Annotation of src/usr.bin/rlogin/kcmd.c, Revision 1.7
1.7 ! rees 1: /* $OpenBSD: kcmd.c,v 1.6 1996/10/18 17:17:09 tholo Exp $ */
1.1 deraadt 2: /* $NetBSD: kcmd.c,v 1.2 1995/03/21 07:58:32 cgd Exp $ */
3:
4: /*
5: * Copyright (c) 1983, 1993
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
36:
37: #ifndef lint
38: #if 0
39: static char Xsccsid[] = "derived from @(#)rcmd.c 5.17 (Berkeley) 6/27/88";
40: static char sccsid[] = "@(#)kcmd.c 8.2 (Berkeley) 8/19/93";
41: #else
1.7 ! rees 42: static char rcsid[] = "$OpenBSD: kcmd.c,v 1.6 1996/10/18 17:17:09 tholo Exp $";
1.1 deraadt 43: #endif
44: #endif /* not lint */
45:
46: #include <sys/param.h>
47: #include <sys/file.h>
48: #include <sys/socket.h>
49: #include <sys/stat.h>
50:
51: #include <netinet/in.h>
52: #include <arpa/inet.h>
53:
54: #include <kerberosIV/des.h>
55: #include <kerberosIV/krb.h>
56: #include <kerberosIV/kparse.h>
57:
58: #include <ctype.h>
59: #include <errno.h>
60: #include <netdb.h>
61: #include <pwd.h>
62: #include <signal.h>
63: #include <stdio.h>
64: #include <stdlib.h>
65: #include <string.h>
66: #include <unistd.h>
67:
68: #ifndef MAXHOSTNAMELEN
69: #define MAXHOSTNAMELEN 64
70: #endif
71:
72: #define START_PORT 5120 /* arbitrary */
73:
1.7 ! rees 74: int getport __P((int *));
! 75:
1.1 deraadt 76: int
77: kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, ticket, service, realm,
78: cred, schedule, msg_data, laddr, faddr, authopts)
79: int *sock;
80: char **ahost;
81: u_short rport;
82: char *locuser, *remuser, *cmd;
83: int *fd2p;
84: KTEXT ticket;
85: char *service;
86: char *realm;
87: CREDENTIALS *cred;
88: Key_schedule schedule;
89: MSG_DAT *msg_data;
90: struct sockaddr_in *laddr, *faddr;
91: long authopts;
92: {
93: int s, timo = 1, pid;
94: long oldmask;
95: struct sockaddr_in sin, from;
96: char c;
97: int lport = IPPORT_RESERVED - 1;
98: struct hostent *hp;
99: int rc;
100: char *host_save;
101: int status;
102:
103: pid = getpid();
104: hp = gethostbyname(*ahost);
105: if (hp == NULL) {
1.4 tholo 106: herror(*ahost);
1.1 deraadt 107: return (-1);
108: }
1.5 millert 109: if ((host_save = strdup(hp->h_name)) == NULL) {
110: warn("can't allocate memory");
111: return (-1);
112: }
1.1 deraadt 113: *ahost = host_save;
114:
115: /* If realm is null, look up from table */
116: if (realm == NULL || realm[0] == '\0')
117: realm = krb_realmofhost(host_save);
118:
119: oldmask = sigblock(sigmask(SIGURG));
120: for (;;) {
1.7 ! rees 121: s = getport(&lport);
1.1 deraadt 122: if (s < 0) {
123: if (errno == EAGAIN)
124: fprintf(stderr,
125: "kcmd(socket): All ports in use\n");
126: else
127: perror("kcmd: socket");
128: sigsetmask(oldmask);
129: return (-1);
130: }
131: fcntl(s, F_SETOWN, pid);
1.4 tholo 132: bzero(&sin, sizeof sin);
133: sin.sin_len = sizeof(struct sockaddr_in);
1.1 deraadt 134: sin.sin_family = hp->h_addrtype;
135: sin.sin_port = rport;
1.4 tholo 136: bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
1.1 deraadt 137: if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
138: break;
139: (void) close(s);
140: if (errno == EADDRINUSE) {
141: lport--;
142: continue;
143: }
144: /*
145: * don't wait very long for Kerberos rcmd.
146: */
147: if (errno == ECONNREFUSED && timo <= 4) {
148: /* sleep(timo); don't wait at all here */
149: timo *= 2;
150: continue;
151: }
152: if (hp->h_addr_list[1] != NULL) {
153: int oerrno = errno;
154:
155: fprintf(stderr,
156: "kcmd: connect to address %s: ",
157: inet_ntoa(sin.sin_addr));
158: errno = oerrno;
159: perror(NULL);
160: hp->h_addr_list++;
1.4 tholo 161: bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
1.1 deraadt 162: fprintf(stderr, "Trying %s...\n",
163: inet_ntoa(sin.sin_addr));
164: continue;
165: }
166: if (errno != ECONNREFUSED)
167: perror(hp->h_name);
168: sigsetmask(oldmask);
169: return (-1);
170: }
171: if (fd2p == 0) {
172: write(s, "", 1);
173: lport = 0;
174: } else {
175: char num[8];
1.7 ! rees 176: int s2 = getport(&lport), s3;
1.1 deraadt 177: int len = sizeof(from);
178:
179: if (s2 < 0) {
180: status = -1;
181: goto bad;
182: }
183: listen(s2, 1);
1.4 tholo 184: (void) snprintf(num, sizeof(num), "%d", lport);
1.1 deraadt 185: if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
186: perror("kcmd(write): setting up stderr");
187: (void) close(s2);
188: status = -1;
189: goto bad;
190: }
1.4 tholo 191: again:
192: s3 = accept(s2, (struct sockaddr *)&from, &len);
193: /*
194: * XXX careful for ftp bounce attacks. If discovered, shut them
195: * down and check for the real auxiliary channel to connect.
196: */
197: if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
198: (void) close(s3);
199: goto again;
200: }
1.1 deraadt 201: (void) close(s2);
202: if (s3 < 0) {
203: perror("kcmd:accept");
204: lport = 0;
205: status = -1;
206: goto bad;
207: }
208: *fd2p = s3;
1.4 tholo 209: from.sin_port = ntohs(from.sin_port);
1.1 deraadt 210: if (from.sin_family != AF_INET ||
1.4 tholo 211: from.sin_port >= IPPORT_RESERVED ||
212: from.sin_port < IPPORT_RESERVED / 2) {
1.1 deraadt 213: fprintf(stderr,
214: "kcmd(socket): protocol failure in circuit setup.\n");
215: status = -1;
216: goto bad2;
217: }
218: }
219: /*
220: * Kerberos-authenticated service. Don't have to send locuser,
221: * since its already in the ticket, and we'll extract it on
222: * the other side.
223: */
224: /* (void) write(s, locuser, strlen(locuser)+1); */
225:
226: /* set up the needed stuff for mutual auth, but only if necessary */
227: if (authopts & KOPT_DO_MUTUAL) {
228: int sin_len;
229: *faddr = sin;
230:
231: sin_len = sizeof(struct sockaddr_in);
232: if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
233: perror("kcmd(getsockname)");
234: status = -1;
235: goto bad2;
236: }
237: }
238: if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
239: realm, (unsigned long) getpid(), msg_data,
240: cred, schedule,
241: laddr,
242: faddr,
243: "KCMDV0.1")) != KSUCCESS)
244: goto bad2;
245:
246: (void) write(s, remuser, strlen(remuser)+1);
247: (void) write(s, cmd, strlen(cmd)+1);
248:
249: if ((rc = read(s, &c, 1)) != 1) {
250: if (rc == -1)
251: perror(*ahost);
252: else
253: fprintf(stderr,"kcmd: bad connection with remote host\n");
254: status = -1;
255: goto bad2;
256: }
257: if (c != '\0') {
258: while (read(s, &c, 1) == 1) {
259: (void) write(2, &c, 1);
260: if (c == '\n')
261: break;
262: }
263: status = -1;
264: goto bad2;
265: }
266: sigsetmask(oldmask);
267: *sock = s;
268: return (KSUCCESS);
269: bad2:
270: if (lport)
271: (void) close(*fd2p);
272: bad:
273: (void) close(s);
274: sigsetmask(oldmask);
275: return (status);
1.7 ! rees 276: }
! 277:
! 278: int
! 279: getport(alport)
! 280: int *alport;
! 281: {
! 282: struct sockaddr_in sin;
! 283: int s;
! 284:
! 285: /* First try to get a "reserved" [sic] port, for interoperability with
! 286: broken klogind (aix, e.g.) */
! 287:
! 288: s = rresvport(alport);
! 289: if (s >= 0)
! 290: return s;
! 291:
! 292: /* Failed; if EACCES, we're not root, so just get an unreserved port
! 293: and hope that's good enough */
! 294:
! 295: if (errno != EACCES)
! 296: return -1;
! 297:
! 298: if (*alport < IPPORT_RESERVED)
! 299: *alport = START_PORT;
! 300: sin.sin_family = AF_INET;
! 301: sin.sin_addr.s_addr = INADDR_ANY;
! 302: s = socket(AF_INET, SOCK_STREAM, 0);
! 303: if (s < 0)
! 304: return (-1);
! 305: for (;;) {
! 306: sin.sin_port = htons((u_short)*alport);
! 307: if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
! 308: return (s);
! 309: if (errno != EADDRINUSE) {
! 310: (void) close(s);
! 311: return (-1);
! 312: }
! 313: (*alport)--;
! 314: if (*alport == IPPORT_RESERVED) {
! 315: (void) close(s);
! 316: errno = EAGAIN; /* close */
! 317: return (-1);
! 318: }
! 319: }
1.1 deraadt 320: }