2 * Copyright (c) 1983, 1990, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 2002 Networks Associates Technology, Inc.
7 * Portions of this software were developed for the FreeBSD Project by
8 * ThinkSec AS and NAI Labs, the Security Research Division of Network
9 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
10 * ("CBOSS"), as part of the DARPA CHATS research program.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the University of
23 * California, Berkeley and its contributors.
24 * 4. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 static const char copyright[] =
43 "@(#) Copyright (c) 1983, 1990, 1993, 1994\n\
44 The Regents of the University of California. All rights reserved.\n";
48 static const char sccsid[] = "From: @(#)rsh.c 8.3 (Berkeley) 4/6/94";
51 #include <sys/cdefs.h>
52 __FBSDID("$FreeBSD$");
54 #include <sys/param.h>
55 #include <sys/signal.h>
56 #include <sys/socket.h>
57 #include <sys/ioctl.h>
61 #include <netinet/in.h>
77 #include <openssl/des.h>
82 Key_schedule schedule;
83 int use_kerberos = 1, doencrypt;
84 char dst_realm_buf[REALM_SZ], *dest_realm;
85 extern char *krb_realmofhost();
93 int family = PF_UNSPEC;
94 char rlogin[] = "rlogin";
96 char *copyargs(char * const *);
98 void talk(int, long, pid_t, int, int);
102 main(int argc, char *argv[])
104 struct passwd const *pw;
105 struct servent const *sp;
107 int argoff, asrsh, ch, dflag, nflag, one, rem;
110 char *args, *host, *p, *user;
116 argoff = asrsh = dflag = nflag = 0;
120 /* if called as something other than "rsh", use it as the host name */
121 if ((p = strrchr(argv[0], '/')))
125 if (strcmp(p, "rsh"))
130 /* handle "rsh host flags" */
131 if (!host && argc > 2 && argv[1][0] != '-') {
138 #define OPTIONS "468KLde:k:l:nt:wx"
140 #define OPTIONS "468KLde:k:l:nt:w"
143 #define OPTIONS "468KLde:l:nt:w"
145 while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
160 case 'L': /* -8Lew are ignored to allow rlogin aliases */
173 dest_realm = dst_realm_buf;
174 strncpy(dest_realm, optarg, REALM_SZ);
188 timeout = atoi(optarg);
196 /* if haven't gotten a host yet, do so */
197 if (!host && !(host = argv[optind++]))
200 /* if no further arguments, must have been called as rlogin. */
204 execv(_PATH_RLOGIN, argv);
205 err(1, "can't exec %s", _PATH_RLOGIN);
211 if (!(pw = getpwuid(uid = getuid())))
212 errx(1, "unknown user id");
218 /* -x turns off -n */
224 args = copyargs(argv);
228 k = auth_getval("auth_list");
229 if (k && !strstr(k, "kerberos"))
232 sp = getservbyname((doencrypt ? "ekshell" : "kshell"), "tcp");
236 "warning, using standard rsh: can't get entry for %s/tcp service",
237 doencrypt ? "ekshell" : "kshell");
242 sp = getservbyname("shell", "tcp");
244 errx(1, "shell/tcp: unknown service");
251 /* fully qualify hostname (needed for krb_realmofhost) */
252 hp = gethostbyname(host);
253 if (hp != NULL && !(host = strdup(hp->h_name)))
258 if (dest_realm == NULL)
259 dest_realm = krb_realmofhost(host);
263 rem = krcmd_mutual(&host, sp->s_port, user, args,
264 &rfd2, dest_realm, &cred, schedule);
265 des_set_key(&cred.session, schedule);
268 rem = krcmd(&host, sp->s_port, user, args, &rfd2,
272 sp = getservbyname("shell", "tcp");
274 errx(1, "shell/tcp: unknown service");
275 if (errno == ECONNREFUSED)
277 "warning, using standard rsh: remote host doesn't support Kerberos");
280 "warning, using standard rsh: can't provide Kerberos auth data");
285 errx(1, "the -x flag requires Kerberos authentication");
286 rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args,
290 rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args, &rfd2,
298 errx(1, "can't establish stderr");
300 if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, &one,
303 if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, &one,
309 omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGTERM));
310 if (signal(SIGINT, SIG_IGN) != SIG_IGN)
311 (void)signal(SIGINT, sendsig);
312 if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
313 (void)signal(SIGQUIT, sendsig);
314 if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
315 (void)signal(SIGTERM, sendsig);
323 (void)shutdown(rem, 1);
331 (void)ioctl(rfd2, FIONBIO, &one);
332 (void)ioctl(rem, FIONBIO, &one);
335 talk(nflag, omask, pid, rem, timeout);
338 (void)kill(pid, SIGKILL);
343 talk(int nflag, long omask, pid_t pid, int rem, int timeout)
346 fd_set readfrom, ready, rembits;
349 struct timeval tvtimeout;
352 if (!nflag && pid == 0) {
356 if ((cc = read(0, buf, sizeof buf)) <= 0)
362 FD_SET(rem, &rembits);
364 if (select(nfds, 0, &rembits, 0, 0) < 0) {
369 if (!FD_ISSET(rem, &rembits))
374 wc = des_enc_write(rem, bp, cc, schedule, &cred.session);
378 wc = write(rem, bp, cc);
380 if (errno == EWOULDBLOCK)
390 (void)shutdown(rem, 1);
394 tvtimeout.tv_sec = timeout;
395 tvtimeout.tv_usec = 0;
397 (void)sigsetmask(omask);
399 FD_SET(rfd2, &readfrom);
400 FD_SET(rem, &readfrom);
401 nfds = MAX(rfd2+1, rem+1);
405 srval = select(nfds, &ready, 0, 0, &tvtimeout);
407 srval = select(nfds, &ready, 0, 0, 0);
416 errx(1, "timeout reached (%d seconds)\n", timeout);
417 if (FD_ISSET(rfd2, &ready)) {
422 cc = des_enc_read(rfd2, buf, sizeof buf, schedule, &cred.session);
426 cc = read(rfd2, buf, sizeof buf);
428 if (errno != EWOULDBLOCK)
429 FD_CLR(rfd2, &readfrom);
431 (void)write(STDERR_FILENO, buf, cc);
433 if (FD_ISSET(rem, &ready)) {
438 cc = des_enc_read(rem, buf, sizeof buf, schedule, &cred.session);
442 cc = read(rem, buf, sizeof buf);
444 if (errno != EWOULDBLOCK)
445 FD_CLR(rem, &readfrom);
447 (void)write(STDOUT_FILENO, buf, cc);
449 } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom));
461 (void)des_enc_write(rfd2, &signo, 1, schedule, &cred.session);
465 (void)write(rfd2, &signo, 1);
469 copyargs(char * const *argv)
476 for (ap = argv; *ap; ++ap)
477 cc += strlen(*ap) + 1;
478 if (!(args = malloc((u_int)cc)))
480 for (p = args, ap = argv; *ap; ++ap) {
481 (void)strcpy(p, *ap);
482 for (p = strcpy(p, *ap); *p; ++p);
493 (void)fprintf(stderr,
494 "usage: rsh [-46] [-ndK%s]%s[-l login] [-t timeout] host [command]\n",
497 "x", " [-k realm] ");