From: Sascha Wildner Date: Sun, 31 Dec 2017 13:53:38 +0000 (+0100) Subject: Remove various 'r' commands and daemons. X-Git-Tag: v5.3.0~584 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/2458c6f4cb6284cf8c259e0e5bf12ff74ff41952 Remove various 'r' commands and daemons. rcp(1), rlogin(1), rlogind(1), rsh(1) and rshd(1). In the unlikely case that someone still needs them, they can use the net/bsdrcmds port to bring them back. FreeBSD removed them in October 2017 and I took their work as a guideline. --- diff --git a/Makefile_upgrade.inc b/Makefile_upgrade.inc index 638ac0276b..c95b8b758b 100644 --- a/Makefile_upgrade.inc +++ b/Makefile_upgrade.inc @@ -3359,6 +3359,16 @@ TO_REMOVE+=/usr/share/man/man4/if_faith.4.gz TO_REMOVE+=/usr/share/man/man8/faithd.8.gz TO_REMOVE+=/usr/share/man/man8/adding_user.8.gz TO_REMOVE+=/boot/efiboot.img +TO_REMOVE+=/bin/rcp +TO_REMOVE+=/usr/bin/rlogin +TO_REMOVE+=/usr/bin/rsh +TO_REMOVE+=/usr/libexec/rlogind +TO_REMOVE+=/usr/libexec/rshd +TO_REMOVE+=/usr/share/man/man1/rcp.1.gz +TO_REMOVE+=/usr/share/man/man1/rlogin.1.gz +TO_REMOVE+=/usr/share/man/man1/rsh.1.gz +TO_REMOVE+=/usr/share/man/man8/rlogind.8.gz +TO_REMOVE+=/usr/share/man/man8/rshd.8.gz .if !defined(WANT_INSTALLER) TO_REMOVE+=/usr/sbin/dfuibe_installer diff --git a/UPDATING b/UPDATING index 00456d7f36..ca9d7ea9bc 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,12 @@ + UPGRADING DRAGONFLY FROM 5.0 TO LATER VERSIONS + +-----------------------------------------------------------------------+ +VARIOUS 'R' COMMANDS AND DAEMONS REMOVED +---------------------------------------- + +rcp(1), rlogin(1), rlogind(8), rsh(1) and rshd(8) have been removed. +For those that still need them, there is the net/bsdrcmds port. + VARIOUS FORMER OPTIONS REMOVED ------------------------------ diff --git a/bin/Makefile b/bin/Makefile index 5a0f21f39f..4b055af570 100644 --- a/bin/Makefile +++ b/bin/Makefile @@ -25,7 +25,6 @@ SUBDIR= cat \ pax \ ps \ pwd \ - rcp \ realpath \ rm \ rmdir \ diff --git a/bin/cp/cp.1 b/bin/cp/cp.1 index 0cb4d7c876..39ed9b2a30 100644 --- a/bin/cp/cp.1 +++ b/bin/cp/cp.1 @@ -32,7 +32,7 @@ .\" @(#)cp.1 8.3 (Berkeley) 4/18/94 .\" $FreeBSD$ .\" -.Dd November 15, 2012 +.Dd December 31, 2017 .Dt CP 1 .Os .Sh NAME @@ -283,7 +283,7 @@ and options are non-standard and their use in scripts is not recommended. .Sh SEE ALSO .Xr mv 1 , -.Xr rcp 1 , +.Xr rcp 1 Pq Pa net/bsdrcmds , .Xr umask 2 , .Xr fts 3 , .Xr symlink 7 diff --git a/bin/rcp/Makefile b/bin/rcp/Makefile deleted file mode 100644 index 4ed2b4436f..0000000000 --- a/bin/rcp/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 7/19/93 -# $FreeBSD: src/bin/rcp/Makefile,v 1.16.2.2 2002/07/19 07:54:51 jmallett Exp $ -# $DragonFly: src/bin/rcp/Makefile,v 1.6 2005/02/06 06:16:40 okumoto Exp $ - -PROG= rcp -SRCS= rcp.c util.c -CFLAGS+=-DBINDIR=${BINDIR} -WFORMAT=0 - -BINOWN= root -BINMODE=4555 -.if !defined(NOFSCHG) -INSTALLFLAGS=-fschg -.endif - -.include diff --git a/bin/rcp/extern.h b/bin/rcp/extern.h deleted file mode 100644 index 1039bdf9f0..0000000000 --- a/bin/rcp/extern.h +++ /dev/null @@ -1,47 +0,0 @@ -/*- - * Copyright (c) 1992, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)extern.h 8.1 (Berkeley) 5/31/93 - * $FreeBSD: src/bin/rcp/extern.h,v 1.5.2.3 2002/07/19 07:54:51 jmallett Exp $ - */ - -typedef struct { - size_t cnt; - char *buf; -} BUF; - -extern int iamremote; - -BUF *allocbuf(BUF *, int, int); -char *colon(char *); -void lostconn(int) __dead2; -void nospace(void); -int okname(char *); -void run_err(const char *, ...) __printflike(1, 2); -int susystem(char *, int); -void verifydir(char *); diff --git a/bin/rcp/rcp.1 b/bin/rcp/rcp.1 deleted file mode 100644 index 212db0d80c..0000000000 --- a/bin/rcp/rcp.1 +++ /dev/null @@ -1,166 +0,0 @@ -.\" Copyright (c) 1983, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rcp.1 8.1 (Berkeley) 5/31/93 -.\" $FreeBSD: src/bin/rcp/rcp.1,v 1.9.2.6 2002/08/16 20:06:34 ume Exp $ -.\" -.Dd May 31, 1993 -.Dt RCP 1 -.Os -.Sh NAME -.Nm rcp -.Nd remote file copy -.Sh SYNOPSIS -.Nm -.Op Fl 46Kpx -.Op Fl k Ar realm -.Ar file1 file2 -.Nm -.Op Fl 46Kprx -.Op Fl k Ar realm -.Ar -.Ar directory -.Sh DESCRIPTION -The -.Nm -utility copies files between machines. Each -.Ar file -or -.Ar directory -argument is either a remote file name of the -form -.Dq rname@rhost:path , -or a local file name (containing no `:' characters, -or a `/' before any `:'s). -.Pp -The following options are available: -.Bl -tag -width indent -.It Fl 4 -Use IPv4 addresses only. -.It Fl 6 -Use IPv6 addresses only. -.It Fl K -Turn off all Kerberos authentication. -.It Fl k -Request -.Nm -to obtain tickets -for the remote host in realm -.Ar realm -instead of the remote host's realm as determined by -.Xr krb_realmofhost 3 . -.It Fl p -Cause -.Nm -to attempt to preserve (duplicate) in its copies the modification -times and modes of the source files, ignoring the -.Ar umask . -By default, the mode and owner of -.Ar file2 -are preserved if it already existed; otherwise the mode of the source file -modified by the -.Xr umask 2 -on the destination host is used. -.It Fl r -If any of the source files are directories, -.Nm -copies each subtree rooted at that name; in this case -the destination must be a directory. -.It Fl x -Turn on -.Tn DES -encryption for all data passed by -.Nm . -This may impact response time and -.Tn CPU -utilization, but provides -increased security. -.El -.Pp -If -.Ar path -is not a full path name, it is interpreted relative to -the login directory of the specified user -.Ar ruser -on -.Ar rhost , -or your current user name if no other remote user name is specified. -A -.Ar path -on a remote host may be quoted (using \e, ", or \(aa) -so that the metacharacters are interpreted remotely. -.Pp -The -.Nm -utility does not prompt for passwords; it performs remote execution -via -.Xr rsh 1 , -and requires the same authorization. -.Pp -The -.Nm -utility handles third party copies, where neither source nor target files -are on the current machine. -.Sh FILES -.Bl -tag -width /etc/auth.conf -compact -.It Pa /etc/auth.conf -configure authentication services -.El -.Sh SEE ALSO -.Xr cp 1 , -.Xr ftp 1 , -.Xr rlogin 1 , -.Xr rsh 1 , -.Xr auth.conf 5 , -.Xr hosts.equiv 5 -.Sh HISTORY -The -.Nm -command appeared in -.Bx 4.2 . -The version of -.Nm -described here -has been reimplemented with Kerberos in -.Bx 4.3 Reno . -.Sh BUGS -Doesn't detect all cases where the target of a copy might -be a file in cases where only a directory should be legal. -.Pp -Is confused by any output generated by commands in a -.Pa \&.login , -.Pa \&.profile , -or -.Pa \&.cshrc -file on the remote host. -.Pp -The destination user and hostname may have to be specified as -.Dq rhost.rname -when the destination machine is running the -.Bx 4.2 -version of -.Nm . diff --git a/bin/rcp/rcp.c b/bin/rcp/rcp.c deleted file mode 100644 index 91e2005d7b..0000000000 --- a/bin/rcp/rcp.c +++ /dev/null @@ -1,932 +0,0 @@ -/* - * Copyright (c) 1983, 1990, 1992, 1993 - * The Regents of the University of California. All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#) Copyright (c) 1983, 1990, 1992, 1993 The Regents of the University of California. All rights reserved. - * @(#)rcp.c 8.2 (Berkeley) 4/2/94 - * $FreeBSD: src/bin/rcp/rcp.c,v 1.26.2.6 2004/09/16 12:16:10 delphij Exp $ - */ - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "extern.h" - -#ifdef KERBEROS -#include -#include -#include "bsd_locl.h" - -static char dst_realm_buf[REALM_SZ]; -char *dest_realm = NULL; -int use_kerberos = 1; -CREDENTIALS cred; -Key_schedule schedule; -extern char *krb_realmofhost(); -#ifdef CRYPT -int doencrypt = 0; -#define OPTIONS "46dfKk:prtx" -#else -#define OPTIONS "46dfKk:prt" -#endif -#else -#define OPTIONS "46dfprt" -#endif - -static struct passwd *pwd; -static u_short port; -static uid_t userid; -static int errs, rem; -static int pflag, targetshouldbedirectory, iamrecursive; -int iamremote; -static int family = PF_UNSPEC; - -static int argc_copy; -static char **argv_copy; - -#define CMDNEEDS 64 -static char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ - -#ifdef KERBEROS -static int kerberos(char **, char *, char *, char *); -static void oldw(const char *, ...) __printflike(1, 2); -#endif -static int response(void); -static void rsource(char *, struct stat *); -static void sink(int, char *[]); -static void source(int, char *[]); -static void tolocal(int, char *[]); -static void toremote(char *, int, char *[]); -static void usage(void) __dead2; - -int -main(int argc, char *argv[]) -{ - struct servent *sp; - int ch, fflag, i, tflag; - char *targ, *shell; -#ifdef KERBEROS - char *k; -#endif - - /* - * Prepare for execing ourselves. - */ - argc_copy = argc + 1; - argv_copy = malloc((argc_copy + 1) * sizeof(*argv_copy)); - if (argv_copy == NULL) - err(1, "malloc"); - argv_copy[0] = argv[0]; - argv_copy[1] = __DECONST(char *, "-K"); - for (i = 1; i < argc; ++i) { - argv_copy[i + 1] = strdup(argv[i]); - if (argv_copy[i + 1] == NULL) - errx(1, "strdup: out of memory"); - } - argv_copy[argc + 1] = NULL; - - fflag = tflag = 0; - while ((ch = getopt(argc, argv, OPTIONS)) != -1) - switch(ch) { /* User-visible flags. */ - case '4': - family = PF_INET; - break; - - case '6': - family = PF_INET6; - break; - - case 'K': -#ifdef KERBEROS - use_kerberos = 0; -#endif - break; -#ifdef KERBEROS - case 'k': - dest_realm = dst_realm_buf; - strncpy(dst_realm_buf, optarg, REALM_SZ - 1); - dst_realm_buf[REALM_SZ - 1] = '\0'; - break; -#ifdef CRYPT - case 'x': - doencrypt = 1; - /* des_set_key(cred.session, schedule); */ - break; -#endif -#endif - case 'p': - pflag = 1; - break; - case 'r': - iamrecursive = 1; - break; - /* Server options. */ - case 'd': - targetshouldbedirectory = 1; - break; - case 'f': /* "from" */ - iamremote = 1; - fflag = 1; - break; - case 't': /* "to" */ - iamremote = 1; - tflag = 1; - break; - case '?': - default: - usage(); - } - argc -= optind; - argv += optind; - -#ifdef KERBEROS - k = auth_getval("auth_list"); - if (k && !strstr(k, "kerberos")) - use_kerberos = 0; - if (use_kerberos) { -#ifdef CRYPT - shell = doencrypt ? __DECONST(char *, "ekshell") : - __DECONST(char *, "kshell"); -#else - shell = __DECONST(char *, "kshell"); -#endif - if ((sp = getservbyname(shell, "tcp")) == NULL) { - use_kerberos = 0; - oldw("can't get entry for %s/tcp service", shell); - sp = getservbyname(shell = "shell", "tcp"); - } - } else - shell = __DECONST(char *, "shell"); - sp = getservbyname(shell, "tcp"); -#else - shell = __DECONST(char *, "shell"); - sp = getservbyname(shell, "tcp"); -#endif - if (sp == NULL) - errx(1, "%s/tcp: unknown service", shell); - port = sp->s_port; - - if ((pwd = getpwuid(userid = getuid())) == NULL) - errx(1, "unknown user %d", (int)userid); - - rem = STDIN_FILENO; /* XXX */ - - if (fflag) { /* Follow "protocol", send data. */ - response(); - setuid(userid); - source(argc, argv); - exit(errs); - } - - if (tflag) { /* Receive data. */ - setuid(userid); - sink(argc, argv); - exit(errs); - } - - if (argc < 2) - usage(); - if (argc > 2) - targetshouldbedirectory = 1; - - rem = -1; - /* Command to be executed on remote system using "rsh". */ -#ifdef KERBEROS - snprintf(cmd, sizeof(cmd), - "rcp%s%s%s%s", iamrecursive ? " -r" : "", -#ifdef CRYPT - (doencrypt && use_kerberos ? " -x" : ""), -#else - "", -#endif - pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); -#else - snprintf(cmd, sizeof(cmd), "rcp%s%s%s", - iamrecursive ? " -r" : "", pflag ? " -p" : "", - targetshouldbedirectory ? " -d" : ""); -#endif - - signal(SIGPIPE, lostconn); - - if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ - toremote(targ, argc, argv); - else { - tolocal(argc, argv); /* Dest is local host. */ - if (targetshouldbedirectory) - verifydir(argv[argc - 1]); - } - exit(errs); -} - -static void -toremote(char *targ, int argc, char *argv[]) -{ - int i, len, tos; - char *bp, *host, *src, *suser, *thost, *tuser; - - *targ++ = 0; - if (*targ == 0) - targ = __DECONST(char *, "."); - - if ((thost = strchr(argv[argc - 1], '@'))) { - /* user@host */ - *thost++ = 0; - tuser = argv[argc - 1]; - if (*tuser == '\0') - tuser = NULL; - else if (!okname(tuser)) - exit(1); - } else { - thost = argv[argc - 1]; - tuser = NULL; - } - - for (i = 0; i < argc - 1; i++) { - src = colon(argv[i]); - if (src) { /* remote to remote */ - *src++ = 0; - if (*src == 0) - src = __DECONST(char *, "."); - host = strchr(argv[i], '@'); - len = strlen(_PATH_RSH) + strlen(argv[i]) + - strlen(src) + (tuser ? strlen(tuser) : 0) + - strlen(thost) + strlen(targ) + CMDNEEDS + 20; - if (!(bp = malloc(len))) - err(1, "malloc"); - if (host) { - *host++ = 0; - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; - else if (!okname(suser)) { - ++errs; - continue; - } - snprintf(bp, len, - "%s %s -l %s -n %s %s '%s%s%s:%s'", - _PATH_RSH, host, suser, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); - } else - snprintf(bp, len, - "exec %s %s -n %s %s '%s%s%s:%s'", - _PATH_RSH, argv[i], cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); - susystem(bp, userid); - free(bp); - } else { /* local to remote */ - if (rem == -1) { - len = strlen(targ) + CMDNEEDS + 20; - if (!(bp = malloc(len))) - err(1, "malloc"); - snprintf(bp, len, "%s -t %s", cmd, targ); - host = thost; -#ifdef KERBEROS - if (use_kerberos) - rem = kerberos(&host, bp, - pwd->pw_name, - tuser ? tuser : pwd->pw_name); - else -#endif - rem = rcmd_af(&host, port, - pwd->pw_name, - tuser ? tuser : pwd->pw_name, - bp, 0, family); - if (rem < 0) - exit(1); - if (family == PF_INET) { - tos = IPTOS_THROUGHPUT; - if (setsockopt(rem, IPPROTO_IP, IP_TOS, - &tos, sizeof(int)) < 0) - warn("TOS (ignored)"); - } - if (response() < 0) - exit(1); - free(bp); - setuid(userid); - } - source(1, argv+i); - } - } -} - -static void -tolocal(int argc, char *argv[]) -{ - int i, len, tos; - char *bp, *host, *src, *suser; - - for (i = 0; i < argc - 1; i++) { - if (!(src = colon(argv[i]))) { /* Local to local. */ - len = strlen(_PATH_CP) + strlen(argv[i]) + - strlen(argv[argc - 1]) + 20; - if (!(bp = malloc(len))) - err(1, "malloc"); - snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, - iamrecursive ? " -PR" : "", pflag ? " -p" : "", - argv[i], argv[argc - 1]); - if (susystem(bp, userid)) - ++errs; - free(bp); - continue; - } - *src++ = 0; - if (*src == 0) - src = __DECONST(char *, "."); - if ((host = strchr(argv[i], '@')) == NULL) { - host = argv[i]; - suser = pwd->pw_name; - } else { - *host++ = 0; - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; - else if (!okname(suser)) { - ++errs; - continue; - } - } - len = strlen(src) + CMDNEEDS + 20; - if ((bp = malloc(len)) == NULL) - err(1, "malloc"); - snprintf(bp, len, "%s -f %s", cmd, src); - rem = -#ifdef KERBEROS - use_kerberos ? - kerberos(&host, bp, pwd->pw_name, suser) : -#endif - rcmd_af(&host, port, pwd->pw_name, suser, bp, 0, - family); - free(bp); - if (rem < 0) { - ++errs; - continue; - } - seteuid(userid); - if (family == PF_INET) { - tos = IPTOS_THROUGHPUT; - if (setsockopt(rem, IPPROTO_IP, IP_TOS, &tos, - sizeof(int)) < 0) - warn("TOS (ignored)"); - } - sink(1, argv + argc - 1); - seteuid(0); - close(rem); - rem = -1; - } -} - -static void -source(int argc, char *argv[]) -{ - struct stat stb; - static BUF buffer; - BUF *bp; - off_t i; - int amt, fd, haderr, indx, result; - char *last, *name, buf[BUFSIZ]; - - for (indx = 0; indx < argc; ++indx) { - name = argv[indx]; - if ((fd = open(name, O_RDONLY, 0)) < 0) - goto syserr; - if (fstat(fd, &stb)) { -syserr: run_err("%s: %s", name, strerror(errno)); - goto next; - } - switch (stb.st_mode & S_IFMT) { - case S_IFREG: - break; - case S_IFDIR: - if (iamrecursive) { - rsource(name, &stb); - goto next; - } - /* FALLTHROUGH */ - default: - run_err("%s: not a regular file", name); - goto next; - } - if ((last = strrchr(name, '/')) == NULL) - last = name; - else - ++last; - if (pflag) { - /* - * Make it compatible with possible future - * versions expecting microseconds. - */ - snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", - (long)stb.st_mtimespec.tv_sec, - (long)stb.st_atimespec.tv_sec); - write(rem, buf, strlen(buf)); - if (response() < 0) - goto next; - } -#define MODEMASK (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO) - snprintf(buf, sizeof(buf), "C%04o %jd %s\n", - stb.st_mode & MODEMASK, (intmax_t)stb.st_size, last); - write(rem, buf, strlen(buf)); - if (response() < 0) - goto next; - if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) { -next: (void)close(fd); - continue; - } - - /* Keep writing after an error so that we stay sync'd up. */ - for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { - amt = bp->cnt; - if (i + amt > stb.st_size) - amt = stb.st_size - i; - if (!haderr) { - result = read(fd, bp->buf, amt); - if (result != amt) - haderr = result >= 0 ? EIO : errno; - } - if (haderr) - write(rem, bp->buf, amt); - else { - result = write(rem, bp->buf, amt); - if (result != amt) - haderr = result >= 0 ? EIO : errno; - } - } - if (close(fd) && !haderr) - haderr = errno; - if (!haderr) - write(rem, "", 1); - else - run_err("%s: %s", name, strerror(haderr)); - response(); - } -} - -static void -rsource(char *name, struct stat *statp) -{ - DIR *dirp; - struct dirent *dp; - char *last, *vect[1], path[PATH_MAX]; - - if (!(dirp = opendir(name))) { - run_err("%s: %s", name, strerror(errno)); - return; - } - last = strrchr(name, '/'); - if (last == NULL) - last = name; - else - last++; - if (pflag) { - snprintf(path, sizeof(path), "T%ld 0 %ld 0\n", - (long)statp->st_mtimespec.tv_sec, - (long)statp->st_atimespec.tv_sec); - write(rem, path, strlen(path)); - if (response() < 0) { - closedir(dirp); - return; - } - } - snprintf(path, sizeof(path), - "D%04o %d %s\n", statp->st_mode & MODEMASK, 0, last); - write(rem, path, strlen(path)); - if (response() < 0) { - closedir(dirp); - return; - } - while ((dp = readdir(dirp))) { - if (dp->d_ino == 0) - continue; - if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) - continue; - if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path)) { - run_err("%s/%s: name too long", name, dp->d_name); - continue; - } - snprintf(path, sizeof(path), "%s/%s", name, dp->d_name); - vect[0] = path; - source(1, vect); - } - closedir(dirp); - write(rem, "E\n", 2); - response(); -} - -static void -sink(int argc, char *argv[]) -{ - static BUF buffer; - struct stat stb; - struct timeval tv[2]; - enum { YES, NO, DISPLAYED } wrerr; - BUF *bp; - off_t i, j, size; - size_t count; - int amt, exists, first, mask, mode, ofd, omode; - int setimes, targisdir, wrerrno = 0; - char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ], path[PATH_MAX]; - -#define atime tv[0] -#define mtime tv[1] -#define SCREWUP(str) { why = __DECONST(char *, str); goto screwup; } - - setimes = targisdir = 0; - mask = umask(0); - if (!pflag) - umask(mask); - if (argc != 1) { - run_err("ambiguous target"); - exit(1); - } - targ = *argv; - if (targetshouldbedirectory) - verifydir(targ); - write(rem, "", 1); - if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) - targisdir = 1; - for (first = 1;; first = 0) { - cp = buf; - if (read(rem, cp, 1) <= 0) - return; - if (*cp++ == '\n') - SCREWUP("unexpected "); - do { - if (read(rem, &ch, sizeof(ch)) != sizeof(ch)) - SCREWUP("lost connection"); - *cp++ = ch; - } while (cp < &buf[BUFSIZ - 1] && ch != '\n'); - *cp = 0; - - if (buf[0] == '\01' || buf[0] == '\02') { - if (iamremote == 0) - write(STDERR_FILENO, - buf + 1, strlen(buf + 1)); - if (buf[0] == '\02') - exit(1); - ++errs; - continue; - } - if (buf[0] == 'E') { - write(rem, "", 1); - return; - } - - if (ch == '\n') - *--cp = 0; - - cp = buf; - if (*cp == 'T') { - setimes++; - cp++; - mtime.tv_sec = strtol(cp, &cp, 10); - if (!cp || *cp++ != ' ') - SCREWUP("mtime.sec not delimited"); - mtime.tv_usec = strtol(cp, &cp, 10); - if (!cp || *cp++ != ' ') - SCREWUP("mtime.usec not delimited"); - atime.tv_sec = strtol(cp, &cp, 10); - if (!cp || *cp++ != ' ') - SCREWUP("atime.sec not delimited"); - atime.tv_usec = strtol(cp, &cp, 10); - if (!cp || *cp++ != '\0') - SCREWUP("atime.usec not delimited"); - write(rem, "", 1); - continue; - } - if (*cp != 'C' && *cp != 'D') { - /* - * Check for the case "rcp remote:foo\* local:bar". - * In this case, the line "No match." can be returned - * by the shell before the rcp command on the remote is - * executed so the ^Aerror_message convention isn't - * followed. - */ - if (first) { - run_err("%s", cp); - exit(1); - } - SCREWUP("expected control record"); - } - mode = 0; - for (++cp; cp < buf + 5; cp++) { - if (*cp < '0' || *cp > '7') - SCREWUP("bad mode"); - mode = (mode << 3) | (*cp - '0'); - } - if (*cp++ != ' ') - SCREWUP("mode not delimited"); - - for (size = 0; isdigit(*cp);) - size = size * 10 + (*cp++ - '0'); - if (*cp++ != ' ') - SCREWUP("size not delimited"); - if (targisdir) { - if (strlen(targ) + (*targ ? 1 : 0) + strlen(cp) - >= sizeof(path)) { - run_err("%s%s%s: name too long", targ, - *targ ? "/" : "", cp); - exit(1); - } - snprintf(path, sizeof(path), "%s%s%s", targ, - *targ ? "/" : "", cp); - np = path; - } else - np = targ; - exists = stat(np, &stb) == 0; - if (buf[0] == 'D') { - int mod_flag = pflag; - if (exists) { - if (!S_ISDIR(stb.st_mode)) { - errno = ENOTDIR; - goto bad; - } - if (pflag) - chmod(np, mode); - } else { - /* Handle copying from a read-only directory */ - mod_flag = 1; - if (mkdir(np, mode | S_IRWXU) < 0) - goto bad; - } - vect[0] = np; - sink(1, vect); - if (setimes) { - setimes = 0; - if (utimes(np, tv) < 0) - run_err("%s: set times: %s", - np, strerror(errno)); - } - if (mod_flag) - chmod(np, mode); - continue; - } - omode = mode; - mode |= S_IWRITE; - if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { -bad: run_err("%s: %s", np, strerror(errno)); - continue; - } - write(rem, "", 1); - if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) { - close(ofd); - continue; - } - cp = bp->buf; - wrerr = NO; - for (count = i = 0; i < size; i += BUFSIZ) { - amt = BUFSIZ; - if (i + amt > size) - amt = size - i; - count += amt; - do { - j = read(rem, cp, amt); - if (j <= 0) { - run_err("%s", j ? strerror(errno) : - "dropped connection"); - exit(1); - } - amt -= j; - cp += j; - } while (amt > 0); - if (count == bp->cnt) { - /* Keep reading so we stay sync'd up. */ - if (wrerr == NO) { - j = write(ofd, bp->buf, count); - if (j != (off_t)count) { - wrerr = YES; - wrerrno = j >= 0 ? EIO : errno; - } - } - count = 0; - cp = bp->buf; - } - } - if (count != 0 && wrerr == NO && - (j = write(ofd, bp->buf, count)) != (off_t)count) { - wrerr = YES; - wrerrno = j >= 0 ? EIO : errno; - } - if (ftruncate(ofd, size)) { - run_err("%s: truncate: %s", np, strerror(errno)); - wrerr = DISPLAYED; - } - if (pflag) { - if (exists || omode != mode) - if (fchmod(ofd, omode)) - run_err("%s: set mode: %s", - np, strerror(errno)); - } else { - if (!exists && omode != mode) - if (fchmod(ofd, omode & ~mask)) - run_err("%s: set mode: %s", - np, strerror(errno)); - } - close(ofd); - response(); - if (setimes && wrerr == NO) { - setimes = 0; - if (utimes(np, tv) < 0) { - run_err("%s: set times: %s", - np, strerror(errno)); - wrerr = DISPLAYED; - } - } - switch(wrerr) { - case YES: - run_err("%s: %s", np, strerror(wrerrno)); - break; - case NO: - write(rem, "", 1); - break; - case DISPLAYED: - break; - } - } -screwup: - run_err("protocol error: %s", why); - exit(1); -} - -#ifdef KERBEROS -static int -kerberos(char **host, char *bp, char *locuser, char *user) -{ - if (use_kerberos) { - setuid(getuid()); - rem = KSUCCESS; - errno = 0; - if (dest_realm == NULL) - dest_realm = krb_realmofhost(*host); - rem = -#ifdef CRYPT - doencrypt ? - krcmd_mutual(host, - port, user, bp, 0, dest_realm, &cred, schedule) : -#endif - krcmd(host, port, user, bp, 0, dest_realm); - - if (rem < 0) { - if (errno == ECONNREFUSED) - oldw("remote host doesn't support Kerberos"); - else if (errno == ENOENT) - oldw("can't provide Kerberos authentication data"); - execv(_PATH_RCP, argv_copy); - err(1, "execv: %s", _PATH_RCP); - } - } else { -#ifdef CRYPT - if (doencrypt) - errx(1, - "the -x option requires Kerberos authentication"); -#endif - rem = rcmd_af(host, port, locuser, user, bp, 0, family); - } - return (rem); -} -#endif /* KERBEROS */ - -static int -response(void) -{ - char ch, *cp, resp, rbuf[BUFSIZ]; - - if (read(rem, &resp, sizeof(resp)) != sizeof(resp)) - lostconn(0); - - cp = rbuf; - switch(resp) { - case 0: /* ok */ - return (0); - default: - *cp++ = resp; - /* FALLTHROUGH */ - case 1: /* error, followed by error msg */ - case 2: /* fatal error, "" */ - do { - if (read(rem, &ch, sizeof(ch)) != sizeof(ch)) - lostconn(0); - *cp++ = ch; - } while (cp < &rbuf[BUFSIZ] && ch != '\n'); - - if (!iamremote) - write(STDERR_FILENO, rbuf, cp - rbuf); - ++errs; - if (resp == 1) - return (-1); - exit(1); - } - /* NOTREACHED */ -} - -static void -usage(void) -{ -#ifdef KERBEROS -#ifdef CRYPT - fprintf(stderr, "%s\n%s\n", - "usage: rcp [-46Kpx] [-k realm] f1 f2", - " rcp [-46Kprx] [-k realm] f1 ... fn directory"); -#else - fprintf(stderr, "%s\n%s\n", - "usage: rcp [-46Kp] [-k realm] f1 f2", - " rcp [-46Kpr] [-k realm] f1 ... fn directory"); -#endif -#else - fprintf(stderr, "%s\n%s\n", - "usage: rcp [-46p] f1 f2", - " rcp [-46pr] f1 ... fn directory"); -#endif - exit(1); -} - -#include - -#ifdef KERBEROS -static void -oldw(const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - fprintf(stderr, "rcp: "); - vfprintf(stderr, fmt, ap); - fprintf(stderr, ", using standard rcp\n"); - va_end(ap); -} -#endif - -void -run_err(const char *fmt, ...) -{ - static FILE *fp; - va_list ap; - va_start(ap, fmt); - - ++errs; - if (fp == NULL && !(fp = fdopen(rem, "w"))) - return; - fprintf(fp, "%c", 0x01); - fprintf(fp, "rcp: "); - vfprintf(fp, fmt, ap); - fprintf(fp, "\n"); - fflush(fp); - - if (!iamremote) - vwarnx(fmt, ap); - - va_end(ap); -} diff --git a/bin/rcp/util.c b/bin/rcp/util.c deleted file mode 100644 index a571536ea5..0000000000 --- a/bin/rcp/util.c +++ /dev/null @@ -1,156 +0,0 @@ -/*- - * Copyright (c) 1992, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)util.c 8.2 (Berkeley) 4/2/94 - * $FreeBSD: src/bin/rcp/util.c,v 1.9.2.3 2002/07/19 07:54:51 jmallett Exp $ - * $DragonFly: src/bin/rcp/util.c,v 1.5 2004/11/19 19:01:52 eirikn Exp $ - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "extern.h" - -char * -colon(char *cp) -{ - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); - - for (; *cp; ++cp) { - if (*cp == ':') - return (cp); - if (*cp == '/') - return (0); - } - return (0); -} - -void -verifydir(char *cp) -{ - struct stat stb; - - if (!stat(cp, &stb)) { - if (S_ISDIR(stb.st_mode)) - return; - errno = ENOTDIR; - } - run_err("%s: %s", cp, strerror(errno)); - exit(1); -} - -int -okname(char *cp0) -{ - int c; - char *cp; - - cp = cp0; - do { - c = *cp; - if (c & 0200) - goto bad; - if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-' && c != '.') - goto bad; - } while (*++cp); - return (1); - -bad: warnx("%s: invalid user name", cp0); - return (0); -} - -int -susystem(char *s, int userid) -{ - sig_t istat, qstat; - int status; - pid_t pid; - - pid = vfork(); - switch (pid) { - case -1: - return (127); - - case 0: - setuid(userid); - execl(_PATH_BSHELL, "sh", "-c", s, NULL); - _exit(127); - } - istat = signal(SIGINT, SIG_IGN); - qstat = signal(SIGQUIT, SIG_IGN); - if (waitpid(pid, &status, 0) < 0) - status = -1; - signal(SIGINT, istat); - signal(SIGQUIT, qstat); - return (status); -} - -BUF * -allocbuf(BUF *bp, int fd, int blksize) -{ - struct stat stb; - size_t size; - - if (fstat(fd, &stb) < 0) { - run_err("fstat: %s", strerror(errno)); - return (0); - } - size = roundup(stb.st_blksize, blksize); - if (size == 0) - size = blksize; - if (bp->cnt >= size) - return (bp); - if ((bp->buf = realloc(bp->buf, size)) == NULL) { - bp->cnt = 0; - run_err("%s", strerror(errno)); - return (0); - } - bp->cnt = size; - return (bp); -} - -/* ARGSUSED */ -void -lostconn(int signo __unused) -{ - if (!iamremote) - warnx("lost connection"); - exit(1); -} diff --git a/etc/inetd.conf b/etc/inetd.conf index b4e5882698..1999443a05 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -12,10 +12,10 @@ #ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6 #telnet stream tcp nowait root /usr/libexec/telnetd telnetd #telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd -#shell stream tcp nowait root /usr/libexec/rshd rshd -#shell stream tcp6 nowait root /usr/libexec/rshd rshd -#login stream tcp nowait root /usr/libexec/rlogind rlogind -#login stream tcp6 nowait root /usr/libexec/rlogind rlogind +#shell stream tcp nowait root /usr/local/sbin/rshd rshd +#shell stream tcp6 nowait root /usr/local/sbin/rshd rshd +#login stream tcp nowait root /usr/local/sbin/rlogind rlogind +#login stream tcp6 nowait root /usr/local/sbin/rlogind rlogind #finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s #finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s # diff --git a/include/paths.h b/include/paths.h index 4d2ff5668c..ac98ab0993 100644 --- a/include/paths.h +++ b/include/paths.h @@ -71,10 +71,10 @@ #define _PATH_MAN "/usr/share/man" #define _PATH_MEM __SYS_PATH_MEM #define _PATH_NOLOGIN "/var/run/nologin" -#define _PATH_RCP "/bin/rcp" -#define _PATH_RLOGIN "/usr/bin/rlogin" +#define _PATH_RCP "/usr/local/bin/rcp" +#define _PATH_RLOGIN "/usr/local/bin/rlogin" #define _PATH_RM "/bin/rm" -#define _PATH_RSH "/usr/bin/rsh" +#define _PATH_RSH "/usr/local/bin/rsh" #define _PATH_SENDMAIL "/usr/sbin/sendmail" #define _PATH_SHELLS "/etc/shells" #define _PATH_TTY __SYS_PATH_TTY diff --git a/lib/libc/net/rcmd.3 b/lib/libc/net/rcmd.3 index b76723f7c0..c7e3ad490f 100644 --- a/lib/libc/net/rcmd.3 +++ b/lib/libc/net/rcmd.3 @@ -27,9 +27,8 @@ .\" .\" From: @(#)rcmd.3 8.1 (Berkeley) 6/4/93 .\" $FreeBSD: src/lib/libc/net/rcmd.3,v 1.27 2008/12/14 22:48:48 murray Exp $ -.\" $DragonFly: src/lib/libc/net/rcmd.3,v 1.4 2007/11/23 23:16:36 swildner Exp $ .\" -.Dd March 3, 2000 +.Dd December 31, 2017 .Dt RCMD 3 .Os .Sh NAME @@ -79,7 +78,7 @@ to authenticate clients requesting service with .Fn rcmd . All three functions are present in the same file and are used by the -.Xr rshd 8 +.Xr rshd 8 Pq Pa net/bsdrcmds server (among others). .Pp The @@ -129,7 +128,7 @@ provision is made for sending arbitrary signals to the remote process, although you may be able to get its attention by using out-of-band data. .Pp The protocol is described in detail in -.Xr rshd 8 . +.Xr rshd 8 Pq Pa net/bsdrcmds . .Pp The .Fn rresvport @@ -245,7 +244,7 @@ is also allowed. When using the .Fn rcmd function, this variable is used as the program to run instead of -.Xr rsh 1 . +.Xr rsh 1 Pq Pa net/bsdrcmds . .El .Sh DIAGNOSTICS The @@ -266,11 +265,11 @@ The error code .Er EAGAIN is overloaded to mean ``All network ports in use.'' .Sh SEE ALSO -.Xr rlogin 1 , -.Xr rsh 1 , +.Xr rlogin 1 Pq Pa net/bsdrcmds , +.Xr rsh 1 Pq Pa net/bsdrcmds , .Xr intro 2 , -.Xr rlogind 8 , -.Xr rshd 8 +.Xr rlogind 8 Pq Pa net/bsdrcmds , +.Xr rshd 8 Pq Pa net/bsdrcmds .Rs .%A W. Stevens .%A M. Thomas diff --git a/lib/libc/net/rcmdsh.3 b/lib/libc/net/rcmdsh.3 index 13cd1e7012..0bd75a7506 100644 --- a/lib/libc/net/rcmdsh.3 +++ b/lib/libc/net/rcmdsh.3 @@ -28,9 +28,8 @@ .\" SUCH DAMAGE. .\" .\" $FreeBSD: src/lib/libc/net/rcmdsh.3,v 1.7 2007/01/09 00:28:02 imp Exp $ -.\" $DragonFly: src/lib/libc/net/rcmdsh.3,v 1.4 2007/08/18 20:48:47 swildner Exp $ .\" -.Dd September 1, 1996 +.Dd December 31, 2017 .Dt RCMDSH 3 .Os .Sh NAME @@ -56,7 +55,7 @@ function is used by normal users to execute a command on a remote machine using an authentication scheme based on reserved port numbers using -.Xr rshd 8 +.Xr rshd 8 Pq Pa net/bsdrcmds or the value of .Fa rshprog (if @@ -102,10 +101,10 @@ returns a valid socket descriptor on success. Otherwise, \-1 is returned and a diagnostic message is printed on the standard error. .Sh SEE ALSO -.Xr rsh 1 , +.Xr rsh 1 Pq Pa net/bsdrcmds , .Xr socketpair 2 , .Xr rcmd 3 , -.Xr rshd 8 +.Xr rshd 8 Pq Pa net/bsdrcmds .Sh HISTORY The .Fn rcmdsh @@ -115,5 +114,5 @@ and made its way into .Fx 4.6 . .Sh BUGS If -.Xr rsh 1 +.Xr rsh 1 Pq Pa net/bsdrcmds encounters an error, a file descriptor is still returned instead of \-1. diff --git a/libexec/Makefile b/libexec/Makefile index c2ee6d32f1..93603fe1ce 100644 --- a/libexec/Makefile +++ b/libexec/Makefile @@ -15,13 +15,11 @@ SUBDIR= atrun \ pppoed \ rbootd \ revnetgroup \ - rlogind \ rpc.rquotad \ rpc.rstatd \ rpc.rusersd \ rpc.rwalld \ rpc.sprayd \ - rshd \ rtld-elf \ sftp-server \ ssh-keysign \ diff --git a/libexec/rlogind/Makefile b/libexec/rlogind/Makefile deleted file mode 100644 index ee29bf9021..0000000000 --- a/libexec/rlogind/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $FreeBSD: src/libexec/rlogind/Makefile,v 1.15.2.3 2001/04/25 10:40:55 ru Exp $ - -PROG= rlogind -MAN= rlogind.8 - -DPADD= ${LIBUTIL} -LDADD= -lutil -CFLAGS+= -DINET6 - -.include diff --git a/libexec/rlogind/pathnames.h b/libexec/rlogind/pathnames.h deleted file mode 100644 index fa888f4445..0000000000 --- a/libexec/rlogind/pathnames.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)pathnames.h 8.1 (Berkeley) 6/4/93 - * $FreeBSD: src/libexec/rlogind/pathnames.h,v 1.2 1999/09/19 22:05:30 markm Exp $ - * $DragonFly: src/libexec/rlogind/pathnames.h,v 1.2 2003/06/17 04:27:07 dillon Exp $ - */ - -#include - -#define _PATH_LOGIN "/usr/bin/login" -#define _PATH_RLOGIN "/usr/bin/rlogin" diff --git a/libexec/rlogind/rlogind.8 b/libexec/rlogind/rlogind.8 deleted file mode 100644 index 1b7348f757..0000000000 --- a/libexec/rlogind/rlogind.8 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Copyright (c) 1983, 1989, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rlogind.8 8.1 (Berkeley) 6/4/93 -.\" $FreeBSD: src/libexec/rlogind/rlogind.8,v 1.13.2.4 2001/08/16 10:44:17 ru Exp $ -.\" $DragonFly: src/libexec/rlogind/rlogind.8,v 1.4 2006/02/17 19:33:31 swildner Exp $ -.\" -.Dd June 4, 1993 -.Dt RLOGIND 8 -.Os -.Sh NAME -.Nm rlogind -.Nd remote login server -.Sh SYNOPSIS -.Nm -.Op Fl Daln -.Sh DESCRIPTION -.Nm Rlogind -is the server for the -.Xr rlogin 1 -program. The server provides a remote login facility -with authentication based on privileged port numbers from trusted hosts. -.Pp -Options supported by -.Nm : -.Bl -tag -width indent -.It Fl D -Set TCP_NODELAY socket option. This improves responsiveness at the expense of -some additional network traffic. -.It Fl a -Ask hostname for verification. -.It Fl l -Prevent any authentication based on the user's -.Dq Pa .rhosts -file, unless the user is logging in as the superuser. -.It Fl n -Disable keep-alive messages. -.El -.Pp -The following options are valid only if Kerberos is in use: -.Bl -tag -width indent -.It Fl k -Enable Kerberos authentication. -.It Fl v -Enable vacuous mode. -.It Fl x -Enable -.Tn DES -encryption for all data passed via the rlogin -session. This may impact response time -and -.Tn CPU -utilization, but provides increased security. -.El -.Pp -.Nm Rlogind -listens for service requests at the port indicated in -the -.Dq login -service specification; see -.Xr services 5 . -When a service request is received the following protocol -is initiated: -.Bl -enum -.It -The server checks the client's source port. -If the port is not in the range 512-1023, the server -aborts the connection. -.It -The server checks the client's source address -and requests the corresponding host name (see -.Xr gethostbyaddr 3 , -.Xr hosts 5 -and -.Xr named 8 ) . -If the hostname cannot be determined, -the dot-notation representation of the host address is used. -If the hostname is in the same domain as the server (according to -the last two components of the domain name), -or if the -.Fl a -option is given, -the addresses for the hostname are requested, -verifying that the name and address correspond. -Normal authentication is bypassed if the address verification fails. -.El -.Pp -Once the source port and address have been checked, -.Nm -proceeds with the authentication process described in -.Xr rshd 8 . -It then allocates a pseudo terminal (see -.Xr pty 4 ) , -and manipulates file descriptors so that the slave -half of the pseudo terminal becomes the -.Em stdin , -.Em stdout , -and -.Em stderr -for a login process. -The login process is an instance of the -.Xr login 1 -program, invoked with the -.Fl f -option if authentication has succeeded. -If automatic authentication fails, the user is -prompted to log in as if on a standard terminal line. -.Pp -The parent of the login process manipulates the master side of -the pseudo terminal, operating as an intermediary -between the login process and the client instance of the -.Xr rlogin 1 -program. In normal operation, the packet protocol described -in -.Xr pty 4 -is invoked to provide -.Ql ^S/^Q -type facilities and propagate -interrupt signals to the remote programs. The login process -propagates the client terminal's baud rate and terminal type, -as found in the environment variable, -.Ev TERM ; -see -.Xr environ 7 . -The screen or window size of the terminal is requested from the client, -and window size changes from the client are propagated to the pseudo terminal. -.Pp -Transport-level keepalive messages are enabled unless the -.Fl n -option is present. -The use of keepalive messages allows sessions to be timed out -if the client crashes or becomes unreachable. -.Sh FILES -.Bl -tag -width /etc/hostsxxxxxxxx -compact -.It Pa /etc/hosts -.It Pa /etc/hosts.equiv -.It Ev $HOME Ns Pa /.rhosts -.It Pa /var/run/nologin -.El -.Sh DIAGNOSTICS -All initial diagnostic messages are indicated -by a leading byte with a value of 1, -after which any network connections are closed. -If there are no errors before -.Xr login 1 -is invoked, a null byte is returned as in indication of success. -.Bl -tag -width Ds -.It Sy Try again. -A -.Xr fork 2 -by the server failed. -.El -.Sh SEE ALSO -.Xr login 1 , -.Xr ruserok 3 , -.Xr hosts 5 , -.Xr hosts.equiv 5 , -.Xr login.conf 5 , -.Xr nologin 5 , -.Xr services 5 , -.Xr rshd 8 -.Sh HISTORY -The -.Nm -command appeared in -.Bx 4.2 . -.Pp -IPv6 support was added by WIDE/KAME project. -.Sh BUGS -The authentication procedure used here assumes the integrity -of each client machine and the connecting medium. This is -insecure, but is useful in an -.Dq open -environment. -.Pp -A facility to allow all data exchanges to be encrypted should be -present. -.Pp -A more extensible protocol should be used. diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c deleted file mode 100644 index 6fc59a333b..0000000000 --- a/libexec/rlogind/rlogind.c +++ /dev/null @@ -1,612 +0,0 @@ -/*- - * Copyright (c) 1983, 1988, 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#) Copyright (c) 1983, 1988, 1989, 1993 The Regents of the University of California. All rights reserved. - * @(#)rlogind.c 8.1 (Berkeley) 6/4/93 - * $FreeBSD: src/libexec/rlogind/rlogind.c,v 1.29.2.5 2000/12/07 15:02:31 ru Exp $ - */ - -/* - * remote login server: - * \0 - * remuser\0 - * locuser\0 - * terminal_type/speed\0 - * data - */ - -#define FD_SETSIZE 16 /* don't need many bits for select */ -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include "pathnames.h" - - -#ifndef TIOCPKT_WINDOW -#define TIOCPKT_WINDOW 0x80 -#endif - -#define ARGSTR "Dalnx" - -/* wrapper for KAME-special getnameinfo() */ -#ifndef NI_WITHSCOPEID -#define NI_WITHSCOPEID 0 -#endif - -extern int __check_rhosts_file; -extern char **environ; - -static char *env[2]; -#define NMAX 30 -static char lusername[NMAX+1], rusername[NMAX+1]; -static char term[64] = "TERM="; -#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */ -static int keepalive = 1; -static int check_all = 0; -static int no_delay; - -static struct passwd *pwd; - -union sockunion { - struct sockinet { - u_char si_len; - u_char si_family; - u_short si_port; - } su_si; - struct sockaddr_in su_sin; - struct sockaddr_in6 su_sin6; -}; -#define su_len su_si.si_len -#define su_family su_si.si_family -#define su_port su_si.si_port - -static void doit(int, union sockunion *); -static int control(int, char *, int); -static void protocol(int, int); -static void cleanup(int); -static void fatal(int, const char *, int); -static int do_rlogin(union sockunion *); -static void getstr(char *, int, const char *); -static void setup_term(int); -static void usage(void); - - -int -main(int argc, char *argv[]) -{ - union sockunion from; - socklen_t fromlen; - int ch, on; - - openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); - - opterr = 0; - while ((ch = getopt(argc, argv, ARGSTR)) != -1) - switch (ch) { - case 'D': - no_delay = 1; - break; - case 'a': - check_all = 1; - break; - case 'l': - __check_rhosts_file = 0; - break; - case 'n': - keepalive = 0; - break; -#ifdef CRYPT - case 'x': - doencrypt = 1; - break; -#endif - case '?': - default: - usage(); - break; - } - argc -= optind; - argv += optind; - - fromlen = sizeof (from); - if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { - syslog(LOG_ERR,"Can't get peer name of remote host: %m"); - fatal(STDERR_FILENO, "Can't get peer name of remote host", 1); - } - on = 1; - if (keepalive && - setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); - if (no_delay && - setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0) - syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); - if (from.su_family == AF_INET) - { - on = IPTOS_LOWDELAY; - if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0) - syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); - } - - doit(0, &from); - return 0; -} - -static int netf; -static char line[MAXPATHLEN]; -static int confirmed; - -static struct winsize win = { 0, 0, 0, 0 }; - - -static void -doit(int f, union sockunion *fromp) -{ - int master, pid, on = 1; - int authenticated = 0; - char hostname[2 * MAXHOSTNAMELEN + 1]; - char nameinfo[2 * INET6_ADDRSTRLEN + 1]; - u_char c; - - alarm(60); - read(f, &c, 1); - - if (c != 0) - exit(1); - - alarm(0); - - realhostname_sa(hostname, sizeof(hostname) - 1, - (struct sockaddr *)fromp, fromp->su_len); - /* error check ? */ - fromp->su_port = ntohs((u_short)fromp->su_port); - hostname[sizeof(hostname) - 1] = '\0'; - - { - if ((fromp->su_family != AF_INET -#ifdef INET6 - && fromp->su_family != AF_INET6 -#endif - ) || - fromp->su_port >= IPPORT_RESERVED || - fromp->su_port < IPPORT_RESERVED/2) { - getnameinfo((struct sockaddr *)fromp, - fromp->su_len, - nameinfo, sizeof(nameinfo), NULL, 0, - NI_NUMERICHOST|NI_WITHSCOPEID); - /* error check ? */ - syslog(LOG_NOTICE, "Connection from %s on illegal port", - nameinfo); - fatal(f, "Permission denied", 0); - } -#ifdef IP_OPTIONS - if (fromp->su_family == AF_INET) - { - u_char optbuf[BUFSIZ/3]; - socklen_t optsize = sizeof(optbuf), i; - int ipproto; - struct protoent *ip; - - if ((ip = getprotobyname("ip")) != NULL) - ipproto = ip->p_proto; - else - ipproto = IPPROTO_IP; - if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, - &optsize) == 0 && optsize != 0) { - for (i = 0; i < optsize; ) { - c = optbuf[i]; - if (c == IPOPT_LSRR || c == IPOPT_SSRR) { - syslog(LOG_NOTICE, - "Connection refused from %s with IP option %s", - inet_ntoa(fromp->su_sin.sin_addr), - c == IPOPT_LSRR ? "LSRR" : "SSRR"); - exit(1); - } - if (c == IPOPT_EOL) - break; - i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; - } - } - } -#endif - if (do_rlogin(fromp) == 0) - authenticated++; - } - if (confirmed == 0) { - write(f, "", 1); - confirmed = 1; /* we sent the null! */ - } -#ifdef CRYPT - if (doencrypt) { - des_enc_write(f, SECURE_MESSAGE, strlen(SECURE_MESSAGE), - schedule, &kdata->session); - } -#endif - netf = f; - - pid = forkpty(&master, line, NULL, &win); - if (pid < 0) { - if (errno == ENOENT) - fatal(f, "Out of ptys", 0); - else - fatal(f, "Forkpty", 1); - } - if (pid == 0) { - if (f > 2) /* f should always be 0, but... */ - close(f); - setup_term(0); - if (*lusername=='-') { - syslog(LOG_ERR, "tried to pass user \"%s\" to login", - lusername); - fatal(STDERR_FILENO, "invalid user", 0); - } - if (authenticated) { - execl(_PATH_LOGIN, "login", "-p", - "-h", hostname, "-f", lusername, NULL); - } else - execl(_PATH_LOGIN, "login", "-p", - "-h", hostname, lusername, NULL); - fatal(STDERR_FILENO, _PATH_LOGIN, 1); - /*NOTREACHED*/ - } -#ifdef CRYPT - /* - * If encrypted, don't turn on NBIO or the des read/write - * routines will croak. - */ - - if (!doencrypt) -#endif - ioctl(f, FIONBIO, &on); - ioctl(master, FIONBIO, &on); - ioctl(master, TIOCPKT, &on); - signal(SIGCHLD, cleanup); - protocol(f, master); - signal(SIGCHLD, SIG_IGN); - cleanup(0); -} - -static char magic[2] = { 0377, 0377 }; -static char oobdata[] = {TIOCPKT_WINDOW}; - -/* - * Handle a "control" request (signaled by magic being present) - * in the data stream. For now, we are only willing to handle - * window size changes. - */ -static int -control(int pty, char *cp, int n) -{ - struct winsize w; - - if (n < 4 + (int)sizeof(w) || cp[2] != 's' || cp[3] != 's') - return (0); - oobdata[0] &= ~TIOCPKT_WINDOW; /* we know he heard */ - bcopy(cp+4, (char *)&w, sizeof(w)); - w.ws_row = ntohs(w.ws_row); - w.ws_col = ntohs(w.ws_col); - w.ws_xpixel = ntohs(w.ws_xpixel); - w.ws_ypixel = ntohs(w.ws_ypixel); - ioctl(pty, TIOCSWINSZ, &w); - return (4+sizeof (w)); -} - -/* - * rlogin "protocol" machine. - */ -static void -protocol(int f, int p) -{ - char pibuf[1024+1], fibuf[1024], *pbp = NULL, *fbp = NULL; - int pcc = 0, fcc = 0; - int cc, nfd, n; - char cntl; - - /* - * Must ignore SIGTTOU, otherwise we'll stop - * when we try and set slave pty's window shape - * (our controlling tty is the master pty). - */ - signal(SIGTTOU, SIG_IGN); - send(f, oobdata, 1, MSG_OOB); /* indicate new rlogin */ - if (f > p) - nfd = f + 1; - else - nfd = p + 1; - if (nfd > FD_SETSIZE) { - syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE"); - fatal(f, "internal error (select mask too small)", 0); - } - for (;;) { - fd_set ibits, obits, ebits, *omask; - - FD_ZERO(&ebits); - FD_ZERO(&ibits); - FD_ZERO(&obits); - omask = NULL; - if (fcc) { - FD_SET(p, &obits); - omask = &obits; - } else - FD_SET(f, &ibits); - if (pcc >= 0) { - if (pcc) { - FD_SET(f, &obits); - omask = &obits; - } else - FD_SET(p, &ibits); - } - FD_SET(p, &ebits); - if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) { - if (errno == EINTR) - continue; - fatal(f, "select", 1); - } - if (n == 0) { - /* shouldn't happen... */ - sleep(5); - continue; - } -#define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP)) - if (FD_ISSET(p, &ebits)) { - cc = read(p, &cntl, 1); - if (cc == 1 && pkcontrol(cntl)) { - cntl |= oobdata[0]; - send(f, &cntl, 1, MSG_OOB); - if (cntl & TIOCPKT_FLUSHWRITE) { - pcc = 0; - FD_CLR(p, &ibits); - } - } - } - if (FD_ISSET(f, &ibits)) { -#ifdef CRYPT - if (doencrypt) - fcc = des_enc_read(f, fibuf, sizeof(fibuf), - schedule, &kdata->session); - else -#endif - fcc = read(f, fibuf, sizeof(fibuf)); - if (fcc < 0 && errno == EWOULDBLOCK) - fcc = 0; - else { - register char *cp; - int left; - - if (fcc <= 0) - break; - fbp = fibuf; - - top: - for (cp = fibuf; cp < fibuf+fcc-1; cp++) - if (cp[0] == magic[0] && - cp[1] == magic[1]) { - left = fcc - (cp-fibuf); - n = control(p, cp, left); - if (n) { - left -= n; - if (left > 0) - bcopy(cp+n, cp, left); - fcc -= n; - goto top; /* n^2 */ - } - } - FD_SET(p, &obits); /* try write */ - } - } - - if (FD_ISSET(p, &obits) && fcc > 0) { - cc = write(p, fbp, fcc); - if (cc > 0) { - fcc -= cc; - fbp += cc; - } - } - - if (FD_ISSET(p, &ibits)) { - pcc = read(p, pibuf, sizeof (pibuf)); - pbp = pibuf; - if (pcc < 0 && errno == EWOULDBLOCK) - pcc = 0; - else if (pcc <= 0) - break; - else if (pibuf[0] == 0) { - pbp++, pcc--; -#ifdef CRYPT - if (!doencrypt) -#endif - FD_SET(f, &obits); /* try write */ - } else { - if (pkcontrol(pibuf[0])) { - pibuf[0] |= oobdata[0]; - send(f, &pibuf[0], 1, MSG_OOB); - } - pcc = 0; - } - } - if ((FD_ISSET(f, &obits)) && pcc > 0) { -#ifdef CRYPT - if (doencrypt) - cc = des_enc_write(f, pbp, pcc, - schedule, &kdata->session); - else -#endif - cc = write(f, pbp, pcc); - if (cc < 0 && errno == EWOULDBLOCK) { - /* - * This happens when we try write after read - * from p, but some old kernels balk at large - * writes even when select returns true. - */ - if (!FD_ISSET(p, &ibits)) - sleep(5); - continue; - } - if (cc > 0) { - pcc -= cc; - pbp += cc; - } - } - } -} - -static void -cleanup(int signo __unused) -{ - char *p; - - p = line + sizeof(_PATH_DEV) - 1; - if (logout(p)) - logwtmp(p, "", ""); - chflags(line, 0); - chmod(line, 0666); - chown(line, 0, 0); - *p = 'p'; - chflags(line, 0); - chmod(line, 0666); - chown(line, 0, 0); - shutdown(netf, SHUT_RDWR); - exit(1); -} - -static void -fatal(int f, const char *msg, int syserr) -{ - int len; - char buf[BUFSIZ], *bp = buf; - - /* - * Prepend binary one to message if we haven't sent - * the magic null as confirmation. - */ - if (!confirmed) - *bp++ = '\01'; /* error indicator */ - if (syserr) - len = snprintf(bp, sizeof(buf), "rlogind: %s: %s.\r\n", - msg, strerror(errno)); - else - len = snprintf(bp, sizeof(buf), "rlogind: %s.\r\n", msg); - write(f, buf, bp + len - buf); - exit(1); -} - -static int -do_rlogin(union sockunion *dest) -{ - - getstr(rusername, sizeof(rusername), "remuser too long"); - getstr(lusername, sizeof(lusername), "locuser too long"); - getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); - - pwd = getpwnam(lusername); - if (pwd == NULL) - return (-1); - /* XXX why don't we syslog() failure? */ - - return (iruserok_sa(dest, dest->su_len, pwd->pw_uid == 0, rusername, - lusername)); -} - -static void -getstr(char *buf, int cnt, const char *errmsg) -{ - char c; - - do { - if (read(0, &c, 1) != 1) - exit(1); - if (--cnt < 0) - fatal(STDOUT_FILENO, errmsg, 0); - *buf++ = c; - } while (c != 0); -} - -static void -setup_term(int fd) -{ - register char *cp = index(term+ENVSIZE, '/'); - char *speed; - struct termios tt; - -#ifndef notyet - tcgetattr(fd, &tt); - if (cp) { - *cp++ = '\0'; - speed = cp; - cp = index(speed, '/'); - if (cp) - *cp++ = '\0'; - cfsetspeed(&tt, atoi(speed)); - } - - tt.c_iflag = TTYDEF_IFLAG; - tt.c_oflag = TTYDEF_OFLAG; - tt.c_lflag = TTYDEF_LFLAG; - tcsetattr(fd, TCSAFLUSH, &tt); -#else - if (cp) { - *cp++ = '\0'; - speed = cp; - cp = index(speed, '/'); - if (cp) - *cp++ = '\0'; - tcgetattr(fd, &tt); - cfsetspeed(&tt, atoi(speed)); - tcsetattr(fd, TCSAFLUSH, &tt); - } -#endif - - env[0] = term; - env[1] = NULL; - environ = env; -} - -static void -usage(void) -{ - syslog(LOG_ERR, "usage: rlogind [-" ARGSTR "]"); -} diff --git a/libexec/rshd/Makefile b/libexec/rshd/Makefile deleted file mode 100644 index b354107fe3..0000000000 --- a/libexec/rshd/Makefile +++ /dev/null @@ -1,17 +0,0 @@ -# From: @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $FreeBSD: src/libexec/rshd/Makefile,v 1.15.2.3 2001/04/25 10:40:59 ru Exp $ - -PROG= rshd -MAN= rshd.8 - -#CFLAGS+= -DCRYPT - -# For login_cap handling -CFLAGS+=-DLOGIN_CAP -DPADD+= ${LIBUTIL} -LDADD+= -lutil - -# IPv6 support -CFLAGS+= -DINET6 - -.include diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8 deleted file mode 100644 index 06992e96fd..0000000000 --- a/libexec/rshd/rshd.8 +++ /dev/null @@ -1,254 +0,0 @@ -.\" Copyright (c) 1983, 1989, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rshd.8 8.1 (Berkeley) 6/4/93 -.\" $FreeBSD: src/libexec/rshd/rshd.8,v 1.18.2.5 2001/08/16 10:44:18 ru Exp $ -.\" $DragonFly: src/libexec/rshd/rshd.8,v 1.4 2006/02/17 19:33:31 swildner Exp $ -.\" -.Dd June 4, 1993 -.Dt RSHD 8 -.Os -.Sh NAME -.Nm rshd -.Nd remote shell server -.Sh SYNOPSIS -.Nm -.Op Fl \&?DLaln -.Sh DESCRIPTION -The -.Nm -server -is the server for the -.Xr rcmd 3 -routine and, consequently, for the -.Xr rsh 1 -program. The server provides remote execution facilities -with authentication based on privileged port numbers from trusted hosts. -.Pp -The -.Nm -server -listens for service requests at the port indicated in -the -.Dq cmd -service specification; see -.Xr services 5 . -When a service request is received the following protocol -is initiated: -.Bl -enum -.It -The server checks the client's source port. -If the port is not in the range 512-1023, the server -aborts the connection. -.It -The server reads characters from the socket up -to a -.Tn NUL -(`\e0') byte. The resultant string is -interpreted as an -.Tn ASCII -number, base 10. -.It -If the number received in step 2 is non-zero, -it is interpreted as the port number of a secondary -stream to be used for the -.Em stderr . -A second connection is then created to the specified -port on the client's machine. The source port of this -second connection is also in the range 512-1023. -.It -The server checks the client's source address -and requests the corresponding host name (see -.Xr gethostbyaddr 3 , -.Xr hosts 5 -and -.Xr named 8 ) . -If the hostname cannot be determined or the hostname and address do -not match after verification, -the dot-notation representation of the host address is used. -.It -A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name -is interpreted as the user identity on the -.Em client Ns 's -machine. -.It -A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name -is interpreted as a user identity to use on the -.Em server Ns 's -machine. -.It -A null terminated command to be passed to a -shell is retrieved on the initial socket. The length of -the command is limited by the upper bound on the size of -the system's argument list. -.It -.Nm Rshd -then validates the user using -.Xr ruserok 3 , -which uses the file -.Pa /etc/hosts.equiv -and the -.Pa .rhosts -file found in the user's home directory. The -.Fl l -option prevents -.Xr ruserok 3 -from doing any validation based on the user's -.Pa .rhosts -file, -unless the user is the superuser. -.It -If the file -.Pa /var/run/nologin -exists and the user is not the superuser, -the connection is closed. -The name of the nologin file may be overridden -using the nologin capability in -.Pa /etc/login.conf -according to the local user's login class, -which may also be used to restrict -.Xr rsh 1 -access by -login time (times.allow and times.deny capabilities) -and remote host (hosts.allow and hosts.deny capabilities). -.It -A -.Tn NUL -byte is returned on the initial socket -and the command line is passed to the normal login -shell of the user. The -shell inherits the network connections established -by -.Nm . -.El -.Pp -The options are as follows: -.Bl -tag -width indent -.It Fl \&? -Display the usage message, and exit. -.It Fl D -Sets the TCP_NODELAY socket option, which improves the performance -of small back-to-back writes at the expense of additional network -traffic. -.It Fl L -Causes all successful accesses to be logged to -.Xr syslogd 8 -as -.Li auth.info -messages. -.It Fl a -This flag is ignored, and is present for compatibility purposes. -.It Fl l -Do not use the user's -.Pa .rhosts -file for authentication, unless the user is the superuser. -.It Fl n -Turn off transport level keepalive messages. This will prevent sessions -from timing out if the client crashes or becomes unreachable. -.El -.Sh FILES -.Bl -tag -width /var/run/nologin -compact -.It Pa /etc/hosts -.It Pa /etc/hosts.equiv -.It Pa /etc/login.conf -.It Ev $HOME Ns Pa /.rhosts -.It Pa /var/run/nologin -.El -.Sh DIAGNOSTICS -Except for the last one listed below, -all diagnostic messages -are returned on the initial socket, -after which any network connections are closed. -An error is indicated by a leading byte with a value of -1 (0 is returned in step 10 above upon successful completion -of all the steps prior to the execution of the login shell). -.Bl -tag -width indent -.It Sy Locuser too long. -The name of the user on the client's machine is -longer than 16 characters. -.It Sy Ruser too long. -The name of the user on the remote machine is -longer than 16 characters. -.It Sy Command too long. -The command line passed exceeds the size of the argument -list (as configured into the system). -.It Sy Login incorrect. -No password file entry for the user name existed -or the authentication procedure described above failed. -.It Sy Remote directory. -The -.Xr chdir 2 -function to the home directory failed. -.It Sy Logins not available right now. -.Xr Rsh 1 -was attempted outside the allowed hours defined in -.Pa /etc/login.conf -for the local user's login class. -.It Sy Can't make pipe. -The pipe needed for the -.Em stderr , -wasn't created. -.It Sy Can't fork; try again. -A -.Xr fork 2 -by the server failed. -.It Sy : ... -The user's login shell could not be started. This message is returned -on the connection associated with the -.Em stderr , -and is not preceded by a flag byte. -.El -.Sh SEE ALSO -.Xr rlogin 1 , -.Xr rsh 1 , -.Xr gethostbyaddr 3 , -.Xr rcmd 3 , -.Xr ruserok 3 , -.Xr auth.conf 5 , -.Xr hosts 5 , -.Xr hosts.equiv 5 , -.Xr login.conf 5 , -.Xr nologin 5 , -.Xr services 5 , -.Xr named 8 , -.Xr rlogind 8 , -.Xr syslogd 8 -.Sh HISTORY -IPv6 support was added by WIDE/KAME project. -.Sh BUGS -The authentication procedure used here assumes the integrity -of each client machine and the connecting medium. This is -insecure, but is useful in an -.Dq open -environment. -.Pp -A facility to allow all data exchanges to be encrypted should be -present. -.Pp -A more extensible protocol (such as Telnet) should be used. diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c deleted file mode 100644 index b9de2fe228..0000000000 --- a/libexec/rshd/rshd.c +++ /dev/null @@ -1,704 +0,0 @@ -/*- - * Copyright (c) 1988, 1989, 1992, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#) Copyright (c) 1988, 1989, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. - * @(#)rshd.c 8.2 (Berkeley) 4/6/94 - * $FreeBSD: src/libexec/rshd/rshd.c,v 1.30.2.5 2002/05/14 22:27:21 des Exp $ - */ - -/* - * remote shell server: - * [port]\0 - * remuser\0 - * locuser\0 - * command\0 - * data - */ -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef LOGIN_CAP -#include -#endif - -/* wrapper for KAME-special getnameinfo() */ -#ifndef NI_WITHSCOPEID -#define NI_WITHSCOPEID 0 -#endif - -extern int __check_rhosts_file; -extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ - -int keepalive = 1; -int log_success; /* If TRUE, log all successful accesses */ -int sent_null; -int no_delay; -#ifdef CRYPT -int doencrypt = 0; -#endif - -union sockunion { - struct sockinet { - u_char si_len; - u_char si_family; - u_short si_port; - } su_si; - struct sockaddr_in su_sin; - struct sockaddr_in6 su_sin6; -}; -#define su_len su_si.si_len -#define su_family su_si.si_family -#define su_port su_si.si_port - -void doit(union sockunion *); -void error(const char *, ...) __printflike(1, 2); -void getstr(char *, int, const char *); -int local_domain(char *); -char *topdomain(char *); -void usage(void); - -char slash[] = "/"; -char bshell[] = _PATH_BSHELL; - -#define OPTIONS "alnDL" - -int -main(int argc, char *argv[]) -{ - struct linger linger; - socklen_t fromlen; - int ch, on = 1; - struct sockaddr_storage from; - - openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); - - opterr = 0; - while ((ch = getopt(argc, argv, OPTIONS)) != -1) - switch (ch) { - case 'a': - /* ignored for compatibility */ - break; - case 'l': - __check_rhosts_file = 0; - break; - case 'n': - keepalive = 0; - break; -#ifdef CRYPT - case 'x': - doencrypt = 1; - break; -#endif - case 'D': - no_delay = 1; - break; - case 'L': - log_success = 1; - break; - case '?': - default: - usage(); - break; - } - - argc -= optind; - argv += optind; - -#ifdef CRYPT - if (doencrypt) { - syslog(LOG_ERR, "-k is required for -x"); - exit(2); - } -#endif - - fromlen = sizeof (from); - if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { - syslog(LOG_ERR, "getpeername: %m"); - exit(1); - } - if (keepalive && - setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, - sizeof(on)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); - linger.l_onoff = 1; - linger.l_linger = 60; /* XXX */ - if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, - sizeof (linger)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); - if (no_delay && - setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0) - syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); - doit((union sockunion *)&from); - /* NOTREACHED */ - return(0); -} - -char username[20] = "USER="; -char homedir[64] = "HOME="; -char shell[64] = "SHELL="; -char path[100] = "PATH="; -char *envinit[] = - {homedir, shell, path, username, 0}; -char **environ; - -void -doit(union sockunion *fromp) -{ - struct passwd *pwd; - u_short port; - fd_set ready, readfrom; - int cc, nfd, pv[2], pid, s; - int one = 1; - const char *errorstr; - char *cp, sig, buf[BUFSIZ]; - char cmdbuf[NCARGS+1], locuser[16], remuser[16]; - char fromhost[2 * MAXHOSTNAMELEN + 1]; - char numericname[INET6_ADDRSTRLEN]; - int af = fromp->su_family, gaierror; -#ifdef CRYPT - int rc; - int pv1[2], pv2[2]; -#endif -#ifdef LOGIN_CAP - login_cap_t *lc; -#endif - - signal(SIGINT, SIG_DFL); - signal(SIGQUIT, SIG_DFL); - signal(SIGTERM, SIG_DFL); - fromp->su_port = ntohs((u_short)fromp->su_port); - if (af != AF_INET -#ifdef INET6 - && af != AF_INET6 -#endif - ) { - syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", af); - exit(1); - } - gaierror = getnameinfo((struct sockaddr *)fromp, fromp->su_len, - numericname, sizeof(numericname), NULL, 0, - NI_NUMERICHOST|NI_WITHSCOPEID); - if (gaierror != 0) { - syslog(LOG_ERR, "malformed \"from\" address (af %d): %s", af, - gai_strerror(gaierror)); - exit(1); - } -#ifdef IP_OPTIONS - if (af == AF_INET) { - u_char optbuf[BUFSIZ/3]; - socklen_t optsize = sizeof(optbuf), i; - int ipproto; - struct protoent *ip; - - if ((ip = getprotobyname("ip")) != NULL) - ipproto = ip->p_proto; - else - ipproto = IPPROTO_IP; - if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) && - optsize != 0) { - for (i = 0; i < optsize; ) { - u_char c = optbuf[i]; - if (c == IPOPT_LSRR || c == IPOPT_SSRR) { - syslog(LOG_NOTICE, - "connection refused from %s with IP option %s", - numericname, - c == IPOPT_LSRR ? "LSRR" : "SSRR"); - exit(1); - } - if (c == IPOPT_EOL) - break; - i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; - } - } - } -#endif - - if (fromp->su_port >= IPPORT_RESERVED || - fromp->su_port < IPPORT_RESERVED/2) { - syslog(LOG_NOTICE|LOG_AUTH, - "connection from %s on illegal port %u", - numericname, - fromp->su_port); - exit(1); - } - - alarm(60); - port = 0; - s = 0; /* not set or used if port == 0 */ - for (;;) { - char c; - if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { - if (cc < 0) - syslog(LOG_NOTICE, "read: %m"); - shutdown(0, SHUT_RDWR); - exit(1); - } - if (c == 0) - break; - port = port * 10 + c - '0'; - } - - alarm(0); - if (port != 0) { - int lport = IPPORT_RESERVED - 1; - s = rresvport_af(&lport, af); - if (s < 0) { - syslog(LOG_ERR, "can't get stderr port: %m"); - exit(1); - } - if (port >= IPPORT_RESERVED || - port < IPPORT_RESERVED/2) { - syslog(LOG_NOTICE|LOG_AUTH, - "2nd socket from %s on unreserved port %u", - numericname, - port); - exit(1); - } - fromp->su_port = htons(port); - if (connect(s, (struct sockaddr *)fromp, fromp->su_len) < 0) { - syslog(LOG_INFO, "connect second port %d: %m", port); - exit(1); - } - } - - errorstr = NULL; - realhostname_sa(fromhost, sizeof(fromhost) - 1, - (struct sockaddr *)fromp, - fromp->su_len); - fromhost[sizeof(fromhost) - 1] = '\0'; - -#ifdef CRYPT - if (doencrypt && af == AF_INET) { - struct sockaddr_in local_addr; - rc = sizeof(local_addr); - if (getsockname(0, (struct sockaddr *)&local_addr, - &rc) < 0) { - syslog(LOG_ERR, "getsockname: %m"); - error("rlogind: getsockname: %m"); - exit(1); - } - authopts = KOPT_DO_MUTUAL; - rc = krb_recvauth(authopts, 0, ticket, - "rcmd", instance, &fromaddr, - &local_addr, kdata, "", schedule, - version); - des_set_key(&kdata->session, schedule); - } -#endif - alarm(60); - getstr(remuser, sizeof(remuser), "remuser"); - getstr(locuser, sizeof(locuser), "locuser"); - getstr(cmdbuf, sizeof(cmdbuf), "command"); - alarm(0); - setpwent(); - pwd = getpwnam(locuser); - if (pwd == NULL) { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: unknown login. cmd='%.80s'", - remuser, fromhost, locuser, cmdbuf); - if (errorstr == NULL) - errorstr = "Login incorrect.\n"; - goto fail; - } -#ifdef LOGIN_CAP - lc = login_getpwclass(pwd); -#endif - if (chdir(pwd->pw_dir) < 0) { -#ifdef LOGIN_CAP - if (chdir("/") < 0 || - login_getcapbool(lc, "requirehome", !!pwd->pw_uid)) { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: no home directory. cmd='%.80s'", - remuser, fromhost, locuser, cmdbuf); - error("No remote home directory.\n"); - exit(0); - } -#else - chdir("/"); -#ifdef notdef - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: no home directory. cmd='%.80s'", - remuser, fromhost, locuser, cmdbuf); - error("No remote directory.\n"); - exit(1); -#endif -#endif - pwd->pw_dir = slash; - } - - if (errorstr || - (pwd->pw_expire && time(NULL) >= pwd->pw_expire) || - iruserok_sa(fromp, fromp->su_len, pwd->pw_uid == 0, - remuser, locuser) < 0) { - if (__rcmd_errstr) { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: permission denied (%s). cmd='%.80s'", - remuser, fromhost, locuser, __rcmd_errstr, - cmdbuf); - } else { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: permission denied. cmd='%.80s'", - remuser, fromhost, locuser, cmdbuf); - } -fail: - if (errorstr == NULL) - errorstr = "Login incorrect.\n"; - error(errorstr, fromhost); - exit(1); - } - - if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { - error("Logins currently disabled.\n"); - exit(1); - } -#ifdef LOGIN_CAP - if (lc != NULL && fromp->su_family == AF_INET) { /*XXX*/ - char remote_ip[MAXHOSTNAMELEN]; - - strncpy(remote_ip, numericname, - sizeof(remote_ip) - 1); - remote_ip[sizeof(remote_ip) - 1] = 0; - if (!auth_hostok(lc, fromhost, remote_ip)) { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: permission denied (%s). cmd='%.80s'", - remuser, fromhost, locuser, __rcmd_errstr, - cmdbuf); - error("Login incorrect.\n"); - exit(1); - } - if (!auth_timeok(lc, time(NULL))) { - error("Logins not available right now\n"); - exit(1); - } - } -#endif /* !LOGIN_CAP */ -#if BSD > 43 - /* before fork, while we're session leader */ - if (setlogin(pwd->pw_name) < 0) - syslog(LOG_ERR, "setlogin() failed: %m"); -#endif - - write(STDERR_FILENO, "\0", 1); - sent_null = 1; - - if (port) { - if (pipe(pv) < 0) { - error("Can't make pipe.\n"); - exit(1); - } -#ifdef CRYPT - if (doencrypt) { - if (pipe(pv1) < 0) { - error("Can't make 2nd pipe.\n"); - exit(1); - } - if (pipe(pv2) < 0) { - error("Can't make 3rd pipe.\n"); - exit(1); - } - } -#endif - pid = fork(); - if (pid == -1) { - error("Can't fork; try again.\n"); - exit(1); - } - if (pid) { -#ifdef CRYPT - if (doencrypt) { - static char msg[] = SECURE_MESSAGE; - close(pv1[1]); - close(pv2[1]); - des_enc_write(s, msg, sizeof(msg) - 1, - schedule, &kdata->session); - - } else -#endif - { - close(0); - close(1); - } - close(2); - close(pv[1]); - - FD_ZERO(&readfrom); - FD_SET(s, &readfrom); - FD_SET(pv[0], &readfrom); - if (pv[0] > s) - nfd = pv[0]; - else - nfd = s; -#ifdef CRYPT - if (doencrypt) { - FD_ZERO(&writeto); - FD_SET(pv2[0], &writeto); - FD_SET(pv1[0], &readfrom); - - nfd = MAX(nfd, pv2[0]); - nfd = MAX(nfd, pv1[0]); - } else -#endif - ioctl(pv[0], FIONBIO, (char *)&one); - - /* should set s nbio! */ - nfd++; - do { - ready = readfrom; -#ifdef CRYPT - if (doencrypt) { - wready = writeto; - if (select(nfd, &ready, - &wready, NULL, - NULL) < 0) - break; - } else -#endif - if (select(nfd, &ready, NULL, - NULL, NULL) < 0) - break; - if (FD_ISSET(s, &ready)) { - int ret; -#ifdef CRYPT - if (doencrypt) - ret = des_enc_read(s, &sig, 1, - schedule, &kdata->session); - else -#endif - ret = read(s, &sig, 1); - if (ret <= 0) - FD_CLR(s, &readfrom); - else - killpg(pid, sig); - } - if (FD_ISSET(pv[0], &ready)) { - errno = 0; - cc = read(pv[0], buf, sizeof(buf)); - if (cc <= 0) { - shutdown(s, SHUT_RDWR); - FD_CLR(pv[0], &readfrom); - } else { -#ifdef CRYPT - if (doencrypt) { - des_enc_write(s, buf, - cc, schedule, - &kdata->session); - } else -#endif - write(s, buf, cc); - } - } -#ifdef CRYPT - if (doencrypt && FD_ISSET(pv1[0], &ready)) { - errno = 0; - cc = read(pv1[0], buf, sizeof(buf)); - if (cc <= 0) { - shutdown(pv1[0], SHUT_RDWR); - FD_CLR(pv1[0], &readfrom); - } else { - des_enc_write(STDOUT_FILENO, - buf, cc, schedule, - &kdata->session); - } - } - - if (doencrypt && FD_ISSET(pv2[0], &wready)) { - errno = 0; - cc = des_enc_read(STDIN_FILENO, - buf, sizeof(buf), - schedule, &kdata->session); - if (cc <= 0) { - shutdown(pv2[0], SHUT_RDWR); - FD_CLR(pv2[0], &writeto); - } else { - write(pv2[0], buf, cc); - } - } -#endif - - } while (FD_ISSET(s, &readfrom) || -#ifdef CRYPT - (doencrypt && FD_ISSET(pv1[0], &readfrom)) || -#endif - FD_ISSET(pv[0], &readfrom)); - exit(0); - } - setpgrp(0, getpid()); - close(s); - close(pv[0]); -#ifdef CRYPT - if (doencrypt) { - close(pv1[0]); close(pv2[0]); - dup2(pv1[1], 1); - dup2(pv2[1], 0); - close(pv1[1]); - close(pv2[1]); - } -#endif - dup2(pv[1], 2); - close(pv[1]); - } - if (*pwd->pw_shell == '\0') - pwd->pw_shell = bshell; - environ = envinit; - strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); - strcat(path, _PATH_DEFPATH); - strncat(shell, pwd->pw_shell, sizeof(shell)-7); - strncat(username, pwd->pw_name, sizeof(username)-6); - cp = strrchr(pwd->pw_shell, '/'); - if (cp) - cp++; - else - cp = pwd->pw_shell; -#ifdef LOGIN_CAP - if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) { - syslog(LOG_ERR, "setusercontext: %m"); - exit(1); - } - login_close(lc); -#else - setgid((gid_t)pwd->pw_gid); - initgroups(pwd->pw_name, pwd->pw_gid); - setuid((uid_t)pwd->pw_uid); -#endif - endpwent(); - if (log_success || pwd->pw_uid == 0) { - syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", - remuser, fromhost, locuser, cmdbuf); - } - execl(pwd->pw_shell, cp, "-c", cmdbuf, NULL); - perror(pwd->pw_shell); - exit(1); -} - -/* - * Report error to client. Note: can't be used until second socket has - * connected to client, or older clients will hang waiting for that - * connection first. - */ - -void -error(const char *fmt, ...) -{ - va_list ap; - int len; - char *bp, buf[BUFSIZ]; - va_start(ap, fmt); - bp = buf; - if (sent_null == 0) { - *bp++ = 1; - len = 1; - } else - len = 0; - vsnprintf(bp, sizeof(buf) - 1, fmt, ap); - write(STDERR_FILENO, buf, len + strlen(bp)); -} - -void -getstr(char *buf, int cnt, const char *err) -{ - char c; - - do { - if (read(STDIN_FILENO, &c, 1) != 1) - exit(1); - *buf++ = c; - if (--cnt == 0) { - error("%s too long\n", err); - exit(1); - } - } while (c != 0); -} - -/* - * Check whether host h is in our local domain, - * defined as sharing the last two components of the domain part, - * or the entire domain part if the local domain has only one component. - * If either name is unqualified (contains no '.'), - * assume that the host is local, as it will be - * interpreted as such. - */ -int -local_domain(char *h) -{ - char localhost[MAXHOSTNAMELEN]; - char *p1, *p2; - - localhost[0] = 0; - gethostname(localhost, sizeof(localhost) - 1); - localhost[sizeof(localhost) - 1] = '\0'; - p1 = topdomain(localhost); - p2 = topdomain(h); - if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2)) - return (1); - return (0); -} - -char * -topdomain(char *h) -{ - char *p, *maybe = NULL; - int dots = 0; - - for (p = h + strlen(h); p >= h; p--) { - if (*p == '.') { - if (++dots == 2) - return (p); - maybe = p; - } - } - return (maybe); -} - -void -usage(void) -{ - - syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS); - exit(2); -} diff --git a/sbin/dump/Makefile b/sbin/dump/Makefile index 9cb8bab76e..bc631457a1 100644 --- a/sbin/dump/Makefile +++ b/sbin/dump/Makefile @@ -1,6 +1,5 @@ # @(#)Makefile 8.1 (Berkeley) 6/5/93 # $FreeBSD: src/sbin/dump/Makefile,v 1.12.2.4 2003/01/25 18:54:59 dillon Exp $ -# $DragonFly: src/sbin/dump/Makefile,v 1.6 2006/10/21 04:10:02 pavalos Exp $ # dump.h header file # itime.c reads /etc/dumpdates @@ -17,7 +16,6 @@ PROG= dump LINKS= ${BINDIR}/dump ${BINDIR}/rdump CFLAGS+=-DRDUMP -CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= itime.c main.c optr.c dumprmt.c tape.c traverse.c unctime.c cache.c MAN= dump.8 MLINKS+=dump.8 rdump.8 diff --git a/sbin/hammer/hammer.8 b/sbin/hammer/hammer.8 index db925edd30..227c0736f6 100644 --- a/sbin/hammer/hammer.8 +++ b/sbin/hammer/hammer.8 @@ -30,7 +30,7 @@ .\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd April 16, 2017 +.Dd December 31, 2017 .Dt HAMMER 8 .Os .Sh NAME @@ -1954,7 +1954,7 @@ mirror-stream commands instead of the default command, which is The program will be invoked via .Xr execvp 3 using a typical -.Xr rsh 1 +.Xr rsh 1 Pq Pa net/bsdrcmds style .Cm -l user host command line. diff --git a/sbin/restore/Makefile b/sbin/restore/Makefile index 1343064c5d..a5c9b3cb61 100644 --- a/sbin/restore/Makefile +++ b/sbin/restore/Makefile @@ -4,7 +4,6 @@ PROG= restore LINKS= ${BINDIR}/restore ${BINDIR}/rrestore CFLAGS+=-DRRESTORE -DNTREC_LONG -CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= main.c interactive.c restore.c dirs.c symtab.c tape.c utilities.c \ dumprmt.c MAN= restore.8 diff --git a/share/man/man4/pty.4 b/share/man/man4/pty.4 index 3fa12a8671..ba20d8364f 100644 --- a/share/man/man4/pty.4 +++ b/share/man/man4/pty.4 @@ -27,9 +27,8 @@ .\" .\" @(#)pty.4 8.2 (Berkeley) 11/30/93 .\" $FreeBSD: src/share/man/man4/pty.4,v 1.8.2.3 2001/08/17 13:08:39 ru Exp $ -.\" $DragonFly: src/share/man/man4/pty.4,v 1.2 2003/06/17 04:36:59 dillon Exp $ .\" -.Dd November 30, 1993 +.Dd December 31, 2017 .Dt PTY 4 .Os .Sh NAME @@ -120,9 +119,9 @@ to be read from the master side may be detected by a for exceptional conditions. .Pp This mode is used by -.Xr rlogin 1 +.Xr rlogin 1 Pq Pa net/bsdrcmds and -.Xr rlogind 8 +.Xr rlogind 8 Pq Pa net/bsdrcmds to implement a remote-echoed, locally .Ql ^S/^Q flow-controlled diff --git a/share/man/man4/termios.4 b/share/man/man4/termios.4 index 54dc79e0fc..6d60388e4c 100644 --- a/share/man/man4/termios.4 +++ b/share/man/man4/termios.4 @@ -28,7 +28,7 @@ .\" @(#)termios.4 8.4 (Berkeley) 4/19/94 .\" $FreeBSD: src/share/man/man4/termios.4,v 1.12.2.9 2001/12/17 11:30:12 ru Exp $ .\" -.Dd April 19, 1994 +.Dd December 31, 2017 .Dt TERMIOS 4 .Os .Sh NAME @@ -59,7 +59,7 @@ seldom open these files; they are opened by special programs, such as .Xr getty 8 or -.Xr rlogind 8 , +.Xr rlogind 8 Pq Pa net/bsdrcmds , and become an application's standard input, output, and error files. .Ss Job Control in a Nutshell diff --git a/share/man/man4/tty.4 b/share/man/man4/tty.4 index 39fde44493..84791f6521 100644 --- a/share/man/man4/tty.4 +++ b/share/man/man4/tty.4 @@ -28,7 +28,7 @@ .\" @(#)tty.4 8.3 (Berkeley) 4/19/94 .\" $FreeBSD: src/share/man/man4/tty.4,v 1.9.2.6 2001/12/17 11:30:12 ru Exp $ .\" -.Dd August 14, 1992 +.Dd December 31, 2017 .Dt TTY 4 .Os .Sh NAME @@ -54,7 +54,7 @@ These special terminal devices are called .Em ptys and provide the mechanism necessary to give users the same interface to the system when logging in over a network (using -.Xr rlogin 1 , +.Xr rlogin 1 Pq Pa net/bsdrcmds , or .Xr telnet 1 for example). Even in these cases the details of how the terminal diff --git a/share/man/man5/hosts.equiv.5 b/share/man/man5/hosts.equiv.5 index 7311312539..4634509f0f 100644 --- a/share/man/man5/hosts.equiv.5 +++ b/share/man/man5/hosts.equiv.5 @@ -26,9 +26,8 @@ .\" SUCH DAMAGE. .\" .\" $FreeBSD: src/share/man/man5/hosts.equiv.5,v 1.10.2.6 2002/02/01 15:51:18 ru Exp $ -.\" $DragonFly: src/share/man/man5/hosts.equiv.5,v 1.3 2006/08/18 01:42:58 swildner Exp $ .\" -.Dd February 11, 1996 +.Dd December 31, 2017 .Dt HOSTS.EQUIV 5 .Os .Sh NAME @@ -124,9 +123,9 @@ and their users except users from netgroup .Dq dau . .Sh SEE ALSO -.Xr rcp 1 , -.Xr rlogin 1 , -.Xr rsh 1 , +.Xr rcp 1 Pq Pa net/bsdrcmds , +.Xr rlogin 1 Pq Pa net/bsdrcmds , +.Xr rsh 1 Pq Pa net/bsdrcmds , .Xr gethostbyname 3 , .Xr inet 3 , .Xr innetgr 3 , diff --git a/usr.bin/Makefile b/usr.bin/Makefile index 99b8d3ba02..51d21c5fc2 100644 --- a/usr.bin/Makefile +++ b/usr.bin/Makefile @@ -165,11 +165,9 @@ SUBDIR= alias \ renice \ rev \ rfcomm_sppd \ - rlogin \ rpcgen \ rpcinfo \ rs \ - rsh \ rup \ ruptime \ rusers \ diff --git a/usr.bin/crunch/README b/usr.bin/crunch/README index 27c2d0298a..985384b581 100644 --- a/usr.bin/crunch/README +++ b/usr.bin/crunch/README @@ -32,10 +32,10 @@ As an example, I have created an 980K crunched "fixit" binary containing the following programs in their entirety: cat chmod cp date dd df echo ed expr hostname kill ln ls mkdir - mt mv pwd rcp rm rmdir sh sleep stty sync test [ badsect chown + mt mv pwd rm rmdir sh sleep stty sync test [ badsect chown clri disklabel dump rdump dmesg fdisk fsck halt ifconfig init mknod mount newfs ping reboot restore rrestore swapon umount - ftp rsh sed telnet rlogin vi cpio gzip gunzip gzcat + ftp sed telnet vi cpio gzip gunzip gzcat Note carefully: vi, cpio, gzip, ed, sed, dump/restore, some networking utilities, and the disk management utilities, all in a binary small diff --git a/usr.bin/crunch/examples/fixit.conf b/usr.bin/crunch/examples/fixit.conf index 2111e7ac6e..4b804f3991 100644 --- a/usr.bin/crunch/examples/fixit.conf +++ b/usr.bin/crunch/examples/fixit.conf @@ -14,7 +14,7 @@ srcdirs /usr/src/sbin/i386 # /bin stuff progs cat chmod cp date dd df echo ed expr hostname kill ln ls mkdir -progs mt mv pwd rcp rm rmdir sh sleep stty sync test +progs mt mv pwd rm rmdir sh sleep stty sync test ln test [ ln sh -sh # init invokes the shell this way @@ -28,7 +28,7 @@ ln restore rrestore # /usr/bin stuff -progs ftp rsh sed telnet rlogin common find +progs ftp sed telnet common find ln common vi ln common view ln common ex diff --git a/usr.bin/crunch/examples/really-big.conf b/usr.bin/crunch/examples/really-big.conf index d6015642a4..40b51e6e1f 100644 --- a/usr.bin/crunch/examples/really-big.conf +++ b/usr.bin/crunch/examples/really-big.conf @@ -13,7 +13,7 @@ srcdirs /usr/src/bin progs cat chmod cp csh date dd df domainname echo ed expr hostname kill -progs ln ls mkdir mt mv ps pwd rcp rm rmail rmdir sh sleep stty sync test +progs ln ls mkdir mt mv ps pwd rm rmail rmdir sh sleep stty sync test ln test [ ln sh -sh @@ -46,7 +46,7 @@ progs ipcs join kdump ktrace last lastcomm leave lex lock logger locate progs login logname look m4 machine mail make man mesg mkfifo progs mkstr modstat more msgs netstat newsyslog nfsstat nice nm nohup progs pagesize passwd paste patch pr printenv printf quota ranlib -progs renice rev rlogin rpcgen rpcinfo rsh rup ruptime rusers rwall rwho +progs renice rev rpcgen rpcinfo rup ruptime rusers rwall rwho progs script sed showmount size soelim split strings strip su tail talk progs tcopy tee telnet tftp time tip tn3270 touch tput tr true tset tsort progs tty ul uname unexpand unifdef uniq units unvis users uudecode uuencode diff --git a/usr.bin/login/login.1 b/usr.bin/login/login.1 index e2637e1a58..492079c68d 100644 --- a/usr.bin/login/login.1 +++ b/usr.bin/login/login.1 @@ -28,7 +28,7 @@ .\" @(#)login.1 8.2 (Berkeley) 5/5/94 .\" $FreeBSD: src/usr.bin/login/login.1,v 1.33 2007/11/30 11:02:36 philip Exp $ .\" -.Dd September 13, 2006 +.Dd December 31, 2017 .Dt LOGIN 1 .Os .Sh NAME @@ -142,7 +142,7 @@ configuration file .Xr csh 1 , .Xr newgrp 1 , .Xr passwd 1 , -.Xr rlogin 1 , +.Xr rlogin 1 Pq Pa net/bsdrcmds , .Xr getpass 3 , .Xr fbtab 5 , .Xr login.access 5 , diff --git a/usr.bin/rlogin/Makefile b/usr.bin/rlogin/Makefile deleted file mode 100644 index 45d4e61e5f..0000000000 --- a/usr.bin/rlogin/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 7/19/93 -# $FreeBSD: src/usr.bin/rlogin/Makefile,v 1.21.2.2 2002/07/19 18:03:41 ru Exp $ -# $DragonFly: src/usr.bin/rlogin/Makefile,v 1.6 2007/08/27 16:50:58 pavalos Exp $ - -PROG= rlogin - -BINMODE=4555 -.if !defined(NOFSCHG) -INSTALLFLAGS=-fschg -.endif - -.include diff --git a/usr.bin/rlogin/rlogin.1 b/usr.bin/rlogin/rlogin.1 deleted file mode 100644 index 279a84ba31..0000000000 --- a/usr.bin/rlogin/rlogin.1 +++ /dev/null @@ -1,239 +0,0 @@ -.\" Copyright (c) 1983, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rlogin.1 8.1 (Berkeley) 6/6/93 -.\" $FreeBSD: src/usr.bin/rlogin/rlogin.1,v 1.11.2.7 2002/06/21 15:28:48 charnier Exp $ -.\" -.Dd June 6, 1993 -.Dt RLOGIN 1 -.Os -.Sh NAME -.Nm rlogin -.Nd remote login -.Sh SYNOPSIS -.Ar rlogin -.Op Fl 468DEKLdx -.Op Fl e Ar char -.Op Fl i Ar localname -.Op Fl k Ar realm -.Op Fl l Ar username -.Ar host -.Sh DESCRIPTION -The -.Nm -utility starts a terminal session on a remote host -.Ar host . -.Pp -The -.Nm -utility -first attempts to use the Kerberos authorization mechanism, described below. -If the remote host does not support Kerberos the standard Berkeley -.Pa rhosts -authorization mechanism is used. -The options are as follows: -.Bl -tag -width flag -.It Fl 4 -Use IPv4 addresses only. -.It Fl 6 -Use IPv6 addresses only. -.It Fl 8 -The -.Fl 8 -option allows an eight-bit input data path at all times; otherwise -parity bits are stripped except when the remote side's stop and start -characters are other than -^S/^Q. -.It Fl D -The -.Fl D -option sets the TCP_NODELAY socket option which can improve interactive response -at the expense of increased network load. -.It Fl E -The -.Fl E -option stops any character from being recognized as an escape character. -When used with the -.Fl 8 -option, this provides a completely transparent connection. -.It Fl K -The -.Fl K -option turns off all Kerberos authentication. -.It Fl L -The -.Fl L -option allows the rlogin session to be run in -.Dq litout -(see -.Xr tty 4 ) -mode. -.It Fl d -The -.Fl d -option turns on socket debugging (see -.Xr setsockopt 2 ) -on the TCP sockets used for communication with the remote host. -.It Fl e -The -.Fl e -option allows user specification of the escape character, which is -.Dq ~ -by default. -This specification may be as a literal character, or as an octal -value in the form \ennn. -.It Fl i -The -.Fl i -option allows the caller to specify a different local name to be used -for authentication. This option is restricted to processes with uid 0. -.It Fl k -The -.Fl k -option requests rlogin to obtain tickets for the remote host -in realm -.Ar realm -instead of the remote host's realm as determined by -.Xr krb_realmofhost 3 . -.It Fl l -The -.Fl l -option specifies a different -.Ar username -for the remote login. -If this option is not specified, your local username will be used. -.It Fl x -The -.Fl x -option turns on -.Tn DES -encryption for all data passed via the -rlogin session. -This may impact response time and -.Tn CPU -utilization, but provides -increased security. -.El -.Pp -A line of the form -.Dq Aq escape char . -disconnects from the remote host. -Similarly, the line -.Dq Ao escape char Ac Ns ^Z -will suspend the -.Nm -session, and -.Dq Ao escape\ char Ac Ns Ao delayed-suspend\ char Ac -suspends the -send portion of the rlogin, but allows output from the remote system. -By default, the tilde -.Pq Dq ~ -character is the escape character, and -normally control-Y -.Pq Dq ^Y -is the delayed-suspend character. -.Pp -All echoing takes place at the remote site, so that (except for delays) -the -.Nm -is transparent. -Flow control via ^S/^Q and flushing of input and output on interrupts -are handled properly. -.Sh KERBEROS AUTHENTICATION -Each user may have a private authorization list in the file -.Pa .klogin -in their home directory. -Each line in this file should contain a Kerberos principal name of the -form -.Ar principal.instance@realm . -If the originating user is authenticated to one of the principals named -in -.Pa .klogin , -access is granted to the account. -The principal -.Ar accountname.@localrealm -is granted access if -there is no -.Pa .klogin -file. -Otherwise a login and password will be prompted for on the remote machine -as in -.Xr login 1 . -To avoid certain security problems, the -.Pa .klogin -file must be owned by -the remote user. -.Pp -If Kerberos authentication fails, a warning message is printed and the -standard Berkeley -.Nm -is used instead. -.Sh ENVIRONMENT -The following environment variable is utilized by -.Nm : -.Bl -tag -width TERM -.It Ev TERM -Determines the user's terminal type. -.El -.Sh FILES -.Bl -tag -width /etc/hosts -compact -.It Pa /etc/hosts -.It Pa /etc/hosts.equiv -.It Pa /etc/auth.conf -.It Ev $HOME Ns Pa /.rhosts -.It Ev $HOME Ns Pa /.klogin -.El -.Sh SEE ALSO -.Xr login 1 , -.Xr rsh 1 , -.Xr telnet 1 , -.Xr setsockopt 2 , -.Xr kerberos 3 , -.Xr krb_realmofhost 3 , -.Xr krb_sendauth 3 , -.Xr ruserok 3 , -.Xr tty 4 , -.Xr auth.conf 5 , -.Xr hosts 5 , -.Xr hosts.equiv 5 , -.Xr rlogind 8 , -.Xr rshd 8 -.Sh HISTORY -The -.Nm -command appeared in -.Bx 4.2 . -.Pp -IPv6 support was added by WIDE/KAME project. -.Sh BUGS -The -.Nm -utility will be replaced by -.Xr telnet 1 -in the near future. -.Pp -More of the environment should be propagated. diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c deleted file mode 100644 index 21cfe117e6..0000000000 --- a/usr.bin/rlogin/rlogin.c +++ /dev/null @@ -1,880 +0,0 @@ -/* - * Copyright (c) 1983, 1990, 1993 - * The Regents of the University of California. All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#) Copyright (c) 1983, 1990, 1993 The Regents of the University of California. All rights reserved. - * @(#)rlogin.c 8.1 (Berkeley) 6/6/93 - * $FreeBSD: src/usr.bin/rlogin/rlogin.c,v 1.30 2002/04/28 11:16:43 markm Exp $ - */ - -/* - * rlogin - remote login - */ -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef KERBEROS -#include -#include - -#include "krb.h" - -CREDENTIALS cred; -Key_schedule schedule; -int use_kerberos = 1, doencrypt; -char dst_realm_buf[REALM_SZ], *dest_realm = NULL; -#endif - -#ifndef TIOCPKT_WINDOW -#define TIOCPKT_WINDOW 0x80 -#endif - -/* concession to Sun */ -#ifndef SIGUSR1 -#define SIGUSR1 30 -#endif - -int eight, litout, rem; -int family = PF_UNSPEC; - -int noescape; -u_char escapechar = '~'; - -const char *speeds[] = { - "0", "50", "75", "110", "134", "150", "200", "300", "600", "1200", - "1800", "2400", "4800", "9600", "19200", "38400", "57600", "115200" -#define MAX_SPEED_LENGTH (sizeof("115200") - 1) -}; - -#define get_window_size(fd, wp) ioctl(fd, TIOCGWINSZ, wp) -struct winsize winsize; - -void catch_child(int); -void copytochild(int); -void doit(long) __dead2; -void done(int) __dead2; -void echo(char); -u_int getescape(char *); -void lostpeer(int); -void mode(int); -void msg(const char *); -void oob(int); -int reader(int); -void sendwindow(void); -void setsignal(int); -void sigwinch(int); -void stop(char); -void usage(void) __dead2; -void writer(void); -void writeroob(int); - -int -main(int argc, char *argv[]) -{ - struct passwd *pw; - struct servent *sp; - struct sgttyb ttyb; - long omask; - int argoff, ch, dflag, Dflag, one, uid; - char *host, *localname, *p, *user, term[1024]; -#ifdef KERBEROS - char *k; -#endif - struct sockaddr_storage ss; - int sslen; - - argoff = dflag = Dflag = 0; - one = 1; - host = localname = user = NULL; - - if ((p = strrchr(argv[0], '/'))) - ++p; - else - p = argv[0]; - - if (strcmp(p, "rlogin")) - host = p; - - /* handle "rlogin host flags" */ - if (!host && argc > 2 && argv[1][0] != '-') { - host = argv[1]; - argoff = 1; - } - -#ifdef KERBEROS -#define OPTIONS "468DEKLde:i:k:l:x" -#else -#define OPTIONS "468DEKLde:i:l:" -#endif - while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1) - switch(ch) { - case '4': - family = PF_INET; - break; - - case '6': - family = PF_INET6; - break; - - case '8': - eight = 1; - break; - case 'D': - Dflag = 1; - break; - case 'E': - noescape = 1; - break; - case 'K': -#ifdef KERBEROS - use_kerberos = 0; -#endif - break; - case 'L': - litout = 1; - break; - case 'd': - dflag = 1; - break; - case 'e': - noescape = 0; - escapechar = getescape(optarg); - break; - case 'i': - if (getuid() != 0) - errx(1, "-i user: permission denied"); - localname = optarg; - break; -#ifdef KERBEROS - case 'k': - dest_realm = dst_realm_buf; - (void)strncpy(dest_realm, optarg, REALM_SZ); - break; -#endif - case 'l': - user = optarg; - break; -#ifdef CRYPT -#ifdef KERBEROS - case 'x': - doencrypt = 1; - break; -#endif -#endif - case '?': - default: - usage(); - } - optind += argoff; - - /* if haven't gotten a host yet, do so */ - if (!host && !(host = argv[optind++])) - usage(); - - if (argv[optind]) - usage(); - - if (!(pw = getpwuid(uid = getuid()))) - errx(1, "unknown user id"); - if (!user) - user = pw->pw_name; - if (!localname) - localname = pw->pw_name; - - sp = NULL; -#ifdef KERBEROS - k = auth_getval("auth_list"); - if (k && !strstr(k, "kerberos")) - use_kerberos = 0; - if (use_kerberos) { - sp = getservbyname((doencrypt ? "eklogin" : "klogin"), "tcp"); - if (sp == NULL) { - use_kerberos = 0; - warn("can't get entry for %s/tcp service", - doencrypt ? "eklogin" : "klogin"); - } - } -#endif - if (sp == NULL) - sp = getservbyname("login", "tcp"); - if (sp == NULL) - errx(1, "login/tcp: unknown service"); - -#define MAX_TERM_LENGTH (sizeof(term) - 1 - MAX_SPEED_LENGTH - 1) - - (void)strncpy(term, (p = getenv("TERM")) ? p : "network", - MAX_TERM_LENGTH); - term[MAX_TERM_LENGTH] = '\0'; - if (ioctl(0, TIOCGETP, &ttyb) == 0) { - (void)strcat(term, "/"); - (void)strcat(term, speeds[(int)ttyb.sg_ospeed]); - } - - (void)get_window_size(0, &winsize); - - (void)signal(SIGPIPE, lostpeer); - /* will use SIGUSR1 for window size hack, so hold it off */ - omask = sigblock(sigmask(SIGURG) | sigmask(SIGUSR1)); - /* - * We set SIGURG and SIGUSR1 below so that an - * incoming signal will be held pending rather than being - * discarded. Note that these routines will be ready to get - * a signal by the time that they are unblocked below. - */ - (void)signal(SIGURG, copytochild); - (void)signal(SIGUSR1, writeroob); - -#ifdef KERBEROS - if (use_kerberos) { - setuid(getuid()); - rem = KSUCCESS; - errno = 0; - if (dest_realm == NULL) - dest_realm = krb_realmofhost(host); - -#ifdef CRYPT - if (doencrypt) { - rem = krcmd_mutual(&host, sp->s_port, user, term, 0, - dest_realm, &cred, schedule); - des_set_key(&cred.session, schedule); - } else -#endif /* CRYPT */ - rem = krcmd(&host, sp->s_port, user, term, 0, - dest_realm); - if (rem < 0) { - int i; - char **newargv; - - sp = getservbyname("login", "tcp"); - if (sp == NULL) - errx(1, "unknown service login/tcp"); - if (errno == ECONNREFUSED) - warn("remote host doesn't support Kerberos"); - if (errno == ENOENT) - warn("can't provide Kerberos auth data"); - newargv = malloc((argc + 2) * sizeof(*newargv)); - if (newargv == NULL) - err(1, "malloc"); - newargv[0] = argv[0]; - newargv[1] = "-K"; - for(i = 1; i < argc; ++i) - newargv[i + 1] = argv[i]; - newargv[argc + 1] = NULL; - execv(_PATH_RLOGIN, newargv); - } - } else { -#ifdef CRYPT - if (doencrypt) - errx(1, "the -x flag requires Kerberos authentication"); -#endif /* CRYPT */ - rem = rcmd_af(&host, sp->s_port, localname, user, term, 0, - family); - } -#else - rem = rcmd_af(&host, sp->s_port, localname, user, term, 0, family); -#endif /* KERBEROS */ - - if (rem < 0) - exit(1); - - if (dflag && - setsockopt(rem, SOL_SOCKET, SO_DEBUG, &one, sizeof(one)) < 0) - warn("setsockopt"); - if (Dflag && - setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, &one, sizeof(one)) < 0) - warn("setsockopt NODELAY (ignored)"); - - sslen = sizeof(ss); - one = IPTOS_LOWDELAY; - if (getsockname(rem, (struct sockaddr *)&ss, &sslen) == 0 && - ss.ss_family == AF_INET) { - if (setsockopt(rem, IPPROTO_IP, IP_TOS, (char *)&one, - sizeof(int)) < 0) - warn("setsockopt TOS (ignored)"); - } else - if (ss.ss_family == AF_INET) - warn("setsockopt getsockname failed"); - - (void)setuid(uid); - doit(omask); - /*NOTREACHED*/ -} - -int child, defflags, deflflags, tabflag; -char deferase, defkill; -struct tchars deftc; -struct ltchars defltc; -struct tchars notc = { -1, -1, -1, -1, -1, -1 }; -struct ltchars noltc = { -1, -1, -1, -1, -1, -1 }; - -void -doit(long omask) -{ - struct sgttyb sb; - - (void)ioctl(0, TIOCGETP, (char *)&sb); - defflags = sb.sg_flags; - tabflag = defflags & TBDELAY; - defflags &= ECHO | CRMOD; - deferase = sb.sg_erase; - defkill = sb.sg_kill; - (void)ioctl(0, TIOCLGET, &deflflags); - (void)ioctl(0, TIOCGETC, &deftc); - notc.t_startc = deftc.t_startc; - notc.t_stopc = deftc.t_stopc; - (void)ioctl(0, TIOCGLTC, &defltc); - (void)signal(SIGINT, SIG_IGN); - setsignal(SIGHUP); - setsignal(SIGQUIT); - child = fork(); - if (child == -1) { - warn("fork"); - done(1); - } - if (child == 0) { - mode(1); - if (reader(omask) == 0) { - msg("connection closed."); - exit(0); - } - sleep(1); - msg("\007connection closed."); - exit(1); - } - - /* - * We may still own the socket, and may have a pending SIGURG (or might - * receive one soon) that we really want to send to the reader. When - * one of these comes in, the trap copytochild simply copies such - * signals to the child. We can now unblock SIGURG and SIGUSR1 - * that were set above. - */ - (void)sigsetmask(omask); - (void)signal(SIGCHLD, catch_child); - writer(); - msg("closed connection."); - done(0); -} - -/* trap a signal, unless it is being ignored. */ -void -setsignal(int sig) -{ - int omask = sigblock(sigmask(sig)); - - if (signal(sig, exit) == SIG_IGN) - (void)signal(sig, SIG_IGN); - (void)sigsetmask(omask); -} - -void -done(int status) -{ - int w, wstatus; - - mode(0); - if (child > 0) { - /* make sure catch_child does not snap it up */ - (void)signal(SIGCHLD, SIG_DFL); - if (kill(child, SIGKILL) >= 0) - while ((w = wait(&wstatus)) > 0 && w != child); - } - exit(status); -} - -int dosigwinch; - -/* - * This is called when the reader process gets the out-of-band (urgent) - * request to turn on the window-changing protocol. - */ -void -writeroob(int signo __unused) -{ - if (dosigwinch == 0) { - sendwindow(); - (void)signal(SIGWINCH, sigwinch); - } - dosigwinch = 1; -} - -void -catch_child(int signo __unused) -{ - pid_t pid; - int status; - - for (;;) { - pid = wait3(&status, WNOHANG|WUNTRACED, NULL); - if (pid == 0) - return; - /* if the child (reader) dies, just quit */ - if (pid < 0 || (pid == child && !WIFSTOPPED(status))) - done(WTERMSIG(status) | WEXITSTATUS(status)); - } - /* NOTREACHED */ -} - -/* - * writer: write to remote: 0 -> line. - * ~. terminate - * ~^Z suspend rlogin process. - * ~ suspend rlogin process, but leave reader alone. - */ -void -writer(void) -{ - int bol, local, n; - char c; - - bol = 1; /* beginning of line */ - local = 0; - for (;;) { - n = read(STDIN_FILENO, &c, 1); - if (n <= 0) { - if (n < 0 && errno == EINTR) - continue; - break; - } - /* - * If we're at the beginning of the line and recognize a - * command character, then we echo locally. Otherwise, - * characters are echo'd remotely. If the command character - * is doubled, this acts as a force and local echo is - * suppressed. - */ - if (bol) { - bol = 0; - if (!noescape && c == escapechar) { - local = 1; - continue; - } - } else if (local) { - local = 0; - if (c == '.' || c == deftc.t_eofc) { - echo(c); - break; - } - if (c == defltc.t_suspc || c == defltc.t_dsuspc) { - bol = 1; - echo(c); - stop(c); - continue; - } - if (c != escapechar) -#ifdef CRYPT -#ifdef KERBEROS - if (doencrypt) - (void)des_enc_write(rem, - (char *)&escapechar, 1, - schedule, &cred.session); - else -#endif -#endif - (void)write(rem, &escapechar, 1); - } - -#ifdef CRYPT -#ifdef KERBEROS - if (doencrypt) { - if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) { - msg("line gone"); - break; - } - } else -#endif -#endif - if (write(rem, &c, 1) == 0) { - msg("line gone"); - break; - } - bol = c == defkill || c == deftc.t_eofc || - c == deftc.t_intrc || c == defltc.t_suspc || - c == '\r' || c == '\n'; - } -} - -void -echo(char c) -{ - char *p; - char buf[8]; - - p = buf; - c &= 0177; - *p++ = escapechar; - if (c < ' ') { - *p++ = '^'; - *p++ = c + '@'; - } else if (c == 0177) { - *p++ = '^'; - *p++ = '?'; - } else - *p++ = c; - *p++ = '\r'; - *p++ = '\n'; - (void)write(STDOUT_FILENO, buf, p - buf); -} - -void -stop(char cmdc) -{ - mode(0); - (void)signal(SIGCHLD, SIG_IGN); - (void)kill(cmdc == defltc.t_suspc ? 0 : getpid(), SIGTSTP); - (void)signal(SIGCHLD, catch_child); - mode(1); - sigwinch(0); /* check for size changes */ -} - -void -sigwinch(int signo __unused) -{ - struct winsize ws; - - if (dosigwinch && get_window_size(0, &ws) == 0 && - bcmp(&ws, &winsize, sizeof(ws))) { - winsize = ws; - sendwindow(); - } -} - -/* - * Send the window size to the server via the magic escape - */ -void -sendwindow(void) -{ - struct winsize *wp; - char obuf[4 + sizeof (struct winsize)]; - - wp = (struct winsize *)(obuf+4); - obuf[0] = 0377; - obuf[1] = 0377; - obuf[2] = 's'; - obuf[3] = 's'; - wp->ws_row = htons(winsize.ws_row); - wp->ws_col = htons(winsize.ws_col); - wp->ws_xpixel = htons(winsize.ws_xpixel); - wp->ws_ypixel = htons(winsize.ws_ypixel); - -#ifdef CRYPT -#ifdef KERBEROS - if(doencrypt) - (void)des_enc_write(rem, obuf, sizeof(obuf), - schedule, &cred.session); - else -#endif -#endif - (void)write(rem, obuf, sizeof(obuf)); -} - -/* - * reader: read from remote: line -> 1 - */ -#define READING 1 -#define WRITING 2 - -jmp_buf rcvtop; -int ppid, rcvcnt, rcvstate; -char rcvbuf[8 * 1024]; - -void -oob(int signo __unused) -{ - struct sgttyb sb; - int atmark, n, out, rcvd; - char waste[BUFSIZ], mark; - - out = O_RDWR; - rcvd = 0; - while (recv(rem, &mark, 1, MSG_OOB) < 0) { - switch (errno) { - case EWOULDBLOCK: - /* - * Urgent data not here yet. It may not be possible - * to send it yet if we are blocked for output and - * our input buffer is full. - */ - if (rcvcnt < (int)sizeof(rcvbuf)) { - n = read(rem, rcvbuf + rcvcnt, - sizeof(rcvbuf) - rcvcnt); - if (n <= 0) - return; - rcvd += n; - } else { - n = read(rem, waste, sizeof(waste)); - if (n <= 0) - return; - } - continue; - default: - return; - } - } - if (mark & TIOCPKT_WINDOW) { - /* Let server know about window size changes */ - (void)kill(ppid, SIGUSR1); - } - if (!eight && (mark & TIOCPKT_NOSTOP)) { - (void)ioctl(0, TIOCGETP, (char *)&sb); - sb.sg_flags &= ~CBREAK; - sb.sg_flags |= RAW; - (void)ioctl(0, TIOCSETN, (char *)&sb); - notc.t_stopc = -1; - notc.t_startc = -1; - (void)ioctl(0, TIOCSETC, (char *)¬c); - } - if (!eight && (mark & TIOCPKT_DOSTOP)) { - (void)ioctl(0, TIOCGETP, (char *)&sb); - sb.sg_flags &= ~RAW; - sb.sg_flags |= CBREAK; - (void)ioctl(0, TIOCSETN, (char *)&sb); - notc.t_stopc = deftc.t_stopc; - notc.t_startc = deftc.t_startc; - (void)ioctl(0, TIOCSETC, (char *)¬c); - } - if (mark & TIOCPKT_FLUSHWRITE) { - (void)ioctl(1, TIOCFLUSH, (char *)&out); - for (;;) { - if (ioctl(rem, SIOCATMARK, &atmark) < 0) { - warn("ioctl"); - break; - } - if (atmark) - break; - n = read(rem, waste, sizeof (waste)); - if (n <= 0) - break; - } - /* - * Don't want any pending data to be output, so clear the recv - * buffer. If we were hanging on a write when interrupted, - * don't want it to restart. If we were reading, restart - * anyway. - */ - rcvcnt = 0; - longjmp(rcvtop, 1); - } - - /* oob does not do FLUSHREAD (alas!) */ - - /* - * If we filled the receive buffer while a read was pending, longjmp - * to the top to restart appropriately. Don't abort a pending write, - * however, or we won't know how much was written. - */ - if (rcvd && rcvstate == READING) - longjmp(rcvtop, 1); -} - -/* reader: read from remote: line -> 1 */ -int -reader(int omask) -{ - int pid, n, remaining; - char *bufp; - -#if BSD >= 43 || defined(SUNOS4) - pid = getpid(); /* modern systems use positives for pid */ -#else - pid = -getpid(); /* old broken systems use negatives */ -#endif - (void)signal(SIGTTOU, SIG_IGN); - (void)signal(SIGURG, oob); - (void)signal(SIGUSR1, oob); /* When propogating SIGURG from parent */ - ppid = getppid(); - (void)fcntl(rem, F_SETOWN, pid); - (void)setjmp(rcvtop); - (void)sigsetmask(omask); - bufp = rcvbuf; - for (;;) { - while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) { - rcvstate = WRITING; - n = write(STDOUT_FILENO, bufp, remaining); - if (n < 0) { - if (errno != EINTR) - return (-1); - continue; - } - bufp += n; - } - bufp = rcvbuf; - rcvcnt = 0; - rcvstate = READING; - -#ifdef CRYPT -#ifdef KERBEROS - if (doencrypt) - rcvcnt = des_enc_read(rem, rcvbuf, sizeof(rcvbuf), - schedule, &cred.session); - else -#endif -#endif - rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf)); - if (rcvcnt == 0) - return (0); - if (rcvcnt < 0) { - if (errno == EINTR) - continue; - warn("read"); - return (-1); - } - } -} - -void -mode(int f) -{ - struct ltchars *ltc; - struct sgttyb sb; - struct tchars *tc; - int lflags; - - (void)ioctl(0, TIOCGETP, (char *)&sb); - (void)ioctl(0, TIOCLGET, (char *)&lflags); - switch(f) { - case 0: - sb.sg_flags &= ~(CBREAK|RAW|TBDELAY); - sb.sg_flags |= defflags|tabflag; - tc = &deftc; - ltc = &defltc; - sb.sg_kill = defkill; - sb.sg_erase = deferase; - lflags = deflflags; - break; - case 1: - sb.sg_flags |= (eight ? RAW : CBREAK); - sb.sg_flags &= ~defflags; - /* preserve tab delays, but turn off XTABS */ - if ((sb.sg_flags & TBDELAY) == XTABS) - sb.sg_flags &= ~TBDELAY; - tc = ¬c; - ltc = &noltc; - sb.sg_kill = sb.sg_erase = -1; - if (litout) - lflags |= LLITOUT; - break; - default: - return; - } - (void)ioctl(0, TIOCSLTC, (char *)ltc); - (void)ioctl(0, TIOCSETC, (char *)tc); - (void)ioctl(0, TIOCSETN, (char *)&sb); - (void)ioctl(0, TIOCLSET, (char *)&lflags); -} - -void -lostpeer(int signo __unused) -{ - (void)signal(SIGPIPE, SIG_IGN); - msg("\007connection closed."); - done(1); -} - -/* copy SIGURGs to the child process via SIGUSR1. */ -void -copytochild(int signo __unused) -{ - (void)kill(child, SIGUSR1); -} - -void -msg(const char *str) -{ - (void)fprintf(stderr, "rlogin: %s\r\n", str); -} - -void -usage(void) -{ - (void)fprintf(stderr, - "usage: rlogin [-46%s]%s[-e char] [-i localname] [-l username] host\n", -#ifdef KERBEROS -#ifdef CRYPT - "8DEKLdx", " [-k realm] "); -#else - "8DEKLd", " [-k realm] "); -#endif -#else - "8DEKLd", " "); -#endif - exit(1); -} - -u_int -getescape(char *p) -{ - long val; - int len; - - if ((len = strlen(p)) == 1) /* use any single char, including '\' */ - return ((u_int)*p); - /* otherwise, \nnn */ - if (*p == '\\' && len >= 2 && len <= 4) { - val = strtol(++p, NULL, 8); - for (;;) { - if (!*++p) - return ((u_int)val); - if (*p < '0' || *p > '8') - break; - } - } - msg("illegal option value -- e"); - usage(); - /* NOTREACHED */ -} diff --git a/usr.bin/rsh/Makefile b/usr.bin/rsh/Makefile deleted file mode 100644 index 592315cf9d..0000000000 --- a/usr.bin/rsh/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 7/19/93 -# $FreeBSD: src/usr.bin/rsh/Makefile,v 1.24 2005/01/27 14:52:45 delphij Exp $ -# $DragonFly: src/usr.bin/rsh/Makefile,v 1.6 2007/08/27 16:50:58 pavalos Exp $ - -PROG= rsh -CFLAGS+=-I${.CURDIR}/../../libexec/rlogind - -BINOWN= root -BINMODE=4555 -.if !defined(NOFSCHG) -INSTALLFLAGS=-fschg -.endif - -.include diff --git a/usr.bin/rsh/rsh.1 b/usr.bin/rsh/rsh.1 deleted file mode 100644 index 86f924953d..0000000000 --- a/usr.bin/rsh/rsh.1 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Copyright (c) 1983, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rsh.1 8.1 (Berkeley) 6/6/93 -.\" $FreeBSD: src/usr.bin/rsh/rsh.1,v 1.21 2005/07/14 20:29:07 brueffer Exp $ -.\" $DragonFly: src/usr.bin/rsh/rsh.1,v 1.2 2003/06/17 04:29:31 dillon Exp $ -.\" -.Dd October 16, 2002 -.Dt RSH 1 -.Os -.Sh NAME -.Nm rsh -.Nd remote shell -.Sh SYNOPSIS -.Nm -.Op Fl 46dn -.Op Fl l Ar username -.Op Fl t Ar timeout -.Ar host -.Op command -.Sh DESCRIPTION -The -.Nm -utility executes -.Ar command -on -.Ar host . -.Pp -The -.Nm -utility copies its standard input to the remote command, the standard -output of the remote command to its standard output, and the -standard error of the remote command to its standard error. -Interrupt, quit and terminate signals are propagated to the remote -command; -.Nm -normally terminates when the remote command does. -The options are as follows: -.Bl -tag -width flag -.It Fl 4 -Use IPv4 addresses only. -.It Fl 6 -Use IPv6 addresses only. -.It Fl d -Turn on socket debugging (using -.Xr setsockopt 2 ) -on the -.Tn TCP -sockets used for communication with the remote host. -.It Fl l Ar username -Allow the remote -.Ar username -to be specified. -By default, the remote username is the same as the local username. -Authorization is determined -as in -.Xr rlogin 1 . -.It Fl n -Redirect input from the special device -.Pa /dev/null -(see the -.Sx BUGS -section of this manual page). -.It Fl t Ar timeout -Allow a -.Ar timeout -to be specified (in seconds). -If no -data is sent or received in this time, -.Nm -will exit. -.El -.Pp -If no -.Ar command -is specified, you will be logged in on the remote host using -.Xr rlogin 1 . -.Pp -Shell metacharacters which are not quoted are interpreted on local machine, -while quoted metacharacters are interpreted on the remote machine. -For example, the command -.Pp -.Dl rsh otherhost cat remotefile >> localfile -.Pp -appends the remote file -.Ar remotefile -to the local file -.Ar localfile , -while -.Pp -.Dl rsh otherhost cat remotefile \&">>\&" other_remotefile -.Pp -appends -.Ar remotefile -to -.Ar other_remotefile . -.\" .Pp -.\" Many sites specify a large number of host names as commands in the -.\" directory /usr/hosts. -.\" If this directory is included in your search path, you can use the -.\" shorthand ``host command'' for the longer form ``rsh host command''. -.Sh FILES -.Bl -tag -width /etc/hosts -compact -.It Pa /etc/hosts -.It Pa /etc/auth.conf -.El -.Sh SEE ALSO -.Xr rlogin 1 , -.Xr setsockopt 2 , -.Xr rcmd 3 , -.Xr ruserok 3 , -.Xr auth.conf 5 , -.Xr hosts 5 , -.Xr hosts.equiv 5 , -.Xr rlogind 8 , -.Xr rshd 8 -.Sh HISTORY -The -.Nm -command appeared in -.Bx 4.2 . -.Sh BUGS -If you are using -.Xr csh 1 -and put a -.Nm -in the background without redirecting its input away from the terminal, -it will block even if no reads are posted by the remote command. -If no input is desired you should redirect the input of -.Nm -to -.Pa /dev/null -using the -.Fl n -option. -.Pp -You cannot run an interactive command -(like -.Xr ee 1 -or -.Xr vi 1 ) -using -.Nm ; -use -.Xr rlogin 1 -instead. -.Pp -Stop signals stop the local -.Nm -process only; this is arguably wrong, but currently hard to fix for reasons -too complicated to explain here. diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c deleted file mode 100644 index 9287924fdb..0000000000 --- a/usr.bin/rsh/rsh.c +++ /dev/null @@ -1,361 +0,0 @@ -/*- - * Copyright (c) 1983, 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)rsh.c 8.3 (Berkeley) 4/6/94 - * $FreeBSD: src/usr.bin/rsh/rsh.c,v 1.35 2005/05/21 09:55:07 ru Exp $ - * $DragonFly: src/usr.bin/rsh/rsh.c,v 1.7 2007/05/18 17:05:12 dillon Exp $ - */ - -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * rsh - remote shell - */ -int rfd2; - -int family = PF_UNSPEC; -char rlogin[] = "rlogin"; - -void connect_timeout(int); -char *copyargs(char * const *); -void sendsig(int); -void talk(int, long, pid_t, int, int); -void usage(void); - -int -main(int argc, char **argv) -{ - struct passwd const *pw; - struct servent const *sp; - long omask; - int argoff, asrsh, ch, dflag, nflag, one, rem; - pid_t pid = 0; - uid_t uid; - char *args, *host, *p, *user; - int timeout = 0; - - argoff = asrsh = dflag = nflag = 0; - one = 1; - host = user = NULL; - - /* if called as something other than "rsh", use it as the host name */ - if ((p = strrchr(argv[0], '/'))) - ++p; - else - p = argv[0]; - if (strcmp(p, "rsh")) - host = p; - else - asrsh = 1; - - /* handle "rsh host flags" */ - if (!host && argc > 2 && argv[1][0] != '-') { - host = argv[1]; - argoff = 1; - } - -#define OPTIONS "468Lde:l:nt:w" - while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1) - switch(ch) { - case '4': - family = PF_INET; - break; - - case '6': - family = PF_INET6; - break; - - case 'L': /* -8Lew are ignored to allow rlogin aliases */ - case 'e': - case 'w': - case '8': - break; - case 'd': - dflag = 1; - break; - case 'l': - user = optarg; - break; - case 'n': - nflag = 1; - break; - case 't': - timeout = atoi(optarg); - break; - case '?': - default: - usage(); - } - optind += argoff; - - /* if haven't gotten a host yet, do so */ - if (!host && !(host = argv[optind++])) - usage(); - - /* if no further arguments, must have been called as rlogin. */ - if (!argv[optind]) { - if (asrsh) - *argv = rlogin; - execv(_PATH_RLOGIN, argv); - err(1, "can't exec %s", _PATH_RLOGIN); - } - - argc -= optind; - argv += optind; - - if (!(pw = getpwuid(uid = getuid()))) - errx(1, "unknown user id"); - if (!user) - user = pw->pw_name; - - args = copyargs(argv); - - sp = NULL; - if (sp == NULL) - sp = getservbyname("shell", "tcp"); - if (sp == NULL) - errx(1, "shell/tcp: unknown service"); - - if (timeout) { - signal(SIGALRM, connect_timeout); - alarm(timeout); - } - rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args, &rfd2, - family); - if (timeout) { - signal(SIGALRM, SIG_DFL); - alarm(0); - } - - if (rem < 0) - exit(1); - - if (rfd2 < 0) - errx(1, "can't establish stderr"); - if (dflag) { - if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, &one, - sizeof(one)) < 0) - warn("setsockopt"); - if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, &one, - sizeof(one)) < 0) - warn("setsockopt"); - } - - setuid(uid); - omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGTERM)); - if (signal(SIGINT, SIG_IGN) != SIG_IGN) - signal(SIGINT, sendsig); - if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) - signal(SIGQUIT, sendsig); - if (signal(SIGTERM, SIG_IGN) != SIG_IGN) - signal(SIGTERM, sendsig); - - if (!nflag) { - pid = fork(); - if (pid < 0) - err(1, "fork"); - } - else - shutdown(rem, SHUT_WR); - - ioctl(rfd2, FIONBIO, &one); - ioctl(rem, FIONBIO, &one); - - talk(nflag, omask, pid, rem, timeout); - - if (!nflag) - kill(pid, SIGKILL); - exit(0); -} - -void -talk(int nflag, long omask, pid_t pid, int rem, int timeout) -{ - int cc, wc; - fd_set readfrom, ready, rembits; - char buf[BUFSIZ]; - const char *bp; - struct timeval tvtimeout; - int nfds, srval; - - if (!nflag && pid == 0) { - close(rfd2); - -reread: errno = 0; - if ((cc = read(STDIN_FILENO, buf, sizeof(buf))) <= 0) - goto done; - bp = buf; - -rewrite: - if (rem >= FD_SETSIZE) - errx(1, "descriptor too big"); - FD_ZERO(&rembits); - FD_SET(rem, &rembits); - nfds = rem + 1; - if (select(nfds, 0, &rembits, 0, 0) < 0) { - if (errno != EINTR) - err(1, "select"); - goto rewrite; - } - if (!FD_ISSET(rem, &rembits)) - goto rewrite; - wc = write(rem, bp, cc); - if (wc < 0) { - if (errno == EWOULDBLOCK) - goto rewrite; - goto done; - } - bp += wc; - cc -= wc; - if (cc == 0) - goto reread; - goto rewrite; -done: - shutdown(rem, SHUT_WR); - exit(0); - } - - tvtimeout.tv_sec = timeout; - tvtimeout.tv_usec = 0; - - sigsetmask(omask); - if (rfd2 >= FD_SETSIZE || rem >= FD_SETSIZE) - errx(1, "descriptor too big"); - FD_ZERO(&readfrom); - FD_SET(rfd2, &readfrom); - FD_SET(rem, &readfrom); - nfds = MAX(rfd2+1, rem+1); - do { - ready = readfrom; - if (timeout) { - srval = select(nfds, &ready, 0, 0, &tvtimeout); - } else { - srval = select(nfds, &ready, 0, 0, 0); - } - - if (srval < 0) { - if (errno != EINTR) - err(1, "select"); - continue; - } - if (srval == 0) - errx(1, "timeout reached (%d seconds)", timeout); - if (FD_ISSET(rfd2, &ready)) { - errno = 0; - cc = read(rfd2, buf, sizeof(buf)); - if (cc <= 0) { - if (errno != EWOULDBLOCK) - FD_CLR(rfd2, &readfrom); - } else - write(STDERR_FILENO, buf, cc); - } - if (FD_ISSET(rem, &ready)) { - errno = 0; - cc = read(rem, buf, sizeof(buf)); - if (cc <= 0) { - if (errno != EWOULDBLOCK) - FD_CLR(rem, &readfrom); - } else - write(STDOUT_FILENO, buf, cc); - } - } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom)); -} - -void -connect_timeout(int sig __unused) -{ - char message[] = "timeout reached before connection completed.\n"; - - write(STDERR_FILENO, message, sizeof(message) - 1); - _exit(1); -} - -void -sendsig(int sig) -{ - char signo; - - signo = sig; - write(rfd2, &signo, 1); -} - -char * -copyargs(char * const *argv) -{ - int cc; - char *args, *p; - char * const *ap; - - cc = 0; - for (ap = argv; *ap; ++ap) - cc += strlen(*ap) + 1; - if (!(args = malloc((u_int)cc))) - err(1, NULL); - for (p = args, ap = argv; *ap; ++ap) { - strcpy(p, *ap); - for (p = strcpy(p, *ap); *p; ++p); - if (ap[1]) - *p++ = ' '; - } - return (args); -} - -void -usage(void) -{ - - fprintf(stderr, - "usage: rsh [-46dn] [-l username] [-t timeout] host [command]\n"); - exit(1); -} diff --git a/usr.bin/telnet/telnet.1 b/usr.bin/telnet/telnet.1 index 86ca9860a0..d84a6a685a 100644 --- a/usr.bin/telnet/telnet.1 +++ b/usr.bin/telnet/telnet.1 @@ -28,7 +28,7 @@ .\" @(#)telnet.1 8.6 (Berkeley) 6/1/94 .\" $FreeBSD: src/crypto/telnet/telnet/telnet.1,v 1.4.2.9 2002/04/13 10:59:08 markm Exp $ .\" -.Dd August 26, 2009 +.Dd December 31, 2017 .Dt TELNET 1 .Os .Sh NAME @@ -186,7 +186,7 @@ See the command below. .It Fl r Specifies a user interface similar to -.Xr rlogin 1 . +.Xr rlogin 1 Pq Pa net/bsdrcmds . In this mode, the escape character is set to the tilde (~) character, unless modified by the @@ -1406,8 +1406,8 @@ option. user customized telnet startup values .El .Sh SEE ALSO -.Xr rlogin 1 , -.Xr rsh 1 , +.Xr rlogin 1 Pq Pa net/bsdrcmds , +.Xr rsh 1 Pq Pa net/bsdrcmds , .Xr hosts 5 , .Xr nologin 5 , .Xr telnetd 8 diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 0de296f25f..51723753ab 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -28,7 +28,7 @@ .\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 .\" $FreeBSD: src/usr.sbin/inetd/inetd.8,v 1.46.2.13 2003/03/12 22:08:14 trhodes Exp $ .\" -.Dd February 7, 1996 +.Dd December 31, 2017 .Dt INETD 8 .Os .Sh NAME @@ -780,7 +780,7 @@ Here are several example service entries for the various types of services: ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd -shell stream tcp46 nowait root /usr/libexec/rshd rshd +shell stream tcp46 nowait root /usr/local/sbin/rshd rshd tcpmux/+date stream tcp nowait guest /bin/date date tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd @@ -882,9 +882,9 @@ socket but was unable to. .Xr comsat 8 , .Xr fingerd 8 , .Xr ftpd 8 , -.Xr rlogind 8 , +.Xr rlogind 8 Pq Pa net/bsdrcmds , .Xr rpcbind 8 , -.Xr rshd 8 , +.Xr rshd 8 Pq Pa net/bsdrcmds , .Xr telnetd 8 , .Xr tftpd 8 .Rs