As previously threatened, clean up the rshd -a option and make it default

on rshd and rlogind.  However, note that:
1: rshd used to drop a connection with -a if the hostname != ip address.
   This is unneeded, because iruserok() does it's own checking.
   It was also wrong if .rhosts had an explicit IP address in it,
   connections would be dropped from that host solely because the DNS was
   mismatched even though it was explicitly intended to work by IP address.
2: rlogind and rshd check the hostname mappings by default now because that
   is what goes into the utmp/wtmp and logs.  If the hostname != ip address,
   then it uses the IP address for logging/utmp/wtmp purposes.  There isn't
   much point logging ficticious hostnames.
3: rshd -a is now accepted (but ignored) for compatability.  If you really
   want to make life miserable for people with bad reverse DNS, use tcpd in
   paranoid mode (which is questionable anyway, given DNS ttl tweaking).

3 files changed, 50 insertions, 111 deletions

diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c
index b0227e6..64cf70f 100644
--- a/libexec/rlogind/rlogind.c
+++ b/libexec/rlogind/rlogind.c
@@ -42,7 +42,7 @@ static const char copyright[] =
 static const char sccsid[] = "@(#)rlogind.c	8.1 (Berkeley) 6/4/93";
 #endif
 static const char rcsid[] =
-	"$Id$";
+	"$Id: rlogind.c,v 1.19 1997/11/25 07:17:15 charnier Exp $";
 #endif /* not lint */
 
 /*
@@ -122,8 +122,6 @@ void	getstr __P((char *, int, char *));
 void	setup_term __P((int));
 int	do_krb_login __P((struct sockaddr_in *));
 void	usage __P((void));
-int	local_domain __P((char *));
-char	*topdomain __P((char *));
 
 int
 main(argc, argv)
@@ -232,9 +230,27 @@ doit(f, fromp)
 	hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof(struct in_addr),
 	    fromp->sin_family);
 	if (hp) {
-		(void)strncpy(hostname, hp->h_name, sizeof(hostname));
+		strncpy(hostname, hp->h_name, sizeof(hostname) - 1);
+		hostname[sizeof(hostname) - 1] = '\0';
+		hp = gethostbyname(hostname);
+		if (hp == NULL) {
+			strncpy(hostname, inet_ntoa(fromp->sin_addr),
+				sizeof(hostname) - 1);
+		} else for (; ; hp->h_addr_list++) {
+			if (hp->h_addr_list[0] == NULL) {
+				/* End of list - ditch it */
+				strncpy(hostname, inet_ntoa(fromp->sin_addr),
+					sizeof(hostname) - 1);
+				break;
+			}
+			if (!bcmp(hp->h_addr_list[0],
+			    (caddr_t)&fromp->sin_addr,
+			    sizeof(fromp->sin_addr)))
+				break;		/* OK! */
+		}
 	} else {
-		(void)strncpy(hostname, inet_ntoa(fromp->sin_addr), sizeof(hostname));
+		strncpy(hostname, inet_ntoa(fromp->sin_addr),
+			sizeof(hostname) - 1);
 	}
 	hostname[sizeof(hostname) - 1] = '\0';
 
@@ -742,45 +758,3 @@ usage()
 	syslog(LOG_ERR, "usage: rlogind [-Daln]");
 #endif
 }
-
-/*
- * Check whether host h is in our local domain,
- * defined as sharing the last two components of the domain part,
- * or the entire domain part if the local domain has only one component.
- * If either name is unqualified (contains no '.'),
- * assume that the host is local, as it will be
- * interpreted as such.
- */
-int
-local_domain(h)
-	char *h;
-{
-	char localhost[MAXHOSTNAMELEN];
-	char *p1, *p2;
-
-	localhost[0] = 0;
-	(void) gethostname(localhost, sizeof(localhost));
-	p1 = topdomain(localhost);
-	p2 = topdomain(h);
-	if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2))
-		return (1);
-	return (0);
-}
-
-char *
-topdomain(h)
-	char *h;
-{
-	register char *p;
-	char *maybe = NULL;
-	int dots = 0;
-
-	for (p = h + strlen(h); p >= h; p--) {
-		if (*p == '.') {
-			if (++dots == 2)
-				return (p);
-			maybe = p;
-		}
-	}
-	return (maybe);
-}
diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8
index 0fc7b1c..314f3fe 100644
--- a/libexec/rshd/rshd.8
+++ b/libexec/rshd/rshd.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)rshd.8	8.1 (Berkeley) 6/4/93
-.\"	$Id: rshd.8,v 1.12 1998/12/01 23:27:24 dg Exp $
+.\"	$Id: rshd.8,v 1.13 1998/12/03 05:45:18 bde Exp $
 .\"
 .Dd June 4, 1993
 .Dt RSHD 8
@@ -88,17 +88,9 @@ and requests the corresponding host name (see
 .Xr hosts 5
 and
 .Xr named 8 ).
-If the hostname cannot be determined,
+If the hostname cannot be determined or the hostname and address do
+not match after verification,
 the dot-notation representation of the host address is used.
-If the hostname is in the same domain as the server (according to
-the last two components of the domain name),
-or if the
-.Fl a
-option is given,
-the addresses for the hostname are requested,
-verifying that the name and address correspond.
-If address verification fails, the connection is aborted
-with the message: ``Host address mismatch.''.
 .It
 A null terminated user name of at most 16 characters
 is retrieved on the initial socket.  This user name
diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index 1f3278a..cd2f57c 100644
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c
@@ -42,7 +42,7 @@ static const char copyright[] =
 static const char sccsid[] = "@(#)rshd.c	8.2 (Berkeley) 4/6/94";
 #endif
 static const char rcsid[] =
-	"$Id: rshd.c,v 1.21 1998/05/05 00:28:51 rnordier Exp $";
+	"$Id: rshd.c,v 1.22 1998/12/01 23:27:24 dg Exp $";
 #endif /* not lint */
 
 /*
@@ -80,7 +80,6 @@ static const char rcsid[] =
 #endif
 
 int	keepalive = 1;
-int	check_all;
 int	log_success;		/* If TRUE, log all successful accesses */
 int	sent_null;
 int	no_delay;
@@ -122,7 +121,7 @@ main(argc, argv)
 	while ((ch = getopt(argc, argv, OPTIONS)) != -1)
 		switch (ch) {
 		case 'a':
-			check_all = 1;
+			/* ignored for compatability */
 			break;
 		case 'l':
 			__check_rhosts_file = 0;
@@ -214,10 +213,9 @@ doit(fromp)
 	fd_set ready, readfrom;
 	int cc, nfd, pv[2], pid, s;
 	int one = 1;
-	char *hostname, *errorstr, *errorhost;
+	char *hostname, *errorstr;
 	char *cp, sig, buf[BUFSIZ];
 	char cmdbuf[NCARGS+1], locuser[16], remuser[16];
-	char remotehost[2 * MAXHOSTNAMELEN + 1];
 	char fromhost[2 * MAXHOSTNAMELEN + 1];
 #ifdef	LOGIN_CAP
 	login_cap_t *lc;
@@ -296,6 +294,7 @@ doit(fromp)
 
 	(void) alarm(60);
 	port = 0;
+	s = 0;		/* not set or used if port == 0 */
 	for (;;) {
 		char c;
 		if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
@@ -304,7 +303,7 @@ doit(fromp)
 			shutdown(0, 1+1);
 			exit(1);
 		}
-		if (c== 0)
+		if (c == 0)
 			break;
 		port = port * 10 + c - '0';
 	}
@@ -349,64 +348,38 @@ doit(fromp)
 	dup2(f, 2);
 #endif
 	errorstr = NULL;
+	strncpy(fromhost, inet_ntoa(fromp->sin_addr),
+		sizeof(fromhost) - 1);
+	hostname = fromhost;
 	hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr),
 		fromp->sin_family);
 	if (hp) {
 		/*
-		 * If name returned by gethostbyaddr is in our domain,
-		 * attempt to verify that we haven't been fooled by someone
-		 * in a remote net; look up the name and check that this
-		 * address corresponds to the name.
+		 * OK, it looks like a DNS name is attached.. Lets see if
+		 * it looks like we can use it.  If it doesn't check out,
+		 * ditch it and use the IP address for logging instead.
+		 * Note that iruserok() does it's own hostname checking!!
 		 */
 		strncpy(fromhost, hp->h_name, sizeof(fromhost) - 1);
 		fromhost[sizeof(fromhost) - 1] = 0;
-		hostname = fromhost;
-#ifdef	KERBEROS
-		if (!use_kerberos)
-#endif
-		if (check_all || local_domain(hp->h_name)) {
-			strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1);
-			remotehost[sizeof(remotehost) - 1] = 0;
-			errorhost = remotehost;
-			hp = gethostbyname(remotehost);
-			if (hp == NULL) {
-				syslog(LOG_INFO,
-				    "couldn't look up address for %s",
-				    remotehost);
-				errorstr =
-				"Couldn't look up address for your host (%s)\n";
+		hp = gethostbyname(fromhost);
+		if (hp == NULL) {
+			strncpy(fromhost, inet_ntoa(fromp->sin_addr),
+				sizeof(fromhost) - 1);
+		} else for (; ; hp->h_addr_list++) {
+			if (hp->h_addr_list[0] == NULL) {
+				/* End of list - ditch it */
 				strncpy(fromhost, inet_ntoa(fromp->sin_addr),
 					sizeof(fromhost) - 1);
-				fromhost[sizeof(fromhost) - 1] = 0;
-				hostname = fromhost;
-			} else for (; ; hp->h_addr_list++) {
-				if (hp->h_addr_list[0] == NULL) {
-					syslog(LOG_NOTICE,
-					  "host addr %s not listed for host %s",
-					    inet_ntoa(fromp->sin_addr),
-					    hp->h_name);
-					errorstr =
-					    "Host address mismatch for %s\n";
-					strncpy(fromhost, inet_ntoa(fromp->sin_addr),
-						sizeof(fromhost) - 1);
-					fromhost[sizeof(fromhost) - 1] = 0;
-					hostname = fromhost;
-					break;
-				}
-				if (!bcmp(hp->h_addr_list[0],
-				    (caddr_t)&fromp->sin_addr,
-				    sizeof(fromp->sin_addr))) {
-					hostname = remotehost;
-					break;
-				}
+				break;
 			}
+			if (!bcmp(hp->h_addr_list[0],
+			    (caddr_t)&fromp->sin_addr,
+			    sizeof(fromp->sin_addr)))
+				break;		/* OK! */
 		}
-	} else {
-		strncpy(fromhost, inet_ntoa(fromp->sin_addr),
-			sizeof(fromhost) - 1);
-		fromhost[sizeof(fromhost) - 1] = 0;
-		errorhost = hostname = fromhost;
 	}
+	fromhost[sizeof(fromhost) - 1] = 0;
 
 #ifdef	KERBEROS
 	if (use_kerberos) {
@@ -515,7 +488,7 @@ doit(fromp)
 fail:
 			if (errorstr == NULL)
 				errorstr = "Login incorrect.\n";
-			error(errorstr, errorhost);
+			error(errorstr, hostname);
 			exit(1);
 		}