2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 RCSID("$Id: rsh.c 21516 2007-07-12 12:47:23Z lha $");
37 enum auth_method auth_method;
38 #if defined(KRB4) || defined(KRB5)
42 int do_unique_tkfile = 0;
43 char *unique_tkfile = NULL;
44 char tkfile[MAXPATHLEN];
46 int do_forwardable = -1;
48 krb5_keyblock *keyblock;
52 des_key_schedule schedule;
58 static int use_v4 = -1;
61 static int use_v5 = -1;
63 #if defined(KRB4) || defined(KRB5)
64 static int use_only_broken = 0;
66 static int use_only_broken = 1;
68 static int use_broken = 1;
69 static char *port_str;
70 static const char *user;
71 static int do_version;
73 static int do_errsock = 1;
75 static char *protocol_version_str;
76 static int protocol_version = 2;
83 static int input = 1; /* Read from stdin */
86 rsh_loop (int s, int errsock)
92 if(auth_method == AUTH_KRB5 && protocol_version == 2)
93 init_ivecs(1, errsock != -1);
96 if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE))
97 errx (1, "fd too large");
99 FD_ZERO(&real_readset);
100 FD_SET(s, &real_readset);
102 FD_SET(errsock, &real_readset);
106 FD_SET(STDIN_FILENO, &real_readset);
111 char buf[RSH_BUFSIZ];
113 readset = real_readset;
114 ret = select (max(s, errsock) + 1, &readset, NULL, NULL, NULL);
121 if (FD_ISSET(s, &readset)) {
122 ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
127 FD_CLR(s, &real_readset);
131 net_write (STDOUT_FILENO, buf, ret);
133 if (errsock != -1 && FD_ISSET(errsock, &readset)) {
134 ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
139 FD_CLR(errsock, &real_readset);
143 net_write (STDERR_FILENO, buf, ret);
145 if (FD_ISSET(STDIN_FILENO, &readset)) {
146 ret = read (STDIN_FILENO, buf, sizeof(buf));
150 close (STDIN_FILENO);
151 FD_CLR(STDIN_FILENO, &real_readset);
152 shutdown (s, SHUT_WR);
154 do_write (s, buf, ret, ivec_out[0]);
161 send_krb4_auth(int s,
162 struct sockaddr *thisaddr,
163 struct sockaddr *thataddr,
164 const char *hostname,
165 const char *remote_user,
166 const char *local_user,
176 /* the normal default for krb4 should be to disable encryption */
177 status = krb_sendauth ((do_encrypt == 1) ? KOPT_DO_MUTUAL : 0,
179 (char *)hostname, krb_realmofhost (hostname),
180 getpid(), &msg, &cred, schedule,
181 (struct sockaddr_in *)thisaddr,
182 (struct sockaddr_in *)thataddr,
184 if (status != KSUCCESS) {
185 warnx("%s: %s", hostname, krb_get_err_text(status));
188 memcpy (iv, cred.session, sizeof(iv));
190 len = strlen(remote_user) + 1;
191 if (net_write (s, remote_user, len) != len) {
195 if (net_write (s, cmd, cmd_len) != cmd_len) {
205 * Send forward information on `s' for host `hostname', them being
206 * forwardable themselves if `forwardable'
210 krb5_forward_cred (krb5_auth_context auth_context,
212 const char *hostname,
218 krb5_kdc_flags flags;
220 krb5_principal principal;
222 memset (&creds, 0, sizeof(creds));
224 ret = krb5_cc_default (context, &ccache);
226 warnx ("could not forward creds: krb5_cc_default: %s",
227 krb5_get_err_text (context, ret));
231 ret = krb5_cc_get_principal (context, ccache, &principal);
233 warnx ("could not forward creds: krb5_cc_get_principal: %s",
234 krb5_get_err_text (context, ret));
238 creds.client = principal;
240 ret = krb5_build_principal (context,
242 strlen(principal->realm),
249 warnx ("could not forward creds: krb5_build_principal: %s",
250 krb5_get_err_text (context, ret));
254 creds.times.endtime = 0;
257 flags.b.forwarded = 1;
258 flags.b.forwardable = forwardable;
260 ret = krb5_get_forwarded_creds (context,
268 warnx ("could not forward creds: krb5_get_forwarded_creds: %s",
269 krb5_get_err_text (context, ret));
273 ret = krb5_write_message (context,
276 krb5_data_free (&out_data);
279 warnx ("could not forward creds: krb5_write_message: %s",
280 krb5_get_err_text (context, ret));
284 static int sendauth_version_error;
287 send_krb5_auth(int s,
288 struct sockaddr *thisaddr,
289 struct sockaddr *thataddr,
290 const char *hostname,
291 const char *remote_user,
292 const char *local_user,
296 krb5_principal server;
297 krb5_data cksum_data;
300 krb5_auth_context auth_context = NULL;
301 const char *protocol_string = NULL;
305 status = krb5_sname_to_principal(context,
311 warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
315 if(do_encrypt == -1) {
316 krb5_appdefault_boolean(context, NULL,
317 krb5_principal_get_realm(context, server),
323 cksum_data.length = asprintf (&str,
325 ntohs(socket_get_port(thataddr)),
326 do_encrypt ? "-x " : "",
330 warnx ("%s: failed to allocate command", hostname);
333 cksum_data.data = str;
338 ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
340 switch(protocol_version) {
342 ap_opts |= AP_OPTS_USE_SUBKEY;
343 protocol_string = KCMD_NEW_VERSION;
346 protocol_string = KCMD_OLD_VERSION;
347 key_usage = KRB5_KU_OTHER_ENCRYPTED;
353 status = krb5_sendauth (context,
367 /* do this while we have a principal */
368 if(do_forward == -1 || do_forwardable == -1) {
369 krb5_const_realm realm = krb5_principal_get_realm(context, server);
370 if (do_forwardable == -1)
371 krb5_appdefault_boolean(context, NULL, realm,
372 "forwardable", FALSE,
374 if (do_forward == -1)
375 krb5_appdefault_boolean(context, NULL, realm,
380 krb5_free_principal(context, server);
381 krb5_data_free(&cksum_data);
384 if(status == KRB5_SENDAUTH_REJECTED &&
385 protocol_version == 2 && protocol_version_str == NULL)
386 sendauth_version_error = 1;
388 krb5_warn(context, status, "%s", hostname);
392 status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
394 status = krb5_auth_con_getkey (context, auth_context, &keyblock);
396 warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
400 status = krb5_auth_con_setaddrs_from_fd (context,
404 warnx("krb5_auth_con_setaddrs_from_fd: %s",
405 krb5_get_err_text(context, status));
409 status = krb5_crypto_init(context, keyblock, 0, &crypto);
411 warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status));
415 len = strlen(remote_user) + 1;
416 if (net_write (s, remote_user, len) != len) {
420 if (do_encrypt && net_write (s, "-x ", 3) != 3) {
424 if (net_write (s, cmd, cmd_len) != cmd_len) {
429 if (do_unique_tkfile) {
430 if (net_write (s, tkfile, strlen(tkfile)) != strlen(tkfile)) {
435 len = strlen(local_user) + 1;
436 if (net_write (s, local_user, len) != len) {
442 || krb5_forward_cred (auth_context, s, hostname, do_forwardable)) {
443 /* Empty forwarding info */
445 u_char zero[4] = {0, 0, 0, 0};
448 krb5_auth_con_free (context, auth_context);
455 send_broken_auth(int s,
456 struct sockaddr *thisaddr,
457 struct sockaddr *thataddr,
458 const char *hostname,
459 const char *remote_user,
460 const char *local_user,
466 len = strlen(local_user) + 1;
467 if (net_write (s, local_user, len) != len) {
471 len = strlen(remote_user) + 1;
472 if (net_write (s, remote_user, len) != len) {
476 if (net_write (s, cmd, cmd_len) != cmd_len) {
484 proto (int s, int errsock,
485 const char *hostname, const char *local_user, const char *remote_user,
486 const char *cmd, size_t cmd_len,
487 int (*auth_func)(int s,
488 struct sockaddr *this, struct sockaddr *that,
489 const char *hostname, const char *remote_user,
490 const char *local_user, size_t cmd_len,
498 struct sockaddr_storage thisaddr_ss;
499 struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
500 struct sockaddr_storage thataddr_ss;
501 struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
502 struct sockaddr_storage erraddr_ss;
503 struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
507 addrlen = sizeof(thisaddr_ss);
508 if (getsockname (s, thisaddr, &addrlen) < 0) {
509 warn ("getsockname(%s)", hostname);
512 addrlen = sizeof(thataddr_ss);
513 if (getpeername (s, thataddr, &addrlen) < 0) {
514 warn ("getpeername(%s)", hostname);
520 addrlen = sizeof(erraddr_ss);
521 if (getsockname (errsock, erraddr, &addrlen) < 0) {
522 warn ("getsockname");
526 if (listen (errsock, 1) < 0) {
532 snprintf (p, sizeof(buf), "%u",
533 ntohs(socket_get_port(erraddr)));
534 len = strlen(buf) + 1;
535 if(net_write (s, buf, len) != len) {
545 if (errsock >= FD_SETSIZE || s >= FD_SETSIZE)
546 errx (1, "fd too large");
549 FD_SET(errsock, &fdset);
552 ret = select (max(errsock, s) + 1, &fdset, NULL, NULL, NULL);
560 if (FD_ISSET(errsock, &fdset)) {
561 errsock2 = accept (errsock, NULL, NULL);
571 * there should not arrive any data on this fd so if it's
572 * readable it probably indicates that the other side when
576 if (FD_ISSET(s, &fdset)) {
577 warnx ("socket closed");
584 if (net_write (s, "0", 2) != 2) {
591 if ((*auth_func)(s, thisaddr, thataddr, hostname,
592 remote_user, local_user,
598 ret = net_read (s, &reply, 1);
603 } else if (ret == 0) {
604 warnx ("unexpected EOF from %s", hostname);
610 warnx ("Error from rshd at %s:", hostname);
612 while ((ret = read (s, buf, sizeof(buf))) > 0)
613 write (STDOUT_FILENO, buf, ret);
614 write (STDOUT_FILENO,"\n",1);
621 if (setsockopt(s, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0)
622 warn("setsockopt remote");
623 if (errsock2 != -1 &&
624 setsockopt(errsock2, SOL_SOCKET, SO_DEBUG,
625 (void *)&one, sizeof(one)) < 0)
626 warn("setsockopt stderr");
629 return rsh_loop (s, errsock2);
633 * Return in `res' a copy of the concatenation of `argc, argv' into
637 construct_command (char **res, int argc, char **argv)
643 for (i = 0; i < argc; ++i)
644 len += strlen(argv[i]) + 1;
648 errx (1, "malloc %lu failed", (unsigned long)len);
651 for (i = 0; i < argc - 1; ++i) {
652 strlcat (tmp, argv[i], len);
653 strlcat (tmp, " ", len);
656 strlcat (tmp, argv[argc-1], len);
662 print_addr (const struct sockaddr *sa)
666 const char *as = NULL;
668 if(sa->sa_family == AF_INET)
669 as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr,
670 addr_str, sizeof(addr_str));
672 else if(sa->sa_family == AF_INET6)
673 as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr,
674 addr_str, sizeof(addr_str));
680 errx (1, "malloc: out of memory");
685 doit_broken (int argc,
689 const char *remote_user,
690 const char *local_user,
698 if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) {
699 int save_errno = errno;
704 for (a = ai->ai_next; a != NULL; a = a->ai_next) {
706 char *adr = print_addr(a->ai_addr);
717 new_argv = malloc((argc + 2) * sizeof(*new_argv));
718 if (new_argv == NULL)
719 errx (1, "malloc: out of memory");
720 new_argv[i] = argv[i];
724 new_argv[i++] = "-K";
725 for(; i <= argc; ++i)
726 new_argv[i] = argv[i - 1];
728 new_argv[hostindex + 1] = adr;
729 new_argv[argc + 1] = NULL;
730 execv(PATH_RSH, new_argv);
731 err(1, "execv(%s)", PATH_RSH);
736 while(waitpid(pid, &status, 0) < 0)
738 if(WIFEXITED(status) && WEXITSTATUS(status) == 0)
743 warn("%s", argv[hostindex]);
748 ret = proto (priv_socket1, priv_socket2,
750 local_user, remote_user,
757 #if defined(KRB4) || defined(KRB5)
759 doit (const char *hostname,
761 const char *remote_user,
762 const char *local_user,
765 int (*auth_func)(int s,
766 struct sockaddr *this, struct sockaddr *that,
767 const char *hostname, const char *remote_user,
768 const char *local_user, size_t cmd_len,
773 int socketfailed = 1;
776 for (a = ai; a != NULL; a = a->ai_next) {
780 s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
784 if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
786 if(getnameinfo(a->ai_addr, a->ai_addrlen,
787 addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0)
788 warn ("connect(%s [%s])", hostname, addr);
790 warn ("connect(%s)", hostname);
795 struct addrinfo *ea, *eai;
796 struct addrinfo hints;
798 memset (&hints, 0, sizeof(hints));
799 hints.ai_socktype = a->ai_socktype;
800 hints.ai_protocol = a->ai_protocol;
801 hints.ai_family = a->ai_family;
802 hints.ai_flags = AI_PASSIVE;
806 error = getaddrinfo (NULL, "0", &hints, &eai);
808 errx (1, "getaddrinfo: %s", gai_strerror(error));
809 for (ea = eai; ea != NULL; ea = ea->ai_next) {
810 errsock = socket (ea->ai_family, ea->ai_socktype,
814 if (bind (errsock, ea->ai_addr, ea->ai_addrlen) < 0)
824 ret = proto (s, errsock,
826 local_user, remote_user,
827 cmd, cmd_len, auth_func);
832 warnx ("failed to contact %s", hostname);
835 #endif /* KRB4 || KRB5 */
837 struct getargs args[] = {
839 { "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" },
842 { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" },
843 { "forward", 'f', arg_flag, &do_forward, "Forward credentials [krb5]"},
844 { "forwardable", 'F', arg_flag, &do_forwardable,
845 "Forward forwardable credentials [krb5]" },
846 { NULL, 'G', arg_negative_flag,&do_forward, "Don't forward credentials" },
847 { "unique", 'u', arg_flag, &do_unique_tkfile,
848 "Use unique remote credentials cache [krb5]" },
849 { "tkfile", 'U', arg_string, &unique_tkfile,
850 "Specifies remote credentials cache [krb5]" },
851 { "protocol", 'P', arg_string, &protocol_version_str,
852 "Protocol version [krb5]", "protocol" },
854 { "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
855 #if defined(KRB4) || defined(KRB5)
856 { "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
857 { NULL, 'z', arg_negative_flag, &do_encrypt,
858 "Don't encrypt connection", NULL },
860 { NULL, 'd', arg_flag, &sock_debug, "Enable socket debugging" },
861 { "input", 'n', arg_negative_flag, &input, "Close stdin" },
862 { "port", 'p', arg_string, &port_str, "Use this port",
864 { "user", 'l', arg_string, &user, "Run as this user", "login" },
865 { "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"},
868 { "version", 0, arg_flag, &do_version, NULL },
869 { "help", 0, arg_flag, &do_help, NULL }
875 arg_printusage (args,
876 sizeof(args) / sizeof(args[0]),
878 "[login@]host [command]");
887 main(int argc, char **argv)
889 int priv_port1, priv_port2;
890 int priv_socket1, priv_socket2;
893 struct addrinfo hints, *ai;
898 const char *local_user;
906 priv_port1 = priv_port2 = IPPORT_RESERVED-1;
907 priv_socket1 = rresvport(&priv_port1);
908 priv_socket2 = rresvport(&priv_port2);
910 if (setuid (uid) || (uid != 0 && setuid(0) == 0))
913 setprogname (argv[0]);
915 if (argc >= 2 && argv[1][0] != '-') {
916 host = argv[host_index = 1];
920 if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
928 print_version (NULL);
933 if(protocol_version_str != NULL) {
934 if(strcasecmp(protocol_version_str, "N") == 0)
935 protocol_version = 2;
936 else if(strcasecmp(protocol_version_str, "O") == 0)
937 protocol_version = 1;
941 v = strtol(protocol_version_str, &end, 0);
942 if(*end != '\0' || (v != 1 && v != 2)) {
943 errx(1, "unknown protocol version \"%s\"",
944 protocol_version_str);
946 protocol_version = v;
950 status = krb5_init_context (&context);
953 errx(1, "krb5_init_context failed: %d", status);
958 /* request for forwardable on the command line means we should
960 if (do_forwardable == 1)
965 #if defined(KRB4) && defined(KRB5)
966 if(use_v4 == -1 && use_v5 == 1)
968 if(use_v5 == -1 && use_v4 == 1)
972 if (use_only_broken) {
981 if(priv_socket1 < 0) {
983 errx (1, "unable to bind reserved port: is rsh setuid root?");
987 #if defined(KRB4) || defined(KRB5)
988 if (do_encrypt == 1 && use_only_broken)
989 errx (1, "encryption not supported with old style authentication");
995 if (do_unique_tkfile && unique_tkfile != NULL)
996 errx (1, "Only one of -u and -U allowed.");
998 if (do_unique_tkfile)
999 strlcpy(tkfile,"-u ", sizeof(tkfile));
1000 else if (unique_tkfile != NULL) {
1001 if (strchr(unique_tkfile,' ') != NULL) {
1002 warnx("Space is not allowed in tkfilename");
1005 do_unique_tkfile = 1;
1006 snprintf (tkfile, sizeof(tkfile), "-U %s ", unique_tkfile);
1011 if (argc - argindex < 1)
1014 host = argv[host_index = argindex++];
1017 if((tmp = strchr(host, '@')) != NULL) {
1023 if (argindex == argc) {
1024 close (priv_socket1);
1025 close (priv_socket2);
1027 execvp ("rlogin", argv);
1028 err (1, "execvp rlogin");
1031 local_user = get_default_username ();
1032 if (local_user == NULL)
1033 errx (1, "who are you?");
1038 cmd_len = construct_command(&cmd, argc - argindex, argv + argindex);
1041 * Try all different authentication methods
1045 if (ret && use_v5) {
1046 memset (&hints, 0, sizeof(hints));
1047 hints.ai_socktype = SOCK_STREAM;
1048 hints.ai_protocol = IPPROTO_TCP;
1050 if(port_str == NULL) {
1051 error = getaddrinfo(host, "kshell", &hints, &ai);
1052 if(error == EAI_NONAME)
1053 error = getaddrinfo(host, "544", &hints, &ai);
1055 error = getaddrinfo(host, port_str, &hints, &ai);
1058 errx (1, "getaddrinfo: %s", gai_strerror(error));
1060 auth_method = AUTH_KRB5;
1062 ret = doit (host, ai, user, local_user, cmd, cmd_len,
1064 if(ret != 0 && sendauth_version_error &&
1065 protocol_version == 2) {
1066 protocol_version = 1;
1073 if (ret && use_v4) {
1074 memset (&hints, 0, sizeof(hints));
1075 hints.ai_socktype = SOCK_STREAM;
1076 hints.ai_protocol = IPPROTO_TCP;
1078 if(port_str == NULL) {
1080 error = getaddrinfo(host, "ekshell", &hints, &ai);
1081 if(error == EAI_NONAME)
1082 error = getaddrinfo(host, "545", &hints, &ai);
1084 error = getaddrinfo(host, "kshell", &hints, &ai);
1085 if(error == EAI_NONAME)
1086 error = getaddrinfo(host, "544", &hints, &ai);
1089 error = getaddrinfo(host, port_str, &hints, &ai);
1092 errx (1, "getaddrinfo: %s", gai_strerror(error));
1093 auth_method = AUTH_KRB4;
1094 ret = doit (host, ai, user, local_user, cmd, cmd_len,
1099 if (ret && use_broken) {
1100 memset (&hints, 0, sizeof(hints));
1101 hints.ai_socktype = SOCK_STREAM;
1102 hints.ai_protocol = IPPROTO_TCP;
1104 if(port_str == NULL) {
1105 error = getaddrinfo(host, "shell", &hints, &ai);
1106 if(error == EAI_NONAME)
1107 error = getaddrinfo(host, "514", &hints, &ai);
1109 error = getaddrinfo(host, port_str, &hints, &ai);
1112 errx (1, "getaddrinfo: %s", gai_strerror(error));
1114 auth_method = AUTH_BROKEN;
1115 ret = doit_broken (argc, argv, host_index, ai,
1118 do_errsock ? priv_socket2 : -1,