2 * Copyright (c) 1983, 1988, 1989, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * @(#) Copyright (c) 1983, 1988, 1989, 1993 The Regents of the University of California. All rights reserved.
34 * @(#)rlogind.c 8.1 (Berkeley) 6/4/93
35 * $FreeBSD: src/libexec/rlogind/rlogind.c,v 1.29.2.5 2000/12/07 15:02:31 ru Exp $
39 * remote login server:
43 * terminal_type/speed\0
47 #define FD_SETSIZE 16 /* don't need many bits for select */
48 #include <sys/types.h>
49 #include <sys/param.h>
51 #include <sys/ioctl.h>
55 #include <sys/socket.h>
56 #include <netinet/in.h>
57 #include <netinet/in_systm.h>
58 #include <netinet/ip.h>
59 #include <netinet/tcp.h>
60 #include <arpa/inet.h>
71 #include "pathnames.h"
74 #ifndef TIOCPKT_WINDOW
75 #define TIOCPKT_WINDOW 0x80
78 #define ARGSTR "Dalnx"
80 /* wrapper for KAME-special getnameinfo() */
81 #ifndef NI_WITHSCOPEID
82 #define NI_WITHSCOPEID 0
85 extern int __check_rhosts_file;
86 extern char **environ;
90 char lusername[NMAX+1], rusername[NMAX+1];
91 static char term[64] = "TERM=";
92 #define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */
105 struct sockaddr_in su_sin;
106 struct sockaddr_in6 su_sin6;
108 #define su_len su_si.si_len
109 #define su_family su_si.si_family
110 #define su_port su_si.si_port
112 void doit(int, union sockunion *);
113 int control(int, char *, int);
114 void protocol(int, int);
116 void fatal(int, const char *, int);
117 int do_rlogin(union sockunion *);
118 void getstr(char *, int, const char *);
119 void setup_term(int);
120 int do_krb_login(struct sockaddr_in *);
125 main(int argc, char *argv[])
127 union sockunion from;
131 openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
134 while ((ch = getopt(argc, argv, ARGSTR)) != -1)
143 __check_rhosts_file = 0;
161 fromlen = sizeof (from);
162 if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
163 syslog(LOG_ERR,"Can't get peer name of remote host: %m");
164 fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
168 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0)
169 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
171 setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0)
172 syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
173 if (from.su_family == AF_INET)
176 if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
177 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
186 char line[MAXPATHLEN];
189 struct winsize win = { 0, 0, 0, 0 };
193 doit(int f, union sockunion *fromp)
195 int master, pid, on = 1;
196 int authenticated = 0;
197 char hostname[2 * MAXHOSTNAMELEN + 1];
198 char nameinfo[2 * INET6_ADDRSTRLEN + 1];
209 realhostname_sa(hostname, sizeof(hostname) - 1,
210 (struct sockaddr *)fromp, fromp->su_len);
212 fromp->su_port = ntohs((u_short)fromp->su_port);
213 hostname[sizeof(hostname) - 1] = '\0';
216 if ((fromp->su_family != AF_INET
218 && fromp->su_family != AF_INET6
221 fromp->su_port >= IPPORT_RESERVED ||
222 fromp->su_port < IPPORT_RESERVED/2) {
223 getnameinfo((struct sockaddr *)fromp,
225 nameinfo, sizeof(nameinfo), NULL, 0,
226 NI_NUMERICHOST|NI_WITHSCOPEID);
228 syslog(LOG_NOTICE, "Connection from %s on illegal port",
230 fatal(f, "Permission denied", 0);
233 if (fromp->su_family == AF_INET)
235 u_char optbuf[BUFSIZ/3];
236 socklen_t optsize = sizeof(optbuf), i;
240 if ((ip = getprotobyname("ip")) != NULL)
241 ipproto = ip->p_proto;
243 ipproto = IPPROTO_IP;
244 if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf,
245 &optsize) == 0 && optsize != 0) {
246 for (i = 0; i < optsize; ) {
248 if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
250 "Connection refused from %s with IP option %s",
251 inet_ntoa(fromp->su_sin.sin_addr),
252 c == IPOPT_LSRR ? "LSRR" : "SSRR");
257 i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
262 if (do_rlogin(fromp) == 0)
265 if (confirmed == 0) {
267 confirmed = 1; /* we sent the null! */
271 des_enc_write(f, SECURE_MESSAGE, strlen(SECURE_MESSAGE),
272 schedule, &kdata->session);
277 pid = forkpty(&master, line, NULL, &win);
280 fatal(f, "Out of ptys", 0);
282 fatal(f, "Forkpty", 1);
285 if (f > 2) /* f should always be 0, but... */
288 if (*lusername=='-') {
289 syslog(LOG_ERR, "tried to pass user \"%s\" to login",
291 fatal(STDERR_FILENO, "invalid user", 0);
294 execl(_PATH_LOGIN, "login", "-p",
295 "-h", hostname, "-f", lusername, NULL);
297 execl(_PATH_LOGIN, "login", "-p",
298 "-h", hostname, lusername, NULL);
299 fatal(STDERR_FILENO, _PATH_LOGIN, 1);
304 * If encrypted, don't turn on NBIO or the des read/write
305 * routines will croak.
310 ioctl(f, FIONBIO, &on);
311 ioctl(master, FIONBIO, &on);
312 ioctl(master, TIOCPKT, &on);
313 signal(SIGCHLD, cleanup);
315 signal(SIGCHLD, SIG_IGN);
319 char magic[2] = { 0377, 0377 };
320 char oobdata[] = {TIOCPKT_WINDOW};
323 * Handle a "control" request (signaled by magic being present)
324 * in the data stream. For now, we are only willing to handle
325 * window size changes.
328 control(int pty, char *cp, int n)
332 if (n < 4 + (int)sizeof(w) || cp[2] != 's' || cp[3] != 's')
334 oobdata[0] &= ~TIOCPKT_WINDOW; /* we know he heard */
335 bcopy(cp+4, (char *)&w, sizeof(w));
336 w.ws_row = ntohs(w.ws_row);
337 w.ws_col = ntohs(w.ws_col);
338 w.ws_xpixel = ntohs(w.ws_xpixel);
339 w.ws_ypixel = ntohs(w.ws_ypixel);
340 ioctl(pty, TIOCSWINSZ, &w);
341 return (4+sizeof (w));
345 * rlogin "protocol" machine.
348 protocol(int f, int p)
350 char pibuf[1024+1], fibuf[1024], *pbp = NULL, *fbp = NULL;
351 int pcc = 0, fcc = 0;
356 * Must ignore SIGTTOU, otherwise we'll stop
357 * when we try and set slave pty's window shape
358 * (our controlling tty is the master pty).
360 signal(SIGTTOU, SIG_IGN);
361 send(f, oobdata, 1, MSG_OOB); /* indicate new rlogin */
366 if (nfd > FD_SETSIZE) {
367 syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE");
368 fatal(f, "internal error (select mask too small)", 0);
371 fd_set ibits, obits, ebits, *omask;
390 if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) {
393 fatal(f, "select", 1);
396 /* shouldn't happen... */
400 #define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
401 if (FD_ISSET(p, &ebits)) {
402 cc = read(p, &cntl, 1);
403 if (cc == 1 && pkcontrol(cntl)) {
405 send(f, &cntl, 1, MSG_OOB);
406 if (cntl & TIOCPKT_FLUSHWRITE) {
412 if (FD_ISSET(f, &ibits)) {
415 fcc = des_enc_read(f, fibuf, sizeof(fibuf),
416 schedule, &kdata->session);
419 fcc = read(f, fibuf, sizeof(fibuf));
420 if (fcc < 0 && errno == EWOULDBLOCK)
431 for (cp = fibuf; cp < fibuf+fcc-1; cp++)
432 if (cp[0] == magic[0] &&
434 left = fcc - (cp-fibuf);
435 n = control(p, cp, left);
439 bcopy(cp+n, cp, left);
444 FD_SET(p, &obits); /* try write */
448 if (FD_ISSET(p, &obits) && fcc > 0) {
449 cc = write(p, fbp, fcc);
456 if (FD_ISSET(p, &ibits)) {
457 pcc = read(p, pibuf, sizeof (pibuf));
459 if (pcc < 0 && errno == EWOULDBLOCK)
463 else if (pibuf[0] == 0) {
468 FD_SET(f, &obits); /* try write */
470 if (pkcontrol(pibuf[0])) {
471 pibuf[0] |= oobdata[0];
472 send(f, &pibuf[0], 1, MSG_OOB);
477 if ((FD_ISSET(f, &obits)) && pcc > 0) {
480 cc = des_enc_write(f, pbp, pcc,
481 schedule, &kdata->session);
484 cc = write(f, pbp, pcc);
485 if (cc < 0 && errno == EWOULDBLOCK) {
487 * This happens when we try write after read
488 * from p, but some old kernels balk at large
489 * writes even when select returns true.
491 if (!FD_ISSET(p, &ibits))
504 cleanup(int signo __unused)
508 p = line + sizeof(_PATH_DEV) - 1;
518 shutdown(netf, SHUT_RDWR);
523 fatal(int f, const char *msg, int syserr)
526 char buf[BUFSIZ], *bp = buf;
529 * Prepend binary one to message if we haven't sent
530 * the magic null as confirmation.
533 *bp++ = '\01'; /* error indicator */
535 len = snprintf(bp, sizeof(buf), "rlogind: %s: %s.\r\n",
536 msg, strerror(errno));
538 len = snprintf(bp, sizeof(buf), "rlogind: %s.\r\n", msg);
539 write(f, buf, bp + len - buf);
544 do_rlogin(union sockunion *dest)
547 getstr(rusername, sizeof(rusername), "remuser too long");
548 getstr(lusername, sizeof(lusername), "locuser too long");
549 getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
551 pwd = getpwnam(lusername);
554 /* XXX why don't we syslog() failure? */
556 return (iruserok_sa(dest, dest->su_len, pwd->pw_uid == 0, rusername,
561 getstr(char *buf, int cnt, const char *errmsg)
566 if (read(0, &c, 1) != 1)
569 fatal(STDOUT_FILENO, errmsg, 0);
577 register char *cp = index(term+ENVSIZE, '/');
586 cp = index(speed, '/');
589 cfsetspeed(&tt, atoi(speed));
592 tt.c_iflag = TTYDEF_IFLAG;
593 tt.c_oflag = TTYDEF_OFLAG;
594 tt.c_lflag = TTYDEF_LFLAG;
595 tcsetattr(fd, TCSAFLUSH, &tt);
600 cp = index(speed, '/');
604 cfsetspeed(&tt, atoi(speed));
605 tcsetattr(fd, TCSAFLUSH, &tt);
617 syslog(LOG_ERR, "usage: rlogind [-" ARGSTR "]");
projects / dragonfly.git / blob