Imported Upstream version 3.2.0

[debian/amanda] / common-src / rsh-security.c

diff --git a/common-src/rsh-security.c b/common-src/rsh-security.c
index c98aed744d5cadd2bcdfde852afc9f87f405f77f..f1fa2a8076a68a9954457f3c0b91a4887e848cbe 100644 (file)
--- a/common-src/rsh-security.c
+++ b/common-src/rsh-security.c
@@ -37,13 +37,9 @@
 #include "util.h"
 #include "event.h"
 #include "packet.h"
-#include "queue.h"
 #include "security.h"
 #include "security-util.h"
 #include "stream.h"
-#include "version.h"
-
-#ifdef RSH_SECURITY
 
 /*
  * Path to the rsh binary.  This should be configurable.
@@ -80,6 +76,7 @@ const security_driver_t rsh_security_driver = {
     "RSH",
     rsh_connect,
     sec_accept,
+    sec_get_authenticated_peer_name_hostname,
     sec_close,
     stream_sendpkt,
     stream_recvpkt,
@@ -119,14 +116,14 @@ rsh_connect(
     void *             arg,
     void *             datap)
 {
+    int result;
     struct sec_handle *rh;
     char *amandad_path=NULL, *client_username=NULL;
 
     assert(fn != NULL);
     assert(hostname != NULL);
 
-    auth_debug(1, ("%s: rsh: rsh_connect: %s\n", debug_prefix_time(NULL),
-                  hostname));
+    auth_debug(1, _("rsh: rsh_connect: %s\n"), hostname);
 
     rh = alloc(SIZEOF(*rh));
     security_handleinit(&rh->sech, &rsh_security_driver);
@@ -135,10 +132,12 @@ rsh_connect(
     rh->ev_timeout = NULL;
     rh->rc = NULL;
 
+    /* get the canonical hostname */
     rh->hostname = NULL;
-    if (try_resolving_hostname(hostname, &rh->hostname)) {
+    if ((result = resolve_hostname(hostname, 0, NULL, &rh->hostname)) || rh->hostname == NULL) {
        security_seterror(&rh->sech,
-           "%s: could not resolve hostname", hostname);
+           _("rsh_security could not find canonical name for '%s': %s"),
+           hostname, gai_strerror(result));
        (*fn)(arg, &rh->sech, S_ERROR);
        return;
     }
@@ -161,7 +160,7 @@ rsh_connect(
     }
     if(rh->rc->read == -1) {
        if (runrsh(rh->rs->rc, amandad_path, client_username) < 0) {
-           security_seterror(&rh->sech, "can't connect to %s: %s",
+           security_seterror(&rh->sech, _("can't connect to %s: %s"),
                              hostname, rh->rs->rc->errmsg);
            goto error;
        }
@@ -206,13 +205,13 @@ runrsh(
     memset(rpipe, -1, SIZEOF(rpipe));
     memset(wpipe, -1, SIZEOF(wpipe));
     if (pipe(rpipe) < 0 || pipe(wpipe) < 0) {
-       rc->errmsg = newvstralloc(rc->errmsg, "pipe: ", strerror(errno), NULL);
+       rc->errmsg = newvstrallocf(rc->errmsg, _("pipe: %s"), strerror(errno));
        return (-1);
     }
 
     switch (rc->pid = fork()) {
     case -1:
-       rc->errmsg = newvstralloc(rc->errmsg, "fork: ", strerror(errno), NULL);
+       rc->errmsg = newvstrallocf(rc->errmsg, _("fork: %s"), strerror(errno));
        aclose(rpipe[0]);
        aclose(rpipe[1]);
        aclose(wpipe[0]);
@@ -230,21 +229,21 @@ runrsh(
        return (0);
     }
 
+    /* drop root privs permanently */
+    set_root_privs(-1);
+
     safe_fd(-1, 0);
 
     if(!xamandad_path || strlen(xamandad_path) <= 1) 
-       xamandad_path = vstralloc(libexecdir, "/", "amandad",
-                                versionsuffix(), NULL);
+       xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL);
     if(!xclient_username || strlen(xclient_username) <= 1)
        xclient_username = CLIENT_LOGIN;
 
     execlp(RSH_PATH, RSH_PATH, "-l", xclient_username,
           rc->hostname, xamandad_path, "-auth=rsh", "amdump", "amindexd",
           "amidxtaped", (char *)NULL);
-    error("error: couldn't exec %s: %s", RSH_PATH, strerror(errno));
+    error(_("error: couldn't exec %s: %s"), RSH_PATH, strerror(errno));
 
     /* should never go here, shut up compiler warning */
     return(-1);
 }
-
-#endif /* RSH_SECURITY */