xref: /netbsd/usr.sbin/ypserv/ypserv/ypserv.c (revision bf9ec67e)
1 /*	$NetBSD: ypserv.c,v 1.15 2001/10/16 01:51:27 itojun Exp $	*/
2 
3 /*
4  * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. All advertising materials mentioning features or use of this software
16  *    must display the following acknowledgement:
17  *	This product includes software developed by Mats O Jansson
18  * 4. The name of the author may not be used to endorse or promote products
19  *    derived from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
22  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
23  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
25  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <sys/cdefs.h>
35 #ifndef lint
36 __RCSID("$NetBSD: ypserv.c,v 1.15 2001/10/16 01:51:27 itojun Exp $");
37 #endif
38 
39 #include <sys/types.h>
40 #include <sys/socket.h>
41 #include <sys/wait.h>
42 
43 #include <err.h>
44 #include <netdb.h>
45 #include <signal.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <syslog.h>
50 #include <unistd.h>
51 #include <util.h>
52 
53 #include <rpc/rpc.h>
54 #include <rpc/xdr.h>
55 #include <rpc/pmap_clnt.h>
56 
57 #include <rpcsvc/yp_prot.h>
58 
59 #include "ypdef.h"
60 #include "ypserv.h"
61 
62 #ifdef LIBWRAP
63 #include <tcpd.h>
64 
65 int allow_severity = LOG_DAEMON | LOG_INFO;
66 int deny_severity = LOG_DAEMON | LOG_WARNING;
67 
68 /* XXX For ypserv_proc.c -- NOT THREAD SAFE!  (like any of this code is) */
69 const char *clientstr;
70 const char *svcname;
71 #endif /* LIBWRAP */
72 
73 #ifdef __STDC__
74 #define SIG_PF void(*)(int)
75 #endif
76 
77 int	usedns;
78 #ifdef DEBUG
79 int	foreground = 1;
80 #else
81 int	foreground;
82 #endif
83 
84 #ifdef LIBWRAP
85 int	lflag;
86 #endif
87 
88 int	main __P((int, char *[]));
89 void	usage __P((void));
90 
91 void	sighandler __P((int));
92 
93 
94 static
95 void _msgout(int level, const char *msg)
96 {
97 	if (foreground)
98                 warnx("%s", msg);
99         else
100                 syslog(level, "%s", msg);
101 }
102 
103 static void
104 ypprog_2(struct svc_req *rqstp, SVCXPRT *transp)
105 {
106 	union {
107 		char * ypproc_domain_2_arg;
108 		char * ypproc_domain_nonack_2_arg;
109 		struct ypreq_key ypproc_match_2_arg;
110 		struct ypreq_nokey ypproc_first_2_arg;
111 		struct ypreq_key ypproc_next_2_arg;
112 		struct ypreq_xfr ypproc_xfr_2_arg;
113 		struct ypreq_nokey ypproc_all_2_arg;
114 		struct ypreq_nokey ypproc_master_2_arg;
115 		struct ypreq_nokey ypproc_order_2_arg;
116 		char * ypproc_maplist_2_arg;
117 	} argument;
118 	char *result;
119 	xdrproc_t xdr_argument, xdr_result;
120 	void *(*local) __P((void *, struct svc_req *));
121 #ifdef LIBWRAP
122 	struct request_info req;
123 	struct sockaddr *caller;
124 #define	SVCNAME(x)	svcname = x
125 #else
126 #define	SVCNAME(x)	/* nothing */
127 #endif
128 
129 #ifdef LIBWRAP
130 	caller = svc_getrpccaller(transp)->buf;
131 	request_init(&req, RQ_DAEMON, getprogname(), RQ_CLIENT_SIN, caller,
132 	    NULL);
133 	sock_methods(&req);
134 #endif
135 
136 	switch (rqstp->rq_proc) {
137 	case YPPROC_NULL:
138 		xdr_argument = xdr_void;
139 		xdr_result = xdr_void;
140 		local = ypproc_null_2_svc;
141 		SVCNAME("null_2");
142 		break;
143 
144 	case YPPROC_DOMAIN:
145 		xdr_argument = xdr_ypdomain_wrap_string;
146 		xdr_result = xdr_bool;
147 		local = ypproc_domain_2_svc;
148 		SVCNAME("domain_2");
149 		break;
150 
151 	case YPPROC_DOMAIN_NONACK:
152 		xdr_argument = xdr_ypdomain_wrap_string;
153 		xdr_result = xdr_bool;
154 		local = ypproc_domain_nonack_2_svc;
155 		SVCNAME("domain_nonack_2");
156 		break;
157 
158 	case YPPROC_MATCH:
159 		xdr_argument = xdr_ypreq_key;
160 		xdr_result = xdr_ypresp_val;
161 		local = ypproc_match_2_svc;
162 		SVCNAME("match_2");
163 		break;
164 
165 	case YPPROC_FIRST:
166 		xdr_argument = xdr_ypreq_nokey;
167 		xdr_result = xdr_ypresp_key_val;
168 		local = ypproc_first_2_svc;
169 		SVCNAME("first_2");
170 		break;
171 
172 	case YPPROC_NEXT:
173 		xdr_argument = xdr_ypreq_key;
174 		xdr_result = xdr_ypresp_key_val;
175 		local = ypproc_next_2_svc;
176 		SVCNAME("next_2");
177 		break;
178 
179 	case YPPROC_XFR:
180 		xdr_argument = xdr_ypreq_xfr;
181 		xdr_result = xdr_ypresp_xfr;
182 		local = ypproc_xfr_2_svc;
183 		SVCNAME("xfer_2");
184 		break;
185 
186 	case YPPROC_CLEAR:
187 		xdr_argument = xdr_void;
188 		xdr_result = xdr_void;
189 		local = ypproc_clear_2_svc;
190 		SVCNAME("clear_2");
191 		break;
192 
193 	case YPPROC_ALL:
194 		xdr_argument = xdr_ypreq_nokey;
195 		xdr_result = xdr_ypresp_all;
196 		local = ypproc_all_2_svc;
197 		SVCNAME("all_2");
198 		break;
199 
200 	case YPPROC_MASTER:
201 		xdr_argument = xdr_ypreq_nokey;
202 		xdr_result = xdr_ypresp_master;
203 		local = ypproc_master_2_svc;
204 		SVCNAME("master_2");
205 		break;
206 
207 	case YPPROC_ORDER:
208 		xdr_argument = xdr_ypreq_nokey;
209 		xdr_result = xdr_ypresp_order;
210 		local = ypproc_order_2_svc;
211 		SVCNAME("order_2");
212 		break;
213 
214 	case YPPROC_MAPLIST:
215 		xdr_argument = xdr_ypdomain_wrap_string;
216 		xdr_result = xdr_ypresp_maplist;
217 		local = ypproc_maplist_2_svc;
218 		SVCNAME("maplist_2");
219 		break;
220 
221 	default:
222 		svcerr_noproc(transp);
223 		return;
224 	}
225 
226 #ifdef LIBWRAP
227 	clientstr = eval_client(&req);
228 
229 	if (hosts_access(&req) == 0) {
230 		syslog(deny_severity,
231 		    "%s: refused request from %.500s", svcname, clientstr);
232 		svcerr_auth(transp, AUTH_FAILED);
233 		return;
234 	}
235 #endif
236 
237 	(void) memset((char *)&argument, 0, sizeof (argument));
238 	if (!svc_getargs(transp, xdr_argument, (caddr_t) &argument)) {
239 		svcerr_decode(transp);
240 		return;
241 	}
242 	result = (*local)(&argument, rqstp);
243 	if (result != NULL && !svc_sendreply(transp, xdr_result, result)) {
244 		svcerr_systemerr(transp);
245 	}
246 	if (!svc_freeargs(transp, xdr_argument, (caddr_t) &argument)) {
247 		_msgout(LOG_ERR, "unable to free arguments");
248 		exit(1);
249 	}
250 	return;
251 }
252 
253 /*
254  * limited NIS version 1 support: the null, domain, and domain_nonack
255  * request/reply format is identical between v1 and v2.  SunOS4's ypbind
256  * makes v1 domain_nonack calls.
257  */
258 static void
259 ypprog_1(struct svc_req *rqstp, SVCXPRT *transp)
260 {
261 	switch (rqstp->rq_proc) {
262 	case YPPROC_NULL:
263 	case YPPROC_DOMAIN:
264 	case YPPROC_DOMAIN_NONACK:
265 		ypprog_2(rqstp, transp);
266 		return;
267 
268 	default:
269 		svcerr_noproc(transp);
270 		return;
271 	}
272 }
273 
274 int
275 main(argc, argv)
276 	int argc;
277 	char *argv[];
278 {
279 	SVCXPRT *udptransp, *tcptransp, *udp6transp, *tcp6transp;
280 	struct netconfig *udpconf, *tcpconf, *udp6conf, *tcp6conf;
281 	int udpsock, tcpsock, udp6sock, tcp6sock;
282 	struct sigaction sa;
283 	int ch, xcreated = 0, one = 1;
284 
285 #ifdef LIBWRAP
286 #define	GETOPTSTR	"dfl"
287 #else
288 #define	GETOPTSTR	"df"
289 #endif
290 
291 	while ((ch = getopt(argc, argv, GETOPTSTR)) != -1) {
292 		switch (ch) {
293 		case 'd':
294 			usedns = 1;
295 			break;
296 		case 'f':
297 			foreground = 1;
298 			break;
299 
300 #ifdef LIBWRAP
301 		case 'l':
302 			lflag = 1;
303 			break;
304 #endif
305 		default:
306 			usage();
307 		}
308 	}
309 
310 #undef GETOPTSTR
311 
312 	/* This program must be run by root. */
313 	if (geteuid() != 0)
314 		errx(1, "must run as root");
315 
316 	if (foreground == 0 && daemon(0, 0))
317 		err(1, "can't detach");
318 
319 	openlog("ypserv", LOG_PID, LOG_DAEMON);
320 	syslog(LOG_INFO, "starting");
321 	pidfile(NULL);
322 
323 	(void) rpcb_unset(YPPROG, YPVERS, NULL);
324 	(void) rpcb_unset(YPPROG, YPVERS_ORIG, NULL);
325 
326 	udpsock  = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
327 	tcpsock  = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
328 	udp6sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
329 	tcp6sock = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
330 
331 	/*
332 	 * We're doing host-based access checks here, so don't allow
333 	 * v4-in-v6 to confuse things.
334 	 */
335 	if (udp6sock != -1 && setsockopt(udp6sock, IPPROTO_IPV6,
336 	    IPV6_V6ONLY, &one, sizeof(one)) < 0) {
337 		_msgout(LOG_ERR, "can't disable v4-in-v6 on UDP socket");
338 		exit(1);
339 	}
340 	if (tcp6sock != -1 && setsockopt(tcp6sock, IPPROTO_IPV6,
341 	    IPV6_V6ONLY, &one, sizeof(one)) < 0) {
342 		_msgout(LOG_ERR, "can't disable v4-in-v6 on TCP socket");
343 		exit(1);
344 	}
345 
346 	ypdb_init();	/* init db stuff */
347 
348 	sa.sa_handler = sighandler;
349 	sa.sa_flags = 0;
350 	if (sigemptyset(&sa.sa_mask)) {
351 		_msgout(LOG_ERR, "sigemptyset: %m");
352 		exit(1);
353 	}
354 	if (sigaction(SIGCHLD, &sa, NULL)) {
355 		_msgout(LOG_ERR, "sigaction: %m");
356 		exit(1);
357 	}
358 
359 	udpconf  = getnetconfigent("udp");
360 	tcpconf  = getnetconfigent("tcp");
361 	udp6conf = getnetconfigent("udp6");
362 	tcp6conf = getnetconfigent("tcp6");
363 
364 	if (udpsock != -1 && udpconf != NULL) {
365 		if (bindresvport(udpsock, NULL) == 0) {
366 			udptransp = svc_dg_create(udpsock, 0, 0);
367 			if (udptransp != NULL) {
368 				if (svc_reg(udptransp, YPPROG, YPVERS_ORIG,
369 					    ypprog_1, udpconf) == 0 ||
370 				    svc_reg(udptransp, YPPROG, YPVERS,
371 					    ypprog_2, udpconf) == 0)
372 					_msgout(LOG_WARNING,
373 					    "unable to register UDP service");
374 				else
375 					xcreated++;
376 			} else
377 				_msgout(LOG_WARNING,
378 				    "unable to create UDP service");
379 		} else
380 			_msgout(LOG_ERR, "unable to bind reserved UDP port");
381 		freenetconfigent(udpconf);
382 	}
383 
384 	if (tcpsock != -1 && tcpconf != NULL) {
385 		if (bindresvport(tcpsock, NULL) == 0) {
386 			listen(tcpsock, SOMAXCONN);
387 			tcptransp = svc_vc_create(tcpsock, 0, 0);
388 			if (tcptransp != NULL) {
389 				if (svc_reg(tcptransp, YPPROG, YPVERS_ORIG,
390 					    ypprog_1, tcpconf) == 0 ||
391 				    svc_reg(tcptransp, YPPROG, YPVERS,
392 					    ypprog_2, tcpconf) == 0)
393 					_msgout(LOG_WARNING,
394 					    "unable to register TCP service");
395 				else
396 					xcreated++;
397 			} else
398 				_msgout(LOG_WARNING,
399 				    "unable to create TCP service");
400 		} else
401 			_msgout(LOG_ERR, "unable to bind reserved TCP port");
402 		freenetconfigent(tcpconf);
403 	}
404 
405 	if (udp6sock != -1 && udp6conf != NULL) {
406 		if (bindresvport(udp6sock, NULL) == 0) {
407 			udp6transp = svc_dg_create(udp6sock, 0, 0);
408 			if (udp6transp != NULL) {
409 				if (svc_reg(udp6transp, YPPROG, YPVERS_ORIG,
410 					    ypprog_1, udp6conf) == 0 ||
411 				    svc_reg(udp6transp, YPPROG, YPVERS,
412 					    ypprog_2, udp6conf) == 0)
413 					_msgout(LOG_WARNING,
414 					    "unable to register UDP6 service");
415 				else
416 					xcreated++;
417 			} else
418 				_msgout(LOG_WARNING,
419 				    "unable to create UDP6 service");
420 		} else
421 			_msgout(LOG_ERR, "unable to bind reserved UDP6 port");
422 		freenetconfigent(udp6conf);
423 	}
424 
425 	if (tcp6sock != -1 && tcp6conf != NULL) {
426 		if (bindresvport(tcp6sock, NULL) == 0) {
427 			listen(tcp6sock, SOMAXCONN);
428 			tcp6transp = svc_vc_create(tcp6sock, 0, 0);
429 			if (tcp6transp != NULL) {
430 				if (svc_reg(tcp6transp, YPPROG, YPVERS_ORIG,
431 					    ypprog_1, tcp6conf) == 0 ||
432 				    svc_reg(tcp6transp,  YPPROG, YPVERS,
433 					    ypprog_2, tcp6conf) == 0)
434 					_msgout(LOG_WARNING,
435 					    "unable to register TCP6 service");
436 				else
437 					xcreated++;
438 			} else
439 				_msgout(LOG_WARNING,
440 				    "unable to create TCP6 service");
441 		} else
442 			_msgout(LOG_ERR, "unable to bind reserved TCP6 port");
443 		freenetconfigent(tcp6conf);
444 	}
445 
446 	if (xcreated == 0) {
447 		_msgout(LOG_ERR, "unable to create any services");
448 		exit(1);
449 	}
450 
451 	svc_run();
452 	_msgout(LOG_ERR, "svc_run returned");
453 	exit(1);
454 	/* NOTREACHED */
455 }
456 
457 void
458 sighandler(sig)
459 	int sig;
460 {
461 
462 	/* SIGCHLD */
463 	while (wait3((int *)NULL, WNOHANG, (struct rusage *)NULL) > 0);
464 }
465 
466 void
467 usage()
468 {
469 
470 #ifdef LIBWRAP
471 #define	USAGESTR	"usage: %s [-d] [-l]\n"
472 #else
473 #define	USAGESTR	"usage: %s [-d]\n"
474 #endif
475 
476 	fprintf(stderr, USAGESTR, getprogname());
477 	exit(1);
478 
479 #undef USAGESTR
480 }
481 
482 /*
483  * _yp_invalid_map: check if given map name isn't legal.
484  * returns non-zero if invalid
485  *
486  * XXX: this probably should be in libc/yp/yplib.c
487  */
488 int
489 _yp_invalid_map(map)
490 	const char *map;
491 {
492 	if (map == NULL || *map == '\0')
493 		return 1;
494 
495 	if (strlen(map) > YPMAXMAP)
496 		return 1;
497 
498 	if (strchr(map, '/') != NULL)
499 		return 1;
500 
501 	return 0;
502 }
503