freebsd-nq/crypto/kerberosIV/appl/bsd/rsh.c
2000-12-29 21:00:22 +00:00

385 lines
9.0 KiB
C

/*-
* Copyright (c) 1983, 1990 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
int use_kerberos = 1, doencrypt;
char dst_realm_buf[REALM_SZ], *dest_realm;
/*
* rsh - remote shell
*/
int rfd2;
static void
usage(void)
{
fprintf(stderr,
"usage: rsh [-ndKx] [-k realm] [-p port] [-l login] host [command]\n");
exit(1);
}
static char *
copyargs(char **argv)
{
int cc;
char **ap, *p;
char *args;
cc = 0;
for (ap = argv; *ap; ++ap)
cc += strlen(*ap) + 1;
args = malloc(cc);
if (args == NULL)
errx(1, "Out of memory.");
for (p = args, ap = argv; *ap; ++ap) {
strcpy(p, *ap);
while(*p)
++p;
if (ap[1])
*p++ = ' ';
}
return(args);
}
static RETSIGTYPE
sendsig(int signo_)
{
char signo = signo_;
#ifndef NOENCRYPTION
if (doencrypt)
des_enc_write(rfd2, &signo, 1, schedule, &cred.session);
else
#endif
write(rfd2, &signo, 1);
}
static void
talk(int nflag, sigset_t omask, int pid, int rem)
{
int cc, wc;
char *bp;
fd_set readfrom, ready, rembits;
char buf[DES_RW_MAXWRITE];
if (pid == 0) {
if (nflag)
goto done;
close(rfd2);
reread: errno = 0;
if ((cc = read(0, buf, sizeof buf)) <= 0)
goto done;
bp = buf;
rewrite:
FD_ZERO(&rembits);
if (rem >= FD_SETSIZE)
errx(1, "fd too large");
FD_SET(rem, &rembits);
if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
if (errno != EINTR)
err(1, "select");
goto rewrite;
}
if (!FD_ISSET(rem, &rembits))
goto rewrite;
#ifndef NOENCRYPTION
if (doencrypt)
wc = des_enc_write(rem, bp, cc, schedule, &cred.session);
else
#endif
wc = write(rem, bp, cc);
if (wc < 0) {
if (errno == EWOULDBLOCK)
goto rewrite;
goto done;
}
bp += wc;
cc -= wc;
if (cc == 0)
goto reread;
goto rewrite;
done:
shutdown(rem, 1);
exit(0);
}
if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
warn("sigprocmask");
FD_ZERO(&readfrom);
if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE)
errx(1, "fd too large");
FD_SET(rem, &readfrom);
FD_SET(rfd2, &readfrom);
do {
ready = readfrom;
if (select(max(rem,rfd2)+1, &ready, 0, 0, 0) < 0) {
if (errno != EINTR)
err(1, "select");
continue;
}
if (FD_ISSET(rfd2, &ready)) {
errno = 0;
#ifndef NOENCRYPTION
if (doencrypt)
cc = des_enc_read(rfd2, buf, sizeof buf,
schedule, &cred.session);
else
#endif
cc = read(rfd2, buf, sizeof buf);
if (cc <= 0) {
if (errno != EWOULDBLOCK)
FD_CLR(rfd2, &readfrom);
} else
write(2, buf, cc);
}
if (FD_ISSET(rem, &ready)) {
errno = 0;
#ifndef NOENCRYPTION
if (doencrypt)
cc = des_enc_read(rem, buf, sizeof buf,
schedule, &cred.session);
else
#endif
cc = read(rem, buf, sizeof buf);
if (cc <= 0) {
if (errno != EWOULDBLOCK)
FD_CLR(rem, &readfrom);
} else
write(1, buf, cc);
}
} while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom));
}
int
main(int argc, char **argv)
{
struct passwd *pw;
int sv_port, user_port = 0;
sigset_t omask;
int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid;
char *args, *host, *user, *local_user;
argoff = dflag = nflag = nfork = 0;
one = 1;
host = user = NULL;
pid = 1;
set_progname(argv[0]);
/* handle "rsh host flags" */
if (argc > 2 && argv[1][0] != '-') {
host = argv[1];
argoff = 1;
}
#define OPTIONS "+8KLde:k:l:np:wx"
while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
switch(ch) {
case 'K':
use_kerberos = 0;
break;
case 'L': /* -8Lew are ignored to allow rlogin aliases */
case 'e':
case 'w':
case '8':
break;
case 'd':
dflag = 1;
break;
case 'l':
user = optarg;
break;
case 'k':
dest_realm = dst_realm_buf;
strlcpy(dest_realm, optarg, REALM_SZ);
break;
case 'n':
nflag = nfork = 1;
break;
case 'x':
doencrypt = 1;
break;
case 'p': {
char *endptr;
user_port = strtol (optarg, &endptr, 0);
if (user_port == 0 && optarg == endptr)
errx (1, "Bad port `%s'", optarg);
user_port = htons(user_port);
break;
}
case '?':
default:
usage();
}
optind += argoff;
/* if haven't gotten a host yet, do so */
if (!host && !(host = argv[optind++]))
usage();
/* if no further arguments, must have been called as rlogin. */
if (!argv[optind]) {
*argv = "rlogin";
paranoid_setuid (getuid ());
execv(_PATH_RLOGIN, argv);
err(1, "can't exec %s", _PATH_RLOGIN);
}
#ifndef __CYGWIN32__
if (!(pw = k_getpwuid(uid = getuid())))
errx(1, "unknown user id.");
local_user = pw->pw_name;
if (!user)
user = local_user;
#else
if (!user)
errx(1, "Sorry, you need to specify the username (with -l)");
local_user = user;
#endif
/* -n must still fork but does not turn of the -n functionality */
if (doencrypt)
nfork = 0;
args = copyargs(argv+optind);
if (user_port)
sv_port = user_port;
else
sv_port = get_shell_port(use_kerberos, doencrypt);
if (use_kerberos) {
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
dest_realm = krb_realmofhost(host);
if (doencrypt)
rem = krcmd_mutual(&host, sv_port, user, args,
&rfd2, dest_realm, &cred, schedule);
else
rem = krcmd(&host, sv_port, user, args, &rfd2,
dest_realm);
if (rem < 0) {
int i = 0;
char **newargv;
if (errno == ECONNREFUSED)
warning("remote host doesn't support Kerberos");
if (errno == ENOENT)
warning("can't provide Kerberos auth data");
newargv = malloc((argc + 2) * sizeof(*newargv));
if (newargv == NULL)
err(1, "malloc");
newargv[i] = argv[i];
++i;
if (argv[i][0] != '-') {
newargv[i] = argv[i];
++i;
}
newargv[i++] = "-K";
for(; i <= argc; ++i)
newargv[i] = argv[i - 1];
newargv[argc + 1] = NULL;
execv(_PATH_RSH, newargv);
}
} else {
if (doencrypt)
errx(1, "the -x flag requires Kerberos authentication.");
if (geteuid() != 0)
errx(1, "not installed setuid root, "
"only root may use non kerberized rsh");
rem = rcmd(&host, sv_port, local_user, user, args, &rfd2);
}
if (rem < 0)
exit(1);
if (rfd2 < 0)
errx(1, "can't establish stderr.");
#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
if (dflag) {
if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
sizeof(one)) < 0)
warn("setsockopt");
if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one,
sizeof(one)) < 0)
warn("setsockopt");
}
#endif
paranoid_setuid(uid);
{
sigset_t sigmsk;
sigemptyset(&sigmsk);
sigaddset(&sigmsk, SIGINT);
sigaddset(&sigmsk, SIGQUIT);
sigaddset(&sigmsk, SIGTERM);
if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0)
warn("sigprocmask");
}
if (signal(SIGINT, SIG_IGN) != SIG_IGN)
signal(SIGINT, sendsig);
if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
signal(SIGQUIT, sendsig);
if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
signal(SIGTERM, sendsig);
signal(SIGPIPE, SIG_IGN);
if (!nfork) {
pid = fork();
if (pid < 0)
err(1, "fork");
}
if (!doencrypt) {
ioctl(rfd2, FIONBIO, &one);
ioctl(rem, FIONBIO, &one);
}
talk(nflag, omask, pid, rem);
if (!nflag)
kill(pid, SIGKILL);
exit(0);
}