![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to rshd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSD / etc|
Return to rshd.c CVS log | Up to [CSRG BSD Unix] / 43BSD / etc |
1.1 ! root 1: /* ! 2: * Copyright (c) 1983 Regents of the University of California. ! 3: * All rights reserved. The Berkeley software License Agreement ! 4: * specifies the terms and conditions for redistribution. ! 5: */ ! 6: ! 7: #ifndef lint ! 8: char copyright[] = ! 9: "@(#) Copyright (c) 1983 Regents of the University of California.\n\ ! 10: All rights reserved.\n"; ! 11: #endif not lint ! 12: ! 13: #ifndef lint ! 14: static char sccsid[] = "@(#)rshd.c 5.7 (Berkeley) 5/9/86"; ! 15: #endif not lint ! 16: ! 17: /* ! 18: * remote shell server: ! 19: * remuser\0 ! 20: * locuser\0 ! 21: * command\0 ! 22: * data ! 23: */ ! 24: #include <sys/ioctl.h> ! 25: #include <sys/param.h> ! 26: #include <sys/socket.h> ! 27: #include <sys/time.h> ! 28: ! 29: #include <netinet/in.h> ! 30: ! 31: #include <arpa/inet.h> ! 32: ! 33: #include <stdio.h> ! 34: #include <errno.h> ! 35: #include <pwd.h> ! 36: #include <signal.h> ! 37: #include <netdb.h> ! 38: #include <syslog.h> ! 39: ! 40: int errno; ! 41: char *index(), *rindex(), *strncat(); ! 42: /*VARARGS1*/ ! 43: int error(); ! 44: ! 45: /*ARGSUSED*/ ! 46: main(argc, argv) ! 47: int argc; ! 48: char **argv; ! 49: { ! 50: struct linger linger; ! 51: int on = 1, fromlen; ! 52: struct sockaddr_in from; ! 53: ! 54: openlog("rsh", LOG_PID | LOG_ODELAY, LOG_DAEMON); ! 55: fromlen = sizeof (from); ! 56: if (getpeername(0, &from, &fromlen) < 0) { ! 57: fprintf(stderr, "%s: ", argv[0]); ! 58: perror("getpeername"); ! 59: _exit(1); ! 60: } ! 61: if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, ! 62: sizeof (on)) < 0) ! 63: syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); ! 64: linger.l_onoff = 1; ! 65: linger.l_linger = 60; /* XXX */ ! 66: if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, ! 67: sizeof (linger)) < 0) ! 68: syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); ! 69: doit(dup(0), &from); ! 70: } ! 71: ! 72: char username[20] = "USER="; ! 73: char homedir[64] = "HOME="; ! 74: char shell[64] = "SHELL="; ! 75: char *envinit[] = ! 76: {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", username, 0}; ! 77: char **environ; ! 78: ! 79: doit(f, fromp) ! 80: int f; ! 81: struct sockaddr_in *fromp; ! 82: { ! 83: char cmdbuf[NCARGS+1], *cp; ! 84: char locuser[16], remuser[16]; ! 85: struct passwd *pwd; ! 86: int s; ! 87: struct hostent *hp; ! 88: char *hostname; ! 89: short port; ! 90: int pv[2], pid, ready, readfrom, cc; ! 91: char buf[BUFSIZ], sig; ! 92: int one = 1; ! 93: ! 94: (void) signal(SIGINT, SIG_DFL); ! 95: (void) signal(SIGQUIT, SIG_DFL); ! 96: (void) signal(SIGTERM, SIG_DFL); ! 97: #ifdef DEBUG ! 98: { int t = open("/dev/tty", 2); ! 99: if (t >= 0) { ! 100: ioctl(t, TIOCNOTTY, (char *)0); ! 101: (void) close(t); ! 102: } ! 103: } ! 104: #endif ! 105: fromp->sin_port = ntohs((u_short)fromp->sin_port); ! 106: if (fromp->sin_family != AF_INET || ! 107: fromp->sin_port >= IPPORT_RESERVED) { ! 108: syslog(LOG_ERR, "malformed from address\n"); ! 109: exit(1); ! 110: } ! 111: (void) alarm(60); ! 112: port = 0; ! 113: for (;;) { ! 114: char c; ! 115: if (read(f, &c, 1) != 1) { ! 116: syslog(LOG_ERR, "read: %m"); ! 117: shutdown(f, 1+1); ! 118: exit(1); ! 119: } ! 120: if (c == 0) ! 121: break; ! 122: port = port * 10 + c - '0'; ! 123: } ! 124: (void) alarm(0); ! 125: if (port != 0) { ! 126: int lport = IPPORT_RESERVED - 1; ! 127: s = rresvport(&lport); ! 128: if (s < 0) { ! 129: syslog(LOG_ERR, "can't get stderr port: %m"); ! 130: exit(1); ! 131: } ! 132: if (port >= IPPORT_RESERVED) { ! 133: syslog(LOG_ERR, "2nd port not reserved\n"); ! 134: exit(1); ! 135: } ! 136: fromp->sin_port = htons((u_short)port); ! 137: if (connect(s, fromp, sizeof (*fromp)) < 0) { ! 138: syslog(LOG_INFO, "connect second port: %m"); ! 139: exit(1); ! 140: } ! 141: } ! 142: dup2(f, 0); ! 143: dup2(f, 1); ! 144: dup2(f, 2); ! 145: hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr), ! 146: fromp->sin_family); ! 147: if (hp) ! 148: hostname = hp->h_name; ! 149: else ! 150: hostname = inet_ntoa(fromp->sin_addr); ! 151: getstr(remuser, sizeof(remuser), "remuser"); ! 152: getstr(locuser, sizeof(locuser), "locuser"); ! 153: getstr(cmdbuf, sizeof(cmdbuf), "command"); ! 154: setpwent(); ! 155: pwd = getpwnam(locuser); ! 156: if (pwd == NULL) { ! 157: error("Login incorrect.\n"); ! 158: exit(1); ! 159: } ! 160: endpwent(); ! 161: if (chdir(pwd->pw_dir) < 0) { ! 162: (void) chdir("/"); ! 163: #ifdef notdef ! 164: error("No remote directory.\n"); ! 165: exit(1); ! 166: #endif ! 167: } ! 168: if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && ! 169: ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) { ! 170: error("Permission denied.\n"); ! 171: exit(1); ! 172: } ! 173: (void) write(2, "\0", 1); ! 174: if (port) { ! 175: if (pipe(pv) < 0) { ! 176: error("Can't make pipe.\n"); ! 177: exit(1); ! 178: } ! 179: pid = fork(); ! 180: if (pid == -1) { ! 181: error("Try again.\n"); ! 182: exit(1); ! 183: } ! 184: if (pid) { ! 185: (void) close(0); (void) close(1); (void) close(2); ! 186: (void) close(f); (void) close(pv[1]); ! 187: readfrom = (1<<s) | (1<<pv[0]); ! 188: ioctl(pv[1], FIONBIO, (char *)&one); ! 189: /* should set s nbio! */ ! 190: do { ! 191: ready = readfrom; ! 192: if (select(16, &ready, (fd_set *)0, ! 193: (fd_set *)0, (struct timeval *)0) < 0) ! 194: break; ! 195: if (ready & (1<<s)) { ! 196: if (read(s, &sig, 1) <= 0) ! 197: readfrom &= ~(1<<s); ! 198: else ! 199: killpg(pid, sig); ! 200: } ! 201: if (ready & (1<<pv[0])) { ! 202: errno = 0; ! 203: cc = read(pv[0], buf, sizeof (buf)); ! 204: if (cc <= 0) { ! 205: shutdown(s, 1+1); ! 206: readfrom &= ~(1<<pv[0]); ! 207: } else ! 208: (void) write(s, buf, cc); ! 209: } ! 210: } while (readfrom); ! 211: exit(0); ! 212: } ! 213: setpgrp(0, getpid()); ! 214: (void) close(s); (void) close(pv[0]); ! 215: dup2(pv[1], 2); ! 216: } ! 217: if (*pwd->pw_shell == '\0') ! 218: pwd->pw_shell = "/bin/sh"; ! 219: (void) close(f); ! 220: (void) setgid((gid_t)pwd->pw_gid); ! 221: initgroups(pwd->pw_name, pwd->pw_gid); ! 222: (void) setuid((uid_t)pwd->pw_uid); ! 223: environ = envinit; ! 224: strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); ! 225: strncat(shell, pwd->pw_shell, sizeof(shell)-7); ! 226: strncat(username, pwd->pw_name, sizeof(username)-6); ! 227: cp = rindex(pwd->pw_shell, '/'); ! 228: if (cp) ! 229: cp++; ! 230: else ! 231: cp = pwd->pw_shell; ! 232: execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); ! 233: perror(pwd->pw_shell); ! 234: exit(1); ! 235: } ! 236: ! 237: /*VARARGS1*/ ! 238: error(fmt, a1, a2, a3) ! 239: char *fmt; ! 240: int a1, a2, a3; ! 241: { ! 242: char buf[BUFSIZ]; ! 243: ! 244: buf[0] = 1; ! 245: (void) sprintf(buf+1, fmt, a1, a2, a3); ! 246: (void) write(2, buf, strlen(buf)); ! 247: } ! 248: ! 249: getstr(buf, cnt, err) ! 250: char *buf; ! 251: int cnt; ! 252: char *err; ! 253: { ! 254: char c; ! 255: ! 256: do { ! 257: if (read(0, &c, 1) != 1) ! 258: exit(1); ! 259: *buf++ = c; ! 260: if (--cnt == 0) { ! 261: error("%s too long\n", err); ! 262: exit(1); ! 263: } ! 264: } while (c != 0); ! 265: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.