summaryrefslogtreecommitdiffstats
path: root/libexec/rshd
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>2002-06-26 17:09:08 +0000
committermarkm <markm@FreeBSD.org>2002-06-26 17:09:08 +0000
commit33f0a5804d6d625ff988e6651f2c782d86ec5001 (patch)
treee66d8c08c92f6a6cac068639316f85421fb2d4d2 /libexec/rshd
parent741591a6b40f032b21f83aaf9f79ecd33566857e (diff)
downloadFreeBSD-src-33f0a5804d6d625ff988e6651f2c782d86ec5001.zip
FreeBSD-src-33f0a5804d6d625ff988e6651f2c782d86ec5001.tar.gz
Gut out (by default unused) cruft, and tidy up warnings.
Diffstat (limited to 'libexec/rshd')
-rw-r--r--libexec/rshd/Makefile11
-rw-r--r--libexec/rshd/rshd.819
-rw-r--r--libexec/rshd/rshd.c162
3 files changed, 22 insertions, 170 deletions
diff --git a/libexec/rshd/Makefile b/libexec/rshd/Makefile
index 4b9091c..9e9d20e 100644
--- a/libexec/rshd/Makefile
+++ b/libexec/rshd/Makefile
@@ -5,19 +5,12 @@ PROG= rshd
SRCS= rshd.c
MAN= rshd.8
-#CFLAGS+= -DCRYPT
WFORMAT=0
DPADD+= ${LIBUTIL}
LDADD+= -lutil
-.if !defined(NOPAM)
-CFLAGS+= -DUSE_PAM
-DPADD+= ${LIBPAM}
-LDADD+= ${MINUSLPAM}
-.endif
-
-# IPv6 support
-CFLAGS+= -DINET6
+DPADD+= ${LIBUTIL} ${LIBPAM}
+LDADD+= -lutil ${MINUSLPAM}
.include <bsd.prog.mk>
diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8
index 81eac4f..76db9e9 100644
--- a/libexec/rshd/rshd.8
+++ b/libexec/rshd/rshd.8
@@ -127,20 +127,6 @@ from doing any validation based on the user's
file,
unless the user is the superuser.
.It
-If the file
-.Pa /var/run/nologin
-exists and the user is not the superuser,
-the connection is closed.
-The name of the nologin file may be overridden
-using the nologin capability in
-.Pa /etc/login.conf
-according to the local user's login class,
-which may also be used to restrict
-.Xr rsh 1
-access by
-login time (times.allow and times.deny capabilities)
-and remote host (hosts.allow and hosts.deny capabilities).
-.It
A
.Tn NUL
byte is returned on the initial socket
@@ -229,7 +215,6 @@ and is not preceded by a flag byte.
.Xr hosts 5 ,
.Xr hosts.equiv 5 ,
.Xr login.conf 5 ,
-.Xr nologin 5 ,
.Xr services 5 ,
.Xr named 8 ,
.Xr rlogind 8 ,
@@ -240,12 +225,10 @@ and is not preceded by a flag byte.
.It Pa /etc/hosts.equiv
.It Pa /etc/login.conf
.It Ev $HOME Ns Pa /.rhosts
-.It Pa /var/run/nologin
.Pp
.It Pa /etc/pam.conf
-If
.Nm
-is configured with PAM support, it uses
+uses
.Pa /etc/pam.conf
entries with service name
.Dq rsh .
diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index b6665ea..7fa68f1 100644
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c
@@ -48,10 +48,11 @@ static const char copyright[] =
#if 0
static const char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94";
#endif
-static const char rcsid[] =
- "$FreeBSD$";
#endif /* not lint */
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
/*
* remote shell server:
* [port]\0
@@ -108,9 +109,6 @@ int keepalive = 1;
int log_success; /* If TRUE, log all successful accesses */
int sent_null;
int no_delay;
-#ifdef CRYPT
-int doencrypt = 0;
-#endif
void doit(struct sockaddr *);
static void rshd_errx(int, const char *, ...) __printf0like(2, 3);
@@ -119,6 +117,9 @@ int local_domain(char *);
char *topdomain(char *);
void usage(void);
+char slash[] = "/";
+char bshell[] = _PATH_BSHELL;
+
#define OPTIONS "alnDL"
int
@@ -143,11 +144,6 @@ main(int argc, char *argv[])
case 'n':
keepalive = 0;
break;
-#ifdef CRYPT
- case 'x':
- doencrypt = 1;
- break;
-#endif
case 'D':
no_delay = 1;
break;
@@ -163,13 +159,6 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
-#ifdef CRYPT
- if (doencrypt) {
- syslog(LOG_ERR, "-k is required for -x");
- exit(2);
- }
-#endif
-
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
syslog(LOG_ERR, "getpeername: %m");
@@ -208,11 +197,7 @@ doit(struct sockaddr *fromp)
char cmdbuf[NCARGS+1], luser[16], ruser[16];
char rhost[2 * MAXHOSTNAMELEN + 1];
char numericname[INET6_ADDRSTRLEN];
- int af, error, srcport;
-#ifdef CRYPT
- int rc;
- int pv1[2], pv2[2];
-#endif
+ int af, srcport;
login_cap_t *lc;
(void) signal(SIGINT, SIG_DFL);
@@ -223,11 +208,9 @@ doit(struct sockaddr *fromp)
if (af == AF_INET) {
inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr,
numericname, sizeof numericname);
-#ifdef INET6
} else if (af == AF_INET6) {
inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr,
numericname, sizeof numericname);
-#endif
} else {
syslog(LOG_ERR, "malformed \"from\" address (af %d)", af);
exit(1);
@@ -314,23 +297,6 @@ doit(struct sockaddr *fromp)
rhost[sizeof(rhost) - 1] = '\0';
/* XXX truncation! */
-#ifdef CRYPT
- if (doencrypt && af == AF_INET) {
- struct sockaddr_in local_addr;
- rc = sizeof(local_addr);
- if (getsockname(0, (struct sockaddr *)&local_addr,
- &rc) < 0) {
- syslog(LOG_ERR, "getsockname: %m");
- rshd_errx(1, "rlogind: getsockname: %m"); /* XXX */
- }
- authopts = KOPT_DO_MUTUAL;
- rc = krb_recvauth(authopts, 0, ticket,
- "rcmd", instance, &fromaddr,
- &local_addr, kdata, "", schedule,
- version);
- des_set_key(&kdata->session, schedule);
- }
-#endif
(void) alarm(60);
getstr(ruser, sizeof(ruser), "ruser");
getstr(luser, sizeof(luser), "luser");
@@ -390,7 +356,7 @@ doit(struct sockaddr *fromp)
ruser, rhost, luser, cmdbuf);
rshd_errx(0, "No remote home directory.");
}
- pwd->pw_dir = "/";
+ pwd->pw_dir = slash;
}
if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/
@@ -433,32 +399,12 @@ doit(struct sockaddr *fromp)
if (port) {
if (pipe(pv) < 0)
rshd_errx(1, "Can't make pipe.");
-#ifdef CRYPT
- if (doencrypt) {
- if (pipe(pv1) < 0)
- rshd_errx(1, "Can't make 2nd pipe.");
- if (pipe(pv2) < 0)
- rshd_errx(1, "Can't make 3rd pipe.");
- }
-#endif
pid = fork();
if (pid == -1)
rshd_errx(1, "Can't fork; try again.");
if (pid) {
-#ifdef CRYPT
- if (doencrypt) {
- static char msg[] = SECURE_MESSAGE;
- (void) close(pv1[1]);
- (void) close(pv2[1]);
- des_enc_write(s, msg, sizeof(msg) - 1,
- schedule, &kdata->session);
-
- } else
-#endif
- {
- (void) close(0);
- (void) close(1);
- }
+ (void) close(0);
+ (void) close(1);
(void) close(2);
(void) close(pv[1]);
@@ -469,47 +415,22 @@ doit(struct sockaddr *fromp)
nfd = pv[0];
else
nfd = s;
-#ifdef CRYPT
- if (doencrypt) {
- FD_ZERO(&writeto);
- FD_SET(pv2[0], &writeto);
- FD_SET(pv1[0], &readfrom);
-
- nfd = MAX(nfd, pv2[0]);
- nfd = MAX(nfd, pv1[0]);
- } else
-#endif
ioctl(pv[0], FIONBIO, (char *)&one);
/* should set s nbio! */
nfd++;
do {
ready = readfrom;
-#ifdef CRYPT
- if (doencrypt) {
- wready = writeto;
- if (select(nfd, &ready,
- &wready, (fd_set *) 0,
- (struct timeval *) 0) < 0)
- break;
- } else
-#endif
- if (select(nfd, &ready, (fd_set *)0,
- (fd_set *)0, (struct timeval *)0) < 0)
- break;
+ if (select(nfd, &ready, (fd_set *)0,
+ (fd_set *)0, (struct timeval *)0) < 0)
+ break;
if (FD_ISSET(s, &ready)) {
int ret;
-#ifdef CRYPT
- if (doencrypt)
- ret = des_enc_read(s, &sig, 1,
- schedule, &kdata->session);
- else
-#endif
ret = read(s, &sig, 1);
- if (ret <= 0)
- FD_CLR(s, &readfrom);
- else
- killpg(pid, sig);
+ if (ret <= 0)
+ FD_CLR(s, &readfrom);
+ else
+ killpg(pid, sig);
}
if (FD_ISSET(pv[0], &ready)) {
errno = 0;
@@ -518,62 +439,17 @@ doit(struct sockaddr *fromp)
shutdown(s, 1+1);
FD_CLR(pv[0], &readfrom);
} else {
-#ifdef CRYPT
- if (doencrypt)
- (void)
- des_enc_write(s, buf, cc,
- schedule, &kdata->session);
- else
-#endif
- (void)
- write(s, buf, cc);
+ (void)write(s, buf, cc);
}
}
-#ifdef CRYPT
- if (doencrypt && FD_ISSET(pv1[0], &ready)) {
- errno = 0;
- cc = read(pv1[0], buf, sizeof(buf));
- if (cc <= 0) {
- shutdown(pv1[0], 1+1);
- FD_CLR(pv1[0], &readfrom);
- } else
- (void) des_enc_write(STDOUT_FILENO,
- buf, cc,
- schedule, &kdata->session);
- }
-
- if (doencrypt && FD_ISSET(pv2[0], &wready)) {
- errno = 0;
- cc = des_enc_read(STDIN_FILENO,
- buf, sizeof(buf),
- schedule, &kdata->session);
- if (cc <= 0) {
- shutdown(pv2[0], 1+1);
- FD_CLR(pv2[0], &writeto);
- } else
- (void) write(pv2[0], buf, cc);
- }
-#endif
} while (FD_ISSET(s, &readfrom) ||
-#ifdef CRYPT
- (doencrypt && FD_ISSET(pv1[0], &readfrom)) ||
-#endif
FD_ISSET(pv[0], &readfrom));
PAM_END;
exit(0);
}
(void) close(s);
(void) close(pv[0]);
-#ifdef CRYPT
- if (doencrypt) {
- close(pv1[0]); close(pv2[0]);
- dup2(pv1[1], 1);
- dup2(pv2[1], 0);
- close(pv1[1]);
- close(pv2[1]);
- }
-#endif
dup2(pv[1], 2);
close(pv[1]);
}
@@ -598,7 +474,7 @@ doit(struct sockaddr *fromp)
syslog(LOG_ERR, "setlogin() failed: %m");
if (*pwd->pw_shell == '\0')
- pwd->pw_shell = _PATH_BSHELL;
+ pwd->pw_shell = bshell;
(void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1);
(void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1);
(void) pam_setenv(pamh, "USER", pwd->pw_name, 1);
OpenPOWER on IntegriCloud