diff options
author | wpaul <wpaul@FreeBSD.org> | 1996-02-24 22:10:42 +0000 |
---|---|---|
committer | wpaul <wpaul@FreeBSD.org> | 1996-02-24 22:10:42 +0000 |
commit | abd2ed647c0d6f695fbe6cb5effc764ffa3bf2ef (patch) | |
tree | 4db573ce826faebd1a77511c6bae7cdd5eab5e48 /usr.sbin/rpc.yppasswdd/yppasswdd_main.c | |
parent | ad0849d8900b9f782546a46918ebe65e3c52e43b (diff) | |
download | FreeBSD-src-abd2ed647c0d6f695fbe6cb5effc764ffa3bf2ef.zip FreeBSD-src-abd2ed647c0d6f695fbe6cb5effc764ffa3bf2ef.tar.gz |
Add securenets support (uses same access control mechanism as ypserv,
also controlled by /var/yp/securenets).
Add -u flag to turn off the privileged port check done by yp_access();
some commercial systems (IRIX, Solaris 2.x, HP-UX, and probably others)
don't use a reserved port for submitting yppasswd updates. If we always
enforce the check, these client systems will be unable to submit updates
to us.
Document securenets support and -u flag in man page.
Like ypserv, you can compile rpc.yppasswdd to use the tcpwrapper package
instead of securenets if you want to.
Diffstat (limited to 'usr.sbin/rpc.yppasswdd/yppasswdd_main.c')
-rw-r--r-- | usr.sbin/rpc.yppasswdd/yppasswdd_main.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_main.c b/usr.sbin/rpc.yppasswdd/yppasswdd_main.c index 358345f..66da559 100644 --- a/usr.sbin/rpc.yppasswdd/yppasswdd_main.c +++ b/usr.sbin/rpc.yppasswdd/yppasswdd_main.c @@ -29,7 +29,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: yppasswdd_main.c,v 1.8 1996/02/09 04:21:35 wpaul Exp $ + * $Id: yppasswdd_main.c,v 1.10 1996/02/24 21:41:15 wpaul Exp $ */ #include "yppasswd.h" @@ -72,7 +72,7 @@ struct dom_binding {}; #define _RPCSVC_CLOSEDOWN 120 #ifndef lint -static const char rcsid[] = "$Id: yppasswdd_main.c,v 1.8 1996/02/09 04:21:35 wpaul Exp $"; +static const char rcsid[] = "$Id: yppasswdd_main.c,v 1.10 1996/02/24 21:41:15 wpaul Exp $"; #endif /* not lint */ int _rpcpmstart = 0; /* Started by a port monitor ? */ static int _rpcfdtype; @@ -93,6 +93,7 @@ int no_chfn = 0; int allow_additions = 0; int multidomain = 0; int verbose = 0; +int resvport = 1; char *yp_dir = "/var/yp/"; int yp_sock; @@ -145,7 +146,13 @@ static void terminate(sig) unlink(sockname); exit(0); } - + +static void reload(sig) + int sig; +{ + load_securenets(); +} + static void closedown(int sig) { @@ -181,7 +188,7 @@ closedown(int sig) static void usage() { fprintf(stderr, "Usage: %s [-t master.passwd file] [-d domain] \ -[-p path] [-s] [-f] [-m] [-a] [-v] [-h]\n", +[-p path] [-s] [-f] [-m] [-a] [-v] [-u] [-h]\n", progname); exit(1); } @@ -230,6 +237,9 @@ main(argc, argv) case 'v': verbose++; break; + case 'u': + resvport = 0; + break; default: case 'h': usage(); @@ -245,6 +255,8 @@ name isn't set -- aborting"); } } + load_securenets(); + if (getrpcport("localhost", YPPROG, YPVERS, IPPROTO_UDP) <= 0) { yp_error("this host is not an NIS server -- aborting"); exit(1); @@ -266,6 +278,8 @@ name isn't set -- aborting"); exit(1); } + debug = 0; + if (getsockname(0, (struct sockaddr *)&saddr, &asize) == 0) { int ssize = sizeof (int); @@ -343,13 +357,15 @@ name isn't set -- aborting"); (void) signal(SIGALRM, (SIG_PF) closedown); (void) alarm(_RPCSVC_CLOSEDOWN/2); } - /* set up resporce limits and block signals */ + /* set up resource limits and block signals */ pw_init(); /* except SIGCHLD, which we need to catch */ install_reaper(1); signal(SIGTERM, (SIG_PF) terminate); + signal(SIGHUP, (SIG_PF) reload); + unlink(sockname); yp_sock = makeservsock(); if (chmod(sockname, 0)) |