xref: /illumos-gate/usr/src/cmd/cmd-inet/usr.bin/rcp.c (revision ad8ef92a)
1 /*
2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 1983 The Regents of the University of California.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms are permitted
11  * provided that the above copyright notice and this paragraph are
12  * duplicated in all such forms and that any documentation,
13  * advertising materials, and other materials related to such
14  * distribution and use acknowledge that the software was developed
15  * by the University of California, Berkeley.  The name of the
16  * University may not be used to endorse or promote products derived
17  * from this software without specific prior written permission.
18  *
19  */
20 
21 #define	_FILE_OFFSET_BITS  64
22 
23 /*
24  * rcp
25  */
26 #include <sys/param.h>
27 #include <sys/file.h>
28 #include <sys/stat.h>
29 #include <sys/time.h>
30 #include <sys/types.h>
31 #include <sys/ioctl.h>
32 #include <sys/acl.h>
33 #include <dirent.h>
34 #include <signal.h>
35 #include <sys/socket.h>
36 #include <netinet/in.h>
37 #include <pwd.h>
38 #include <netdb.h>
39 #include <wchar.h>
40 #include <stdlib.h>
41 #include <errno.h>
42 #include <locale.h>
43 #include <strings.h>
44 #include <stdio.h>
45 #include <ctype.h>
46 #include <fcntl.h>
47 #include <unistd.h>
48 #include <limits.h>
49 #include <priv_utils.h>
50 #include <sys/sendfile.h>
51 #include <sys/sysmacros.h>
52 #include <sys/wait.h>
53 #include <aclutils.h>
54 #include <sys/varargs.h>
55 
56 /*
57  * It seems like Berkeley got these from pathnames.h?
58  */
59 #define	_PATH_RSH	"/usr/bin/rsh"
60 #define	_PATH_CP	"/usr/bin/cp"
61 
62 #define	ACL_FAIL	1
63 #define	ACL_OK		0
64 #define	RCP_BUFSIZE	(64 * 1024)
65 
66 #define	RCP_ACL	"/usr/lib/sunw,rcp"
67 		/* see PSARC/1993/004/opinion */
68 
69 typedef struct _buf {
70 	int	cnt;
71 	char	*buf;
72 } BUF;
73 
74 static char *cmd_sunw;
75 static struct passwd *pwd;
76 static int errs;
77 static int pflag;
78 static uid_t userid;
79 static int rem;
80 static int zflag;
81 static int iamremote;
82 static int iamrecursive;
83 static int targetshouldbedirectory;
84 static int aclflag;
85 static int acl_aclflag;
86 static int retval = 0;
87 static int portnumber = 0;
88 
89 static void lostconn(void);
90 static char *search_char(unsigned char *, unsigned char);
91 static char *removebrackets(char *);
92 static char *colon(char *);
93 static int response(void);
94 static void usage(void);
95 static void source(int, char **);
96 static void sink(int, char **);
97 static void toremote(char *, int, char **);
98 static void tolocal(int, char **);
99 static void verifydir(char *);
100 static int okname(char *);
101 static int susystem(char *, char **);
102 static void rsource(char *, struct stat *);
103 static int sendacl(int);
104 static int recvacl(int, int, int);
105 static int zwrite(int, char *, int);
106 static void zopen(int, int);
107 static int zclose(int);
108 static int notzero(char *, int);
109 static BUF *allocbuf(BUF *, int, int);
110 static void error(char *fmt, ...);
111 static void addargs(char **, ...);
112 
113 /*
114  * As a 32 bit application, we can only transfer (2gb - 1) i.e 0x7FFFFFFF
115  * bytes of data. We would like the size to be aligned to the nearest
116  * MAXBOFFSET (8192) boundary for optimal performance.
117  */
118 #define	SENDFILE_SIZE	0x7FFFE000
119 
120 #include <k5-int.h>
121 #include <profile/prof_int.h>
122 #include <com_err.h>
123 #include <kcmd.h>
124 
125 #define	NULLBUF	(BUF *) 0
126 #define	MAXARGS	10	/* Number of arguments passed to execv() */
127 
128 static int sock;
129 static char *cmd, *cmd_orig, *cmd_sunw_orig;
130 static char *krb_realm = NULL;
131 static char *krb_cache = NULL;
132 static char *krb_config = NULL;
133 static char des_inbuf[2 * RCP_BUFSIZE];
134 				/* needs to be > largest read size */
135 static char des_outbuf[2 * RCP_BUFSIZE];
136 				/* needs to be > largest write size */
137 
138 static krb5_data desinbuf, desoutbuf;
139 static krb5_encrypt_block eblock;	/* eblock for encrypt/decrypt */
140 static krb5_keyblock *session_key;	/* static key for session */
141 static krb5_context bsd_context = NULL;
142 static krb5_auth_context auth_context;
143 static krb5_flags authopts;
144 static krb5_error_code status;
145 
146 static void try_normal_rcp(int, char **);
147 static int init_service(int);
148 static char **save_argv(int, char **);
149 static void answer_auth(char *, char *);
150 static int desrcpwrite(int, char *, int);
151 static int desrcpread(int, char *, int);
152 
153 /*
154  * Not sure why these two don't have their own header file declarations, but
155  * lint complains about absent declarations so place some here. Sigh.
156  */
157 extern errcode_t	profile_get_options_boolean(profile_t, char **,
158     profile_options_boolean *);
159 extern errcode_t	profile_get_options_string(profile_t, char **,
160     profile_option_strings *);
161 
162 static int krb5auth_flag = 0;	/* Flag set, when KERBEROS is enabled */
163 static profile_options_boolean autologin_option[] = {
164 	{ "autologin", &krb5auth_flag, 0 },
165 	{ NULL, NULL, 0 }
166 };
167 static int no_krb5auth_flag = 0;
168 
169 static int encrypt_flag = 0;	/* Flag set, when encryption is enabled */
170 static int encrypt_done = 0;	/* Flag set, if "-x" is specified */
171 static enum kcmd_proto kcmd_proto = KCMD_NEW_PROTOCOL;
172 
173 /* Flag set, if -PN / -PO is specified */
174 static boolean_t rcmdoption_done = B_FALSE;
175 
176 static profile_options_boolean option[] = {
177 	{ "encrypt", &encrypt_flag, 0 },
178 	{ NULL, NULL, 0 }
179 };
180 
181 static char *rcmdproto = NULL;
182 static profile_option_strings rcmdversion[] = {
183 	{ "rcmd_protocol", &rcmdproto, 0 },
184 	{ NULL, NULL, 0 }
185 };
186 
187 static char *realmdef[] = { "realms", NULL, "rcp", NULL };
188 static char *appdef[] = { "appdefaults", "rcp", NULL };
189 static char **prev_argv;
190 static int prev_argc;
191 
192 int
main(int argc,char * argv[])193 main(int argc, char *argv[])
194 {
195 	int ch, fflag, tflag;
196 	char *targ;
197 	size_t cmdsiz;
198 
199 	(void) setlocale(LC_ALL, "");
200 
201 	if (strcmp(argv[0], RCP_ACL) == 0)
202 		aclflag = 1;
203 
204 	if (!(pwd = getpwuid(userid = getuid()))) {
205 		(void) fprintf(stderr, "rcp: unknown user %d.\n",
206 		    (uint_t)userid);
207 		return (1);
208 	}
209 
210 	fflag = tflag = 0;
211 	while ((ch = getopt(argc, argv, "axdfprtz:D:k:P:ZK")) != EOF) {
212 		switch (ch) {
213 		case 'd':
214 			targetshouldbedirectory = 1;
215 			break;
216 		case 'f':			/* "from" */
217 			fflag = 1;
218 			if (aclflag | acl_aclflag)
219 				/* ok response */
220 				(void) desrcpwrite(rem, "", 1);
221 			break;
222 		case 'p':			/* preserve access/mod times */
223 			++pflag;
224 			break;
225 		case 'r':
226 			++iamrecursive;
227 			break;
228 		case 't':			/* "to" */
229 			tflag = 1;
230 			break;
231 		case 'Z':
232 			acl_aclflag++;
233 			break;
234 		case 'K':
235 			no_krb5auth_flag++;
236 			break;
237 		case 'x':
238 			if (!krb5_privacy_allowed()) {
239 				(void) fprintf(stderr, gettext("rcp: "
240 				    "Encryption not supported.\n"));
241 				return (1);
242 			}
243 			encrypt_flag++;
244 			krb5auth_flag++;
245 			encrypt_done++;
246 			break;
247 		case 'k':
248 			if ((krb_realm = (char *)strdup(optarg)) == NULL) {
249 				(void) fprintf(stderr, gettext("rcp:"
250 				    " Cannot malloc.\n"));
251 				return (1);
252 			}
253 			krb5auth_flag++;
254 			break;
255 		case 'P':
256 			if (strncmp(optarg, "O", 1) == 0) {
257 				if (rcmdoption_done == B_TRUE) {
258 					(void) fprintf(stderr, gettext("rcp: "
259 					    "Only one of -PN and -PO "
260 					    "allowed.\n"));
261 					usage();
262 				}
263 				kcmd_proto = KCMD_OLD_PROTOCOL;
264 				rcmdoption_done = B_TRUE;
265 			} else if (strncmp(optarg, "N", 1) == 0) {
266 				if (rcmdoption_done == B_TRUE) {
267 					(void) fprintf(stderr, gettext("rcp: "
268 					    "Only one of -PN and -PO "
269 					    "allowed.\n"));
270 					usage();
271 				}
272 				kcmd_proto = KCMD_NEW_PROTOCOL;
273 				rcmdoption_done = B_TRUE;
274 			} else {
275 				usage();
276 			}
277 			krb5auth_flag++;
278 			break;
279 		case 'a':
280 			krb5auth_flag++;
281 			break;
282 #ifdef DEBUG
283 		case 'D':
284 			portnumber = htons(atoi(optarg));
285 			krb5auth_flag++;
286 			break;
287 #endif /* DEBUG */
288 		case '?':
289 		default:
290 			usage();
291 		}
292 	}
293 	argc -= optind;
294 	argv += optind;
295 
296 	/*
297 	 * if the user disables krb5 on the cmdline (-K), then skip
298 	 * all krb5 setup.
299 	 *
300 	 * if the user does not disable krb5 or enable krb5 on the
301 	 * cmdline, check krb5.conf to see if it should be enabled.
302 	 */
303 
304 	if (no_krb5auth_flag) {
305 		krb5auth_flag = 0;
306 		fflag = encrypt_flag = 0;
307 	} else if (!krb5auth_flag) {
308 		/* is autologin set in krb5.conf? */
309 		status = krb5_init_context(&bsd_context);
310 		/* don't sweat failure here */
311 		if (!status) {
312 			/*
313 			 * note that the call to profile_get_options_boolean
314 			 * with autologin_option can affect value of
315 			 * krb5auth_flag
316 			 */
317 			(void) profile_get_options_boolean(bsd_context->profile,
318 			    appdef,
319 			    autologin_option);
320 		}
321 	}
322 
323 	if (krb5auth_flag > 0) {
324 		if (!bsd_context) {
325 			status = krb5_init_context(&bsd_context);
326 			if (status) {
327 				com_err("rcp", status,
328 				    gettext("while initializing krb5"));
329 				return (1);
330 			}
331 		}
332 
333 		/*
334 		 * Set up buffers for desread and deswrite.
335 		 */
336 		desinbuf.data = des_inbuf;
337 		desoutbuf.data = des_outbuf;
338 		desinbuf.length = sizeof (des_inbuf);
339 		desoutbuf.length = sizeof (des_outbuf);
340 	}
341 
342 	if (fflag || tflag)
343 		if (encrypt_flag > 0)
344 			(void) answer_auth(krb_config, krb_cache);
345 
346 	if (fflag) {
347 		iamremote = 1;
348 		(void) response();
349 		(void) setuid(userid);
350 		source(argc, argv);
351 		return (errs);
352 	}
353 
354 	if (tflag) {
355 		iamremote = 1;
356 		(void) setuid(userid);
357 		sink(argc, argv);
358 		return (errs);
359 	}
360 
361 	if (argc < 2)
362 		usage();
363 
364 	/* This will make "rcmd_af()" magically get the proper privilege */
365 	if (__init_suid_priv(0, PRIV_NET_PRIVADDR, (char *)NULL) == -1) {
366 		(void) fprintf(stderr, "rcp: must be set-uid root\n");
367 		exit(1);
368 	}
369 
370 	if (krb5auth_flag > 0) {
371 		/*
372 		 * Get our local realm to look up local realm options.
373 		 */
374 		status = krb5_get_default_realm(bsd_context, &realmdef[1]);
375 		if (status) {
376 			com_err("rcp", status,
377 			    gettext("while getting default realm"));
378 			return (1);
379 		}
380 		/*
381 		 * See if encryption should be done for this realm
382 		 */
383 		(void) profile_get_options_boolean(bsd_context->profile,
384 		    realmdef, option);
385 		/*
386 		 * Check the appdefaults section
387 		 */
388 		(void) profile_get_options_boolean(bsd_context->profile,
389 		    appdef, option);
390 		(void) profile_get_options_string(bsd_context->profile,
391 		    appdef, rcmdversion);
392 		if ((encrypt_done > 0) || (encrypt_flag > 0)) {
393 			if (krb5_privacy_allowed() == TRUE) {
394 				encrypt_flag++;
395 			} else {
396 				(void) fprintf(stderr, gettext("rcp: Encryption"
397 				    " not supported.\n"));
398 				return (1);
399 			}
400 		}
401 
402 		if ((rcmdoption_done == B_FALSE) && (rcmdproto != NULL)) {
403 			if (strncmp(rcmdproto, "rcmdv2", 6) == 0) {
404 				kcmd_proto = KCMD_NEW_PROTOCOL;
405 			} else if (strncmp(rcmdproto, "rcmdv1", 6) == 0) {
406 				kcmd_proto = KCMD_OLD_PROTOCOL;
407 			} else {
408 				(void) fprintf(stderr, gettext("Unrecognized "
409 				    "KCMD protocol (%s)"), rcmdproto);
410 				return (1);
411 			}
412 		}
413 	}
414 
415 	if (argc > 2)
416 		targetshouldbedirectory = 1;
417 
418 	rem = -1;
419 
420 	if (portnumber == 0) {
421 		if (krb5auth_flag > 0) {
422 			retval = init_service(krb5auth_flag);
423 			if (!retval) {
424 				/*
425 				 * Connecting to the kshell service failed,
426 				 * fallback to normal rcp & reset KRB5 flags.
427 				 */
428 				krb5auth_flag = encrypt_flag = 0;
429 				encrypt_done = 0;
430 				(void) init_service(krb5auth_flag);
431 			}
432 		}
433 		else
434 			(void) init_service(krb5auth_flag);
435 	}
436 
437 #ifdef DEBUG
438 	if (retval || krb5auth_flag) {
439 		(void) fprintf(stderr, gettext("Kerberized rcp session, "
440 		    "port %d in use "), portnumber);
441 		if (kcmd_proto == KCMD_OLD_PROTOCOL)
442 			(void) fprintf(stderr, gettext("[kcmd ver.1]\n"));
443 		else
444 			(void) fprintf(stderr, gettext("[kcmd ver.2]\n"));
445 	} else {
446 		(void) fprintf(stderr, gettext("Normal rcp session, port %d "
447 		    "in use.\n"), portnumber);
448 	}
449 #endif /* DEBUG */
450 
451 	if (krb5auth_flag > 0) {
452 		/*
453 		 * We calculate here a buffer size that can be used in the
454 		 * allocation of the three buffers cmd, cmd_orig and
455 		 * cmd_sunw_orig that are used to hold different incantations
456 		 * of rcp.
457 		 */
458 		cmdsiz = MAX(sizeof ("-x rcp -r -p -d -k ") +
459 		    strlen(krb_realm != NULL ? krb_realm : ""),
460 		    sizeof (RCP_ACL " -r -p -z -d"));
461 
462 		if (((cmd = (char *)malloc(cmdsiz)) == NULL) ||
463 		    ((cmd_sunw_orig = (char *)malloc(cmdsiz)) == NULL) ||
464 		    ((cmd_orig = (char *)malloc(cmdsiz)) == NULL)) {
465 			(void) fprintf(stderr, gettext("rcp: Cannot "
466 			    "malloc.\n"));
467 			return (1);
468 		}
469 
470 		(void) snprintf(cmd, cmdsiz, "%srcp %s%s%s%s%s",
471 		    encrypt_flag ? "-x " : "",
472 		    iamrecursive ? " -r" : "", pflag ? " -p" : "",
473 		    targetshouldbedirectory ? " -d" : "",
474 		    krb_realm != NULL ? " -k " : "",
475 		    krb_realm != NULL ? krb_realm : "");
476 
477 		/*
478 		 * We would use cmd-orig as the 'cmd-buffer' if kerberized
479 		 * rcp fails, in which case we fallback to normal rcp. We also
480 		 * save argc & argv for the same purpose
481 		 */
482 		(void) snprintf(cmd_orig, cmdsiz, "rcp%s%s%s%s",
483 		    iamrecursive ? " -r" : "",
484 		    pflag ? " -p" : "",
485 		    zflag ? " -z" : "",
486 		    targetshouldbedirectory ? " -d" : "");
487 
488 		(void) snprintf(cmd_sunw_orig, cmdsiz, "%s%s%s%s%s", RCP_ACL,
489 		    iamrecursive ? " -r" : "",
490 		    pflag ? " -p" : "",
491 		    zflag ? " -z" : "",
492 		    targetshouldbedirectory ? " -d" : "");
493 
494 		prev_argc = argc;
495 		prev_argv = save_argv(argc, argv);
496 
497 	} else {
498 		cmdsiz = sizeof ("rcp -r -p -z -d");
499 		if (((cmd = (char *)malloc(cmdsiz)) == NULL)) {
500 			(void) fprintf(stderr, gettext("rcp: Cannot "
501 			    "malloc.\n"));
502 			return (1);
503 		}
504 
505 		(void) snprintf(cmd, cmdsiz, "rcp%s%s%s%s",
506 		    iamrecursive ? " -r" : "",
507 		    pflag ? " -p" : "",
508 		    zflag ? " -z" : "",
509 		    targetshouldbedirectory ? " -d" : "");
510 	}
511 
512 	cmdsiz = sizeof (RCP_ACL " -r -p -z -d");
513 	if ((cmd_sunw = (char *)malloc(cmdsiz)) == NULL) {
514 		(void) fprintf(stderr, gettext("rcp: Cannot malloc.\n"));
515 		return (1);
516 	}
517 
518 	(void) snprintf(cmd_sunw, cmdsiz, "%s%s%s%s%s", RCP_ACL,
519 	    iamrecursive ? " -r" : "",
520 	    pflag ? " -p" : "",
521 	    zflag ? " -z" : "",
522 	    targetshouldbedirectory ? " -d" : "");
523 
524 	(void) signal(SIGPIPE, (void (*)(int))lostconn);
525 
526 	if (targ = colon(argv[argc - 1]))
527 		toremote(targ, argc, argv);
528 	else {
529 		tolocal(argc, argv);
530 		if (targetshouldbedirectory)
531 			verifydir(argv[argc - 1]);
532 	}
533 
534 	return (errs > 0 ? EXIT_FAILURE : EXIT_SUCCESS);
535 }
536 
537 
538 static void
toremote(char * targ,int argc,char * argv[])539 toremote(char *targ, int argc, char *argv[])
540 {
541 	int i;
542 	char *host, *src, *suser, *thost, *tuser;
543 	char resp;
544 	size_t buffersize;
545 	char bp[RCP_BUFSIZE];
546 	krb5_creds *cred;
547 	char *arglist[MAXARGS+1];
548 	buffersize = RCP_BUFSIZE;
549 
550 	*targ++ = 0;
551 	if (*targ == 0)
552 		targ = ".";
553 
554 	if (thost = search_char((unsigned char *)argv[argc - 1], '@')) {
555 		*thost++ = 0;
556 		tuser = argv[argc - 1];
557 		if (*tuser == '\0')
558 			tuser = NULL;
559 		else if (!okname(tuser))
560 			exit(1);
561 	} else {
562 		thost = argv[argc - 1];
563 		tuser = NULL;
564 	}
565 	thost = removebrackets(thost);
566 
567 	for (i = 0; i < argc - 1; i++) {
568 		src = colon(argv[i]);
569 		if (src) {			/* remote to remote */
570 			*src++ = 0;
571 			if (*src == 0)
572 				src = ".";
573 			host = search_char((unsigned char *)argv[i], '@');
574 			if (host) {
575 				*host++ = 0;
576 				host = removebrackets(host);
577 				suser = argv[i];
578 				if (*suser == '\0') {
579 					suser = pwd->pw_name;
580 				} else if (!okname(suser)) {
581 					errs++;
582 					continue;
583 				}
584 				(void) snprintf(bp, buffersize, "'%s%s%s:%s'",
585 				    tuser ? tuser : "", tuser ? "@" : "",
586 				    thost, targ);
587 				(void) addargs(arglist, "rsh", host, "-l",
588 				    suser, "-n", cmd, src, bp, (char *)NULL);
589 			} else {
590 				host = removebrackets(argv[i]);
591 				(void) snprintf(bp, buffersize, "'%s%s%s:%s'",
592 				    tuser ? tuser : "", tuser ? "@" : "",
593 				    thost, targ);
594 				(void) addargs(arglist, "rsh", host, "-n", cmd,
595 				    src, bp, (char *)NULL);
596 			}
597 			if (susystem(_PATH_RSH, arglist) == -1)
598 				errs++;
599 		} else {			/* local to remote */
600 			if (rem == -1) {
601 				host = thost;
602 				if (krb5auth_flag > 0) {
603 
604 				(void) snprintf(bp, buffersize,
605 				    "%s -t %s", cmd, targ);
606 				authopts = AP_OPTS_MUTUAL_REQUIRED;
607 				status = kcmd(&sock, &host,
608 				    portnumber,
609 				    pwd->pw_name,
610 				    tuser ? tuser :
611 				    pwd->pw_name,
612 				    bp,
613 				    0,
614 				    "host",
615 				    krb_realm,
616 				    bsd_context,
617 				    &auth_context,
618 				    &cred,
619 				    0,	/* No seq # */
620 				    0,	/* No server seq # */
621 				    authopts,
622 				    0,	/* Not any port # */
623 				    &kcmd_proto);
624 				if (status) {
625 					/*
626 					 * If new protocol requested, we dont
627 					 * fallback to less secure ones.
628 					 */
629 
630 					if (kcmd_proto == KCMD_NEW_PROTOCOL) {
631 						(void) fprintf(stderr,
632 						    gettext("rcp: kcmdv2 "
633 						    "to host %s failed - %s"
634 						    "\nFallback to normal "
635 						    "rcp denied."), host,
636 						    error_message(status));
637 						exit(1);
638 					}
639 					if (status != -1) {
640 						(void) fprintf(stderr,
641 						    gettext("rcp: kcmd to host "
642 						    "%s failed - %s,\n"
643 						    "trying normal rcp...\n\n"),
644 						    host,
645 						    error_message(status));
646 					} else {
647 						(void) fprintf(stderr,
648 						    gettext("trying normal"
649 						    " rcp...\n"));
650 					}
651 					/*
652 					 * kcmd() failed, so we have to
653 					 * fallback to normal rcp
654 					 */
655 					try_normal_rcp(prev_argc, prev_argv);
656 				} else {
657 					rem = sock;
658 					session_key = &cred->keyblock;
659 					if (kcmd_proto == KCMD_NEW_PROTOCOL) {
660 						/* CSTYLED */
661 						status = krb5_auth_con_getlocalsubkey(bsd_context, auth_context, &session_key);
662 						if (status) {
663 							com_err("rcp", status,
664 							    "determining "
665 							    "subkey for "
666 							    "session");
667 							exit(1);
668 						}
669 						if (!session_key) {
670 							com_err("rcp", 0,
671 							    "no subkey "
672 							    "negotiated for"
673 							    " connection");
674 							exit(1);
675 						}
676 					}
677 					eblock.crypto_entry =
678 					    session_key->enctype;
679 					eblock.key =
680 					    (krb5_keyblock *)session_key;
681 
682 					init_encrypt(encrypt_flag,
683 					    bsd_context, kcmd_proto,
684 					    &desinbuf, &desoutbuf, CLIENT,
685 					    &eblock);
686 					if (encrypt_flag > 0) {
687 						char *s = gettext("This rcp "
688 						    "session is using "
689 						    "encryption for all "
690 						    "data transmissions."
691 						    "\r\n");
692 
693 						(void) write(2, s, strlen(s));
694 					}
695 				}
696 				if (response() < 0)
697 					exit(1);
698 
699 				} else {
700 
701 					/*
702 					 * ACL support: try to find out if the
703 					 * remote site is running acl cognizant
704 					 * version of rcp. A special binary
705 					 * name is used for this purpose.
706 					 */
707 					aclflag = 1;
708 					acl_aclflag = 1;
709 
710 					/*
711 					 * First see if the remote side will
712 					 * support both aclent_t and ace_t
713 					 * acl's?
714 					 */
715 					(void) snprintf(bp, buffersize,
716 					    "%s -tZ %s",
717 					    cmd_sunw, targ);
718 					rem = rcmd_af(&host, portnumber,
719 					    pwd->pw_name,
720 					    tuser ? tuser : pwd->pw_name,
721 					    bp, 0, AF_INET6);
722 					if (rem < 0)
723 						exit(1);
724 
725 					/*
726 					 * This is similar to routine
727 					 * response(). If response is not ok,
728 					 * treat the other side as non-acl rcp.
729 					 */
730 					if (read(rem, &resp, sizeof (resp))
731 					    != sizeof (resp))
732 						lostconn();
733 					if (resp != 0) {
734 						acl_aclflag = 0;
735 						(void) snprintf(bp, buffersize,
736 						    "%s -t %s", cmd_sunw, targ);
737 
738 						(void) close(rem);
739 						host = thost;
740 						rem = rcmd_af(&host, portnumber,
741 						    pwd->pw_name,
742 						    tuser ? tuser :
743 						    pwd->pw_name,
744 						    bp, 0, AF_INET6);
745 						if (rem < 0)
746 							exit(1);
747 
748 						if (read(rem, &resp,
749 						    sizeof (resp))
750 						    != sizeof (resp))
751 							lostconn();
752 						if (resp != 0) {
753 							/*
754 							 * Not OK:
755 							 * The other side is
756 							 * running non-acl rcp.
757 							 * Try again with
758 							 * normal stuff.
759 							 */
760 							aclflag = 0;
761 							(void) snprintf(bp,
762 							    buffersize,
763 							    "%s -t %s", cmd,
764 							    targ);
765 							(void) close(rem);
766 							host = thost;
767 							rem = rcmd_af(&host,
768 							    portnumber,
769 							    pwd->pw_name,
770 							    tuser ? tuser :
771 							    pwd->pw_name, bp, 0,
772 							    AF_INET6);
773 							if (rem < 0)
774 								exit(1);
775 							if (response() < 0)
776 								exit(1);
777 						}
778 					}
779 					/* everything should be fine now */
780 					(void) setuid(userid);
781 
782 				}
783 			}
784 			source(1, argv + i);
785 		}
786 	}
787 }
788 
789 static void
tolocal(int argc,char * argv[])790 tolocal(int argc, char *argv[])
791 {
792 	int i;
793 	char *host, *src, *suser, *lhost;
794 	char resp;
795 	size_t buffersize;
796 	char bp[RCP_BUFSIZE];
797 	krb5_creds *cred;
798 	char *arglist[MAXARGS+1];
799 	buffersize = RCP_BUFSIZE;
800 
801 	for (i = 0; i < argc - 1; i++) {
802 		if (!(src = colon(argv[i]))) {	/* local to local */
803 			(void) addargs(arglist, "cp",
804 			    iamrecursive ? "-r" : "", pflag ? "-p" : "",
805 			    zflag ? "-z" : "", argv[i], argv[argc - 1],
806 			    (char *)NULL);
807 			if (susystem(_PATH_CP, arglist) == -1)
808 				errs++;
809 			continue;
810 		}
811 		*src++ = 0;
812 		if (*src == 0)
813 			src = ".";
814 		host = search_char((unsigned char *)argv[i], '@');
815 		if (host) {
816 			*host++ = 0;
817 			suser = argv[i];
818 			if (*suser == '\0') {
819 				suser = pwd->pw_name;
820 			} else if (!okname(suser)) {
821 				errs++;
822 				continue;
823 			}
824 		} else {
825 			host = argv[i];
826 			suser = pwd->pw_name;
827 		}
828 		host = removebrackets(host);
829 		lhost = host;
830 		if (krb5auth_flag > 0) {
831 
832 			(void) snprintf(bp, buffersize, "%s -f %s", cmd, src);
833 			authopts = AP_OPTS_MUTUAL_REQUIRED;
834 			status = kcmd(&sock, &host,
835 			    portnumber,
836 			    pwd->pw_name, suser,
837 			    bp,
838 			    0,	/* &rfd2 */
839 			    "host",
840 			    krb_realm,
841 			    bsd_context,
842 			    &auth_context,
843 			    &cred,
844 			    0,	/* No seq # */
845 			    0,	/* No server seq # */
846 			    authopts,
847 			    1,	/* Not any port # */
848 			    &kcmd_proto);
849 			if (status) {
850 				/*
851 				 * If new protocol requested, we dont
852 				 * fallback to less secure ones.
853 				 */
854 				if (kcmd_proto == KCMD_NEW_PROTOCOL) {
855 					(void) fprintf(stderr,
856 					    gettext("rcp: kcmdv2 "
857 					    "to host %s failed - %s\n"
858 					    "Fallback to normal rcp denied."),
859 					    host, error_message(status));
860 					exit(1);
861 				}
862 				if (status != -1) {
863 					(void) fprintf(stderr,
864 					    gettext("rcp: kcmd "
865 					    "to host %s failed - %s,\n"
866 					    "trying normal rcp...\n\n"),
867 					    host, error_message(status));
868 				} else {
869 					(void) fprintf(stderr,
870 					    gettext("trying normal rcp...\n"));
871 				}
872 				/*
873 				 * kcmd() failed, so we have to
874 				 * fallback to normal rcp
875 				 */
876 				try_normal_rcp(prev_argc, prev_argv);
877 			} else {
878 				rem = sock;
879 				session_key = &cred->keyblock;
880 				if (kcmd_proto == KCMD_NEW_PROTOCOL) {
881 					status = krb5_auth_con_getlocalsubkey(
882 					    bsd_context, auth_context,
883 					    &session_key);
884 					if (status) {
885 						com_err("rcp", status,
886 						    "determining "
887 						    "subkey for session");
888 						exit(1);
889 					}
890 					if (!session_key) {
891 						com_err("rcp", 0,
892 						    "no subkey negotiated"
893 						    " for connection");
894 						exit(1);
895 					}
896 				}
897 				eblock.crypto_entry = session_key->enctype;
898 				eblock.key = (krb5_keyblock *)session_key;
899 
900 				init_encrypt(encrypt_flag, bsd_context,
901 				    kcmd_proto,
902 				    &desinbuf, &desoutbuf, CLIENT,
903 				    &eblock);
904 				if (encrypt_flag > 0) {
905 					char *s = gettext("This rcp "
906 					    "session is using DES "
907 					    "encryption for all "
908 					    "data transmissions."
909 					    "\r\n");
910 
911 					(void) write(2, s, strlen(s));
912 				}
913 			}
914 
915 		}
916 		else
917 		{
918 
919 			/*
920 			 * ACL support: try to find out if the remote site is
921 			 * running acl cognizant version of rcp.
922 			 */
923 			aclflag = 1;
924 			acl_aclflag = 1;
925 
926 			(void) snprintf(bp, buffersize, "%s -Zf %s", cmd_sunw,
927 			    src);
928 			rem = rcmd_af(&host, portnumber, pwd->pw_name, suser,
929 			    bp, 0, AF_INET6);
930 
931 			if (rem < 0) {
932 				++errs;
933 				continue;
934 			}
935 
936 			/*
937 			 * The remote system is supposed to send an ok response.
938 			 * If there are any data other than "ok", it must be
939 			 * error messages from the remote system. We can assume
940 			 * the remote system is running non-acl version rcp.
941 			 */
942 			if (read(rem, &resp, sizeof (resp)) != sizeof (resp))
943 				lostconn();
944 
945 			if (resp != 0) {
946 
947 				/*
948 				 * Try again without ace_acl support
949 				 */
950 				acl_aclflag = 0;
951 				(void) snprintf(bp, buffersize, "%s -f %s",
952 				    cmd_sunw, src);
953 				(void) close(rem);
954 				rem = rcmd_af(&host, portnumber, pwd->pw_name,
955 				    suser, bp, 0, AF_INET6);
956 
957 				if (rem < 0) {
958 					++errs;
959 					continue;
960 				}
961 
962 				if (read(rem, &resp,
963 				    sizeof (resp)) != sizeof (resp))
964 					lostconn();
965 
966 				if (resp != 0) {
967 					/*
968 					 * NOT ok:
969 					 * The other side is running non-acl
970 					 * rcp. Try again with normal stuff.
971 					 */
972 					aclflag = 0;
973 					(void) snprintf(bp, buffersize,
974 					    "%s -f %s", cmd, src);
975 					(void) close(rem);
976 					host = lhost;
977 					rem = rcmd_af(&host, portnumber,
978 					    pwd->pw_name, suser, bp, 0,
979 					    AF_INET6);
980 					if (rem < 0) {
981 						++errs;
982 						continue;
983 					}
984 				}
985 			}
986 		}
987 
988 		sink(1, argv + argc - 1);
989 
990 		(void) close(rem);
991 		rem = -1;
992 	}
993 }
994 
995 
996 static void
verifydir(char * cp)997 verifydir(char *cp)
998 {
999 	struct stat stb;
1000 
1001 	if (stat(cp, &stb) >= 0) {
1002 		if ((stb.st_mode & S_IFMT) == S_IFDIR)
1003 			return;
1004 		errno = ENOTDIR;
1005 	}
1006 	error("rcp: %s: %s.\n", cp, strerror(errno));
1007 	exit(1);
1008 }
1009 
1010 static char *
colon(char * cp)1011 colon(char *cp)
1012 {
1013 	boolean_t is_bracket_open = B_FALSE;
1014 
1015 	for (; *cp; ++cp) {
1016 		if (*cp == '[')
1017 			is_bracket_open = B_TRUE;
1018 		else if (*cp == ']')
1019 			is_bracket_open = B_FALSE;
1020 		else if (*cp == ':' && !is_bracket_open)
1021 			return (cp);
1022 		else if (*cp == '/')
1023 			return (0);
1024 	}
1025 	return (0);
1026 }
1027 
1028 static int
okname(char * cp0)1029 okname(char *cp0)
1030 {
1031 	register char *cp = cp0;
1032 	register int c;
1033 
1034 	do {
1035 		c = *cp;
1036 		if (c & 0200)
1037 			goto bad;
1038 		if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
1039 			goto bad;
1040 	} while (*++cp);
1041 	return (1);
1042 bad:
1043 	(void) fprintf(stderr, "rcp: invalid user name %s\n", cp0);
1044 	return (0);
1045 }
1046 
1047 
1048 static char *
removebrackets(char * str)1049 removebrackets(char *str)
1050 {
1051 	char *newstr = str;
1052 
1053 	if ((str[0] == '[') && (str[strlen(str) - 1] == ']')) {
1054 		newstr = str + 1;
1055 		str[strlen(str) - 1] = '\0';
1056 	}
1057 	return (newstr);
1058 }
1059 
1060 static int
susystem(char * path,char ** arglist)1061 susystem(char *path, char **arglist)
1062 {
1063 	int status, pid, w;
1064 	register void (*istat)(), (*qstat)();
1065 	int pfds[2];
1066 	char buf[BUFSIZ];
1067 	int cnt;
1068 	boolean_t seen_stderr_traffic;
1069 
1070 	/*
1071 	 * Due to the fact that rcp uses rsh to copy between 2 remote
1072 	 * machines, rsh doesn't return the exit status of the remote
1073 	 * command, and we can't modify the rcmd protocol used by rsh
1074 	 * (for interoperability reasons) we use the hack of using any
1075 	 * output on stderr as indication that an error occurred and
1076 	 * that we should return a non-zero error code.
1077 	 */
1078 
1079 	if (pipe(pfds) == -1) {
1080 		(void) fprintf(stderr, "Couldn't create pipe: %s\n",
1081 		    strerror(errno));
1082 		return (-1);
1083 	}
1084 
1085 	if ((pid = vfork()) < 0) {
1086 		(void) close(pfds[0]);
1087 		(void) close(pfds[1]);
1088 		(void) fprintf(stderr, "Couldn't fork child process: %s\n",
1089 		    strerror(errno));
1090 		return (-1);
1091 	} else if (pid == 0) {
1092 		/*
1093 		 * Child.
1094 		 */
1095 		(void) close(pfds[0]);
1096 		/*
1097 		 * Send stderr messages down the pipe so that we can detect
1098 		 * them in the parent process.
1099 		 */
1100 		if (pfds[1] != STDERR_FILENO) {
1101 			(void) dup2(pfds[1], STDERR_FILENO);
1102 			(void) close(pfds[1]);
1103 		}
1104 		/*
1105 		 * This shell does not inherit the additional privilege
1106 		 * we have in our Permitted set.
1107 		 */
1108 		(void) execv(path, arglist);
1109 		_exit(127);
1110 	}
1111 	/*
1112 	 * Parent.
1113 	 */
1114 	istat = signal(SIGINT, SIG_IGN);
1115 	qstat = signal(SIGQUIT, SIG_IGN);
1116 
1117 	(void) close(pfds[1]);
1118 	seen_stderr_traffic = B_FALSE;
1119 	while ((cnt = read(pfds[0], buf, sizeof (buf))) > 0) {
1120 		/*
1121 		 * If any data is read from the pipe the child process
1122 		 * has output something on stderr so we set the boolean
1123 		 * 'seen_stderr_traffic' to true, which will cause the
1124 		 * function to return -1.
1125 		 */
1126 		(void) write(STDERR_FILENO, buf, cnt);
1127 		seen_stderr_traffic = B_TRUE;
1128 	}
1129 	(void) close(pfds[0]);
1130 	while ((w = wait(&status)) != pid && w != -1)
1131 		;
1132 	if (w == -1)
1133 		status = -1;
1134 
1135 	(void) signal(SIGINT, istat);
1136 	(void) signal(SIGQUIT, qstat);
1137 
1138 	return (seen_stderr_traffic ? -1 : status);
1139 }
1140 
1141 static void
source(int argc,char * argv[])1142 source(int argc, char *argv[])
1143 {
1144 	struct stat stb;
1145 	static BUF buffer;
1146 	BUF *bp;
1147 	int x, readerr, f, amt;
1148 	char *last, *name, buf[RCP_BUFSIZE];
1149 	off_t off, size, i;
1150 	ssize_t cnt;
1151 	struct linger lingerbuf;
1152 
1153 	for (x = 0; x < argc; x++) {
1154 		name = argv[x];
1155 		if ((f = open(name, O_RDONLY, 0)) < 0) {
1156 			error("rcp: %s: %s\n", name, strerror(errno));
1157 			continue;
1158 		}
1159 		if (fstat(f, &stb) < 0)
1160 			goto notreg;
1161 		switch (stb.st_mode&S_IFMT) {
1162 
1163 		case S_IFREG:
1164 			break;
1165 
1166 		case S_IFDIR:
1167 			if (iamrecursive) {
1168 				(void) close(f);
1169 				rsource(name, &stb);
1170 				continue;
1171 			}
1172 			/* FALLTHROUGH */
1173 		default:
1174 notreg:
1175 			(void) close(f);
1176 			error("rcp: %s: not a plain file\n", name);
1177 			continue;
1178 		}
1179 		last = rindex(name, '/');
1180 		if (last == 0)
1181 			last = name;
1182 		else
1183 			last++;
1184 		if (pflag) {
1185 			time_t mtime, atime;
1186 			time_t now;
1187 
1188 			/*
1189 			 * Make it compatible with possible future
1190 			 * versions expecting microseconds.
1191 			 */
1192 			mtime = stb.st_mtime;
1193 			atime = stb.st_atime;
1194 
1195 			if ((mtime < 0) || (atime < 0)) {
1196 				now = time(NULL);
1197 
1198 				if (mtime < 0) {
1199 					mtime = now;
1200 					error("negative modification time on "
1201 					    "%s; not preserving\n", name);
1202 				}
1203 				if (atime < 0) {
1204 					atime = now;
1205 					error("negative access time on "
1206 					    "%s; not preserving\n", name);
1207 				}
1208 			}
1209 			(void) snprintf(buf, sizeof (buf), "T%ld 0 %ld 0\n",
1210 			    mtime, atime);
1211 			(void) desrcpwrite(rem, buf, strlen(buf));
1212 			if (response() < 0) {
1213 				(void) close(f);
1214 				continue;
1215 			}
1216 		}
1217 		(void) snprintf(buf, sizeof (buf), "C%04o %lld %s\n",
1218 		    (uint_t)(stb.st_mode & 07777), (longlong_t)stb.st_size,
1219 		    last);
1220 		(void) desrcpwrite(rem, buf, strlen(buf));
1221 		if (response() < 0) {
1222 			(void) close(f);
1223 			continue;
1224 		}
1225 
1226 		/* ACL support: send */
1227 		if (aclflag | acl_aclflag) {
1228 			/* get acl from f and send it over */
1229 			if (sendacl(f) == ACL_FAIL) {
1230 				(void) close(f);
1231 				continue;
1232 			}
1233 		}
1234 		if ((krb5auth_flag > 0) || (iamremote == 1)) {
1235 			bp = allocbuf(&buffer, f, RCP_BUFSIZE);
1236 			if (bp == NULLBUF) {
1237 				(void) close(f);
1238 				continue;
1239 			}
1240 			readerr = 0;
1241 			for (i = 0; i < stb.st_size; i += bp->cnt) {
1242 				amt = bp->cnt;
1243 				if (i + amt > stb.st_size)
1244 					amt = stb.st_size - i;
1245 				if (readerr == 0 &&
1246 				    read(f, bp->buf, amt) != amt)
1247 					readerr = errno;
1248 				(void) desrcpwrite(rem, bp->buf, amt);
1249 			}
1250 			(void) close(f);
1251 			if (readerr == 0)
1252 				(void) desrcpwrite(rem, "", 1);
1253 			else
1254 				error("rcp: %s: %s\n", name,
1255 				    error_message(readerr));
1256 		} else {
1257 			cnt = off = 0;
1258 			size = stb.st_size;
1259 			while (size != 0) {
1260 				amt = MIN(size, SENDFILE_SIZE);
1261 				cnt = sendfile(rem, f, &off, amt);
1262 				if (cnt == -1) {
1263 					if (errno == EINTR) {
1264 						continue;
1265 					} else {
1266 						break;
1267 					}
1268 				}
1269 				if (cnt == 0)
1270 					break;
1271 				size -= cnt;
1272 			}
1273 			if (cnt < 0) {
1274 				error("rcp: %s: %s\n", name, strerror(errno));
1275 			} else if (cnt == 0 && size != 0) {
1276 				error("rcp: %s: unexpected end of file\n",
1277 				    name);
1278 				lingerbuf.l_onoff = 1;
1279 				lingerbuf.l_linger = 0;
1280 				(void) setsockopt(rem, SOL_SOCKET, SO_LINGER,
1281 				    &lingerbuf, sizeof (lingerbuf));
1282 				/*
1283 				 * When response() (see below) is invoked it
1284 				 * tries to read data from closed handle which
1285 				 * triggers error and lostconn() function.
1286 				 * lostconn() terminates the program with
1287 				 * appropriate message.
1288 				 */
1289 				(void) close(rem);
1290 				rem = -1;
1291 			} else {
1292 				(void) write(rem, "", 1);
1293 			}
1294 			(void) close(f);
1295 		}
1296 		(void) response();
1297 	}
1298 }
1299 
1300 
1301 static void
rsource(char * name,struct stat * statp)1302 rsource(char *name, struct stat *statp)
1303 {
1304 	DIR *d;
1305 	struct dirent *dp;
1306 	char *last, *vect[1];
1307 	char path[MAXPATHLEN];
1308 
1309 	if (!(d = opendir(name))) {
1310 		error("rcp: %s: %s\n", name, strerror(errno));
1311 		return;
1312 	}
1313 	last = rindex(name, '/');
1314 	if (last == 0)
1315 		last = name;
1316 	else
1317 		last++;
1318 	if (pflag) {
1319 		(void) snprintf(path, sizeof (path), "T%ld 0 %ld 0\n",
1320 		    statp->st_mtime, statp->st_atime);
1321 		(void) desrcpwrite(rem, path, strlen(path));
1322 		if (response() < 0) {
1323 			(void) closedir(d);
1324 			return;
1325 		}
1326 	}
1327 	(void) snprintf(path, sizeof (path), "D%04o %d %s\n",
1328 	    (uint_t)(statp->st_mode & 07777), 0, last);
1329 	(void) desrcpwrite(rem, path, strlen(path));
1330 
1331 	/* acl support for directory */
1332 	if (aclflag) {
1333 		/* get acl from f and send it over */
1334 		if (sendacl(d->dd_fd) == ACL_FAIL) {
1335 			(void) closedir(d);
1336 			return;
1337 		}
1338 	}
1339 
1340 	if (response() < 0) {
1341 		(void) closedir(d);
1342 		return;
1343 	}
1344 
1345 	while (dp = readdir(d)) {
1346 		if (dp->d_ino == 0)
1347 			continue;
1348 		if ((strcmp(dp->d_name, ".") == 0) ||
1349 		    (strcmp(dp->d_name, "..") == 0))
1350 			continue;
1351 		if ((uint_t)strlen(name) + 1 + strlen(dp->d_name) >=
1352 		    MAXPATHLEN - 1) {
1353 			error("%s/%s: name too long.\n", name, dp->d_name);
1354 			continue;
1355 		}
1356 		(void) snprintf(path, sizeof (path), "%s/%s",
1357 		    name, dp->d_name);
1358 		vect[0] = path;
1359 		source(1, vect);
1360 	}
1361 	(void) closedir(d);
1362 	(void) desrcpwrite(rem, "E\n", 2);
1363 	(void) response();
1364 }
1365 
1366 static int
response(void)1367 response(void)
1368 {
1369 	register char *cp;
1370 	char ch, resp, rbuf[RCP_BUFSIZE];
1371 
1372 	if (desrcpread(rem, &resp, 1) != 1)
1373 		lostconn();
1374 	cp = rbuf;
1375 	switch (resp) {
1376 	case 0:				/* ok */
1377 		return (0);
1378 	default:
1379 		*cp++ = resp;
1380 		/* FALLTHROUGH */
1381 	case 1:				/* error, followed by err msg */
1382 	case 2:				/* fatal error, "" */
1383 		do {
1384 			if (desrcpread(rem, &ch, sizeof (ch)) != sizeof (ch))
1385 				lostconn();
1386 			*cp++ = ch;
1387 		} while (cp < &rbuf[RCP_BUFSIZE] && ch != '\n');
1388 
1389 		if (!iamremote)
1390 			(void) write(STDERR_FILENO, rbuf, cp - rbuf);
1391 		++errs;
1392 		if (resp == 1)
1393 			return (-1);
1394 		exit(1);
1395 	}
1396 	/*NOTREACHED*/
1397 }
1398 
1399 static void
lostconn(void)1400 lostconn(void)
1401 {
1402 	if (!iamremote)
1403 		(void) fprintf(stderr, "rcp: lost connection\n");
1404 	exit(1);
1405 }
1406 
1407 
1408 static void
sink(int argc,char * argv[])1409 sink(int argc, char *argv[])
1410 {
1411 	char *cp;
1412 	static BUF buffer;
1413 	struct stat stb;
1414 	struct timeval tv[2];
1415 	BUF *bp;
1416 	off_t i, j;
1417 	char ch, *targ, *why;
1418 	int amt, count, exists, first, mask, mode;
1419 	off_t size;
1420 	int ofd, setimes, targisdir, wrerr;
1421 	char *np, *vect[1], buf[RCP_BUFSIZE];
1422 	char *namebuf = NULL;
1423 	size_t namebuf_sz = 0;
1424 	size_t need;
1425 
1426 #define	atime	tv[0]
1427 #define	mtime	tv[1]
1428 #define	SCREWUP(str)	{ why = str; goto screwup; }
1429 
1430 	setimes = targisdir = 0;
1431 	mask = umask(0);
1432 	if (!pflag)
1433 		(void) umask(mask);
1434 	if (argc != 1) {
1435 		error("rcp: ambiguous target\n");
1436 		exit(1);
1437 	}
1438 	targ = *argv;
1439 	if (targetshouldbedirectory)
1440 		verifydir(targ);
1441 	(void) desrcpwrite(rem, "", 1);
1442 
1443 	if (stat(targ, &stb) == 0 && (stb.st_mode & S_IFMT) == S_IFDIR)
1444 		targisdir = 1;
1445 	for (first = 1; ; first = 0) {
1446 		cp = buf;
1447 		if (desrcpread(rem, cp, 1) <= 0) {
1448 			if (namebuf != NULL)
1449 				free(namebuf);
1450 			return;
1451 		}
1452 
1453 		if (*cp++ == '\n')
1454 			SCREWUP("unexpected <newline>");
1455 		do {
1456 			if (desrcpread(rem, &ch, sizeof (ch)) != sizeof (ch))
1457 				SCREWUP("lost connection");
1458 			*cp++ = ch;
1459 		} while (cp < &buf[RCP_BUFSIZE - 1] && ch != '\n');
1460 		*cp = 0;
1461 
1462 		if (buf[0] == '\01' || buf[0] == '\02') {
1463 			if (iamremote == 0)
1464 				(void) write(STDERR_FILENO, buf + 1,
1465 				    strlen(buf + 1));
1466 			if (buf[0] == '\02')
1467 				exit(1);
1468 			errs++;
1469 			continue;
1470 		}
1471 		if (buf[0] == 'E') {
1472 			(void) desrcpwrite(rem, "", 1);
1473 			if (namebuf != NULL)
1474 				free(namebuf);
1475 			return;
1476 		}
1477 
1478 		if (ch == '\n')
1479 			*--cp = 0;
1480 		cp = buf;
1481 		if (*cp == 'T') {
1482 			setimes++;
1483 			cp++;
1484 			mtime.tv_sec = strtol(cp, &cp, 0);
1485 			if (*cp++ != ' ')
1486 				SCREWUP("mtime.sec not delimited");
1487 			mtime.tv_usec = strtol(cp, &cp, 0);
1488 			if (*cp++ != ' ')
1489 				SCREWUP("mtime.usec not delimited");
1490 			atime.tv_sec = strtol(cp, &cp, 0);
1491 			if (*cp++ != ' ')
1492 				SCREWUP("atime.sec not delimited");
1493 			atime.tv_usec = strtol(cp, &cp, 0);
1494 			if (*cp++ != '\0')
1495 				SCREWUP("atime.usec not delimited");
1496 			(void) desrcpwrite(rem, "", 1);
1497 			continue;
1498 		}
1499 		if (*cp != 'C' && *cp != 'D') {
1500 			/*
1501 			 * Check for the case "rcp remote:foo\* local:bar".
1502 			 * In this case, the line "No match." can be returned
1503 			 * by the shell before the rcp command on the remote is
1504 			 * executed so the ^Aerror_message convention isn't
1505 			 * followed.
1506 			 */
1507 			if (first) {
1508 				error("%s\n", cp);
1509 				exit(1);
1510 			}
1511 			SCREWUP("expected control record")
1512 		}
1513 		mode = 0;
1514 		for (++cp; cp < buf + 5; cp++) {
1515 			if (*cp < '0' || *cp > '7')
1516 				SCREWUP("bad mode");
1517 			mode = (mode << 3) | (*cp - '0');
1518 		}
1519 		if (*cp++ != ' ')
1520 			SCREWUP("mode not delimited");
1521 		size = 0;
1522 		while (isdigit(*cp))
1523 			size = size * 10 + (*cp++ - '0');
1524 		if (*cp++ != ' ')
1525 			SCREWUP("size not delimited");
1526 		if (targisdir) {
1527 			need = strlen(targ) + sizeof ("/") + strlen(cp);
1528 			if (need > namebuf_sz) {
1529 				if ((namebuf = realloc(namebuf, need)) ==
1530 				    NULL) {
1531 					error("rcp: out of memory\n");
1532 					exit(1);
1533 				}
1534 				namebuf_sz = need;
1535 			}
1536 			(void) snprintf(namebuf, need, "%s%s%s", targ,
1537 			    *targ ? "/" : "", cp);
1538 			np = namebuf;
1539 		} else {
1540 			np = targ;
1541 		}
1542 
1543 		exists = stat(np, &stb) == 0;
1544 		if (buf[0] == 'D') {
1545 			if (exists) {
1546 				if ((stb.st_mode&S_IFMT) != S_IFDIR) {
1547 					if (aclflag | acl_aclflag) {
1548 						/*
1549 						 * consume acl in the pipe
1550 						 * fd = -1 to indicate the
1551 						 * special case
1552 						 */
1553 						if (recvacl(-1, exists, pflag)
1554 						    == ACL_FAIL) {
1555 							goto bad;
1556 						}
1557 					}
1558 					errno = ENOTDIR;
1559 					goto bad;
1560 				}
1561 				if (pflag)
1562 					(void) chmod(np, mode);
1563 			} else if (mkdir(np, mode) < 0) {
1564 				if (aclflag) {
1565 					/* consume acl in the pipe */
1566 					(void) recvacl(-1, exists, pflag);
1567 				}
1568 				goto bad;
1569 			}
1570 
1571 			/* acl support for directories */
1572 			if (aclflag | acl_aclflag) {
1573 				int dfd;
1574 
1575 				if ((dfd = open(np, O_RDONLY)) == -1)
1576 					goto bad;
1577 
1578 				/* get acl and set it to ofd */
1579 				if (recvacl(dfd, exists, pflag) == ACL_FAIL) {
1580 					(void) close(dfd);
1581 					if (!exists)
1582 						(void) rmdir(np);
1583 					goto bad;
1584 				}
1585 				(void) close(dfd);
1586 			}
1587 
1588 			vect[0] = np;
1589 			sink(1, vect);
1590 			if (setimes) {
1591 				setimes = 0;
1592 				if (utimes(np, tv) < 0)
1593 					error("rcp: can't set "
1594 					    "times on %s: %s\n",
1595 					    np, strerror(errno));
1596 			}
1597 			continue;
1598 		}
1599 
1600 		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
1601 bad:
1602 			error("rcp: %s: %s\n", np, strerror(errno));
1603 			continue;
1604 		}
1605 
1606 		/*
1607 		 * If the output file exists we have to force zflag off
1608 		 * to avoid erroneously seeking past old data.
1609 		 */
1610 		zopen(ofd, zflag && !exists);
1611 
1612 		if (exists && pflag)
1613 			(void) fchmod(ofd, mode);
1614 
1615 		(void) desrcpwrite(rem, "", 1);
1616 
1617 		/*
1618 		 * ACL support: receiving
1619 		 */
1620 		if (aclflag | acl_aclflag) {
1621 			/* get acl and set it to ofd */
1622 			if (recvacl(ofd, exists, pflag) == ACL_FAIL) {
1623 				(void) close(ofd);
1624 				if (!exists)
1625 					(void) unlink(np);
1626 				continue;
1627 			}
1628 		}
1629 
1630 		if ((bp = allocbuf(&buffer, ofd, RCP_BUFSIZE)) == 0) {
1631 			(void) close(ofd);
1632 			continue;
1633 		}
1634 		cp = bp->buf;
1635 		count = 0;
1636 		wrerr = 0;
1637 		for (i = 0; i < size; i += RCP_BUFSIZE) {
1638 			amt = RCP_BUFSIZE;
1639 			if (i + amt > size)
1640 				amt = size - i;
1641 			count += amt;
1642 			do {
1643 				j = desrcpread(rem, cp, amt);
1644 				if (j <= 0) {
1645 					int sverrno = errno;
1646 
1647 					/*
1648 					 * Connection to supplier lost.
1649 					 * Truncate file to correspond
1650 					 * to amount already transferred.
1651 					 *
1652 					 * Note that we must call ftruncate()
1653 					 * before any call to error() (which
1654 					 * might result in a SIGPIPE and
1655 					 * sudden death before we have a chance
1656 					 * to correct the file's size).
1657 					 */
1658 					size = lseek(ofd, 0, SEEK_CUR);
1659 					if ((ftruncate(ofd, size)  == -1) &&
1660 					    (errno != EINVAL) &&
1661 					    (errno != EACCES))
1662 #define		TRUNCERR	"rcp: can't truncate %s: %s\n"
1663 						error(TRUNCERR, np,
1664 						    strerror(errno));
1665 					error("rcp: %s\n",
1666 					    j ? strerror(sverrno) :
1667 					    "dropped connection");
1668 					(void) close(ofd);
1669 					exit(1);
1670 				}
1671 				amt -= j;
1672 				cp += j;
1673 			} while (amt > 0);
1674 			if (count == bp->cnt) {
1675 				cp = bp->buf;
1676 				if (wrerr == 0 &&
1677 				    zwrite(ofd, cp, count) < 0)
1678 					wrerr++;
1679 				count = 0;
1680 			}
1681 		}
1682 		if (count != 0 && wrerr == 0 &&
1683 		    zwrite(ofd, bp->buf, count) < 0)
1684 			wrerr++;
1685 		if (zclose(ofd) < 0)
1686 			wrerr++;
1687 
1688 		if ((ftruncate(ofd, size)  == -1) && (errno != EINVAL) &&
1689 		    (errno != EACCES)) {
1690 			error(TRUNCERR, np, strerror(errno));
1691 		}
1692 		(void) close(ofd);
1693 		(void) response();
1694 		if (setimes) {
1695 			setimes = 0;
1696 			if (utimes(np, tv) < 0)
1697 				error("rcp: can't set times on %s: %s\n",
1698 				    np, strerror(errno));
1699 		}
1700 		if (wrerr)
1701 			error("rcp: %s: %s\n", np, strerror(errno));
1702 		else
1703 			(void) desrcpwrite(rem, "", 1);
1704 	}
1705 screwup:
1706 	error("rcp: protocol screwup: %s\n", why);
1707 	exit(1);
1708 }
1709 
1710 #ifndef roundup
1711 #define	roundup(x, y)   ((((x)+((y)-1))/(y))*(y))
1712 #endif /* !roundup */
1713 
1714 static BUF *
allocbuf(BUF * bp,int fd,int blksize)1715 allocbuf(BUF *bp, int fd, int blksize)
1716 {
1717 	struct stat stb;
1718 	int size;
1719 
1720 	if (fstat(fd, &stb) < 0) {
1721 		error("rcp: fstat: %s\n", strerror(errno));
1722 		return (0);
1723 	}
1724 	size = roundup(stb.st_blksize, blksize);
1725 	if (size == 0)
1726 		size = blksize;
1727 	if (bp->cnt < size) {
1728 		if (bp->buf != 0)
1729 			free(bp->buf);
1730 		bp->buf = (char *)malloc((uint_t)size);
1731 		if (!bp->buf) {
1732 			error("rcp: malloc: out of memory\n");
1733 			return (0);
1734 		}
1735 	}
1736 	bp->cnt = size;
1737 	return (bp);
1738 }
1739 
1740 static void
usage(void)1741 usage(void)
1742 {
1743 	(void) fprintf(stderr, "%s: \t%s\t%s", gettext("Usage"),
1744 	    gettext("\trcp [-p] [-a] [-x] [-k realm] [-PN / -PO] "
1745 #ifdef DEBUG
1746 	    "[-D port] "
1747 #endif /* DEBUG */
1748 	    "f1 f2; or:\n"),
1749 	    gettext("\trcp [-r] [-p] [-a] [-x] "
1750 #ifdef DEBUG
1751 	    "[-D port] "
1752 #endif /* DEBUG */
1753 	    "[-k realm] [-PN / -PO] f1...fn d2\n"));
1754 	exit(1);
1755 }
1756 
1757 
1758 /*
1759  * sparse file support
1760  */
1761 
1762 static off_t zbsize;
1763 static off_t zlastseek;
1764 
1765 /* is it ok to try to create holes? */
1766 static void
zopen(int fd,int flag)1767 zopen(int fd, int flag)
1768 {
1769 	struct stat st;
1770 
1771 	zbsize = 0;
1772 	zlastseek = 0;
1773 
1774 	if (flag &&
1775 	    fstat(fd, &st) == 0 &&
1776 	    (st.st_mode & S_IFMT) == S_IFREG)
1777 		zbsize = st.st_blksize;
1778 }
1779 
1780 /* write and/or seek */
1781 static int
zwrite(int fd,char * buf,int nbytes)1782 zwrite(int fd, char *buf, int nbytes)
1783 {
1784 	off_t block = zbsize ? zbsize : nbytes;
1785 
1786 	do {
1787 		if (block > nbytes)
1788 			block = nbytes;
1789 		nbytes -= block;
1790 
1791 		if (!zbsize || notzero(buf, block)) {
1792 			register int n, count = block;
1793 
1794 			do {
1795 				if ((n = write(fd, buf, count)) < 0)
1796 					return (-1);
1797 				buf += n;
1798 			} while ((count -= n) > 0);
1799 			zlastseek = 0;
1800 		} else {
1801 			if (lseek(fd, (off_t)block, SEEK_CUR) < 0)
1802 				return (-1);
1803 			buf += block;
1804 			zlastseek = 1;
1805 		}
1806 	} while (nbytes > 0);
1807 
1808 	return (0);
1809 }
1810 
1811 /* write last byte of file if necessary */
1812 static int
zclose(int fd)1813 zclose(int fd)
1814 {
1815 	zbsize = 0;
1816 
1817 	if (zlastseek && (lseek(fd, (off_t)-1, SEEK_CUR) < 0 ||
1818 	    zwrite(fd, "", 1) < 0))
1819 		return (-1);
1820 	else
1821 		return (0);
1822 }
1823 
1824 /* return true if buffer is not all zeros */
1825 static int
notzero(char * p,int n)1826 notzero(char *p, int n)
1827 {
1828 	register int result = 0;
1829 
1830 	while ((int)p & 3 && --n >= 0)
1831 		result |= *p++;
1832 
1833 	while ((n -= 4 * sizeof (int)) >= 0) {
1834 		/* LINTED */
1835 		result |= ((int *)p)[0];
1836 		/* LINTED */
1837 		result |= ((int *)p)[1];
1838 		/* LINTED */
1839 		result |= ((int *)p)[2];
1840 		/* LINTED */
1841 		result |= ((int *)p)[3];
1842 		if (result)
1843 			return (result);
1844 		p += 4 * sizeof (int);
1845 	}
1846 	n += 4 * sizeof (int);
1847 
1848 	while (--n >= 0)
1849 		result |= *p++;
1850 
1851 	return (result);
1852 }
1853 
1854 /*
1855  * New functions to support ACLs
1856  */
1857 
1858 /*
1859  * Get acl from f and send it over.
1860  * ACL record includes acl entry count, acl text length, and acl text.
1861  */
1862 static int
sendacl(int f)1863 sendacl(int f)
1864 {
1865 	int		aclcnt;
1866 	char		*acltext;
1867 	char		buf[BUFSIZ];
1868 	acl_t		*aclp;
1869 	char		acltype;
1870 	int		aclerror;
1871 	int		trivial;
1872 
1873 
1874 	aclerror = facl_get(f, ACL_NO_TRIVIAL, &aclp);
1875 	if (aclerror != 0) {
1876 		error("can't retrieve ACL: %s \n", acl_strerror(aclerror));
1877 		return (ACL_FAIL);
1878 	}
1879 
1880 	/*
1881 	 * if acl type is not ACLENT_T and were operating in acl_aclflag == 0
1882 	 * then don't do the malloc and facl(fd, getcntcmd,...);
1883 	 * since the remote side doesn't support alternate style ACL's.
1884 	 */
1885 
1886 	if (aclp && (acl_type(aclp) != ACLENT_T) && (acl_aclflag == 0)) {
1887 		aclcnt = MIN_ACL_ENTRIES;
1888 		acltype = 'A';
1889 		trivial = ACL_IS_TRIVIAL;
1890 	} else {
1891 
1892 		aclcnt = (aclp != NULL) ? acl_cnt(aclp) : 0;
1893 
1894 		if (aclp) {
1895 			acltype = (acl_type(aclp) != ACLENT_T) ? 'Z' : 'A';
1896 			aclcnt = acl_cnt(aclp);
1897 			trivial = (acl_flags(aclp) & ACL_IS_TRIVIAL);
1898 		} else {
1899 			acltype = 'A';
1900 			aclcnt = MIN_ACL_ENTRIES;
1901 			trivial = ACL_IS_TRIVIAL;
1902 		}
1903 
1904 	}
1905 
1906 	/* send the acl count over */
1907 	(void) snprintf(buf, sizeof (buf), "%c%d\n", acltype, aclcnt);
1908 	(void) desrcpwrite(rem, buf, strlen(buf));
1909 
1910 	/*
1911 	 * only send acl when we have an aclp, which would
1912 	 * imply its not trivial.
1913 	 */
1914 	if (aclp && (trivial != ACL_IS_TRIVIAL)) {
1915 		acltext = acl_totext(aclp, 0);
1916 		if (acltext == NULL) {
1917 			error("rcp: failed to convert to text\n");
1918 			acl_free(aclp);
1919 			return (ACL_FAIL);
1920 		}
1921 
1922 		/* send ACLs over: send the length first */
1923 		(void) snprintf(buf, sizeof (buf), "%c%d\n",
1924 		    acltype, strlen(acltext));
1925 
1926 		(void) desrcpwrite(rem, buf, strlen(buf));
1927 		(void) desrcpwrite(rem, acltext, strlen(acltext));
1928 		free(acltext);
1929 		if (response() < 0) {
1930 			acl_free(aclp);
1931 			return (ACL_FAIL);
1932 		}
1933 
1934 	}
1935 
1936 	if (aclp)
1937 		acl_free(aclp);
1938 	return (ACL_OK);
1939 }
1940 
1941 /*
1942  * Use this routine to get acl entry count and acl text size (in bytes)
1943  */
1944 static int
getaclinfo(int * cnt,int * acltype)1945 getaclinfo(int *cnt, int *acltype)
1946 {
1947 	char		buf[BUFSIZ];
1948 	char		*cp;
1949 	char		ch;
1950 
1951 	/* get acl count */
1952 	cp = buf;
1953 	if (desrcpread(rem, cp, 1) <= 0)
1954 		return (ACL_FAIL);
1955 
1956 	switch (*cp++) {
1957 	case 'A':
1958 		*acltype = 0;
1959 		break;
1960 	case 'Z':
1961 		*acltype = 1;
1962 		break;
1963 	default:
1964 		error("rcp: expect an ACL record, but got %c\n", *cp);
1965 		return (ACL_FAIL);
1966 	}
1967 	do {
1968 		if (desrcpread(rem, &ch, sizeof (ch)) != sizeof (ch)) {
1969 			error("rcp: lost connection ..\n");
1970 			return (ACL_FAIL);
1971 		}
1972 		*cp++ = ch;
1973 	} while (cp < &buf[BUFSIZ - 1] && ch != '\n');
1974 	if (ch != '\n') {
1975 		error("rcp: ACL record corrupted \n");
1976 		return (ACL_FAIL);
1977 	}
1978 	cp = &buf[1];
1979 	*cnt = strtol(cp, &cp, 0);
1980 	if (*cp != '\n') {
1981 		error("rcp: ACL record corrupted \n");
1982 		return (ACL_FAIL);
1983 	}
1984 	return (ACL_OK);
1985 }
1986 
1987 
1988 /*
1989  * Receive acl from the pipe and set it to f
1990  */
1991 static int
recvacl(int f,int exists,int preserve)1992 recvacl(int f, int exists, int preserve)
1993 {
1994 	int		aclcnt;		/* acl entry count */
1995 	int		aclsize;	/* acl text length */
1996 	int		j;
1997 	char		*tp;
1998 	char		*acltext;	/* external format */
1999 	acl_t		*aclp;
2000 	int		acltype;
2001 	int		min_entries;
2002 	int		aclerror;
2003 
2004 	/* get acl count */
2005 	if (getaclinfo(&aclcnt, &acltype) != ACL_OK)
2006 		return (ACL_FAIL);
2007 
2008 	if (acltype == 0) {
2009 		min_entries = MIN_ACL_ENTRIES;
2010 	} else {
2011 		min_entries = 1;
2012 	}
2013 
2014 	if (aclcnt > min_entries) {
2015 		/* get acl text size */
2016 		if (getaclinfo(&aclsize, &acltype) != ACL_OK)
2017 			return (ACL_FAIL);
2018 		if ((acltext = malloc(aclsize + 1)) == NULL) {
2019 			error("rcp: cant allocate memory: %d\n", aclsize);
2020 			return (ACL_FAIL);
2021 		}
2022 
2023 		tp = acltext;
2024 		do {
2025 			j = desrcpread(rem, tp, aclsize);
2026 			if (j <= 0) {
2027 				error("rcp: %s\n", j ? strerror(errno) :
2028 				    "dropped connection");
2029 				exit(1);
2030 			}
2031 			aclsize -= j;
2032 			tp += j;
2033 		} while (aclsize > 0);
2034 		*tp = '\0';
2035 
2036 		if (preserve || !exists) {
2037 			aclerror = acl_fromtext(acltext, &aclp);
2038 			if (aclerror != 0) {
2039 				error("rcp: failed to parse acl : %s\n",
2040 				    acl_strerror(aclerror));
2041 				free(acltext);
2042 				return (ACL_FAIL);
2043 			}
2044 
2045 			if (f != -1) {
2046 				if (facl_set(f, aclp) < 0) {
2047 					error("rcp: failed to set acl\n");
2048 					acl_free(aclp);
2049 					free(acltext);
2050 					return (ACL_FAIL);
2051 				}
2052 			}
2053 			/* -1 means that just consume the data in the pipe */
2054 			acl_free(aclp);
2055 		}
2056 		free(acltext);
2057 		(void) desrcpwrite(rem, "", 1);
2058 	}
2059 	return (ACL_OK);
2060 }
2061 
2062 
2063 static char *
search_char(unsigned char * cp,unsigned char chr)2064 search_char(unsigned char *cp, unsigned char chr)
2065 {
2066 	int	len;
2067 
2068 	while (*cp) {
2069 		if (*cp == chr)
2070 			return ((char *)cp);
2071 		if ((len = mblen((char *)cp, MB_CUR_MAX)) <= 0)
2072 			len = 1;
2073 		cp += len;
2074 	}
2075 	return (0);
2076 }
2077 
2078 
2079 static int
desrcpread(int fd,char * buf,int len)2080 desrcpread(int fd, char *buf, int len)
2081 {
2082 	return ((int)desread(fd, buf, len, 0));
2083 }
2084 
2085 static int
desrcpwrite(int fd,char * buf,int len)2086 desrcpwrite(int fd, char *buf, int len)
2087 {
2088 	/*
2089 	 * Note that rcp depends on the same file descriptor being both
2090 	 * input and output to the remote side.  This is bogus, especially
2091 	 * when rcp is being run by a rsh that pipes. Fix it here because
2092 	 * it would require significantly more work in other places.
2093 	 * --hartmans 1/96
2094 	 */
2095 
2096 	if (fd == 0)
2097 		fd = 1;
2098 	return ((int)deswrite(fd, buf, len, 0));
2099 }
2100 
2101 static char **
save_argv(int argc,char ** argv)2102 save_argv(int argc, char **argv)
2103 {
2104 	int i;
2105 
2106 	char **local_argv = (char **)calloc((unsigned)argc + 1,
2107 	    (unsigned)sizeof (char *));
2108 
2109 	/*
2110 	 * allocate an extra pointer, so that it is initialized to NULL and
2111 	 * execv() will work
2112 	 */
2113 	for (i = 0; i < argc; i++) {
2114 		local_argv[i] = strsave(argv[i]);
2115 	}
2116 
2117 	return (local_argv);
2118 }
2119 
2120 #define	SIZEOF_INADDR sizeof (struct in_addr)
2121 
2122 static void
answer_auth(char * config_file,char * ccache_file)2123 answer_auth(char *config_file, char *ccache_file)
2124 {
2125 	krb5_data pname_data, msg;
2126 	krb5_creds creds, *new_creds;
2127 	krb5_ccache cc;
2128 	krb5_auth_context auth_context = NULL;
2129 
2130 	if (config_file) {
2131 		const char *filenames[2];
2132 
2133 		filenames[1] = NULL;
2134 		filenames[0] = config_file;
2135 		if (krb5_set_config_files(bsd_context, filenames))
2136 			exit(1);
2137 	}
2138 	(void) memset((char *)&creds, 0, sizeof (creds));
2139 
2140 	if (krb5_read_message(bsd_context, (krb5_pointer) &rem, &pname_data))
2141 		exit(1);
2142 
2143 	if (krb5_read_message(bsd_context, (krb5_pointer) &rem,
2144 	    &creds.second_ticket))
2145 		exit(1);
2146 
2147 	if (ccache_file == NULL) {
2148 		if (krb5_cc_default(bsd_context, &cc))
2149 			exit(1);
2150 	} else {
2151 		if (krb5_cc_resolve(bsd_context, ccache_file, &cc))
2152 			exit(1);
2153 	}
2154 
2155 	if (krb5_cc_get_principal(bsd_context, cc, &creds.client))
2156 		exit(1);
2157 
2158 	if (krb5_parse_name(bsd_context, pname_data.data, &creds.server))
2159 		exit(1);
2160 
2161 	krb5_xfree(pname_data.data);
2162 	if (krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc, &creds,
2163 	    &new_creds))
2164 		exit(1);
2165 
2166 	if (krb5_mk_req_extended(bsd_context, &auth_context,
2167 	    AP_OPTS_USE_SESSION_KEY, NULL, new_creds, &msg))
2168 		exit(1);
2169 
2170 	if (krb5_write_message(bsd_context, (krb5_pointer) & rem, &msg)) {
2171 		krb5_xfree(msg.data);
2172 		exit(1);
2173 	}
2174 	/* setup eblock for des_read and write */
2175 	(void) krb5_copy_keyblock(bsd_context,
2176 	    &new_creds->keyblock, &session_key);
2177 
2178 	/* OK process key */
2179 	eblock.crypto_entry = session_key->enctype;
2180 	eblock.key = (krb5_keyblock *)session_key;
2181 
2182 	init_encrypt(encrypt_flag, bsd_context, KCMD_OLD_PROTOCOL,
2183 	    &desinbuf, &desoutbuf, CLIENT, &eblock);
2184 	/* cleanup */
2185 	krb5_free_cred_contents(bsd_context, &creds);
2186 	krb5_free_creds(bsd_context, new_creds);
2187 	krb5_xfree(msg.data);
2188 }
2189 
2190 
2191 static void
try_normal_rcp(int cur_argc,char ** cur_argv)2192 try_normal_rcp(int cur_argc, char **cur_argv)
2193 {
2194 	char *target;
2195 
2196 	/*
2197 	 * Reset all KRB5 relevant flags and set the
2198 	 * cmd-buffer so that normal rcp works
2199 	 */
2200 	krb5auth_flag = encrypt_flag = encrypt_done = 0;
2201 	cmd = cmd_orig;
2202 	cmd_sunw = cmd_sunw_orig;
2203 
2204 	if (cur_argc < 2)
2205 		usage();
2206 
2207 	if (cur_argc > 2)
2208 		targetshouldbedirectory = 1;
2209 
2210 	rem = -1;
2211 
2212 	prev_argc = cur_argc;
2213 	prev_argv = save_argv(cur_argc, cur_argv);
2214 
2215 	(void) init_service(krb5auth_flag);
2216 
2217 	if (target = colon(cur_argv[cur_argc - 1])) {
2218 		toremote(target, cur_argc, cur_argv);
2219 	} else {
2220 		tolocal(cur_argc, cur_argv);
2221 		if (targetshouldbedirectory)
2222 			verifydir(cur_argv[cur_argc - 1]);
2223 	}
2224 	exit(errs);
2225 	/* NOTREACHED */
2226 }
2227 
2228 
2229 static int
init_service(int krb5flag)2230 init_service(int krb5flag)
2231 {
2232 	struct servent *sp;
2233 	boolean_t success = B_FALSE;
2234 
2235 	if (krb5flag > 0) {
2236 		sp = getservbyname("kshell", "tcp");
2237 		if (sp == NULL) {
2238 			(void) fprintf(stderr,
2239 			    gettext("rcp: kshell/tcp: unknown service.\n"
2240 			    "trying normal shell/tcp service\n"));
2241 		} else {
2242 			portnumber = sp->s_port;
2243 			success = B_TRUE;
2244 		}
2245 	} else {
2246 		portnumber = htons(IPPORT_CMDSERVER);
2247 		success = B_TRUE;
2248 	}
2249 	return (success);
2250 }
2251 
2252 /*PRINTFLIKE1*/
2253 static void
error(char * fmt,...)2254 error(char *fmt, ...)
2255 {
2256 	va_list ap;
2257 	char buf[RCP_BUFSIZE];
2258 	char *cp = buf;
2259 
2260 	va_start(ap, fmt);
2261 	errs++;
2262 	*cp++ = 1;
2263 	(void) vsnprintf(cp, sizeof (buf) - 1, fmt, ap);
2264 	va_end(ap);
2265 
2266 	(void) desrcpwrite(rem, buf, strlen(buf));
2267 	if (iamremote == 0)
2268 		(void) write(2, buf + 1, strlen(buf + 1));
2269 }
2270 
2271 static void
addargs(char ** arglist,...)2272 addargs(char **arglist, ...)
2273 {
2274 	va_list ap;
2275 	int i = 0;
2276 	char *pm;
2277 
2278 	va_start(ap, arglist);
2279 	while (i < MAXARGS && (pm = va_arg(ap, char *)) != NULL)
2280 		if (strcmp(pm, ""))
2281 			arglist[i++] = pm;
2282 	arglist[i] = NULL;
2283 	va_end(ap);
2284 }
2285