6 * Copyright (c) 1983 The Regents of the University of California.
9 * Redistribution and use in source and binary forms are permitted
10 * provided that the above copyright notice and this paragraph are
11 * duplicated in all such forms and that any documentation,
12 * advertising materials, and other materials related to such
13 * distribution and use acknowledge that the software was developed
14 * by the University of California, Berkeley. The name of the
15 * University may not be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
19 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
24 "@(#) Copyright (c) 1983 The Regents of the University of California.\n\
25 All rights reserved.\n";
28 /* based on @(#)rlogind.c 5.17 (Berkeley) 8/31/88 */
31 * remote login server:
39 * This is the rlogin daemon. The very basic protocol for checking
40 * authentication and authorization is:
41 * 1) Check authentication.
42 * 2) Check authorization via the access-control files:
43 * ~/.k5login (using krb5_kuserok) and/or
44 * ~/.rhosts (using ruserok).
45 * 3) Prompt for password if any checks fail, or if so configured.
46 * Allow login if all goes well either by calling the accompanying
47 * login.krb5 or /bin/login, according to the definition of
50 * The configuration is done either by command-line arguments passed by
51 * inetd, or by the name of the daemon. If command-line arguments are
52 * present, they take priority. The options are:
53 * -k and -K means check .k5login (using krb5_kuserok).
54 * -r and -R means check .rhosts (using ruserok).
55 * -p and -P means prompt for password.
56 * The difference between upper and lower case is as follows:
57 * If lower case -r or -k, then as long as one of krb5_kuserok or
58 * ruserok passes, allow login without password. If the -p option is
59 * passed with -r or -k, then if both checks fail, allow login but
60 * only after password verification.
61 * If uppercase -R or -K, then those checks must be passed,
62 * regardless of other checks, else no login with or without password.
63 * If the -P option is passed, then the password is verified in
64 * addition to all other checks. If -p is not passed with -k or -r,
65 * and both checks fail, then login permission is denied.
66 * -x and -e means use encryption.
68 * If no command-line arguments are present, then the presence of the
69 * letters kKrRexpP in the program-name before "logind" determine the
70 * behaviour of the program exactly as with the command-line arguments.
72 * If the ruserok check is to be used, then the client should connect
73 * from a privileged port, else deny permission.
77 * KERBEROS - Define this if application is to be kerberised.
78 * CRYPT - Define this if encryption is to be an option.
79 * DO_NOT_USE_K_LOGIN - Define this if you want to use /bin/login
80 * instead of the accompanying login.krb5. In that case,
81 * the remote user's name must be present in the local
82 * .rhosts file, regardless of any options specified.
83 * KRB5_KRB4_COMPAT - Define this if v4 rlogin clients are also to be served.
84 * ALWAYS_V5_KUSEROK - Define this if you want .k5login to be
85 * checked even for v4 clients (instead of .klogin).
86 * LOG_ALL_LOGINS - Define this if you want to log all logins.
87 * LOG_OTHER_USERS - Define this if you want to log all principals
88 * that do not map onto the local user.
89 * LOG_REMOTE_REALM - Define this if you want to log all principals from
91 * Note: Root logins are always logged.
95 * This is usually done in the Makefile. Actually, these sources may
96 * not work without the KERBEROS #defined.
100 #define LOG_REMOTE_REALM
108 #include <sys/unistd.h>
115 #include <sys/types.h>
116 #include <sys/stat.h>
117 #include <sys/socket.h>
118 #include <sys/ioctl.h>
119 #include <sys/wait.h>
120 #include <sys/file.h>
121 #include <sys/time.h>
124 #include <netinet/in.h>
128 #ifdef HAVE_SYS_LABEL_H
130 #include <sys/label.h>
131 #include <sys/audit.h>
138 #include <sys/ptyio.h>
144 #ifdef HAVE_SYS_SELECT_H
145 #include <sys/select.h>
149 #include <sys/stream.h>
150 #include <sys/stropts.h>
153 #if defined(POSIX_TERMIOS) && !defined(ultrix)
162 #include <sys/param.h>
166 /* krlogin doesn't test sys/tty... */
167 #ifdef HAVE_SYS_TTY_H
171 #ifdef HAVE_SYS_PTYVAR_H
172 /* Solaris actually uses packet mode, so the real macros are needed too */
173 #include <sys/ptyvar.h>
178 #ifndef TIOCPKT_NOSTOP
179 /* These values are over-the-wire protocol, *not* local values */
180 #define TIOCPKT_NOSTOP 0x10
181 #define TIOCPKT_DOSTOP 0x20
182 #define TIOCPKT_FLUSHWRITE 0x02
185 #ifdef HAVE_SYS_FILIO_H
186 /* get FIONBIO from sys/filio.h, so what if it is a compatibility feature */
187 #include <sys/filio.h>
190 #ifndef SETPGRP_TWOARG
191 #define setpgrp(a,b) setpgrp()
195 #define killpg(pid, sig) kill(-(pid), (sig))
200 unsigned short ws_row, ws_col;
201 unsigned short ws_xpixel, ws_ypixel;
203 #endif /* NO_WINSIZE */
206 #define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
212 #include <kerberosIV/krb.h>
218 int auth_sys = 0; /* Which version of Kerberos used to authenticate */
220 #define KRB5_RECVAUTH_V4 4
221 #define KRB5_RECVAUTH_V5 5
223 int non_privileged = 0; /* set when connection is seen to be from */
224 /* a non-privileged port */
227 Key_schedule v4_schedule;
228 int v4_des_read(), v4_des_write();
232 int v5_des_read(), v5_des_write();
236 #define SECURE_MESSAGE "This rlogin session is using DES encryption for all data transmissions.\r\n"
238 int (*des_read)(), (*des_write)();
239 char des_inbuf[2*BUFSIZ]; /* needs to be > largest read size */
240 char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */
241 krb5_data desinbuf,desoutbuf;
242 krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
244 krb5_authenticator *kdata;
245 krb5_ticket *ticket = 0;
246 krb5_context bsd_context;
250 #define ARGSTR "rRkKeExXpPD:S:M:L:?"
251 #else /* !KERBEROS */
252 #define ARGSTR "rRpPD:?"
253 #define (*des_read) read
254 #define (*des_write) write
255 #endif /* KERBEROS */
257 #ifndef LOGIN_PROGRAM
258 #ifdef DO_NOT_USE_K_LOGIN
260 #define LOGIN_PROGRAM "/bin/remlogin"
262 #define LOGIN_PROGRAM "/bin/login"
264 #else /* DO_NOT_USE_K_LOGIN */
265 #define LOGIN_PROGRAM KRB5_PATH_LOGIN
266 #endif /* DO_NOT_USE_K_LOGIN */
267 #endif /* LOGIN_PROGRAM */
269 char *login_program = LOGIN_PROGRAM;
272 #define MAX_PROG_NAME 16
274 #ifndef UT_NAMESIZE /* linux defines it directly in <utmp.h> */
275 #define UT_NAMESIZE sizeof(((struct utmp *)0)->ut_name)
278 char lusername[UT_NAMESIZE+1];
279 char rusername[UT_NAMESIZE+1];
280 char *krusername = 0;
282 char rhost_name[128];
283 krb5_principal client;
291 #if (defined(_AIX) && defined(i386)) || defined(ibm032) || (defined(vax) && !defined(ultrix)) || (defined(SunOS) && SunOS > 40) || defined(solaris20)
296 #define VHANG_LAST /* vhangup must occur on close, not open */
299 void fatal(), fatalperror(), doit(), usage(), do_krb_login();
300 int princ_maps_to_lname(), default_realm();
301 krb5_sigtype cleanup();
303 int must_pass_rhosts = 0, must_pass_k5 = 0, must_pass_one = 0;
304 int do_encrypt = 0, passwd_if_fail = 0, passwd_req = 0;
310 extern int opterr, optind;
311 extern char * optarg;
312 int on = 1, fromlen, ch, i;
313 struct sockaddr_in from;
325 krb5_init_context(&bsd_context);
326 krb5_init_ets(bsd_context);
329 #ifndef LOG_AUTH /* 4.2 syslog */
330 openlog(progname, LOG_PID | LOG_NDELAY);
332 openlog(progname, LOG_PID | LOG_NDELAY, LOG_AUTH);
333 #endif /* 4.2 syslog */
335 if (argc == 1) { /* Get parameters from program name. */
336 if (strlen(progname) > MAX_PROG_NAME) {
340 options = (char *) malloc(MAX_PROG_NAME+1);
342 for (i = 0; (progname[i] != '\0') && (i < MAX_PROG_NAME); i++)
343 if (!strcmp(progname+i, "logind")) {
346 newargv = (char **) malloc(sizeof(char *) * 3);
348 strcpy(options, "-");
349 strncat(options, progname, i);
353 newargv[0] = argv[0];
354 newargv[1] = options;
360 if (options[0] == '\0') {
366 /* Analyse parameters. */
368 while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
371 must_pass_one = 1; /* If just 'r', any one check must succeed */
373 case 'R': /* If 'R', must pass .rhosts check*/
374 must_pass_rhosts = 1;
380 must_pass_one = 1; /* If just 'k', any one check must succeed */
382 case 'K': /* If 'K', must pass .k5login check*/
388 case 'x': /* Use encryption. */
399 krb5_set_default_realm(bsd_context, optarg);
403 passwd_if_fail = 1; /* Passwd reqd if any check fails */
405 case 'P': /* passwd is a must */
409 debug_port = atoi(optarg);
412 #ifndef DO_NOT_USE_K_LOGIN
413 login_program = optarg;
425 fromlen = sizeof (from);
429 struct sockaddr_in sin;
431 if ((s = socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) < 0) {
432 fprintf(stderr, "Error in socket: %s\n", strerror(errno));
436 memset((char *) &sin, 0,sizeof(sin));
437 sin.sin_family = AF_INET;
438 sin.sin_port = htons(debug_port);
439 sin.sin_addr.s_addr = INADDR_ANY;
441 (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
442 (char *)&on, sizeof(on));
444 if ((bind(s, (struct sockaddr *) &sin, sizeof(sin))) < 0) {
445 fprintf(stderr, "Error in bind: %s\n", strerror(errno));
449 if ((listen(s, 5)) < 0) {
450 fprintf(stderr, "Error in listen: %s\n", strerror(errno));
454 if ((fd = accept(s, (struct sockaddr *) &from, &fromlen)) < 0) {
455 fprintf(stderr, "Error in accept: %s\n", strerror(errno));
462 if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
463 syslog(LOG_ERR,"Can't get peer name of remote host: %m");
465 fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
467 fatal(3, "Can't get peer name of remote host", 1);
473 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0)
474 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
487 char line[MAXPATHLEN];
488 extern char *inet_ntoa();
491 struct winsize win = { 0, 0, 0, 0 };
494 int pid; /* child process id */
498 struct sockaddr_in *fromp;
500 int i, p, t, vfd, on = 1;
501 register struct hostent *hp;
520 /* Initialize "sa" structure. */
521 (void) sigemptyset(&sa.sa_mask);
525 fromp->sin_port = ntohs((u_short)fromp->sin_port);
526 hp = gethostbyaddr((char *) &fromp->sin_addr, sizeof (struct in_addr),
530 * Only the name is used below.
532 sprintf(rhost_name,"%s",inet_ntoa(fromp->sin_addr));
535 /* Save hostent information.... */
536 else strcpy(rhost_name,hp->h_name);
538 if (fromp->sin_family != AF_INET)
539 fatal(f, "Permission denied - Malformed from address\n");
542 if (must_pass_k5 || must_pass_one) {
543 /* setup des buffers */
544 desinbuf.data = des_inbuf;
545 desoutbuf.data = des_outbuf; /* Set up des buffers */
547 /* Must come from privileged port when .rhosts is being looked into */
548 if ((must_pass_rhosts || must_pass_one)
549 && (fromp->sin_port >= IPPORT_RESERVED ||
550 fromp->sin_port < IPPORT_RESERVED/2))
552 #else /* !KERBEROS */
553 if (fromp->sin_port >= IPPORT_RESERVED ||
554 fromp->sin_port < IPPORT_RESERVED/2)
555 fatal(f, "Permission denied - Connection from bad port");
556 #endif /* KERBEROS */
558 /* Set global netf to f now : we may need to drop everything
562 #if defined(KERBEROS)
563 /* All validation, and authorization goes through do_krb_login() */
564 do_krb_login(rhost_name);
566 getstr(f, rusername, sizeof(rusername), "remuser");
567 getstr(f, lusername, sizeof(lusername), "locuser");
568 getstr(f, term, sizeof(term), "Terminal type");
573 fatal(f, "Out of ptys");
576 (void) ioctl(p, TIOCSWINSZ, &win);
580 vfd = open(line, O_RDWR);
582 fatalperror(f, line);
585 fatalperror(f, line);
588 fatalperror(f, line);
590 if (f == 0) { /* if operating standalone, do not reset tty!! */
592 sa.sa_handler = SIG_IGN;
593 (void) sigaction(SIGHUP, &sa, (struct sigaction *)0);
595 sa.sa_handler = SIG_DFL;
596 (void) sigaction(SIGHUP, &sa, (struct sigaction *)0);
598 signal(SIGHUP, SIG_IGN);
600 signal(SIGHUP, SIG_DFL);
603 #endif /* VHANG_FIRST */
608 /* Void tty association first */
609 if ((con_fd = open("/dev/tty", O_RDWR)) >= 0) {
610 ioctl(con_fd, TIOCNOTTY, 0);
621 /* The Ultrix (and other BSD tty drivers) require the process group
622 * to be zero, in order to acquire the new tty as a controlling tty. */
623 (void) setpgrp(0, 0);
626 t = open(line, O_RDWR);
628 fatalperror(f, line);
631 setpgrp(0, getpid());
634 #if defined(VHANG_FIRST) && !defined(VHANG_NO_CLOSE)
639 if(ioctl(t, TIOCSCTTY, 0) < 0) /* set controlling tty */
640 fatalperror(f, "setting controlling tty");
644 sa.sa_handler = cleanup;
645 (void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
646 (void) sigaction(SIGTERM, &sa, (struct sigaction *)0);
648 signal(SIGCHLD, cleanup);
649 signal(SIGTERM, cleanup);
655 #if defined(POSIX_TERMIOS) && !defined(ultrix)
656 struct termios new_termio;
659 #endif /* POSIX_TERMIOS */
662 #ifdef HAVE_LINE_PUSH
663 while (ioctl (t, I_POP, 0) == 0); /*Clear out any old lined's*/
664 if (line_push(t) < 0)
665 fatalperror(f, "IPUSH");
668 while (ioctl (t, I_POP, 0) == 0); /*Clear out any old lined's*/
669 if (ioctl(t, I_PUSH, "ptem") < 0)
670 fatalperror(f, "IPUSH-ptem");
671 if (ioctl(t, I_PUSH, "ldterm") < 0)
672 fatalperror(f, "IPUSH-ldterm");
673 if (ioctl(t, I_PUSH, "ttcompat") < 0)
674 fatalperror(f, "IPUSH-ttcompat");
676 #endif /* HAVE_LINE_PUSH */
677 #endif /* HAVE_STREAMS */
680 * Under Ultrix 3.0, the pgrp of the slave pty terminal
681 * needs to be set explicitly. Why rlogind works at all
682 * without this on 4.3BSD is a mystery.
685 dup2(t, 0), dup2(t, 1), dup2(t, 2);
689 #ifdef GETPGRP_ONEARG
690 pid = getpgrp(getpid());
696 ioctl(0, TIOCSPGRP, &pid);
699 #if defined(POSIX_TERMIOS) && !defined(ultrix)
701 tcgetattr(0,&new_termio);
702 new_termio.c_lflag &= ~(ICANON|ECHO|ISIG);
703 /* so that login can read the authenticator */
704 new_termio.c_iflag &= ~(IXON|IXANY|BRKINT|INLCR|ICRNL|ISTRIP);
705 /* new_termio.c_iflag = 0; */
706 /* new_termio.c_oflag = 0; */
707 new_termio.c_cc[VMIN] = 1;
708 new_termio.c_cc[VTIME] = 0;
709 tcsetattr(0,TCSANOW,&new_termio);
711 (void)ioctl(0, TIOCGETP, &b);
712 b.sg_flags = RAW|ANYP;
713 (void)ioctl(0, TIOCSETP, &b);
714 #endif /* POSIX_TERMIOS */
716 pid = 0; /*reset pid incase exec fails*/
719 ** signal the parent that we have turned off echo
720 ** on the slave side of the pty ... he's waiting
721 ** because otherwise the rlogin protocol junk gets
722 ** echo'd to the user (locuser^@remuser^@term/baud)
723 ** and we don't get the right tty affiliation, and
724 ** other kinds of hell breaks loose ...
726 (void) write(1, &c, 1);
729 setcompat (COMPAT_CLRPGROUP | (getcompat() & ~COMPAT_BSDTTY));
732 /* Log access to account */
733 pwd = (struct passwd *) getpwnam(lusername);
734 if (pwd && (pwd->pw_uid == 0)) {
736 syslog(LOG_NOTICE, "ROOT login by %s (%s@%s) forcing password access",
737 krusername ? krusername : "", rusername, rhost_name);
739 syslog(LOG_NOTICE, "ROOT login by %s (%s@%s) ",
740 krusername ? krusername : "", rusername, rhost_name);
743 #if defined(LOG_REMOTE_REALM) && !defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
744 /* Log if principal is from a remote realm */
745 else if (client && !default_realm(client))
746 #endif /* LOG_REMOTE_REALM */
748 #if defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
749 /* Log if principal name does not map to local username */
750 else if (client && !princ_maps_to_lname(client, lusername))
751 #endif /* LOG_OTHER_USERS */
753 #if defined(LOG_ALL_LOGINS)
755 #endif /* LOG_ALL_LOGINS */
757 #if defined(LOG_REMOTE_REALM) || defined(LOG_OTHER_USERS) || defined(LOG_ALL_LOGINS)
761 "login by %s (%s@%s) as %s forcing password access\n",
762 krusername ? krusername : "", rusername,
763 rhost_name, lusername);
766 "login by %s (%s@%s) as %s\n",
767 krusername ? krusername : "", rusername,
768 rhost_name, lusername);
770 #endif /* LOG_REMOTE_REALM || LOG_OTHER_USERS || LOG_ALL_LOGINS */
771 #endif /* KERBEROS */
777 ent.ut_pid = getpid();
778 ent.ut_type = LOGIN_PROCESS;
779 update_utmp(&ent, "rlogin", line, ""/*host*/);
783 #ifdef DO_NOT_USE_K_LOGIN
784 execl(login_program, "login", "-r", rhost_name, 0);
787 execl(login_program, "login","-h", rhost_name, lusername, 0);
789 execl(login_program, "login", "-h", rhost_name, "-e", lusername, 0);
792 fatalperror(2, login_program);
794 } /* if (pid == 0) */
797 ** wait for child to start ... read one byte
798 ** -- see the child, who writes one byte after
799 ** turning off echo on the slave side ...
800 ** The master blocks here until it reads a byte.
803 if (read(p, &c, 1) != 1) {
805 * Problems read failed ...
807 sprintf(buferror, "Cannot read slave pty %s ",line);
808 fatalperror(p,buferror);
811 #if defined(KERBEROS)
813 if (((*des_write)(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE))) < 0){
814 sprintf(buferror, "Cannot encrypt-write network.");
820 * if encrypting, don't turn on NBIO, else the read/write routines
821 * will fail to work properly
823 #endif /* KERBEROS */
824 ioctl(f, FIONBIO, &on);
825 ioctl(p, FIONBIO, &on);
827 /* FIONBIO doesn't always work on ptys, use fcntl to set O_NDELAY? */
828 (void) fcntl(p,F_SETFL,fcntl(p,F_GETFL,0) | O_NDELAY);
830 /*** XXX -- make this portable ***/
831 #if defined(TIOCPKT) && !defined(__svr4__) || defined(solaris20)
832 ioctl(p, TIOCPKT, &on);
836 sa.sa_handler = SIG_IGN;
837 (void) sigaction(SIGTSTP, &sa, (struct sigaction *)0);
839 signal(SIGTSTP, SIG_IGN);
848 #ifdef DO_NOT_USE_K_LOGIN
849 /* Pass down rusername and lusername to login. */
850 (void) write(p, rusername, strlen(rusername) +1);
851 (void) write(p, lusername, strlen(lusername) +1);
853 /* stuff term info down to login */
854 if( write(p, term, strlen(term)+1) != strlen(term)+1 ){
856 * Problems write failed ...
858 sprintf(buferror,"Cannot write slave pty %s ",line);
859 fatalperror(f,buferror);
862 signal(SIGCHLD, SIG_IGN);
866 unsigned char magic[2] = { 0377, 0377 };
868 #ifndef TIOCPKT_WINDOW
869 #define TIOCPKT_WINDOW 0x80
871 unsigned char oobdata[] = {TIOCPKT_WINDOW};
873 char oobdata[] = {0};
877 * Handle a "control" request (signaled by magic being present)
878 * in the data stream. For now, we are only willing to handle
879 * window size changes.
889 if (n < 4+sizeof (w) || cp[2] != 's' || cp[3] != 's')
892 oobdata[0] &= ~TIOCPKT_WINDOW; /* we know he heard */
893 memcpy((char *)&w,cp+4, sizeof(w));
894 w.ws_row = ntohs(w.ws_row);
895 w.ws_col = ntohs(w.ws_col);
896 w.ws_xpixel = ntohs(w.ws_xpixel);
897 w.ws_ypixel = ntohs(w.ws_ypixel);
898 (void)ioctl(pty, TIOCSWINSZ, &w);
899 if (ioctl(pty, TIOCGPGRP, &pgrp) >= 0)
900 (void) killpg(pgrp, SIGWINCH);
902 return (4+sizeof (w));
908 * rlogin "protocol" machine.
913 unsigned char pibuf[1024], fibuf[1024], *pbp, *fbp;
914 register pcc = 0, fcc = 0;
922 * Must ignore SIGTTOU, otherwise we'll stop
923 * when we try and set slave pty's window shape
924 * (our controlling tty is the master pty).
927 (void) sigemptyset(&sa.sa_mask);
929 sa.sa_handler = SIG_IGN;
930 (void) sigaction(SIGTTOU, &sa, (struct sigaction *)0);
932 signal(SIGTTOU, SIG_IGN);
935 send(f, oobdata, 1, MSG_OOB); /* indicate new rlogin */
938 fd_set ibits, obits, ebits;
955 if (select(8*sizeof(ibits), &ibits, &obits, &ebits, 0) < 0) {
958 fatalperror(f, "select");
960 #define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
961 if (FD_ISSET(p, &ebits)) {
962 cc = read(p, &cntl, 1);
963 if (cc == 1 && pkcontrol(cntl)) {
965 send(f, &cntl, 1, MSG_OOB);
966 if (cntl & TIOCPKT_FLUSHWRITE) {
972 if (FD_ISSET(f, &ibits)) {
973 fcc = (*des_read)(f, fibuf, sizeof (fibuf));
974 if (fcc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN)))
977 register unsigned char *cp;
985 for (cp = fibuf; cp < fibuf+fcc-1; cp++)
986 if (cp[0] == magic[0] &&
988 left = fcc - (cp-fibuf);
989 n = control(p, cp, left);
993 memmove(cp, cp+n, left);
1001 if (FD_ISSET(p, &obits) && fcc > 0) {
1002 cc = write(p, fbp, fcc);
1009 if (FD_ISSET(p, &ibits)) {
1010 pcc = read(p, pibuf, sizeof (pibuf));
1012 if (pcc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN)))
1016 else if (pibuf[0] == 0)
1020 if (pkcontrol(pibuf[0])) {
1021 pibuf[0] |= oobdata[0];
1022 send(f, &pibuf[0], 1, MSG_OOB);
1028 if (FD_ISSET(f, &obits) && pcc > 0) {
1029 cc = (*des_write)(f, pbp, pcc);
1030 if (cc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
1031 /* also shouldn't happen */
1045 krb5_sigtype cleanup()
1051 ut.ut_type = DEAD_PROCESS;
1053 update_utmp(&ut, "", line, (char *)0);
1055 (void)chmod(line, 0666);
1056 (void)chown(line, 0, 0);
1057 #ifndef HAVE_STREAMS
1058 line[strlen("/dev/")] = 'p';
1059 (void)chmod(line, 0666);
1060 (void)chown(line, 0, 0);
1076 int out = 1 ; /* Output queue of f */
1077 #ifdef POSIX_SIGNALS
1078 struct sigaction sa;
1081 buf[0] = '\01'; /* error indicator */
1082 (void) sprintf(buf + 1, "%s: %s.\r\n",progname, msg);
1083 if ((f == netf) && (pid > 0))
1084 (void) (*des_write)(f, buf, strlen(buf));
1086 (void) write(f, buf, strlen(buf));
1087 syslog(LOG_ERR,"%s\n",msg);
1089 #ifdef POSIX_SIGNALS
1090 (void) sigemptyset(&sa.sa_mask);
1092 sa.sa_handler = SIG_IGN;
1093 (void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
1095 signal(SIGCHLD,SIG_IGN);
1099 (void) ioctl(f, TIOCFLUSH, (char *)&out);
1101 (void) ioctl(f, TCFLSH, out);
1110 void fatalperror(f, msg)
1115 extern int sys_nerr;
1116 extern char *sys_errlist[];
1118 if ((unsigned)errno < sys_nerr)
1119 (void) sprintf(buf, "%s: %s", msg, sys_errlist[errno]);
1121 (void) sprintf(buf, "%s: Error %d", msg, errno);
1131 krb5_error_code status;
1133 int passed_krb, passed_rhosts;
1136 passed_krb = passed_rhosts = 0;
1142 /* Check authentication. This can be either Kerberos V5, */
1143 /* Kerberos V4, or host-based. */
1144 if (status = recvauth()) {
1146 krb5_free_ticket(bsd_context, ticket);
1149 "Authentication failed from %s: %s\n",
1150 host,error_message(status));
1151 fatal(netf, "Kerberos authentication failed");
1155 /* OK we have authenticated this user - now check authorization. */
1156 /* The Kerberos authenticated programs must use krb5_kuserok or kuserok*/
1158 #ifndef KRB5_KRB4_COMPAT
1159 if (auth_sys == KRB5_RECVAUTH_V4) {
1160 fatal(netf, "This server does not support Kerberos V4");
1164 if (must_pass_k5 || must_pass_one) {
1165 #if (defined(ALWAYS_V5_KUSEROK) || !defined(KRB5_KRB4_COMPAT))
1166 /* krb5_kuserok returns 1 if OK */
1167 if (client && krb5_kuserok(bsd_context, client, lusername))
1170 if (auth_sys == KRB5_RECVAUTH_V4) {
1171 /* kuserok returns 0 if OK */
1172 if (!kuserok(v4_kdata, lusername))
1175 /* krb5_kuserok returns 1 if OK */
1176 if (client && krb5_kuserok(bsd_context, client, lusername))
1182 /* The kerberos authenticated request must pass ruserok also
1185 if (!must_pass_k5 &&
1186 (must_pass_rhosts || (!passed_krb && must_pass_one))) {
1187 /* Cannot check .rhosts unless connection from a privileged port. */
1189 fatal(netf, "Permission denied - Connection from bad port");
1191 pwd = (struct passwd *) getpwnam(lusername);
1193 !ruserok(rhost_name, pwd->pw_uid == 0, rusername, lusername))
1197 if ((must_pass_k5 && passed_krb) ||
1198 (must_pass_rhosts && passed_rhosts) ||
1199 (must_pass_one && (passed_krb || passed_rhosts)))
1203 krb5_free_ticket(bsd_context, ticket);
1205 msg_fail = (char *) malloc( strlen(krusername) + strlen(lusername) + 80 );
1207 fatal(netf, "User is not authorized to login to specified account");
1208 sprintf(msg_fail, "User %s is not authorized to login to account %s",
1209 krusername, lusername);
1210 fatal(netf, msg_fail);
1216 getstr(fd, buf, cnt, err)
1226 if (read(fd, &c, 1) != 1) {
1230 printf("%s too long\r\n", err);
1239 char storage[2*BUFSIZ]; /* storage for the decryption */
1241 char *store_ptr = storage;
1244 v5_des_read(fd, buf, len)
1250 krb5_ui_4 net_len,rd_len;
1252 unsigned char len_buf[4];
1255 return(read(fd, buf, len));
1257 if (nstored >= len) {
1258 memcpy(buf, store_ptr, len);
1262 } else if (nstored) {
1263 memcpy(buf, store_ptr, nstored);
1264 nreturned += nstored;
1271 if ((cc = krb5_net_read(bsd_context, fd, (char *)len_buf, 4)) != 4) {
1272 if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN)))
1274 /* XXX can't read enough, pipe must have closed */
1278 (((krb5_ui_4)len_buf[0]<<24) |
1279 ((krb5_ui_4)len_buf[1]<<16) |
1280 ((krb5_ui_4)len_buf[2]<<8) |
1281 (krb5_ui_4)len_buf[3]);
1287 /* See the comment in v4_des_read. */
1289 cc = krb5_net_read(bsd_context, fd, &c, 1);
1290 /* we should check for non-blocking here, but we'd have
1291 to make it save partial reads as well. */
1292 if (cc < 0) return 0; /* read error */
1294 if (c == 0) gotzero = 1;
1298 if ((cc = krb5_net_read(bsd_context, fd, &c, 1)) != 1) return 0;
1300 if ((cc = krb5_net_read(bsd_context, fd, &c, 1)) != 1) return 0;
1301 rd_len = (rd_len << 8) | c;
1302 if ((cc = krb5_net_read(bsd_context, fd, &c, 1)) != 1) return 0;
1303 rd_len = (rd_len << 8) | c;
1306 net_len = krb5_encrypt_size(rd_len,eblock.crypto_entry);
1307 if (net_len < 0 || net_len > sizeof(des_inbuf)) {
1308 /* XXX preposterous length, probably out of sync.
1309 act as if pipe closed */
1310 syslog(LOG_ERR,"Read size problem.");
1315 if ((cc = krb5_net_read(bsd_context,fd,desinbuf.data,net_len)) != net_len) {
1316 /* XXX can't read enough, pipe must have closed */
1317 if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
1320 if (retry > MAXRETRIES){
1322 "des_read retry count exceeded %d\n",
1329 "Read data received %d != expected %d.",
1334 if ((krb5_decrypt(bsd_context, desinbuf.data,
1335 (krb5_pointer) storage,
1338 syslog(LOG_ERR,"Read decrypt problem.");
1341 store_ptr = storage;
1343 if (nstored > len) {
1344 memcpy(buf, store_ptr, len);
1349 memcpy(buf, store_ptr, nstored);
1350 nreturned += nstored;
1358 v5_des_write(fd, buf, len)
1363 unsigned char len_buf[4];
1366 return(write(fd, buf, len));
1369 desoutbuf.length = krb5_encrypt_size(len,eblock.crypto_entry);
1370 if (desoutbuf.length > sizeof(des_outbuf)){
1371 syslog(LOG_ERR,"Write size problem.");
1374 if ((krb5_encrypt(bsd_context, (krb5_pointer)buf,
1379 syslog(LOG_ERR,"Write encrypt problem.");
1383 len_buf[0] = (len & 0xff000000) >> 24;
1384 len_buf[1] = (len & 0xff0000) >> 16;
1385 len_buf[2] = (len & 0xff00) >> 8;
1386 len_buf[3] = (len & 0xff);
1387 (void) write(fd, len_buf, 4);
1388 if (write(fd, desoutbuf.data,desoutbuf.length) != desoutbuf.length){
1389 syslog(LOG_ERR,"Could not write out all data.");
1394 #endif /* KERBEROS */
1410 if(openpty(fd, &slavefd, slave, (struct termios *) 0,
1411 (struct winsize *) 0)) return 1;
1415 *fd = open("/dev/ptmx", O_RDWR|O_NDELAY); /* Solaris, IRIX */
1416 if (*fd < 0) *fd = open("/dev/ptc", O_RDWR|O_NDELAY); /* AIX */
1417 if (*fd < 0) *fd = open("/dev/pty", O_RDWR|O_NDELAY); /* sysvimp */
1422 if (grantpt(*fd) || unlockpt(*fd)) return 1;
1431 /* XXX If we don't have either what do we do */
1439 if (fstat(*fd, &stb) < 0) {
1443 ptynum = (int)(stb.st_rdev&0xFF);
1444 sprintf(slave, "/dev/ttyp%x", ptynum);
1449 for (c = 'p'; c <= 's'; c++) {
1450 sprintf(slave,"/dev/ptyXX");
1451 slave[strlen("/dev/pty")] = c;
1452 slave[strlen("/dev/ptyp")] = '0';
1453 if (stat(slave, &stb) < 0)
1455 for (i = 0; i < 16; i++) {
1456 slave[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i];
1457 *fd = open(slave, O_RDWR);
1458 if (*fd < 0) continue;
1461 slave[strlen("/dev/")] = 't';
1467 #endif /* HAVE_OPENPTY */
1476 "usage: klogind [-rRkKxpP] [-D port] or [r/R][k/K][x/e][p/P]logind");
1479 "usage: rlogind [-rRpP] [-D port] or [r/R][p/P]logind");
1486 int princ_maps_to_lname(principal, luser)
1487 krb5_principal principal;
1491 if (!(krb5_aname_to_localname(bsd_context, principal,
1492 sizeof(kuser), kuser))
1493 && (strcmp(kuser, luser) == 0)) {
1499 int default_realm(principal)
1500 krb5_principal principal;
1506 realm_length = krb5_princ_realm(bsd_context, principal)->length;
1508 if (retval = krb5_get_default_realm(bsd_context, &def_realm)) {
1512 if ((realm_length != strlen(def_realm)) ||
1513 (memcmp(def_realm, krb5_princ_realm(bsd_context, principal)->data, realm_length))) {
1522 #ifndef KRB_SENDAUTH_VLEN
1523 #define KRB_SENDAUTH_VLEN 8 /* length for version strings */
1526 #define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
1532 krb5_auth_context * auth_context = NULL;
1533 krb5_error_code status;
1534 struct sockaddr_in peersin, laddr;
1535 char krb_vers[KRB_SENDAUTH_VLEN + 1];
1537 krb5_principal server;
1539 char v4_instance[INST_SZ]; /* V4 Instance */
1542 len = sizeof(laddr);
1543 if (getsockname(netf, (struct sockaddr *)&laddr, &len)) {
1547 len = sizeof(peersin);
1548 if (getpeername(netf, (struct sockaddr *)&peersin, &len)) {
1549 syslog(LOG_ERR, "get peer name failed %d", netf);
1553 if (status = krb5_sname_to_principal(bsd_context, NULL, "host",
1554 KRB5_NT_SRV_HST, &server)) {
1555 syslog(LOG_ERR, "parse server name %s: %s", "host",
1556 error_message(status));
1560 strcpy(v4_instance, "*");
1562 if (status = krb5_auth_con_init(bsd_context, &auth_context))
1565 /* Only need remote address for rd_cred() to verify client */
1566 if (status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf,
1567 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR))
1570 if (status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
1572 server, /* Specify daemon principal */
1573 0, /* default rc_type */
1575 srvtab, /* normally NULL to use v5srvtab */
1577 do_encrypt ? KOPT_DO_MUTUAL : 0, /*v4_opts*/
1578 "rcmd", /* v4_service */
1579 v4_instance, /* v4_instance */
1580 &peersin, /* foriegn address */
1581 &laddr, /* our local address */
1582 "", /* use default srvtab */
1584 &ticket, /* return ticket */
1585 &auth_sys, /* which authentication system*/
1586 &v4_kdata, v4_schedule, v4_version)) {
1588 if (auth_sys == KRB5_RECVAUTH_V5) {
1590 * clean up before exiting
1592 getstr(netf, lusername, sizeof (lusername), "locuser");
1593 getstr(netf, term, sizeof(term), "Terminal type");
1594 getstr(netf, rusername, sizeof(rusername), "remuser");
1599 getstr(netf, lusername, sizeof (lusername), "locuser");
1600 getstr(netf, term, sizeof(term), "Terminal type");
1602 #ifdef KRB5_KRB4_COMPAT
1603 if (auth_sys == KRB5_RECVAUTH_V4) {
1605 des_read = v4_des_read;
1606 des_write = v4_des_write;
1608 /* We do not really know the remote user's login name.
1609 * Assume it to be the same as the first component of the
1612 strcpy(rusername, v4_kdata->pname);
1613 krusername = (char *) malloc(strlen(v4_kdata->pname) + 1 +
1614 strlen(v4_kdata->pinst) + 1 +
1615 strlen(v4_kdata->prealm) + 1);
1616 sprintf(krusername, "%s/%s@%s", v4_kdata->pname,
1617 v4_kdata->pinst, v4_kdata->prealm);
1619 if (status = krb5_parse_name(bsd_context, krusername, &client))
1627 if (status = krb5_copy_principal(bsd_context, ticket->enc_part2->client,
1631 des_read = v5_des_read;
1632 des_write = v5_des_write;
1634 getstr(netf, rusername, sizeof(rusername), "remuser");
1636 if (status = krb5_unparse_name(bsd_context, client, &krusername))
1639 /* Setup up eblock if encrypted login session */
1640 /* otherwise zero out session key */
1642 krb5_use_keytype(bsd_context, &eblock,
1643 ticket->enc_part2->session->keytype);
1644 if (status = krb5_process_key(bsd_context, &eblock,
1645 ticket->enc_part2->session))
1646 fatal(netf, "Permission denied");
1649 if (status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf))
1650 fatal(netf, "Error reading message");
1652 if (inbuf.length) { /* Forwarding being done, read creds */
1653 if (status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf,
1654 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR))
1655 fatal(netf, "Can't generate full address for client");
1657 if (status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
1659 fatal(netf, "Can't get forwarded credentials");
1665 #ifdef KRB5_KRB4_COMPAT
1668 v4_des_read(fd, buf, len)
1674 krb5_ui_4 net_len, rd_len;
1676 unsigned char len_buf[4];
1679 return(read(fd, buf, len));
1681 if (nstored >= len) {
1682 memcpy(buf, store_ptr, len);
1686 } else if (nstored) {
1687 memcpy(buf, store_ptr, nstored);
1688 nreturned += nstored;
1695 if ((cc = krb_net_read(fd, (char *)len_buf, 4)) != 4) {
1696 /* XXX can't read enough, pipe
1700 net_len = (((krb5_ui_4)len_buf[0]<<24) |
1701 ((krb5_ui_4)len_buf[1]<<16) |
1702 ((krb5_ui_4)len_buf[2]<<8) |
1703 (krb5_ui_4)len_buf[3]);
1709 /* We're fetching the length which is MSB first, and the MSB
1710 has to be zero unless the client is sending more than 2^24
1711 (16M) bytes in a single write (which is why this code is in
1712 rlogin but not rcp or rsh.) The only reasons we'd get something
1713 other than zero are:
1714 -- corruption of the tcp stream (which will show up when
1715 everything else is out of sync too)
1716 -- un-caught Berkeley-style "pseudo out-of-band data" which
1717 happens any time the user hits ^C twice.
1718 The latter is *very* common, as shown by an 'rlogin -x -d'
1719 using the CNS V4 rlogin. Mark EIchin 1/95
1722 cc = krb_net_read(fd, &c, 1);
1723 if (cc < 0) return 0; /* read error */
1725 if (c == 0) gotzero = 1;
1729 if ((cc = krb_net_read(fd, &c, 1)) != 1) return 0;
1731 if ((cc = krb_net_read(fd, &c, 1)) != 1) return 0;
1732 net_len = (net_len << 8) | c;
1733 if ((cc = krb_net_read(fd, &c, 1)) != 1) return 0;
1734 net_len = (net_len << 8) | c;
1738 if (net_len < 0 || net_len > sizeof(des_inbuf)) {
1739 /* XXX preposterous length, probably out of sync.
1740 act as if pipe closed */
1743 /* the writer tells us how much real data we are getting, but
1744 we need to read the pad bytes (8-byte boundary) */
1745 rd_len = roundup(net_len, 8);
1746 if ((cc = krb_net_read(fd, des_inbuf, rd_len)) != rd_len) {
1747 /* XXX can't read enough, pipe
1751 (void) pcbc_encrypt(des_inbuf,
1753 (net_len < 8) ? 8 : net_len,
1758 * when the cleartext block is < 8 bytes, it is "right-justified"
1759 * in the block, so we need to adjust the pointer to the data
1762 store_ptr = storage + 8 - net_len;
1764 store_ptr = storage;
1766 if (nstored > len) {
1767 memcpy(buf, store_ptr, len);
1772 memcpy(buf, store_ptr, nstored);
1773 nreturned += nstored;
1781 v4_des_write(fd, buf, len)
1786 static char garbage_buf[8];
1787 unsigned char len_buf[4];
1790 return(write(fd, buf, len));
1793 * pcbc_encrypt outputs in 8-byte (64 bit) increments
1795 * it zero-fills the cleartext to 8-byte padding,
1796 * so if we have cleartext of < 8 bytes, we want
1797 * to insert random garbage before it so that the ciphertext
1798 * differs for each transmission of the same cleartext.
1799 * if len < 8 - sizeof(long), sizeof(long) bytes of random
1800 * garbage should be sufficient; leave the rest as-is in the buffer.
1801 * if len > 8 - sizeof(long), just garbage fill the rest.
1807 #define min(a,b) ((a < b) ? a : b)
1810 krb5_random_confounder(8 - len, garbage_buf);
1811 /* this "right-justifies" the data in the buffer */
1812 (void) memcpy(garbage_buf + 8 - len, buf, len);
1814 (void) pcbc_encrypt((len < 8) ? garbage_buf : buf,
1816 (len < 8) ? 8 : len,
1821 /* tell the other end the real amount, but send an 8-byte padded
1823 len_buf[0] = (len & 0xff000000) >> 24;
1824 len_buf[1] = (len & 0xff0000) >> 16;
1825 len_buf[2] = (len & 0xff00) >> 8;
1826 len_buf[3] = (len & 0xff);
1827 (void) write(fd, len_buf, 4);
1828 (void) write(fd, des_outbuf, roundup(len,8));
1832 #endif /* KRB5_KRB4_COMPAT */
1833 #endif /* KERBEROS */