diff --git a/ChangeLog b/ChangeLog index 4ac4f423..6ed2ba56 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ +2012-08-03 Mats Erik Andersson + + rlogind, rshd: Protocol exchange adherence. + The implementations in both, with and without + Kerberization, did not follow identical protocols. + + * libinetutils/kcmd.c (kcmd) [SHISHI]: Write remote user name + first, then the local user name, falling back to remote name. + * src/rlogind.c (do_shishi_login) [SHISHI]: Read local user + name first, then remote name. + * src/rshd.c (doit): Read `locuser' immediately before `command'. + [!KERBEROS && !SHISHI]: Read `remuser' first. + [KERBEROS || SHISHI]: Read `remuser' last. + [SHISHI]: Insert `Kerberized' into syslog message only for active + Kerberized connection. + + * src/rsh.c (options) [WITH_ORCMD_AF || WITH_RCMD_AF || SHISHI]: + Add SHISHI as provider of `--ipv4' and `--ipv6'. + + * doc/inetutils.text: Updated. + 2012-08-03 Mats Erik Andersson * configure.ac: Check whether `struct sockaddr_in6' diff --git a/doc/inetutils.texi b/doc/inetutils.texi index 002c903d..c1b67c8b 100644 --- a/doc/inetutils.texi +++ b/doc/inetutils.texi @@ -1715,11 +1715,17 @@ Reference Manual}. The options are as follows : @table @option -@item -K -@itemx --kerberos -@opindex -K -@opindex --kerberos -Turns off all Kerberos authentication. +@item -4 +@itemx --ipv4 +@opindex -4 +@opindex --ipv4 +Use only IPv4. + +@item -6 +@itemx --ipv6 +@opindex -6 +@opindex --ipv6 +Use only IPv6. @item -d @itemx --debug @@ -1732,26 +1738,38 @@ Turns on socket debugging used for communication with the remote host. @opindex -k @opindex --realm The option requests rsh to obtain tickets for the remote host in -@var{realm} realm instead of the remote host's realm. +realm @var{realm} instead of the remote host's realm. + +@item -K +@itemx --kerberos +@opindex -K +@opindex --kerberos +Turns off all Kerberos authentication. + +@item -l @var{user} +@itemx --user=@var{user} +@opindex -l +@opindex --user +By default, the remote username is the same as the local username. +The @option{-l} option and the @samp{username@@host} format allow the +remote user name to be specified. Kerberos authentication is used, +whenever available, and authorization is determined as in @command{rlogin} +(@pxref{rlogin invocation}). + +@item -n +@itemx --no-input +@opindex -n +@opindex --no-input +Use @file{/dev/null} for all input, and use no separate @samp{stderr} +at remote end. This option is void together with encryption. @item -x @itemx --encrypt @opindex -x @opindex --encrypt -Turns on DES encryption for all data passed via the rsh session. This +Turns on encryption for all data passed via the rsh session. This may impact response time and CPU utilization, but provides increased security. - -@item -l -@itemx --user -@opindex -l -@opindex --user -By default, the remote username is the same as the local username. -The @option{-l} option or the @samp{username@@host} format allow the -remote name to be specified. Kerberos authentication is used, and -authorization is determined as in @command{rlogin} (@pxref{rlogin -invocation}). - @end table If no command is specified, you will be logged in on the remote host @@ -1802,6 +1820,18 @@ Reference Manual}. The options are as follows : @table @option +@item -4 +@itemx --ipv4 +@opindex -4 +@opindex --ipv4 +Use only IPv4. + +@item -6 +@itemx --ipv6 +@opindex -6 +@opindex --ipv6 +Use only IPv6. + @item -8 @itemx --8-bit @opindex -8 @@ -1810,21 +1840,6 @@ Allows an eight-bit input data path at all times; otherwise parity bits are stripped except when the remote side's stop and start characters are other than @kbd{C-S}/@kbd{C-Q}. -@item -E -@item --no-escape -@itemx --no-escape -@opindex -E -@opindex --no-escape -Stops any character from being recognized as an escape character. -When used with the @option{-8} option, this provides a completely -transparent connection. - -@item -K -@itemx --kerberos -@opindex -K -@opindex --kerberos -Turns off all Kerberos authentication. - @item -d @itemx --debug @opindex -d @@ -1832,7 +1847,7 @@ Turns off all Kerberos authentication. Turns on socket debugging on the TCP sockets used for communication with the remote host. -@item -e +@item -e @var{char} @itemx --escape=@var{char} @opindex -e @opindex --escape @@ -1840,18 +1855,40 @@ Allows user specification of the escape character, which is @samp{~} by default. This specification may be as a literal character, or as an octal value in the form @samp{\nnn}. -@item -k +@item -E +@itemx --no-escape +@opindex -E +@opindex --no-escape +Stops any character from being recognized as an escape character. +When used with the @option{-8} option, this provides a completely +transparent connection. + +@item -k @var{realm} @itemx --realm=@var{realm} @opindex -k @opindex --realm The option requests rlogin to obtain tickets for the remote host in -@var{realm} realm instead of the remote host's realm. +realm @var{realm} instead of the remote host's realm. + +@item -K +@itemx --kerberos +@opindex -K +@opindex --kerberos +Turns off all Kerberos authentication. + +@item -l @var{user} +@itemx --user=@var{user} +@opindex -l +@opindex --user +By default, the remote username is the same as the local username. +This option, and the @samp{user@@host} format, allow the remote +user name to be made explicit, or changed. @item -x @itemx --encrypt @opindex -x @opindex --encrypt -Turns on DES encryption for all data passed via the rlogin session. +Turns on encryption for all data passed via the rlogin session. This may impact response time and CPU utilization, but provides increased security. @end table @@ -1906,28 +1943,52 @@ rcp [@var{option}]@dots{} @var{files}@dots{} @var{directory} @end example @table @option +@item -4 +@itemx --ipv4 +@opindex -4 +@opindex --ipv4 +Use only IPv4. + +@item -6 +@itemx --ipv6 +@opindex -6 +@opindex --ipv6 +Use only IPv6. + +@item -d @var{directory} +@itemx --target-directory=@var{directory} +@opindex -d +@opindex --target-directory +Copy all source arguments into @var{directory}. + +@item -f +@itemx --from +@opindex -f +@opindex --from +(Server mode only.) Copying from remote host. + +@item -k @var{realm} +@itemx --realm=@var{realm} +@opindex -k +@opindex --realm +The option requests rcp to obtain tickets for the remote host in +realm @var{realm} instead of the remote host's realm. + @item -K @itemx --kerberos @opindex -K @opindex --kerberos Turns off all Kerberos authentication. -@item -k -@itemx --realm=@var{realm} -@opindex -k -@opindex --realm -The option requests rcp to obtain tickets for the remote host in -@var{realm} realm instead of the remote host's realm. - @item -p @itemx --preserve @opindex -p @opindex --preserve Causes @code{rcp} to attempt to preserve (duplicate) in its copies the modification times and modes of the source files, ignoring the umask. -By default, the mode and owner of file are preserved if it already -existed; otherwise the mode of the source file modified by the -@code{umask} function on the destination host is used. +By default, the mode and owner of the target file are preserved +if the target itself already exists; otherwise the mode of the source +file is modified by the @code{umask} setting on the destination host. @item -r @itemx --recursive @@ -1937,12 +1998,18 @@ If any of the source files are directories, @command{rcp} copies each subtree rooted at that name; in this case the destination must be a directory. +@item -t +@itemx --to +@opindex -t +@opindex --to +(Server mode only.) Copying to remote host. + @item -x @itemx --encrypt @opindex -x @opindex --encrypt -Turns on DES encryption for all data passed via the rcp session. This -may impact response time and CPU utilization, but provides increased +Turns on encryption for all data passed via the @command{rcp} session. +This may impact response time and CPU utilization, but provides increased security. @end table @@ -3064,7 +3131,8 @@ request is received the following protocol is initiated: @enumerate @item The server checks the client's source port. If the port is not in the -range 512--1023, the server aborts the connection. +range 512--1023, the server aborts the connection. However, this +condition is not applied for Kerberized service. @item The server reads characters from the socket up to a NUL (@samp{\0}) @@ -3150,17 +3218,23 @@ Ask hostname for verification. @c @opindex --daemon @c Daemon mode. +@item -k +@itemx --kerberos +@opindex -k +@opindex --kerberos +Use Kerberos authentication. + @item -l @itemx --no-rhosts @opindex -l @opindex --no-rhosts Ignore @file{.rhosts} file. -@item -L @var{name} -@itemx --local-domain=@var{name} +@item -L +@itemx --log-sessions @opindex -L -@opindex --local-domain -Set local domain name. +@opindex --log-sessions +Log successful logins. @item -n @itemx --no-keepalive @@ -3168,25 +3242,32 @@ Set local domain name. @opindex --no-keepalive Do not set SO_KEEPALIVE. -@item -k -@itemx --kerberos -@opindex -k -@opindex --kerberos -Use kerberos IV authentication. +@item -S @var{name} +@itemx --servername=@var{name} +@opindex -S +@opindex --servername +Set Kerberos server name, overriding canonical hostname. -@item -x -@itemx --encrypt -@opindex -x -@opindex --encrypt -Turns on DES encryption for all data passed via the @command{rshd} -session. This may impact response time and CPU utilization, but -provides increased security. +@item -v +@itemx --vacuous +@opindex -v +@opindex --vacuous +Fail any call asking for non-Kerberos authentication. -@item -D[@var{level}] -@itemx --debug[=@var{level}] -@opindex -D -@opindex -debug -Set debug level, not implemented. +@c OBSOLETE? +@c @item -x +@c @itemx --encrypt +@c @opindex -x +@c @opindex --encrypt +@c Turns on DES encryption for all data passed via the @command{rshd} +@c session. This may impact response time and CPU utilization, but +@c provides increased security. + +@c @item -D[@var{level}] +@c @itemx --debug[=@var{level}] +@c @opindex -D +@c @opindex -debug +@c Set debug level, not implemented. @c @item -o @c @itemx --allow-root @@ -3327,6 +3408,18 @@ Ask hostname for verification. @opindex --daemon Daemon mode. +@item -D[@var{level}] +@itemx --debug[=@var{level}] +@opindex -D +@opindex -debug +Set debug level, not implemented. + +@item -k +@itemx --kerberos +@opindex -k +@opindex --kerberos +Use Kerberos authentication. + @item -l @itemx --no-rhosts @opindex -l @@ -3345,43 +3438,37 @@ Set local domain name. @opindex --no-keepalive Do not set SO_KEEPALIVE. -@item -k -@itemx --kerberos -@opindex -k -@opindex --kerberos -Use kerberos IV authentication. - -@item -x -@itemx --encrypt -@opindex -x -@opindex --encrypt -Turns on DES encryption for all data passed via the rlogind session. -This may impact response time and CPU utilization, but provides -increased security. - -@item -D[@var{level}] -@itemx --debug[=@var{level}] -@opindex -D -@opindex -debug -Set debug level, not implemented. - @item -o @itemx --allow-root @opindex -o @opindex --allow-root -Allow the root user to login, disabled by default. +Allow the root user to login. This is disallowed by default. @item -p @var{port} @itemx --port=@var{port} @opindex -p @opindex --port -Listen on given port (valid only in daemon mode). +Listen on given port. (Applicable only in daemon mode.) @item -r @itemx --reverse-required @opindex -r @opindex --reverse-required -Require reverse resolving of a remote host IP. +Require reverse resolving of remote host's numerical IP. + +@item -S @var{name} +@itemx --servername=@var{name} +@opindex -S +@opindex --servername +Set Kerberos server name, overriding canonical hostname. + +@item -x +@itemx --encrypt +@opindex -x +@opindex --encrypt +Turns on encryption for all data passed via the @command{rlogind} session. +This may impact response time and CPU utilization, but provides +increased security. @end table diff --git a/libinetutils/kcmd.c b/libinetutils/kcmd.c index 1d1858b4..5266b15d 100644 --- a/libinetutils/kcmd.c +++ b/libinetutils/kcmd.c @@ -431,16 +431,16 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short rport, char *locuser, realm)) != SHISHI_OK) goto bad2; - if (locuser && locuser[0]) - write (s, locuser, strlen (locuser) + 1); - else - write (s, *remuser, strlen (*remuser) + 1); + write (s, *remuser, strlen (*remuser) + 1); # endif /* SHISHI */ write (s, cmd, strlen (cmd) + 1); # ifdef SHISHI - write (s, *remuser, strlen (*remuser) + 1); + if (locuser && locuser[0]) + write (s, locuser, strlen (locuser) + 1); + else + write (s, *remuser, strlen (*remuser) + 1); write (s, &zero, sizeof (int)); /* XXX: not protocol */ # endif diff --git a/src/rlogind.c b/src/rlogind.c index 4af17cd1..76e2a270 100644 --- a/src/rlogind.c +++ b/src/rlogind.c @@ -964,8 +964,8 @@ do_rlogin (int infd, struct auth_data *ap) } #endif /* WITH_IRUSEROK_AF || WITH_IRUSEROK */ - getstr (infd, &ap->rusername, NULL); - getstr (infd, &ap->lusername, NULL); + getstr (infd, &ap->rusername, NULL); /* Requesting user. */ + getstr (infd, &ap->lusername, NULL); /* Acting user. */ getstr (infd, &ap->term, "TERM="); pwd = getpwnam (ap->lusername); @@ -1293,9 +1293,9 @@ do_shishi_login (int infd, struct auth_data *ad, const char **err_msg) } # endif - getstr (infd, &ad->rusername, NULL); + getstr (infd, &ad->lusername, NULL); /* Acting user. */ getstr (infd, &ad->term, "TERM="); - getstr (infd, &ad->lusername, NULL); + getstr (infd, &ad->rusername, NULL); /* Requesting user. */ rc = read (infd, &error, sizeof (int)); /* XXX: not protocol */ if ((rc != sizeof (int)) || error) diff --git a/src/rsh.c b/src/rsh.c index d2dbe99d..e01d662b 100644 --- a/src/rsh.c +++ b/src/rsh.c @@ -156,7 +156,7 @@ static struct argp_option options[] = { { "encrypt", 'x', NULL, 0, "encrypt all data transfer" }, #endif -#if defined WITH_ORCMD_AF || defined WITH_RCMD_AF +#if defined WITH_ORCMD_AF || defined WITH_RCMD_AF || defined SHISHI { "ipv4", '4', NULL, 0, "use only IPv4" }, { "ipv6", '6', NULL, 0, "use only IPv6" }, #endif diff --git a/src/rshd.c b/src/rshd.c index 30b87f6b..3805d9aa 100644 --- a/src/rshd.c +++ b/src/rshd.c @@ -86,7 +86,7 @@ */ /* - * remote shell server exchange protocol (client view!): + * remote shell server exchange protocol (server view!): * [port]\0 * remuser\0 * locuser\0 @@ -216,7 +216,7 @@ static struct argp_option options[] = { { "no-keepalive", 'n', NULL, 0, "do not set SO_KEEPALIVE" }, { "log-sessions", 'L', NULL, 0, - "log successfull logins" }, + "log successful logins" }, #if defined KERBEROS || defined SHISHI /* FIXME: The option semantics does not match that of others r* utilities */ { "kerberos", 'k', NULL, 0, @@ -838,10 +838,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) } else #endif /* KERBEROS || SHISHI */ - locuser = getstr ("locuser"); + remuser = getstr ("remuser"); /* The requesting user! */ /* Read three strings from the client. */ - remuser = getstr ("remuser"); /* The acting client! */ + locuser = getstr ("locuser"); /* The acting user! */ cmdbuf = getstr ("command"); #ifdef SHISHI @@ -916,7 +916,7 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) } # endif /* ENCRYPTION */ - locuser = getstr ("locuser"); /* The agent here! */ + remuser = getstr ("remuser"); /* The requesting user! */ rc = read (STDIN_FILENO, &error, sizeof (int)); /* XXX: not protocol */ if ((rc != sizeof (int)) || error) @@ -1608,10 +1608,12 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) else #endif /* KERBEROS */ syslog (LOG_INFO | LOG_AUTH, + "%s%s@%s as %s: cmd='%.80s'", #ifdef SHISHI - "Kerberized " + use_kerberos ? "Kerberized " : "", +#else + "", #endif - "%s@%s as %s: cmd='%.80s'", remuser, hostname, locuser, cmdbuf); } #ifdef SHISHI