126236Swpaul/* 226236Swpaul * Copyright (c) 1995, 1996 326236Swpaul * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 426236Swpaul * 526236Swpaul * Redistribution and use in source and binary forms, with or without 626236Swpaul * modification, are permitted provided that the following conditions 726236Swpaul * are met: 826236Swpaul * 1. Redistributions of source code must retain the above copyright 926236Swpaul * notice, this list of conditions and the following disclaimer. 1026236Swpaul * 2. Redistributions in binary form must reproduce the above copyright 1126236Swpaul * notice, this list of conditions and the following disclaimer in the 1226236Swpaul * documentation and/or other materials provided with the distribution. 1326236Swpaul * 3. All advertising materials mentioning features or use of this software 1426236Swpaul * must display the following acknowledgement: 1526236Swpaul * This product includes software developed by Bill Paul. 1626236Swpaul * 4. Neither the name of the author nor the names of any co-contributors 1726236Swpaul * may be used to endorse or promote products derived from this software 1826236Swpaul * without specific prior written permission. 1926236Swpaul * 2026236Swpaul * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 2126236Swpaul * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2226236Swpaul * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2326236Swpaul * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 2426236Swpaul * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2526236Swpaul * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2626236Swpaul * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2726236Swpaul * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2826236Swpaul * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2926236Swpaul * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3026236Swpaul * SUCH DAMAGE. 3126236Swpaul * 3226236Swpaul * ypupdate server implementation 3326236Swpaul * 3426236Swpaul * Written by Bill Paul <wpaul@ctr.columbia.edu> 3526236Swpaul * Center for Telecommunications Research 3626236Swpaul * Columbia University, New York City 3726236Swpaul */ 3826236Swpaul 39114601Sobrien#include <sys/cdefs.h> 40114601Sobrien__FBSDID("$FreeBSD: releng/11.0/usr.sbin/rpc.ypupdated/ypupdated_server.c 223492 2011-06-24 07:05:20Z kevlo $"); 4130378Scharnier 4226236Swpaul#include <stdio.h> 4326236Swpaul#include <rpc/rpc.h> 4426236Swpaul#include <rpc/key_prot.h> 4526236Swpaul#include <sys/param.h> 4626236Swpaul#include <rpcsvc/yp.h> 4726236Swpaul#include "ypupdate_prot.h" 4826236Swpaul#include "ypupdated_extern.h" 4926236Swpaul#include "yp_extern.h" 5026236Swpaul#include "ypxfr_extern.h" 5126236Swpaul 5226236Swpaulint children = 0; 5326236Swpaulint forked = 0; 5426236Swpaul 5526236Swpaul/* 5626236Swpaul * Try to avoid spoofing: if a client chooses to use a very large 5726236Swpaul * window and then tries a bunch of randomly chosen encrypted timestamps, 5826236Swpaul * there's a chance he might stumble onto a valid combination. 5926236Swpaul * We therefore reject any RPCs with a window size larger than a preset 6026236Swpaul * value. 6126236Swpaul */ 6226236Swpaul#ifndef WINDOW 6326236Swpaul#define WINDOW (60*60) 6426236Swpaul#endif 6526236Swpaul 6690298Sdesstatic enum auth_stat 6790298Sdesyp_checkauth(struct svc_req *svcreq) 6826236Swpaul{ 6926236Swpaul struct authdes_cred *des_cred; 7026236Swpaul 7126236Swpaul switch (svcreq->rq_cred.oa_flavor) { 7226236Swpaul case AUTH_DES: 7326236Swpaul des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 7426236Swpaul if (des_cred->adc_fullname.window > WINDOW) { 7526236Swpaul yp_error("warning: client-specified window size \ 7626236Swpaulwas too large -- possible spoof attempt"); 7726236Swpaul return(AUTH_BADCRED); 7826236Swpaul } 7926236Swpaul return(AUTH_OK); 8026236Swpaul break; 8126236Swpaul case AUTH_UNIX: 8226236Swpaul case AUTH_NONE: 8326236Swpaul yp_error("warning: client didn't use DES authentication"); 8426236Swpaul return(AUTH_TOOWEAK); 8526236Swpaul break; 8626236Swpaul default: 8726236Swpaul yp_error("client used unknown auth flavor"); 8826236Swpaul return(AUTH_REJECTEDCRED); 8926236Swpaul break; 9026236Swpaul } 9126236Swpaul} 9226236Swpaul 9390298Sdesunsigned int * 9490298Sdesypu_change_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 9526236Swpaul{ 9626236Swpaul struct authdes_cred *des_cred; 9726236Swpaul static int res; 9826236Swpaul char *netname; 9926236Swpaul enum auth_stat astat; 10026236Swpaul 10126236Swpaul res = 0; 10226236Swpaul 10326236Swpaul astat = yp_checkauth(svcreq); 10426236Swpaul 10526236Swpaul if (astat != AUTH_OK) { 10626236Swpaul svcerr_auth(svcreq->rq_xprt, astat); 10726236Swpaul return(&res); 10826236Swpaul } 10926236Swpaul 11026236Swpaul des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 11126236Swpaul netname = des_cred->adc_fullname.name; 11226236Swpaul 11326236Swpaul res = localupdate(netname, "/etc/publickey", YPOP_CHANGE, 11426236Swpaul args->key.yp_buf_len, args->key.yp_buf_val, 11526236Swpaul args->datum.yp_buf_len, args->datum.yp_buf_val); 11626236Swpaul 11726236Swpaul if (res) 11826236Swpaul return (&res); 11926236Swpaul 12026236Swpaul res = ypmap_update(netname, args->mapname, YPOP_CHANGE, 12126236Swpaul args->key.yp_buf_len, args->key.yp_buf_val, 12226236Swpaul args->datum.yp_buf_len, args->datum.yp_buf_val); 12326236Swpaul 12426236Swpaul return (&res); 12526236Swpaul} 12626236Swpaul 12790298Sdesunsigned int * 12890298Sdesypu_insert_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 12926236Swpaul{ 13026236Swpaul struct authdes_cred *des_cred; 13126236Swpaul static int res; 13226236Swpaul char *netname; 13326236Swpaul enum auth_stat astat; 13490297Sdes 13526236Swpaul res = 0; 13626236Swpaul 13726236Swpaul astat = yp_checkauth(svcreq); 13826236Swpaul 13926236Swpaul if (astat != AUTH_OK) { 14026236Swpaul svcerr_auth(svcreq->rq_xprt, astat); 14126236Swpaul return(&res); 14226236Swpaul } 14326236Swpaul 14426236Swpaul des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 14526236Swpaul netname = des_cred->adc_fullname.name; 14626236Swpaul 14726236Swpaul res = localupdate(netname, "/etc/publickey", YPOP_INSERT, 14826236Swpaul args->key.yp_buf_len, args->key.yp_buf_val, 14926236Swpaul args->datum.yp_buf_len, args->datum.yp_buf_val); 15026236Swpaul 15126236Swpaul if (res) 15226236Swpaul return (&res); 15326236Swpaul 15426236Swpaul res = ypmap_update(netname, args->mapname, YPOP_INSERT, 15526236Swpaul args->key.yp_buf_len, args->key.yp_buf_val, 15626236Swpaul args->datum.yp_buf_len, args->datum.yp_buf_val); 15726236Swpaul 15826236Swpaul return (&res); 15926236Swpaul} 16026236Swpaul 16190298Sdesunsigned int * 16290298Sdesypu_delete_1_svc(struct ypdelete_args *args, struct svc_req *svcreq) 16326236Swpaul{ 16426236Swpaul struct authdes_cred *des_cred; 16526236Swpaul static int res; 16626236Swpaul char *netname; 16726236Swpaul enum auth_stat astat; 16826236Swpaul 16926236Swpaul res = 0; 17026236Swpaul 17126236Swpaul astat = yp_checkauth(svcreq); 17226236Swpaul 17326236Swpaul if (astat != AUTH_OK) { 17426236Swpaul svcerr_auth(svcreq->rq_xprt, astat); 17526236Swpaul return(&res); 17626236Swpaul } 17726236Swpaul 17826236Swpaul des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 17926236Swpaul netname = des_cred->adc_fullname.name; 18026236Swpaul 18126236Swpaul res = localupdate(netname, "/etc/publickey", YPOP_DELETE, 18226236Swpaul args->key.yp_buf_len, args->key.yp_buf_val, 18326236Swpaul 0, NULL); 18426236Swpaul 18526236Swpaul if (res) 18626236Swpaul return (&res); 18726236Swpaul 18826236Swpaul res = ypmap_update(netname, args->mapname, YPOP_DELETE, 18926236Swpaul args->key.yp_buf_len, args->key.yp_buf_val, 19026236Swpaul 0, NULL); 19126236Swpaul 19226236Swpaul return (&res); 19326236Swpaul} 19426236Swpaul 19590298Sdesunsigned int * 19690298Sdesypu_store_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 19726236Swpaul{ 19826236Swpaul struct authdes_cred *des_cred; 19926236Swpaul static int res; 20026236Swpaul char *netname; 20126236Swpaul enum auth_stat astat; 20226236Swpaul 20326236Swpaul res = 0; 20426236Swpaul 20526236Swpaul astat = yp_checkauth(svcreq); 20626236Swpaul 20726236Swpaul if (astat != AUTH_OK) { 20826236Swpaul svcerr_auth(svcreq->rq_xprt, astat); 20926236Swpaul return(&res); 21026236Swpaul } 21126236Swpaul 21226236Swpaul des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 21326236Swpaul netname = des_cred->adc_fullname.name; 21426236Swpaul 21526236Swpaul res = localupdate(netname, "/etc/publickey", YPOP_STORE, 21626236Swpaul args->key.yp_buf_len, args->key.yp_buf_val, 21726236Swpaul args->datum.yp_buf_len, args->datum.yp_buf_val); 21826236Swpaul 21926236Swpaul if (res) 22026236Swpaul return (&res); 22126236Swpaul 22226236Swpaul res = ypmap_update(netname, args->mapname, YPOP_STORE, 22326236Swpaul args->key.yp_buf_len, args->key.yp_buf_val, 22426236Swpaul args->datum.yp_buf_len, args->datum.yp_buf_val); 22526236Swpaul 22626236Swpaul return (&res); 22726236Swpaul} 228