xref: /freebsd/crypto/heimdal/appl/rsh/rshd.c (revision 8ddb146abcdf061be9f2c0db7e391697dafad85c)
1 /*
2  * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "rsh_locl.h"
35 #include "login_locl.h"
36 RCSID("$Id$");
37 
38 int
39 login_access( struct passwd *user, char *from);
40 int
41 read_limits_conf(const char *file, const struct passwd *pwd);
42 
43 #ifdef NEED_IRUSEROK_PROTO
44 int iruserok(uint32_t, int, const char *, const char *);
45 #endif
46 
47 enum auth_method auth_method;
48 
49 #ifdef KRB5
50 krb5_context context;
51 krb5_keyblock *keyblock;
52 krb5_crypto crypto;
53 #endif
54 
55 #ifdef KRB5
56 krb5_ccache ccache, ccache2;
57 int kerberos_status = 0;
58 #endif
59 
60 int do_encrypt = 0;
61 
62 static int do_unique_tkfile           = 0;
63 static char tkfile[MAXPATHLEN] = "";
64 
65 static int do_inetd = 1;
66 static char *port_str;
67 static int do_rhosts = 1;
68 static int do_kerberos = 0;
69 #define DO_KRB5 4
70 static int do_vacuous = 0;
71 static int do_log = 1;
72 static int do_newpag = 1;
73 static int do_addr_verify = 0;
74 static int do_keepalive = 1;
75 static int do_version;
76 static int do_help = 0;
77 
78 static void
79 syslog_and_die (const char *m, ...)
80     __attribute__ ((format (printf, 1, 2)));
81 
82 static void
83 syslog_and_die (const char *m, ...)
84 {
85     va_list args;
86 
87     va_start(args, m);
88     vsyslog (LOG_ERR, m, args);
89     va_end(args);
90     exit (1);
91 }
92 
93 static void
94 fatal (int, const char*, const char *, ...)
95     __attribute__ ((noreturn, format (printf, 3, 4)));
96 
97 static void
98 fatal (int sock, const char *what, const char *m, ...)
99 {
100     va_list args;
101     char buf[BUFSIZ];
102     size_t len;
103 
104     *buf = 1;
105     va_start(args, m);
106     len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args);
107     len = min(len, sizeof(buf) - 1);
108     va_end(args);
109     if(what != NULL)
110 	syslog (LOG_ERR, "%s: %s: %s", what, strerror(errno), buf + 1);
111     else
112 	syslog (LOG_ERR, "%s", buf + 1);
113     net_write (sock, buf, len + 1);
114     exit (1);
115 }
116 
117 static char *
118 read_str (int s, size_t sz, char *expl)
119 {
120     char *str = malloc(sz);
121     char *p = str;
122     if(str == NULL)
123 	fatal(s, NULL, "%s too long", expl);
124     while(p < str + sz) {
125 	if(net_read(s, p, 1) != 1)
126 	    syslog_and_die("read: %s", strerror(errno));
127 	if(*p == '\0')
128 	    return str;
129 	p++;
130     }
131     fatal(s, NULL, "%s too long", expl);
132 }
133 
134 static int
135 recv_bsd_auth (int s, u_char *buf,
136 	       struct sockaddr_in *thisaddr,
137 	       struct sockaddr_in *thataddr,
138 	       char **client_username,
139 	       char **server_username,
140 	       char **cmd)
141 {
142     struct passwd *pwd;
143 
144     *client_username = read_str (s, USERNAME_SZ, "local username");
145     *server_username = read_str (s, USERNAME_SZ, "remote username");
146     *cmd = read_str (s, ARG_MAX + 1, "command");
147     pwd = getpwnam(*server_username);
148     if (pwd == NULL)
149 	fatal(s, NULL, "Login incorrect.");
150     if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0,
151 		 *client_username, *server_username))
152 	fatal(s, NULL, "Login incorrect.");
153     return 0;
154 }
155 
156 #ifdef KRB5
157 static int
158 save_krb5_creds (int s,
159                  krb5_auth_context auth_context,
160                  krb5_principal client)
161 
162 {
163     int ret;
164     krb5_data remote_cred;
165 
166     krb5_data_zero (&remote_cred);
167     ret= krb5_read_message (context, (void *)&s, &remote_cred);
168     if (ret) {
169 	krb5_data_free(&remote_cred);
170 	return 0;
171     }
172     if (remote_cred.length == 0)
173 	return 0;
174 
175     ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache);
176     if (ret) {
177 	krb5_data_free(&remote_cred);
178 	return 0;
179     }
180 
181     krb5_cc_initialize(context,ccache,client);
182     ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
183     if(ret != 0)
184 	syslog(LOG_INFO|LOG_AUTH,
185 	       "reading creds: %s", krb5_get_err_text(context, ret));
186     krb5_data_free (&remote_cred);
187     if (ret)
188 	return 0;
189     return 1;
190 }
191 
192 static void
193 krb5_start_session (void)
194 {
195     krb5_error_code ret;
196     char *estr;
197 
198     ret = krb5_cc_resolve (context, tkfile, &ccache2);
199     if (ret) {
200 	estr = krb5_get_error_string(context);
201 	syslog(LOG_WARNING, "resolve cred cache %s: %s",
202 	       tkfile,
203 	       estr ? estr : krb5_get_err_text(context, ret));
204 	free(estr);
205 	krb5_cc_destroy(context, ccache);
206 	return;
207     }
208 
209     ret = krb5_cc_copy_cache (context, ccache, ccache2);
210     if (ret) {
211 	estr = krb5_get_error_string(context);
212 	syslog(LOG_WARNING, "storing credentials: %s",
213 	       estr ? estr : krb5_get_err_text(context, ret));
214 	free(estr);
215 	krb5_cc_destroy(context, ccache);
216 	return ;
217     }
218 
219     krb5_cc_close(context, ccache2);
220     krb5_cc_destroy(context, ccache);
221     return;
222 }
223 
224 static int protocol_version;
225 
226 static krb5_boolean
227 match_kcmd_version(const void *data, const char *version)
228 {
229     if(strcmp(version, KCMD_NEW_VERSION) == 0) {
230 	protocol_version = 2;
231 	return TRUE;
232     }
233     if(strcmp(version, KCMD_OLD_VERSION) == 0) {
234 	protocol_version = 1;
235 	key_usage = KRB5_KU_OTHER_ENCRYPTED;
236 	return TRUE;
237     }
238     return FALSE;
239 }
240 
241 
242 static int
243 recv_krb5_auth (int s, u_char *buf,
244 		struct sockaddr *thisaddr,
245 		struct sockaddr *thataddr,
246 		char **client_username,
247 		char **server_username,
248 		char **cmd)
249 {
250     uint32_t len;
251     krb5_auth_context auth_context = NULL;
252     krb5_ticket *ticket;
253     krb5_error_code status;
254     krb5_data cksum_data;
255     krb5_principal server;
256     char *str;
257 
258     if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
259 	return -1;
260     len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
261 
262     if (net_read(s, buf, len) != len)
263 	syslog_and_die ("reading auth info: %s", strerror(errno));
264     if (len != sizeof(KRB5_SENDAUTH_VERSION)
265 	|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
266 	syslog_and_die ("bad sendauth version: %.8s", buf);
267 
268     status = krb5_sock_to_principal (context,
269 				     s,
270 				     "host",
271 				     KRB5_NT_SRV_HST,
272 				     &server);
273     if (status)
274 	syslog_and_die ("krb5_sock_to_principal: %s",
275 			krb5_get_err_text(context, status));
276 
277     status = krb5_recvauth_match_version(context,
278 					 &auth_context,
279 					 &s,
280 					 match_kcmd_version,
281 					 NULL,
282 					 server,
283 					 KRB5_RECVAUTH_IGNORE_VERSION,
284 					 NULL,
285 					 &ticket);
286     krb5_free_principal (context, server);
287     if (status)
288 	syslog_and_die ("krb5_recvauth: %s",
289 			krb5_get_err_text(context, status));
290 
291     *server_username = read_str (s, USERNAME_SZ, "remote username");
292     *cmd = read_str (s, ARG_MAX + 1, "command");
293     *client_username = read_str (s, ARG_MAX + 1, "local username");
294 
295     if(protocol_version == 2) {
296 	status = krb5_auth_con_getremotesubkey(context, auth_context,
297 					       &keyblock);
298 	if(status != 0 || keyblock == NULL)
299 	    syslog_and_die("failed to get remote subkey");
300     } else if(protocol_version == 1) {
301 	status = krb5_auth_con_getkey (context, auth_context, &keyblock);
302 	if(status != 0 || keyblock == NULL)
303 	    syslog_and_die("failed to get key");
304     }
305     if (status != 0 || keyblock == NULL)
306        syslog_and_die ("krb5_auth_con_getkey: %s",
307                        krb5_get_err_text(context, status));
308 
309     status = krb5_crypto_init(context, keyblock, 0, &crypto);
310     if(status)
311 	syslog_and_die("krb5_crypto_init: %s",
312 		       krb5_get_err_text(context, status));
313 
314 
315     cksum_data.length = asprintf (&str,
316 				  "%u:%s%s",
317 				  ntohs(socket_get_port (thisaddr)),
318 				  *cmd,
319 				  *server_username);
320     if (str == NULL)
321 	syslog_and_die ("asprintf: out of memory");
322     cksum_data.data = str;
323 
324     status = krb5_verify_authenticator_checksum(context,
325 						auth_context,
326 						cksum_data.data,
327 						cksum_data.length);
328 
329     if (status)
330 	syslog_and_die ("krb5_verify_authenticator_checksum: %s",
331 			krb5_get_err_text(context, status));
332 
333     free (cksum_data.data);
334 
335     if (strncmp (*client_username, "-u ", 3) == 0) {
336 	do_unique_tkfile = 1;
337 	memmove (*client_username, *client_username + 3,
338 		 strlen(*client_username) - 2);
339     }
340 
341     if (strncmp (*client_username, "-U ", 3) == 0) {
342 	char *end, *temp_tkfile;
343 
344 	do_unique_tkfile = 1;
345 	if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
346 	    temp_tkfile = tkfile;
347 	} else {
348 	    strlcpy (tkfile, "FILE:", sizeof(tkfile));
349 	    temp_tkfile = tkfile + 5;
350 	}
351 	end = strchr(*client_username + 3,' ');
352 	if (end == NULL)
353 	    syslog_and_die("missing argument after -U");
354 	snprintf(temp_tkfile, sizeof(tkfile) - (temp_tkfile - tkfile),
355 		 "%.*s",
356 		 (int)(end - *client_username - 3),
357 		 *client_username + 3);
358 	memmove (*client_username, end + 1, strlen(end+1)+1);
359     }
360 
361     kerberos_status = save_krb5_creds (s, auth_context, ticket->client);
362 
363     if(!krb5_kuserok (context,
364 		      ticket->client,
365 		      *server_username))
366 	fatal (s, NULL, "Permission denied.");
367 
368     if (strncmp (*cmd, "-x ", 3) == 0) {
369 	do_encrypt = 1;
370 	memmove (*cmd, *cmd + 3, strlen(*cmd) - 2);
371     } else {
372 	if(do_encrypt)
373 	    fatal (s, NULL, "Encryption is required.");
374 	do_encrypt = 0;
375     }
376 
377     {
378 	char *name;
379 
380 	if (krb5_unparse_name (context, ticket->client, &name) == 0) {
381 	    char addr_str[256];
382 
383 	    if (inet_ntop (thataddr->sa_family,
384 			   socket_get_address (thataddr),
385 			   addr_str, sizeof(addr_str)) == NULL)
386 		strlcpy (addr_str, "unknown address",
387 				 sizeof(addr_str));
388 
389 	    syslog(LOG_INFO|LOG_AUTH,
390 		   "kerberos v5 shell from %s on %s as %s, cmd '%.80s'",
391 		   name,
392 		   addr_str,
393 		   *server_username,
394 		   *cmd);
395 	    free (name);
396 	}
397     }
398 
399     krb5_auth_con_free(context, auth_context);
400 
401     return 0;
402 }
403 #endif /* KRB5 */
404 
405 static void
406 rshd_loop (int from0, int to0,
407 	   int to1,   int from1,
408 	   int to2,   int from2,
409 	   int have_errsock)
410 {
411     fd_set real_readset;
412     int max_fd;
413     int count = 2;
414     char *buf;
415 
416     if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
417 	errx (1, "fd too large");
418 
419 #ifdef KRB5
420     if(auth_method == AUTH_KRB5 && protocol_version == 2)
421 	init_ivecs(0, have_errsock);
422 #endif
423 
424     FD_ZERO(&real_readset);
425     FD_SET(from0, &real_readset);
426     FD_SET(from1, &real_readset);
427     FD_SET(from2, &real_readset);
428     max_fd = max(from0, max(from1, from2)) + 1;
429 
430     buf = malloc(max(RSHD_BUFSIZ, RSH_BUFSIZ));
431     if (buf == NULL)
432 	syslog_and_die("out of memory");
433 
434     for (;;) {
435 	int ret;
436 	fd_set readset = real_readset;
437 
438 	ret = select (max_fd, &readset, NULL, NULL, NULL);
439 	if (ret < 0) {
440 	    if (errno == EINTR)
441 		continue;
442 	    else
443 		syslog_and_die ("select: %s", strerror(errno));
444 	}
445 	if (FD_ISSET(from0, &readset)) {
446 	    ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]);
447 	    if (ret < 0)
448 		syslog_and_die ("read: %s", strerror(errno));
449 	    else if (ret == 0) {
450 		close (from0);
451 		close (to0);
452 		FD_CLR(from0, &real_readset);
453 	    } else
454 		net_write (to0, buf, ret);
455 	}
456 	if (FD_ISSET(from1, &readset)) {
457 	    ret = read (from1, buf, RSH_BUFSIZ);
458 	    if (ret < 0)
459 		syslog_and_die ("read: %s", strerror(errno));
460 	    else if (ret == 0) {
461 		close (from1);
462 		close (to1);
463 		FD_CLR(from1, &real_readset);
464 		if (--count == 0)
465 		    exit (0);
466 	    } else
467 		do_write (to1, buf, ret, ivec_out[0]);
468 	}
469 	if (FD_ISSET(from2, &readset)) {
470 	    ret = read (from2, buf, RSH_BUFSIZ);
471 	    if (ret < 0)
472 		syslog_and_die ("read: %s", strerror(errno));
473 	    else if (ret == 0) {
474 		close (from2);
475 		close (to2);
476 		FD_CLR(from2, &real_readset);
477 		if (--count == 0)
478 		    exit (0);
479 	    } else
480 		do_write (to2, buf, ret, ivec_out[1]);
481 	}
482    }
483 }
484 
485 /*
486  * Used by `setup_copier' to create some pipe-like means of
487  * communcation.  Real pipes would probably be the best thing, but
488  * then the shell doesn't understand it's talking to rshd.  If
489  * socketpair doesn't work everywhere, some autoconf magic would have
490  * to be added here.
491  *
492  * If it fails creating the `pipe', it aborts by calling fatal.
493  */
494 
495 static void
496 pipe_a_like (int fd[2])
497 {
498     if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0)
499 	fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed.");
500 }
501 
502 /*
503  * Start a child process and leave the parent copying data to and from it.  */
504 
505 static void
506 setup_copier (int have_errsock)
507 {
508     int p0[2], p1[2], p2[2];
509     pid_t pid;
510 
511     pipe_a_like(p0);
512     pipe_a_like(p1);
513     pipe_a_like(p2);
514     pid = fork ();
515     if (pid < 0)
516 	fatal (STDOUT_FILENO, "fork", "Could not create child process.");
517     if (pid == 0) { /* child */
518 	close (p0[1]);
519 	close (p1[0]);
520 	close (p2[0]);
521 	dup2 (p0[0], STDIN_FILENO);
522 	dup2 (p1[1], STDOUT_FILENO);
523 	dup2 (p2[1], STDERR_FILENO);
524 	close (p0[0]);
525 	close (p1[1]);
526 	close (p2[1]);
527     } else { /* parent */
528 	close (p0[0]);
529 	close (p1[1]);
530 	close (p2[1]);
531 
532 	if (net_write (STDOUT_FILENO, "", 1) != 1)
533 	    fatal (STDOUT_FILENO, "net_write", "Write failure.");
534 
535 	rshd_loop (STDIN_FILENO, p0[1],
536 	      STDOUT_FILENO, p1[0],
537 	      STDERR_FILENO, p2[0],
538 	      have_errsock);
539     }
540 }
541 
542 /*
543  * Is `port' a ``reserverd'' port?
544  */
545 
546 static int
547 is_reserved(u_short port)
548 {
549     return ntohs(port) < IPPORT_RESERVED;
550 }
551 
552 /*
553  * Set the necessary part of the environment in `env'.
554  */
555 
556 static void
557 setup_environment (char ***env, const struct passwd *pwd)
558 {
559     int i, j, path;
560     char **e;
561 
562     i = 0;
563     path = 0;
564     *env = NULL;
565 
566     i = read_environment(_PATH_ETC_ENVIRONMENT, env);
567     e = *env;
568     for (j = 0; j < i; j++) {
569 	if (!strncmp(e[j], "PATH=", 5)) {
570 	    path = 1;
571 	}
572     }
573 
574     e = *env;
575     e = realloc(e, (i + 7) * sizeof(char *));
576 
577     if (asprintf (&e[i++], "USER=%s",  pwd->pw_name) == -1)
578 	syslog_and_die ("asprintf: out of memory");
579     if (asprintf (&e[i++], "HOME=%s",  pwd->pw_dir) == -1)
580 	syslog_and_die ("asprintf: out of memory");
581     if (asprintf (&e[i++], "SHELL=%s", pwd->pw_shell) == -1)
582 	syslog_and_die ("asprintf: out of memory");
583     if (! path) {
584 	if (asprintf (&e[i++], "PATH=%s",  _PATH_DEFPATH) == -1)
585 	    syslog_and_die ("asprintf: out of memory");
586     }
587     asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy");
588     if (do_unique_tkfile)
589 	if (asprintf (&e[i++], "KRB5CCNAME=%s", tkfile) == -1)
590 	    syslog_and_die ("asprintf: out of memory");
591     e[i++] = NULL;
592     *env = e;
593 }
594 
595 static void
596 doit (void)
597 {
598     u_char buf[BUFSIZ];
599     u_char *p;
600     struct sockaddr_storage thisaddr_ss;
601     struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
602     struct sockaddr_storage thataddr_ss;
603     struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
604     struct sockaddr_storage erraddr_ss;
605     struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
606     socklen_t thisaddr_len, thataddr_len;
607     int port;
608     int errsock = -1;
609     char *client_user = NULL, *server_user = NULL, *cmd = NULL;
610     struct passwd *pwd;
611     int s = STDIN_FILENO;
612     char **env;
613     int ret;
614     char that_host[NI_MAXHOST];
615 
616     thisaddr_len = sizeof(thisaddr_ss);
617     if (getsockname (s, thisaddr, &thisaddr_len) < 0)
618 	syslog_and_die("getsockname: %s", strerror(errno));
619     thataddr_len = sizeof(thataddr_ss);
620     if (getpeername (s, thataddr, &thataddr_len) < 0)
621 	syslog_and_die ("getpeername: %s", strerror(errno));
622 
623     /* check for V4MAPPED addresses? */
624 
625     if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
626 	fatal(s, NULL, "Permission denied.");
627 
628     p = buf;
629     port = 0;
630     for(;;) {
631 	if (net_read (s, p, 1) != 1)
632 	    syslog_and_die ("reading port number: %s", strerror(errno));
633 	if (*p == '\0')
634 	    break;
635 	else if (isdigit(*p))
636 	    port = port * 10 + *p - '0';
637 	else
638 	    syslog_and_die ("non-digit in port number: %c", *p);
639     }
640 
641     if (do_kerberos  == 0 && !is_reserved(htons(port)))
642 	fatal(s, NULL, "Permission denied.");
643 
644     if (port) {
645 	int priv_port = IPPORT_RESERVED - 1;
646 
647 	/*
648 	 * There's no reason to require a ``privileged'' port number
649 	 * here, but for some reason the brain dead rsh clients
650 	 * do... :-(
651 	 */
652 
653 	erraddr->sa_family = thataddr->sa_family;
654 	socket_set_address_and_port (erraddr,
655 				     socket_get_address (thataddr),
656 				     htons(port));
657 
658 	/*
659 	 * we only do reserved port for IPv4
660 	 */
661 
662 	if (erraddr->sa_family == AF_INET)
663 	    errsock = rresvport (&priv_port);
664 	else
665 	    errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
666 	if (errsock < 0)
667 	    syslog_and_die ("socket: %s", strerror(errno));
668 	if (connect (errsock,
669 		     erraddr,
670 		     socket_sockaddr_size (erraddr)) < 0) {
671 	    syslog (LOG_WARNING, "connect: %s", strerror(errno));
672 	    close (errsock);
673 	}
674     }
675 
676     if(do_kerberos) {
677 	if (net_read (s, buf, 4) != 4)
678 	    syslog_and_die ("reading auth info: %s", strerror(errno));
679 
680 #ifdef KRB5
681 	    if((do_kerberos & DO_KRB5) &&
682 	       recv_krb5_auth (s, buf, thisaddr, thataddr,
683 			       &client_user,
684 			       &server_user,
685 			       &cmd) == 0)
686 		auth_method = AUTH_KRB5;
687 	    else
688 #endif /* KRB5 */
689 		syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
690 				buf[0], buf[1], buf[2], buf[3]);
691     } else {
692 	if(recv_bsd_auth (s, buf,
693 			  (struct sockaddr_in *)thisaddr,
694 			  (struct sockaddr_in *)thataddr,
695 			  &client_user,
696 			  &server_user,
697 			  &cmd) == 0) {
698 	    auth_method = AUTH_BROKEN;
699 	    if(do_vacuous) {
700 		printf("Remote host requires Kerberos authentication\n");
701 		exit(0);
702 	    }
703 	} else
704 	    syslog_and_die("recv_bsd_auth failed");
705     }
706 
707     if (client_user == NULL || server_user == NULL || cmd == NULL)
708 	syslog_and_die("mising client/server/cmd");
709 
710     pwd = getpwnam (server_user);
711     if (pwd == NULL)
712 	fatal (s, NULL, "Login incorrect.");
713 
714     if (*pwd->pw_shell == '\0')
715 	pwd->pw_shell = _PATH_BSHELL;
716 
717     if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
718 	fatal (s, NULL, "Login disabled.");
719 
720 
721     ret = getnameinfo_verified (thataddr, thataddr_len,
722 				that_host, sizeof(that_host),
723 				NULL, 0, 0);
724     if (ret)
725 	fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret));
726 
727     if (login_access(pwd, that_host) == 0) {
728 	syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
729 	       server_user, that_host);
730 	fatal(s, NULL, "Permission denied.");
731     }
732 
733 #ifdef HAVE_GETSPNAM
734     {
735 	struct spwd *sp;
736 	long    today;
737 
738 	sp = getspnam(server_user);
739 	if (sp != NULL) {
740 	    today = time(0)/(24L * 60 * 60);
741 	    if (sp->sp_expire > 0)
742 		if (today > sp->sp_expire)
743 		    fatal(s, NULL, "Account has expired.");
744 	}
745     }
746 #endif
747 
748 
749 #ifdef HAVE_SETLOGIN
750     if (setlogin(pwd->pw_name) < 0)
751 	syslog(LOG_ERR, "setlogin() failed: %s", strerror(errno));
752 #endif
753 
754 #ifdef HAVE_SETPCRED
755     if (setpcred (pwd->pw_name, NULL) == -1)
756 	syslog(LOG_ERR, "setpcred() failure: %s", strerror(errno));
757 #endif /* HAVE_SETPCRED */
758 
759     /* Apply limits if not root */
760     if(pwd->pw_uid != 0) {
761 	 const char *file = _PATH_LIMITS_CONF;
762 	 read_limits_conf(file, pwd);
763     }
764 
765     if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
766 	fatal (s, "initgroups", "Login incorrect.");
767 
768     if (setgid(pwd->pw_gid) < 0)
769 	fatal (s, "setgid", "Login incorrect.");
770 
771     if (setuid (pwd->pw_uid) < 0)
772 	fatal (s, "setuid", "Login incorrect.");
773 
774     if (chdir (pwd->pw_dir) < 0)
775 	fatal (s, "chdir", "Remote directory.");
776 
777     if (errsock >= 0) {
778 	if (dup2 (errsock, STDERR_FILENO) < 0)
779 	    fatal (s, "dup2", "Cannot dup stderr.");
780 	close (errsock);
781     } else {
782 	if (dup2 (STDOUT_FILENO, STDERR_FILENO) < 0)
783 	    fatal (s, "dup2", "Cannot dup stderr.");
784     }
785 
786 #ifdef KRB5
787     {
788 	int fd;
789 
790 	if (!do_unique_tkfile)
791 	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu",
792 		     (unsigned long)pwd->pw_uid);
793 	else if (*tkfile=='\0') {
794 	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
795 	    fd = mkstemp(tkfile+5);
796 	    close(fd);
797 	    unlink(tkfile+5);
798 	}
799 
800 	if (kerberos_status)
801 	    krb5_start_session();
802     }
803 #endif
804 
805     setup_environment (&env, pwd);
806 
807     if (do_encrypt) {
808 	setup_copier (errsock >= 0);
809     } else {
810 	if (net_write (s, "", 1) != 1)
811 	    fatal (s, "net_write", "write failed");
812     }
813 
814 #if defined(KRB5)
815     if(k_hasafs()) {
816 	char cell[64];
817 
818 	if(do_newpag)
819 	    k_setpag();
820 
821 	/* XXX */
822        if (kerberos_status) {
823 	   krb5_ccache ccache;
824 	   krb5_error_code status;
825 
826 	   status = krb5_cc_resolve (context, tkfile, &ccache);
827 	   if (!status) {
828 	       if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
829 		   krb5_afslog_uid_home(context, ccache, cell, NULL,
830 					pwd->pw_uid, pwd->pw_dir);
831 	       krb5_afslog_uid_home(context, ccache, NULL, NULL,
832 				    pwd->pw_uid, pwd->pw_dir);
833 	       krb5_cc_close (context, ccache);
834 	   }
835        }
836     }
837 #endif /* KRB5 */
838     execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
839     err(1, "exec %s", pwd->pw_shell);
840 }
841 
842 struct getargs args[] = {
843     { NULL,		'a',	arg_flag,	&do_addr_verify },
844     { "keepalive",	'n',	arg_negative_flag,	&do_keepalive },
845     { "inetd",		'i',	arg_negative_flag,	&do_inetd,
846       "Not started from inetd" },
847 #if defined(KRB5)
848     { "kerberos",	'k',	arg_flag,	&do_kerberos,
849       "Implement kerberised services" },
850     { "encrypt",	'x',	arg_flag,		&do_encrypt,
851       "Implement encrypted service" },
852 #endif
853     { "rhosts",		'l',	arg_negative_flag, &do_rhosts,
854       "Don't check users .rhosts" },
855     { "port",		'p',	arg_string,	&port_str,	"Use this port",
856       "port" },
857     { "vacuous",	'v',	arg_flag, &do_vacuous,
858       "Don't accept non-kerberised connections" },
859 #if defined(KRB5)
860     { NULL,		'P',	arg_negative_flag, &do_newpag,
861       "Don't put process in new PAG" },
862 #endif
863     /* compatibility flag: */
864     { NULL,		'L',	arg_flag, &do_log },
865     { "version",	0, 	arg_flag,		&do_version },
866     { "help",		0, 	arg_flag,		&do_help }
867 };
868 
869 static void
870 usage (int ret)
871 {
872     if(isatty(STDIN_FILENO))
873 	arg_printusage (args,
874 			sizeof(args) / sizeof(args[0]),
875 			NULL,
876 			"");
877     else
878 	syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname());
879     exit (ret);
880 }
881 
882 
883 int
884 main(int argc, char **argv)
885 {
886     int optind = 0;
887     int on = 1;
888 
889     setprogname (argv[0]);
890     roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
891 
892     if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv,
893 	       &optind))
894 	usage(1);
895 
896     if(do_help)
897 	usage (0);
898 
899     if (do_version) {
900 	print_version(NULL);
901 	exit(0);
902     }
903 
904 #if defined(KRB5)
905     if (do_encrypt)
906 	do_kerberos = 1;
907 
908     if(do_kerberos)
909 	do_kerberos = DO_KRB5;
910 #endif
911 
912 #ifdef KRB5
913     if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
914 	do_kerberos &= ~DO_KRB5;
915 #endif
916 
917     if (!do_inetd) {
918 	int error;
919 	struct addrinfo *ai = NULL, hints;
920 	char portstr[NI_MAXSERV];
921 
922 	memset (&hints, 0, sizeof(hints));
923 	hints.ai_flags    = AI_PASSIVE;
924 	hints.ai_socktype = SOCK_STREAM;
925 	hints.ai_family   = PF_UNSPEC;
926 
927 	if(port_str != NULL) {
928 	    error = getaddrinfo (NULL, port_str, &hints, &ai);
929 	    if (error)
930 		errx (1, "getaddrinfo: %s", gai_strerror (error));
931 	}
932 	if (ai == NULL) {
933 #if defined(KRB5)
934 	    if (do_kerberos) {
935 		if (do_encrypt) {
936 		    error = getaddrinfo(NULL, "ekshell", &hints, &ai);
937 		    if(error == EAI_NONAME) {
938 			snprintf(portstr, sizeof(portstr), "%d", 545);
939 			error = getaddrinfo(NULL, portstr, &hints, &ai);
940 		    }
941 		    if(error)
942 			errx (1, "getaddrinfo: %s", gai_strerror (error));
943 		} else {
944 		    error = getaddrinfo(NULL, "kshell", &hints, &ai);
945 		    if(error == EAI_NONAME) {
946 			snprintf(portstr, sizeof(portstr), "%d", 544);
947 			error = getaddrinfo(NULL, portstr, &hints, &ai);
948 		    }
949 		    if(error)
950 			errx (1, "getaddrinfo: %s", gai_strerror (error));
951 		}
952 	    } else
953 #endif
954 		{
955 		    error = getaddrinfo(NULL, "shell", &hints, &ai);
956 		    if(error == EAI_NONAME) {
957 			snprintf(portstr, sizeof(portstr), "%d", 514);
958 			error = getaddrinfo(NULL, portstr, &hints, &ai);
959 		    }
960 		    if(error)
961 			errx (1, "getaddrinfo: %s", gai_strerror (error));
962 		}
963 	}
964 	mini_inetd_addrinfo (ai, NULL);
965 	freeaddrinfo(ai);
966     }
967 
968     if (do_keepalive &&
969 	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
970 		   sizeof(on)) < 0)
971 	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %s", strerror(errno));
972 
973     /* set SO_LINGER? */
974 
975     signal (SIGPIPE, SIG_IGN);
976 
977     doit ();
978     return 0;
979 }
980