int rlogind_auth (int fd, struct auth_data *ap) { struct hostent *hp; char *hostname; int authenticated = 0; #ifdef SHISHI int len, c; #endif confirmed = 0; /* Check the remote host name */ hp = gethostbyaddr ((char *) &ap->from.sin_addr, sizeof (struct in_addr), ap->from.sin_family); if (hp) hostname = hp->h_name; else if (reverse_required) { syslog (LOG_CRIT, "can't resolve remote IP address"); exit (1); } else hostname = inet_ntoa (ap->from.sin_addr); ap->hostname = strdup (hostname); if (verify_hostname || in_local_domain (ap->hostname)) { int match = 0; for (hp = gethostbyname (ap->hostname); hp && !match; hp->h_addr_list++) { if (hp->h_addr_list[0] == NULL) break; match = memcmp (hp->h_addr_list[0], &ap->from.sin_addr, sizeof (ap->from.sin_addr)) == 0; } if (!match) { syslog (LOG_ERR | LOG_AUTH, "cannot find matching IP for %s (%s)", ap->hostname, inet_ntoa (ap->from.sin_addr)); fatal (fd, "Permission denied", 0); } } #if defined(KERBEROS) || defined(SHISHI) if (kerberos) { const char *err_msg; int c = 0; if (do_krb_login (fd, ap, &err_msg) == 0) authenticated++; else fatal (fd, err_msg, 0); write (fd, &c, 1); confirmed = 1; /* we sent the null! */ } else #endif { int port = ntohs (ap->from.sin_port); if (ap->from.sin_family != AF_INET || port >= IPPORT_RESERVED || port < IPPORT_RESERVED / 2) { syslog (LOG_NOTICE, "Connection from %s on illegal port %d", inet_ntoa (ap->from.sin_addr), port); fatal (fd, "Permission denied", 0); } #ifdef IP_OPTIONS { u_char optbuf[BUFSIZ / 3], *cp; char lbuf[BUFSIZ], *lp; socklen_t optsize = sizeof (optbuf); int ipproto; struct protoent *ip; if ((ip = getprotobyname ("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (getsockopt (0, ipproto, IP_OPTIONS, (char *) optbuf, &optsize) == 0 && optsize != 0) { lp = lbuf; for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) sprintf (lp, " %2.2x", *cp); syslog (LOG_NOTICE, "Ignoring IP options: %s", lbuf); if (setsockopt (0, ipproto, IP_OPTIONS, (char *) NULL, optsize)) { syslog (LOG_ERR, "setsockopt IP_OPTIONS NULL: %m"); exit (1); } } } #endif /* IP_OPTIONS */ if (do_rlogin (fd, ap) == 0) authenticated++; } if (confirmed == 0) { write (fd, "", 1); confirmed = 1; /* we sent the null! */ } #ifdef SHISHI len = sizeof (SECURE_MESSAGE) - 1; IF_ENCRYPT (writeenc (ap->h, fd, SECURE_MESSAGE, len, &c, &ap->iv2, ap->enckey, ap->protocol)); #else IF_ENCRYPT (des_write (fd, SECURE_MESSAGE, sizeof (SECURE_MESSAGE) - 1)); #endif return authenticated; }
void doit(struct sockaddr *fromp) { extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ struct passwd *pwd; u_short port; fd_set ready, readfrom; int cc, fd, nfd, pv[2], pid, s; int one = 1; const char *cp, *errorstr; char sig, buf[BUFSIZ]; char *cmdbuf, luser[16], ruser[16]; char rhost[2 * MAXHOSTNAMELEN + 1]; char numericname[INET6_ADDRSTRLEN]; int af, srcport; int maxcmdlen; #ifndef __APPLE__ login_cap_t *lc; #else struct hostent *hp; char *hostname, *errorhost = NULL; #endif maxcmdlen = (int)sysconf(_SC_ARG_MAX); if (maxcmdlen <= 0 || (cmdbuf = malloc(maxcmdlen)) == NULL) exit(1); #if defined(KERBEROS) AUTH_DAT *kdata = (AUTH_DAT *) NULL; KTEXT ticket = (KTEXT) NULL; char instance[INST_SZ], version[VERSION_SIZE]; struct sockaddr_in fromaddr; int rc; long authopts; int pv1[2], pv2[2]; fd_set wready, writeto; fromaddr = *fromp; #endif /* KERBEROS */ (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); (void) signal(SIGTERM, SIG_DFL); af = fromp->sa_family; srcport = ntohs(*((in_port_t *)&fromp->sa_data)); if (af == AF_INET) { inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr, numericname, sizeof numericname); } else if (af == AF_INET6) { inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr, numericname, sizeof numericname); } else { syslog(LOG_ERR, "malformed \"from\" address (af %d)", af); exit(1); } #ifdef IP_OPTIONS if (af == AF_INET) { u_char optbuf[BUFSIZ/3]; socklen_t optsize = sizeof(optbuf), ipproto, i; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (!getsockopt(0, ipproto, IP_OPTIONS, optbuf, &optsize) && optsize != 0) { for (i = 0; i < optsize; ) { u_char c = optbuf[i]; if (c == IPOPT_LSRR || c == IPOPT_SSRR) { syslog(LOG_NOTICE, "connection refused from %s with IP option %s", numericname, c == IPOPT_LSRR ? "LSRR" : "SSRR"); exit(1); } if (c == IPOPT_EOL) break; i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; } } } #endif #if defined(KERBEROS) if (!use_kerberos) #endif if (srcport >= IPPORT_RESERVED || srcport < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "connection from %s on illegal port %u", numericname, srcport); exit(1); } (void) alarm(60); port = 0; s = 0; /* not set or used if port == 0 */ for (;;) { char c; if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(0, SHUT_RDWR); exit(1); } if (c == 0) break; port = port * 10 + c - '0'; } (void) alarm(0); if (port != 0) { int lport = IPPORT_RESERVED - 1; s = rresvport_af(&lport, af); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } #if defined(KERBEROS) if (!use_kerberos) #endif if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "2nd socket from %s on unreserved port %u", numericname, port); exit(1); } *((in_port_t *)&fromp->sa_data) = htons(port); if (connect(s, fromp, fromp->sa_len) < 0) { syslog(LOG_INFO, "connect second port %d: %m", port); exit(1); } } #if defined(KERBEROS) if (vacuous) { error("rshd: remote host requires Kerberos authentication\n"); exit(1); } #endif errorstr = NULL; #ifndef __APPLE__ realhostname_sa(rhost, sizeof(rhost) - 1, fromp, fromp->sa_len); rhost[sizeof(rhost) - 1] = '\0'; /* XXX truncation! */ #else errorstr = NULL; hp = gethostbyaddr((char *)&((struct sockaddr_in *)fromp)->sin_addr, sizeof (struct in_addr), ((struct sockaddr_in *)fromp)->sin_family); if (hp) { /* * If name returned by gethostbyaddr is in our domain, * attempt to verify that we haven't been fooled by someone * in a remote net; look up the name and check that this * address corresponds to the name. */ hostname = hp->h_name; #if defined(KERBEROS) if (!use_kerberos) #endif if (check_all || local_domain(hp->h_name)) { strncpy(rhost, hp->h_name, sizeof(rhost) - 1); rhost[sizeof(rhost) - 1] = 0; errorhost = rhost; hp = gethostbyname(rhost); if (hp == NULL) { syslog(LOG_INFO, "Couldn't look up address for %s", rhost); errorstr = "Couldn't look up address for your host (%s)\n"; hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr); } else for (; ; hp->h_addr_list++) { if (hp->h_addr_list[0] == NULL) { syslog(LOG_NOTICE, "Host addr %s not listed for host %s", inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr), hp->h_name); errorstr = "Host address mismatch for %s\n"; hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr); break; } if (!bcmp(hp->h_addr_list[0], (caddr_t)&((struct sockaddr_in *)fromp)->sin_addr, sizeof(((struct sockaddr_in *)fromp)->sin_addr))) { hostname = hp->h_name; break; } } } } else errorhost = hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr); #if defined(KERBEROS) if (use_kerberos) { kdata = (AUTH_DAT *) authbuf; ticket = (KTEXT) tickbuf; authopts = 0L; strcpy(instance, "*"); version[VERSION_SIZE - 1] = '\0'; #if defined(CRYPT) if (doencrypt) { struct sockaddr_in local_addr; rc = sizeof(local_addr); if (getsockname(0, (struct sockaddr *)&local_addr, &rc) < 0) { syslog(LOG_ERR, "getsockname: %m"); error("rshd: getsockname: %m"); exit(1); } authopts = KOPT_DO_MUTUAL; rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, &fromaddr, &local_addr, kdata, "", schedule, version); des_set_key(kdata->session, schedule); } else #endif /* CRYPT */ rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, &fromaddr, (struct sockaddr_in *) 0, kdata, "", (bit_64 *) 0, version); if (rc != KSUCCESS) { error("Kerberos authentication failure: %s\n", krb_err_txt[rc]); exit(1); } } else #endif /* KERBEROS */ #endif (void) alarm(60); getstr(ruser, sizeof(ruser), "ruser"); getstr(luser, sizeof(luser), "luser"); getstr(cmdbuf, maxcmdlen, "command"); (void) alarm(0); #if !TARGET_OS_EMBEDDED pam_err = pam_start("rshd", luser, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } if ((pam_err = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS || (pam_err = pam_set_item(pamh, PAM_RHOST, rhost) != PAM_SUCCESS)) { syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } pam_err = pam_authenticate(pamh, 0); if (pam_err == PAM_SUCCESS) { if ((pam_err = pam_get_user(pamh, &cp, NULL)) == PAM_SUCCESS) { strncpy(luser, cp, sizeof(luser)); luser[sizeof(luser) - 1] = '\0'; /* XXX truncation! */ } pam_err = pam_acct_mgmt(pamh, 0); } if (pam_err != PAM_SUCCESS) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf); rshd_errx(1, "Login incorrect."); } #endif setpwent(); pwd = getpwnam(luser); if (pwd == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown login. cmd='%.80s'", ruser, rhost, luser, cmdbuf); if (errorstr == NULL) errorstr = "Login incorrect."; rshd_errx(1, errorstr, rhost); } #ifndef __APPLE__ lc = login_getpwclass(pwd); if (pwd->pw_uid) auth_checknologin(lc); #endif if (chdir(pwd->pw_dir) < 0) { if (chdir("/") < 0 || #ifndef __APPLE__ login_getcapbool(lc, "requirehome", !!pwd->pw_uid)) { #else 0) { #endif /* __APPLE__ */ #ifdef notdef syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: no home directory. cmd='%.80s'", ruser, rhost, luser, cmdbuf); rshd_errx(0, "No remote home directory."); #endif } pwd->pw_dir = slash; } #if defined(KERBEROS) if (use_kerberos) { if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { if (kuserok(kdata, luser) != 0) { syslog(LOG_INFO|LOG_AUTH, "Kerberos rsh denied to %s.%s@%s", kdata->pname, kdata->pinst, kdata->prealm); error("Permission denied.\n"); exit(1); } } } else #endif #ifdef __APPLE__ if (errorstr || (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && iruserok(((struct sockaddr_in *)fromp)->sin_addr.s_addr, #if TARGET_OS_EMBEDDED // rdar://problem/5381734 0, #else pwd->pw_uid == 0, #endif ruser, luser) < 0)) { if (__rcmd_errstr) syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, __rcmd_errstr, cmdbuf); else syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied. cmd='%.80s'", ruser, rhost, luser, cmdbuf); if (errorstr == NULL) errorstr = "Permission denied."; rshd_errx(1, errorstr, errorhost); } if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { rshd_errx(1, "Logins currently disabled."); } #else if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/ char remote_ip[MAXHOSTNAMELEN]; strncpy(remote_ip, numericname, sizeof(remote_ip) - 1); remote_ip[sizeof(remote_ip) - 1] = 0; /* XXX truncation! */ if (!auth_hostok(lc, rhost, remote_ip)) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, __rcmd_errstr, cmdbuf); rshd_errx(1, "Login incorrect."); } if (!auth_timeok(lc, time(NULL))) rshd_errx(1, "Logins not available right now"); } /* * PAM modules might add supplementary groups in * pam_setcred(), so initialize them first. * But we need to open the session as root. */ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) { syslog(LOG_ERR, "setusercontext: %m"); exit(1); } #endif /* !__APPLE__ */ #if !TARGET_OS_EMBEDDED if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_open_session: %s", pam_strerror(pamh, pam_err)); } else if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, pam_err)); } #endif (void) write(STDERR_FILENO, "\0", 1); sent_null = 1; if (port) { if (pipe(pv) < 0) rshd_errx(1, "Can't make pipe."); #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { if (pipe(pv1) < 0) rshd_errx(1, "Can't make 2nd pipe."); if (pipe(pv2) < 0) rshd_errx(1, "Can't make 3rd pipe."); } #endif /* KERBEROS && CRYPT */ pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { static char msg[] = SECURE_MESSAGE; (void) close(pv1[1]); (void) close(pv2[1]); des_write(s, msg, sizeof(msg) - 1); } else #endif /* KERBEROS && CRYPT */ (void) close(0); (void) close(1); (void) close(2); (void) close(pv[1]); FD_ZERO(&readfrom); FD_SET(s, &readfrom); FD_SET(pv[0], &readfrom); if (pv[0] > s) nfd = pv[0]; else nfd = s; #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { FD_ZERO(&writeto); FD_SET(pv2[0], &writeto); FD_SET(pv1[0], &readfrom); nfd = MAX(nfd, pv2[0]); nfd = MAX(nfd, pv1[0]); } else #endif /* KERBEROS && CRYPT */ ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ nfd++; do { ready = readfrom; #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { wready = writeto; if (select(nfd, &ready, &wready, (fd_set *) 0, (struct timeval *) 0) < 0) break; } else #endif /* KERBEROS && CRYPT */ if (select(nfd, &ready, (fd_set *)0, (fd_set *)0, (struct timeval *)0) < 0) break; if (FD_ISSET(s, &ready)) { int ret; #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) ret = des_read(s, &sig, 1); else #endif /* KERBEROS && CRYPT */ ret = read(s, &sig, 1); if (ret <= 0) FD_CLR(s, &readfrom); else killpg(pid, sig); } if (FD_ISSET(pv[0], &ready)) { errno = 0; cc = read(pv[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(s, SHUT_RDWR); FD_CLR(pv[0], &readfrom); } else { #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) (void) des_write(s, buf, cc); else #endif /* KERBEROS && CRYPT */ (void)write(s, buf, cc); } } #if defined(KERBEROS) && defined(CRYPT) if (doencrypt && FD_ISSET(pv1[0], &ready)) { errno = 0; cc = read(pv1[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(pv1[0], 1+1); FD_CLR(pv1[0], &readfrom); } else (void) des_write(STDOUT_FILENO, buf, cc); } if (doencrypt && FD_ISSET(pv2[0], &wready)) { errno = 0; cc = des_read(STDIN_FILENO, buf, sizeof(buf)); if (cc <= 0) { shutdown(pv2[0], 1+1); FD_CLR(pv2[0], &writeto); } else (void) write(pv2[0], buf, cc); } #endif /* KERBEROS && CRYPT */ } while (FD_ISSET(s, &readfrom) || #if defined(KERBEROS) && defined(CRYPT) (doencrypt && FD_ISSET(pv1[0], &readfrom)) || #endif /* KERBEROS && CRYPT */ FD_ISSET(pv[0], &readfrom)); #if !TARGET_OS_EMBEDDED PAM_END; #endif exit(0); } #ifdef __APPLE__ // rdar://problem/4485794 setpgid(0, getpid()); #endif (void) close(s); (void) close(pv[0]); #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { close(pv1[0]); close(pv2[0]); dup2(pv1[1], 1); dup2(pv2[1], 0); close(pv1[1]); close(pv2[1]); } #endif /* KERBEROS && CRYPT */ dup2(pv[1], 2); close(pv[1]); } #ifndef __APPLE__ else { pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { /* Parent. */ while (wait(NULL) > 0 || errno == EINTR) /* nothing */ ; PAM_END; exit(0); } } #endif for (fd = getdtablesize(); fd > 2; fd--) { #ifdef __APPLE__ (void) fcntl(fd, F_SETFD, FD_CLOEXEC); #else (void) close(fd); #endif } if (setsid() == -1) syslog(LOG_ERR, "setsid() failed: %m"); if (setlogin(pwd->pw_name) < 0) syslog(LOG_ERR, "setlogin() failed: %m"); if (*pwd->pw_shell == '\0') pwd->pw_shell = bshell; #ifdef __APPLE__ (void) setgid((gid_t)pwd->pw_gid); initgroups(pwd->pw_name, pwd->pw_gid); (void) setuid((uid_t)pwd->pw_uid); environ = envinit; strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); strcat(path, _PATH_DEFPATH); strncat(shell, pwd->pw_shell, sizeof(shell)-7); strncat(username, pwd->pw_name, sizeof(username)-6); #endif #if !TARGET_OS_EMBEDDED (void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1); (void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1); (void) pam_setenv(pamh, "USER", pwd->pw_name, 1); (void) pam_setenv(pamh, "PATH", _PATH_DEFPATH, 1); environ = pam_getenvlist(pamh); (void) pam_end(pamh, pam_err); #endif cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; #ifndef __APPLE__ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) { syslog(LOG_ERR, "setusercontext(): %m"); exit(1); } login_close(lc); #endif endpwent(); if (log_success || pwd->pw_uid == 0) { #if defined(KERBEROS) if (use_kerberos) syslog(LOG_INFO|LOG_AUTH, "Kerberos shell from %s.%s@%s on %s as %s, cmd='%.80s'", kdata->pname, kdata->pinst, kdata->prealm, hostname, luser, cmdbuf); else #endif /* KERBEROS */ syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", ruser, rhost, luser, cmdbuf); } execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL); err(1, "%s", pwd->pw_shell); exit(1); }
main() { struct sockaddr_in foreign; int foreign_len = sizeof(foreign); int rval, more; static char name[] = "kpasswdd"; static struct rlimit rl = { 0, 0 }; progname = name; openlog("kpasswdd", LOG_CONS | LOG_PID, LOG_AUTH); signal(SIGHUP, SIG_IGN); signal(SIGINT, SIG_IGN); signal(SIGTSTP, SIG_IGN); if(setrlimit(RLIMIT_CORE, &rl) < 0) { syslog(LOG_ERR, "setrlimit: %m"); exit(1); } if(getpeername(0, &foreign, &foreign_len) < 0) { syslog(LOG_ERR,"getpeername: %m"); exit(1); } strcpy(inst, "*"); rval = krb_recvauth( 0L, /* !MUTUAL */ 0, /* file desc */ &ticket, /* client's ticket */ SERVICE, /* expected service */ inst, /* expected instance */ &foreign, /* foreign addr */ (struct sockaddr_in *) 0, &kdata, "", (bit_64 *) NULL, /* key schedule */ version ); if(rval != KSUCCESS) { syslog(LOG_ERR, "krb_recvauth: %s", krb_err_txt[rval]); cleanup(); exit(1); } /* get master key */ if(kdb_get_master_key(0, master_key, master_key_schedule) != 0) { syslog(LOG_ERR, "couldn't get master key"); cleanup(); exit(1); } mkeyversion = kdb_get_master_key(master_key, master_key_schedule, NULL); if(mkeyversion < 0) { syslog(LOG_NOTICE, "couldn't verify master key"); cleanup(); exit(1); } /* get principal info */ rval = kerb_get_principal( kdata.pname, kdata.pinst, &principal_data, 1, &more ); if(rval != 1 || (more != 0)) { syslog(LOG_NOTICE, "more than 1 entry for %s.%s", kdata.pname, kdata.pinst); cleanup(); exit(1); } /* get the user's key */ bcopy(&principal_data.key_low, key, 4); bcopy(&principal_data.key_high, ((long *) key) + 1, 4); kdb_encrypt_key(key, key, master_key, master_key_schedule, DECRYPT); key_sched(key, key_schedule); des_set_key(key, key_schedule); /* get random key and send it over {random} Kperson */ random_key(kpwd_data.random_key); strcpy(kpwd_data.secure_msg, SECURE_STRING); if(des_write(0, &kpwd_data, sizeof(kpwd_data)) != sizeof(kpwd_data)) { syslog(LOG_ERR, "error writing initial data"); cleanup(); exit(1); } bzero(key, sizeof(key)); bzero(key_schedule, sizeof(key_schedule)); /* now read update info: { info }Krandom */ key_sched(kpwd_data.random_key, random_sched); des_set_key(kpwd_data.random_key, random_sched); if(des_read(0, &ud_data, sizeof(ud_data)) != sizeof(ud_data)) { syslog(LOG_ERR, "update aborted"); cleanup(); exit(1); } /* validate info string by looking at the embedded string */ if(strcmp(ud_data.secure_msg, SECURE_STRING)) { syslog(LOG_NOTICE, "invalid update from %s", inet_ntoa(foreign.sin_addr)); cleanup(); exit(1); } /* produce the new key entry in the database { key }Kmaster */ string_to_key(ud_data.pw, key); kdb_encrypt_key(key, key, master_key, master_key_schedule, ENCRYPT); bcopy(key, &principal_data.key_low, 4); bcopy(((long *) key) + 1, &principal_data.key_high, 4); bzero(key, sizeof(key)); principal_data.key_version++; if(kerb_put_principal(&principal_data, 1)) { syslog(LOG_ERR, "couldn't write new record for %s.%s", principal_data.name, principal_data.instance); cleanup(); exit(1); } syslog(LOG_NOTICE,"wrote new password field for %s.%s from %s", principal_data.name, principal_data.instance, inet_ntoa(foreign.sin_addr) ); send_ack(0, "Update complete.\n"); cleanup(); exit(0); }
void doit(struct sockaddr *fromp) { extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ struct addrinfo hints, *res, *res0; int gaierror; struct passwd *pwd; u_short port; in_port_t *portp; struct pollfd pfd[4]; int cc, nfd, pv[2], s = 0, one = 1; pid_t pid; char *hostname, *errorstr, *errorhost = (char *) NULL; char *cp, sig, buf[BUFSIZ]; char cmdbuf[NCARGS+1], locuser[_PW_NAME_LEN+1], remuser[_PW_NAME_LEN+1]; char remotehost[2 * MAXHOSTNAMELEN + 1]; char hostnamebuf[2 * MAXHOSTNAMELEN + 1]; char naddr[NI_MAXHOST]; char saddr[NI_MAXHOST]; char raddr[NI_MAXHOST]; char pbuf[NI_MAXSERV]; auth_session_t *as; const int niflags = NI_NUMERICHOST | NI_NUMERICSERV; #ifdef KERBEROS AUTH_DAT *kdata = (AUTH_DAT *) NULL; KTEXT ticket = (KTEXT) NULL; char instance[INST_SZ], version[VERSION_SIZE]; struct sockaddr_storage fromaddr; int rc; long authopts; #ifdef CRYPT int pv1[2], pv2[2]; #endif if (sizeof(fromaddr) < fromp->sa_len) { syslog(LOG_ERR, "malformed \"from\" address (af %d)", fromp->sa_family); exit(1); } memcpy(&fromaddr, fromp, fromp->sa_len); #endif (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); (void) signal(SIGTERM, SIG_DFL); #ifdef DEBUG { int t = open(_PATH_TTY, 2); if (t >= 0) { ioctl(t, TIOCNOTTY, (char *)0); (void) close(t); } } #endif switch (fromp->sa_family) { case AF_INET: portp = &((struct sockaddr_in *)fromp)->sin_port; break; case AF_INET6: portp = &((struct sockaddr_in6 *)fromp)->sin6_port; break; default: syslog(LOG_ERR, "malformed \"from\" address (af %d)", fromp->sa_family); exit(1); } if (getnameinfo(fromp, fromp->sa_len, naddr, sizeof(naddr), pbuf, sizeof(pbuf), niflags) != 0) { syslog(LOG_ERR, "malformed \"from\" address (af %d)", fromp->sa_family); exit(1); } #ifdef IP_OPTIONS if (fromp->sa_family == AF_INET) { struct ipoption opts; socklen_t optsize = sizeof(opts); int ipproto, i; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (!getsockopt(STDIN_FILENO, ipproto, IP_OPTIONS, (char *)&opts, &optsize) && optsize != 0) { for (i = 0; (void *)&opts.ipopt_list[i] - (void *)&opts < optsize; ) { u_char c = (u_char)opts.ipopt_list[i]; if (c == IPOPT_LSRR || c == IPOPT_SSRR) exit(1); if (c == IPOPT_EOL) break; i += (c == IPOPT_NOP) ? 1 : (u_char)opts.ipopt_list[i+1]; } } } #endif #ifdef KERBEROS if (!use_kerberos) #endif if (ntohs(*portp) >= IPPORT_RESERVED || ntohs(*portp) < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "Connection from %s on illegal port %u", naddr, ntohs(*portp)); exit(1); } (void) alarm(60); port = 0; for (;;) { char c; if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(STDIN_FILENO, SHUT_RDWR); exit(1); } if (c == 0) break; port = port * 10 + c - '0'; } (void) alarm(0); if (port != 0) { int lport; #ifdef KERBEROS if (!use_kerberos) #endif if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { syslog(LOG_ERR, "2nd port not reserved"); exit(1); } *portp = htons(port); lport = IPPORT_RESERVED - 1; s = rresvport_af(&lport, fromp->sa_family); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } if (connect(s, (struct sockaddr *)fromp, fromp->sa_len) < 0) { syslog(LOG_INFO, "connect second port %d: %m", port); exit(1); } } #ifdef KERBEROS if (vacuous) { error("rshd: remote host requires Kerberos authentication\n"); exit(1); } #endif #ifdef notdef /* from inetd, socket is already on 0, 1, 2 */ dup2(f, 0); dup2(f, 1); dup2(f, 2); #endif errorstr = NULL; if (getnameinfo(fromp, fromp->sa_len, saddr, sizeof(saddr), NULL, 0, NI_NAMEREQD)== 0) { /* * If name returned by getnameinfo is in our domain, * attempt to verify that we haven't been fooled by someone * in a remote net; look up the name and check that this * address corresponds to the name. */ hostname = saddr; res0 = NULL; #ifdef KERBEROS if (!use_kerberos) #endif if (check_all || local_domain(saddr)) { strlcpy(remotehost, saddr, sizeof(remotehost)); errorhost = remotehost; memset(&hints, 0, sizeof(hints)); hints.ai_family = fromp->sa_family; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_CANONNAME; gaierror = getaddrinfo(remotehost, pbuf, &hints, &res0); if (gaierror) { syslog(LOG_INFO, "Couldn't look up address for %s: %s", remotehost, gai_strerror(gaierror)); errorstr = "Couldn't look up address for your host (%s)\n"; hostname = naddr; } else { for (res = res0; res; res = res->ai_next) { if (res->ai_family != fromp->sa_family) continue; if (res->ai_addrlen != fromp->sa_len) continue; if (getnameinfo(res->ai_addr, res->ai_addrlen, raddr, sizeof(raddr), NULL, 0, niflags) == 0 && strcmp(naddr, raddr) == 0) { hostname = res->ai_canonname ? res->ai_canonname : saddr; break; } } if (res == NULL) { syslog(LOG_NOTICE, "Host addr %s not listed for host %s", naddr, res0->ai_canonname ? res0->ai_canonname : saddr); errorstr = "Host address mismatch for %s\n"; hostname = naddr; } } } strlcpy(hostnamebuf, hostname, sizeof(hostnamebuf)); hostname = hostnamebuf; if (res0) freeaddrinfo(res0); } else strlcpy(hostnamebuf, naddr, sizeof(hostnamebuf)); errorhost = hostname = hostnamebuf; #ifdef KERBEROS if (use_kerberos) { kdata = (AUTH_DAT *) authbuf; ticket = (KTEXT) tickbuf; authopts = 0L; strlcpy(instance, "*", sizeof instance); version[VERSION_SIZE - 1] = '\0'; #ifdef CRYPT if (doencrypt) { struct sockaddr_in local_addr; rc = sizeof(local_addr); if (getsockname(STDIN_FILENO, (struct sockaddr *)&local_addr, &rc) < 0) { syslog(LOG_ERR, "getsockname: %m"); error("rshd: getsockname: %m"); exit(1); } authopts = KOPT_DO_MUTUAL; rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, (struct sockaddr_in *)&fromaddr, &local_addr, kdata, "", schedule, version); desrw_set_key(&kdata->session, &schedule); } else #endif rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, (struct sockaddr_in *)&fromaddr, NULL, kdata, "", NULL, version); if (rc != KSUCCESS) { error("Kerberos authentication failure: %s\n", krb_get_err_text(rc)); exit(1); } } else #endif getstr(remuser, sizeof(remuser), "remuser"); getstr(locuser, sizeof(locuser), "locuser"); getstr(cmdbuf, sizeof(cmdbuf), "command"); pwd = getpwnam(locuser); if (pwd == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown login. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); if (errorstr == NULL) errorstr = "Permission denied.\n"; goto fail; } lc = login_getclass(pwd->pw_class); if (lc == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown class. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); if (errorstr == NULL) errorstr = "Login incorrect.\n"; goto fail; } as = auth_open(); if (as == NULL || auth_setpwd(as, pwd) != 0) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unable to allocate memory. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); if (errorstr == NULL) errorstr = "Cannot allocate memory.\n"; goto fail; } setegid(pwd->pw_gid); seteuid(pwd->pw_uid); if (chdir(pwd->pw_dir) < 0) { (void) chdir("/"); #ifdef notdef syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: no home directory. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); error("No remote directory.\n"); exit(1); #endif } seteuid(0); setegid(0); /* XXX use a saved gid instead? */ #ifdef KERBEROS if (use_kerberos) { if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { if (kuserok(kdata, locuser) != 0) { syslog(LOG_INFO|LOG_AUTH, "Kerberos rsh denied to %s.%s@%s", kdata->pname, kdata->pinst, kdata->prealm); error("Permission denied.\n"); exit(1); } } } else #endif if (errorstr || (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && iruserok_sa(fromp, fromp->sa_len, pwd->pw_uid == 0, remuser, locuser) < 0)) { if (__rcmd_errstr) syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", remuser, hostname, locuser, __rcmd_errstr, cmdbuf); else syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); fail: if (errorstr == NULL) errorstr = "Permission denied.\n"; error(errorstr, errorhost); exit(1); } if (pwd->pw_uid) auth_checknologin(lc); (void) write(STDERR_FILENO, "\0", 1); sent_null = 1; if (port) { if (pipe(pv) < 0) { error("Can't make pipe.\n"); exit(1); } #ifdef CRYPT #ifdef KERBEROS if (doencrypt) { if (pipe(pv1) < 0) { error("Can't make 2nd pipe.\n"); exit(1); } if (pipe(pv2) < 0) { error("Can't make 3rd pipe.\n"); exit(1); } } #endif #endif pid = fork(); if (pid == -1) { error("Can't fork; try again.\n"); exit(1); } if (pid) { #ifdef CRYPT #ifdef KERBEROS if (doencrypt) { static char msg[] = SECURE_MESSAGE; (void) close(pv1[1]); (void) close(pv2[1]); des_write(s, msg, sizeof(msg) - 1); } else #endif #endif { (void) close(STDIN_FILENO); (void) close(STDOUT_FILENO); } (void) close(STDERR_FILENO); (void) close(pv[1]); pfd[P_SOCKREAD].fd = s; pfd[P_SOCKREAD].events = POLLIN; pfd[P_PIPEREAD].fd = pv[0]; pfd[P_PIPEREAD].events = POLLIN; nfd = 2; #ifdef CRYPT #ifdef KERBEROS if (doencrypt) { pfd[P_CRYPTREAD].fd = pv1[0]; pfd[P_CRYPTREAD].events = POLLIN; pfd[P_CRYPTWRITE].fd = pv2[0]; pfd[P_CRYPTWRITE].events = POLLOUT; nfd += 2; } else #endif #endif ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ do { if (poll(pfd, nfd, INFTIM) < 0) break; if (pfd[P_SOCKREAD].revents & POLLIN) { int ret; #ifdef CRYPT #ifdef KERBEROS if (doencrypt) ret = des_read(s, &sig, 1); else #endif #endif ret = read(s, &sig, 1); if (ret <= 0) pfd[P_SOCKREAD].revents = 0; else killpg(pid, sig); } if (pfd[P_PIPEREAD].revents & POLLIN) { errno = 0; cc = read(pv[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(s, SHUT_RDWR); pfd[P_PIPEREAD].revents = 0; } else { #ifdef CRYPT #ifdef KERBEROS if (doencrypt) (void) des_write(s, buf, cc); else #endif #endif (void) write(s, buf, cc); } } #ifdef CRYPT #ifdef KERBEROS if (doencrypt && (pfd[P_CRYPTREAD].revents & POLLIN)) { errno = 0; cc = read(pv1[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(pv1[0], SHUT_RDWR); pfd[P_CRYPTREAD].revents = 0; } else (void) des_write(STDOUT_FILENO, buf, cc); } if (doencrypt && (pfd[P_CRYPTWRITE].revents & POLLIN)) { errno = 0; cc = des_read(STDIN_FILENO, buf, sizeof(buf)); if (cc <= 0) { shutdown(pv2[0], SHUT_RDWR); pfd[P_CRYPTWRITE].revents = 0; } else (void) write(pv2[0], buf, cc); } #endif #endif } while ((pfd[P_SOCKREAD].revents & POLLIN) || #ifdef CRYPT #ifdef KERBEROS (doencrypt && (pfd[P_CRYPTREAD].revents & POLLIN)) || #endif #endif (pfd[P_PIPEREAD].revents & POLLIN)); exit(0); } setsid(); (void) close(s); (void) close(pv[0]); #ifdef CRYPT #ifdef KERBEROS if (doencrypt) { close(pv1[0]); close(pv2[0]); dup2(pv1[1], 1); dup2(pv2[1], 0); close(pv1[1]); close(pv2[1]); } #endif #endif dup2(pv[1], 2); close(pv[1]); } else setsid(); if (*pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; environ = envinit; if (setenv("HOME", pwd->pw_dir, 1) == -1 || setenv("SHELL", pwd->pw_shell, 1) == -1 || setenv("USER", pwd->pw_name, 1) == -1 || setenv("LOGNAME", pwd->pw_name, 1) == -1) errx(1, "cannot setup environment"); if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL)) errx(1, "cannot set user context"); if (auth_approval(as, lc, pwd->pw_name, "rsh") <= 0) errx(1, "approval failure"); auth_close(as); login_close(lc); cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; endpwent(); if (log_success || pwd->pw_uid == 0) { #ifdef KERBEROS if (use_kerberos) syslog(LOG_INFO|LOG_AUTH, "Kerberos shell from %s.%s@%s on %s as %s, cmd='%.80s'", kdata->pname, kdata->pinst, kdata->prealm, hostname, locuser, cmdbuf); else #endif syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", remuser, hostname, locuser, cmdbuf); } execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL); perror(pwd->pw_shell); exit(1); }