From darrenr@chiron.nabaus.com.au Tue May 21 21:45:44 2002 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id VAA26054 for ; Tue, 21 May 2002 21:45:43 -0400 (EDT) Received: from orange.national.com.au (orange.national.com.au [203.57.240.81]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id VAA03574 for ; Tue, 21 May 2002 21:45:42 -0400 (EDT) Received: by orange.national.com.au (Postfix, from userid 5) id 4CC9B144848; Wed, 22 May 2002 11:45:40 +1000 (EST) Received: from orange(203.57.240.81) by orange.national.com.au via csmap (V4.1) id srcAAA7KaGxN; Wed, 22 May 02 11:45:39 +1000 Received: from chiron.rais.nabaus.com.au (unknown [164.53.57.131]) by orange.national.com.au (Postfix) with ESMTP id 19C64144847; Wed, 22 May 2002 11:45:39 +1000 (EST) Received: (from darrenr@localhost) by chiron.rais.nabaus.com.au (8.8.8+Sun/8.8.8) id LAA28940; Wed, 22 May 2002 11:45:37 +1000 (EST) Message-Id: <200205220145.LAA28940@chiron.rais.nabaus.com.au> Date: Wed, 22 May 2002 11:45:37 +1000 (EST) From: darrenr@chiron.nabaus.com.au Reply-To: darrenr@chiron.nabaus.com.au To: krb5-bugs@mit.edu Cc: darrenr@chiron.nabaus.com.au Subject: rsh passing of -x breaks interoperability X-Send-Pr-Version: 3.99 >Number: 1112 >Category: krb5-appl >Synopsis: rsh passing of -x breaks interoperability >Confidential: no >Severity: serious >Priority: low >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Tue May 21 21:46:00 EDT 2002 >Last-Modified: Tue May 21 23:33:01 EDT 2002 >Originator: Darren Reed >Organization: Optimation >Release: krb5-1.2.5 >Environment: System: SunOS chiron 5.5.1 Generic_103640-34 sun4u sparc SUNW,Ultra-2 Architecture: sun4 >Description: When you invoke the Kerberised version of rsh with the -x command line parameter, it passes through "-x " at the front of the command line to the daemon at the other end. If the other end is also a Kerberised rsh daemon, the Kerberos session will get created but unless it understands the "-x ", it will fail to invoke the "real command". In this case we're working with Kerberos from another vendor and can see their rshd running commands like this: bash -c -x who after executing rsh like this: rsh -x remote who Maybe if the docs added this line to the installation of BSD services: ekshell stream tcp nowait root /usr/local/sbin/kshd kshd -k -c -A -x and rsh connected to ekshell/tcp for encrypted sessions (-x) then it would not need to pass -x like this ? Since we have klogin/eklogin for rlogin, it's kind of curious why there isn't the same for rsh. >How-To-Repeat: See above. >Fix: Current work around is to #if-0 out the code which prepends the -x to the command string passed to the remote rsh daemon and add -x to rshd for kshell service. Will also look at implementing above ideas and send patches if felt of use. NOTE: no change to krshd is proposed so it should continue to work with clients that send the -x and those that don't. >Audit-Trail: From: Darren Reed To: krb5-bugs@mit.edu, krb5-unassigned@rt-11.mit.edu Cc: darrenr@chiron.nabaus.com.au Subject: Re: krb5-appl/1112: rsh passing of -x breaks interoperability Date: Wed, 22 May 2002 13:29:52 +1000 (EST) On systems here, I find ekshell in /etc/services as follows: ekshell 2106/tcp # Kerberos encrypted rsh With /etc/inetd.conf like this: ekshell stream tcp nowait root /krb5/sbin/kshd kshd -k -c -A -e The patch below implements the change to use this in rsh. One might want to consider adding code to fall back to passing -x and connecting to kshell/tcp if either ekshell is unknown or connection refused is returned. If me doing that as a patch would help the long term removal of -x from the front of the command string passed, I'll spend some effort on it. *** krsh.c.orig 2002/05/10 02:03:27 1.1.1.1 --- krsh.c 2002/05/22 01:52:54 *************** *** 127,133 **** char **argv0; { int rem, pid; ! char *host=0, *cp, **ap, buf[RCMD_BUFSIZ], *args, **argv = argv0, *user = 0; register int cc; struct passwd *pwd; fd_set readfrom, ready; --- 127,133 ---- char **argv0; { int rem, pid; ! char *host, *cp, **ap, buf[RCMD_BUFSIZ], *args, **argv, *user, *service; register int cc; struct passwd *pwd; fd_set readfrom, ready; *************** *** 156,161 **** --- 156,165 ---- int debug_port = 0; enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK; + host = 0; + user = 0; + argv = argv0; + memset(&defaultservent, 0, sizeof(struct servent)); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; *************** *** 318,330 **** cc = 0; for (ap = argv; *ap; ap++) cc += strlen(*ap) + 1; - if (encrypt_flag) - cc += 3; cp = args = (char *) malloc(cc); - if (encrypt_flag) { - strcpy(args, "-x "); - cp += 3; - } for (ap = argv; *ap; ap++) { (void) strcpy(cp, *ap); while (*cp) --- 322,328 ---- *************** *** 335,350 **** if(debug_port == 0) { #ifdef KERBEROS ! sp = getservbyname("kshell", "tcp"); #else ! sp = getservbyname("shell", "tcp"); #endif /* KERBEROS */ if (sp == 0) { #ifdef KERBEROS sp = &defaultservent; sp->s_port = htons(544); #else ! fprintf(stderr, "rsh: shell/tcp: unknown service\n"); exit(1); #endif /* KERBEROS */ } --- 333,352 ---- if(debug_port == 0) { #ifdef KERBEROS ! if (encrypt_flag) ! service = "ekshell"; ! else ! service = "kshell"; #else ! service = "shell"; #endif /* KERBEROS */ + sp = getservbyname(service, "tcp"); if (sp == 0) { #ifdef KERBEROS sp = &defaultservent; sp->s_port = htons(544); #else ! fprintf(stderr, "rsh: %s/tcp: unknown service\n", service); exit(1); #endif /* KERBEROS */ } >Unformatted: