X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Frsh-security.c;h=f1fa2a8076a68a9954457f3c0b91a4887e848cbe;hb=cb115640695b55ed9c0a8dbeb414219b09438aa7;hp=4c626ac54fc18c6a631157e3ffdab51e42759bb1;hpb=310f09c0f55a2fb6f3f3746d6ded20099792b773;p=debian%2Famanda diff --git a/common-src/rsh-security.c b/common-src/rsh-security.c index 4c626ac..f1fa2a8 100644 --- a/common-src/rsh-security.c +++ b/common-src/rsh-security.c @@ -25,7 +25,7 @@ */ /* - * $Id: rsh-security.c,v 1.31.2.1 2006/10/25 19:13:11 martinea Exp $ + * $Id: rsh-security.c,v 1.31 2006/08/21 20:17:10 martinea Exp $ * * rsh-security.c - security and transport over rsh or a rsh-like command. * @@ -37,21 +37,9 @@ #include "util.h" #include "event.h" #include "packet.h" -#include "queue.h" #include "security.h" #include "security-util.h" #include "stream.h" -#include "version.h" - -#ifdef RSH_SECURITY - -/*#define RSH_DEBUG*/ - -#ifdef RSH_DEBUG -#define rshprintf(x) dbprintf(x) -#else -#define rshprintf(x) -#endif /* * Path to the rsh binary. This should be configurable. @@ -88,6 +76,7 @@ const security_driver_t rsh_security_driver = { "RSH", rsh_connect, sec_accept, + sec_get_authenticated_peer_name_hostname, sec_close, stream_sendpkt, stream_recvpkt, @@ -103,6 +92,8 @@ const security_driver_t rsh_security_driver = { tcpm_stream_read_sync, tcpm_stream_read_cancel, tcpm_close_connection, + NULL, + NULL }; static int newhandle = 1; @@ -125,15 +116,14 @@ rsh_connect( void * arg, void * datap) { + int result; struct sec_handle *rh; - struct hostent *he; char *amandad_path=NULL, *client_username=NULL; assert(fn != NULL); assert(hostname != NULL); - rshprintf(("%s: rsh: rsh_connect: %s\n", debug_prefix_time(NULL), - hostname)); + auth_debug(1, _("rsh: rsh_connect: %s\n"), hostname); rh = alloc(SIZEOF(*rh)); security_handleinit(&rh->sech, &rsh_security_driver); @@ -142,14 +132,15 @@ rsh_connect( rh->ev_timeout = NULL; rh->rc = NULL; - - if ((he = gethostbyname(hostname)) == NULL) { + /* get the canonical hostname */ + rh->hostname = NULL; + if ((result = resolve_hostname(hostname, 0, NULL, &rh->hostname)) || rh->hostname == NULL) { security_seterror(&rh->sech, - "%s: could not resolve hostname", hostname); + _("rsh_security could not find canonical name for '%s': %s"), + hostname, gai_strerror(result)); (*fn)(arg, &rh->sech, S_ERROR); return; } - rh->hostname = stralloc(he->h_name); /* will be replaced */ rh->rs = tcpma_stream_client(rh, newhandle++); if (rh->rs == NULL) @@ -169,7 +160,7 @@ rsh_connect( } if(rh->rc->read == -1) { if (runrsh(rh->rs->rc, amandad_path, client_username) < 0) { - security_seterror(&rh->sech, "can't connect to %s: %s", + security_seterror(&rh->sech, _("can't connect to %s: %s"), hostname, rh->rs->rc->errmsg); goto error; } @@ -214,13 +205,13 @@ runrsh( memset(rpipe, -1, SIZEOF(rpipe)); memset(wpipe, -1, SIZEOF(wpipe)); if (pipe(rpipe) < 0 || pipe(wpipe) < 0) { - rc->errmsg = newvstralloc(rc->errmsg, "pipe: ", strerror(errno), NULL); + rc->errmsg = newvstrallocf(rc->errmsg, _("pipe: %s"), strerror(errno)); return (-1); } switch (rc->pid = fork()) { case -1: - rc->errmsg = newvstralloc(rc->errmsg, "fork: ", strerror(errno), NULL); + rc->errmsg = newvstrallocf(rc->errmsg, _("fork: %s"), strerror(errno)); aclose(rpipe[0]); aclose(rpipe[1]); aclose(wpipe[0]); @@ -238,21 +229,21 @@ runrsh( return (0); } + /* drop root privs permanently */ + set_root_privs(-1); + safe_fd(-1, 0); if(!xamandad_path || strlen(xamandad_path) <= 1) - xamandad_path = vstralloc(libexecdir, "/", "amandad", - versionsuffix(), NULL); + xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL); if(!xclient_username || strlen(xclient_username) <= 1) xclient_username = CLIENT_LOGIN; execlp(RSH_PATH, RSH_PATH, "-l", xclient_username, rc->hostname, xamandad_path, "-auth=rsh", "amdump", "amindexd", "amidxtaped", (char *)NULL); - error("error: couldn't exec %s: %s", RSH_PATH, strerror(errno)); + error(_("error: couldn't exec %s: %s"), RSH_PATH, strerror(errno)); /* should never go here, shut up compiler warning */ return(-1); } - -#endif /* RSH_SECURITY */