1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
--- appl/rsh/rsh.c.orig
+++ b/appl/rsh/rsh.c
@@ -399,6 +399,8 @@
#endif /* KRB5 */
+#ifdef BROKEN_AUTH
+
static int
send_broken_auth(int s,
struct sockaddr *thisaddr,
@@ -428,6 +430,8 @@
return 0;
}
+#endif /* BROKEN_AUTH */
+
static int
proto (int s, int errsock,
const char *hostname, const char *local_user, const char *remote_user,
@@ -629,6 +633,8 @@
return res;
}
+#ifdef BROKEN_AUTH
+
static int
doit_broken (int argc,
char **argv,
@@ -702,6 +708,8 @@
}
}
+#endif
+
#if defined(KRB5)
static int
doit (const char *hostname,
@@ -796,7 +804,9 @@
{ "protocol", 'P', arg_string, &protocol_version_str,
"Protocol version [krb5]", "protocol" },
#endif
+#ifdef BROKEN_AUTH
{ "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
+#endif
#if defined(KRB5)
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
{ NULL, 'z', arg_negative_flag, &do_encrypt,
@@ -831,8 +841,10 @@
int
main(int argc, char **argv)
{
+#ifdef BROKEN_AUTH
int priv_port1, priv_port2;
int priv_socket1, priv_socket2;
+#endif
int argindex = 0;
int error;
struct addrinfo hints, *ai;
@@ -848,9 +860,11 @@
#endif
uid_t uid;
+#ifdef BROKEN_AUTH
priv_port1 = priv_port2 = IPPORT_RESERVED-1;
priv_socket1 = rresvport(&priv_port1);
priv_socket2 = rresvport(&priv_port2);
+#endif
uid = getuid ();
if (setuid (uid) || (uid != 0 && setuid(0) == 0))
err (1, "setuid");
@@ -907,6 +921,7 @@
#endif
+#ifdef BROKEN_AUTH
if (use_only_broken) {
#ifdef KRB5
use_v5 = 0;
@@ -918,6 +933,7 @@
errx (1, "unable to bind reserved port: is rsh setuid root?");
use_broken = 0;
}
+#endif
#if defined(KRB5)
if (do_encrypt == 1 && use_only_broken)
@@ -956,8 +972,10 @@
}
if (argindex == argc) {
+#ifdef BROKEN_AUTH
close (priv_socket1);
close (priv_socket2);
+#endif
argv[0] = "rlogin";
execvp ("rlogin", argv);
err (1, "execvp rlogin");
@@ -1004,6 +1022,7 @@
freeaddrinfo(ai);
}
#endif
+#ifdef BROKEN_AUTH
if (ret && use_broken) {
memset (&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
@@ -1027,6 +1046,7 @@
cmd, cmd_len);
freeaddrinfo(ai);
}
+#endif
free(cmd);
return ret;
}
--- appl/rsh/rshd.c.orig
+++ b/appl/rsh/rshd.c
@@ -131,6 +131,7 @@
fatal(s, NULL, "%s too long", expl);
}
+#ifdef BROKEN_AUTH
static int
recv_bsd_auth (int s, u_char *buf,
struct sockaddr_in *thisaddr,
@@ -152,6 +153,7 @@
fatal(s, NULL, "Login incorrect.");
return 0;
}
+#endif
#ifdef KRB5
static int
@@ -658,10 +660,11 @@
/*
* we only do reserved port for IPv4
*/
-
+#ifdef BROKEN_AUTH
if (erraddr->sa_family == AF_INET)
errsock = rresvport (&priv_port);
else
+#endif
errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
if (errsock < 0)
syslog_and_die ("socket: %s", strerror(errno));
@@ -689,6 +692,7 @@
syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
buf[0], buf[1], buf[2], buf[3]);
} else {
+#ifdef BROKEN_AUTH
if(recv_bsd_auth (s, buf,
(struct sockaddr_in *)thisaddr,
(struct sockaddr_in *)thataddr,
@@ -702,6 +706,9 @@
}
} else
syslog_and_die("recv_bsd_auth failed");
+#else
+ syslog_and_die("recv_bsd_auth is disabled for security reasons");
+#endif
}
if (client_user == NULL || server_user == NULL || cmd == NULL)
|
