ypupdated_server.c revision 114601
198944Sobrien/* 2130803Smarcel * Copyright (c) 1995, 1996 398944Sobrien * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 498944Sobrien * 598944Sobrien * Redistribution and use in source and binary forms, with or without 698944Sobrien * modification, are permitted provided that the following conditions 798944Sobrien * are met: 898944Sobrien * 1. Redistributions of source code must retain the above copyright 998944Sobrien * notice, this list of conditions and the following disclaimer. 1098944Sobrien * 2. Redistributions in binary form must reproduce the above copyright 1198944Sobrien * notice, this list of conditions and the following disclaimer in the 1298944Sobrien * documentation and/or other materials provided with the distribution. 1398944Sobrien * 3. All advertising materials mentioning features or use of this software 1498944Sobrien * must display the following acknowledgement: 1598944Sobrien * This product includes software developed by Bill Paul. 1698944Sobrien * 4. Neither the name of the author nor the names of any co-contributors 1798944Sobrien * may be used to endorse or promote products derived from this software 1898944Sobrien * without specific prior written permission. 1998944Sobrien * 2098944Sobrien * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 2198944Sobrien * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2298944Sobrien * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2398944Sobrien * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 2498944Sobrien * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2598944Sobrien * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2698944Sobrien * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2798944Sobrien * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28130803Smarcel * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29130803Smarcel * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30130803Smarcel * SUCH DAMAGE. 31130803Smarcel * 32130803Smarcel * ypupdate server implementation 33130803Smarcel * 34130803Smarcel * Written by Bill Paul <wpaul@ctr.columbia.edu> 35130803Smarcel * Center for Telecommunications Research 36130803Smarcel * Columbia University, New York City 37130803Smarcel */ 38130803Smarcel 39130803Smarcel#include <sys/cdefs.h> 40130803Smarcel__FBSDID("$FreeBSD: head/usr.sbin/rpc.ypupdated/ypupdated_server.c 114601 2003-05-03 21:06:42Z obrien $"); 41130803Smarcel 42130803Smarcel#include <stdio.h> 43130803Smarcel#include <rpc/rpc.h> 44130803Smarcel#include <rpc/key_prot.h> 45130803Smarcel#include <sys/param.h> 46130803Smarcel#include <sys/cdefs.h> 4798944Sobrien#include <rpcsvc/yp.h> 4898944Sobrien#include "ypupdate_prot.h" 49130803Smarcel#include "ypupdated_extern.h" 5098944Sobrien#include "yp_extern.h" 5198944Sobrien#include "ypxfr_extern.h" 5298944Sobrien 5398944Sobrienint children = 0; 54130803Smarcelint forked = 0; 5598944Sobrien 5698944Sobrien/* 5798944Sobrien * Try to avoid spoofing: if a client chooses to use a very large 5898944Sobrien * window and then tries a bunch of randomly chosen encrypted timestamps, 5998944Sobrien * there's a chance he might stumble onto a valid combination. 6098944Sobrien * We therefore reject any RPCs with a window size larger than a preset 6198944Sobrien * value. 6298944Sobrien */ 6398944Sobrien#ifndef WINDOW 6498944Sobrien#define WINDOW (60*60) 6598944Sobrien#endif 6698944Sobrien 6798944Sobrienstatic enum auth_stat 6898944Sobrienyp_checkauth(struct svc_req *svcreq) 6998944Sobrien{ 7098944Sobrien struct authdes_cred *des_cred; 7198944Sobrien 7298944Sobrien switch (svcreq->rq_cred.oa_flavor) { 7398944Sobrien case AUTH_DES: 7498944Sobrien des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 7598944Sobrien if (des_cred->adc_fullname.window > WINDOW) { 7698944Sobrien yp_error("warning: client-specified window size \ 7798944Sobrienwas too large -- possible spoof attempt"); 7898944Sobrien return(AUTH_BADCRED); 7998944Sobrien } 8098944Sobrien return(AUTH_OK); 8198944Sobrien break; 8298944Sobrien case AUTH_UNIX: 8398944Sobrien case AUTH_NONE: 8498944Sobrien yp_error("warning: client didn't use DES authentication"); 8598944Sobrien return(AUTH_TOOWEAK); 8698944Sobrien break; 8798944Sobrien default: 8898944Sobrien yp_error("client used unknown auth flavor"); 8998944Sobrien return(AUTH_REJECTEDCRED); 9098944Sobrien break; 9198944Sobrien } 9298944Sobrien} 9398944Sobrien 9498944Sobrienunsigned int * 9598944Sobrienypu_change_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 9698944Sobrien{ 9798944Sobrien struct authdes_cred *des_cred; 9898944Sobrien static int res; 9998944Sobrien char *netname; 10098944Sobrien enum auth_stat astat; 101130803Smarcel 10298944Sobrien res = 0; 103130803Smarcel 104130803Smarcel astat = yp_checkauth(svcreq); 105130803Smarcel 10698944Sobrien if (astat != AUTH_OK) { 10798944Sobrien svcerr_auth(svcreq->rq_xprt, astat); 108130803Smarcel return(&res); 109130803Smarcel } 110130803Smarcel 111130803Smarcel des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 112130803Smarcel netname = des_cred->adc_fullname.name; 113130803Smarcel 11498944Sobrien res = localupdate(netname, "/etc/publickey", YPOP_CHANGE, 11598944Sobrien args->key.yp_buf_len, args->key.yp_buf_val, 116130803Smarcel args->datum.yp_buf_len, args->datum.yp_buf_val); 117130803Smarcel 118130803Smarcel if (res) 11998944Sobrien return (&res); 12098944Sobrien 12198944Sobrien res = ypmap_update(netname, args->mapname, YPOP_CHANGE, 12298944Sobrien args->key.yp_buf_len, args->key.yp_buf_val, 12398944Sobrien args->datum.yp_buf_len, args->datum.yp_buf_val); 12498944Sobrien 12598944Sobrien return (&res); 12698944Sobrien} 12798944Sobrien 12898944Sobrienunsigned int * 12998944Sobrienypu_insert_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 13098944Sobrien{ 13198944Sobrien struct authdes_cred *des_cred; 13298944Sobrien static int res; 13398944Sobrien char *netname; 13498944Sobrien enum auth_stat astat; 13598944Sobrien 13698944Sobrien res = 0; 13798944Sobrien 13898944Sobrien astat = yp_checkauth(svcreq); 13998944Sobrien 14098944Sobrien if (astat != AUTH_OK) { 14198944Sobrien svcerr_auth(svcreq->rq_xprt, astat); 14298944Sobrien return(&res); 14398944Sobrien } 14498944Sobrien 14598944Sobrien des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 14698944Sobrien netname = des_cred->adc_fullname.name; 14798944Sobrien 14898944Sobrien res = localupdate(netname, "/etc/publickey", YPOP_INSERT, 14998944Sobrien args->key.yp_buf_len, args->key.yp_buf_val, 150 args->datum.yp_buf_len, args->datum.yp_buf_val); 151 152 if (res) 153 return (&res); 154 155 res = ypmap_update(netname, args->mapname, YPOP_INSERT, 156 args->key.yp_buf_len, args->key.yp_buf_val, 157 args->datum.yp_buf_len, args->datum.yp_buf_val); 158 159 return (&res); 160} 161 162unsigned int * 163ypu_delete_1_svc(struct ypdelete_args *args, struct svc_req *svcreq) 164{ 165 struct authdes_cred *des_cred; 166 static int res; 167 char *netname; 168 enum auth_stat astat; 169 170 res = 0; 171 172 astat = yp_checkauth(svcreq); 173 174 if (astat != AUTH_OK) { 175 svcerr_auth(svcreq->rq_xprt, astat); 176 return(&res); 177 } 178 179 des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 180 netname = des_cred->adc_fullname.name; 181 182 res = localupdate(netname, "/etc/publickey", YPOP_DELETE, 183 args->key.yp_buf_len, args->key.yp_buf_val, 184 0, NULL); 185 186 if (res) 187 return (&res); 188 189 res = ypmap_update(netname, args->mapname, YPOP_DELETE, 190 args->key.yp_buf_len, args->key.yp_buf_val, 191 0, NULL); 192 193 return (&res); 194} 195 196unsigned int * 197ypu_store_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 198{ 199 struct authdes_cred *des_cred; 200 static int res; 201 char *netname; 202 enum auth_stat astat; 203 204 res = 0; 205 206 astat = yp_checkauth(svcreq); 207 208 if (astat != AUTH_OK) { 209 svcerr_auth(svcreq->rq_xprt, astat); 210 return(&res); 211 } 212 213 des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 214 netname = des_cred->adc_fullname.name; 215 216 res = localupdate(netname, "/etc/publickey", YPOP_STORE, 217 args->key.yp_buf_len, args->key.yp_buf_val, 218 args->datum.yp_buf_len, args->datum.yp_buf_val); 219 220 if (res) 221 return (&res); 222 223 res = ypmap_update(netname, args->mapname, YPOP_STORE, 224 args->key.yp_buf_len, args->key.yp_buf_val, 225 args->datum.yp_buf_len, args->datum.yp_buf_val); 226 227 return (&res); 228} 229