*/
/*
- * $Id: rsh-security.c,v 1.31.2.1 2006/10/25 19:13:11 martinea Exp $
+ * $Id: rsh-security.c,v 1.31 2006/08/21 20:17:10 martinea Exp $
*
* rsh-security.c - security and transport over rsh or a rsh-like command.
*
#include "util.h"
#include "event.h"
#include "packet.h"
-#include "queue.h"
#include "security.h"
#include "security-util.h"
#include "stream.h"
-#include "version.h"
-
-#ifdef RSH_SECURITY
-
-/*#define RSH_DEBUG*/
-
-#ifdef RSH_DEBUG
-#define rshprintf(x) dbprintf(x)
-#else
-#define rshprintf(x)
-#endif
/*
* Path to the rsh binary. This should be configurable.
"RSH",
rsh_connect,
sec_accept,
+ sec_get_authenticated_peer_name_hostname,
sec_close,
stream_sendpkt,
stream_recvpkt,
tcpm_stream_read_sync,
tcpm_stream_read_cancel,
tcpm_close_connection,
+ NULL,
+ NULL
};
static int newhandle = 1;
void * arg,
void * datap)
{
+ int result;
struct sec_handle *rh;
- struct hostent *he;
char *amandad_path=NULL, *client_username=NULL;
assert(fn != NULL);
assert(hostname != NULL);
- rshprintf(("%s: rsh: rsh_connect: %s\n", debug_prefix_time(NULL),
- hostname));
+ auth_debug(1, _("rsh: rsh_connect: %s\n"), hostname);
rh = alloc(SIZEOF(*rh));
security_handleinit(&rh->sech, &rsh_security_driver);
rh->ev_timeout = NULL;
rh->rc = NULL;
-
- if ((he = gethostbyname(hostname)) == NULL) {
+ /* get the canonical hostname */
+ rh->hostname = NULL;
+ if ((result = resolve_hostname(hostname, 0, NULL, &rh->hostname)) || rh->hostname == NULL) {
security_seterror(&rh->sech,
- "%s: could not resolve hostname", hostname);
+ _("rsh_security could not find canonical name for '%s': %s"),
+ hostname, gai_strerror(result));
(*fn)(arg, &rh->sech, S_ERROR);
return;
}
- rh->hostname = stralloc(he->h_name); /* will be replaced */
rh->rs = tcpma_stream_client(rh, newhandle++);
if (rh->rs == NULL)
}
if(rh->rc->read == -1) {
if (runrsh(rh->rs->rc, amandad_path, client_username) < 0) {
- security_seterror(&rh->sech, "can't connect to %s: %s",
+ security_seterror(&rh->sech, _("can't connect to %s: %s"),
hostname, rh->rs->rc->errmsg);
goto error;
}
memset(rpipe, -1, SIZEOF(rpipe));
memset(wpipe, -1, SIZEOF(wpipe));
if (pipe(rpipe) < 0 || pipe(wpipe) < 0) {
- rc->errmsg = newvstralloc(rc->errmsg, "pipe: ", strerror(errno), NULL);
+ rc->errmsg = newvstrallocf(rc->errmsg, _("pipe: %s"), strerror(errno));
return (-1);
}
switch (rc->pid = fork()) {
case -1:
- rc->errmsg = newvstralloc(rc->errmsg, "fork: ", strerror(errno), NULL);
+ rc->errmsg = newvstrallocf(rc->errmsg, _("fork: %s"), strerror(errno));
aclose(rpipe[0]);
aclose(rpipe[1]);
aclose(wpipe[0]);
return (0);
}
+ /* drop root privs permanently */
+ set_root_privs(-1);
+
safe_fd(-1, 0);
if(!xamandad_path || strlen(xamandad_path) <= 1)
- xamandad_path = vstralloc(libexecdir, "/", "amandad",
- versionsuffix(), NULL);
+ xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL);
if(!xclient_username || strlen(xclient_username) <= 1)
xclient_username = CLIENT_LOGIN;
execlp(RSH_PATH, RSH_PATH, "-l", xclient_username,
rc->hostname, xamandad_path, "-auth=rsh", "amdump", "amindexd",
"amidxtaped", (char *)NULL);
- error("error: couldn't exec %s: %s", RSH_PATH, strerror(errno));
+ error(_("error: couldn't exec %s: %s"), RSH_PATH, strerror(errno));
/* should never go here, shut up compiler warning */
return(-1);
}
-
-#endif /* RSH_SECURITY */