diff options
| author | Mats O Jansson <maja@cvs.openbsd.org> | 1996-09-30 20:50:26 +0000 |
|---|---|---|
| committer | Mats O Jansson <maja@cvs.openbsd.org> | 1996-09-30 20:50:26 +0000 |
| commit | a42b2896f2ed00d7be5624328641e43d24114077 (patch) | |
| tree | 7f02d0bf521b390c7fb77dca51b0f4241ef3e226 /usr.sbin/ypserv | |
| parent | 78063c36a42449a1517960a6199aaff289dc2234 (diff) | |
Don't allow certain operations if not from a reserved port. -moj
Diffstat (limited to 'usr.sbin/ypserv')
| -rw-r--r-- | usr.sbin/ypserv/ypserv/ypserv_proc.c | 20 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypxfr/ypxfr.c | 17 |
2 files changed, 33 insertions, 4 deletions
diff --git a/usr.sbin/ypserv/ypserv/ypserv_proc.c b/usr.sbin/ypserv/ypserv/ypserv_proc.c index eb53cb2b531..501937e3e7e 100644 --- a/usr.sbin/ypserv/ypserv/ypserv_proc.c +++ b/usr.sbin/ypserv/ypserv/ypserv_proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ypserv_proc.c,v 1.5 1996/08/15 21:47:30 chuck Exp $ */ +/* $OpenBSD: ypserv_proc.c,v 1.6 1996/09/30 20:50:24 maja Exp $ */ /* * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> @@ -32,7 +32,7 @@ */ #ifndef LINT -static char rcsid[] = "$OpenBSD: ypserv_proc.c,v 1.5 1996/08/15 21:47:30 chuck Exp $"; +static char rcsid[] = "$OpenBSD: ypserv_proc.c,v 1.6 1996/09/30 20:50:24 maja Exp $"; #endif #include <rpc/rpc.h> @@ -258,6 +258,14 @@ ypproc_xfr_2_svc(argp, rqstp) YPLOG(" ipadd=%s, port=%d, map=%s", inet_ntoa(caller->sin_addr), argp->port, argp->map_parms.map); + if (ok) { + if (caller->sin_family != AF_INET || + caller->sin_port >= IPPORT_RESERVED || + caller->sin_port < IPPORT_RESERVED/2) { + ok = FALSE; + } + } + if (!ok) { svcerr_auth(rqstp->rq_xprt, AUTH_FAILED); return(NULL); @@ -308,6 +316,14 @@ ypproc_clear_2_svc(argp, rqstp) #endif ); + if (ok) { + if (caller->sin_family != AF_INET || + caller->sin_port >= IPPORT_RESERVED || + caller->sin_port < IPPORT_RESERVED/2) { + ok = FALSE; + } + } + if (!ok) { svcerr_auth(rqstp->rq_xprt, AUTH_FAILED); return(NULL); diff --git a/usr.sbin/ypserv/ypxfr/ypxfr.c b/usr.sbin/ypserv/ypxfr/ypxfr.c index 3865f83c915..964a1a3989a 100644 --- a/usr.sbin/ypserv/ypxfr/ypxfr.c +++ b/usr.sbin/ypserv/ypxfr/ypxfr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ypxfr.c,v 1.7 1996/08/15 22:16:31 chuck Exp $ */ +/* $OpenBSD: ypxfr.c,v 1.8 1996/09/30 20:50:25 maja Exp $ */ /* * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> @@ -32,7 +32,7 @@ */ #ifndef LINT -static char rcsid[] = "$OpenBSD: ypxfr.c,v 1.7 1996/08/15 22:16:31 chuck Exp $"; +static char rcsid[] = "$OpenBSD: ypxfr.c,v 1.8 1996/09/30 20:50:25 maja Exp $"; #endif #include <stdio.h> @@ -457,6 +457,7 @@ char *argv[]; CLIENT *client; char mapname[] = "ypdbXXXXXX"; int status,xfr_status; + int srvport; status = YPPUSH_SUCC; client = NULL; @@ -549,6 +550,18 @@ char *argv[]; }; if (status > 0) { + + yplog("Check for reserved port on host: %s", host); + + srvport = getrpcport(host,YPPROG,YPVERS,IPPROTO_TCP); + if (srvport >= IPPORT_RESERVED || + srvport < IPPORT_RESERVED/2) { + status = YPPUSH_REFUSED; + } + + } + + if (status > 0) { yplog("Connect host: %s", host); |