Annotation of src/usr.bin/rlogin/kcmd.c, Revision 1.12
1.12 ! pvalchev 1: /* $OpenBSD: kcmd.c,v 1.11 2000/02/29 23:02:19 deraadt Exp $ */
1.1 deraadt 2: /* $NetBSD: kcmd.c,v 1.2 1995/03/21 07:58:32 cgd Exp $ */
3:
4: /*
5: * Copyright (c) 1983, 1993
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
36:
37: #ifndef lint
38: #if 0
39: static char Xsccsid[] = "derived from @(#)rcmd.c 5.17 (Berkeley) 6/27/88";
40: static char sccsid[] = "@(#)kcmd.c 8.2 (Berkeley) 8/19/93";
41: #else
1.12 ! pvalchev 42: static char rcsid[] = "$OpenBSD: kcmd.c,v 1.11 2000/02/29 23:02:19 deraadt Exp $";
1.1 deraadt 43: #endif
44: #endif /* not lint */
45:
46: #include <sys/param.h>
47: #include <sys/file.h>
48: #include <sys/socket.h>
49: #include <sys/stat.h>
50:
51: #include <netinet/in.h>
52: #include <arpa/inet.h>
53:
1.9 provos 54: #include <des.h>
1.1 deraadt 55: #include <kerberosIV/krb.h>
56:
57: #include <ctype.h>
58: #include <errno.h>
59: #include <netdb.h>
60: #include <pwd.h>
61: #include <signal.h>
62: #include <stdio.h>
63: #include <stdlib.h>
64: #include <string.h>
65: #include <unistd.h>
1.10 art 66:
67: #include <err.h>
1.1 deraadt 68:
69: #ifndef MAXHOSTNAMELEN
70: #define MAXHOSTNAMELEN 64
71: #endif
72:
73: #define START_PORT 5120 /* arbitrary */
74:
1.7 rees 75: int getport __P((int *));
1.12 ! pvalchev 76: int kcmd __P((int *, char **, u_short, char *, char *, char *,
! 77: int *, KTEXT, char *, char *, CREDENTIALS *,
! 78: Key_schedule, MSG_DAT *, struct sockaddr_in *,
! 79: struct sockaddr_in *, long));
1.7 rees 80:
1.1 deraadt 81: int
82: kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, ticket, service, realm,
83: cred, schedule, msg_data, laddr, faddr, authopts)
84: int *sock;
85: char **ahost;
86: u_short rport;
87: char *locuser, *remuser, *cmd;
88: int *fd2p;
89: KTEXT ticket;
90: char *service;
91: char *realm;
92: CREDENTIALS *cred;
93: Key_schedule schedule;
94: MSG_DAT *msg_data;
95: struct sockaddr_in *laddr, *faddr;
96: long authopts;
97: {
98: int s, timo = 1, pid;
1.8 deraadt 99: int oldmask;
1.1 deraadt 100: struct sockaddr_in sin, from;
101: char c;
102: int lport = IPPORT_RESERVED - 1;
103: struct hostent *hp;
104: int rc;
105: char *host_save;
106: int status;
107:
108: pid = getpid();
109: hp = gethostbyname(*ahost);
110: if (hp == NULL) {
1.4 tholo 111: herror(*ahost);
1.1 deraadt 112: return (-1);
113: }
1.5 millert 114: if ((host_save = strdup(hp->h_name)) == NULL) {
115: warn("can't allocate memory");
116: return (-1);
117: }
1.1 deraadt 118: *ahost = host_save;
119:
120: /* If realm is null, look up from table */
121: if (realm == NULL || realm[0] == '\0')
122: realm = krb_realmofhost(host_save);
123:
124: oldmask = sigblock(sigmask(SIGURG));
125: for (;;) {
1.7 rees 126: s = getport(&lport);
1.1 deraadt 127: if (s < 0) {
128: if (errno == EAGAIN)
129: fprintf(stderr,
130: "kcmd(socket): All ports in use\n");
131: else
132: perror("kcmd: socket");
133: sigsetmask(oldmask);
134: return (-1);
135: }
136: fcntl(s, F_SETOWN, pid);
1.4 tholo 137: bzero(&sin, sizeof sin);
138: sin.sin_len = sizeof(struct sockaddr_in);
1.1 deraadt 139: sin.sin_family = hp->h_addrtype;
140: sin.sin_port = rport;
1.4 tholo 141: bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
1.1 deraadt 142: if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
143: break;
144: (void) close(s);
145: if (errno == EADDRINUSE) {
146: lport--;
147: continue;
148: }
149: /*
150: * don't wait very long for Kerberos rcmd.
151: */
152: if (errno == ECONNREFUSED && timo <= 4) {
153: /* sleep(timo); don't wait at all here */
154: timo *= 2;
155: continue;
156: }
157: if (hp->h_addr_list[1] != NULL) {
158: int oerrno = errno;
159:
160: fprintf(stderr,
161: "kcmd: connect to address %s: ",
162: inet_ntoa(sin.sin_addr));
163: errno = oerrno;
164: perror(NULL);
165: hp->h_addr_list++;
1.4 tholo 166: bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
1.1 deraadt 167: fprintf(stderr, "Trying %s...\n",
168: inet_ntoa(sin.sin_addr));
169: continue;
170: }
171: if (errno != ECONNREFUSED)
172: perror(hp->h_name);
173: sigsetmask(oldmask);
174: return (-1);
175: }
176: if (fd2p == 0) {
177: write(s, "", 1);
178: lport = 0;
179: } else {
180: char num[8];
1.7 rees 181: int s2 = getport(&lport), s3;
1.1 deraadt 182: int len = sizeof(from);
183:
184: if (s2 < 0) {
185: status = -1;
186: goto bad;
187: }
188: listen(s2, 1);
1.4 tholo 189: (void) snprintf(num, sizeof(num), "%d", lport);
1.1 deraadt 190: if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
191: perror("kcmd(write): setting up stderr");
192: (void) close(s2);
193: status = -1;
194: goto bad;
195: }
1.4 tholo 196: again:
197: s3 = accept(s2, (struct sockaddr *)&from, &len);
198: /*
199: * XXX careful for ftp bounce attacks. If discovered, shut them
200: * down and check for the real auxiliary channel to connect.
201: */
202: if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
203: (void) close(s3);
204: goto again;
205: }
1.1 deraadt 206: (void) close(s2);
207: if (s3 < 0) {
208: perror("kcmd:accept");
209: lport = 0;
210: status = -1;
211: goto bad;
212: }
213: *fd2p = s3;
1.4 tholo 214: from.sin_port = ntohs(from.sin_port);
1.1 deraadt 215: if (from.sin_family != AF_INET ||
1.4 tholo 216: from.sin_port >= IPPORT_RESERVED ||
217: from.sin_port < IPPORT_RESERVED / 2) {
1.1 deraadt 218: fprintf(stderr,
219: "kcmd(socket): protocol failure in circuit setup.\n");
220: status = -1;
221: goto bad2;
222: }
223: }
224: /*
225: * Kerberos-authenticated service. Don't have to send locuser,
226: * since its already in the ticket, and we'll extract it on
227: * the other side.
228: */
229: /* (void) write(s, locuser, strlen(locuser)+1); */
230:
231: /* set up the needed stuff for mutual auth, but only if necessary */
232: if (authopts & KOPT_DO_MUTUAL) {
233: int sin_len;
234: *faddr = sin;
235:
236: sin_len = sizeof(struct sockaddr_in);
237: if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
238: perror("kcmd(getsockname)");
239: status = -1;
240: goto bad2;
241: }
242: }
243: if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
244: realm, (unsigned long) getpid(), msg_data,
245: cred, schedule,
246: laddr,
247: faddr,
248: "KCMDV0.1")) != KSUCCESS)
249: goto bad2;
250:
251: (void) write(s, remuser, strlen(remuser)+1);
252: (void) write(s, cmd, strlen(cmd)+1);
253:
254: if ((rc = read(s, &c, 1)) != 1) {
255: if (rc == -1)
256: perror(*ahost);
257: else
258: fprintf(stderr,"kcmd: bad connection with remote host\n");
259: status = -1;
260: goto bad2;
261: }
262: if (c != '\0') {
263: while (read(s, &c, 1) == 1) {
264: (void) write(2, &c, 1);
265: if (c == '\n')
266: break;
267: }
268: status = -1;
269: goto bad2;
270: }
271: sigsetmask(oldmask);
272: *sock = s;
273: return (KSUCCESS);
274: bad2:
275: if (lport)
276: (void) close(*fd2p);
277: bad:
278: (void) close(s);
279: sigsetmask(oldmask);
280: return (status);
1.7 rees 281: }
282:
283: int
284: getport(alport)
285: int *alport;
286: {
287: struct sockaddr_in sin;
288: int s;
289:
290: /* First try to get a "reserved" [sic] port, for interoperability with
291: broken klogind (aix, e.g.) */
292:
293: s = rresvport(alport);
294: if (s >= 0)
295: return s;
296:
297: /* Failed; if EACCES, we're not root, so just get an unreserved port
298: and hope that's good enough */
299:
300: if (errno != EACCES)
301: return -1;
302:
303: if (*alport < IPPORT_RESERVED)
304: *alport = START_PORT;
305: sin.sin_family = AF_INET;
306: sin.sin_addr.s_addr = INADDR_ANY;
307: s = socket(AF_INET, SOCK_STREAM, 0);
308: if (s < 0)
309: return (-1);
310: for (;;) {
311: sin.sin_port = htons((u_short)*alport);
312: if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
313: return (s);
314: if (errno != EADDRINUSE) {
315: (void) close(s);
316: return (-1);
317: }
318: (*alport)--;
319: if (*alport == IPPORT_RESERVED) {
320: (void) close(s);
321: errno = EAGAIN; /* close */
322: return (-1);
323: }
324: }
1.1 deraadt 325: }