xref: /freebsd/crypto/heimdal/appl/rsh/rsh.c (revision ce3adf4362fcca6a43e500b2531f0038adbfbd21)
1 /*
2  * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "rsh_locl.h"
35 RCSID("$Id$");
36 
37 enum auth_method auth_method;
38 #if defined(KRB5)
39 int do_encrypt       = -1;
40 #endif
41 #ifdef KRB5
42 int do_unique_tkfile = 0;
43 char *unique_tkfile  = NULL;
44 char tkfile[MAXPATHLEN];
45 int do_forward       = -1;
46 int do_forwardable   = -1;
47 krb5_context context;
48 krb5_keyblock *keyblock;
49 krb5_crypto crypto;
50 #endif
51 int sock_debug	     = 0;
52 
53 #ifdef KRB5
54 static int use_v5 = -1;
55 #endif
56 #if defined(KRB5)
57 static int use_only_broken = 0;
58 #else
59 static int use_only_broken = 1;
60 #endif
61 static int use_broken = 1;
62 static char *port_str;
63 static const char *user;
64 static int do_version;
65 static int do_help;
66 static int do_errsock = 1;
67 #ifdef KRB5
68 static char *protocol_version_str;
69 static int protocol_version = 2;
70 #endif
71 
72 /*
73  *
74  */
75 
76 static int input = 1;		/* Read from stdin */
77 
78 static int
79 rsh_loop (int s, int errsock)
80 {
81     fd_set real_readset;
82     int count = 1;
83 
84 #ifdef KRB5
85     if(auth_method == AUTH_KRB5 && protocol_version == 2)
86 	init_ivecs(1, errsock != -1);
87 #endif
88 
89     if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE))
90 	errx (1, "fd too large");
91 
92     FD_ZERO(&real_readset);
93     FD_SET(s, &real_readset);
94     if (errsock != -1) {
95 	FD_SET(errsock, &real_readset);
96 	++count;
97     }
98     if(input)
99 	FD_SET(STDIN_FILENO, &real_readset);
100 
101     for (;;) {
102 	int ret;
103 	fd_set readset;
104 	char buf[RSH_BUFSIZ];
105 
106 	readset = real_readset;
107 	ret = select (max(s, errsock) + 1, &readset, NULL, NULL, NULL);
108 	if (ret < 0) {
109 	    if (errno == EINTR)
110 		continue;
111 	    else
112 		err (1, "select");
113 	}
114 	if (FD_ISSET(s, &readset)) {
115 	    ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
116 	    if (ret < 0)
117 		err (1, "read");
118 	    else if (ret == 0) {
119 		close (s);
120 		FD_CLR(s, &real_readset);
121 		if (--count == 0)
122 		    return 0;
123 	    } else
124 		net_write (STDOUT_FILENO, buf, ret);
125 	}
126 	if (errsock != -1 && FD_ISSET(errsock, &readset)) {
127 	    ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
128 	    if (ret < 0)
129 		err (1, "read");
130 	    else if (ret == 0) {
131 		close (errsock);
132 		FD_CLR(errsock, &real_readset);
133 		if (--count == 0)
134 		    return 0;
135 	    } else
136 		net_write (STDERR_FILENO, buf, ret);
137 	}
138 	if (FD_ISSET(STDIN_FILENO, &readset)) {
139 	    ret = read (STDIN_FILENO, buf, sizeof(buf));
140 	    if (ret < 0)
141 		err (1, "read");
142 	    else if (ret == 0) {
143 		close (STDIN_FILENO);
144 		FD_CLR(STDIN_FILENO, &real_readset);
145 		shutdown (s, SHUT_WR);
146 	    } else
147 		do_write (s, buf, ret, ivec_out[0]);
148 	}
149     }
150 }
151 
152 #ifdef KRB5
153 /*
154  * Send forward information on `s' for host `hostname', them being
155  * forwardable themselves if `forwardable'
156  */
157 
158 static int
159 krb5_forward_cred (krb5_auth_context auth_context,
160 		   int s,
161 		   const char *hostname,
162 		   int forwardable)
163 {
164     krb5_error_code ret;
165     krb5_ccache     ccache;
166     krb5_creds      creds;
167     krb5_kdc_flags  flags;
168     krb5_data       out_data;
169     krb5_principal  principal;
170 
171     memset (&creds, 0, sizeof(creds));
172 
173     ret = krb5_cc_default (context, &ccache);
174     if (ret) {
175 	warnx ("could not forward creds: krb5_cc_default: %s",
176 	       krb5_get_err_text (context, ret));
177 	return 1;
178     }
179 
180     ret = krb5_cc_get_principal (context, ccache, &principal);
181     if (ret) {
182 	warnx ("could not forward creds: krb5_cc_get_principal: %s",
183 	       krb5_get_err_text (context, ret));
184 	return 1;
185     }
186 
187     creds.client = principal;
188 
189     ret = krb5_make_principal(context,
190 			      &creds.server,
191 			      principal->realm,
192 			      "krbtgt",
193 			      principal->realm,
194 			      NULL);
195 
196     if (ret) {
197 	warnx ("could not forward creds: krb5_make_principal: %s",
198 	       krb5_get_err_text (context, ret));
199 	return 1;
200     }
201 
202     creds.times.endtime = 0;
203 
204     flags.i = 0;
205     flags.b.forwarded   = 1;
206     flags.b.forwardable = forwardable;
207 
208     ret = krb5_get_forwarded_creds (context,
209 				    auth_context,
210 				    ccache,
211 				    flags.i,
212 				    hostname,
213 				    &creds,
214 				    &out_data);
215     if (ret) {
216 	warnx ("could not forward creds: krb5_get_forwarded_creds: %s",
217 	       krb5_get_err_text (context, ret));
218 	return 1;
219     }
220 
221     ret = krb5_write_message (context,
222 			      (void *)&s,
223 			      &out_data);
224     krb5_data_free (&out_data);
225 
226     if (ret)
227 	warnx ("could not forward creds: krb5_write_message: %s",
228 	       krb5_get_err_text (context, ret));
229     return 0;
230 }
231 
232 static int sendauth_version_error;
233 
234 static int
235 send_krb5_auth(int s,
236 	       struct sockaddr *thisaddr,
237 	       struct sockaddr *thataddr,
238 	       const char *hostname,
239 	       const char *remote_user,
240 	       const char *local_user,
241 	       size_t cmd_len,
242 	       const char *cmd)
243 {
244     krb5_principal server;
245     krb5_data cksum_data;
246     int status;
247     size_t len;
248     krb5_auth_context auth_context = NULL;
249     const char *protocol_string = NULL;
250     krb5_flags ap_opts;
251     char *str;
252 
253     status = krb5_sname_to_principal(context,
254 				     hostname,
255 				     "host",
256 				     KRB5_NT_SRV_HST,
257 				     &server);
258     if (status) {
259 	warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
260 	return 1;
261     }
262 
263     if(do_encrypt == -1) {
264 	krb5_appdefault_boolean(context, NULL,
265 				krb5_principal_get_realm(context, server),
266 				"encrypt",
267 				FALSE,
268 				&do_encrypt);
269     }
270 
271     cksum_data.length = asprintf (&str,
272 				  "%u:%s%s%s",
273 				  ntohs(socket_get_port(thataddr)),
274 				  do_encrypt ? "-x " : "",
275 				  cmd,
276 				  remote_user);
277     if (str == NULL) {
278 	warnx ("%s: failed to allocate command", hostname);
279 	return 1;
280     }
281     cksum_data.data = str;
282 
283     ap_opts = 0;
284 
285     if(do_encrypt)
286 	ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
287 
288     switch(protocol_version) {
289     case 2:
290 	ap_opts |= AP_OPTS_USE_SUBKEY;
291 	protocol_string = KCMD_NEW_VERSION;
292 	break;
293     case 1:
294 	protocol_string = KCMD_OLD_VERSION;
295 	key_usage = KRB5_KU_OTHER_ENCRYPTED;
296 	break;
297     default:
298 	abort();
299     }
300 
301     status = krb5_sendauth (context,
302 			    &auth_context,
303 			    &s,
304 			    protocol_string,
305 			    NULL,
306 			    server,
307 			    ap_opts,
308 			    &cksum_data,
309 			    NULL,
310 			    NULL,
311 			    NULL,
312 			    NULL,
313 			    NULL);
314 
315     /* do this while we have a principal */
316     if(do_forward == -1 || do_forwardable == -1) {
317 	krb5_const_realm realm = krb5_principal_get_realm(context, server);
318 	if (do_forwardable == -1)
319 	    krb5_appdefault_boolean(context, NULL, realm,
320 				    "forwardable", FALSE,
321 				    &do_forwardable);
322 	if (do_forward == -1)
323 	    krb5_appdefault_boolean(context, NULL, realm,
324 				    "forward", FALSE,
325 				    &do_forward);
326     }
327 
328     krb5_free_principal(context, server);
329     krb5_data_free(&cksum_data);
330 
331     if (status) {
332 	if(status == KRB5_SENDAUTH_REJECTED &&
333 	   protocol_version == 2 && protocol_version_str == NULL)
334 	    sendauth_version_error = 1;
335 	else
336 	    krb5_warn(context, status, "%s", hostname);
337 	return 1;
338     }
339 
340     status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
341     if(keyblock == NULL)
342 	status = krb5_auth_con_getkey (context, auth_context, &keyblock);
343     if (status) {
344 	warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
345 	return 1;
346     }
347 
348     status = krb5_auth_con_setaddrs_from_fd (context,
349 					     auth_context,
350 					     &s);
351     if (status) {
352         warnx("krb5_auth_con_setaddrs_from_fd: %s",
353 	      krb5_get_err_text(context, status));
354         return(1);
355     }
356 
357     status = krb5_crypto_init(context, keyblock, 0, &crypto);
358     if(status) {
359 	warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status));
360 	return 1;
361     }
362 
363     len = strlen(remote_user) + 1;
364     if (net_write (s, remote_user, len) != len) {
365 	warn ("write");
366 	return 1;
367     }
368     if (do_encrypt && net_write (s, "-x ", 3) != 3) {
369 	warn ("write");
370 	return 1;
371     }
372     if (net_write (s, cmd, cmd_len) != cmd_len) {
373 	warn ("write");
374 	return 1;
375     }
376 
377     if (do_unique_tkfile) {
378 	if (net_write (s, tkfile, strlen(tkfile)) != strlen(tkfile)) {
379 	    warn ("write");
380 	    return 1;
381 	}
382     }
383     len = strlen(local_user) + 1;
384     if (net_write (s, local_user, len) != len) {
385 	warn ("write");
386 	return 1;
387     }
388 
389     if (!do_forward
390 	|| krb5_forward_cred (auth_context, s, hostname, do_forwardable)) {
391 	/* Empty forwarding info */
392 
393 	u_char zero[4] = {0, 0, 0, 0};
394 	write (s, &zero, 4);
395     }
396     krb5_auth_con_free (context, auth_context);
397     return 0;
398 }
399 
400 #endif /* KRB5 */
401 
402 static int
403 send_broken_auth(int s,
404 		 struct sockaddr *thisaddr,
405 		 struct sockaddr *thataddr,
406 		 const char *hostname,
407 		 const char *remote_user,
408 		 const char *local_user,
409 		 size_t cmd_len,
410 		 const char *cmd)
411 {
412     size_t len;
413 
414     len = strlen(local_user) + 1;
415     if (net_write (s, local_user, len) != len) {
416 	warn ("write");
417 	return 1;
418     }
419     len = strlen(remote_user) + 1;
420     if (net_write (s, remote_user, len) != len) {
421 	warn ("write");
422 	return 1;
423     }
424     if (net_write (s, cmd, cmd_len) != cmd_len) {
425 	warn ("write");
426 	return 1;
427     }
428     return 0;
429 }
430 
431 static int
432 proto (int s, int errsock,
433        const char *hostname, const char *local_user, const char *remote_user,
434        const char *cmd, size_t cmd_len,
435        int (*auth_func)(int s,
436 			struct sockaddr *this, struct sockaddr *that,
437 			const char *hostname, const char *remote_user,
438 			const char *local_user, size_t cmd_len,
439 			const char *cmd))
440 {
441     int errsock2;
442     char buf[BUFSIZ];
443     char *p;
444     size_t len;
445     char reply;
446     struct sockaddr_storage thisaddr_ss;
447     struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
448     struct sockaddr_storage thataddr_ss;
449     struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
450     struct sockaddr_storage erraddr_ss;
451     struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
452     socklen_t addrlen;
453     int ret;
454 
455     addrlen = sizeof(thisaddr_ss);
456     if (getsockname (s, thisaddr, &addrlen) < 0) {
457 	warn ("getsockname(%s)", hostname);
458 	return 1;
459     }
460     addrlen = sizeof(thataddr_ss);
461     if (getpeername (s, thataddr, &addrlen) < 0) {
462 	warn ("getpeername(%s)", hostname);
463 	return 1;
464     }
465 
466     if (errsock != -1) {
467 
468 	addrlen = sizeof(erraddr_ss);
469 	if (getsockname (errsock, erraddr, &addrlen) < 0) {
470 	    warn ("getsockname");
471 	    return 1;
472 	}
473 
474 	if (listen (errsock, 1) < 0) {
475 	    warn ("listen");
476 	    return 1;
477 	}
478 
479 	p = buf;
480 	snprintf (p, sizeof(buf), "%u",
481 		  ntohs(socket_get_port(erraddr)));
482 	len = strlen(buf) + 1;
483 	if(net_write (s, buf, len) != len) {
484 	    warn ("write");
485 	    close (errsock);
486 	    return 1;
487 	}
488 
489 
490 	for (;;) {
491 	    fd_set fdset;
492 
493 	    if (errsock >= FD_SETSIZE || s >= FD_SETSIZE)
494 		errx (1, "fd too large");
495 
496 	    FD_ZERO(&fdset);
497 	    FD_SET(errsock, &fdset);
498 	    FD_SET(s, &fdset);
499 
500 	    ret = select (max(errsock, s) + 1, &fdset, NULL, NULL, NULL);
501 	    if (ret < 0) {
502 		if (errno == EINTR)
503 		    continue;
504 		warn ("select");
505 		close (errsock);
506 		return 1;
507 	    }
508 	    if (FD_ISSET(errsock, &fdset)) {
509 		errsock2 = accept (errsock, NULL, NULL);
510 		close (errsock);
511 		if (errsock2 < 0) {
512 		    warn ("accept");
513 		    return 1;
514 		}
515 		break;
516 	    }
517 
518 	    /*
519 	     * there should not arrive any data on this fd so if it's
520 	     * readable it probably indicates that the other side when
521 	     * away.
522 	     */
523 
524 	    if (FD_ISSET(s, &fdset)) {
525 		warnx ("socket closed");
526 		close (errsock);
527 		errsock2 = -1;
528 		break;
529 	    }
530 	}
531     } else {
532 	if (net_write (s, "0", 2) != 2) {
533 	    warn ("write");
534 	    return 1;
535 	}
536 	errsock2 = -1;
537     }
538 
539     if ((*auth_func)(s, thisaddr, thataddr, hostname,
540 		     remote_user, local_user,
541 		     cmd_len, cmd)) {
542 	close (errsock2);
543 	return 1;
544     }
545 
546     ret = net_read (s, &reply, 1);
547     if (ret < 0) {
548 	warn ("read");
549 	close (errsock2);
550 	return 1;
551     } else if (ret == 0) {
552 	warnx ("unexpected EOF from %s", hostname);
553 	close (errsock2);
554 	return 1;
555     }
556     if (reply != 0) {
557 
558 	warnx ("Error from rshd at %s:", hostname);
559 
560 	while ((ret = read (s, buf, sizeof(buf))) > 0)
561 	    write (STDOUT_FILENO, buf, ret);
562         write (STDOUT_FILENO,"\n",1);
563 	close (errsock2);
564 	return 1;
565     }
566 
567     if (sock_debug) {
568 	int one = 1;
569 	if (setsockopt(s, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0)
570 	    warn("setsockopt remote");
571 	if (errsock2 != -1 &&
572 	    setsockopt(errsock2, SOL_SOCKET, SO_DEBUG,
573 		       (void *)&one, sizeof(one)) < 0)
574 	    warn("setsockopt stderr");
575     }
576 
577     return rsh_loop (s, errsock2);
578 }
579 
580 /*
581  * Return in `res' a copy of the concatenation of `argc, argv' into
582  * malloced space.  */
583 
584 static size_t
585 construct_command (char **res, int argc, char **argv)
586 {
587     int i;
588     size_t len = 0;
589     char *tmp;
590 
591     for (i = 0; i < argc; ++i)
592 	len += strlen(argv[i]) + 1;
593     len = max (1, len);
594     tmp = malloc (len);
595     if (tmp == NULL)
596 	errx (1, "malloc %lu failed", (unsigned long)len);
597 
598     *tmp = '\0';
599     for (i = 0; i < argc - 1; ++i) {
600 	strlcat (tmp, argv[i], len);
601 	strlcat (tmp, " ", len);
602     }
603     if (argc > 0)
604 	strlcat (tmp, argv[argc-1], len);
605     *res = tmp;
606     return len;
607 }
608 
609 static char *
610 print_addr (const struct sockaddr *sa)
611 {
612     char addr_str[256];
613     char *res;
614     const char *as = NULL;
615 
616     if(sa->sa_family == AF_INET)
617 	as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr,
618 			addr_str, sizeof(addr_str));
619 #ifdef HAVE_INET6
620     else if(sa->sa_family == AF_INET6)
621 	as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr,
622 			addr_str, sizeof(addr_str));
623 #endif
624     if(as == NULL)
625 	return NULL;
626     res = strdup(as);
627     if (res == NULL)
628 	errx (1, "malloc: out of memory");
629     return res;
630 }
631 
632 static int
633 doit_broken (int argc,
634 	     char **argv,
635 	     int hostindex,
636 	     struct addrinfo *ai,
637 	     const char *remote_user,
638 	     const char *local_user,
639 	     int priv_socket1,
640 	     int priv_socket2,
641 	     const char *cmd,
642 	     size_t cmd_len)
643 {
644     struct addrinfo *a;
645 
646     if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) {
647 	int save_errno = errno;
648 
649 	close(priv_socket1);
650 	close(priv_socket2);
651 
652 	for (a = ai->ai_next; a != NULL; a = a->ai_next) {
653 	    pid_t pid;
654 	    char *adr = print_addr(a->ai_addr);
655 	    if(adr == NULL)
656 		continue;
657 
658 	    pid = fork();
659 	    if (pid < 0)
660 		err (1, "fork");
661 	    else if(pid == 0) {
662 		char **new_argv;
663 		int i = 0;
664 
665 		new_argv = malloc((argc + 2) * sizeof(*new_argv));
666 		if (new_argv == NULL)
667 		    errx (1, "malloc: out of memory");
668 		new_argv[i] = argv[i];
669 		++i;
670 		if (hostindex == i)
671 		    new_argv[i++] = adr;
672 		new_argv[i++] = "-K";
673 		for(; i <= argc; ++i)
674 		    new_argv[i] = argv[i - 1];
675 		if (hostindex > 1)
676 		    new_argv[hostindex + 1] = adr;
677 		new_argv[argc + 1] = NULL;
678 		execv(PATH_RSH, new_argv);
679 		err(1, "execv(%s)", PATH_RSH);
680 	    } else {
681 		int status;
682 		free(adr);
683 
684 		while(waitpid(pid, &status, 0) < 0)
685 		    ;
686 		if(WIFEXITED(status) && WEXITSTATUS(status) == 0)
687 		    return 0;
688 	    }
689 	}
690 	errno = save_errno;
691 	warn("%s", argv[hostindex]);
692 	return 1;
693     } else {
694 	int ret;
695 
696 	ret = proto (priv_socket1, priv_socket2,
697 		     argv[hostindex],
698 		     local_user, remote_user,
699 		     cmd, cmd_len,
700 		     send_broken_auth);
701 	return ret;
702     }
703 }
704 
705 #if defined(KRB5)
706 static int
707 doit (const char *hostname,
708       struct addrinfo *ai,
709       const char *remote_user,
710       const char *local_user,
711       const char *cmd,
712       size_t cmd_len,
713       int (*auth_func)(int s,
714 		       struct sockaddr *this, struct sockaddr *that,
715 		       const char *hostname, const char *remote_user,
716 		       const char *local_user, size_t cmd_len,
717 		       const char *cmd))
718 {
719     int error;
720     struct addrinfo *a;
721     int socketfailed = 1;
722     int ret;
723 
724     for (a = ai; a != NULL; a = a->ai_next) {
725 	int s;
726 	int errsock;
727 
728 	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
729 	if (s < 0)
730 	    continue;
731 	socketfailed = 0;
732 	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
733 	    char addr[128];
734 	    if(getnameinfo(a->ai_addr, a->ai_addrlen,
735 			   addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0)
736 		warn ("connect(%s [%s])", hostname, addr);
737 	    else
738 		warn ("connect(%s)", hostname);
739 	    close (s);
740 	    continue;
741 	}
742 	if (do_errsock) {
743 	    struct addrinfo *ea, *eai;
744 	    struct addrinfo hints;
745 
746 	    memset (&hints, 0, sizeof(hints));
747 	    hints.ai_socktype = a->ai_socktype;
748 	    hints.ai_protocol = a->ai_protocol;
749 	    hints.ai_family   = a->ai_family;
750 	    hints.ai_flags    = AI_PASSIVE;
751 
752 	    errsock = -1;
753 
754 	    error = getaddrinfo (NULL, "0", &hints, &eai);
755 	    if (error)
756 		errx (1, "getaddrinfo: %s", gai_strerror(error));
757 	    for (ea = eai; ea != NULL; ea = ea->ai_next) {
758 		errsock = socket (ea->ai_family, ea->ai_socktype,
759 				  ea->ai_protocol);
760 		if (errsock < 0)
761 		    continue;
762 		if (bind (errsock, ea->ai_addr, ea->ai_addrlen) < 0)
763 		    err (1, "bind");
764 		break;
765 	    }
766 	    if (errsock < 0)
767 		err (1, "socket");
768 	    freeaddrinfo (eai);
769 	} else
770 	    errsock = -1;
771 
772 	ret = proto (s, errsock,
773 		     hostname,
774 		     local_user, remote_user,
775 		     cmd, cmd_len, auth_func);
776 	close (s);
777 	return ret;
778     }
779     if(socketfailed)
780 	warnx ("failed to contact %s", hostname);
781     return -1;
782 }
783 #endif /* KRB5 */
784 
785 struct getargs args[] = {
786 #ifdef KRB5
787     { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5" },
788     { "forward", 'f', arg_flag,		&do_forward,	"Forward credentials [krb5]"},
789     { "forwardable", 'F', arg_flag,	&do_forwardable,
790       "Forward forwardable credentials [krb5]" },
791     { NULL, 'G', arg_negative_flag,&do_forward,	"Don't forward credentials" },
792     { "unique", 'u', arg_flag,	&do_unique_tkfile,
793       "Use unique remote credentials cache [krb5]" },
794     { "tkfile", 'U', arg_string,  &unique_tkfile,
795       "Specifies remote credentials cache [krb5]" },
796     { "protocol", 'P', arg_string,      &protocol_version_str,
797       "Protocol version [krb5]", "protocol" },
798 #endif
799     { "broken", 'K', arg_flag,		&use_only_broken, "Use only priv port" },
800 #if defined(KRB5)
801     { "encrypt", 'x', arg_flag,		&do_encrypt,	"Encrypt connection" },
802     { NULL, 	'z', arg_negative_flag,      &do_encrypt,
803       "Don't encrypt connection", NULL },
804 #endif
805     { NULL,	'd', arg_flag,		&sock_debug, "Enable socket debugging" },
806     { "input",	'n', arg_negative_flag,	&input,		"Close stdin" },
807     { "port",	'p', arg_string,	&port_str,	"Use this port",
808       "port" },
809     { "user",	'l', arg_string,	&user,		"Run as this user", "login" },
810     { "stderr", 'e', arg_negative_flag, &do_errsock,	"Don't open stderr"},
811 #ifdef KRB5
812 #endif
813     { "version", 0,  arg_flag,		&do_version,	NULL },
814     { "help",	 0,  arg_flag,		&do_help,	NULL }
815 };
816 
817 static void
818 usage (int ret)
819 {
820     arg_printusage (args,
821 		    sizeof(args) / sizeof(args[0]),
822 		    NULL,
823 		    "[login@]host [command]");
824     exit (ret);
825 }
826 
827 /*
828  *
829  */
830 
831 int
832 main(int argc, char **argv)
833 {
834     int priv_port1, priv_port2;
835     int priv_socket1, priv_socket2;
836     int argindex = 0;
837     int error;
838     struct addrinfo hints, *ai;
839     int ret = 1;
840     char *cmd;
841     char *tmp;
842     size_t cmd_len;
843     const char *local_user;
844     char *host = NULL;
845     int host_index = -1;
846 #ifdef KRB5
847     int status;
848 #endif
849     uid_t uid;
850 
851     priv_port1 = priv_port2 = IPPORT_RESERVED-1;
852     priv_socket1 = rresvport(&priv_port1);
853     priv_socket2 = rresvport(&priv_port2);
854     uid = getuid ();
855     if (setuid (uid) || (uid != 0 && setuid(0) == 0))
856 	err (1, "setuid");
857 
858     setprogname (argv[0]);
859 
860     if (argc >= 2 && argv[1][0] != '-') {
861 	host = argv[host_index = 1];
862 	argindex = 1;
863     }
864 
865     if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
866 		&argindex))
867 	usage (1);
868 
869     if (do_help)
870 	usage (0);
871 
872     if (do_version) {
873 	print_version (NULL);
874 	return 0;
875     }
876 
877 #ifdef KRB5
878     if(protocol_version_str != NULL) {
879 	if(strcasecmp(protocol_version_str, "N") == 0)
880 	    protocol_version = 2;
881 	else if(strcasecmp(protocol_version_str, "O") == 0)
882 	    protocol_version = 1;
883 	else {
884 	    char *end;
885 	    int v;
886 	    v = strtol(protocol_version_str, &end, 0);
887 	    if(*end != '\0' || (v != 1 && v != 2)) {
888 		errx(1, "unknown protocol version \"%s\"",
889 		     protocol_version_str);
890 	    }
891 	    protocol_version = v;
892 	}
893     }
894 
895     status = krb5_init_context (&context);
896     if (status) {
897 	if(use_v5 == 1)
898 	    errx(1, "krb5_init_context failed: %d", status);
899 	else
900 	    use_v5 = 0;
901     }
902 
903     /* request for forwardable on the command line means we should
904        also forward */
905     if (do_forwardable == 1)
906 	do_forward = 1;
907 
908 #endif
909 
910     if (use_only_broken) {
911 #ifdef KRB5
912 	use_v5 = 0;
913 #endif
914     }
915 
916     if(priv_socket1 < 0) {
917 	if (use_only_broken)
918 	    errx (1, "unable to bind reserved port: is rsh setuid root?");
919 	use_broken = 0;
920     }
921 
922 #if defined(KRB5)
923     if (do_encrypt == 1 && use_only_broken)
924 	errx (1, "encryption not supported with old style authentication");
925 #endif
926 
927 
928 
929 #ifdef KRB5
930     if (do_unique_tkfile && unique_tkfile != NULL)
931 	errx (1, "Only one of -u and -U allowed.");
932 
933     if (do_unique_tkfile)
934 	strlcpy(tkfile,"-u ", sizeof(tkfile));
935     else if (unique_tkfile != NULL) {
936 	if (strchr(unique_tkfile,' ') != NULL) {
937 	    warnx("Space is not allowed in tkfilename");
938 	    usage(1);
939 	}
940 	do_unique_tkfile = 1;
941 	snprintf (tkfile, sizeof(tkfile), "-U %s ", unique_tkfile);
942     }
943 #endif
944 
945     if (host == NULL) {
946 	if (argc - argindex < 1)
947 	    usage (1);
948 	else
949 	    host = argv[host_index = argindex++];
950     }
951 
952     if((tmp = strchr(host, '@')) != NULL) {
953 	*tmp++ = '\0';
954 	user = host;
955 	host = tmp;
956     }
957 
958     if (argindex == argc) {
959 	close (priv_socket1);
960 	close (priv_socket2);
961 	argv[0] = "rlogin";
962 	execvp ("rlogin", argv);
963 	err (1, "execvp rlogin");
964     }
965 
966     local_user = get_default_username ();
967     if (local_user == NULL)
968 	errx (1, "who are you?");
969 
970     if (user == NULL)
971 	user = local_user;
972 
973     cmd_len = construct_command(&cmd, argc - argindex, argv + argindex);
974 
975     /*
976      * Try all different authentication methods
977      */
978 
979 #ifdef KRB5
980     if (ret && use_v5) {
981 	memset (&hints, 0, sizeof(hints));
982 	hints.ai_socktype = SOCK_STREAM;
983 	hints.ai_protocol = IPPROTO_TCP;
984 
985 	if(port_str == NULL) {
986 	    error = getaddrinfo(host, "kshell", &hints, &ai);
987 	    if(error == EAI_NONAME)
988 		error = getaddrinfo(host, "544", &hints, &ai);
989 	} else
990 	    error = getaddrinfo(host, port_str, &hints, &ai);
991 
992 	if(error)
993 	    errx (1, "getaddrinfo: %s", gai_strerror(error));
994 
995 	auth_method = AUTH_KRB5;
996       again:
997 	ret = doit (host, ai, user, local_user, cmd, cmd_len,
998 		    send_krb5_auth);
999 	if(ret != 0 && sendauth_version_error &&
1000 	   protocol_version == 2) {
1001 	    protocol_version = 1;
1002 	    goto again;
1003 	}
1004 	freeaddrinfo(ai);
1005     }
1006 #endif
1007     if (ret && use_broken) {
1008 	memset (&hints, 0, sizeof(hints));
1009 	hints.ai_socktype = SOCK_STREAM;
1010 	hints.ai_protocol = IPPROTO_TCP;
1011 
1012 	if(port_str == NULL) {
1013 	    error = getaddrinfo(host, "shell", &hints, &ai);
1014 	    if(error == EAI_NONAME)
1015 		error = getaddrinfo(host, "514", &hints, &ai);
1016 	} else
1017 	    error = getaddrinfo(host, port_str, &hints, &ai);
1018 
1019 	if(error)
1020 	    errx (1, "getaddrinfo: %s", gai_strerror(error));
1021 
1022 	auth_method = AUTH_BROKEN;
1023 	ret = doit_broken (argc, argv, host_index, ai,
1024 			   user, local_user,
1025 			   priv_socket1,
1026 			   do_errsock ? priv_socket2 : -1,
1027 			   cmd, cmd_len);
1028 	freeaddrinfo(ai);
1029     }
1030     free(cmd);
1031     return ret;
1032 }
1033