pv[0]); 181 } else 182 (void) write(s, buf, cc); 183 } 184 } while (readfrom); 185 exit(0); 186 } 187 setpgrp(0, getpid()); 188 (void) close(s); (void)close(pv[0]); 189 dup2(pv[1], 2); 190 } 191 if (*pwd->pw_shell == '\0') 192 pwd->pw_shell = _PATH_BSHELL; 193 if (f > 2) 194 (void) close(f); 195 (void) setgid((gid_t)pwd->pw_gid); 196 initgroups(pwd->pw_name, pwd->pw_gid); 197 (void) setuid((uid_t)pwd->pw_uid); 198 environ = envinit; 199 strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); 200 strncat(shell, pwd->pw_shell, sizeof(shell)-7); 201 strncat(username, pwd->pw_name, sizeof(username)-6); 202 cp = rindex(pwd->pw_shell, '/'); 203 if (cp) 204 cp++; 205 else 206 cp = pwd->pw_shell; 207 execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); 208 perror(pwd->pw_shell); 209 exit(1); 210 } 211 212 /*VARARGS1*/ 213 error(fmt, a1, a2, a3) 214 char *fmt; 215 int a1, a2, a3; 216 { 217 char buf[BUFSIZ]; 218 219 buf[0] = 1; 220 (void) sprintf(buf+1, fmt, a1, a2, a3); 221 (void) write(2, buf, strlen(buf)); 222 } 223 224 getstr(buf, cnt, err) 225 char *buf; 226 int cnt; 227 char *err; 228 { 229 char c; 230 231 do { 232 if (read(0, &c, 1) != 1) 233 exit(1); 234 *buf++ = c; 235 if (--cnt == 0) { 236 error("%s too long\n", err); 237 exit(1); 238 } 239 } while (c != 0); 240 } 241