From 69a91bec14ec3ad49d1c8a82c40a796755f9e4a3 Mon Sep 17 00:00:00 2001 From: nectar Date: Tue, 19 Feb 2002 15:46:56 +0000 Subject: Import of Heimdal Kerberos from KTH repository circa 2002/02/17. --- crypto/heimdal/appl/rsh/rshd.c | 68 +++++++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 30 deletions(-) (limited to 'crypto/heimdal/appl/rsh/rshd.c') diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c index d22f3cf..850c6ac 100644 --- a/crypto/heimdal/appl/rsh/rshd.c +++ b/crypto/heimdal/appl/rsh/rshd.c @@ -32,7 +32,7 @@ */ #include "rsh_locl.h" -RCSID("$Id: rshd.c,v 1.41 2001/02/20 01:44:48 assar Exp $"); +RCSID("$Id: rshd.c,v 1.44 2001/11/30 14:38:48 joda Exp $"); int login_access( struct passwd *user, char *from); @@ -58,11 +58,13 @@ static char tkfile[MAXPATHLEN] = ""; static int do_inetd = 1; static char *port_str; -static int do_rhosts; +static int do_rhosts = 1; static int do_kerberos = 0; static int do_vacuous = 0; static int do_log = 1; static int do_newpag = 1; +static int do_addr_verify = 0; +static int do_keepalive = 1; static int do_version; static int do_help = 0; @@ -89,11 +91,11 @@ syslog_and_die (const char *m, ...) } static void -fatal (int sock, const char *m, ...) - __attribute__ ((format (printf, 2, 3))); +fatal (int, const char*, const char *, ...) + __attribute__ ((format (printf, 3, 4))); static void -fatal (int sock, const char *m, ...) +fatal (int sock, const char *what, const char *m, ...) { va_list args; char buf[BUFSIZ]; @@ -102,8 +104,12 @@ fatal (int sock, const char *m, ...) *buf = 1; va_start(args, m); len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args); + len = min(len, sizeof(buf) - 1); va_end(args); - syslog (LOG_ERR, "%s", buf + 1); + if(what != NULL) + syslog (LOG_ERR, "%s: %m: %s", what, buf + 1); + else + syslog (LOG_ERR, "%s", buf + 1); net_write (sock, buf, len + 1); exit (1); } @@ -119,7 +125,7 @@ read_str (int s, char *str, size_t sz, char *expl) --sz; ++str; } - fatal (s, "%s too long", expl); + fatal (s, NULL, "%s too long", expl); } static int @@ -137,10 +143,10 @@ recv_bsd_auth (int s, u_char *buf, read_str (s, cmd, COMMAND_SZ, "command"); pwd = getpwnam(server_username); if (pwd == NULL) - fatal(s, "Login incorrect."); + fatal(s, NULL, "Login incorrect."); if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0, client_username, server_username)) - fatal(s, "Login incorrect."); + fatal(s, NULL, "Login incorrect."); return 0; } @@ -190,7 +196,7 @@ recv_krb4_auth (int s, u_char *buf, read_str (s, server_username, USERNAME_SZ, "remote username"); if (kuserok (&auth, server_username) != 0) - fatal (s, "Permission denied"); + fatal (s, NULL, "Permission denied."); read_str (s, cmd, COMMAND_SZ, "command"); syslog(LOG_INFO|LOG_AUTH, @@ -368,14 +374,14 @@ recv_krb5_auth (int s, u_char *buf, if(!krb5_kuserok (context, ticket->client, server_username)) - fatal (s, "Permission denied"); + fatal (s, NULL, "Permission denied."); if (strncmp (cmd, "-x ", 3) == 0) { do_encrypt = 1; memmove (cmd, cmd + 3, strlen(cmd) - 2); } else { if(do_encrypt) - fatal (s, "Encryption required"); + fatal (s, NULL, "Encryption is required."); do_encrypt = 0; } @@ -491,7 +497,7 @@ static void pipe_a_like (int fd[2]) { if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0) - fatal (STDOUT_FILENO, "socketpair: %m"); + fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed."); } /* @@ -508,7 +514,7 @@ setup_copier (void) pipe_a_like(p2); pid = fork (); if (pid < 0) - fatal (STDOUT_FILENO, "fork: %m"); + fatal (STDOUT_FILENO, "fork", "Could not create child process."); if (pid == 0) { /* child */ close (p0[1]); close (p1[0]); @@ -525,7 +531,7 @@ setup_copier (void) close (p2[1]); if (net_write (STDOUT_FILENO, "", 1) != 1) - fatal (STDOUT_FILENO, "write failed"); + fatal (STDOUT_FILENO, "net_write", "Write failure."); loop (STDIN_FILENO, p0[1], STDOUT_FILENO, p1[0], @@ -616,7 +622,7 @@ doit (int do_kerberos, int check_rhosts) syslog_and_die ("getpeername: %m"); if (!do_kerberos && !is_reserved(socket_get_port(thataddr))) - fatal(s, "Permission denied"); + fatal(s, NULL, "Permission denied."); p = buf; port = 0; @@ -632,7 +638,7 @@ doit (int do_kerberos, int check_rhosts) } if (!do_kerberos && !is_reserved(htons(port))) - fatal(s, "Permission denied"); + fatal(s, NULL, "Permission denied."); if (port) { int priv_port = IPPORT_RESERVED - 1; @@ -708,25 +714,25 @@ doit (int do_kerberos, int check_rhosts) pwd = getpwnam (server_user); if (pwd == NULL) - fatal (s, "Login incorrect."); + fatal (s, NULL, "Login incorrect."); if (*pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0) - fatal (s, "Login disabled."); + fatal (s, NULL, "Login disabled."); ret = getnameinfo_verified (thataddr, thataddr_len, that_host, sizeof(that_host), NULL, 0, 0); if (ret) - fatal (s, "getnameinfo: %s", gai_strerror(ret)); + fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret)); if (login_access(pwd, that_host) == 0) { syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s", server_user, that_host); - fatal(s, "Permission denied"); + fatal(s, NULL, "Permission denied."); } #ifdef HAVE_GETSPNAM @@ -739,7 +745,7 @@ doit (int do_kerberos, int check_rhosts) today = time(0)/(24L * 60 * 60); if (sp->sp_expire > 0) if (today > sp->sp_expire) - fatal(s, "Account has expired."); + fatal(s, NULL, "Account has expired."); } } #endif @@ -783,20 +789,20 @@ doit (int do_kerberos, int check_rhosts) #endif /* HAVE_SETPCRED */ if (initgroups (pwd->pw_name, pwd->pw_gid) < 0) - fatal (s, "Login incorrect."); + fatal (s, "initgroups", "Login incorrect."); if (setgid(pwd->pw_gid) < 0) - fatal (s, "Login incorrect."); + fatal (s, "setgid", "Login incorrect."); if (setuid (pwd->pw_uid) < 0) - fatal (s, "Login incorrect."); + fatal (s, "setuid", "Login incorrect."); if (chdir (pwd->pw_dir) < 0) - fatal (s, "Remote directory."); + fatal (s, "chdir", "Remote directory."); if (errsock >= 0) { if (dup2 (errsock, STDERR_FILENO) < 0) - fatal (s, "Dup2 failed."); + fatal (s, "dup2", "Cannot dup stderr."); close (errsock); } @@ -806,7 +812,7 @@ doit (int do_kerberos, int check_rhosts) setup_copier (); } else { if (net_write (s, "", 1) != 1) - fatal (s, "write failed"); + fatal (s, "net_write", "write failed"); } #ifdef KRB4 @@ -841,14 +847,16 @@ doit (int do_kerberos, int check_rhosts) } struct getargs args[] = { + { NULL, 'a', arg_flag, &do_addr_verify }, + { "keepalive", 'n', arg_negative_flag, &do_keepalive }, { "inetd", 'i', arg_negative_flag, &do_inetd, "Not started from inetd" }, { "kerberos", 'k', arg_flag, &do_kerberos, "Implement kerberised services" }, { "encrypt", 'x', arg_flag, &do_encrypt, "Implement encrypted service" }, - { "rhosts", 'l', arg_flag, &do_rhosts, - "Check users .rhosts" }, + { "rhosts", 'l', arg_negative_flag, &do_rhosts, + "Don't check users .rhosts" }, { "port", 'p', arg_string, &port_str, "Use this port", "port" }, { "vacuous", 'v', arg_flag, &do_vacuous, -- cgit v1.1