1 /* 2 * Copyright (c) 1983, 1988, 1989 The Regents of the University of California. 3 * All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 */ 7 8 #ifndef lint 9 char copyright[] = 10 "@(#) Copyright (c) 1983, 1988, 1089 The Regents of the University of California.\n\ 11 All rights reserved.\n"; 12 #endif /* not lint */ 13 14 #ifndef lint 15 static char sccsid[] = "@(#)rshd.c 5.34 (Berkeley) 06/29/90"; 16 #endif /* not lint */ 17 18 /* From: 19 * $Source: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v $ 20 * $Header: /mit/kerberos/ucb/mit/rshd/RCS/rshd.c,v 5.2 89/07/31 19:30:04 kfall Exp $ 21 */ 22 23 24 /* 25 * remote shell server: 26 * [port]\0 27 * remuser\0 28 * locuser\0 29 * command\0 30 * data 31 */ 32 #include <sys/param.h> 33 #include <sys/ioctl.h> 34 #include <sys/socket.h> 35 #include <sys/file.h> 36 #include <sys/signal.h> 37 #include <sys/time.h> 38 39 #include <netinet/in.h> 40 41 #include <arpa/inet.h> 42 43 #include <stdio.h> 44 #include <errno.h> 45 #include <pwd.h> 46 #include <netdb.h> 47 #include <syslog.h> 48 #include "pathnames.h" 49 50 int errno; 51 int keepalive = 1; 52 int check_all = 0; 53 char *index(), *rindex(), *strncat(); 54 /*VARARGS1*/ 55 int error(); 56 int sent_null; 57 58 #ifdef KERBEROS 59 #include <kerberosIV/des.h> 60 #include <kerberosIV/krb.h> 61 #define VERSION_SIZE 9 62 #define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n" 63 #define OPTIONS "alknvx" 64 char authbuf[sizeof(AUTH_DAT)]; 65 char tickbuf[sizeof(KTEXT_ST)]; 66 int use_kerberos = 0, vacuous = 0; 67 int encrypt = 0; 68 Key_schedule schedule; 69 #else 70 #define OPTIONS "aln" 71 #endif 72 73 /*ARGSUSED*/ 74 main(argc, argv) 75 int argc; 76 char **argv; 77 { 78 extern int opterr, optind; 79 extern int _check_rhosts_file; 80 struct linger linger; 81 int ch, on = 1, fromlen; 82 struct sockaddr_in from; 83 84 openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); 85 86 opterr = 0; 87 while ((ch = getopt(argc, argv, OPTIONS)) != EOF) 88 switch (ch) { 89 case 'a': 90 check_all = 1; 91 break; 92 case 'l': 93 _check_rhosts_file = 0; 94 break; 95 case 'n': 96 keepalive = 0; 97 break; 98 #ifdef KERBEROS 99 case 'k': 100 use_kerberos = 1; 101 break; 102 103 case 'v': 104 vacuous = 1; 105 break; 106 107 case 'x': 108 encrypt = 1; 109 break; 110 #endif 111 case '?': 112 default: 113 usage(); 114 exit(2); 115 } 116 117 argc -= optind; 118 argv += optind; 119 120 #ifdef KERBEROS 121 if (use_kerberos && vacuous) { 122 syslog(LOG_ERR, "only one of -k and -v allowed"); 123 exit(2); 124 } 125 if (encrypt && !use_kerberos) { 126 syslog(LOG_ERR, "-k is required for -x"); 127 exit(2); 128 } 129 #endif 130 131 fromlen = sizeof (from); 132 if (getpeername(0, &from, &fromlen) < 0) { 133 syslog(LOG_ERR, "getpeername: %m"); 134 _exit(1); 135 } 136 if (keepalive && 137 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, 138 sizeof(on)) < 0) 139 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 140 linger.l_onoff = 1; 141 linger.l_linger = 60; /* XXX */ 142 if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, 143 sizeof (linger)) < 0) 144 syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); 145 doit(&from); 146 } 147 148 char username[20] = "USER="; 149 char homedir[64] = "HOME="; 150 char shell[64] = "SHELL="; 151 char *envinit[] = 152 {homedir, shell, _PATH_DEFPATH, username, 0}; 153 char **environ; 154 155 doit(fromp) 156 struct sockaddr_in *fromp; 157 { 158 char cmdbuf[NCARGS+1], *cp; 159 char locuser[16], remuser[16]; 160 struct passwd *pwd; 161 int s; 162 struct hostent *hp; 163 char *hostname, *errorstr = NULL, *errorhost; 164 u_short port; 165 int pv[2], pid, cc; 166 int nfd; 167 fd_set ready, readfrom; 168 char buf[BUFSIZ], sig; 169 int one = 1; 170 char remotehost[2 * MAXHOSTNAMELEN + 1]; 171 172 #ifdef KERBEROS 173 AUTH_DAT *kdata = (AUTH_DAT *) NULL; 174 KTEXT ticket = (KTEXT) NULL; 175 char instance[INST_SZ], version[VERSION_SIZE]; 176 struct sockaddr_in fromaddr; 177 int rc; 178 long authopts; 179 int pv1[2], pv2[2]; 180 fd_set wready, writeto; 181 182 fromaddr = *fromp; 183 #endif 184 185 (void) signal(SIGINT, SIG_DFL); 186 (void) signal(SIGQUIT, SIG_DFL); 187 (void) signal(SIGTERM, SIG_DFL); 188 #ifdef DEBUG 189 { int t = open(_PATH_TTY, 2); 190 if (t >= 0) { 191 ioctl(t, TIOCNOTTY, (char *)0); 192 (void) close(t); 193 } 194 } 195 #endif 196 fromp->sin_port = ntohs((u_short)fromp->sin_port); 197 if (fromp->sin_family != AF_INET) { 198 syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", 199 fromp->sin_family); 200 exit(1); 201 } 202 #ifdef IP_OPTIONS 203 { 204 u_char optbuf[BUFSIZ/3], *cp; 205 char lbuf[BUFSIZ], *lp; 206 int optsize = sizeof(optbuf), ipproto; 207 struct protoent *ip; 208 209 if ((ip = getprotobyname("ip")) != NULL) 210 ipproto = ip->p_proto; 211 else 212 ipproto = IPPROTO_IP; 213 if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) && 214 optsize != 0) { 215 lp = lbuf; 216 for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) 217 sprintf(lp, " %2.2x", *cp); 218 syslog(LOG_NOTICE, 219 "Connection received from %s using IP options (ignored):%s", 220 inet_ntoa(fromp->sin_addr), lbuf); 221 if (setsockopt(0, ipproto, IP_OPTIONS, 222 (char *)NULL, &optsize) != 0) { 223 syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m"); 224 exit(1); 225 } 226 } 227 } 228 #endif 229 230 #ifdef KERBEROS 231 if (!use_kerberos) 232 #endif 233 if (fromp->sin_port >= IPPORT_RESERVED || 234 fromp->sin_port < IPPORT_RESERVED/2) { 235 syslog(LOG_NOTICE|LOG_AUTH, 236 "Connection from %s on illegal port", 237 inet_ntoa(fromp->sin_addr)); 238 exit(1); 239 } 240 241 (void) alarm(60); 242 port = 0; 243 for (;;) { 244 char c; 245 if ((cc = read(0, &c, 1)) != 1) { 246 if (cc < 0) 247 syslog(LOG_NOTICE, "read: %m"); 248 shutdown(0, 1+1); 249 exit(1); 250 } 251 if (c== 0) 252 break; 253 port = port * 10 + c - '0'; 254 } 255 256 (void) alarm(0); 257 if (port != 0) { 258 int lport = IPPORT_RESERVED - 1; 259 s = rresvport(&lport); 260 if (s < 0) { 261 syslog(LOG_ERR, "can't get stderr port: %m"); 262 exit(1); 263 } 264 #ifdef KERBEROS 265 if (!use_kerberos) 266 #endif 267 if (port >= IPPORT_RESERVED) { 268 syslog(LOG_ERR, "2nd port not reserved\n"); 269 exit(1); 270 } 271 fromp->sin_port = htons(port); 272 if (connect(s, fromp, sizeof (*fromp)) < 0) { 273 syslog(LOG_INFO, "connect second port: %m"); 274 exit(1); 275 } 276 } 277 278 #ifdef KERBEROS 279 if (vacuous) { 280 error("rshd: remote host requires Kerberos authentication\n"); 281 exit(1); 282 } 283 #endif 284 285 #ifdef notdef 286 /* from inetd, socket is already on 0, 1, 2 */ 287 dup2(f, 0); 288 dup2(f, 1); 289 dup2(f, 2); 290 #endif 291 hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr), 292 fromp->sin_family); 293 if (hp) { 294 /* 295 * If name returned by gethostbyaddr is in our domain, 296 * attempt to verify that we haven't been fooled by someone 297 * in a remote net; look up the name and check that this 298 * address corresponds to the name. 299 */ 300 hostname = hp->h_name; 301 #ifdef KERBEROS 302 if (!use_kerberos) 303 #endif 304 if (check_all || local_domain(hp->h_name)) { 305 strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1); 306 remotehost[sizeof(remotehost) - 1] = 0; 307 errorhost = remotehost; 308 hp = gethostbyname(remotehost); 309 if (hp == NULL) { 310 syslog(LOG_INFO, 311 "Couldn't look up address for %s", 312 remotehost); 313 errorstr = 314 "Couldn't look up address for your host (%s)\n"; 315 hostname = inet_ntoa(fromp->sin_addr); 316 } else for (; ; hp->h_addr_list++) { 317 if (hp->h_addr_list[0] == NULL) { 318 syslog(LOG_NOTICE, 319 "Host addr %s not listed for host %s", 320 inet_ntoa(fromp->sin_addr), 321 hp->h_name); 322 errorstr = 323 "Host address mismatch for %s\n"; 324 hostname = inet_ntoa(fromp->sin_addr); 325 break; 326 } 327 if (!bcmp(hp->h_addr_list[0], 328 (caddr_t)&fromp->sin_addr, 329 sizeof(fromp->sin_addr))) { 330 hostname = hp->h_name; 331 break; 332 } 333 } 334 } 335 } else 336 errorhost = hostname = inet_ntoa(fromp->sin_addr); 337 338 #ifdef KERBEROS 339 if (use_kerberos) { 340 kdata = (AUTH_DAT *) authbuf; 341 ticket = (KTEXT) tickbuf; 342 authopts = 0L; 343 strcpy(instance, "*"); 344 version[VERSION_SIZE - 1] = '\0'; 345 if (encrypt) { 346 struct sockaddr_in local_addr; 347 rc = sizeof(local_addr); 348 if (getsockname(0, &local_addr, &rc) < 0) { 349 syslog(LOG_ERR, "getsockname: %m"); 350 error("rlogind: getsockname: %m"); 351 exit(1); 352 } 353 authopts = KOPT_DO_MUTUAL; 354 rc = krb_recvauth(authopts, 0, ticket, 355 "rcmd", instance, &fromaddr, 356 &local_addr, kdata, "", schedule, 357 version); 358 des_set_key(kdata->session, schedule); 359 } else { 360 rc = krb_recvauth(authopts, 0, ticket, "rcmd", 361 instance, &fromaddr, 362 (struct sockaddr_in *) 0, 363 kdata, "", (bit_64 *) 0, version); 364 } 365 if (rc != KSUCCESS) { 366 error("Kerberos authentication failure: %s\n", 367 krb_err_txt[rc]); 368 exit(1); 369 } 370 } else 371 #endif 372 getstr(remuser, sizeof(remuser), "remuser"); 373 374 getstr(locuser, sizeof(locuser), "locuser"); 375 getstr(cmdbuf, sizeof(cmdbuf), "command"); 376 setpwent(); 377 pwd = getpwnam(locuser); 378 if (pwd == NULL) { 379 if (errorstr == NULL) 380 errorstr = "Login incorrect.\n"; 381 goto fail; 382 } 383 if (chdir(pwd->pw_dir) < 0) { 384 (void) chdir("/"); 385 #ifdef notdef 386 error("No remote directory.\n"); 387 exit(1); 388 #endif 389 } 390 391 #ifdef KERBEROS 392 if (use_kerberos) { 393 if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { 394 if (kuserok(kdata, locuser) != 0) { 395 syslog(LOG_NOTICE|LOG_AUTH, 396 "Kerberos rsh denied to %s.%s@%s", 397 kdata->pname, kdata->pinst, kdata->prealm); 398 error("Permission denied.\n"); 399 exit(1); 400 } 401 } 402 } else 403 #endif 404 405 if (errorstr || 406 pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && 407 ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) { 408 fail: 409 if (errorstr == NULL) 410 errorstr = "Permission denied.\n"; 411 error(errorstr, errorhost); 412 exit(1); 413 } 414 415 if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { 416 error("Logins currently disabled.\n"); 417 exit(1); 418 } 419 420 (void) write(2, "\0", 1); 421 sent_null = 1; 422 423 if (port) { 424 if (pipe(pv) < 0) { 425 error("Can't make pipe.\n"); 426 exit(1); 427 } 428 #ifdef KERBEROS 429 if (encrypt) { 430 if (pipe(pv1) < 0) { 431 error("Can't make 2nd pipe.\n"); 432 exit(1); 433 } 434 if (pipe(pv2) < 0) { 435 error("Can't make 3rd pipe.\n"); 436 exit(1); 437 } 438 } 439 #endif 440 pid = fork(); 441 if (pid == -1) { 442 error("Can't fork; try again.\n"); 443 exit(1); 444 } 445 if (pid) { 446 #ifdef KERBEROS 447 if (encrypt) { 448 static char msg[] = SECURE_MESSAGE; 449 (void) close(pv1[1]); 450 (void) close(pv2[1]); 451 des_write(s, msg, sizeof(msg)); 452 453 } else 454 #endif 455 { 456 (void) close(0); (void) close(1); 457 } 458 (void) close(2); (void) close(pv[1]); 459 460 FD_ZERO(&readfrom); 461 FD_SET(s, &readfrom); 462 FD_SET(pv[0], &readfrom); 463 if (pv[0] > s) 464 nfd = pv[0]; 465 else 466 nfd = s; 467 #ifdef KERBEROS 468 if (encrypt) { 469 FD_ZERO(&writeto); 470 FD_SET(pv2[0], &writeto); 471 FD_SET(pv1[0], &readfrom); 472 473 nfd = MAX(nfd, pv2[0]); 474 nfd = MAX(nfd, pv1[0]); 475 } else 476 #endif 477 ioctl(pv[0], FIONBIO, (char *)&one); 478 479 /* should set s nbio! */ 480 nfd++; 481 do { 482 ready = readfrom; 483 #ifdef KERBEROS 484 if (encrypt) { 485 wready = writeto; 486 if (select(nfd, &ready, 487 &wready, (fd_set *) 0, 488 (struct timeval *) 0) < 0) 489 break; 490 } else 491 #endif 492 if (select(nfd, &ready, (fd_set *)0, 493 (fd_set *)0, (struct timeval *)0) < 0) 494 break; 495 if (FD_ISSET(s, &ready)) { 496 int ret; 497 #ifdef KERBEROS 498 if (encrypt) 499 ret = des_read(s, &sig, 1); 500 else 501 #endif 502 ret = read(s, &sig, 1); 503 if (ret <= 0) 504 FD_CLR(s, &readfrom); 505 else 506 killpg(pid, sig); 507 } 508 if (FD_ISSET(pv[0], &ready)) { 509 errno = 0; 510 cc = read(pv[0], buf, sizeof(buf)); 511 if (cc <= 0) { 512 shutdown(s, 1+1); 513 FD_CLR(pv[0], &readfrom); 514 } else { 515 #ifdef KERBEROS 516 if (encrypt) 517 (void) 518 des_write(s, buf, cc); 519 else 520 #endif 521 (void) 522 write(s, buf, cc); 523 } 524 } 525 #ifdef KERBEROS 526 527 if (encrypt && FD_ISSET(pv1[0], &ready)) { 528 errno = 0; 529 cc = read(pv1[0], buf, sizeof(buf)); 530 if (cc <= 0) { 531 shutdown(pv1[0], 1+1); 532 FD_CLR(pv1[0], &readfrom); 533 } else 534 (void) des_write(1, buf, cc); 535 } 536 537 if (encrypt && FD_ISSET(pv2[0], &wready)) { 538 errno = 0; 539 cc = des_read(0, buf, sizeof(buf)); 540 if (cc <= 0) { 541 shutdown(pv2[0], 1+1); 542 FD_CLR(pv2[0], &writeto); 543 } else 544 (void) write(pv2[0], buf, cc); 545 } 546 #endif 547 548 } while (FD_ISSET(s, &readfrom) || 549 #ifdef KERBEROS 550 (encrypt && FD_ISSET(pv1[0], &readfrom)) || 551 #endif 552 FD_ISSET(pv[0], &readfrom)); 553 exit(0); 554 } 555 setpgrp(0, getpid()); 556 (void) close(s); (void) close(pv[0]); 557 #ifdef KERBEROS 558 if (encrypt) { 559 close(pv1[0]); close(pv2[0]); 560 dup2(pv1[1], 1); 561 dup2(pv2[1], 0); 562 close(pv1[1]); 563 close(pv2[1]); 564 } 565 #endif 566 dup2(pv[1], 2); 567 close(pv[1]); 568 } 569 if (*pwd->pw_shell == '\0') 570 pwd->pw_shell = _PATH_BSHELL; 571 #if BSD > 43 572 if (setlogin(pwd->pw_name) < 0) 573 syslog(LOG_ERR, "setlogin() failed: %m"); 574 #endif 575 (void) setgid((gid_t)pwd->pw_gid); 576 initgroups(pwd->pw_name, pwd->pw_gid); 577 (void) setuid((uid_t)pwd->pw_uid); 578 environ = envinit; 579 strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); 580 strncat(shell, pwd->pw_shell, sizeof(shell)-7); 581 strncat(username, pwd->pw_name, sizeof(username)-6); 582 cp = rindex(pwd->pw_shell, '/'); 583 if (cp) 584 cp++; 585 else 586 cp = pwd->pw_shell; 587 endpwent(); 588 if (pwd->pw_uid == 0) { 589 #ifdef KERBEROS 590 if (use_kerberos) 591 syslog(LOG_INFO|LOG_AUTH, 592 "ROOT Kerberos shell from %s.%s@%s on %s, comm: %s\n", 593 kdata->pname, kdata->pinst, kdata->prealm, 594 hostname, cmdbuf); 595 else 596 #endif 597 syslog(LOG_INFO|LOG_AUTH, 598 "ROOT shell from %s@%s, comm: %s\n", 599 remuser, hostname, cmdbuf); 600 } 601 execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); 602 perror(pwd->pw_shell); 603 exit(1); 604 } 605 606 /* 607 * Report error to client. 608 * Note: can't be used until second socket has connected 609 * to client, or older clients will hang waiting 610 * for that connection first. 611 */ 612 /*VARARGS1*/ 613 error(fmt, a1, a2, a3) 614 char *fmt; 615 int a1, a2, a3; 616 { 617 char buf[BUFSIZ], *bp = buf; 618 619 if (sent_null == 0) 620 *bp++ = 1; 621 (void) sprintf(bp, fmt, a1, a2, a3); 622 (void) write(2, buf, strlen(buf)); 623 } 624 625 getstr(buf, cnt, err) 626 char *buf; 627 int cnt; 628 char *err; 629 { 630 char c; 631 632 do { 633 if (read(0, &c, 1) != 1) 634 exit(1); 635 *buf++ = c; 636 if (--cnt == 0) { 637 error("%s too long\n", err); 638 exit(1); 639 } 640 } while (c != 0); 641 } 642 643 /* 644 * Check whether host h is in our local domain, 645 * defined as sharing the last two components of the domain part, 646 * or the entire domain part if the local domain has only one component. 647 * If either name is unqualified (contains no '.'), 648 * assume that the host is local, as it will be 649 * interpreted as such. 650 */ 651 local_domain(h) 652 char *h; 653 { 654 char localhost[MAXHOSTNAMELEN]; 655 char *p1, *p2, *topdomain(); 656 657 localhost[0] = 0; 658 (void) gethostname(localhost, sizeof(localhost)); 659 p1 = topdomain(localhost); 660 p2 = topdomain(h); 661 if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2)) 662 return(1); 663 return(0); 664 } 665 666 char * 667 topdomain(h) 668 char *h; 669 { 670 register char *p; 671 char *maybe = NULL; 672 int dots = 0; 673 674 for (p = h + strlen(h); p >= h; p--) { 675 if (*p == '.') { 676 if (++dots == 2) 677 return (p); 678 maybe = p; 679 } 680 } 681 return (maybe); 682 } 683 684 usage() 685 { 686 syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS); 687 } 688