17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
57243fb49Sjbeck  * Common Development and Distribution License (the "License").
67243fb49Sjbeck  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217243fb49Sjbeck 
227c478bd9Sstevel@tonic-gate /*
23*0b4fd3b1SSurya Prakki  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
247c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
257c478bd9Sstevel@tonic-gate  */
267c478bd9Sstevel@tonic-gate 
277c478bd9Sstevel@tonic-gate /*	Copyright (c) 1983-1989 AT&T	*/
287c478bd9Sstevel@tonic-gate /*	  All Rights Reserved  	*/
297c478bd9Sstevel@tonic-gate 
307c478bd9Sstevel@tonic-gate /*
317c478bd9Sstevel@tonic-gate  * Portions of this source code were derived from Berkeley 4.3 BSD
327c478bd9Sstevel@tonic-gate  * under license from the Regents of the University of California.
337c478bd9Sstevel@tonic-gate  */
347c478bd9Sstevel@tonic-gate 
357c478bd9Sstevel@tonic-gate #define	_FILE_OFFSET_BITS 64
367c478bd9Sstevel@tonic-gate 
377c478bd9Sstevel@tonic-gate /*
387c478bd9Sstevel@tonic-gate  * remote shell server:
397c478bd9Sstevel@tonic-gate  *	remuser\0
407c478bd9Sstevel@tonic-gate  *	locuser\0
417c478bd9Sstevel@tonic-gate  *	command\0
427c478bd9Sstevel@tonic-gate  *	data
437c478bd9Sstevel@tonic-gate  */
447c478bd9Sstevel@tonic-gate #include <sys/types.h>
457c478bd9Sstevel@tonic-gate #include <sys/ioctl.h>
467c478bd9Sstevel@tonic-gate #include <sys/telioctl.h>
477c478bd9Sstevel@tonic-gate #include <sys/param.h>
487c478bd9Sstevel@tonic-gate #include <sys/socket.h>
497c478bd9Sstevel@tonic-gate #include <sys/time.h>
507c478bd9Sstevel@tonic-gate #include <sys/stat.h>
517c478bd9Sstevel@tonic-gate #include <sys/file.h>
527c478bd9Sstevel@tonic-gate #include <sys/select.h>
537c478bd9Sstevel@tonic-gate 
547c478bd9Sstevel@tonic-gate #include <netinet/in.h>
557c478bd9Sstevel@tonic-gate 
567c478bd9Sstevel@tonic-gate #include <arpa/inet.h>
577c478bd9Sstevel@tonic-gate 
587c478bd9Sstevel@tonic-gate #include <unistd.h>
597c478bd9Sstevel@tonic-gate #include <string.h>
607c478bd9Sstevel@tonic-gate #include <stdio.h>
617c478bd9Sstevel@tonic-gate #include <stdarg.h>
627c478bd9Sstevel@tonic-gate #include <errno.h>
637c478bd9Sstevel@tonic-gate #include <pwd.h>
647c478bd9Sstevel@tonic-gate #include <grp.h>
657c478bd9Sstevel@tonic-gate #include <signal.h>
667c478bd9Sstevel@tonic-gate #include <netdb.h>
677c478bd9Sstevel@tonic-gate #include <syslog.h>
687c478bd9Sstevel@tonic-gate #include <fcntl.h>
697c478bd9Sstevel@tonic-gate #include <ctype.h>
707c478bd9Sstevel@tonic-gate #include <locale.h>
717c478bd9Sstevel@tonic-gate 
727c478bd9Sstevel@tonic-gate #include <sys/resource.h>
737c478bd9Sstevel@tonic-gate #include <sys/filio.h>
747c478bd9Sstevel@tonic-gate #include <shadow.h>
757c478bd9Sstevel@tonic-gate #include <stdlib.h>
767c478bd9Sstevel@tonic-gate 
777c478bd9Sstevel@tonic-gate #include <security/pam_appl.h>
7857c40785SJoep Vesseur #include <deflt.h>
797c478bd9Sstevel@tonic-gate 
807c478bd9Sstevel@tonic-gate #include <k5-int.h>
817c478bd9Sstevel@tonic-gate #include <krb5_repository.h>
827c478bd9Sstevel@tonic-gate #include <com_err.h>
837c478bd9Sstevel@tonic-gate #include <kcmd.h>
847c478bd9Sstevel@tonic-gate 
857243fb49Sjbeck #include <addr_match.h>
8632885d59Sgtb #include <store_forw_creds.h>
877243fb49Sjbeck 
887c478bd9Sstevel@tonic-gate #ifndef NCARGS
897c478bd9Sstevel@tonic-gate #define	NCARGS	5120
907c478bd9Sstevel@tonic-gate #endif /* !NCARGS */
917c478bd9Sstevel@tonic-gate 
927c478bd9Sstevel@tonic-gate static void error(char *, ...);
937c478bd9Sstevel@tonic-gate static void doit(int, struct sockaddr_storage *, char **);
947c478bd9Sstevel@tonic-gate static void getstr(int, char *, int, char *);
957c478bd9Sstevel@tonic-gate 
967c478bd9Sstevel@tonic-gate static int legalenvvar(char *);
977c478bd9Sstevel@tonic-gate static void add_to_envinit(char *);
987c478bd9Sstevel@tonic-gate static int locale_envmatch(char *, char *);
997c478bd9Sstevel@tonic-gate 
1007c478bd9Sstevel@tonic-gate /* Function decls. for functions not in any header file.  (Grrrr.) */
1017c478bd9Sstevel@tonic-gate extern int audit_rshd_setup(void);
1027c478bd9Sstevel@tonic-gate extern int audit_rshd_success(char *, char *, char *, char *);
1037c478bd9Sstevel@tonic-gate extern int audit_rshd_fail(char *, char *, char *, char *, char *);
1047c478bd9Sstevel@tonic-gate extern int audit_settid(int);
1057c478bd9Sstevel@tonic-gate 
1067c478bd9Sstevel@tonic-gate static int do_encrypt = 0;
1077c478bd9Sstevel@tonic-gate static pam_handle_t *pamh;
1087c478bd9Sstevel@tonic-gate 
1097c478bd9Sstevel@tonic-gate /*
1107c478bd9Sstevel@tonic-gate  * This is the shell/kshell daemon. The very basic protocol for checking
1117c478bd9Sstevel@tonic-gate  * authentication and authorization is:
1127c478bd9Sstevel@tonic-gate  * 1) Check authentication.
1137c478bd9Sstevel@tonic-gate  * 2) Check authorization via the access-control files:
1147c478bd9Sstevel@tonic-gate  *    ~/.k5login (using krb5_kuserok) and/or
1157c478bd9Sstevel@tonic-gate  * Execute command if configured authoriztion checks pass, else deny
1167c478bd9Sstevel@tonic-gate  * permission.
1177c478bd9Sstevel@tonic-gate  *
1187c478bd9Sstevel@tonic-gate  * The configuration is done either by command-line arguments passed by inetd,
1197c478bd9Sstevel@tonic-gate  * or by the name of the daemon. If command-line arguments are present, they
1207c478bd9Sstevel@tonic-gate  * take priority. The options are:
1217c478bd9Sstevel@tonic-gate  * -k allow kerberos authentication (krb5 only; krb4 support is not provided)
1227c478bd9Sstevel@tonic-gate  * -5 same as `-k', mainly for compatability with MIT
1237c478bd9Sstevel@tonic-gate  * -e allow encrypted session
1247c478bd9Sstevel@tonic-gate  * -c demand authenticator checksum
1257c478bd9Sstevel@tonic-gate  * -i ignore authenticator checksum
1267c478bd9Sstevel@tonic-gate  * -U Refuse connections that cannot be mapped to a name via `gethostbyname'
1277c478bd9Sstevel@tonic-gate  * -s <tos>	Set the IP TOS option
1287c478bd9Sstevel@tonic-gate  * -S <keytab>	Set the keytab file to use
1297c478bd9Sstevel@tonic-gate  * -M <realm>	Set the Kerberos realm to use
1307c478bd9Sstevel@tonic-gate  */
1317c478bd9Sstevel@tonic-gate 
1327c478bd9Sstevel@tonic-gate #define	ARGSTR	"ek5ciUD:M:S:L:?:"
1337c478bd9Sstevel@tonic-gate #define	RSHD_BUFSIZ	(50 * 1024)
1347c478bd9Sstevel@tonic-gate 
1357c478bd9Sstevel@tonic-gate static krb5_context bsd_context;
1367c478bd9Sstevel@tonic-gate static krb5_keytab keytab = NULL;
1377c478bd9Sstevel@tonic-gate static krb5_ccache ccache = NULL;
1387c478bd9Sstevel@tonic-gate static krb5_keyblock *sessionkey = NULL;
1397c478bd9Sstevel@tonic-gate 
1407c478bd9Sstevel@tonic-gate static int require_encrypt = 0;
1417c478bd9Sstevel@tonic-gate static int resolve_hostname = 0;
1427c478bd9Sstevel@tonic-gate static int krb5auth_flag = 0;	/* Flag set, when KERBEROS is enabled */
1437c478bd9Sstevel@tonic-gate static enum kcmd_proto kcmd_protocol;
1447c478bd9Sstevel@tonic-gate 
1457c478bd9Sstevel@tonic-gate #ifdef DEBUG
1467c478bd9Sstevel@tonic-gate static int debug_port = 0;
1477c478bd9Sstevel@tonic-gate #endif /* DEBUG */
1487c478bd9Sstevel@tonic-gate 
1497c478bd9Sstevel@tonic-gate /*
1507c478bd9Sstevel@tonic-gate  * There are two authentication related masks:
1517c478bd9Sstevel@tonic-gate  * auth_ok and auth_sent.
1527c478bd9Sstevel@tonic-gate  * The auth_ok mask is the or'ing of authentication
1537c478bd9Sstevel@tonic-gate  * systems any one of which can be used.
1547c478bd9Sstevel@tonic-gate  * The auth_sent mask is the or'ing of one or more authentication/authorization
1557c478bd9Sstevel@tonic-gate  * systems that succeeded.  If the and'ing
1567c478bd9Sstevel@tonic-gate  * of these two masks is true, then authorization is successful.
1577c478bd9Sstevel@tonic-gate  */
1587c478bd9Sstevel@tonic-gate 
1597c478bd9Sstevel@tonic-gate #define	AUTH_KRB5	(0x2)
1607c478bd9Sstevel@tonic-gate static int auth_ok = 0;
1617c478bd9Sstevel@tonic-gate static int auth_sent = 0;
1627c478bd9Sstevel@tonic-gate static int checksum_required = 0;
1637c478bd9Sstevel@tonic-gate static int checksum_ignored = 0;
1647c478bd9Sstevel@tonic-gate 
1657c478bd9Sstevel@tonic-gate /*
1667c478bd9Sstevel@tonic-gate  * Leave room for 4 environment variables to be passed.
1677c478bd9Sstevel@tonic-gate  * The "-L env_var" option has been added primarily to
1687c478bd9Sstevel@tonic-gate  * maintain compatability with MIT.
1697c478bd9Sstevel@tonic-gate  */
1707c478bd9Sstevel@tonic-gate #define	MAXENV	4
1717c478bd9Sstevel@tonic-gate static char *save_env[MAXENV];
1727c478bd9Sstevel@tonic-gate static int num_env = 0;
1737c478bd9Sstevel@tonic-gate 
1747c478bd9Sstevel@tonic-gate static void usage(void);
1757c478bd9Sstevel@tonic-gate static krb5_error_code recvauth(int, int *);
1767c478bd9Sstevel@tonic-gate 
1777c478bd9Sstevel@tonic-gate /*ARGSUSED*/
178740638c8Sbw int
main(int argc,char ** argv,char ** renvp)1797c478bd9Sstevel@tonic-gate main(int argc, char **argv, char **renvp)
1807c478bd9Sstevel@tonic-gate {
1817c478bd9Sstevel@tonic-gate 	struct linger linger;
1827c478bd9Sstevel@tonic-gate 	int on = 1, fromlen;
1837c478bd9Sstevel@tonic-gate 	struct sockaddr_storage from;
1847c478bd9Sstevel@tonic-gate 	int fd = 0;
1857c478bd9Sstevel@tonic-gate 
1867c478bd9Sstevel@tonic-gate 	extern int opterr, optind;
1877c478bd9Sstevel@tonic-gate 	extern char *optarg;
1887c478bd9Sstevel@tonic-gate 	int ch;
1897c478bd9Sstevel@tonic-gate 	int tos = -1;
1907c478bd9Sstevel@tonic-gate 	krb5_error_code status;
1917c478bd9Sstevel@tonic-gate 
1927c478bd9Sstevel@tonic-gate 	openlog("rsh", LOG_PID | LOG_ODELAY, LOG_DAEMON);
1937c478bd9Sstevel@tonic-gate 	(void) audit_rshd_setup();	/* BSM */
1947c478bd9Sstevel@tonic-gate 	fromlen = sizeof (from);
1957c478bd9Sstevel@tonic-gate 
1967c478bd9Sstevel@tonic-gate 	(void) setlocale(LC_ALL, "");
1977c478bd9Sstevel@tonic-gate 
1987c478bd9Sstevel@tonic-gate 	/*
1997c478bd9Sstevel@tonic-gate 	 * Analyze parameters.
2007c478bd9Sstevel@tonic-gate 	 */
2017c478bd9Sstevel@tonic-gate 	opterr = 0;
2027c478bd9Sstevel@tonic-gate 	while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
2037c478bd9Sstevel@tonic-gate 		switch (ch) {
2047c478bd9Sstevel@tonic-gate 		case '5':
2057c478bd9Sstevel@tonic-gate 		case 'k':
2067c478bd9Sstevel@tonic-gate 			auth_ok |= AUTH_KRB5;
2077c478bd9Sstevel@tonic-gate 			krb5auth_flag++;
2087c478bd9Sstevel@tonic-gate 			break;
2097c478bd9Sstevel@tonic-gate 
2107c478bd9Sstevel@tonic-gate 		case 'c':
2117c478bd9Sstevel@tonic-gate 			checksum_required = 1;
2127c478bd9Sstevel@tonic-gate 			krb5auth_flag++;
2137c478bd9Sstevel@tonic-gate 			break;
2147c478bd9Sstevel@tonic-gate 		case 'i':
2157c478bd9Sstevel@tonic-gate 			checksum_ignored = 1;
2167c478bd9Sstevel@tonic-gate 			krb5auth_flag++;
2177c478bd9Sstevel@tonic-gate 			break;
2187c478bd9Sstevel@tonic-gate 
2197c478bd9Sstevel@tonic-gate 		case 'e':
2207c478bd9Sstevel@tonic-gate 			require_encrypt = 1;
2217c478bd9Sstevel@tonic-gate 			krb5auth_flag++;
2227c478bd9Sstevel@tonic-gate 			break;
2237c478bd9Sstevel@tonic-gate #ifdef DEBUG
2247c478bd9Sstevel@tonic-gate 		case 'D':
2257c478bd9Sstevel@tonic-gate 			debug_port = atoi(optarg);
2267c478bd9Sstevel@tonic-gate 			break;
2277c478bd9Sstevel@tonic-gate #endif /* DEBUG */
2287c478bd9Sstevel@tonic-gate 		case 'U':
2297c478bd9Sstevel@tonic-gate 			resolve_hostname = 1;
2307c478bd9Sstevel@tonic-gate 			break;
2317c478bd9Sstevel@tonic-gate 
2327c478bd9Sstevel@tonic-gate 		case 'M':
233*0b4fd3b1SSurya Prakki 			(void) krb5_set_default_realm(bsd_context, optarg);
2347c478bd9Sstevel@tonic-gate 			krb5auth_flag++;
2357c478bd9Sstevel@tonic-gate 			break;
2367c478bd9Sstevel@tonic-gate 
2377c478bd9Sstevel@tonic-gate 		case 'S':
2387c478bd9Sstevel@tonic-gate 			if ((status = krb5_kt_resolve(bsd_context, optarg,
2397c478bd9Sstevel@tonic-gate 				&keytab))) {
2407c478bd9Sstevel@tonic-gate 				com_err("rsh", status,
2417c478bd9Sstevel@tonic-gate 					gettext("while resolving "
2427c478bd9Sstevel@tonic-gate 						"srvtab file %s"), optarg);
2437c478bd9Sstevel@tonic-gate 				exit(2);
2447c478bd9Sstevel@tonic-gate 			}
2457c478bd9Sstevel@tonic-gate 			krb5auth_flag++;
2467c478bd9Sstevel@tonic-gate 			break;
2477c478bd9Sstevel@tonic-gate 
2487c478bd9Sstevel@tonic-gate 		case 's':
2497c478bd9Sstevel@tonic-gate 			if (optarg == NULL || ((tos = atoi(optarg)) < 0) ||
2507c478bd9Sstevel@tonic-gate 				(tos > 255)) {
2517c478bd9Sstevel@tonic-gate 				syslog(LOG_ERR, "rshd: illegal tos value: "
2527c478bd9Sstevel@tonic-gate 				    "%s\n", optarg);
2537c478bd9Sstevel@tonic-gate 			}
2547c478bd9Sstevel@tonic-gate 			break;
2557c478bd9Sstevel@tonic-gate 
2567c478bd9Sstevel@tonic-gate 		case 'L':
2577c478bd9Sstevel@tonic-gate 			if (num_env < MAXENV) {
2587c478bd9Sstevel@tonic-gate 				save_env[num_env] = strdup(optarg);
2597c478bd9Sstevel@tonic-gate 				if (!save_env[num_env++]) {
2607c478bd9Sstevel@tonic-gate 					com_err("rsh", ENOMEM,
2617c478bd9Sstevel@tonic-gate 						gettext("in saving env"));
2627c478bd9Sstevel@tonic-gate 					exit(2);
2637c478bd9Sstevel@tonic-gate 				}
2647c478bd9Sstevel@tonic-gate 			} else {
2657c478bd9Sstevel@tonic-gate 				(void) fprintf(stderr, gettext("rshd: Only %d"
2667c478bd9Sstevel@tonic-gate 						" -L arguments allowed\n"),
2677c478bd9Sstevel@tonic-gate 						MAXENV);
2687c478bd9Sstevel@tonic-gate 				exit(2);
2697c478bd9Sstevel@tonic-gate 			}
2707c478bd9Sstevel@tonic-gate 			break;
2717c478bd9Sstevel@tonic-gate 
2727c478bd9Sstevel@tonic-gate 		case '?':
2737c478bd9Sstevel@tonic-gate 		default:
2747c478bd9Sstevel@tonic-gate 			usage();
2757c478bd9Sstevel@tonic-gate 			exit(1);
2767c478bd9Sstevel@tonic-gate 			break;
2777c478bd9Sstevel@tonic-gate 		}
2787c478bd9Sstevel@tonic-gate 
2797c478bd9Sstevel@tonic-gate 	if (optind == 0) {
2807c478bd9Sstevel@tonic-gate 		usage();
2817c478bd9Sstevel@tonic-gate 		exit(1);
2827c478bd9Sstevel@tonic-gate 	}
2837c478bd9Sstevel@tonic-gate 	argc -= optind;
2847c478bd9Sstevel@tonic-gate 	argv += optind;
2857c478bd9Sstevel@tonic-gate 
2867c478bd9Sstevel@tonic-gate 	if (krb5auth_flag > 0) {
2877c478bd9Sstevel@tonic-gate 		status = krb5_init_context(&bsd_context);
2887c478bd9Sstevel@tonic-gate 		if (status) {
2897c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "Error initializing krb5: %s",
2907c478bd9Sstevel@tonic-gate 			    error_message(status));
2917c478bd9Sstevel@tonic-gate 			exit(1);
2927c478bd9Sstevel@tonic-gate 		}
2937c478bd9Sstevel@tonic-gate 	}
2947c478bd9Sstevel@tonic-gate 
2957c478bd9Sstevel@tonic-gate 	if (!checksum_required && !checksum_ignored)
2967c478bd9Sstevel@tonic-gate 		checksum_ignored = 1;
2977c478bd9Sstevel@tonic-gate 
2987c478bd9Sstevel@tonic-gate 	if (checksum_required && checksum_ignored) {
2997c478bd9Sstevel@tonic-gate 		syslog(LOG_CRIT, gettext("Checksums are required and ignored."
3007c478bd9Sstevel@tonic-gate 		"These options are mutually exclusive"
3017c478bd9Sstevel@tonic-gate 		"--check the documentation."));
3027c478bd9Sstevel@tonic-gate 		error("Configuration error: mutually exclusive "
3037c478bd9Sstevel@tonic-gate 				"options specified.\n");
3047c478bd9Sstevel@tonic-gate 		exit(1);
3057c478bd9Sstevel@tonic-gate 	}
3067c478bd9Sstevel@tonic-gate 
3077c478bd9Sstevel@tonic-gate #ifdef DEBUG
3087c478bd9Sstevel@tonic-gate 	if (debug_port) {
3097c478bd9Sstevel@tonic-gate 		int s;
3107c478bd9Sstevel@tonic-gate 		struct sockaddr_in sin;
3117c478bd9Sstevel@tonic-gate 
3127c478bd9Sstevel@tonic-gate 		if ((s = socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) < 0) {
3137c478bd9Sstevel@tonic-gate 			fprintf(stderr, gettext("Error in socket: %s\n"),
3147c478bd9Sstevel@tonic-gate 					strerror(errno));
3157c478bd9Sstevel@tonic-gate 			exit(2);
3167c478bd9Sstevel@tonic-gate 		}
3177c478bd9Sstevel@tonic-gate 		(void) memset((char *)&sin, 0, sizeof (sin));
3187c478bd9Sstevel@tonic-gate 		sin.sin_family = AF_INET;
3197c478bd9Sstevel@tonic-gate 		sin.sin_port = htons(debug_port);
3207c478bd9Sstevel@tonic-gate 		sin.sin_addr.s_addr = INADDR_ANY;
3217c478bd9Sstevel@tonic-gate 
3227c478bd9Sstevel@tonic-gate 		(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
3237c478bd9Sstevel@tonic-gate 			(char *)&on, sizeof (on));
3247c478bd9Sstevel@tonic-gate 
3257c478bd9Sstevel@tonic-gate 		if ((bind(s, (struct sockaddr *)&sin, sizeof (sin))) < 0) {
3267c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, gettext("Error in bind: %s\n"),
3277c478bd9Sstevel@tonic-gate 					strerror(errno));
3287c478bd9Sstevel@tonic-gate 			exit(2);
3297c478bd9Sstevel@tonic-gate 		}
3307c478bd9Sstevel@tonic-gate 		if ((listen(s, 5)) < 0) {
3317c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, gettext("Error in listen: %s\n"),
3327c478bd9Sstevel@tonic-gate 					strerror(errno));
3337c478bd9Sstevel@tonic-gate 			exit(2);
3347c478bd9Sstevel@tonic-gate 		}
3357c478bd9Sstevel@tonic-gate 		if ((fd = accept(s, (struct sockaddr *)&from,
3367c478bd9Sstevel@tonic-gate 					&fromlen)) < 0) {
3377c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, gettext("Error in accept: %s\n"),
3387c478bd9Sstevel@tonic-gate 					strerror(errno));
3397c478bd9Sstevel@tonic-gate 			exit(2);
3407c478bd9Sstevel@tonic-gate 		}
3417c478bd9Sstevel@tonic-gate 		(void) close(s);
3427c478bd9Sstevel@tonic-gate 	}
3437c478bd9Sstevel@tonic-gate 	else
3447c478bd9Sstevel@tonic-gate #endif /* DEBUG */
3457c478bd9Sstevel@tonic-gate 	{
3467c478bd9Sstevel@tonic-gate 		if (getpeername(STDIN_FILENO, (struct sockaddr *)&from,
3477c478bd9Sstevel@tonic-gate 				(socklen_t *)&fromlen) < 0) {
3487c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "rshd: ");
3497c478bd9Sstevel@tonic-gate 			perror("getpeername");
3507c478bd9Sstevel@tonic-gate 			_exit(1);
3517c478bd9Sstevel@tonic-gate 		}
3527c478bd9Sstevel@tonic-gate 		fd = STDIN_FILENO;
3537c478bd9Sstevel@tonic-gate 	}
3547c478bd9Sstevel@tonic-gate 
3557c478bd9Sstevel@tonic-gate 	if (audit_settid(fd) != 0) {
3567c478bd9Sstevel@tonic-gate 		perror("settid");
3577c478bd9Sstevel@tonic-gate 		exit(1);
3587c478bd9Sstevel@tonic-gate 	}
3597c478bd9Sstevel@tonic-gate 
3607c478bd9Sstevel@tonic-gate 	if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
3617c478bd9Sstevel@tonic-gate 	    sizeof (on)) < 0)
3627c478bd9Sstevel@tonic-gate 		syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
3637c478bd9Sstevel@tonic-gate 	linger.l_onoff = 1;
3647c478bd9Sstevel@tonic-gate 	linger.l_linger = 60;			/* XXX */
3657c478bd9Sstevel@tonic-gate 	if (setsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&linger,
3667c478bd9Sstevel@tonic-gate 	    sizeof (linger)) < 0)
3677c478bd9Sstevel@tonic-gate 		syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
3687c478bd9Sstevel@tonic-gate 
3697c478bd9Sstevel@tonic-gate 	if ((tos != -1) && (setsockopt(fd, IPPROTO_IP, IP_TOS, (char *)&tos,
3707c478bd9Sstevel@tonic-gate 				sizeof (tos)) < 0) &&
3717c478bd9Sstevel@tonic-gate 				(errno != ENOPROTOOPT)) {
3727c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR, "setsockopt (IP_TOS %d): %m");
3737c478bd9Sstevel@tonic-gate 	}
3747c478bd9Sstevel@tonic-gate 
3757c478bd9Sstevel@tonic-gate 	doit(dup(fd), &from, renvp);
376740638c8Sbw 	return (0);
3777c478bd9Sstevel@tonic-gate }
3787c478bd9Sstevel@tonic-gate 
3797c478bd9Sstevel@tonic-gate /*
3807c478bd9Sstevel@tonic-gate  * locale environments to be passed to shells.
3817c478bd9Sstevel@tonic-gate  */
3827c478bd9Sstevel@tonic-gate static char *localeenv[] = {
3837c478bd9Sstevel@tonic-gate 	"LANG",
3847c478bd9Sstevel@tonic-gate 	"LC_CTYPE", "LC_NUMERIC", "LC_TIME", "LC_COLLATE",
3857c478bd9Sstevel@tonic-gate 	"LC_MONETARY", "LC_MESSAGES", "LC_ALL", NULL};
3867c478bd9Sstevel@tonic-gate 
3877c478bd9Sstevel@tonic-gate /*
3887c478bd9Sstevel@tonic-gate  * The following is for the environment variable list
3897c478bd9Sstevel@tonic-gate  * used in the call to execle().  envinit is declared here,
3907c478bd9Sstevel@tonic-gate  * but populated after the call to getpwnam().
3917c478bd9Sstevel@tonic-gate  */
3927c478bd9Sstevel@tonic-gate static char	*homedir;	/* "HOME=" */
3937c478bd9Sstevel@tonic-gate static char	*shell;		/* "SHELL=" */
3947c478bd9Sstevel@tonic-gate static char	*username;	/* "USER=" */
3957c478bd9Sstevel@tonic-gate static char	*tz;		/* "TZ=" */
3967c478bd9Sstevel@tonic-gate 
3977c478bd9Sstevel@tonic-gate static char	homestr[] = "HOME=";
3987c478bd9Sstevel@tonic-gate static char	shellstr[] = "SHELL=";
3997c478bd9Sstevel@tonic-gate static char	userstr[] = "USER=";
4007c478bd9Sstevel@tonic-gate static char	tzstr[] = "TZ=";
4017c478bd9Sstevel@tonic-gate 
4027c478bd9Sstevel@tonic-gate static char	**envinit;
4037c478bd9Sstevel@tonic-gate #define	PAM_ENV_ELIM	16	/* allow 16 PAM environment variables */
4047c478bd9Sstevel@tonic-gate #define	USERNAME_LEN	16	/* maximum number of characters in user name */
4057c478bd9Sstevel@tonic-gate 
4067c478bd9Sstevel@tonic-gate /*
4077c478bd9Sstevel@tonic-gate  *	See PSARC opinion 1992/025
4087c478bd9Sstevel@tonic-gate  */
4097c478bd9Sstevel@tonic-gate static char	userpath[] = "PATH=/usr/bin:";
4107c478bd9Sstevel@tonic-gate static char	rootpath[] = "PATH=/usr/sbin:/usr/bin";
4117c478bd9Sstevel@tonic-gate 
4127c478bd9Sstevel@tonic-gate static char cmdbuf[NCARGS+1];
4137c478bd9Sstevel@tonic-gate static char hostname [MAXHOSTNAMELEN + 1];
4147c478bd9Sstevel@tonic-gate static char locuser[USERNAME_LEN + 1];
4157c478bd9Sstevel@tonic-gate static char remuser[USERNAME_LEN + 1];
4167c478bd9Sstevel@tonic-gate 
4177c478bd9Sstevel@tonic-gate #define	KRB5_RECVAUTH_V5	5
4187c478bd9Sstevel@tonic-gate #define	SIZEOF_INADDR sizeof	(struct in_addr)
4197c478bd9Sstevel@tonic-gate 
4207c478bd9Sstevel@tonic-gate #define	MAX_REPOSITORY_LEN	255
4217c478bd9Sstevel@tonic-gate static char repository[MAX_REPOSITORY_LEN];
4227c478bd9Sstevel@tonic-gate 
4237c478bd9Sstevel@tonic-gate static char *kremuser;
4247c478bd9Sstevel@tonic-gate static krb5_principal client = NULL;
4257c478bd9Sstevel@tonic-gate 
4267c478bd9Sstevel@tonic-gate static char	remote_addr[64];
4277c478bd9Sstevel@tonic-gate static char	local_addr[64];
4287c478bd9Sstevel@tonic-gate 
42957c40785SJoep Vesseur #define	_PATH_DEFAULT_LOGIN "/etc/default/login"
43057c40785SJoep Vesseur 
4317c478bd9Sstevel@tonic-gate static void
doit(int f,struct sockaddr_storage * fromp,char ** renvp)4327c478bd9Sstevel@tonic-gate doit(int f, struct sockaddr_storage *fromp, char **renvp)
4337c478bd9Sstevel@tonic-gate {
4347c478bd9Sstevel@tonic-gate 	char *cp;
4357c478bd9Sstevel@tonic-gate 
4367c478bd9Sstevel@tonic-gate 	struct passwd *pwd;
4377c478bd9Sstevel@tonic-gate 	char *path;
4387c478bd9Sstevel@tonic-gate 	char *tzenv;
4397c478bd9Sstevel@tonic-gate 	struct spwd *shpwd;
4407c478bd9Sstevel@tonic-gate 	struct stat statb;
4417c478bd9Sstevel@tonic-gate 	char **lenvp;
4427c478bd9Sstevel@tonic-gate 
4437c478bd9Sstevel@tonic-gate 	krb5_error_code status;
4447c478bd9Sstevel@tonic-gate 	int valid_checksum;
4457c478bd9Sstevel@tonic-gate 	int cnt;
4467c478bd9Sstevel@tonic-gate 	int sin_len;
4477c478bd9Sstevel@tonic-gate 	struct sockaddr_in localaddr;
4487c478bd9Sstevel@tonic-gate 
4497c478bd9Sstevel@tonic-gate 	int s;
4507c478bd9Sstevel@tonic-gate 	in_port_t port;
4517c478bd9Sstevel@tonic-gate 	pid_t pid;
4527c478bd9Sstevel@tonic-gate 	int pv[2], pw[2], px[2], cc;
4537c478bd9Sstevel@tonic-gate 	char buf[RSHD_BUFSIZ];
4547c478bd9Sstevel@tonic-gate 	char sig;
4557c478bd9Sstevel@tonic-gate 	int one = 1;
4567c478bd9Sstevel@tonic-gate 	int v = 0;
4577c478bd9Sstevel@tonic-gate 	int err = 0;
4587c478bd9Sstevel@tonic-gate 	int idx = 0;
4597c478bd9Sstevel@tonic-gate 	char **pam_env;
4607c478bd9Sstevel@tonic-gate 	char abuf[INET6_ADDRSTRLEN];
4617c478bd9Sstevel@tonic-gate 	struct sockaddr_in *sin;
4627c478bd9Sstevel@tonic-gate 	struct sockaddr_in6 *sin6;
4637c478bd9Sstevel@tonic-gate 	int fromplen;
4647c478bd9Sstevel@tonic-gate 	int homedir_len, shell_len, username_len, tz_len;
4657c478bd9Sstevel@tonic-gate 	int no_name;
4667243fb49Sjbeck 	boolean_t bad_port;
4677c478bd9Sstevel@tonic-gate 	int netf = 0;
4687c478bd9Sstevel@tonic-gate 
4697c478bd9Sstevel@tonic-gate 	(void) signal(SIGINT, SIG_DFL);
4707c478bd9Sstevel@tonic-gate 	(void) signal(SIGQUIT, SIG_DFL);
4717c478bd9Sstevel@tonic-gate 	(void) signal(SIGTERM, SIG_DFL);
4727c478bd9Sstevel@tonic-gate 	(void) signal(SIGXCPU, SIG_DFL);
4737c478bd9Sstevel@tonic-gate 	(void) signal(SIGXFSZ, SIG_DFL);
4747c478bd9Sstevel@tonic-gate 	(void) sigset(SIGCHLD, SIG_IGN);
4757c478bd9Sstevel@tonic-gate 	(void) signal(SIGPIPE, SIG_DFL);
4767c478bd9Sstevel@tonic-gate 	(void) signal(SIGHUP, SIG_DFL);
4777c478bd9Sstevel@tonic-gate 
4787c478bd9Sstevel@tonic-gate #ifdef DEBUG
479*0b4fd3b1SSurya Prakki 	{
480*0b4fd3b1SSurya Prakki 	    int t = open("/dev/tty", 2);
481*0b4fd3b1SSurya Prakki 
4827c478bd9Sstevel@tonic-gate 	    if (t >= 0) {
4837c478bd9Sstevel@tonic-gate 		(void) setsid();
4847c478bd9Sstevel@tonic-gate 		(void) close(t);
4857c478bd9Sstevel@tonic-gate 	    }
4867c478bd9Sstevel@tonic-gate 	}
4877c478bd9Sstevel@tonic-gate #endif
4887c478bd9Sstevel@tonic-gate 	if (fromp->ss_family == AF_INET) {
4897c478bd9Sstevel@tonic-gate 		sin = (struct sockaddr_in *)fromp;
4907c478bd9Sstevel@tonic-gate 		port = ntohs((ushort_t)sin->sin_port);
4917c478bd9Sstevel@tonic-gate 		fromplen = sizeof (struct sockaddr_in);
4927c478bd9Sstevel@tonic-gate 	} else if (fromp->ss_family == AF_INET6) {
4937c478bd9Sstevel@tonic-gate 		sin6 = (struct sockaddr_in6 *)fromp;
4947c478bd9Sstevel@tonic-gate 		port = ntohs((ushort_t)sin6->sin6_port);
4957c478bd9Sstevel@tonic-gate 		fromplen = sizeof (struct sockaddr_in6);
4967c478bd9Sstevel@tonic-gate 	} else {
4977c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR, "wrong address family\n");
4987c478bd9Sstevel@tonic-gate 		exit(1);
4997c478bd9Sstevel@tonic-gate 	}
5007c478bd9Sstevel@tonic-gate 
5017243fb49Sjbeck 	if (fromp->ss_family == AF_INET6) {
5027243fb49Sjbeck 		if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
5037243fb49Sjbeck 			struct in_addr ipv4_addr;
5047243fb49Sjbeck 
5057243fb49Sjbeck 			IN6_V4MAPPED_TO_INADDR(&sin6->sin6_addr, &ipv4_addr);
5067243fb49Sjbeck 			(void) inet_ntop(AF_INET, &ipv4_addr, abuf,
5077243fb49Sjbeck 			    sizeof (abuf));
5087243fb49Sjbeck 		} else {
5097243fb49Sjbeck 			(void) inet_ntop(AF_INET6, &sin6->sin6_addr, abuf,
5107243fb49Sjbeck 			    sizeof (abuf));
5117243fb49Sjbeck 		}
5127243fb49Sjbeck 	} else if (fromp->ss_family == AF_INET) {
5137243fb49Sjbeck 		(void) inet_ntop(AF_INET, &sin->sin_addr, abuf, sizeof (abuf));
5147243fb49Sjbeck 	}
5157243fb49Sjbeck 
5167c478bd9Sstevel@tonic-gate 	sin_len = sizeof (struct sockaddr_in);
5177243fb49Sjbeck 	if (getsockname(f, (struct sockaddr *)&localaddr, &sin_len) < 0) {
5187c478bd9Sstevel@tonic-gate 		perror("getsockname");
5197c478bd9Sstevel@tonic-gate 		exit(1);
5207c478bd9Sstevel@tonic-gate 	}
5217c478bd9Sstevel@tonic-gate 
5227c478bd9Sstevel@tonic-gate 	netf = f;
5237c478bd9Sstevel@tonic-gate 
5247c478bd9Sstevel@tonic-gate 	bad_port = (port >= IPPORT_RESERVED ||
5257c478bd9Sstevel@tonic-gate 		port < (uint_t)(IPPORT_RESERVED/2));
5267c478bd9Sstevel@tonic-gate 
5277243fb49Sjbeck 	/* Get the name of the client side host to use later */
5287c478bd9Sstevel@tonic-gate 	no_name = (getnameinfo((const struct sockaddr *) fromp, fromplen,
5297c478bd9Sstevel@tonic-gate 		hostname, sizeof (hostname), NULL, 0, 0) != 0);
5307c478bd9Sstevel@tonic-gate 
5317243fb49Sjbeck 	if (bad_port || no_name != 0) {
5327243fb49Sjbeck 		/*
5337243fb49Sjbeck 		 * If there is no host name available then use the
5347243fb49Sjbeck 		 * IP address to identify the host in the PAM call
5357243fb49Sjbeck 		 * below.  Do the same if a bad port was used, to
5367243fb49Sjbeck 		 * prevent untrustworthy authentication.
5377243fb49Sjbeck 		 */
5387243fb49Sjbeck 		(void) strlcpy(hostname, abuf, sizeof (hostname));
5397243fb49Sjbeck 	}
5407c478bd9Sstevel@tonic-gate 
5417243fb49Sjbeck 	if (no_name != 0) {
5427243fb49Sjbeck 		/*
5437243fb49Sjbeck 		 * If the '-U' option was given on the cmd line,
5447243fb49Sjbeck 		 * we must be able to lookup the hostname
5457243fb49Sjbeck 		 */
5467243fb49Sjbeck 		if (resolve_hostname) {
5477243fb49Sjbeck 			syslog(LOG_ERR, "rshd: Couldn't resolve your "
5487243fb49Sjbeck 			    "address into a host name.\r\n Please "
5497243fb49Sjbeck 			    "contact your net administrator");
5507243fb49Sjbeck 			exit(1);
5517c478bd9Sstevel@tonic-gate 		}
5527243fb49Sjbeck 	} else {
5537243fb49Sjbeck 		/*
5547243fb49Sjbeck 		 * Even if getnameinfo() succeeded, we still have to check
5557243fb49Sjbeck 		 * for spoofing.
5567243fb49Sjbeck 		 */
5577243fb49Sjbeck 		check_address("rshd", fromp, sin, sin6, abuf, hostname,
5587243fb49Sjbeck 		    sizeof (hostname));
5597c478bd9Sstevel@tonic-gate 	}
5607c478bd9Sstevel@tonic-gate 
5617c478bd9Sstevel@tonic-gate 	if (!krb5auth_flag && bad_port) {
5627c478bd9Sstevel@tonic-gate 		if (no_name)
5637c478bd9Sstevel@tonic-gate 			syslog(LOG_NOTICE, "connection from %s - "
5647c478bd9Sstevel@tonic-gate 			    "bad port\n", abuf);
5657c478bd9Sstevel@tonic-gate 		else
5667c478bd9Sstevel@tonic-gate 			syslog(LOG_NOTICE, "connection from %s (%s) - "
5677c478bd9Sstevel@tonic-gate 			    "bad port\n", hostname, abuf);
5687c478bd9Sstevel@tonic-gate 		exit(1);
5697c478bd9Sstevel@tonic-gate 	}
5707c478bd9Sstevel@tonic-gate 
5717c478bd9Sstevel@tonic-gate 	(void) alarm(60);
5727c478bd9Sstevel@tonic-gate 	port = 0;
5737c478bd9Sstevel@tonic-gate 	for (;;) {
5747c478bd9Sstevel@tonic-gate 		char c;
5757c478bd9Sstevel@tonic-gate 		if ((cc = read(f, &c, 1)) != 1) {
5767c478bd9Sstevel@tonic-gate 			if (cc < 0)
5777c478bd9Sstevel@tonic-gate 				syslog(LOG_NOTICE, "read: %m");
5787c478bd9Sstevel@tonic-gate 			(void) shutdown(f, 1+1);
5797c478bd9Sstevel@tonic-gate 			exit(1);
5807c478bd9Sstevel@tonic-gate 		}
5817c478bd9Sstevel@tonic-gate 		if (c == 0)
5827c478bd9Sstevel@tonic-gate 			break;
5837c478bd9Sstevel@tonic-gate 		port = port * 10 + c - '0';
5847c478bd9Sstevel@tonic-gate 	}
5857c478bd9Sstevel@tonic-gate 	(void) alarm(0);
5867c478bd9Sstevel@tonic-gate 	if (port != 0) {
5877c478bd9Sstevel@tonic-gate 		int lport = 0;
5887c478bd9Sstevel@tonic-gate 		struct sockaddr_storage ctl_addr;
5897c478bd9Sstevel@tonic-gate 		int addrlen;
5907c478bd9Sstevel@tonic-gate 
5917c478bd9Sstevel@tonic-gate 		(void) memset(&ctl_addr, 0, sizeof (ctl_addr));
5927c478bd9Sstevel@tonic-gate 		addrlen = sizeof (ctl_addr);
5937c478bd9Sstevel@tonic-gate 		if (getsockname(f, (struct sockaddr *)&ctl_addr,
5947c478bd9Sstevel@tonic-gate 			&addrlen) < 0) {
5957c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "getsockname: %m");
5967c478bd9Sstevel@tonic-gate 			exit(1);
5977c478bd9Sstevel@tonic-gate 		}
5987c478bd9Sstevel@tonic-gate get_port:
5997c478bd9Sstevel@tonic-gate 		/*
6007c478bd9Sstevel@tonic-gate 		 * 0 means that rresvport_addr() will bind to a port in
6017c478bd9Sstevel@tonic-gate 		 * the anonymous priviledged port range.
6027c478bd9Sstevel@tonic-gate 		 */
6037c478bd9Sstevel@tonic-gate 		if (krb5auth_flag) {
6047c478bd9Sstevel@tonic-gate 			/*
6057c478bd9Sstevel@tonic-gate 			 * Kerberos does not support IPv6 yet.
6067c478bd9Sstevel@tonic-gate 			 */
6077c478bd9Sstevel@tonic-gate 			lport = IPPORT_RESERVED - 1;
6087c478bd9Sstevel@tonic-gate 		}
6097c478bd9Sstevel@tonic-gate 		s = rresvport_addr(&lport, &ctl_addr);
6107c478bd9Sstevel@tonic-gate 
6117c478bd9Sstevel@tonic-gate 		if (s < 0) {
6127c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "can't get stderr port: %m");
6137c478bd9Sstevel@tonic-gate 			exit(1);
6147c478bd9Sstevel@tonic-gate 		}
6157c478bd9Sstevel@tonic-gate 		if (!krb5auth_flag && (port >= IPPORT_RESERVED)) {
6167c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "2nd port not reserved\n");
6177c478bd9Sstevel@tonic-gate 			exit(1);
6187c478bd9Sstevel@tonic-gate 		}
6197c478bd9Sstevel@tonic-gate 		if (fromp->ss_family == AF_INET) {
6207c478bd9Sstevel@tonic-gate 			sin->sin_port = htons((ushort_t)port);
6217c478bd9Sstevel@tonic-gate 		} else if (fromp->ss_family == AF_INET6) {
6227c478bd9Sstevel@tonic-gate 			sin6->sin6_port = htons((ushort_t)port);
6237c478bd9Sstevel@tonic-gate 		}
6247c478bd9Sstevel@tonic-gate 		if (connect(s, (struct sockaddr *)fromp, fromplen) < 0) {
6257c478bd9Sstevel@tonic-gate 			if (errno == EADDRINUSE) {
6267c478bd9Sstevel@tonic-gate 				(void) close(s);
6277c478bd9Sstevel@tonic-gate 				goto get_port;
6287c478bd9Sstevel@tonic-gate 			}
6297c478bd9Sstevel@tonic-gate 			syslog(LOG_INFO, "connect second port: %m");
6307c478bd9Sstevel@tonic-gate 			exit(1);
6317c478bd9Sstevel@tonic-gate 		}
6327c478bd9Sstevel@tonic-gate 	}
6337c478bd9Sstevel@tonic-gate 	(void) dup2(f, 0);
6347c478bd9Sstevel@tonic-gate 	(void) dup2(f, 1);
6357c478bd9Sstevel@tonic-gate 	(void) dup2(f, 2);
6367c478bd9Sstevel@tonic-gate 
6377c478bd9Sstevel@tonic-gate #ifdef DEBUG
6387c478bd9Sstevel@tonic-gate 	syslog(LOG_NOTICE, "rshd: Client hostname = %s", hostname);
6397c478bd9Sstevel@tonic-gate 	if (debug_port)
6407c478bd9Sstevel@tonic-gate 		syslog(LOG_NOTICE, "rshd: Debug port is %d", debug_port);
6417c478bd9Sstevel@tonic-gate 	if (krb5auth_flag > 0)
6427c478bd9Sstevel@tonic-gate 		syslog(LOG_NOTICE, "rshd: Kerberos mode is ON");
6437c478bd9Sstevel@tonic-gate 	else
6447c478bd9Sstevel@tonic-gate 		syslog(LOG_NOTICE, "rshd: Kerberos mode is OFF");
6457c478bd9Sstevel@tonic-gate #endif /* DEBUG */
6467c478bd9Sstevel@tonic-gate 
6477c478bd9Sstevel@tonic-gate 	if (krb5auth_flag > 0) {
6487c478bd9Sstevel@tonic-gate 		if ((status = recvauth(f, &valid_checksum))) {
6497c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, gettext("Kerberos Authentication "
6507c478bd9Sstevel@tonic-gate 					"failed \n"));
6517c478bd9Sstevel@tonic-gate 			error("Authentication failed: %s\n",
6527c478bd9Sstevel@tonic-gate 					error_message(status));
6537c478bd9Sstevel@tonic-gate 			(void) audit_rshd_fail("Kerberos Authentication "
6547c478bd9Sstevel@tonic-gate 				"failed", hostname, remuser, locuser, cmdbuf);
6557c478bd9Sstevel@tonic-gate 			exit(1);
6567c478bd9Sstevel@tonic-gate 		}
6577c478bd9Sstevel@tonic-gate 
6587c478bd9Sstevel@tonic-gate 		if (checksum_required && !valid_checksum &&
6597c478bd9Sstevel@tonic-gate 			kcmd_protocol == KCMD_OLD_PROTOCOL) {
6607c478bd9Sstevel@tonic-gate 			syslog(LOG_WARNING, "Client did not supply required"
6617c478bd9Sstevel@tonic-gate 					" checksum--connection rejected.");
6627c478bd9Sstevel@tonic-gate 			error("Client did not supply required"
6637c478bd9Sstevel@tonic-gate 				"checksum--connection rejected.\n");
6647c478bd9Sstevel@tonic-gate 			(void) audit_rshd_fail("Client did not supply required"
6657c478bd9Sstevel@tonic-gate 				" checksum--connection rejected.", hostname,
6667c478bd9Sstevel@tonic-gate 				remuser, locuser, cmdbuf);	/* BSM */
6677c478bd9Sstevel@tonic-gate 			goto signout;
6687c478bd9Sstevel@tonic-gate 		}
6697c478bd9Sstevel@tonic-gate 
6707c478bd9Sstevel@tonic-gate 		/*
6717c478bd9Sstevel@tonic-gate 		 * Authentication has succeeded, we now need
6727c478bd9Sstevel@tonic-gate 		 * to check authorization.
6737c478bd9Sstevel@tonic-gate 		 *
6747c478bd9Sstevel@tonic-gate 		 * krb5_kuserok returns 1 if OK.
6757c478bd9Sstevel@tonic-gate 		 */
6767c478bd9Sstevel@tonic-gate 		if (client && krb5_kuserok(bsd_context, client, locuser)) {
6777c478bd9Sstevel@tonic-gate 			auth_sent |= AUTH_KRB5;
6787c478bd9Sstevel@tonic-gate 		} else {
6797c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "Principal %s (%s@%s) for local user "
6807c478bd9Sstevel@tonic-gate 				"%s failed krb5_kuserok.\n",
6817c478bd9Sstevel@tonic-gate 				kremuser, remuser, hostname, locuser);
6827c478bd9Sstevel@tonic-gate 		}
6837c478bd9Sstevel@tonic-gate 	} else {
6847c478bd9Sstevel@tonic-gate 		getstr(netf, remuser, sizeof (remuser), "remuser");
6857c478bd9Sstevel@tonic-gate 		getstr(netf, locuser, sizeof (locuser), "locuser");
6867c478bd9Sstevel@tonic-gate 		getstr(netf, cmdbuf, sizeof (cmdbuf), "command");
6877c478bd9Sstevel@tonic-gate 	}
6887c478bd9Sstevel@tonic-gate 
6897c478bd9Sstevel@tonic-gate #ifdef DEBUG
6907c478bd9Sstevel@tonic-gate 	syslog(LOG_NOTICE, "rshd: locuser = %s, remuser = %s, cmdbuf = %s",
6917c478bd9Sstevel@tonic-gate 			locuser, remuser, cmdbuf);
6927c478bd9Sstevel@tonic-gate #endif /* DEBUG */
6937c478bd9Sstevel@tonic-gate 
6947c478bd9Sstevel@tonic-gate 	/*
6957c478bd9Sstevel@tonic-gate 	 * Note that there is no rsh conv functions at present.
6967c478bd9Sstevel@tonic-gate 	 */
6977c478bd9Sstevel@tonic-gate 	if (krb5auth_flag > 0) {
6987c478bd9Sstevel@tonic-gate 		if ((err = pam_start("krsh", locuser, NULL, &pamh))
6997c478bd9Sstevel@tonic-gate 				!= PAM_SUCCESS) {
7007c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "pam_start() failed: %s\n",
7017c478bd9Sstevel@tonic-gate 				pam_strerror(0, err));
7027c478bd9Sstevel@tonic-gate 			exit(1);
7037c478bd9Sstevel@tonic-gate 		}
7047c478bd9Sstevel@tonic-gate 	}
7057c478bd9Sstevel@tonic-gate 	else
7067c478bd9Sstevel@tonic-gate 	{
7077c478bd9Sstevel@tonic-gate 		if ((err = pam_start("rsh", locuser, NULL, &pamh))
7087c478bd9Sstevel@tonic-gate 				!= PAM_SUCCESS) {
7097c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "pam_start() failed: %s\n",
7107c478bd9Sstevel@tonic-gate 				pam_strerror(0, err));
7117c478bd9Sstevel@tonic-gate 			exit(1);
7127c478bd9Sstevel@tonic-gate 		}
7137c478bd9Sstevel@tonic-gate 	}
7147c478bd9Sstevel@tonic-gate 	if ((err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) {
7157c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR, "pam_set_item() failed: %s\n",
7167c478bd9Sstevel@tonic-gate 			pam_strerror(pamh, err));
7177c478bd9Sstevel@tonic-gate 		exit(1);
7187c478bd9Sstevel@tonic-gate 	}
7197c478bd9Sstevel@tonic-gate 	if ((err = pam_set_item(pamh, PAM_RUSER, remuser)) != PAM_SUCCESS) {
7207c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR, "pam_set_item() failed: %s\n",
7217c478bd9Sstevel@tonic-gate 			pam_strerror(pamh, err));
7227c478bd9Sstevel@tonic-gate 		exit(1);
7237c478bd9Sstevel@tonic-gate 	}
7247c478bd9Sstevel@tonic-gate 
7257c478bd9Sstevel@tonic-gate 	pwd = getpwnam(locuser);
7267c478bd9Sstevel@tonic-gate 	shpwd = getspnam(locuser);
7277c478bd9Sstevel@tonic-gate 	if ((pwd == NULL) || (shpwd == NULL)) {
7287c478bd9Sstevel@tonic-gate 		if (krb5auth_flag > 0)
7297c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "Principal %s (%s@%s) for local user "
7307c478bd9Sstevel@tonic-gate 				"%s has no account.\n", kremuser, remuser,
7317c478bd9Sstevel@tonic-gate 							hostname, locuser);
7327c478bd9Sstevel@tonic-gate 		error("permission denied.\n");
7337c478bd9Sstevel@tonic-gate 		(void) audit_rshd_fail("Login incorrect", hostname,
7347c478bd9Sstevel@tonic-gate 			remuser, locuser, cmdbuf);	/* BSM */
7357c478bd9Sstevel@tonic-gate 		exit(1);
7367c478bd9Sstevel@tonic-gate 	}
7377c478bd9Sstevel@tonic-gate 
7387c478bd9Sstevel@tonic-gate 	if (krb5auth_flag > 0) {
7397c478bd9Sstevel@tonic-gate 		(void) snprintf(repository, sizeof (repository),
7407c478bd9Sstevel@tonic-gate 					KRB5_REPOSITORY_NAME);
7417c478bd9Sstevel@tonic-gate 		/*
7427c478bd9Sstevel@tonic-gate 		 * We currently only support special handling of the
7437c478bd9Sstevel@tonic-gate 		 * KRB5 PAM repository
7447c478bd9Sstevel@tonic-gate 		 */
7457c478bd9Sstevel@tonic-gate 		if (strlen(locuser) != 0) {
7467c478bd9Sstevel@tonic-gate 			krb5_repository_data_t krb5_data;
7477c478bd9Sstevel@tonic-gate 			pam_repository_t pam_rep_data;
7487c478bd9Sstevel@tonic-gate 
7497c478bd9Sstevel@tonic-gate 			krb5_data.principal = locuser;
7507c478bd9Sstevel@tonic-gate 			krb5_data.flags = SUNW_PAM_KRB5_ALREADY_AUTHENTICATED;
7517c478bd9Sstevel@tonic-gate 
7527c478bd9Sstevel@tonic-gate 			pam_rep_data.type = repository;
7537c478bd9Sstevel@tonic-gate 			pam_rep_data.scope = (void *)&krb5_data;
7547c478bd9Sstevel@tonic-gate 			pam_rep_data.scope_len = sizeof (krb5_data);
7557c478bd9Sstevel@tonic-gate 
7567c478bd9Sstevel@tonic-gate 			(void) pam_set_item(pamh, PAM_REPOSITORY,
7577c478bd9Sstevel@tonic-gate 					(void *)&pam_rep_data);
7587c478bd9Sstevel@tonic-gate 		}
7597c478bd9Sstevel@tonic-gate 	}
7607c478bd9Sstevel@tonic-gate 
76157c40785SJoep Vesseur 	if (shpwd->sp_pwdp != 0) {
76257c40785SJoep Vesseur 		if (*shpwd->sp_pwdp != '\0') {
76357c40785SJoep Vesseur 			if ((v = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
76457c40785SJoep Vesseur 				error("permission denied\n");
76557c40785SJoep Vesseur 				(void) audit_rshd_fail("Permission denied",
76657c40785SJoep Vesseur 				    hostname, remuser, locuser, cmdbuf);
76757c40785SJoep Vesseur 				(void) pam_end(pamh, v);
76857c40785SJoep Vesseur 				exit(1);
76957c40785SJoep Vesseur 			}
77057c40785SJoep Vesseur 		} else {
77157c40785SJoep Vesseur 			int flags;
77257c40785SJoep Vesseur 			char *p;
77357c40785SJoep Vesseur 			/*
77457c40785SJoep Vesseur 			 * maintain 2.1 and 4.* and BSD semantics with
77557c40785SJoep Vesseur 			 * anonymous rshd unless PASSREQ is set to YES in
77657c40785SJoep Vesseur 			 * /etc/default/login: then we deny logins with empty
77757c40785SJoep Vesseur 			 * passwords.
77857c40785SJoep Vesseur 			 */
77957c40785SJoep Vesseur 			if (defopen(_PATH_DEFAULT_LOGIN) == 0) {
78057c40785SJoep Vesseur 				flags = defcntl(DC_GETFLAGS, 0);
78157c40785SJoep Vesseur 				TURNOFF(flags, DC_CASE);
78257c40785SJoep Vesseur 				(void) defcntl(DC_SETFLAGS, flags);
78357c40785SJoep Vesseur 
78457c40785SJoep Vesseur 				if ((p = defread("PASSREQ=")) != NULL &&
78557c40785SJoep Vesseur 				    strcasecmp(p, "YES") == 0) {
78657c40785SJoep Vesseur 					error("permission denied\n");
78757c40785SJoep Vesseur 					(void) audit_rshd_fail(
78857c40785SJoep Vesseur 					    "Permission denied", hostname,
78957c40785SJoep Vesseur 					    remuser, locuser, cmdbuf);
79057c40785SJoep Vesseur 					(void) pam_end(pamh, PAM_ABORT);
79157c40785SJoep Vesseur 					(void) defopen(NULL);
79257c40785SJoep Vesseur 					syslog(LOG_AUTH|LOG_NOTICE,
79357c40785SJoep Vesseur 					    "empty password not allowed for "
79457c40785SJoep Vesseur 					    "%s from %s.", locuser, hostname);
79557c40785SJoep Vesseur 					exit(1);
79657c40785SJoep Vesseur 				}
79757c40785SJoep Vesseur 				(void) defopen(NULL);
79857c40785SJoep Vesseur 			}
79957c40785SJoep Vesseur 			/*
80057c40785SJoep Vesseur 			 * /etc/default/login not found or PASSREQ not set
80157c40785SJoep Vesseur 			 * to YES. Allow logins without passwords.
80257c40785SJoep Vesseur 			 */
80357c40785SJoep Vesseur 		}
8047c478bd9Sstevel@tonic-gate 	}
8057c478bd9Sstevel@tonic-gate 
8067c478bd9Sstevel@tonic-gate 	if (krb5auth_flag > 0) {
8077c478bd9Sstevel@tonic-gate 		if (require_encrypt && (!do_encrypt)) {
8087c478bd9Sstevel@tonic-gate 			error("You must use encryption.\n");
8097c478bd9Sstevel@tonic-gate 			(void) audit_rshd_fail("You must use encryption.",
8107c478bd9Sstevel@tonic-gate 				hostname, remuser, locuser, cmdbuf); /* BSM */
8117c478bd9Sstevel@tonic-gate 			goto signout;
8127c478bd9Sstevel@tonic-gate 		}
8137c478bd9Sstevel@tonic-gate 
8147c478bd9Sstevel@tonic-gate 		if (!(auth_ok & auth_sent)) {
8157c478bd9Sstevel@tonic-gate 			if (auth_sent) {
8167c478bd9Sstevel@tonic-gate 				error("Another authentication mechanism "
8177c478bd9Sstevel@tonic-gate 				    "must be used to access this host.\n");
8187c478bd9Sstevel@tonic-gate 				(void) audit_rshd_fail("Another authentication"
8197c478bd9Sstevel@tonic-gate 					" mechanism must be used to access"
8207c478bd9Sstevel@tonic-gate 					" this host.\n", hostname, remuser,
8217c478bd9Sstevel@tonic-gate 					locuser, cmdbuf); /* BSM */
8227c478bd9Sstevel@tonic-gate 				goto signout;
8237c478bd9Sstevel@tonic-gate 			} else {
8247c478bd9Sstevel@tonic-gate 				error("Permission denied.\n");
8257c478bd9Sstevel@tonic-gate 				(void) audit_rshd_fail("Permission denied.",
8267c478bd9Sstevel@tonic-gate 					hostname, remuser, locuser, cmdbuf);
8277c478bd9Sstevel@tonic-gate 					/* BSM */
8287c478bd9Sstevel@tonic-gate 				goto signout;
8297c478bd9Sstevel@tonic-gate 			}
8307c478bd9Sstevel@tonic-gate 		}
8317c478bd9Sstevel@tonic-gate 
8327c478bd9Sstevel@tonic-gate 
8337c478bd9Sstevel@tonic-gate 		if (pwd->pw_uid && !access("/etc/nologin", F_OK)) {
8347c478bd9Sstevel@tonic-gate 			error("Logins currently disabled.\n");
8357c478bd9Sstevel@tonic-gate 			(void) audit_rshd_fail("Logins currently disabled.",
8367c478bd9Sstevel@tonic-gate 				hostname, remuser, locuser, cmdbuf);
8377c478bd9Sstevel@tonic-gate 			goto signout;
8387c478bd9Sstevel@tonic-gate 		}
8397c478bd9Sstevel@tonic-gate 
8407c478bd9Sstevel@tonic-gate 		/* Log access to account */
8417c478bd9Sstevel@tonic-gate 		if (pwd && (pwd->pw_uid == 0)) {
8427c478bd9Sstevel@tonic-gate 			syslog(LOG_NOTICE, "Executing %s for user %s (%s@%s)"
8437c478bd9Sstevel@tonic-gate 			    " as ROOT", cmdbuf,
8447c478bd9Sstevel@tonic-gate 			    kremuser, remuser, hostname);
8457c478bd9Sstevel@tonic-gate 		}
8467c478bd9Sstevel@tonic-gate 	}
8477c478bd9Sstevel@tonic-gate 
8487c478bd9Sstevel@tonic-gate 	if ((v = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) {
8497c478bd9Sstevel@tonic-gate 		switch (v) {
8507c478bd9Sstevel@tonic-gate 		case PAM_NEW_AUTHTOK_REQD:
8517c478bd9Sstevel@tonic-gate 			error("password expired\n");
8527c478bd9Sstevel@tonic-gate 			(void) audit_rshd_fail("Password expired", hostname,
8537c478bd9Sstevel@tonic-gate 				remuser, locuser, cmdbuf); /* BSM */
8547c478bd9Sstevel@tonic-gate 			break;
8557c478bd9Sstevel@tonic-gate 		case PAM_PERM_DENIED:
8567c478bd9Sstevel@tonic-gate 			error("account expired\n");
8577c478bd9Sstevel@tonic-gate 			(void) audit_rshd_fail("Account expired", hostname,
8587c478bd9Sstevel@tonic-gate 				remuser, locuser, cmdbuf); /* BSM */
8597c478bd9Sstevel@tonic-gate 			break;
8607c478bd9Sstevel@tonic-gate 		case PAM_AUTHTOK_EXPIRED:
8617c478bd9Sstevel@tonic-gate 			error("password expired\n");
8627c478bd9Sstevel@tonic-gate 			(void) audit_rshd_fail("Password expired", hostname,
8637c478bd9Sstevel@tonic-gate 				remuser, locuser, cmdbuf); /* BSM */
8647c478bd9Sstevel@tonic-gate 			break;
8657c478bd9Sstevel@tonic-gate 		default:
8667c478bd9Sstevel@tonic-gate 			error("login incorrect\n");
8677c478bd9Sstevel@tonic-gate 			(void) audit_rshd_fail("Permission denied", hostname,
8687c478bd9Sstevel@tonic-gate 				remuser, locuser, cmdbuf); /* BSM */
8697c478bd9Sstevel@tonic-gate 			break;
8707c478bd9Sstevel@tonic-gate 		}
8717c478bd9Sstevel@tonic-gate 		(void) pam_end(pamh, PAM_ABORT);
8727c478bd9Sstevel@tonic-gate 		exit(1);
8737c478bd9Sstevel@tonic-gate 	}
8747c478bd9Sstevel@tonic-gate 
8757c478bd9Sstevel@tonic-gate 	if (chdir(pwd->pw_dir) < 0) {
8767c478bd9Sstevel@tonic-gate 		(void) chdir("/");
8777c478bd9Sstevel@tonic-gate #ifdef notdef
8787c478bd9Sstevel@tonic-gate 		error("No remote directory.\n");
8797c478bd9Sstevel@tonic-gate 
8807c478bd9Sstevel@tonic-gate 		exit(1);
8817c478bd9Sstevel@tonic-gate #endif
8827c478bd9Sstevel@tonic-gate 	}
8837c478bd9Sstevel@tonic-gate 
8847c478bd9Sstevel@tonic-gate 	/*
8857c478bd9Sstevel@tonic-gate 	 * XXX There is no session management currently being done
8867c478bd9Sstevel@tonic-gate 	 */
8877c478bd9Sstevel@tonic-gate 
8887c478bd9Sstevel@tonic-gate 	(void) write(STDERR_FILENO, "\0", 1);
8897c478bd9Sstevel@tonic-gate 	if (port || do_encrypt) {
8907c478bd9Sstevel@tonic-gate 		if ((pipe(pv) < 0)) {
8917c478bd9Sstevel@tonic-gate 			error("Can't make pipe.\n");
8927c478bd9Sstevel@tonic-gate 			(void) pam_end(pamh, PAM_ABORT);
8937c478bd9Sstevel@tonic-gate 			exit(1);
8947c478bd9Sstevel@tonic-gate 		}
8957c478bd9Sstevel@tonic-gate 		if (do_encrypt) {
8967c478bd9Sstevel@tonic-gate 			if (pipe(pw) < 0) {
8977c478bd9Sstevel@tonic-gate 				error("Can't make pipe 2.\n");
8987c478bd9Sstevel@tonic-gate 				(void) pam_end(pamh, PAM_ABORT);
8997c478bd9Sstevel@tonic-gate 				exit(1);
9007c478bd9Sstevel@tonic-gate 			}
9017c478bd9Sstevel@tonic-gate 			if (pipe(px) < 0) {
9027c478bd9Sstevel@tonic-gate 				error("Can't make pipe 3.\n");
9037c478bd9Sstevel@tonic-gate 				(void) pam_end(pamh, PAM_ABORT);
9047c478bd9Sstevel@tonic-gate 				exit(1);
9057c478bd9Sstevel@tonic-gate 			}
9067c478bd9Sstevel@tonic-gate 		}
9077c478bd9Sstevel@tonic-gate 		pid = fork();
9087c478bd9Sstevel@tonic-gate 		if (pid == (pid_t)-1)  {
9097c478bd9Sstevel@tonic-gate 			error("Fork (to start shell) failed on server.  "
9107c478bd9Sstevel@tonic-gate 				"Please try again later.\n");
9117c478bd9Sstevel@tonic-gate 			(void) pam_end(pamh, PAM_ABORT);
9127c478bd9Sstevel@tonic-gate 			exit(1);
9137c478bd9Sstevel@tonic-gate 		}
9147c478bd9Sstevel@tonic-gate 		if (pid) {
9157c478bd9Sstevel@tonic-gate 			fd_set ready;
9167c478bd9Sstevel@tonic-gate 			fd_set readfrom;
9177c478bd9Sstevel@tonic-gate 
9187c478bd9Sstevel@tonic-gate 			(void) close(STDIN_FILENO);
9197c478bd9Sstevel@tonic-gate 			(void) close(STDOUT_FILENO);
9207c478bd9Sstevel@tonic-gate 			(void) close(STDERR_FILENO);
9217c478bd9Sstevel@tonic-gate 			(void) close(pv[1]);
9227c478bd9Sstevel@tonic-gate 			if (do_encrypt) {
9237c478bd9Sstevel@tonic-gate 				(void) close(pw[1]);
9247c478bd9Sstevel@tonic-gate 				(void) close(px[0]);
9257c478bd9Sstevel@tonic-gate 			} else {
9267c478bd9Sstevel@tonic-gate 				(void) close(f);
9277c478bd9Sstevel@tonic-gate 			}
9287c478bd9Sstevel@tonic-gate 
9297c478bd9Sstevel@tonic-gate 			(void) FD_ZERO(&readfrom);
9307c478bd9Sstevel@tonic-gate 
9317c478bd9Sstevel@tonic-gate 			FD_SET(pv[0], &readfrom);
9327c478bd9Sstevel@tonic-gate 			if (do_encrypt) {
9337c478bd9Sstevel@tonic-gate 				FD_SET(pw[0], &readfrom);
9347c478bd9Sstevel@tonic-gate 				FD_SET(f, &readfrom);
9357c478bd9Sstevel@tonic-gate 			}
9367c478bd9Sstevel@tonic-gate 			if (port)
9377c478bd9Sstevel@tonic-gate 				FD_SET(s, &readfrom);
9387c478bd9Sstevel@tonic-gate 
9397c478bd9Sstevel@tonic-gate 			/* read f (net), write to px[1] (child stdin) */
9407c478bd9Sstevel@tonic-gate 			/* read pw[0] (child stdout), write to f (net) */
9417c478bd9Sstevel@tonic-gate 			/* read s (alt. channel), signal child */
9427c478bd9Sstevel@tonic-gate 			/* read pv[0] (child stderr), write to s */
9437c478bd9Sstevel@tonic-gate 			if (ioctl(pv[0], FIONBIO, (char *)&one) == -1)
9447c478bd9Sstevel@tonic-gate 				syslog(LOG_INFO, "ioctl FIONBIO: %m");
9457c478bd9Sstevel@tonic-gate 			if (do_encrypt &&
9467c478bd9Sstevel@tonic-gate 				ioctl(pw[0], FIONBIO, (char *)&one) == -1)
9477c478bd9Sstevel@tonic-gate 				syslog(LOG_INFO, "ioctl FIONBIO: %m");
9487c478bd9Sstevel@tonic-gate 			do {
9497c478bd9Sstevel@tonic-gate 				ready = readfrom;
9507c478bd9Sstevel@tonic-gate 				if (select(FD_SETSIZE, &ready, NULL,
9517c478bd9Sstevel@tonic-gate 					NULL, NULL) < 0) {
9527c478bd9Sstevel@tonic-gate 					if (errno == EINTR) {
9537c478bd9Sstevel@tonic-gate 						continue;
9547c478bd9Sstevel@tonic-gate 					} else {
9557c478bd9Sstevel@tonic-gate 						break;
9567c478bd9Sstevel@tonic-gate 					}
9577c478bd9Sstevel@tonic-gate 				}
9587c478bd9Sstevel@tonic-gate 				/*
9597c478bd9Sstevel@tonic-gate 				 * Read from child stderr, write to net
9607c478bd9Sstevel@tonic-gate 				 */
9617c478bd9Sstevel@tonic-gate 				if (port && FD_ISSET(pv[0], &ready)) {
9627c478bd9Sstevel@tonic-gate 					errno = 0;
9637c478bd9Sstevel@tonic-gate 					cc = read(pv[0], buf, sizeof (buf));
9647c478bd9Sstevel@tonic-gate 					if (cc <= 0) {
9657c478bd9Sstevel@tonic-gate 						(void) shutdown(s, 2);
9667c478bd9Sstevel@tonic-gate 						FD_CLR(pv[0], &readfrom);
9677c478bd9Sstevel@tonic-gate 					} else {
9687c478bd9Sstevel@tonic-gate 						(void) deswrite(s, buf, cc, 1);
9697c478bd9Sstevel@tonic-gate 					}
9707c478bd9Sstevel@tonic-gate 				}
9717c478bd9Sstevel@tonic-gate 				/*
9727c478bd9Sstevel@tonic-gate 				 * Read from alternate channel, signal child
9737c478bd9Sstevel@tonic-gate 				 */
9747c478bd9Sstevel@tonic-gate 				if (port && FD_ISSET(s, &ready)) {
9757c478bd9Sstevel@tonic-gate 					if ((int)desread(s, &sig, 1, 1) <= 0)
9767c478bd9Sstevel@tonic-gate 						FD_CLR(s, &readfrom);
9777c478bd9Sstevel@tonic-gate 					else
9787c478bd9Sstevel@tonic-gate 						(void) killpg(pid, sig);
9797c478bd9Sstevel@tonic-gate 				}
9807c478bd9Sstevel@tonic-gate 				/*
9817c478bd9Sstevel@tonic-gate 				 * Read from child stdout, write to net
9827c478bd9Sstevel@tonic-gate 				 */
9837c478bd9Sstevel@tonic-gate 				if (do_encrypt && FD_ISSET(pw[0], &ready)) {
9847c478bd9Sstevel@tonic-gate 					errno = 0;
9857c478bd9Sstevel@tonic-gate 					cc = read(pw[0], buf, sizeof (buf));
9867c478bd9Sstevel@tonic-gate 					if (cc <= 0) {
9877c478bd9Sstevel@tonic-gate 						(void) shutdown(f, 2);
9887c478bd9Sstevel@tonic-gate 						FD_CLR(pw[0], &readfrom);
9897c478bd9Sstevel@tonic-gate 					} else {
9907c478bd9Sstevel@tonic-gate 						(void) deswrite(f, buf, cc, 0);
9917c478bd9Sstevel@tonic-gate 					}
9927c478bd9Sstevel@tonic-gate 				}
9937c478bd9Sstevel@tonic-gate 				/*
9947c478bd9Sstevel@tonic-gate 				 * Read from the net, write to child stdin
9957c478bd9Sstevel@tonic-gate 				 */
9967c478bd9Sstevel@tonic-gate 				if (do_encrypt && FD_ISSET(f, &ready)) {
9977c478bd9Sstevel@tonic-gate 					errno = 0;
9987c478bd9Sstevel@tonic-gate 					cc = desread(f, buf, sizeof (buf), 0);
9997c478bd9Sstevel@tonic-gate 					if (cc <= 0) {
10007c478bd9Sstevel@tonic-gate 						(void) close(px[1]);
10017c478bd9Sstevel@tonic-gate 						FD_CLR(f, &readfrom);
10027c478bd9Sstevel@tonic-gate 					} else {
10037c478bd9Sstevel@tonic-gate 						int wcc;
10047c478bd9Sstevel@tonic-gate 						wcc = write(px[1], buf, cc);
10057c478bd9Sstevel@tonic-gate 						if (wcc == -1) {
10067c478bd9Sstevel@tonic-gate 							/*
10077c478bd9Sstevel@tonic-gate 							 * pipe closed,
10087c478bd9Sstevel@tonic-gate 							 * don't read any
10097c478bd9Sstevel@tonic-gate 							 * more
10107c478bd9Sstevel@tonic-gate 							 *
10117c478bd9Sstevel@tonic-gate 							 * might check for
10127c478bd9Sstevel@tonic-gate 							 * EPIPE
10137c478bd9Sstevel@tonic-gate 							 */
10147c478bd9Sstevel@tonic-gate 						    (void) close(px[1]);
10157c478bd9Sstevel@tonic-gate 						    FD_CLR(f, &readfrom);
10167c478bd9Sstevel@tonic-gate 						} else if (wcc != cc) {
10177c478bd9Sstevel@tonic-gate 						    /* CSTYLED */
10187c478bd9Sstevel@tonic-gate 						    syslog(LOG_INFO, gettext("only wrote %d/%d to child"),
10197c478bd9Sstevel@tonic-gate 						    wcc, cc);
10207c478bd9Sstevel@tonic-gate 						}
10217c478bd9Sstevel@tonic-gate 					}
10227c478bd9Sstevel@tonic-gate 				}
10237c478bd9Sstevel@tonic-gate 			} while ((port && FD_ISSET(s, &readfrom)) ||
10247c478bd9Sstevel@tonic-gate 				(port && FD_ISSET(pv[0], &readfrom)) ||
10257c478bd9Sstevel@tonic-gate 				(do_encrypt && FD_ISSET(f, &readfrom)) ||
10267c478bd9Sstevel@tonic-gate 				(do_encrypt && FD_ISSET(pw[0], &readfrom)));
10277c478bd9Sstevel@tonic-gate #ifdef DEBUG
10287c478bd9Sstevel@tonic-gate 			syslog(LOG_INFO, "Shell process completed.");
10297c478bd9Sstevel@tonic-gate #endif /* DEBUG */
10307c478bd9Sstevel@tonic-gate 			if (ccache)
10317c478bd9Sstevel@tonic-gate 				(void) pam_close_session(pamh, 0);
10327c478bd9Sstevel@tonic-gate 			(void) pam_end(pamh, PAM_SUCCESS);
10337c478bd9Sstevel@tonic-gate 
10347c478bd9Sstevel@tonic-gate 			exit(0);
10357c478bd9Sstevel@tonic-gate 		} /* End of Parent block */
10367c478bd9Sstevel@tonic-gate 
10377c478bd9Sstevel@tonic-gate 		(void) setsid();	/* Should be the same as above. */
10387c478bd9Sstevel@tonic-gate 		(void) close(pv[0]);
10397c478bd9Sstevel@tonic-gate 		(void) dup2(pv[1], 2);
10407c478bd9Sstevel@tonic-gate 		(void) close(pv[1]);
10417c478bd9Sstevel@tonic-gate 		if (port)
10427c478bd9Sstevel@tonic-gate 			(void) close(s);
10437c478bd9Sstevel@tonic-gate 		if (do_encrypt) {
10447c478bd9Sstevel@tonic-gate 			(void) close(f);
10457c478bd9Sstevel@tonic-gate 			(void) close(pw[0]);
10467c478bd9Sstevel@tonic-gate 			(void) close(px[1]);
10477c478bd9Sstevel@tonic-gate 
10487c478bd9Sstevel@tonic-gate 			(void) dup2(px[0], 0);
10497c478bd9Sstevel@tonic-gate 			(void) dup2(pw[1], 1);
10507c478bd9Sstevel@tonic-gate 
10517c478bd9Sstevel@tonic-gate 			(void) close(px[0]);
10527c478bd9Sstevel@tonic-gate 			(void) close(pw[1]);
10537c478bd9Sstevel@tonic-gate 		}
10547c478bd9Sstevel@tonic-gate 	}
10557c478bd9Sstevel@tonic-gate 
10567c478bd9Sstevel@tonic-gate 	if (*pwd->pw_shell == '\0')
10577c478bd9Sstevel@tonic-gate 		pwd->pw_shell = "/bin/sh";
10587c478bd9Sstevel@tonic-gate 	if (!do_encrypt)
10597c478bd9Sstevel@tonic-gate 		(void) close(f);
10607c478bd9Sstevel@tonic-gate 	/*
10617c478bd9Sstevel@tonic-gate 	 * write audit record before making uid switch
10627c478bd9Sstevel@tonic-gate 	 */
10637c478bd9Sstevel@tonic-gate 	(void) audit_rshd_success(hostname, remuser, locuser, cmdbuf); /* BSM */
10647c478bd9Sstevel@tonic-gate 
10657c478bd9Sstevel@tonic-gate 	/* set the real (and effective) GID */
10667c478bd9Sstevel@tonic-gate 	if (setgid(pwd->pw_gid) == -1) {
10677c478bd9Sstevel@tonic-gate 		error("Invalid gid.\n");
10687c478bd9Sstevel@tonic-gate 		(void) pam_end(pamh, PAM_ABORT);
10697c478bd9Sstevel@tonic-gate 		exit(1);
10707c478bd9Sstevel@tonic-gate 	}
10717c478bd9Sstevel@tonic-gate 
10727c478bd9Sstevel@tonic-gate 	/*
10737c478bd9Sstevel@tonic-gate 	 * Initialize the supplementary group access list.
10747c478bd9Sstevel@tonic-gate 	 */
10757c478bd9Sstevel@tonic-gate 	if (strlen(locuser) == 0) {
10767c478bd9Sstevel@tonic-gate 		error("No local user.\n");
10777c478bd9Sstevel@tonic-gate 		(void) pam_end(pamh, PAM_ABORT);
10787c478bd9Sstevel@tonic-gate 		exit(1);
10797c478bd9Sstevel@tonic-gate 	}
10807c478bd9Sstevel@tonic-gate 	if (initgroups(locuser, pwd->pw_gid) == -1) {
10817c478bd9Sstevel@tonic-gate 		error("Initgroup failed.\n");
10827c478bd9Sstevel@tonic-gate 		(void) pam_end(pamh, PAM_ABORT);
10837c478bd9Sstevel@tonic-gate 		exit(1);
10847c478bd9Sstevel@tonic-gate 	}
10857c478bd9Sstevel@tonic-gate 
10867c478bd9Sstevel@tonic-gate 	if ((v = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) {
10877c478bd9Sstevel@tonic-gate 		error("Insufficient credentials.\n");
10887c478bd9Sstevel@tonic-gate 		(void) pam_end(pamh, v);
10897c478bd9Sstevel@tonic-gate 		exit(1);
10907c478bd9Sstevel@tonic-gate 	}
10917c478bd9Sstevel@tonic-gate 
10927c478bd9Sstevel@tonic-gate 	/* set the real (and effective) UID */
10937c478bd9Sstevel@tonic-gate 	if (setuid(pwd->pw_uid) == -1) {
10947c478bd9Sstevel@tonic-gate 		error("Invalid uid.\n");
10957c478bd9Sstevel@tonic-gate 		(void) pam_end(pamh, PAM_ABORT);
10967c478bd9Sstevel@tonic-gate 		exit(1);
10977c478bd9Sstevel@tonic-gate 	}
10987c478bd9Sstevel@tonic-gate 
10997c478bd9Sstevel@tonic-gate 	/* Change directory only after becoming the appropriate user. */
11007c478bd9Sstevel@tonic-gate 	if (chdir(pwd->pw_dir) < 0) {
11017c478bd9Sstevel@tonic-gate 		(void) chdir("/");
11027c478bd9Sstevel@tonic-gate 		if (krb5auth_flag > 0) {
11037c478bd9Sstevel@tonic-gate 			syslog(LOG_ERR, "Principal %s  (%s@%s) for local user"
11047c478bd9Sstevel@tonic-gate 				" %s has no home directory.",
11057c478bd9Sstevel@tonic-gate 				kremuser, remuser, hostname, locuser);
11067c478bd9Sstevel@tonic-gate 			error("No remote directory.\n");
11077c478bd9Sstevel@tonic-gate 			goto signout;
11087c478bd9Sstevel@tonic-gate 		}
11097c478bd9Sstevel@tonic-gate #ifdef notdef
11107c478bd9Sstevel@tonic-gate 		error("No remote directory.\n");
11117c478bd9Sstevel@tonic-gate 		exit(1);
11127c478bd9Sstevel@tonic-gate #endif
11137c478bd9Sstevel@tonic-gate 	}
11147c478bd9Sstevel@tonic-gate 
11157c478bd9Sstevel@tonic-gate 	path = (pwd->pw_uid == 0) ? rootpath : userpath;
11167c478bd9Sstevel@tonic-gate 
11177c478bd9Sstevel@tonic-gate 	/*
11187c478bd9Sstevel@tonic-gate 	 * Space for the following environment variables are dynamically
11197c478bd9Sstevel@tonic-gate 	 * allocated because their lengths are not known before calling
11207c478bd9Sstevel@tonic-gate 	 * getpwnam().
11217c478bd9Sstevel@tonic-gate 	 */
11227c478bd9Sstevel@tonic-gate 	homedir_len = strlen(pwd->pw_dir) + strlen(homestr) + 1;
11237c478bd9Sstevel@tonic-gate 	shell_len = strlen(pwd->pw_shell) + strlen(shellstr) + 1;
11247c478bd9Sstevel@tonic-gate 	username_len = strlen(pwd->pw_name) + strlen(userstr) + 1;
11257c478bd9Sstevel@tonic-gate 	homedir = (char *)malloc(homedir_len);
11267c478bd9Sstevel@tonic-gate 	shell = (char *)malloc(shell_len);
11277c478bd9Sstevel@tonic-gate 	username = (char *)malloc(username_len);
11287c478bd9Sstevel@tonic-gate 	if (homedir == NULL || shell == NULL || username == NULL) {
11297c478bd9Sstevel@tonic-gate 		perror("malloc");
11307c478bd9Sstevel@tonic-gate 		exit(1);
11317c478bd9Sstevel@tonic-gate 	}
11327c478bd9Sstevel@tonic-gate 	(void) snprintf(homedir, homedir_len, "%s%s", homestr, pwd->pw_dir);
11337c478bd9Sstevel@tonic-gate 	(void) snprintf(shell, shell_len, "%s%s", shellstr, pwd->pw_shell);
11347c478bd9Sstevel@tonic-gate 	(void) snprintf(username, username_len, "%s%s", userstr, pwd->pw_name);
11357c478bd9Sstevel@tonic-gate 
11367c478bd9Sstevel@tonic-gate 	/* Pass timezone to executed command. */
11377c478bd9Sstevel@tonic-gate 	if (tzenv = getenv("TZ")) {
11387c478bd9Sstevel@tonic-gate 		tz_len = strlen(tzenv) + strlen(tzstr) + 1;
11397c478bd9Sstevel@tonic-gate 		tz = malloc(tz_len);
11407c478bd9Sstevel@tonic-gate 		if (tz != NULL)
11417c478bd9Sstevel@tonic-gate 			(void) snprintf(tz, tz_len, "%s%s", tzstr, tzenv);
11427c478bd9Sstevel@tonic-gate 	}
11437c478bd9Sstevel@tonic-gate 
11447c478bd9Sstevel@tonic-gate 	add_to_envinit(homedir);
11457c478bd9Sstevel@tonic-gate 	add_to_envinit(shell);
11467c478bd9Sstevel@tonic-gate 	add_to_envinit(path);
11477c478bd9Sstevel@tonic-gate 	add_to_envinit(username);
11487c478bd9Sstevel@tonic-gate 	add_to_envinit(tz);
11497c478bd9Sstevel@tonic-gate 
11507c478bd9Sstevel@tonic-gate 	if (krb5auth_flag > 0) {
11517c478bd9Sstevel@tonic-gate 		int length;
11527c478bd9Sstevel@tonic-gate 		char *buffer;
11537c478bd9Sstevel@tonic-gate 
11547c478bd9Sstevel@tonic-gate 		/*
11557c478bd9Sstevel@tonic-gate 		 * If we have KRB5CCNAME set, then copy into the child's
11567c478bd9Sstevel@tonic-gate 		 * environment.  This can't really have a fixed position
11577c478bd9Sstevel@tonic-gate 		 * because `tz' may or may not be set.
11587c478bd9Sstevel@tonic-gate 		 */
11597c478bd9Sstevel@tonic-gate 		if (getenv("KRB5CCNAME")) {
11607c478bd9Sstevel@tonic-gate 			length = (int)strlen(getenv("KRB5CCNAME")) +
11617c478bd9Sstevel@tonic-gate 					(int)strlen("KRB5CCNAME=") + 1;
11627c478bd9Sstevel@tonic-gate 			buffer = (char *)malloc(length);
11637c478bd9Sstevel@tonic-gate 
11647c478bd9Sstevel@tonic-gate 			if (buffer) {
11657c478bd9Sstevel@tonic-gate 				(void) snprintf(buffer, length, "KRB5CCNAME=%s",
11667c478bd9Sstevel@tonic-gate 						getenv("KRB5CCNAME"));
11677c478bd9Sstevel@tonic-gate 				add_to_envinit(buffer);
11687c478bd9Sstevel@tonic-gate 			}
11697c478bd9Sstevel@tonic-gate 		} {
11707c478bd9Sstevel@tonic-gate 			/* These two are covered by ADDRPAD */
11717c478bd9Sstevel@tonic-gate 			length = strlen(inet_ntoa(localaddr.sin_addr)) + 1 +
11727c478bd9Sstevel@tonic-gate 					strlen("KRB5LOCALADDR=");
11737c478bd9Sstevel@tonic-gate 			(void) snprintf(local_addr, length, "KRB5LOCALADDR=%s",
11747c478bd9Sstevel@tonic-gate 				inet_ntoa(localaddr.sin_addr));
11757c478bd9Sstevel@tonic-gate 			add_to_envinit(local_addr);
11767c478bd9Sstevel@tonic-gate 
11777c478bd9Sstevel@tonic-gate 			length = strlen(inet_ntoa(sin->sin_addr)) + 1 +
11787c478bd9Sstevel@tonic-gate 					strlen("KRB5REMOTEADDR=");
11797c478bd9Sstevel@tonic-gate 			(void) snprintf(remote_addr, length,
11807c478bd9Sstevel@tonic-gate 				"KRB5REMOTEADDR=%s", inet_ntoa(sin->sin_addr));
11817c478bd9Sstevel@tonic-gate 			add_to_envinit(remote_addr);
11827c478bd9Sstevel@tonic-gate 		}
11837c478bd9Sstevel@tonic-gate 
11847c478bd9Sstevel@ton