1040 /*
1041 * Kerberos Authentication succeeded,
1042 * so set the proper program name to use
1043 * with pam (important during 'cleanup'
1044 * routine later).
1045 */
1046 pam_prog_name = KRB5_PROG_NAME;
1047 }
1048 }
1049
1050 if (write(f, "", 1) != 1) {
1051 syslog(LOG_NOTICE,
1052 "send of the zero byte(to %s) failed:"
1053 " cannot start data transfer mode\n",
1054 (no_name ? abuf : hostname));
1055 exit(EXIT_FAILURE);
1056 }
1057 if ((p = open("/dev/ptmx", O_RDWR)) == -1)
1058 fatalperror(f, "cannot open /dev/ptmx");
1059 if (grantpt(p) == -1)
1060 fatal(f, "could not grant slave pty");
1061 if (unlockpt(p) == -1)
1062 fatal(f, "could not unlock slave pty");
1063 if ((line = ptsname(p)) == NULL)
1064 fatal(f, "could not enable slave pty");
1065 if ((t = open(line, O_RDWR)) == -1)
1066 fatal(f, "could not open slave pty");
1067 if (ioctl(t, I_PUSH, "ptem") == -1)
1068 fatalperror(f, "ioctl I_PUSH ptem");
1069 if (ioctl(t, I_PUSH, "ldterm") == -1)
1070 fatalperror(f, "ioctl I_PUSH ldterm");
1071 if (ioctl(t, I_PUSH, "ttcompat") == -1)
1072 fatalperror(f, "ioctl I_PUSH ttcompat");
1073 /*
1074 * POP the sockmod and push the rlmod module.
1075 *
1076 * Note that sockmod has to be removed since readstream assumes
1077 * a "raw" TPI endpoint(e.g. it uses getmsg).
1078 */
1079 if (removemod(f, "sockmod") < 0)
1080 fatalperror(f, "couldn't remove sockmod");
1081
1082 if (encr_flag) {
1083 if (ioctl(f, I_PUSH, "cryptmod") < 0)
1084 fatalperror(f, "ioctl I_PUSH rlmod");
1085
1086 }
1111 * been drained at the stream head.
1112 */
1113 if ((nsize = readstream(f, rlbuf, BUFSIZ)) < 0)
1114 fatalperror(f, "readstream failed");
1115 /*
1116 * Make sure the pty doesn't modify the strings passed
1117 * to login as part of the "rlogin protocol." The login
1118 * program should set these flags to apropriate values
1119 * after it has read the strings.
1120 */
1121 if (ioctl(t, TCGETS, &tp) == -1)
1122 fatalperror(f, "ioctl TCGETS");
1123 tp.c_lflag &= ~(ECHO|ICANON);
1124 tp.c_oflag &= ~(XTABS|OCRNL);
1125 tp.c_iflag &= ~(IGNPAR|ICRNL);
1126 if (ioctl(t, TCSETS, &tp) == -1)
1127 fatalperror(f, "ioctl TCSETS");
1128
1129 /*
1130 * System V ptys allow the TIOC{SG}WINSZ ioctl to be
1131 * issued on the master side of the pty. Luckily, that's
1132 * the only tty ioctl we need to do do, so we can close the
1133 * slave side in the parent process after the fork.
1134 */
1135 (void) ioctl(p, TIOCSWINSZ, &win);
1136
1137 pid = fork();
1138 if (pid < 0)
1139 fatalperror(f, "fork");
1140 if (pid == 0) {
1141 int tt;
1142 struct utmpx ut;
1143
1144 /* System V login expects a utmp entry to already be there */
1145 (void) memset(&ut, 0, sizeof (ut));
1146 (void) strncpy(ut.ut_user, ".rlogin", sizeof (ut.ut_user));
1147 (void) strncpy(ut.ut_line, line, sizeof (ut.ut_line));
1148 ut.ut_pid = getpid();
1149 ut.ut_id[0] = 'r';
1150 ut.ut_id[1] = (char)SC_WILDC;
1151 ut.ut_id[2] = (char)SC_WILDC;
1152 ut.ut_id[3] = (char)SC_WILDC;
1153 ut.ut_type = LOGIN_PROCESS;
1154 ut.ut_exit.e_termination = 0;
1155 ut.ut_exit.e_exit = 0;
1156 (void) time(&ut.ut_tv.tv_sec);
1157 if (makeutx(&ut) == NULL)
1158 syslog(LOG_INFO, "in.rlogind:\tmakeutx failed");
1159
1160 /* controlling tty */
1161 if (setsid() == -1)
1162 fatalperror(f, "setsid");
1163 if ((tt = open(line, O_RDWR)) == -1)
1164 fatalperror(f, "could not re-open slave pty");
1165
1166 if (close(p) == -1)
1167 fatalperror(f, "error closing pty master");
1168 if (close(t) == -1)
1169 fatalperror(f, "error closing pty slave"
1170 " opened before session established");
1171 /*
1172 * If this fails we may or may not be able to output an
1173 * error message.
1174 */
1175 if (close(f) == -1)
1176 fatalperror(f, "error closing deamon stdout");
1177 if (dup2(tt, STDIN_FILENO) == -1 ||
1178 dup2(tt, STDOUT_FILENO) == -1 ||
1179 dup2(tt, STDERR_FILENO) == -1)
1180 exit(EXIT_FAILURE); /* Disaster! No stderr! */
1181
1182 (void) close(tt);
1183
1184 if (use_auth == KRB5_RECVAUTH_V5 &&
1185 krusername != NULL && strlen(krusername)) {
1186 (void) execl(LOGIN_PROGRAM, "login",
1187 "-d", line,
1188 "-r", hostname,
1189 "-u", krusername, /* KRB5 principal name */
1192 "-U", rusername, /* Remote User */
1193 "-R", KRB5_REPOSITORY_NAME,
1194 lusername, /* local user */
1195 NULL);
1196 } else {
1197 (void) execl(LOGIN_PROGRAM, "login",
1198 "-d", line,
1199 "-r", hostname,
1200 NULL);
1201 }
1202
1203 fatalperror(STDERR_FILENO, "/bin/login");
1204 /*NOTREACHED*/
1205 }
1206 (void) close(t);
1207 (void) ioctl(f, FIONBIO, &on);
1208 (void) ioctl(p, FIONBIO, &on);
1209
1210 /*
1211 * Must ignore SIGTTOU, otherwise we'll stop
1212 * when we try and set slave pty's window shape
1213 * (our controlling tty is the master pty).
1214 * Likewise, we don't want any of the tty-generated
1215 * signals from chars passing through.
1216 */
1217 (void) sigset(SIGTSTP, SIG_IGN);
1218 (void) sigset(SIGINT, SIG_IGN);
1219 (void) sigset(SIGQUIT, SIG_IGN);
1220 (void) sigset(SIGTTOU, SIG_IGN);
1221 (void) sigset(SIGTTIN, SIG_IGN);
1222 (void) sigset(SIGCHLD, cleanup);
1223 (void) setpgrp();
1224
1225 if (encr_flag) {
1226 krb5_data ivec, *ivptr;
1227 uint_t ivec_usage;
1228 stop_stream(f, CRYPT_ENCRYPT|CRYPT_DECRYPT);
1229
1230 /*
1231 * Configure the STREAMS crypto module. For now,
1232 * don't use any IV parameter. KCMDV0.2 support
1233 * will require the use of Initialization Vectors
|
1040 /*
1041 * Kerberos Authentication succeeded,
1042 * so set the proper program name to use
1043 * with pam (important during 'cleanup'
1044 * routine later).
1045 */
1046 pam_prog_name = KRB5_PROG_NAME;
1047 }
1048 }
1049
1050 if (write(f, "", 1) != 1) {
1051 syslog(LOG_NOTICE,
1052 "send of the zero byte(to %s) failed:"
1053 " cannot start data transfer mode\n",
1054 (no_name ? abuf : hostname));
1055 exit(EXIT_FAILURE);
1056 }
1057 if ((p = open("/dev/ptmx", O_RDWR)) == -1)
1058 fatalperror(f, "cannot open /dev/ptmx");
1059 if (grantpt(p) == -1)
1060 fatal(f, "could not grant subsidiary pty");
1061 if (unlockpt(p) == -1)
1062 fatal(f, "could not unlock subsidiary pty");
1063 if ((line = ptsname(p)) == NULL)
1064 fatal(f, "could not enable subsidiary pty");
1065 if ((t = open(line, O_RDWR)) == -1)
1066 fatal(f, "could not open subsidiary pty");
1067 if (ioctl(t, I_PUSH, "ptem") == -1)
1068 fatalperror(f, "ioctl I_PUSH ptem");
1069 if (ioctl(t, I_PUSH, "ldterm") == -1)
1070 fatalperror(f, "ioctl I_PUSH ldterm");
1071 if (ioctl(t, I_PUSH, "ttcompat") == -1)
1072 fatalperror(f, "ioctl I_PUSH ttcompat");
1073 /*
1074 * POP the sockmod and push the rlmod module.
1075 *
1076 * Note that sockmod has to be removed since readstream assumes
1077 * a "raw" TPI endpoint(e.g. it uses getmsg).
1078 */
1079 if (removemod(f, "sockmod") < 0)
1080 fatalperror(f, "couldn't remove sockmod");
1081
1082 if (encr_flag) {
1083 if (ioctl(f, I_PUSH, "cryptmod") < 0)
1084 fatalperror(f, "ioctl I_PUSH rlmod");
1085
1086 }
1111 * been drained at the stream head.
1112 */
1113 if ((nsize = readstream(f, rlbuf, BUFSIZ)) < 0)
1114 fatalperror(f, "readstream failed");
1115 /*
1116 * Make sure the pty doesn't modify the strings passed
1117 * to login as part of the "rlogin protocol." The login
1118 * program should set these flags to apropriate values
1119 * after it has read the strings.
1120 */
1121 if (ioctl(t, TCGETS, &tp) == -1)
1122 fatalperror(f, "ioctl TCGETS");
1123 tp.c_lflag &= ~(ECHO|ICANON);
1124 tp.c_oflag &= ~(XTABS|OCRNL);
1125 tp.c_iflag &= ~(IGNPAR|ICRNL);
1126 if (ioctl(t, TCSETS, &tp) == -1)
1127 fatalperror(f, "ioctl TCSETS");
1128
1129 /*
1130 * System V ptys allow the TIOC{SG}WINSZ ioctl to be
1131 * issued on the manager side of the pty. Luckily, that's
1132 * the only tty ioctl we need to do do, so we can close the
1133 * subsidiary side in the parent process after the fork.
1134 */
1135 (void) ioctl(p, TIOCSWINSZ, &win);
1136
1137 pid = fork();
1138 if (pid < 0)
1139 fatalperror(f, "fork");
1140 if (pid == 0) {
1141 int tt;
1142 struct utmpx ut;
1143
1144 /* System V login expects a utmp entry to already be there */
1145 (void) memset(&ut, 0, sizeof (ut));
1146 (void) strncpy(ut.ut_user, ".rlogin", sizeof (ut.ut_user));
1147 (void) strncpy(ut.ut_line, line, sizeof (ut.ut_line));
1148 ut.ut_pid = getpid();
1149 ut.ut_id[0] = 'r';
1150 ut.ut_id[1] = (char)SC_WILDC;
1151 ut.ut_id[2] = (char)SC_WILDC;
1152 ut.ut_id[3] = (char)SC_WILDC;
1153 ut.ut_type = LOGIN_PROCESS;
1154 ut.ut_exit.e_termination = 0;
1155 ut.ut_exit.e_exit = 0;
1156 (void) time(&ut.ut_tv.tv_sec);
1157 if (makeutx(&ut) == NULL)
1158 syslog(LOG_INFO, "in.rlogind:\tmakeutx failed");
1159
1160 /* controlling tty */
1161 if (setsid() == -1)
1162 fatalperror(f, "setsid");
1163 if ((tt = open(line, O_RDWR)) == -1)
1164 fatalperror(f, "could not re-open subsidiary pty");
1165
1166 if (close(p) == -1)
1167 fatalperror(f, "error closing pty manager");
1168 if (close(t) == -1)
1169 fatalperror(f, "error closing pty subsidiary"
1170 " opened before session established");
1171 /*
1172 * If this fails we may or may not be able to output an
1173 * error message.
1174 */
1175 if (close(f) == -1)
1176 fatalperror(f, "error closing deamon stdout");
1177 if (dup2(tt, STDIN_FILENO) == -1 ||
1178 dup2(tt, STDOUT_FILENO) == -1 ||
1179 dup2(tt, STDERR_FILENO) == -1)
1180 exit(EXIT_FAILURE); /* Disaster! No stderr! */
1181
1182 (void) close(tt);
1183
1184 if (use_auth == KRB5_RECVAUTH_V5 &&
1185 krusername != NULL && strlen(krusername)) {
1186 (void) execl(LOGIN_PROGRAM, "login",
1187 "-d", line,
1188 "-r", hostname,
1189 "-u", krusername, /* KRB5 principal name */
1192 "-U", rusername, /* Remote User */
1193 "-R", KRB5_REPOSITORY_NAME,
1194 lusername, /* local user */
1195 NULL);
1196 } else {
1197 (void) execl(LOGIN_PROGRAM, "login",
1198 "-d", line,
1199 "-r", hostname,
1200 NULL);
1201 }
1202
1203 fatalperror(STDERR_FILENO, "/bin/login");
1204 /*NOTREACHED*/
1205 }
1206 (void) close(t);
1207 (void) ioctl(f, FIONBIO, &on);
1208 (void) ioctl(p, FIONBIO, &on);
1209
1210 /*
1211 * Must ignore SIGTTOU, otherwise we'll stop
1212 * when we try and set subsidiary pty's window shape
1213 * (our controlling tty is the manager pty).
1214 * Likewise, we don't want any of the tty-generated
1215 * signals from chars passing through.
1216 */
1217 (void) sigset(SIGTSTP, SIG_IGN);
1218 (void) sigset(SIGINT, SIG_IGN);
1219 (void) sigset(SIGQUIT, SIG_IGN);
1220 (void) sigset(SIGTTOU, SIG_IGN);
1221 (void) sigset(SIGTTIN, SIG_IGN);
1222 (void) sigset(SIGCHLD, cleanup);
1223 (void) setpgrp();
1224
1225 if (encr_flag) {
1226 krb5_data ivec, *ivptr;
1227 uint_t ivec_usage;
1228 stop_stream(f, CRYPT_ENCRYPT|CRYPT_DECRYPT);
1229
1230 /*
1231 * Configure the STREAMS crypto module. For now,
1232 * don't use any IV parameter. KCMDV0.2 support
1233 * will require the use of Initialization Vectors
|