126236Swpaul/*
226236Swpaul * Copyright (c) 1995, 1996
326236Swpaul *      Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
426236Swpaul *
526236Swpaul * Redistribution and use in source and binary forms, with or without
626236Swpaul * modification, are permitted provided that the following conditions
726236Swpaul * are met:
826236Swpaul * 1. Redistributions of source code must retain the above copyright
926236Swpaul *    notice, this list of conditions and the following disclaimer.
1026236Swpaul * 2. Redistributions in binary form must reproduce the above copyright
1126236Swpaul *    notice, this list of conditions and the following disclaimer in the
1226236Swpaul *    documentation and/or other materials provided with the distribution.
1326236Swpaul * 3. All advertising materials mentioning features or use of this software
1426236Swpaul *    must display the following acknowledgement:
1526236Swpaul *      This product includes software developed by Bill Paul.
1626236Swpaul * 4. Neither the name of the author nor the names of any co-contributors
1726236Swpaul *    may be used to endorse or promote products derived from this software
1826236Swpaul *    without specific prior written permission.
1926236Swpaul *
2026236Swpaul * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
2126236Swpaul * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2226236Swpaul * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2326236Swpaul * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
2426236Swpaul * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2526236Swpaul * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2626236Swpaul * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2726236Swpaul * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2826236Swpaul * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2926236Swpaul * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3026236Swpaul * SUCH DAMAGE.
3126236Swpaul *
3226236Swpaul * ypupdate server implementation
3326236Swpaul *
3426236Swpaul * Written by Bill Paul <wpaul@ctr.columbia.edu>
3526236Swpaul * Center for Telecommunications Research
3626236Swpaul * Columbia University, New York City
3726236Swpaul */
3826236Swpaul
39114601Sobrien#include <sys/cdefs.h>
40114601Sobrien__FBSDID("$FreeBSD: releng/11.0/usr.sbin/rpc.ypupdated/ypupdated_server.c 223492 2011-06-24 07:05:20Z kevlo $");
4130378Scharnier
4226236Swpaul#include <stdio.h>
4326236Swpaul#include <rpc/rpc.h>
4426236Swpaul#include <rpc/key_prot.h>
4526236Swpaul#include <sys/param.h>
4626236Swpaul#include <rpcsvc/yp.h>
4726236Swpaul#include "ypupdate_prot.h"
4826236Swpaul#include "ypupdated_extern.h"
4926236Swpaul#include "yp_extern.h"
5026236Swpaul#include "ypxfr_extern.h"
5126236Swpaul
5226236Swpaulint children = 0;
5326236Swpaulint forked = 0;
5426236Swpaul
5526236Swpaul/*
5626236Swpaul * Try to avoid spoofing: if a client chooses to use a very large
5726236Swpaul * window and then tries a bunch of randomly chosen encrypted timestamps,
5826236Swpaul * there's a chance he might stumble onto a valid combination.
5926236Swpaul * We therefore reject any RPCs with a window size larger than a preset
6026236Swpaul * value.
6126236Swpaul */
6226236Swpaul#ifndef WINDOW
6326236Swpaul#define WINDOW (60*60)
6426236Swpaul#endif
6526236Swpaul
6690298Sdesstatic enum auth_stat
6790298Sdesyp_checkauth(struct svc_req *svcreq)
6826236Swpaul{
6926236Swpaul	struct authdes_cred *des_cred;
7026236Swpaul
7126236Swpaul	switch (svcreq->rq_cred.oa_flavor) {
7226236Swpaul	case AUTH_DES:
7326236Swpaul		des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
7426236Swpaul		if (des_cred->adc_fullname.window > WINDOW) {
7526236Swpaul			yp_error("warning: client-specified window size \
7626236Swpaulwas too large -- possible spoof attempt");
7726236Swpaul			return(AUTH_BADCRED);
7826236Swpaul		}
7926236Swpaul		return(AUTH_OK);
8026236Swpaul		break;
8126236Swpaul	case AUTH_UNIX:
8226236Swpaul	case AUTH_NONE:
8326236Swpaul		yp_error("warning: client didn't use DES authentication");
8426236Swpaul		return(AUTH_TOOWEAK);
8526236Swpaul		break;
8626236Swpaul	default:
8726236Swpaul		yp_error("client used unknown auth flavor");
8826236Swpaul		return(AUTH_REJECTEDCRED);
8926236Swpaul		break;
9026236Swpaul	}
9126236Swpaul}
9226236Swpaul
9390298Sdesunsigned int *
9490298Sdesypu_change_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
9526236Swpaul{
9626236Swpaul	struct authdes_cred *des_cred;
9726236Swpaul	static int res;
9826236Swpaul	char *netname;
9926236Swpaul	enum auth_stat astat;
10026236Swpaul
10126236Swpaul	res = 0;
10226236Swpaul
10326236Swpaul	astat = yp_checkauth(svcreq);
10426236Swpaul
10526236Swpaul	if (astat != AUTH_OK) {
10626236Swpaul		svcerr_auth(svcreq->rq_xprt, astat);
10726236Swpaul		return(&res);
10826236Swpaul	}
10926236Swpaul
11026236Swpaul	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
11126236Swpaul	netname = des_cred->adc_fullname.name;
11226236Swpaul
11326236Swpaul	res = localupdate(netname, "/etc/publickey", YPOP_CHANGE,
11426236Swpaul		args->key.yp_buf_len, args->key.yp_buf_val,
11526236Swpaul		args->datum.yp_buf_len, args->datum.yp_buf_val);
11626236Swpaul
11726236Swpaul	if (res)
11826236Swpaul		return (&res);
11926236Swpaul
12026236Swpaul	res = ypmap_update(netname, args->mapname, YPOP_CHANGE,
12126236Swpaul		args->key.yp_buf_len, args->key.yp_buf_val,
12226236Swpaul		args->datum.yp_buf_len, args->datum.yp_buf_val);
12326236Swpaul
12426236Swpaul	return (&res);
12526236Swpaul}
12626236Swpaul
12790298Sdesunsigned int *
12890298Sdesypu_insert_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
12926236Swpaul{
13026236Swpaul	struct authdes_cred *des_cred;
13126236Swpaul	static int res;
13226236Swpaul	char *netname;
13326236Swpaul	enum auth_stat astat;
13490297Sdes
13526236Swpaul	res = 0;
13626236Swpaul
13726236Swpaul	astat = yp_checkauth(svcreq);
13826236Swpaul
13926236Swpaul	if (astat != AUTH_OK) {
14026236Swpaul		svcerr_auth(svcreq->rq_xprt, astat);
14126236Swpaul		return(&res);
14226236Swpaul	}
14326236Swpaul
14426236Swpaul	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
14526236Swpaul	netname = des_cred->adc_fullname.name;
14626236Swpaul
14726236Swpaul	res = localupdate(netname, "/etc/publickey", YPOP_INSERT,
14826236Swpaul		args->key.yp_buf_len, args->key.yp_buf_val,
14926236Swpaul		args->datum.yp_buf_len, args->datum.yp_buf_val);
15026236Swpaul
15126236Swpaul	if (res)
15226236Swpaul		return (&res);
15326236Swpaul
15426236Swpaul	res = ypmap_update(netname, args->mapname, YPOP_INSERT,
15526236Swpaul		args->key.yp_buf_len, args->key.yp_buf_val,
15626236Swpaul		args->datum.yp_buf_len, args->datum.yp_buf_val);
15726236Swpaul
15826236Swpaul	return (&res);
15926236Swpaul}
16026236Swpaul
16190298Sdesunsigned int *
16290298Sdesypu_delete_1_svc(struct ypdelete_args *args, struct svc_req *svcreq)
16326236Swpaul{
16426236Swpaul	struct authdes_cred *des_cred;
16526236Swpaul	static int res;
16626236Swpaul	char *netname;
16726236Swpaul	enum auth_stat astat;
16826236Swpaul
16926236Swpaul	res = 0;
17026236Swpaul
17126236Swpaul	astat = yp_checkauth(svcreq);
17226236Swpaul
17326236Swpaul	if (astat != AUTH_OK) {
17426236Swpaul		svcerr_auth(svcreq->rq_xprt, astat);
17526236Swpaul		return(&res);
17626236Swpaul	}
17726236Swpaul
17826236Swpaul	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
17926236Swpaul	netname = des_cred->adc_fullname.name;
18026236Swpaul
18126236Swpaul	res = localupdate(netname, "/etc/publickey", YPOP_DELETE,
18226236Swpaul		args->key.yp_buf_len, args->key.yp_buf_val,
18326236Swpaul		0,			NULL);
18426236Swpaul
18526236Swpaul	if (res)
18626236Swpaul		return (&res);
18726236Swpaul
18826236Swpaul	res = ypmap_update(netname, args->mapname, YPOP_DELETE,
18926236Swpaul		args->key.yp_buf_len, args->key.yp_buf_val,
19026236Swpaul		0,			NULL);
19126236Swpaul
19226236Swpaul	return (&res);
19326236Swpaul}
19426236Swpaul
19590298Sdesunsigned int *
19690298Sdesypu_store_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
19726236Swpaul{
19826236Swpaul	struct authdes_cred *des_cred;
19926236Swpaul	static int res;
20026236Swpaul	char *netname;
20126236Swpaul	enum auth_stat astat;
20226236Swpaul
20326236Swpaul	res = 0;
20426236Swpaul
20526236Swpaul	astat = yp_checkauth(svcreq);
20626236Swpaul
20726236Swpaul	if (astat != AUTH_OK) {
20826236Swpaul		svcerr_auth(svcreq->rq_xprt, astat);
20926236Swpaul		return(&res);
21026236Swpaul	}
21126236Swpaul
21226236Swpaul	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
21326236Swpaul	netname = des_cred->adc_fullname.name;
21426236Swpaul
21526236Swpaul	res = localupdate(netname, "/etc/publickey", YPOP_STORE,
21626236Swpaul		args->key.yp_buf_len, args->key.yp_buf_val,
21726236Swpaul		args->datum.yp_buf_len, args->datum.yp_buf_val);
21826236Swpaul
21926236Swpaul	if (res)
22026236Swpaul		return (&res);
22126236Swpaul
22226236Swpaul	res = ypmap_update(netname, args->mapname, YPOP_STORE,
22326236Swpaul		args->key.yp_buf_len, args->key.yp_buf_val,
22426236Swpaul		args->datum.yp_buf_len, args->datum.yp_buf_val);
22526236Swpaul
22626236Swpaul	return (&res);
22726236Swpaul}
228