diff options
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/Makefile | 6 | ||||
| -rw-r--r-- | usr.sbin/makedbm/Makefile | 11 | ||||
| -rw-r--r-- | usr.sbin/makedbm/TODO | 2 | ||||
| -rw-r--r-- | usr.sbin/makedbm/makedbm.8 | 87 | ||||
| -rw-r--r-- | usr.sbin/makedbm/makedbm.c | 389 | ||||
| -rw-r--r-- | usr.sbin/stdhosts/Makefile | 7 | ||||
| -rw-r--r-- | usr.sbin/stdhosts/stdhosts.8 | 53 | ||||
| -rw-r--r-- | usr.sbin/stdhosts/stdhosts.c | 144 | ||||
| -rw-r--r-- | usr.sbin/ypserv/Makefile | 9 | ||||
| -rw-r--r-- | usr.sbin/ypserv/acl.c | 596 | ||||
| -rw-r--r-- | usr.sbin/ypserv/acl.h | 84 | ||||
| -rw-r--r-- | usr.sbin/ypserv/securenet | 4 | ||||
| -rw-r--r-- | usr.sbin/ypserv/securenet.5 | 72 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypdb.c | 239 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypdb.h | 77 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypdef.h | 70 | ||||
| -rw-r--r-- | usr.sbin/ypserv/yplog.c | 130 | ||||
| -rw-r--r-- | usr.sbin/ypserv/yplog.h | 47 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypserv.8 | 110 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypserv.acl | 43 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypserv.acl.5 | 178 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypserv.c | 311 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypserv_db.c | 829 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypserv_proc.c | 648 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypserv_xdr.c | 364 |
25 files changed, 4508 insertions, 2 deletions
diff --git a/usr.sbin/Makefile b/usr.sbin/Makefile index cc937cd75de..13ddb890c7a 100644 --- a/usr.sbin/Makefile +++ b/usr.sbin/Makefile @@ -1,5 +1,5 @@ # from: @(#)Makefile 5.6.1.2 (Berkeley) 5/8/91 -# $Id: Makefile,v 1.2 1995/10/23 06:07:39 deraadt Exp $ +# $Id: Makefile,v 1.3 1995/10/23 07:46:00 deraadt Exp $ # not yet done: catman @@ -12,7 +12,9 @@ SUBDIR= ac accton arp bootpd bootpgw bootpef bootptest \ rpc.bootparamd rpc.pcnfsd rwhod \ sa sendmail sliplogin slstats spray sysctl \ syslogd tcpdump timed traceroute trpt trsp update \ - vipw vnconfig ypbind yppoll ypset zdump zic + vipw vnconfig ypbind yppoll ypset \ + yppush ypserv yptest ypxfr stdhosts makedbm ypinit \ + zdump zic # should be listed above, but doesn't work on the Alpha. .if (${MACHINE_ARCH} != "alpha") || make(clean) || make(cleandir) diff --git a/usr.sbin/makedbm/Makefile b/usr.sbin/makedbm/Makefile new file mode 100644 index 00000000000..ae5ee3b7c9d --- /dev/null +++ b/usr.sbin/makedbm/Makefile @@ -0,0 +1,11 @@ +# from: @(#)Makefile 5.8 (Berkeley) 7/28/90 +# $Id: Makefile,v 1.1 1995/10/23 07:46:12 deraadt Exp $ + +PROG= makedbm +SRCS= makedbm.c ypdb.c +MAN= makedbm.8 +BINDIR= /usr/sbin +.PATH: ${.CURDIR}/../../usr.sbin/ypserv +CFLAGS+=-I${.CURDIR}/../../usr.sbin/ypserv + +.include <bsd.prog.mk> diff --git a/usr.sbin/makedbm/TODO b/usr.sbin/makedbm/TODO new file mode 100644 index 00000000000..d798c5c6a47 --- /dev/null +++ b/usr.sbin/makedbm/TODO @@ -0,0 +1,2 @@ +Go through code and add error handling. + diff --git a/usr.sbin/makedbm/makedbm.8 b/usr.sbin/makedbm/makedbm.8 new file mode 100644 index 00000000000..8fe2bd3f092 --- /dev/null +++ b/usr.sbin/makedbm/makedbm.8 @@ -0,0 +1,87 @@ +.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: makedbm.8,v 1.1 1995/10/23 07:46:13 deraadt Exp $ +.\" +.Dd July 19, 1994 +.Dt MAKEDBM 8 +.Os NetBSD 1.0 +.Sh NAME +.Nm makedbm +.Nd create a YP database +.Sh SYNOPSIS +.Nm /usr/sbin/makedbm +.Op Fl u Ar file +.Nm /usr/sbin/makedbm +.Op Fl bls +.Op Fl i Ar yp_input_file +.Op Fl o Ar yp_output_file +.Op Fl d Ar yp_domain_name +.Op Fl m Ar yp_master_name +.Ar infile +.Ar outfile +.Sh DESCRIPTION +.Nm Makedbm +is the utiliy in YP that creates the +.Xr db 3 +database file containing the YP map. +.Pp +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl b +Interdomain. Include an entry in the database informing a YP server to use +DNS to get information about unknown hosts. This option will only have +effect on the two maps hosts.byname and hosts.byaddr. +.It Fl l +Lowercase. Convert all keys to lower case before adding them to the YP +database. +.It Fl s +Secure map. Include an entry in the database informing +.Xr ypxfr 8 +and +.Xr ypserv 8 +that the YP map is going to be handled as secure. +.It Fl i Ar yp_input_file +Include an entry the in the map with the key YP_INPUT_FILE and the argument +as value. +.It Fl o Ar yp_output_file +Include an entry the in the map with the key YP_OUTPUT_FILE and the argument +as value. +.It Fl d Ar yp_domain_name +Include an entry the in the map with the key YP_DOMAIN_NAME and the argument +as value. +.It Fl m Ar yp_master_name +Include an entry the in the map with the key YP_MASTER_NAME and the argument +as value. +.El +.Sh SEE ALSO +.Xr db 3 , +.Xr ypxfr 8 , +.Xr ypserv 8 +.Sh AUTHOR +Mats O Jansson <moj@stacken.kth.se> diff --git a/usr.sbin/makedbm/makedbm.c b/usr.sbin/makedbm/makedbm.c new file mode 100644 index 00000000000..33b597b2415 --- /dev/null +++ b/usr.sbin/makedbm/makedbm.c @@ -0,0 +1,389 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LINT +static char rcsid[] = "$Id: makedbm.c,v 1.1 1995/10/23 07:46:14 deraadt Exp $"; +#endif + +#include <stdio.h> +#include <fcntl.h> +#include <ctype.h> +#include <sys/stat.h> +#include <unistd.h> +#include <strings.h> +#include "ypdb.h" +#include "ypdef.h" + +char *ProgramName = "makedbm"; + +/* + * Read one line + */ + +static int read_line(fp, buf, size) + FILE *fp; + char *buf; + int size; +{ + int done; + + done = 0; + + do { + while (fgets(buf, size, fp)) { + int len = strlen(buf); + done += len; + if (len > 1 && buf[len-2] == '\\' && + buf[len-1] == '\n') { + int ch; + buf += len - 2; + size -= len - 2; + *buf = '\n'; buf[1] = '\0'; + + /* Skip leading white space on next line */ + while ((ch = getc(fp)) != EOF && + isascii(ch) && isspace(ch)) + ; + (void) ungetc(ch, fp); + } else { + return done; + } + } + } while (size > 0 && !feof(fp)); + + return done; +} + +void +add_record(db, str1, str2, check) + DBM *db; + char *str1, *str2; + int check; +{ + datum key,val; + int status; + + key.dptr = str1; + key.dsize = strlen(str1) + 1; + + if (check) { + val = ypdb_fetch(db,key); + + if (val.dptr == NULL) { + val.dptr = str2; + val.dsize = strlen(str2) + 1; + status = ypdb_store(db, key, val, YPDB_INSERT); + } else { + status = 0; + } + } else { + val.dptr = str2; + val.dsize = strlen(str2) + 1; + status = ypdb_store(db, key, val, YPDB_INSERT); + } + + if (status != 0) { + printf("makedbm: problem storing %s %s\n",str1,str2); + exit(1); + } +} + +static char * +file_date(filename) + char *filename; +{ + struct stat finfo; + static char datestr[10]; + int status; + + if (strcmp(filename,"-") == 0) { + sprintf(datestr, "%010d", time(0)); + } else { + status = stat(filename, &finfo); + if (status < 0) { + fprintf(stderr, "makedbm: can't stat %s\n", filename); + exit(1); + } + sprintf(datestr, "%010d", finfo.st_mtime); + } + + return datestr; +} + +void +list_database(database) + char *database; +{ + DBM *db; + datum key,val; + + db = ypdb_open(database, O_RDONLY, 0444); + + if (db == NULL) { + fprintf(stderr, "makedbm: can't open database %s\n", database); + exit(1); + } + + key = ypdb_firstkey(db); + + while (key.dptr != NULL) { + val = ypdb_fetch(db,key); + printf("%*.*s %*.*s\n", + key.dsize - 1,key.dsize - 1,key.dptr, + val.dsize - 1,val.dsize - 1,val.dptr); + key = ypdb_nextkey(db); + } + + ypdb_close(db); + +} + +void + +create_database(infile,database, + yp_input_file,yp_output_file, + yp_master_name,yp_domain_name, + bflag, lflag, sflag) + char *infile, *database; + char *yp_input_file, *yp_output_file; + char *yp_master_name, *yp_domain_name; + int bflag, lflag, sflag; +{ + FILE *data_file; + char data_line[4096]; + char myname[255]; + int line_no = 0; + int len; + int i,j; + char *p,*k,*v; + DBM *new_db; + static char mapname[] = "ypdbXXXXXX"; + char db_mapname[255],db_outfile[255],db_tempname[255]; + char empty_str[] = ""; + + if (strcmp(infile,"-") == 0) { + data_file = stdin; + } else { + data_file = fopen(infile, "r"); + } + + j = 0; + for (i=0; i<strlen(database); i++) { + if (database[i] == '/') { + j = i; + } + }; + + for (i=0; i<j; i++) + db_tempname[i] = database[i]; + + if (i != 0) + db_tempname[i++] = '/'; + + for (j=0; j<strlen(mapname); j++) { + db_tempname[i+j] = mapname[j]; + db_tempname[i+j+1] = '\0'; + } + + mktemp(db_tempname); + new_db = ypdb_open(db_tempname, O_RDWR|O_CREAT, 0444); + + while (read_line(data_file,data_line,sizeof(data_line))) { + + line_no++; + len = strlen(data_line); + + /* Check if we have the whole line */ + + if (data_line[len-1] != '\n') { + fprintf(stderr, "line %d in \"%s\" is too long", + line_no, infile); + } else { + data_line[len-1] = '\0'; + } + + p = (char *) &data_line; + + k = p; /* save start of key */ + while (!isspace(*p)) { /* find first "space" */ + if (lflag && isupper(*p)) /* if force lower case */ + *p = tolower(*p); /* fix it */ + p++; + }; + while (isspace(*p)) { /* replace space with <NUL> */ + *p = '\0'; + p++; + }; + + v = p; /* save start of value */ + while(*p != '\0') { p++; }; /* find end of string */ + + add_record(new_db, k, v, TRUE); /* save record */ + + } + + if (strcmp(infile,"-") != 0) { + (void) fclose(data_file); + } + + add_record(new_db, YP_LAST_KEY, file_date(infile), FALSE); + + if (yp_input_file) { + add_record(new_db, YP_INPUT_KEY, yp_input_file, FALSE); + } + + if (yp_output_file) { + add_record(new_db, YP_OUTPUT_KEY, yp_output_file, FALSE); + } + + if (yp_master_name) { + add_record(new_db, YP_MASTER_KEY, yp_master_name, FALSE); + } else { + gethostname(myname, sizeof(myname) - 1); + add_record(new_db, YP_MASTER_KEY, myname, FALSE); + } + + if (yp_domain_name) { + add_record(new_db, YP_DOMAIN_KEY, yp_domain_name, FALSE); + } + + if (bflag) { + add_record(new_db, YP_INTERDOMAIN_KEY, empty_str, FALSE); + } + + if (sflag) { + add_record(new_db, YP_SECURE_KEY, empty_str, FALSE); + } + + ypdb_close(new_db); + sprintf(db_mapname,"%s%s",db_tempname,YPDB_SUFFIX); + sprintf(db_outfile,"%s%s",database,YPDB_SUFFIX); + rename(db_mapname,db_outfile); + +} + +int +main (argc,argv) + int argc; + char *argv[]; +{ + int aflag, uflag, bflag, lflag, sflag; + char *yp_input_file, *yp_output_file; + char *yp_master_name,*yp_domain_name; + char *infile,*outfile; + int usage = 0; + int ch; + + extern int optind; + + yp_input_file = yp_output_file = NULL; + yp_master_name = yp_domain_name = NULL; + aflag = uflag = bflag = lflag = sflag = 0; + infile = outfile = NULL; + + while ((ch = getopt(argc, argv, "blsui:o:m:d:")) != EOF) + switch (ch) { + case 'b': + bflag++; + aflag++; + break; + case 'l': + lflag++; + aflag++; + break; + case 's': + sflag++; + aflag++; + break; + case 'i': + yp_input_file = argv[optind]; + aflag++; + break; + case 'o': + yp_output_file = argv[optind]; + aflag++; + break; + case 'm': + yp_master_name = argv[optind]; + aflag++; + break; + case 'd': + yp_domain_name = argv[optind]; + aflag++; + break; + case 'u': + uflag++; + break; + default: + usage++; + break; + } + + if ((uflag != 0) && (aflag != 0)) { + usage++; + } else { + + if (uflag != 0) { + if (argc == (optind + 1)) { + infile = argv[optind]; + } else { + usage++; + } + } else { + if (argc == (optind + 2)) { + infile = argv[optind]; + outfile = argv[optind+1]; + } else { + usage++; + } + } + } + + if (usage) { + fprintf(stderr,"%s%s%s", + "usage:\tmakedbm -u file\n\tmakedbm [-bls]", + " [-i YP_INPUT_FILE] [-o YP_OUTPUT_FILE]\n\t\t", + "[-d YP_DOMAIN_NAME] [-m YP_MASTER_NAME] infile outfile\n"); + exit(1); + } + + if (uflag != 0) { + list_database(infile); + } else { + create_database(infile,outfile, + yp_input_file,yp_output_file, + yp_master_name,yp_domain_name, + bflag, lflag, sflag); + } + + return(0); + +} + + diff --git a/usr.sbin/stdhosts/Makefile b/usr.sbin/stdhosts/Makefile new file mode 100644 index 00000000000..60e878a5c53 --- /dev/null +++ b/usr.sbin/stdhosts/Makefile @@ -0,0 +1,7 @@ +# from: @(#)Makefile 5.8 (Berkeley) 7/28/90 +# $Id: Makefile,v 1.1 1995/10/23 07:46:22 deraadt Exp $ + +PROG= stdhosts +MAN= stdhosts.8 + +.include <bsd.prog.mk> diff --git a/usr.sbin/stdhosts/stdhosts.8 b/usr.sbin/stdhosts/stdhosts.8 new file mode 100644 index 00000000000..4634f80aded --- /dev/null +++ b/usr.sbin/stdhosts/stdhosts.8 @@ -0,0 +1,53 @@ +.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: stdhosts.8,v 1.1 1995/10/23 07:46:22 deraadt Exp $ +.\" +.Dd August 25, 1994 +.Dt STDHOSTS 8 +.Os NetBSD 1.0 +.Sh NAME +.Nm stdhosts +.Nd a YP filter program +.Sh SYNOPSIS +.Nm /usr/sbin/stdhosts +.Op Ar file +.Sh DESCRIPTION +.Nm Stdhosts +is used to get ride of some unwanted information in file or stdin. This +program is used by YP when creating some YP maps. +.Pp +.Pp +The options are as follows: +.Bl -tag -width indent +.It Ar file +Use this file as input instead of stdin. +.El +.Sh SEE ALSO +.Xr ypserv 8 +.Sh AUTHOR +Mats O Jansson <moj@stacken.kth.se> diff --git a/usr.sbin/stdhosts/stdhosts.c b/usr.sbin/stdhosts/stdhosts.c new file mode 100644 index 00000000000..fe17b0ce465 --- /dev/null +++ b/usr.sbin/stdhosts/stdhosts.c @@ -0,0 +1,144 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LINT +static char rcsid[] = "$Id: stdhosts.c,v 1.1 1995/10/23 07:46:23 deraadt Exp $"; +#endif + +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <stdio.h> +#include <ctype.h> + +static int read_line(fp, buf, size) +FILE *fp; +char *buf; +int size; +{ + int done = 0; + + do { + while (fgets(buf, size, fp)) { + int len = strlen(buf); + done += len; + if (len > 1 && buf[len-2] == '\\' && + buf[len-1] == '\n') { + int ch; + buf += len - 2; + size -= len - 2; + *buf = '\n'; buf[1] = '\0'; + /* + * Skip leading white space on next line + */ + while ((ch = getc(fp)) != EOF && + isascii(ch) && isspace(ch)) + ; + (void) ungetc(ch, fp); + } else { + return done; + } + } + } while (size > 0 && !feof(fp)); + + return done; +} + +int +main (argc,argv) +int argc; +char *argv[]; +{ + FILE *data_file; + char data_line[1024]; + int usage = 0; + int line_no = 0; + int len; + char *p,*k,*v; + struct in_addr host_addr; + + if (argc > 2) { + usage++; + } + + if (usage) { + fprintf(stderr, + "%s", + "usage: stdhosts [file]\n"); + exit(1); + } + + if (argc == 2) { + data_file = fopen(argv[argc-1], "r"); + } else { + data_file = stdin; + } + + while (read_line(data_file,data_line,sizeof(data_line))) { + + line_no++; + len = strlen(data_line); + + if (len > 0) { + if (data_line[0] == '#') + continue; + } + + /* + * Check if we have the whole line + */ + + if (data_line[len-1] != '\n') { + if (argc == 2) { + fprintf(stderr, "line %d in \"%s\" is too long", line_no, argv[1]); + } else { + fprintf(stderr, "line %d in \"stdin\" is too long", line_no); + } + } else { + data_line[len-1] = '\0'; + } + + p = (char *) &data_line; + + k = p; /* save start of key */ + while (!isspace(*p)) { p++; }; /* find first "space" */ + while (isspace(*p)) { *p = '\0'; p++; }; /* replace space with <NUL> */ + + v = p; /* save start of value */ + while(*p != '\0') { p++; }; /* find end of string */ + + (void)inet_aton(k,&host_addr); + printf("%s %s\n",inet_ntoa(host_addr),v); + + } + + return(0); + +} diff --git a/usr.sbin/ypserv/Makefile b/usr.sbin/ypserv/Makefile new file mode 100644 index 00000000000..2156b76daf3 --- /dev/null +++ b/usr.sbin/ypserv/Makefile @@ -0,0 +1,9 @@ +# from: @(#)Makefile 5.8 (Berkeley) 7/28/90 +# $Id: Makefile,v 1.1 1995/10/23 07:46:34 deraadt Exp $ + +PROG= ypserv +SRCS= ypserv.c ypserv_xdr.c ypserv_proc.c ypserv_db.c acl.c yplog.c ypdb.c +MAN= ypserv.acl.5 securenet.5 ypserv.8 +CFLAGS+=-DDAEMON -DOPTDB + +.include <bsd.prog.mk> diff --git a/usr.sbin/ypserv/acl.c b/usr.sbin/ypserv/acl.c new file mode 100644 index 00000000000..82b5627fb6c --- /dev/null +++ b/usr.sbin/ypserv/acl.c @@ -0,0 +1,596 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LINT +static char rcsid[] = "$Id: acl.c,v 1.1 1995/10/23 07:46:36 deraadt Exp $"; +#endif + +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <stdio.h> +#include <stdlib.h> +#include <ctype.h> +#include <netdb.h> +#include "acl.h" + +#define TRUE 1 +#define FALSE 0 + +static struct aclent *acl_root = NULL; + +static int acl_read_line(fp, buf, size) +FILE *fp; +char *buf; +int size; +{ + int len = 0; + char *c,*p,l; + + /* Read a line, and remove any comment, trim space */ + + do { + while (fgets(buf, size, fp)) { + c = buf; + while(*c != '\0') { + if ((*c == '#') || (*c == '\n')) { + *c = '\0'; + } else { + c++; + } + } + + c = p = buf; l = ' '; + while(*c != '\0') { + if ((isspace(l) != 0) && (isspace(*c) != 0)) { + c++; + } else { + l = *c++; *p = l; p++; + } + } + *p = '\0'; + + if (p != buf) { + --p; + if (isspace(*p) != 0) { + *p = '\0'; + } + } + + len = strlen(buf); + return len + 1; + } + } while (size > 0 && !feof(fp)); + + return len; +} + +int +acl_check_host(addr) +struct in_addr *addr; +{ + struct aclent *p; + + p = acl_root; + while (p != NULL) { + if ((addr->s_addr & p->s_mask) == p->s_addr) { + return(p->allow); + } + p = p->next; + } + return(TRUE); +} + +void +acl_add_net(allow,addr,mask) +int allow; +struct in_addr *addr,*mask; +{ + + struct aclent *acl,*p; + + acl = (struct aclent *) malloc((unsigned) sizeof(struct aclent)); + + acl->next = NULL; + acl->allow = allow; + acl->s_addr = addr->s_addr; + acl->s_mask = mask->s_addr; + + if (acl_root == NULL) { + acl_root = acl; + } else { + p = acl_root; + while (p->next != NULL) + p = p->next; + p->next = acl; + } + +} + +void +acl_add_host(allow,addr) +int allow; +struct in_addr *addr; +{ + struct in_addr mask; + + mask.s_addr = htonl(0xffffffff); + + acl_add_net(allow,addr,&mask); +} + +int +acl_init(file) +char *file; +{ + char data_line[1024]; + int line_no = 0; + int len,i; + int allow = TRUE; + int error_cnt = 0; + char *p,*k; + int state; + struct in_addr addr,mask,*host_addr; + struct hostent *host; + struct netent *net; + FILE *data_file = NULL; + + if (file != NULL) { + data_file = fopen(file,"r"); + }; + + while ((data_file != NULL) && + (acl_read_line(data_file,data_line,sizeof(data_line)))) { + + line_no++; + + len = strlen(data_line); + if (len == 0) { + continue; + } + + p = (char *) &data_line; + + /* State 1: Initial State */ + + state = ACLS_INIT; + addr.s_addr = mask.s_addr = 0; + + k = p; i = 0; /* save start of verb */ + while ((*p != '\0') && + (!isspace(*p = tolower(*p)))) { + p++; i++; + }; + + if (*p != '\0') { + *p++ = '\0'; + } + + if (strcmp(k,"allow") == 0) { + allow = TRUE; + state = ACLS_ALLOW; + } + + if (strcmp(k,"deny") == 0) { + allow = FALSE; + state = ACLS_DENY; + } + + if (state == ACLS_INIT) { + state = ACLE_UVERB; + } + + /* State 2: allow row */ + /* State 3: deny row */ + + if ((*p != '\0') && + ((state == ACLS_ALLOW) || (state == ACLS_DENY))) { + + k = p; i = 0; /* save start of verb */ + while ((*p != '\0') && + (!isspace(*p = tolower(*p)))) { + p++; i++; + }; + + if (*p != '\0') { + *p++ = '\0'; + } + + if (strcmp(k,"all") == 0) { + state = state + ACLD_ALL; + } + + if (strcmp(k,"host") == 0) { + state = state + ACLD_HOST; + } + + if (strcmp(k,"net") == 0) { + state = state + ACLD_NET; + } + + if ((state == ACLS_ALLOW) || (state == ACLS_DENY)) { + state = ACLE_U2VERB; + } + + } + + if ((state == ACLS_ALLOW) || (state == ACLS_DENY)) { + state = ACLE_UEOL; + } + + /* State 4 & 5: all state, remove any comment */ + + if ((*p == '\0') && + ((state == ACLS_ALLOW_ALL) || (state == ACLS_DENY_ALL))) { + acl_add_net(allow,&addr,&mask); + state = ACLE_OK; + } + + /* State 6 & 7: host line */ + /* State 8 & 9: net line */ + + if ((*p != '\0') && + (state >= ACLS_ALLOW_HOST) && (state <= ACLS_DENY_NET)) { + + k = p; i = 0; /* save start of verb */ + while ((*p != '\0') && + (!isspace(*p = tolower(*p)))) { + p++; i++; + }; + + if (*p != '\0') { + *p++ = '\0'; + } + + if ((state == ACLS_ALLOW_HOST) || (state == ACLS_DENY_HOST)) { + if ((*k >= '0') && (*k <= '9')) { + (void)inet_aton(k,&addr); + acl_add_host(allow,&addr); + state = state + ACLD_HOST_DONE; + } else { + host = gethostbyname(k); + if (host == NULL) { + state = ACLE_NOHOST; + } else { + if (host->h_addrtype == AF_INET) { + while ((host_addr = (struct in_addr *) *host->h_addr_list++) + != NULL) + acl_add_host(allow,host_addr); + } + state = state + ACLD_HOST_DONE; + } + } + } + + if ((state == ACLS_ALLOW_NET) || (state == ACLS_DENY_NET)) { + if ((*k >= '0') && (*k <= '9')) { + (void)inet_aton(k,&addr); + state = state + ACLD_NET_DONE; + } else { + net = getnetbyname(k); + if (net == NULL) { + state = ACLE_NONET; + } else { + addr.s_addr = ntohl(net->n_net); + state = state + ACLD_NET_DONE; + } + } + } + + } + + if ((state >= ACLS_ALLOW_HOST) && (state <= ACLS_DENY_NET)) { + state = ACLE_UEOL; + } + + /* State 10 & 11: allow/deny host line */ + + if ((*p == '\0') && + ((state == ACLS_ALLOW_HOST_DONE) || (state == ACLS_DENY_HOST_DONE))) { + state = ACLE_OK; + } + + /* State 12 & 13: allow/deny net line */ + + if ((*p == '\0') && + ((state == ACLS_ALLOW_NET_DONE) || (state == ACLS_DENY_NET_DONE))) { + mask.s_addr = htonl(0xffffff00); + if (ntohl(addr.s_addr) < 0xc0000000) { + mask.s_addr = htonl(0xffff0000); + } + if (ntohl(addr.s_addr) < 0x80000000) { + mask.s_addr = htonl(0xff000000); + } + acl_add_net(allow,&addr,&mask); + state = ACLE_OK; + } + + if ((*p != '\0') && + ((state == ACLS_ALLOW_NET_DONE) || (state == ACLS_DENY_NET_DONE))) { + + k = p; i = 0; /* save start of verb */ + while ((*p != '\0') && + (!isspace(*p = tolower(*p)))) { + p++; i++; + }; + + if (*p != '\0') { + *p++ = '\0'; + } + + if (strcmp(k,"netmask") == 0) { + state = state + ACLD_NET_MASK; + } + + if ((state == ACLS_ALLOW_NET_DONE) || (state == ACLS_DENY_NET_DONE)) { + state = ACLE_NONETMASK; + } + + } + + /* State 14 & 15: allow/deny net netmask line */ + + if ((*p != '\0') && + ((state == ACLS_ALLOW_NET_MASK) || (state == ACLS_DENY_NET_MASK))) { + + k = p; i = 0; /* save start of verb */ + while ((*p != '\0') && + (!isspace(*p = tolower(*p)))) { + p++; i++; + }; + + if (*p != '\0') { + *p++ = '\0'; + } + + if ((state == ACLS_ALLOW_NET_MASK) || (state == ACLS_DENY_NET_MASK)) { + if ((*k >= '0') && (*k <= '9')) { + (void)inet_aton(k,&mask); + state = state + ACLD_NET_EOL; + } else { + net = getnetbyname(k); + if (net == NULL) { + state = ACLE_NONET; + } else { + mask.s_addr = ntohl(net->n_net); + state = state + ACLD_NET_EOL; + } + } + } + + } + + if ((state == ACLS_ALLOW_NET_MASK) || (state == ACLS_DENY_NET_MASK)) { + state = ACLE_UEOL; + } + + /* State 16 & 17: allow/deny host line */ + + if ((*p == '\0') && + ((state == ACLS_ALLOW_NET_EOL) || (state == ACLS_DENY_NET_EOL))) { + acl_add_net(allow,&addr,&mask); + state = ACLE_OK; + } + + switch (state) { + case ACLE_NONETMASK: + fprintf(stderr,"acl: excpected \"netmask\" missing at line %d\n",line_no); + break; + case ACLE_NONET: + error_cnt++; + fprintf(stderr,"acl: unknown network at line %d\n",line_no); + break; + case ACLE_NOHOST: + error_cnt++; + fprintf(stderr,"acl: unknown host at line %d\n",line_no); + break; + case ACLE_UVERB: + error_cnt++; + fprintf(stderr,"acl: unknown verb at line %d\n",line_no); + break; + case ACLE_U2VERB: + error_cnt++; + fprintf(stderr,"acl: unknown secondary verb at line %d\n",line_no); + break; + case ACLE_UEOL: + error_cnt++; + fprintf(stderr,"acl: unexpected end of line at line %d\n",line_no); + break; + case ACLE_OK: + break; + default: + error_cnt++; + fprintf(stderr,"acl: unexpected state %d %s\n",state,k); + } + + } + + if (data_file != NULL) { + (void)fflush(stderr); + (void)fclose(data_file); + } + + /* Always add a last allow all if file don't exists or */ + /* the file doesn't cover all cases. */ + + addr.s_addr = mask.s_addr = 0; + allow = TRUE; + acl_add_net(allow,&addr,&mask); + + return(error_cnt); + +} + +int +acl_securenet(file) +char *file; +{ + char data_line[1024]; + int line_no = 0; + int len,i; + int allow = TRUE; + int error_cnt = 0; + char *p,*k; + int state; + struct in_addr addr,mask; + struct netent *net; + FILE *data_file = NULL; + + if (file != NULL) { + data_file = fopen(file,"r"); + }; + + while ((data_file != NULL) && + (acl_read_line(data_file,data_line,sizeof(data_line)))) { + + line_no++; + + len = strlen(data_line); + if (len == 0) { + continue; + } + + p = (char *) &data_line; + + /* State 1: Initial State */ + + state = ACLS_INIT; + addr.s_addr = mask.s_addr = 0; + + k = p; i = 0; /* save start of verb */ + while ((*p != '\0') && + (!isspace(*p = tolower(*p)))) { + p++; i++; + }; + + if (*p != '\0') { + *p++ = '\0'; + state = ACLS_ALLOW_NET_MASK; + } + + if (state == ACLS_INIT) { + state = ACLE_UEOL; + } + + if (state == ACLS_ALLOW_NET_MASK) { + + if ((*k >= '0') && (*k <= '9')) { + (void)inet_aton(k,&mask); + state = ACLS_ALLOW_NET; + } else { + net = getnetbyname(k); + if (net == NULL) { + state = ACLE_NONET; + } else { + mask.s_addr = ntohl(net->n_net); + state = ACLS_ALLOW_NET; + } + } + + k = p; i = 0; /* save start of verb */ + while ((*p != '\0') && + (!isspace(*p = tolower(*p)))) { + p++; i++; + }; + + if (*p != '\0') { + *p++ = '\0'; + } + } + + if ((state == ACLS_ALLOW_NET_MASK)) { + state = ACLE_UEOL; + } + + if (state == ACLS_ALLOW_NET) { + + if ((*k >= '0') && (*k <= '9')) { + (void)inet_aton(k,&addr); + state = ACLS_ALLOW_NET_EOL; + } else { + net = getnetbyname(k); + if (net == NULL) { + state = ACLE_NONET; + } else { + addr.s_addr = ntohl(net->n_net); + state = ACLS_ALLOW_NET_EOL; + } + } + } + + if ((state == ACLS_ALLOW_NET)) { + state = ACLE_UEOL; + } + + if ((*p == '\0') && (state == ACLS_ALLOW_NET_EOL)) { + acl_add_net(allow,&addr,&mask); + state = ACLE_OK; + } + + switch (state) { + case ACLE_NONET: + error_cnt++; + fprintf(stderr,"securenet: unknown network at line %d\n",line_no); + break; + case ACLE_UEOL: + error_cnt++; + fprintf(stderr,"securenet: unexpected end of line at line %d\n",line_no); + break; + case ACLE_OK: + break; + default: + error_cnt++; + fprintf(stderr,"securenet: unexpected state %d %s\n",state,k); + } + + } + + if (data_file != NULL) { + (void)fflush(stderr); + (void)fclose(data_file); + + /* Always add a last deny all if file exists */ + + addr.s_addr = mask.s_addr = 0; + allow = FALSE; + acl_add_net(allow,&addr,&mask); + + } + + /* Always add a last allow all if file don't exists */ + + addr.s_addr = mask.s_addr = 0; + allow = TRUE; + acl_add_net(allow,&addr,&mask); + + return(error_cnt); + +} + diff --git a/usr.sbin/ypserv/acl.h b/usr.sbin/ypserv/acl.h new file mode 100644 index 00000000000..36b4c0b755c --- /dev/null +++ b/usr.sbin/ypserv/acl.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: acl.h,v 1.1 1995/10/23 07:46:38 deraadt Exp $ + */ + +#ifndef _ACL_H_ +#define _ACL_H_ + +#define ACLD_ALL 2 +#define ACLD_HOST 4 +#define ACLD_NET 6 +#define ACLD_HOST_DONE 4 +#define ACLD_NET_DONE 4 +#define ACLD_NET_MASK 2 +#define ACLD_NET_EOL 2 + +#define ACLS_INIT 1 +#define ACLS_ALLOW 2 +#define ACLS_DENY 3 +#define ACLS_ALLOW_ALL ACLS_ALLOW+ACLD_ALL /* 4 */ +#define ACLS_DENY_ALL ACLS_DENY+ACLD_ALL /* 5 */ +#define ACLS_ALLOW_HOST ACLS_ALLOW+ACLD_HOST /* 6 */ +#define ACLS_DENY_HOST ACLS_DENY+ACLD_HOST /* 7 */ +#define ACLS_ALLOW_NET ACLS_ALLOW+ACLD_NET /* 8 */ +#define ACLS_DENY_NET ACLS_DENY+ACLD_NET /* 9 */ +#define ACLS_ALLOW_HOST_DONE ACLS_ALLOW_HOST+ACLD_HOST_DONE /* 10 */ +#define ACLS_DENY_HOST_DONE ACLS_DENY_HOST+ACLD_HOST_DONE /* 11 */ +#define ACLS_ALLOW_NET_DONE ACLS_ALLOW_NET+ACLD_NET_DONE /* 12 */ +#define ACLS_DENY_NET_DONE ACLS_DENY_NET+ACLD_NET_DONE /* 13 */ +#define ACLS_ALLOW_NET_MASK ACLS_ALLOW_NET_DONE+ACLD_NET_MASK /* 14 */ +#define ACLS_DENY_NET_MASK ACLS_DENY_NET_DONE+ACLD_NET_MASK /* 15 */ +#define ACLS_ALLOW_NET_EOL ACLS_ALLOW_NET_MASK+ACLD_NET_EOL /* 16 */ +#define ACLS_DENY_NET_EOL ACLS_DENY_NET_MASK+ACLD_NET_EOL /* 17 */ + +#define ACLE_NONETMASK 18 +#define ACLE_NONET 19 +#define ACLE_NOHOST 20 +#define ACLE_UVERB 21 +#define ACLE_U2VERB 22 +#define ACLE_UEOL 23 +#define ACLE_OK 24 + +struct aclent { +struct aclent *next; + int allow; + u_long s_addr; + u_long s_mask; +}; + +__BEGIN_DECLS +int acl_check_host __P((struct in_addr *)); +int acl_init __P((char *)); +int acl_securenet __P((char *)); +__END_DECLS + +#endif /* !_ACL_H_ */ + + diff --git a/usr.sbin/ypserv/securenet b/usr.sbin/ypserv/securenet new file mode 100644 index 00000000000..a136cfb6000 --- /dev/null +++ b/usr.sbin/ypserv/securenet @@ -0,0 +1,4 @@ +# +# Only my local net is secure. +# +255.255.255.0 139.58.253.0 diff --git a/usr.sbin/ypserv/securenet.5 b/usr.sbin/ypserv/securenet.5 new file mode 100644 index 00000000000..0f4f547500d --- /dev/null +++ b/usr.sbin/ypserv/securenet.5 @@ -0,0 +1,72 @@ +.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: securenet.5,v 1.1 1995/10/23 07:46:39 deraadt Exp $ +.\" +.Dd June 27, 1994 +.Dt SECURENET 5 +.Os NetBSD 1.0 +.Sh NAME +.Nm securenet +.Nd +.Xr ypserv 8 +configuration file for secure networks +.Sh DESCRIPTION +The +.Nm securenet +file controls which hosts can connect to the +.Nm YP +server. +.Pp +The format is rather simple. Each row consists of two items. The first item +is the network mask. The second item is the network. +.Sh EXAMPLES +.Pp +A configuration file might appear as follows: +.Bd -literal +# +# Only my local net is secure. +# +255.255.255.0 139.58.253.0 +.Ed +.Sh FILES +.Bl -tag -width /var/yp/securenet -compact +.It Pa /var/yp/securenet +A +.Xr ypserv 8 +configuration file. +.El +.Sh SEE ALSO +.Xr ypserv 8 , +.Xr ypserv.acl 5 +.Sh HISTORY +The +.Nm securenet +was added to +.Nm NIS +by Sun Microsystems, Inc. as a bugfix for weak security. + diff --git a/usr.sbin/ypserv/ypdb.c b/usr.sbin/ypserv/ypdb.c new file mode 100644 index 00000000000..9ac9aac8af4 --- /dev/null +++ b/usr.sbin/ypserv/ypdb.c @@ -0,0 +1,239 @@ +/* + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Margo Seltzer. + * + * This code is derived from ndbm module of BSD4.4 db (hash) by + * Mats O Jansson + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: ypdb.c,v 1.1 1995/10/23 07:46:39 deraadt Exp $ + */ + +#include <sys/param.h> +#include <sys/types.h> +#include <stdio.h> +#include <string.h> + +#include "ypdb.h" + +#ifdef YPDB_PATCH +extern DBM *__hash_open(); +#else +extern DBM *__bt_open(); +#endif + +/* + * Returns: + * *DBM on success + * NULL on failure + */ + +extern DBM * +ypdb_open(file, flags, mode) + const char *file; + int flags, mode; +{ +#ifdef YPDB_PATCH + HASHINFO info; + char path[MAXPATHLEN]; + + info.bsize = 4096; + info.ffactor = 40; + info.nelem = 1; + info.cachesize = NULL; + info.hash = NULL; + info.lorder = 0; + (void)strcpy(path, file); + (void)strcat(path, YPDB_SUFFIX); + return ((DBM *)__hash_open(path, flags, mode, &info, 0)); +#else + BTREEINFO info; + char path[MAXPATHLEN]; + DBM *db; + + info.flags = 0; + info.cachesize = 0; + info.maxkeypage = 0; + info.minkeypage = 0; + info.psize = 0; + info.compare = NULL; + info.prefix = NULL; + info.lorder = 0; + (void)strcpy(path, file); + (void)strcat(path, YPDB_SUFFIX); + db = (DBM *)__bt_open(path, flags, mode, &info, 0); + return (db); +#endif +} + +extern void +ypdb_close(db) + DBM *db; +{ + (void)(db->close)(db); +} + +/* + * Returns: + * DATUM on success + * NULL on failure + */ + +extern datum +ypdb_fetch(db, key) + DBM *db; + datum key; +{ + datum retval; + int status; + + status = (db->get)(db, (DBT *)&key, (DBT *)&retval, 0); + if (status) { + retval.dptr = NULL; + retval.dsize = 0; + } + return (retval); +} + +/* + * Returns: + * DATUM on success + * NULL on failure + */ + +extern datum +ypdb_firstkey(db) + DBM *db; +{ + int status; + datum retdata, retkey; + + status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_FIRST); + if (status) + retkey.dptr = NULL; + return (retkey); +} + +/* + * Returns: + * DATUM on success + * NULL on failure + */ + +extern datum +ypdb_nextkey(db) + DBM *db; +{ + int status; + datum retdata, retkey; + + status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_NEXT); + if (status) + retkey.dptr = NULL; + return (retkey); +} + +/* + * Returns: + * DATUM on success + * NULL on failure + */ + +extern datum +ypdb_setkey(db, key) + DBM *db; + datum key; +{ + int status; + datum retdata; +#ifdef YPDB_PATCH + datum retkey; + + status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_FIRST); + if (status) + retkey.dptr = NULL; + while ((retkey.dptr != NULL) && + ((retkey.dsize != key.dsize) || + (strncmp(key.dptr,retkey.dptr,retkey.dsize) != 0))) { + status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_NEXT); + if (status) + retkey.dptr = NULL; + }; + return (retkey); +#else + status = (db->seq)(db, (DBT *)&key, (DBT *)&retdata, R_CURSOR); + if (status) + key.dptr = NULL; + return (key); +#endif +} + +/* + * Returns: + * 0 on success + * <0 failure + */ + +int +ypdb_delete(db, key) + DBM *db; + datum key; +{ + int status; + + status = (db->del)(db, (DBT *)&key, 0); + if (status) + return (-1); + else + return (0); +} + +/* + * Returns: + * 0 on success + * <0 failure + * 1 if YPDB_INSERT and entry exists + */ + +int +ypdb_store(db, key, content, flags) + DBM *db; + datum key, content; + int flags; +{ + return ((db->put)(db, (DBT *)&key, (DBT *)&content, + (flags == YPDB_INSERT) ? R_NOOVERWRITE : 0)); +} + diff --git a/usr.sbin/ypserv/ypdb.h b/usr.sbin/ypserv/ypdb.h new file mode 100644 index 00000000000..00f9ecd27ae --- /dev/null +++ b/usr.sbin/ypserv/ypdb.h @@ -0,0 +1,77 @@ +/* + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Margo Seltzer. + * + * This code is derived from ndbm module of BSD4.4 db (hash) by + * Mats O Jansson + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: ypdb.h,v 1.1 1995/10/23 07:46:40 deraadt Exp $ + */ + +#ifndef _YPDB_H_ +#define _YPDB_H_ + +#ifndef _DB_H_ +#include <db.h> +#endif + +#define YPDB_SUFFIX ".db" + +/* Flags to ypdb_store(). */ +#define YPDB_INSERT 0 +#define YPDB_REPLACE 1 + +#ifndef DATUM +typedef struct { + char *dptr; + int dsize; +} datum; +#define DATUM +#endif + +typedef DB DBM; + +__BEGIN_DECLS +void ypdb_close __P((DBM *)); +datum ypdb_fetch __P((DBM *, datum)); +datum ypdb_firstkey __P((DBM *)); +datum ypdb_nextkey __P((DBM *)); +datum ypdb_setkey __P((DBM *, datum)); +DBM *ypdb_open __P((const char *, int, int)); +int ypdb_store __P((DBM *, datum, datum, int)); +__END_DECLS + +#endif /* !_YPDB_H_ diff --git a/usr.sbin/ypserv/ypdef.h b/usr.sbin/ypserv/ypdef.h new file mode 100644 index 00000000000..77c9488e3c1 --- /dev/null +++ b/usr.sbin/ypserv/ypdef.h @@ -0,0 +1,70 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: ypdef.h,v 1.1 1995/10/23 07:46:40 deraadt Exp $ + */ + +#ifndef _YPDEF_H_ +#define _YPDEF_H_ + +#define YP_DB_PATH "/var/yp" +#define YP_LAST_KEY "YP_LAST_MODIFIED" +#define YP_LAST_LEN sizeof(YP_LAST_KEY) +#define YP_INPUT_KEY "YP_INPUT_FILE" +#define YP_INPUT_LEN sizeof(YP_INPUT_KEY) +#define YP_OUTPUT_KEY "YP_OUTPUT_FILE" +#define YP_OUTPUT_LEN sizeof(YP_OUTPUT_KEY) +#define YP_MASTER_KEY "YP_MASTER_NAME" +#define YP_MASTER_LEN sizeof(YP_MASTER_KEY) +#define YP_DOMAIN_KEY "YP_DOMAIN_NAME" +#define YP_DOMAIN_LEN sizeof(YP_DOMAIN_KEY) +#define YP_INTERDOMAIN_KEY "YP_INTERDOMAIN" +#define YP_INTERDOMAIN_LEN sizeof(YP_INTERDOMAIN_KEY) +#define YP_SECURE_KEY "YP_SECURE" +#define YP_SECURE_LEN sizeof(YP_SECURE_KEY) + +#define MAX_LAST_LEN 10 +#define MAX_MASTER_LEN 255 +#define YP_HOSTNAME "hosts.byname" +#define YP_HOSTADDR "hosts.byaddr" + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#define YPXFR_PROC "/usr/sbin/ypxfr" + +#endif /* !_YPDEF_H_ */ diff --git a/usr.sbin/ypserv/yplog.c b/usr.sbin/ypserv/yplog.c new file mode 100644 index 00000000000..913c4809d6a --- /dev/null +++ b/usr.sbin/ypserv/yplog.c @@ -0,0 +1,130 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LINT +static char rcsid[] = "$Id: yplog.c,v 1.1 1995/10/23 07:46:41 deraadt Exp $"; +#endif + +#include <stdio.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#include <strings.h> +#include <rpc/rpc.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +FILE *yplogfile; + +void +yplog_date(line) + char *line; +{ + char datestr[20]; + time_t t; + + if (yplogfile != NULL) { + (void)time(&t); + (void)strftime(datestr,20,"%b %d %T",localtime(&t)); + fprintf(yplogfile,"%s %s\n",datestr,line); + fflush(yplogfile); + } +} + +void +yplog_line(line) + char *line; +{ + if (yplogfile != NULL) { + fprintf(yplogfile," %s\n",line); + fflush(yplogfile); + } +} + +void +yplog_str(line) + char *line; +{ + if (yplogfile != NULL) { + fprintf(yplogfile," %s",line); + fflush(yplogfile); + } +} + +void +yplog_cat(line) + char *line; +{ + if (yplogfile != NULL) { + fprintf(yplogfile,"%s",line); + fflush(yplogfile); + } +} + +void +yplog_call(transp) + SVCXPRT *transp; +{ + struct sockaddr_in *caller; + + if (yplogfile != NULL) { + caller = svc_getcaller(transp); + fprintf(yplogfile," caller: %s %d\n", + inet_ntoa(caller->sin_addr), + ntohs(caller->sin_port)); + fflush(yplogfile); + } +} + +void +yplog_init(progname) + char *progname; +{ + char file_path[255]; + struct stat finfo; + + sprintf(file_path,"/var/yp/%s.log",progname); + if ((stat(file_path, &finfo) == 0) && + ((finfo.st_mode & S_IFMT) == S_IFREG)) { + yplogfile = fopen(file_path,"a"); + sprintf(file_path,"%s[%d] : started",progname,getpid()); + yplog_date(file_path); + } +} + +void +yplog_exit() +{ + if (yplogfile != NULL) { + yplog_date("controlled shutdown"); + fclose(yplogfile); + } +} + diff --git a/usr.sbin/ypserv/yplog.h b/usr.sbin/ypserv/yplog.h new file mode 100644 index 00000000000..0c9b4893e49 --- /dev/null +++ b/usr.sbin/ypserv/yplog.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: yplog.h,v 1.1 1995/10/23 07:46:41 deraadt Exp $ + */ + +#ifndef _YPLOG_H_ +#define _YPLOG_H_ + +__BEGIN_DECLS +void yplog_date __P((char *)); +void yplog_line __P((char *)); +void yplog_str __P((char *)); +void yplog_cat __P((char *)); +#ifdef _RPC_SVC_H +void yplog_call __P((SVCXPRT *)); +#endif +void yplog_init __P((char *)); +void yplog_exit __P(()); +__END_DECLS + +#endif /* !_YPLOG_H_ */ diff --git a/usr.sbin/ypserv/ypserv.8 b/usr.sbin/ypserv/ypserv.8 new file mode 100644 index 00000000000..5a644720738 --- /dev/null +++ b/usr.sbin/ypserv/ypserv.8 @@ -0,0 +1,110 @@ +.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: ypserv.8,v 1.1 1995/10/23 07:46:42 deraadt Exp $ +.\" +.Dd June 27, 1994 +.Dt YPSERV 8 +.Os NetBSD 1.0 +.Sh NAME +.Nm ypserv +.Nd YP server daemon +.Sh SYNOPSIS +.Nm /usr/sbin/ypserv +.Op Fl a Ar aclfile +.Op Fl d +.Op Fl x +.Sh DESCRIPTION +.Nm Ypserv +is a fundamental part of the network information system called YP. +This server provides information from YP maps to the YP clients +on the network. +.Pp +A YP map is stored on the server as a +.Xr db 3 +database. A number of YP maps is grouped together in a domain. +.Ar Ypserv +determines the domains it serves by looking for a directory with +the domain name in +.Ar /var/yp . +.Pp +YP hasn't been known for high security through the years. In recent years +security has improved by restricting access to the server. In SunOS 4.1 +has a new file occured named +.Ar /var/yp/securenet . +It contains networks the server can assume is secure. For information about +file format see +.Xr securenet 5 . +.Pp +Before the author of this server had seen +.Xr securenet 5 +another format was implemented +.Xr ypserv.acl 5 . +This file format makes it possible to allow and deny hosts and networks +access to the server. +.Pp +If a host isn't secure all queries to the server will result in a YP_NODOM +result. It would be better to add the security to +.Xr portmap 8 +and not allow unsecure host to bind to this rpc service. +.Pp +IF the file +.Nm /var/yp/ypserv.log +exists then messages will be written to the file. +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl a Ar aclfile +Don't use +.Ar /var/yp/securenet . +Use another file with another file format. For futher information see +man page for +.Ar ypserv.acl . +.It Fl d +Use Internet Domain Name System. If a query to map +.Ar hosts.byname +or +.Ar hosts.byaddr +fails, make a DNS query and return the result if successful. +.It Fl x +Terminate the server after processing +.Ar aclfile +or +.Ar /var/yp/securenet . +.El +.Sh FILES +.Bl -tag -width /var/yp/ypserv.log -compact +.It Pa /var/yp/ypserv.log +.It Pa /var/yp/securenet +.It Pa /var/yp/ypserv.acl +.El +.Sh SEE ALSO +.Xr ypserv.acl 5 , +.Xr securenet 5 , +.Xr ypbind 1 +.Sh AUTHOR +Mats O Jansson <moj@stacken.kth.se> diff --git a/usr.sbin/ypserv/ypserv.acl b/usr.sbin/ypserv/ypserv.acl new file mode 100644 index 00000000000..33c68568c80 --- /dev/null +++ b/usr.sbin/ypserv/ypserv.acl @@ -0,0 +1,43 @@ +# This is an example of an access control file to be used by ypserv. +# +# This file is parsed line by line. First match will terminate the check +# of the caller. +# + +############################################################################# +# This is the commands that will match a single host +# +# allow host <hostname|ip-address> +# deny host <hostname|ip-address> +# +# To process hostname gethostbyname is called. If the hostname has multiple +# ip-addresses all will be added (I hope). ip-address is processed by +# inet_aton. +deny host jodie + +############################################################################# +# This is the commands that will match a network +# +# allow net <netname|netnumber> [netmask <netname|netnumber>] +# deny net <netname|netnumber> [netmask <netname|netnumber>] +# +# To process netname getnetbyname is called, and inet_aton is used for +# netnumber. inet_aton both access numbers as 255.255.255.0 and 0xffffff00. +# +# If netmask isn't given the parser will assume netmask from the first bits +# of the network number. So if the network is subneted the you have to add +# the netmask. In my case I've got the network 139.58.253.0 at home so too +# allow any of my computers to talk with the server I need the following line +# +allow net mojathome netmask 255.255.255.0 + +############################################################################# +# At last we have a command that will match any caller: +# +# allow all +# deny all +# + +# reject all connections +deny all + diff --git a/usr.sbin/ypserv/ypserv.acl.5 b/usr.sbin/ypserv/ypserv.acl.5 new file mode 100644 index 00000000000..ae648a69674 --- /dev/null +++ b/usr.sbin/ypserv/ypserv.acl.5 @@ -0,0 +1,178 @@ +.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: ypserv.acl.5,v 1.1 1995/10/23 07:46:43 deraadt Exp $ +.\" +.Dd July 2, 1994 +.Dt YPSERV.ACL 5 +.Os NetBSD 1.0 +.Sh NAME +.Nm ypserv.acl +.Nd +.Xr ypserv 8 +configuration file +.Sh DESCRIPTION +The +.Nm ypserv.acl +file controls which hosts can connect to the +.Nm YP +server. +.Pp +The format is more complex than the format for +.Xr securenet 5 . +The first two verbs on each line controls if the line will +.Nm allow +or +.Nm deny +access for a +.Nm host , +network +.Nm (net) +or +.Nm all +hosts. +.Pp +The +.Nm YP +server reads the configuration file and build a list in memory. This list +is processed from the beginning for every incomming request. As soon a +match is found in the list the search terminates and it returns success +or failure depending on +.Nm allow +or +.Nm deny . +If no match was found in the list success is returned. +.Pp +If access is denied every call will cause a +.Nm no such domain +error for the caller. To add the security in +.Xr ypserv 8 +is not the best place. It would have been better to add it in +.Xr portmap 8 . +.Pp +There is no default name for this file. Start +.Nm ypserv +with a +.Ar -a filename +to read a file with this format. +.Pp +The following different syntax can be used: +.Pp +< +.Nm allow|deny +> +.Nm host +< +.Nm hostname|ip-address +> +.Pp +If +.Nm hostname +has more than one ip address then all will be added to the list. +.Pp +< +.Nm allow|deny +> +.Nm net +< +.Nm netname|netnumber +> +.Op Nm netmask <netname|netnumber> +.Pp +If +.Nm netmask +part of the command isn't given then the netmask will be assumed to be a +class A, B or C net depending on the net number. +.Pp +< +.Nm allow|deny +> +.Nm all +.Pp +A line containing one of these commands will always match any host. +.Sh EXAMPLES +.Pp +A configuration file might appear as follows: +.Bd -literal +# This is an example of an access control file to be used by ypserv. +# +# This file is parsed line by line. First match will terminate the check +# of the caller. +# + +########################################################################### +# This is the commands that will match a single host +# +# allow host <hostname|ip-address> +# deny host <hostname|ip-address> +# +# To process hostname gethostbyname is called. If the hostname has +# multiple ip-addresses all will be added (I hope). ip-address +# processed by inet_aton. +deny host jodie + +########################################################################### +# This is the commands that will match a network +# +# allow net <netname|netnumber> [netmask <netname|netnumber>] +# deny net <netname|netnumber> [netmask <netname|netnumber>] +# +# To process netname getnetbyname is called, and inet_aton is used for +# netnumber. inet_aton both access numbers as 255.255.255.0 and 0xffffff00. +# +# If netmask isn't given the parser will assume netmask from the first bits +# of the network number. So if the network is subneted the you have to add +# the netmask. In my case I've got the network 139.58.253.0 at home so too +# allow any of my computers to talk with the server I need the following +# line +# +allow net mojathome netmask 255.255.255.0 + +########################################################################### +# At last we have a command that will match any caller: +# +# allow all +# deny all +# + +# reject all connections +deny all + +.Ed +.Sh FILES +.Bl -tag -width /var/yp/ypserv.acl -compact +.It Pa /var/yp/ypserv.acl +A +.Xr ypserv 8 +configuration file. +.El +.Sh SEE ALSO +.Xr ypserv 8 , +.Xr securenet 5 +.Sh AUTHOR +Mats O Jansson <moj@stacken.kth.se> + diff --git a/usr.sbin/ypserv/ypserv.c b/usr.sbin/ypserv/ypserv.c new file mode 100644 index 00000000000..fed9fe96666 --- /dev/null +++ b/usr.sbin/ypserv/ypserv.c @@ -0,0 +1,311 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LINT +static char rcsid[] = "$Id: ypserv.c,v 1.1 1995/10/23 07:46:44 deraadt Exp $"; +#endif + +#include <stdio.h> +#include <rpc/rpc.h> +#include <rpc/auth.h> +#include <rpcsvc/yp.h> +#include <signal.h> +#include <sys/wait.h> +#include <unistd.h> +#include <string.h> +#include <rpc/pmap_clnt.h> +#include "acl.h" +#include "yplog.h" + +#define YP_SECURENET_FILE "/var/yp/securenet" + +static void ypprog_2(); +void sig_child(); + +int usedns = FALSE; +int acl_access_ok; +char *progname = "ypserv"; + +int +main (argc,argv) +int argc; +char *argv[]; +{ + SVCXPRT *transp; + int usage = 0; + int xflag = 0; + char ch; + extern char *optarg; + char *aclfile = NULL; + + while ((ch = getopt(argc, argv, "a:dx")) != EOF) + switch (ch) { + case 'a': + aclfile = optarg; + break; + case 'd': + usedns = TRUE; + break; + case 'x': + xflag = TRUE; + break; + default: + usage++; + break; + } + + if (usage) { + (void)fprintf(stderr,"usage: %s [-a aclfile] [-d] [-x]\n",progname); + exit(1); + } + + if (geteuid() != 0) { + (void)fprintf(stderr,"%s: must be root to run.\n",progname); + exit(1); + } + + if (aclfile != NULL) { + (void)acl_init(aclfile); + } else { + (void)acl_securenet(YP_SECURENET_FILE); + } + if (xflag) { + exit(1); + }; + +#ifdef DAEMON + switch(fork()) { + case 0: + break; + case -1: + (void)fprintf(stderr,"%s: fork failure\n",progname); + exit(1); + default: + exit(0); + } + setsid(); +#endif + + yplog_init(progname); + + chdir("/"); + + (void)pmap_unset(YPPROG, YPVERS); + + (void)signal(SIGCHLD, sig_child); + + transp = svctcp_create(RPC_ANYSOCK, 0, 0); + if (transp == NULL) { + (void)fprintf(stderr, "cannot create tcp service.\n"); + exit(1); + } + if (!svc_register(transp, YPPROG, YPVERS, ypprog_2, IPPROTO_TCP)) { + (void)fprintf(stderr, "unable to register (YPPROG, YPVERS, tcp).\n"); + exit(1); + } + + transp = svcudp_create(RPC_ANYSOCK); + if (transp == NULL) { + (void)fprintf(stderr, "cannot create udp service.\n"); + exit(1); + } + if (!svc_register(transp, YPPROG, YPVERS, ypprog_2, IPPROTO_UDP)) { + (void)fprintf(stderr, "unable to register (YPPROG, YPVERS, udp).\n"); + exit(1); + } + svc_run(); + (void)fprintf(stderr, "svc_run returned\n"); + exit(1); +} + +static void +ypprog_2(rqstp, transp) + struct svc_req *rqstp; + SVCXPRT *transp; +{ + union { + domainname ypproc_domain_2_arg; + domainname ypproc_domain_nonack_2_arg; + ypreq_key ypproc_match_2_arg; + ypreq_nokey ypproc_first_2_arg; + ypreq_key ypproc_next_2_arg; + ypreq_xfr ypproc_xfr_2_arg; + ypreq_nokey ypproc_all_2_arg; + ypreq_nokey ypproc_master_2_arg; + ypreq_nokey ypproc_order_2_arg; + domainname ypproc_maplist_2_arg; + } argument; + char *result; + bool_t (*xdr_argument)(), (*xdr_result)(); + char *(*local)(); + struct sockaddr_in *caller; + + caller = svc_getcaller(transp); + acl_access_ok = acl_check_host(&caller->sin_addr); + if (!acl_access_ok) { + yplog_date("ypserv: access denied"); + yplog_call(transp); + switch (rqstp->rq_proc) { + case YPPROC_NULL: + yplog_line("request: NULL"); + break; + case YPPROC_DOMAIN: + yplog_line("request: DOMAIN"); + break; + case YPPROC_DOMAIN_NONACK: + yplog_line("request: DOMAIN_NONACK"); + break; + case YPPROC_MATCH: + yplog_line("request: MATCH"); + break; + case YPPROC_FIRST: + yplog_line("request: FIRST"); + break; + case YPPROC_NEXT: + yplog_line("request: NEXT"); + break; + case YPPROC_XFR: + yplog_line("request: XFR"); + break; + case YPPROC_CLEAR: + yplog_line("request: CLEAR"); + break; + case YPPROC_ALL: + yplog_line("request: ALL"); + break; + case YPPROC_MASTER: + yplog_line("request: MASTER"); + break; + case YPPROC_ORDER: + yplog_line("request: ORDER"); + break; + case YPPROC_MAPLIST: + yplog_line("request: MAPLIST"); + break; + default: + yplog_line("request: unknown"); + break; + } + + + } + + switch (rqstp->rq_proc) { + case YPPROC_NULL: + xdr_argument = xdr_void; + xdr_result = xdr_void; + local = (char *(*)()) ypproc_null_2; + break; + + case YPPROC_DOMAIN: + xdr_argument = xdr_domainname; + xdr_result = xdr_bool; + local = (char *(*)()) ypproc_domain_2; + break; + + case YPPROC_DOMAIN_NONACK: + xdr_argument = xdr_domainname; + xdr_result = xdr_bool; + local = (char *(*)()) ypproc_domain_nonack_2; + break; + + case YPPROC_MATCH: + xdr_argument = xdr_ypreq_key; + xdr_result = xdr_ypresp_val; + local = (char *(*)()) ypproc_match_2; + break; + + case YPPROC_FIRST: + xdr_argument = xdr_ypreq_nokey; + xdr_result = xdr_ypresp_key_val; + local = (char *(*)()) ypproc_first_2; + break; + + case YPPROC_NEXT: + xdr_argument = xdr_ypreq_key; + xdr_result = xdr_ypresp_key_val; + local = (char *(*)()) ypproc_next_2; + break; + + case YPPROC_XFR: + xdr_argument = xdr_ypreq_xfr; + xdr_result = xdr_ypresp_xfr; + local = (char *(*)()) ypproc_xfr_2; + break; + + case YPPROC_CLEAR: + xdr_argument = xdr_void; + xdr_result = xdr_void; + local = (char *(*)()) ypproc_clear_2; + break; + + case YPPROC_ALL: + xdr_argument = xdr_ypreq_nokey; + xdr_result = xdr_ypresp_all; + local = (char *(*)()) ypproc_all_2; + break; + + case YPPROC_MASTER: + xdr_argument = xdr_ypreq_nokey; + xdr_result = xdr_ypresp_master; + local = (char *(*)()) ypproc_master_2; + break; + + case YPPROC_ORDER: + xdr_argument = xdr_ypreq_nokey; + xdr_result = xdr_ypresp_order; + local = (char *(*)()) ypproc_order_2; + break; + + case YPPROC_MAPLIST: + xdr_argument = xdr_domainname; + xdr_result = xdr_ypresp_maplist; + local = (char *(*)()) ypproc_maplist_2; + break; + + default: + printf("switch default: %d\n",(int) rqstp->rq_proc); + svcerr_noproc(transp); + return; + } + + bzero((char *)&argument, sizeof(argument)); + if (!svc_getargs(transp, xdr_argument, &argument)) { + svcerr_decode(transp); + return; + } + result = (*local)(&argument, rqstp, transp); + +} + +void +sig_child() +{ + while (wait3((int *)NULL, WNOHANG, (struct rusage *)NULL) > 0); +} diff --git a/usr.sbin/ypserv/ypserv_db.c b/usr.sbin/ypserv/ypserv_db.c new file mode 100644 index 00000000000..36a0f2a6ee7 --- /dev/null +++ b/usr.sbin/ypserv/ypserv_db.c @@ -0,0 +1,829 @@ +/* + * copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LINT +static char rcsid[] = "$Id: ypserv_db.c,v 1.1 1995/10/23 07:46:45 deraadt Exp $"; +#endif + +#include <rpc/rpc.h> +#include <rpcsvc/yp.h> +#include <rpcsvc/ypclnt.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <string.h> +#include <stdio.h> +#include <stdlib.h> +#include <netdb.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include "yplog.h" +#include "ypdb.h" +#include "ypdef.h" + +struct opt_map { + mapname map; + DBM *db; + int *dptr; + struct opt_map *next; + struct opt_map *prev; + struct opt_map *rnext; + struct opt_map *rprev; + int host_lookup; +}; +typedef struct opt_map opt_map; + +struct opt_domain { + domainname domain; + opt_map *map_root; + struct opt_domain *next; +}; +typedef struct opt_domain opt_domain; + + opt_domain *domain_root = NULL; + opt_map *map_first = NULL; + opt_map *map_last = NULL; + +extern int usedns; + +/* + * Check if key is a YP private key. Return TRUE if it is and + * ypprivate is FALSE. + */ + +int +yp_private(key,ypprivate) + datum key; + int ypprivate; +{ + int result; + + if (ypprivate) { + return (FALSE); + } + + result = FALSE; + + if ((!result) && (key.dsize == YP_LAST_LEN)) { + result = (strcmp(key.dptr,YP_LAST_KEY) == 0); + } + + if ((!result) && (key.dsize == YP_INPUT_LEN)) { + result = (strcmp(key.dptr,YP_INPUT_KEY) == 0); + } + + if ((!result) && (key.dsize == YP_OUTPUT_LEN)) { + result = (strcmp(key.dptr,YP_OUTPUT_KEY) == 0); + } + + if ((!result) && (key.dsize == YP_MASTER_LEN)) { + result = (strcmp(key.dptr,YP_MASTER_KEY) == 0); + } + + if ((!result) && (key.dsize == YP_DOMAIN_LEN)) { + result = (strcmp(key.dptr,YP_DOMAIN_KEY) == 0); + } + + if ((!result) && (key.dsize == YP_INTERDOMAIN_LEN)) { + result = (strcmp(key.dptr,YP_INTERDOMAIN_KEY) == 0); + } + + if ((!result) && (key.dsize == YP_SECURE_LEN)) { + result = (strcmp(key.dptr,YP_SECURE_KEY) == 0); + } + + return(result); +} + +/* + * Close least recent used map. This routine is called when we have + * no more file descripotors free, or we want to close all maps. + */ + +void +ypdb_close_last() +{ + opt_map *m = NULL; + opt_domain *d = NULL; + + m = map_last; + d = (opt_domain *) m->dptr; + + /* Close database */ + ypdb_close(m->db); + free(m->db); + +#ifdef DEBUG + yplog_cat("info: ypdb_close_last: close map "); + yplog_cat(m->map); + yplog_cat(" in domain "); + yplog_cat(d->domain); + yplog_cat("\n"); +#endif + + /* Deallocate space for map name */ + free(m->map); + + /* Unlink record from recent used list */ + if (m->rprev != NULL) { + m->rprev->rnext = m->rnext; + } + map_last = m->rprev; + + /* Unlink record from domain list */ + if (m->prev == NULL) { + d->map_root = m->next; + } else { + m->prev->next = m->next; + } + if (m->next != NULL) { + m->next->prev = m->prev; + } + + free(m); + +} + +/* + * Close all open maps. + */ + +void +ypdb_close_all() +{ + + while (map_last != NULL) { + ypdb_close_last(); + } +} + +/* + * Close Database if Open/Close Optimization isn't turned on. + */ + +void +ypdb_close_db(db) + DBM *db; +{ +#ifndef OPTDB + ypdb_close_all(); +#endif +} + +DBM * +ypdb_open_db_std(domain, map, status, map_info) + domainname domain; + mapname map; + ypstat *status; + opt_map *map_info; +{ + static char map_path[255]; + struct stat finfo; + DBM *db; + + *status = YP_TRUE; /* Preset return value */ + + db = NULL; /* Database isn't opened */ + + /* Check domain */ + sprintf(map_path,"%s/%s",YP_DB_PATH,domain); + if (!((stat(map_path, &finfo) == 0) && + ((finfo.st_mode & S_IFMT) == S_IFDIR))) { + *status = YP_NODOM; +#ifdef DEBUG + yplog_cat("err: ypdb_open_db_std: domain not found\n"); +#endif + } + + if (*status >= 0) { + /* Check map */ + sprintf(map_path,"%s/%s/%s%s",YP_DB_PATH,domain,map,YPDB_SUFFIX); + if (!(stat(map_path, &finfo) == 0)) { + *status = YP_NOMAP; +#ifdef DEBUG + yplog_cat("err: ypdb_open_db: map not found\n"); +#endif + } + } + + /* Ok, if no error yet, open database */ + if (*status >= 0) { + sprintf(map_path,"%s/%s/%s",YP_DB_PATH,domain,map); + db = ypdb_open(map_path, O_RDONLY, 0444); +#ifdef DEBUG + yplog_cat("info: ypdb_open_db: open "); + yplog_cat(map_path); + yplog_cat("\n"); +#endif + } + + return(db); +} + +DBM * +ypdb_open_db(domain, map, status, map_info) + domainname domain; + mapname map; + ypstat *status; + opt_map *map_info; +{ + static char map_path[255]; + struct stat finfo; + DBM *db; + static char domain_key[YP_INTERDOMAIN_LEN] = YP_INTERDOMAIN_KEY; + FILE *fd; + opt_domain *d = NULL; + opt_map *m = NULL; + datum k,v; + + *status = YP_TRUE; /* Preset return value */ + + db = NULL; /* Database isn't opened */ + + d = domain_root; /* Find domain in list */ + while ((d != NULL) && (strcmp(d->domain,domain) != 0)) { + d = d->next; + } + + if (d != NULL) { /* Domain found ! */ + m = d->map_root; /* Find map in list */ + while ((m != NULL) && (strcmp(m->map,map) != 0)) { + m = m->next; + } + } + + if (m != NULL) { /* Map found ! */ + db = m->db; + if (m != map_first) { + /* Move map to top of recent used list */ + m->rprev->rnext = m->rnext; + if (m->rnext == NULL) { + map_last = m->rprev; + } else { + m->rnext->rprev = m->rprev; + } + m->rprev = NULL; + map_first->rprev = m; + m->rnext = map_first; + map_first = m; + } + } + + if (db == NULL) { /* Database not opened */ + + /* Make a dummy open, if it succeeds then it's OK */ + /* to open a new database, else we must close one */ + /* first. Close least recent used database */ + + fd = fopen("/dev/null","r"); + if (fd != NULL) { + fclose(fd); /* All is OK */ + } else { + ypdb_close_last(); /* Not OK, close one */ + } + + /* Check domain */ + sprintf(map_path,"%s/%s",YP_DB_PATH,domain); + if (!((stat(map_path, &finfo) == 0) && + ((finfo.st_mode & S_IFMT) == S_IFDIR))) { + *status = YP_NODOM; +#ifdef DEBUG + yplog_cat("err: ypdb_open_db: domain not found\n"); +#endif + } + + if (*status >= 0) { + /* Check map */ + sprintf(map_path,"%s/%s/%s%s",YP_DB_PATH,domain,map,YPDB_SUFFIX); + if (!(stat(map_path, &finfo) == 0)) { + *status = YP_NOMAP; +#ifdef DEBUG + yplog_cat("err: ypdb_open_db: map not found\n"); +#endif + } + } + + /* Ok, if no error yet, open database */ + if (*status >= 0) { + sprintf(map_path,"%s/%s/%s",YP_DB_PATH,domain,map); + db = ypdb_open(map_path, O_RDONLY, 0444); +#ifdef DEBUG + yplog_cat("info: ypdb_open_db: open "); + yplog_cat(map_path); + yplog_cat("\n"); +#endif + } + + if (*status >= 0) { + + if (d == NULL) { /* Domain is new */ + /* Allocate a domain record */ + d = (opt_domain *) + malloc((unsigned) sizeof(opt_domain)); + + /* Setup domain record */ + d->domain = (domainname) + malloc(strlen(domain)+1); + (void)strcpy(d->domain,domain); + d->map_root = NULL; + d->next = domain_root; + domain_root = d; + } + + if (m == NULL) { /* Map is new */ + /* Allocatr a map record */ + m = (opt_map *) + malloc((unsigned) sizeof(opt_map)); + + /* Setup map record */ + m->map = (mapname) + malloc(strlen(map)+1); + (void)strcpy(m->map,map); + m->db = malloc((unsigned) sizeof(DBM)); + memcpy(m->db,db,sizeof(DBM)); + m->next = d->map_root; + if (m->next != NULL) { + m->next->prev = m; + } + m->prev = NULL; + m->dptr = (int *) d; + d->map_root = m; + m->rnext = map_first; + m->rprev = NULL; + if (map_first != NULL) { + map_first->rprev = m; + } + if (map_last == NULL) { + map_last = m; + } + m->host_lookup = FALSE; + /* Check if hosts. */ + if ((strcmp(map, YP_HOSTNAME) == 0) || + (strcmp(map, YP_HOSTADDR) == 0)) { + if (!usedns) { + k.dptr = (char *) &domain_key; + k.dsize = YP_INTERDOMAIN_LEN; + v = ypdb_fetch(db,k); + if (v.dptr != NULL) { + m->host_lookup = TRUE; +#ifdef DEBUG + yplog_cat("info: ypdb_open_db: YP_INTERDOMAIN\n"); +#endif + } + } else { + m->host_lookup = usedns; +#ifdef DEBUG + yplog_cat("info: ypdb_open_db: ypserv -d\n"); +#endif + } + } + map_first = m; + } + + if (map_info != NULL) { + map_info->map = NULL; + map_info->db = NULL; + map_info->dptr = m->dptr; + map_info->next = m->next; + map_info->prev = m->prev; + map_info->rnext = m->rnext; + map_info->rprev = m->rprev; + map_info->host_lookup = m->host_lookup; + } + } + + } + + return(db); +} + +ypstat +lookup_host(nametable, host_lookup, db, keystr, result) + int nametable; + int host_lookup; + DBM *db; + char *keystr; + ypresp_val *result; +{ + struct hostent *host; + struct in_addr *addr_name; + struct in_addr addr_addr; + static char val[255]; + ypstat status; + char *ptr; + + status = YP_NOKEY; + + if (host_lookup) { + if (nametable) { + host = gethostbyname(keystr); + if ((host != NULL) && + (host->h_addrtype == AF_INET)) { + addr_name = (struct in_addr *) + *host->h_addr_list; + sprintf(val,"%s %s", + inet_ntoa(*addr_name), keystr); + while ((ptr = *(host->h_aliases)) != NULL) { + strcat(val," "); + strcat(val,ptr); + host->h_aliases++; + } + result->val.valdat_val = val; + result->val.valdat_len = strlen(val); + status = YP_TRUE; + } + } else { + inet_aton(keystr, &addr_addr); + host = gethostbyaddr((char *) &addr_addr, + sizeof(addr_addr), AF_INET); + if (host != NULL) { + sprintf(val,"%s %s",keystr,host->h_name); + while ((ptr = *(host->h_aliases)) != NULL) { + strcat(val," "); + strcat(val,ptr); + host->h_aliases++; + } + result->val.valdat_val = val; + result->val.valdat_len = strlen(val); + status = YP_TRUE; + } + } + } + + return(status); +} + +ypresp_val +ypdb_get_record(domain, map, key, ypprivate) + domainname domain; + mapname map; + keydat key; + int ypprivate; +{ + static ypresp_val res; + static char keystr[255]; + DBM *db; + datum k,v; + ypstat status; + int host_lookup; + opt_map map_info; + + bzero((char *)&res, sizeof(res)); + + db = ypdb_open_db(domain, map, &status, &map_info); + host_lookup = map_info.host_lookup; + + if (status >= 0) { + + (void) strncpy(keystr, key.keydat_val, key.keydat_len); + keystr[key.keydat_len] = '\0'; + + k.dptr = (char *) &keystr; + k.dsize = key.keydat_len + 1; + + if (yp_private(k,ypprivate)) { + status = YP_NOKEY; + } else { + + v = ypdb_fetch(db,k); + if (v.dptr == NULL) { + + status = YP_NOKEY; + + if (strcmp(map, YP_HOSTNAME) == 0) { + status = lookup_host(TRUE, host_lookup, + db, &keystr,&res); + } + + if (strcmp(map, YP_HOSTADDR) == 0) { + status = lookup_host(FALSE,host_lookup, + db, &keystr,&res); + } + + } else { + res.val.valdat_val = v.dptr; + res.val.valdat_len = v.dsize - 1; + } + + } + } + + ypdb_close_db(db); + + res.stat = status; + + return (res); +} + +ypresp_key_val +ypdb_get_first(domain, map, ypprivate) + domainname domain; + mapname map; + int ypprivate; +{ + static ypresp_key_val res; + DBM *db; + datum k,v; + ypstat status; + + bzero((char *)&res, sizeof(res)); + + db = ypdb_open_db(domain, map, &status, NULL); + + if (status >= 0) { + + k = ypdb_firstkey(db); + + while (yp_private(k,ypprivate)) { + k = ypdb_nextkey(db); + }; + + if (k.dptr == NULL) { + status = YP_NOKEY; + } else { + res.key.keydat_val = k.dptr; + res.key.keydat_len = k.dsize; + v = ypdb_fetch(db,k); + if (v.dptr == NULL) { + status = YP_NOKEY; + } else { + res.val.valdat_val = v.dptr; + res.val.valdat_len = v.dsize - 1; + } + } + } + + ypdb_close_db(db); + + res.stat = status; + + return (res); +} + +ypresp_key_val +ypdb_get_next(domain, map, key, ypprivate) + domainname domain; + mapname map; + keydat key; + int ypprivate; +{ + static ypresp_key_val res; + DBM *db; + datum k,v,n; + ypstat status; + + bzero((char *)&res, sizeof(res)); + + db = ypdb_open_db(domain, map, &status, NULL); + + if (status >= 0) { + + n.dptr = key.keydat_val; + n.dsize = key.keydat_len; + v.dptr = NULL; + v.dsize = 0; + k.dptr = NULL; + k.dsize = 0; + + n = ypdb_setkey(db,n); + + if (n.dptr != NULL) { + k = ypdb_nextkey(db); + } else { + k.dptr = NULL; + }; + + if (k.dptr != NULL) { + while (yp_private(k,ypprivate)) { + k = ypdb_nextkey(db); + }; + }; + + if (k.dptr == NULL) { + status = YP_NOMORE; + } else { + res.key.keydat_val = k.dptr; + res.key.keydat_len = k.dsize; + v = ypdb_fetch(db,k); + if (v.dptr == NULL) { + status = YP_NOMORE; + } else { + res.val.valdat_val = v.dptr; + res.val.valdat_len = v.dsize - 1; + } + } + } + + ypdb_close_db(db); + + res.stat = status; + + return (res); +} + +ypresp_order +ypdb_get_order(domain, map) + domainname domain; + mapname map; +{ + static ypresp_order res; + static char order_key[YP_LAST_LEN] = YP_LAST_KEY; + static char order[MAX_LAST_LEN+1]; + DBM *db; + datum k,v; + ypstat status; + + bzero((char *)&res, sizeof(res)); + + db = ypdb_open_db(domain, map, &status, NULL); + + if (status >= 0) { + + k.dptr = (char *) &order_key; + k.dsize = YP_LAST_LEN; + + v = ypdb_fetch(db,k); + if (v.dptr == NULL) { + status = YP_NOKEY; + } else { + strncpy(order, v.dptr, v.dsize); + order[v.dsize] = '\0'; + res.ordernum = (u_int) atol(order); + } + } + + ypdb_close_db(db); + + res.stat = status; + + return (res); +} + +ypresp_master +ypdb_get_master(domain, map) + domainname domain; + mapname map; +{ + static ypresp_master res; + static char master_key[YP_MASTER_LEN] = YP_MASTER_KEY; + static char master[MAX_MASTER_LEN+1]; + DBM *db; + datum k,v; + ypstat status; + + bzero((char *)&res, sizeof(res)); + + db = ypdb_open_db(domain, map, &status, NULL); + + if (status >= 0) { + + k.dptr = (char *) &master_key; + master_key[YP_MASTER_LEN] = '\0'; + k.dsize = YP_MASTER_LEN; + + v = ypdb_fetch(db,k); + if (v.dptr == NULL) { + status = YP_NOKEY; + } else { + strncpy(master, v.dptr, v.dsize); + master[v.dsize] = '\0'; + res.peer = (peername) &master; + } + } + + ypdb_close_db(db); + + res.stat = status; + + return (res); +} + +bool_t +ypdb_xdr_get_all(xdrs, req) + XDR *xdrs; + ypreq_nokey *req; +{ + static ypresp_all resp; + static bool_t more = TRUE; + DBM *db; + datum k,v; + ypstat status; + extern int acl_access_ok; + + bzero((char *)&resp, sizeof(resp)); + + if(acl_access_ok) { + db = ypdb_open_db_std(req->domain, req->map, &status); + } else { + db = NULL; + resp.ypresp_all_u.val.stat = YP_NODOM; + } + + if (resp.ypresp_all_u.val.stat < 0) { + resp.more = FALSE; + + if (!xdr_ypresp_all(xdrs, &resp)) { +#ifdef DEBUG + yplog_cat("xdr_ypresp_all: 1 failed\n"); +#endif + return(FALSE); + } + + return(TRUE); + + } + + k = ypdb_firstkey(db); + + while (yp_private(k,FALSE)) { + k = ypdb_nextkey(db); + }; + + while(resp.ypresp_all_u.val.stat >= 0) { + + if (k.dptr == NULL) { + v.dptr = NULL; + } else { + v = ypdb_fetch(db,k); + } + + if (v.dptr == NULL) { + + resp.ypresp_all_u.val.stat = YP_NOKEY; + + } else { + +#ifdef DEBUG + yplog_cat("key: "); + yplog_cat(k.dptr); + yplog_cat(" val: "); + yplog_cat(v.dptr); + yplog_cat("\n"); +#endif + resp.more = more; + resp.ypresp_all_u.val.stat = YP_TRUE; + resp.ypresp_all_u.val.key.keydat_val = k.dptr; + resp.ypresp_all_u.val.key.keydat_len = k.dsize - 1; + resp.ypresp_all_u.val.val.valdat_val = v.dptr; + resp.ypresp_all_u.val.val.valdat_len = v.dsize - 1; + + if (!xdr_ypresp_all(xdrs, &resp)) { +#ifdef DEBUG + yplog_cat("xdr_ypresp_all: 2 failed\n"); +#endif + return(FALSE); + } + + k = ypdb_nextkey(db); + while (yp_private(k,FALSE)) { + k = ypdb_nextkey(db); + }; + + }; + + }; + + bzero((char *)&resp, sizeof(resp)); + + resp.more = FALSE; + resp.ypresp_all_u.val.stat = status; + + if (!xdr_ypresp_all(xdrs, &resp)) { +#ifdef DEBUG + yplog_cat("xdr_ypresp_all: 3 failed\n"); +#endif + return(FALSE); + } + + ypdb_close(db); + + return (TRUE); +} + diff --git a/usr.sbin/ypserv/ypserv_proc.c b/usr.sbin/ypserv/ypserv_proc.c new file mode 100644 index 00000000000..1aa13f0239f --- /dev/null +++ b/usr.sbin/ypserv/ypserv_proc.c @@ -0,0 +1,648 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LINT +static char rcsid[] = "$Id: ypserv_proc.c,v 1.1 1995/10/23 07:46:46 deraadt Exp $"; +#endif + +#include <rpc/rpc.h> +#include <rpcsvc/yp.h> +#include <rpcsvc/ypclnt.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include "ypdb.h" +#include <fcntl.h> +#include <dirent.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <stdlib.h> +#include "yplog.h" +#include "ypdef.h" + +extern ypresp_val ypdb_get_record(); +extern ypresp_key_val ypdb_get_first(); +extern ypresp_key_val ypdb_get_next(); +extern ypresp_order ypdb_get_order(); +extern ypresp_master ypdb_get_master(); +extern bool_t ypdb_xdr_get_all(); +extern void ypdb_close_all(); +extern int acl_access_ok; + +void * +ypproc_null_2(argp, rqstp, transp) + void *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static char res; + + bzero((char *)&res, sizeof(res)); + + yplog_date("ypproc_null_2: this code isn't tested"); + yplog_call(transp); + + if (!svc_sendreply(transp, xdr_void, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_void, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return ((void *)&res); +} + +bool_t * +ypproc_domain_2(argp, rqstp, transp) + domainname *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static bool_t res; + static bool_t domain_served; + static char domain_path[255]; + struct stat finfo; + + bzero((char *)&res, sizeof(res)); + + if (acl_access_ok) { + sprintf(domain_path,"%s/%s",YP_DB_PATH,*argp); + domain_served = (bool_t) ((stat(domain_path, &finfo) == 0) && + (finfo.st_mode & S_IFDIR)); + } else { + domain_served = FALSE; + } + +#ifdef DEBUG + yplog_date("ypproc_domain_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(*argp); yplog_cat("\n"); + yplog_str(" served: "); + if (domain_served) { + yplog_cat("true\n"); + } else { + yplog_cat("false\n"); + } +#endif + + res = domain_served; + + if (!svc_sendreply(transp, xdr_bool, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_domainname, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + +bool_t * +ypproc_domain_nonack_2(argp, rqstp, transp) + domainname *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static bool_t res; + static bool_t domain_served; + static char domain_path[255]; + struct stat finfo; + + bzero((char *)&res, sizeof(res)); + + if (acl_access_ok) { + sprintf(domain_path,"%s/%s",YP_DB_PATH,*argp); + domain_served = (bool_t) ((stat(domain_path, &finfo) == 0) && + (finfo.st_mode & S_IFDIR)); + } else { + domain_served = FALSE; + } + +#ifdef DEBUG + yplog_date("ypproc_domain_nonack_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(*argp); yplog_cat("\n"); + yplog_str(" served: "); + if (domain_served) { + yplog_cat("true\n"); + } else { + yplog_cat("false\n"); + } +#endif + + if (domain_served) { + + res = domain_served; + + if (!svc_sendreply(transp, xdr_bool, (char *) &res)) { + svcerr_systemerr(transp); + } + + } else { + + res = (bool_t) FALSE; + + svcerr_decode(transp); + + } + + if (!svc_freeargs(transp, xdr_domainname, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + +ypresp_val * +ypproc_match_2(argp, rqstp, transp) + ypreq_key *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static ypresp_val res; + + bzero((char *)&res, sizeof(res)); + +#ifdef DEBUG + yplog_date("ypproc_match_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(argp->domain); yplog_cat("\n"); + yplog_str(" map: "); yplog_cat(argp->map); yplog_cat("\n"); + yplog_str(" key: "); yplog_cat(argp->key.keydat_val); + yplog_cat("\n"); +#endif + + if (acl_access_ok) { + res = ypdb_get_record(argp->domain,argp->map,argp->key, FALSE); + } else { + res.stat = YP_NODOM; + } + +#ifdef DEBUG + yplog_str(" status: "); + yplog_cat(yperr_string(ypprot_err(res.stat))); + yplog_cat("\n"); +#endif + + if (!svc_sendreply(transp, xdr_ypresp_val, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_ypreq_key, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + +ypresp_key_val * +ypproc_first_2(argp, rqstp, transp) + ypreq_key *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static ypresp_key_val res; + + bzero((char *)&res, sizeof(res)); + +#ifdef DEBUG + yplog_date("ypproc_first_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(argp->domain); yplog_cat("\n"); + yplog_str(" map: "); yplog_cat(argp->map); yplog_cat("\n"); +#endif + + if (acl_access_ok) { + res = ypdb_get_first(argp->domain,argp->map,FALSE); + } else { + res.stat = YP_NODOM; + } + +#ifdef DEBUG + yplog_str(" status: "); + yplog_cat(yperr_string(ypprot_err(res.stat))); + yplog_cat("\n"); +#endif + + if (!svc_sendreply(transp, xdr_ypresp_key_val, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_ypreq_key, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + +ypresp_key_val * +ypproc_next_2(argp, rqstp, transp) + ypreq_key *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static ypresp_key_val res; + + bzero((char *)&res, sizeof(res)); + +#ifdef DEBUG + yplog_date("ypproc_next_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(argp->domain); yplog_cat("\n"); + yplog_str(" map: "); yplog_cat(argp->map); yplog_cat("\n"); + yplog_str(" key: "); yplog_cat(argp->key.keydat_val); + yplog_cat("\n"); +#endif + + if (acl_access_ok) { + res = ypdb_get_next(argp->domain,argp->map,argp->key,FALSE); + } else { + res.stat = YP_NODOM; + } + +#ifdef DEBUG + yplog_str(" status: "); + yplog_cat(yperr_string(ypprot_err(res.stat))); + yplog_cat("\n"); +#endif + + if (!svc_sendreply(transp, xdr_ypresp_key_val, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_ypreq_key, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + +ypresp_xfr * +ypproc_xfr_2(argp, rqstp, transp) + ypreq_xfr *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static ypresp_xfr res; + pid_t pid; + char tid[10]; + char prog[10]; + char port[10]; + char ypxfr_proc[] = YPXFR_PROC; + struct sockaddr_in *sin; + char *ipadd; + + bzero((char *)&res, sizeof(res)); + + yplog_date("ypproc_xfr_2: this code isn't yet implemented"); + yplog_call(transp); + + pid = vfork(); + + if (pid == -1) { + + /* An error has occurred */ + + return(&res); + + } + + if (pid == 0) { + + sprintf(tid,"%d",argp->transid); + sprintf(prog, "%d", argp->prog); + sprintf(port, "%d", argp->port); + sin = svc_getcaller(transp); + ipadd = inet_ntoa(sin->sin_addr); + + execl(ypxfr_proc, "ypxfr", "-d", argp->map_parms.domain, + "-C",tid, prog, ipadd, port, argp->map_parms.map, NULL); + exit(1); + } + + if (!svc_sendreply(transp, xdr_void, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_ypreq_xfr, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + +void * +ypproc_clear_2(argp, rqstp, transp) + void *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static char res; + + bzero((char *)&res, sizeof(res)); + +#ifdef OPTDB + yplog_date("ypproc_clear_2: DB open/close optimization"); +#else + yplog_date("ypproc_clear_2: No optimization"); +#endif + yplog_call(transp); + +#ifdef OPTDB + ypdb_close_all(); +#endif + + if (!svc_sendreply(transp, xdr_void, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_void, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return ((void *)&res); +} + +ypresp_all * +ypproc_all_2(argp, rqstp, transp) + ypreq_nokey *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static ypresp_all res; + pid_t pid; + + bzero((char *)&res, sizeof(res)); + +#ifdef DEBUG + yplog_date("ypproc_all_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(argp->domain); yplog_cat("\n"); + yplog_str(" map: "); yplog_cat(argp->map); yplog_cat("\n"); + yplog_cat("\n"); +#endif + + pid = fork(); + + if (pid) { + + if (pid == -1) { + /* An error has occurred */ + } + + return(&res); + + } + + if (!svc_sendreply(transp, ypdb_xdr_get_all, (char *) argp)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_ypreq_nokey, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + exit(0); +} + +ypresp_master * +ypproc_master_2(argp, rqstp, transp) + ypreq_nokey *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static ypresp_master res; + static peername nopeer = ""; + + bzero((char *)&res, sizeof(res)); + +#ifdef DEBUG + yplog_date("ypproc_master_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(argp->domain); yplog_cat("\n"); + yplog_str(" map: "); yplog_cat(argp->map); yplog_cat("\n"); + yplog_cat("\n"); +#endif + + if (acl_access_ok) { + res = ypdb_get_master(argp->domain,argp->map); + } else { + res.stat = YP_NODOM; + } + +#ifdef DEBUG + yplog_str(" status: "); + yplog_cat(yperr_string(ypprot_err(res.stat))); + yplog_cat("\n"); +#endif + + /* This code was added because a yppoll <unknown-domain> */ + /* from a sun crashed the server in xdr_string, trying */ + /* to access the peer through a NULL-pointer. yppoll in */ + /* NetBSD start asking for order. If order is ok then it */ + /* will ask for master. SunOS 4 asks for both always. */ + /* I'm not sure this is the best place for the fix, but */ + /* for now it will do. xdr_peername or xdr_string in */ + /* ypserv_xdr.c may be a better place? */ + + if (res.peer == NULL) { + res.peer = nopeer; + } + + /* End of fix */ + + if (!svc_sendreply(transp, xdr_ypresp_master, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_ypreq_nokey, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + + +ypresp_order * +ypproc_order_2(argp, rqstp, transp) + ypreq_nokey *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static ypresp_order res; + + bzero((char *)&res, sizeof(res)); + +#ifdef DEBUG + yplog_date("ypproc_order_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(argp->domain); yplog_cat("\n"); + yplog_str(" map: "); yplog_cat(argp->map); yplog_cat("\n"); + yplog_cat("\n"); +#endif + + if (acl_access_ok) { + res = ypdb_get_order(argp->domain,argp->map); + } else { + res.stat = YP_NODOM; + } + +#ifdef DEBUG + yplog_str(" status: "); + yplog_cat(yperr_string(ypprot_err(res.stat))); + yplog_cat("\n"); +#endif + + if (!svc_sendreply(transp, xdr_ypresp_order, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_ypreq_nokey, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + + +ypresp_maplist * +ypproc_maplist_2(argp, rqstp, transp) + domainname *argp; + struct svc_req *rqstp; + SVCXPRT *transp; +{ + static ypresp_maplist res; + static char domain_path[255]; + struct stat finfo; + DIR *dirp = NULL; + struct dirent *dp; + char *suffix; + ypstat status; + struct ypmaplist *m; + char *map_name; + + bzero((char *)&res, sizeof(res)); + +#ifdef DEBUG + yplog_date("ypproc_maplist_2:"); + yplog_call(transp); + yplog_str(" domain: "); yplog_cat(*argp); yplog_cat("\n"); +#endif + + sprintf(domain_path,"%s/%s",YP_DB_PATH,*argp); + + status = YP_TRUE; + + res.maps = NULL; + + if (acl_access_ok) { + if (!((stat(domain_path, &finfo) == 0) && + ((finfo.st_mode & S_IFMT) == S_IFDIR))) { + status = YP_NODOM; + } + } else { + status = YP_NODOM; + } + + if (status >= 0) { + if ((dirp = opendir(domain_path)) == NULL) { + status = YP_NODOM; + } + } + + if (status >= 0) { + for(dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) { + if ((!strcmp(dp->d_name, ".")) || + ((!strcmp(dp->d_name, ".."))) || + (dp->d_namlen < 4)) + continue; + suffix = (char *) &dp->d_name[dp->d_namlen-3]; + if (strcmp(suffix,".db") == 0) { + + if ((m = (struct ypmaplist *) + malloc((unsigned) sizeof(struct ypmaplist))) == NULL) { + status = YP_YPERR; + break; + } + + if ((map_name = (char *) + malloc((unsigned) dp->d_namlen - 2)) == NULL) { + status = YP_YPERR; + break; + } + + m->next = res.maps; + m->map = map_name; + res.maps = m; + strncpy(map_name, dp->d_name, dp->d_namlen - 3); + m->map[dp->d_namlen - 3] = '\0'; + + } + } + } + + if (dirp != NULL) { + closedir(dirp); + } + + res.stat = status; + +#ifdef DEBUG + yplog_str(" status: "); + yplog_cat(yperr_string(ypprot_err(res.stat))); + yplog_cat("\n"); +#endif + + if (!svc_sendreply(transp, xdr_ypresp_maplist, (char *) &res)) { + svcerr_systemerr(transp); + } + + if (!svc_freeargs(transp, xdr_domainname, argp)) { + (void)fprintf(stderr, "unable to free arguments\n"); + exit(1); + } + + return (&res); +} + diff --git a/usr.sbin/ypserv/ypserv_xdr.c b/usr.sbin/ypserv/ypserv_xdr.c new file mode 100644 index 00000000000..9bda5ae48e6 --- /dev/null +++ b/usr.sbin/ypserv/ypserv_xdr.c @@ -0,0 +1,364 @@ +/* + * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LINT +static char rcsid[] = "$Id: ypserv_xdr.c,v 1.1 1995/10/23 07:46:47 deraadt Exp $"; +#endif + + + +#include <rpc/rpc.h> +#include <rpcsvc/yp.h> + +bool_t +xdr_ypstat(xdrs, objp) + XDR *xdrs; + ypstat *objp; +{ + if (!xdr_enum(xdrs, (enum_t *)objp)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypxfrstat(xdrs, objp) + XDR *xdrs; + ypxfrstat *objp; +{ + if (!xdr_enum(xdrs, (enum_t *)objp)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_domainname(xdrs, objp) + XDR *xdrs; + domainname *objp; +{ + if (!xdr_string(xdrs, objp, YPMAXDOMAIN)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_mapname(xdrs, objp) + XDR *xdrs; + mapname *objp; +{ + if (!xdr_string(xdrs, objp, YPMAXMAP)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_peername(xdrs, objp) + XDR *xdrs; + peername *objp; +{ + if (!xdr_string(xdrs, objp, YPMAXPEER)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_keydat(xdrs, objp) + XDR *xdrs; + keydat *objp; +{ + if (!xdr_bytes(xdrs, (char **)&objp->keydat_val, (u_int *)&objp->keydat_len, YPMAXRECORD)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_valdat(xdrs, objp) + XDR *xdrs; + valdat *objp; +{ + if (!xdr_bytes(xdrs, (char **)&objp->valdat_val, (u_int *)&objp->valdat_len, YPMAXRECORD)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypmap_parms(xdrs, objp) + XDR *xdrs; + ypmap_parms *objp; +{ + if (!xdr_domainname(xdrs, &objp->domain)) { + return (FALSE); + } + if (!xdr_mapname(xdrs, &objp->map)) { + return (FALSE); + } + if (!xdr_u_int(xdrs, &objp->ordernum)) { + return (FALSE); + } + if (!xdr_peername(xdrs, &objp->peer)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypreq_key(xdrs, objp) + XDR *xdrs; + ypreq_key *objp; +{ + if (!xdr_domainname(xdrs, &objp->domain)) { + return (FALSE); + } + if (!xdr_mapname(xdrs, &objp->map)) { + return (FALSE); + } + if (!xdr_keydat(xdrs, &objp->key)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypreq_nokey(xdrs, objp) + XDR *xdrs; + ypreq_nokey *objp; +{ + if (!xdr_domainname(xdrs, &objp->domain)) { + return (FALSE); + } + if (!xdr_mapname(xdrs, &objp->map)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypreq_xfr(xdrs, objp) + XDR *xdrs; + ypreq_xfr *objp; +{ + if (!xdr_ypmap_parms(xdrs, &objp->map_parms)) { + return (FALSE); + } + if (!xdr_u_int(xdrs, &objp->transid)) { + return (FALSE); + } + if (!xdr_u_int(xdrs, &objp->prog)) { + return (FALSE); + } + if (!xdr_u_int(xdrs, &objp->port)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypresp_val(xdrs, objp) + XDR *xdrs; + ypresp_val *objp; +{ + if (!xdr_ypstat(xdrs, &objp->stat)) { + return (FALSE); + } + if (!xdr_valdat(xdrs, &objp->val)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypresp_key_val(xdrs, objp) + XDR *xdrs; + ypresp_key_val *objp; +{ + if (!xdr_ypstat(xdrs, &objp->stat)) { + return (FALSE); + } + if (!xdr_valdat(xdrs, &objp->val)) { + return (FALSE); + } + if (!xdr_keydat(xdrs, &objp->key)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypresp_master(xdrs, objp) + XDR *xdrs; + ypresp_master *objp; +{ + if (!xdr_ypstat(xdrs, &objp->stat)) { + return (FALSE); + } + if (!xdr_peername(xdrs, &objp->peer)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypresp_order(xdrs, objp) + XDR *xdrs; + ypresp_order *objp; +{ + if (!xdr_ypstat(xdrs, &objp->stat)) { + return (FALSE); + } + if (!xdr_u_int(xdrs, &objp->ordernum)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypresp_all(xdrs, objp) + XDR *xdrs; + ypresp_all *objp; +{ + if (!xdr_bool(xdrs, &objp->more)) { + return (FALSE); + } + switch (objp->more) { + case TRUE: + if (!xdr_ypresp_key_val(xdrs, &objp->ypresp_all_u.val)) { + return (FALSE); + } + break; + case FALSE: + break; + default: + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypresp_xfr(xdrs, objp) + XDR *xdrs; + ypresp_xfr *objp; +{ + if (!xdr_u_int(xdrs, &objp->transid)) { + return (FALSE); + } + if (!xdr_ypxfrstat(xdrs, &objp->xfrstat)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypmaplist(xdrs, objp) + XDR *xdrs; + ypmaplist *objp; +{ + if (!xdr_mapname(xdrs, &objp->map)) { + return (FALSE); + } + if (!xdr_pointer(xdrs, (char **)&objp->next, sizeof(ypmaplist), xdr_ypmaplist)) { + return (FALSE); + } + return (TRUE); +} + + + + +bool_t +xdr_ypresp_maplist(xdrs, objp) + XDR *xdrs; + ypresp_maplist *objp; +{ + if (!xdr_ypstat(xdrs, &objp->stat)) { + return (FALSE); + } + if (!xdr_pointer(xdrs, (char **)&objp->maps, sizeof(ypmaplist), xdr_ypmaplist)) { + return (FALSE); + } + return (TRUE); +} + + |