![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to rexecd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 42BSD / etc|
Return to rexecd.c CVS log | Up to [CSRG BSD Unix] / 42BSD / etc |
1.1 root 1: #ifndef lint
2: static char sccsid[] = "@(#)rexecd.c 4.10 (Berkeley) 83/07/02";
3: #endif
4:
5: #include <sys/ioctl.h>
6: #include <sys/param.h>
7: #include <sys/socket.h>
8: #include <sys/wait.h>
9:
10: #include <netinet/in.h>
11:
12: #include <stdio.h>
13: #include <errno.h>
14: #include <pwd.h>
15: #include <signal.h>
16: #include <netdb.h>
17:
18: extern errno;
19: struct sockaddr_in sin = { AF_INET };
20: struct passwd *getpwnam();
21: char *crypt(), *rindex(), *sprintf();
22: /* VARARGS 1 */
23: int error();
24: int reapchild();
25: /*
26: * remote execute server:
27: * username\0
28: * password\0
29: * command\0
30: * data
31: */
32: main(argc, argv)
33: int argc;
34: char **argv;
35: {
36: int f;
37: struct sockaddr_in from;
38: struct servent *sp;
39:
40: sp = getservbyname("exec", "tcp");
41: if (sp == 0) {
42: fprintf(stderr, "tcp/exec: unknown service\n");
43: exit(1);
44: }
45: sin.sin_port = sp->s_port;
46: #ifndef DEBUG
47: if (fork())
48: exit(0);
49: for (f = 0; f < 10; f++)
50: (void) close(f);
51: (void) open("/", 0);
52: (void) dup2(0, 1);
53: (void) dup2(0, 2);
54: { int t = open("/dev/tty", 2);
55: if (t >= 0) {
56: ioctl(t, TIOCNOTTY, (char *)0);
57: (void) close(t);
58: }
59: }
60: #endif
61: argc--, argv++;
62: f = socket(AF_INET, SOCK_STREAM, 0, 0);
63: if (f < 0) {
64: perror("rexecd: socket");
65: exit(1);
66: }
67: if (bind(f, &sin, sizeof (sin), 0) < 0) {
68: perror("rexecd: bind:");
69: exit(1);
70: }
71: signal(SIGCHLD, reapchild);
72: listen(f, 10);
73: for (;;) {
74: int s, len = sizeof (from);
75:
76: s = accept(f, &from, &len, 0);
77: if (s < 0) {
78: if (errno == EINTR)
79: continue;
80: perror("rexecd: accept");
81: sleep(1);
82: continue;
83: }
84: if (fork() == 0) {
85: signal(SIGCHLD, SIG_IGN);
86: doit(s, &from);
87: }
88: (void) close(s);
89: }
90: }
91:
92: reapchild()
93: {
94: union wait status;
95:
96: while (wait3(&status, WNOHANG, 0) > 0)
97: ;
98: }
99:
100: char username[20] = "USER=";
101: char homedir[64] = "HOME=";
102: char shell[64] = "SHELL=";
103: char *envinit[] =
104: {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", username, 0};
105: char **environ;
106:
107: struct sockaddr_in asin = { AF_INET };
108:
109: doit(f, fromp)
110: int f;
111: struct sockaddr_in *fromp;
112: {
113: char cmdbuf[NCARGS+1], *cp, *namep;
114: char user[16], pass[16];
115: struct passwd *pwd;
116: int s;
117: short port;
118: int pv[2], pid, ready, readfrom, cc;
119: char buf[BUFSIZ], sig;
120: int one = 1;
121:
122: (void) signal(SIGINT, SIG_DFL);
123: (void) signal(SIGQUIT, SIG_DFL);
124: (void) signal(SIGTERM, SIG_DFL);
125: #ifdef DEBUG
126: { int t = open("/dev/tty", 2);
127: if (t >= 0) {
128: ioctl(t, TIOCNOTTY, (char *)0);
129: (void) close(t);
130: }
131: }
132: #endif
133: dup2(f, 0);
134: dup2(f, 1);
135: dup2(f, 2);
136: (void) alarm(60);
137: port = 0;
138: for (;;) {
139: char c;
140: if (read(f, &c, 1) != 1)
141: exit(1);
142: if (c == 0)
143: break;
144: port = port * 10 + c - '0';
145: }
146: (void) alarm(0);
147: if (port != 0) {
148: s = socket(AF_INET, SOCK_STREAM, 0, 0);
149: if (s < 0)
150: exit(1);
151: if (bind(s, &asin, sizeof (asin), 0) < 0)
152: exit(1);
153: (void) alarm(60);
154: fromp->sin_port = htons((u_short)port);
155: if (connect(s, fromp, sizeof (*fromp), 0) < 0)
156: exit(1);
157: (void) alarm(0);
158: }
159: getstr(user, sizeof(user), "username");
160: getstr(pass, sizeof(pass), "password");
161: getstr(cmdbuf, sizeof(cmdbuf), "command");
162: setpwent();
163: pwd = getpwnam(user);
164: if (pwd == NULL) {
165: error("Login incorrect.\n");
166: exit(1);
167: }
168: endpwent();
169: if (*pwd->pw_passwd != '\0') {
170: namep = crypt(pass, pwd->pw_passwd);
171: if (strcmp(namep, pwd->pw_passwd)) {
172: error("Password incorrect.\n");
173: exit(1);
174: }
175: }
176: if (chdir(pwd->pw_dir) < 0) {
177: error("No remote directory.\n");
178: exit(1);
179: }
180: (void) write(2, "\0", 1);
181: if (port) {
182: (void) pipe(pv);
183: pid = fork();
184: if (pid == -1) {
185: error("Try again.\n");
186: exit(1);
187: }
188: if (pid) {
189: (void) close(0); (void) close(1); (void) close(2);
190: (void) close(f); (void) close(pv[1]);
191: readfrom = (1<<s) | (1<<pv[0]);
192: ioctl(pv[1], FIONBIO, (char *)&one);
193: /* should set s nbio! */
194: do {
195: ready = readfrom;
196: (void) select(16, &ready, 0, 0, 0);
197: if (ready & (1<<s)) {
198: if (read(s, &sig, 1) <= 0)
199: readfrom &= ~(1<<s);
200: else
201: killpg(pid, sig);
202: }
203: if (ready & (1<<pv[0])) {
204: cc = read(pv[0], buf, sizeof (buf));
205: if (cc <= 0) {
206: shutdown(s, 1+1);
207: readfrom &= ~(1<<pv[0]);
208: } else
209: (void) write(s, buf, cc);
210: }
211: } while (readfrom);
212: exit(0);
213: }
214: setpgrp(0, getpid());
215: (void) close(s); (void)close(pv[0]);
216: dup2(pv[1], 2);
217: }
218: if (*pwd->pw_shell == '\0')
219: pwd->pw_shell = "/bin/sh";
220: (void) close(f);
221: initgroups(pwd->pw_name, pwd->pw_gid);
222: (void) setuid(pwd->pw_uid);
223: (void) setgid(pwd->pw_gid);
224: environ = envinit;
225: strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
226: strncat(shell, pwd->pw_shell, sizeof(shell)-7);
227: strncat(username, pwd->pw_name, sizeof(username)-6);
228: cp = rindex(pwd->pw_shell, '/');
229: if (cp)
230: cp++;
231: else
232: cp = pwd->pw_shell;
233: execl(pwd->pw_shell, cp, "-c", cmdbuf, 0);
234: perror(pwd->pw_shell);
235: exit(1);
236: }
237:
238: /* VARARGS 1 */
239: error(fmt, a1, a2, a3)
240: char *fmt;
241: int a1, a2, a3;
242: {
243: char buf[BUFSIZ];
244:
245: buf[0] = 1;
246: (void) sprintf(buf+1, fmt, a1, a2, a3);
247: (void) write(2, buf, strlen(buf));
248: }
249:
250: getstr(buf, cnt, err)
251: char *buf;
252: int cnt;
253: char *err;
254: {
255: char c;
256:
257: do {
258: if (read(0, &c, 1) != 1)
259: exit(1);
260: *buf++ = c;
261: if (--cnt == 0) {
262: error("%s too long\n", err);
263: exit(1);
264: }
265: } while (c != 0);
266: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.