Changeset View
Changeset View
Standalone View
Standalone View
libexec/rshd/rshd.c
Context not available. | |||||
#include <security/openpam.h> | #include <security/openpam.h> | ||||
#include <sys/wait.h> | #include <sys/wait.h> | ||||
#ifdef USE_BLACKLIST | |||||
#include <blacklist.h> | |||||
#endif | |||||
static struct pam_conv pamc = { openpam_nullconv, NULL }; | static struct pam_conv pamc = { openpam_nullconv, NULL }; | ||||
static pam_handle_t *pamh; | static pam_handle_t *pamh; | ||||
static int pam_err; | static int pam_err; | ||||
Context not available. | |||||
"connection from %s on illegal port %u", | "connection from %s on illegal port %u", | ||||
numericname, | numericname, | ||||
srcport); | srcport); | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(1, STDIN_FILENO, "illegal port"); | |||||
#endif | |||||
exit(1); | exit(1); | ||||
} | } | ||||
Context not available. | |||||
"2nd socket from %s on unreserved port %u", | "2nd socket from %s on unreserved port %u", | ||||
numericname, | numericname, | ||||
port); | port); | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(1, STDIN_FILENO, "unreserved port"); | |||||
#endif | |||||
exit(1); | exit(1); | ||||
} | } | ||||
*((in_port_t *)&fromp->sa_data) = htons(port); | *((in_port_t *)&fromp->sa_data) = htons(port); | ||||
Context not available. | |||||
if (pam_err != PAM_SUCCESS) { | if (pam_err != PAM_SUCCESS) { | ||||
syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s", | syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s", | ||||
pam_strerror(pamh, pam_err)); | pam_strerror(pamh, pam_err)); | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(1, STDIN_FILENO, "login incorrect"); | |||||
#endif | |||||
rshd_errx(1, "Login incorrect."); | rshd_errx(1, "Login incorrect."); | ||||
} | } | ||||
Context not available. | |||||
(pam_err = pam_set_item(pamh, PAM_RHOST, rhost)) != PAM_SUCCESS) { | (pam_err = pam_set_item(pamh, PAM_RHOST, rhost)) != PAM_SUCCESS) { | ||||
syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s", | syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s", | ||||
pam_strerror(pamh, pam_err)); | pam_strerror(pamh, pam_err)); | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(1, STDIN_FILENO, "login incorrect"); | |||||
#endif | |||||
rshd_errx(1, "Login incorrect."); | rshd_errx(1, "Login incorrect."); | ||||
} | } | ||||
Context not available. | |||||
syslog(LOG_INFO|LOG_AUTH, | syslog(LOG_INFO|LOG_AUTH, | ||||
"%s@%s as %s: permission denied (%s). cmd='%.80s'", | "%s@%s as %s: permission denied (%s). cmd='%.80s'", | ||||
ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf); | ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf); | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(1, STDIN_FILENO, "permission denied"); | |||||
#endif | |||||
rshd_errx(1, "Login incorrect."); | rshd_errx(1, "Login incorrect."); | ||||
} | } | ||||
Context not available. | |||||
syslog(LOG_INFO|LOG_AUTH, | syslog(LOG_INFO|LOG_AUTH, | ||||
"%s@%s as %s: unknown login. cmd='%.80s'", | "%s@%s as %s: unknown login. cmd='%.80s'", | ||||
ruser, rhost, luser, cmdbuf); | ruser, rhost, luser, cmdbuf); | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(1, STDIN_FILENO, "unknown login"); | |||||
#endif | |||||
if (errorstr == NULL) | if (errorstr == NULL) | ||||
errorstr = "Login incorrect."; | errorstr = "Login incorrect."; | ||||
rshd_errx(1, errorstr, rhost); | rshd_errx(1, errorstr, rhost); | ||||
Context not available. | |||||
"%s@%s as %s: permission denied (%s). cmd='%.80s'", | "%s@%s as %s: permission denied (%s). cmd='%.80s'", | ||||
ruser, rhost, luser, __rcmd_errstr, | ruser, rhost, luser, __rcmd_errstr, | ||||
cmdbuf); | cmdbuf); | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(1, STDIN_FILENO, "permission denied"); | |||||
#endif | |||||
rshd_errx(1, "Login incorrect."); | rshd_errx(1, "Login incorrect."); | ||||
} | } | ||||
if (!auth_timeok(lc, time(NULL))) | if (!auth_timeok(lc, time(NULL))) | ||||
Context not available. | |||||
} | } | ||||
} | } | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(0, STDIN_FILENO, "success"); | |||||
#endif | |||||
for (fd = getdtablesize(); fd > 2; fd--) | for (fd = getdtablesize(); fd > 2; fd--) | ||||
(void) close(fd); | (void) close(fd); | ||||
if (setsid() == -1) | if (setsid() == -1) | ||||
Context not available. | |||||
if (read(STDIN_FILENO, &c, 1) != 1) | if (read(STDIN_FILENO, &c, 1) != 1) | ||||
exit(1); | exit(1); | ||||
*buf++ = c; | *buf++ = c; | ||||
if (--cnt == 0) | if (--cnt == 0) { | ||||
#ifdef USE_BLACKLIST | |||||
blacklist(1, STDIN_FILENO, "buffer overflow"); | |||||
#endif | |||||
rshd_errx(1, "%s too long", error); | rshd_errx(1, "%s too long", error); | ||||
} | |||||
} while (c != 0); | } while (c != 0); | ||||
} | } | ||||
Context not available. |