Annotation of src/usr.bin/rsh/kcmd.c, Revision 1.4
1.4 ! deraadt 1: /* $OpenBSD: kcmd.c,v 1.3 2002/06/12 06:07:16 mpech Exp $ */
1.1 deraadt 2: /* $NetBSD: kcmd.c,v 1.2 1995/03/21 07:58:32 cgd Exp $ */
3:
4: /*
5: * Copyright (c) 1983, 1993
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
36:
37: #ifndef lint
38: #if 0
39: static char Xsccsid[] = "derived from @(#)rcmd.c 5.17 (Berkeley) 6/27/88";
40: static char sccsid[] = "@(#)kcmd.c 8.2 (Berkeley) 8/19/93";
41: #else
1.4 ! deraadt 42: static char rcsid[] = "$OpenBSD: kcmd.c,v 1.3 2002/06/12 06:07:16 mpech Exp $";
1.1 deraadt 43: #endif
44: #endif /* not lint */
45:
46: #include <sys/param.h>
47: #include <sys/file.h>
48: #include <sys/socket.h>
49: #include <sys/stat.h>
50:
51: #include <netinet/in.h>
52: #include <arpa/inet.h>
53:
54: #include <des.h>
55: #include <kerberosIV/krb.h>
56:
57: #include <ctype.h>
58: #include <errno.h>
59: #include <netdb.h>
60: #include <pwd.h>
61: #include <signal.h>
62: #include <stdio.h>
63: #include <stdlib.h>
64: #include <string.h>
65: #include <unistd.h>
66:
67: #include <err.h>
68:
69: #ifndef MAXHOSTNAMELEN
70: #define MAXHOSTNAMELEN 64
71: #endif
72:
73: #define START_PORT 5120 /* arbitrary */
74:
75: int getport(int *);
76: int kcmd(int *, char **, u_short, char *, char *, char *,
77: int *, KTEXT, char *, char *, CREDENTIALS *,
78: Key_schedule, MSG_DAT *, struct sockaddr_in *,
79: struct sockaddr_in *, long);
80:
81: int
1.4 ! deraadt 82: kcmd(int *sock, char **ahost, u_short rport, char *locuser, char *remuser,
! 83: char *cmd, int *fd2p, KTEXT ticket, char *service, char *realm,
! 84: CREDENTIALS *cred, Key_schedule schedule, MSG_DAT *msg_data,
! 85: struct sockaddr_in *laddr, struct sockaddr_in *faddr, long authopts)
1.1 deraadt 86: {
1.3 mpech 87: int s, timo = 1;
1.1 deraadt 88: sigset_t mask, oldmask;
89: struct sockaddr_in sin, from;
90: char c;
91: int lport = IPPORT_RESERVED - 1;
92: struct hostent *hp;
93: int rc;
94: char *host_save;
95: int status;
1.3 mpech 96: pid_t pid;
1.1 deraadt 97:
98: pid = getpid();
99: hp = gethostbyname(*ahost);
100: if (hp == NULL) {
101: herror(*ahost);
102: return (-1);
103: }
104: if ((host_save = strdup(hp->h_name)) == NULL) {
105: warn("can't allocate memory");
106: return (-1);
107: }
108: *ahost = host_save;
109:
110: /* If realm is null, look up from table */
111: if (realm == NULL || realm[0] == '\0')
112: realm = krb_realmofhost(host_save);
113:
114: sigemptyset(&mask);
115: sigaddset(&mask, SIGURG);
116: sigprocmask(SIG_BLOCK, &mask, &oldmask);
117: for (;;) {
118: s = getport(&lport);
119: if (s < 0) {
120: if (errno == EAGAIN)
121: fprintf(stderr,
122: "kcmd(socket): All ports in use\n");
123: else
124: perror("kcmd: socket");
125: sigprocmask(SIG_SETMASK, &oldmask, NULL);
126: return (-1);
127: }
128: fcntl(s, F_SETOWN, pid);
129: bzero(&sin, sizeof sin);
130: sin.sin_len = sizeof(struct sockaddr_in);
131: sin.sin_family = hp->h_addrtype;
132: sin.sin_port = rport;
133: bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
134: if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
135: break;
136: (void) close(s);
137: if (errno == EADDRINUSE) {
138: lport--;
139: continue;
140: }
141: /*
142: * don't wait very long for Kerberos rcmd.
143: */
144: if (errno == ECONNREFUSED && timo <= 4) {
145: /* sleep(timo); don't wait at all here */
146: timo *= 2;
147: continue;
148: }
149: if (hp->h_addr_list[1] != NULL) {
150: int oerrno = errno;
151:
152: fprintf(stderr,
153: "kcmd: connect to address %s: ",
154: inet_ntoa(sin.sin_addr));
155: errno = oerrno;
156: perror(NULL);
157: hp->h_addr_list++;
158: bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
159: fprintf(stderr, "Trying %s...\n",
160: inet_ntoa(sin.sin_addr));
161: continue;
162: }
163: if (errno != ECONNREFUSED)
164: perror(hp->h_name);
165: sigprocmask(SIG_SETMASK, &oldmask, NULL);
166: return (-1);
167: }
168: if (fd2p == 0) {
169: write(s, "", 1);
170: lport = 0;
171: } else {
172: char num[8];
173: int s2 = getport(&lport), s3;
174: int len = sizeof(from);
175:
176: if (s2 < 0) {
177: status = -1;
178: goto bad;
179: }
180: listen(s2, 1);
181: (void) snprintf(num, sizeof(num), "%d", lport);
182: if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
183: perror("kcmd(write): setting up stderr");
184: (void) close(s2);
185: status = -1;
186: goto bad;
187: }
188: again:
189: s3 = accept(s2, (struct sockaddr *)&from, &len);
190: /*
191: * XXX careful for ftp bounce attacks. If discovered, shut them
192: * down and check for the real auxiliary channel to connect.
193: */
194: if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
195: (void) close(s3);
196: goto again;
197: }
198: (void) close(s2);
199: if (s3 < 0) {
200: perror("kcmd:accept");
201: lport = 0;
202: status = -1;
203: goto bad;
204: }
205: *fd2p = s3;
206: from.sin_port = ntohs(from.sin_port);
207: if (from.sin_family != AF_INET ||
208: from.sin_port >= IPPORT_RESERVED ||
209: from.sin_port < IPPORT_RESERVED / 2) {
210: fprintf(stderr,
211: "kcmd(socket): protocol failure in circuit setup.\n");
212: status = -1;
213: goto bad2;
214: }
215: }
216: /*
217: * Kerberos-authenticated service. Don't have to send locuser,
218: * since its already in the ticket, and we'll extract it on
219: * the other side.
220: */
221: /* (void) write(s, locuser, strlen(locuser)+1); */
222:
223: /* set up the needed stuff for mutual auth, but only if necessary */
224: if (authopts & KOPT_DO_MUTUAL) {
225: int sin_len;
226: *faddr = sin;
227:
228: sin_len = sizeof(struct sockaddr_in);
229: if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
230: perror("kcmd(getsockname)");
231: status = -1;
232: goto bad2;
233: }
234: }
235: if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
236: realm, (unsigned long) getpid(), msg_data,
237: cred, schedule,
238: laddr,
239: faddr,
240: "KCMDV0.1")) != KSUCCESS)
241: goto bad2;
242:
243: (void) write(s, remuser, strlen(remuser)+1);
244: (void) write(s, cmd, strlen(cmd)+1);
245:
246: if ((rc = read(s, &c, 1)) != 1) {
247: if (rc == -1)
248: perror(*ahost);
249: else
250: fprintf(stderr,"kcmd: bad connection with remote host\n");
251: status = -1;
252: goto bad2;
253: }
254: if (c != '\0') {
255: while (read(s, &c, 1) == 1) {
256: (void) write(2, &c, 1);
257: if (c == '\n')
258: break;
259: }
260: status = -1;
261: goto bad2;
262: }
263: sigprocmask(SIG_SETMASK, &oldmask, NULL);
264: *sock = s;
265: return (KSUCCESS);
266: bad2:
267: if (lport)
268: (void) close(*fd2p);
269: bad:
270: (void) close(s);
271: sigprocmask(SIG_SETMASK, &oldmask, NULL);
272: return (status);
273: }
274:
275: int
1.4 ! deraadt 276: getport(int *alport)
1.1 deraadt 277: {
278: struct sockaddr_in sin;
279: int s;
280:
281: /* First try to get a "reserved" [sic] port, for interoperability with
282: broken klogind (aix, e.g.) */
283:
284: s = rresvport(alport);
285: if (s >= 0)
286: return s;
287:
288: /* Failed; if EACCES, we're not root, so just get an unreserved port
289: and hope that's good enough */
290:
291: if (errno != EACCES)
292: return -1;
293:
294: if (*alport < IPPORT_RESERVED)
295: *alport = START_PORT;
1.2 deraadt 296: memset(&sin, 0, sizeof sin);
1.1 deraadt 297: sin.sin_family = AF_INET;
298: sin.sin_addr.s_addr = INADDR_ANY;
299: s = socket(AF_INET, SOCK_STREAM, 0);
300: if (s < 0)
301: return (-1);
302: for (;;) {
303: sin.sin_port = htons((u_short)*alport);
304: if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
305: return (s);
306: if (errno != EADDRINUSE) {
307: (void) close(s);
308: return (-1);
309: }
310: (*alport)--;
311: if (*alport == IPPORT_RESERVED) {
312: (void) close(s);
313: errno = EAGAIN; /* close */
314: return (-1);
315: }
316: }
317: }