OpenCores
URL https://opencores.org/ocsvn/openrisc_me/openrisc_me/trunk

Subversion Repositories openrisc_me

[/] [openrisc/] [trunk/] [rtos/] [rtems/] [c/] [src/] [libnetworking/] [libc/] [rcmd.c] - Blame information for rev 373

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 30 unneback
/*
2
 * Copyright (c) 1983, 1993, 1994
3
 *      The Regents of the University of California.  All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 * 1. Redistributions of source code must retain the above copyright
9
 *    notice, this list of conditions and the following disclaimer.
10
 * 2. Redistributions in binary form must reproduce the above copyright
11
 *    notice, this list of conditions and the following disclaimer in the
12
 *    documentation and/or other materials provided with the distribution.
13
 * 3. All advertising materials mentioning features or use of this software
14
 *    must display the following acknowledgement:
15
 *      This product includes software developed by the University of
16
 *      California, Berkeley and its contributors.
17
 * 4. Neither the name of the University nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 *
33
 *  $Id: rcmd.c,v 1.2 2001-09-27 12:01:53 chris Exp $
34
 */
35
 
36
#if defined(LIBC_SCCS) && !defined(lint)
37
static char sccsid[] = "@(#)rcmd.c      8.3 (Berkeley) 3/26/94";
38
#endif /* LIBC_SCCS and not lint */
39
 
40
#include <sys/param.h>
41
#include <sys/socket.h>
42
#include <sys/stat.h>
43
 
44
#include <netinet/in.h>
45
#include <arpa/inet.h>
46
 
47
#include <signal.h>
48
#include <fcntl.h>
49
#include <netdb.h>
50
#include <unistd.h>
51
#include <pwd.h>
52
#include <errno.h>
53
#include <stdio.h>
54
#include <ctype.h>
55
#include <string.h>
56
#ifdef YP
57
#include <rpc/rpc.h>
58
#include <rpcsvc/yp_prot.h>
59
#include <rpcsvc/ypclnt.h>
60
#endif
61
 
62
extern int innetgr __P(( const char *, const char *, const char *, const char * ));
63
 
64
#define max(a, b)       ((a > b) ? a : b)
65
 
66
int     __ivaliduser __P((FILE *, u_long, const char *, const char *));
67
static int __icheckhost __P((u_long, char *));
68
 
69
int
70
rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
71
        char **ahost;
72
        u_short rport;
73
        const char *locuser, *remuser, *cmd;
74
        int *fd2p;
75
{
76
        struct hostent *hp;
77
        struct sockaddr_in sin, from;
78
        fd_set reads;
79
        long oldmask;
80
        pid_t pid;
81
        int s, lport, timo;
82
        char c;
83
 
84
        pid = getpid();
85
        hp = gethostbyname(*ahost);
86
        if (hp == NULL) {
87
                herror(*ahost);
88
                return (-1);
89
        }
90
        *ahost = hp->h_name;
91
        oldmask = sigblock(sigmask(SIGURG));
92
        for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
93
                s = rresvport(&lport);
94
                if (s < 0) {
95
                        if (errno == EAGAIN)
96
                                (void)fprintf(stderr,
97
                                    "rcmd: socket: All ports in use\n");
98
                        else
99
                                (void)fprintf(stderr, "rcmd: socket: %s\n",
100
                                    strerror(errno));
101
                        sigsetmask(oldmask);
102
                        return (-1);
103
                }
104
                fcntl(s, F_SETOWN, pid);
105
                bzero(&sin, sizeof sin);
106
                sin.sin_len = sizeof(struct sockaddr_in);
107
                sin.sin_family = hp->h_addrtype;
108
                sin.sin_port = rport;
109
                bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr));
110
                if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
111
                        break;
112
                (void)close(s);
113
                if (errno == EADDRINUSE) {
114
                        lport--;
115
                        continue;
116
                }
117
                if (errno == ECONNREFUSED && timo <= 16) {
118
                        (void)sleep(timo);
119
                        timo *= 2;
120
                        continue;
121
                }
122
                if (hp->h_addr_list[1] != NULL) {
123
                        int oerrno = errno;
124
 
125
                        (void)fprintf(stderr, "connect to address %s: ",
126
                            inet_ntoa(sin.sin_addr));
127
                        errno = oerrno;
128
                        perror(0);
129
                        hp->h_addr_list++;
130
                        bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr));
131
                        (void)fprintf(stderr, "Trying %s...\n",
132
                            inet_ntoa(sin.sin_addr));
133
                        continue;
134
                }
135
                (void)fprintf(stderr, "%s: %s\n", hp->h_name, strerror(errno));
136
                sigsetmask(oldmask);
137
                return (-1);
138
        }
139
        lport--;
140
        if (fd2p == 0) {
141
                write(s, "", 1);
142
                lport = 0;
143
        } else {
144
                char num[8];
145
                int s2 = rresvport(&lport), s3;
146
                int len = sizeof(from);
147
                int nfds;
148
 
149
                if (s2 < 0)
150
                        goto bad;
151
                listen(s2, 1);
152
                (void)snprintf(num, sizeof(num), "%d", lport);
153
                if (write(s, num, strlen(num)+1) != strlen(num)+1) {
154
                        (void)fprintf(stderr,
155
                            "rcmd: write (setting up stderr): %s\n",
156
                            strerror(errno));
157
                        (void)close(s2);
158
                        goto bad;
159
                }
160
                nfds = max(s, s2)+1;
161
                if(nfds > FD_SETSIZE) {
162
                        fprintf(stderr, "rcmd: too many files\n");
163
                        (void)close(s2);
164
                        goto bad;
165
                }
166
again:
167
                FD_ZERO(&reads);
168
                FD_SET(s, &reads);
169
                FD_SET(s2, &reads);
170
                errno = 0;
171
                if (select(nfds, &reads, 0, 0, 0) < 1 || !FD_ISSET(s2, &reads)){
172
                        if (errno != 0)
173
                                (void)fprintf(stderr,
174
                                    "rcmd: select (setting up stderr): %s\n",
175
                                    strerror(errno));
176
                        else
177
                                (void)fprintf(stderr,
178
                                "select: protocol failure in circuit setup\n");
179
                        (void)close(s2);
180
                        goto bad;
181
                }
182
                s3 = accept(s2, (struct sockaddr *)&from, &len);
183
                /*
184
                 * XXX careful for ftp bounce attacks. If discovered, shut them
185
                 * down and check for the real auxiliary channel to connect.
186
                 */
187
                if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
188
                        close(s3);
189
                        goto again;
190
                }
191
                (void)close(s2);
192
                if (s3 < 0) {
193
                        (void)fprintf(stderr,
194
                            "rcmd: accept: %s\n", strerror(errno));
195
                        lport = 0;
196
                        goto bad;
197
                }
198
                *fd2p = s3;
199
                from.sin_port = ntohs((u_short)from.sin_port);
200
                if (from.sin_family != AF_INET ||
201
                    from.sin_port >= IPPORT_RESERVED ||
202
                    from.sin_port < IPPORT_RESERVED / 2) {
203
                        (void)fprintf(stderr,
204
                            "socket: protocol failure in circuit setup.\n");
205
                        goto bad2;
206
                }
207
        }
208
        (void)write(s, locuser, strlen(locuser)+1);
209
        (void)write(s, remuser, strlen(remuser)+1);
210
        (void)write(s, cmd, strlen(cmd)+1);
211
        if (read(s, &c, 1) != 1) {
212
                (void)fprintf(stderr,
213
                    "rcmd: %s: %s\n", *ahost, strerror(errno));
214
                goto bad2;
215
        }
216
        if (c != 0) {
217
                while (read(s, &c, 1) == 1) {
218
                        (void)write(STDERR_FILENO, &c, 1);
219
                        if (c == '\n')
220
                                break;
221
                }
222
                goto bad2;
223
        }
224
        sigsetmask(oldmask);
225
        return (s);
226
bad2:
227
        if (lport)
228
                (void)close(*fd2p);
229
bad:
230
        (void)close(s);
231
        sigsetmask(oldmask);
232
        return (-1);
233
}
234
 
235
int
236
rresvport(alport)
237
        int *alport;
238
{
239
        struct sockaddr_in sin;
240
        int s;
241
 
242
        bzero(&sin, sizeof sin);
243
        sin.sin_len = sizeof(struct sockaddr_in);
244
        sin.sin_family = AF_INET;
245
        sin.sin_addr.s_addr = INADDR_ANY;
246
        s = socket(AF_INET, SOCK_STREAM, 0);
247
        if (s < 0)
248
                return (-1);
249
#if 0 /* compat_exact_traditional_rresvport_semantics */
250
        sin.sin_port = htons((u_short)*alport);
251
        if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
252
                return (s);
253
        if (errno != EADDRINUSE) {
254
                (void)close(s);
255
                return (-1);
256
        }
257
#endif
258
        sin.sin_port = 0;
259
        if (bindresvport(s, &sin) == -1) {
260
                (void)close(s);
261
                return (-1);
262
        }
263
        *alport = (int)ntohs(sin.sin_port);
264
        return (s);
265
}
266
 
267
int     __check_rhosts_file = 1;
268
char    *__rcmd_errstr;
269
 
270
int
271
ruserok(rhost, superuser, ruser, luser)
272
        const char *rhost, *ruser, *luser;
273
        int superuser;
274
{
275
        struct hostent *hp;
276
        u_long addr;
277
        char **ap;
278
 
279
        if ((hp = gethostbyname(rhost)) == NULL)
280
                return (-1);
281
        for (ap = hp->h_addr_list; *ap; ++ap) {
282
                bcopy(*ap, &addr, sizeof(addr));
283
                if (iruserok(addr, superuser, ruser, luser) == 0)
284
                        return (0);
285
        }
286
        return (-1);
287
}
288
 
289
/*
290
 * New .rhosts strategy: We are passed an ip address. We spin through
291
 * hosts.equiv and .rhosts looking for a match. When the .rhosts only
292
 * has ip addresses, we don't have to trust a nameserver.  When it
293
 * contains hostnames, we spin through the list of addresses the nameserver
294
 * gives us and look for a match.
295
 *
296
 * Returns 0 if ok, -1 if not ok.
297
 */
298
int
299
iruserok(raddr, superuser, ruser, luser)
300
        u_long raddr;
301
        int superuser;
302
        const char *ruser, *luser;
303
{
304
        register char *cp;
305
        struct stat sbuf;
306
        struct passwd *pwd;
307
        FILE *hostf;
308
        uid_t uid;
309
        int first;
310
        char pbuf[MAXPATHLEN];
311
 
312
        first = 1;
313
        hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
314
again:
315
        if (hostf) {
316
                if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
317
                        (void)fclose(hostf);
318
                        return (0);
319
                }
320
                (void)fclose(hostf);
321
        }
322
        if (first == 1 && (__check_rhosts_file || superuser)) {
323
                first = 0;
324
                if ((pwd = getpwnam(luser)) == NULL)
325
                        return (-1);
326
                (void)strcpy(pbuf, pwd->pw_dir);
327
                (void)strcat(pbuf, "/.rhosts");
328
 
329
                /*
330
                 * Change effective uid while opening .rhosts.  If root and
331
                 * reading an NFS mounted file system, can't read files that
332
                 * are protected read/write owner only.
333
                 */
334
                uid = geteuid();
335
                (void)seteuid(pwd->pw_uid);
336
                hostf = fopen(pbuf, "r");
337
                (void)seteuid(uid);
338
 
339
                if (hostf == NULL)
340
                        return (-1);
341
                /*
342
                 * If not a regular file, or is owned by someone other than
343
                 * user or root or if writeable by anyone but the owner, quit.
344
                 */
345
                cp = NULL;
346
                if (lstat(pbuf, &sbuf) < 0)
347
                        cp = ".rhosts lstat failed";
348
                else if (!S_ISREG(sbuf.st_mode))
349
                        cp = ".rhosts not regular file";
350
                else if (fstat(fileno(hostf), &sbuf) < 0)
351
                        cp = ".rhosts fstat failed";
352
                else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
353
                        cp = "bad .rhosts owner";
354
                else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
355
                        cp = ".rhosts writeable by other than owner";
356
                /* If there were any problems, quit. */
357
                if (cp) {
358
                        __rcmd_errstr = cp;
359
                        (void)fclose(hostf);
360
                        return (-1);
361
                }
362
                goto again;
363
        }
364
        return (-1);
365
}
366
 
367
/*
368
 * XXX
369
 * Don't make static, used by lpd(8).
370
 *
371
 * Returns 0 if ok, -1 if not ok.
372
 */
373
int
374
__ivaliduser(hostf, raddr, luser, ruser)
375
        FILE *hostf;
376
        u_long raddr;
377
        const char *luser, *ruser;
378
{
379
        register char *user, *p;
380
        int ch;
381
        char buf[MAXHOSTNAMELEN + 128];         /* host + login */
382
        char hname[MAXHOSTNAMELEN];
383
        struct hostent *hp;
384
        /* Presumed guilty until proven innocent. */
385
        int userok = 0, hostok = 0;
386
#ifdef YP
387
        char *ypdomain;
388
 
389
        if (yp_get_default_domain(&ypdomain))
390
                ypdomain = NULL;
391
#else
392
#define ypdomain NULL
393
#endif
394
        /* We need to get the damn hostname back for netgroup matching. */
395
        if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
396
                                                        AF_INET)) == NULL)
397
                return (-1);
398
        strncpy(hname, hp->h_name, sizeof(hname));
399
        hname[sizeof(hname) - 1] = '\0';
400
 
401
        while (fgets(buf, sizeof(buf), hostf)) {
402
                p = buf;
403
                /* Skip lines that are too long. */
404
                if (strchr(p, '\n') == NULL) {
405
                        while ((ch = getc(hostf)) != '\n' && ch != EOF);
406
                        continue;
407
                }
408
                if (*p == '\n' || *p == '#') {
409
                        /* comment... */
410
                        continue;
411
                }
412
                while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
413
                        *p = isupper(*p) ? tolower(*p) : *p;
414
                        p++;
415
                }
416
                if (*p == ' ' || *p == '\t') {
417
                        *p++ = '\0';
418
                        while (*p == ' ' || *p == '\t')
419
                                p++;
420
                        user = p;
421
                        while (*p != '\n' && *p != ' ' &&
422
                            *p != '\t' && *p != '\0')
423
                                p++;
424
                } else
425
                        user = p;
426
                *p = '\0';
427
                /*
428
                 * Do +/- and +@/-@ checking. This looks really nasty,
429
                 * but it matches SunOS's behavior so far as I can tell.
430
                 */
431
                switch(buf[0]) {
432
                case '+':
433
                        if (!buf[1]) {     /* '+' matches all hosts */
434
                                hostok = 1;
435
                                break;
436
                        }
437
                        if (buf[1] == '@')  /* match a host by netgroup */
438
                                hostok = innetgr((char *)&buf[2],
439
                                        (char *)&hname, NULL, ypdomain);
440
                        else            /* match a host by addr */
441
                                hostok = __icheckhost(raddr,(char *)&buf[1]);
442
                        break;
443
                case '-':     /* reject '-' hosts and all their users */
444
                        if (buf[1] == '@') {
445
                                if (innetgr((char *)&buf[2],
446
                                              (char *)&hname, NULL, ypdomain))
447
                                        return(-1);
448
                        } else {
449
                                if (__icheckhost(raddr,(char *)&buf[1]))
450
                                        return(-1);
451
                        }
452
                        break;
453
                default:  /* if no '+' or '-', do a simple match */
454
                        hostok = __icheckhost(raddr, buf);
455
                        break;
456
                }
457
                switch(*user) {
458
                case '+':
459
                        if (!*(user+1)) {      /* '+' matches all users */
460
                                userok = 1;
461
                                break;
462
                        }
463
                        if (*(user+1) == '@')  /* match a user by netgroup */
464
                                userok = innetgr(user+2, NULL, ruser, ypdomain);
465
                        else       /* match a user by direct specification */
466
                                userok = !(strcmp(ruser, user+1));
467
                        break;
468
                case '-':               /* if we matched a hostname, */
469
                        if (hostok) {   /* check for user field rejections */
470
                                if (!*(user+1))
471
                                        return(-1);
472
                                if (*(user+1) == '@') {
473
                                        if (innetgr(user+2, NULL,
474
                                                        ruser, ypdomain))
475
                                                return(-1);
476
                                } else {
477
                                        if (!strcmp(ruser, user+1))
478
                                                return(-1);
479
                                }
480
                        }
481
                        break;
482
                default:        /* no rejections: try to match the user */
483
                        if (hostok)
484
                                userok = !(strcmp(ruser,*user ? user : luser));
485
                        break;
486
                }
487
                if (hostok && userok)
488
                        return(0);
489
        }
490
        return (-1);
491
}
492
 
493
/*
494
 * Returns "true" if match, 0 if no match.
495
 */
496
static int
497
__icheckhost(raddr, lhost)
498
        u_long raddr;
499
        register char *lhost;
500
{
501
        register struct hostent *hp;
502
        register u_long laddr;
503
        register char **pp;
504
 
505
        /* Try for raw ip address first. */
506
        if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1)
507
                return (raddr == laddr);
508
 
509
        /* Better be a hostname. */
510
        if ((hp = gethostbyname(lhost)) == NULL)
511
                return (0);
512
 
513
        /* Spin through ip addresses. */
514
        for (pp = hp->h_addr_list; *pp; ++pp)
515
                if (!bcmp(&raddr, *pp, sizeof(u_long)))
516
                        return (1);
517
 
518
        /* No match. */
519
        return (0);
520
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.