![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to rshd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDTahoe / etc|
Return to rshd.c CVS log | Up to [CSRG BSD Unix] / 43BSDTahoe / etc |
1.1 root 1: /*
2: * Copyright (c) 1983 Regents of the University of California.
3: * All rights reserved. The Berkeley software License Agreement
4: * specifies the terms and conditions for redistribution.
5: */
6:
7: #ifndef lint
8: char copyright[] =
9: "@(#) Copyright (c) 1983 Regents of the University of California.\n\
10: All rights reserved.\n";
11: #endif not lint
12:
13: #ifndef lint
14: static char sccsid[] = "@(#)rshd.c 5.11 (Berkeley) 4/18/88";
15: #endif not lint
16:
17: /*
18: * remote shell server:
19: * remuser\0
20: * locuser\0
21: * command\0
22: * data
23: */
24: #include <sys/ioctl.h>
25: #include <sys/param.h>
26: #include <sys/socket.h>
27: #include <sys/file.h>
28: #include <sys/time.h>
29:
30: #include <netinet/in.h>
31:
32: #include <arpa/inet.h>
33:
34: #include <stdio.h>
35: #include <errno.h>
36: #include <pwd.h>
37: #include <signal.h>
38: #include <netdb.h>
39: #include <syslog.h>
40:
41: int errno;
42: char *index(), *rindex(), *strncat();
43: /*VARARGS1*/
44: int error();
45:
46: /*ARGSUSED*/
47: main(argc, argv)
48: int argc;
49: char **argv;
50: {
51: struct linger linger;
52: int on = 1, fromlen;
53: struct sockaddr_in from;
54:
55: openlog("rsh", LOG_PID | LOG_ODELAY, LOG_DAEMON);
56: fromlen = sizeof (from);
57: if (getpeername(0, &from, &fromlen) < 0) {
58: fprintf(stderr, "%s: ", argv[0]);
59: perror("getpeername");
60: _exit(1);
61: }
62: if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
63: sizeof (on)) < 0)
64: syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
65: linger.l_onoff = 1;
66: linger.l_linger = 60; /* XXX */
67: if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger,
68: sizeof (linger)) < 0)
69: syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
70: doit(dup(0), &from);
71: }
72:
73: char username[20] = "USER=";
74: char homedir[64] = "HOME=";
75: char shell[64] = "SHELL=";
76: char *envinit[] =
77: {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", username, 0};
78: char **environ;
79:
80: doit(f, fromp)
81: int f;
82: struct sockaddr_in *fromp;
83: {
84: char cmdbuf[NCARGS+1], *cp;
85: char locuser[16], remuser[16];
86: struct passwd *pwd;
87: int s;
88: struct hostent *hp;
89: char *hostname;
90: short port;
91: int pv[2], pid, ready, readfrom, cc;
92: char buf[BUFSIZ], sig;
93: int one = 1;
94:
95: (void) signal(SIGINT, SIG_DFL);
96: (void) signal(SIGQUIT, SIG_DFL);
97: (void) signal(SIGTERM, SIG_DFL);
98: #ifdef DEBUG
99: { int t = open("/dev/tty", 2);
100: if (t >= 0) {
101: ioctl(t, TIOCNOTTY, (char *)0);
102: (void) close(t);
103: }
104: }
105: #endif
106: fromp->sin_port = ntohs((u_short)fromp->sin_port);
107: if (fromp->sin_family != AF_INET) {
108: syslog(LOG_ERR, "malformed from address\n");
109: exit(1);
110: }
111: if (fromp->sin_port >= IPPORT_RESERVED ||
112: fromp->sin_port < IPPORT_RESERVED/2) {
113: syslog(LOG_NOTICE, "connection from bad port\n");
114: exit(1);
115: }
116: (void) alarm(60);
117: port = 0;
118: for (;;) {
119: char c;
120: if ((cc = read(f, &c, 1)) != 1) {
121: if (cc < 0)
122: syslog(LOG_NOTICE, "read: %m");
123: shutdown(f, 1+1);
124: exit(1);
125: }
126: if (c == 0)
127: break;
128: port = port * 10 + c - '0';
129: }
130: (void) alarm(0);
131: if (port != 0) {
132: int lport = IPPORT_RESERVED - 1;
133: s = rresvport(&lport);
134: if (s < 0) {
135: syslog(LOG_ERR, "can't get stderr port: %m");
136: exit(1);
137: }
138: if (port >= IPPORT_RESERVED) {
139: syslog(LOG_ERR, "2nd port not reserved\n");
140: exit(1);
141: }
142: fromp->sin_port = htons((u_short)port);
143: if (connect(s, fromp, sizeof (*fromp)) < 0) {
144: syslog(LOG_INFO, "connect second port: %m");
145: exit(1);
146: }
147: }
148: dup2(f, 0);
149: dup2(f, 1);
150: dup2(f, 2);
151: hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr),
152: fromp->sin_family);
153: if (hp)
154: hostname = hp->h_name;
155: else
156: hostname = inet_ntoa(fromp->sin_addr);
157: getstr(remuser, sizeof(remuser), "remuser");
158: getstr(locuser, sizeof(locuser), "locuser");
159: getstr(cmdbuf, sizeof(cmdbuf), "command");
160: setpwent();
161: pwd = getpwnam(locuser);
162: if (pwd == NULL) {
163: error("Login incorrect.\n");
164: exit(1);
165: }
166: endpwent();
167: if (chdir(pwd->pw_dir) < 0) {
168: (void) chdir("/");
169: #ifdef notdef
170: error("No remote directory.\n");
171: exit(1);
172: #endif
173: }
174: if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
175: ruserok(hostname, pwd->pw_uid == 0, remuser, locuser) < 0) {
176: error("Permission denied.\n");
177: exit(1);
178: }
179: if (pwd->pw_uid && !access("/etc/nologin", F_OK)) {
180: error("Logins currently disabled.\n");
181: exit(1);
182: }
183: (void) write(2, "\0", 1);
184: if (port) {
185: if (pipe(pv) < 0) {
186: error("Can't make pipe.\n");
187: exit(1);
188: }
189: pid = fork();
190: if (pid == -1) {
191: error("Try again.\n");
192: exit(1);
193: }
194: if (pid) {
195: (void) close(0); (void) close(1); (void) close(2);
196: (void) close(f); (void) close(pv[1]);
197: readfrom = (1<<s) | (1<<pv[0]);
198: ioctl(pv[0], FIONBIO, (char *)&one);
199: /* should set s nbio! */
200: do {
201: ready = readfrom;
202: if (select(16, &ready, (fd_set *)0,
203: (fd_set *)0, (struct timeval *)0) < 0)
204: break;
205: if (ready & (1<<s)) {
206: if (read(s, &sig, 1) <= 0)
207: readfrom &= ~(1<<s);
208: else
209: killpg(pid, sig);
210: }
211: if (ready & (1<<pv[0])) {
212: errno = 0;
213: cc = read(pv[0], buf, sizeof (buf));
214: if (cc <= 0) {
215: shutdown(s, 1+1);
216: readfrom &= ~(1<<pv[0]);
217: } else
218: (void) write(s, buf, cc);
219: }
220: } while (readfrom);
221: exit(0);
222: }
223: setpgrp(0, getpid());
224: (void) close(s); (void) close(pv[0]);
225: dup2(pv[1], 2);
226: }
227: if (*pwd->pw_shell == '\0')
228: pwd->pw_shell = "/bin/sh";
229: (void) close(f);
230: (void) setgid((gid_t)pwd->pw_gid);
231: initgroups(pwd->pw_name, pwd->pw_gid);
232: (void) setuid((uid_t)pwd->pw_uid);
233: environ = envinit;
234: strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
235: strncat(shell, pwd->pw_shell, sizeof(shell)-7);
236: strncat(username, pwd->pw_name, sizeof(username)-6);
237: cp = rindex(pwd->pw_shell, '/');
238: if (cp)
239: cp++;
240: else
241: cp = pwd->pw_shell;
242: execl(pwd->pw_shell, cp, "-c", cmdbuf, 0);
243: perror(pwd->pw_shell);
244: exit(1);
245: }
246:
247: /*VARARGS1*/
248: error(fmt, a1, a2, a3)
249: char *fmt;
250: int a1, a2, a3;
251: {
252: char buf[BUFSIZ];
253:
254: buf[0] = 1;
255: (void) sprintf(buf+1, fmt, a1, a2, a3);
256: (void) write(2, buf, strlen(buf));
257: }
258:
259: getstr(buf, cnt, err)
260: char *buf;
261: int cnt;
262: char *err;
263: {
264: char c;
265:
266: do {
267: if (read(0, &c, 1) != 1)
268: exit(1);
269: *buf++ = c;
270: if (--cnt == 0) {
271: error("%s too long\n", err);
272: exit(1);
273: }
274: } while (c != 0);
275: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.