xref: /titanic_52/usr/src/cmd/cmd-inet/usr.bin/rcp.c (revision ad8ef92ae01ac09e533731f5a517162c634308b4)

/*
 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * Copyright (c) 1983 The Regents of the University of California.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by the University of California, Berkeley.  The name of the
 * University may not be used to endorse or promote products derived
 * from this software without specific prior written permission.
 *
 */

#define	_FILE_OFFSET_BITS  64

/*
 * rcp
 */
#include <sys/param.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/acl.h>
#include <dirent.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <pwd.h>
#include <netdb.h>
#include <wchar.h>
#include <stdlib.h>
#include <errno.h>
#include <locale.h>
#include <strings.h>
#include <stdio.h>
#include <ctype.h>
#include <fcntl.h>
#include <unistd.h>
#include <limits.h>
#include <priv_utils.h>
#include <sys/sendfile.h>
#include <sys/sysmacros.h>
#include <sys/wait.h>
#include <aclutils.h>
#include <sys/varargs.h>

/*
 * It seems like Berkeley got these from pathnames.h?
 */
#define	_PATH_RSH	"/usr/bin/rsh"
#define	_PATH_CP	"/usr/bin/cp"

#define	ACL_FAIL	1
#define	ACL_OK		0
#define	RCP_BUFSIZE	(64 * 1024)

#define	RCP_ACL	"/usr/lib/sunw,rcp"
		/* see PSARC/1993/004/opinion */

typedef struct _buf {
	int	cnt;
	char	*buf;
} BUF;

static char *cmd_sunw;
static struct passwd *pwd;
static int errs;
static int pflag;
static uid_t userid;
static int rem;
static int zflag;
static int iamremote;
static int iamrecursive;
static int targetshouldbedirectory;
static int aclflag;
static int acl_aclflag;
static int retval = 0;
static int portnumber = 0;

static void lostconn(void);
static char *search_char(unsigned char *, unsigned char);
static char *removebrackets(char *);
static char *colon(char *);
static int response(void);
static void usage(void);
static void source(int, char **);
static void sink(int, char **);
static void toremote(char *, int, char **);
static void tolocal(int, char **);
static void verifydir(char *);
static int okname(char *);
static int susystem(char *, char **);
static void rsource(char *, struct stat *);
static int sendacl(int);
static int recvacl(int, int, int);
static int zwrite(int, char *, int);
static void zopen(int, int);
static int zclose(int);
static int notzero(char *, int);
static BUF *allocbuf(BUF *, int, int);
static void error(char *fmt, ...);
static void addargs(char **, ...);

/*
 * As a 32 bit application, we can only transfer (2gb - 1) i.e 0x7FFFFFFF
 * bytes of data. We would like the size to be aligned to the nearest
 * MAXBOFFSET (8192) boundary for optimal performance.
 */
#define	SENDFILE_SIZE	0x7FFFE000

#include <k5-int.h>
#include <profile/prof_int.h>
#include <com_err.h>
#include <kcmd.h>

#define	NULLBUF	(BUF *) 0
#define	MAXARGS	10	/* Number of arguments passed to execv() */

static int sock;
static char *cmd, *cmd_orig, *cmd_sunw_orig;
static char *krb_realm = NULL;
static char *krb_cache = NULL;
static char *krb_config = NULL;
static char des_inbuf[2 * RCP_BUFSIZE];
				/* needs to be > largest read size */
static char des_outbuf[2 * RCP_BUFSIZE];
				/* needs to be > largest write size */

static krb5_data desinbuf, desoutbuf;
static krb5_encrypt_block eblock;	/* eblock for encrypt/decrypt */
static krb5_keyblock *session_key;	/* static key for session */
static krb5_context bsd_context = NULL;
static krb5_auth_context auth_context;
static krb5_flags authopts;
static krb5_error_code status;

static void try_normal_rcp(int, char **);
static int init_service(int);
static char **save_argv(int, char **);
static void answer_auth(char *, char *);
static int desrcpwrite(int, char *, int);
static int desrcpread(int, char *, int);

/*
 * Not sure why these two don't have their own header file declarations, but
 * lint complains about absent declarations so place some here. Sigh.
 */
extern errcode_t	profile_get_options_boolean(profile_t, char **,
    profile_options_boolean *);
extern errcode_t	profile_get_options_string(profile_t, char **,
    profile_option_strings *);

static int krb5auth_flag = 0;	/* Flag set, when KERBEROS is enabled */
static profile_options_boolean autologin_option[] = {
	{ "autologin", &krb5auth_flag, 0 },
	{ NULL, NULL, 0 }
};
static int no_krb5auth_flag = 0;

static int encrypt_flag = 0;	/* Flag set, when encryption is enabled */
static int encrypt_done = 0;	/* Flag set, if "-x" is specified */
static enum kcmd_proto kcmd_proto = KCMD_NEW_PROTOCOL;

/* Flag set, if -PN / -PO is specified */
static boolean_t rcmdoption_done = B_FALSE;

static profile_options_boolean option[] = {
	{ "encrypt", &encrypt_flag, 0 },
	{ NULL, NULL, 0 }
};

static char *rcmdproto = NULL;
static profile_option_strings rcmdversion[] = {
	{ "rcmd_protocol", &rcmdproto, 0 },
	{ NULL, NULL, 0 }
};

static char *realmdef[] = { "realms", NULL, "rcp", NULL };
static char *appdef[] = { "appdefaults", "rcp", NULL };
static char **prev_argv;
static int prev_argc;

int
main(int argc, char *argv[])
{
	int ch, fflag, tflag;
	char *targ;
	size_t cmdsiz;

	(void) setlocale(LC_ALL, "");

	if (strcmp(argv[0], RCP_ACL) == 0)
		aclflag = 1;

	if (!(pwd = getpwuid(userid = getuid()))) {
		(void) fprintf(stderr, "rcp: unknown user %d.\n",
		    (uint_t)userid);
		return (1);
	}

	fflag = tflag = 0;
	while ((ch = getopt(argc, argv, "axdfprtz:D:k:P:ZK")) != EOF) {
		switch (ch) {
		case 'd':
			targetshouldbedirectory = 1;
			break;
		case 'f':			/* "from" */
			fflag = 1;
			if (aclflag | acl_aclflag)
				/* ok response */
				(void) desrcpwrite(rem, "", 1);
			break;
		case 'p':			/* preserve access/mod times */
			++pflag;
			break;
		case 'r':
			++iamrecursive;
			break;
		case 't':			/* "to" */
			tflag = 1;
			break;
		case 'Z':
			acl_aclflag++;
			break;
		case 'K':
			no_krb5auth_flag++;
			break;
		case 'x':
			if (!krb5_privacy_allowed()) {
				(void) fprintf(stderr, gettext("rcp: "
				    "Encryption not supported.\n"));
				return (1);
			}
			encrypt_flag++;
			krb5auth_flag++;
			encrypt_done++;
			break;
		case 'k':
			if ((krb_realm = (char *)strdup(optarg)) == NULL) {
				(void) fprintf(stderr, gettext("rcp:"
				    " Cannot malloc.\n"));
				return (1);
			}
			krb5auth_flag++;
			break;
		case 'P':
			if (strncmp(optarg, "O", 1) == 0) {
				if (rcmdoption_done == B_TRUE) {
					(void) fprintf(stderr, gettext("rcp: "
					    "Only one of -PN and -PO "
					    "allowed.\n"));
					usage();
				}
				kcmd_proto = KCMD_OLD_PROTOCOL;
				rcmdoption_done = B_TRUE;
			} else if (strncmp(optarg, "N", 1) == 0) {
				if (rcmdoption_done == B_TRUE) {
					(void) fprintf(stderr, gettext("rcp: "
					    "Only one of -PN and -PO "
					    "allowed.\n"));
					usage();
				}
				kcmd_proto = KCMD_NEW_PROTOCOL;
				rcmdoption_done = B_TRUE;
			} else {
				usage();
			}
			krb5auth_flag++;
			break;
		case 'a':
			krb5auth_flag++;
			break;
#ifdef DEBUG
		case 'D':
			portnumber = htons(atoi(optarg));
			krb5auth_flag++;
			break;
#endif /* DEBUG */
		case '?':
		default:
			usage();
		}
	}
	argc -= optind;
	argv += optind;

	/*
	 * if the user disables krb5 on the cmdline (-K), then skip
	 * all krb5 setup.
	 *
	 * if the user does not disable krb5 or enable krb5 on the
	 * cmdline, check krb5.conf to see if it should be enabled.
	 */

	if (no_krb5auth_flag) {
		krb5auth_flag = 0;
		fflag = encrypt_flag = 0;
	} else if (!krb5auth_flag) {
		/* is autologin set in krb5.conf? */
		status = krb5_init_context(&bsd_context);
		/* don't sweat failure here */
		if (!status) {
			/*
			 * note that the call to profile_get_options_boolean
			 * with autologin_option can affect value of
			 * krb5auth_flag
			 */
			(void) profile_get_options_boolean(bsd_context->profile,
			    appdef,
			    autologin_option);
		}
	}

	if (krb5auth_flag > 0) {
		if (!bsd_context) {
			status = krb5_init_context(&bsd_context);
			if (status) {
				com_err("rcp", status,
				    gettext("while initializing krb5"));
				return (1);
			}
		}

		/*
		 * Set up buffers for desread and deswrite.
		 */
		desinbuf.data = des_inbuf;
		desoutbuf.data = des_outbuf;
		desinbuf.length = sizeof (des_inbuf);
		desoutbuf.length = sizeof (des_outbuf);
	}

	if (fflag || tflag)
		if (encrypt_flag > 0)
			(void) answer_auth(krb_config, krb_cache);

	if (fflag) {
		iamremote = 1;
		(void) response();
		(void) setuid(userid);
		source(argc, argv);
		return (errs);
	}

	if (tflag) {
		iamremote = 1;
		(void) setuid(userid);
		sink(argc, argv);
		return (errs);
	}

	if (argc < 2)
		usage();

	/* This will make "rcmd_af()" magically get the proper privilege */
	if (__init_suid_priv(0, PRIV_NET_PRIVADDR, (char *)NULL) == -1) {
		(void) fprintf(stderr, "rcp: must be set-uid root\n");
		exit(1);
	}

	if (krb5auth_flag > 0) {
		/*
		 * Get our local realm to look up local realm options.
		 */
		status = krb5_get_default_realm(bsd_context, &realmdef[1]);
		if (status) {
			com_err("rcp", status,
			    gettext("while getting default realm"));
			return (1);
		}
		/*
		 * See if encryption should be done for this realm
		 */
		(void) profile_get_options_boolean(bsd_context->profile,
		    realmdef, option);
		/*
		 * Check the appdefaults section
		 */
		(void) profile_get_options_boolean(bsd_context->profile,
		    appdef, option);
		(void) profile_get_options_string(bsd_context->profile,
		    appdef, rcmdversion);
		if ((encrypt_done > 0) || (encrypt_flag > 0)) {
			if (krb5_privacy_allowed() == TRUE) {
				encrypt_flag++;
			} else {
				(void) fprintf(stderr, gettext("rcp: Encryption"
				    " not supported.\n"));
				return (1);
			}
		}

		if ((rcmdoption_done == B_FALSE) && (rcmdproto != NULL)) {
			if (strncmp(rcmdproto, "rcmdv2", 6) == 0) {
				kcmd_proto = KCMD_NEW_PROTOCOL;
			} else if (strncmp(rcmdproto, "rcmdv1", 6) == 0) {
				kcmd_proto = KCMD_OLD_PROTOCOL;
			} else {
				(void) fprintf(stderr, gettext("Unrecognized "
				    "KCMD protocol (%s)"), rcmdproto);
				return (1);
			}
		}
	}

	if (argc > 2)
		targetshouldbedirectory = 1;

	rem = -1;

	if (portnumber == 0) {
		if (krb5auth_flag > 0) {
			retval = init_service(krb5auth_flag);
			if (!retval) {
				/*
				 * Connecting to the kshell service failed,
				 * fallback to normal rcp & reset KRB5 flags.
				 */
				krb5auth_flag = encrypt_flag = 0;
				encrypt_done = 0;
				(void) init_service(krb5auth_flag);
			}
		}
		else
			(void) init_service(krb5auth_flag);
	}

#ifdef DEBUG
	if (retval || krb5auth_flag) {
		(void) fprintf(stderr, gettext("Kerberized rcp session, "
		    "port %d in use "), portnumber);
		if (kcmd_proto == KCMD_OLD_PROTOCOL)
			(void) fprintf(stderr, gettext("[kcmd ver.1]\n"));
		else
			(void) fprintf(stderr, gettext("[kcmd ver.2]\n"));
	} else {
		(void) fprintf(stderr, gettext("Normal rcp session, port %d "
		    "in use.\n"), portnumber);
	}
#endif /* DEBUG */

	if (krb5auth_flag > 0) {
		/*
		 * We calculate here a buffer size that can be used in the
		 * allocation of the three buffers cmd, cmd_orig and
		 * cmd_sunw_orig that are used to hold different incantations
		 * of rcp.
		 */
		cmdsiz = MAX(sizeof ("-x rcp -r -p -d -k ") +
		    strlen(krb_realm != NULL ? krb_realm : ""),
		    sizeof (RCP_ACL " -r -p -z -d"));

		if (((cmd = (char *)malloc(cmdsiz)) == NULL) ||
		    ((cmd_sunw_orig = (char *)malloc(cmdsiz)) == NULL) ||
		    ((cmd_orig = (char *)malloc(cmdsiz)) == NULL)) {
			(void) fprintf(stderr, gettext("rcp: Cannot "
			    "malloc.\n"));
			return (1);
		}

		(void) snprintf(cmd, cmdsiz, "%srcp %s%s%s%s%s",
		    encrypt_flag ? "-x " : "",
		    iamrecursive ? " -r" : "", pflag ? " -p" : "",
		    targetshouldbedirectory ? " -d" : "",
		    krb_realm != NULL ? " -k " : "",
		    krb_realm != NULL ? krb_realm : "");

		/*
		 * We would use cmd-orig as the 'cmd-buffer' if kerberized
		 * rcp fails, in which case we fallback to normal rcp. We also
		 * save argc & argv for the same purpose
		 */
		(void) snprintf(cmd_orig, cmdsiz, "rcp%s%s%s%s",
		    iamrecursive ? " -r" : "",
		    pflag ? " -p" : "",
		    zflag ? " -z" : "",
		    targetshouldbedirectory ? " -d" : "");

		(void) snprintf(cmd_sunw_orig, cmdsiz, "%s%s%s%s%s", RCP_ACL,
		    iamrecursive ? " -r" : "",
		    pflag ? " -p" : "",
		    zflag ? " -z" : "",
		    targetshouldbedirectory ? " -d" : "");

		prev_argc = argc;
		prev_argv = save_argv(argc, argv);

	} else {
		cmdsiz = sizeof ("rcp -r -p -z -d");
		if (((cmd = (char *)malloc(cmdsiz)) == NULL)) {
			(void) fprintf(stderr, gettext("rcp: Cannot "
			    "malloc.\n"));
			return (1);
		}

		(void) snprintf(cmd, cmdsiz, "rcp%s%s%s%s",
		    iamrecursive ? " -r" : "",
		    pflag ? " -p" : "",
		    zflag ? " -z" : "",
		    targetshouldbedirectory ? " -d" : "");
	}

	cmdsiz = sizeof (RCP_ACL " -r -p -z -d");
	if ((cmd_sunw = (char *)malloc(cmdsiz)) == NULL) {
		(void) fprintf(stderr, gettext("rcp: Cannot malloc.\n"));
		return (1);
	}

	(void) snprintf(cmd_sunw, cmdsiz, "%s%s%s%s%s", RCP_ACL,
	    iamrecursive ? " -r" : "",
	    pflag ? " -p" : "",
	    zflag ? " -z" : "",
	    targetshouldbedirectory ? " -d" : "");

	(void) signal(SIGPIPE, (void (*)(int))lostconn);

	if (targ = colon(argv[argc - 1]))
		toremote(targ, argc, argv);
	else {
		tolocal(argc, argv);
		if (targetshouldbedirectory)
			verifydir(argv[argc - 1]);
	}

	return (errs > 0 ? EXIT_FAILURE : EXIT_SUCCESS);
}


static void
toremote(char *targ, int argc, char *argv[])
{
	int i;
	char *host, *src, *suser, *thost, *tuser;
	char resp;
	size_t buffersize;
	char bp[RCP_BUFSIZE];
	krb5_creds *cred;
	char *arglist[MAXARGS+1];
	buffersize = RCP_BUFSIZE;

	*targ++ = 0;
	if (*targ == 0)
		targ = ".";

	if (thost = search_char((unsigned char *)argv[argc - 1], '@')) {
		*thost++ = 0;
		tuser = argv[argc - 1];
		if (*tuser == '\0')
			tuser = NULL;
		else if (!okname(tuser))
			exit(1);
	} else {
		thost = argv[argc - 1];
		tuser = NULL;
	}
	thost = removebrackets(thost);

	for (i = 0; i < argc - 1; i++) {
		src = colon(argv[i]);
		if (src) {			/* remote to remote */
			*src++ = 0;
			if (*src == 0)
				src = ".";
			host = search_char((unsigned char *)argv[i], '@');
			if (host) {
				*host++ = 0;
				host = removebrackets(host);
				suser = argv[i];
				if (*suser == '\0') {
					suser = pwd->pw_name;
				} else if (!okname(suser)) {
					errs++;
					continue;
				}
				(void) snprintf(bp, buffersize, "'%s%s%s:%s'",
				    tuser ? tuser : "", tuser ? "@" : "",
				    thost, targ);
				(void) addargs(arglist, "rsh", host, "-l",
				    suser, "-n", cmd, src, bp, (char *)NULL);
			} else {
				host = removebrackets(argv[i]);
				(void) snprintf(bp, buffersize, "'%s%s%s:%s'",
				    tuser ? tuser : "", tuser ? "@" : "",
				    thost, targ);
				(void) addargs(arglist, "rsh", host, "-n", cmd,
				    src, bp, (char *)NULL);
			}
			if (susystem(_PATH_RSH, arglist) == -1)
				errs++;
		} else {			/* local to remote */
			if (rem == -1) {
				host = thost;
				if (krb5auth_flag > 0) {

				(void) snprintf(bp, buffersize,
				    "%s -t %s", cmd, targ);
				authopts = AP_OPTS_MUTUAL_REQUIRED;
				status = kcmd(&sock, &host,
				    portnumber,
				    pwd->pw_name,
				    tuser ? tuser :
				    pwd->pw_name,
				    bp,
				    0,
				    "host",
				    krb_realm,
				    bsd_context,
				    &auth_context,
				    &cred,
				    0,	/* No seq # */
				    0,	/* No server seq # */
				    authopts,
				    0,	/* Not any port # */
				    &kcmd_proto);
				if (status) {
					/*
					 * If new protocol requested, we dont
					 * fallback to less secure ones.
					 */

					if (kcmd_proto == KCMD_NEW_PROTOCOL) {
						(void) fprintf(stderr,
						    gettext("rcp: kcmdv2 "
						    "to host %s failed - %s"
						    "\nFallback to normal "
						    "rcp denied."), host,
						    error_message(status));
						exit(1);
					}
					if (status != -1) {
						(void) fprintf(stderr,
						    gettext("rcp: kcmd to host "
						    "%s failed - %s,\n"
						    "trying normal rcp...\n\n"),
						    host,
						    error_message(status));
					} else {
						(void) fprintf(stderr,
						    gettext("trying normal"
						    " rcp...\n"));
					}
					/*
					 * kcmd() failed, so we have to
					 * fallback to normal rcp
					 */
					try_normal_rcp(prev_argc, prev_argv);
				} else {
					rem = sock;
					session_key = &cred->keyblock;
					if (kcmd_proto == KCMD_NEW_PROTOCOL) {
						/* CSTYLED */
						status = krb5_auth_con_getlocalsubkey(bsd_context, auth_context, &session_key);
						if (status) {
							com_err("rcp", status,
							    "determining "
							    "subkey for "
							    "session");
							exit(1);
						}
						if (!session_key) {
							com_err("rcp", 0,
							    "no subkey "
							    "negotiated for"
							    " connection");
							exit(1);
						}
					}
					eblock.crypto_entry =
					    session_key->enctype;
					eblock.key =
					    (krb5_keyblock *)session_key;

					init_encrypt(encrypt_flag,
					    bsd_context, kcmd_proto,
					    &desinbuf, &desoutbuf, CLIENT,
					    &eblock);
					if (encrypt_flag > 0) {
						char *s = gettext("This rcp "
						    "session is using "
						    "encryption for all "
						    "data transmissions."
						    "\r\n");

						(void) write(2, s, strlen(s));
					}
				}
				if (response() < 0)
					exit(1);

				} else {

					/*
					 * ACL support: try to find out if the
					 * remote site is running acl cognizant
					 * version of rcp. A special binary
					 * name is used for this purpose.
					 */
					aclflag = 1;
					acl_aclflag = 1;

					/*
					 * First see if the remote side will
					 * support both aclent_t and ace_t
					 * acl's?
					 */
					(void) snprintf(bp, buffersize,
					    "%s -tZ %s",
					    cmd_sunw, targ);
					rem = rcmd_af(&host, portnumber,
					    pwd->pw_name,
					    tuser ? tuser : pwd->pw_name,
					    bp, 0, AF_INET6);
					if (rem < 0)
						exit(1);

					/*
					 * This is similar to routine
					 * response(). If response is not ok,
					 * treat the other side as non-acl rcp.
					 */
					if (read(rem, &resp, sizeof (resp))
					    != sizeof (resp))
						lostconn();
					if (resp != 0) {
						acl_aclflag = 0;
						(void) snprintf(bp, buffersize,
						    "%s -t %s", cmd_sunw, targ);

						(void) close(rem);
						host = thost;
						rem = rcmd_af(&host, portnumber,
						    pwd->pw_name,
						    tuser ? tuser :
						    pwd->pw_name,
						    bp, 0, AF_INET6);
						if (rem < 0)
							exit(1);

						if (read(rem, &resp,
						    sizeof (resp))
						    != sizeof (resp))
							lostconn();
						if (resp != 0) {
							/*
							 * Not OK:
							 * The other side is
							 * running non-acl rcp.
							 * Try again with
							 * normal stuff.
							 */
							aclflag = 0;
							(void) snprintf(bp,
							    buffersize,
							    "%s -t %s", cmd,
							    targ);
							(void) close(rem);
							host = thost;
							rem = rcmd_af(&host,
							    portnumber,
							    pwd->pw_name,
							    tuser ? tuser :
							    pwd->pw_name, bp, 0,
							    AF_INET6);
							if (rem < 0)
								exit(1);
							if (response() < 0)
								exit(1);
						}
					}
					/* everything should be fine now */
					(void) setuid(userid);

				}
			}
			source(1, argv + i);
		}
	}
}

static void
tolocal(int argc, char *argv[])
{
	int i;
	char *host, *src, *suser, *lhost;
	char resp;
	size_t buffersize;
	char bp[RCP_BUFSIZE];
	krb5_creds *cred;
	char *arglist[MAXARGS+1];
	buffersize = RCP_BUFSIZE;

	for (i = 0; i < argc - 1; i++) {
		if (!(src = colon(argv[i]))) {	/* local to local */
			(void) addargs(arglist, "cp",
			    iamrecursive ? "-r" : "", pflag ? "-p" : "",
			    zflag ? "-z" : "", argv[i], argv[argc - 1],
			    (char *)NULL);
			if (susystem(_PATH_CP, arglist) == -1)
				errs++;
			continue;
		}
		*src++ = 0;
		if (*src == 0)
			src = ".";
		host = search_char((unsigned char *)argv[i], '@');
		if (host) {
			*host++ = 0;
			suser = argv[i];
			if (*suser == '\0') {
				suser = pwd->pw_name;
			} else if (!okname(suser)) {
				errs++;
				continue;
			}
		} else {
			host = argv[i];
			suser = pwd->pw_name;
		}
		host = removebrackets(host);
		lhost = host;
		if (krb5auth_flag > 0) {

			(void) snprintf(bp, buffersize, "%s -f %s", cmd, src);
			authopts = AP_OPTS_MUTUAL_REQUIRED;
			status = kcmd(&sock, &host,
			    portnumber,
			    pwd->pw_name, suser,
			    bp,
			    0,	/* &rfd2 */
			    "host",
			    krb_realm,
			    bsd_context,
			    &auth_context,
			    &cred,
			    0,	/* No seq # */
			    0,	/* No server seq # */
			    authopts,
			    1,	/* Not any port # */
			    &kcmd_proto);
			if (status) {
				/*
				 * If new protocol requested, we dont
				 * fallback to less secure ones.
				 */
				if (kcmd_proto == KCMD_NEW_PROTOCOL) {
					(void) fprintf(stderr,
					    gettext("rcp: kcmdv2 "
					    "to host %s failed - %s\n"
					    "Fallback to normal rcp denied."),
					    host, error_message(status));
					exit(1);
				}
				if (status != -1) {
					(void) fprintf(stderr,
					    gettext("rcp: kcmd "
					    "to host %s failed - %s,\n"
					    "trying normal rcp...\n\n"),
					    host, error_message(status));
				} else {
					(void) fprintf(stderr,
					    gettext("trying normal rcp...\n"));
				}
				/*
				 * kcmd() failed, so we have to
				 * fallback to normal rcp
				 */
				try_normal_rcp(prev_argc, prev_argv);
			} else {
				rem = sock;
				session_key = &cred->keyblock;
				if (kcmd_proto == KCMD_NEW_PROTOCOL) {
					status = krb5_auth_con_getlocalsubkey(
					    bsd_context, auth_context,
					    &session_key);
					if (status) {
						com_err("rcp", status,
						    "determining "
						    "subkey for session");
						exit(1);
					}
					if (!session_key) {
						com_err("rcp", 0,
						    "no subkey negotiated"
						    " for connection");
						exit(1);
					}
				}
				eblock.crypto_entry = session_key->enctype;
				eblock.key = (krb5_keyblock *)session_key;

				init_encrypt(encrypt_flag, bsd_context,
				    kcmd_proto,
				    &desinbuf, &desoutbuf, CLIENT,
				    &eblock);
				if (encrypt_flag > 0) {
					char *s = gettext("This rcp "
					    "session is using DES "
					    "encryption for all "
					    "data transmissions."
					    "\r\n");

					(void) write(2, s, strlen(s));
				}
			}

		}
		else
		{

			/*
			 * ACL support: try to find out if the remote site is
			 * running acl cognizant version of rcp.
			 */
			aclflag = 1;
			acl_aclflag = 1;

			(void) snprintf(bp, buffersize, "%s -Zf %s", cmd_sunw,
			    src);
			rem = rcmd_af(&host, portnumber, pwd->pw_name, suser,
			    bp, 0, AF_INET6);

			if (rem < 0) {
				++errs;
				continue;
			}

			/*
			 * The remote system is supposed to send an ok response.
			 * If there are any data other than "ok", it must be
			 * error messages from the remote system. We can assume
			 * the remote system is running non-acl version rcp.
			 */
			if (read(rem, &resp, sizeof (resp)) != sizeof (resp))
				lostconn();

			if (resp != 0) {

				/*
				 * Try again without ace_acl support
				 */
				acl_aclflag = 0;
				(void) snprintf(bp, buffersize, "%s -f %s",
				    cmd_sunw, src);
				(void) close(rem);
				rem = rcmd_af(&host, portnumber, pwd->pw_name,
				    suser, bp, 0, AF_INET6);

				if (rem < 0) {
					++errs;
					continue;
				}

				if (read(rem, &resp,
				    sizeof (resp)) != sizeof (resp))
					lostconn();

				if (resp != 0) {
					/*
					 * NOT ok:
					 * The other side is running non-acl
					 * rcp. Try again with normal stuff.
					 */
					aclflag = 0;
					(void) snprintf(bp, buffersize,
					    "%s -f %s", cmd, src);
					(void) close(rem);
					host = lhost;
					rem = rcmd_af(&host, portnumber,
					    pwd->pw_name, suser, bp, 0,
					    AF_INET6);
					if (rem < 0) {
						++errs;
						continue;
					}
				}
			}
		}

		sink(1, argv + argc - 1);

		(void) close(rem);
		rem = -1;
	}
}


static void
verifydir(char *cp)
{
	struct stat stb;

	if (stat(cp, &stb) >= 0) {
		if ((stb.st_mode & S_IFMT) == S_IFDIR)
			return;
		errno = ENOTDIR;
	}
	error("rcp: %s: %s.\n", cp, strerror(errno));
	exit(1);
}

static char *
colon(char *cp)
{
	boolean_t is_bracket_open = B_FALSE;

	for (; *cp; ++cp) {
		if (*cp == '[')
			is_bracket_open = B_TRUE;
		else if (*cp == ']')
			is_bracket_open = B_FALSE;
		else if (*cp == ':' && !is_bracket_open)
			return (cp);
		else if (*cp == '/')
			return (0);
	}
	return (0);
}

static int
okname(char *cp0)
{
	register char *cp = cp0;
	register int c;

	do {
		c = *cp;
		if (c & 0200)
			goto bad;
		if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
			goto bad;
	} while (*++cp);
	return (1);
bad:
	(void) fprintf(stderr, "rcp: invalid user name %s\n", cp0);
	return (0);
}


static char *
removebrackets(char *str)
{
	char *newstr = str;

	if ((str[0] == '[') && (str[strlen(str) - 1] == ']')) {
		newstr = str + 1;
		str[strlen(str) - 1] = '\0';
	}
	return (newstr);
}

static int
susystem(char *path, char **arglist)
{
	int status, pid, w;
	register void (*istat)(), (*qstat)();
	int pfds[2];
	char buf[BUFSIZ];
	int cnt;
	boolean_t seen_stderr_traffic;

	/*
	 * Due to the fact that rcp uses rsh to copy between 2 remote
	 * machines, rsh doesn't return the exit status of the remote
	 * command, and we can't modify the rcmd protocol used by rsh
	 * (for interoperability reasons) we use the hack of using any
	 * output on stderr as indication that an error occurred and
	 * that we should return a non-zero error code.
	 */

	if (pipe(pfds) == -1) {
		(void) fprintf(stderr, "Couldn't create pipe: %s\n",
		    strerror(errno));
		return (-1);
	}

	if ((pid = vfork()) < 0) {
		(void) close(pfds[0]);
		(void) close(pfds[1]);
		(void) fprintf(stderr, "Couldn't fork child process: %s\n",
		    strerror(errno));
		return (-1);
	} else if (pid == 0) {
		/*
		 * Child.
		 */
		(void) close(pfds[0]);
		/*
		 * Send stderr messages down the pipe so that we can detect
		 * them in the parent process.
		 */
		if (pfds[1] != STDERR_FILENO) {
			(void) dup2(pfds[1], STDERR_FILENO);
			(void) close(pfds[1]);
		}
		/*
		 * This shell does not inherit the additional privilege
		 * we have in our Permitted set.
		 */
		(void) execv(path, arglist);
		_exit(127);
	}
	/*
	 * Parent.
	 */
	istat = signal(SIGINT, SIG_IGN);
	qstat = signal(SIGQUIT, SIG_IGN);

	(void) close(pfds[1]);
	seen_stderr_traffic = B_FALSE;
	while ((cnt = read(pfds[0], buf, sizeof (buf))) > 0) {
		/*
		 * If any data is read from the pipe the child process
		 * has output something on stderr so we set the boolean
		 * 'seen_stderr_traffic' to true, which will cause the
		 * function to return -1.
		 */
		(void) write(STDERR_FILENO, buf, cnt);
		seen_stderr_traffic = B_TRUE;
	}
	(void) close(pfds[0]);
	while ((w = wait(&status)) != pid && w != -1)
		;
	if (w == -1)
		status = -1;

	(void) signal(SIGINT, istat);
	(void) signal(SIGQUIT, qstat);

	return (seen_stderr_traffic ? -1 : status);
}

static void
source(int argc, char *argv[])
{
	struct stat stb;
	static BUF buffer;
	BUF *bp;
	int x, readerr, f, amt;
	char *last, *name, buf[RCP_BUFSIZE];
	off_t off, size, i;
	ssize_t cnt;
	struct linger lingerbuf;

	for (x = 0; x < argc; x++) {
		name = argv[x];
		if ((f = open(name, O_RDONLY, 0)) < 0) {
			error("rcp: %s: %s\n", name, strerror(errno));
			continue;
		}
		if (fstat(f, &stb) < 0)
			goto notreg;
		switch (stb.st_mode&S_IFMT) {

		case S_IFREG:
			break;

		case S_IFDIR:
			if (iamrecursive) {
				(void) close(f);
				rsource(name, &stb);
				continue;
			}
			/* FALLTHROUGH */
		default:
notreg:
			(void) close(f);
			error("rcp: %s: not a plain file\n", name);
			continue;
		}
		last = rindex(name, '/');
		if (last == 0)
			last = name;
		else
			last++;
		if (pflag) {
			time_t mtime, atime;
			time_t now;

			/*
			 * Make it compatible with possible future
			 * versions expecting microseconds.
			 */
			mtime = stb.st_mtime;
			atime = stb.st_atime;

			if ((mtime < 0) || (atime < 0)) {
				now = time(NULL);

				if (mtime < 0) {
					mtime = now;
					error("negative modification time on "
					    "%s; not preserving\n", name);
				}
				if (atime < 0) {
					atime = now;
					error("negative access time on "
					    "%s; not preserving\n", name);
				}
			}
			(void) snprintf(buf, sizeof (buf), "T%ld 0 %ld 0\n",
			    mtime, atime);
			(void) desrcpwrite(rem, buf, strlen(buf));
			if (response() < 0) {
				(void) close(f);
				continue;
			}
		}
		(void) snprintf(buf, sizeof (buf), "C%04o %lld %s\n",
		    (uint_t)(stb.st_mode & 07777), (longlong_t)stb.st_size,
		    last);
		(void) desrcpwrite(rem, buf, strlen(buf));
		if (response() < 0) {
			(void) close(f);
			continue;
		}

		/* ACL support: send */
		if (aclflag | acl_aclflag) {
			/* get acl from f and send it over */
			if (sendacl(f) == ACL_FAIL) {
				(void) close(f);
				continue;
			}
		}
		if ((krb5auth_flag > 0) || (iamremote == 1)) {
			bp = allocbuf(&buffer, f, RCP_BUFSIZE);
			if (bp == NULLBUF) {
				(void) close(f);
				continue;
			}
			readerr = 0;
			for (i = 0; i < stb.st_size; i += bp->cnt) {
				amt = bp->cnt;
				if (i + amt > stb.st_size)
					amt = stb.st_size - i;
				if (readerr == 0 &&
				    read(f, bp->buf, amt) != amt)
					readerr = errno;
				(void) desrcpwrite(rem, bp->buf, amt);
			}
			(void) close(f);
			if (readerr == 0)
				(void) desrcpwrite(rem, "", 1);
			else
				error("rcp: %s: %s\n", name,
				    error_message(readerr));
		} else {
			cnt = off = 0;
			size = stb.st_size;
			while (size != 0) {
				amt = MIN(size, SENDFILE_SIZE);
				cnt = sendfile(rem, f, &off, amt);
				if (cnt == -1) {
					if (errno == EINTR) {
						continue;
					} else {
						break;
					}
				}
				if (cnt == 0)
					break;
				size -= cnt;
			}
			if (cnt < 0) {
				error("rcp: %s: %s\n", name, strerror(errno));
			} else if (cnt == 0 && size != 0) {
				error("rcp: %s: unexpected end of file\n",
				    name);
				lingerbuf.l_onoff = 1;
				lingerbuf.l_linger = 0;
				(void) setsockopt(rem, SOL_SOCKET, SO_LINGER,
				    &lingerbuf, sizeof (lingerbuf));
				/*
				 * When response() (see below) is invoked it
				 * tries to read data from closed handle which
				 * triggers error and lostconn() function.
				 * lostconn() terminates the program with
				 * appropriate message.
				 */
				(void) close(rem);
				rem = -1;
			} else {
				(void) write(rem, "", 1);
			}
			(void) close(f);
		}
		(void) response();
	}
}


static void
rsource(char *name, struct stat *statp)
{
	DIR *d;
	struct dirent *dp;
	char *last, *vect[1];
	char path[MAXPATHLEN];

	if (!(d = opendir(name))) {
		error("rcp: %s: %s\n", name, strerror(errno));
		return;
	}
	last = rindex(name, '/');
	if (last == 0)
		last = name;
	else
		last++;
	if (pflag) {
		(void) snprintf(path, sizeof (path), "T%ld 0 %ld 0\n",
		    statp->st_mtime, statp->st_atime);
		(void) desrcpwrite(rem, path, strlen(path));
		if (response() < 0) {
			(void) closedir(d);
			return;
		}
	}
	(void) snprintf(path, sizeof (path), "D%04o %d %s\n",
	    (uint_t)(statp->st_mode & 07777), 0, last);
	(void) desrcpwrite(rem, path, strlen(path));

	/* acl support for directory */
	if (aclflag) {
		/* get acl from f and send it over */
		if (sendacl(d->dd_fd) == ACL_FAIL) {
			(void) closedir(d);
			return;
		}
	}

	if (response() < 0) {
		(void) closedir(d);
		return;
	}

	while (dp = readdir(d)) {
		if (dp->d_ino == 0)
			continue;
		if ((strcmp(dp->d_name, ".") == 0) ||
		    (strcmp(dp->d_name, "..") == 0))
			continue;
		if ((uint_t)strlen(name) + 1 + strlen(dp->d_name) >=
		    MAXPATHLEN - 1) {
			error("%s/%s: name too long.\n", name, dp->d_name);
			continue;
		}
		(void) snprintf(path, sizeof (path), "%s/%s",
		    name, dp->d_name);
		vect[0] = path;
		source(1, vect);
	}
	(void) closedir(d);
	(void) desrcpwrite(rem, "E\n", 2);
	(void) response();
}

static int
response(void)
{
	register char *cp;
	char ch, resp, rbuf[RCP_BUFSIZE];

	if (desrcpread(rem, &resp, 1) != 1)
		lostconn();
	cp = rbuf;
	switch (resp) {
	case 0:				/* ok */
		return (0);
	default:
		*cp++ = resp;
		/* FALLTHROUGH */
	case 1:				/* error, followed by err msg */
	case 2:				/* fatal error, "" */
		do {
			if (desrcpread(rem, &ch, sizeof (ch)) != sizeof (ch))
				lostconn();
			*cp++ = ch;
		} while (cp < &rbuf[RCP_BUFSIZE] && ch != '\n');

		if (!iamremote)
			(void) write(STDERR_FILENO, rbuf, cp - rbuf);
		++errs;
		if (resp == 1)
			return (-1);
		exit(1);
	}
	/*NOTREACHED*/
}

static void
lostconn(void)
{
	if (!iamremote)
		(void) fprintf(stderr, "rcp: lost connection\n");
	exit(1);
}


static void
sink(int argc, char *argv[])
{
	char *cp;
	static BUF buffer;
	struct stat stb;
	struct timeval tv[2];
	BUF *bp;
	off_t i, j;
	char ch, *targ, *why;
	int amt, count, exists, first, mask, mode;
	off_t size;
	int ofd, setimes, targisdir, wrerr;
	char *np, *vect[1], buf[RCP_BUFSIZE];
	char *namebuf = NULL;
	size_t namebuf_sz = 0;
	size_t need;

#define	atime	tv[0]
#define	mtime	tv[1]
#define	SCREWUP(str)	{ why = str; goto screwup; }

	setimes = targisdir = 0;
	mask = umask(0);
	if (!pflag)
		(void) umask(mask);
	if (argc != 1) {
		error("rcp: ambiguous target\n");
		exit(1);
	}
	targ = *argv;
	if (targetshouldbedirectory)
		verifydir(targ);
	(void) desrcpwrite(rem, "", 1);

	if (stat(targ, &stb) == 0 && (stb.st_mode & S_IFMT) == S_IFDIR)
		targisdir = 1;
	for (first = 1; ; first = 0) {
		cp = buf;
		if (desrcpread(rem, cp, 1) <= 0) {
			if (namebuf != NULL)
				free(namebuf);
			return;
		}

		if (*cp++ == '\n')
			SCREWUP("unexpected <newline>");
		do {
			if (desrcpread(rem, &ch, sizeof (ch)) != sizeof (ch))
				SCREWUP("lost connection");
			*cp++ = ch;
		} while (cp < &buf[RCP_BUFSIZE - 1] && ch != '\n');
		*cp = 0;

		if (buf[0] == '\01' || buf[0] == '\02') {
			if (iamremote == 0)
				(void) write(STDERR_FILENO, buf + 1,
				    strlen(buf + 1));
			if (buf[0] == '\02')
				exit(1);
			errs++;
			continue;
		}
		if (buf[0] == 'E') {
			(void) desrcpwrite(rem, "", 1);
			if (namebuf != NULL)
				free(namebuf);
			return;
		}

		if (ch == '\n')
			*--cp = 0;
		cp = buf;
		if (*cp == 'T') {
			setimes++;
			cp++;
			mtime.tv_sec = strtol(cp, &cp, 0);
			if (*cp++ != ' ')
				SCREWUP("mtime.sec not delimited");
			mtime.tv_usec = strtol(cp, &cp, 0);
			if (*cp++ != ' ')
				SCREWUP("mtime.usec not delimited");
			atime.tv_sec = strtol(cp, &cp, 0);
			if (*cp++ != ' ')
				SCREWUP("atime.sec not delimited");
			atime.tv_usec = strtol(cp, &cp, 0);
			if (*cp++ != '\0')
				SCREWUP("atime.usec not delimited");
			(void) desrcpwrite(rem, "", 1);
			continue;
		}
		if (*cp != 'C' && *cp != 'D') {
			/*
			 * Check for the case "rcp remote:foo\* local:bar".
			 * In this case, the line "No match." can be returned
			 * by the shell before the rcp command on the remote is
			 * executed so the ^Aerror_message convention isn't
			 * followed.
			 */
			if (first) {
				error("%s\n", cp);
				exit(1);
			}
			SCREWUP("expected control record")
		}
		mode = 0;
		for (++cp; cp < buf + 5; cp++) {
			if (*cp < '0' || *cp > '7')
				SCREWUP("bad mode");
			mode = (mode << 3) | (*cp - '0');
		}
		if (*cp++ != ' ')
			SCREWUP("mode not delimited");
		size = 0;
		while (isdigit(*cp))
			size = size * 10 + (*cp++ - '0');
		if (*cp++ != ' ')
			SCREWUP("size not delimited");
		if (targisdir) {
			need = strlen(targ) + sizeof ("/") + strlen(cp);
			if (need > namebuf_sz) {
				if ((namebuf = realloc(namebuf, need)) ==
				    NULL) {
					error("rcp: out of memory\n");
					exit(1);
				}
				namebuf_sz = need;
			}
			(void) snprintf(namebuf, need, "%s%s%s", targ,
			    *targ ? "/" : "", cp);
			np = namebuf;
		} else {
			np = targ;
		}

		exists = stat(np, &stb) == 0;
		if (buf[0] == 'D') {
			if (exists) {
				if ((stb.st_mode&S_IFMT) != S_IFDIR) {
					if (aclflag | acl_aclflag) {
						/*
						 * consume acl in the pipe
						 * fd = -1 to indicate the
						 * special case
						 */
						if (recvacl(-1, exists, pflag)
						    == ACL_FAIL) {
							goto bad;
						}
					}
					errno = ENOTDIR;
					goto bad;
				}
				if (pflag)
					(void) chmod(np, mode);
			} else if (mkdir(np, mode) < 0) {
				if (aclflag) {
					/* consume acl in the pipe */
					(void) recvacl(-1, exists, pflag);
				}
				goto bad;
			}

			/* acl support for directories */
			if (aclflag | acl_aclflag) {
				int dfd;

				if ((dfd = open(np, O_RDONLY)) == -1)
					goto bad;

				/* get acl and set it to ofd */
				if (recvacl(dfd, exists, pflag) == ACL_FAIL) {
					(void) close(dfd);
					if (!exists)
						(void) rmdir(np);
					goto bad;
				}
				(void) close(dfd);
			}

			vect[0] = np;
			sink(1, vect);
			if (setimes) {
				setimes = 0;
				if (utimes(np, tv) < 0)
					error("rcp: can't set "
					    "times on %s: %s\n",
					    np, strerror(errno));
			}
			continue;
		}

		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
bad:
			error("rcp: %s: %s\n", np, strerror(errno));
			continue;
		}

		/*
		 * If the output file exists we have to force zflag off
		 * to avoid erroneously seeking past old data.
		 */
		zopen(ofd, zflag && !exists);

		if (exists && pflag)
			(void) fchmod(ofd, mode);

		(void) desrcpwrite(rem, "", 1);

		/*
		 * ACL support: receiving
		 */
		if (aclflag | acl_aclflag) {
			/* get acl and set it to ofd */
			if (recvacl(ofd, exists, pflag) == ACL_FAIL) {
				(void) close(ofd);
				if (!exists)
					(void) unlink(np);
				continue;
			}
		}

		if ((bp = allocbuf(&buffer, ofd, RCP_BUFSIZE)) == 0) {
			(void) close(ofd);
			continue;
		}
		cp = bp->buf;
		count = 0;
		wrerr = 0;
		for (i = 0; i < size; i += RCP_BUFSIZE) {
			amt = RCP_BUFSIZE;
			if (i + amt > size)
				amt = size - i;
			count += amt;
			do {
				j = desrcpread(rem, cp, amt);
				if (j <= 0) {
					int sverrno = errno;

					/*
					 * Connection to supplier lost.
					 * Truncate file to correspond
					 * to amount already transferred.
					 *
					 * Note that we must call ftruncate()
					 * before any call to error() (which
					 * might result in a SIGPIPE and
					 * sudden death before we have a chance
					 * to correct the file's size).
					 */
					size = lseek(ofd, 0, SEEK_CUR);
					if ((ftruncate(ofd, size)  == -1) &&
					    (errno != EINVAL) &&
					    (errno != EACCES))
#define		TRUNCERR	"rcp: can't truncate %s: %s\n"
						error(TRUNCERR, np,
						    strerror(errno));
					error("rcp: %s\n",
					    j ? strerror(sverrno) :
					    "dropped connection");
					(void) close(ofd);
					exit(1);
				}
				amt -= j;
				cp += j;
			} while (amt > 0);
			if (count == bp->cnt) {
				cp = bp->buf;
				if (wrerr == 0 &&
				    zwrite(ofd, cp, count) < 0)
					wrerr++;
				count = 0;
			}
		}
		if (count != 0 && wrerr == 0 &&
		    zwrite(ofd, bp->buf, count) < 0)
			wrerr++;
		if (zclose(ofd) < 0)
			wrerr++;

		if ((ftruncate(ofd, size)  == -1) && (errno != EINVAL) &&
		    (errno != EACCES)) {
			error(TRUNCERR, np, strerror(errno));
		}
		(void) close(ofd);
		(void) response();
		if (setimes) {
			setimes = 0;
			if (utimes(np, tv) < 0)
				error("rcp: can't set times on %s: %s\n",
				    np, strerror(errno));
		}
		if (wrerr)
			error("rcp: %s: %s\n", np, strerror(errno));
		else
			(void) desrcpwrite(rem, "", 1);
	}
screwup:
	error("rcp: protocol screwup: %s\n", why);
	exit(1);
}

#ifndef roundup
#define	roundup(x, y)   ((((x)+((y)-1))/(y))*(y))
#endif /* !roundup */

static BUF *
allocbuf(BUF *bp, int fd, int blksize)
{
	struct stat stb;
	int size;

	if (fstat(fd, &stb) < 0) {
		error("rcp: fstat: %s\n", strerror(errno));
		return (0);
	}
	size = roundup(stb.st_blksize, blksize);
	if (size == 0)
		size = blksize;
	if (bp->cnt < size) {
		if (bp->buf != 0)
			free(bp->buf);
		bp->buf = (char *)malloc((uint_t)size);
		if (!bp->buf) {
			error("rcp: malloc: out of memory\n");
			return (0);
		}
	}
	bp->cnt = size;
	return (bp);
}

static void
usage(void)
{
	(void) fprintf(stderr, "%s: \t%s\t%s", gettext("Usage"),
	    gettext("\trcp [-p] [-a] [-x] [-k realm] [-PN / -PO] "
#ifdef DEBUG
	    "[-D port] "
#endif /* DEBUG */
	    "f1 f2; or:\n"),
	    gettext("\trcp [-r] [-p] [-a] [-x] "
#ifdef DEBUG
	    "[-D port] "
#endif /* DEBUG */
	    "[-k realm] [-PN / -PO] f1...fn d2\n"));
	exit(1);
}


/*
 * sparse file support
 */

static off_t zbsize;
static off_t zlastseek;

/* is it ok to try to create holes? */
static void
zopen(int fd, int flag)
{
	struct stat st;

	zbsize = 0;
	zlastseek = 0;

	if (flag &&
	    fstat(fd, &st) == 0 &&
	    (st.st_mode & S_IFMT) == S_IFREG)
		zbsize = st.st_blksize;
}

/* write and/or seek */
static int
zwrite(int fd, char *buf, int nbytes)
{
	off_t block = zbsize ? zbsize : nbytes;

	do {
		if (block > nbytes)
			block = nbytes;
		nbytes -= block;

		if (!zbsize || notzero(buf, block)) {
			register int n, count = block;

			do {
				if ((n = write(fd, buf, count)) < 0)
					return (-1);
				buf += n;
			} while ((count -= n) > 0);
			zlastseek = 0;
		} else {
			if (lseek(fd, (off_t)block, SEEK_CUR) < 0)
				return (-1);
			buf += block;
			zlastseek = 1;
		}
	} while (nbytes > 0);

	return (0);
}

/* write last byte of file if necessary */
static int
zclose(int fd)
{
	zbsize = 0;

	if (zlastseek && (lseek(fd, (off_t)-1, SEEK_CUR) < 0 ||
	    zwrite(fd, "", 1) < 0))
		return (-1);
	else
		return (0);
}

/* return true if buffer is not all zeros */
static int
notzero(char *p, int n)
{
	register int result = 0;

	while ((int)p & 3 && --n >= 0)
		result |= *p++;

	while ((n -= 4 * sizeof (int)) >= 0) {
		/* LINTED */
		result |= ((int *)p)[0];
		/* LINTED */
		result |= ((int *)p)[1];
		/* LINTED */
		result |= ((int *)p)[2];
		/* LINTED */
		result |= ((int *)p)[3];
		if (result)
			return (result);
		p += 4 * sizeof (int);
	}
	n += 4 * sizeof (int);

	while (--n >= 0)
		result |= *p++;

	return (result);
}

/*
 * New functions to support ACLs
 */

/*
 * Get acl from f and send it over.
 * ACL record includes acl entry count, acl text length, and acl text.
 */
static int
sendacl(int f)
{
	int		aclcnt;
	char		*acltext;
	char		buf[BUFSIZ];
	acl_t		*aclp;
	char		acltype;
	int		aclerror;
	int		trivial;


	aclerror = facl_get(f, ACL_NO_TRIVIAL, &aclp);
	if (aclerror != 0) {
		error("can't retrieve ACL: %s \n", acl_strerror(aclerror));
		return (ACL_FAIL);
	}

	/*
	 * if acl type is not ACLENT_T and were operating in acl_aclflag == 0
	 * then don't do the malloc and facl(fd, getcntcmd,...);
	 * since the remote side doesn't support alternate style ACL's.
	 */

	if (aclp && (acl_type(aclp) != ACLENT_T) && (acl_aclflag == 0)) {
		aclcnt = MIN_ACL_ENTRIES;
		acltype = 'A';
		trivial = ACL_IS_TRIVIAL;
	} else {

		aclcnt = (aclp != NULL) ? acl_cnt(aclp) : 0;

		if (aclp) {
			acltype = (acl_type(aclp) != ACLENT_T) ? 'Z' : 'A';
			aclcnt = acl_cnt(aclp);
			trivial = (acl_flags(aclp) & ACL_IS_TRIVIAL);
		} else {
			acltype = 'A';
			aclcnt = MIN_ACL_ENTRIES;
			trivial = ACL_IS_TRIVIAL;
		}

	}

	/* send the acl count over */
	(void) snprintf(buf, sizeof (buf), "%c%d\n", acltype, aclcnt);
	(void) desrcpwrite(rem, buf, strlen(buf));

	/*
	 * only send acl when we have an aclp, which would
	 * imply its not trivial.
	 */
	if (aclp && (trivial != ACL_IS_TRIVIAL)) {
		acltext = acl_totext(aclp, 0);
		if (acltext == NULL) {
			error("rcp: failed to convert to text\n");
			acl_free(aclp);
			return (ACL_FAIL);
		}

		/* send ACLs over: send the length first */
		(void) snprintf(buf, sizeof (buf), "%c%d\n",
		    acltype, strlen(acltext));

		(void) desrcpwrite(rem, buf, strlen(buf));
		(void) desrcpwrite(rem, acltext, strlen(acltext));
		free(acltext);
		if (response() < 0) {
			acl_free(aclp);
			return (ACL_FAIL);
		}

	}

	if (aclp)
		acl_free(aclp);
	return (ACL_OK);
}

/*
 * Use this routine to get acl entry count and acl text size (in bytes)
 */
static int
getaclinfo(int *cnt, int *acltype)
{
	char		buf[BUFSIZ];
	char		*cp;
	char		ch;

	/* get acl count */
	cp = buf;
	if (desrcpread(rem, cp, 1) <= 0)
		return (ACL_FAIL);

	switch (*cp++) {
	case 'A':
		*acltype = 0;
		break;
	case 'Z':
		*acltype = 1;
		break;
	default:
		error("rcp: expect an ACL record, but got %c\n", *cp);
		return (ACL_FAIL);
	}
	do {
		if (desrcpread(rem, &ch, sizeof (ch)) != sizeof (ch)) {
			error("rcp: lost connection ..\n");
			return (ACL_FAIL);
		}
		*cp++ = ch;
	} while (cp < &buf[BUFSIZ - 1] && ch != '\n');
	if (ch != '\n') {
		error("rcp: ACL record corrupted \n");
		return (ACL_FAIL);
	}
	cp = &buf[1];
	*cnt = strtol(cp, &cp, 0);
	if (*cp != '\n') {
		error("rcp: ACL record corrupted \n");
		return (ACL_FAIL);
	}
	return (ACL_OK);
}


/*
 * Receive acl from the pipe and set it to f
 */
static int
recvacl(int f, int exists, int preserve)
{
	int		aclcnt;		/* acl entry count */
	int		aclsize;	/* acl text length */
	int		j;
	char		*tp;
	char		*acltext;	/* external format */
	acl_t		*aclp;
	int		acltype;
	int		min_entries;
	int		aclerror;

	/* get acl count */
	if (getaclinfo(&aclcnt, &acltype) != ACL_OK)
		return (ACL_FAIL);

	if (acltype == 0) {
		min_entries = MIN_ACL_ENTRIES;
	} else {
		min_entries = 1;
	}

	if (aclcnt > min_entries) {
		/* get acl text size */
		if (getaclinfo(&aclsize, &acltype) != ACL_OK)
			return (ACL_FAIL);
		if ((acltext = malloc(aclsize + 1)) == NULL) {
			error("rcp: cant allocate memory: %d\n", aclsize);
			return (ACL_FAIL);
		}

		tp = acltext;
		do {
			j = desrcpread(rem, tp, aclsize);
			if (j <= 0) {
				error("rcp: %s\n", j ? strerror(errno) :
				    "dropped connection");
				exit(1);
			}
			aclsize -= j;
			tp += j;
		} while (aclsize > 0);
		*tp = '\0';

		if (preserve || !exists) {
			aclerror = acl_fromtext(acltext, &aclp);
			if (aclerror != 0) {
				error("rcp: failed to parse acl : %s\n",
				    acl_strerror(aclerror));
				free(acltext);
				return (ACL_FAIL);
			}

			if (f != -1) {
				if (facl_set(f, aclp) < 0) {
					error("rcp: failed to set acl\n");
					acl_free(aclp);
					free(acltext);
					return (ACL_FAIL);
				}
			}
			/* -1 means that just consume the data in the pipe */
			acl_free(aclp);
		}
		free(acltext);
		(void) desrcpwrite(rem, "", 1);
	}
	return (ACL_OK);
}


static char *
search_char(unsigned char *cp, unsigned char chr)
{
	int	len;

	while (*cp) {
		if (*cp == chr)
			return ((char *)cp);
		if ((len = mblen((char *)cp, MB_CUR_MAX)) <= 0)
			len = 1;
		cp += len;
	}
	return (0);
}


static int
desrcpread(int fd, char *buf, int len)
{
	return ((int)desread(fd, buf, len, 0));
}

static int
desrcpwrite(int fd, char *buf, int len)
{
	/*
	 * Note that rcp depends on the same file descriptor being both
	 * input and output to the remote side.  This is bogus, especially
	 * when rcp is being run by a rsh that pipes. Fix it here because
	 * it would require significantly more work in other places.
	 * --hartmans 1/96
	 */

	if (fd == 0)
		fd = 1;
	return ((int)deswrite(fd, buf, len, 0));
}

static char **
save_argv(int argc, char **argv)
{
	int i;

	char **local_argv = (char **)calloc((unsigned)argc + 1,
	    (unsigned)sizeof (char *));

	/*
	 * allocate an extra pointer, so that it is initialized to NULL and
	 * execv() will work
	 */
	for (i = 0; i < argc; i++) {
		local_argv[i] = strsave(argv[i]);
	}

	return (local_argv);
}

#define	SIZEOF_INADDR sizeof (struct in_addr)

static void
answer_auth(char *config_file, char *ccache_file)
{
	krb5_data pname_data, msg;
	krb5_creds creds, *new_creds;
	krb5_ccache cc;
	krb5_auth_context auth_context = NULL;

	if (config_file) {
		const char *filenames[2];

		filenames[1] = NULL;
		filenames[0] = config_file;
		if (krb5_set_config_files(bsd_context, filenames))
			exit(1);
	}
	(void) memset((char *)&creds, 0, sizeof (creds));

	if (krb5_read_message(bsd_context, (krb5_pointer) &rem, &pname_data))
		exit(1);

	if (krb5_read_message(bsd_context, (krb5_pointer) &rem,
	    &creds.second_ticket))
		exit(1);

	if (ccache_file == NULL) {
		if (krb5_cc_default(bsd_context, &cc))
			exit(1);
	} else {
		if (krb5_cc_resolve(bsd_context, ccache_file, &cc))
			exit(1);
	}

	if (krb5_cc_get_principal(bsd_context, cc, &creds.client))
		exit(1);

	if (krb5_parse_name(bsd_context, pname_data.data, &creds.server))
		exit(1);

	krb5_xfree(pname_data.data);
	if (krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc, &creds,
	    &new_creds))
		exit(1);

	if (krb5_mk_req_extended(bsd_context, &auth_context,
	    AP_OPTS_USE_SESSION_KEY, NULL, new_creds, &msg))
		exit(1);

	if (krb5_write_message(bsd_context, (krb5_pointer) & rem, &msg)) {
		krb5_xfree(msg.data);
		exit(1);
	}
	/* setup eblock for des_read and write */
	(void) krb5_copy_keyblock(bsd_context,
	    &new_creds->keyblock, &session_key);

	/* OK process key */
	eblock.crypto_entry = session_key->enctype;
	eblock.key = (krb5_keyblock *)session_key;

	init_encrypt(encrypt_flag, bsd_context, KCMD_OLD_PROTOCOL,
	    &desinbuf, &desoutbuf, CLIENT, &eblock);
	/* cleanup */
	krb5_free_cred_contents(bsd_context, &creds);
	krb5_free_creds(bsd_context, new_creds);
	krb5_xfree(msg.data);
}


static void
try_normal_rcp(int cur_argc, char **cur_argv)
{
	char *target;

	/*
	 * Reset all KRB5 relevant flags and set the
	 * cmd-buffer so that normal rcp works
	 */
	krb5auth_flag = encrypt_flag = encrypt_done = 0;
	cmd = cmd_orig;
	cmd_sunw = cmd_sunw_orig;

	if (cur_argc < 2)
		usage();

	if (cur_argc > 2)
		targetshouldbedirectory = 1;

	rem = -1;

	prev_argc = cur_argc;
	prev_argv = save_argv(cur_argc, cur_argv);

	(void) init_service(krb5auth_flag);

	if (target = colon(cur_argv[cur_argc - 1])) {
		toremote(target, cur_argc, cur_argv);
	} else {
		tolocal(cur_argc, cur_argv);
		if (targetshouldbedirectory)
			verifydir(cur_argv[cur_argc - 1]);
	}
	exit(errs);
	/* NOTREACHED */
}


static int
init_service(int krb5flag)
{
	struct servent *sp;
	boolean_t success = B_FALSE;

	if (krb5flag > 0) {
		sp = getservbyname("kshell", "tcp");
		if (sp == NULL) {
			(void) fprintf(stderr,
			    gettext("rcp: kshell/tcp: unknown service.\n"
			    "trying normal shell/tcp service\n"));
		} else {
			portnumber = sp->s_port;
			success = B_TRUE;
		}
	} else {
		portnumber = htons(IPPORT_CMDSERVER);
		success = B_TRUE;
	}
	return (success);
}

/*PRINTFLIKE1*/
static void
error(char *fmt, ...)
{
	va_list ap;
	char buf[RCP_BUFSIZE];
	char *cp = buf;

	va_start(ap, fmt);
	errs++;
	*cp++ = 1;
	(void) vsnprintf(cp, sizeof (buf) - 1, fmt, ap);
	va_end(ap);

	(void) desrcpwrite(rem, buf, strlen(buf));
	if (iamremote == 0)
		(void) write(2, buf + 1, strlen(buf + 1));
}

static void
addargs(char **arglist, ...)
{
	va_list ap;
	int i = 0;
	char *pm;

	va_start(ap, arglist);
	while (i < MAXARGS && (pm = va_arg(ap, char *)) != NULL)
		if (strcmp(pm, ""))
			arglist[i++] = pm;
	arglist[i] = NULL;
	va_end(ap);
}