From ad066782079f7da9a307aa14b2684ce8caf5bbf0 Mon Sep 17 00:00:00 2001 From: tedu Date: Fri, 18 Apr 2014 15:59:36 +0000 Subject: [PATCH] Malak: I think we made the merchant angry. Conan: Are you surprised? Malak: But we didn't steal everything he had! Conan: We didn't have time. --- libexec/rshd/Makefile | 8 - libexec/rshd/rshd.8 | 220 ---------------- libexec/rshd/rshd.c | 579 ------------------------------------------ 3 files changed, 807 deletions(-) delete mode 100644 libexec/rshd/Makefile delete mode 100644 libexec/rshd/rshd.8 delete mode 100644 libexec/rshd/rshd.c diff --git a/libexec/rshd/Makefile b/libexec/rshd/Makefile deleted file mode 100644 index cd39137dc43..00000000000 --- a/libexec/rshd/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -# $OpenBSD: Makefile,v 1.10 2010/11/11 17:40:56 miod Exp $ - -PROG= rshd -SRCS= rshd.c -MAN= rshd.8 -CFLAGS+= -Wall -Wno-unused - -.include diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8 deleted file mode 100644 index 63e89cd21e0..00000000000 --- a/libexec/rshd/rshd.8 +++ /dev/null @@ -1,220 +0,0 @@ -.\" $OpenBSD: rshd.8,v 1.19 2007/05/31 19:19:40 jmc Exp $ -.\" Copyright (c) 1983, 1989, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" from: @(#)rshd.8 8.1 (Berkeley) 6/4/93 -.\" -.Dd $Mdocdate: May 31 2007 $ -.Dt RSHD 8 -.Os -.Sh NAME -.Nm rshd -.Nd remote shell server -.Sh SYNOPSIS -.Nm rshd -.Op Fl aLln -.Sh DESCRIPTION -The -.Nm -server is the server for the -.Xr rcmd 3 -routine and, consequently, for the -.Xr rsh 1 -program. -The server provides remote execution facilities -with authentication based on privileged port numbers from trusted hosts. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl a -Ask hostname for verification. -.It Fl L -Log successful accesses very verbosely. -.It Fl l -Prevent any authentication based on the user's -.Pa .rhosts -file, unless the user is logging in as the superuser. -.It Fl n -Disable keep-alive messages. -.El -.Pp -The -.Nm -server listens for service requests at the port indicated in the -.Dq cmd -service specification; see -.Xr services 5 . -When a service request is received the following protocol -is initiated: -.Bl -enum -.It -The server checks the client's source port. -If the port is not in the range 512-1023, the server aborts the connection. -.It -The server reads characters from the socket up to a null -.Pq Ql \e0 -byte. -The resultant string is interpreted as an -.Tn ASCII -number, base 10. -.It -If the number received in step 2 is non-zero, -it is interpreted as the port number of a secondary -stream to be used for the -.Em stderr . -A second connection is then created to the specified -port on the client's machine. -The source port of this second connection is also in the range 512-1023. -.It -The server checks the client's source address -and requests the corresponding host name (see -.Xr gethostbyaddr 3 , -.Xr hosts 5 -and -.Xr named 8 ) . -If the hostname cannot be determined, -the dot-notation representation of the host address is used. -If the hostname is in the same domain as the server (according to -the last two components of the domain name), -or if the -.Fl a -option is given, -the addresses for the hostname are requested, -verifying that the name and address correspond. -If address verification fails, the connection is aborted -with the message -.Dq "Host address mismatch." . -.It -A null terminated user name of at most 16 characters -is retrieved on the initial socket. -This user name is interpreted as the user identity on the client's machine. -.It -A null terminated user name of at most 16 characters -is retrieved on the initial socket. -This user name is interpreted as a user identity to use on the -.Sy server Ns 's -machine. -.It -A null terminated command to be passed to a -shell is retrieved on the initial socket. -The length of the command is limited by the upper bound on the size of -the system's argument list. -.It -.Nm -then validates the user using -.Xr ruserok 3 , -which uses the file -.Pa /etc/hosts.equiv -and the -.Pa .rhosts -file found in the user's home directory. -The -.Fl l -option prevents -.Xr ruserok 3 -from doing any validation based on the user's -.Pa .rhosts -file, unless the user is the superuser. -.It -If the file -.Pa /etc/nologin -exists and the user is not the superuser, -the connection is closed. -.It -A null byte is returned on the initial socket and the command line is passed -to the normal login shell of the user. -The shell inherits the network connections established by -.Nm rshd . -.El -.Pp -Transport-level keepalive messages are enabled unless the -.Fl n -option is present. -The use of keepalive messages allows sessions to be timed out -if the client crashes or becomes unreachable. -.Pp -The -.Fl L -option causes all successful accesses to be logged to -.Xr syslogd 8 -as -.Li auth.info -messages. -.Sh DIAGNOSTICS -Except for the last one listed below, -all diagnostic messages -are returned on the initial socket, -after which any network connections are closed. -An error is indicated by a leading byte with a value of -1 (0 is returned in step 10 above upon successful completion -of all the steps prior to the execution of the login shell). -.Bl -tag -width indent -.It Sy Locuser too long. -The name of the user on the client's machine is -longer than 16 characters. -.It Sy Ruser too long. -The name of the user on the remote machine is -longer than 16 characters. -.It Sy Command too long. -The command line passed exceeds the size of the argument -list (as configured into the system). -.It Sy Remote directory. -The -.Xr chdir 2 -command to the home directory failed. -.It Sy Permission denied. -The authentication procedure described above failed or -there is no password file entry for the specified user. -.It Sy Can't make pipe. -The pipe needed for the -.Em stderr , -wasn't created. -.It Sy Can't fork; try again. -A -.Xr fork 2 -by the server failed. -.It Sy : ... -The user's login shell could not be started. -This message is returned on the connection associated with the -.Em stderr , -and is not preceded by a flag byte. -.El -.Sh SEE ALSO -.Xr rsh 1 , -.Xr ssh 1 , -.Xr rcmd 3 , -.Xr ruserok 3 -.Sh BUGS -The authentication procedure used here assumes the integrity -of each client machine and the connecting medium. -This is insecure, so -.Xr ssh 1 -should be used instead. -.Pp -A more extensible protocol (such as -.Xr ssh 1 ) -should be used. diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c deleted file mode 100644 index 7566eea7d2c..00000000000 --- a/libexec/rshd/rshd.c +++ /dev/null @@ -1,579 +0,0 @@ -/* $OpenBSD: rshd.c,v 1.56 2014/04/16 19:14:57 okan Exp $ */ - -/*- - * Copyright (c) 1988, 1989, 1992, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * remote shell server: - * [port]\0 - * remuser\0 - * locuser\0 - * command\0 - * data - */ -#include -#include -#include - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -int keepalive = 1; -int check_all; -int log_success; /* If TRUE, log all successful accesses */ -int sent_null; -login_cap_t *lc; - -void doit(struct sockaddr *); -void error(const char *, ...); -void getstr(char *, int, char *); -int local_domain(char *); -char *topdomain(char *); -void usage(void); - -#define P_SOCKREAD 0 -#define P_PIPEREAD 1 - -int -main(int argc, char *argv[]) -{ - extern int __check_rhosts_file; - struct linger linger; - int ch, on = 1; - socklen_t fromlen; - struct sockaddr_storage from; - - openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); - - opterr = 0; - while ((ch = getopt(argc, argv, "aLln")) != -1) - switch (ch) { - case 'a': - check_all = 1; - break; - case 'L': - log_success = 1; - break; - case 'l': - __check_rhosts_file = 0; - break; - case 'n': - keepalive = 0; - break; - case '?': - default: - usage(); - break; - } - - argc -= optind; - argv += optind; - - fromlen = sizeof (from); - if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) { - /* syslog(LOG_ERR, "getpeername: %m"); */ - exit(1); - } - if (keepalive && - setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, - sizeof(on)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); - linger.l_onoff = 1; - linger.l_linger = 60; /* XXX */ - if (setsockopt(STDIN_FILENO, SOL_SOCKET, SO_LINGER, (char *)&linger, - sizeof (linger)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); - doit((struct sockaddr *)&from); - /* NOTREACHED */ - exit(0); -} - -char *envinit[1] = { 0 }; -extern char **environ; - -void -doit(struct sockaddr *fromp) -{ - extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ - struct addrinfo hints, *res, *res0; - int gaierror; - struct passwd *pwd; - u_short port; - in_port_t *portp; - struct pollfd pfd[2]; - int cc, nfd, pv[2], s = 0, one = 1; - pid_t pid; - char *hostname, *errorstr, *errorhost = (char *) NULL; - char *cp, sig, buf[BUFSIZ]; - char cmdbuf[NCARGS+1], locuser[_PW_NAME_LEN+1], remuser[_PW_NAME_LEN+1]; - char remotehost[2 * MAXHOSTNAMELEN + 1]; - char hostnamebuf[2 * MAXHOSTNAMELEN + 1]; - char naddr[NI_MAXHOST]; - char saddr[NI_MAXHOST]; - char raddr[NI_MAXHOST]; - char pbuf[NI_MAXSERV]; - auth_session_t *as; - const int niflags = NI_NUMERICHOST | NI_NUMERICSERV; - - (void) signal(SIGINT, SIG_DFL); - (void) signal(SIGQUIT, SIG_DFL); - (void) signal(SIGTERM, SIG_DFL); -#ifdef DEBUG - { int t = open(_PATH_TTY, 2); - if (t >= 0) { - ioctl(t, TIOCNOTTY, (char *)0); - (void) close(t); - } - } -#endif - switch (fromp->sa_family) { - case AF_INET: - portp = &((struct sockaddr_in *)fromp)->sin_port; - break; - case AF_INET6: - portp = &((struct sockaddr_in6 *)fromp)->sin6_port; - break; - default: - syslog(LOG_ERR, "malformed \"from\" address (af %d)", - fromp->sa_family); - exit(1); - } - if (getnameinfo(fromp, fromp->sa_len, naddr, sizeof(naddr), - pbuf, sizeof(pbuf), niflags) != 0) { - syslog(LOG_ERR, "malformed \"from\" address (af %d)", - fromp->sa_family); - exit(1); - } - -#ifdef IP_OPTIONS - if (fromp->sa_family == AF_INET) { - struct ipoption opts; - socklen_t optsize = sizeof(opts); - int ipproto, i; - struct protoent *ip; - - if ((ip = getprotobyname("ip")) != NULL) - ipproto = ip->p_proto; - else - ipproto = IPPROTO_IP; - if (!getsockopt(STDIN_FILENO, ipproto, IP_OPTIONS, - (char *)&opts, &optsize) && optsize != 0) { - for (i = 0; (void *)&opts.ipopt_list[i] - (void *)&opts < - optsize; ) { - u_char c = (u_char)opts.ipopt_list[i]; - if (c == IPOPT_LSRR || c == IPOPT_SSRR) - exit(1); - if (c == IPOPT_EOL) - break; - i += (c == IPOPT_NOP) ? 1 : - (u_char)opts.ipopt_list[i+1]; - } - } - } -#endif - - if (ntohs(*portp) >= IPPORT_RESERVED || - ntohs(*portp) < IPPORT_RESERVED/2) { - syslog(LOG_NOTICE|LOG_AUTH, - "Connection from %s on illegal port %u", - naddr, ntohs(*portp)); - exit(1); - } - - (void) alarm(60); - port = 0; - for (;;) { - char c; - if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { - if (cc < 0) - syslog(LOG_NOTICE, "read: %m"); - shutdown(STDIN_FILENO, SHUT_RDWR); - exit(1); - } - if (c == 0) - break; - port = port * 10 + c - '0'; - } - - (void) alarm(0); - if (port != 0) { - int lport; - if (port >= IPPORT_RESERVED || - port < IPPORT_RESERVED/2) { - syslog(LOG_ERR, "2nd port not reserved"); - exit(1); - } - *portp = htons(port); - lport = IPPORT_RESERVED - 1; - s = rresvport_af(&lport, fromp->sa_family); - if (s < 0) { - syslog(LOG_ERR, "can't get stderr port: %m"); - exit(1); - } - if (connect(s, (struct sockaddr *)fromp, fromp->sa_len) < 0) { - syslog(LOG_INFO, "connect second port %d: %m", port); - exit(1); - } - } - -#ifdef notdef - /* from inetd, socket is already on 0, 1, 2 */ - dup2(f, 0); - dup2(f, 1); - dup2(f, 2); -#endif - errorstr = NULL; - if (getnameinfo(fromp, fromp->sa_len, saddr, sizeof(saddr), - NULL, 0, NI_NAMEREQD)== 0) { - /* - * If name returned by getnameinfo is in our domain, - * attempt to verify that we haven't been fooled by someone - * in a remote net; look up the name and check that this - * address corresponds to the name. - */ - hostname = saddr; - res0 = NULL; - if (check_all || local_domain(saddr)) { - strlcpy(remotehost, saddr, sizeof(remotehost)); - errorhost = remotehost; - memset(&hints, 0, sizeof(hints)); - hints.ai_family = fromp->sa_family; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_CANONNAME; - gaierror = getaddrinfo(remotehost, pbuf, &hints, &res0); - if (gaierror) { - syslog(LOG_INFO, - "Couldn't look up address for %s: %s", - remotehost, gai_strerror(gaierror)); - errorstr = - "Couldn't look up address for your host (%s)\n"; - hostname = naddr; - } else { - for (res = res0; res; res = res->ai_next) { - if (res->ai_family != fromp->sa_family) - continue; - if (res->ai_addrlen != fromp->sa_len) - continue; - if (getnameinfo(res->ai_addr, - res->ai_addrlen, - raddr, sizeof(raddr), NULL, 0, - niflags) == 0 - && strcmp(naddr, raddr) == 0) { - hostname = res->ai_canonname - ? res->ai_canonname - : saddr; - break; - } - } - if (res == NULL) { - syslog(LOG_NOTICE, - "Host addr %s not listed for host %s", - naddr, res0->ai_canonname - ? res0->ai_canonname - : saddr); - errorstr = - "Host address mismatch for %s\n"; - hostname = naddr; - } - } - } - strlcpy(hostnamebuf, hostname, sizeof(hostnamebuf)); - hostname = hostnamebuf; - if (res0) - freeaddrinfo(res0); - } else { - strlcpy(hostnamebuf, naddr, sizeof(hostnamebuf)); - errorhost = hostname = hostnamebuf; - } - - getstr(remuser, sizeof(remuser), "remuser"); - getstr(locuser, sizeof(locuser), "locuser"); - getstr(cmdbuf, sizeof(cmdbuf), "command"); - pwd = getpwnam(locuser); - if (pwd == NULL) { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: unknown login. cmd='%.80s'", - remuser, hostname, locuser, cmdbuf); - if (errorstr == NULL) - errorstr = "Permission denied.\n"; - goto fail; - } - lc = login_getclass(pwd->pw_class); - if (lc == NULL) { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: unknown class. cmd='%.80s'", - remuser, hostname, locuser, cmdbuf); - if (errorstr == NULL) - errorstr = "Login incorrect.\n"; - goto fail; - } - as = auth_open(); - if (as == NULL || auth_setpwd(as, pwd) != 0) { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: unable to allocate memory. cmd='%.80s'", - remuser, hostname, locuser, cmdbuf); - if (errorstr == NULL) - errorstr = "Cannot allocate memory.\n"; - goto fail; - } - - setegid(pwd->pw_gid); - seteuid(pwd->pw_uid); - if (chdir(pwd->pw_dir) < 0) { - (void) chdir("/"); -#ifdef notdef - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: no home directory. cmd='%.80s'", - remuser, hostname, locuser, cmdbuf); - error("No remote directory.\n"); - exit(1); -#endif - } - seteuid(0); - setegid(0); /* XXX use a saved gid instead? */ - - if (errorstr || - (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && - iruserok_sa(fromp, fromp->sa_len, pwd->pw_uid == 0, - remuser, locuser) < 0)) { - if (__rcmd_errstr) - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: permission denied (%s). cmd='%.80s'", - remuser, hostname, locuser, __rcmd_errstr, - cmdbuf); - else - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: permission denied. cmd='%.80s'", - remuser, hostname, locuser, cmdbuf); -fail: - if (errorstr == NULL) - errorstr = "Permission denied.\n"; - error(errorstr, errorhost); - exit(1); - } - - if (pwd->pw_uid) - auth_checknologin(lc); - - (void) write(STDERR_FILENO, "\0", 1); - sent_null = 1; - - if (port) { - if (pipe(pv) < 0) { - error("Can't make pipe.\n"); - exit(1); - } - pid = fork(); - if (pid == -1) { - error("Can't fork; try again.\n"); - exit(1); - } - if (pid) { - (void) close(STDIN_FILENO); - (void) close(STDOUT_FILENO); - (void) close(STDERR_FILENO); - (void) close(pv[1]); - - pfd[P_SOCKREAD].fd = s; - pfd[P_SOCKREAD].events = POLLIN; - pfd[P_PIPEREAD].fd = pv[0]; - pfd[P_PIPEREAD].events = POLLIN; - nfd = 2; - ioctl(pv[0], FIONBIO, (char *)&one); - - /* should set s nbio! */ - do { - if (poll(pfd, nfd, INFTIM) < 0) - break; - if (pfd[P_SOCKREAD].revents & POLLIN) { - int ret; - ret = read(s, &sig, 1); - if (ret <= 0) - pfd[P_SOCKREAD].revents = 0; - else - killpg(pid, sig); - } - if (pfd[P_PIPEREAD].revents & POLLIN) { - errno = 0; - cc = read(pv[0], buf, sizeof(buf)); - if (cc <= 0) { - shutdown(s, SHUT_RDWR); - pfd[P_PIPEREAD].revents = 0; - } else { - (void) write(s, buf, cc); - } - } - } while ((pfd[P_SOCKREAD].revents & POLLIN) || - (pfd[P_PIPEREAD].revents & POLLIN)); - exit(0); - } - setsid(); - (void) close(s); - (void) close(pv[0]); - dup2(pv[1], 2); - close(pv[1]); - } else - setsid(); - if (*pwd->pw_shell == '\0') - pwd->pw_shell = _PATH_BSHELL; - - environ = envinit; - if (setenv("HOME", pwd->pw_dir, 1) == -1 || - setenv("SHELL", pwd->pw_shell, 1) == -1 || - setenv("USER", pwd->pw_name, 1) == -1 || - setenv("LOGNAME", pwd->pw_name, 1) == -1) - errx(1, "cannot setup environment"); - - if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL)) - errx(1, "cannot set user context"); - if (auth_approval(as, lc, pwd->pw_name, "rsh") <= 0) - errx(1, "approval failure"); - auth_close(as); - login_close(lc); - - cp = strrchr(pwd->pw_shell, '/'); - if (cp) - cp++; - else - cp = pwd->pw_shell; - endpwent(); - if (log_success || pwd->pw_uid == 0) { - syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", - remuser, hostname, locuser, cmdbuf); - } - execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL); - perror(pwd->pw_shell); - exit(1); -} - -/* - * Report error to client. Note: can't be used until second socket has - * connected to client, or older clients will hang waiting for that - * connection first. - */ -void -error(const char *fmt, ...) -{ - va_list ap; - int len; - char *bp, buf[BUFSIZ]; - - va_start(ap, fmt); - bp = buf; - if (sent_null == 0) { - *bp++ = 1; - len = 1; - } else - len = 0; - (void)vsnprintf(bp, sizeof(buf) - len, fmt, ap); - (void)write(STDERR_FILENO, buf, len + strlen(bp)); - va_end(ap); -} - -void -getstr(char *buf, int cnt, char *err) -{ - char c; - - do { - if (read(STDIN_FILENO, &c, 1) != 1) - exit(1); - *buf++ = c; - if (--cnt == 0) { - error("%s too long\n", err); - exit(1); - } - } while (c != 0); -} - -/* - * Check whether host h is in our local domain, - * defined as sharing the last two components of the domain part, - * or the entire domain part if the local domain has only one component. - * If either name is unqualified (contains no '.'), - * assume that the host is local, as it will be - * interpreted as such. - */ -int -local_domain(char *h) -{ - char localhost[MAXHOSTNAMELEN]; - char *p1, *p2; - - localhost[0] = 0; - (void) gethostname(localhost, sizeof(localhost)); - p1 = topdomain(localhost); - p2 = topdomain(h); - if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2)) - return (1); - return (0); -} - -char * -topdomain(char *h) -{ - char *p, *maybe = NULL; - int dots = 0; - - for (p = h + strlen(h); p >= h; p--) { - if (*p == '.') { - if (++dots == 2) - return (p); - maybe = p; - } - } - return (maybe); -} - -void -usage(void) -{ - syslog(LOG_ERR, "usage: rshd [-aLln]"); - exit(2); -} -- 2.20.1