17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
57243fb49Sjbeck * Common Development and Distribution License (the "License").
67243fb49Sjbeck * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217243fb49Sjbeck
227c478bd9Sstevel@tonic-gate /*
23*0b4fd3b1SSurya Prakki * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
247c478bd9Sstevel@tonic-gate * Use is subject to license terms.
257c478bd9Sstevel@tonic-gate */
267c478bd9Sstevel@tonic-gate
277c478bd9Sstevel@tonic-gate /* Copyright (c) 1983-1989 AT&T */
287c478bd9Sstevel@tonic-gate /* All Rights Reserved */
297c478bd9Sstevel@tonic-gate
307c478bd9Sstevel@tonic-gate /*
317c478bd9Sstevel@tonic-gate * Portions of this source code were derived from Berkeley 4.3 BSD
327c478bd9Sstevel@tonic-gate * under license from the Regents of the University of California.
337c478bd9Sstevel@tonic-gate */
347c478bd9Sstevel@tonic-gate
357c478bd9Sstevel@tonic-gate #define _FILE_OFFSET_BITS 64
367c478bd9Sstevel@tonic-gate
377c478bd9Sstevel@tonic-gate /*
387c478bd9Sstevel@tonic-gate * remote shell server:
397c478bd9Sstevel@tonic-gate * remuser\0
407c478bd9Sstevel@tonic-gate * locuser\0
417c478bd9Sstevel@tonic-gate * command\0
427c478bd9Sstevel@tonic-gate * data
437c478bd9Sstevel@tonic-gate */
447c478bd9Sstevel@tonic-gate #include <sys/types.h>
457c478bd9Sstevel@tonic-gate #include <sys/ioctl.h>
467c478bd9Sstevel@tonic-gate #include <sys/telioctl.h>
477c478bd9Sstevel@tonic-gate #include <sys/param.h>
487c478bd9Sstevel@tonic-gate #include <sys/socket.h>
497c478bd9Sstevel@tonic-gate #include <sys/time.h>
507c478bd9Sstevel@tonic-gate #include <sys/stat.h>
517c478bd9Sstevel@tonic-gate #include <sys/file.h>
527c478bd9Sstevel@tonic-gate #include <sys/select.h>
537c478bd9Sstevel@tonic-gate
547c478bd9Sstevel@tonic-gate #include <netinet/in.h>
557c478bd9Sstevel@tonic-gate
567c478bd9Sstevel@tonic-gate #include <arpa/inet.h>
577c478bd9Sstevel@tonic-gate
587c478bd9Sstevel@tonic-gate #include <unistd.h>
597c478bd9Sstevel@tonic-gate #include <string.h>
607c478bd9Sstevel@tonic-gate #include <stdio.h>
617c478bd9Sstevel@tonic-gate #include <stdarg.h>
627c478bd9Sstevel@tonic-gate #include <errno.h>
637c478bd9Sstevel@tonic-gate #include <pwd.h>
647c478bd9Sstevel@tonic-gate #include <grp.h>
657c478bd9Sstevel@tonic-gate #include <signal.h>
667c478bd9Sstevel@tonic-gate #include <netdb.h>
677c478bd9Sstevel@tonic-gate #include <syslog.h>
687c478bd9Sstevel@tonic-gate #include <fcntl.h>
697c478bd9Sstevel@tonic-gate #include <ctype.h>
707c478bd9Sstevel@tonic-gate #include <locale.h>
717c478bd9Sstevel@tonic-gate
727c478bd9Sstevel@tonic-gate #include <sys/resource.h>
737c478bd9Sstevel@tonic-gate #include <sys/filio.h>
747c478bd9Sstevel@tonic-gate #include <shadow.h>
757c478bd9Sstevel@tonic-gate #include <stdlib.h>
767c478bd9Sstevel@tonic-gate
777c478bd9Sstevel@tonic-gate #include <security/pam_appl.h>
7857c40785SJoep Vesseur #include <deflt.h>
797c478bd9Sstevel@tonic-gate
807c478bd9Sstevel@tonic-gate #include <k5-int.h>
817c478bd9Sstevel@tonic-gate #include <krb5_repository.h>
827c478bd9Sstevel@tonic-gate #include <com_err.h>
837c478bd9Sstevel@tonic-gate #include <kcmd.h>
847c478bd9Sstevel@tonic-gate
857243fb49Sjbeck #include <addr_match.h>
8632885d59Sgtb #include <store_forw_creds.h>
877243fb49Sjbeck
887c478bd9Sstevel@tonic-gate #ifndef NCARGS
897c478bd9Sstevel@tonic-gate #define NCARGS 5120
907c478bd9Sstevel@tonic-gate #endif /* !NCARGS */
917c478bd9Sstevel@tonic-gate
927c478bd9Sstevel@tonic-gate static void error(char *, ...);
937c478bd9Sstevel@tonic-gate static void doit(int, struct sockaddr_storage *, char **);
947c478bd9Sstevel@tonic-gate static void getstr(int, char *, int, char *);
957c478bd9Sstevel@tonic-gate
967c478bd9Sstevel@tonic-gate static int legalenvvar(char *);
977c478bd9Sstevel@tonic-gate static void add_to_envinit(char *);
987c478bd9Sstevel@tonic-gate static int locale_envmatch(char *, char *);
997c478bd9Sstevel@tonic-gate
1007c478bd9Sstevel@tonic-gate /* Function decls. for functions not in any header file. (Grrrr.) */
1017c478bd9Sstevel@tonic-gate extern int audit_rshd_setup(void);
1027c478bd9Sstevel@tonic-gate extern int audit_rshd_success(char *, char *, char *, char *);
1037c478bd9Sstevel@tonic-gate extern int audit_rshd_fail(char *, char *, char *, char *, char *);
1047c478bd9Sstevel@tonic-gate extern int audit_settid(int);
1057c478bd9Sstevel@tonic-gate
1067c478bd9Sstevel@tonic-gate static int do_encrypt = 0;
1077c478bd9Sstevel@tonic-gate static pam_handle_t *pamh;
1087c478bd9Sstevel@tonic-gate
1097c478bd9Sstevel@tonic-gate /*
1107c478bd9Sstevel@tonic-gate * This is the shell/kshell daemon. The very basic protocol for checking
1117c478bd9Sstevel@tonic-gate * authentication and authorization is:
1127c478bd9Sstevel@tonic-gate * 1) Check authentication.
1137c478bd9Sstevel@tonic-gate * 2) Check authorization via the access-control files:
1147c478bd9Sstevel@tonic-gate * ~/.k5login (using krb5_kuserok) and/or
1157c478bd9Sstevel@tonic-gate * Execute command if configured authoriztion checks pass, else deny
1167c478bd9Sstevel@tonic-gate * permission.
1177c478bd9Sstevel@tonic-gate *
1187c478bd9Sstevel@tonic-gate * The configuration is done either by command-line arguments passed by inetd,
1197c478bd9Sstevel@tonic-gate * or by the name of the daemon. If command-line arguments are present, they
1207c478bd9Sstevel@tonic-gate * take priority. The options are:
1217c478bd9Sstevel@tonic-gate * -k allow kerberos authentication (krb5 only; krb4 support is not provided)
1227c478bd9Sstevel@tonic-gate * -5 same as `-k', mainly for compatability with MIT
1237c478bd9Sstevel@tonic-gate * -e allow encrypted session
1247c478bd9Sstevel@tonic-gate * -c demand authenticator checksum
1257c478bd9Sstevel@tonic-gate * -i ignore authenticator checksum
1267c478bd9Sstevel@tonic-gate * -U Refuse connections that cannot be mapped to a name via `gethostbyname'
1277c478bd9Sstevel@tonic-gate * -s <tos> Set the IP TOS option
1287c478bd9Sstevel@tonic-gate * -S <keytab> Set the keytab file to use
1297c478bd9Sstevel@tonic-gate * -M <realm> Set the Kerberos realm to use
1307c478bd9Sstevel@tonic-gate */
1317c478bd9Sstevel@tonic-gate
1327c478bd9Sstevel@tonic-gate #define ARGSTR "ek5ciUD:M:S:L:?:"
1337c478bd9Sstevel@tonic-gate #define RSHD_BUFSIZ (50 * 1024)
1347c478bd9Sstevel@tonic-gate
1357c478bd9Sstevel@tonic-gate static krb5_context bsd_context;
1367c478bd9Sstevel@tonic-gate static krb5_keytab keytab = NULL;
1377c478bd9Sstevel@tonic-gate static krb5_ccache ccache = NULL;
1387c478bd9Sstevel@tonic-gate static krb5_keyblock *sessionkey = NULL;
1397c478bd9Sstevel@tonic-gate
1407c478bd9Sstevel@tonic-gate static int require_encrypt = 0;
1417c478bd9Sstevel@tonic-gate static int resolve_hostname = 0;
1427c478bd9Sstevel@tonic-gate static int krb5auth_flag = 0; /* Flag set, when KERBEROS is enabled */
1437c478bd9Sstevel@tonic-gate static enum kcmd_proto kcmd_protocol;
1447c478bd9Sstevel@tonic-gate
1457c478bd9Sstevel@tonic-gate #ifdef DEBUG
1467c478bd9Sstevel@tonic-gate static int debug_port = 0;
1477c478bd9Sstevel@tonic-gate #endif /* DEBUG */
1487c478bd9Sstevel@tonic-gate
1497c478bd9Sstevel@tonic-gate /*
1507c478bd9Sstevel@tonic-gate * There are two authentication related masks:
1517c478bd9Sstevel@tonic-gate * auth_ok and auth_sent.
1527c478bd9Sstevel@tonic-gate * The auth_ok mask is the or'ing of authentication
1537c478bd9Sstevel@tonic-gate * systems any one of which can be used.
1547c478bd9Sstevel@tonic-gate * The auth_sent mask is the or'ing of one or more authentication/authorization
1557c478bd9Sstevel@tonic-gate * systems that succeeded. If the and'ing
1567c478bd9Sstevel@tonic-gate * of these two masks is true, then authorization is successful.
1577c478bd9Sstevel@tonic-gate */
1587c478bd9Sstevel@tonic-gate
1597c478bd9Sstevel@tonic-gate #define AUTH_KRB5 (0x2)
1607c478bd9Sstevel@tonic-gate static int auth_ok = 0;
1617c478bd9Sstevel@tonic-gate static int auth_sent = 0;
1627c478bd9Sstevel@tonic-gate static int checksum_required = 0;
1637c478bd9Sstevel@tonic-gate static int checksum_ignored = 0;
1647c478bd9Sstevel@tonic-gate
1657c478bd9Sstevel@tonic-gate /*
1667c478bd9Sstevel@tonic-gate * Leave room for 4 environment variables to be passed.
1677c478bd9Sstevel@tonic-gate * The "-L env_var" option has been added primarily to
1687c478bd9Sstevel@tonic-gate * maintain compatability with MIT.
1697c478bd9Sstevel@tonic-gate */
1707c478bd9Sstevel@tonic-gate #define MAXENV 4
1717c478bd9Sstevel@tonic-gate static char *save_env[MAXENV];
1727c478bd9Sstevel@tonic-gate static int num_env = 0;
1737c478bd9Sstevel@tonic-gate
1747c478bd9Sstevel@tonic-gate static void usage(void);
1757c478bd9Sstevel@tonic-gate static krb5_error_code recvauth(int, int *);
1767c478bd9Sstevel@tonic-gate
1777c478bd9Sstevel@tonic-gate /*ARGSUSED*/
178740638c8Sbw int
main(int argc,char ** argv,char ** renvp)1797c478bd9Sstevel@tonic-gate main(int argc, char **argv, char **renvp)
1807c478bd9Sstevel@tonic-gate {
1817c478bd9Sstevel@tonic-gate struct linger linger;
1827c478bd9Sstevel@tonic-gate int on = 1, fromlen;
1837c478bd9Sstevel@tonic-gate struct sockaddr_storage from;
1847c478bd9Sstevel@tonic-gate int fd = 0;
1857c478bd9Sstevel@tonic-gate
1867c478bd9Sstevel@tonic-gate extern int opterr, optind;
1877c478bd9Sstevel@tonic-gate extern char *optarg;
1887c478bd9Sstevel@tonic-gate int ch;
1897c478bd9Sstevel@tonic-gate int tos = -1;
1907c478bd9Sstevel@tonic-gate krb5_error_code status;
1917c478bd9Sstevel@tonic-gate
1927c478bd9Sstevel@tonic-gate openlog("rsh", LOG_PID | LOG_ODELAY, LOG_DAEMON);
1937c478bd9Sstevel@tonic-gate (void) audit_rshd_setup(); /* BSM */
1947c478bd9Sstevel@tonic-gate fromlen = sizeof (from);
1957c478bd9Sstevel@tonic-gate
1967c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, "");
1977c478bd9Sstevel@tonic-gate
1987c478bd9Sstevel@tonic-gate /*
1997c478bd9Sstevel@tonic-gate * Analyze parameters.
2007c478bd9Sstevel@tonic-gate */
2017c478bd9Sstevel@tonic-gate opterr = 0;
2027c478bd9Sstevel@tonic-gate while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
2037c478bd9Sstevel@tonic-gate switch (ch) {
2047c478bd9Sstevel@tonic-gate case '5':
2057c478bd9Sstevel@tonic-gate case 'k':
2067c478bd9Sstevel@tonic-gate auth_ok |= AUTH_KRB5;
2077c478bd9Sstevel@tonic-gate krb5auth_flag++;
2087c478bd9Sstevel@tonic-gate break;
2097c478bd9Sstevel@tonic-gate
2107c478bd9Sstevel@tonic-gate case 'c':
2117c478bd9Sstevel@tonic-gate checksum_required = 1;
2127c478bd9Sstevel@tonic-gate krb5auth_flag++;
2137c478bd9Sstevel@tonic-gate break;
2147c478bd9Sstevel@tonic-gate case 'i':
2157c478bd9Sstevel@tonic-gate checksum_ignored = 1;
2167c478bd9Sstevel@tonic-gate krb5auth_flag++;
2177c478bd9Sstevel@tonic-gate break;
2187c478bd9Sstevel@tonic-gate
2197c478bd9Sstevel@tonic-gate case 'e':
2207c478bd9Sstevel@tonic-gate require_encrypt = 1;
2217c478bd9Sstevel@tonic-gate krb5auth_flag++;
2227c478bd9Sstevel@tonic-gate break;
2237c478bd9Sstevel@tonic-gate #ifdef DEBUG
2247c478bd9Sstevel@tonic-gate case 'D':
2257c478bd9Sstevel@tonic-gate debug_port = atoi(optarg);
2267c478bd9Sstevel@tonic-gate break;
2277c478bd9Sstevel@tonic-gate #endif /* DEBUG */
2287c478bd9Sstevel@tonic-gate case 'U':
2297c478bd9Sstevel@tonic-gate resolve_hostname = 1;
2307c478bd9Sstevel@tonic-gate break;
2317c478bd9Sstevel@tonic-gate
2327c478bd9Sstevel@tonic-gate case 'M':
233*0b4fd3b1SSurya Prakki (void) krb5_set_default_realm(bsd_context, optarg);
2347c478bd9Sstevel@tonic-gate krb5auth_flag++;
2357c478bd9Sstevel@tonic-gate break;
2367c478bd9Sstevel@tonic-gate
2377c478bd9Sstevel@tonic-gate case 'S':
2387c478bd9Sstevel@tonic-gate if ((status = krb5_kt_resolve(bsd_context, optarg,
2397c478bd9Sstevel@tonic-gate &keytab))) {
2407c478bd9Sstevel@tonic-gate com_err("rsh", status,
2417c478bd9Sstevel@tonic-gate gettext("while resolving "
2427c478bd9Sstevel@tonic-gate "srvtab file %s"), optarg);
2437c478bd9Sstevel@tonic-gate exit(2);
2447c478bd9Sstevel@tonic-gate }
2457c478bd9Sstevel@tonic-gate krb5auth_flag++;
2467c478bd9Sstevel@tonic-gate break;
2477c478bd9Sstevel@tonic-gate
2487c478bd9Sstevel@tonic-gate case 's':
2497c478bd9Sstevel@tonic-gate if (optarg == NULL || ((tos = atoi(optarg)) < 0) ||
2507c478bd9Sstevel@tonic-gate (tos > 255)) {
2517c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "rshd: illegal tos value: "
2527c478bd9Sstevel@tonic-gate "%s\n", optarg);
2537c478bd9Sstevel@tonic-gate }
2547c478bd9Sstevel@tonic-gate break;
2557c478bd9Sstevel@tonic-gate
2567c478bd9Sstevel@tonic-gate case 'L':
2577c478bd9Sstevel@tonic-gate if (num_env < MAXENV) {
2587c478bd9Sstevel@tonic-gate save_env[num_env] = strdup(optarg);
2597c478bd9Sstevel@tonic-gate if (!save_env[num_env++]) {
2607c478bd9Sstevel@tonic-gate com_err("rsh", ENOMEM,
2617c478bd9Sstevel@tonic-gate gettext("in saving env"));
2627c478bd9Sstevel@tonic-gate exit(2);
2637c478bd9Sstevel@tonic-gate }
2647c478bd9Sstevel@tonic-gate } else {
2657c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("rshd: Only %d"
2667c478bd9Sstevel@tonic-gate " -L arguments allowed\n"),
2677c478bd9Sstevel@tonic-gate MAXENV);
2687c478bd9Sstevel@tonic-gate exit(2);
2697c478bd9Sstevel@tonic-gate }
2707c478bd9Sstevel@tonic-gate break;
2717c478bd9Sstevel@tonic-gate
2727c478bd9Sstevel@tonic-gate case '?':
2737c478bd9Sstevel@tonic-gate default:
2747c478bd9Sstevel@tonic-gate usage();
2757c478bd9Sstevel@tonic-gate exit(1);
2767c478bd9Sstevel@tonic-gate break;
2777c478bd9Sstevel@tonic-gate }
2787c478bd9Sstevel@tonic-gate
2797c478bd9Sstevel@tonic-gate if (optind == 0) {
2807c478bd9Sstevel@tonic-gate usage();
2817c478bd9Sstevel@tonic-gate exit(1);
2827c478bd9Sstevel@tonic-gate }
2837c478bd9Sstevel@tonic-gate argc -= optind;
2847c478bd9Sstevel@tonic-gate argv += optind;
2857c478bd9Sstevel@tonic-gate
2867c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0) {
2877c478bd9Sstevel@tonic-gate status = krb5_init_context(&bsd_context);
2887c478bd9Sstevel@tonic-gate if (status) {
2897c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "Error initializing krb5: %s",
2907c478bd9Sstevel@tonic-gate error_message(status));
2917c478bd9Sstevel@tonic-gate exit(1);
2927c478bd9Sstevel@tonic-gate }
2937c478bd9Sstevel@tonic-gate }
2947c478bd9Sstevel@tonic-gate
2957c478bd9Sstevel@tonic-gate if (!checksum_required && !checksum_ignored)
2967c478bd9Sstevel@tonic-gate checksum_ignored = 1;
2977c478bd9Sstevel@tonic-gate
2987c478bd9Sstevel@tonic-gate if (checksum_required && checksum_ignored) {
2997c478bd9Sstevel@tonic-gate syslog(LOG_CRIT, gettext("Checksums are required and ignored."
3007c478bd9Sstevel@tonic-gate "These options are mutually exclusive"
3017c478bd9Sstevel@tonic-gate "--check the documentation."));
3027c478bd9Sstevel@tonic-gate error("Configuration error: mutually exclusive "
3037c478bd9Sstevel@tonic-gate "options specified.\n");
3047c478bd9Sstevel@tonic-gate exit(1);
3057c478bd9Sstevel@tonic-gate }
3067c478bd9Sstevel@tonic-gate
3077c478bd9Sstevel@tonic-gate #ifdef DEBUG
3087c478bd9Sstevel@tonic-gate if (debug_port) {
3097c478bd9Sstevel@tonic-gate int s;
3107c478bd9Sstevel@tonic-gate struct sockaddr_in sin;
3117c478bd9Sstevel@tonic-gate
3127c478bd9Sstevel@tonic-gate if ((s = socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) < 0) {
3137c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Error in socket: %s\n"),
3147c478bd9Sstevel@tonic-gate strerror(errno));
3157c478bd9Sstevel@tonic-gate exit(2);
3167c478bd9Sstevel@tonic-gate }
3177c478bd9Sstevel@tonic-gate (void) memset((char *)&sin, 0, sizeof (sin));
3187c478bd9Sstevel@tonic-gate sin.sin_family = AF_INET;
3197c478bd9Sstevel@tonic-gate sin.sin_port = htons(debug_port);
3207c478bd9Sstevel@tonic-gate sin.sin_addr.s_addr = INADDR_ANY;
3217c478bd9Sstevel@tonic-gate
3227c478bd9Sstevel@tonic-gate (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
3237c478bd9Sstevel@tonic-gate (char *)&on, sizeof (on));
3247c478bd9Sstevel@tonic-gate
3257c478bd9Sstevel@tonic-gate if ((bind(s, (struct sockaddr *)&sin, sizeof (sin))) < 0) {
3267c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("Error in bind: %s\n"),
3277c478bd9Sstevel@tonic-gate strerror(errno));
3287c478bd9Sstevel@tonic-gate exit(2);
3297c478bd9Sstevel@tonic-gate }
3307c478bd9Sstevel@tonic-gate if ((listen(s, 5)) < 0) {
3317c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("Error in listen: %s\n"),
3327c478bd9Sstevel@tonic-gate strerror(errno));
3337c478bd9Sstevel@tonic-gate exit(2);
3347c478bd9Sstevel@tonic-gate }
3357c478bd9Sstevel@tonic-gate if ((fd = accept(s, (struct sockaddr *)&from,
3367c478bd9Sstevel@tonic-gate &fromlen)) < 0) {
3377c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("Error in accept: %s\n"),
3387c478bd9Sstevel@tonic-gate strerror(errno));
3397c478bd9Sstevel@tonic-gate exit(2);
3407c478bd9Sstevel@tonic-gate }
3417c478bd9Sstevel@tonic-gate (void) close(s);
3427c478bd9Sstevel@tonic-gate }
3437c478bd9Sstevel@tonic-gate else
3447c478bd9Sstevel@tonic-gate #endif /* DEBUG */
3457c478bd9Sstevel@tonic-gate {
3467c478bd9Sstevel@tonic-gate if (getpeername(STDIN_FILENO, (struct sockaddr *)&from,
3477c478bd9Sstevel@tonic-gate (socklen_t *)&fromlen) < 0) {
3487c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "rshd: ");
3497c478bd9Sstevel@tonic-gate perror("getpeername");
3507c478bd9Sstevel@tonic-gate _exit(1);
3517c478bd9Sstevel@tonic-gate }
3527c478bd9Sstevel@tonic-gate fd = STDIN_FILENO;
3537c478bd9Sstevel@tonic-gate }
3547c478bd9Sstevel@tonic-gate
3557c478bd9Sstevel@tonic-gate if (audit_settid(fd) != 0) {
3567c478bd9Sstevel@tonic-gate perror("settid");
3577c478bd9Sstevel@tonic-gate exit(1);
3587c478bd9Sstevel@tonic-gate }
3597c478bd9Sstevel@tonic-gate
3607c478bd9Sstevel@tonic-gate if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
3617c478bd9Sstevel@tonic-gate sizeof (on)) < 0)
3627c478bd9Sstevel@tonic-gate syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
3637c478bd9Sstevel@tonic-gate linger.l_onoff = 1;
3647c478bd9Sstevel@tonic-gate linger.l_linger = 60; /* XXX */
3657c478bd9Sstevel@tonic-gate if (setsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&linger,
3667c478bd9Sstevel@tonic-gate sizeof (linger)) < 0)
3677c478bd9Sstevel@tonic-gate syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
3687c478bd9Sstevel@tonic-gate
3697c478bd9Sstevel@tonic-gate if ((tos != -1) && (setsockopt(fd, IPPROTO_IP, IP_TOS, (char *)&tos,
3707c478bd9Sstevel@tonic-gate sizeof (tos)) < 0) &&
3717c478bd9Sstevel@tonic-gate (errno != ENOPROTOOPT)) {
3727c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "setsockopt (IP_TOS %d): %m");
3737c478bd9Sstevel@tonic-gate }
3747c478bd9Sstevel@tonic-gate
3757c478bd9Sstevel@tonic-gate doit(dup(fd), &from, renvp);
376740638c8Sbw return (0);
3777c478bd9Sstevel@tonic-gate }
3787c478bd9Sstevel@tonic-gate
3797c478bd9Sstevel@tonic-gate /*
3807c478bd9Sstevel@tonic-gate * locale environments to be passed to shells.
3817c478bd9Sstevel@tonic-gate */
3827c478bd9Sstevel@tonic-gate static char *localeenv[] = {
3837c478bd9Sstevel@tonic-gate "LANG",
3847c478bd9Sstevel@tonic-gate "LC_CTYPE", "LC_NUMERIC", "LC_TIME", "LC_COLLATE",
3857c478bd9Sstevel@tonic-gate "LC_MONETARY", "LC_MESSAGES", "LC_ALL", NULL};
3867c478bd9Sstevel@tonic-gate
3877c478bd9Sstevel@tonic-gate /*
3887c478bd9Sstevel@tonic-gate * The following is for the environment variable list
3897c478bd9Sstevel@tonic-gate * used in the call to execle(). envinit is declared here,
3907c478bd9Sstevel@tonic-gate * but populated after the call to getpwnam().
3917c478bd9Sstevel@tonic-gate */
3927c478bd9Sstevel@tonic-gate static char *homedir; /* "HOME=" */
3937c478bd9Sstevel@tonic-gate static char *shell; /* "SHELL=" */
3947c478bd9Sstevel@tonic-gate static char *username; /* "USER=" */
3957c478bd9Sstevel@tonic-gate static char *tz; /* "TZ=" */
3967c478bd9Sstevel@tonic-gate
3977c478bd9Sstevel@tonic-gate static char homestr[] = "HOME=";
3987c478bd9Sstevel@tonic-gate static char shellstr[] = "SHELL=";
3997c478bd9Sstevel@tonic-gate static char userstr[] = "USER=";
4007c478bd9Sstevel@tonic-gate static char tzstr[] = "TZ=";
4017c478bd9Sstevel@tonic-gate
4027c478bd9Sstevel@tonic-gate static char **envinit;
4037c478bd9Sstevel@tonic-gate #define PAM_ENV_ELIM 16 /* allow 16 PAM environment variables */
4047c478bd9Sstevel@tonic-gate #define USERNAME_LEN 16 /* maximum number of characters in user name */
4057c478bd9Sstevel@tonic-gate
4067c478bd9Sstevel@tonic-gate /*
4077c478bd9Sstevel@tonic-gate * See PSARC opinion 1992/025
4087c478bd9Sstevel@tonic-gate */
4097c478bd9Sstevel@tonic-gate static char userpath[] = "PATH=/usr/bin:";
4107c478bd9Sstevel@tonic-gate static char rootpath[] = "PATH=/usr/sbin:/usr/bin";
4117c478bd9Sstevel@tonic-gate
4127c478bd9Sstevel@tonic-gate static char cmdbuf[NCARGS+1];
4137c478bd9Sstevel@tonic-gate static char hostname [MAXHOSTNAMELEN + 1];
4147c478bd9Sstevel@tonic-gate static char locuser[USERNAME_LEN + 1];
4157c478bd9Sstevel@tonic-gate static char remuser[USERNAME_LEN + 1];
4167c478bd9Sstevel@tonic-gate
4177c478bd9Sstevel@tonic-gate #define KRB5_RECVAUTH_V5 5
4187c478bd9Sstevel@tonic-gate #define SIZEOF_INADDR sizeof (struct in_addr)
4197c478bd9Sstevel@tonic-gate
4207c478bd9Sstevel@tonic-gate #define MAX_REPOSITORY_LEN 255
4217c478bd9Sstevel@tonic-gate static char repository[MAX_REPOSITORY_LEN];
4227c478bd9Sstevel@tonic-gate
4237c478bd9Sstevel@tonic-gate static char *kremuser;
4247c478bd9Sstevel@tonic-gate static krb5_principal client = NULL;
4257c478bd9Sstevel@tonic-gate
4267c478bd9Sstevel@tonic-gate static char remote_addr[64];
4277c478bd9Sstevel@tonic-gate static char local_addr[64];
4287c478bd9Sstevel@tonic-gate
42957c40785SJoep Vesseur #define _PATH_DEFAULT_LOGIN "/etc/default/login"
43057c40785SJoep Vesseur
4317c478bd9Sstevel@tonic-gate static void
doit(int f,struct sockaddr_storage * fromp,char ** renvp)4327c478bd9Sstevel@tonic-gate doit(int f, struct sockaddr_storage *fromp, char **renvp)
4337c478bd9Sstevel@tonic-gate {
4347c478bd9Sstevel@tonic-gate char *cp;
4357c478bd9Sstevel@tonic-gate
4367c478bd9Sstevel@tonic-gate struct passwd *pwd;
4377c478bd9Sstevel@tonic-gate char *path;
4387c478bd9Sstevel@tonic-gate char *tzenv;
4397c478bd9Sstevel@tonic-gate struct spwd *shpwd;
4407c478bd9Sstevel@tonic-gate struct stat statb;
4417c478bd9Sstevel@tonic-gate char **lenvp;
4427c478bd9Sstevel@tonic-gate
4437c478bd9Sstevel@tonic-gate krb5_error_code status;
4447c478bd9Sstevel@tonic-gate int valid_checksum;
4457c478bd9Sstevel@tonic-gate int cnt;
4467c478bd9Sstevel@tonic-gate int sin_len;
4477c478bd9Sstevel@tonic-gate struct sockaddr_in localaddr;
4487c478bd9Sstevel@tonic-gate
4497c478bd9Sstevel@tonic-gate int s;
4507c478bd9Sstevel@tonic-gate in_port_t port;
4517c478bd9Sstevel@tonic-gate pid_t pid;
4527c478bd9Sstevel@tonic-gate int pv[2], pw[2], px[2], cc;
4537c478bd9Sstevel@tonic-gate char buf[RSHD_BUFSIZ];
4547c478bd9Sstevel@tonic-gate char sig;
4557c478bd9Sstevel@tonic-gate int one = 1;
4567c478bd9Sstevel@tonic-gate int v = 0;
4577c478bd9Sstevel@tonic-gate int err = 0;
4587c478bd9Sstevel@tonic-gate int idx = 0;
4597c478bd9Sstevel@tonic-gate char **pam_env;
4607c478bd9Sstevel@tonic-gate char abuf[INET6_ADDRSTRLEN];
4617c478bd9Sstevel@tonic-gate struct sockaddr_in *sin;
4627c478bd9Sstevel@tonic-gate struct sockaddr_in6 *sin6;
4637c478bd9Sstevel@tonic-gate int fromplen;
4647c478bd9Sstevel@tonic-gate int homedir_len, shell_len, username_len, tz_len;
4657c478bd9Sstevel@tonic-gate int no_name;
4667243fb49Sjbeck boolean_t bad_port;
4677c478bd9Sstevel@tonic-gate int netf = 0;
4687c478bd9Sstevel@tonic-gate
4697c478bd9Sstevel@tonic-gate (void) signal(SIGINT, SIG_DFL);
4707c478bd9Sstevel@tonic-gate (void) signal(SIGQUIT, SIG_DFL);
4717c478bd9Sstevel@tonic-gate (void) signal(SIGTERM, SIG_DFL);
4727c478bd9Sstevel@tonic-gate (void) signal(SIGXCPU, SIG_DFL);
4737c478bd9Sstevel@tonic-gate (void) signal(SIGXFSZ, SIG_DFL);
4747c478bd9Sstevel@tonic-gate (void) sigset(SIGCHLD, SIG_IGN);
4757c478bd9Sstevel@tonic-gate (void) signal(SIGPIPE, SIG_DFL);
4767c478bd9Sstevel@tonic-gate (void) signal(SIGHUP, SIG_DFL);
4777c478bd9Sstevel@tonic-gate
4787c478bd9Sstevel@tonic-gate #ifdef DEBUG
479*0b4fd3b1SSurya Prakki {
480*0b4fd3b1SSurya Prakki int t = open("/dev/tty", 2);
481*0b4fd3b1SSurya Prakki
4827c478bd9Sstevel@tonic-gate if (t >= 0) {
4837c478bd9Sstevel@tonic-gate (void) setsid();
4847c478bd9Sstevel@tonic-gate (void) close(t);
4857c478bd9Sstevel@tonic-gate }
4867c478bd9Sstevel@tonic-gate }
4877c478bd9Sstevel@tonic-gate #endif
4887c478bd9Sstevel@tonic-gate if (fromp->ss_family == AF_INET) {
4897c478bd9Sstevel@tonic-gate sin = (struct sockaddr_in *)fromp;
4907c478bd9Sstevel@tonic-gate port = ntohs((ushort_t)sin->sin_port);
4917c478bd9Sstevel@tonic-gate fromplen = sizeof (struct sockaddr_in);
4927c478bd9Sstevel@tonic-gate } else if (fromp->ss_family == AF_INET6) {
4937c478bd9Sstevel@tonic-gate sin6 = (struct sockaddr_in6 *)fromp;
4947c478bd9Sstevel@tonic-gate port = ntohs((ushort_t)sin6->sin6_port);
4957c478bd9Sstevel@tonic-gate fromplen = sizeof (struct sockaddr_in6);
4967c478bd9Sstevel@tonic-gate } else {
4977c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "wrong address family\n");
4987c478bd9Sstevel@tonic-gate exit(1);
4997c478bd9Sstevel@tonic-gate }
5007c478bd9Sstevel@tonic-gate
5017243fb49Sjbeck if (fromp->ss_family == AF_INET6) {
5027243fb49Sjbeck if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
5037243fb49Sjbeck struct in_addr ipv4_addr;
5047243fb49Sjbeck
5057243fb49Sjbeck IN6_V4MAPPED_TO_INADDR(&sin6->sin6_addr, &ipv4_addr);
5067243fb49Sjbeck (void) inet_ntop(AF_INET, &ipv4_addr, abuf,
5077243fb49Sjbeck sizeof (abuf));
5087243fb49Sjbeck } else {
5097243fb49Sjbeck (void) inet_ntop(AF_INET6, &sin6->sin6_addr, abuf,
5107243fb49Sjbeck sizeof (abuf));
5117243fb49Sjbeck }
5127243fb49Sjbeck } else if (fromp->ss_family == AF_INET) {
5137243fb49Sjbeck (void) inet_ntop(AF_INET, &sin->sin_addr, abuf, sizeof (abuf));
5147243fb49Sjbeck }
5157243fb49Sjbeck
5167c478bd9Sstevel@tonic-gate sin_len = sizeof (struct sockaddr_in);
5177243fb49Sjbeck if (getsockname(f, (struct sockaddr *)&localaddr, &sin_len) < 0) {
5187c478bd9Sstevel@tonic-gate perror("getsockname");
5197c478bd9Sstevel@tonic-gate exit(1);
5207c478bd9Sstevel@tonic-gate }
5217c478bd9Sstevel@tonic-gate
5227c478bd9Sstevel@tonic-gate netf = f;
5237c478bd9Sstevel@tonic-gate
5247c478bd9Sstevel@tonic-gate bad_port = (port >= IPPORT_RESERVED ||
5257c478bd9Sstevel@tonic-gate port < (uint_t)(IPPORT_RESERVED/2));
5267c478bd9Sstevel@tonic-gate
5277243fb49Sjbeck /* Get the name of the client side host to use later */
5287c478bd9Sstevel@tonic-gate no_name = (getnameinfo((const struct sockaddr *) fromp, fromplen,
5297c478bd9Sstevel@tonic-gate hostname, sizeof (hostname), NULL, 0, 0) != 0);
5307c478bd9Sstevel@tonic-gate
5317243fb49Sjbeck if (bad_port || no_name != 0) {
5327243fb49Sjbeck /*
5337243fb49Sjbeck * If there is no host name available then use the
5347243fb49Sjbeck * IP address to identify the host in the PAM call
5357243fb49Sjbeck * below. Do the same if a bad port was used, to
5367243fb49Sjbeck * prevent untrustworthy authentication.
5377243fb49Sjbeck */
5387243fb49Sjbeck (void) strlcpy(hostname, abuf, sizeof (hostname));
5397243fb49Sjbeck }
5407243fb49Sjbeck
5417c478bd9Sstevel@tonic-gate if (no_name != 0) {
5427c478bd9Sstevel@tonic-gate /*
5437c478bd9Sstevel@tonic-gate * If the '-U' option was given on the cmd line,
5447c478bd9Sstevel@tonic-gate * we must be able to lookup the hostname
5457c478bd9Sstevel@tonic-gate */
5467c478bd9Sstevel@tonic-gate if (resolve_hostname) {
5477c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "rshd: Couldn't resolve your "
5487c478bd9Sstevel@tonic-gate "address into a host name.\r\n Please "
5497c478bd9Sstevel@tonic-gate "contact your net administrator");
5507c478bd9Sstevel@tonic-gate exit(1);
5517243fb49Sjbeck }
5527c478bd9Sstevel@tonic-gate } else {
5537c478bd9Sstevel@tonic-gate /*
5547243fb49Sjbeck * Even if getnameinfo() succeeded, we still have to check
5557243fb49Sjbeck * for spoofing.
5567c478bd9Sstevel@tonic-gate */
5577243fb49Sjbeck check_address("rshd", fromp, sin, sin6, abuf, hostname,
5587c478bd9Sstevel@tonic-gate sizeof (hostname));
5597c478bd9Sstevel@tonic-gate }
5607c478bd9Sstevel@tonic-gate
5617c478bd9Sstevel@tonic-gate if (!krb5auth_flag && bad_port) {
5627c478bd9Sstevel@tonic-gate if (no_name)
5637c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "connection from %s - "
5647c478bd9Sstevel@tonic-gate "bad port\n", abuf);
5657c478bd9Sstevel@tonic-gate else
5667c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "connection from %s (%s) - "
5677c478bd9Sstevel@tonic-gate "bad port\n", hostname, abuf);
5687c478bd9Sstevel@tonic-gate exit(1);
5697c478bd9Sstevel@tonic-gate }
5707c478bd9Sstevel@tonic-gate
5717c478bd9Sstevel@tonic-gate (void) alarm(60);
5727c478bd9Sstevel@tonic-gate port = 0;
5737c478bd9Sstevel@tonic-gate for (;;) {
5747c478bd9Sstevel@tonic-gate char c;
5757c478bd9Sstevel@tonic-gate if ((cc = read(f, &c, 1)) != 1) {
5767c478bd9Sstevel@tonic-gate if (cc < 0)
5777c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "read: %m");
5787c478bd9Sstevel@tonic-gate (void) shutdown(f, 1+1);
5797c478bd9Sstevel@tonic-gate exit(1);
5807c478bd9Sstevel@tonic-gate }
5817c478bd9Sstevel@tonic-gate if (c == 0)
5827c478bd9Sstevel@tonic-gate break;
5837c478bd9Sstevel@tonic-gate port = port * 10 + c - '0';
5847c478bd9Sstevel@tonic-gate }
5857c478bd9Sstevel@tonic-gate (void) alarm(0);
5867c478bd9Sstevel@tonic-gate if (port != 0) {
5877c478bd9Sstevel@tonic-gate int lport = 0;
5887c478bd9Sstevel@tonic-gate struct sockaddr_storage ctl_addr;
5897c478bd9Sstevel@tonic-gate int addrlen;
5907c478bd9Sstevel@tonic-gate
5917c478bd9Sstevel@tonic-gate (void) memset(&ctl_addr, 0, sizeof (ctl_addr));
5927c478bd9Sstevel@tonic-gate addrlen = sizeof (ctl_addr);
5937c478bd9Sstevel@tonic-gate if (getsockname(f, (struct sockaddr *)&ctl_addr,
5947c478bd9Sstevel@tonic-gate &addrlen) < 0) {
5957c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "getsockname: %m");
5967c478bd9Sstevel@tonic-gate exit(1);
5977c478bd9Sstevel@tonic-gate }
5987c478bd9Sstevel@tonic-gate get_port:
5997c478bd9Sstevel@tonic-gate /*
6007c478bd9Sstevel@tonic-gate * 0 means that rresvport_addr() will bind to a port in
6017c478bd9Sstevel@tonic-gate * the anonymous priviledged port range.
6027c478bd9Sstevel@tonic-gate */
6037c478bd9Sstevel@tonic-gate if (krb5auth_flag) {
6047c478bd9Sstevel@tonic-gate /*
6057c478bd9Sstevel@tonic-gate * Kerberos does not support IPv6 yet.
6067c478bd9Sstevel@tonic-gate */
6077c478bd9Sstevel@tonic-gate lport = IPPORT_RESERVED - 1;
6087c478bd9Sstevel@tonic-gate }
6097c478bd9Sstevel@tonic-gate s = rresvport_addr(&lport, &ctl_addr);
6107c478bd9Sstevel@tonic-gate
6117c478bd9Sstevel@tonic-gate if (s < 0) {
6127c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "can't get stderr port: %m");
6137c478bd9Sstevel@tonic-gate exit(1);
6147c478bd9Sstevel@tonic-gate }
6157c478bd9Sstevel@tonic-gate if (!krb5auth_flag && (port >= IPPORT_RESERVED)) {
6167c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "2nd port not reserved\n");
6177c478bd9Sstevel@tonic-gate exit(1);
6187c478bd9Sstevel@tonic-gate }
6197c478bd9Sstevel@tonic-gate if (fromp->ss_family == AF_INET) {
6207c478bd9Sstevel@tonic-gate sin->sin_port = htons((ushort_t)port);
6217c478bd9Sstevel@tonic-gate } else if (fromp->ss_family == AF_INET6) {
6227c478bd9Sstevel@tonic-gate sin6->sin6_port = htons((ushort_t)port);
6237c478bd9Sstevel@tonic-gate }
6247c478bd9Sstevel@tonic-gate if (connect(s, (struct sockaddr *)fromp, fromplen) < 0) {
6257c478bd9Sstevel@tonic-gate if (errno == EADDRINUSE) {
6267c478bd9Sstevel@tonic-gate (void) close(s);
6277c478bd9Sstevel@tonic-gate goto get_port;
6287c478bd9Sstevel@tonic-gate }
6297c478bd9Sstevel@tonic-gate syslog(LOG_INFO, "connect second port: %m");
6307c478bd9Sstevel@tonic-gate exit(1);
6317c478bd9Sstevel@tonic-gate }
6327c478bd9Sstevel@tonic-gate }
6337c478bd9Sstevel@tonic-gate (void) dup2(f, 0);
6347c478bd9Sstevel@tonic-gate (void) dup2(f, 1);
6357c478bd9Sstevel@tonic-gate (void) dup2(f, 2);
6367c478bd9Sstevel@tonic-gate
6377c478bd9Sstevel@tonic-gate #ifdef DEBUG
6387c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "rshd: Client hostname = %s", hostname);
6397c478bd9Sstevel@tonic-gate if (debug_port)
6407c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "rshd: Debug port is %d", debug_port);
6417c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0)
6427c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "rshd: Kerberos mode is ON");
6437c478bd9Sstevel@tonic-gate else
6447c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "rshd: Kerberos mode is OFF");
6457c478bd9Sstevel@tonic-gate #endif /* DEBUG */
6467c478bd9Sstevel@tonic-gate
6477c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0) {
6487c478bd9Sstevel@tonic-gate if ((status = recvauth(f, &valid_checksum))) {
6497c478bd9Sstevel@tonic-gate syslog(LOG_ERR, gettext("Kerberos Authentication "
6507c478bd9Sstevel@tonic-gate "failed \n"));
6517c478bd9Sstevel@tonic-gate error("Authentication failed: %s\n",
6527c478bd9Sstevel@tonic-gate error_message(status));
6537c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Kerberos Authentication "
6547c478bd9Sstevel@tonic-gate "failed", hostname, remuser, locuser, cmdbuf);
6557c478bd9Sstevel@tonic-gate exit(1);
6567c478bd9Sstevel@tonic-gate }
6577c478bd9Sstevel@tonic-gate
6587c478bd9Sstevel@tonic-gate if (checksum_required && !valid_checksum &&
6597c478bd9Sstevel@tonic-gate kcmd_protocol == KCMD_OLD_PROTOCOL) {
6607c478bd9Sstevel@tonic-gate syslog(LOG_WARNING, "Client did not supply required"
6617c478bd9Sstevel@tonic-gate " checksum--connection rejected.");
6627c478bd9Sstevel@tonic-gate error("Client did not supply required"
6637c478bd9Sstevel@tonic-gate "checksum--connection rejected.\n");
6647c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Client did not supply required"
6657c478bd9Sstevel@tonic-gate " checksum--connection rejected.", hostname,
6667c478bd9Sstevel@tonic-gate remuser, locuser, cmdbuf); /* BSM */
6677c478bd9Sstevel@tonic-gate goto signout;
6687c478bd9Sstevel@tonic-gate }
6697c478bd9Sstevel@tonic-gate
6707c478bd9Sstevel@tonic-gate /*
6717c478bd9Sstevel@tonic-gate * Authentication has succeeded, we now need
6727c478bd9Sstevel@tonic-gate * to check authorization.
6737c478bd9Sstevel@tonic-gate *
6747c478bd9Sstevel@tonic-gate * krb5_kuserok returns 1 if OK.
6757c478bd9Sstevel@tonic-gate */
6767c478bd9Sstevel@tonic-gate if (client && krb5_kuserok(bsd_context, client, locuser)) {
6777c478bd9Sstevel@tonic-gate auth_sent |= AUTH_KRB5;
6787c478bd9Sstevel@tonic-gate } else {
6797c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "Principal %s (%s@%s) for local user "
6807c478bd9Sstevel@tonic-gate "%s failed krb5_kuserok.\n",
6817c478bd9Sstevel@tonic-gate kremuser, remuser, hostname, locuser);
6827c478bd9Sstevel@tonic-gate }
6837c478bd9Sstevel@tonic-gate } else {
6847c478bd9Sstevel@tonic-gate getstr(netf, remuser, sizeof (remuser), "remuser");
6857c478bd9Sstevel@tonic-gate getstr(netf, locuser, sizeof (locuser), "locuser");
6867c478bd9Sstevel@tonic-gate getstr(netf, cmdbuf, sizeof (cmdbuf), "command");
6877c478bd9Sstevel@tonic-gate }
6887c478bd9Sstevel@tonic-gate
6897c478bd9Sstevel@tonic-gate #ifdef DEBUG
6907c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "rshd: locuser = %s, remuser = %s, cmdbuf = %s",
6917c478bd9Sstevel@tonic-gate locuser, remuser, cmdbuf);
6927c478bd9Sstevel@tonic-gate #endif /* DEBUG */
6937c478bd9Sstevel@tonic-gate
6947c478bd9Sstevel@tonic-gate /*
6957c478bd9Sstevel@tonic-gate * Note that there is no rsh conv functions at present.
6967c478bd9Sstevel@tonic-gate */
6977c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0) {
6987c478bd9Sstevel@tonic-gate if ((err = pam_start("krsh", locuser, NULL, &pamh))
6997c478bd9Sstevel@tonic-gate != PAM_SUCCESS) {
7007c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "pam_start() failed: %s\n",
7017c478bd9Sstevel@tonic-gate pam_strerror(0, err));
7027c478bd9Sstevel@tonic-gate exit(1);
7037c478bd9Sstevel@tonic-gate }
7047c478bd9Sstevel@tonic-gate }
7057c478bd9Sstevel@tonic-gate else
7067c478bd9Sstevel@tonic-gate {
7077c478bd9Sstevel@tonic-gate if ((err = pam_start("rsh", locuser, NULL, &pamh))
7087c478bd9Sstevel@tonic-gate != PAM_SUCCESS) {
7097c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "pam_start() failed: %s\n",
7107c478bd9Sstevel@tonic-gate pam_strerror(0, err));
7117c478bd9Sstevel@tonic-gate exit(1);
7127c478bd9Sstevel@tonic-gate }
7137c478bd9Sstevel@tonic-gate }
7147c478bd9Sstevel@tonic-gate if ((err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) {
7157c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "pam_set_item() failed: %s\n",
7167c478bd9Sstevel@tonic-gate pam_strerror(pamh, err));
7177c478bd9Sstevel@tonic-gate exit(1);
7187c478bd9Sstevel@tonic-gate }
7197c478bd9Sstevel@tonic-gate if ((err = pam_set_item(pamh, PAM_RUSER, remuser)) != PAM_SUCCESS) {
7207c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "pam_set_item() failed: %s\n",
7217c478bd9Sstevel@tonic-gate pam_strerror(pamh, err));
7227c478bd9Sstevel@tonic-gate exit(1);
7237c478bd9Sstevel@tonic-gate }
7247c478bd9Sstevel@tonic-gate
7257c478bd9Sstevel@tonic-gate pwd = getpwnam(locuser);
7267c478bd9Sstevel@tonic-gate shpwd = getspnam(locuser);
7277c478bd9Sstevel@tonic-gate if ((pwd == NULL) || (shpwd == NULL)) {
7287c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0)
7297c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "Principal %s (%s@%s) for local user "
7307c478bd9Sstevel@tonic-gate "%s has no account.\n", kremuser, remuser,
7317c478bd9Sstevel@tonic-gate hostname, locuser);
7327c478bd9Sstevel@tonic-gate error("permission denied.\n");
7337c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Login incorrect", hostname,
7347c478bd9Sstevel@tonic-gate remuser, locuser, cmdbuf); /* BSM */
7357c478bd9Sstevel@tonic-gate exit(1);
7367c478bd9Sstevel@tonic-gate }
7377c478bd9Sstevel@tonic-gate
7387c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0) {
7397c478bd9Sstevel@tonic-gate (void) snprintf(repository, sizeof (repository),
7407c478bd9Sstevel@tonic-gate KRB5_REPOSITORY_NAME);
7417c478bd9Sstevel@tonic-gate /*
7427c478bd9Sstevel@tonic-gate * We currently only support special handling of the
7437c478bd9Sstevel@tonic-gate * KRB5 PAM repository
7447c478bd9Sstevel@tonic-gate */
7457c478bd9Sstevel@tonic-gate if (strlen(locuser) != 0) {
7467c478bd9Sstevel@tonic-gate krb5_repository_data_t krb5_data;
7477c478bd9Sstevel@tonic-gate pam_repository_t pam_rep_data;
7487c478bd9Sstevel@tonic-gate
7497c478bd9Sstevel@tonic-gate krb5_data.principal = locuser;
7507c478bd9Sstevel@tonic-gate krb5_data.flags = SUNW_PAM_KRB5_ALREADY_AUTHENTICATED;
7517c478bd9Sstevel@tonic-gate
7527c478bd9Sstevel@tonic-gate pam_rep_data.type = repository;
7537c478bd9Sstevel@tonic-gate pam_rep_data.scope = (void *)&krb5_data;
7547c478bd9Sstevel@tonic-gate pam_rep_data.scope_len = sizeof (krb5_data);
7557c478bd9Sstevel@tonic-gate
7567c478bd9Sstevel@tonic-gate (void) pam_set_item(pamh, PAM_REPOSITORY,
7577c478bd9Sstevel@tonic-gate (void *)&pam_rep_data);
7587c478bd9Sstevel@tonic-gate }
7597c478bd9Sstevel@tonic-gate }
7607c478bd9Sstevel@tonic-gate
76157c40785SJoep Vesseur if (shpwd->sp_pwdp != 0) {
76257c40785SJoep Vesseur if (*shpwd->sp_pwdp != '\0') {
76357c40785SJoep Vesseur if ((v = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
7647c478bd9Sstevel@tonic-gate error("permission denied\n");
76557c40785SJoep Vesseur (void) audit_rshd_fail("Permission denied",
76657c40785SJoep Vesseur hostname, remuser, locuser, cmdbuf);
7677c478bd9Sstevel@tonic-gate (void) pam_end(pamh, v);
7687c478bd9Sstevel@tonic-gate exit(1);
7697c478bd9Sstevel@tonic-gate }
77057c40785SJoep Vesseur } else {
77157c40785SJoep Vesseur int flags;
77257c40785SJoep Vesseur char *p;
77357c40785SJoep Vesseur /*
77457c40785SJoep Vesseur * maintain 2.1 and 4.* and BSD semantics with
77557c40785SJoep Vesseur * anonymous rshd unless PASSREQ is set to YES in
77657c40785SJoep Vesseur * /etc/default/login: then we deny logins with empty
77757c40785SJoep Vesseur * passwords.
77857c40785SJoep Vesseur */
77957c40785SJoep Vesseur if (defopen(_PATH_DEFAULT_LOGIN) == 0) {
78057c40785SJoep Vesseur flags = defcntl(DC_GETFLAGS, 0);
78157c40785SJoep Vesseur TURNOFF(flags, DC_CASE);
78257c40785SJoep Vesseur (void) defcntl(DC_SETFLAGS, flags);
78357c40785SJoep Vesseur
78457c40785SJoep Vesseur if ((p = defread("PASSREQ=")) != NULL &&
78557c40785SJoep Vesseur strcasecmp(p, "YES") == 0) {
78657c40785SJoep Vesseur error("permission denied\n");
78757c40785SJoep Vesseur (void) audit_rshd_fail(
78857c40785SJoep Vesseur "Permission denied", hostname,
78957c40785SJoep Vesseur remuser, locuser, cmdbuf);
79057c40785SJoep Vesseur (void) pam_end(pamh, PAM_ABORT);
79157c40785SJoep Vesseur (void) defopen(NULL);
79257c40785SJoep Vesseur syslog(LOG_AUTH|LOG_NOTICE,
79357c40785SJoep Vesseur "empty password not allowed for "
79457c40785SJoep Vesseur "%s from %s.", locuser, hostname);
79557c40785SJoep Vesseur exit(1);
79657c40785SJoep Vesseur }
79757c40785SJoep Vesseur (void) defopen(NULL);
79857c40785SJoep Vesseur }
79957c40785SJoep Vesseur /*
80057c40785SJoep Vesseur * /etc/default/login not found or PASSREQ not set
80157c40785SJoep Vesseur * to YES. Allow logins without passwords.
80257c40785SJoep Vesseur */
80357c40785SJoep Vesseur }
80457c40785SJoep Vesseur }
8057c478bd9Sstevel@tonic-gate
8067c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0) {
8077c478bd9Sstevel@tonic-gate if (require_encrypt && (!do_encrypt)) {
8087c478bd9Sstevel@tonic-gate error("You must use encryption.\n");
8097c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("You must use encryption.",
8107c478bd9Sstevel@tonic-gate hostname, remuser, locuser, cmdbuf); /* BSM */
8117c478bd9Sstevel@tonic-gate goto signout;
8127c478bd9Sstevel@tonic-gate }
8137c478bd9Sstevel@tonic-gate
8147c478bd9Sstevel@tonic-gate if (!(auth_ok & auth_sent)) {
8157c478bd9Sstevel@tonic-gate if (auth_sent) {
8167c478bd9Sstevel@tonic-gate error("Another authentication mechanism "
8177c478bd9Sstevel@tonic-gate "must be used to access this host.\n");
8187c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Another authentication"
8197c478bd9Sstevel@tonic-gate " mechanism must be used to access"
8207c478bd9Sstevel@tonic-gate " this host.\n", hostname, remuser,
8217c478bd9Sstevel@tonic-gate locuser, cmdbuf); /* BSM */
8227c478bd9Sstevel@tonic-gate goto signout;
8237c478bd9Sstevel@tonic-gate } else {
8247c478bd9Sstevel@tonic-gate error("Permission denied.\n");
8257c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Permission denied.",
8267c478bd9Sstevel@tonic-gate hostname, remuser, locuser, cmdbuf);
8277c478bd9Sstevel@tonic-gate /* BSM */
8287c478bd9Sstevel@tonic-gate goto signout;
8297c478bd9Sstevel@tonic-gate }
8307c478bd9Sstevel@tonic-gate }
8317c478bd9Sstevel@tonic-gate
8327c478bd9Sstevel@tonic-gate
8337c478bd9Sstevel@tonic-gate if (pwd->pw_uid && !access("/etc/nologin", F_OK)) {
8347c478bd9Sstevel@tonic-gate error("Logins currently disabled.\n");
8357c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Logins currently disabled.",
8367c478bd9Sstevel@tonic-gate hostname, remuser, locuser, cmdbuf);
8377c478bd9Sstevel@tonic-gate goto signout;
8387c478bd9Sstevel@tonic-gate }
8397c478bd9Sstevel@tonic-gate
8407c478bd9Sstevel@tonic-gate /* Log access to account */
8417c478bd9Sstevel@tonic-gate if (pwd && (pwd->pw_uid == 0)) {
8427c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "Executing %s for user %s (%s@%s)"
8437c478bd9Sstevel@tonic-gate " as ROOT", cmdbuf,
8447c478bd9Sstevel@tonic-gate kremuser, remuser, hostname);
8457c478bd9Sstevel@tonic-gate }
8467c478bd9Sstevel@tonic-gate }
8477c478bd9Sstevel@tonic-gate
8487c478bd9Sstevel@tonic-gate if ((v = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) {
8497c478bd9Sstevel@tonic-gate switch (v) {
8507c478bd9Sstevel@tonic-gate case PAM_NEW_AUTHTOK_REQD:
8517c478bd9Sstevel@tonic-gate error("password expired\n");
8527c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Password expired", hostname,
8537c478bd9Sstevel@tonic-gate remuser, locuser, cmdbuf); /* BSM */
8547c478bd9Sstevel@tonic-gate break;
8557c478bd9Sstevel@tonic-gate case PAM_PERM_DENIED:
8567c478bd9Sstevel@tonic-gate error("account expired\n");
8577c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Account expired", hostname,
8587c478bd9Sstevel@tonic-gate remuser, locuser, cmdbuf); /* BSM */
8597c478bd9Sstevel@tonic-gate break;
8607c478bd9Sstevel@tonic-gate case PAM_AUTHTOK_EXPIRED:
8617c478bd9Sstevel@tonic-gate error("password expired\n");
8627c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Password expired", hostname,
8637c478bd9Sstevel@tonic-gate remuser, locuser, cmdbuf); /* BSM */
8647c478bd9Sstevel@tonic-gate break;
8657c478bd9Sstevel@tonic-gate default:
8667c478bd9Sstevel@tonic-gate error("login incorrect\n");
8677c478bd9Sstevel@tonic-gate (void) audit_rshd_fail("Permission denied", hostname,
8687c478bd9Sstevel@tonic-gate remuser, locuser, cmdbuf); /* BSM */
8697c478bd9Sstevel@tonic-gate break;
8707c478bd9Sstevel@tonic-gate }
8717c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
8727c478bd9Sstevel@tonic-gate exit(1);
8737c478bd9Sstevel@tonic-gate }
8747c478bd9Sstevel@tonic-gate
8757c478bd9Sstevel@tonic-gate if (chdir(pwd->pw_dir) < 0) {
8767c478bd9Sstevel@tonic-gate (void) chdir("/");
8777c478bd9Sstevel@tonic-gate #ifdef notdef
8787c478bd9Sstevel@tonic-gate error("No remote directory.\n");
8797c478bd9Sstevel@tonic-gate
8807c478bd9Sstevel@tonic-gate exit(1);
8817c478bd9Sstevel@tonic-gate #endif
8827c478bd9Sstevel@tonic-gate }
8837c478bd9Sstevel@tonic-gate
8847c478bd9Sstevel@tonic-gate /*
8857c478bd9Sstevel@tonic-gate * XXX There is no session management currently being done
8867c478bd9Sstevel@tonic-gate */
8877c478bd9Sstevel@tonic-gate
8887c478bd9Sstevel@tonic-gate (void) write(STDERR_FILENO, "\0", 1);
8897c478bd9Sstevel@tonic-gate if (port || do_encrypt) {
8907c478bd9Sstevel@tonic-gate if ((pipe(pv) < 0)) {
8917c478bd9Sstevel@tonic-gate error("Can't make pipe.\n");
8927c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
8937c478bd9Sstevel@tonic-gate exit(1);
8947c478bd9Sstevel@tonic-gate }
8957c478bd9Sstevel@tonic-gate if (do_encrypt) {
8967c478bd9Sstevel@tonic-gate if (pipe(pw) < 0) {
8977c478bd9Sstevel@tonic-gate error("Can't make pipe 2.\n");
8987c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
8997c478bd9Sstevel@tonic-gate exit(1);
9007c478bd9Sstevel@tonic-gate }
9017c478bd9Sstevel@tonic-gate if (pipe(px) < 0) {
9027c478bd9Sstevel@tonic-gate error("Can't make pipe 3.\n");
9037c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
9047c478bd9Sstevel@tonic-gate exit(1);
9057c478bd9Sstevel@tonic-gate }
9067c478bd9Sstevel@tonic-gate }
9077c478bd9Sstevel@tonic-gate pid = fork();
9087c478bd9Sstevel@tonic-gate if (pid == (pid_t)-1) {
9097c478bd9Sstevel@tonic-gate error("Fork (to start shell) failed on server. "
9107c478bd9Sstevel@tonic-gate "Please try again later.\n");
9117c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
9127c478bd9Sstevel@tonic-gate exit(1);
9137c478bd9Sstevel@tonic-gate }
9147c478bd9Sstevel@tonic-gate if (pid) {
9157c478bd9Sstevel@tonic-gate fd_set ready;
9167c478bd9Sstevel@tonic-gate fd_set readfrom;
9177c478bd9Sstevel@tonic-gate
9187c478bd9Sstevel@tonic-gate (void) close(STDIN_FILENO);
9197c478bd9Sstevel@tonic-gate (void) close(STDOUT_FILENO);
9207c478bd9Sstevel@tonic-gate (void) close(STDERR_FILENO);
9217c478bd9Sstevel@tonic-gate (void) close(pv[1]);
9227c478bd9Sstevel@tonic-gate if (do_encrypt) {
9237c478bd9Sstevel@tonic-gate (void) close(pw[1]);
9247c478bd9Sstevel@tonic-gate (void) close(px[0]);
9257c478bd9Sstevel@tonic-gate } else {
9267c478bd9Sstevel@tonic-gate (void) close(f);
9277c478bd9Sstevel@tonic-gate }
9287c478bd9Sstevel@tonic-gate
9297c478bd9Sstevel@tonic-gate (void) FD_ZERO(&readfrom);
9307c478bd9Sstevel@tonic-gate
9317c478bd9Sstevel@tonic-gate FD_SET(pv[0], &readfrom);
9327c478bd9Sstevel@tonic-gate if (do_encrypt) {
9337c478bd9Sstevel@tonic-gate FD_SET(pw[0], &readfrom);
9347c478bd9Sstevel@tonic-gate FD_SET(f, &readfrom);
9357c478bd9Sstevel@tonic-gate }
9367c478bd9Sstevel@tonic-gate if (port)
9377c478bd9Sstevel@tonic-gate FD_SET(s, &readfrom);
9387c478bd9Sstevel@tonic-gate
9397c478bd9Sstevel@tonic-gate /* read f (net), write to px[1] (child stdin) */
9407c478bd9Sstevel@tonic-gate /* read pw[0] (child stdout), write to f (net) */
9417c478bd9Sstevel@tonic-gate /* read s (alt. channel), signal child */
9427c478bd9Sstevel@tonic-gate /* read pv[0] (child stderr), write to s */
9437c478bd9Sstevel@tonic-gate if (ioctl(pv[0], FIONBIO, (char *)&one) == -1)
9447c478bd9Sstevel@tonic-gate syslog(LOG_INFO, "ioctl FIONBIO: %m");
9457c478bd9Sstevel@tonic-gate if (do_encrypt &&
9467c478bd9Sstevel@tonic-gate ioctl(pw[0], FIONBIO, (char *)&one) == -1)
9477c478bd9Sstevel@tonic-gate syslog(LOG_INFO, "ioctl FIONBIO: %m");
9487c478bd9Sstevel@tonic-gate do {
9497c478bd9Sstevel@tonic-gate ready = readfrom;
9507c478bd9Sstevel@tonic-gate if (select(FD_SETSIZE, &ready, NULL,
9517c478bd9Sstevel@tonic-gate NULL, NULL) < 0) {
9527c478bd9Sstevel@tonic-gate if (errno == EINTR) {
9537c478bd9Sstevel@tonic-gate continue;
9547c478bd9Sstevel@tonic-gate } else {
9557c478bd9Sstevel@tonic-gate break;
9567c478bd9Sstevel@tonic-gate }
9577c478bd9Sstevel@tonic-gate }
9587c478bd9Sstevel@tonic-gate /*
9597c478bd9Sstevel@tonic-gate * Read from child stderr, write to net
9607c478bd9Sstevel@tonic-gate */
9617c478bd9Sstevel@tonic-gate if (port && FD_ISSET(pv[0], &ready)) {
9627c478bd9Sstevel@tonic-gate errno = 0;
9637c478bd9Sstevel@tonic-gate cc = read(pv[0], buf, sizeof (buf));
9647c478bd9Sstevel@tonic-gate if (cc <= 0) {
9657c478bd9Sstevel@tonic-gate (void) shutdown(s, 2);
9667c478bd9Sstevel@tonic-gate FD_CLR(pv[0], &readfrom);
9677c478bd9Sstevel@tonic-gate } else {
9687c478bd9Sstevel@tonic-gate (void) deswrite(s, buf, cc, 1);
9697c478bd9Sstevel@tonic-gate }
9707c478bd9Sstevel@tonic-gate }
9717c478bd9Sstevel@tonic-gate /*
9727c478bd9Sstevel@tonic-gate * Read from alternate channel, signal child
9737c478bd9Sstevel@tonic-gate */
9747c478bd9Sstevel@tonic-gate if (port && FD_ISSET(s, &ready)) {
9757c478bd9Sstevel@tonic-gate if ((int)desread(s, &sig, 1, 1) <= 0)
9767c478bd9Sstevel@tonic-gate FD_CLR(s, &readfrom);
9777c478bd9Sstevel@tonic-gate else
9787c478bd9Sstevel@tonic-gate (void) killpg(pid, sig);
9797c478bd9Sstevel@tonic-gate }
9807c478bd9Sstevel@tonic-gate /*
9817c478bd9Sstevel@tonic-gate * Read from child stdout, write to net
9827c478bd9Sstevel@tonic-gate */
9837c478bd9Sstevel@tonic-gate if (do_encrypt && FD_ISSET(pw[0], &ready)) {
9847c478bd9Sstevel@tonic-gate errno = 0;
9857c478bd9Sstevel@tonic-gate cc = read(pw[0], buf, sizeof (buf));
9867c478bd9Sstevel@tonic-gate if (cc <= 0) {
9877c478bd9Sstevel@tonic-gate (void) shutdown(f, 2);
9887c478bd9Sstevel@tonic-gate FD_CLR(pw[0], &readfrom);
9897c478bd9Sstevel@tonic-gate } else {
9907c478bd9Sstevel@tonic-gate (void) deswrite(f, buf, cc, 0);
9917c478bd9Sstevel@tonic-gate }
9927c478bd9Sstevel@tonic-gate }
9937c478bd9Sstevel@tonic-gate /*
9947c478bd9Sstevel@tonic-gate * Read from the net, write to child stdin
9957c478bd9Sstevel@tonic-gate */
9967c478bd9Sstevel@tonic-gate if (do_encrypt && FD_ISSET(f, &ready)) {
9977c478bd9Sstevel@tonic-gate errno = 0;
9987c478bd9Sstevel@tonic-gate cc = desread(f, buf, sizeof (buf), 0);
9997c478bd9Sstevel@tonic-gate if (cc <= 0) {
10007c478bd9Sstevel@tonic-gate (void) close(px[1]);
10017c478bd9Sstevel@tonic-gate FD_CLR(f, &readfrom);
10027c478bd9Sstevel@tonic-gate } else {
10037c478bd9Sstevel@tonic-gate int wcc;
10047c478bd9Sstevel@tonic-gate wcc = write(px[1], buf, cc);
10057c478bd9Sstevel@tonic-gate if (wcc == -1) {
10067c478bd9Sstevel@tonic-gate /*
10077c478bd9Sstevel@tonic-gate * pipe closed,
10087c478bd9Sstevel@tonic-gate * don't read any
10097c478bd9Sstevel@tonic-gate * more
10107c478bd9Sstevel@tonic-gate *
10117c478bd9Sstevel@tonic-gate * might check for
10127c478bd9Sstevel@tonic-gate * EPIPE
10137c478bd9Sstevel@tonic-gate */
10147c478bd9Sstevel@tonic-gate (void) close(px[1]);
10157c478bd9Sstevel@tonic-gate FD_CLR(f, &readfrom);
10167c478bd9Sstevel@tonic-gate } else if (wcc != cc) {
10177c478bd9Sstevel@tonic-gate /* CSTYLED */
10187c478bd9Sstevel@tonic-gate syslog(LOG_INFO, gettext("only wrote %d/%d to child"),
10197c478bd9Sstevel@tonic-gate wcc, cc);
10207c478bd9Sstevel@tonic-gate }
10217c478bd9Sstevel@tonic-gate }
10227c478bd9Sstevel@tonic-gate }
10237c478bd9Sstevel@tonic-gate } while ((port && FD_ISSET(s, &readfrom)) ||
10247c478bd9Sstevel@tonic-gate (port && FD_ISSET(pv[0], &readfrom)) ||
10257c478bd9Sstevel@tonic-gate (do_encrypt && FD_ISSET(f, &readfrom)) ||
10267c478bd9Sstevel@tonic-gate (do_encrypt && FD_ISSET(pw[0], &readfrom)));
10277c478bd9Sstevel@tonic-gate #ifdef DEBUG
10287c478bd9Sstevel@tonic-gate syslog(LOG_INFO, "Shell process completed.");
10297c478bd9Sstevel@tonic-gate #endif /* DEBUG */
10307c478bd9Sstevel@tonic-gate if (ccache)
10317c478bd9Sstevel@tonic-gate (void) pam_close_session(pamh, 0);
10327c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_SUCCESS);
10337c478bd9Sstevel@tonic-gate
10347c478bd9Sstevel@tonic-gate exit(0);
10357c478bd9Sstevel@tonic-gate } /* End of Parent block */
10367c478bd9Sstevel@tonic-gate
10377c478bd9Sstevel@tonic-gate (void) setsid(); /* Should be the same as above. */
10387c478bd9Sstevel@tonic-gate (void) close(pv[0]);
10397c478bd9Sstevel@tonic-gate (void) dup2(pv[1], 2);
10407c478bd9Sstevel@tonic-gate (void) close(pv[1]);
10417c478bd9Sstevel@tonic-gate if (port)
10427c478bd9Sstevel@tonic-gate (void) close(s);
10437c478bd9Sstevel@tonic-gate if (do_encrypt) {
10447c478bd9Sstevel@tonic-gate (void) close(f);
10457c478bd9Sstevel@tonic-gate (void) close(pw[0]);
10467c478bd9Sstevel@tonic-gate (void) close(px[1]);
10477c478bd9Sstevel@tonic-gate
10487c478bd9Sstevel@tonic-gate (void) dup2(px[0], 0);
10497c478bd9Sstevel@tonic-gate (void) dup2(pw[1], 1);
10507c478bd9Sstevel@tonic-gate
10517c478bd9Sstevel@tonic-gate (void) close(px[0]);
10527c478bd9Sstevel@tonic-gate (void) close(pw[1]);
10537c478bd9Sstevel@tonic-gate }
10547c478bd9Sstevel@tonic-gate }
10557c478bd9Sstevel@tonic-gate
10567c478bd9Sstevel@tonic-gate if (*pwd->pw_shell == '\0')
10577c478bd9Sstevel@tonic-gate pwd->pw_shell = "/bin/sh";
10587c478bd9Sstevel@tonic-gate if (!do_encrypt)
10597c478bd9Sstevel@tonic-gate (void) close(f);
10607c478bd9Sstevel@tonic-gate /*
10617c478bd9Sstevel@tonic-gate * write audit record before making uid switch
10627c478bd9Sstevel@tonic-gate */
10637c478bd9Sstevel@tonic-gate (void) audit_rshd_success(hostname, remuser, locuser, cmdbuf); /* BSM */
10647c478bd9Sstevel@tonic-gate
10657c478bd9Sstevel@tonic-gate /* set the real (and effective) GID */
10667c478bd9Sstevel@tonic-gate if (setgid(pwd->pw_gid) == -1) {
10677c478bd9Sstevel@tonic-gate error("Invalid gid.\n");
10687c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
10697c478bd9Sstevel@tonic-gate exit(1);
10707c478bd9Sstevel@tonic-gate }
10717c478bd9Sstevel@tonic-gate
10727c478bd9Sstevel@tonic-gate /*
10737c478bd9Sstevel@tonic-gate * Initialize the supplementary group access list.
10747c478bd9Sstevel@tonic-gate */
10757c478bd9Sstevel@tonic-gate if (strlen(locuser) == 0) {
10767c478bd9Sstevel@tonic-gate error("No local user.\n");
10777c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
10787c478bd9Sstevel@tonic-gate exit(1);
10797c478bd9Sstevel@tonic-gate }
10807c478bd9Sstevel@tonic-gate if (initgroups(locuser, pwd->pw_gid) == -1) {
10817c478bd9Sstevel@tonic-gate error("Initgroup failed.\n");
10827c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
10837c478bd9Sstevel@tonic-gate exit(1);
10847c478bd9Sstevel@tonic-gate }
10857c478bd9Sstevel@tonic-gate
10867c478bd9Sstevel@tonic-gate if ((v = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) {
10877c478bd9Sstevel@tonic-gate error("Insufficient credentials.\n");
10887c478bd9Sstevel@tonic-gate (void) pam_end(pamh, v);
10897c478bd9Sstevel@tonic-gate exit(1);
10907c478bd9Sstevel@tonic-gate }
10917c478bd9Sstevel@tonic-gate
10927c478bd9Sstevel@tonic-gate /* set the real (and effective) UID */
10937c478bd9Sstevel@tonic-gate if (setuid(pwd->pw_uid) == -1) {
10947c478bd9Sstevel@tonic-gate error("Invalid uid.\n");
10957c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
10967c478bd9Sstevel@tonic-gate exit(1);
10977c478bd9Sstevel@tonic-gate }
10987c478bd9Sstevel@tonic-gate
10997c478bd9Sstevel@tonic-gate /* Change directory only after becoming the appropriate user. */
11007c478bd9Sstevel@tonic-gate if (chdir(pwd->pw_dir) < 0) {
11017c478bd9Sstevel@tonic-gate (void) chdir("/");
11027c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0) {
11037c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "Principal %s (%s@%s) for local user"
11047c478bd9Sstevel@tonic-gate " %s has no home directory.",
11057c478bd9Sstevel@tonic-gate kremuser, remuser, hostname, locuser);
11067c478bd9Sstevel@tonic-gate error("No remote directory.\n");
11077c478bd9Sstevel@tonic-gate goto signout;
11087c478bd9Sstevel@tonic-gate }
11097c478bd9Sstevel@tonic-gate #ifdef notdef
11107c478bd9Sstevel@tonic-gate error("No remote directory.\n");
11117c478bd9Sstevel@tonic-gate exit(1);
11127c478bd9Sstevel@tonic-gate #endif
11137c478bd9Sstevel@tonic-gate }
11147c478bd9Sstevel@tonic-gate
11157c478bd9Sstevel@tonic-gate path = (pwd->pw_uid == 0) ? rootpath : userpath;
11167c478bd9Sstevel@tonic-gate
11177c478bd9Sstevel@tonic-gate /*
11187c478bd9Sstevel@tonic-gate * Space for the following environment variables are dynamically
11197c478bd9Sstevel@tonic-gate * allocated because their lengths are not known before calling
11207c478bd9Sstevel@tonic-gate * getpwnam().
11217c478bd9Sstevel@tonic-gate */
11227c478bd9Sstevel@tonic-gate homedir_len = strlen(pwd->pw_dir) + strlen(homestr) + 1;
11237c478bd9Sstevel@tonic-gate shell_len = strlen(pwd->pw_shell) + strlen(shellstr) + 1;
11247c478bd9Sstevel@tonic-gate username_len = strlen(pwd->pw_name) + strlen(userstr) + 1;
11257c478bd9Sstevel@tonic-gate homedir = (char *)malloc(homedir_len);
11267c478bd9Sstevel@tonic-gate shell = (char *)malloc(shell_len);
11277c478bd9Sstevel@tonic-gate username = (char *)malloc(username_len);
11287c478bd9Sstevel@tonic-gate if (homedir == NULL || shell == NULL || username == NULL) {
11297c478bd9Sstevel@tonic-gate perror("malloc");
11307c478bd9Sstevel@tonic-gate exit(1);
11317c478bd9Sstevel@tonic-gate }
11327c478bd9Sstevel@tonic-gate (void) snprintf(homedir, homedir_len, "%s%s", homestr, pwd->pw_dir);
11337c478bd9Sstevel@tonic-gate (void) snprintf(shell, shell_len, "%s%s", shellstr, pwd->pw_shell);
11347c478bd9Sstevel@tonic-gate (void) snprintf(username, username_len, "%s%s", userstr, pwd->pw_name);
11357c478bd9Sstevel@tonic-gate
11367c478bd9Sstevel@tonic-gate /* Pass timezone to executed command. */
11377c478bd9Sstevel@tonic-gate if (tzenv = getenv("TZ")) {
11387c478bd9Sstevel@tonic-gate tz_len = strlen(tzenv) + strlen(tzstr) + 1;
11397c478bd9Sstevel@tonic-gate tz = malloc(tz_len);
11407c478bd9Sstevel@tonic-gate if (tz != NULL)
11417c478bd9Sstevel@tonic-gate (void) snprintf(tz, tz_len, "%s%s", tzstr, tzenv);
11427c478bd9Sstevel@tonic-gate }
11437c478bd9Sstevel@tonic-gate
11447c478bd9Sstevel@tonic-gate add_to_envinit(homedir);
11457c478bd9Sstevel@tonic-gate add_to_envinit(shell);
11467c478bd9Sstevel@tonic-gate add_to_envinit(path);
11477c478bd9Sstevel@tonic-gate add_to_envinit(username);
11487c478bd9Sstevel@tonic-gate add_to_envinit(tz);
11497c478bd9Sstevel@tonic-gate
11507c478bd9Sstevel@tonic-gate if (krb5auth_flag > 0) {
11517c478bd9Sstevel@tonic-gate int length;
11527c478bd9Sstevel@tonic-gate char *buffer;
11537c478bd9Sstevel@tonic-gate
11547c478bd9Sstevel@tonic-gate /*
11557c478bd9Sstevel@tonic-gate * If we have KRB5CCNAME set, then copy into the child's
11567c478bd9Sstevel@tonic-gate * environment. This can't really have a fixed position
11577c478bd9Sstevel@tonic-gate * because `tz' may or may not be set.
11587c478bd9Sstevel@tonic-gate */
11597c478bd9Sstevel@tonic-gate if (getenv("KRB5CCNAME")) {
11607c478bd9Sstevel@tonic-gate length = (int)strlen(getenv("KRB5CCNAME")) +
11617c478bd9Sstevel@tonic-gate (int)strlen("KRB5CCNAME=") + 1;
11627c478bd9Sstevel@tonic-gate buffer = (char *)malloc(length);
11637c478bd9Sstevel@tonic-gate
11647c478bd9Sstevel@tonic-gate if (buffer) {
11657c478bd9Sstevel@tonic-gate (void) snprintf(buffer, length, "KRB5CCNAME=%s",
11667c478bd9Sstevel@tonic-gate getenv("KRB5CCNAME"));
11677c478bd9Sstevel@tonic-gate add_to_envinit(buffer);
11687c478bd9Sstevel@tonic-gate }
11697c478bd9Sstevel@tonic-gate } {
11707c478bd9Sstevel@tonic-gate /* These two are covered by ADDRPAD */
11717c478bd9Sstevel@tonic-gate length = strlen(inet_ntoa(localaddr.sin_addr)) + 1 +
11727c478bd9Sstevel@tonic-gate strlen("KRB5LOCALADDR=");
11737c478bd9Sstevel@tonic-gate (void) snprintf(local_addr, length, "KRB5LOCALADDR=%s",
11747c478bd9Sstevel@tonic-gate inet_ntoa(localaddr.sin_addr));
11757c478bd9Sstevel@tonic-gate add_to_envinit(local_addr);
11767c478bd9Sstevel@tonic-gate
11777c478bd9Sstevel@tonic-gate length = strlen(inet_ntoa(sin->sin_addr)) + 1 +
11787c478bd9Sstevel@tonic-gate strlen("KRB5REMOTEADDR=");
11797c478bd9Sstevel@tonic-gate (void) snprintf(remote_addr, length,
11807c478bd9Sstevel@tonic-gate "KRB5REMOTEADDR=%s", inet_ntoa(sin->sin_addr));
11817c478bd9Sstevel@tonic-gate add_to_envinit(remote_addr);
11827c478bd9Sstevel@tonic-gate }
11837c478bd9Sstevel@tonic-gate
11847c478bd9Sstevel@tonic-gate /*
11857c478bd9Sstevel@tonic-gate * If we do anything else, make sure there is
11867c478bd9Sstevel@tonic-gate * space in the array.
11877c478bd9Sstevel@tonic-gate */
11887c478bd9Sstevel@tonic-gate for (cnt = 0; cnt < num_env; cnt++) {
11897c478bd9Sstevel@tonic-gate char *buf;
11907c478bd9Sstevel@tonic-gate
11917c478bd9Sstevel@tonic-gate if (getenv(save_env[cnt])) {
11927c478bd9Sstevel@tonic-gate length = (int)strlen(getenv(save_env[cnt])) +
11937c478bd9Sstevel@tonic-gate (int)strlen(save_env[cnt]) + 2;
11947c478bd9Sstevel@tonic-gate
11957c478bd9Sstevel@tonic-gate buf = (char *)malloc(length);
11967c478bd9Sstevel@tonic-gate if (buf) {
11977c478bd9Sstevel@tonic-gate (void) snprintf(buf, length, "%s=%s",
11987c478bd9Sstevel@tonic-gate save_env[cnt],
11997c478bd9Sstevel@tonic-gate getenv(save_env[cnt]));
12007c478bd9Sstevel@tonic-gate add_to_envinit(buf);
12017c478bd9Sstevel@tonic-gate }
12027c478bd9Sstevel@tonic-gate }
12037c478bd9Sstevel@tonic-gate }
12047c478bd9Sstevel@tonic-gate
12057c478bd9Sstevel@tonic-gate }
12067c478bd9Sstevel@tonic-gate
12077c478bd9Sstevel@tonic-gate /*
12087c478bd9Sstevel@tonic-gate * add PAM environment variables set by modules
12097c478bd9Sstevel@tonic-gate * -- only allowed 16 (PAM_ENV_ELIM)
12107c478bd9Sstevel@tonic-gate * -- check to see if the environment variable is legal
12117c478bd9Sstevel@tonic-gate */
12127c478bd9Sstevel@tonic-gate if ((pam_env = pam_getenvlist(pamh)) != 0) {
12137c478bd9Sstevel@tonic-gate while (pam_env[idx] != 0) {
12147c478bd9Sstevel@tonic-gate if (idx < PAM_ENV_ELIM &&
12157c478bd9Sstevel@tonic-gate legalenvvar(pam_env[idx])) {
12167c478bd9Sstevel@tonic-gate add_to_envinit(pam_env[idx]);
12177c478bd9Sstevel@tonic-gate }
12187c478bd9Sstevel@tonic-gate idx++;
12197c478bd9Sstevel@tonic-gate }
12207c478bd9Sstevel@tonic-gate }
12217c478bd9Sstevel@tonic-gate
12227c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_SUCCESS);
12237c478bd9Sstevel@tonic-gate
12247c478bd9Sstevel@tonic-gate /*
12257c478bd9Sstevel@tonic-gate * Pick up locale environment variables, if any.
12267c478bd9Sstevel@tonic-gate */
12277c478bd9Sstevel@tonic-gate lenvp = renvp;
12287c478bd9Sstevel@tonic-gate while (*lenvp != NULL) {
12297c478bd9Sstevel@tonic-gate int index;
12307c478bd9Sstevel@tonic-gate
12317c478bd9Sstevel@tonic-gate for (index = 0; localeenv[index] != NULL; index++)
12327c478bd9Sstevel@tonic-gate /*
12337c478bd9Sstevel@tonic-gate * locale_envmatch() returns 1 if
12347c478bd9Sstevel@tonic-gate * *lenvp is localenev[index] and valid.
12357c478bd9Sstevel@tonic-gate */
12367c478bd9Sstevel@tonic-gate if (locale_envmatch(localeenv[index], *lenvp)) {
12377c478bd9Sstevel@tonic-gate add_to_envinit(*lenvp);
12387c478bd9Sstevel@tonic-gate break;
12397c478bd9Sstevel@tonic-gate }
12407c478bd9Sstevel@tonic-gate
12417c478bd9Sstevel@tonic-gate lenvp++;
12427c478bd9Sstevel@tonic-gate }
12437c478bd9Sstevel@tonic-gate
12447c478bd9Sstevel@tonic-gate cp = strrchr(pwd->pw_shell, '/');
12457c478bd9Sstevel@tonic-gate if (cp != NULL)
12467c478bd9Sstevel@tonic-gate cp++;
12477c478bd9Sstevel@tonic-gate else
12487c478bd9Sstevel@tonic-gate cp = pwd->pw_shell;
12497c478bd9Sstevel@tonic-gate /*
12507c478bd9Sstevel@tonic-gate * rdist has been moved to /usr/bin, so /usr/ucb/rdist might not
12517c478bd9Sstevel@tonic-gate * be present on a system. So if it doesn't exist we fall back
12527c478bd9Sstevel@tonic-gate * and try for it in /usr/bin. We take care to match the space
12537c478bd9Sstevel@tonic-gate * after the name because the only purpose of this is to protect
12547c478bd9Sstevel@tonic-gate * the internal call from old rdist's, not humans who type
12557c478bd9Sstevel@tonic-gate * "rsh foo /usr/ucb/rdist".
12567c478bd9Sstevel@tonic-gate */
12577c478bd9Sstevel@tonic-gate #define RDIST_PROG_NAME "/usr/ucb/rdist -Server"
12587c478bd9Sstevel@tonic-gate if (strncmp(cmdbuf, RDIST_PROG_NAME, strlen(RDIST_PROG_NAME)) == 0) {
12597c478bd9Sstevel@tonic-gate if (stat("/usr/ucb/rdist", &statb) != 0) {
12607c478bd9Sstevel@tonic-gate (void) strncpy(cmdbuf + 5, "bin", 3);
12617c478bd9Sstevel@tonic-gate }
12627c478bd9Sstevel@tonic-gate }
12637c478bd9Sstevel@tonic-gate
12647c478bd9Sstevel@tonic-gate #ifdef DEBUG
12657c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "rshd: cmdbuf = %s", cmdbuf);
12667c478bd9Sstevel@tonic-gate if (do_encrypt)
12677c478bd9Sstevel@tonic-gate syslog(LOG_NOTICE, "rshd: cmd to be exec'ed = %s",
12687c478bd9Sstevel@tonic-gate ((char *)cmdbuf + 3));
12697c478bd9Sstevel@tonic-gate #endif /* DEBUG */
12707c478bd9Sstevel@tonic-gate
12717c478bd9Sstevel@tonic-gate if (do_encrypt && (strncmp(cmdbuf, "-x ", 3) == 0)) {
12727c478bd9Sstevel@tonic-gate (void) execle(pwd->pw_shell, cp, "-c", (char *)cmdbuf + 3,
12737c478bd9Sstevel@tonic-gate NULL, envinit);
12747c478bd9Sstevel@tonic-gate } else {
12757c478bd9Sstevel@tonic-gate (void) execle(pwd->pw_shell, cp, "-c", cmdbuf, NULL,
12767c478bd9Sstevel@tonic-gate envinit);
12777c478bd9Sstevel@tonic-gate }
12787c478bd9Sstevel@tonic-gate
12797c478bd9Sstevel@tonic-gate perror(pwd->pw_shell);
12807c478bd9Sstevel@tonic-gate exit(1);
12817c478bd9Sstevel@tonic-gate
12827c478bd9Sstevel@tonic-gate signout:
12837c478bd9Sstevel@tonic-gate if (ccache)
12847c478bd9Sstevel@tonic-gate (void) pam_close_session(pamh, 0);
12857c478bd9Sstevel@tonic-gate ccache = NULL;
12867c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_ABORT);
12877c478bd9Sstevel@tonic-gate exit(1);
12887c478bd9Sstevel@tonic-gate }
12897c478bd9Sstevel@tonic-gate
12907c478bd9Sstevel@tonic-gate static void
getstr(fd,buf,cnt,err)12917c478bd9Sstevel@tonic-gate getstr(fd, buf, cnt, err)
12927c478bd9Sstevel@tonic-gate int fd;
12937c478bd9Sstevel@tonic-gate char *buf;
12947c478bd9Sstevel@tonic-gate int cnt;
12957c478bd9Sstevel@tonic-gate char *err;
12967c478bd9Sstevel@tonic-gate {
12977c478bd9Sstevel@tonic-gate char c;
12987c478bd9Sstevel@tonic-gate
12997c478bd9Sstevel@tonic-gate do {
13007c478bd9Sstevel@tonic-gate if (read(fd, &c, 1) != 1)
13017c478bd9Sstevel@tonic-gate exit(1);
13027c478bd9Sstevel@tonic-gate if (cnt-- == 0) {
13037c478bd9Sstevel@tonic-gate error("%s too long\n", err);
13047c478bd9Sstevel@tonic-gate exit(1);
13057c478bd9Sstevel@tonic-gate }
13067c478bd9Sstevel@tonic-gate *buf++ = c;
13077c478bd9Sstevel@tonic-gate } while (c != 0);
13087c478bd9Sstevel@tonic-gate }
13097c478bd9Sstevel@tonic-gate
13107c478bd9Sstevel@tonic-gate /*PRINTFLIKE1*/
13117c478bd9Sstevel@tonic-gate static void
error(char * fmt,...)13127c478bd9Sstevel@tonic-gate error(char *fmt, ...)
13137c478bd9Sstevel@tonic-gate {
13147c478bd9Sstevel@tonic-gate va_list ap;
13157c478bd9Sstevel@tonic-gate char buf[RSHD_BUFSIZ];
13167c478bd9Sstevel@tonic-gate
13177c478bd9Sstevel@tonic-gate buf[0] = 1;
13187c478bd9Sstevel@tonic-gate va_start(ap, fmt);
13197c478bd9Sstevel@tonic-gate (void) vsnprintf(&buf[1], sizeof (buf) - 1, fmt, ap);
13207c478bd9Sstevel@tonic-gate va_end(ap);
13217c478bd9Sstevel@tonic-gate (void) write(STDERR_FILENO, buf, strlen(buf));
13227c478bd9Sstevel@tonic-gate }
13237c478bd9Sstevel@tonic-gate
13247c478bd9Sstevel@tonic-gate static char *illegal[] = {
13257c478bd9Sstevel@tonic-gate "SHELL=",
13267c478bd9Sstevel@tonic-gate "HOME=",
13277c478bd9Sstevel@tonic-gate "LOGNAME=",
13287c478bd9Sstevel@tonic-gate #ifndef NO_MAIL
13297c478bd9Sstevel@tonic-gate "MAIL=",
13307c478bd9Sstevel@tonic-gate #endif
13317c478bd9Sstevel@tonic-gate "CDPATH=",
13327c478bd9Sstevel@tonic-gate "IFS=",
13337c478bd9Sstevel@tonic-gate "PATH=",
13347c478bd9Sstevel@tonic-gate "USER=",
13357c478bd9Sstevel@tonic-gate "TZ=",
13367c478bd9Sstevel@tonic-gate 0
13377c478bd9Sstevel@tonic-gate };
13387c478bd9Sstevel@tonic-gate
13397c478bd9Sstevel@tonic-gate /*
13407c478bd9Sstevel@tonic-gate * legalenvvar - can PAM modules insert this environmental variable?
13417c478bd9Sstevel@tonic-gate */
13427c478bd9Sstevel@tonic-gate
13437c478bd9Sstevel@tonic-gate static int
legalenvvar(char * s)13447c478bd9Sstevel@tonic-gate legalenvvar(char *s)
13457c478bd9Sstevel@tonic-gate {
13467c478bd9Sstevel@tonic-gate register char **p;
13477c478bd9Sstevel@tonic-gate
13487c478bd9Sstevel@tonic-gate for (p = illegal; *p; p++)
13497c478bd9Sstevel@tonic-gate if (strncmp(s, *p, strlen(*p)) == 0)
13507c478bd9Sstevel@tonic-gate return (0);
13517c478bd9Sstevel@tonic-gate
13527c478bd9Sstevel@tonic-gate if (s[0] == 'L' && s[1] == 'D' && s[2] == '_')
13537c478bd9Sstevel@tonic-gate return (0);
13547c478bd9Sstevel@tonic-gate
13557c478bd9Sstevel@tonic-gate return (1);
13567c478bd9Sstevel@tonic-gate }
13577c478bd9Sstevel@tonic-gate
13587c478bd9Sstevel@tonic-gate /*
13597c478bd9Sstevel@tonic-gate * Add a string to the environment of the new process.
13607c478bd9Sstevel@tonic-gate */
13617c478bd9Sstevel@tonic-gate
13627c478bd9Sstevel@tonic-gate static void
add_to_envinit(char * string)13637c478bd9Sstevel@tonic-gate add_to_envinit(char *string)
13647c478bd9Sstevel@tonic-gate {
13657c478bd9Sstevel@tonic-gate /*
13667c478bd9Sstevel@tonic-gate * Reserve space for 2 * 8 = 16 environment entries initially which
13677c478bd9Sstevel@tonic-gate * should be enough to avoid reallocation of "envinit" in most cases.
13687c478bd9Sstevel@tonic-gate */
13697c478bd9Sstevel@tonic-gate static int size = 8;
13707c478bd9Sstevel@tonic-gate static int index = 0;
13717c478bd9Sstevel@tonic-gate
13727c478bd9Sstevel@tonic-gate if (string == NULL)
13737c478bd9Sstevel@tonic-gate return;
13747c478bd9Sstevel@tonic-gate
13757c478bd9Sstevel@tonic-gate if ((envinit == NULL) || (index == size)) {
13767c478bd9Sstevel@tonic-gate size *= 2;
13777c478bd9Sstevel@tonic-gate envinit = realloc(envinit, (size + 1) * sizeof (char *));
13787c478bd9Sstevel@tonic-gate if (envinit == NULL) {
13797c478bd9Sstevel@tonic-gate perror("malloc");
13807c478bd9Sstevel@tonic-gate exit(1);
13817c478bd9Sstevel@tonic-gate }
13827c478bd9Sstevel@tonic-gate }
13837c478bd9Sstevel@tonic-gate
13847c478bd9Sstevel@tonic-gate envinit[index++] = string;
13857c478bd9Sstevel@tonic-gate envinit[index] = NULL;
13867c478bd9Sstevel@tonic-gate }
13877c478bd9Sstevel@tonic-gate
13887c478bd9Sstevel@tonic-gate /*
13897c478bd9Sstevel@tonic-gate * Check if lenv and penv matches or not.
13907c478bd9Sstevel@tonic-gate */
13917c478bd9Sstevel@tonic-gate static int
locale_envmatch(char * lenv,char * penv)13927c478bd9Sstevel@tonic-gate locale_envmatch(char *lenv, char *penv)
13937c478bd9Sstevel@tonic-gate {
13947c478bd9Sstevel@tonic-gate while ((*lenv == *penv) && (*lenv != '\0') && (*penv != '=')) {
13957c478bd9Sstevel@tonic-gate lenv++;
13967c478bd9Sstevel@tonic-gate penv++;
13977c478bd9Sstevel@tonic-gate }
13987c478bd9Sstevel@tonic-gate
13997c478bd9Sstevel@tonic-gate /*
14007c478bd9Sstevel@tonic-gate * '/' is eliminated for security reason.
14017c478bd9Sstevel@tonic-gate */
14027c478bd9Sstevel@tonic-gate return ((*lenv == '\0' && *penv == '=' && *(penv + 1) != '/'));
14037c478bd9Sstevel@tonic-gate }
14047c478bd9Sstevel@tonic-gate
14057c478bd9Sstevel@tonic-gate #ifndef KRB_SENDAUTH_VLEN
14067c478bd9Sstevel@tonic-gate #define KRB_SENDAUTH_VLEN 8 /* length for version strings */
14077c478bd9Sstevel@tonic-gate #endif
14087c478bd9Sstevel@tonic-gate
14097c478bd9Sstevel@tonic-gate /* MUST be KRB_SENDAUTH_VLEN chars */
14107c478bd9Sstevel@tonic-gate #define KRB_SENDAUTH_VERS "AUTHV0.1"
14117c478bd9Sstevel@tonic-gate #define SIZEOF_INADDR sizeof (struct in_addr)
14127c478bd9Sstevel@tonic-gate
14137c478bd9Sstevel@tonic-gate static krb5_error_code
recvauth(int netf,int * valid_checksum)14147c478bd9Sstevel@tonic-gate recvauth(int netf, int *valid_checksum)
14157c478bd9Sstevel@tonic-gate {
14167c478bd9Sstevel@tonic-gate krb5_auth_context auth_context = NULL;
14177c478bd9Sstevel@tonic-gate krb5_error_code status;
14187c478bd9Sstevel@tonic-gate struct sockaddr_in laddr;
14197c478bd9Sstevel@tonic-gate int len;
14207c478bd9Sstevel@tonic-gate krb5_data inbuf;
14217c478bd9Sstevel@tonic-gate krb5_authenticator *authenticator;
14227c478bd9Sstevel@tonic-gate krb5_ticket *ticket;
14237c478bd9Sstevel@tonic-gate krb5_rcache rcache;
14247c478bd9Sstevel@tonic-gate krb5_data version;
14257c478bd9Sstevel@tonic-gate krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
14267c478bd9Sstevel@tonic-gate krb5_data desinbuf;
14277c478bd9Sstevel@tonic-gate krb5_data desoutbuf;
14287c478bd9Sstevel@tonic-gate char des_inbuf[2 * RSHD_BUFSIZ];
14297c478bd9Sstevel@tonic-gate /* needs to be > largest read size */
14307c478bd9Sstevel@tonic-gate char des_outbuf[2 * RSHD_BUFSIZ + 4];
14317c478bd9Sstevel@tonic-gate /* needs to be > largest write size */
14327c478bd9Sstevel@tonic-gate
14337c478bd9Sstevel@tonic-gate *valid_checksum = 0;
14347c478bd9Sstevel@tonic-gate len = sizeof (laddr);
14357c478bd9Sstevel@tonic-gate
14367c478bd9Sstevel@tonic-gate if (getsockname(netf, (struct sockaddr *)&laddr, &len)) {
14377c478bd9Sstevel@tonic-gate exit(1);
14387c478bd9Sstevel@tonic-gate }
14397c478bd9Sstevel@tonic-gate
14407c478bd9Sstevel@tonic-gate if (status = krb5_auth_con_init(bsd_context, &auth_context))
14417c478bd9Sstevel@tonic-gate return (status);
14427c478bd9Sstevel@tonic-gate
14437c478bd9Sstevel@tonic-gate if (status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf,
14447c478bd9Sstevel@tonic-gate KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR))
14457c478bd9Sstevel@tonic-gate return (status);
14467c478bd9Sstevel@tonic-gate
14477c478bd9Sstevel@tonic-gate status = krb5_auth_con_getrcache(bsd_context, auth_context, &rcache);
14487c478bd9Sstevel@tonic-gate if (status)
14497c478bd9Sstevel@tonic-gate return (status);
14507c478bd9Sstevel@tonic-gate
14517c478bd9Sstevel@tonic-gate if (!rcache) {
14527c478bd9Sstevel@tonic-gate krb5_principal server;
14537c478bd9Sstevel@tonic-gate
14547c478bd9Sstevel@tonic-gate status = krb5_sname_to_principal(bsd_context, 0, 0,
14557c478bd9Sstevel@tonic-gate KRB5_NT_SRV_HST, &server);
14567c478bd9Sstevel@tonic-gate if (status)
14577c478bd9Sstevel@tonic-gate return (status);
14587c478bd9Sstevel@tonic-gate
14597c478bd9Sstevel@tonic-gate status = krb5_get_server_rcache(bsd_context,
14607c478bd9Sstevel@tonic-gate krb5_princ_component(bsd_context, server, 0),
14617c478bd9Sstevel@tonic-gate &rcache);
14627c478bd9Sstevel@tonic-gate krb5_free_principal(bsd_context, server);
14637c478bd9Sstevel@tonic-gate if (status)
14647c478bd9Sstevel@tonic-gate return (status);
14657c478bd9Sstevel@tonic-gate
14667c478bd9Sstevel@tonic-gate status = krb5_auth_con_setrcache(bsd_context, auth_context,
14677c478bd9Sstevel@tonic-gate rcache);
14687c478bd9Sstevel@tonic-gate if (status)
14697c478bd9Sstevel@tonic-gate return (status);
14707c478bd9Sstevel@tonic-gate }
14717c478bd9Sstevel@tonic-gate
14727c478bd9Sstevel@tonic-gate status = krb5_recvauth_version(bsd_context, &auth_context, &netf,
14737c478bd9Sstevel@tonic-gate NULL, /* Specify daemon principal */
14747c478bd9Sstevel@tonic-gate 0, /* no flags */
14757c478bd9Sstevel@tonic-gate keytab, /* normally NULL to use v5srvtab */
14767c478bd9Sstevel@tonic-gate &ticket, /* return ticket */
14777c478bd9Sstevel@tonic-gate &version); /* application version string */
14787c478bd9Sstevel@tonic-gate
14797c478bd9Sstevel@tonic-gate
14807c478bd9Sstevel@tonic-gate if (status) {
14817c478bd9Sstevel@tonic-gate getstr(netf, locuser, sizeof (locuser), "locuser");
14827c478bd9Sstevel@tonic-gate getstr(netf, cmdbuf, sizeof (cmdbuf), "command");
14837c478bd9Sstevel@tonic-gate getstr(netf, remuser, sizeof (locuser), "remuser");
14847c478bd9Sstevel@tonic-gate return (status);
14857c478bd9Sstevel@tonic-gate }
14867c478bd9Sstevel@tonic-gate getstr(netf, locuser, sizeof (locuser), "locuser");
14877c478bd9Sstevel@tonic-gate getstr(netf, cmdbuf, sizeof (cmdbuf), "command");
14887c478bd9Sstevel@tonic-gate
14897c478bd9Sstevel@tonic-gate /* Must be V5 */
14907c478bd9Sstevel@tonic-gate
14917c478bd9Sstevel@tonic-gate kcmd_protocol = KCMD_UNKNOWN_PROTOCOL;
14927c478bd9Sstevel@tonic-gate if (version.length != 9 || version.data == NULL) {
14937c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "bad application version length");
14947c478bd9Sstevel@tonic-gate error(gettext("bad application version length\n"));
14957c478bd9Sstevel@tonic-gate exit(1);
14967c478bd9Sstevel@tonic-gate }
14977c478bd9Sstevel@tonic-gate if (strncmp(version.data, "KCMDV0.1", 9) == 0) {
14987c478bd9Sstevel@tonic-gate kcmd_protocol = KCMD_OLD_PROTOCOL;
14997c478bd9Sstevel@tonic-gate } else if (strncmp(version.data, "KCMDV0.2", 9) == 0) {
15007c478bd9Sstevel@tonic-gate kcmd_protocol = KCMD_NEW_PROTOCOL;
15017c478bd9Sstevel@tonic-gate } else {
15027c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "Unrecognized KCMD protocol (%s)",
15037c478bd9Sstevel@tonic-gate (char *)version.data);
15047c478bd9Sstevel@tonic-gate error(gettext("Unrecognized KCMD protocol (%s)"),
15057c478bd9Sstevel@tonic-gate (char *)version.data);
15067c478bd9Sstevel@tonic-gate exit(1);
15077c478bd9Sstevel@tonic-gate }
15087c478bd9Sstevel@tonic-gate getstr(netf, remuser, sizeof (locuser), "remuser");
15097c478bd9Sstevel@tonic-gate
15107c478bd9Sstevel@tonic-gate if ((status = krb5_unparse_name(bsd_context, ticket->enc_part2->client,
15117c478bd9Sstevel@tonic-gate &kremuser)))
15127c478bd9Sstevel@tonic-gate return (status);
15137c478bd9Sstevel@tonic-gate
15147c478bd9Sstevel@tonic-gate if ((status = krb5_copy_principal(bsd_context,
15157c478bd9Sstevel@tonic-gate ticket->enc_part2->client, &client)))
15167c478bd9Sstevel@tonic-gate return (status);
15177c478bd9Sstevel@tonic-gate
15187c478bd9Sstevel@tonic-gate
15197c478bd9Sstevel@tonic-gate if (checksum_required && (kcmd_protocol == KCMD_OLD_PROTOCOL)) {
15207c478bd9Sstevel@tonic-gate if ((status = krb5_auth_con_getauthenticator(bsd_context,
15217c478bd9Sstevel@tonic-gate auth_context, &authenticator)))
15227c478bd9Sstevel@tonic-gate return (status);
15237c478bd9Sstevel@tonic-gate
15247c478bd9Sstevel@tonic-gate if (authenticator->checksum && checksum_required) {
15257c478bd9Sstevel@tonic-gate struct sockaddr_in adr;
15267c478bd9Sstevel@tonic-gate int adr_length = sizeof (adr);
15277c478bd9Sstevel@tonic-gate int chksumsize = strlen(cmdbuf) + strlen(locuser) + 32;
15287c478bd9Sstevel@tonic-gate krb5_data input;
15297c478bd9Sstevel@tonic-gate krb5_keyblock key;
15307c478bd9Sstevel@tonic-gate
15317c478bd9Sstevel@tonic-gate char *chksumbuf = (char *)malloc(chksumsize);
15327c478bd9Sstevel@tonic-gate
15337c478bd9Sstevel@tonic-gate if (chksumbuf == 0)
15347c478bd9Sstevel@tonic-gate goto error_cleanup;
15357c478bd9Sstevel@tonic-gate if (getsockname(netf, (struct sockaddr *)&adr,
15367c478bd9Sstevel@tonic-gate &adr_length) != 0)
15377c478bd9Sstevel@tonic-gate goto error_cleanup;
15387c478bd9Sstevel@tonic-gate
15397c478bd9Sstevel@tonic-gate (void) snprintf(chksumbuf, chksumsize, "%u:",
15407c478bd9Sstevel@tonic-gate ntohs(adr.sin_port));
15417c478bd9Sstevel@tonic-gate if (strlcat(chksumbuf, cmdbuf,
15427c478bd9Sstevel@tonic-gate chksumsize) >= chksumsize) {
15437c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "cmd buffer too long.");
15447c478bd9Sstevel@tonic-gate free(chksumbuf);
15457c478bd9Sstevel@tonic-gate return (-1);
15467c478bd9Sstevel@tonic-gate }
15477c478bd9Sstevel@tonic-gate if (strlcat(chksumbuf, locuser,
15487c478bd9Sstevel@tonic-gate chksumsize) >= chksumsize) {
15497c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "locuser too long.");
15507c478bd9Sstevel@tonic-gate free(chksumbuf);
15517c478bd9Sstevel@tonic-gate return (-1);
15527c478bd9Sstevel@tonic-gate }
15537c478bd9Sstevel@tonic-gate
15547c478bd9Sstevel@tonic-gate input.data = chksumbuf;
15557c478bd9Sstevel@tonic-gate input.length = strlen(chksumbuf);
15567c478bd9Sstevel@tonic-gate key.magic = ticket->enc_part2->session->magic;
15577c478bd9Sstevel@tonic-gate key.enctype = ticket->enc_part2->session->enctype;
15587c478bd9Sstevel@tonic-gate key.contents = ticket->enc_part2->session->contents;
15597c478bd9Sstevel@tonic-gate key.length = ticket->enc_part2->session->length;
15607c478bd9Sstevel@tonic-gate
15617c478bd9Sstevel@tonic-gate status = krb5_c_verify_checksum(bsd_context,
15627c478bd9Sstevel@tonic-gate &key, 0, &input, authenticator->checksum,
15637c478bd9Sstevel@tonic-gate (unsigned int *)valid_checksum);
15647c478bd9Sstevel@tonic-gate
15657c478bd9Sstevel@tonic-gate if (status == 0 && *valid_checksum == 0)
15667c478bd9Sstevel@tonic-gate status = KRB5KRB_AP_ERR_BAD_INTEGRITY;
15677c478bd9Sstevel@tonic-gate error_cleanup:
15687c478bd9Sstevel@tonic-gate if (chksumbuf)
15697c478bd9Sstevel@tonic-gate krb5_xfree(chksumbuf);
15707c478bd9Sstevel@tonic-gate if (status) {
15717c478bd9Sstevel@tonic-gate krb5_free_authenticator(bsd_context,
15727c478bd9Sstevel@tonic-gate authenticator);
15737c478bd9Sstevel@tonic-gate return (status);
15747c478bd9Sstevel@tonic-gate }
15757c478bd9Sstevel@tonic-gate }
15767c478bd9Sstevel@tonic-gate krb5_free_authenticator(bsd_context, authenticator);
15777c478bd9Sstevel@tonic-gate }
15787c478bd9Sstevel@tonic-gate
15797c478bd9Sstevel@tonic-gate
15807c478bd9Sstevel@tonic-gate if ((strncmp(cmdbuf, "-x ", 3) == 0)) {
15817c478bd9Sstevel@tonic-gate if (krb5_privacy_allowed()) {
15827c478bd9Sstevel@tonic-gate do_encrypt = 1;
15837c478bd9Sstevel@tonic-gate } else {
15847c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "rshd: Encryption not supported");
15857c478bd9Sstevel@tonic-gate error("rshd: Encryption not supported. \n");
15867c478bd9Sstevel@tonic-gate exit(2);
15877c478bd9Sstevel@tonic-gate }
15887c478bd9Sstevel@tonic-gate
15897c478bd9Sstevel@tonic-gate status = krb5_auth_con_getremotesubkey(bsd_context,
15907c478bd9Sstevel@tonic-gate auth_context,
15917c478bd9Sstevel@tonic-gate &sessionkey);
15927c478bd9Sstevel@tonic-gate if (status) {
15937c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "Error getting KRB5 session subkey");
15947c478bd9Sstevel@tonic-gate error(gettext("Error getting KRB5 session subkey"));
15957c478bd9Sstevel@tonic-gate exit(1);
15967c478bd9Sstevel@tonic-gate }
15977c478bd9Sstevel@tonic-gate /*
15987c478bd9Sstevel@tonic-gate * The "new" protocol requires that a subkey be sent.
15997c478bd9Sstevel@tonic-gate */
16007c478bd9Sstevel@tonic-gate if (sessionkey == NULL && kcmd_protocol == KCMD_NEW_PROTOCOL) {
16017c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "No KRB5 session subkey sent");
16027c478bd9Sstevel@tonic-gate error(gettext("No KRB5 session subkey sent"));
16037c478bd9Sstevel@tonic-gate exit(1);
16047c478bd9Sstevel@tonic-gate }
16057c478bd9Sstevel@tonic-gate /*
16067c478bd9Sstevel@tonic-gate * The "old" protocol does not permit an authenticator subkey.
16077c478bd9Sstevel@tonic-gate * The key is taken from the ticket instead (see below).
16087c478bd9Sstevel@tonic-gate */
16097c478bd9Sstevel@tonic-gate if (sessionkey != NULL && kcmd_protocol == KCMD_OLD_PROTOCOL) {
16107c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "KRB5 session subkey not permitted "
16117c478bd9Sstevel@tonic-gate "with old KCMD protocol");
16127c478bd9Sstevel@tonic-gate error(gettext("KRB5 session subkey not permitted "
16137c478bd9Sstevel@tonic-gate "with old KCMD protocol"));
16147c478bd9Sstevel@tonic-gate exit(1);
16157c478bd9Sstevel@tonic-gate }
16167c478bd9Sstevel@tonic-gate /*
16177c478bd9Sstevel@tonic-gate * If no key at this point, use the session key from
16187c478bd9Sstevel@tonic-gate * the ticket.
16197c478bd9Sstevel@tonic-gate */
16207c478bd9Sstevel@tonic-gate if (sessionkey == NULL) {
16217c478bd9Sstevel@tonic-gate /*
16227c478bd9Sstevel@tonic-gate * Save the session key so we can configure the crypto
16237c478bd9Sstevel@tonic-gate * module later.
16247c478bd9Sstevel@tonic-gate */
16257c478bd9Sstevel@tonic-gate status = krb5_copy_keyblock(bsd_context,
16267c478bd9Sstevel@tonic-gate ticket->enc_part2->session,
16277c478bd9Sstevel@tonic-gate &sessionkey);
16287c478bd9Sstevel@tonic-gate if (status) {
16297c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "krb5_copy_keyblock failed");
16307c478bd9Sstevel@tonic-gate error(gettext("krb5_copy_keyblock failed"));
16317c478bd9Sstevel@tonic-gate exit(1);
16327c478bd9Sstevel@tonic-gate }
16337c478bd9Sstevel@tonic-gate }
16347c478bd9Sstevel@tonic-gate /*
16357c478bd9Sstevel@tonic-gate * If session key still cannot be found, we must
16367c478bd9Sstevel@tonic-gate * exit because encryption is required here
16377c478bd9Sstevel@tonic-gate * when encr_flag (-x) is set.
16387c478bd9Sstevel@tonic-gate */
16397c478bd9Sstevel@tonic-gate if (sessionkey == NULL) {
16407c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "Could not find an encryption key");
16417c478bd9Sstevel@tonic-gate error(gettext("Could not find an encryption key"));
16427c478bd9Sstevel@tonic-gate exit(1);
16437c478bd9Sstevel@tonic-gate }
16447c478bd9Sstevel@tonic-gate
16457c478bd9Sstevel@tonic-gate /*
16467c478bd9Sstevel@tonic-gate * Initialize parameters/buffers for desread & deswrite here.
16477c478bd9Sstevel@tonic-gate */
16487c478bd9Sstevel@tonic-gate desinbuf.data = des_inbuf;
16497c478bd9Sstevel@tonic-gate desoutbuf.data = des_outbuf;
16507c478bd9Sstevel@tonic-gate desinbuf.length = sizeof (des_inbuf);
16517c478bd9Sstevel@tonic-gate desoutbuf.length = sizeof (des_outbuf);
16527c478bd9Sstevel@tonic-gate
16537c478bd9Sstevel@tonic-gate eblock.crypto_entry = sessionkey->enctype;
16547c478bd9Sstevel@tonic-gate eblock.key = (krb5_keyblock *)sessionkey;
16557c478bd9Sstevel@tonic-gate
16567c478bd9Sstevel@tonic-gate init_encrypt(do_encrypt, bsd_context, kcmd_protocol,
16577c478bd9Sstevel@tonic-gate &desinbuf, &desoutbuf, SERVER, &eblock);
16587c478bd9Sstevel@tonic-gate }
16597c478bd9Sstevel@tonic-gate
16607c478bd9Sstevel@tonic-gate ticket->enc_part2->session = 0;
16617c478bd9Sstevel@tonic-gate
16627c478bd9Sstevel@tonic-gate if ((status = krb5_read_message(bsd_context, (krb5_pointer) & netf,
16637c478bd9Sstevel@tonic-gate &inbuf))) {
16647c478bd9Sstevel@tonic-gate error(gettext("Error reading message: %s\n"),
16657c478bd9Sstevel@tonic-gate error_message(status));
16667c478bd9Sstevel@tonic-gate exit(1);
16677c478bd9Sstevel@tonic-gate }
16687c478bd9Sstevel@tonic-gate
16697c478bd9Sstevel@tonic-gate if (inbuf.length) {
167032885d59Sgtb krb5_creds **creds = NULL;
167132885d59Sgtb
16727c478bd9Sstevel@tonic-gate /* Forwarding being done, read creds */
167332885d59Sgtb if ((status = krb5_rd_cred(bsd_context,
167432885d59Sgtb auth_context, &inbuf, &creds,
167532885d59Sgtb NULL))) {
16767c478bd9Sstevel@tonic-gate error("Can't get forwarded credentials: %s\n",
16777c478bd9Sstevel@tonic-gate error_message(status));
16787c478bd9Sstevel@tonic-gate exit(1);
16797c478bd9Sstevel@tonic-gate }
16807c478bd9Sstevel@tonic-gate
168132885d59Sgtb /* Store the forwarded creds in the ccache */
168232885d59Sgtb if ((status = store_forw_creds(bsd_context,
168332885d59Sgtb creds, ticket, locuser,
168432885d59Sgtb &ccache))) {
168532885d59Sgtb error("Can't store forwarded credentials: %s\n",
168632885d59Sgtb error_message(status));
168732885d59Sgtb exit(1);
16887c478bd9Sstevel@tonic-gate }
168932885d59Sgtb krb5_free_creds(bsd_context, *creds);
169032885d59Sgtb }
169132885d59Sgtb
16927c478bd9Sstevel@tonic-gate krb5_free_ticket(bsd_context, ticket);
16937c478bd9Sstevel@tonic-gate return (0);
16947c478bd9Sstevel@tonic-gate }
16957c478bd9Sstevel@tonic-gate
16967c478bd9Sstevel@tonic-gate static void
usage(void)16977c478bd9Sstevel@tonic-gate usage(void)
16987c478bd9Sstevel@tonic-gate {
16997c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("%s: rshd [-k5eciU] "
17007c478bd9Sstevel@tonic-gate "[-P path] [-M realm] [-s tos] "
17017c478bd9Sstevel@tonic-gate #ifdef DEBUG
17027c478bd9Sstevel@tonic-gate "[-D port] "
17037c478bd9Sstevel@tonic-gate #endif /* DEBUG */
17047c478bd9Sstevel@tonic-gate "[-S keytab]"), gettext("usage"));
17057c478bd9Sstevel@tonic-gate
17067c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "%s: rshd [-k5eciU] [-P path] [-M realm] [-s tos] "
17077c478bd9Sstevel@tonic-gate #ifdef DEBUG
17087c478bd9Sstevel@tonic-gate "[-D port] "
17097c478bd9Sstevel@tonic-gate #endif /* DEBUG */
17107c478bd9Sstevel@tonic-gate "[-S keytab]", gettext("usage"));
17117c478bd9Sstevel@tonic-gate }
1712