src - FreeBSD source tree

diff options


context:
space:
mode:

author	Mark Murray <markm@FreeBSD.org>	2002-06-26 17:09:08 +0000
committer	Mark Murray <markm@FreeBSD.org>	2002-06-26 17:09:08 +0000
commit	64813070306382d32446d1c1b16e0d3f58e60c4c (patch)
tree	e66d8c08c92f6a6cac068639316f85421fb2d4d2 /libexec/rshd
parent	78455da4abbb4d11e3c17b613ebbe1bb27cb9038 (diff)
download	src-64813070306382d32446d1c1b16e0d3f58e60c4c.tar.gz src-64813070306382d32446d1c1b16e0d3f58e60c4c.zip

Gut out (by default unused) cruft, and tidy up warnings.

Notes

Notes: svn path=/head/; revision=98885

Diffstat (limited to 'libexec/rshd')

-rw-r--r--

libexec/rshd/Makefile

-rw-r--r--

libexec/rshd/rshd.8

-rw-r--r--

libexec/rshd/rshd.c

162

3 files changed, 22 insertions, 170 deletions

diff --git a/libexec/rshd/Makefile b/libexec/rshd/Makefile
index 4b9091c1920a..9e9d20e42ae5 100644
--- a/libexec/rshd/Makefile
+++ b/libexec/rshd/Makefile

@@ -5,19 +5,12 @@ PROG= rshd

SRCS= rshd.c

MAN= rshd.8

-#CFLAGS+= -DCRYPT

WFORMAT=0

DPADD+= ${LIBUTIL}

LDADD+= -lutil

-.if !defined(NOPAM)

-CFLAGS+= -DUSE_PAM

-DPADD+= ${LIBPAM}

-LDADD+= ${MINUSLPAM}

-.endif

-# IPv6 support

-CFLAGS+= -DINET6

+DPADD+= ${LIBUTIL} ${LIBPAM}

+LDADD+= -lutil ${MINUSLPAM}

.include <bsd.prog.mk>

diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8
index 81eac4fc3165..76db9e9ad9c7 100644
--- a/libexec/rshd/rshd.8
+++ b/libexec/rshd/rshd.8

@@ -127,20 +127,6 @@ from doing any validation based on the user's

file,

unless the user is the superuser.

.It

-If the file

-.Pa /var/run/nologin

-exists and the user is not the superuser,

-the connection is closed.

-The name of the nologin file may be overridden

-using the nologin capability in

-.Pa /etc/login.conf

-according to the local user's login class,

-which may also be used to restrict

-.Xr rsh 1

-access by

-login time (times.allow and times.deny capabilities)

-and remote host (hosts.allow and hosts.deny capabilities).

-.It

.Tn NUL

byte is returned on the initial socket

@@ -229,7 +215,6 @@ and is not preceded by a flag byte.

.Xr hosts 5 ,

.Xr hosts.equiv 5 ,

.Xr login.conf 5 ,

-.Xr nologin 5 ,

.Xr services 5 ,

.Xr named 8 ,

.Xr rlogind 8 ,

@@ -240,12 +225,10 @@ and is not preceded by a flag byte.

.It Pa /etc/hosts.equiv

.It Pa /etc/login.conf

.It Ev $HOME Ns Pa /.rhosts

-.It Pa /var/run/nologin

.Pp

.It Pa /etc/pam.conf

-If

.Nm

-is configured with PAM support, it uses

+uses

.Pa /etc/pam.conf

entries with service name

.Dq rsh .

diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index b6665ea1dfed..7fa68f1699cb 100644
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c

@@ -48,10 +48,11 @@ static const char copyright[] =

#if 0

static const char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94";

#endif

-static const char rcsid[] =

- "$FreeBSD$";

#endif /* not lint */

+#include <sys/cdefs.h>

+__FBSDID("$FreeBSD$");

* remote shell server:

* [port]\0

@@ -108,9 +109,6 @@ int keepalive = 1;

int log_success; /* If TRUE, log all successful accesses */

int sent_null;

int no_delay;

-#ifdef CRYPT

-int doencrypt = 0;

-#endif

void doit(struct sockaddr *);

static void rshd_errx(int, const char *, ...) __printf0like(2, 3);

@@ -119,6 +117,9 @@ int local_domain(char *);

char *topdomain(char *);

void usage(void);

+char slash[] = "/";

+char bshell[] = _PATH_BSHELL;

#define OPTIONS "alnDL"

int

@@ -143,11 +144,6 @@ main(int argc, char *argv[])

case 'n':

keepalive = 0;

break;

-#ifdef CRYPT

- case 'x':

- doencrypt = 1;

- break;

-#endif

case 'D':

no_delay = 1;

break;

@@ -163,13 +159,6 @@ main(int argc, char *argv[])

argc -= optind;

argv += optind;

-#ifdef CRYPT

- if (doencrypt) {

- syslog(LOG_ERR, "-k is required for -x");

- exit(2);

- }

-#endif

fromlen = sizeof (from);

if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {

syslog(LOG_ERR, "getpeername: %m");

@@ -208,11 +197,7 @@ doit(struct sockaddr *fromp)

char cmdbuf[NCARGS+1], luser[16], ruser[16];

char rhost[2 * MAXHOSTNAMELEN + 1];

char numericname[INET6_ADDRSTRLEN];

- int af, error, srcport;

-#ifdef CRYPT

- int rc;

- int pv1[2], pv2[2];

-#endif

+ int af, srcport;

login_cap_t *lc;

(void) signal(SIGINT, SIG_DFL);

@@ -223,11 +208,9 @@ doit(struct sockaddr *fromp)

if (af == AF_INET) {

inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr,

numericname, sizeof numericname);

-#ifdef INET6

} else if (af == AF_INET6) {

inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr,

numericname, sizeof numericname);

-#endif

} else {

syslog(LOG_ERR, "malformed \"from\" address (af %d)", af);

exit(1);

@@ -314,23 +297,6 @@ doit(struct sockaddr *fromp)

rhost[sizeof(rhost) - 1] = '\0';

/* XXX truncation! */

-#ifdef CRYPT

- if (doencrypt && af == AF_INET) {

- struct sockaddr_in local_addr;

- rc = sizeof(local_addr);

- if (getsockname(0, (struct sockaddr *)&local_addr,

- &rc) < 0) {

- syslog(LOG_ERR, "getsockname: %m");

- rshd_errx(1, "rlogind: getsockname: %m"); /* XXX */

- }

- authopts = KOPT_DO_MUTUAL;

- rc = krb_recvauth(authopts, 0, ticket,

- "rcmd", instance, &fromaddr,

- &local_addr, kdata, "", schedule,

- version);

- des_set_key(&kdata->session, schedule);

- }

-#endif

(void) alarm(60);

getstr(ruser, sizeof(ruser), "ruser");

getstr(luser, sizeof(luser), "luser");

@@ -390,7 +356,7 @@ doit(struct sockaddr *fromp)

ruser, rhost, luser, cmdbuf);

rshd_errx(0, "No remote home directory.");

}

- pwd->pw_dir = "/";

+ pwd->pw_dir = slash;

}

if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/

@@ -433,32 +399,12 @@ doit(struct sockaddr *fromp)

if (port) {

if (pipe(pv) < 0)

rshd_errx(1, "Can't make pipe.");

-#ifdef CRYPT

- if (doencrypt) {

- if (pipe(pv1) < 0)

- rshd_errx(1, "Can't make 2nd pipe.");

- if (pipe(pv2) < 0)

- rshd_errx(1, "Can't make 3rd pipe.");

- }

-#endif

pid = fork();

if (pid == -1)

rshd_errx(1, "Can't fork; try again.");

if (pid) {

-#ifdef CRYPT

- if (doencrypt) {

- static char msg[] = SECURE_MESSAGE;

- (void) close(pv1[1]);

- (void) close(pv2[1]);

- des_enc_write(s, msg, sizeof(msg) - 1,

- schedule, &kdata->session);

- } else

-#endif

- {

- (void) close(0);

- (void) close(1);

- }

+ (void) close(0);

+ (void) close(1);

(void) close(2);

(void) close(pv[1]);

@@ -469,47 +415,22 @@ doit(struct sockaddr *fromp)

nfd = pv[0];

else

nfd = s;

-#ifdef CRYPT

- if (doencrypt) {

- FD_ZERO(&writeto);

- FD_SET(pv2[0], &writeto);

- FD_SET(pv1[0], &readfrom);

- nfd = MAX(nfd, pv2[0]);

- nfd = MAX(nfd, pv1[0]);

- } else

-#endif

ioctl(pv[0], FIONBIO, (char *)&one);

/* should set s nbio! */

nfd++;

do {

ready = readfrom;

-#ifdef CRYPT

- if (doencrypt) {

- wready = writeto;

- if (select(nfd, &ready,

- &wready, (fd_set *) 0,

- (struct timeval *) 0) < 0)

- break;

- } else

-#endif

- if (select(nfd, &ready, (fd_set *)0,

- (fd_set *)0, (struct timeval *)0) < 0)

- break;

+ if (select(nfd, &ready, (fd_set *)0,

+ (fd_set *)0, (struct timeval *)0) < 0)

+ break;

if (FD_ISSET(s, &ready)) {

int ret;

-#ifdef CRYPT

- if (doencrypt)

- ret = des_enc_read(s, &sig, 1,

- schedule, &kdata->session);

- else

-#endif

ret = read(s, &sig, 1);

- if (ret <= 0)

- FD_CLR(s, &readfrom);

- else

- killpg(pid, sig);

+ if (ret <= 0)

+ FD_CLR(s, &readfrom);

+ else

+ killpg(pid, sig);

}

if (FD_ISSET(pv[0], &ready)) {

errno = 0;

@@ -518,62 +439,17 @@ doit(struct sockaddr *fromp)

shutdown(s, 1+1);

FD_CLR(pv[0], &readfrom);

} else {

-#ifdef CRYPT

- if (doencrypt)

- (void)

- des_enc_write(s, buf, cc,

- schedule, &kdata->session);

- else

-#endif

- (void)

- write(s, buf, cc);

+ (void)write(s, buf, cc);

}

-#ifdef CRYPT

- if (doencrypt && FD_ISSET(pv1[0], &ready)) {

- errno = 0;

- cc = read(pv1[0], buf, sizeof(buf));

- if (cc <= 0) {

- shutdown(pv1[0], 1+1);

- FD_CLR(pv1[0], &readfrom);

- } else

- (void) des_enc_write(STDOUT_FILENO,

- buf, cc,

- schedule, &kdata->session);

- }

- if (doencrypt && FD_ISSET(pv2[0], &wready)) {

- errno = 0;

- cc = des_enc_read(STDIN_FILENO,

- buf, sizeof(buf),

- schedule, &kdata->session);

- if (cc <= 0) {

- shutdown(pv2[0], 1+1);

- FD_CLR(pv2[0], &writeto);

- } else

- (void) write(pv2[0], buf, cc);

- }

-#endif

} while (FD_ISSET(s, &readfrom) ||

-#ifdef CRYPT

- (doencrypt && FD_ISSET(pv1[0], &readfrom)) ||

-#endif

FD_ISSET(pv[0], &readfrom));

PAM_END;

exit(0);

}

(void) close(s);

(void) close(pv[0]);

-#ifdef CRYPT

- if (doencrypt) {

- close(pv1[0]); close(pv2[0]);

- dup2(pv1[1], 1);

- dup2(pv2[1], 0);

- close(pv1[1]);

- close(pv2[1]);

- }

-#endif

dup2(pv[1], 2);

close(pv[1]);

}

@@ -598,7 +474,7 @@ doit(struct sockaddr *fromp)

syslog(LOG_ERR, "setlogin() failed: %m");

if (*pwd->pw_shell == '\0')

- pwd->pw_shell = _PATH_BSHELL;

+ pwd->pw_shell = bshell;

(void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1);

(void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1);

(void) pam_setenv(pamh, "USER", pwd->pw_name, 1);