diff --git a/etc/inetd.conf b/etc/inetd.conf index 27b93f74260e..34e7fc39d1ca 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -18,7 +18,6 @@ #login stream tcp6 nowait root /usr/libexec/rlogind rlogind #finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s #finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s -#exec stream tcp nowait root /usr/libexec/rexecd rexecd # # run comsat as root to be able to print partial mailbox contents w/ biff, # or use the safer tty:tty to just print that new mail has been received. diff --git a/etc/pam.d/Makefile b/etc/pam.d/Makefile index 4a69de41e7d2..19337889af24 100644 --- a/etc/pam.d/Makefile +++ b/etc/pam.d/Makefile @@ -2,7 +2,7 @@ NO_OBJ= FILES= README ftpd gdm imap kde login other passwd pop3 \ - rexecd rsh sshd su system telnetd xdm + rsh sshd su system telnetd xdm FILESDIR= /etc/pam.d FILESMODE= 644 FILESMODE_README= 444 diff --git a/etc/pam.d/rexecd b/etc/pam.d/rexecd deleted file mode 100644 index 532348ee9278..000000000000 --- a/etc/pam.d/rexecd +++ /dev/null @@ -1,19 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "rexecd" service -# - -# auth -auth required pam_nologin.so no_warn -auth required pam_unix.so no_warn use_first_pass - -# account -account required pam_ftpusers.so no_warn disallow -account required pam_unix.so no_warn - -# session -session required pam_permit.so - -# password -password required pam_deny.so diff --git a/lib/libc/net/rcmd.3 b/lib/libc/net/rcmd.3 index 3673c81cac68..f1168dd47819 100644 --- a/lib/libc/net/rcmd.3 +++ b/lib/libc/net/rcmd.3 @@ -264,8 +264,6 @@ is overloaded to mean ``All network ports in use.'' .Xr rlogin 1 , .Xr rsh 1 , .Xr intro 2 , -.Xr rexec 3 , -.Xr rexecd 8 , .Xr rlogind 8 , .Xr rshd 8 .Pp diff --git a/libexec/Makefile b/libexec/Makefile index 0d320d7d5288..30a8db11f503 100644 --- a/libexec/Makefile +++ b/libexec/Makefile @@ -16,7 +16,6 @@ SUBDIR= atrun \ pt_chown \ rbootd \ revnetgroup \ - ${_rexecd} \ ${_rlogind} \ rpc.rquotad \ rpc.rstatd \ @@ -47,7 +46,6 @@ _rtld-elf= rtld-elf .endif .if !defined(NO_RCMDS) -_rexecd= rexecd _rlogind= rlogind _rshd= rshd .endif diff --git a/libexec/rexecd/Makefile b/libexec/rexecd/Makefile deleted file mode 100644 index 05b003e3255d..000000000000 --- a/libexec/rexecd/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $FreeBSD$ - -PROG= rexecd -MAN= rexecd.8 -WARNS?= 6 -WFORMAT=0 - -DPADD= ${LIBPAM} ${LIBUTIL} -LDADD= ${MINUSLPAM} -lutil - -.include diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8 deleted file mode 100644 index c2588cba1475..000000000000 --- a/libexec/rexecd/rexecd.8 +++ /dev/null @@ -1,169 +0,0 @@ -.\" Copyright (c) 1983, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rexecd.8 8.2 (Berkeley) 12/11/93 -.\" $FreeBSD$ -.\" -.Dd September 23, 1994 -.Dt REXECD 8 -.Os -.Sh NAME -.Nm rexecd -.Nd remote execution server -.Sh SYNOPSIS -.Nm -.Op Fl i -.Sh DESCRIPTION -The -.Nm -utility is the server for the -.Xr rexec 3 -routine. -The server provides remote execution facilities -with authentication based on user names and -passwords. -.Pp -The -.Nm -utility listens for service requests at the port indicated in -the ``exec'' service specification; see -.Xr services 5 . -When a service request is received the following protocol -is initiated: -.Bl -enum -.It -The server reads characters from the socket up -to a NUL -.Pq Ql \e0 -byte. -The resultant string is -interpreted as an -.Tn ASCII -number, base 10. -.It -If the number received in step 1 is non-zero, -it is interpreted as the port number of a secondary -stream to be used for the -.Em stderr . -A second connection is then created to the specified -port on the client's machine. -.It -A NUL terminated user name of at most 16 characters -is retrieved on the initial socket. -.It -A NUL terminated, unencrypted password of at most -16 characters is retrieved on the initial socket. -.It -A NUL terminated command to be passed to a -shell is retrieved on the initial socket. -The length of -the command is limited by the upper bound on the size of -the system's argument list. -.It -The -.Nm -utility then validates the user as is done at login time -and, if the authentication was successful, changes -to the user's home directory, and establishes the user -and group protections of the user. -If any of these steps fail the connection is -aborted with a diagnostic message returned. -.It -A NUL byte is returned on the initial socket -and the command line is passed to the normal login -shell of the user. -The -shell inherits the network connections established -by -.Nm . -.El -.Sh CAVEATS -The -.Nm -utility will not allow root logins unless the -.Fl i -option is given on the command line (typically in -.Pa /etc/inetd.conf ) . -It will also disallow access for users listed in -.Pa /etc/ftpusers , -or users with no passwords, which were all serious security holes. -The entire concept of rexec/rexecd is a major security hole and an example -of how not to do things. -The -.Nm -utility is disabled by default in -.Pa /etc/inetd.conf . -.Sh DIAGNOSTICS -Except for the last one listed below, -all diagnostic messages are returned on the initial socket, -after which any network connections are closed. -An error is indicated by a leading byte with a value of -1 (0 is returned in step 7 above upon successful completion -of all the steps prior to the command execution). -.Pp -.Bl -tag -width Ds -.It Sy username too long -The name is -longer than 16 characters. -.It Sy password too long -The password is longer than 16 characters. -.It Sy command too long -The command line passed exceeds the size of the argument -list (as configured into the system). -.It Sy Login incorrect. -No password file entry for the user name existed. -.It Sy Password incorrect. -The wrong password was supplied. -.It Sy \&No remote directory. -The -.Xr chdir 1 -command to the home directory failed. -.It Sy Try again. -A -.Xr fork 2 -by the server failed. -.It Sy : ... -The user's login shell could not be started. -This message is returned -on the connection associated with the -.Em stderr , -and is not preceded by a flag byte. -.El -.Sh SEE ALSO -.Xr rexec 3 -.Sh HISTORY -The -.Nm -utility appeared in -.Bx 4.2 . -.Sh BUGS -A facility to allow all data and password exchanges to be encrypted should be -present. diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c deleted file mode 100644 index 54423bd9e38e..000000000000 --- a/libexec/rexecd/rexecd.c +++ /dev/null @@ -1,326 +0,0 @@ -/* - * Copyright (c) 1983, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -static const char copyright[] = -"@(#) Copyright (c) 1983, 1993\n\ - The Regents of the University of California. All rights reserved.\n"; -#endif /* not lint */ - -#ifndef lint -#if 0 -static char sccsid[] = "@(#)rexecd.c 8.1 (Berkeley) 6/4/93"; -#endif -static const char rcsid[] = - "$FreeBSD$"; -#endif /* not lint */ - -#include -#include -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -static pam_handle_t *pamh; -static struct pam_conv pamc = { - openpam_nullconv, - NULL -}; -static int pam_flags = PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK; -static int pam_err; -#define pam_ok(err) ((pam_err = (err)) == PAM_SUCCESS) - -char **environ; -char remote[MAXHOSTNAMELEN]; - -struct sockaddr_storage sa; - -char default_shell[] = _PATH_BSHELL; - -static void doit(struct sockaddr *); -static void getstr(char *, size_t, const char *); -static void error(const char *fmt, ...); - -int no_uid_0 = 1; - -/* - * remote execute server: - * username\0 - * password\0 - * command\0 - * data - */ -/*ARGSUSED*/ -int -main(int argc, char *argv[]) -{ - struct sockaddr_storage from; - socklen_t fromlen; - int ch; - - openlog("rexecd", LOG_PID, LOG_AUTH); - - while ((ch = getopt(argc, argv, "i")) != -1) - switch (ch) { - case 'i': - no_uid_0 = 0; - break; - default: - syslog(LOG_ERR, "usage: rexecd [-i]"); - exit(1); - } - argc -= optind; - argv += optind; - - fromlen = sizeof (from); - if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) - err(1, "getpeername"); - - realhostname_sa(remote, sizeof(remote) - 1, - (struct sockaddr *)&from, fromlen); - - doit((struct sockaddr *)&from); - return(0); -} - -static void -doit(struct sockaddr *fromp) -{ - char *cmdbuf, *cp; - size_t maxcmdlen; - char user[16], pass[16]; - struct passwd *pwd; - const void *item; - int fd, r, sd; - u_short port; - int pv[2], pid, cc, nfds; - fd_set rfds, fds; - char buf[BUFSIZ], sig; - int one = 1; - - maxcmdlen = sysconf(_SC_ARG_MAX); - if (maxcmdlen <= 0 || (cmdbuf = malloc(maxcmdlen)) == NULL) - exit(1); - - (void) signal(SIGINT, SIG_DFL); - (void) signal(SIGQUIT, SIG_DFL); - (void) signal(SIGTERM, SIG_DFL); - dup2(STDIN_FILENO, STDOUT_FILENO); - dup2(STDIN_FILENO, STDOUT_FILENO); - (void) alarm(60); - port = 0; - sd = -1; - for (;;) { - char c; - if (read(STDIN_FILENO, &c, 1) != 1) - exit(1); - if (c == 0) - break; - port = port * 10 + c - '0'; - } - if (port != 0) { - sd = socket(fromp->sa_family, SOCK_STREAM, 0); - if (sd < 0) - exit(1); - bzero(&sa, sizeof(sa)); - sa.ss_family = fromp->sa_family; - sa.ss_len = fromp->sa_len; - if (bind(sd, (struct sockaddr *)&sa, sa.ss_len) < 0) - exit(1); - switch (fromp->sa_family) { - case AF_INET: - ((struct sockaddr_in *)(void *)fromp)->sin_port = htons(port); - break; - case AF_INET6: - ((struct sockaddr_in6 *)(void *)fromp)->sin6_port = htons(port); - break; - default: - exit(1); - } - if (connect(sd, fromp, fromp->sa_len) < 0) - exit(1); - } - getstr(user, sizeof(user), "username"); - getstr(pass, sizeof(pass), "password"); - getstr(cmdbuf, maxcmdlen, "command"); - (void) alarm(0); - - if (!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) || - !pam_ok(pam_set_item(pamh, PAM_RHOST, remote)) || - !pam_ok(pam_set_item(pamh, PAM_AUTHTOK, pass)) || - !pam_ok(pam_authenticate(pamh, pam_flags)) || - !pam_ok(pam_acct_mgmt(pamh, pam_flags)) || - !pam_ok(pam_get_item(pamh, PAM_USER, &item)) || item == NULL || - strlen(item) >= sizeof(user) || strcpy(user, item) == NULL || - (pwd = getpwnam(user)) == NULL || - (pwd->pw_uid == 0 && no_uid_0)) { - syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote); - error("Login incorrect.\n"); - exit(1); - } - - syslog(LOG_INFO, "login from %s as %s", remote, user); - - (void) write(STDERR_FILENO, "\0", 1); - if (port != 0) { - (void) pipe(pv); - - pid = fork(); - if (pid == -1) { - error("Try again.\n"); - exit(1); - } - if (pid) { - /* parent */ - (void) pam_end(pamh, pam_err); - (void) close(STDIN_FILENO); - (void) close(STDOUT_FILENO); - (void) close(STDERR_FILENO); - (void) close(pv[1]); - ioctl(pv[0], FIONBIO, (char *)&one); - /* should set sd nbio! */ - FD_ZERO(&fds); - FD_SET(sd, &fds); - nfds = sd + 1; - FD_SET(pv[0], &fds); - if (pv[0] >= nfds) - nfds = pv[0] + 1; - do { - rfds = fds; - for (;;) { - r = select(nfds, &rfds, NULL, NULL, NULL); - if (r > 0) - break; - if (r < 0 && errno != EINTR) - exit(0); - } - if (FD_ISSET(sd, &rfds)) { - if (read(sd, &sig, 1) <= 0) - FD_CLR(sd, &fds); - else - killpg(pid, sig); - } - if (FD_ISSET(pv[0], &fds)) { - cc = read(pv[0], buf, sizeof (buf)); - if (cc <= 0) { - shutdown(sd, SHUT_RDWR); - FD_CLR(pv[0], &fds); - } else { - (void) write(sd, buf, cc); - } - } - } while (FD_ISSET(sd, &fds) || FD_ISSET(pv[0], &fds)); - exit(0); - } - /* child */ - (void) close(sd); - (void) close(pv[0]); - dup2(pv[1], 2); - } - for (fd = getdtablesize(); fd > 2; fd--) - (void) close(fd); - if (*pwd->pw_shell == '\0') - pwd->pw_shell = default_shell; - if (setsid() == -1) - syslog(LOG_ERR, "setsid() failed: %m"); - if (setlogin(pwd->pw_name) < 0) - syslog(LOG_ERR, "setlogin() failed: %m"); - (void) setgid((gid_t)pwd->pw_gid); - initgroups(pwd->pw_name, pwd->pw_gid); - if (!pam_ok(pam_setcred(pamh, PAM_ESTABLISH_CRED))) - syslog(LOG_ERR, "pam_setcred() failed: %s", - pam_strerror(pamh, pam_err)); - (void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1); - (void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1); - (void) pam_setenv(pamh, "USER", pwd->pw_name, 1); - (void) pam_setenv(pamh, "PATH", _PATH_DEFPATH, 1); - environ = pam_getenvlist(pamh); - (void) pam_end(pamh, pam_err); - (void) setuid((uid_t)pwd->pw_uid); - cp = strrchr(pwd->pw_shell, '/'); - if (cp) - cp++; - else - cp = pwd->pw_shell; - if (chdir(pwd->pw_dir) < 0) { - error("No remote directory.\n"); - exit(1); - } - execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)0); - err(1, "%s", pwd->pw_shell); -} - -static void -error(const char *fmt, ...) -{ - char buf[BUFSIZ]; - va_list ap; - - va_start(ap, fmt); - buf[0] = 1; - (void)vsnprintf(buf + 1, sizeof(buf) - 1, fmt, ap); - (void)write(STDERR_FILENO, buf, strlen(buf)); - va_end(ap); -} - -static void -getstr(char *buf, size_t cnt, const char *field) -{ - char c; - - do { - if (read(STDIN_FILENO, &c, 1) != 1) - exit(1); - *buf++ = c; - if (--cnt == 0) { - error("%s too long\n", field); - exit(1); - } - } while (c != 0); -} diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index e44a4041d60e..75e57101981f 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -902,7 +902,6 @@ socket but was unable to. .Xr comsat 8 , .Xr fingerd 8 , .Xr ftpd 8 , -.Xr rexecd 8 , .Xr rlogind 8 , .Xr rpcbind 8 , .Xr rshd 8 , diff --git a/usr.sbin/rmt/rmt.8 b/usr.sbin/rmt/rmt.8 index f63621db86d2..8dfe24526995 100644 --- a/usr.sbin/rmt/rmt.8 +++ b/usr.sbin/rmt/rmt.8 @@ -43,8 +43,6 @@ utility is used by the remote dump and restore programs in manipulating a magnetic tape drive through an interprocess communication connection. It is normally started up with an -.Xr rexec 3 -or .Xr rcmd 3 call. .Pp @@ -210,7 +208,6 @@ to exit. All responses are of the form described above. .Sh SEE ALSO .Xr rcmd 3 , -.Xr rexec 3 , .Xr mtio 4 , .Xr rdump 8 , .Xr rrestore 8