From bee8db420ea829fa389721ad4b4dcc58a0fe6010 Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Mon, 18 Feb 2002 19:19:36 +0000 Subject: [PATCH] make this build without krb5; also use the addrinfo interface to mini_inetd, and set the keepalive option if requested git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10844 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/rsh/rshd.c | 116 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 77 insertions(+), 39 deletions(-) diff --git a/appl/rsh/rshd.c b/appl/rsh/rshd.c index 3ce6062af..e35b1de3d 100644 --- a/appl/rsh/rshd.c +++ b/appl/rsh/rshd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -39,17 +39,21 @@ login_access( struct passwd *user, char *from); enum auth_method auth_method; +#ifdef KRB5 krb5_context context; krb5_keyblock *keyblock; krb5_crypto crypto; +#endif #ifdef KRB4 des_key_schedule schedule; des_cblock iv; #endif +#ifdef KRB5 krb5_ccache ccache, ccache2; int kerberos_status = 0; +#endif int do_encrypt = 0; @@ -60,6 +64,8 @@ static int do_inetd = 1; static char *port_str; static int do_rhosts = 1; static int do_kerberos = 0; +#define DO_KRB4 2 +#define DO_KRB5 4 static int do_vacuous = 0; static int do_log = 1; static int do_newpag = 1; @@ -68,7 +74,7 @@ static int do_keepalive = 1; static int do_version; static int do_help = 0; -#if defined(DCE) +#if defined(KRB5) && defined(DCE) int dfsk5ok = 0; int dfspag = 0; int dfsfwd = 0; @@ -214,6 +220,7 @@ recv_krb4_auth (int s, u_char *buf, #endif /* KRB4 */ +#ifdef KRB5 static int save_krb5_creds (int s, krb5_auth_context auth_context, @@ -413,6 +420,7 @@ recv_krb5_auth (int s, u_char *buf, return 0; } +#endif /* KRB5 */ static void loop (int from0, int to0, @@ -621,7 +629,9 @@ doit (int do_kerberos, int check_rhosts) if (getpeername (s, thataddr, &thataddr_len) < 0) syslog_and_die ("getpeername: %m"); - if (!do_kerberos && !is_reserved(socket_get_port(thataddr))) + /* check for V4MAPPED addresses? */ + + if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr))) fatal(s, NULL, "Permission denied."); p = buf; @@ -637,7 +647,7 @@ doit (int do_kerberos, int check_rhosts) syslog_and_die ("non-digit in port number: %c", *p); } - if (!do_kerberos && !is_reserved(htons(port))) + if (do_kerberos == 0 && !is_reserved(htons(port))) fatal(s, NULL, "Permission denied."); if (port) { @@ -677,19 +687,23 @@ doit (int do_kerberos, int check_rhosts) syslog_and_die ("reading auth info: %m"); #ifdef KRB4 - if (recv_krb4_auth (s, buf, thisaddr, thataddr, + if ((do_kerberos & DO_KRB4) && + recv_krb4_auth (s, buf, thisaddr, thataddr, client_user, server_user, cmd) == 0) auth_method = AUTH_KRB4; else #endif /* KRB4 */ - if(recv_krb5_auth (s, buf, thisaddr, thataddr, +#ifdef KRB5 + if((do_kerberos & DO_KRB5) && + recv_krb5_auth (s, buf, thisaddr, thataddr, client_user, server_user, cmd) == 0) auth_method = AUTH_KRB5; else +#endif /* KRB5 */ syslog_and_die ("unrecognized auth protocol: %x %x %x %x", buf[0], buf[1], buf[2], buf[3]); } else { @@ -887,7 +901,7 @@ int main(int argc, char **argv) { int optind = 0; - int port = 0; + int on = 1; setprogname (argv[0]); roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH); @@ -904,46 +918,70 @@ main(int argc, char **argv) exit(0); } -#ifdef KRB5 - { - krb5_error_code ret; - - ret = krb5_init_context (&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - } -#endif - - if(port_str) { - struct servent *s = roken_getservbyname (port_str, "tcp"); - - if (s) - port = s->s_port; - else { - char *ptr; - - port = strtol (port_str, &ptr, 10); - if (port == 0 && ptr == port_str) - syslog_and_die("Bad port `%s'", port_str); - port = htons(port); - } - } - if (do_encrypt) do_kerberos = 1; + if(do_kerberos) + do_kerberos = DO_KRB4 | DO_KRB5; + + if (do_keepalive && + setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, + sizeof(on)) < 0) + syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); + + /* set SO_LINGER? */ + +#ifdef KRB5 + if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0) + do_kerberos &= ~DO_KRB5; +#endif + if (!do_inetd) { - if (port == 0) { + int error; + struct addrinfo *ai = NULL, hints; + char portstr[NI_MAXSERV]; + + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_socktype = SOCK_STREAM; + hints.ai_family = PF_UNSPEC; + + if(port_str != NULL) { + error = getaddrinfo (NULL, port_str, &hints, &ai); + if (error) + errx (1, "getaddrinfo: %s", gai_strerror (error)); + } + if (ai == NULL) { if (do_kerberos) { - if (do_encrypt) - port = krb5_getportbyname (context, "ekshell", "tcp", 545); - else - port = krb5_getportbyname (context, "kshell", "tcp", 544); + if (do_encrypt) { + error = getaddrinfo(NULL, "ekshell", &hints, &ai); + if(error == EAI_NONAME) { + snprintf(portstr, sizeof(portstr), "%d", 545); + error = getaddrinfo(NULL, portstr, &hints, &ai); + } + if(error) + errx (1, "getaddrinfo: %s", gai_strerror (error)); + } else { + error = getaddrinfo(NULL, "kshell", &hints, &ai); + if(error == EAI_NONAME) { + snprintf(portstr, sizeof(portstr), "%d", 544); + error = getaddrinfo(NULL, portstr, &hints, &ai); + } + if(error) + errx (1, "getaddrinfo: %s", gai_strerror (error)); + } } else { - port = krb5_getportbyname(context, "shell", "tcp", 514); + error = getaddrinfo(NULL, "shell", &hints, &ai); + if(error == EAI_NONAME) { + snprintf(portstr, sizeof(portstr), "%d", 514); + error = getaddrinfo(NULL, portstr, &hints, &ai); + } + if(error) + errx (1, "getaddrinfo: %s", gai_strerror (error)); } } - mini_inetd (port); + mini_inetd_addrinfo (ai); + freeaddrinfo(ai); } signal (SIGPIPE, SIG_IGN);