import of heimdal 0.3e

author: assar <assar@FreeBSD.org> 2001-02-13 16:46:19 +0000
committer: assar <assar@FreeBSD.org> 2001-02-13 16:46:19 +0000
commit: ebfe6dc471c206300fd82c7c0fd145f683aa52f6 (patch)
tree: e66aa570ad1d12c43b32a7313b0f8e28971bf8a9 /crypto/heimdal/appl/rsh/rsh.c
parent: e5f617598c2db0dd51906a38ecea9208123a8b70 (diff)
download: FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.zip
FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.tar.gz
1 files changed, 94 insertions, 40 deletions
diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c
index 5033c4f..7b97f58 100644
--- a/crypto/heimdal/appl/rsh/rsh.c
+++ b/crypto/heimdal/appl/rsh/rsh.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,12 +32,12 @@
  */
 
 #include "rsh_locl.h"
-RCSID("$Id: rsh.c,v 1.47 2000/02/06 05:58:55 assar Exp $");
+RCSID("$Id: rsh.c,v 1.57 2000/12/31 07:36:54 assar Exp $");
 
 enum auth_method auth_method;
-int do_encrypt;
-int do_forward;
-int do_forwardable;
+int do_encrypt       = -1;
+int do_forward       = -1;
+int do_forwardable   = -1;
 int do_unique_tkfile = 0;
 char *unique_tkfile  = NULL;
 char tkfile[MAXPATHLEN];
@@ -62,6 +62,9 @@ loop (int s, int errsock)
     fd_set real_readset;
     int count = 1;
 
+    if (s >= FD_SETSIZE || errsock >= FD_SETSIZE)
+	errx (1, "fd too large");
+    
     FD_ZERO(&real_readset);
     FD_SET(s, &real_readset);
     if (errsock != -1) {
@@ -404,7 +407,7 @@ proto (int s, int errsock,
     struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
     struct sockaddr_storage erraddr_ss;
     struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
-    int addrlen;
+    socklen_t addrlen;
     int ret;
 
     addrlen = sizeof(thisaddr_ss);
@@ -441,14 +444,48 @@ proto (int s, int errsock,
 	    return 1;
 	}
 
-	errsock2 = accept (errsock, NULL, NULL);
-	if (errsock2 < 0) {
-	    warn ("accept");
-	    close (errsock);
-	    return 1;
-	}
-	close (errsock);
 
+	for (;;) {
+	    fd_set fdset;
+
+	    if (errsock >= FD_SETSIZE || s >= FD_SETSIZE)
+		errx (1, "fd too large");
+
+	    FD_ZERO(&fdset);
+	    FD_SET(errsock, &fdset);
+	    FD_SET(s, &fdset);
+
+	    ret = select (max(errsock, s) + 1, &fdset, NULL, NULL, NULL);
+	    if (ret < 0) {
+		if (errno == EINTR)
+		    continue;
+		warn ("select");
+		close (errsock);
+		return 1;
+	    }
+	    if (FD_ISSET(errsock, &fdset)) {
+		errsock2 = accept (errsock, NULL, NULL);
+		close (errsock);
+		if (errsock2 < 0) {
+		    warn ("accept");
+		    return 1;
+		}
+		break;
+	    }
+
+	    /*
+	     * there should not arrive any data on this fd so if it's
+	     * readable it probably indicates that the other side when
+	     * away.
+	     */
+
+	    if (FD_ISSET(s, &fdset)) {
+		warnx ("socket closed");
+		close (errsock);
+		errsock2 = -1;
+		break;
+	    }
+	}
     } else {
 	if (net_write (s, "0", 2) != 2) {
 	    warn ("write");
@@ -490,8 +527,7 @@ proto (int s, int errsock,
 
 /*
  * Return in `res' a copy of the concatenation of `argc, argv' into
- * malloced space.
- */
+ * malloced space.  */
 
 static size_t
 construct_command (char **res, int argc, char **argv)
@@ -673,7 +709,7 @@ doit (const char *hostname,
 	    continue;
 	}
 	if (do_errsock) {
-	    struct addrinfo *ea;
+	    struct addrinfo *ea, *eai;
 	    struct addrinfo hints;
 
 	    memset (&hints, 0, sizeof(hints));
@@ -682,15 +718,23 @@ doit (const char *hostname,
 	    hints.ai_family   = a->ai_family;
 	    hints.ai_flags    = AI_PASSIVE;
 
-	    error = getaddrinfo (NULL, "0", &hints, &ea);
+	    errsock = -1;
+
+	    error = getaddrinfo (NULL, "0", &hints, &eai);
 	    if (error)
 		errx (1, "getaddrinfo: %s", gai_strerror(error));
-	    errsock = socket (ea->ai_family, ea->ai_socktype, ea->ai_protocol);
+	    for (ea = eai; ea != NULL; ea = ea->ai_next) {
+		errsock = socket (ea->ai_family, ea->ai_socktype,
+				  ea->ai_protocol);
+		if (errsock < 0)
+		    continue;
+		if (bind (errsock, ea->ai_addr, ea->ai_addrlen) < 0)
+		    err (1, "bind");
+		break;
+	    }
 	    if (errsock < 0)
 		err (1, "socket");
-	    if (bind (errsock, ea->ai_addr, ea->ai_addrlen) < 0)
-		err (1, "bind");
-	    freeaddrinfo (ea);
+	    freeaddrinfo (eai);
 	} else
 	    errsock = -1;
     
@@ -732,7 +776,7 @@ struct getargs args[] = {
       NULL },
     { "encrypt", 'x', arg_flag,		&do_encrypt,	"Encrypt connection",
       NULL },
-    { "encrypt", 'z', arg_negative_flag,      &do_encrypt,
+    { NULL, 	'z', arg_negative_flag,      &do_encrypt,
       "Don't encrypt connection", NULL },
     { "forward", 'f', arg_flag,		&do_forward,	"Forward credentials",
       NULL },
@@ -782,12 +826,15 @@ main(int argc, char **argv)
     const char *local_user;
     char *host = NULL;
     int host_index = -1;
-    int status; 
+    int status;
+    uid_t uid;
 
     priv_port1 = priv_port2 = IPPORT_RESERVED-1;
     priv_socket1 = rresvport(&priv_port1);
     priv_socket2 = rresvport(&priv_port2);
-    setuid(getuid());
+    uid = getuid ();
+    if (setuid (uid) || (uid != 0 && setuid(0) == 0))
+	err (1, "setuid");
     
     set_progname (argv[0]);
 
@@ -798,27 +845,32 @@ main(int argc, char **argv)
     
     status = krb5_init_context (&context);
     if (status)
-        errx(1, "krb5_init_context failed: %u", status);
+        errx(1, "krb5_init_context failed: %d", status);
       
-    do_forwardable = krb5_config_get_bool (context, NULL,
-					   "libdefaults",
-					   "forwardable",
-					   NULL);
-	
-    do_forward = krb5_config_get_bool (context, NULL,
-				       "libdefaults",
-				       "forward",
-				       NULL);
-
-    do_encrypt = krb5_config_get_bool (context, NULL,
-				       "libdefaults",
-				       "encrypt",
-				       NULL);
-
     if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
 		&optind))
 	usage (1);
 
+    if (do_forwardable == -1)
+	do_forwardable = krb5_config_get_bool (context, NULL,
+					       "libdefaults",
+					       "forwardable",
+					       NULL);
+	
+    if (do_forward == -1)
+	do_forward = krb5_config_get_bool (context, NULL,
+					   "libdefaults",
+					   "forward",
+					   NULL);
+    else if (do_forward == 0)
+	do_forwardable = 0;
+
+    if (do_encrypt == -1)
+	do_encrypt = krb5_config_get_bool (context, NULL,
+					   "libdefaults",
+					   "encrypt",
+					   NULL);
+
     if (do_forwardable)
 	do_forward = 1;
 
@@ -939,6 +991,8 @@ main(int argc, char **argv)
 	else
 	    tmp_port = krb5_getportbyname(context, "shell", "tcp", 514);
 	auth_method = AUTH_BROKEN;
+	if (do_encrypt)
+	    errx (1, "encryption not supported with priv port authentication");
 	ret = doit_broken (argc, argv, host_index, host,
 			   user, local_user,
 			   tmp_port,
author	assar <assar@FreeBSD.org>	2001-02-13 16:46:19 +0000
committer	assar <assar@FreeBSD.org>	2001-02-13 16:46:19 +0000
commit	ebfe6dc471c206300fd82c7c0fd145f683aa52f6 (patch)
tree	e66aa570ad1d12c43b32a7313b0f8e28971bf8a9 /crypto/heimdal/appl/rsh/rsh.c
parent	e5f617598c2db0dd51906a38ecea9208123a8b70 (diff)
download	FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.zip FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.tar.gz