1/*-
2 * SPDX-License-Identifier: BSD-4-Clause
3 *
4 * Copyright (c) 1995, 1996
5 *      Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 *    must display the following acknowledgement:
17 *      This product includes software developed by Bill Paul.
18 * 4. Neither the name of the author nor the names of any co-contributors
19 *    may be used to endorse or promote products derived from this software
20 *    without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * ypupdate server implementation
35 *
36 * Written by Bill Paul <wpaul@ctr.columbia.edu>
37 * Center for Telecommunications Research
38 * Columbia University, New York City
39 */
40
41#include <sys/cdefs.h>
42__FBSDID("$FreeBSD$");
43
44#include <stdio.h>
45#include <rpc/rpc.h>
46#include <rpc/key_prot.h>
47#include <sys/param.h>
48#include <rpcsvc/yp.h>
49#include "ypupdate_prot.h"
50#include "ypupdated_extern.h"
51#include "yp_extern.h"
52#include "ypxfr_extern.h"
53
54int children = 0;
55int forked = 0;
56
57/*
58 * Try to avoid spoofing: if a client chooses to use a very large
59 * window and then tries a bunch of randomly chosen encrypted timestamps,
60 * there's a chance he might stumble onto a valid combination.
61 * We therefore reject any RPCs with a window size larger than a preset
62 * value.
63 */
64#ifndef WINDOW
65#define WINDOW (60*60)
66#endif
67
68static enum auth_stat
69yp_checkauth(struct svc_req *svcreq)
70{
71	struct authdes_cred *des_cred;
72
73	switch (svcreq->rq_cred.oa_flavor) {
74	case AUTH_DES:
75		des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
76		if (des_cred->adc_fullname.window > WINDOW) {
77			yp_error("warning: client-specified window size \
78was too large -- possible spoof attempt");
79			return(AUTH_BADCRED);
80		}
81		return(AUTH_OK);
82		break;
83	case AUTH_UNIX:
84	case AUTH_NONE:
85		yp_error("warning: client didn't use DES authentication");
86		return(AUTH_TOOWEAK);
87		break;
88	default:
89		yp_error("client used unknown auth flavor");
90		return(AUTH_REJECTEDCRED);
91		break;
92	}
93}
94
95unsigned int *
96ypu_change_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
97{
98	struct authdes_cred *des_cred;
99	static int res;
100	char *netname;
101	enum auth_stat astat;
102
103	res = 0;
104
105	astat = yp_checkauth(svcreq);
106
107	if (astat != AUTH_OK) {
108		svcerr_auth(svcreq->rq_xprt, astat);
109		return(&res);
110	}
111
112	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
113	netname = des_cred->adc_fullname.name;
114
115	res = localupdate(netname, "/etc/publickey", YPOP_CHANGE,
116		args->key.yp_buf_len, args->key.yp_buf_val,
117		args->datum.yp_buf_len, args->datum.yp_buf_val);
118
119	if (res)
120		return (&res);
121
122	res = ypmap_update(netname, args->mapname, YPOP_CHANGE,
123		args->key.yp_buf_len, args->key.yp_buf_val,
124		args->datum.yp_buf_len, args->datum.yp_buf_val);
125
126	return (&res);
127}
128
129unsigned int *
130ypu_insert_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
131{
132	struct authdes_cred *des_cred;
133	static int res;
134	char *netname;
135	enum auth_stat astat;
136
137	res = 0;
138
139	astat = yp_checkauth(svcreq);
140
141	if (astat != AUTH_OK) {
142		svcerr_auth(svcreq->rq_xprt, astat);
143		return(&res);
144	}
145
146	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
147	netname = des_cred->adc_fullname.name;
148
149	res = localupdate(netname, "/etc/publickey", YPOP_INSERT,
150		args->key.yp_buf_len, args->key.yp_buf_val,
151		args->datum.yp_buf_len, args->datum.yp_buf_val);
152
153	if (res)
154		return (&res);
155
156	res = ypmap_update(netname, args->mapname, YPOP_INSERT,
157		args->key.yp_buf_len, args->key.yp_buf_val,
158		args->datum.yp_buf_len, args->datum.yp_buf_val);
159
160	return (&res);
161}
162
163unsigned int *
164ypu_delete_1_svc(struct ypdelete_args *args, struct svc_req *svcreq)
165{
166	struct authdes_cred *des_cred;
167	static int res;
168	char *netname;
169	enum auth_stat astat;
170
171	res = 0;
172
173	astat = yp_checkauth(svcreq);
174
175	if (astat != AUTH_OK) {
176		svcerr_auth(svcreq->rq_xprt, astat);
177		return(&res);
178	}
179
180	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
181	netname = des_cred->adc_fullname.name;
182
183	res = localupdate(netname, "/etc/publickey", YPOP_DELETE,
184		args->key.yp_buf_len, args->key.yp_buf_val,
185		0,			NULL);
186
187	if (res)
188		return (&res);
189
190	res = ypmap_update(netname, args->mapname, YPOP_DELETE,
191		args->key.yp_buf_len, args->key.yp_buf_val,
192		0,			NULL);
193
194	return (&res);
195}
196
197unsigned int *
198ypu_store_1_svc(struct ypupdate_args *args, struct svc_req *svcreq)
199{
200	struct authdes_cred *des_cred;
201	static int res;
202	char *netname;
203	enum auth_stat astat;
204
205	res = 0;
206
207	astat = yp_checkauth(svcreq);
208
209	if (astat != AUTH_OK) {
210		svcerr_auth(svcreq->rq_xprt, astat);
211		return(&res);
212	}
213
214	des_cred = (struct authdes_cred *) svcreq->rq_clntcred;
215	netname = des_cred->adc_fullname.name;
216
217	res = localupdate(netname, "/etc/publickey", YPOP_STORE,
218		args->key.yp_buf_len, args->key.yp_buf_val,
219		args->datum.yp_buf_len, args->datum.yp_buf_val);
220
221	if (res)
222		return (&res);
223
224	res = ypmap_update(netname, args->mapname, YPOP_STORE,
225		args->key.yp_buf_len, args->key.yp_buf_val,
226		args->datum.yp_buf_len, args->datum.yp_buf_val);
227
228	return (&res);
229}
230