X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Frsh-security.c;h=f1fa2a8076a68a9954457f3c0b91a4887e848cbe;hb=cb115640695b55ed9c0a8dbeb414219b09438aa7;hp=26914c6845f1433b0a2445df54fe2a03155a969f;hpb=e442edb4d5816c4ad107ad9e71164f845eba70ad;p=debian%2Famanda diff --git a/common-src/rsh-security.c b/common-src/rsh-security.c index 26914c6..f1fa2a8 100644 --- a/common-src/rsh-security.c +++ b/common-src/rsh-security.c @@ -37,11 +37,9 @@ #include "util.h" #include "event.h" #include "packet.h" -#include "queue.h" #include "security.h" #include "security-util.h" #include "stream.h" -#include "version.h" /* * Path to the rsh binary. This should be configurable. @@ -78,6 +76,7 @@ const security_driver_t rsh_security_driver = { "RSH", rsh_connect, sec_accept, + sec_get_authenticated_peer_name_hostname, sec_close, stream_sendpkt, stream_recvpkt, @@ -117,6 +116,7 @@ rsh_connect( void * arg, void * datap) { + int result; struct sec_handle *rh; char *amandad_path=NULL, *client_username=NULL; @@ -132,10 +132,12 @@ rsh_connect( rh->ev_timeout = NULL; rh->rc = NULL; + /* get the canonical hostname */ rh->hostname = NULL; - if (resolve_hostname(hostname, 0, NULL, &rh->hostname) || rh->hostname == NULL) { + if ((result = resolve_hostname(hostname, 0, NULL, &rh->hostname)) || rh->hostname == NULL) { security_seterror(&rh->sech, - _("%s: could not resolve hostname"), hostname); + _("rsh_security could not find canonical name for '%s': %s"), + hostname, gai_strerror(result)); (*fn)(arg, &rh->sech, S_ERROR); return; } @@ -227,11 +229,13 @@ runrsh( return (0); } + /* drop root privs permanently */ + set_root_privs(-1); + safe_fd(-1, 0); if(!xamandad_path || strlen(xamandad_path) <= 1) - xamandad_path = vstralloc(amlibexecdir, "/", "amandad", - versionsuffix(), NULL); + xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL); if(!xclient_username || strlen(xclient_username) <= 1) xclient_username = CLIENT_LOGIN;