oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(login_access): add prototype

Browse Source 
(syslog_and_die, fatal): add printf attributes
(*): AIX -> _AIX
(doit): use login_access
based on patches from Ake Sandgren <ake@cs.umu.se>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9641 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2001-02-07 05:05:58 +00:00
parent 94e0e02022
commit 0397d42c21
1 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
appl/rsh/rshd.c
View File

@@ -34,6 +34,9 @@
#include "rsh_locl.h" #include "rsh_locl.h"
RCSID("$Id$"); RCSID("$Id$");
int
login_access( struct passwd *user, char *from);
enum auth_method auth_method; enum auth_method auth_method;
krb5_context context; krb5_context context;
@@ -70,6 +73,10 @@ int dfsfwd = 0;
krb5_ticket *user_ticket; krb5_ticket *user_ticket;
#endif #endif
static void
syslog_and_die (const char *m, ...)
__attribute__ ((format (printf, 1, 2)));
static void static void
syslog_and_die (const char *m, ...) syslog_and_die (const char *m, ...)
{ {
@@ -81,6 +88,10 @@ syslog_and_die (const char *m, ...)
exit (1); exit (1);
} }
static void
fatal (int sock, const char *m, ...)
__attribute__ ((format (printf, 2, 3)));
static void static void
fatal (int sock, const char *m, ...) fatal (int sock, const char *m, ...)
{ {
@@ -586,7 +597,7 @@ doit (int do_kerberos, int check_rhosts)
struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss; struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
struct sockaddr_storage erraddr_ss; struct sockaddr_storage erraddr_ss;
struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss; struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
socklen_t addrlen; socklen_t thisaddr_len, thataddr_len;
int port; int port;
int errsock = -1; int errsock = -1;
char client_user[COMMAND_SZ], server_user[USERNAME_SZ]; char client_user[COMMAND_SZ], server_user[USERNAME_SZ];
@@ -594,12 +605,14 @@ doit (int do_kerberos, int check_rhosts)
struct passwd *pwd; struct passwd *pwd;
int s = STDIN_FILENO; int s = STDIN_FILENO;
char **env; char **env;
int ret;
char that_host[NI_MAXHOST];
addrlen = sizeof(thisaddr_ss); thisaddr_len = sizeof(thisaddr_ss);
if (getsockname (s, thisaddr, &addrlen) < 0) if (getsockname (s, thisaddr, &thisaddr_len) < 0)
syslog_and_die("getsockname: %m"); syslog_and_die("getsockname: %m");
addrlen = sizeof(thataddr_ss); thataddr_len = sizeof(thataddr_ss);
if (getpeername (s, thataddr, &addrlen) < 0) if (getpeername (s, thataddr, &thataddr_len) < 0)
syslog_and_die ("getpeername: %m"); syslog_and_die ("getpeername: %m");
if (!do_kerberos && !is_reserved(socket_get_port(thataddr))) if (!do_kerberos && !is_reserved(socket_get_port(thataddr)))
@@ -689,7 +702,7 @@ doit (int do_kerberos, int check_rhosts)
syslog_and_die("recv_bsd_auth failed"); syslog_and_die("recv_bsd_auth failed");
} }
#if defined(DCE) && defined(AIX) #if defined(DCE) && defined(_AIX)
esetenv("AUTHSTATE", "DCE", 1); esetenv("AUTHSTATE", "DCE", 1);
#endif #endif
@@ -703,6 +716,19 @@ doit (int do_kerberos, int check_rhosts)
if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0) if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
fatal (s, "Login disabled."); fatal (s, "Login disabled.");
ret = getnameinfo_verified (thataddr, thataddr_len,
that_host, sizeof(that_host),
NULL, 0, 0);
if (ret)
fatal (s, "getnameinfo: %s", gai_strerror(ret));
if (login_access(pwd, that_host) == 0) {
syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
server_user, that_host);
fatal(s, "Permission denied");
}
#ifdef HAVE_GETSPNAM #ifdef HAVE_GETSPNAM
{ {
struct spwd *sp; struct spwd *sp;