1105 lines
26 KiB
C
1105 lines
26 KiB
C
/*
|
|
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* 3. Neither the name of the Institute nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "rsh_locl.h"
|
|
RCSID("$Id: rsh.c,v 1.68 2002/09/04 21:40:04 joda Exp $");
|
|
|
|
enum auth_method auth_method;
|
|
#if defined(KRB4) || defined(KRB5)
|
|
int do_encrypt = -1;
|
|
#endif
|
|
#ifdef KRB5
|
|
int do_unique_tkfile = 0;
|
|
char *unique_tkfile = NULL;
|
|
char tkfile[MAXPATHLEN];
|
|
int do_forward = -1;
|
|
int do_forwardable = -1;
|
|
krb5_context context;
|
|
krb5_keyblock *keyblock;
|
|
krb5_crypto crypto;
|
|
#endif
|
|
#ifdef KRB4
|
|
des_key_schedule schedule;
|
|
des_cblock iv;
|
|
#endif
|
|
int sock_debug = 0;
|
|
|
|
#ifdef KRB4
|
|
static int use_v4 = -1;
|
|
#endif
|
|
#ifdef KRB5
|
|
static int use_v5 = -1;
|
|
#endif
|
|
static int use_only_broken = 0;
|
|
static int use_broken = 1;
|
|
static char *port_str;
|
|
static const char *user;
|
|
static int do_version;
|
|
static int do_help;
|
|
static int do_errsock = 1;
|
|
static char *protocol_version_str;
|
|
static int protocol_version = 2;
|
|
|
|
/*
|
|
*
|
|
*/
|
|
|
|
static int input = 1; /* Read from stdin */
|
|
|
|
static int
|
|
loop (int s, int errsock)
|
|
{
|
|
fd_set real_readset;
|
|
int count = 1;
|
|
|
|
#ifdef KRB5
|
|
if(auth_method == AUTH_KRB5 && protocol_version == 2)
|
|
init_ivecs(1);
|
|
#endif
|
|
|
|
if (s >= FD_SETSIZE || errsock >= FD_SETSIZE)
|
|
errx (1, "fd too large");
|
|
|
|
FD_ZERO(&real_readset);
|
|
FD_SET(s, &real_readset);
|
|
if (errsock != -1) {
|
|
FD_SET(errsock, &real_readset);
|
|
++count;
|
|
}
|
|
if(input)
|
|
FD_SET(STDIN_FILENO, &real_readset);
|
|
|
|
for (;;) {
|
|
int ret;
|
|
fd_set readset;
|
|
char buf[RSH_BUFSIZ];
|
|
|
|
readset = real_readset;
|
|
ret = select (max(s, errsock) + 1, &readset, NULL, NULL, NULL);
|
|
if (ret < 0) {
|
|
if (errno == EINTR)
|
|
continue;
|
|
else
|
|
err (1, "select");
|
|
}
|
|
if (FD_ISSET(s, &readset)) {
|
|
ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
|
|
if (ret < 0)
|
|
err (1, "read");
|
|
else if (ret == 0) {
|
|
close (s);
|
|
FD_CLR(s, &real_readset);
|
|
if (--count == 0)
|
|
return 0;
|
|
} else
|
|
net_write (STDOUT_FILENO, buf, ret);
|
|
}
|
|
if (errsock != -1 && FD_ISSET(errsock, &readset)) {
|
|
ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
|
|
if (ret < 0)
|
|
err (1, "read");
|
|
else if (ret == 0) {
|
|
close (errsock);
|
|
FD_CLR(errsock, &real_readset);
|
|
if (--count == 0)
|
|
return 0;
|
|
} else
|
|
net_write (STDERR_FILENO, buf, ret);
|
|
}
|
|
if (FD_ISSET(STDIN_FILENO, &readset)) {
|
|
ret = read (STDIN_FILENO, buf, sizeof(buf));
|
|
if (ret < 0)
|
|
err (1, "read");
|
|
else if (ret == 0) {
|
|
close (STDIN_FILENO);
|
|
FD_CLR(STDIN_FILENO, &real_readset);
|
|
shutdown (s, SHUT_WR);
|
|
} else
|
|
do_write (s, buf, ret, ivec_out[0]);
|
|
}
|
|
}
|
|
}
|
|
|
|
#ifdef KRB4
|
|
static int
|
|
send_krb4_auth(int s,
|
|
struct sockaddr *thisaddr,
|
|
struct sockaddr *thataddr,
|
|
const char *hostname,
|
|
const char *remote_user,
|
|
const char *local_user,
|
|
size_t cmd_len,
|
|
const char *cmd)
|
|
{
|
|
KTEXT_ST text;
|
|
CREDENTIALS cred;
|
|
MSG_DAT msg;
|
|
int status;
|
|
size_t len;
|
|
|
|
status = krb_sendauth (do_encrypt ? KOPT_DO_MUTUAL : 0,
|
|
s, &text, "rcmd",
|
|
(char *)hostname, krb_realmofhost (hostname),
|
|
getpid(), &msg, &cred, schedule,
|
|
(struct sockaddr_in *)thisaddr,
|
|
(struct sockaddr_in *)thataddr,
|
|
KCMD_OLD_VERSION);
|
|
if (status != KSUCCESS) {
|
|
warnx("%s: %s", hostname, krb_get_err_text(status));
|
|
return 1;
|
|
}
|
|
memcpy (iv, cred.session, sizeof(iv));
|
|
|
|
len = strlen(remote_user) + 1;
|
|
if (net_write (s, remote_user, len) != len) {
|
|
warn("write");
|
|
return 1;
|
|
}
|
|
if (net_write (s, cmd, cmd_len) != cmd_len) {
|
|
warn("write");
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
#endif /* KRB4 */
|
|
|
|
#ifdef KRB5
|
|
/*
|
|
* Send forward information on `s' for host `hostname', them being
|
|
* forwardable themselves if `forwardable'
|
|
*/
|
|
|
|
static int
|
|
krb5_forward_cred (krb5_auth_context auth_context,
|
|
int s,
|
|
const char *hostname,
|
|
int forwardable)
|
|
{
|
|
krb5_error_code ret;
|
|
krb5_ccache ccache;
|
|
krb5_creds creds;
|
|
krb5_kdc_flags flags;
|
|
krb5_data out_data;
|
|
krb5_principal principal;
|
|
|
|
memset (&creds, 0, sizeof(creds));
|
|
|
|
ret = krb5_cc_default (context, &ccache);
|
|
if (ret) {
|
|
warnx ("could not forward creds: krb5_cc_default: %s",
|
|
krb5_get_err_text (context, ret));
|
|
return 1;
|
|
}
|
|
|
|
ret = krb5_cc_get_principal (context, ccache, &principal);
|
|
if (ret) {
|
|
warnx ("could not forward creds: krb5_cc_get_principal: %s",
|
|
krb5_get_err_text (context, ret));
|
|
return 1;
|
|
}
|
|
|
|
creds.client = principal;
|
|
|
|
ret = krb5_build_principal (context,
|
|
&creds.server,
|
|
strlen(principal->realm),
|
|
principal->realm,
|
|
"krbtgt",
|
|
principal->realm,
|
|
NULL);
|
|
|
|
if (ret) {
|
|
warnx ("could not forward creds: krb5_build_principal: %s",
|
|
krb5_get_err_text (context, ret));
|
|
return 1;
|
|
}
|
|
|
|
creds.times.endtime = 0;
|
|
|
|
flags.i = 0;
|
|
flags.b.forwarded = 1;
|
|
flags.b.forwardable = forwardable;
|
|
|
|
ret = krb5_get_forwarded_creds (context,
|
|
auth_context,
|
|
ccache,
|
|
flags.i,
|
|
hostname,
|
|
&creds,
|
|
&out_data);
|
|
if (ret) {
|
|
warnx ("could not forward creds: krb5_get_forwarded_creds: %s",
|
|
krb5_get_err_text (context, ret));
|
|
return 1;
|
|
}
|
|
|
|
ret = krb5_write_message (context,
|
|
(void *)&s,
|
|
&out_data);
|
|
krb5_data_free (&out_data);
|
|
|
|
if (ret)
|
|
warnx ("could not forward creds: krb5_write_message: %s",
|
|
krb5_get_err_text (context, ret));
|
|
return 0;
|
|
}
|
|
|
|
static int sendauth_version_error;
|
|
|
|
static int
|
|
send_krb5_auth(int s,
|
|
struct sockaddr *thisaddr,
|
|
struct sockaddr *thataddr,
|
|
const char *hostname,
|
|
const char *remote_user,
|
|
const char *local_user,
|
|
size_t cmd_len,
|
|
const char *cmd)
|
|
{
|
|
krb5_principal server;
|
|
krb5_data cksum_data;
|
|
int status;
|
|
size_t len;
|
|
krb5_auth_context auth_context = NULL;
|
|
const char *protocol_string = NULL;
|
|
krb5_flags ap_opts;
|
|
|
|
status = krb5_sname_to_principal(context,
|
|
hostname,
|
|
"host",
|
|
KRB5_NT_SRV_HST,
|
|
&server);
|
|
if (status) {
|
|
warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
|
|
return 1;
|
|
}
|
|
|
|
cksum_data.length = asprintf ((char **)&cksum_data.data,
|
|
"%u:%s%s%s",
|
|
ntohs(socket_get_port(thataddr)),
|
|
do_encrypt ? "-x " : "",
|
|
cmd,
|
|
remote_user);
|
|
|
|
ap_opts = 0;
|
|
|
|
if(do_encrypt)
|
|
ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
|
|
|
|
switch(protocol_version) {
|
|
case 2:
|
|
ap_opts |= AP_OPTS_USE_SUBKEY;
|
|
protocol_string = KCMD_NEW_VERSION;
|
|
break;
|
|
case 1:
|
|
protocol_string = KCMD_OLD_VERSION;
|
|
key_usage = KRB5_KU_OTHER_ENCRYPTED;
|
|
break;
|
|
default:
|
|
abort();
|
|
}
|
|
|
|
status = krb5_sendauth (context,
|
|
&auth_context,
|
|
&s,
|
|
protocol_string,
|
|
NULL,
|
|
server,
|
|
ap_opts,
|
|
&cksum_data,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
NULL);
|
|
|
|
krb5_free_principal(context, server);
|
|
krb5_data_free(&cksum_data);
|
|
|
|
if (status) {
|
|
if(status == KRB5_SENDAUTH_REJECTED &&
|
|
protocol_version == 2 && protocol_version_str == NULL)
|
|
sendauth_version_error = 1;
|
|
else
|
|
krb5_warn(context, status, "%s", hostname);
|
|
return 1;
|
|
}
|
|
|
|
status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
|
|
if(keyblock == NULL)
|
|
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
|
|
if (status) {
|
|
warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
|
|
return 1;
|
|
}
|
|
|
|
status = krb5_auth_con_setaddrs_from_fd (context,
|
|
auth_context,
|
|
&s);
|
|
if (status) {
|
|
warnx("krb5_auth_con_setaddrs_from_fd: %s",
|
|
krb5_get_err_text(context, status));
|
|
return(1);
|
|
}
|
|
|
|
status = krb5_crypto_init(context, keyblock, 0, &crypto);
|
|
if(status) {
|
|
warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status));
|
|
return 1;
|
|
}
|
|
|
|
len = strlen(remote_user) + 1;
|
|
if (net_write (s, remote_user, len) != len) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
if (do_encrypt && net_write (s, "-x ", 3) != 3) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
if (net_write (s, cmd, cmd_len) != cmd_len) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
|
|
if (do_unique_tkfile) {
|
|
if (net_write (s, tkfile, strlen(tkfile)) != strlen(tkfile)) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
}
|
|
len = strlen(local_user) + 1;
|
|
if (net_write (s, local_user, len) != len) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
|
|
if (!do_forward
|
|
|| krb5_forward_cred (auth_context, s, hostname, do_forwardable)) {
|
|
/* Empty forwarding info */
|
|
|
|
u_char zero[4] = {0, 0, 0, 0};
|
|
write (s, &zero, 4);
|
|
}
|
|
krb5_auth_con_free (context, auth_context);
|
|
return 0;
|
|
}
|
|
|
|
#endif /* KRB5 */
|
|
|
|
static int
|
|
send_broken_auth(int s,
|
|
struct sockaddr *thisaddr,
|
|
struct sockaddr *thataddr,
|
|
const char *hostname,
|
|
const char *remote_user,
|
|
const char *local_user,
|
|
size_t cmd_len,
|
|
const char *cmd)
|
|
{
|
|
size_t len;
|
|
|
|
len = strlen(local_user) + 1;
|
|
if (net_write (s, local_user, len) != len) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
len = strlen(remote_user) + 1;
|
|
if (net_write (s, remote_user, len) != len) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
if (net_write (s, cmd, cmd_len) != cmd_len) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
proto (int s, int errsock,
|
|
const char *hostname, const char *local_user, const char *remote_user,
|
|
const char *cmd, size_t cmd_len,
|
|
int (*auth_func)(int s,
|
|
struct sockaddr *this, struct sockaddr *that,
|
|
const char *hostname, const char *remote_user,
|
|
const char *local_user, size_t cmd_len,
|
|
const char *cmd))
|
|
{
|
|
int errsock2;
|
|
char buf[BUFSIZ];
|
|
char *p;
|
|
size_t len;
|
|
char reply;
|
|
struct sockaddr_storage thisaddr_ss;
|
|
struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
|
|
struct sockaddr_storage thataddr_ss;
|
|
struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
|
|
struct sockaddr_storage erraddr_ss;
|
|
struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
|
|
socklen_t addrlen;
|
|
int ret;
|
|
|
|
addrlen = sizeof(thisaddr_ss);
|
|
if (getsockname (s, thisaddr, &addrlen) < 0) {
|
|
warn ("getsockname(%s)", hostname);
|
|
return 1;
|
|
}
|
|
addrlen = sizeof(thataddr_ss);
|
|
if (getpeername (s, thataddr, &addrlen) < 0) {
|
|
warn ("getpeername(%s)", hostname);
|
|
return 1;
|
|
}
|
|
|
|
if (errsock != -1) {
|
|
|
|
addrlen = sizeof(erraddr_ss);
|
|
if (getsockname (errsock, erraddr, &addrlen) < 0) {
|
|
warn ("getsockname");
|
|
return 1;
|
|
}
|
|
|
|
if (listen (errsock, 1) < 0) {
|
|
warn ("listen");
|
|
return 1;
|
|
}
|
|
|
|
p = buf;
|
|
snprintf (p, sizeof(buf), "%u",
|
|
ntohs(socket_get_port(erraddr)));
|
|
len = strlen(buf) + 1;
|
|
if(net_write (s, buf, len) != len) {
|
|
warn ("write");
|
|
close (errsock);
|
|
return 1;
|
|
}
|
|
|
|
|
|
for (;;) {
|
|
fd_set fdset;
|
|
|
|
if (errsock >= FD_SETSIZE || s >= FD_SETSIZE)
|
|
errx (1, "fd too large");
|
|
|
|
FD_ZERO(&fdset);
|
|
FD_SET(errsock, &fdset);
|
|
FD_SET(s, &fdset);
|
|
|
|
ret = select (max(errsock, s) + 1, &fdset, NULL, NULL, NULL);
|
|
if (ret < 0) {
|
|
if (errno == EINTR)
|
|
continue;
|
|
warn ("select");
|
|
close (errsock);
|
|
return 1;
|
|
}
|
|
if (FD_ISSET(errsock, &fdset)) {
|
|
errsock2 = accept (errsock, NULL, NULL);
|
|
close (errsock);
|
|
if (errsock2 < 0) {
|
|
warn ("accept");
|
|
return 1;
|
|
}
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* there should not arrive any data on this fd so if it's
|
|
* readable it probably indicates that the other side when
|
|
* away.
|
|
*/
|
|
|
|
if (FD_ISSET(s, &fdset)) {
|
|
warnx ("socket closed");
|
|
close (errsock);
|
|
errsock2 = -1;
|
|
break;
|
|
}
|
|
}
|
|
} else {
|
|
if (net_write (s, "0", 2) != 2) {
|
|
warn ("write");
|
|
return 1;
|
|
}
|
|
errsock2 = -1;
|
|
}
|
|
|
|
if ((*auth_func)(s, thisaddr, thataddr, hostname,
|
|
remote_user, local_user,
|
|
cmd_len, cmd)) {
|
|
close (errsock2);
|
|
return 1;
|
|
}
|
|
|
|
ret = net_read (s, &reply, 1);
|
|
if (ret < 0) {
|
|
warn ("read");
|
|
close (errsock2);
|
|
return 1;
|
|
} else if (ret == 0) {
|
|
warnx ("unexpected EOF from %s", hostname);
|
|
close (errsock2);
|
|
return 1;
|
|
}
|
|
if (reply != 0) {
|
|
|
|
warnx ("Error from rshd at %s:", hostname);
|
|
|
|
while ((ret = read (s, buf, sizeof(buf))) > 0)
|
|
write (STDOUT_FILENO, buf, ret);
|
|
write (STDOUT_FILENO,"\n",1);
|
|
close (errsock2);
|
|
return 1;
|
|
}
|
|
|
|
if (sock_debug) {
|
|
int one = 1;
|
|
if (setsockopt(s, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0)
|
|
warn("setsockopt remote");
|
|
if (errsock2 != -1 &&
|
|
setsockopt(errsock2, SOL_SOCKET, SO_DEBUG,
|
|
(void *)&one, sizeof(one)) < 0)
|
|
warn("setsockopt stderr");
|
|
}
|
|
|
|
return loop (s, errsock2);
|
|
}
|
|
|
|
/*
|
|
* Return in `res' a copy of the concatenation of `argc, argv' into
|
|
* malloced space. */
|
|
|
|
static size_t
|
|
construct_command (char **res, int argc, char **argv)
|
|
{
|
|
int i;
|
|
size_t len = 0;
|
|
char *tmp;
|
|
|
|
for (i = 0; i < argc; ++i)
|
|
len += strlen(argv[i]) + 1;
|
|
len = max (1, len);
|
|
tmp = malloc (len);
|
|
if (tmp == NULL)
|
|
errx (1, "malloc %u failed", len);
|
|
|
|
*tmp = '\0';
|
|
for (i = 0; i < argc - 1; ++i) {
|
|
strcat (tmp, argv[i]);
|
|
strcat (tmp, " ");
|
|
}
|
|
if (argc > 0)
|
|
strcat (tmp, argv[argc-1]);
|
|
*res = tmp;
|
|
return len;
|
|
}
|
|
|
|
static char *
|
|
print_addr (const struct sockaddr_in *sin)
|
|
{
|
|
char addr_str[256];
|
|
char *res;
|
|
|
|
inet_ntop (AF_INET, &sin->sin_addr, addr_str, sizeof(addr_str));
|
|
res = strdup(addr_str);
|
|
if (res == NULL)
|
|
errx (1, "malloc: out of memory");
|
|
return res;
|
|
}
|
|
|
|
static int
|
|
doit_broken (int argc,
|
|
char **argv,
|
|
int optind,
|
|
struct addrinfo *ai,
|
|
const char *remote_user,
|
|
const char *local_user,
|
|
int priv_socket1,
|
|
int priv_socket2,
|
|
const char *cmd,
|
|
size_t cmd_len)
|
|
{
|
|
struct addrinfo *a;
|
|
|
|
if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) {
|
|
if (ai->ai_next == NULL)
|
|
return 1;
|
|
|
|
close(priv_socket1);
|
|
close(priv_socket2);
|
|
|
|
for (a = ai->ai_next; a != NULL; a = a->ai_next) {
|
|
pid_t pid;
|
|
|
|
pid = fork();
|
|
if (pid < 0)
|
|
err (1, "fork");
|
|
else if(pid == 0) {
|
|
char **new_argv;
|
|
int i = 0;
|
|
struct sockaddr_in *sin = (struct sockaddr_in *)a->ai_addr;
|
|
|
|
new_argv = malloc((argc + 2) * sizeof(*new_argv));
|
|
if (new_argv == NULL)
|
|
errx (1, "malloc: out of memory");
|
|
new_argv[i] = argv[i];
|
|
++i;
|
|
if (optind == i)
|
|
new_argv[i++] = print_addr (sin);
|
|
new_argv[i++] = "-K";
|
|
for(; i <= argc; ++i)
|
|
new_argv[i] = argv[i - 1];
|
|
if (optind > 1)
|
|
new_argv[optind + 1] = print_addr(sin);
|
|
new_argv[argc + 1] = NULL;
|
|
execv(PATH_RSH, new_argv);
|
|
err(1, "execv(%s)", PATH_RSH);
|
|
} else {
|
|
int status;
|
|
|
|
while(waitpid(pid, &status, 0) < 0)
|
|
;
|
|
if(WIFEXITED(status) && WEXITSTATUS(status) == 0)
|
|
return 0;
|
|
}
|
|
}
|
|
return 1;
|
|
} else {
|
|
int ret;
|
|
|
|
ret = proto (priv_socket1, priv_socket2,
|
|
argv[optind],
|
|
local_user, remote_user,
|
|
cmd, cmd_len,
|
|
send_broken_auth);
|
|
return ret;
|
|
}
|
|
}
|
|
|
|
#if defined(KRB4) || defined(KRB5)
|
|
static int
|
|
doit (const char *hostname,
|
|
struct addrinfo *ai,
|
|
const char *remote_user,
|
|
const char *local_user,
|
|
const char *cmd,
|
|
size_t cmd_len,
|
|
int do_errsock,
|
|
int (*auth_func)(int s,
|
|
struct sockaddr *this, struct sockaddr *that,
|
|
const char *hostname, const char *remote_user,
|
|
const char *local_user, size_t cmd_len,
|
|
const char *cmd))
|
|
{
|
|
int error;
|
|
struct addrinfo *a;
|
|
int socketfailed = 1;
|
|
int ret;
|
|
|
|
for (a = ai; a != NULL; a = a->ai_next) {
|
|
int s;
|
|
int errsock;
|
|
|
|
s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
|
|
if (s < 0)
|
|
continue;
|
|
socketfailed = 0;
|
|
if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
|
|
char addr[128];
|
|
if(getnameinfo(a->ai_addr, a->ai_addrlen,
|
|
addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0)
|
|
warn ("connect(%s [%s])", hostname, addr);
|
|
else
|
|
warn ("connect(%s)", hostname);
|
|
close (s);
|
|
continue;
|
|
}
|
|
if (do_errsock) {
|
|
struct addrinfo *ea, *eai;
|
|
struct addrinfo hints;
|
|
|
|
memset (&hints, 0, sizeof(hints));
|
|
hints.ai_socktype = a->ai_socktype;
|
|
hints.ai_protocol = a->ai_protocol;
|
|
hints.ai_family = a->ai_family;
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
errsock = -1;
|
|
|
|
error = getaddrinfo (NULL, "0", &hints, &eai);
|
|
if (error)
|
|
errx (1, "getaddrinfo: %s", gai_strerror(error));
|
|
for (ea = eai; ea != NULL; ea = ea->ai_next) {
|
|
errsock = socket (ea->ai_family, ea->ai_socktype,
|
|
ea->ai_protocol);
|
|
if (errsock < 0)
|
|
continue;
|
|
if (bind (errsock, ea->ai_addr, ea->ai_addrlen) < 0)
|
|
err (1, "bind");
|
|
break;
|
|
}
|
|
if (errsock < 0)
|
|
err (1, "socket");
|
|
freeaddrinfo (eai);
|
|
} else
|
|
errsock = -1;
|
|
|
|
ret = proto (s, errsock,
|
|
hostname,
|
|
local_user, remote_user,
|
|
cmd, cmd_len, auth_func);
|
|
close (s);
|
|
return ret;
|
|
}
|
|
if(socketfailed)
|
|
warnx ("failed to contact %s", hostname);
|
|
return -1;
|
|
}
|
|
#endif /* KRB4 || KRB5 */
|
|
|
|
struct getargs args[] = {
|
|
#ifdef KRB4
|
|
{ "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" },
|
|
#endif
|
|
#ifdef KRB5
|
|
{ "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" },
|
|
{ "forward", 'f', arg_flag, &do_forward, "Forward credentials (krb5)"},
|
|
{ NULL, 'G', arg_negative_flag,&do_forward, "Don't forward credentials" },
|
|
{ "forwardable", 'F', arg_flag, &do_forwardable,
|
|
"Forward forwardable credentials" },
|
|
#endif
|
|
#if defined(KRB4) || defined(KRB5)
|
|
{ "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
|
|
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
|
|
{ NULL, 'z', arg_negative_flag, &do_encrypt,
|
|
"Don't encrypt connection", NULL },
|
|
#endif
|
|
#ifdef KRB5
|
|
{ "unique", 'u', arg_flag, &do_unique_tkfile,
|
|
"Use unique remote tkfile (krb5)" },
|
|
{ "tkfile", 'U', arg_string, &unique_tkfile,
|
|
"Use that remote tkfile (krb5)" },
|
|
#endif
|
|
{ NULL, 'd', arg_flag, &sock_debug, "Enable socket debugging" },
|
|
{ "input", 'n', arg_negative_flag, &input, "Close stdin" },
|
|
{ "port", 'p', arg_string, &port_str, "Use this port",
|
|
"port" },
|
|
{ "user", 'l', arg_string, &user, "Run as this user", "login" },
|
|
{ "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"},
|
|
{ "protocol", 'P', arg_string, &protocol_version_str,
|
|
"Protocol version", "protocol" },
|
|
{ "version", 0, arg_flag, &do_version, NULL },
|
|
{ "help", 0, arg_flag, &do_help, NULL }
|
|
};
|
|
|
|
static void
|
|
usage (int ret)
|
|
{
|
|
arg_printusage (args,
|
|
sizeof(args) / sizeof(args[0]),
|
|
NULL,
|
|
"[login@]host [command]");
|
|
exit (ret);
|
|
}
|
|
|
|
/*
|
|
*
|
|
*/
|
|
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
int priv_port1, priv_port2;
|
|
int priv_socket1, priv_socket2;
|
|
int optind = 0;
|
|
int error;
|
|
struct addrinfo hints, *ai;
|
|
int ret = 1;
|
|
char *cmd;
|
|
char *tmp;
|
|
size_t cmd_len;
|
|
const char *local_user;
|
|
char *host = NULL;
|
|
int host_index = -1;
|
|
#ifdef KRB5
|
|
int status;
|
|
#endif
|
|
uid_t uid;
|
|
|
|
priv_port1 = priv_port2 = IPPORT_RESERVED-1;
|
|
priv_socket1 = rresvport(&priv_port1);
|
|
priv_socket2 = rresvport(&priv_port2);
|
|
uid = getuid ();
|
|
if (setuid (uid) || (uid != 0 && setuid(0) == 0))
|
|
err (1, "setuid");
|
|
|
|
setprogname (argv[0]);
|
|
|
|
if (argc >= 2 && argv[1][0] != '-') {
|
|
host = argv[host_index = 1];
|
|
optind = 1;
|
|
}
|
|
|
|
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
|
|
&optind))
|
|
usage (1);
|
|
|
|
if (do_help)
|
|
usage (0);
|
|
|
|
if (do_version) {
|
|
print_version (NULL);
|
|
return 0;
|
|
}
|
|
|
|
if(protocol_version_str != NULL) {
|
|
if(strcasecmp(protocol_version_str, "N") == 0)
|
|
protocol_version = 2;
|
|
else if(strcasecmp(protocol_version_str, "O") == 0)
|
|
protocol_version = 1;
|
|
else {
|
|
char *end;
|
|
int v;
|
|
v = strtol(protocol_version_str, &end, 0);
|
|
if(*end != '\0' || (v != 1 && v != 2)) {
|
|
errx(1, "unknown protocol version \"%s\"",
|
|
protocol_version_str);
|
|
}
|
|
protocol_version = v;
|
|
}
|
|
}
|
|
|
|
#ifdef KRB5
|
|
status = krb5_init_context (&context);
|
|
if (status) {
|
|
if(use_v5 == 1)
|
|
errx(1, "krb5_init_context failed: %d", status);
|
|
else
|
|
use_v5 = 0;
|
|
}
|
|
|
|
if (do_forwardable == -1)
|
|
do_forwardable = krb5_config_get_bool (context, NULL,
|
|
"libdefaults",
|
|
"forwardable",
|
|
NULL);
|
|
|
|
if (do_forward == -1)
|
|
do_forward = krb5_config_get_bool (context, NULL,
|
|
"libdefaults",
|
|
"forward",
|
|
NULL);
|
|
else if (do_forward == 0)
|
|
do_forwardable = 0;
|
|
|
|
if (do_forwardable)
|
|
do_forward = 1;
|
|
#endif
|
|
#if defined(KRB4) || defined(KRB5)
|
|
if (do_encrypt == -1) {
|
|
/* we want to tell the -x flag from the default encryption
|
|
option */
|
|
#ifdef KRB5
|
|
/* the normal default for krb4 should be to disable encryption */
|
|
if(!krb5_config_get_bool (context, NULL,
|
|
"libdefaults",
|
|
"encrypt",
|
|
NULL))
|
|
#endif
|
|
do_encrypt = 0;
|
|
}
|
|
#endif
|
|
|
|
#if defined(KRB4) && defined(KRB5)
|
|
if(use_v4 == -1 && use_v5 == 1)
|
|
use_v4 = 0;
|
|
if(use_v5 == -1 && use_v4 == 1)
|
|
use_v5 = 0;
|
|
#endif
|
|
|
|
if (use_only_broken) {
|
|
#ifdef KRB4
|
|
use_v4 = 0;
|
|
#endif
|
|
#ifdef KRB5
|
|
use_v5 = 0;
|
|
#endif
|
|
}
|
|
|
|
if(priv_socket1 < 0) {
|
|
if (use_only_broken)
|
|
errx (1, "unable to bind reserved port: is rsh setuid root?");
|
|
use_broken = 0;
|
|
}
|
|
|
|
#if defined(KRB4) || defined(KRB5)
|
|
if (do_encrypt == 1 && use_only_broken)
|
|
errx (1, "encryption not supported with old style authentication");
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef KRB5
|
|
if (do_unique_tkfile && unique_tkfile != NULL)
|
|
errx (1, "Only one of -u and -U allowed.");
|
|
|
|
if (do_unique_tkfile)
|
|
strcpy(tkfile,"-u ");
|
|
else if (unique_tkfile != NULL) {
|
|
if (strchr(unique_tkfile,' ') != NULL) {
|
|
warnx("Space is not allowed in tkfilename");
|
|
usage(1);
|
|
}
|
|
do_unique_tkfile = 1;
|
|
snprintf (tkfile, sizeof(tkfile), "-U %s ", unique_tkfile);
|
|
}
|
|
#endif
|
|
|
|
if (host == NULL) {
|
|
if (argc - optind < 1)
|
|
usage (1);
|
|
else
|
|
host = argv[host_index = optind++];
|
|
}
|
|
|
|
if((tmp = strchr(host, '@')) != NULL) {
|
|
*tmp++ = '\0';
|
|
user = host;
|
|
host = tmp;
|
|
}
|
|
|
|
if (optind == argc) {
|
|
close (priv_socket1);
|
|
close (priv_socket2);
|
|
argv[0] = "rlogin";
|
|
execvp ("rlogin", argv);
|
|
err (1, "execvp rlogin");
|
|
}
|
|
|
|
local_user = get_default_username ();
|
|
if (local_user == NULL)
|
|
errx (1, "who are you?");
|
|
|
|
if (user == NULL)
|
|
user = local_user;
|
|
|
|
cmd_len = construct_command(&cmd, argc - optind, argv + optind);
|
|
|
|
/*
|
|
* Try all different authentication methods
|
|
*/
|
|
|
|
#ifdef KRB5
|
|
if (ret && use_v5) {
|
|
memset (&hints, 0, sizeof(hints));
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
if(port_str == NULL) {
|
|
error = getaddrinfo(host, "kshell", &hints, &ai);
|
|
if(error == EAI_NONAME)
|
|
error = getaddrinfo(host, "544", &hints, &ai);
|
|
} else
|
|
error = getaddrinfo(host, port_str, &hints, &ai);
|
|
|
|
if(error)
|
|
errx (1, "getaddrinfo: %s", gai_strerror(error));
|
|
|
|
auth_method = AUTH_KRB5;
|
|
again:
|
|
ret = doit (host, ai, user, local_user, cmd, cmd_len,
|
|
do_errsock,
|
|
send_krb5_auth);
|
|
if(ret != 0 && sendauth_version_error &&
|
|
protocol_version == 2) {
|
|
protocol_version = 1;
|
|
goto again;
|
|
}
|
|
freeaddrinfo(ai);
|
|
}
|
|
#endif
|
|
#ifdef KRB4
|
|
if (ret && use_v4) {
|
|
memset (&hints, 0, sizeof(hints));
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
if(port_str == NULL) {
|
|
if(do_encrypt) {
|
|
error = getaddrinfo(host, "ekshell", &hints, &ai);
|
|
if(error == EAI_NONAME)
|
|
error = getaddrinfo(host, "545", &hints, &ai);
|
|
} else {
|
|
error = getaddrinfo(host, "kshell", &hints, &ai);
|
|
if(error == EAI_NONAME)
|
|
error = getaddrinfo(host, "544", &hints, &ai);
|
|
}
|
|
} else
|
|
error = getaddrinfo(host, port_str, &hints, &ai);
|
|
|
|
if(error)
|
|
errx (1, "getaddrinfo: %s", gai_strerror(error));
|
|
auth_method = AUTH_KRB4;
|
|
ret = doit (host, ai, user, local_user, cmd, cmd_len,
|
|
do_errsock,
|
|
send_krb4_auth);
|
|
freeaddrinfo(ai);
|
|
}
|
|
#endif
|
|
if (ret && use_broken) {
|
|
memset (&hints, 0, sizeof(hints));
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
if(port_str == NULL) {
|
|
error = getaddrinfo(host, "shell", &hints, &ai);
|
|
if(error == EAI_NONAME)
|
|
error = getaddrinfo(host, "514", &hints, &ai);
|
|
} else
|
|
error = getaddrinfo(host, port_str, &hints, &ai);
|
|
|
|
if(error)
|
|
errx (1, "getaddrinfo: %s", gai_strerror(error));
|
|
|
|
auth_method = AUTH_BROKEN;
|
|
ret = doit_broken (argc, argv, host_index, ai,
|
|
user, local_user,
|
|
priv_socket1,
|
|
do_errsock ? priv_socket2 : -1,
|
|
cmd, cmd_len);
|
|
freeaddrinfo(ai);
|
|
}
|
|
free(cmd);
|
|
return ret;
|
|
}
|