1 files changed, 90 insertions, 41 deletions

diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c
index 850c6ac..fc2df7f 100644
--- a/crypto/heimdal/appl/rsh/rshd.c
+++ b/crypto/heimdal/appl/rsh/rshd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,24 +32,28 @@
  */
 
 #include "rsh_locl.h"
-RCSID("$Id: rshd.c,v 1.44 2001/11/30 14:38:48 joda Exp $");
+RCSID("$Id: rshd.c,v 1.46 2002/02/18 20:02:14 joda Exp $");
 
 int
 login_access( struct passwd *user, char *from);
 
 enum auth_method auth_method;
 
+#ifdef KRB5
 krb5_context context;
 krb5_keyblock *keyblock;
 krb5_crypto crypto;
+#endif
 
 #ifdef KRB4
 des_key_schedule schedule;
 des_cblock iv;
 #endif
 
+#ifdef KRB5
 krb5_ccache ccache, ccache2;
 int kerberos_status = 0;
+#endif
 
 int do_encrypt = 0;
 
@@ -60,15 +64,19 @@ static int do_inetd = 1;
 static char *port_str;
 static int do_rhosts = 1;
 static int do_kerberos = 0;
+#define DO_KRB4 2
+#define DO_KRB5 4
 static int do_vacuous = 0;
 static int do_log = 1;
+#ifdef KRB4
 static int do_newpag = 1;
+#endif
 static int do_addr_verify = 0;
 static int do_keepalive = 1;
 static int do_version;
 static int do_help = 0;
 
-#if defined(DCE)
+#if defined(KRB5) && defined(DCE)
 int dfsk5ok = 0;
 int dfspag = 0;
 int dfsfwd = 0;
@@ -214,6 +222,7 @@ recv_krb4_auth (int s, u_char *buf,
 
 #endif /* KRB4 */
 
+#ifdef KRB5
 static int 
 save_krb5_creds (int s,
                  krb5_auth_context auth_context,
@@ -413,6 +422,7 @@ recv_krb5_auth (int s, u_char *buf,
 
     return 0;
 }
+#endif /* KRB5 */
 
 static void
 loop (int from0, int to0,
@@ -593,7 +603,7 @@ setup_environment (char ***env, const struct passwd *pwd)
 }
 
 static void
-doit (int do_kerberos, int check_rhosts)
+doit (void)
 {
     u_char buf[BUFSIZ];
     u_char *p;
@@ -621,7 +631,9 @@ doit (int do_kerberos, int check_rhosts)
     if (getpeername (s, thataddr, &thataddr_len) < 0)
 	syslog_and_die ("getpeername: %m");
 
-    if (!do_kerberos && !is_reserved(socket_get_port(thataddr)))
+    /* check for V4MAPPED addresses? */
+
+    if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
 	fatal(s, NULL, "Permission denied.");
 
     p = buf;
@@ -637,7 +649,7 @@ doit (int do_kerberos, int check_rhosts)
 	    syslog_and_die ("non-digit in port number: %c", *p);
     }
 
-    if (!do_kerberos && !is_reserved(htons(port)))
+    if (do_kerberos  == 0 && !is_reserved(htons(port)))
 	fatal(s, NULL, "Permission denied.");
 
     if (port) {
@@ -677,19 +689,23 @@ doit (int do_kerberos, int check_rhosts)
 	    syslog_and_die ("reading auth info: %m");
     
 #ifdef KRB4
-	if (recv_krb4_auth (s, buf, thisaddr, thataddr,
+	if ((do_kerberos & DO_KRB4) && 
+	    recv_krb4_auth (s, buf, thisaddr, thataddr,
 			    client_user,
 			    server_user,
 			    cmd) == 0)
 	    auth_method = AUTH_KRB4;
 	else
 #endif /* KRB4 */
-	    if(recv_krb5_auth (s, buf, thisaddr, thataddr,
+#ifdef KRB5
+	    if((do_kerberos & DO_KRB5) &&
+	       recv_krb5_auth (s, buf, thisaddr, thataddr,
 			       client_user,
 			       server_user,
 			       cmd) == 0)
 		auth_method = AUTH_KRB5;
 	    else
+#endif /* KRB5 */
 		syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
 				buf[0], buf[1], buf[2], buf[3]);
     } else {
@@ -851,18 +867,22 @@ struct getargs args[] = {
     { "keepalive",	'n',	arg_negative_flag,	&do_keepalive },
     { "inetd",		'i',	arg_negative_flag,	&do_inetd,
       "Not started from inetd" },
+#if defined(KRB4) || defined(KRB5)
     { "kerberos",	'k',	arg_flag,	&do_kerberos,
       "Implement kerberised services" },
     { "encrypt",	'x',	arg_flag,		&do_encrypt,
       "Implement encrypted service" },
+#endif
     { "rhosts",		'l',	arg_negative_flag, &do_rhosts,
       "Don't check users .rhosts" },
     { "port",		'p',	arg_string,	&port_str,	"Use this port",
       "port" },
     { "vacuous",	'v',	arg_flag, &do_vacuous,
       "Don't accept non-kerberised connections" },
+#ifdef KRB4
     { NULL,		'P',	arg_negative_flag, &do_newpag,
       "Don't put process in new PAG" },
+#endif
     /* compatibility flag: */
     { NULL,		'L',	arg_flag, &do_log },
     { "version",	0, 	arg_flag,		&do_version },
@@ -887,7 +907,7 @@ int
 main(int argc, char **argv)
 {
     int optind = 0;
-    int port = 0;
+    int on = 1;
 
     setprogname (argv[0]);
     roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
@@ -904,50 +924,79 @@ main(int argc, char **argv)
 	exit(0);
     }
 
-#ifdef KRB5
-    {
-	krb5_error_code ret;
+#if defined(KRB4) || defined(KRB5)
+    if (do_encrypt)
+	do_kerberos = 1;
 
-	ret = krb5_init_context (&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-    }	
+    if(do_kerberos)
+	do_kerberos = DO_KRB4 | DO_KRB5;
 #endif
 
-    if(port_str) {
-	struct servent *s = roken_getservbyname (port_str, "tcp");
-
-	if (s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
+    if (do_keepalive &&
+	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
+		   sizeof(on)) < 0)
+	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
 
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		syslog_and_die("Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
+    /* set SO_LINGER? */
 
-    if (do_encrypt)
-	do_kerberos = 1;
+#ifdef KRB5
+    if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
+	do_kerberos &= ~DO_KRB5;
+#endif
 
     if (!do_inetd) {
-	if (port == 0) {
+	int error;
+	struct addrinfo *ai = NULL, hints;
+	char portstr[NI_MAXSERV];
+	
+	memset (&hints, 0, sizeof(hints));
+	hints.ai_flags    = AI_PASSIVE;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_family   = PF_UNSPEC;
+	
+	if(port_str != NULL) {
+	    error = getaddrinfo (NULL, port_str, &hints, &ai);
+	    if (error)
+		errx (1, "getaddrinfo: %s", gai_strerror (error));
+	}
+	if (ai == NULL) {
+#if defined(KRB4) || defined(KRB5)
 	    if (do_kerberos) {
-		if (do_encrypt)
-		    port = krb5_getportbyname (context, "ekshell", "tcp", 545);
-		else
-		    port = krb5_getportbyname (context, "kshell",  "tcp", 544);
-	    } else {
-		port = krb5_getportbyname(context, "shell", "tcp", 514);
-	    }
+		if (do_encrypt) {
+		    error = getaddrinfo(NULL, "ekshell", &hints, &ai);
+		    if(error == EAI_NONAME) {
+			snprintf(portstr, sizeof(portstr), "%d", 545);
+			error = getaddrinfo(NULL, portstr, &hints, &ai);
+		    }
+		    if(error) 
+			errx (1, "getaddrinfo: %s", gai_strerror (error));
+		} else {
+		    error = getaddrinfo(NULL, "kshell", &hints, &ai);
+		    if(error == EAI_NONAME) {
+			snprintf(portstr, sizeof(portstr), "%d", 544);
+			error = getaddrinfo(NULL, portstr, &hints, &ai);
+		    }
+		    if(error) 
+			errx (1, "getaddrinfo: %s", gai_strerror (error));
+		}
+	    } else
+#endif
+		{
+		    error = getaddrinfo(NULL, "shell", &hints, &ai);
+		    if(error == EAI_NONAME) {
+			snprintf(portstr, sizeof(portstr), "%d", 514);
+			error = getaddrinfo(NULL, portstr, &hints, &ai);
+		    }
+		    if(error) 
+			errx (1, "getaddrinfo: %s", gai_strerror (error));
+		}
 	}
-	mini_inetd (port);
+	mini_inetd_addrinfo (ai);
+	freeaddrinfo(ai);
     }
 
     signal (SIGPIPE, SIG_IGN);
 
-    doit (do_kerberos, do_rhosts);
+    doit ();
     return 0;
 }