ypupdated_server.c revision 26236 
1/*
2 * Copyright (c) 1995, 1996
3 *      Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 *    must display the following acknowledgement:
15 *      This product includes software developed by Bill Paul.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * ypupdate server implementation
33 *
34 * Written by Bill Paul <wpaul@ctr.columbia.edu>
35 * Center for Telecommunications Research
36 * Columbia University, New York City
37 *
38 *      $Id: ypupdated_server.c,v 1.3 1996/12/26 06:06:05 wpaul Exp wpaul $
39 */
40
41#include <stdio.h>
42#include <rpc/rpc.h>
43#include <rpc/auth_des.h>
44#include <rpc/key_prot.h>
45#include <sys/param.h>
46#include <sys/cdefs.h>
47#include <rpcsvc/yp.h>
48#include "ypupdate_prot.h"
49#include "ypupdated_extern.h"
50#include "yp_extern.h"
51#include "ypxfr_extern.h"
52
53#ifndef lint
54static const char rcsid[] = "$Id: ypupdated_server.c,v 1.3 1996/12/26 06:06:05 wpaul Exp wpaul $";
55#endif
56
57int children = 0;
58int forked = 0;
59
60/*
61 * Try to avoid spoofing: if a client chooses to use a very large
62 * window and then tries a bunch of randomly chosen encrypted timestamps,
63 * there's a chance he might stumble onto a valid combination.
64 * We therefore reject any RPCs with a window size larger than a preset
65 * value.
66 */
67#ifndef WINDOW
68#define WINDOW (60*60)
69#endif
70
71static enum auth_stat yp_checkauth(svcreq)
72	struct svc_req *svcreq;
73{
74	struct authdes_cred *des_cred;
75
76	switch (svcreq->rq_cred.oa_flavor) {
77	case AUTH_DES:
78		des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
79		if (des_cred->adc_fullname.window > WINDOW) {
80			yp_error("warning: client-specified window size \
81was too large -- possible spoof attempt");
82			return(AUTH_BADCRED);
83		}
84		return(AUTH_OK);
85		break;
86	case AUTH_UNIX:
87	case AUTH_NONE:
88		yp_error("warning: client didn't use DES authentication");
89		return(AUTH_TOOWEAK);
90		break;
91	default:
92		yp_error("client used unknown auth flavor");
93		return(AUTH_REJECTEDCRED);
94		break;
95	}
96}
97
98unsigned int *ypu_change_1_svc(args, svcreq)
99	struct ypupdate_args *args;
100	struct svc_req *svcreq;
101{
102	struct authdes_cred *des_cred;
103	static int res;
104	char *netname;
105	enum auth_stat astat;
106
107	res = 0;
108
109	astat = yp_checkauth(svcreq);
110
111	if (astat != AUTH_OK) {
112		svcerr_auth(svcreq->rq_xprt, astat);
113		return(&res);
114	}
115
116	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
117	netname = des_cred->adc_fullname.name;
118
119	res = localupdate(netname, "/etc/publickey", YPOP_CHANGE,
120		args->key.yp_buf_len, args->key.yp_buf_val,
121		args->datum.yp_buf_len, args->datum.yp_buf_val);
122
123	if (res)
124		return (&res);
125
126	res = ypmap_update(netname, args->mapname, YPOP_CHANGE,
127		args->key.yp_buf_len, args->key.yp_buf_val,
128		args->datum.yp_buf_len, args->datum.yp_buf_val);
129
130	return (&res);
131}
132
133unsigned int *ypu_insert_1_svc(args, svcreq)
134	struct ypupdate_args *args;
135	struct svc_req *svcreq;
136{
137	struct authdes_cred *des_cred;
138	static int res;
139	char *netname;
140	enum auth_stat astat;
141
142	res = 0;
143
144	astat = yp_checkauth(svcreq);
145
146	if (astat != AUTH_OK) {
147		svcerr_auth(svcreq->rq_xprt, astat);
148		return(&res);
149	}
150
151	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
152	netname = des_cred->adc_fullname.name;
153
154	res = localupdate(netname, "/etc/publickey", YPOP_INSERT,
155		args->key.yp_buf_len, args->key.yp_buf_val,
156		args->datum.yp_buf_len, args->datum.yp_buf_val);
157
158	if (res)
159		return (&res);
160
161	res = ypmap_update(netname, args->mapname, YPOP_INSERT,
162		args->key.yp_buf_len, args->key.yp_buf_val,
163		args->datum.yp_buf_len, args->datum.yp_buf_val);
164
165	return (&res);
166}
167
168unsigned int *ypu_delete_1_svc(args, svcreq)
169	struct ypdelete_args *args;
170	struct svc_req *svcreq;
171{
172	struct authdes_cred *des_cred;
173	static int res;
174	char *netname;
175	enum auth_stat astat;
176
177	res = 0;
178
179	astat = yp_checkauth(svcreq);
180
181	if (astat != AUTH_OK) {
182		svcerr_auth(svcreq->rq_xprt, astat);
183		return(&res);
184	}
185
186	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
187	netname = des_cred->adc_fullname.name;
188
189	res = localupdate(netname, "/etc/publickey", YPOP_DELETE,
190		args->key.yp_buf_len, args->key.yp_buf_val,
191		0,			NULL);
192
193	if (res)
194		return (&res);
195
196	res = ypmap_update(netname, args->mapname, YPOP_DELETE,
197		args->key.yp_buf_len, args->key.yp_buf_val,
198		0,			NULL);
199
200	return (&res);
201}
202
203unsigned int *ypu_store_1_svc(args, svcreq)
204	struct ypupdate_args *args;
205	struct svc_req *svcreq;
206{
207	struct authdes_cred *des_cred;
208	static int res;
209	char *netname;
210	enum auth_stat astat;
211
212	res = 0;
213
214	astat = yp_checkauth(svcreq);
215
216	if (astat != AUTH_OK) {
217		svcerr_auth(svcreq->rq_xprt, astat);
218		return(&res);
219	}
220
221	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
222	netname = des_cred->adc_fullname.name;
223
224	res = localupdate(netname, "/etc/publickey", YPOP_STORE,
225		args->key.yp_buf_len, args->key.yp_buf_val,
226		args->datum.yp_buf_len, args->datum.yp_buf_val);
227
228	if (res)
229		return (&res);
230
231	res = ypmap_update(netname, args->mapname, YPOP_STORE,
232		args->key.yp_buf_len, args->key.yp_buf_val,
233		args->datum.yp_buf_len, args->datum.yp_buf_val);
234
235	return (&res);
236}
237