X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Frsh-security.c;h=f1fa2a8076a68a9954457f3c0b91a4887e848cbe;hb=b116e9366c7b2ea2c2eb53b0a13df4090e176235;hp=c98aed744d5cadd2bcdfde852afc9f87f405f77f;hpb=d3b2175e084f88c8736ad7073eacbf4670147aec;p=debian%2Famanda diff --git a/common-src/rsh-security.c b/common-src/rsh-security.c index c98aed7..f1fa2a8 100644 --- a/common-src/rsh-security.c +++ b/common-src/rsh-security.c @@ -37,13 +37,9 @@ #include "util.h" #include "event.h" #include "packet.h" -#include "queue.h" #include "security.h" #include "security-util.h" #include "stream.h" -#include "version.h" - -#ifdef RSH_SECURITY /* * Path to the rsh binary. This should be configurable. @@ -80,6 +76,7 @@ const security_driver_t rsh_security_driver = { "RSH", rsh_connect, sec_accept, + sec_get_authenticated_peer_name_hostname, sec_close, stream_sendpkt, stream_recvpkt, @@ -119,14 +116,14 @@ rsh_connect( void * arg, void * datap) { + int result; struct sec_handle *rh; char *amandad_path=NULL, *client_username=NULL; assert(fn != NULL); assert(hostname != NULL); - auth_debug(1, ("%s: rsh: rsh_connect: %s\n", debug_prefix_time(NULL), - hostname)); + auth_debug(1, _("rsh: rsh_connect: %s\n"), hostname); rh = alloc(SIZEOF(*rh)); security_handleinit(&rh->sech, &rsh_security_driver); @@ -135,10 +132,12 @@ rsh_connect( rh->ev_timeout = NULL; rh->rc = NULL; + /* get the canonical hostname */ rh->hostname = NULL; - if (try_resolving_hostname(hostname, &rh->hostname)) { + if ((result = resolve_hostname(hostname, 0, NULL, &rh->hostname)) || rh->hostname == NULL) { security_seterror(&rh->sech, - "%s: could not resolve hostname", hostname); + _("rsh_security could not find canonical name for '%s': %s"), + hostname, gai_strerror(result)); (*fn)(arg, &rh->sech, S_ERROR); return; } @@ -161,7 +160,7 @@ rsh_connect( } if(rh->rc->read == -1) { if (runrsh(rh->rs->rc, amandad_path, client_username) < 0) { - security_seterror(&rh->sech, "can't connect to %s: %s", + security_seterror(&rh->sech, _("can't connect to %s: %s"), hostname, rh->rs->rc->errmsg); goto error; } @@ -206,13 +205,13 @@ runrsh( memset(rpipe, -1, SIZEOF(rpipe)); memset(wpipe, -1, SIZEOF(wpipe)); if (pipe(rpipe) < 0 || pipe(wpipe) < 0) { - rc->errmsg = newvstralloc(rc->errmsg, "pipe: ", strerror(errno), NULL); + rc->errmsg = newvstrallocf(rc->errmsg, _("pipe: %s"), strerror(errno)); return (-1); } switch (rc->pid = fork()) { case -1: - rc->errmsg = newvstralloc(rc->errmsg, "fork: ", strerror(errno), NULL); + rc->errmsg = newvstrallocf(rc->errmsg, _("fork: %s"), strerror(errno)); aclose(rpipe[0]); aclose(rpipe[1]); aclose(wpipe[0]); @@ -230,21 +229,21 @@ runrsh( return (0); } + /* drop root privs permanently */ + set_root_privs(-1); + safe_fd(-1, 0); if(!xamandad_path || strlen(xamandad_path) <= 1) - xamandad_path = vstralloc(libexecdir, "/", "amandad", - versionsuffix(), NULL); + xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL); if(!xclient_username || strlen(xclient_username) <= 1) xclient_username = CLIENT_LOGIN; execlp(RSH_PATH, RSH_PATH, "-l", xclient_username, rc->hostname, xamandad_path, "-auth=rsh", "amdump", "amindexd", "amidxtaped", (char *)NULL); - error("error: couldn't exec %s: %s", RSH_PATH, strerror(errno)); + error(_("error: couldn't exec %s: %s"), RSH_PATH, strerror(errno)); /* should never go here, shut up compiler warning */ return(-1); } - -#endif /* RSH_SECURITY */