diff options
| author | alfred <alfred@FreeBSD.org> | 2002-02-05 18:51:13 +0000 |
|---|---|---|
| committer | alfred <alfred@FreeBSD.org> | 2002-02-05 18:51:13 +0000 |
| commit | 903f014bc1c0d907f00f5ee5cd8d683b823d9081 (patch) | |
| tree | 3a12e7e4d3de589fd6489d0ed1fe6dcd9f4523ed /usr.sbin/rpc.yppasswdd/yppasswdd_server.c | |
| parent | a4aa24479f3003ff821d69e061c6e6ffb137b3b3 (diff) | |
| download | FreeBSD-src-903f014bc1c0d907f00f5ee5cd8d683b823d9081.zip FreeBSD-src-903f014bc1c0d907f00f5ee5cd8d683b823d9081.tar.gz | |
Fix the breakage in rpc.yppasswd. Readded the svc_create() and
the registering of the "unix" transport, now it is fixed.
Everywhere, rq_cred is taken to look what authentification we have.
We can not be sure that transp>xp_verf.oa_flavor is also filled in.
This seems to be the same for all sun source. they take the flavor
of rq_cred, instead of transp.
Submitted by: mbr
Diffstat (limited to 'usr.sbin/rpc.yppasswdd/yppasswdd_server.c')
| -rw-r--r-- | usr.sbin/rpc.yppasswdd/yppasswdd_server.c | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c index 2e0b092..d61390d 100644 --- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c +++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c @@ -62,11 +62,6 @@ struct dom_binding {}; #include "yppasswd.h" #include "yppasswd_private.h" -struct cmessage { - struct cmsghdr cmsg; - struct cmsgcred cmcred; -}; - char *tempname; void reaper(sig) @@ -705,47 +700,43 @@ int *yppasswdproc_update_master_1_svc(master_yppasswd *argp, static int result; int pfd, tfd; int pid; + uid_t uid; int rval = 0; DBT key, data; char *passfile_hold; char passfile_buf[MAXPATHLEN + 2]; struct sockaddr_in *rqhost; - struct cmessage *cm; - SVCXPRT *transp; + SVCXPRT *transp; result = 1; + transp = rqstp->rq_xprt; /* * NO AF_INET CONNETCIONS ALLOWED! */ - rqhost = svc_getcaller(rqstp->rq_xprt); + rqhost = svc_getcaller(transp); if (rqhost->sin_family != AF_UNIX) { yp_error("Alert! %s/%d attempted to use superuser-only \ procedure!\n", inet_ntoa(rqhost->sin_addr), rqhost->sin_port); - svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED); + svcerr_auth(transp, AUTH_BADCRED); return(&result); } - transp = rqstp->rq_xprt; - - if (transp->xp_verf.oa_length < sizeof(struct cmessage) || - transp->xp_verf.oa_base == NULL || - transp->xp_verf.oa_flavor != AUTH_UNIX) { + if (rqstp->rq_cred.oa_flavor != AUTH_SYS) { yp_error("caller didn't send proper credentials"); - svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED); + svcerr_auth(transp, AUTH_BADCRED); return(&result); } - cm = (struct cmessage *)transp->xp_verf.oa_base; - if (cm->cmsg.cmsg_type != SCM_CREDS) { + if (__rpc_get_local_uid(transp, &uid) < 0) { yp_error("caller didn't send proper credentials"); - svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED); + svcerr_auth(transp, AUTH_BADCRED); return(&result); } - - if (cm->cmcred.cmcred_euid) { + + if (uid) { yp_error("caller euid is %d, expecting 0 -- rejecting request", - cm->cmcred.cmcred_euid); + uid); svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED); return(&result); } |
