2 * Copyright (c) 1983, 1988, 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 2002 Networks Associates Technology, Inc.
7 * Portions of this software were developed for the FreeBSD Project by
8 * ThinkSec AS and NAI Labs, the Security Research Division of Network
9 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
10 * ("CBOSS"), as part of the DARPA CHATS research program.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 static const char copyright[] =
40 "@(#) Copyright (c) 1983, 1988, 1989, 1993\n\
41 The Regents of the University of California. All rights reserved.\n";
45 static const char sccsid[] = "@(#)rlogind.c 8.1 (Berkeley) 6/4/93";
48 #include <sys/cdefs.h>
49 __FBSDID("$FreeBSD$");
52 * remote login server:
56 * terminal_type/speed\0
60 #define FD_SETSIZE 16 /* don't need many bits for select */
61 #include <sys/types.h>
62 #include <sys/param.h>
64 #include <sys/ioctl.h>
68 #include <sys/socket.h>
69 #include <netinet/in.h>
70 #include <netinet/in_systm.h>
71 #include <netinet/ip.h>
72 #include <netinet/tcp.h>
73 #include <arpa/inet.h>
88 #ifndef TIOCPKT_WINDOW
89 #define TIOCPKT_WINDOW 0x80
96 char lusername[NMAX+1], rusername[NMAX+1];
97 static char term[64] = "TERM=";
98 #define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */
111 struct sockaddr_in su_sin;
112 struct sockaddr_in6 su_sin6;
114 #define su_len su_si.si_len
115 #define su_family su_si.si_family
116 #define su_port su_si.si_port
118 void doit(int, union sockunion *);
119 int control(int, char *, int);
120 void protocol(int, int);
122 void fatal(int, char *, int);
123 int do_rlogin(union sockunion *);
124 void getstr(char *, int, char *);
125 void setup_term(int);
126 int do_krb_login(struct sockaddr_in *);
131 main(int argc, char *argv[])
133 extern int __check_rhosts_file;
134 union sockunion from;
138 openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
141 while ((ch = getopt(argc, argv, ARGSTR)) != -1)
150 __check_rhosts_file = 0;
163 fromlen = sizeof (from);
164 if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
165 syslog(LOG_ERR,"Can't get peer name of remote host: %m");
166 fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
170 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0)
171 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
173 setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0)
174 syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
175 if (from.su_family == AF_INET)
178 if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
179 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
188 char line[MAXPATHLEN];
191 struct winsize win = { 0, 0, 0, 0 };
195 doit(int f, union sockunion *fromp)
197 int master, pid, on = 1;
198 int authenticated = 0;
199 char hostname[2 * MAXHOSTNAMELEN + 1];
200 char nameinfo[2 * INET6_ADDRSTRLEN + 1];
211 realhostname_sa(hostname, sizeof(hostname) - 1,
212 (struct sockaddr *)fromp, fromp->su_len);
214 fromp->su_port = ntohs((u_short)fromp->su_port);
215 hostname[sizeof(hostname) - 1] = '\0';
218 if ((fromp->su_family != AF_INET
220 && fromp->su_family != AF_INET6
223 fromp->su_port >= IPPORT_RESERVED ||
224 fromp->su_port < IPPORT_RESERVED/2) {
225 getnameinfo((struct sockaddr *)fromp,
227 nameinfo, sizeof(nameinfo), NULL, 0,
230 syslog(LOG_NOTICE, "Connection from %s on illegal port",
232 fatal(f, "Permission denied", 0);
235 if (fromp->su_family == AF_INET)
237 u_char optbuf[BUFSIZ/3];
238 socklen_t optsize = sizeof(optbuf);
242 if ((ip = getprotobyname("ip")) != NULL)
243 ipproto = ip->p_proto;
245 ipproto = IPPROTO_IP;
246 if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf,
247 &optsize) == 0 && optsize != 0) {
248 for (i = 0; i < optsize; ) {
249 u_char c = optbuf[i];
250 if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
252 "Connection refused from %s with IP option %s",
253 inet_ntoa(fromp->su_sin.sin_addr),
254 c == IPOPT_LSRR ? "LSRR" : "SSRR");
259 i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
264 if (do_rlogin(fromp) == 0)
267 if (confirmed == 0) {
269 confirmed = 1; /* we sent the null! */
273 pid = forkpty(&master, line, NULL, &win);
276 fatal(f, "Out of ptys", 0);
278 fatal(f, "Forkpty", 1);
281 if (f > 2) /* f should always be 0, but... */
284 if (*lusername=='-') {
285 syslog(LOG_ERR, "tried to pass user \"%s\" to login",
287 fatal(STDERR_FILENO, "invalid user", 0);
290 execl(_PATH_LOGIN, "login", "-p",
291 "-h", hostname, "-f", lusername, (char *)NULL);
293 execl(_PATH_LOGIN, "login", "-p",
294 "-h", hostname, lusername, (char *)NULL);
295 fatal(STDERR_FILENO, _PATH_LOGIN, 1);
298 ioctl(f, FIONBIO, &on);
299 ioctl(master, FIONBIO, &on);
300 ioctl(master, TIOCPKT, &on);
301 signal(SIGCHLD, cleanup);
303 signal(SIGCHLD, SIG_IGN);
307 char magic[2] = { 0377, 0377 };
308 char oobdata[] = {TIOCPKT_WINDOW};
311 * Handle a "control" request (signaled by magic being present)
312 * in the data stream. For now, we are only willing to handle
313 * window size changes.
316 control(int pty, char *cp, int n)
320 if (n < 4 + (int)sizeof(w) || cp[2] != 's' || cp[3] != 's')
322 oobdata[0] &= ~TIOCPKT_WINDOW; /* we know he heard */
323 bcopy(cp+4, (char *)&w, sizeof(w));
324 w.ws_row = ntohs(w.ws_row);
325 w.ws_col = ntohs(w.ws_col);
326 w.ws_xpixel = ntohs(w.ws_xpixel);
327 w.ws_ypixel = ntohs(w.ws_ypixel);
328 (void)ioctl(pty, TIOCSWINSZ, &w);
329 return (4+sizeof (w));
333 * rlogin "protocol" machine.
336 protocol(int f, int p)
338 char pibuf[1024+1], fibuf[1024], *pbp = NULL, *fbp = NULL;
339 int pcc = 0, fcc = 0;
344 * Must ignore SIGTTOU, otherwise we'll stop
345 * when we try and set slave pty's window shape
346 * (our controlling tty is the master pty).
348 (void) signal(SIGTTOU, SIG_IGN);
349 send(f, oobdata, 1, MSG_OOB); /* indicate new rlogin */
355 struct pollfd set[2];
358 set[0].events = POLLPRI;
362 set[0].events |= POLLOUT;
364 set[1].events |= POLLIN;
367 set[1].events |= POLLOUT;
369 set[0].events |= POLLIN;
371 if ((n = poll(set, 2, INFTIM)) < 0) {
377 /* shouldn't happen... */
381 #define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
382 if (set[0].revents & POLLPRI) {
383 cc = read(p, &cntl, 1);
384 if (cc == 1 && pkcontrol(cntl)) {
386 send(f, &cntl, 1, MSG_OOB);
387 if (cntl & TIOCPKT_FLUSHWRITE)
391 if (set[1].revents & POLLIN) {
392 fcc = read(f, fibuf, sizeof(fibuf));
393 if (fcc < 0 && errno == EWOULDBLOCK)
404 for (cp = fibuf; cp < fibuf+fcc-1; cp++)
405 if (cp[0] == magic[0] &&
407 left = fcc - (cp-fibuf);
408 n = control(p, cp, left);
412 bcopy(cp+n, cp, left);
420 if (set[0].revents & POLLOUT && fcc > 0) {
421 cc = write(p, fbp, fcc);
428 if (set[0].revents & POLLIN) {
429 pcc = read(p, pibuf, sizeof (pibuf));
431 if (pcc < 0 && errno == EWOULDBLOCK)
435 else if (pibuf[0] == 0) {
438 if (pkcontrol(pibuf[0])) {
439 pibuf[0] |= oobdata[0];
440 send(f, &pibuf[0], 1, MSG_OOB);
445 if (set[1].revents & POLLOUT && pcc > 0) {
446 cc = write(f, pbp, pcc);
456 cleanup(int signo __unused)
459 shutdown(netf, SHUT_RDWR);
464 fatal(int f, char *msg, int syserr)
467 char buf[BUFSIZ], *bp = buf;
470 * Prepend binary one to message if we haven't sent
471 * the magic null as confirmation.
474 *bp++ = '\01'; /* error indicator */
476 len = snprintf(bp, sizeof(buf), "rlogind: %s: %s.\r\n",
477 msg, strerror(errno));
479 len = snprintf(bp, sizeof(buf), "rlogind: %s.\r\n", msg);
482 (void) write(f, buf, bp + len - buf);
487 do_rlogin(union sockunion *dest)
490 getstr(rusername, sizeof(rusername), "remuser too long");
491 getstr(lusername, sizeof(lusername), "locuser too long");
492 getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
494 pwd = getpwnam(lusername);
497 /* XXX why don't we syslog() failure? */
499 return (iruserok_sa(dest, dest->su_len, pwd->pw_uid == 0, rusername,
504 getstr(char *buf, int cnt, char *errmsg)
509 if (read(STDIN_FILENO, &c, 1) != 1)
512 fatal(STDOUT_FILENO, errmsg, 0);
517 extern char **environ;
524 struct termios tt, def;
526 cp = strchr(term + ENVSIZE, '/');
532 cp = strchr(speed, '/');
535 cfsetspeed(&tt, atoi(speed));
539 tt.c_iflag = def.c_iflag;
540 tt.c_oflag = def.c_oflag;
541 tt.c_lflag = def.c_lflag;
542 tcsetattr(fd, TCSAFLUSH, &tt);
547 cp = strchr(speed, '/');
551 cfsetspeed(&tt, atoi(speed));
552 tcsetattr(fd, TCSAFLUSH, &tt);
564 syslog(LOG_ERR, "usage: rlogind [-" ARGSTR "]");