1 /* $NetBSD: ypserv.c,v 1.18 2002/07/06 00:42:27 wiz Exp $ */ 2 3 /* 4 * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Mats O Jansson 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 22 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 23 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 25 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 #ifndef lint 36 __RCSID("$NetBSD: ypserv.c,v 1.18 2002/07/06 00:42:27 wiz Exp $"); 37 #endif 38 39 #include <sys/types.h> 40 #include <sys/socket.h> 41 #include <sys/wait.h> 42 43 #include <err.h> 44 #include <netdb.h> 45 #include <signal.h> 46 #include <stdio.h> 47 #include <stdlib.h> 48 #include <string.h> 49 #include <syslog.h> 50 #include <unistd.h> 51 #include <util.h> 52 53 #include <rpc/rpc.h> 54 #include <rpc/xdr.h> 55 #include <rpc/pmap_clnt.h> 56 57 #include <rpcsvc/yp_prot.h> 58 59 #include "ypdef.h" 60 #include "ypserv.h" 61 62 #ifdef LIBWRAP 63 #include <tcpd.h> 64 65 int allow_severity = LOG_DAEMON | LOG_INFO; 66 int deny_severity = LOG_DAEMON | LOG_WARNING; 67 68 /* XXX For ypserv_proc.c -- NOT THREAD SAFE! (like any of this code is) */ 69 const char *clientstr; 70 const char *svcname; 71 #endif /* LIBWRAP */ 72 73 int usedns; 74 #ifdef DEBUG 75 int foreground = 1; 76 #else 77 int foreground; 78 #endif 79 80 #ifdef LIBWRAP 81 int lflag; 82 #endif 83 84 int main(int, char *[]); 85 void usage(void); 86 87 void sighandler(int); 88 89 90 static 91 void _msgout(int level, const char *msg) 92 { 93 if (foreground) 94 warnx("%s", msg); 95 else 96 syslog(level, "%s", msg); 97 } 98 99 static void 100 ypprog_2(struct svc_req *rqstp, SVCXPRT *transp) 101 { 102 union { 103 char * ypproc_domain_2_arg; 104 char * ypproc_domain_nonack_2_arg; 105 struct ypreq_key ypproc_match_2_arg; 106 struct ypreq_nokey ypproc_first_2_arg; 107 struct ypreq_key ypproc_next_2_arg; 108 struct ypreq_xfr ypproc_xfr_2_arg; 109 struct ypreq_nokey ypproc_all_2_arg; 110 struct ypreq_nokey ypproc_master_2_arg; 111 struct ypreq_nokey ypproc_order_2_arg; 112 char * ypproc_maplist_2_arg; 113 } argument; 114 char *result; 115 xdrproc_t xdr_argument, xdr_result; 116 void *(*local)(void *, struct svc_req *); 117 #ifdef LIBWRAP 118 struct request_info req; 119 struct sockaddr *caller; 120 #define SVCNAME(x) svcname = x 121 #else 122 #define SVCNAME(x) /* nothing */ 123 #endif 124 125 #ifdef LIBWRAP 126 caller = svc_getrpccaller(transp)->buf; 127 request_init(&req, RQ_DAEMON, getprogname(), RQ_CLIENT_SIN, caller, 128 NULL); 129 sock_methods(&req); 130 #endif 131 132 switch (rqstp->rq_proc) { 133 case YPPROC_NULL: 134 xdr_argument = xdr_void; 135 xdr_result = xdr_void; 136 local = ypproc_null_2_svc; 137 SVCNAME("null_2"); 138 break; 139 140 case YPPROC_DOMAIN: 141 xdr_argument = xdr_ypdomain_wrap_string; 142 xdr_result = xdr_bool; 143 local = ypproc_domain_2_svc; 144 SVCNAME("domain_2"); 145 break; 146 147 case YPPROC_DOMAIN_NONACK: 148 xdr_argument = xdr_ypdomain_wrap_string; 149 xdr_result = xdr_bool; 150 local = ypproc_domain_nonack_2_svc; 151 SVCNAME("domain_nonack_2"); 152 break; 153 154 case YPPROC_MATCH: 155 xdr_argument = xdr_ypreq_key; 156 xdr_result = xdr_ypresp_val; 157 local = ypproc_match_2_svc; 158 SVCNAME("match_2"); 159 break; 160 161 case YPPROC_FIRST: 162 xdr_argument = xdr_ypreq_nokey; 163 xdr_result = xdr_ypresp_key_val; 164 local = ypproc_first_2_svc; 165 SVCNAME("first_2"); 166 break; 167 168 case YPPROC_NEXT: 169 xdr_argument = xdr_ypreq_key; 170 xdr_result = xdr_ypresp_key_val; 171 local = ypproc_next_2_svc; 172 SVCNAME("next_2"); 173 break; 174 175 case YPPROC_XFR: 176 xdr_argument = xdr_ypreq_xfr; 177 xdr_result = xdr_ypresp_xfr; 178 local = ypproc_xfr_2_svc; 179 SVCNAME("xfer_2"); 180 break; 181 182 case YPPROC_CLEAR: 183 xdr_argument = xdr_void; 184 xdr_result = xdr_void; 185 local = ypproc_clear_2_svc; 186 SVCNAME("clear_2"); 187 break; 188 189 case YPPROC_ALL: 190 xdr_argument = xdr_ypreq_nokey; 191 xdr_result = xdr_ypresp_all; 192 local = ypproc_all_2_svc; 193 SVCNAME("all_2"); 194 break; 195 196 case YPPROC_MASTER: 197 xdr_argument = xdr_ypreq_nokey; 198 xdr_result = xdr_ypresp_master; 199 local = ypproc_master_2_svc; 200 SVCNAME("master_2"); 201 break; 202 203 case YPPROC_ORDER: 204 xdr_argument = xdr_ypreq_nokey; 205 xdr_result = xdr_ypresp_order; 206 local = ypproc_order_2_svc; 207 SVCNAME("order_2"); 208 break; 209 210 case YPPROC_MAPLIST: 211 xdr_argument = xdr_ypdomain_wrap_string; 212 xdr_result = xdr_ypresp_maplist; 213 local = ypproc_maplist_2_svc; 214 SVCNAME("maplist_2"); 215 break; 216 217 default: 218 svcerr_noproc(transp); 219 return; 220 } 221 222 #ifdef LIBWRAP 223 clientstr = eval_client(&req); 224 225 if (hosts_access(&req) == 0) { 226 syslog(deny_severity, 227 "%s: refused request from %.500s", svcname, clientstr); 228 svcerr_auth(transp, AUTH_FAILED); 229 return; 230 } 231 #endif 232 233 (void) memset((char *)&argument, 0, sizeof (argument)); 234 if (!svc_getargs(transp, xdr_argument, (caddr_t) &argument)) { 235 svcerr_decode(transp); 236 return; 237 } 238 result = (*local)(&argument, rqstp); 239 if (result != NULL && !svc_sendreply(transp, xdr_result, result)) { 240 svcerr_systemerr(transp); 241 } 242 if (!svc_freeargs(transp, xdr_argument, (caddr_t) &argument)) { 243 _msgout(LOG_ERR, "unable to free arguments"); 244 exit(1); 245 } 246 return; 247 } 248 249 /* 250 * limited NIS version 1 support: the null, domain, and domain_nonack 251 * request/reply format is identical between v1 and v2. SunOS4's ypbind 252 * makes v1 domain_nonack calls. 253 */ 254 static void 255 ypprog_1(struct svc_req *rqstp, SVCXPRT *transp) 256 { 257 switch (rqstp->rq_proc) { 258 case YPPROC_NULL: 259 case YPPROC_DOMAIN: 260 case YPPROC_DOMAIN_NONACK: 261 ypprog_2(rqstp, transp); 262 return; 263 264 default: 265 svcerr_noproc(transp); 266 return; 267 } 268 } 269 270 int 271 main(int argc, char *argv[]) 272 { 273 SVCXPRT *udptransp, *tcptransp, *udp6transp, *tcp6transp; 274 struct netconfig *udpconf, *tcpconf, *udp6conf, *tcp6conf; 275 int udpsock, tcpsock, udp6sock, tcp6sock; 276 struct sigaction sa; 277 int ch, xcreated = 0, one = 1; 278 279 #ifdef LIBWRAP 280 #define GETOPTSTR "dfl" 281 #else 282 #define GETOPTSTR "df" 283 #endif 284 285 while ((ch = getopt(argc, argv, GETOPTSTR)) != -1) { 286 switch (ch) { 287 case 'd': 288 usedns = 1; 289 break; 290 case 'f': 291 foreground = 1; 292 break; 293 294 #ifdef LIBWRAP 295 case 'l': 296 lflag = 1; 297 break; 298 #endif 299 default: 300 usage(); 301 } 302 } 303 304 #undef GETOPTSTR 305 306 /* This program must be run by root. */ 307 if (geteuid() != 0) 308 errx(1, "must run as root"); 309 310 if (foreground == 0 && daemon(0, 0)) 311 err(1, "can't detach"); 312 313 openlog("ypserv", LOG_PID, LOG_DAEMON); 314 syslog(LOG_INFO, "starting"); 315 pidfile(NULL); 316 317 (void) rpcb_unset(YPPROG, YPVERS, NULL); 318 (void) rpcb_unset(YPPROG, YPVERS_ORIG, NULL); 319 320 udpsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); 321 tcpsock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 322 udp6sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP); 323 tcp6sock = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP); 324 325 /* 326 * We're doing host-based access checks here, so don't allow 327 * v4-in-v6 to confuse things. 328 */ 329 if (udp6sock != -1 && setsockopt(udp6sock, IPPROTO_IPV6, 330 IPV6_V6ONLY, &one, sizeof(one)) < 0) { 331 _msgout(LOG_ERR, "can't disable v4-in-v6 on UDP socket"); 332 exit(1); 333 } 334 if (tcp6sock != -1 && setsockopt(tcp6sock, IPPROTO_IPV6, 335 IPV6_V6ONLY, &one, sizeof(one)) < 0) { 336 _msgout(LOG_ERR, "can't disable v4-in-v6 on TCP socket"); 337 exit(1); 338 } 339 340 ypdb_init(); /* init db stuff */ 341 342 sa.sa_handler = sighandler; 343 sa.sa_flags = 0; 344 if (sigemptyset(&sa.sa_mask)) { 345 _msgout(LOG_ERR, "sigemptyset: %m"); 346 exit(1); 347 } 348 if (sigaction(SIGCHLD, &sa, NULL)) { 349 _msgout(LOG_ERR, "sigaction: %m"); 350 exit(1); 351 } 352 353 udpconf = getnetconfigent("udp"); 354 tcpconf = getnetconfigent("tcp"); 355 udp6conf = getnetconfigent("udp6"); 356 tcp6conf = getnetconfigent("tcp6"); 357 358 if (udpsock != -1 && udpconf != NULL) { 359 if (bindresvport(udpsock, NULL) == 0) { 360 udptransp = svc_dg_create(udpsock, 0, 0); 361 if (udptransp != NULL) { 362 if (svc_reg(udptransp, YPPROG, YPVERS_ORIG, 363 ypprog_1, udpconf) == 0 || 364 svc_reg(udptransp, YPPROG, YPVERS, 365 ypprog_2, udpconf) == 0) 366 _msgout(LOG_WARNING, 367 "unable to register UDP service"); 368 else 369 xcreated++; 370 } else 371 _msgout(LOG_WARNING, 372 "unable to create UDP service"); 373 } else 374 _msgout(LOG_ERR, "unable to bind reserved UDP port"); 375 freenetconfigent(udpconf); 376 } 377 378 if (tcpsock != -1 && tcpconf != NULL) { 379 if (bindresvport(tcpsock, NULL) == 0) { 380 listen(tcpsock, SOMAXCONN); 381 tcptransp = svc_vc_create(tcpsock, 0, 0); 382 if (tcptransp != NULL) { 383 if (svc_reg(tcptransp, YPPROG, YPVERS_ORIG, 384 ypprog_1, tcpconf) == 0 || 385 svc_reg(tcptransp, YPPROG, YPVERS, 386 ypprog_2, tcpconf) == 0) 387 _msgout(LOG_WARNING, 388 "unable to register TCP service"); 389 else 390 xcreated++; 391 } else 392 _msgout(LOG_WARNING, 393 "unable to create TCP service"); 394 } else 395 _msgout(LOG_ERR, "unable to bind reserved TCP port"); 396 freenetconfigent(tcpconf); 397 } 398 399 if (udp6sock != -1 && udp6conf != NULL) { 400 if (bindresvport(udp6sock, NULL) == 0) { 401 udp6transp = svc_dg_create(udp6sock, 0, 0); 402 if (udp6transp != NULL) { 403 if (svc_reg(udp6transp, YPPROG, YPVERS_ORIG, 404 ypprog_1, udp6conf) == 0 || 405 svc_reg(udp6transp, YPPROG, YPVERS, 406 ypprog_2, udp6conf) == 0) 407 _msgout(LOG_WARNING, 408 "unable to register UDP6 service"); 409 else 410 xcreated++; 411 } else 412 _msgout(LOG_WARNING, 413 "unable to create UDP6 service"); 414 } else 415 _msgout(LOG_ERR, "unable to bind reserved UDP6 port"); 416 freenetconfigent(udp6conf); 417 } 418 419 if (tcp6sock != -1 && tcp6conf != NULL) { 420 if (bindresvport(tcp6sock, NULL) == 0) { 421 listen(tcp6sock, SOMAXCONN); 422 tcp6transp = svc_vc_create(tcp6sock, 0, 0); 423 if (tcp6transp != NULL) { 424 if (svc_reg(tcp6transp, YPPROG, YPVERS_ORIG, 425 ypprog_1, tcp6conf) == 0 || 426 svc_reg(tcp6transp, YPPROG, YPVERS, 427 ypprog_2, tcp6conf) == 0) 428 _msgout(LOG_WARNING, 429 "unable to register TCP6 service"); 430 else 431 xcreated++; 432 } else 433 _msgout(LOG_WARNING, 434 "unable to create TCP6 service"); 435 } else 436 _msgout(LOG_ERR, "unable to bind reserved TCP6 port"); 437 freenetconfigent(tcp6conf); 438 } 439 440 if (xcreated == 0) { 441 _msgout(LOG_ERR, "unable to create any services"); 442 exit(1); 443 } 444 445 svc_run(); 446 _msgout(LOG_ERR, "svc_run returned"); 447 exit(1); 448 /* NOTREACHED */ 449 } 450 451 void 452 sighandler(int sig) 453 { 454 455 /* SIGCHLD */ 456 while (wait3((int *)NULL, WNOHANG, (struct rusage *)NULL) > 0); 457 } 458 459 void 460 usage(void) 461 { 462 463 #ifdef LIBWRAP 464 #define USAGESTR "usage: %s [-d] [-l]\n" 465 #else 466 #define USAGESTR "usage: %s [-d]\n" 467 #endif 468 469 fprintf(stderr, USAGESTR, getprogname()); 470 exit(1); 471 472 #undef USAGESTR 473 } 474 475 /* 476 * _yp_invalid_map: check if given map name isn't legal. 477 * returns non-zero if invalid 478 * 479 * XXX: this probably should be in libc/yp/yplib.c 480 */ 481 int 482 _yp_invalid_map(const char *map) 483 { 484 if (map == NULL || *map == '\0') 485 return 1; 486 487 if (strlen(map) > YPMAXMAP) 488 return 1; 489 490 if (strchr(map, '/') != NULL) 491 return 1; 492 493 return 0; 494 } 495