Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/rshd Login.conf-ify rshd. Heavily inspired by FreeBSD.
details: https://anonhg.NetBSD.org/src/rev/b2518298139a
branches: trunk
changeset: 480877:b2518298139a
user: mjl <mjl%NetBSD.org@localhost>
date: Sat Jan 22 10:22:55 2000 +0000
description:
Login.conf-ify rshd. Heavily inspired by FreeBSD.
diffstat:
libexec/rshd/Makefile | 5 ++-
libexec/rshd/rshd.8 | 7 ++--
libexec/rshd/rshd.c | 71 ++++++++++++++++++++++++++++++++++++++++----------
3 files changed, 65 insertions(+), 18 deletions(-)
diffs (178 lines):
diff -r 544b0cd3b777 -r b2518298139a libexec/rshd/Makefile
--- a/libexec/rshd/Makefile Sat Jan 22 10:18:07 2000 +0000
+++ b/libexec/rshd/Makefile Sat Jan 22 10:22:55 2000 +0000
@@ -1,7 +1,10 @@
-# $NetBSD: Makefile,v 1.8 1997/10/08 09:07:36 mrg Exp $
+# $NetBSD: Makefile,v 1.9 2000/01/22 10:22:55 mjl Exp $
# from: @(#)Makefile 8.1 (Berkeley) 6/4/93
PROG= rshd
MAN= rshd.8
+CFLAGS+=-DLOGIN_CAP
+LDADD+= -lutil
+
.include <bsd.prog.mk>
diff -r 544b0cd3b777 -r b2518298139a libexec/rshd/rshd.8
--- a/libexec/rshd/rshd.8 Sat Jan 22 10:18:07 2000 +0000
+++ b/libexec/rshd/rshd.8 Sat Jan 22 10:22:55 2000 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: rshd.8,v 1.8 1999/03/22 18:25:47 garbled Exp $
+.\" $NetBSD: rshd.8,v 1.9 2000/01/22 10:22:55 mjl Exp $
.\"
.\" Copyright (c) 1983, 1989, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -33,7 +33,7 @@
.\"
.\" from: @(#)rshd.8 8.1 (Berkeley) 6/4/93
.\"
-.Dd June 4, 1993
+.Dd January 22, 2000
.Dt RSHD 8
.Os
.Sh NAME
@@ -199,7 +199,8 @@
.Sh SEE ALSO
.Xr rsh 1 ,
.Xr rcmd 3 ,
-.Xr ruserok 3
+.Xr ruserok 3 ,
+.Xr login.conf 5
.Sh BUGS
The authentication procedure used here assumes the integrity
of each client machine and the connecting medium. This is
diff -r 544b0cd3b777 -r b2518298139a libexec/rshd/rshd.c
--- a/libexec/rshd/rshd.c Sat Jan 22 10:18:07 2000 +0000
+++ b/libexec/rshd/rshd.c Sat Jan 22 10:22:55 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rshd.c,v 1.16 1998/08/10 02:57:24 perry Exp $ */
+/* $NetBSD: rshd.c,v 1.17 2000/01/22 10:22:55 mjl Exp $ */
/*-
* Copyright (c) 1988, 1989, 1992, 1993, 1994
@@ -40,7 +40,7 @@
#if 0
static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94";
#else
-__RCSID("$NetBSD: rshd.c,v 1.16 1998/08/10 02:57:24 perry Exp $");
+__RCSID("$NetBSD: rshd.c,v 1.17 2000/01/22 10:22:55 mjl Exp $");
#endif
#endif /* not lint */
@@ -71,6 +71,9 @@
#include <string.h>
#include <syslog.h>
#include <unistd.h>
+#ifdef LOGIN_CAP
+#include <login_cap.h>
+#endif
int keepalive = 1;
int check_all;
@@ -170,7 +173,9 @@
char cmdbuf[NCARGS+1], locuser[16], remuser[16];
char remotehost[2 * MAXHOSTNAMELEN + 1];
char hostnamebuf[2 * MAXHOSTNAMELEN + 1];
-
+#ifdef LOGIN_CAP
+ login_cap_t *lc;
+#endif
(void) signal(SIGINT, SIG_DFL);
(void) signal(SIGQUIT, SIG_DFL);
@@ -330,7 +335,21 @@
errorstr = "Login incorrect.\n";
goto fail;
}
+#ifdef LOGIN_CAP
+ lc = login_getclass(pwd ? pwd->pw_class : NULL);
+#endif
+
if (chdir(pwd->pw_dir) < 0) {
+#ifdef LOGIN_CAP
+ if (chdir("/") < 0 ||
+ login_getcapbool(lc, "requirehome", pwd->pw_uid ? 1 : 0)) {
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: no home directory. cmd='%.80s'",
+ remuser, hostname, locuser, cmdbuf);
+ error("No remote home directory.\n");
+ exit(0);
+ }
+#else
(void) chdir("/");
#ifdef notdef
syslog(LOG_INFO|LOG_AUTH,
@@ -338,7 +357,8 @@
remuser, hostname, locuser, cmdbuf);
error("No remote directory.\n");
exit(1);
-#endif
+#endif /* notdef */
+#endif /* LOGIN_CAP */
}
@@ -434,30 +454,53 @@
dup2(pv[1], 2);
close(pv[1]);
}
- if (*pwd->pw_shell == '\0')
- pwd->pw_shell = _PATH_BSHELL;
#if BSD > 43
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failed: %m");
#endif
- (void) setgid((gid_t)pwd->pw_gid);
- initgroups(pwd->pw_name, pwd->pw_gid);
- (void) setuid((uid_t)pwd->pw_uid);
+
+ if (*pwd->pw_shell == '\0')
+ pwd->pw_shell = _PATH_BSHELL;
+#ifdef LOGIN_CAP
+ {
+ char *sh;
+
+ if((sh = login_getcapstr(lc, "shell", NULL, NULL))) {
+ if(!(sh = strdup(sh))) {
+ syslog(LOG_NOTICE, "Cannot alloc mem");
+ exit(1);
+ }
+ pwd->pw_shell = sh;
+ }
+ }
+#endif
environ = envinit;
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
strcat(path, _PATH_DEFPATH);
strncat(shell, pwd->pw_shell, sizeof(shell)-7);
strncat(username, pwd->pw_name, sizeof(username)-6);
+#ifdef LOGIN_CAP
+ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) {
+ syslog(LOG_ERR, "setusercontext: %m");
+ exit(1);
+ }
+ login_close(lc);
+#else
+ (void) setgid((gid_t)pwd->pw_gid);
+ initgroups(pwd->pw_name, pwd->pw_gid);
+ (void) setuid((uid_t)pwd->pw_uid);
+#endif
+
+ endpwent();
+ if (log_success || pwd->pw_uid == 0) {
+ syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
+ remuser, hostname, locuser, cmdbuf);
+ }
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
- endpwent();
- if (log_success || pwd->pw_uid == 0) {
- syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
- remuser, hostname, locuser, cmdbuf);
- }
execl(pwd->pw_shell, cp, "-c", cmdbuf, 0);
perror(pwd->pw_shell);
exit(1);
Home |
Main Index |
Thread Index |
Old Index