Annotation of src/usr.bin/rsh/rsh.c, Revision 1.34
1.34 ! millert 1: /* $OpenBSD: rsh.c,v 1.33 2003/08/11 20:10:00 millert Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*-
4: * Copyright (c) 1983, 1990 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
1.32 millert 15: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 16: * may be used to endorse or promote products derived from this software
17: * without specific prior written permission.
18: *
19: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: * SUCH DAMAGE.
30: */
31:
32: #ifndef lint
1.33 millert 33: static const char copyright[] =
1.1 deraadt 34: "@(#) Copyright (c) 1983, 1990 The Regents of the University of California.\n\
35: All rights reserved.\n";
36: #endif /* not lint */
37:
38: #ifndef lint
1.33 millert 39: /*static const char sccsid[] = "from: @(#)rsh.c 5.24 (Berkeley) 7/1/91";*/
1.34 ! millert 40: static const char rcsid[] = "$OpenBSD: rsh.c,v 1.33 2003/08/11 20:10:00 millert Exp $";
1.1 deraadt 41: #endif /* not lint */
42:
43: #include <sys/types.h>
44: #include <sys/socket.h>
45: #include <sys/ioctl.h>
46: #include <sys/file.h>
47:
48: #include <netinet/in.h>
1.34 ! millert 49:
! 50: #include <err.h>
! 51: #include <errno.h>
1.1 deraadt 52: #include <netdb.h>
1.34 ! millert 53: #include <poll.h>
1.1 deraadt 54: #include <pwd.h>
55: #include <signal.h>
1.34 ! millert 56: #include <stdarg.h>
1.1 deraadt 57: #include <stdio.h>
1.17 art 58: #include <stdlib.h>
1.34 ! millert 59: #include <string.h>
1.17 art 60: #include <unistd.h>
1.34 ! millert 61:
1.1 deraadt 62: #include "pathnames.h"
63:
64: #ifdef KERBEROS
1.14 provos 65: #include <des.h>
1.1 deraadt 66: #include <kerberosIV/krb.h>
67:
68: CREDENTIALS cred;
69: Key_schedule schedule;
70: int use_kerberos = 1, doencrypt;
71: char dst_realm_buf[REALM_SZ], *dest_realm;
1.7 tholo 72:
1.23 millert 73: void warning(const char *, ...);
74: void desrw_set_key(des_cblock *, des_key_schedule *);
75: int des_read(int, char *, int);
1.29 deraadt 76: int des_write(int, void *, int);
1.17 art 77:
1.23 millert 78: int krcmd(char **, u_short, char *, char *, int *, char *);
1.24 millert 79: int krcmd_mutual(char **, u_short, char *, char *, int *, char *,
80: CREDENTIALS *, Key_schedule);
1.1 deraadt 81: #endif
82:
1.23 millert 83: void usage(void);
1.29 deraadt 84: void sendsig(int);
85: char *copyargs(char **argv);
1.17 art 86:
1.23 millert 87: void talk(int, sigset_t *, int, int);
1.17 art 88:
1.1 deraadt 89: /*
90: * rsh - remote shell
91: */
92: int rfd2;
93:
1.17 art 94: int
1.29 deraadt 95: main(int argc, char *argv[])
1.1 deraadt 96: {
97: extern char *optarg;
98: extern int optind;
99: struct passwd *pw;
100: struct servent *sp;
1.20 millert 101: sigset_t mask, omask;
1.28 mpech 102: int argoff, asrsh, ch, dflag, nflag, one, rem, uid;
1.29 deraadt 103: char *args, *host, *user, *p;
1.28 mpech 104: pid_t pid = 0;
1.1 deraadt 105:
106: argoff = asrsh = dflag = nflag = 0;
107: one = 1;
108: host = user = NULL;
109:
110: /* if called as something other than "rsh", use it as the host name */
1.17 art 111: if ((p = strrchr(argv[0], '/')))
1.1 deraadt 112: ++p;
113: else
114: p = argv[0];
115: if (strcmp(p, "rsh"))
116: host = p;
117: else
118: asrsh = 1;
119:
120: /* handle "rsh host flags" */
121: if (!host && argc > 2 && argv[1][0] != '-') {
122: host = argv[1];
123: argoff = 1;
124: }
125:
126: #ifdef KERBEROS
127: #define OPTIONS "8KLdek:l:nwx"
128: #else
129: #define OPTIONS "8KLdel:nw"
130: #endif
1.11 millert 131: while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
1.1 deraadt 132: switch(ch) {
133: case 'K':
134: #ifdef KERBEROS
135: use_kerberos = 0;
136: #endif
137: break;
138: case 'L': /* -8Lew are ignored to allow rlogin aliases */
139: case 'e':
140: case 'w':
141: case '8':
142: break;
143: case 'd':
144: dflag = 1;
145: break;
146: case 'l':
147: user = optarg;
148: break;
149: #ifdef KERBEROS
150: case 'k':
151: dest_realm = dst_realm_buf;
152: strncpy(dest_realm, optarg, REALM_SZ);
153: break;
154: #endif
155: case 'n':
156: nflag = 1;
157: break;
158: #ifdef KERBEROS
159: case 'x':
160: doencrypt = 1;
1.17 art 161: desrw_set_key(&cred.session, &schedule);
1.1 deraadt 162: break;
163: #endif
164: case '?':
165: default:
166: usage();
167: }
168: optind += argoff;
169:
170: /* if haven't gotten a host yet, do so */
171: if (!host && !(host = argv[optind++]))
172: usage();
173:
1.26 millert 174: /* if no command, login to remote host via rlogin or telnet. */
1.1 deraadt 175: if (!argv[optind]) {
1.26 millert 176: seteuid(getuid());
177: setuid(getuid());
1.1 deraadt 178: if (asrsh)
179: *argv = "rlogin";
180: execv(_PATH_RLOGIN, argv);
1.26 millert 181: if (errno == ENOENT) {
182: if (asrsh)
183: *argv = "telnet";
184: execv(_PATH_TELNET, argv);
185: }
1.33 millert 186: errx(1, "can't exec %s", _PATH_TELNET);
1.1 deraadt 187: }
188:
189: argc -= optind;
190: argv += optind;
191:
1.33 millert 192: if (geteuid() != 0)
193: errx(1, "must be setuid root");
194: if (!(pw = getpwuid(uid = getuid())))
195: errx(1, "unknown user ID %u", uid);
1.1 deraadt 196: if (!user)
197: user = pw->pw_name;
198:
199: #ifdef KERBEROS
200: /* -x turns off -n */
201: if (doencrypt)
202: nflag = 0;
203: #endif
204:
205: args = copyargs(argv);
206:
207: sp = NULL;
208: #ifdef KERBEROS
209: if (use_kerberos) {
210: sp = getservbyname((doencrypt ? "ekshell" : "kshell"), "tcp");
211: if (sp == NULL) {
212: use_kerberos = 0;
213: warning("can't get entry for %s/tcp service",
214: doencrypt ? "ekshell" : "kshell");
215: }
216: }
217: #endif
218: if (sp == NULL)
219: sp = getservbyname("shell", "tcp");
1.33 millert 220: if (sp == NULL)
221: errx(1, "shell/tcp: unknown service");
1.9 millert 222:
223: (void) unsetenv("RSH"); /* no tricks with rcmd(3) */
1.1 deraadt 224:
225: #ifdef KERBEROS
226: try_connect:
227: if (use_kerberos) {
228: rem = KSUCCESS;
229: errno = 0;
230: if (dest_realm == NULL)
231: dest_realm = krb_realmofhost(host);
232:
233: if (doencrypt)
234: rem = krcmd_mutual(&host, sp->s_port, user, args,
235: &rfd2, dest_realm, &cred, schedule);
236: else
237: rem = krcmd(&host, sp->s_port, user, args, &rfd2,
238: dest_realm);
239: if (rem < 0) {
240: use_kerberos = 0;
241: sp = getservbyname("shell", "tcp");
1.33 millert 242: if (sp == NULL)
243: errx(1, "unknown service shell/tcp");
1.1 deraadt 244: if (errno == ECONNREFUSED)
245: warning("remote host doesn't support Kerberos");
246: if (errno == ENOENT)
247: warning("can't provide Kerberos auth data");
248: goto try_connect;
249: }
250: } else {
1.33 millert 251: if (doencrypt)
252: errx("the -x flag requires Kerberos authentication");
1.18 itojun 253: rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args,
254: &rfd2, PF_UNSPEC);
1.1 deraadt 255: }
256: #else
1.18 itojun 257: rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args, &rfd2,
258: PF_UNSPEC);
1.1 deraadt 259: #endif
260:
261: if (rem < 0)
262: exit(1);
263:
1.33 millert 264: if (rfd2 < 0)
265: errx(1, "can't establish stderr");
1.1 deraadt 266: if (dflag) {
267: if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, &one,
268: sizeof(one)) < 0)
1.33 millert 269: warn("setsockopt");
1.1 deraadt 270: if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, &one,
271: sizeof(one)) < 0)
1.33 millert 272: warn("setsockopt");
1.1 deraadt 273: }
274:
1.10 tholo 275: (void)seteuid(uid);
1.1 deraadt 276: (void)setuid(uid);
1.20 millert 277: sigemptyset(&mask);
278: sigaddset(&mask, SIGINT);
279: sigaddset(&mask, SIGQUIT);
280: sigaddset(&mask, SIGTERM);
281: sigprocmask(SIG_BLOCK, &mask, &omask);
1.1 deraadt 282: if (signal(SIGINT, SIG_IGN) != SIG_IGN)
283: (void)signal(SIGINT, sendsig);
284: if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
285: (void)signal(SIGQUIT, sendsig);
286: if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
287: (void)signal(SIGTERM, sendsig);
288:
289: if (!nflag) {
1.33 millert 290: if ((pid = fork()) < 0)
291: err(1, "fork");
1.1 deraadt 292: }
293:
294: #ifdef KERBEROS
295: if (!doencrypt)
296: #endif
297: {
298: (void)ioctl(rfd2, FIONBIO, &one);
299: (void)ioctl(rem, FIONBIO, &one);
300: }
301:
1.20 millert 302: talk(nflag, &omask, pid, rem);
1.1 deraadt 303:
304: if (!nflag)
305: (void)kill(pid, SIGKILL);
1.17 art 306:
307: return 0;
1.1 deraadt 308: }
309:
1.17 art 310: void
1.29 deraadt 311: talk(int nflag, sigset_t *omask, pid_t pid, int rem)
1.1 deraadt 312: {
1.22 mpech 313: int cc, wc;
314: char *bp;
1.34 ! millert 315: struct pollfd pfd[2];
1.1 deraadt 316: char buf[BUFSIZ];
317:
318: if (!nflag && pid == 0) {
319: (void)close(rfd2);
320:
321: reread: errno = 0;
1.34 ! millert 322: if ((cc = read(STDIN_FILENO, buf, sizeof buf)) <= 0)
1.1 deraadt 323: goto done;
324: bp = buf;
325:
1.34 ! millert 326: pfd[0].fd = rem;
! 327: pfd[0].events = POLLOUT;
! 328: rewrite:
! 329: if (poll(pfd, 1, INFTIM) < 0) {
1.33 millert 330: if (errno != EINTR)
1.34 ! millert 331: err(1, "poll");
1.1 deraadt 332: goto rewrite;
333: }
334: #ifdef KERBEROS
335: if (doencrypt)
336: wc = des_write(rem, bp, cc);
337: else
338: #endif
339: wc = write(rem, bp, cc);
340: if (wc < 0) {
341: if (errno == EWOULDBLOCK)
342: goto rewrite;
343: goto done;
344: }
345: bp += wc;
346: cc -= wc;
347: if (cc == 0)
348: goto reread;
349: goto rewrite;
350: done:
351: (void)shutdown(rem, 1);
352: exit(0);
353: }
354:
1.21 deraadt 355: sigprocmask(SIG_SETMASK, omask, NULL);
1.34 ! millert 356: pfd[1].fd = rfd2;
! 357: pfd[1].events = POLLIN;
! 358: pfd[0].fd = rem;
! 359: pfd[0].events = POLLIN;
1.1 deraadt 360: do {
1.34 ! millert 361: if (poll(pfd, 2, INFTIM) < 0) {
1.33 millert 362: if (errno != EINTR)
1.34 ! millert 363: err(1, "poll");
1.1 deraadt 364: continue;
365: }
1.34 ! millert 366: if (pfd[1].revents & POLLIN) {
1.1 deraadt 367: errno = 0;
368: #ifdef KERBEROS
369: if (doencrypt)
370: cc = des_read(rfd2, buf, sizeof buf);
371: else
372: #endif
373: cc = read(rfd2, buf, sizeof buf);
374: if (cc <= 0) {
375: if (errno != EWOULDBLOCK)
1.34 ! millert 376: pfd[1].revents = 0;
1.1 deraadt 377: } else
1.34 ! millert 378: (void)write(STDERR_FILENO, buf, cc);
1.1 deraadt 379: }
1.34 ! millert 380: if (pfd[0].revents & POLLIN) {
1.1 deraadt 381: errno = 0;
382: #ifdef KERBEROS
383: if (doencrypt)
384: cc = des_read(rem, buf, sizeof buf);
385: else
386: #endif
387: cc = read(rem, buf, sizeof buf);
388: if (cc <= 0) {
389: if (errno != EWOULDBLOCK)
1.34 ! millert 390: pfd[0].revents = 0;
1.1 deraadt 391: } else
1.34 ! millert 392: (void)write(STDOUT_FILENO, buf, cc);
1.1 deraadt 393: }
1.34 ! millert 394: } while ((pfd[0].revents & POLLIN) || (pfd[1].revents & POLLIN));
1.1 deraadt 395: }
396:
397: void
1.29 deraadt 398: sendsig(int signo)
1.1 deraadt 399: {
1.16 deraadt 400: int save_errno = errno;
401:
1.1 deraadt 402: #ifdef KERBEROS
403: if (doencrypt)
404: (void)des_write(rfd2, &signo, 1);
405: else
406: #endif
407: (void)write(rfd2, &signo, 1);
1.16 deraadt 408: errno = save_errno;
1.1 deraadt 409: }
410:
411: #ifdef KERBEROS
412: /* VARARGS */
1.7 tholo 413: void
414: warning(const char *fmt, ...)
1.1 deraadt 415: {
416: va_list ap;
1.7 tholo 417: char myrealm[REALM_SZ];
1.1 deraadt 418:
1.7 tholo 419: if (krb_get_lrealm(myrealm, 0) != KSUCCESS)
420: return;
1.1 deraadt 421: (void)fprintf(stderr, "rsh: warning, using standard rsh: ");
1.7 tholo 422: va_start(ap, fmt);
1.1 deraadt 423: vfprintf(stderr, fmt, ap);
424: va_end(ap);
425: (void)fprintf(stderr, ".\n");
426: }
427: #endif
428:
429: char *
1.29 deraadt 430: copyargs(char **argv)
1.1 deraadt 431: {
1.29 deraadt 432: char **ap, *p, *args;
1.31 millert 433: size_t cc, len;
1.1 deraadt 434:
435: cc = 0;
436: for (ap = argv; *ap; ++ap)
437: cc += strlen(*ap) + 1;
1.31 millert 438: if ((args = malloc(cc)) == NULL)
439: err(1, NULL);
1.1 deraadt 440: for (p = args, ap = argv; *ap; ++ap) {
1.31 millert 441: len = strlcpy(p, *ap, cc);
442: if (len >= cc)
443: errx(1, "copyargs overflow");
444: p += len;
445: cc -= len;
446: if (ap[1]) {
1.1 deraadt 447: *p++ = ' ';
1.31 millert 448: cc--;
449: }
1.1 deraadt 450: }
451: return(args);
452: }
453:
1.17 art 454: void
455: usage(void)
1.1 deraadt 456: {
457: (void)fprintf(stderr,
1.27 hin 458: "usage: rsh [-Kdn%s]%s[-l username] hostname [command]\n",
1.1 deraadt 459: #ifdef KERBEROS
460: "x", " [-k realm] ");
461: #else
462: "", " ");
463: #endif
464: exit(1);
465: }