summaryrefslogtreecommitdiffstats
path: root/libexec
diff options
context:
space:
mode:
Diffstat (limited to 'libexec')
-rw-r--r--libexec/rlogind/Makefile2
-rw-r--r--libexec/rlogind/rlogind.82
-rw-r--r--libexec/rlogind/rlogind.c85
-rw-r--r--libexec/rshd/Makefile3
-rw-r--r--libexec/rshd/rshd.82
-rw-r--r--libexec/rshd/rshd.c83
-rw-r--r--libexec/telnetd/Makefile1
-rw-r--r--libexec/telnetd/telnetd.82
-rw-r--r--libexec/telnetd/telnetd.c88
9 files changed, 192 insertions, 76 deletions
diff --git a/libexec/rlogind/Makefile b/libexec/rlogind/Makefile
index bae4a4b..f22df18 100644
--- a/libexec/rlogind/Makefile
+++ b/libexec/rlogind/Makefile
@@ -6,7 +6,7 @@ SRCS= rlogind.c
MAN8= rlogind.8
DPADD= ${LIBUTIL}
LDADD= -lutil
-CFLAGS+= -Wall
+CFLAGS+= -Wall -DINET6
.if defined(NOPAM)
CFLAGS+= -DNO_PAM
diff --git a/libexec/rlogind/rlogind.8 b/libexec/rlogind/rlogind.8
index 14d7a93..969fb08 100644
--- a/libexec/rlogind/rlogind.8
+++ b/libexec/rlogind/rlogind.8
@@ -204,3 +204,5 @@ The
.Nm
command appeared in
.Bx 4.2 .
+.Pp
+IPv6 support was added by WIDE/KAME project. \ No newline at end of file
diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c
index 111a56b..817f6c8 100644
--- a/libexec/rlogind/rlogind.c
+++ b/libexec/rlogind/rlogind.c
@@ -91,6 +91,11 @@ static const char rcsid[] =
#define ARGSTR "Dalnx"
+/* wrapper for KAME-special getnameinfo() */
+#ifndef NI_WITHSCOPEID
+#define NI_WITHSCOPEID 0
+#endif
+
char *env[2];
#define NMAX 30
char lusername[NMAX+1], rusername[NMAX+1];
@@ -102,12 +107,25 @@ int no_delay;
struct passwd *pwd;
-void doit __P((int, struct sockaddr_in *));
+union sockunion {
+ struct sockinet {
+ u_char si_len;
+ u_char si_family;
+ u_short si_port;
+ } su_si;
+ struct sockaddr_in su_sin;
+ struct sockaddr_in6 su_sin6;
+};
+#define su_len su_si.si_len
+#define su_family su_si.si_family
+#define su_port su_si.si_port
+
+void doit __P((int, union sockunion *));
int control __P((int, char *, int));
void protocol __P((int, int));
void cleanup __P((int));
void fatal __P((int, char *, int));
-int do_rlogin __P((struct sockaddr_in *));
+int do_rlogin __P((union sockunion *));
void getstr __P((char *, int, char *));
void setup_term __P((int));
int do_krb_login __P((struct sockaddr_in *));
@@ -123,7 +141,7 @@ main(argc, argv)
char *argv[];
{
extern int __check_rhosts_file;
- struct sockaddr_in from;
+ union sockunion from;
int ch, fromlen, on;
openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
@@ -168,9 +186,12 @@ main(argc, argv)
if (no_delay &&
setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0)
syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
+ if (from.su_family == AF_INET)
+ {
on = IPTOS_LOWDELAY;
if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+ }
doit(0, &from);
return 0;
@@ -187,11 +208,12 @@ struct winsize win = { 0, 0, 0, 0 };
void
doit(f, fromp)
int f;
- struct sockaddr_in *fromp;
+ union sockunion *fromp;
{
int master, pid, on = 1;
int authenticated = 0;
- char hostname[MAXHOSTNAMELEN];
+ char hostname[2 * MAXHOSTNAMELEN + 1];
+ char nameinfo[2 * INET6_ADDRSTRLEN + 1];
char c;
alarm(60);
@@ -201,20 +223,33 @@ doit(f, fromp)
exit(1);
alarm(0);
- fromp->sin_port = ntohs((u_short)fromp->sin_port);
- realhostname(hostname, sizeof(hostname) - 1, &fromp->sin_addr);
+
+ realhostname_sa(hostname, sizeof(hostname) - 1,
+ (struct sockaddr *)fromp, fromp->su_len);
+ /* error check ? */
+ fromp->su_port = ntohs((u_short)fromp->su_port);
hostname[sizeof(hostname) - 1] = '\0';
{
- if (fromp->sin_family != AF_INET ||
- fromp->sin_port >= IPPORT_RESERVED ||
- fromp->sin_port < IPPORT_RESERVED/2) {
+ if ((fromp->su_family != AF_INET &&
+#ifdef INET6
+ fromp->su_family != AF_INET6
+#endif
+ ) ||
+ fromp->su_port >= IPPORT_RESERVED ||
+ fromp->su_port < IPPORT_RESERVED/2) {
+ getnameinfo((struct sockaddr *)fromp,
+ fromp->su_len,
+ nameinfo, sizeof(nameinfo), NULL, 0,
+ NI_NUMERICHOST|NI_WITHSCOPEID);
+ /* error check ? */
syslog(LOG_NOTICE, "Connection from %s on illegal port",
- inet_ntoa(fromp->sin_addr));
+ nameinfo);
fatal(f, "Permission denied", 0);
}
#ifdef IP_OPTIONS
- {
+ if (fromp->su_family == AF_INET)
+ {
u_char optbuf[BUFSIZ/3];
int optsize = sizeof(optbuf), ipproto, i;
struct protoent *ip;
@@ -230,7 +265,7 @@ doit(f, fromp)
if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
syslog(LOG_NOTICE,
"Connection refused from %s with IP option %s",
- inet_ntoa(fromp->sin_addr),
+ inet_ntoa(fromp->su_sin.sin_addr),
c == IPOPT_LSRR ? "LSRR" : "SSRR");
exit(1);
}
@@ -239,7 +274,7 @@ doit(f, fromp)
i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
}
}
- }
+ }
#endif
if (do_rlogin(fromp) == 0)
authenticated++;
@@ -533,9 +568,11 @@ fatal(f, msg, syserr)
int
do_rlogin(dest)
- struct sockaddr_in *dest;
+ union sockunion *dest;
{
int retval;
+ int af;
+ char *addr;
getstr(rusername, sizeof(rusername), "remuser too long");
getstr(lusername, sizeof(lusername), "locuser too long");
@@ -559,8 +596,22 @@ do_rlogin(dest)
if (pwd == NULL)
return (-1);
/* XXX why don't we syslog() failure? */
- return (iruserok(dest->sin_addr.s_addr, pwd->pw_uid == 0,
- rusername, lusername));
+
+ af = dest->su_family;
+ switch (af) {
+ case AF_INET:
+ addr = (char *)&dest->su_sin.sin_addr;
+ break;
+#ifdef INET6
+ case AF_INET6:
+ addr = (char *)&dest->su_sin6.sin6_addr;
+ break;
+#endif
+ default:
+ return -1; /*EAFNOSUPPORT*/
+ }
+
+ return (iruserok_af(addr, pwd->pw_uid == 0, rusername, lusername, af));
}
void
diff --git a/libexec/rshd/Makefile b/libexec/rshd/Makefile
index 2005122..ca0d155 100644
--- a/libexec/rshd/Makefile
+++ b/libexec/rshd/Makefile
@@ -19,6 +19,9 @@ CFLAGS+=-DLOGIN_CAP -Wall
DPADD+= ${LIBUTIL}
LDADD+= -lutil
+# IPv6 support
+CFLAGS+= -DINET6
+
.include <bsd.prog.mk>
.PATH: ${.CURDIR}/../rlogind
diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8
index 80cdbc1..cba4482 100644
--- a/libexec/rshd/rshd.8
+++ b/libexec/rshd/rshd.8
@@ -250,3 +250,5 @@ A facility to allow all data exchanges to be encrypted should be
present.
.Pp
A more extensible protocol (such as Telnet) should be used.
+.Sh HISTORY
+IPv6 support was added by WIDE/KAME project.
diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index 8533644..54fa4a6 100644
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c
@@ -80,6 +80,11 @@ static const char rcsid[] =
#include <login_cap.h>
#endif
+/* wrapper for KAME-special getnameinfo() */
+#ifndef NI_WITHSCOPEID
+#define NI_WITHSCOPEID 0
+#endif
+
int keepalive = 1;
int log_success; /* If TRUE, log all successful accesses */
int sent_null;
@@ -88,7 +93,20 @@ int no_delay;
int doencrypt = 0;
#endif
-void doit __P((struct sockaddr_in *));
+union sockunion {
+ struct sockinet {
+ u_char si_len;
+ u_char si_family;
+ u_short si_port;
+ } su_si;
+ struct sockaddr_in su_sin;
+ struct sockaddr_in6 su_sin6;
+};
+#define su_len su_si.si_len
+#define su_family su_si.si_family
+#define su_port su_si.si_port
+
+void doit __P((union sockunion *));
void error __P((const char *, ...));
void getstr __P((char *, int, char *));
int local_domain __P((char *));
@@ -109,7 +127,7 @@ main(argc, argv)
extern int __check_rhosts_file;
struct linger linger;
int ch, on = 1, fromlen;
- struct sockaddr_in from;
+ struct sockaddr_storage from;
openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
@@ -169,7 +187,7 @@ main(argc, argv)
if (no_delay &&
setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0)
syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
- doit(&from);
+ doit((union sockunion *)&from);
/* NOTREACHED */
return(0);
}
@@ -184,7 +202,7 @@ char **environ;
void
doit(fromp)
- struct sockaddr_in *fromp;
+ union sockunion *fromp;
{
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
struct passwd *pwd;
@@ -195,7 +213,9 @@ doit(fromp)
char *errorstr;
char *cp, sig, buf[BUFSIZ];
char cmdbuf[NCARGS+1], locuser[16], remuser[16];
- char fromhost[MAXHOSTNAMELEN];
+ char fromhost[2 * MAXHOSTNAMELEN + 1];
+ char numericname[INET6_ADDRSTRLEN];
+ int af = fromp->su_family, err;
int retval;
#ifdef CRYPT
int rc;
@@ -216,14 +236,21 @@ doit(fromp)
}
}
#endif
- fromp->sin_port = ntohs((u_short)fromp->sin_port);
- if (fromp->sin_family != AF_INET) {
- syslog(LOG_ERR, "malformed \"from\" address (af %d)",
- fromp->sin_family);
+ fromp->su_port = ntohs((u_short)fromp->su_port);
+ if (af != AF_INET
+#ifdef INET6
+ && af != AF_INET6
+#endif
+ ) {
+ syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", af);
exit(1);
}
+ err = getnameinfo((struct sockaddr *)fromp, fromp->su_len, numericname,
+ sizeof(numericname), NULL, 0,
+ NI_NUMERICHOST|NI_WITHSCOPEID);
+ /* XXX: do 'err' check */
#ifdef IP_OPTIONS
- {
+ if (af == AF_INET) {
u_char optbuf[BUFSIZ/3];
int optsize = sizeof(optbuf), ipproto, i;
struct protoent *ip;
@@ -239,7 +266,7 @@ doit(fromp)
if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
syslog(LOG_NOTICE,
"connection refused from %s with IP option %s",
- inet_ntoa(fromp->sin_addr),
+ numericname,
c == IPOPT_LSRR ? "LSRR" : "SSRR");
exit(1);
}
@@ -251,12 +278,12 @@ doit(fromp)
}
#endif
- if (fromp->sin_port >= IPPORT_RESERVED ||
- fromp->sin_port < IPPORT_RESERVED/2) {
+ if (fromp->su_port >= IPPORT_RESERVED ||
+ fromp->su_port < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE|LOG_AUTH,
"connection from %s on illegal port %u",
- inet_ntoa(fromp->sin_addr),
- fromp->sin_port);
+ numericname,
+ fromp->su_port);
exit(1);
}
@@ -279,7 +306,7 @@ doit(fromp)
(void) alarm(0);
if (port != 0) {
int lport = IPPORT_RESERVED - 1;
- s = rresvport(&lport);
+ s = rresvport_af(&lport, af);
if (s < 0) {
syslog(LOG_ERR, "can't get stderr port: %m");
exit(1);
@@ -288,11 +315,11 @@ doit(fromp)
port < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE|LOG_AUTH,
"2nd socket from %s on unreserved port %u",
- inet_ntoa(fromp->sin_addr),
+ numericname,
port);
exit(1);
}
- fromp->sin_port = htons(port);
+ fromp->su_port = htons(port);
if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
syslog(LOG_INFO, "connect second port %d: %m", port);
exit(1);
@@ -300,11 +327,13 @@ doit(fromp)
}
errorstr = NULL;
- realhostname(fromhost, sizeof(fromhost) - 1, &fromp->sin_addr);
+ realhostname_sa(fromhost, sizeof(fromhost) - 1,
+ (struct sockaddr *)fromp,
+ fromp->su_len);
fromhost[sizeof(fromhost) - 1] = '\0';
#ifdef CRYPT
- if (doencrypt) {
+ if (doencrypt && af == AF_INET) {
struct sockaddr_in local_addr;
rc = sizeof(local_addr);
if (getsockname(0, (struct sockaddr *)&local_addr,
@@ -379,8 +408,14 @@ doit(fromp)
if (errorstr ||
(pwd->pw_expire && time(NULL) >= pwd->pw_expire) ||
(pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
- iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
- remuser, locuser) < 0)) {
+ iruserok_af(
+#ifdef INET6
+ (af == AF_INET6)
+ ? (void *)&fromp->su_sin6.sin6_addr :
+#endif
+ (void *)&fromp->su_sin.sin_addr,
+ pwd->pw_uid == 0,
+ remuser, locuser, af) < 0)) {
if (__rcmd_errstr)
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
@@ -402,10 +437,10 @@ fail:
exit(1);
}
#ifdef LOGIN_CAP
- if (lc != NULL) {
+ if (lc != NULL && fromp->su_family == AF_INET) { /*XXX*/
char remote_ip[MAXHOSTNAMELEN];
- strncpy(remote_ip, inet_ntoa(fromp->sin_addr),
+ strncpy(remote_ip, numericname,
sizeof(remote_ip) - 1);
remote_ip[sizeof(remote_ip) - 1] = 0;
if (!auth_hostok(lc, fromhost, remote_ip)) {
diff --git a/libexec/telnetd/Makefile b/libexec/telnetd/Makefile
index 068087a..7766276 100644
--- a/libexec/telnetd/Makefile
+++ b/libexec/telnetd/Makefile
@@ -6,6 +6,7 @@ CFLAGS+=-DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS
#CFLAGS+=-DKLUDGELINEMODE
CFLAGS+=-DOLD_ENVIRON -DENV_HACK
CFLAGS+=-I${.CURDIR}/../../lib
+CFLAGS+=-DINET6
SRCS= global.c slc.c state.c sys_term.c telnetd.c \
termstat.c utility.c
DPADD= ${LIBUTIL} ${LIBTERMCAP} ${LIBTELNET}
diff --git a/libexec/telnetd/telnetd.8 b/libexec/telnetd/telnetd.8
index a2973ef..06e98f9 100644
--- a/libexec/telnetd/telnetd.8
+++ b/libexec/telnetd/telnetd.8
@@ -623,3 +623,5 @@ never sends
.Tn TELNET
.Dv IAC GA
(go ahead) commands.
+.Sh HISTORY
+IPv6 support was added by WIDE/KAME project. \ No newline at end of file
diff --git a/libexec/telnetd/telnetd.c b/libexec/telnetd/telnetd.c
index 5141c2a..57a972a 100644
--- a/libexec/telnetd/telnetd.c
+++ b/libexec/telnetd/telnetd.c
@@ -71,6 +71,12 @@ static const char rcsid[] =
#include <sys/secparm.h>
#include <sys/usrv.h>
# endif /* SO_SEC_MULTI */
+
+/* wrapper for KAME-special getnameinfo() */
+#ifndef NI_WITHSCOPEID
+#define NI_WITHSCOPEID 0
+#endif
+
int secflag;
char tty_dev[16];
struct secdev dv;
@@ -137,7 +143,7 @@ int debug = 0;
int keepalive = 1;
char *altlogin;
-void doit __P((struct sockaddr_in *));
+void doit __P((struct sockaddr *));
int terminaltypeok __P((char *));
void startslave __P((char *, int, char *));
extern void usage P((void));
@@ -149,6 +155,7 @@ extern void usage P((void));
*/
char valid_opts[] = {
'd', ':', 'h', 'k', 'n', 'p', ':', 'S', ':', 'u', ':', 'U',
+ '4', '6',
#ifdef AUTHENTICATION
'a', ':', 'X', ':',
#endif
@@ -173,11 +180,13 @@ char valid_opts[] = {
'\0'
};
- int
+int family = AF_INET;
+
+int
main(argc, argv)
char *argv[];
{
- struct sockaddr_in from;
+ struct sockaddr_storage from;
int on = 1, fromlen;
register int ch;
#if defined(IPPROTO_IP) && defined(IP_TOS)
@@ -381,6 +390,16 @@ main(argc, argv)
break;
#endif /* AUTHENTICATION */
+ case '4':
+ family = AF_INET;
+ break;
+
+#ifdef INET6
+ case '6':
+ family = AF_INET6;
+ break;
+#endif
+
default:
warnx("%c: unknown option", ch);
/* FALLTHROUGH */
@@ -394,43 +413,41 @@ main(argc, argv)
argv += optind;
if (debug) {
- int s, ns, foo;
- struct servent *sp;
- static struct sockaddr_in sin = { AF_INET };
+ int s, ns, foo, error;
+ char *service = "telnet";
+ struct addrinfo hints, *res;
if (argc > 1) {
usage();
/* NOT REACHED */
- } else if (argc == 1) {
- if ((sp = getservbyname(*argv, "tcp"))) {
- sin.sin_port = sp->s_port;
- } else {
- sin.sin_port = atoi(*argv);
- if ((int)sin.sin_port <= 0) {
- warnx("%s: bad port #", *argv);
- usage();
- /* NOT REACHED */
- }
- sin.sin_port = htons((u_short)sin.sin_port);
- }
- } else {
- sp = getservbyname("telnet", "tcp");
- if (sp == 0)
- errx(1, "tcp/telnet: unknown service");
- sin.sin_port = sp->s_port;
+ } else if (argc == 1)
+ service = *argv;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_family = family;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = 0;
+ error = getaddrinfo(NULL, service, &hints, &res);
+
+ if (error) {
+ errx(1, "tcp/%s: %s\n", service, gai_strerror(error));
+ if (error == EAI_SYSTEM)
+ errx(1, "tcp/%s: %s\n", service, strerror(errno));
+ usage();
}
- s = socket(AF_INET, SOCK_STREAM, 0);
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (s < 0)
err(1, "socket");
(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
(char *)&on, sizeof(on));
- if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0)
+ if (bind(s, res->ai_addr, res->ai_addrlen) < 0)
err(1, "bind");
if (listen(s, 1) < 0)
err(1, "listen");
- foo = sizeof sin;
- ns = accept(s, (struct sockaddr *)&sin, &foo);
+ foo = res->ai_addrlen;
+ ns = accept(s, res->ai_addr, &foo);
if (ns < 0)
err(1, "accept");
(void) dup2(ns, 0);
@@ -512,7 +529,7 @@ main(argc, argv)
}
#if defined(IPPROTO_IP) && defined(IP_TOS)
- {
+ if (from.ss_family == AF_INET) {
# if defined(HAS_GETTOS)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
@@ -528,7 +545,7 @@ main(argc, argv)
}
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = 0;
- doit(&from);
+ doit((struct sockaddr *)&from);
/* NOTREACHED */
return(0);
} /* end of main */
@@ -773,8 +790,9 @@ char user_name[256];
*/
void
doit(who)
- struct sockaddr_in *who;
+ struct sockaddr *who;
{
+ int err;
int ptynum;
/*
@@ -817,16 +835,18 @@ doit(who)
#endif /* _SC_CRAY_SECURE_SYS */
/* get name of connected client */
- if (realhostname(remote_hostname, sizeof(remote_hostname) - 1,
- &who->sin_addr) == HOSTNAME_INVALIDADDR && registerd_host_only)
+ if (realhostname_sa(remote_hostname, sizeof(remote_hostname) - 1,
+ who, who->sa_len) == HOSTNAME_INVALIDADDR && registerd_host_only)
fatal(net, "Couldn't resolve your address into a host name.\r\n\
Please contact your net administrator");
remote_hostname[sizeof(remote_hostname) - 1] = '\0';
trimdomain(remote_hostname, UT_HOSTSIZE);
if (!isdigit(remote_hostname[0]) && strlen(remote_hostname) > utmp_len)
- strncpy(remote_hostname, inet_ntoa(who->sin_addr),
- sizeof(remote_hostname) - 1);
+ err = getnameinfo(who, who->sa_len, remote_hostname,
+ sizeof(remote_hostname), NULL, 0,
+ NI_NUMERICHOST|NI_WITHSCOPEID);
+ /* XXX: do 'err' check */
(void) gethostname(host_name, sizeof(host_name) - 1);
host_name[sizeof(host_name) - 1] = '\0';
OpenPOWER on IntegriCloud