1 /* 2 * Copyright (c) 1983 The Regents of the University of California. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms are permitted 6 * provided that the above copyright notice and this paragraph are 7 * duplicated in all such forms and that any documentation, 8 * advertising materials, and other materials related to such 9 * distribution and use acknowledge that the software was developed 10 * by the University of California, Berkeley. The name of the 11 * University may not be used to endorse or promote products derived 12 * from this software without specific prior written permission. 13 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 15 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 16 */ 17 18 #ifndef lint 19 char copyright[] = 20 "@(#) Copyright (c) 1983 The Regents of the University of California.\n\ 21 All rights reserved.\n"; 22 #endif /* not lint */ 23 24 #ifndef lint 25 static char sccsid[] = "@(#)rshd.c 5.12 (Berkeley) 09/12/88"; 26 #endif /* not lint */ 27 28 /* 29 * remote shell server: 30 * remuser\0 31 * locuser\0 32 * command\0 33 * data 34 */ 35 #include <sys/ioctl.h> 36 #include <sys/param.h> 37 #include <sys/socket.h> 38 #include <sys/file.h> 39 #include <sys/time.h> 40 41 #include <netinet/in.h> 42 43 #include <arpa/inet.h> 44 45 #include <stdio.h> 46 #include <errno.h> 47 #include <pwd.h> 48 #include <signal.h> 49 #include <netdb.h> 50 #include <syslog.h> 51 52 int errno; 53 char *index(), *rindex(), *strncat(); 54 /*VARARGS1*/ 55 int error(); 56 57 /*ARGSUSED*/ 58 main(argc, argv) 59 int argc; 60 char **argv; 61 { 62 struct linger linger; 63 int on = 1, fromlen; 64 struct sockaddr_in from; 65 66 openlog("rsh", LOG_PID | LOG_ODELAY, LOG_DAEMON); 67 fromlen = sizeof (from); 68 if (getpeername(0, &from, &fromlen) < 0) { 69 fprintf(stderr, "%s: ", argv[0]); 70 perror("getpeername"); 71 _exit(1); 72 } 73 if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, 74 sizeof (on)) < 0) 75 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 76 linger.l_onoff = 1; 77 linger.l_linger = 60; /* XXX */ 78 if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, 79 sizeof (linger)) < 0) 80 syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); 81 doit(dup(0), &from); 82 } 83 84 char username[20] = "USER="; 85 char homedir[64] = "HOME="; 86 char shell[64] = "SHELL="; 87 char *envinit[] = 88 {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", username, 0}; 89 char **environ; 90 91 doit(f, fromp) 92 int f; 93 struct sockaddr_in *fromp; 94 { 95 char cmdbuf[NCARGS+1], *cp; 96 char locuser[16], remuser[16]; 97 struct passwd *pwd; 98 int s; 99 struct hostent *hp; 100 char *hostname; 101 short port; 102 int pv[2], pid, cc; 103 long ready, readfrom; 104 char buf[BUFSIZ], sig; 105 int one = 1; 106 107 (void) signal(SIGINT, SIG_DFL); 108 (void) signal(SIGQUIT, SIG_DFL); 109 (void) signal(SIGTERM, SIG_DFL); 110 #ifdef DEBUG 111 { int t = open("/dev/tty", 2); 112 if (t >= 0) { 113 ioctl(t, TIOCNOTTY, (char *)0); 114 (void) close(t); 115 } 116 } 117 #endif 118 fromp->sin_port = ntohs((u_short)fromp->sin_port); 119 if (fromp->sin_family != AF_INET) { 120 syslog(LOG_ERR, "malformed from address\n"); 121 exit(1); 122 } 123 if (fromp->sin_port >= IPPORT_RESERVED || 124 fromp->sin_port < IPPORT_RESERVED/2) { 125 syslog(LOG_NOTICE, "connection from bad port\n"); 126 exit(1); 127 } 128 (void) alarm(60); 129 port = 0; 130 for (;;) { 131 char c; 132 if ((cc = read(f, &c, 1)) != 1) { 133 if (cc < 0) 134 syslog(LOG_NOTICE, "read: %m"); 135 shutdown(f, 1+1); 136 exit(1); 137 } 138 if (c == 0) 139 break; 140 port = port * 10 + c - '0'; 141 } 142 (void) alarm(0); 143 if (port != 0) { 144 int lport = IPPORT_RESERVED - 1; 145 s = rresvport(&lport); 146 if (s < 0) { 147 syslog(LOG_ERR, "can't get stderr port: %m"); 148 exit(1); 149 } 150 if (port >= IPPORT_RESERVED) { 151 syslog(LOG_ERR, "2nd port not reserved\n"); 152 exit(1); 153 } 154 fromp->sin_port = htons((u_short)port); 155 if (connect(s, fromp, sizeof (*fromp)) < 0) { 156 syslog(LOG_INFO, "connect second port: %m"); 157 exit(1); 158 } 159 } 160 dup2(f, 0); 161 dup2(f, 1); 162 dup2(f, 2); 163 hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr), 164 fromp->sin_family); 165 if (hp) 166 hostname = hp->h_name; 167 else 168 hostname = inet_ntoa(fromp->sin_addr); 169 getstr(remuser, sizeof(remuser), "remuser"); 170 getstr(locuser, sizeof(locuser), "locuser"); 171 getstr(cmdbuf, sizeof(cmdbuf), "command"); 172 setpwent(); 173 pwd = getpwnam(locuser); 174 if (pwd == NULL) { 175 error("Login incorrect.\n"); 176 exit(1); 177 } 178 endpwent(); 179 if (chdir(pwd->pw_dir) < 0) { 180 (void) chdir("/"); 181 #ifdef notdef 182 error("No remote directory.\n"); 183 exit(1); 184 #endif 185 } 186 if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && 187 ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) { 188 error("Permission denied.\n"); 189 exit(1); 190 } 191 if (pwd->pw_uid && !access("/etc/nologin", F_OK)) { 192 error("Logins currently disabled.\n"); 193 exit(1); 194 } 195 (void) write(2, "\0", 1); 196 if (port) { 197 if (pipe(pv) < 0) { 198 error("Can't make pipe.\n"); 199 exit(1); 200 } 201 pid = fork(); 202 if (pid == -1) { 203 error("Try again.\n"); 204 exit(1); 205 } 206 if (pid) { 207 (void) close(0); (void) close(1); (void) close(2); 208 (void) close(f); (void) close(pv[1]); 209 readfrom = (1L<<s) | (1L<<pv[0]); 210 ioctl(pv[0], FIONBIO, (char *)&one); 211 /* should set s nbio! */ 212 do { 213 ready = readfrom; 214 if (select(16, &ready, (fd_set *)0, 215 (fd_set *)0, (struct timeval *)0) < 0) 216 break; 217 if (ready & (1L<<s)) { 218 if (read(s, &sig, 1) <= 0) 219 readfrom &= ~(1L<<s); 220 else 221 killpg(pid, sig); 222 } 223 if (ready & (1L<<pv[0])) { 224 errno = 0; 225 cc = read(pv[0], buf, sizeof (buf)); 226 if (cc <= 0) { 227 shutdown(s, 1+1); 228 readfrom &= ~(1L<<pv[0]); 229 } else 230 (void) write(s, buf, cc); 231 } 232 } while (readfrom); 233 exit(0); 234 } 235 setpgrp(0, getpid()); 236 (void) close(s); (void) close(pv[0]); 237 dup2(pv[1], 2); 238 } 239 if (*pwd->pw_shell == '\0') 240 pwd->pw_shell = "/bin/sh"; 241 (void) close(f); 242 (void) setgid((gid_t)pwd->pw_gid); 243 initgroups(pwd->pw_name, pwd->pw_gid); 244 (void) setuid((uid_t)pwd->pw_uid); 245 environ = envinit; 246 strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); 247 strncat(shell, pwd->pw_shell, sizeof(shell)-7); 248 strncat(username, pwd->pw_name, sizeof(username)-6); 249 cp = rindex(pwd->pw_shell, '/'); 250 if (cp) 251 cp++; 252 else 253 cp = pwd->pw_shell; 254 execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); 255 perror(pwd->pw_shell); 256 exit(1); 257 } 258 259 /*VARARGS1*/ 260 error(fmt, a1, a2, a3) 261 char *fmt; 262 int a1, a2, a3; 263 { 264 char buf[BUFSIZ]; 265 266 buf[0] = 1; 267 (void) sprintf(buf+1, fmt, a1, a2, a3); 268 (void) write(2, buf, strlen(buf)); 269 } 270 271 getstr(buf, cnt, err) 272 char *buf; 273 int cnt; 274 char *err; 275 { 276 char c; 277 278 do { 279 if (read(0, &c, 1) != 1) 280 exit(1); 281 *buf++ = c; 282 if (--cnt == 0) { 283 error("%s too long\n", err); 284 exit(1); 285 } 286 } while (c != 0); 287 } 288