-/* $OpenBSD: ypserv_db.c,v 1.9 1996/12/02 21:14:16 deraadt Exp $ */
+/* $OpenBSD: ypserv_db.c,v 1.10 1997/03/11 09:12:25 maja Exp $ */
/*
* Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
*/
#ifndef LINT
-static char rcsid[] = "$OpenBSD: ypserv_db.c,v 1.9 1996/12/02 21:14:16 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: ypserv_db.c,v 1.10 1997/03/11 09:12:25 maja Exp $";
#endif
/*
DBM *db; /* database */
struct opt_domain *dom; /* back ptr to our domain */
int host_lookup; /* host lookup */
+ int secure; /* secure map? */
CIRCLEQ_ENTRY(opt_map) mapsq; /* map queue pointers */
LIST_ENTRY(opt_map) mapsl; /* map list pointers */
};
{
char map_path[MAXPATHLEN];
static char *domain_key = YP_INTERDOMAIN_KEY;
+ static char *secure_key = YP_SECURE_KEY;
struct stat finfo;
DBM *db;
int fd;
m->host_lookup = TRUE;
}
}
+ m->secure = FALSE;
+ k.dptr = secure_key;
+ k.dsize = YP_SECURE_LEN;
+ v = ypdb_fetch(db,k);
+ if (v.dptr) m->secure = TRUE;
*status = YP_TRUE;
if (map_info) *map_info = m;
#ifdef DEBUG
- yplog(" ypdb_open_db: NEW MAP domain=%s, map=%s, hl=%d, db=0x%x",
- domain, map, m->host_lookup, m->db);
+ yplog(" ypdb_open_db: NEW MAP domain=%s, map=%s, hl=%d, s=%d, db=0x%x",
+ domain, map, m->host_lookup, m->secure, m->db);
#endif
return(m->db);
}
return (TRUE);
}
+
+int
+ypdb_secure(domain, map)
+ domainname domain;
+ mapname map;
+{
+ static ypresp_val res;
+ DBM *db;
+ int secure;
+ struct opt_map *map_info = NULL;
+
+ bzero((char *)&res, sizeof(res));
+ secure = FALSE;
+
+ db = ypdb_open_db(domain, map, &res.stat, &map_info);
+ if (!db || res.stat < 0)
+ return(secure); /* ? */
+ if (map_info)
+ secure = map_info->secure;
+
+ ypdb_close_db(db);
+ return(secure);
+}
+
-/* $OpenBSD: ypserv_proc.c,v 1.8 1996/10/03 19:50:57 deraadt Exp $ */
+/* $OpenBSD: ypserv_proc.c,v 1.9 1997/03/11 09:12:27 maja Exp $ */
/*
* Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
*/
#ifndef LINT
-static char rcsid[] = "$OpenBSD: ypserv_proc.c,v 1.8 1996/10/03 19:50:57 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: ypserv_proc.c,v 1.9 1997/03/11 09:12:27 maja Exp $";
#endif
#include <rpc/rpc.h>
extern ypresp_master ypdb_get_master();
extern bool_t ypdb_xdr_get_all();
extern void ypdb_close_all();
+extern int ypdb_secure();
static char *True = "true";
static char *False = "FALSE";
int ok = acl_check_host(&caller->sin_addr);
YPLOG("null_2: caller=[%s].%d, auth_ok=%s",
- inet_ntoa(caller->sin_addr), ntohs(caller->sin_port), TORF(ok));
+ inet_ntoa(caller->sin_addr), ntohs(caller->sin_port), TORF(ok));
if (!ok) {
svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
(finfo.st_mode & S_IFDIR));
YPLOG("domain_2: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
- inet_ntoa(caller->sin_addr), ntohs(caller->sin_port),
- TORF(ok), *argp, TORF(result));
+ inet_ntoa(caller->sin_addr), ntohs(caller->sin_port),
+ TORF(ok), *argp, TORF(result));
if (!ok) {
svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
static ypresp_val res;
struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt);
int ok = acl_check_host(&caller->sin_addr);
+ int secure = ypdb_secure(argp->domain,argp->map);
YPLOG(
- "match_2: caller=[%s].%d, auth_ok=%s, domain=%s, map=%s, key=%.*s",
- inet_ntoa(caller->sin_addr), ntohs(caller->sin_port), TORF(ok),
+ "match_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
+ inet_ntoa(caller->sin_addr), ntohs(caller->sin_port),
+ TORF(ok), TORF(secure),
argp->domain, argp->map, argp->key.keydat_len, argp->key.keydat_val);
if (!ok) {
return(NULL);
}
- res = ypdb_get_record(argp->domain,argp->map,argp->key, FALSE);
-
+ if (secure && (ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+ res.stat = YP_YPERR;
+ } else {
+ res = ypdb_get_record(argp->domain,argp->map,argp->key, FALSE);
+ }
+
#ifdef DEBUG
yplog(" match2_status: %s", yperr_string(ypprot_err(res.stat)));
#endif
static ypresp_key_val res;
struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt);
int ok = acl_check_host(&caller->sin_addr);
+ int secure = ypdb_secure(argp->domain,argp->map);
- YPLOG( "first_2: caller=[%s].%d, auth_ok=%s, domain=%s, map=%s",
- inet_ntoa(caller->sin_addr), ntohs(caller->sin_port), TORF(ok),
+ YPLOG( "first_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
+ inet_ntoa(caller->sin_addr), ntohs(caller->sin_port),
+ TORF(ok), TORF(secure),
argp->domain, argp->map);
if (!ok) {
return(NULL);
}
- res = ypdb_get_first(argp->domain,argp->map,FALSE);
+ if (secure && (ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+ res.stat = YP_YPERR;
+ } else {
+ res = ypdb_get_first(argp->domain,argp->map,FALSE);
+ }
#ifdef DEBUG
yplog(" first2_status: %s", yperr_string(ypprot_err(res.stat)));
static ypresp_key_val res;
struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt);
int ok = acl_check_host(&caller->sin_addr);
+ int secure = ypdb_secure(argp->domain,argp->map);
YPLOG(
- "next_2: caller=[%s].%d, auth_ok=%s, domain=%s, map=%s, key=%.*s",
- inet_ntoa(caller->sin_addr), ntohs(caller->sin_port), TORF(ok),
+ "next_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
+ inet_ntoa(caller->sin_addr), ntohs(caller->sin_port),
+ TORF(ok), TORF(secure),
argp->domain, argp->map, argp->key.keydat_len, argp->key.keydat_val);
if (!ok) {
return(NULL);
}
- res = ypdb_get_next(argp->domain,argp->map,argp->key,FALSE);
-
+ if (secure && (ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+ res.stat = YP_YPERR;
+ } else {
+ res = ypdb_get_next(argp->domain,argp->map,argp->key,FALSE);
+ }
#ifdef DEBUG
yplog(" next2_status: %s", yperr_string(ypprot_err(res.stat)));
pid_t pid;
struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt);
int ok = acl_check_host(&caller->sin_addr);
+ int secure = ypdb_secure(argp->domain,argp->map);
- YPLOG( "all_2: caller=[%s].%d, auth_ok=%s, domain=%s, map=%s",
- inet_ntoa(caller->sin_addr), ntohs(caller->sin_port), TORF(ok),
- argp->domain, argp->map);
+ YPLOG( "all_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
+ inet_ntoa(caller->sin_addr), ntohs(caller->sin_port),
+ TORF(ok), TORF(secure), argp->domain, argp->map);
if (!ok) {
svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
bzero((char *)&res, sizeof(res));
+ if (secure && (ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+ res.ypresp_all_u.val.stat = YP_YPERR;
+ return(&res);
+ }
+
pid = fork();
if (pid) {
- if (pid == -1) {
- /* XXXCDC An error has occurred */
- }
-
- return(NULL); /* PARENT: continue */
-
+ if (pid == -1) {
+ /* XXXCDC An error has occurred */
+ }
+
+ return(NULL); /* PARENT: continue */
+
}
/* CHILD: send result, then exit */
static peername nopeer = "";
struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt);
int ok = acl_check_host(&caller->sin_addr);
+ int secure = ypdb_secure(argp->domain,argp->map);
- YPLOG( "master_2: caller=[%s].%d, auth_ok=%s, domain=%s, map=%s",
- inet_ntoa(caller->sin_addr), ntohs(caller->sin_port), TORF(ok),
- argp->domain, argp->map);
+ YPLOG( "master_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
+ inet_ntoa(caller->sin_addr), ntohs(caller->sin_port),
+ TORF(ok), TORF(secure), argp->domain, argp->map);
if (!ok) {
svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
return(NULL);
}
- res = ypdb_get_master(argp->domain,argp->map);
+ if (secure && (ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+ res.stat = YP_YPERR;
+ } else {
+ res = ypdb_get_master(argp->domain,argp->map);
+ }
#ifdef DEBUG
yplog(" master2_status: %s", yperr_string(ypprot_err(res.stat)));
/* xdr_string in ypserv_xdr.c may be a better place? */
if (res.peer == NULL) {
- res.peer = nopeer;
+ res.peer = nopeer;
}
/* End of fix */
static ypresp_order res;
struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt);
int ok = acl_check_host(&caller->sin_addr);
+ int secure = ypdb_secure(argp->domain,argp->map);
- YPLOG( "order_2: caller=[%s].%d, auth_ok=%s, domain=%s, map=%s",
- inet_ntoa(caller->sin_addr), ntohs(caller->sin_port), TORF(ok),
- argp->domain, argp->map);
+ YPLOG( "order_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
+ inet_ntoa(caller->sin_addr), ntohs(caller->sin_port),
+ TORF(ok), TORF(secure), argp->domain, argp->map);
if (!ok) {
svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
return(NULL);
}
- res = ypdb_get_order(argp->domain,argp->map);
+ if (secure && (ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+ res.stat = YP_YPERR;
+ } else {
+ res = ypdb_get_order(argp->domain,argp->map);
+ }
#ifdef DEBUG
yplog(" order2_status: %s", yperr_string(ypprot_err(res.stat)));
projects / openbsd / commitdiff