1 /* 2 * Copyright (c) 1995, 1996 3 * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Bill Paul. 16 * 4. Neither the name of the author nor the names of any co-contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * ypupdate server implementation 33 * 34 * Written by Bill Paul <wpaul@ctr.columbia.edu> 35 * Center for Telecommunications Research 36 * Columbia University, New York City 37 * 38 * $FreeBSD: src/usr.sbin/rpc.ypupdated/ypupdated_server.c,v 1.7 2003/05/03 21:06:40 obrien Exp $ 39 */ 40 41 #include <stdio.h> 42 #include <rpc/rpc.h> 43 #include <rpc/key_prot.h> 44 #include <sys/param.h> 45 #include <rpcsvc/yp.h> 46 #include "ypupdate_prot.h" 47 #include "ypupdated_extern.h" 48 #include "yp_extern.h" 49 #include "ypxfr_extern.h" 50 51 int children = 0; 52 int forked = 0; 53 54 /* 55 * Try to avoid spoofing: if a client chooses to use a very large 56 * window and then tries a bunch of randomly chosen encrypted timestamps, 57 * there's a chance he might stumble onto a valid combination. 58 * We therefore reject any RPCs with a window size larger than a preset 59 * value. 60 */ 61 #ifndef WINDOW 62 #define WINDOW (60*60) 63 #endif 64 65 static enum auth_stat 66 yp_checkauth(struct svc_req *svcreq) 67 { 68 struct authdes_cred *des_cred; 69 70 switch (svcreq->rq_cred.oa_flavor) { 71 case AUTH_DES: 72 des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 73 if (des_cred->adc_fullname.window > WINDOW) { 74 yp_error("warning: client-specified window size \ 75 was too large -- possible spoof attempt"); 76 return(AUTH_BADCRED); 77 } 78 return(AUTH_OK); 79 break; 80 case AUTH_UNIX: 81 case AUTH_NONE: 82 yp_error("warning: client didn't use DES authentication"); 83 return(AUTH_TOOWEAK); 84 break; 85 default: 86 yp_error("client used unknown auth flavor"); 87 return(AUTH_REJECTEDCRED); 88 break; 89 } 90 } 91 92 unsigned int * 93 ypu_change_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 94 { 95 struct authdes_cred *des_cred; 96 static int res; 97 char *netname; 98 enum auth_stat astat; 99 100 res = 0; 101 102 astat = yp_checkauth(svcreq); 103 104 if (astat != AUTH_OK) { 105 svcerr_auth(svcreq->rq_xprt, astat); 106 return(&res); 107 } 108 109 des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 110 netname = des_cred->adc_fullname.name; 111 112 res = localupdate(netname, "/etc/publickey", YPOP_CHANGE, 113 args->key.yp_buf_len, args->key.yp_buf_val, 114 args->datum.yp_buf_len, args->datum.yp_buf_val); 115 116 if (res) 117 return (&res); 118 119 res = ypmap_update(netname, args->mapname, YPOP_CHANGE, 120 args->key.yp_buf_len, args->key.yp_buf_val, 121 args->datum.yp_buf_len, args->datum.yp_buf_val); 122 123 return (&res); 124 } 125 126 unsigned int * 127 ypu_insert_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 128 { 129 struct authdes_cred *des_cred; 130 static int res; 131 char *netname; 132 enum auth_stat astat; 133 134 res = 0; 135 136 astat = yp_checkauth(svcreq); 137 138 if (astat != AUTH_OK) { 139 svcerr_auth(svcreq->rq_xprt, astat); 140 return(&res); 141 } 142 143 des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 144 netname = des_cred->adc_fullname.name; 145 146 res = localupdate(netname, "/etc/publickey", YPOP_INSERT, 147 args->key.yp_buf_len, args->key.yp_buf_val, 148 args->datum.yp_buf_len, args->datum.yp_buf_val); 149 150 if (res) 151 return (&res); 152 153 res = ypmap_update(netname, args->mapname, YPOP_INSERT, 154 args->key.yp_buf_len, args->key.yp_buf_val, 155 args->datum.yp_buf_len, args->datum.yp_buf_val); 156 157 return (&res); 158 } 159 160 unsigned int * 161 ypu_delete_1_svc(struct ypdelete_args *args, struct svc_req *svcreq) 162 { 163 struct authdes_cred *des_cred; 164 static int res; 165 char *netname; 166 enum auth_stat astat; 167 168 res = 0; 169 170 astat = yp_checkauth(svcreq); 171 172 if (astat != AUTH_OK) { 173 svcerr_auth(svcreq->rq_xprt, astat); 174 return(&res); 175 } 176 177 des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 178 netname = des_cred->adc_fullname.name; 179 180 res = localupdate(netname, "/etc/publickey", YPOP_DELETE, 181 args->key.yp_buf_len, args->key.yp_buf_val, 182 0, NULL); 183 184 if (res) 185 return (&res); 186 187 res = ypmap_update(netname, args->mapname, YPOP_DELETE, 188 args->key.yp_buf_len, args->key.yp_buf_val, 189 0, NULL); 190 191 return (&res); 192 } 193 194 unsigned int * 195 ypu_store_1_svc(struct ypupdate_args *args, struct svc_req *svcreq) 196 { 197 struct authdes_cred *des_cred; 198 static int res; 199 char *netname; 200 enum auth_stat astat; 201 202 res = 0; 203 204 astat = yp_checkauth(svcreq); 205 206 if (astat != AUTH_OK) { 207 svcerr_auth(svcreq->rq_xprt, astat); 208 return(&res); 209 } 210 211 des_cred = (struct authdes_cred *) svcreq->rq_clntcred; 212 netname = des_cred->adc_fullname.name; 213 214 res = localupdate(netname, "/etc/publickey", YPOP_STORE, 215 args->key.yp_buf_len, args->key.yp_buf_val, 216 args->datum.yp_buf_len, args->datum.yp_buf_val); 217 218 if (res) 219 return (&res); 220 221 res = ypmap_update(netname, args->mapname, YPOP_STORE, 222 args->key.yp_buf_len, args->key.yp_buf_val, 223 args->datum.yp_buf_len, args->datum.yp_buf_val); 224 225 return (&res); 226 } 227