xref: /freebsd/lib/libc/net/rcmd.c (revision 380a989b3223d455375b4fae70fd0b9bdd43bafb)
1 /*
2  * Copyright (c) 1983, 1993, 1994
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *	This product includes software developed by the University of
16  *	California, Berkeley and its contributors.
17  * 4. Neither the name of the University nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #if defined(LIBC_SCCS) && !defined(lint)
35 static char sccsid[] = "@(#)rcmd.c	8.3 (Berkeley) 3/26/94";
36 #endif /* LIBC_SCCS and not lint */
37 
38 #include <sys/param.h>
39 #include <sys/socket.h>
40 #include <sys/stat.h>
41 
42 #include <netinet/in.h>
43 #include <arpa/inet.h>
44 
45 #include <signal.h>
46 #include <fcntl.h>
47 #include <netdb.h>
48 #include <unistd.h>
49 #include <pwd.h>
50 #include <errno.h>
51 #include <stdio.h>
52 #include <ctype.h>
53 #include <string.h>
54 #ifdef YP
55 #include <rpc/rpc.h>
56 #include <rpcsvc/yp_prot.h>
57 #include <rpcsvc/ypclnt.h>
58 #endif
59 
60 extern int innetgr __P(( const char *, const char *, const char *, const char * ));
61 
62 #define max(a, b)	((a > b) ? a : b)
63 
64 int	__ivaliduser __P((FILE *, u_int32_t, const char *, const char *));
65 static int __icheckhost __P((u_int32_t, char *));
66 
67 int
68 rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
69 	char **ahost;
70 	u_short rport;
71 	const char *locuser, *remuser, *cmd;
72 	int *fd2p;
73 {
74 	struct hostent *hp;
75 	struct sockaddr_in sin, from;
76 	fd_set reads;
77 	long oldmask;
78 	pid_t pid;
79 	int s, lport, timo;
80 	char c;
81 
82 	pid = getpid();
83 	hp = gethostbyname(*ahost);
84 	if (hp == NULL) {
85 		herror(*ahost);
86 		return (-1);
87 	}
88 	*ahost = hp->h_name;
89 	oldmask = sigblock(sigmask(SIGURG));
90 	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
91 		s = rresvport(&lport);
92 		if (s < 0) {
93 			if (errno == EAGAIN)
94 				(void)fprintf(stderr,
95 				    "rcmd: socket: All ports in use\n");
96 			else
97 				(void)fprintf(stderr, "rcmd: socket: %s\n",
98 				    strerror(errno));
99 			sigsetmask(oldmask);
100 			return (-1);
101 		}
102 		fcntl(s, F_SETOWN, pid);
103 		bzero(&sin, sizeof sin);
104 		sin.sin_len = sizeof(struct sockaddr_in);
105 		sin.sin_family = hp->h_addrtype;
106 		sin.sin_port = rport;
107 		bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr));
108 		if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
109 			break;
110 		(void)close(s);
111 		if (errno == EADDRINUSE) {
112 			lport--;
113 			continue;
114 		}
115 		if (errno == ECONNREFUSED && timo <= 16) {
116 			(void)sleep(timo);
117 			timo *= 2;
118 			continue;
119 		}
120 		if (hp->h_addr_list[1] != NULL) {
121 			int oerrno = errno;
122 
123 			(void)fprintf(stderr, "connect to address %s: ",
124 			    inet_ntoa(sin.sin_addr));
125 			errno = oerrno;
126 			perror(0);
127 			hp->h_addr_list++;
128 			bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr));
129 			(void)fprintf(stderr, "Trying %s...\n",
130 			    inet_ntoa(sin.sin_addr));
131 			continue;
132 		}
133 		(void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno));
134 		sigsetmask(oldmask);
135 		return (-1);
136 	}
137 	lport--;
138 	if (fd2p == 0) {
139 		write(s, "", 1);
140 		lport = 0;
141 	} else {
142 		char num[8];
143 		int s2 = rresvport(&lport), s3;
144 		int len = sizeof(from);
145 		int nfds;
146 
147 		if (s2 < 0)
148 			goto bad;
149 		listen(s2, 1);
150 		(void)snprintf(num, sizeof(num), "%d", lport);
151 		if (write(s, num, strlen(num)+1) != strlen(num)+1) {
152 			(void)fprintf(stderr,
153 			    "rcmd: write (setting up stderr): %s\n",
154 			    strerror(errno));
155 			(void)close(s2);
156 			goto bad;
157 		}
158 		nfds = max(s, s2)+1;
159 		if(nfds > FD_SETSIZE) {
160 			fprintf(stderr, "rcmd: too many files\n");
161 			(void)close(s2);
162 			goto bad;
163 		}
164 again:
165 		FD_ZERO(&reads);
166 		FD_SET(s, &reads);
167 		FD_SET(s2, &reads);
168 		errno = 0;
169 		if (select(nfds, &reads, 0, 0, 0) < 1 || !FD_ISSET(s2, &reads)){
170 			if (errno != 0)
171 				(void)fprintf(stderr,
172 				    "rcmd: select (setting up stderr): %s\n",
173 				    strerror(errno));
174 			else
175 				(void)fprintf(stderr,
176 				"select: protocol failure in circuit setup\n");
177 			(void)close(s2);
178 			goto bad;
179 		}
180 		s3 = accept(s2, (struct sockaddr *)&from, &len);
181 		/*
182 		 * XXX careful for ftp bounce attacks. If discovered, shut them
183 		 * down and check for the real auxiliary channel to connect.
184 		 */
185 		if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
186 			close(s3);
187 			goto again;
188 		}
189 		(void)close(s2);
190 		if (s3 < 0) {
191 			(void)fprintf(stderr,
192 			    "rcmd: accept: %s\n", strerror(errno));
193 			lport = 0;
194 			goto bad;
195 		}
196 		*fd2p = s3;
197 		from.sin_port = ntohs((u_short)from.sin_port);
198 		if (from.sin_family != AF_INET ||
199 		    from.sin_port >= IPPORT_RESERVED ||
200 		    from.sin_port < IPPORT_RESERVED / 2) {
201 			(void)fprintf(stderr,
202 			    "socket: protocol failure in circuit setup.\n");
203 			goto bad2;
204 		}
205 	}
206 	(void)write(s, locuser, strlen(locuser)+1);
207 	(void)write(s, remuser, strlen(remuser)+1);
208 	(void)write(s, cmd, strlen(cmd)+1);
209 	if (read(s, &c, 1) != 1) {
210 		(void)fprintf(stderr,
211 		    "rcmd: %s: %s\n", *ahost, strerror(errno));
212 		goto bad2;
213 	}
214 	if (c != 0) {
215 		while (read(s, &c, 1) == 1) {
216 			(void)write(STDERR_FILENO, &c, 1);
217 			if (c == '\n')
218 				break;
219 		}
220 		goto bad2;
221 	}
222 	sigsetmask(oldmask);
223 	return (s);
224 bad2:
225 	if (lport)
226 		(void)close(*fd2p);
227 bad:
228 	(void)close(s);
229 	sigsetmask(oldmask);
230 	return (-1);
231 }
232 
233 int
234 rresvport(alport)
235 	int *alport;
236 {
237 	struct sockaddr_in sin;
238 	int s;
239 
240 	bzero(&sin, sizeof sin);
241 	sin.sin_len = sizeof(struct sockaddr_in);
242 	sin.sin_family = AF_INET;
243 	sin.sin_addr.s_addr = INADDR_ANY;
244 	s = socket(AF_INET, SOCK_STREAM, 0);
245 	if (s < 0)
246 		return (-1);
247 #if 0 /* compat_exact_traditional_rresvport_semantics */
248 	sin.sin_port = htons((u_short)*alport);
249 	if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
250 		return (s);
251 	if (errno != EADDRINUSE) {
252 		(void)close(s);
253 		return (-1);
254 	}
255 #endif
256 	sin.sin_port = 0;
257 	if (bindresvport(s, &sin) == -1) {
258 		(void)close(s);
259 		return (-1);
260 	}
261 	*alport = (int)ntohs(sin.sin_port);
262 	return (s);
263 }
264 
265 int	__check_rhosts_file = 1;
266 char	*__rcmd_errstr;
267 
268 int
269 ruserok(rhost, superuser, ruser, luser)
270 	const char *rhost, *ruser, *luser;
271 	int superuser;
272 {
273 	struct hostent *hp;
274 	u_int32_t addr;
275 	char **ap;
276 
277 	if ((hp = gethostbyname(rhost)) == NULL)
278 		return (-1);
279 	for (ap = hp->h_addr_list; *ap; ++ap) {
280 		bcopy(*ap, &addr, sizeof(addr));
281 		if (iruserok(addr, superuser, ruser, luser) == 0)
282 			return (0);
283 	}
284 	return (-1);
285 }
286 
287 /*
288  * New .rhosts strategy: We are passed an ip address. We spin through
289  * hosts.equiv and .rhosts looking for a match. When the .rhosts only
290  * has ip addresses, we don't have to trust a nameserver.  When it
291  * contains hostnames, we spin through the list of addresses the nameserver
292  * gives us and look for a match.
293  *
294  * Returns 0 if ok, -1 if not ok.
295  */
296 int
297 iruserok(raddr, superuser, ruser, luser)
298 	unsigned long raddr;
299 	int superuser;
300 	const char *ruser, *luser;
301 {
302 	register char *cp;
303 	struct stat sbuf;
304 	struct passwd *pwd;
305 	FILE *hostf;
306 	uid_t uid;
307 	int first;
308 	char pbuf[MAXPATHLEN];
309 
310 	first = 1;
311 	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
312 again:
313 	if (hostf) {
314 		if (__ivaliduser(hostf, (u_int32_t)raddr, luser, ruser) == 0) {
315 			(void)fclose(hostf);
316 			return (0);
317 		}
318 		(void)fclose(hostf);
319 	}
320 	if (first == 1 && (__check_rhosts_file || superuser)) {
321 		first = 0;
322 		if ((pwd = getpwnam(luser)) == NULL)
323 			return (-1);
324 		(void)strcpy(pbuf, pwd->pw_dir);
325 		(void)strcat(pbuf, "/.rhosts");
326 
327 		/*
328 		 * Change effective uid while opening .rhosts.  If root and
329 		 * reading an NFS mounted file system, can't read files that
330 		 * are protected read/write owner only.
331 		 */
332 		uid = geteuid();
333 		(void)seteuid(pwd->pw_uid);
334 		hostf = fopen(pbuf, "r");
335 		(void)seteuid(uid);
336 
337 		if (hostf == NULL)
338 			return (-1);
339 		/*
340 		 * If not a regular file, or is owned by someone other than
341 		 * user or root or if writeable by anyone but the owner, quit.
342 		 */
343 		cp = NULL;
344 		if (lstat(pbuf, &sbuf) < 0)
345 			cp = ".rhosts lstat failed";
346 		else if (!S_ISREG(sbuf.st_mode))
347 			cp = ".rhosts not regular file";
348 		else if (fstat(fileno(hostf), &sbuf) < 0)
349 			cp = ".rhosts fstat failed";
350 		else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
351 			cp = "bad .rhosts owner";
352 		else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
353 			cp = ".rhosts writeable by other than owner";
354 		/* If there were any problems, quit. */
355 		if (cp) {
356 			__rcmd_errstr = cp;
357 			(void)fclose(hostf);
358 			return (-1);
359 		}
360 		goto again;
361 	}
362 	return (-1);
363 }
364 
365 /*
366  * XXX
367  * Don't make static, used by lpd(8).
368  *
369  * Returns 0 if ok, -1 if not ok.
370  */
371 int
372 __ivaliduser(hostf, raddr, luser, ruser)
373 	FILE *hostf;
374 	u_int32_t raddr;
375 	const char *luser, *ruser;
376 {
377 	register char *user, *p;
378 	int ch;
379 	char buf[MAXHOSTNAMELEN + 128];		/* host + login */
380 	char hname[MAXHOSTNAMELEN];
381 	struct hostent *hp;
382 	/* Presumed guilty until proven innocent. */
383 	int userok = 0, hostok = 0;
384 #ifdef YP
385 	char *ypdomain;
386 
387 	if (yp_get_default_domain(&ypdomain))
388 		ypdomain = NULL;
389 #else
390 #define	ypdomain NULL
391 #endif
392 	/* We need to get the damn hostname back for netgroup matching. */
393 	if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_int32_t),
394 							AF_INET)) == NULL)
395 		return (-1);
396 	strncpy(hname, hp->h_name, sizeof(hname));
397 	hname[sizeof(hname) - 1] = '\0';
398 
399 	while (fgets(buf, sizeof(buf), hostf)) {
400 		p = buf;
401 		/* Skip lines that are too long. */
402 		if (strchr(p, '\n') == NULL) {
403 			while ((ch = getc(hostf)) != '\n' && ch != EOF);
404 			continue;
405 		}
406 		if (*p == '\n' || *p == '#') {
407 			/* comment... */
408 			continue;
409 		}
410 		while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
411 			*p = isupper(*p) ? tolower(*p) : *p;
412 			p++;
413 		}
414 		if (*p == ' ' || *p == '\t') {
415 			*p++ = '\0';
416 			while (*p == ' ' || *p == '\t')
417 				p++;
418 			user = p;
419 			while (*p != '\n' && *p != ' ' &&
420 			    *p != '\t' && *p != '\0')
421 				p++;
422 		} else
423 			user = p;
424 		*p = '\0';
425 		/*
426 		 * Do +/- and +@/-@ checking. This looks really nasty,
427 		 * but it matches SunOS's behavior so far as I can tell.
428 		 */
429 		switch(buf[0]) {
430 		case '+':
431 			if (!buf[1]) {     /* '+' matches all hosts */
432 				hostok = 1;
433 				break;
434 			}
435 			if (buf[1] == '@')  /* match a host by netgroup */
436 				hostok = innetgr((char *)&buf[2],
437 					(char *)&hname, NULL, ypdomain);
438 			else		/* match a host by addr */
439 				hostok = __icheckhost(raddr,(char *)&buf[1]);
440 			break;
441 		case '-':     /* reject '-' hosts and all their users */
442 			if (buf[1] == '@') {
443 				if (innetgr((char *)&buf[2],
444 					      (char *)&hname, NULL, ypdomain))
445 					return(-1);
446 			} else {
447 				if (__icheckhost(raddr,(char *)&buf[1]))
448 					return(-1);
449 			}
450 			break;
451 		default:  /* if no '+' or '-', do a simple match */
452 			hostok = __icheckhost(raddr, buf);
453 			break;
454 		}
455 		switch(*user) {
456 		case '+':
457 			if (!*(user+1)) {      /* '+' matches all users */
458 				userok = 1;
459 				break;
460 			}
461 			if (*(user+1) == '@')  /* match a user by netgroup */
462 				userok = innetgr(user+2, NULL, ruser, ypdomain);
463 			else	   /* match a user by direct specification */
464 				userok = !(strcmp(ruser, user+1));
465 			break;
466 		case '-': 		/* if we matched a hostname, */
467 			if (hostok) {   /* check for user field rejections */
468 				if (!*(user+1))
469 					return(-1);
470 				if (*(user+1) == '@') {
471 					if (innetgr(user+2, NULL,
472 							ruser, ypdomain))
473 						return(-1);
474 				} else {
475 					if (!strcmp(ruser, user+1))
476 						return(-1);
477 				}
478 			}
479 			break;
480 		default:	/* no rejections: try to match the user */
481 			if (hostok)
482 				userok = !(strcmp(ruser,*user ? user : luser));
483 			break;
484 		}
485 		if (hostok && userok)
486 			return(0);
487 	}
488 	return (-1);
489 }
490 
491 /*
492  * Returns "true" if match, 0 if no match.
493  */
494 static int
495 __icheckhost(raddr, lhost)
496 	u_int32_t raddr;
497 	register char *lhost;
498 {
499 	register struct hostent *hp;
500 	register u_int32_t laddr;
501 	register char **pp;
502 
503 	/* Try for raw ip address first. */
504 	if (isdigit(*lhost) && (u_int32_t)(laddr = inet_addr(lhost)) != -1)
505 		return (raddr == laddr);
506 
507 	/* Better be a hostname. */
508 	if ((hp = gethostbyname(lhost)) == NULL)
509 		return (0);
510 
511 	/* Spin through ip addresses. */
512 	for (pp = hp->h_addr_list; *pp; ++pp)
513 		if (!bcmp(&raddr, *pp, sizeof(u_int32_t)))
514 			return (1);
515 
516 	/* No match. */
517 	return (0);
518 }
519