Index: configure
===================================================================
--- configure (nonexistent)
+++ configure (revision 5)
@@ -0,0 +1,597 @@
+#!/bin/sh
+#
+# This file was generated by confgen version 2.
+# Do not edit.
+#
+
+PREFIX='/usr'
+#EXECPREFIX='$PREFIX'
+INSTALLROOT=''
+BINMODE='755'
+#DAEMONMODE='$BINMODE'
+MANMODE='644'
+SUIDMODE='4755'
+
+while [ x$1 != x ]; do case $1 in
+
+ --help)
+ cat <<EOF
+Usage: configure [options]
+ --help Show this message
+ --with-debug Enable debugging
+ --without-pam Disable PAM support
+ --without-shadow Disable shadow password support
+ --prefix=path Prefix for location of files [/usr]
+ --exec-prefix=path Location for arch-depedent files [prefix]
+ --installroot=root Top of filesystem tree to install in [/]
+ --binmode=mode Mode for binaries [755]
+ --daemonmode=mode Mode for daemon binaries [same as binmode]
+ --manmode=mode Mode for manual pages [644]
+ --suidmode=mode Mode for setuid programs [4755]
+ --with-c-compiler=cc Program for compiling C source [guessed]
+EOF
+ exit 0;;
+ --verbose) ;;
+ --quiet) ;;
+
+ --subdir) . ../configure.defs;;
+
+ --with-debug|--debug) DEBUG=1;;
+ --prefix=*) PREFIX=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --exec-prefix=*) EXECPREFIX=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --installroot=*) INSTALLROOT=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --binmode=*) BINMODE=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --daemonmode=*) DAEMONMODE=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --manmode=*) MANMODE=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --suidmode=*) SUIDMODE=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --with-c-compiler=*) CC=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --without-pam|--disable-pam) WITHOUT_PAM=1;;
+ --without-shadow|--disable-shadow) WITHOUT_SHADOW=1;;
+ *) echo "Unrecognized option: $1"; exit 1;;
+esac
+shift
+done
+
+if [ x$EXECPREFIX = x ]; then
+ EXECPREFIX="$PREFIX"
+fi
+
+if [ x$DAEMONMODE = x ]; then
+ DAEMONMODE="$BINMODE"
+fi
+
+BINDIR="$EXECPREFIX/bin"
+SBINDIR="$EXECPREFIX/sbin"
+MANDIR="$PREFIX/share/man"
+
+echo "Directories: $BINDIR $SBINDIR $MANDIR "
+
+if [ x$INSTALLROOT != x ]; then
+ echo "Installing in chroot tree rooted at $INSTALLROOT"
+fi
+
+##################################################
+
+WARNINGS='-Wall -W -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline '
+
+cat << EOF > __conftest.c
+ int main() { int class=0; return class; }
+EOF
+
+if [ x"$CC" = x ]; then
+ echo -n 'Looking for a C compiler... '
+ for TRY in egcs gcc g++ CC c++ cc; do
+ (
+ $TRY __conftest.c -o __conftest || exit 1;
+# ./__conftest || exit 1;
+ ) >/dev/null 2>&1 || continue;
+ CC=$TRY
+ break;
+ done
+ if [ x"$CC" = x ]; then
+ echo 'failed.'
+ echo 'Cannot find a C compiler. Run configure with --with-c-compiler.'
+ rm -f __conftest*
+ exit
+ fi
+ echo "$CC"
+else
+ echo -n 'Checking if C compiler works... '
+ if (
+ $CC __conftest.c -o __conftest || exit 1
+# ./__conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ else
+ echo 'no'
+ echo 'Compiler '"$CC"' does not exist or cannot compile C; try another.'
+ rm -f __conftest*
+ exit
+ fi
+fi
+
+echo -n "Checking if $CC accepts gcc warnings... "
+if (
+ $CC $WARNINGS __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ CC_WARNINGS=1
+else
+ echo 'no'
+fi
+
+if [ x$DEBUG = x ]; then
+ echo -n "Checking if $CC accepts -O2... "
+ if (
+ $CC -O2 __conftest.c -o __conftest
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ CFLAGS="$CFLAGS -O2"
+ else
+ echo 'no'
+ echo -n "Checking if $CC accepts -O... "
+ if (
+ $CC -O __conftest.c -o __conftest
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ CFLAGS="$CFLAGS -O"
+ else
+ echo 'no'
+ fi
+ fi
+
+else
+ echo -n "Checking if $CC accepts -g... "
+ if (
+ $CC -g __conftest.c -o __conftest
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ CFLAGS="$CFLAGS -g"
+ else
+ echo 'no'
+ fi
+
+fi
+
+LDFLAGS=$LDFLAGS
+LIBS=$LIBS
+
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for BSD signal semantics... '
+cat <<EOF >__conftest.c
+#include <unistd.h>
+#include <signal.h>
+int count=0;
+void handle(int foo) { count++; }
+int main() {
+ int pid=getpid();
+ signal(SIGINT, handle);
+ kill(pid,SIGINT);
+ kill(pid,SIGINT);
+ kill(pid,SIGINT);
+ if (count!=3) return 1;
+ return 0;
+}
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -o __conftest || exit 1
+# ./__conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+else
+ if (
+ $CC $CFLAGS -D__USE_BSD_SIGNAL __conftest.c -o __conftest || exit 1
+# ./__conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-D__USE_BSD_SIGNAL'
+ CFLAGS="$CFLAGS -D__USE_BSD_SIGNAL"
+ else
+ echo 'no'
+ echo 'This package needs BSD signal semantics to run.'
+ rm -f __conftest*
+ exit
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for ncurses... '
+cat <<EOF >__conftest.c
+#include <stdio.h>
+#include <curses.h>
+#ifndef KEY_DOWN
+syntax error. /* not ncurses */
+#endif
+int main() {
+ endwin();
+ return 0;
+}
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -lncurses -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ NCURSES=1
+else
+ if (
+ $CC $CFLAGS -I/usr/include/ncurses __conftest.c -lncurses -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-I/usr/include/ncurses'
+ CFLAGS="$CFLAGS -I/usr/include/ncurses"
+ NCURSES=1
+ else
+ echo 'no'
+ fi
+fi
+
+if [ x$NCURSES != x ]; then
+ LIBTERMCAP=-lncurses
+else
+ echo -n 'Checking for traditional termcap... '
+cat <<EOF >__conftest.c
+#include <stdio.h>
+#include <termcap.h>
+int main() {
+ tgetent(NULL, NULL); return 0;
+}
+
+EOF
+ if (
+ $CC $CFLAGS __conftest.c -ltermcap -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-ltermcap'
+ LIBTERMCAP=-ltermcap
+ else
+ echo 'not found'
+ echo 'This package needs termcap to run.'
+ rm -f __conftest*
+ exit
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for GNU libc... '
+cat <<EOF >__conftest.c
+#include <stdio.h>
+#if defined(__GLIBC__) && (__GLIBC__ >= 2)
+int tester;
+#endif
+int main() { tester=6; return 0; }
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ USE_GLIBC=1
+else
+ echo 'no'
+fi
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for PAM... '
+if [ x$WITHOUT_PAM != x ]; then
+ echo disabled
+else
+cat <<EOF >__conftest.c
+#include <stdio.h>
+#include <security/pam_appl.h>
+int main() {
+ pam_start("configure", "nobody", NULL, NULL);
+ return 0;
+}
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -ldl -lpam -lpam_misc -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ USE_PAM=1
+ else
+ echo 'no'
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+if [ x$USE_PAM = x ]; then
+ echo -n 'Checking for shadow... '
+ if [ x$WITHOUT_SHADOW != x ]; then
+ echo disabled
+ else
+cat <<EOF >__conftest.c
+#include <stdio.h>
+#include <shadow.h>
+int main() {
+ getspnam("nobody");
+ return 0;
+}
+
+EOF
+ if (
+ $CC $CFLAGS __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+ USE_SHADOW=1
+ LIBSHADOW=
+ else
+ if (
+ $CC $CFLAGS __conftest.c -lshadow -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-lshadow'
+ USE_SHADOW=1
+ LIBSHADOW=-lshadow
+ else
+ echo 'no'
+ fi
+ fi
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for crypt... '
+cat <<EOF >__conftest.c
+int main() { crypt("aa", "bb"); }
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+else
+ if (
+ $CC $CFLAGS __conftest.c -lcrypt -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-lcrypt'
+ LIBS="$LIBS -lcrypt"
+ else
+ echo 'no'
+ echo 'This package requires crypt.'
+ rm -f __conftest*
+ exit
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for forkpty... '
+cat <<EOF >__conftest.c
+#include <pty.h>
+int main() { forkpty(0, 0, 0, 0); }
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+else
+ if (
+ $CC $CFLAGS __conftest.c -lutil -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-lutil'
+ LIBS="$LIBS -lutil"
+ else
+ if (
+ $CC $CFLAGS __conftest.c -lbsd -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-lbsd'
+ LIBBSD="-lbsd"
+ else
+ echo 'no'
+ echo 'This package requires forkpty.'
+ rm -f __conftest*
+ exit
+ fi
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for logwtmp... '
+cat <<EOF >__conftest.c
+#ifdef __cplusplus
+extern "C"
+#endif
+void logwtmp(const char *, const char *, const char *);
+int main() { logwtmp(0, 0, 0); }
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+else
+ if (
+ $CC $CFLAGS __conftest.c -lutil -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-lutil'
+ LIBS="$LIBS -lutil"
+ else
+ if (
+ $CC $CFLAGS __conftest.c -lbsd -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-lbsd'
+ LIBBSD="-lbsd"
+ else
+ echo 'no'
+ echo 'This package requires logwtmp.'
+ rm -f __conftest*
+ exit
+ fi
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for socklen_t... '
+cat <<EOF >__conftest.c
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+int main() {
+ struct sockaddr_in sn;
+ socklen_t len = sizeof(sn);
+ getpeername(0, (struct sockaddr *)&sn, &len);
+ return 0;
+}
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'yes'
+else
+ if (
+ $CC $CFLAGS -Dsocklen_t=int __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'int'
+ CFLAGS="$CFLAGS -Dsocklen_t=int"
+ else
+ if (
+ $CC $CFLAGS -Dsocklen_t=size_t __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'size_t'
+ CFLAGS="$CFLAGS -Dsocklen_t=size_t"
+ else
+ echo 'no'
+ echo 'Cannot work out what to use for socklen_t. Help...'
+ rm -f __conftest*
+ exit
+ fi
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+echo -n 'Checking for snprintf declaration... '
+cat <<EOF >__conftest.c
+#include <stdio.h>
+int main() {
+ void *x = (void *)snprintf;
+ printf("%lx", (long)x);
+ return 0;
+}
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c -o __conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'ok'
+else
+ if (
+ $CC $CFLAGS -D_GNU_SOURCE __conftest.c -o __conftest || exit 1
+# ./__conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-D_GNU_SOURCE'
+ CFLAGS="$CFLAGS -D_GNU_SOURCE"
+ else
+ echo 'manual'
+ CFLAGS="$CFLAGS -DDECLARE_SNPRINTF"
+ fi
+fi
+rm -f __conftest*
+
+echo -n 'Checking for snprintf implementation... '
+cat <<EOF >__conftest.c
+#include <stdio.h>
+#include <string.h>
+#ifdef DECLARE_SNPRINTF
+#ifdef __cplusplus
+extern "C"
+#endif /*__cplusplus*/
+int snprintf(char *, int, const char *, ...);
+#endif /*DECLARE_SNPRINTF*/
+int main() {
+ char buf[32];
+ snprintf(buf, 8, "%s", "1234567890");
+ if (strlen(buf)!=7) return 1;
+ return 0;
+}
+
+EOF
+if (
+ $CC $CFLAGS __conftest.c $LIBBSD -o __conftest || exit 1
+# ./__conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo 'ok'
+else
+ if (
+ $CC $CFLAGS __conftest.c -lsnprintf $LIBBSD -o __conftest || exit 1
+# ./__conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-lsnprintf'
+ LIBS="$LIBS -lsnprintf"
+ else
+ if (
+ $CC $CFLAGS __conftest.c -ldb $LIBBSD -o __conftest || exit 1
+# ./__conftest || exit 1
+ ) >/dev/null 2>&1; then
+ echo '-ldb'
+ LIBS="$LIBS -ldb"
+ else
+ echo 'missing'
+ echo 'This package requires snprintf.'
+ rm -f __conftest*
+ exit
+ fi
+ fi
+fi
+rm -f __conftest*
+
+##################################################
+
+## libbsd should go last in case it's broken
+if [ "x$LIBBSD" != x ]; then
+ LIBS="$LIBS $LIBBSD"
+fi
+
+echo 'Generating MCONFIG...'
+(
+ echo -n '# Generated by configure (confgen version 2) on '
+ date
+ echo '#'
+ echo
+
+ echo "BINDIR=$BINDIR"
+ echo "SBINDIR=$SBINDIR"
+ echo "MANDIR=$MANDIR"
+ echo "BINMODE=$BINMODE"
+ echo "DAEMONMODE=$DAEMONMODE"
+ echo "MANMODE=$MANMODE"
+ echo "SUIDMODE=$SUIDMODE"
+ echo "PREFIX=$PREFIX"
+ echo "EXECPREFIX=$EXECPREFIX"
+ echo "INSTALLROOT=$INSTALLROOT"
+ echo "CC=$CC"
+ if [ x$CC_WARNINGS != x ]; then
+ CFLAGS="$CFLAGS $WARNINGS"
+ fi
+
+ echo "CFLAGS=$CFLAGS" | sed 's/= */=/'
+ echo "LDFLAGS=$LDFLAGS" | sed 's/= */=/'
+ echo "LIBS=$LIBS" | sed 's/= */=/'
+
+ echo "LIBTERMCAP=$LIBTERMCAP"
+ echo "USE_GLIBC=$USE_GLIBC"
+ echo "USE_PAM=$USE_PAM"
+ echo "USE_SHADOW=$USE_SHADOW"
+ echo "LIBSHADOW=$LIBSHADOW"
+) > MCONFIG
+
Property changes on: configure
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: rexecd/rexecd.c
===================================================================
--- rexecd/rexecd.c (nonexistent)
+++ rexecd/rexecd.c (revision 5)
@@ -0,0 +1,471 @@
+/*
+ * Copyright (c) 1983 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *
+ * 1-14-99 Karl R. Hakimian <hakimian@eecs.wsu.edu>
+ *
+ * While the headers in this file claim only the purest decent from
+ * their BSD roots, this program has had unspeakable things done to it
+ * over the years. I have tried to clean things up and get them working
+ * again.
+ *
+ * Put the port connect back to the client back where it belongs.
+ * Replaced fork and coping data from stderr to error socket with a
+ * dup2 of the error socket onto stderr. This code was in the BSD code,
+ * but does not seem to be necessary and is broken under Linux
+ * removed file descriptor from doit call. Not needed. f = 0 assumed
+ * throughout
+ * Removed unused variables.
+ *
+ * 3-31-99 Karl R. Hakimian <hakimian@eecs.wsu.edu>
+ *
+ * Fixed problem where stderr socket can be left open if a daemon is
+ * called from rexecd.
+ *
+ * KRH
+ */
+
+char copyright[] =
+ "@(#) Copyright (c) 1983 The Regents of the University of California.\n"
+ "All rights reserved.\n";
+
+/*
+ * From: @(#)rexecd.c 5.12 (Berkeley) 2/25/91
+ */
+char rcsid[] =
+ "$Id: rexecd.c,v 1.29 2000/07/23 04:16:22 dholland Exp $";
+#include "../version.h"
+
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <signal.h>
+#include <netdb.h>
+#include <pwd.h>
+#include <errno.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <crypt.h> /* apparently necessary in some glibcs */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include <grp.h>
+
+#ifdef USE_SHADOW
+#include <shadow.h>
+#endif
+
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#endif
+
+#define _PATH_FTPUSERS "/etc/ftpusers"
+
+#ifdef TCP_WRAPPER
+#include <syslog.h>
+#include "log_tcp.h"
+struct from_host from_host;
+#endif
+
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_WARNING;
+
+
+/*
+ * remote execute server:
+ * username\0
+ * password\0
+ * command\0
+ * data
+ */
+
+static void fatal(const char *);
+static void doit(struct sockaddr_in *fromp);
+static void getstr(char *buf, int cnt, const char *err);
+
+static const char *remote = NULL;
+
+int
+main(int argc, char **argv)
+{
+ struct sockaddr_in from;
+ socklen_t fromlen;
+
+ (void)argc;
+
+ fromlen = sizeof(from);
+
+ if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
+ fprintf(stderr, "rexecd: getpeername: %s\n", strerror(errno));
+ return 1;
+ }
+
+ openlog(argv[0], LOG_PID, LOG_DAEMON);
+
+#ifdef TCP_WRAPPER
+ /* Find out and report the remote host name. */
+ /* I don't think this works. -- dholland */
+ if (fromhost(&from_host) < 0 || !hosts_access(argv[0], &from_host))
+ refuse(&from_host);
+ remote = hosts_info(&from_host);
+#else
+ {
+ struct hostent *h = gethostbyaddr((const char *)&from.sin_addr,
+ sizeof(struct in_addr),
+ AF_INET);
+ if (!h || !h->h_name) {
+ write(0, "\1Where are you?\n", 16);
+ return 1;
+ }
+ /* Be advised that this may be utter nonsense. */
+ remote = strdup(h->h_name);
+ }
+#endif
+ syslog(allow_severity, "connect from %.128s", remote);
+ doit(&from);
+ return 0;
+}
+
+char username[20] = "USER=";
+char homedir[64] = "HOME=";
+char shell[64] = "SHELL=";
+char path[sizeof(_PATH_DEFPATH) + sizeof("PATH=")] = "PATH=";
+char *envinit[] =
+ {homedir, shell, path, username, 0};
+char **myenviron;
+
+#ifdef USE_PAM
+static char *PAM_username;
+static char *PAM_password;
+
+static int PAM_conv (int num_msg,
+ const struct pam_message **msg,
+ struct pam_response **resp,
+ void *appdata_ptr) {
+ int count = 0, replies = 0;
+ struct pam_response *reply = NULL;
+ int size = sizeof(struct pam_response);
+
+ appdata_ptr = appdata_ptr;
+
+#define GET_MEM if (reply) realloc(reply, size); else reply = malloc(size); \
+ if (!reply) return PAM_CONV_ERR; \
+ size += sizeof(struct pam_response)
+#define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+ for (count = 0; count < num_msg; count++) {
+ GET_MEM;
+ switch (msg[count]->msg_style) {
+ case PAM_PROMPT_ECHO_ON:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies++].resp = COPY_STRING(PAM_username);
+ /* PAM frees resp */
+ break;
+ case PAM_PROMPT_ECHO_OFF:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies++].resp = COPY_STRING(PAM_password);
+ /* PAM frees resp */
+ break;
+ case PAM_TEXT_INFO:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies++].resp = NULL;
+ /* ignore it... */
+ break;
+ case PAM_ERROR_MSG:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies++].resp = NULL;
+ /* Must be an error of some sort... */
+ default:
+ return PAM_CONV_ERR;
+ }
+ }
+ if (reply) *resp = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv PAM_conversation = {
+ &PAM_conv,
+ NULL
+};
+#endif /* USE_PAM */
+
+
+static void
+doit(struct sockaddr_in *fromp)
+{
+ char *cmdbuf;
+ long cmdbuflen;
+ char user[16], pass[16];
+ struct passwd *pwd;
+ int s = -1;
+ u_short port;
+ const char *theshell;
+ const char *cp2;
+ int ifd;
+#ifdef USE_PAM
+ pam_handle_t *pamh;
+ int pam_error;
+#else /* !USE_PAM */
+ char *namep, *cp;
+#ifdef RESTRICT_FTP
+ char buf[BUFSIZ];
+ FILE *fp;
+#endif
+#endif /* USE_PAM */
+
+ cmdbuflen = sysconf (_SC_ARG_MAX);
+ if (!(cmdbuflen > 0)) {
+ syslog (LOG_ERR, "sysconf (_SC_ARG_MAX) failed");
+ fatal ("sysconf (_SC_ARG_MAX) failed\n");
+ }
+
+ cmdbuf = malloc (++cmdbuflen);
+ if (cmdbuf == NULL) {
+ syslog (LOG_ERR, "Could not allocate space for cmdbuf");
+ fatal ("Could not allocate space for cmdbuf\n");
+ }
+
+ signal(SIGINT, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+#ifdef DEBUG
+ { int t = open(_PATH_TTY, 2);
+ if (t >= 0) {
+ ioctl(t, TIOCNOTTY, NULL);
+ close(t);
+ }
+ }
+#endif
+
+/* copy socket to stdout and stderr KRH */
+ dup2(0, 1);
+ dup2(0, 2);
+ alarm(60);
+ port = 0;
+ for (;;) {
+ char c;
+ if (read(0, &c, 1) != 1)
+ exit(1);
+ if (c == 0)
+ break;
+ port = port * 10 + c - '0';
+ }
+ alarm(0);
+
+/*
+ We must connect back to the client here if a port was provided. KRH
+*/
+ if (port != 0) {
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if (s < 0)
+ exit(1);
+
+#if 0 /* this shouldn't be necessary */
+ struct sockaddr_in asin = { AF_INET };
+ if (bind(s, (struct sockaddr *)&asin, sizeof (asin)) < 0)
+ exit(1);
+#endif
+ alarm(60);
+ fromp->sin_port = htons(port);
+ if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0)
+ exit(1);
+ alarm(0);
+ }
+
+ getstr(user, sizeof(user), "username too long\n");
+ getstr(pass, sizeof(pass), "password too long\n");
+ getstr(cmdbuf, cmdbuflen, "command too long\n");
+#ifdef USE_PAM
+ #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
+ pam_end(pamh, pam_error); exit(1); \
+ }
+ PAM_username = user;
+ PAM_password = pass;
+ pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh);
+ PAM_BAIL;
+ pam_error = pam_authenticate(pamh, 0);
+ PAM_BAIL;
+ pam_error = pam_acct_mgmt(pamh, 0);
+ PAM_BAIL;
+ pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ PAM_BAIL;
+ pam_end(pamh, PAM_SUCCESS);
+ /* If this point is reached, the user has been authenticated. */
+ setpwent();
+ pwd = getpwnam(user);
+ endpwent();
+#else /* !USE_PAM */
+ /* All of the following issues are dealt with in the PAM configuration
+ file, so put all authentication/priviledge checks before the
+ corresponding #endif below. */
+
+ setpwent();
+ pwd = getpwnam(user);
+ if (pwd == NULL) {
+ /* Log failed attempts. */
+ syslog(LOG_ERR, "LOGIN FAILURE from %.128s, %s", remote, user);
+ fatal("Login incorrect.\n");
+ }
+ endpwent();
+#ifdef USE_SHADOW
+ {
+ struct spwd *sp = getspnam(pwd->pw_name);
+ endspent();
+ if (sp) {
+ pwd->pw_passwd = sp->sp_pwdp;
+ }
+ }
+#endif
+ if (*pwd->pw_passwd != '\0') {
+ namep = crypt(pass, pwd->pw_passwd);
+ if (strcmp(namep, pwd->pw_passwd)) {
+ /* Log failed attempts. */
+ syslog(LOG_ERR, "LOGIN FAILURE from %.128s, %s",
+ remote, user);
+ fatal("Login incorrect.\n");
+ }
+ }
+
+ /* Erase the cleartext password from memory. */
+ memset(pass, 0, sizeof(pass));
+ /* Clear out crypt()'s internal state, too. */
+ crypt("flurgle", pwd->pw_passwd);
+
+ /* Disallow access to root account. */
+ if (pwd->pw_uid == 0) {
+ syslog(LOG_ERR, "%s LOGIN REFUSED from %.128s", user, remote);
+ fatal("Login incorrect.\n");
+ }
+#ifdef RESTRICT_FTP
+ /* Disallow access to accounts in /etc/ftpusers. */
+ fp = fopen(_PATH_FTPUSERS, "r");
+ if (fp != NULL) {
+ while (fgets(buf, sizeof(buf), fp) != NULL) {
+ if ((cp = strchr(buf, '\n')) != NULL)
+ *cp = '\0';
+ if (strcmp(buf, pwd->pw_name) == 0) {
+ syslog(LOG_ERR, "%s LOGIN REFUSED from %.128s",
+ user, remote);
+ fatal("Login incorrect.\n");
+ }
+ }
+ fclose(fp);
+ }
+ else syslog(LOG_ERR, "cannot open /etc/ftpusers");
+#endif
+#endif /* !USE_PAM */
+
+ /* Log successful attempts. */
+ syslog(LOG_INFO, "login from %.128s as %s", remote, user);
+
+ if (chdir(pwd->pw_dir) < 0) {
+ fatal("No remote directory.\n");
+ }
+
+ write(2, "\0", 1);
+ if (port) {
+ /* If we have a port, dup STDERR on that port KRH */
+ close(2);
+ dup2(s, 2);
+ /*
+ * We no longer need s, close it so we don't leave it
+ * behind for a daemon.
+ */
+ close (s);
+ }
+ if (*pwd->pw_shell == 0) {
+ /* Shouldn't we deny access? (Can be done by PAM KRH) */
+ theshell = _PATH_BSHELL;
+ }
+ else theshell = pwd->pw_shell;
+ /* shouldn't we check /etc/shells? (Can be done by PAM KRH) */
+
+ if (setgid(pwd->pw_gid)) {
+ perror("setgid");
+ exit(1);
+ }
+ if (initgroups(pwd->pw_name, pwd->pw_gid)) {
+ perror("initgroups");
+ exit(1);
+ }
+ if (setuid(pwd->pw_uid)) {
+ perror("setuid");
+ exit(1);
+ }
+
+ strcat(path, _PATH_DEFPATH);
+ myenviron = envinit;
+ strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
+ strncat(shell, theshell, sizeof(shell)-7);
+ strncat(username, pwd->pw_name, sizeof(username)-6);
+ cp2 = strrchr(theshell, '/');
+ if (cp2) cp2++;
+ else cp2 = theshell;
+
+ /*
+ * Close all fds, in case libc has left fun stuff like
+ * /etc/shadow open.
+ */
+ for (ifd = getdtablesize()-1; ifd > 2; ifd--) close(ifd);
+
+ execle(theshell, cp2, "-c", cmdbuf, 0, myenviron);
+ perror(theshell);
+ exit(1);
+}
+
+static void
+fatal(const char *msg)
+{
+ char x = 1;
+ write(2, &x, 1);
+ write(2, msg, strlen(msg));
+ exit(1);
+}
+
+static void
+getstr(char *buf, int cnt, const char *err)
+{
+ char c;
+
+ do {
+ if (read(0, &c, 1) != 1)
+ exit(1);
+ *buf++ = c;
+ if (--cnt <= 0) {
+ fatal(err);
+ }
+ } while (c != 0);
+}
+
Index: rexecd
===================================================================
--- rexecd (nonexistent)
+++ rexecd (revision 5)
Property changes on: rexecd
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: rlogin/rlogin.c
===================================================================
--- rlogin/rlogin.c (nonexistent)
+++ rlogin/rlogin.c (revision 5)
@@ -0,0 +1,883 @@
+/*
+ * Copyright (c) 1983, 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+char copyright[] =
+ "@(#) Copyright (c) 1983, 1990 The Regents of the University of California.\n"
+ "All rights reserved.\n";
+
+/*
+ * From: @(#)rlogin.c 5.33 (Berkeley) 3/1/91
+ * Header: mit/rlogin/RCS/rlogin.c,v 5.2 89/07/26 12:11:21 kfall
+ * Exp Locker: kfall
+ */
+char rcsid[] =
+ "$Id: rlogin.c,v 1.20 2000/07/23 04:16:22 dholland Exp $";
+#include "../version.h"
+
+/*
+ * rlogin - remote login
+ */
+#include <stdio.h>
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <signal.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sys/wait.h>
+#include <sys/ioctl.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netdb.h>
+#include <termios.h>
+#include <setjmp.h>
+#include <errno.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+/*
+ * rlogin has problems with urgent data when logging into suns which
+ * results in the connection being closed with an IO error. SUN_KLUDGE
+ * is a work around - the actual bug is probably in tcp.c in the kernel, but
+ * I haven't managed to find it yet.
+ * Andrew.Tridgell@anu.edu.au (12th March 1993)
+ *
+ * This should all be ancient history now.
+ * dholland@hcs.harvard.edu (15-Jul-1996)
+ */
+#if 0
+#define SUN_KLUDGE
+#endif
+
+#ifndef TIOCPKT_WINDOW
+#define TIOCPKT_WINDOW 0x80
+#endif
+
+#ifndef TIOCPKT_FLUSHWRITE
+#define TIOCPKT_FLUSHWRITE 0x02
+#define TIOCPKT_NOSTOP 0x10
+#define TIOCPKT_DOSTOP 0x20
+#endif
+
+/* concession to Sun */
+#ifndef SIGUSR1
+#define SIGUSR1 30
+#endif
+
+struct termios defmodes;
+struct termios ixon_state;
+static int eight, litout, rem;
+
+static int noescape;
+static u_char escapechar = '~';
+
+static int childpid;
+
+static char defkill, defquit, defstart, defstop, defeol, defeof, defintr;
+static char defsusp, defdsusp, defreprint, defdiscard, defwerase, deflnext;
+
+
+
+#ifdef sun
+struct winsize {
+ unsigned short ws_row, ws_col;
+ unsigned short ws_xpixel, ws_ypixel;
+};
+#endif
+struct winsize winsize;
+
+#ifndef sun
+#define get_window_size(fd, wp) ioctl(fd, TIOCGWINSZ, wp)
+#endif
+
+static void mode(int f);
+static void stop(char cmdc);
+static void usage(void);
+static void doit(long omask);
+static void done(int status);
+static void writer(void);
+static int reader(int omask);
+static void msg(const char *str);
+static void setsignal(int sig, void (*act)(int));
+static void sendwindow(void);
+static void echo(char c);
+static void stop(char cmdc);
+static void catch_child(int);
+static void copytochild(int);
+static void writeroob(int);
+static void lostpeer(int);
+static u_char getescape(const char *p);
+
+/*
+ * It is beyond me why code of this nature should be necessary.
+ * Why can't termios hand back an integer?
+ */
+static const char *getspeedstr(speed_t speed)
+{
+ switch(speed) {
+ case B0: return "0";
+ case B50: return "50";
+ case B75: return "75";
+ case B110: return "110";
+ case B134: return "134";
+ case B150: return "150";
+ case B200: return "200";
+ case B300: return "300";
+ case B600: return "600";
+ case B1200: return "1200";
+ case B1800: return "1800";
+ case B2400: return "2400";
+ case B4800: return "4800";
+ case B9600: return "9600";
+ case B19200: return "19200";
+ case B38400: return "38400";
+ case B57600: return "57600";
+ case B115200: return "115200";
+ case B230400: return "230400";
+ case B460800: return "460800";
+ }
+ return "9600";
+}
+
+int
+main(int argc, char **argv)
+{
+ struct passwd *pw;
+ struct servent *sp;
+ struct termios tios;
+
+ long omask;
+ int argoff, ch, dflag, one, uid;
+ char *host, *p, *user, term[1024];
+ const char *t;
+ char *null = NULL;
+
+ argoff = dflag = 0;
+ one = 1;
+ host = user = NULL;
+
+ if ((p = strrchr(argv[0], '/'))!=NULL)
+ ++p;
+ else
+ p = argv[0];
+
+ if (strcmp(p, "rlogin"))
+ host = p;
+
+ /* handle "rlogin host flags" */
+ if (!host && argc > 2 && argv[1][0] != '-') {
+ host = argv[1];
+ argoff = 1;
+ }
+
+#define OPTIONS "8EKLde:l:"
+ while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
+ switch(ch) {
+ case '8':
+ eight = 1;
+ break;
+ case 'E':
+ noescape = 1;
+ break;
+ case 'K':
+ break;
+ case 'L':
+ litout = 1;
+ break;
+ case 'd':
+ dflag = 1;
+ break;
+ case 'e':
+ escapechar = getescape(optarg);
+ break;
+ case 'l':
+ user = optarg;
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ optind += argoff;
+ argc -= optind;
+ argv += optind;
+
+ /* if haven't gotten a host yet, do so */
+ if (!host && !(host = *argv++))
+ usage();
+
+ if (*argv)
+ usage();
+
+ if (!(pw = getpwuid(uid = getuid()))) {
+ fprintf(stderr, "rlogin: unknown user id.\n");
+ exit(1);
+ }
+ if (!user)
+ user = pw->pw_name;
+
+ sp = NULL;
+ if (sp == NULL)
+ sp = getservbyname("login", "tcp");
+ if (sp == NULL) {
+ fprintf(stderr, "rlogin: login/tcp: unknown service.\n");
+ exit(1);
+ }
+
+ t = getenv("TERM");
+ if (!t) t = "network";
+ if (tcgetattr(0, &tios) == 0) {
+ speed_t speed = cfgetispeed(&tios);
+ const char *speedstr = getspeedstr(speed);
+ snprintf(term, sizeof(term), "%.256s/%s", t, speedstr);
+ }
+ else snprintf(term, sizeof(term), "%.256s", t);
+
+ __environ = &null;
+
+ get_window_size(0, &winsize);
+
+ /*
+ * Moved before rcmd call so that if get a SIGPIPE in rcmd
+ * we will have the defmodes set already.
+ */
+ tcgetattr(0, &defmodes);
+ tcgetattr(0, &ixon_state);
+
+ signal(SIGPIPE, lostpeer);
+ /* will use SIGUSR1 for window size hack, so hold it off */
+ omask = sigblock(sigmask(SIGURG) | sigmask(SIGUSR1));
+
+ rem = rcmd(&host, sp->s_port, pw->pw_name, user, term, 0);
+
+ if (rem < 0) exit(1);
+
+ if (dflag) {
+ if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, &one, sizeof(one)) < 0)
+ fprintf(stderr, "rlogin: setsockopt(SO_DEBUG): %s.\n",
+ strerror(errno));
+ }
+#ifdef IP_TOS
+ one = IPTOS_LOWDELAY;
+ if (setsockopt(rem, IPPROTO_IP, IP_TOS, (char *)&one, sizeof(one)) < 0)
+ fprintf(stderr, "rlogin: setsockopt(TOS): %s.\n",
+ strerror(errno));
+#endif
+ if (setuid(uid)) {
+ fprintf(stderr, "rlogin: setuid: %s\n", strerror(errno));
+ exit(1);
+ }
+
+ doit(omask);
+ /*NOTREACHED*/
+ return 0;
+}
+
+static void
+doit(long omask)
+{
+ struct termios tios;
+
+ tcgetattr(0, &tios);
+
+ tios.c_cc[VMIN] = 1;
+ tios.c_cc[VTIME] = 1;
+
+ defkill = tios.c_cc[VKILL];
+ defquit = tios.c_cc[VQUIT];
+ defstart = tios.c_cc[VSTART];
+ defstop = tios.c_cc[VSTOP];
+ defeol = tios.c_cc[VEOL];
+ defeof = tios.c_cc[VEOF];
+ defintr = tios.c_cc[VINTR];
+ defsusp = tios.c_cc[VSUSP]; /* stop process */
+#ifdef VDSUSP
+ defdsusp = tios.c_cc[VDSUSP]; /* delayed stop process */
+#else
+ defdsusp = (char)0xFF; /* cast 0xFF for 32/64 bit platforms */
+#endif
+ defreprint = tios.c_cc[VREPRINT]; /* rprint line */
+ defdiscard = tios.c_cc[VDISCARD]; /* flush output */
+ defwerase = tios.c_cc[VWERASE]; /* word erase */
+ deflnext = tios.c_cc[VLNEXT]; /* literal next char */
+
+ signal(SIGINT, SIG_IGN);
+ setsignal(SIGHUP, exit);
+ setsignal(SIGQUIT, exit);
+ /*
+ * Do this *before* forking...
+ */
+ signal(SIGCHLD, catch_child);
+
+ childpid = fork();
+ if (childpid == -1) {
+ fprintf(stderr, "rlogin: fork: %s.\n", strerror(errno));
+ done(1);
+ }
+ if (childpid == 0) {
+ mode(1);
+ if (reader(omask) == 0) {
+ msg("connection closed.");
+ exit(0);
+ }
+ sleep(1);
+ msg("\007connection closed.");
+ exit(1);
+ }
+
+ /*
+ * We may still own the socket, and may have a pending SIGURG (or might
+ * receive one soon) that we really want to send to the reader. Set a
+ * trap that simply copies such signals to the child.
+ */
+ signal(SIGURG, copytochild);
+ signal(SIGUSR1, writeroob);
+ sigsetmask(omask);
+#ifdef __linux__
+ /*sleep(1);*/ /* why?!? */
+#endif
+ writer();
+ msg("closed connection.");
+ done(0);
+}
+
+/* trap a signal, unless it is being ignored. */
+static void
+setsignal(int sig, void (*act)(int))
+{
+ int omask = sigblock(sigmask(sig));
+
+ if (signal(sig, act) == SIG_IGN)
+ signal(sig, SIG_IGN);
+ sigsetmask(omask);
+}
+
+static void
+done(int status)
+{
+ int w, wstatus;
+
+ mode(0);
+ if (childpid > 0) {
+ /* make sure catch_child does not snap it up */
+ signal(SIGCHLD, SIG_DFL);
+ if (kill(childpid, SIGKILL) >= 0)
+ while ((w = wait(&wstatus)) > 0 && w != childpid);
+ }
+ exit(status);
+}
+
+int dosigwinch;
+void sigwinch(int);
+
+/*
+ * This is called when the reader process gets the out-of-band (urgent)
+ * request to turn on the window-changing protocol.
+ */
+static void
+writeroob(int ignore)
+{
+ (void)ignore;
+
+ if (dosigwinch == 0) {
+ sendwindow();
+ signal(SIGWINCH, sigwinch);
+ }
+ dosigwinch = 1;
+}
+
+void
+catch_child(int ignore)
+{
+ int status;
+ int pid;
+
+ (void)ignore;
+ for (;;) {
+ pid = wait3(&status,
+ WNOHANG|WUNTRACED, (struct rusage *)0);
+ if (pid == 0)
+ return;
+ /* if the child (reader) dies, just quit */
+ if (pid < 0 || (pid == childpid && !WIFSTOPPED(status)))
+ done((int)(WTERMSIG(status) | WEXITSTATUS(status)));
+ }
+ /* NOTREACHED */
+}
+
+/*
+ * writer: write to remote: 0 -> line.
+ * ~. terminate
+ * ~^Z suspend rlogin process.
+ * ~<delayed-suspend char> suspend rlogin process, but leave reader alone.
+ */
+static void
+writer(void)
+{
+ register int bol, local, n;
+ char c;
+
+ bol = 1; /* beginning of line */
+ local = 0;
+ for (;;) {
+ n = read(STDIN_FILENO, &c, 1);
+ if (n <= 0) {
+ if (n < 0 && errno == EINTR)
+ continue;
+ break;
+ }
+ /*
+ * If we're at the beginning of the line and recognize a
+ * command character, then we echo locally. Otherwise,
+ * characters are echo'd remotely. If the command character
+ * is doubled, this acts as a force and local echo is
+ * suppressed.
+ */
+ if (bol) {
+ bol = 0;
+ if (!noescape && c == escapechar) {
+ local = 1;
+ continue;
+ }
+ } else if (local) {
+ local = 0;
+ if (c == '.' || c == defeof) {
+ echo(c);
+ break;
+ }
+ if (c == defsusp || c == defdsusp) {
+ bol = 1;
+ echo(c);
+ stop(c);
+ continue;
+ }
+ if (c != escapechar)
+ write(rem, &escapechar, 1);
+ }
+
+ if (write(rem, &c, 1) == 0) {
+ msg("line gone");
+ break;
+ }
+ bol = c == defkill || c == defeof ||
+ c == defintr || c == defsusp ||
+ c == '\r' || c == '\n';
+ }
+}
+
+static void
+echo(char c)
+{
+ register char *p;
+ char buf[8];
+
+ p = buf;
+ c &= 0177;
+ *p++ = escapechar;
+ if (c < ' ') {
+ *p++ = '^';
+ *p++ = c + '@';
+ } else if (c == 0177) {
+ *p++ = '^';
+ *p++ = '?';
+ } else
+ *p++ = c;
+ *p++ = '\r';
+ *p++ = '\n';
+ write(STDOUT_FILENO, buf, p - buf);
+}
+
+static void
+stop(char cmdc)
+{
+ mode(0);
+ signal(SIGCHLD, SIG_IGN);
+ kill(cmdc == defsusp ? 0 : getpid(), SIGTSTP);
+ signal(SIGCHLD, catch_child);
+ mode(1);
+ sigwinch(SIGWINCH); /* check for size changes */
+}
+
+void
+sigwinch(int signum)
+{
+ struct winsize ws;
+
+ (void)signum;
+ if (dosigwinch && get_window_size(0, &ws) == 0 &&
+ bcmp(&ws, &winsize, sizeof(ws))) {
+ winsize = ws;
+ sendwindow();
+ }
+#ifdef SUN_KLUDGE
+ signal(SIGWINCH,sigwinch);
+#endif
+}
+
+/*
+ * Send the window size to the server via the magic escape
+ */
+static void
+sendwindow(void)
+{
+ struct winsize *wp;
+ char obuf[4 + sizeof (struct winsize)];
+
+ wp = (struct winsize *)(obuf+4);
+ obuf[0] = (char)0377; /* (char) casts added for 32/64 bit machines */
+ obuf[1] = (char)0377;
+ obuf[2] = (char)'s';
+ obuf[3] = (char)'s';
+ wp->ws_row = htons(winsize.ws_row);
+ wp->ws_col = htons(winsize.ws_col);
+ wp->ws_xpixel = htons(winsize.ws_xpixel);
+ wp->ws_ypixel = htons(winsize.ws_ypixel);
+
+ write(rem, obuf, sizeof(obuf));
+}
+
+/*
+ * reader: read from remote: line -> 1
+ */
+#define READING 1
+#define WRITING 2
+
+static sigjmp_buf rcvtop;
+static int ppid, rcvcnt, rcvstate;
+static char rcvbuf[8 * 1024];
+
+static void
+oob_real(void)
+{
+ struct termios tios;
+
+ int atmark, n, rcvd;
+ unsigned char waste[BUFSIZ], mark;
+
+ rcvd = 0;
+ while (recv(rem, &mark, 1, MSG_OOB) < 0) {
+ sleep(1);
+ switch (errno) {
+ case EWOULDBLOCK:
+ /*
+ * Urgent data not here yet. It may not be possible
+ * to send it yet if we are blocked for output and
+ * our input buffer is full.
+ */
+ if (rcvcnt < (int)sizeof(rcvbuf)) {
+ n = read(rem, rcvbuf + rcvcnt,
+ sizeof(rcvbuf) - rcvcnt);
+ if (n <= 0)
+ return;
+ rcvd += n;
+ } else {
+ n = read(rem, waste, sizeof(waste));
+ if (n <= 0)
+ return;
+ }
+ continue;
+ default:
+ return;
+ }
+ }
+ if (mark & TIOCPKT_WINDOW) {
+ /* Let server know about window size changes */
+ kill(ppid, SIGUSR1);
+ }
+ if (!eight && (mark & TIOCPKT_NOSTOP)) {
+ tcgetattr(0, &tios);
+ tios.c_iflag &= ~IXON;
+/* tios.c_lflag &= ~ICANON; */
+ tcsetattr(0, TCSADRAIN, &tios);
+ }
+ if (!eight && (mark & TIOCPKT_DOSTOP)) {
+ tcgetattr(0, &tios);
+/* tios.c_lflag |= ICANON;*/
+ tios.c_iflag |= IXON;
+ tcsetattr(0, TCSADRAIN, &tios);
+ }
+ if (mark & TIOCPKT_FLUSHWRITE) {
+ tcflush(1, TCOFLUSH);
+
+ for (;;) {
+ if (ioctl(rem, SIOCATMARK, &atmark) < 0) {
+ fprintf(stderr, "rlogin: ioctl: %s.\n",
+ strerror(errno));
+ break;
+ }
+ if (atmark)
+ break;
+ n = read(rem, waste, sizeof (waste));
+ if (n <= 0)
+ break;
+ }
+ /*
+ * Don't want any pending data to be output, so clear the recv
+ * buffer. If we were hanging on a write when interrupted,
+ * don't want it to restart. If we were reading, restart
+ * anyway.
+ */
+ rcvcnt = 0;
+ siglongjmp(rcvtop, 1);
+ }
+
+ /* oob does not do FLUSHREAD (alas!) */
+
+ /*
+ * If we filled the receive buffer while a read was pending, longjmp
+ * to the top to restart appropriately. Don't abort a pending write,
+ * however, or we won't know how much was written.
+ */
+ if (rcvd && rcvstate == READING) {
+ siglongjmp(rcvtop, 1);
+ }
+}
+
+static void oob(int ignore)
+{
+ (void)ignore;
+
+ oob_real();
+#ifdef SUN_KLUDGE
+ signal(SIGURG,oob);
+#endif
+}
+
+
+
+/* reader: read from remote: line -> 1 */
+static int
+reader(int omask)
+{
+ int pid = getpid();
+ int n, remaining;
+ char *volatile bufp = rcvbuf;
+
+ signal(SIGTTOU, SIG_IGN);
+ signal(SIGURG, oob);
+ ppid = getppid();
+/* fcntl(rem, F_SETOWN, pid); */
+ ioctl(rem, SIOCSPGRP, &pid); /* @@@ */
+ sigsetjmp(rcvtop, 1);
+ sigsetmask(omask);
+ for (;;) {
+ while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) {
+ rcvstate = WRITING;
+ n = write(STDOUT_FILENO, bufp, remaining);
+ if (n < 0) {
+ if (errno != EINTR)
+ return -1;
+ continue;
+ }
+ bufp += n;
+ }
+ bufp = rcvbuf;
+ rcvcnt = 0;
+ rcvstate = READING;
+
+ rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf));
+
+/*
+* If we get a EIO from a read then it may mean that we have unread ungent data
+* waiting that is getting in the way. We probably have got more then one lot of
+* urgent data but we only got one SIGURG due to a problem in the kernel tcp.
+* We can try and fix this by sending ourself a SIGURG and pretending the error
+* never occurred. This might be a problem if we really _should_ be getting
+* a EIO for some unrelated reason. (AJT 3/93)
+*
+* Hmm, I just checked this with the current (NET-2e BETA-1) kernel, and
+* it seems that this patch isn't needed anymore. FvK 09/20/93
+*/
+#ifdef XX_SUN_KLUDGE
+ if (rcvcnt < 0 && errno == EIO)
+ {
+ errno = 0;
+ kill(getpid(),SIGURG);
+ continue;
+ }
+#endif
+ if (rcvcnt == 0)
+ return (0);
+ if (rcvcnt < 0) {
+ if (errno == EINTR)
+ continue;
+ fprintf(stderr, "rlogin: read: %s.\n",
+ strerror(errno));
+ return -1;
+ }
+ }
+}
+
+static void
+mode(int f)
+{
+ struct termios tios;
+ tcgetattr(0, &tios);
+
+ switch(f) {
+ case 0:
+ /*
+ * remember whether IXON was set, so it can be restored
+ * when mode(1) is next done
+ */
+ tcgetattr(0, &ixon_state);
+ /*
+ * copy the initial modes we saved into sb; this is
+ * for restoring to the initial state
+ */
+ memcpy(&tios, &defmodes, sizeof(defmodes));
+ break;
+ case 1:
+ /* turn off output mappings */
+ tios.c_oflag &= ~(ONLCR|OCRNL);
+ /*
+ * turn off canonical processing and character echo;
+ * also turn off signal checking -- ICANON might be
+ * enough to do this, but we're being careful
+ */
+ tios.c_lflag &= ~(ECHO|ICANON|ISIG);
+ tios.c_iflag &= ~(ICRNL);
+ tios.c_cc[VTIME] = 1;
+ tios.c_cc[VMIN] = 1;
+ if (eight) tios.c_iflag &= ~(ISTRIP);
+ /* preserve tab delays, but turn off tab-to-space expansion */
+ if ((tios.c_oflag & TABDLY) == TAB3)
+ tios.c_oflag &= ~TAB3;
+ /*
+ * restore current flow control state
+ */
+ if ((ixon_state.c_iflag & IXON) && ! eight) {
+ tios.c_iflag |= IXON;
+ }
+ else {
+ tios.c_iflag &= ~IXON;
+ }
+ tios.c_cc[VSUSP] = 255;
+ tios.c_cc[VEOL] = 255;
+ tios.c_cc[VREPRINT] = 255;
+ tios.c_cc[VDISCARD] = 255;
+ tios.c_cc[VWERASE] = 255;
+ tios.c_cc[VLNEXT] = 255;
+ tios.c_cc[VEOL2] = 255;
+ break;
+ default:
+ return;
+ }
+ tcsetattr(0, TCSADRAIN, &tios);
+}
+
+static void
+lostpeer(int ignore)
+{
+ (void)ignore;
+
+ signal(SIGPIPE, SIG_IGN);
+ msg("\007connection closed.");
+ done(1);
+}
+
+/* copy SIGURGs to the child process. */
+void
+copytochild(int ignore)
+{
+ (void)ignore;
+
+ kill(childpid, SIGURG);
+#ifdef SUN_KLUDGE
+ signal(SIGCHLD,copytochild);
+#endif
+}
+
+static void
+msg(const char *str)
+{
+ fprintf(stderr, "rlogin: %s\r\n", str);
+}
+
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n",
+ "8EL", " ");
+ exit(1);
+}
+
+/*
+ * The following routine provides compatibility (such as it is) between 4.2BSD
+ * Suns and others. Suns have only a `ttysize', so we convert it to a winsize.
+ */
+#ifdef sun
+get_window_size(fd, wp)
+ int fd;
+ struct winsize *wp;
+{
+ struct ttysize ts;
+ int error;
+
+ error = ioctl(0, TIOCGSIZE, &ts);
+ if (error != 0) return error;
+
+ wp->ws_row = ts.ts_lines;
+ wp->ws_col = ts.ts_cols;
+ wp->ws_xpixel = 0;
+ wp->ws_ypixel = 0;
+ return 0;
+}
+#endif
+
+static u_char
+getescape(const char *p)
+{
+ long val;
+ int len;
+
+ if ((len = strlen(p)) == 1) /* use any single char, including '\' */
+ return (u_char)*p;
+ /* otherwise, \nnn */
+ if (*p == '\\' && len >= 2 && len <= 4) {
+ val = strtol(++p, NULL, 8);
+ for (;;) {
+ if (!*++p)
+ return (u_char)val;
+ if (*p < '0' || *p > '8')
+ break;
+ }
+ }
+ msg("illegal option value -- e");
+ usage();
+ /* NOTREACHED */
+ return 0;
+}
Index: rlogin
===================================================================
--- rlogin (nonexistent)
+++ rlogin (revision 5)
Property changes on: rlogin
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: rlogind/auth.c
===================================================================
--- rlogind/auth.c (nonexistent)
+++ rlogind/auth.c (revision 5)
@@ -0,0 +1,246 @@
+/*-
+ * Copyright (c) 1983, 1988, 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stddef.h>
+
+#include "rlogind.h"
+
+#ifdef USE_PAM
+
+/*
+ * Modifications for Linux-PAM: Al Longyear <longyear@netcom.com>
+ * General code clean up: Andrew Morgan <morgan@physics.ucla.edu>
+ * Re-built with #ifdef USE_PAM: Michael K. Johnson <johnsonm@redhat.com>,
+ * Red Hat Software
+ *
+ * The Linux-PAM mailing list (25JUN96) <pam-list@redhat.com>
+ */
+
+#include <syslog.h>
+#include <unistd.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+/* in sockconv.c */
+int sock_conv(int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr);
+
+static pam_handle_t *pamh;
+
+void auth_checkoptions(void) {
+ if (use_rhosts==0 || deny_all_rhosts_hequiv || allow_root_rhosts) {
+ syslog(LOG_ERR, "-l, -L, and -h functionality has been moved to "
+ "pam_rhosts_auth in /etc/pam.conf");
+ }
+}
+
+void auth_finish(void) {
+ if (pamh) {
+ pam_end(pamh, PAM_SUCCESS);
+ pamh = NULL;
+ }
+}
+
+static int attempt_auth(void) {
+ int retval;
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval == PAM_SUCCESS) {
+ retval = pam_acct_mgmt(pamh, 0);
+ }
+ if (retval == PAM_NEW_AUTHTOK_REQD) {
+ retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (retval == PAM_SUCCESS) {
+ /*
+ * Try authentication again if passwd change
+ * succeeded. Don't try again if it didn't;
+ * sysadmin might not want passwords changed
+ * over the net, and might have set password
+ * to pam_deny.so to disable it...
+ *
+ * Hmm. Is it possible for the sysadmin to configure this
+ * for infinite recursion? (That is, will the second attempt
+ * also ever try to change the password?)
+ */
+ retval = attempt_auth();
+ }
+ }
+ return retval;
+}
+
+/*
+ * This function must either die, return -1 on authentication failure,
+ * or return 0 on authentication success. Dying is discouraged.
+ */
+int auth_checkauth(const char *remoteuser, const char *host,
+ char *localuser, size_t localusersize)
+{
+ static struct pam_conv conv = { sock_conv, NULL };
+ struct passwd *pwd;
+ char *ln;
+ int retval;
+
+ retval = pam_start("rlogin", localuser, &conv, &pamh);
+ if (retval != PAM_SUCCESS) {
+ syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retval));
+ fatal(STDERR_FILENO, "initialization failed", 0);
+ }
+
+ pam_set_item(pamh, PAM_USER, localuser);
+ pam_set_item(pamh, PAM_RUSER, remoteuser);
+ pam_set_item(pamh, PAM_RHOST, host);
+ pam_set_item(pamh, PAM_TTY, "tty"); /* ? */
+
+ network_confirm();
+ retval = attempt_auth();
+ if (retval != PAM_SUCCESS) {
+ syslog(LOG_ERR, "PAM authentication failed for in.rlogind");
+ return -1;
+ }
+
+ pam_get_item(pamh, PAM_USER, (const void **)&ln);
+ if (!ln || !*ln) {
+ /*
+ * Authentication wasn't adequate for requirements.
+ * Fall through to login quietly; don't let the
+ * remote user tell if he's found a valid username
+ * or not.
+ */
+ return -1;
+ }
+
+ /*
+ * PAM is apparently willing to change the username on us. (!?)
+ */
+ strncpy(localuser, ln, localusersize-1);
+ localuser[localusersize-1] = 0;
+
+ /*
+ * And, as far as I can tell, this shouldn't be here at all.
+ * /bin/login is supposed to handle this, isn't it? Certainly
+ * the gids. But, allegedly, it's needed.
+ *
+ * I thought PAM was supposed to make this sort of thing _easier_.
+ */
+ pwd = getpwnam(localuser);
+ if (pwd==NULL) {
+ syslog(LOG_ERR, "user returned by PAM does not exist\n");
+ /* don't print this - it tells people which accounts exist */
+ /*fprintf(stderr, "rlogind: internal error\n");*/
+ return -1;
+ }
+ if (setgid(pwd->pw_gid) != 0) {
+ syslog(LOG_ERR, "cannot assume gid for user returned by PAM\n");
+ fprintf(stderr, "rlogind: internal error\n");
+ return -1;
+ }
+ if (initgroups(localuser, pwd->pw_gid) != 0) {
+ syslog(LOG_ERR, "initgroups failed for user returned by PAM\n");
+ fprintf(stderr, "rlogind: internal error\n");
+ return -1;
+ }
+ retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS) {
+ syslog(LOG_ERR,"PAM authentication failed for in.rlogind");
+ return -1;
+ }
+
+ return 0;
+}
+
+#else /* not USE_PAM */
+
+/*
+ * Standard rlogin processing...
+ */
+
+#include <sys/socket.h> /* for ruserok() in libc5 (!) */
+#include <netdb.h> /* for ruserok() in glibc (!) */
+
+#include <unistd.h>
+
+#if defined(__GLIBC__) && (__GLIBC__ >= 2)
+#define _check_rhosts_file __check_rhosts_file
+#endif
+extern int _check_rhosts_file;
+
+
+void auth_checkoptions(void) {}
+void auth_finish(void) {}
+
+/*
+ * This function must either die, return -1 on authentication failure,
+ * or return 0 on authentication success. Dying is discouraged.
+ */
+int auth_checkauth(const char *remoteuser, const char *host,
+ char *localuser, size_t localusersize)
+{
+ struct passwd *pwd;
+
+ (void)localusersize;
+
+ pwd = getpwnam(localuser);
+ if (pwd == NULL) return -1;
+
+ /*
+ * The possibilities here are:
+ * user == root
+ * (1) .rhosts entry exists
+ * (2) hosts_equiv entry exists
+ * (3) neither .rhosts nor hosts_equiv entries exist
+ * user != root
+ * (4) .rhosts entry exists
+ * (5) hosts_equiv entry exists
+ * (6) neither .rhosts nor hosts_equiv entries exist
+ *
+ * ruserok() by itself will fail on (2), (3), and (6).
+ *
+ * Turning off use_rhosts will (or should) prevent (1) and (4).
+ * Leaving allow_root_rhosts off will prevent (1).
+ * Setting deny_all_rhosts_hequiv prevents all cases from succeeding.
+ */
+
+ if (deny_all_rhosts_hequiv) return -1;
+ if (!allow_root_rhosts && pwd->pw_uid == 0) return -1;
+
+ _check_rhosts_file = use_rhosts;
+
+ return ruserok(host, pwd->pw_uid==0, remoteuser, localuser);
+}
+
+#endif /* PAM */
Index: rlogind/sockconv.c
===================================================================
--- rlogind/sockconv.c (nonexistent)
+++ rlogind/sockconv.c (revision 5)
@@ -0,0 +1,156 @@
+/*
+ * A generic conversation function for text based applications
+ *
+ * Written by Andrew Morgan <morgan@physics.ucla.edu>
+ * modified for socket file descriptors by Erik Troan <ewt@redhat.com>
+ *
+ * $Log: sockconv.c,v $
+ * Revision 1.6 1999/10/02 21:50:52 dholland
+ * Various minor cleanup; straighten out (hopefully) the problems in
+ * rlogind/auth.c.
+ *
+ * Revision 1.5 1999/09/30 23:23:14 netbug
+ * added the TYPE(socklen_t) check to the MCONFIG.in files
+ * question? do I need to update the .cvsignore files to
+ * prevent CVS checking in configure scripts....
+ *
+ * Revision 1.4 1999/03/27 07:42:06 dholland
+ * PAM changes.
+ *
+ * Revision 1.3 1998/03/08 16:51:50 root
+ * grabbed the redhat pam patches and integrated most of it
+ * though I've decided to go with xstrdup as opposed to pam's x_strdup
+ *
+ * Revision 1.2 1997/06/08 19:57:22 dholland
+ * minor fix - don't define __USE_BSD if already defined.
+ *
+ * Revision 1.1 1997/04/06 00:32:37 dholland
+ * Initial revision
+ *
+ *
+ * From: misc_conv.c,v 1.2 1996/07/07 23:59:56 morgan Exp
+ *
+ * Revision 1.2 1996/07/07 23:59:56 morgan
+ * changed the name of the misc include file
+ *
+ * Revision 1.1 1996/05/02 05:17:06 morgan
+ * Initial revision
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef __USE_BSD
+#define __USE_BSD /* needed for prototype for getpass() */
+#endif
+#include <unistd.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+int sock_conv(int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr);
+
+#define INPUTSIZE PAM_MAX_MSG_SIZE
+
+#define CONV_ECHO_ON 1
+#define CONV_ECHO_OFF 0
+
+static char *read_string(int echo, const char *remark)
+{
+ char buffer[INPUTSIZE];
+ char *text;
+ int charsRead = 0;
+ char * nl = "\n\r";
+
+ fprintf(stderr,"%s",remark);
+
+ while (charsRead < (INPUTSIZE - 1)) {
+ read(0, &buffer[charsRead], 1);
+
+ if (buffer[charsRead] == '\r') {
+ write(1, nl, 2);
+ buffer[charsRead] = '\0';
+ break;
+ }
+
+ if (echo) {
+ write(1, &buffer[charsRead], 1);
+ }
+
+ charsRead++;
+ }
+
+ /* get some space for this text */
+ text = strdup(buffer);
+
+ return (text);
+}
+
+static void drop_reply(struct pam_response *reply, int replies)
+{
+ int i;
+
+ for (i=0; i<replies; ++i) {
+ _pam_overwrite(reply[i].resp); /* might be a password */
+ free(reply[i].resp);
+ }
+ if (reply)
+ free(reply);
+}
+
+int sock_conv(int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr)
+{
+ int replies=0;
+ struct pam_response *reply=NULL;
+ char *string=NULL; /* ...and all shall be INITIALISED */
+
+ /* skip gcc warning */
+ appdata_ptr = appdata_ptr;
+
+ reply = malloc(sizeof(struct pam_response) * num_msg);
+ if (!reply) return PAM_CONV_ERR;
+
+ for (replies=0; replies < num_msg; replies++) {
+ string = NULL;
+ switch (msgm[replies]->msg_style) {
+ case PAM_PROMPT_ECHO_OFF:
+ string = read_string(CONV_ECHO_OFF,msgm[replies]->msg);
+ if (string == NULL) {
+ drop_reply(reply,replies);
+ return (PAM_CONV_ERR);
+ }
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ string = read_string(CONV_ECHO_ON,msgm[replies]->msg);
+ if (string == NULL) {
+ drop_reply(reply,replies);
+ return (PAM_CONV_ERR);
+ }
+ break;
+ case PAM_ERROR_MSG:
+ fprintf(stderr,"%s\n",msgm[replies]->msg);
+ string = NULL;
+
+ break;
+ case PAM_TEXT_INFO:
+ fprintf(stderr,"%s\n",msgm[replies]->msg);
+ string = NULL;
+ break;
+ default:
+ fprintf(stderr, "erroneous conversation (%d)\n"
+ ,msgm[replies]->msg_style);
+ drop_reply(reply,replies);
+ return (PAM_CONV_ERR);
+ }
+
+ /* add string to list of responses */
+ reply[replies].resp_retcode = 0;
+ reply[replies].resp = string;
+
+ }
+
+ *response = reply;
+
+ return PAM_SUCCESS;
+}
Index: rlogind
===================================================================
--- rlogind (nonexistent)
+++ rlogind (revision 5)
Property changes on: rlogind
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: rsh/rsh.c
===================================================================
--- rsh/rsh.c (nonexistent)
+++ rsh/rsh.c (revision 5)
@@ -0,0 +1,343 @@
+/*-
+ * Copyright (c) 1983, 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+char copyright[] =
+ "@(#) Copyright (c) 1983, 1990 The Regents of the University of California.\n"
+ "All rights reserved.\n";
+
+/*
+ * From: @(#)rsh.c 5.24 (Berkeley) 7/1/91
+ */
+char rcsid[] = "$Id: rsh.c,v 1.13 2000/07/23 04:16:24 dholland Exp $";
+#include "../version.h"
+
+#include <sys/types.h>
+#include <signal.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/file.h>
+#include <sys/time.h>
+
+#include <netinet/in.h>
+#include <netdb.h>
+
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+#include "pathnames.h"
+
+/*
+ * rsh - remote shell
+ */
+static int rfd2;
+static char *copyargs(char **);
+static void sendsig(int);
+static void talk(int nflag, long omask, int pid, int rem);
+static void usage(void);
+
+int
+main(int argc, char *argv[])
+{
+ struct passwd *pw;
+ struct servent *sp;
+ long omask;
+ int argoff, asrsh, ch, dflag, nflag, one, pid=0, rem, uid;
+ char *p;
+ char *args, *host, *user;
+ char *null = NULL;
+ char **saved_environ;
+
+ saved_environ = __environ;
+ __environ = &null;
+
+ argoff = asrsh = dflag = nflag = 0;
+ one = 1;
+ host = user = NULL;
+
+ /* if called as something other than "rsh", use it as the host name */
+ p = strrchr(argv[0], '/');
+ if (p) p++;
+ else p = argv[0];
+
+ if (!strcmp(p, "rsh")) asrsh = 1;
+ else host = p;
+
+ /* handle "rsh host flags" */
+ if (!host && argc > 2 && argv[1][0] != '-') {
+ host = argv[1];
+ argoff = 1;
+ }
+
+#define OPTIONS "+8KLdel:nw"
+ while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
+ switch(ch) {
+ case 'K':
+ break;
+ case 'L': /* -8Lew are ignored to allow rlogin aliases */
+ case 'e':
+ case 'w':
+ case '8':
+ break;
+ case 'd':
+ dflag = 1;
+ break;
+ case 'l':
+ user = optarg;
+ break;
+ case 'n':
+ nflag = 1;
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ optind += argoff;
+
+ /* if haven't gotten a host yet, do so */
+ if (!host && !(host = argv[optind++]))
+ usage();
+
+ /* if no further arguments, must have been called as rlogin. */
+ if (!argv[optind]) {
+ if (setuid(getuid())) {
+ fprintf(stderr, "rsh: setuid: %s\n", strerror(errno));
+ exit(1);
+ }
+ if (asrsh) argv[0] = (char *)"rlogin";
+ execve(_PATH_RLOGIN, argv, saved_environ);
+ fprintf(stderr, "rsh: can't exec %s.\n", _PATH_RLOGIN);
+ exit(1);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (!(pw = getpwuid(uid = getuid()))) {
+ fprintf(stderr, "rsh: unknown user id.\n");
+ exit(1);
+ }
+ if (!user)
+ user = pw->pw_name;
+
+
+ args = copyargs(argv);
+
+ sp = NULL;
+ if (sp == NULL)
+ sp = getservbyname("shell", "tcp");
+ if (sp == NULL) {
+ fprintf(stderr, "rsh: shell/tcp: unknown service.\n");
+ exit(1);
+ }
+
+ rem = rcmd(&host, sp->s_port, pw->pw_name, user, args, &rfd2);
+
+ if (rem < 0)
+ exit(1);
+
+ if (rfd2 < 0) {
+ fprintf(stderr, "rsh: can't establish stderr.\n");
+ exit(1);
+ }
+
+ if (setuid(uid)) {
+ fprintf(stderr, "rsh: setuid: %s\n", strerror(errno));
+ exit(1);
+ }
+
+ if (dflag) {
+ if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, &one,
+ sizeof(one)) < 0)
+ fprintf(stderr, "rsh: setsockopt: %s.\n",
+ strerror(errno));
+ if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, &one,
+ sizeof(one)) < 0)
+ fprintf(stderr, "rsh: setsockopt: %s.\n",
+ strerror(errno));
+ }
+
+ omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGTERM));
+ if (signal(SIGINT, SIG_IGN) != SIG_IGN)
+ signal(SIGINT, sendsig);
+ if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
+ signal(SIGQUIT, sendsig);
+ if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
+ signal(SIGTERM, sendsig);
+
+ if (!nflag) {
+ pid = fork();
+ if (pid < 0) {
+ fprintf(stderr,
+ "rsh: fork: %s.\n", strerror(errno));
+ exit(1);
+ }
+ }
+
+ {
+ ioctl(rfd2, FIONBIO, &one);
+ ioctl(rem, FIONBIO, &one);
+ }
+
+ talk(nflag, omask, pid, rem);
+
+ if (!nflag)
+ kill(pid, SIGKILL);
+ exit(0);
+}
+
+static void
+talk(int nflag, long omask, int pid, int rem)
+{
+ register int cc, wc;
+ register char *bp;
+ fd_set readfrom, rembits;
+ int rfd2_ok, rem_ok;
+ char buf[BUFSIZ];
+
+ FD_ZERO(&rembits);
+
+ if (!nflag && pid == 0) {
+ close(rfd2);
+
+reread: errno = 0;
+ if ((cc = read(0, buf, sizeof buf)) <= 0)
+ goto done;
+ bp = buf;
+
+rewrite: FD_ZERO(&rembits);
+ FD_SET(rem, &rembits);
+ if (select(rem+1, 0, &rembits, 0, 0) < 0) {
+ if (errno != EINTR) {
+ fprintf(stderr,
+ "rsh: select: %s.\n", strerror(errno));
+ exit(1);
+ }
+ goto rewrite;
+ }
+ if (! FD_ISSET(rem, &rembits)) {
+ goto rewrite;
+ }
+ wc = write(rem, bp, cc);
+ if (wc < 0) {
+ if (errno == EWOULDBLOCK)
+ goto rewrite;
+ goto done;
+ }
+ bp += wc;
+ cc -= wc;
+ if (cc == 0)
+ goto reread;
+ goto rewrite;
+done:
+ shutdown(rem, 1);
+ exit(0);
+ }
+
+ rfd2_ok = rem_ok = 1;
+ sigsetmask(omask);
+ while (rfd2_ok || rem_ok) {
+ FD_ZERO(&readfrom);
+ if (rfd2_ok)
+ FD_SET(rfd2, &readfrom);
+ if (rem_ok)
+ FD_SET(rem, &readfrom);
+ if (select(rfd2 > rem ? rfd2+1 : rem+1,
+ &readfrom, 0, 0, 0) < 0) {
+ if (errno != EINTR) {
+ fprintf(stderr,
+ "rsh: select: %s.\n", strerror(errno));
+ exit(1);
+ }
+ continue;
+ }
+ if (FD_ISSET(rfd2, &readfrom)) {
+ errno = 0;
+ cc = read(rfd2, buf, sizeof buf);
+ if (cc > 0)
+ write(2, buf, cc);
+ else if (cc == 0 || errno != EWOULDBLOCK)
+ rfd2_ok = 0;
+ }
+ if (FD_ISSET(rem, &readfrom)) {
+ errno = 0;
+ cc = read(rem, buf, sizeof buf);
+ if (cc > 0)
+ write(1, buf, cc);
+ else if (cc == 0 || errno != EWOULDBLOCK)
+ rem_ok = 0;
+ }
+ }
+}
+
+void
+sendsig(int signo)
+{
+ char x = (char) signo;
+ write(rfd2, &x, 1);
+}
+
+char *
+copyargs(char **argv)
+{
+ int cc;
+ char **ap, *p;
+ char *args;
+
+ cc = 0;
+ for (ap = argv; *ap; ++ap)
+ cc += strlen(*ap) + 1;
+ args = malloc(cc);
+ if (!args) {
+ fprintf(stderr, "rsh: %s.\n", strerror(ENOMEM));
+ exit(1);
+ }
+ for (p = args, ap = argv; *ap; ++ap) {
+ /*strcpy(p, *ap);*/
+ for (p = strcpy(p, *ap); *p; ++p);
+ if (ap[1])
+ *p++ = ' ';
+ }
+ return(args);
+}
+
+void
+usage(void)
+{
+ fprintf(stderr,
+ "usage: rsh [-nd%s]%s[-l login] host [command]\n",
+ "", " ");
+ exit(1);
+}
Index: rsh
===================================================================
--- rsh (nonexistent)
+++ rsh (revision 5)
Property changes on: rsh
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: rshd/rshd.c
===================================================================
--- rshd/rshd.c (nonexistent)
+++ rshd/rshd.c (revision 5)
@@ -0,0 +1,634 @@
+/*-
+ * Copyright (c) 1988, 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * PAM modifications by Michael K. Johnson <johnsonm@redhat.com>
+ */
+
+char copyright[] =
+ "@(#) Copyright (c) 1988, 1989 The Regents of the University of California.\n"
+ "All rights reserved.\n";
+
+/*
+ * From: @(#)rshd.c 5.38 (Berkeley) 3/2/91
+ */
+char rcsid[] =
+ "$Id: rshd.c,v 1.25 2000/07/23 04:16:24 dholland Exp $";
+#include "../version.h"
+
+/*
+ * remote shell server:
+ * [port]\0
+ * remuser\0
+ * locuser\0
+ * command\0
+ * data
+ */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/time.h>
+#include <fcntl.h>
+#include <signal.h>
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <pwd.h>
+#include <grp.h>
+#include <syslog.h>
+#include <resolv.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h> /* for vsnprintf */
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <assert.h>
+
+#if defined(__GLIBC__) && (__GLIBC__ >= 2)
+#define _check_rhosts_file __check_rhosts_file
+#endif
+
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+static pam_handle_t *pamh;
+#endif /* USE_PAM */
+
+#define OPTIONS "ahlLn"
+
+static int keepalive = 1;
+static int check_all = 0;
+static int paranoid = 0;
+static int sent_null;
+static int allow_root_rhosts=0;
+
+char username[20] = "USER=";
+char homedir[64] = "HOME=";
+char shell[64] = "SHELL=";
+char path[100] = "PATH=";
+char *envinit[] =
+ {homedir, shell, path, username, 0};
+extern char **environ;
+
+static void error(const char *fmt, ...);
+static void doit(struct sockaddr_in *fromp);
+static void getstr(char *buf, int cnt, const char *err);
+
+extern int _check_rhosts_file;
+
+/*
+ * Report error to client.
+ * Note: can't be used until second socket has connected
+ * to client, or older clients will hang waiting
+ * for that connection first.
+ */
+static void
+error(const char *fmt, ...) {
+ va_list ap;
+ char buf[BUFSIZ], *bp = buf;
+
+ if (sent_null == 0) *bp++ = 1;
+ va_start(ap, fmt);
+ vsnprintf(bp, sizeof(buf)-1, fmt, ap);
+ va_end(ap);
+ write(2, buf, strlen(buf));
+}
+
+static void fail(const char *errorstr,
+ const char *remuser, const char *hostname,
+ const char *locuser,
+ const char *cmdbuf)
+{
+ /* log the (failed) rsh request */
+ syslog(LOG_INFO|LOG_AUTH, "rsh denied to %s@%s as %s: %s",
+ remuser, hostname, locuser, errorstr);
+ if (paranoid) {
+ syslog(LOG_INFO|LOG_AUTH, "rsh command was '%s'", cmdbuf);
+ }
+ error(errorstr, hostname);
+ exit(1);
+}
+
+static void getstr(char *buf, int cnt, const char *err) {
+ char c;
+ do {
+ if (read(0, &c, 1) != 1) exit(1);
+ *buf++ = c;
+ if (--cnt == 0) {
+ error("%s too long\n", err);
+ exit(1);
+ }
+ } while (c != 0);
+}
+
+static int getint(void) {
+ int port = 0;
+ char c;
+ do {
+ if (read(0, &c, 1) != 1) exit(1);
+ if (isascii(c) && isdigit(c)) port = port*10 + c-'0';
+ } while (c != 0);
+ return port;
+}
+
+static void stderr_parent(int sock, int pype, int pid) {
+ fd_set ready, readfrom;
+ char buf[BUFSIZ], sig;
+ int one = 1;
+ int nfd, cc, guys=2;
+
+ ioctl(pype, FIONBIO, (char *)&one);
+ /* should set s nbio! */
+
+ FD_ZERO(&readfrom);
+ FD_SET(sock, &readfrom);
+ FD_SET(pype, &readfrom);
+ if (pype > sock) nfd = pype+1;
+ else nfd = sock+1;
+
+ while (guys > 0) {
+ ready = readfrom;
+ if (select(nfd, &ready, NULL, NULL, NULL) < 0) {
+ if (errno != EINTR) {
+ break;
+ }
+ continue;
+ }
+ if (FD_ISSET(sock, &ready)) {
+ cc = read(sock, &sig, 1);
+ if (cc <= 0) {
+ FD_CLR(sock, &readfrom);
+ guys--;
+ }
+ else killpg(pid, sig);
+ }
+ if (FD_ISSET(pype, &ready)) {
+ cc = read(pype, buf, sizeof(buf));
+ if (cc <= 0) {
+ shutdown(sock, 2);
+ FD_CLR(pype, &readfrom);
+ guys--;
+ }
+ else write(sock, buf, cc);
+ }
+ }
+
+#ifdef USE_PAM
+ /*
+ * This does not strike me as the right place for this; this is
+ * in a child process... what does this need to accomplish?
+ *
+ * No, it's not the child process, the code is just confusing.
+ */
+ pam_close_session(pamh, 0);
+ pam_end(pamh, PAM_SUCCESS);
+#endif
+ exit(0);
+}
+
+
+static struct passwd *doauth(const char *remuser,
+ const char *hostname,
+ const char *locuser)
+{
+#ifdef USE_PAM
+ static struct pam_conv conv = { misc_conv, NULL };
+ int retcode;
+#endif
+ struct passwd *pwd = getpwnam(locuser);
+ if (pwd == NULL) return NULL;
+ if (pwd->pw_uid==0) paranoid = 1;
+
+#ifdef USE_PAM
+ retcode = pam_start("rsh", locuser, &conv, &pamh);
+ if (retcode != PAM_SUCCESS) {
+ syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retcode));
+ exit (1);
+ }
+ pam_set_item (pamh, PAM_RUSER, remuser);
+ pam_set_item (pamh, PAM_RHOST, hostname);
+ pam_set_item (pamh, PAM_TTY, "tty");
+
+ retcode = pam_authenticate(pamh, 0);
+ if (retcode == PAM_SUCCESS) {
+ retcode = pam_acct_mgmt(pamh, 0);
+ }
+ if (retcode == PAM_SUCCESS) {
+ /*
+ * Why do we need to set groups here?
+ * Also, this stuff should be moved down near where the setuid() is.
+ */
+ if (setgid(pwd->pw_gid) != 0) {
+ pam_end(pamh, PAM_SYSTEM_ERR);
+ return NULL;
+ }
+ if (initgroups(locuser, pwd->pw_gid) != 0) {
+ pam_end(pamh, PAM_SYSTEM_ERR);
+ return NULL;
+ }
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ }
+
+ if (retcode == PAM_SUCCESS) {
+ retcode = pam_open_session(pamh,0);
+ }
+ if (retcode != PAM_SUCCESS) {
+ pam_end(pamh, retcode);
+ return NULL;
+ }
+ return pwd;
+#else
+ if (pwd->pw_uid==0 && !allow_root_rhosts) return NULL;
+ if (ruserok(hostname, pwd->pw_uid==0, remuser, locuser) < 0) {
+ return NULL;
+ }
+ return pwd;
+#endif
+}
+
+static const char *findhostname(struct sockaddr_in *fromp,
+ const char *remuser, const char *locuser,
+ const char *cmdbuf)
+{
+ struct hostent *hp;
+ const char *hostname;
+
+ hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr),
+ fromp->sin_family);
+
+ errno = ENOMEM; /* malloc (thus strdup) may not set it */
+ if (hp) hostname = strdup(hp->h_name);
+ else hostname = strdup(inet_ntoa(fromp->sin_addr));
+
+ if (hostname==NULL) {
+ /* out of memory? */
+ error("strdup: %s\n", strerror(errno));
+ exit(1);
+ }
+
+ /*
+ * Attempt to confirm the DNS.
+ */
+#ifdef RES_DNSRCH
+ _res.options &= ~RES_DNSRCH;
+#endif
+ hp = gethostbyname(hostname);
+ if (hp == NULL) {
+ syslog(LOG_INFO, "Couldn't look up address for %s", hostname);
+ fail("Couldn't get address for your host (%s)\n",
+ remuser, inet_ntoa(fromp->sin_addr), locuser, cmdbuf);
+ }
+ while (hp->h_addr_list[0] != NULL) {
+ if (!memcmp(hp->h_addr_list[0], &fromp->sin_addr,
+ sizeof(fromp->sin_addr))) {
+ return hostname;
+ }
+ hp->h_addr_list++;
+ }
+ syslog(LOG_NOTICE, "Host addr %s not listed for host %s",
+ inet_ntoa(fromp->sin_addr), hp->h_name);
+ fail("Host address mismatch for %s\n",
+ remuser, inet_ntoa(fromp->sin_addr), locuser, cmdbuf);
+ return NULL; /* not reachable */
+}
+
+static void
+doit(struct sockaddr_in *fromp)
+{
+ char *cmdbuf;
+ long cmdbuflen;
+ const char *theshell, *shellname;
+ char locuser[16], remuser[16];
+ struct passwd *pwd;
+ int sock = -1;
+ const char *hostname;
+ u_short port;
+ int pv[2], pid, ifd;
+
+ cmdbuflen = sysconf (_SC_ARG_MAX);
+ if (!(cmdbuflen > 0)) {
+ syslog (LOG_ERR, "sysconf (_SC_ARG_MAX) failed");
+ exit (1);
+ }
+
+ cmdbuf = malloc (++cmdbuflen);
+ if (cmdbuf == NULL) {
+ syslog (LOG_ERR, "Could not allocate space for cmdbuf");
+ exit (1);
+ }
+
+ signal(SIGINT, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+
+ alarm(60);
+ port = getint();
+ alarm(0);
+
+ if (port != 0) {
+ int lport = IPPORT_RESERVED - 1;
+ sock = rresvport(&lport);
+ if (sock < 0) {
+ syslog(LOG_ERR, "can't get stderr port: %m");
+ exit(1);
+ }
+ if (port >= IPPORT_RESERVED) {
+ syslog(LOG_ERR, "2nd port not reserved\n");
+ exit(1);
+ }
+ fromp->sin_port = htons(port);
+ if (connect(sock, (struct sockaddr *)fromp,
+ sizeof(*fromp)) < 0) {
+ syslog(LOG_INFO, "connect second port: %m");
+ exit(1);
+ }
+ }
+
+#if 0
+ /* We're running from inetd; socket is already on 0, 1, 2 */
+ dup2(f, 0);
+ dup2(f, 1);
+ dup2(f, 2);
+#endif
+
+ getstr(remuser, sizeof(remuser), "remuser");
+ getstr(locuser, sizeof(locuser), "locuser");
+ getstr(cmdbuf, sizeof(cmdbuf), "command");
+ if (!strcmp(locuser, "root")) paranoid = 1;
+
+ hostname = findhostname(fromp, remuser, locuser, cmdbuf);
+
+ setpwent();
+ pwd = doauth(remuser, hostname, locuser);
+ if (pwd == NULL) {
+ fail("Permission denied.\n",
+ remuser, hostname, locuser, cmdbuf);
+ }
+
+ if (chdir(pwd->pw_dir) < 0) {
+ chdir("/");
+ /*
+ * error("No remote directory.\n");
+ * exit(1);
+ */
+ }
+
+
+ if (pwd->pw_uid != 0 && !access(_PATH_NOLOGIN, F_OK)) {
+ error("Logins currently disabled.\n");
+ exit(1);
+ }
+
+ (void) write(2, "\0", 1);
+ sent_null = 1;
+
+ if (port) {
+ if (pipe(pv) < 0) {
+ error("Can't make pipe.\n");
+ exit(1);
+ }
+ pid = fork();
+ if (pid == -1) {
+ error("Can't fork; try again.\n");
+ exit(1);
+ }
+ if (pid) {
+ close(0);
+ close(1);
+ close(2);
+ close(pv[1]);
+ stderr_parent(sock, pv[0], pid);
+ /* NOTREACHED */
+ }
+ setpgrp();
+ close(sock);
+ close(pv[0]);
+ dup2(pv[1], 2);
+ close(pv[1]);
+ }
+ theshell = pwd->pw_shell;
+ if (!theshell || !*theshell) {
+ /* shouldn't we deny access? */
+ theshell = _PATH_BSHELL;
+ }
+
+#if BSD > 43
+ if (setlogin(pwd->pw_name) < 0) {
+ syslog(LOG_ERR, "setlogin() failed: %m");
+ }
+#endif
+#ifndef USE_PAM
+ /* if PAM, already done */
+ if (setgid(pwd->pw_gid)) {
+ syslog(LOG_ERR, "setgid: %m");
+ exit(1);
+ }
+ if (initgroups(pwd->pw_name, pwd->pw_gid)) {
+ syslog(LOG_ERR, "initgroups: %m");
+ exit(1);
+ }
+#endif
+ if (setuid(pwd->pw_uid)) {
+ syslog(LOG_ERR, "setuid: %m");
+ exit(1);
+ }
+ environ = envinit;
+
+ strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
+ homedir[sizeof(homedir)-1] = 0;
+
+ strcat(path, _PATH_DEFPATH);
+
+ strncat(shell, theshell, sizeof(shell)-7);
+ shell[sizeof(shell)-1] = 0;
+
+ strncat(username, pwd->pw_name, sizeof(username)-6);
+ username[sizeof(username)-1] = 0;
+
+ shellname = strrchr(theshell, '/');
+ if (shellname) shellname++;
+ else shellname = theshell;
+
+ endpwent();
+ if (paranoid) {
+ syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%s'",
+ remuser, hostname, locuser, cmdbuf);
+ }
+
+ /*
+ * Close all fds, in case libc has left fun stuff like
+ * /etc/shadow open.
+ */
+ for (ifd = getdtablesize()-1; ifd > 2; ifd--) close(ifd);
+
+ execl(theshell, shellname, "-c", cmdbuf, 0);
+ perror(theshell);
+ exit(1);
+}
+
+static void network_init(int fd, struct sockaddr_in *fromp)
+{
+ struct linger linger;
+ socklen_t fromlen;
+ int on=1;
+ int port;
+
+ fromlen = sizeof(*fromp);
+ if (getpeername(fd, (struct sockaddr *) fromp, &fromlen) < 0) {
+ syslog(LOG_ERR, "getpeername: %m");
+ _exit(1);
+ }
+ if (keepalive &&
+ setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
+ sizeof(on)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+ linger.l_onoff = 1;
+ linger.l_linger = 60; /* XXX */
+ if (setsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&linger,
+ sizeof (linger)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
+
+ if (fromp->sin_family != AF_INET) {
+ syslog(LOG_ERR, "malformed \"from\" address (af %d)\n",
+ fromp->sin_family);
+ exit(1);
+ }
+#ifdef IP_OPTIONS
+ {
+ u_char optbuf[BUFSIZ/3], *cp;
+ char lbuf[BUFSIZ+1], *lp;
+ socklen_t optsize = sizeof(optbuf);
+ int ipproto;
+ struct protoent *ip;
+
+ if ((ip = getprotobyname("ip")) != NULL)
+ ipproto = ip->p_proto;
+ else
+ ipproto = IPPROTO_IP;
+ if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) &&
+ optsize != 0) {
+ lp = lbuf;
+
+ /*
+ * If these are true, this will not run off the end of lbuf[].
+ */
+ assert(optsize <= BUFSIZ/3);
+ assert(3*optsize <= BUFSIZ);
+ for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
+ snprintf(lp, 4, " %2.2x", *cp);
+
+ syslog(LOG_NOTICE,
+ "Connection received from %s using IP options"
+ " (ignored): %s",
+ inet_ntoa(fromp->sin_addr), lbuf);
+
+ if (setsockopt(0, ipproto, IP_OPTIONS, NULL, optsize) != 0) {
+ syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
+ exit(1);
+ }
+ }
+ }
+#endif
+
+ /*
+ * Check originating port for validity.
+ */
+ port = ntohs(fromp->sin_port);
+ if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) {
+ syslog(LOG_NOTICE|LOG_AUTH, "Connection from %s on illegal port",
+ inet_ntoa(fromp->sin_addr));
+ exit(1);
+ }
+}
+
+int
+main(int argc, char *argv[])
+{
+ int ch;
+ struct sockaddr_in from;
+ _check_rhosts_file=1;
+
+ openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
+
+ opterr = 0;
+ while ((ch = getopt(argc, argv, OPTIONS)) != EOF) {
+ switch (ch) {
+ case 'a':
+ check_all = 1;
+ break;
+
+ case 'h':
+ allow_root_rhosts = 1;
+ break;
+
+ case 'l':
+ _check_rhosts_file = 0;
+ break;
+
+ case 'n':
+ keepalive = 0;
+ break;
+
+ case 'L':
+ paranoid = 1;
+ break;
+
+ case '?':
+ default:
+ syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS);
+ exit(2);
+ }
+ }
+ argc -= optind;
+ argv += optind;
+
+#ifdef USE_PAM
+ if (_check_rhosts_file == 0 || allow_root_rhosts)
+ syslog(LOG_ERR, "-l and -h functionality has been moved to "
+ "pam_rhosts_auth in /etc/pam.conf");
+#endif /* USE_PAM */
+
+ network_init(0, &from);
+ doit(&from);
+ return 0;
+}
+
+
+
+
Index: rshd
===================================================================
--- rshd (nonexistent)
+++ rshd (revision 5)
Property changes on: rshd
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: .
===================================================================
--- . (nonexistent)
+++ . (revision 5)
Property changes on: .
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Radix cross Linux
The main Radix cross Linux repository contains the build scripts of packages, which have the most complete and common functionality for desktop machines
452 Commits
2 Branches
1 Tag