home *** CD-ROM | disk | FTP | other *** search
- Subject: v22i005: Utilities for auth2.1 server, Part03/03
- Newsgroups: comp.sources.unix
- Approved: rsalz@uunet.UU.NET
- X-Checksum-Snefru: 79f47823 c9e216d5 c5b8ab33 61bfe5b0
-
- Submitted-by: Daniel J. Bernstein <brnstnd@acf10.nyu.edu>
- Posting-number: Volume 22, Issue 5
- Archive-name: auth-utils/part03
-
- #! /bin/sh
- # This is a shell archive. Remove anything before this line, then unpack
- # it by saving it into a file and typing "sh file". To overwrite existing
- # files, type "sh file -c". You can also feed this as standard input via
- # unshar, or by typing "sh <file", e.g.. If this archive is complete, you
- # will see the following message at the end:
- # "End of archive 3 (of 3)."
- # Contents: aport/checkaport.c
- # Wrapped by rsalz@litchi.bbn.com on Mon Apr 30 16:18:48 1990
- PATH=/bin:/usr/bin:/usr/ucb ; export PATH
- if test -f 'aport/checkaport.c' -a "${1}" != "-c" ; then
- echo shar: Will not clobber existing file \"'aport/checkaport.c'\"
- else
- echo shar: Extracting \"'aport/checkaport.c'\" \(9972 characters\)
- sed "s/^X//" >'aport/checkaport.c' <<'END_OF_FILE'
- X/*
- Xcheckaport.c: clean up and check security in AUTHDIR
- X*/
- X
- X/* WARNING! checkaport should not be setuid auth, but it's probably */
- X/* running as either auth or root! All privileged programs are */
- X/* dangerous! Check them carefully! */
- X
- Xstatic char checkaportauthor[] =
- X"checkaport was written by Daniel J. Bernstein.\n\
- XInternet address: brnstnd@acf10.nyu.edu.\n";
- X
- Xstatic char checkaportversion[] =
- X"checkaport version 1.0, April 23, 1990.\n\
- XCopyright (c) 1990, Daniel J. Bernstein.\n\
- XAll rights reserved.\n";
- X
- Xstatic char checkaportcopyright[] =
- X"checkaport version 1.0, April 23, 1990.\n\
- XCopyright (c) 1990, Daniel J. Bernstein.\n\
- XAll rights reserved.\n\
- X\n\
- XUntil January 1, 1995, you are granted the following rights: A. To make\n\
- Xcopies of this work in original form, so long as (1) the copies are exact\n\
- Xand complete; (2) the copies include the copyright notice, this paragraph,\n\
- Xand the disclaimer of warranty in their entirety. B. To distribute this\n\
- Xwork, or copies made under the provisions above, so long as (1) this is\n\
- Xthe original work and not a derivative form; (2) you do not charge a fee\n\
- Xfor copying or for distribution; (3) you ensure that the distributed form\n\
- Xincludes the copyright notice, this paragraph, and the disclaimer of\n\
- Xwarranty in their entirety. These rights are temporary and revocable upon\n\
- Xwritten, oral, or other notice by Daniel J. Bernstein. These rights are\n\
- Xautomatically revoked on January 1, 1995. This copyright notice shall be\n\
- Xgoverned by the laws of the state of New York.\n\
- X\n\
- XIf you have questions about checkaport or about this copyright notice,\n\
- Xor if you would like additional rights beyond those granted above,\n\
- Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\
- Xon the Internet.\n";
- X
- Xstatic char checkaportwarranty[] =
- X"To the extent permitted by applicable law, Daniel J. Bernstein disclaims\n\
- Xall warranties, explicit or implied, including but not limited to the\n\
- Ximplied warranties of merchantability and fitness for a particular purpose.\n\
- XDaniel J. Bernstein is not and shall not be liable for any damages,\n\
- Xincidental or consequential, arising from the use of this program, even\n\
- Xif you inform him of the possibility of such damages. This disclaimer\n\
- Xshall be governed by the laws of the state of New York.\n\
- X\n\
- XIn other words, use this program at your own risk.\n\
- X\n\
- XIf you have questions about checkaport or about this disclaimer of warranty,\n\
- Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\
- Xon the Internet.\n";
- X
- Xstatic char checkaportusage[] =
- X"Usage: checkaport [ -ACHUVW ] \n\
- XHelp: checkaport -H\n";
- X
- Xstatic char checkaporthelp[] =
- X"checkaport goes through the auth directory, cleaning up and reporting\n\
- Xany inconsistencies or security violations.\n\
- X\n\
- Xcheckaport -A: print authorship notice\n\
- Xcheckaport -C: print copyright notice\n\
- Xcheckaport -H: print this notice\n\
- Xcheckaport -U: print short usage summary\n\
- Xcheckaport -V: print version number\n\
- Xcheckaport -W: print disclaimer of warranty\n\
- X\n\
- Xcheckaport: start checking\n\
- X\n\
- XIf you have questions about or suggestions for checkaport, please feel free\n\
- Xto contact the author, Daniel J. Bernstein, at brnstnd@acf10.nyu.edu\n\
- Xon the Internet.\n";
- X
- X#include <sys/types.h>
- X#include <sys/dir.h>
- X#include <sys/file.h>
- X#ifdef BSD
- X#include <limits.h>
- X#endif
- X#include <stdio.h>
- Xextern int getopt();
- Xextern char *optarg; /* these should be in getopt.h! */
- Xextern int optind;
- X#include "djberr.h"
- X
- X#ifndef AUTHDIR
- X#define AUTHDIR "/usr/etc/auth"
- X#endif
- X
- Xmain(argc,argv,envp)
- Xint argc;
- Xchar *argv[];
- Xchar *envp[];
- X{
- X int opt;
- X int uid = getuid();
- X int euid = geteuid();
- X DIR *dirp;
- X struct direct *dp;
- X int fd;
- X char buf[32]; /* same length as in attachport */
- X int r;
- X char username[10];
- X char usertemp[10];
- X int pid;
- X int pidchild;
- X unsigned short port;
- X unsigned long in;
- X unsigned short rport;
- X char pfn[sizeof(AUTHDIR) + 30];
- X
- X /* WARNING! We are probably running as auth or root! */
- X
- X while ((opt = getopt(argc,argv,"ACHUVW")) != EOF)
- X switch(opt)
- X {
- X case 'A': (void) err(checkaportauthor); exit(1);
- X case 'C': (void) err(checkaportcopyright); exit(1);
- X case 'H': (void) err(checkaporthelp); exit(1);
- X case 'U': (void) err(checkaportusage); exit(1);
- X case 'V': (void) err(checkaportversion); exit(1);
- X case 'W': (void) err(checkaportwarranty); exit(1);
- X case '?': (void) err(checkaportusage); exit(1);
- X }
- X argv += optind, argc -= optind;
- X
- X if ((chdir(AUTHDIR) == -1) || chdir("tcp") == -1)
- X {
- X perrn2("checkaport: fatal: cannot change to directory %s/tcp",AUTHDIR);
- X exit(2);
- X }
- X
- X if (!(dirp = opendir(".")))
- X {
- X perrn2("checkaport: fatal: cannot read directory %s/tcp",AUTHDIR);
- X exit(3);
- X }
- X
- X while (dp = readdir(dirp))
- X {
- X if ((dp->d_name[0] == '.')
- X &&((dp->d_name[1] == '\0')
- X ||((dp->d_name[1] == '.')
- X &&(dp->d_name[2] == '\0'))))
- X continue;
- X switch(dp->d_name[0])
- X {
- X case 'l':
- X if (sscanf(dp->d_name,"lock.%hd",&port) < 1)
- X {
- X errn2("checkaport: warning: UFO %s",dp->d_name);
- X }
- X else if (((fd = open(dp->d_name,O_RDONLY)) == -1)
- X &&(flock(fd,LOCK_EX) == -1))
- X {
- X perrn2("checkaport: warning: cannot open %s",dp->d_name);
- X }
- X else if ((r = read(fd,buf,31)) <= 0)
- X {
- X errn2("checkaport: warning: cannot read %s, deleting",dp->d_name);
- X (void) close(fd);
- X (void) unlink(dp->d_name);
- X }
- X else
- X {
- X buf[r] = '\0';
- X (void) close(fd);
- X if (buf[0] == '!')
- X {
- X errn2("checkaport: warning: corrupted lock file %s",dp->d_name);
- X errn2("checkaport: contents of lock file: %s",buf);
- X errn("checkaport: this may be an attempted security breach!");
- X }
- X else if (sscanf(buf,"%d-%8s",&pid,username) < 2)
- X if (sscanf(buf,"%d:%D.%hd %8s",&pid,&in,&rport,username) < 4)
- X {
- X errn2("checkaport: warning: UFO contents %s",dp->d_name);
- X }
- X else /* authtcp lock file */
- X {
- X sprintf(buf,"%D.%u.%u",in,port,rport);
- X if (((fd = open(buf,O_RDONLY)) == -1)
- X &&(flock(fd,LOCK_EX) == -1))
- X {
- X perrn2("checkaport: warning: cannot open %s",buf);
- X errn2("checkaport: came from lock %s",dp->d_name);
- X }
- X else
- X {
- X if ((r = read(fd,usertemp,8)) <= 0)
- X r = 0;
- X usertemp[r] = '\0';
- X if (r == 0 || strcmp(usertemp,username))
- X {
- X errn("checkaport: warning: security breach!");
- X errn2("checkaport: lock file %s",dp->d_name);
- X errn2("checkaport: ILR %s",buf);
- X errn2("checkaport: lock file user %s",username);
- X errn2("checkaport: ILR user %s",usertemp);
- X errn("checkaport: deleting both files");
- X (void) unlink(dp->d_name);
- X (void) unlink(buf);
- X }
- X (void) close(fd);
- X }
- X }
- X if (kill(pid,0) == -1)
- X {
- X errn2("checkaport: warning: no pid for lock file %s, deleting",
- X dp->d_name);
- X (void) unlink(dp->d_name);
- X }
- X }
- X break;
- X case 'p':
- X if (sscanf(dp->d_name,"ps.%d.%d",&pid,&pidchild) < 2)
- X {
- X errn2("checkaport: warning: UFO %s",dp->d_name);
- X }
- X else if (((fd = open(dp->d_name,O_RDONLY)) == -1)
- X &&(flock(fd,LOCK_EX) == -1))
- X {
- X perrn2("checkaport: warning: cannot open %s",dp->d_name);
- X }
- X else if ((r = read(fd,pfn,sizeof(pfn) - 1)) <= 0)
- X {
- X errn2("checkaport: warning: cannot read %s",dp->d_name);
- X (void) close(fd);
- X }
- X else
- X {
- X pfn[r] = '\0';
- X (void) close(fd);
- X if (strncmp(pfn,AUTHDIR,strlen(AUTHDIR)))
- X {
- X errn2("checkaport: warning: ps %s out of directory, deleting",
- X dp->d_name);
- X (void) unlink(dp->d_name);
- X }
- X else if (((fd = open(pfn,O_RDONLY)) == -1)
- X &&(flock(fd,LOCK_EX) == -1))
- X {
- X perrn2("checkaport: warning: cannot open ilr %s",pfn);
- X errn2("checkaport: came from ps %s, deleting",dp->d_name);
- X (void) unlink(dp->d_name);
- X }
- X else
- X {
- X /* XXX: Can we do more tests here? */
- X (void) close(fd);
- X if (kill(pid,0) == -1)
- X {
- X errn2("checkaport: warning: no pid for ps file %s, deleting",buf);
- X (void) unlink(buf);
- X }
- X else if (kill(pidchild,0) == -1)
- X {
- X errn2("checkaport: warning: no pid for ps file %s, deleting",buf);
- X (void) unlink(buf);
- X }
- X }
- X }
- X break;
- X default:
- X if (sscanf(dp->d_name,"%D.%hd.%hd",&in,&port,&rport) < 3)
- X {
- X errn2("checkaport: warning: UFO %s",dp->d_name);
- X }
- X else if (((fd = open(dp->d_name,O_RDONLY)) == -1)
- X &&(flock(fd,LOCK_EX) == -1))
- X {
- X perrn2("checkaport: warning: cannot open %s",dp->d_name);
- X }
- X else if ((r = read(fd,usertemp,8)) <= 0)
- X {
- X errn2("checkaport: warning: cannot read %s, deleting",dp->d_name);
- X (void) close(fd);
- X (void) unlink(dp->d_name);
- X }
- X else
- X {
- X usertemp[r] = '\0';
- X (void) close(fd);
- X sprintf(buf,"lock.%u",port);
- X if (((fd = open(buf,O_RDONLY)) == -1)
- X &&(flock(fd,LOCK_EX) == -1))
- X {
- X perrn2("checkaport: warning: cannot open lock %s",buf);
- X errn2("checkaport: came from ilr %s, deleting",dp->d_name);
- X (void) unlink(dp->d_name);
- X }
- X if ((r = read(fd,buf,31)) <= 0)
- X {
- X errn2("checkaport: weird: cannot read lock.%u",port);
- X }
- X else
- X {
- X buf[r] = '\0';
- X (void) close(fd);
- X if ((sscanf(buf,"%d-%8s",&pid,username) < 2)
- X &&(sscanf(buf,"%d:%D.%hd %8s",&pid,&in,&rport,username) < 4))
- X {
- X errn2("checkaport: warning: corrupted lock file lock.%u",port);
- X errn2("checkaport: came from ilr %s, deleting",dp->d_name);
- X errn("checkaport: this may be an attempted security breach!");
- X (void) unlink(dp->d_name);
- X }
- X if (r == 0 || strcmp(usertemp,username))
- X {
- X errn2("checkaport: warning: corrupted lock file lock.%u",port);
- X errn2("checkaport: came from ilr %s, deleting",dp->d_name);
- X errn2("checkaport: ilr user %s",usertemp);
- X errn2("checkaport: lock file user %s",username);
- X errn("checkaport: this may be an attempted security breach!");
- X (void) unlink(dp->d_name);
- X }
- X }
- X }
- X break;
- X }
- X }
- X
- X (void) closedir(dirp);
- X
- X exit(0);
- X}
- END_OF_FILE
- if test 9972 -ne `wc -c <'aport/checkaport.c'`; then
- echo shar: \"'aport/checkaport.c'\" unpacked with wrong size!
- fi
- # end of 'aport/checkaport.c'
- fi
- echo shar: End of archive 3 \(of 3\).
- cp /dev/null ark3isdone
- MISSING=""
- for I in 1 2 3 ; do
- if test ! -f ark${I}isdone ; then
- MISSING="${MISSING} ${I}"
- fi
- done
- if test "${MISSING}" = "" ; then
- echo You have unpacked all 3 archives.
- rm -f ark[1-9]isdone
- else
- echo You still need to unpack the following archives:
- echo " " ${MISSING}
- fi
- ## End of shell archive.
- exit 0
- exit 0 # Just in case...
-