) || exit 1; \
done
f=$(V4RCP); \
- if test -n "$$f" ; then $(INSTALL_SETUID) $$f \
- $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+ if test -n "$$f" ; then $(INSTALL_PROGRAM) $$f \
+ $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`.real; \
$(INSTALL_DATA) $(srcdir)/$$f.M \
${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
fi
struct sockaddr_in *laddrp)
{
int s, aierr;
- struct sockaddr_in sockin;
struct addrinfo *ap, *ap2, aihints;
char rport_buf[10];
GETSOCKNAME_ARG3_TYPE sin_len;
}
*sp = s;
- *sockinp = sockin;
+ *sockinp = *(struct sockaddr_in *) ap->ai_addr;
return 0;
}
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/ioctl.h>
+
+#include <syslog.h>
#include <netinet/in.h>
CREDENTIALS v4_cred;
KTEXT_ST v4_ticket;
MSG_DAT v4_msg_data;
+int v4_only;
#endif
void v4_send_auth(char *, char *), try_normal(char **);
struct passwd *pwd;
int userid;
int port = 0;
+static const char *me;
struct buffer {
unsigned int cnt;
}
#endif
+ me = strrchr (argv[0], '/');
+ if (me)
+ me++;
+ else
+ me = argv[0];
+
pwd = getpwuid(userid = getuid());
if (pwd == 0) {
fprintf(stderr, "who are you?\n");
else
usage ();
goto next_arg;
+#ifdef KRB5_KRB4_COMPAT
+ case '4':
+ v4_only = 1;
+ break;
+#endif
#endif /* KERBEROS */
/* The rest of these are not for users. */
case 'd':
case 'f': /* "from" */
iamremote = 1;
+ openlog (me, LOG_PID, LOG_DAEMON);
rcmd_stream_init_normal();
#if defined(KERBEROS)
if (encryptflag)
case 't': /* "to" */
iamremote = 1;
+ openlog (me, LOG_PID, LOG_DAEMON);
rcmd_stream_init_normal();
#if defined(KERBEROS)
if (encryptflag)
cmd, targ);
host = thost;
#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
+ if (v4_only)
+ goto try_krb4;
+#endif
authopts = AP_OPTS_MUTUAL_REQUIRED;
status = kcmd(&sock, &host,
port,
/* Don't fall back to less safe methods. */
exit (1);
#ifdef KRB5_KRB4_COMPAT
+ try_krb4:
fprintf(stderr, "Trying krb4 rcp...\n");
if (strncmp(buf, "-x rcp", 6) == 0)
memcpy(buf, "rcp -x", 6);
lostconn(signumber)
int signumber;
{
+ char *reason = signumber ? "signal" : "eof";
if (iamremote == 0)
- fprintf(stderr, "rcp: lost connection\n");
+ fprintf(stderr, "rcp: lost connection (%s)\n", reason);
+ else
+ syslog(LOG_ERR, "lost connection (%s)", reason);
exit(1);
}
void usage()
{
#ifdef KERBEROS
+# ifdef KRB5_KRB4_COMPAT
+# define POPT "[-PN | -PO | -4]"
+# else
+# define POPT "[-PN | -PO]"
+# endif
fprintf(stderr,
- "Usage: \trcp [-PN | -PO] [-p] [-x] [-k realm] f1 f2; or:\n\trcp [-PN | -PO] [-r] [-p] [-x] [-k realm] f1 ... fn d2\n");
+ "Usage:\trcp " POPT " [-p] [-x] [-k realm] f1 f2\n"
+ " or:\trcp " POPT " [-r] [-p] [-x] [-k realm] f1 ... fn d2\n");
#else
fputs("usage: rcp [-p] f1 f2; or: rcp [-rp] f1 ... fn d2\n", stderr);
#endif
char rusername[UT_NAMESIZE+1];
char *krusername = 0;
char term[64];
-char rhost_name[MAXDNAME];
-char rhost_addra[16];
+char rhost_name[NI_MAXHOST];
+char rhost_addra[NI_MAXHOST];
krb5_principal client;
int do_inband = 0;
#define VHANG_LAST /* vhangup must occur on close, not open */
#endif
-void fatal(int, const char *), fatalperror(int, const char *), doit(int, struct sockaddr_in *), usage(void), do_krb_login(char *, char *), getstr(int, char *, int, char *);
+void fatal(int, const char *), fatalperror(int, const char *), doit(int, struct sockaddr *), usage(void), do_krb_login(char *, char *), getstr(int, char *, int, char *);
void protocol(int, int);
int princ_maps_to_lname(krb5_principal, char *), default_realm(krb5_principal);
krb5_sigtype cleanup(int);
extern int opterr, optind;
extern char * optarg;
int on = 1, fromlen, ch;
- struct sockaddr_in from;
+ struct sockaddr_storage from;
int debug_port = 0;
int fd;
int do_fork = 0;
syslog(LOG_ERR, "fork: %s", error_message(errno));
case 0:
(void) close(s);
- doit(fd, &from);
+ doit(fd, (struct sockaddr *) &from);
close(fd);
exit(0);
default:
fd = 0;
}
- doit(fd, &from);
+ doit(fd, (struct sockaddr *) &from);
return 0;
}
void doit(f, fromp)
int f;
- struct sockaddr_in *fromp;
+ struct sockaddr *fromp;
{
int p, t, on = 1;
register struct hostent *hp;
sa.sa_flags = 0;
#endif
- fromp->sin_port = ntohs((u_short)fromp->sin_port);
+ if (fromp->sa_family == AF_INET)
+ portnum = ntohs(((struct sockaddr_in *)fromp)->sin_port);
+#ifdef KRB5_USE_INET6
+ else if (fromp->sa_family == AF_INET6)
+ portnum = ntohs(((struct sockaddr_in6 *)fromp)->sin6_port);
+#endif
+ else
+ fatal(f, "Permission denied - Malformed from address\n");
+
+ if (getnameinfo (fromp, socklen(fromp), rhost_name, sizeof(rhost_name),
+ 0, 0, 0))
+ rhost_name[0] = 0;
+ if (getnameinfo (fromp, socklen(fromp), rhost_addra, sizeof(rhost_addra),
+ 0, 0, NI_NUMERICHOST))
+ strcpy(rhost_addra, "??");
+
hp = gethostbyaddr((char *) &fromp->sin_addr, sizeof (struct in_addr),
fromp->sin_family);
strncpy(rhost_addra, inet_ntoa(fromp->sin_addr), sizeof (rhost_addra));
- rhost_addra[sizeof (rhost_addra) -1] = '\0';
- if (hp != NULL) {
- /* Save hostent information.... */
- strncpy(rhost_name,hp->h_name,sizeof (rhost_name));
- rhost_name[sizeof (rhost_name) - 1] = '\0';
- } else
- rhost_name[0] = '\0';
-
- if (fromp->sin_family != AF_INET)
- fatal(f, "Permission denied - Malformed from address\n");
#ifndef KERBEROS
- if (fromp->sin_port >= IPPORT_RESERVED ||
- fromp->sin_port < IPPORT_RESERVED/2)
+ if (portnum >= IPPORT_RESERVED || portnum < IPPORT_RESERVED/2)
fatal(f, "Permission denied - Connection from bad port");
#endif /* KERBEROS */
setenv("TERM",term, 1);
}
- retval = pty_make_sane_hostname((struct sockaddr *) fromp, maxhostlen,
+ retval = pty_make_sane_hostname(fromp, maxhostlen,
stripdomain, always_ip,
&rhost_sane);
if (retval)
** The master blocks here until it reads a byte.
*/
-(void) close(syncpipe[1]);
+ (void) close(syncpipe[1]);
if (read(syncpipe[0], &c, 1) != 1) {
/*
* Problems read failed ...
* will fail to work properly
*/
#endif /* KERBEROS */
- ioctl(f, FIONBIO, &on);
+ ioctl(f, FIONBIO, &on);
ioctl(p, FIONBIO, &on);
/* FIONBIO doesn't always work on ptys, use fcntl to set O_NDELAY? */
{
krb5_auth_context auth_context = NULL;
krb5_error_code status;
+ struct sockaddr_storage peer_addr, local_addr;
+#if 0
struct sockaddr_in peersin, laddr;
+#endif
int len;
krb5_data inbuf;
char v4_instance[INST_SZ]; /* V4 Instance */
*valid_checksum = 0;
len = sizeof(laddr);
- if (getsockname(netf, (struct sockaddr *)&laddr, &len)) {
+ if (getsockname(netf, (struct sockaddr *)&local_addr, &len)) {
exit(1);
}
-
- len = sizeof(peersin);
- if (getpeername(netf, (struct sockaddr *)&peersin, &len)) {
+
+ len = sizeof(peer_addr);
+ if (getpeername(netf, (struct sockaddr *)&peer_addr, &len)) {
syslog(LOG_ERR, "get peer name failed %d", netf);
exit(1);
}
int stripdomain = 1;
int always_ip = 0;
-static krb5_error_code recvauth(int netfd, struct sockaddr_in peersin,
+static krb5_error_code recvauth(int netfd, struct sockaddr *peersin,
int *valid_checksum);
#else /* !KERBEROS */
;
void usage(void), getstr(int, char *, int, char *),
- doit(int, struct sockaddr_in *);
+ doit(int, struct sockaddr *);
#ifndef HAVE_INITGROUPS
int initgroups(char* name, gid_t basegid) {
struct linger linger;
#endif
int on = 1, fromlen;
- struct sockaddr_in from;
+ struct sockaddr_storage from;
extern int opterr, optind;
extern char *optarg;
int ch;
fatal(fd, "Configuration error: mutually exclusive options specified");
}
- doit(dup(fd), &from);
+ doit(dup(fd), (struct sockaddr *) &from);
return 0;
}
void doit(f, fromp)
int f;
- struct sockaddr_in *fromp;
+ struct sockaddr *fromp;
{
char *cp;
#ifdef KERBEROS
exit(1);
}
- if ((status = recvauth(f, fromaddr,&valid_checksum))) {
+ if ((status = recvauth(f, fromaddr, &valid_checksum))) {
error("Authentication failed: %s\n", error_message(status));
exit(1);
}
if (port) {
/* Place entry into wtmp */
sprintf(ttyn,"krsh%ld",(long) (getpid() % 9999999));
- pty_logwtmp(ttyn,locuser,sane_host);
- }
- /* We are simply execing a program over rshd : log entry into wtmp,
- as kexe(pid), then finish out the session right after that.
- Syslog should have the information as to what was exec'd */
- else {
- pty_logwtmp(ttyn,locuser,sane_host);
}
+ /* else: We are simply execing a program over rshd : log entry into wtmp,
+ as kexe(pid), then finish out the session right after that.
+ Syslog should have the information as to what was exec'd */
+ pty_logwtmp(ttyn,locuser,sane_host);
#ifdef CRAY
memcpy ((char *) &addr, (char *)hp->h_addr, sizeof (addr));
/* Do we have rcmd.<host> keys? */
#if 0 /* Be paranoid. If srvtab exists, assume it must contain the
- right key. */
+ right key. The more paranoid mode also helps avoid a
+ possible DNS spoofing issue. */
have_keys = read_service_key (rcmd_str, phost, realm, 0, KEYFILE, key)
? 0 : 1;
memset (key, 0, sizeof (key));
projects / krb5.git / commitdiff