home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Usenet 1994 October
/
usenetsourcesnewsgroupsinfomagicoctober1994disk2.iso
/
unix
/
volume22
/
auth-utils
/
part03
< prev
next >
Wrap
Text File
|
1990-04-29
|
12KB
|
378 lines
Subject: v22i005: Utilities for auth2.1 server, Part03/03
Newsgroups: comp.sources.unix
Approved: rsalz@uunet.UU.NET
X-Checksum-Snefru: 79f47823 c9e216d5 c5b8ab33 61bfe5b0
Submitted-by: Daniel J. Bernstein <brnstnd@acf10.nyu.edu>
Posting-number: Volume 22, Issue 5
Archive-name: auth-utils/part03
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of archive 3 (of 3)."
# Contents: aport/checkaport.c
# Wrapped by rsalz@litchi.bbn.com on Mon Apr 30 16:18:48 1990
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'aport/checkaport.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'aport/checkaport.c'\"
else
echo shar: Extracting \"'aport/checkaport.c'\" \(9972 characters\)
sed "s/^X//" >'aport/checkaport.c' <<'END_OF_FILE'
X/*
Xcheckaport.c: clean up and check security in AUTHDIR
X*/
X
X/* WARNING! checkaport should not be setuid auth, but it's probably */
X/* running as either auth or root! All privileged programs are */
X/* dangerous! Check them carefully! */
X
Xstatic char checkaportauthor[] =
X"checkaport was written by Daniel J. Bernstein.\n\
XInternet address: brnstnd@acf10.nyu.edu.\n";
X
Xstatic char checkaportversion[] =
X"checkaport version 1.0, April 23, 1990.\n\
XCopyright (c) 1990, Daniel J. Bernstein.\n\
XAll rights reserved.\n";
X
Xstatic char checkaportcopyright[] =
X"checkaport version 1.0, April 23, 1990.\n\
XCopyright (c) 1990, Daniel J. Bernstein.\n\
XAll rights reserved.\n\
X\n\
XUntil January 1, 1995, you are granted the following rights: A. To make\n\
Xcopies of this work in original form, so long as (1) the copies are exact\n\
Xand complete; (2) the copies include the copyright notice, this paragraph,\n\
Xand the disclaimer of warranty in their entirety. B. To distribute this\n\
Xwork, or copies made under the provisions above, so long as (1) this is\n\
Xthe original work and not a derivative form; (2) you do not charge a fee\n\
Xfor copying or for distribution; (3) you ensure that the distributed form\n\
Xincludes the copyright notice, this paragraph, and the disclaimer of\n\
Xwarranty in their entirety. These rights are temporary and revocable upon\n\
Xwritten, oral, or other notice by Daniel J. Bernstein. These rights are\n\
Xautomatically revoked on January 1, 1995. This copyright notice shall be\n\
Xgoverned by the laws of the state of New York.\n\
X\n\
XIf you have questions about checkaport or about this copyright notice,\n\
Xor if you would like additional rights beyond those granted above,\n\
Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
Xstatic char checkaportwarranty[] =
X"To the extent permitted by applicable law, Daniel J. Bernstein disclaims\n\
Xall warranties, explicit or implied, including but not limited to the\n\
Ximplied warranties of merchantability and fitness for a particular purpose.\n\
XDaniel J. Bernstein is not and shall not be liable for any damages,\n\
Xincidental or consequential, arising from the use of this program, even\n\
Xif you inform him of the possibility of such damages. This disclaimer\n\
Xshall be governed by the laws of the state of New York.\n\
X\n\
XIn other words, use this program at your own risk.\n\
X\n\
XIf you have questions about checkaport or about this disclaimer of warranty,\n\
Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
Xstatic char checkaportusage[] =
X"Usage: checkaport [ -ACHUVW ] \n\
XHelp: checkaport -H\n";
X
Xstatic char checkaporthelp[] =
X"checkaport goes through the auth directory, cleaning up and reporting\n\
Xany inconsistencies or security violations.\n\
X\n\
Xcheckaport -A: print authorship notice\n\
Xcheckaport -C: print copyright notice\n\
Xcheckaport -H: print this notice\n\
Xcheckaport -U: print short usage summary\n\
Xcheckaport -V: print version number\n\
Xcheckaport -W: print disclaimer of warranty\n\
X\n\
Xcheckaport: start checking\n\
X\n\
XIf you have questions about or suggestions for checkaport, please feel free\n\
Xto contact the author, Daniel J. Bernstein, at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
X#include <sys/types.h>
X#include <sys/dir.h>
X#include <sys/file.h>
X#ifdef BSD
X#include <limits.h>
X#endif
X#include <stdio.h>
Xextern int getopt();
Xextern char *optarg; /* these should be in getopt.h! */
Xextern int optind;
X#include "djberr.h"
X
X#ifndef AUTHDIR
X#define AUTHDIR "/usr/etc/auth"
X#endif
X
Xmain(argc,argv,envp)
Xint argc;
Xchar *argv[];
Xchar *envp[];
X{
X int opt;
X int uid = getuid();
X int euid = geteuid();
X DIR *dirp;
X struct direct *dp;
X int fd;
X char buf[32]; /* same length as in attachport */
X int r;
X char username[10];
X char usertemp[10];
X int pid;
X int pidchild;
X unsigned short port;
X unsigned long in;
X unsigned short rport;
X char pfn[sizeof(AUTHDIR) + 30];
X
X /* WARNING! We are probably running as auth or root! */
X
X while ((opt = getopt(argc,argv,"ACHUVW")) != EOF)
X switch(opt)
X {
X case 'A': (void) err(checkaportauthor); exit(1);
X case 'C': (void) err(checkaportcopyright); exit(1);
X case 'H': (void) err(checkaporthelp); exit(1);
X case 'U': (void) err(checkaportusage); exit(1);
X case 'V': (void) err(checkaportversion); exit(1);
X case 'W': (void) err(checkaportwarranty); exit(1);
X case '?': (void) err(checkaportusage); exit(1);
X }
X argv += optind, argc -= optind;
X
X if ((chdir(AUTHDIR) == -1) || chdir("tcp") == -1)
X {
X perrn2("checkaport: fatal: cannot change to directory %s/tcp",AUTHDIR);
X exit(2);
X }
X
X if (!(dirp = opendir(".")))
X {
X perrn2("checkaport: fatal: cannot read directory %s/tcp",AUTHDIR);
X exit(3);
X }
X
X while (dp = readdir(dirp))
X {
X if ((dp->d_name[0] == '.')
X &&((dp->d_name[1] == '\0')
X ||((dp->d_name[1] == '.')
X &&(dp->d_name[2] == '\0'))))
X continue;
X switch(dp->d_name[0])
X {
X case 'l':
X if (sscanf(dp->d_name,"lock.%hd",&port) < 1)
X {
X errn2("checkaport: warning: UFO %s",dp->d_name);
X }
X else if (((fd = open(dp->d_name,O_RDONLY)) == -1)
X &&(flock(fd,LOCK_EX) == -1))
X {
X perrn2("checkaport: warning: cannot open %s",dp->d_name);
X }
X else if ((r = read(fd,buf,31)) <= 0)
X {
X errn2("checkaport: warning: cannot read %s, deleting",dp->d_name);
X (void) close(fd);
X (void) unlink(dp->d_name);
X }
X else
X {
X buf[r] = '\0';
X (void) close(fd);
X if (buf[0] == '!')
X {
X errn2("checkaport: warning: corrupted lock file %s",dp->d_name);
X errn2("checkaport: contents of lock file: %s",buf);
X errn("checkaport: this may be an attempted security breach!");
X }
X else if (sscanf(buf,"%d-%8s",&pid,username) < 2)
X if (sscanf(buf,"%d:%D.%hd %8s",&pid,&in,&rport,username) < 4)
X {
X errn2("checkaport: warning: UFO contents %s",dp->d_name);
X }
X else /* authtcp lock file */
X {
X sprintf(buf,"%D.%u.%u",in,port,rport);
X if (((fd = open(buf,O_RDONLY)) == -1)
X &&(flock(fd,LOCK_EX) == -1))
X {
X perrn2("checkaport: warning: cannot open %s",buf);
X errn2("checkaport: came from lock %s",dp->d_name);
X }
X else
X {
X if ((r = read(fd,usertemp,8)) <= 0)
X r = 0;
X usertemp[r] = '\0';
X if (r == 0 || strcmp(usertemp,username))
X {
X errn("checkaport: warning: security breach!");
X errn2("checkaport: lock file %s",dp->d_name);
X errn2("checkaport: ILR %s",buf);
X errn2("checkaport: lock file user %s",username);
X errn2("checkaport: ILR user %s",usertemp);
X errn("checkaport: deleting both files");
X (void) unlink(dp->d_name);
X (void) unlink(buf);
X }
X (void) close(fd);
X }
X }
X if (kill(pid,0) == -1)
X {
X errn2("checkaport: warning: no pid for lock file %s, deleting",
X dp->d_name);
X (void) unlink(dp->d_name);
X }
X }
X break;
X case 'p':
X if (sscanf(dp->d_name,"ps.%d.%d",&pid,&pidchild) < 2)
X {
X errn2("checkaport: warning: UFO %s",dp->d_name);
X }
X else if (((fd = open(dp->d_name,O_RDONLY)) == -1)
X &&(flock(fd,LOCK_EX) == -1))
X {
X perrn2("checkaport: warning: cannot open %s",dp->d_name);
X }
X else if ((r = read(fd,pfn,sizeof(pfn) - 1)) <= 0)
X {
X errn2("checkaport: warning: cannot read %s",dp->d_name);
X (void) close(fd);
X }
X else
X {
X pfn[r] = '\0';
X (void) close(fd);
X if (strncmp(pfn,AUTHDIR,strlen(AUTHDIR)))
X {
X errn2("checkaport: warning: ps %s out of directory, deleting",
X dp->d_name);
X (void) unlink(dp->d_name);
X }
X else if (((fd = open(pfn,O_RDONLY)) == -1)
X &&(flock(fd,LOCK_EX) == -1))
X {
X perrn2("checkaport: warning: cannot open ilr %s",pfn);
X errn2("checkaport: came from ps %s, deleting",dp->d_name);
X (void) unlink(dp->d_name);
X }
X else
X {
X /* XXX: Can we do more tests here? */
X (void) close(fd);
X if (kill(pid,0) == -1)
X {
X errn2("checkaport: warning: no pid for ps file %s, deleting",buf);
X (void) unlink(buf);
X }
X else if (kill(pidchild,0) == -1)
X {
X errn2("checkaport: warning: no pid for ps file %s, deleting",buf);
X (void) unlink(buf);
X }
X }
X }
X break;
X default:
X if (sscanf(dp->d_name,"%D.%hd.%hd",&in,&port,&rport) < 3)
X {
X errn2("checkaport: warning: UFO %s",dp->d_name);
X }
X else if (((fd = open(dp->d_name,O_RDONLY)) == -1)
X &&(flock(fd,LOCK_EX) == -1))
X {
X perrn2("checkaport: warning: cannot open %s",dp->d_name);
X }
X else if ((r = read(fd,usertemp,8)) <= 0)
X {
X errn2("checkaport: warning: cannot read %s, deleting",dp->d_name);
X (void) close(fd);
X (void) unlink(dp->d_name);
X }
X else
X {
X usertemp[r] = '\0';
X (void) close(fd);
X sprintf(buf,"lock.%u",port);
X if (((fd = open(buf,O_RDONLY)) == -1)
X &&(flock(fd,LOCK_EX) == -1))
X {
X perrn2("checkaport: warning: cannot open lock %s",buf);
X errn2("checkaport: came from ilr %s, deleting",dp->d_name);
X (void) unlink(dp->d_name);
X }
X if ((r = read(fd,buf,31)) <= 0)
X {
X errn2("checkaport: weird: cannot read lock.%u",port);
X }
X else
X {
X buf[r] = '\0';
X (void) close(fd);
X if ((sscanf(buf,"%d-%8s",&pid,username) < 2)
X &&(sscanf(buf,"%d:%D.%hd %8s",&pid,&in,&rport,username) < 4))
X {
X errn2("checkaport: warning: corrupted lock file lock.%u",port);
X errn2("checkaport: came from ilr %s, deleting",dp->d_name);
X errn("checkaport: this may be an attempted security breach!");
X (void) unlink(dp->d_name);
X }
X if (r == 0 || strcmp(usertemp,username))
X {
X errn2("checkaport: warning: corrupted lock file lock.%u",port);
X errn2("checkaport: came from ilr %s, deleting",dp->d_name);
X errn2("checkaport: ilr user %s",usertemp);
X errn2("checkaport: lock file user %s",username);
X errn("checkaport: this may be an attempted security breach!");
X (void) unlink(dp->d_name);
X }
X }
X }
X break;
X }
X }
X
X (void) closedir(dirp);
X
X exit(0);
X}
END_OF_FILE
if test 9972 -ne `wc -c <'aport/checkaport.c'`; then
echo shar: \"'aport/checkaport.c'\" unpacked with wrong size!
fi
# end of 'aport/checkaport.c'
fi
echo shar: End of archive 3 \(of 3\).
cp /dev/null ark3isdone
MISSING=""
for I in 1 2 3 ; do
if test ! -f ark${I}isdone ; then
MISSING="${MISSING} ${I}"
fi
done
if test "${MISSING}" = "" ; then
echo You have unpacked all 3 archives.
rm -f ark[1-9]isdone
else
echo You still need to unpack the following archives:
echo " " ${MISSING}
fi
## End of shell archive.
exit 0
exit 0 # Just in case...
