1 /*
2  * Copyright (c) 1995, 1996
3  *      Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *      This product includes software developed by Bill Paul.
16  * 4. Neither the name of the author nor the names of any co-contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * ypupdate server implementation
33  *
34  * Written by Bill Paul <wpaul@ctr.columbia.edu>
35  * Center for Telecommunications Research
36  * Columbia University, New York City
37  *
38  * $FreeBSD: src/usr.sbin/rpc.ypupdated/ypupdated_server.c,v 1.7 2003/05/03 21:06:40 obrien Exp $
39  */
40 
41 #include <stdio.h>
42 #include <rpc/rpc.h>
43 #include <rpc/key_prot.h>
44 #include <sys/param.h>
45 #include <rpcsvc/yp.h>
46 #include "ypupdate_prot.h"
47 #include "ypupdated_extern.h"
48 #include "yp_extern.h"
49 #include "ypxfr_extern.h"
50 
51 int children = 0;
52 int forked = 0;
53 
54 /*
55  * Try to avoid spoofing: if a client chooses to use a very large
56  * window and then tries a bunch of randomly chosen encrypted timestamps,
57  * there's a chance he might stumble onto a valid combination.
58  * We therefore reject any RPCs with a window size larger than a preset
59  * value.
60  */
61 #ifndef WINDOW
62 #define WINDOW (60*60)
63 #endif
64 
65 static enum auth_stat
66 yp_checkauth(struct svc_req *svcreq)
67 {
68 	struct authdes_cred *des_cred;
69 
70 	switch (svcreq->rq_cred.oa_flavor) {
71 	case AUTH_DES:
72 		des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
73 		if (des_cred->adc_fullname.window > WINDOW) {
74 			yp_error("warning: client-specified window size \
75 was too large -- possible spoof attempt");
76 			return(AUTH_BADCRED);
77 		}
78 		return(AUTH_OK);
79 		break;
80 	case AUTH_UNIX:
81 	case AUTH_NONE:
82 		yp_error("warning: client didn't use DES authentication");
83 		return(AUTH_TOOWEAK);
84 		break;
85 	default:
86 		yp_error("client used unknown auth flavor");
87 		return(AUTH_REJECTEDCRED);
88 		break;
89 	}
90 }
91 
92 unsigned int *
93 ypu_change_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
94 {
95 	struct authdes_cred *des_cred;
96 	static int res;
97 	char *netname;
98 	enum auth_stat astat;
99 
100 	res = 0;
101 
102 	astat = yp_checkauth(svcreq);
103 
104 	if (astat != AUTH_OK) {
105 		svcerr_auth(svcreq->rq_xprt, astat);
106 		return(&res);
107 	}
108 
109 	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
110 	netname = des_cred->adc_fullname.name;
111 
112 	res = localupdate(netname, "/etc/publickey", YPOP_CHANGE,
113 		args->key.yp_buf_len, args->key.yp_buf_val,
114 		args->datum.yp_buf_len, args->datum.yp_buf_val);
115 
116 	if (res)
117 		return (&res);
118 
119 	res = ypmap_update(netname, args->mapname, YPOP_CHANGE,
120 		args->key.yp_buf_len, args->key.yp_buf_val,
121 		args->datum.yp_buf_len, args->datum.yp_buf_val);
122 
123 	return (&res);
124 }
125 
126 unsigned int *
127 ypu_insert_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
128 {
129 	struct authdes_cred *des_cred;
130 	static int res;
131 	char *netname;
132 	enum auth_stat astat;
133 
134 	res = 0;
135 
136 	astat = yp_checkauth(svcreq);
137 
138 	if (astat != AUTH_OK) {
139 		svcerr_auth(svcreq->rq_xprt, astat);
140 		return(&res);
141 	}
142 
143 	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
144 	netname = des_cred->adc_fullname.name;
145 
146 	res = localupdate(netname, "/etc/publickey", YPOP_INSERT,
147 		args->key.yp_buf_len, args->key.yp_buf_val,
148 		args->datum.yp_buf_len, args->datum.yp_buf_val);
149 
150 	if (res)
151 		return (&res);
152 
153 	res = ypmap_update(netname, args->mapname, YPOP_INSERT,
154 		args->key.yp_buf_len, args->key.yp_buf_val,
155 		args->datum.yp_buf_len, args->datum.yp_buf_val);
156 
157 	return (&res);
158 }
159 
160 unsigned int *
161 ypu_delete_1_svc(struct ypdelete_args *args, struct svc_req *svcreq)
162 {
163 	struct authdes_cred *des_cred;
164 	static int res;
165 	char *netname;
166 	enum auth_stat astat;
167 
168 	res = 0;
169 
170 	astat = yp_checkauth(svcreq);
171 
172 	if (astat != AUTH_OK) {
173 		svcerr_auth(svcreq->rq_xprt, astat);
174 		return(&res);
175 	}
176 
177 	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
178 	netname = des_cred->adc_fullname.name;
179 
180 	res = localupdate(netname, "/etc/publickey", YPOP_DELETE,
181 		args->key.yp_buf_len, args->key.yp_buf_val,
182 		0,			NULL);
183 
184 	if (res)
185 		return (&res);
186 
187 	res = ypmap_update(netname, args->mapname, YPOP_DELETE,
188 		args->key.yp_buf_len, args->key.yp_buf_val,
189 		0,			NULL);
190 
191 	return (&res);
192 }
193 
194 unsigned int *
195 ypu_store_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
196 {
197 	struct authdes_cred *des_cred;
198 	static int res;
199 	char *netname;
200 	enum auth_stat astat;
201 
202 	res = 0;
203 
204 	astat = yp_checkauth(svcreq);
205 
206 	if (astat != AUTH_OK) {
207 		svcerr_auth(svcreq->rq_xprt, astat);
208 		return(&res);
209 	}
210 
211 	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
212 	netname = des_cred->adc_fullname.name;
213 
214 	res = localupdate(netname, "/etc/publickey", YPOP_STORE,
215 		args->key.yp_buf_len, args->key.yp_buf_val,
216 		args->datum.yp_buf_len, args->datum.yp_buf_val);
217 
218 	if (res)
219 		return (&res);
220 
221 	res = ypmap_update(netname, args->mapname, YPOP_STORE,
222 		args->key.yp_buf_len, args->key.yp_buf_val,
223 		args->datum.yp_buf_len, args->datum.yp_buf_val);
224 
225 	return (&res);
226 }
227