#include "util.h"
#include "event.h"
#include "packet.h"
-#include "queue.h"
#include "security.h"
#include "security-util.h"
#include "stream.h"
-#include "version.h"
-
-#ifdef RSH_SECURITY
/*
* Path to the rsh binary. This should be configurable.
"RSH",
rsh_connect,
sec_accept,
+ sec_get_authenticated_peer_name_hostname,
sec_close,
stream_sendpkt,
stream_recvpkt,
void * arg,
void * datap)
{
+ int result;
struct sec_handle *rh;
char *amandad_path=NULL, *client_username=NULL;
assert(fn != NULL);
assert(hostname != NULL);
- auth_debug(1, ("%s: rsh: rsh_connect: %s\n", debug_prefix_time(NULL),
- hostname));
+ auth_debug(1, _("rsh: rsh_connect: %s\n"), hostname);
rh = alloc(SIZEOF(*rh));
security_handleinit(&rh->sech, &rsh_security_driver);
rh->ev_timeout = NULL;
rh->rc = NULL;
+ /* get the canonical hostname */
rh->hostname = NULL;
- if (try_resolving_hostname(hostname, &rh->hostname)) {
+ if ((result = resolve_hostname(hostname, 0, NULL, &rh->hostname)) || rh->hostname == NULL) {
security_seterror(&rh->sech,
- "%s: could not resolve hostname", hostname);
+ _("rsh_security could not find canonical name for '%s': %s"),
+ hostname, gai_strerror(result));
(*fn)(arg, &rh->sech, S_ERROR);
return;
}
}
if(rh->rc->read == -1) {
if (runrsh(rh->rs->rc, amandad_path, client_username) < 0) {
- security_seterror(&rh->sech, "can't connect to %s: %s",
+ security_seterror(&rh->sech, _("can't connect to %s: %s"),
hostname, rh->rs->rc->errmsg);
goto error;
}
memset(rpipe, -1, SIZEOF(rpipe));
memset(wpipe, -1, SIZEOF(wpipe));
if (pipe(rpipe) < 0 || pipe(wpipe) < 0) {
- rc->errmsg = newvstralloc(rc->errmsg, "pipe: ", strerror(errno), NULL);
+ rc->errmsg = newvstrallocf(rc->errmsg, _("pipe: %s"), strerror(errno));
return (-1);
}
switch (rc->pid = fork()) {
case -1:
- rc->errmsg = newvstralloc(rc->errmsg, "fork: ", strerror(errno), NULL);
+ rc->errmsg = newvstrallocf(rc->errmsg, _("fork: %s"), strerror(errno));
aclose(rpipe[0]);
aclose(rpipe[1]);
aclose(wpipe[0]);
return (0);
}
+ /* drop root privs permanently */
+ set_root_privs(-1);
+
safe_fd(-1, 0);
if(!xamandad_path || strlen(xamandad_path) <= 1)
- xamandad_path = vstralloc(libexecdir, "/", "amandad",
- versionsuffix(), NULL);
+ xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL);
if(!xclient_username || strlen(xclient_username) <= 1)
xclient_username = CLIENT_LOGIN;
execlp(RSH_PATH, RSH_PATH, "-l", xclient_username,
- rc->hostname, xamandad_path, "-auth=rsh", "amdump", "amindexd",
- "amidxtaped", (char *)NULL);
- error("error: couldn't exec %s: %s", RSH_PATH, strerror(errno));
+ rc->hostname, xamandad_path, "-auth=rsh", (char *)NULL);
+ error(_("error: couldn't exec %s: %s"), RSH_PATH, strerror(errno));
/* should never go here, shut up compiler warning */
return(-1);
}
-
-#endif /* RSH_SECURITY */