yp_access.c (18586) | yp_access.c (19161) |
---|---|
1/* 2 * Copyright (c) 1995 3 * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 194 unchanged lines hidden (view full) --- 203 * are bypassed and all hosts are allowed to connect. 204 * 205 * The yp_validdomain() function checks the domain specified by the caller 206 * to make sure it's actually served by this server. This is more a sanity 207 * check than an a security check, but this seems to be the best place for 208 * it. 209 */ 210 | 1/* 2 * Copyright (c) 1995 3 * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 194 unchanged lines hidden (view full) --- 203 * are bypassed and all hosts are allowed to connect. 204 * 205 * The yp_validdomain() function checks the domain specified by the caller 206 * to make sure it's actually served by this server. This is more a sanity 207 * check than an a security check, but this seems to be the best place for 208 * it. 209 */ 210 |
211#ifdef DB_CACHE 212int yp_access(map, domain, rqstp) 213#else |
|
211int yp_access(map, rqstp) | 214int yp_access(map, rqstp) |
215#endif |
|
212 const char *map; | 216 const char *map; |
217#ifdef DB_CACHE 218 const char *domain; 219#endif |
|
213 const struct svc_req *rqstp; 214{ 215 struct sockaddr_in *rqhost; 216 int status = 0; 217 static unsigned long oldaddr = 0; 218#ifndef TCP_WRAPPER 219 struct securenet *tmp; 220#endif --- 23 unchanged lines hidden (view full) --- 244 /* Check the map name if one was supplied. */ 245 if (map != NULL) { 246 if (strchr(map, '/')) { 247 yp_error("embedded slash in map name \"%s\" -- \ 248possible spoof attempt from %s:%d", 249 map, inet_ntoa(rqhost->sin_addr), 250 ntohs(rqhost->sin_port)); 251 } | 220 const struct svc_req *rqstp; 221{ 222 struct sockaddr_in *rqhost; 223 int status = 0; 224 static unsigned long oldaddr = 0; 225#ifndef TCP_WRAPPER 226 struct securenet *tmp; 227#endif --- 23 unchanged lines hidden (view full) --- 251 /* Check the map name if one was supplied. */ 252 if (map != NULL) { 253 if (strchr(map, '/')) { 254 yp_error("embedded slash in map name \"%s\" -- \ 255possible spoof attempt from %s:%d", 256 map, inet_ntoa(rqhost->sin_addr), 257 ntohs(rqhost->sin_port)); 258 } |
259#ifdef DB_CACHE 260 if ((yp_testflag((char *)map, (char *)domain, YP_SECURE) || 261#else |
|
252 if ((strstr(map, "master.passwd.") || | 262 if ((strstr(map, "master.passwd.") || |
263#endif |
|
253 (rqstp->rq_prog == YPPROG && 254 rqstp->rq_proc == YPPROC_XFR) || 255 (rqstp->rq_prog == YPXFRD_FREEBSD_PROG && 256 rqstp->rq_proc == YPXFRD_GETMAP)) && 257 ntohs(rqhost->sin_port) >= IPPORT_RESERVED) { 258 yp_error("Access to %s denied -- client %s:%d \ 259not privileged", map, inet_ntoa(rqhost->sin_addr), ntohs(rqhost->sin_port)); 260 return(1); --- 51 unchanged lines hidden --- | 264 (rqstp->rq_prog == YPPROG && 265 rqstp->rq_proc == YPPROC_XFR) || 266 (rqstp->rq_prog == YPXFRD_FREEBSD_PROG && 267 rqstp->rq_proc == YPXFRD_GETMAP)) && 268 ntohs(rqhost->sin_port) >= IPPORT_RESERVED) { 269 yp_error("Access to %s denied -- client %s:%d \ 270not privileged", map, inet_ntoa(rqhost->sin_addr), ntohs(rqhost->sin_port)); 271 return(1); --- 51 unchanged lines hidden --- |