[glibc.git] / inet / rcmd.c

/*
 * Copyright (c) 1983, 1993, 1994
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)rcmd.c	8.3 (Berkeley) 3/26/94";
#endif /* LIBC_SCCS and not lint */

#include <sys/param.h>
#include <sys/poll.h>
#include <sys/socket.h>
#include <sys/stat.h>

#include <netinet/in.h>
#include <arpa/inet.h>

#include <alloca.h>
#include <signal.h>
#include <fcntl.h>
#include <netdb.h>
#include <unistd.h>
#include <pwd.h>
#include <errno.h>
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <libintl.h>


int __ivaliduser __P ((FILE *, u_int32_t, const char *, const char *));
static int __ivaliduser2 __P ((FILE *, u_int32_t, const char *, const char *,
			       const char *));


int
rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
	char **ahost;
	u_short rport;
	const char *locuser, *remuser, *cmd;
	int *fd2p;
{
	struct hostent hostbuf, *hp;
	size_t hstbuflen;
	char *tmphstbuf;
	struct sockaddr_in sin, from;
	struct pollfd pfd[2];
	int32_t oldmask;
	pid_t pid;
	int s, lport, timo;
	char c;
	int herr;

	pid = __getpid();

	hstbuflen = 1024;
	tmphstbuf = __alloca (hstbuflen);
	while (__gethostbyname_r (*ahost, &hostbuf, tmphstbuf, hstbuflen,
				  &hp, &herr) != 0
	       || hp == NULL)
	  if (herr != NETDB_INTERNAL || errno != ERANGE)
	    {
	      __set_h_errno (herr);
	      herror(*ahost);
	      return -1;
	    }
	  else
	    {
	      /* Enlarge the buffer.  */
	      hstbuflen *= 2;
	      tmphstbuf = __alloca (hstbuflen);
	    }

	pfd[0].events = POLLIN;
	pfd[1].events = POLLIN;

	*ahost = hp->h_name;
	oldmask = __sigblock(sigmask(SIGURG));
	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
		s = rresvport(&lport);
		if (s < 0) {
			if (errno == EAGAIN)
				(void)fprintf(stderr,
				    _("rcmd: socket: All ports in use\n"));
			else
				(void)fprintf(stderr, "rcmd: socket: %m\n");
			__sigsetmask(oldmask);
			return -1;
		}
		__fcntl(s, F_SETOWN, pid);
		sin.sin_family = hp->h_addrtype;
		bcopy(hp->h_addr_list[0], &sin.sin_addr,
		      MIN (sizeof (sin.sin_addr), hp->h_length));
		sin.sin_port = rport;
		if (__connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
			break;
		(void)__close(s);
		if (errno == EADDRINUSE) {
			lport--;
			continue;
		}
		if (errno == ECONNREFUSED && timo <= 16) {
			(void)__sleep(timo);
			timo *= 2;
			continue;
		}
		if (hp->h_addr_list[1] != NULL) {
			int oerrno = errno;

			(void)fprintf(stderr, _("connect to address %s: "),
			    inet_ntoa(sin.sin_addr));
			__set_errno (oerrno);
			perror(0);
			hp->h_addr_list++;
			bcopy(hp->h_addr_list[0], &sin.sin_addr,
			      MIN (sizeof (sin.sin_addr), hp->h_length));
			(void)fprintf(stderr, _("Trying %s...\n"),
			    inet_ntoa(sin.sin_addr));
			continue;
		}
		(void)fprintf(stderr, "%s: %m\n", hp->h_name);
		__sigsetmask(oldmask);
		return -1;
	}
	lport--;
	if (fd2p == 0) {
		__write(s, "", 1);
		lport = 0;
	} else {
		char num[8];
		int s2 = rresvport(&lport), s3;
		size_t len = sizeof(from);

		if (s2 < 0)
			goto bad;
		listen(s2, 1);
		(void)__snprintf(num, sizeof(num), "%d", lport);
		if (__write(s, num, strlen(num)+1) != strlen(num)+1) {
			(void)fprintf(stderr,
			    _("rcmd: write (setting up stderr): %m\n"));
			(void)__close(s2);
			goto bad;
		}
		pfd[0].fd = s;
		pfd[1].fd = s2;
		__set_errno (0);
		if (__poll (pfd, 2, -1) < 1 || (pfd[1].revents & POLLIN) == 0){
			if (errno != 0)
				(void)fprintf(stderr,
				  _("rcmd: poll (setting up stderr): %m\n"));
			else
				(void)fprintf(stderr,
			     _("poll: protocol failure in circuit setup\n"));
			(void)__close(s2);
			goto bad;
		}
		s3 = accept(s2, (struct sockaddr *)&from, &len);
		(void)__close(s2);
		if (s3 < 0) {
			(void)fprintf(stderr,
			    "rcmd: accept: %m\n");
			lport = 0;
			goto bad;
		}
		*fd2p = s3;
		from.sin_port = ntohs((u_short)from.sin_port);
		if (from.sin_family != AF_INET ||
		    from.sin_port >= IPPORT_RESERVED ||
		    from.sin_port < IPPORT_RESERVED / 2) {
			(void)fprintf(stderr,
			    _("socket: protocol failure in circuit setup\n"));
			goto bad2;
		}
	}
	(void)__write(s, locuser, strlen(locuser)+1);
	(void)__write(s, remuser, strlen(remuser)+1);
	(void)__write(s, cmd, strlen(cmd)+1);
	if (__read(s, &c, 1) != 1) {
		(void)fprintf(stderr,
		    "rcmd: %s: %m\n", *ahost);
		goto bad2;
	}
	if (c != 0) {
		while (__read(s, &c, 1) == 1) {
			(void)__write(STDERR_FILENO, &c, 1);
			if (c == '\n')
				break;
		}
		goto bad2;
	}
	__sigsetmask(oldmask);
	return s;
bad2:
	if (lport)
		(void)__close(*fd2p);
bad:
	(void)__close(s);
	__sigsetmask(oldmask);
	return -1;
}

int
rresvport(alport)
	int *alport;
{
	struct sockaddr_in sin;
	int s;

	sin.sin_family = AF_INET;
	sin.sin_addr.s_addr = INADDR_ANY;
	s = __socket(AF_INET, SOCK_STREAM, 0);
	if (s < 0)
		return -1;
	for (;;) {
		sin.sin_port = htons((u_short)*alport);
		if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
			return s;
		if (errno != EADDRINUSE) {
			(void)__close(s);
			return -1;
		}
		(*alport)--;
		if (*alport == IPPORT_RESERVED/2) {
			(void)__close(s);
			__set_errno (EAGAIN);		/* close */
			return -1;
		}
	}
}

int	__check_rhosts_file = 1;
char	*__rcmd_errstr;

int
ruserok(rhost, superuser, ruser, luser)
	const char *rhost, *ruser, *luser;
	int superuser;
{
	struct hostent hostbuf, *hp;
	size_t buflen;
	char *buffer;
	u_int32_t addr;
	char **ap;
	int herr;

	buflen = 1024;
	buffer = __alloca (buflen);

	while (__gethostbyname_r (rhost, &hostbuf, buffer, buflen, &hp, &herr)
	       != 0
	       || hp == NULL)
	  if (herr != NETDB_INTERNAL || errno != ERANGE)
	    return -1;
	  else
	    {
	      /* Enlarge the buffer.  */
	      buflen *= 2;
	      buffer = __alloca (buflen);
	    }

	for (ap = hp->h_addr_list; *ap; ++ap) {
		bcopy(*ap, &addr, sizeof(addr));
		if (iruserok(addr, superuser, ruser, luser, rhost) == 0)
			return 0;
	}
	return -1;
}

/* Extremely paranoid file open function. */
static FILE *
iruserfopen (char *file, uid_t okuser)
{
  struct stat st;
  char *cp = NULL;
  FILE *res = NULL;

  /* If not a regular file, if owned by someone other than user or
     root, if writeable by anyone but the owner, or if hardlinked
     anywhere, quit.  */
  cp = NULL;
  if (__lxstat (_STAT_VER, file, &st))
    cp = _("lstat failed");
  else if (!S_ISREG (st.st_mode))
    cp = _("not regular file");
  else
    {
      res = fopen (file, "r");
      if (!res)
	cp = _("cannot open");
      else if (__fxstat (_STAT_VER, fileno (res), &st) < 0)
	cp = _("fstat failed");
      else if (st.st_uid && st.st_uid != okuser)
	cp = _("bad owner");
      else if (st.st_mode & (S_IWGRP|S_IWOTH))
	cp = _("writeable by other than owner");
      else if (st.st_nlink > 1)
	cp = _("hard linked somewhere");
    }

  /* If there were any problems, quit.  */
  if (cp != NULL)
    {
      __rcmd_errstr = cp;
      if (res)
	fclose (res);
      return NULL;
    }

  return res;
}

/*
 * New .rhosts strategy: We are passed an ip address. We spin through
 * hosts.equiv and .rhosts looking for a match. When the .rhosts only
 * has ip addresses, we don't have to trust a nameserver.  When it
 * contains hostnames, we spin through the list of addresses the nameserver
 * gives us and look for a match.
 *
 * Returns 0 if ok, -1 if not ok.
 */
static int
iruserok2 (raddr, superuser, ruser, luser, rhost)
     u_int32_t raddr;
     int superuser;
     const char *ruser, *luser, *rhost;
{
  FILE *hostf = NULL;
  int isbad;

  if (!superuser)
    hostf = iruserfopen (_PATH_HEQUIV, 0);

  if (hostf)
    {
      isbad = __ivaliduser2 (hostf, raddr, luser, ruser, rhost);
      fclose (hostf);

      if (!isbad)
	return 0;
    }

  if (__check_rhosts_file || superuser)
    {
      char *pbuf;
      struct passwd pwdbuf, *pwd;
      size_t dirlen;
      size_t buflen = __sysconf (_SC_GETPW_R_SIZE_MAX);
      char *buffer = __alloca (buflen);
      uid_t uid;

      if (__getpwnam_r (luser, &pwdbuf, buffer, buflen, &pwd) != 0
	  || pwd == NULL)
	return -1;

      dirlen = strlen (pwd->pw_dir);
      pbuf = alloca (dirlen + sizeof "/.rhosts");
      __mempcpy (__mempcpy (pbuf, pwd->pw_dir, dirlen),
		 "/.rhosts", sizeof "/.rhosts");

       /* Change effective uid while reading .rhosts.  If root and
	  reading an NFS mounted file system, can't read files that
	  are protected read/write owner only.  */
       uid = __geteuid ();
       seteuid (pwd->pw_uid);
       hostf = iruserfopen (pbuf, pwd->pw_uid);

       if (hostf != NULL)
	 {
           isbad = __ivaliduser2 (hostf, raddr, luser, ruser, rhost);
           fclose (hostf);
	 }

       seteuid (uid);
       return isbad;
    }
  return -1;
}

/* This is the exported version.  */
int
iruserok (raddr, superuser, ruser, luser)
     u_int32_t raddr;
     int superuser;
     const char *ruser, *luser;
{
  return iruserok2 (raddr, superuser, ruser, luser, "-");
}

/*
 * XXX
 * Don't make static, used by lpd(8).
 *
 * This function is not used anymore. It is only present because lpd(8)
 * calls it (!?!). We simply call __invaliduser2() with an illegal rhost
 * argument. This means that netgroups won't work in .rhost/hosts.equiv
 * files. If you want lpd to work with netgroups, fix lpd to use ruserok()
 * or PAM.
 * Returns 0 if ok, -1 if not ok.
 */
int
__ivaliduser(hostf, raddr, luser, ruser)
	FILE *hostf;
	u_int32_t raddr;
	const char *luser, *ruser;
{
	return __ivaliduser2(hostf, raddr, luser, ruser, "-");
}


/* Returns 1 on positive match, 0 on no match, -1 on negative match.  */
static int
internal_function
__icheckhost (raddr, lhost, rhost)
	u_int32_t raddr;
	char *lhost;
	const char *rhost;
{
	struct hostent hostbuf, *hp;
	size_t buflen;
	char *buffer;
	int herr;
	int save_errno;
	u_int32_t laddr;
	int negate=1;    /* Multiply return with this to get -1 instead of 1 */
	char **pp, *user;

	/* Check nis netgroup.  */
	if (strncmp ("+@", lhost, 2) == 0)
		return innetgr (&lhost[2], rhost, NULL, NULL);

	if (strncmp ("-@", lhost, 2) == 0)
		return -innetgr (&lhost[2], rhost, NULL, NULL);

	/* -host */
	if (strncmp ("-", lhost,1) == 0) {
		negate = -1;
		lhost++;
	} else if (strcmp ("+",lhost) == 0) {
		return 1;                    /* asking for trouble, but ok.. */
	}

	/* Try for raw ip address first. */
	if (isdigit (*lhost) && (long) (laddr = inet_addr (lhost)) != -1)
		return negate * (! (raddr ^ laddr));

	/* Better be a hostname. */
	buflen = 1024;
	buffer = __alloca (buflen);
	save_errno = errno;
	while (__gethostbyname_r (lhost, &hostbuf, buffer, buflen, &hp, &herr)
	       != 0)
		if (herr != NETDB_INTERNAL || errno != ERANGE)
			return (0);
		else {
			/* Enlarge the buffer.  */
			buflen *= 2;
			buffer = __alloca (buflen);
			__set_errno (0);
		}
	__set_errno (save_errno);
	if (hp == NULL)
		return 0;

	/* Spin through ip addresses. */
	for (pp = hp->h_addr_list; *pp; ++pp)
		if (!memcmp (&raddr, *pp, sizeof (u_int32_t)))
			return negate;

	/* No match. */
	return (0);
}

/* Returns 1 on positive match, 0 on no match, -1 on negative match.  */
static int
internal_function
__icheckuser (luser, ruser)
	const char *luser, *ruser;
{
    /*
      luser is user entry from .rhosts/hosts.equiv file
      ruser is user id on remote host
      */
    char *user;

    /* [-+]@netgroup */
    if (strncmp ("+@", luser, 2) == 0)
	return innetgr (&luser[2], NULL, ruser, NULL);

    if (strncmp ("-@", luser,2) == 0)
	return -innetgr (&luser[2], NULL, ruser, NULL);

    /* -user */
    if (strncmp ("-", luser, 1) == 0)
	return -(strcmp (&luser[1], ruser) == 0);

    /* + */
    if (strcmp ("+", luser) == 0)
	return 1;

    /* simple string match */
    return strcmp (ruser, luser) == 0;
}

/*
 * Returns 1 for blank lines (or only comment lines) and 0 otherwise
 */
static int
__isempty(p)
	char *p;
{
    while (*p && isspace (*p)) {
	++p;
    }

    return (*p == '\0' || *p == '#') ? 1 : 0 ;
}

/*
 * Returns 0 if positive match, -1 if _not_ ok.
 */
static int
__ivaliduser2(hostf, raddr, luser, ruser, rhost)
	FILE *hostf;
	u_int32_t raddr;
	const char *luser, *ruser, *rhost;
{
    register const char *user;
    register char *p;
    int hcheck, ucheck;
    char *buf = NULL;
    size_t bufsize = 0;
    int retval = -1;

    while (__getline (&buf, &bufsize, hostf) > 0) {
	buf[bufsize - 1] = '\0'; /* Make sure it's terminated.  */
        p = buf;

	/* Skip empty or comment lines */
	if (__isempty (p)) {
	    continue;
	}

	/* Skip lines that are too long. */
	if (strchr (p, '\n') == NULL) {
	    int ch = getc_unlocked (hostf);

	    while (ch != '\n' && ch != EOF)
		ch = getc_unlocked (hostf);
	    continue;
	}

	for (;*p && !isspace(*p); ++p) {
	    *p = _tolower (*p);
	}

	/* Next we want to find the permitted name for the remote user.  */
	if (*p == ' ' || *p == '\t') {
	    /* <nul> terminate hostname and skip spaces */
	    for (*p++='\0'; *p && isspace (*p); ++p);

	    user = p;                   /* this is the user's name */
	    while (*p && !isspace (*p))
		++p;                    /* find end of user's name */
	} else
	    user = p;

	*p = '\0';              /* <nul> terminate username (+host?) */

	/* buf -> host(?) ; user -> username(?) */

	/* First check host part */
	hcheck = __icheckhost (raddr, buf, rhost);

	if (hcheck < 0)
	    break;

	if (hcheck) {
	    /* Then check user part */
	    if (! (*user))
		user = luser;

	    ucheck = __icheckuser (user, ruser);

	    /* Positive 'host user' match? */
	    if (ucheck > 0) {
		retval = 0;
		break;
	    }

	    /* Negative 'host -user' match? */
	    if (ucheck < 0)
		break;

	    /* Neither, go on looking for match */
	}
    }

    if (buf != NULL)
      free (buf);

    return retval;
}
Commit	Line	Data
28f540f4 RM	1	/*
	2	* Copyright (c) 1983, 1993, 1994
	3	* The Regents of the University of California. All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	* 1. Redistributions of source code must retain the above copyright
	9	* notice, this list of conditions and the following disclaimer.
	10	* 2. Redistributions in binary form must reproduce the above copyright
	11	* notice, this list of conditions and the following disclaimer in the
	12	* documentation and/or other materials provided with the distribution.
28f540f4 RM	13	* 4. Neither the name of the University nor the names of its contributors
	14	* may be used to endorse or promote products derived from this software
	15	* without specific prior written permission.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	18	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	19	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	20	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	21	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	22	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	23	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	24	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	25	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	26	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	27	* SUCH DAMAGE.
	28	*/
	29
	30	#if defined(LIBC_SCCS) && !defined(lint)
	31	static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
	32	#endif /* LIBC_SCCS and not lint */
	33
	34	#include <sys/param.h>
cd68221f	35	#include <sys/poll.h>
28f540f4 RM	36	#include <sys/socket.h>
	37	#include <sys/stat.h>
	38
	39	#include <netinet/in.h>
	40	#include <arpa/inet.h>
	41
e4cf5070	42	#include <alloca.h>
28f540f4 RM	43	#include <signal.h>
	44	#include <fcntl.h>
	45	#include <netdb.h>
	46	#include <unistd.h>
	47	#include <pwd.h>
	48	#include <errno.h>
	49	#include <stdio.h>
	50	#include <ctype.h>
	51	#include <string.h>
4360eafd	52	#include <libintl.h>
28f540f4	53
d68171ed	54
85c165be UD	55	int __ivaliduser __P ((FILE , u_int32_t, const char , const char *));
	56	static int __ivaliduser2 __P ((FILE , u_int32_t, const char , const char *,
	57	const char *));
	58
28f540f4 RM	59
	60	int
	61	rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
	62	char **ahost;
	63	u_short rport;
	64	const char locuser, remuser, *cmd;
	65	int *fd2p;
	66	{
e4cf5070 UD	67	struct hostent hostbuf, *hp;
	68	size_t hstbuflen;
	69	char *tmphstbuf;
28f540f4	70	struct sockaddr_in sin, from;
cd68221f	71	struct pollfd pfd[2];
c224a18a	72	int32_t oldmask;
28f540f4 RM	73	pid_t pid;
	74	int s, lport, timo;
	75	char c;
e4cf5070	76	int herr;
28f540f4	77
50304ef0	78	pid = __getpid();
e4cf5070 UD	79
	80	hstbuflen = 1024;
	81	tmphstbuf = __alloca (hstbuflen);
	82	while (__gethostbyname_r (*ahost, &hostbuf, tmphstbuf, hstbuflen,
1d863dc0 UD	83	&hp, &herr) != 0
1d863dc0 UD	84	\|\| hp == NULL)
e4cf5070 UD	85	if (herr != NETDB_INTERNAL \|\| errno != ERANGE)
e4cf5070 UD	86	{
d38cd08c	87	__set_h_errno (herr);
e4cf5070 UD	88	herror(*ahost);
	89	return -1;
	90	}
	91	else
	92	{
	93	/* Enlarge the buffer. */
	94	hstbuflen *= 2;
	95	tmphstbuf = __alloca (hstbuflen);
	96	}
	97
cd68221f UD	98	pfd[0].events = POLLIN;
	99	pfd[1].events = POLLIN;
	100
28f540f4	101	*ahost = hp->h_name;
50304ef0	102	oldmask = __sigblock(sigmask(SIGURG));
28f540f4 RM	103	for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
	104	s = rresvport(&lport);
	105	if (s < 0) {
	106	if (errno == EAGAIN)
	107	(void)fprintf(stderr,
cbd3dceb	108	_("rcmd: socket: All ports in use\n"));
28f540f4	109	else
47707456	110	(void)fprintf(stderr, "rcmd: socket: %m\n");
50304ef0	111	__sigsetmask(oldmask);
d705269e	112	return -1;
28f540f4	113	}
50304ef0	114	__fcntl(s, F_SETOWN, pid);
28f540f4	115	sin.sin_family = hp->h_addrtype;
d68171ed UD	116	bcopy(hp->h_addr_list[0], &sin.sin_addr,
d68171ed UD	117	MIN (sizeof (sin.sin_addr), hp->h_length));
28f540f4	118	sin.sin_port = rport;
50304ef0	119	if (__connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
28f540f4	120	break;
50304ef0	121	(void)__close(s);
28f540f4 RM	122	if (errno == EADDRINUSE) {
	123	lport--;
	124	continue;
	125	}
	126	if (errno == ECONNREFUSED && timo <= 16) {
50304ef0	127	(void)__sleep(timo);
28f540f4 RM	128	timo *= 2;
	129	continue;
	130	}
	131	if (hp->h_addr_list[1] != NULL) {
	132	int oerrno = errno;
	133
cbd3dceb	134	(void)fprintf(stderr, _("connect to address %s: "),
28f540f4	135	inet_ntoa(sin.sin_addr));
c4029823	136	__set_errno (oerrno);
28f540f4 RM	137	perror(0);
28f540f4 RM	138	hp->h_addr_list++;
d68171ed UD	139	bcopy(hp->h_addr_list[0], &sin.sin_addr,
d68171ed UD	140	MIN (sizeof (sin.sin_addr), hp->h_length));
cbd3dceb	141	(void)fprintf(stderr, _("Trying %s...\n"),
28f540f4 RM	142	inet_ntoa(sin.sin_addr));
	143	continue;
	144	}
47707456	145	(void)fprintf(stderr, "%s: %m\n", hp->h_name);
50304ef0	146	__sigsetmask(oldmask);
d705269e	147	return -1;
28f540f4 RM	148	}
	149	lport--;
	150	if (fd2p == 0) {
50304ef0	151	__write(s, "", 1);
28f540f4 RM	152	lport = 0;
	153	} else {
	154	char num[8];
	155	int s2 = rresvport(&lport), s3;
d705269e	156	size_t len = sizeof(from);
28f540f4 RM	157
	158	if (s2 < 0)
	159	goto bad;
	160	listen(s2, 1);
50304ef0 UD	161	(void)__snprintf(num, sizeof(num), "%d", lport);
50304ef0 UD	162	if (__write(s, num, strlen(num)+1) != strlen(num)+1) {
28f540f4	163	(void)fprintf(stderr,
47707456	164	_("rcmd: write (setting up stderr): %m\n"));
50304ef0	165	(void)__close(s2);
28f540f4 RM	166	goto bad;
28f540f4 RM	167	}
cd68221f UD	168	pfd[0].fd = s;
cd68221f UD	169	pfd[1].fd = s2;
c4029823	170	__set_errno (0);
cd68221f	171	if (__poll (pfd, 2, -1) < 1 \|\| (pfd[1].revents & POLLIN) == 0){
28f540f4 RM	172	if (errno != 0)
28f540f4 RM	173	(void)fprintf(stderr,
cd68221f	174	_("rcmd: poll (setting up stderr): %m\n"));
28f540f4 RM	175	else
28f540f4 RM	176	(void)fprintf(stderr,
cd68221f	177	_("poll: protocol failure in circuit setup\n"));
50304ef0	178	(void)__close(s2);
28f540f4 RM	179	goto bad;
	180	}
	181	s3 = accept(s2, (struct sockaddr *)&from, &len);
50304ef0	182	(void)__close(s2);
28f540f4 RM	183	if (s3 < 0) {
28f540f4 RM	184	(void)fprintf(stderr,
47707456	185	"rcmd: accept: %m\n");
28f540f4 RM	186	lport = 0;
	187	goto bad;
	188	}
	189	*fd2p = s3;
	190	from.sin_port = ntohs((u_short)from.sin_port);
	191	if (from.sin_family != AF_INET \|\|
	192	from.sin_port >= IPPORT_RESERVED \|\|
	193	from.sin_port < IPPORT_RESERVED / 2) {
	194	(void)fprintf(stderr,
569c558c	195	_("socket: protocol failure in circuit setup\n"));
28f540f4 RM	196	goto bad2;
	197	}
	198	}
50304ef0 UD	199	(void)__write(s, locuser, strlen(locuser)+1);
	200	(void)__write(s, remuser, strlen(remuser)+1);
	201	(void)__write(s, cmd, strlen(cmd)+1);
	202	if (__read(s, &c, 1) != 1) {
28f540f4	203	(void)fprintf(stderr,
47707456	204	"rcmd: %s: %m\n", *ahost);
28f540f4 RM	205	goto bad2;
	206	}
	207	if (c != 0) {
50304ef0 UD	208	while (__read(s, &c, 1) == 1) {
50304ef0 UD	209	(void)__write(STDERR_FILENO, &c, 1);
28f540f4 RM	210	if (c == '\n')
	211	break;
	212	}
	213	goto bad2;
	214	}
50304ef0	215	__sigsetmask(oldmask);
d705269e	216	return s;
28f540f4 RM	217	bad2:
28f540f4 RM	218	if (lport)
50304ef0	219	(void)__close(*fd2p);
28f540f4	220	bad:
50304ef0 UD	221	(void)__close(s);
50304ef0 UD	222	__sigsetmask(oldmask);
d705269e	223	return -1;
28f540f4 RM	224	}
	225
	226	int
	227	rresvport(alport)
	228	int *alport;
	229	{
	230	struct sockaddr_in sin;
	231	int s;
	232
	233	sin.sin_family = AF_INET;
	234	sin.sin_addr.s_addr = INADDR_ANY;
50304ef0	235	s = __socket(AF_INET, SOCK_STREAM, 0);
28f540f4	236	if (s < 0)
d705269e	237	return -1;
28f540f4 RM	238	for (;;) {
	239	sin.sin_port = htons((u_short)*alport);
	240	if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
d705269e	241	return s;
28f540f4	242	if (errno != EADDRINUSE) {
50304ef0	243	(void)__close(s);
d705269e	244	return -1;
28f540f4 RM	245	}
	246	(*alport)--;
	247	if (*alport == IPPORT_RESERVED/2) {
50304ef0	248	(void)__close(s);
c4029823	249	__set_errno (EAGAIN); /* close */
d705269e	250	return -1;
28f540f4 RM	251	}
	252	}
	253	}
	254
	255	int __check_rhosts_file = 1;
	256	char *__rcmd_errstr;
	257
	258	int
	259	ruserok(rhost, superuser, ruser, luser)
	260	const char rhost, ruser, *luser;
	261	int superuser;
	262	{
e4cf5070 UD	263	struct hostent hostbuf, *hp;
	264	size_t buflen;
	265	char *buffer;
c224a18a	266	u_int32_t addr;
28f540f4	267	char **ap;
e4cf5070 UD	268	int herr;
	269
	270	buflen = 1024;
	271	buffer = __alloca (buflen);
	272
	273	while (__gethostbyname_r (rhost, &hostbuf, buffer, buflen, &hp, &herr)
1d863dc0 UD	274	!= 0
1d863dc0 UD	275	\|\| hp == NULL)
e4cf5070 UD	276	if (herr != NETDB_INTERNAL \|\| errno != ERANGE)
	277	return -1;
	278	else
	279	{
	280	/* Enlarge the buffer. */
	281	buflen *= 2;
	282	buffer = __alloca (buflen);
	283	}
28f540f4	284
28f540f4 RM	285	for (ap = hp->h_addr_list; *ap; ++ap) {
28f540f4 RM	286	bcopy(*ap, &addr, sizeof(addr));
85c165be	287	if (iruserok(addr, superuser, ruser, luser, rhost) == 0)
d705269e	288	return 0;
28f540f4	289	}
d705269e	290	return -1;
28f540f4 RM	291	}
28f540f4 RM	292
cb343854 UD	293	/* Extremely paranoid file open function. */
	294	static FILE *
	295	iruserfopen (char *file, uid_t okuser)
	296	{
	297	struct stat st;
	298	char *cp = NULL;
	299	FILE *res = NULL;
	300
	301	/* If not a regular file, if owned by someone other than user or
	302	root, if writeable by anyone but the owner, or if hardlinked
	303	anywhere, quit. */
	304	cp = NULL;
	305	if (__lxstat (_STAT_VER, file, &st))
	306	cp = _("lstat failed");
	307	else if (!S_ISREG (st.st_mode))
	308	cp = _("not regular file");
	309	else
	310	{
	311	res = fopen (file, "r");
	312	if (!res)
	313	cp = _("cannot open");
	314	else if (__fxstat (_STAT_VER, fileno (res), &st) < 0)
	315	cp = _("fstat failed");
	316	else if (st.st_uid && st.st_uid != okuser)
	317	cp = _("bad owner");
	318	else if (st.st_mode & (S_IWGRP\|S_IWOTH))
	319	cp = _("writeable by other than owner");
	320	else if (st.st_nlink > 1)
	321	cp = _("hard linked somewhere");
	322	}
	323
	324	/* If there were any problems, quit. */
	325	if (cp != NULL)
	326	{
	327	__rcmd_errstr = cp;
	328	if (res)
	329	fclose (res);
	330	return NULL;
	331	}
	332
	333	return res;
	334	}
	335
28f540f4 RM	336	/*
	337	* New .rhosts strategy: We are passed an ip address. We spin through
	338	* hosts.equiv and .rhosts looking for a match. When the .rhosts only
	339	* has ip addresses, we don't have to trust a nameserver. When it
	340	* contains hostnames, we spin through the list of addresses the nameserver
	341	* gives us and look for a match.
	342	*
	343	* Returns 0 if ok, -1 if not ok.
	344	*/
85c165be UD	345	static int
85c165be UD	346	iruserok2 (raddr, superuser, ruser, luser, rhost)
cb343854 UD	347	u_int32_t raddr;
cb343854 UD	348	int superuser;
85c165be	349	const char ruser, luser, *rhost;
28f540f4	350	{
d1e9545e	351	FILE *hostf = NULL;
cb343854	352	int isbad;
28f540f4	353
cb343854 UD	354	if (!superuser)
	355	hostf = iruserfopen (_PATH_HEQUIV, 0);
	356
	357	if (hostf)
	358	{
85c165be	359	isbad = __ivaliduser2 (hostf, raddr, luser, ruser, rhost);
cb343854 UD	360	fclose (hostf);
	361
	362	if (!isbad)
	363	return 0;
	364	}
	365
	366	if (__check_rhosts_file \|\| superuser)
	367	{
	368	char *pbuf;
	369	struct passwd pwdbuf, *pwd;
	370	size_t dirlen;
	371	size_t buflen = __sysconf (_SC_GETPW_R_SIZE_MAX);
	372	char *buffer = __alloca (buflen);
	373	uid_t uid;
	374
1d863dc0 UD	375	if (__getpwnam_r (luser, &pwdbuf, buffer, buflen, &pwd) != 0
1d863dc0 UD	376	\|\| pwd == NULL)
d705269e	377	return -1;
cb343854 UD	378
	379	dirlen = strlen (pwd->pw_dir);
	380	pbuf = alloca (dirlen + sizeof "/.rhosts");
	381	__mempcpy (__mempcpy (pbuf, pwd->pw_dir, dirlen),
	382	"/.rhosts", sizeof "/.rhosts");
	383
	384	/* Change effective uid while reading .rhosts. If root and
	385	reading an NFS mounted file system, can't read files that
	386	are protected read/write owner only. */
50304ef0	387	uid = __geteuid ();
cb343854 UD	388	seteuid (pwd->pw_uid);
	389	hostf = iruserfopen (pbuf, pwd->pw_uid);
	390
	391	if (hostf != NULL)
	392	{
85c165be	393	isbad = __ivaliduser2 (hostf, raddr, luser, ruser, rhost);
cb343854 UD	394	fclose (hostf);
	395	}
	396
	397	seteuid (uid);
	398	return isbad;
	399	}
	400	return -1;
28f540f4 RM	401	}
28f540f4 RM	402
85c165be UD	403	/* This is the exported version. */
	404	int
	405	iruserok (raddr, superuser, ruser, luser)
	406	u_int32_t raddr;
	407	int superuser;
	408	const char ruser, luser;
	409	{
	410	return iruserok2 (raddr, superuser, ruser, luser, "-");
	411	}
	412
28f540f4 RM	413	/*
	414	* XXX
	415	* Don't make static, used by lpd(8).
	416	*
85c165be UD	417	* This function is not used anymore. It is only present because lpd(8)
	418	* calls it (!?!). We simply call __invaliduser2() with an illegal rhost
	419	* argument. This means that netgroups won't work in .rhost/hosts.equiv
	420	* files. If you want lpd to work with netgroups, fix lpd to use ruserok()
	421	* or PAM.
28f540f4 RM	422	* Returns 0 if ok, -1 if not ok.
	423	*/
	424	int
	425	__ivaliduser(hostf, raddr, luser, ruser)
	426	FILE *hostf;
c224a18a	427	u_int32_t raddr;
28f540f4 RM	428	const char luser, ruser;
28f540f4 RM	429	{
85c165be	430	return __ivaliduser2(hostf, raddr, luser, ruser, "-");
28f540f4 RM	431	}
28f540f4 RM	432
85c165be UD	433
85c165be UD	434	/* Returns 1 on positive match, 0 on no match, -1 on negative match. */
28f540f4	435	static int
dfd2257a	436	internal_function
85c165be	437	__icheckhost (raddr, lhost, rhost)
c224a18a	438	u_int32_t raddr;
85c165be UD	439	char *lhost;
85c165be UD	440	const char *rhost;
28f540f4	441	{
d705269e	442	struct hostent hostbuf, *hp;
e4cf5070 UD	443	size_t buflen;
e4cf5070 UD	444	char *buffer;
e4cf5070	445	int herr;
85c165be UD	446	int save_errno;
	447	u_int32_t laddr;
	448	int negate=1; /* Multiply return with this to get -1 instead of 1 */
	449	char *pp, user;
	450
	451	/* Check nis netgroup. */
	452	if (strncmp ("+@", lhost, 2) == 0)
	453	return innetgr (&lhost[2], rhost, NULL, NULL);
	454
	455	if (strncmp ("-@", lhost, 2) == 0)
	456	return -innetgr (&lhost[2], rhost, NULL, NULL);
	457
	458	/* -host */
	459	if (strncmp ("-", lhost,1) == 0) {
	460	negate = -1;
	461	lhost++;
	462	} else if (strcmp ("+",lhost) == 0) {
	463	return 1; /* asking for trouble, but ok.. */
	464	}
28f540f4 RM	465
28f540f4 RM	466	/* Try for raw ip address first. */
85c165be UD	467	if (isdigit (*lhost) && (long) (laddr = inet_addr (lhost)) != -1)
85c165be UD	468	return negate * (! (raddr ^ laddr));
28f540f4 RM	469
28f540f4 RM	470	/* Better be a hostname. */
e4cf5070 UD	471	buflen = 1024;
e4cf5070 UD	472	buffer = __alloca (buflen);
85c165be	473	save_errno = errno;
e4cf5070	474	while (__gethostbyname_r (lhost, &hostbuf, buffer, buflen, &hp, &herr)
c5f57c58	475	!= 0)
85c165be UD	476	if (herr != NETDB_INTERNAL \|\| errno != ERANGE)
	477	return (0);
	478	else {
	479	/* Enlarge the buffer. */
	480	buflen *= 2;
	481	buffer = __alloca (buflen);
	482	__set_errno (0);
	483	}
	484	__set_errno (save_errno);
	485	if (hp == NULL)
	486	return 0;
28f540f4 RM	487
	488	/* Spin through ip addresses. */
	489	for (pp = hp->h_addr_list; *pp; ++pp)
85c165be UD	490	if (!memcmp (&raddr, *pp, sizeof (u_int32_t)))
85c165be UD	491	return negate;
28f540f4 RM	492
28f540f4 RM	493	/* No match. */
85c165be UD	494	return (0);
	495	}
	496
	497	/* Returns 1 on positive match, 0 on no match, -1 on negative match. */
	498	static int
	499	internal_function
	500	__icheckuser (luser, ruser)
	501	const char luser, ruser;
	502	{
	503	/*
	504	luser is user entry from .rhosts/hosts.equiv file
	505	ruser is user id on remote host
	506	*/
	507	char *user;
	508
	509	/* [-+]@netgroup */
	510	if (strncmp ("+@", luser, 2) == 0)
	511	return innetgr (&luser[2], NULL, ruser, NULL);
	512
	513	if (strncmp ("-@", luser,2) == 0)
	514	return -innetgr (&luser[2], NULL, ruser, NULL);
	515
	516	/* -user */
	517	if (strncmp ("-", luser, 1) == 0)
	518	return -(strcmp (&luser[1], ruser) == 0);
	519
	520	/* + */
	521	if (strcmp ("+", luser) == 0)
	522	return 1;
	523
	524	/* simple string match */
	525	return strcmp (ruser, luser) == 0;
	526	}
	527
	528	/*
	529	* Returns 1 for blank lines (or only comment lines) and 0 otherwise
	530	*/
	531	static int
	532	__isempty(p)
	533	char *p;
	534	{
	535	while (p && isspace (p)) {
	536	++p;
	537	}
	538
	539	return (p == '\0' \|\| p == '#') ? 1 : 0 ;
	540	}
	541
	542	/*
	543	* Returns 0 if positive match, -1 if _not_ ok.
	544	*/
	545	static int
	546	__ivaliduser2(hostf, raddr, luser, ruser, rhost)
	547	FILE *hostf;
	548	u_int32_t raddr;
	549	const char luser, ruser, *rhost;
	550	{
	551	register const char *user;
	552	register char *p;
	553	int hcheck, ucheck;
	554	char *buf = NULL;
	555	size_t bufsize = 0;
24f25de6	556	int retval = -1;
85c165be UD	557
	558	while (__getline (&buf, &bufsize, hostf) > 0) {
	559	buf[bufsize - 1] = '\0'; /* Make sure it's terminated. */
	560	p = buf;
	561
	562	/* Skip empty or comment lines */
	563	if (__isempty (p)) {
	564	continue;
	565	}
	566
	567	/* Skip lines that are too long. */
	568	if (strchr (p, '\n') == NULL) {
738d1a5a	569	int ch = getc_unlocked (hostf);
85c165be UD	570
85c165be UD	571	while (ch != '\n' && ch != EOF)
738d1a5a	572	ch = getc_unlocked (hostf);
85c165be UD	573	continue;
	574	}
	575
	576	for (;p && !isspace(p); ++p) {
4caef86c	577	p = _tolower (p);
85c165be UD	578	}
	579
	580	/* Next we want to find the permitted name for the remote user. */
	581	if (p == ' ' \|\| p == '\t') {
	582	/* <nul> terminate hostname and skip spaces */
	583	for (p++='\0'; p && isspace (*p); ++p);
	584
	585	user = p; /* this is the user's name */
	586	while (p && !isspace (p))
	587	++p; /* find end of user's name */
	588	} else
	589	user = p;
	590
	591	p = '\0'; / <nul> terminate username (+host?) */
	592
	593	/* buf -> host(?) ; user -> username(?) */
	594
	595	/* First check host part */
	596	hcheck = __icheckhost (raddr, buf, rhost);
	597
	598	if (hcheck < 0)
24f25de6	599	break;
85c165be UD	600
	601	if (hcheck) {
	602	/* Then check user part */
	603	if (! (*user))
	604	user = luser;
	605
	606	ucheck = __icheckuser (user, ruser);
	607
	608	/* Positive 'host user' match? */
24f25de6 UD	609	if (ucheck > 0) {
	610	retval = 0;
	611	break;
	612	}
85c165be UD	613
	614	/* Negative 'host -user' match? */
	615	if (ucheck < 0)
24f25de6	616	break;
85c165be UD	617
	618	/* Neither, go on looking for match */
	619	}
	620	}
	621
24f25de6 UD	622	if (buf != NULL)
	623	free (buf);
	624
	625	return retval;
28f540f4	626	}