summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ypbind
diff options
context:
space:
mode:
authorwpaul <wpaul@FreeBSD.org>1995-02-26 04:42:48 +0000
committerwpaul <wpaul@FreeBSD.org>1995-02-26 04:42:48 +0000
commitc0657f0db190818cf8717ac118b29ee382f889a9 (patch)
tree5c16e244206186b65ea5fe5901d506f4a77fbfd6 /usr.sbin/ypbind
parent13cbdca12e3449f7f60b40f5591e9c0fe4be9fc0 (diff)
downloadFreeBSD-src-c0657f0db190818cf8717ac118b29ee382f889a9.zip
FreeBSD-src-c0657f0db190818cf8717ac118b29ee382f889a9.tar.gz
Submitted by: Sebastian Strollo <seb@erix.eriksson.se>
Fixes to ypbind: - Correctly report the fact that we've bound to a new server when logging the 'server OK' message. - Report 'server not responding' just once instead of every 5 seconds while searching for a new server. (Prevents overstuffing the syslog.) - Apply patch from Sebstian Strollo to implement '-s' (secure) flag. ypbind will reject connections from servers that do not originate from a reserved TCP port. - Apply patch from Sebastian Strollo to detect when a YP server has crashed and come back up on a different port number.
Diffstat (limited to 'usr.sbin/ypbind')
-rw-r--r--usr.sbin/ypbind/ypbind.c38
1 files changed, 25 insertions, 13 deletions
diff --git a/usr.sbin/ypbind/ypbind.c b/usr.sbin/ypbind/ypbind.c
index 63fa7f8..55c8d15 100644
--- a/usr.sbin/ypbind/ypbind.c
+++ b/usr.sbin/ypbind/ypbind.c
@@ -28,7 +28,7 @@
*/
#ifndef LINT
-static char rcsid[] = "$Id: ypbind.c,v 1.2 1994/09/23 10:25:38 davidg Exp $";
+static char rcsid[] = "$Id: ypbind.c,v 1.3 1995/02/16 01:21:44 wpaul Exp $";
#endif
#include <sys/param.h>
@@ -49,6 +49,7 @@ static char rcsid[] = "$Id: ypbind.c,v 1.2 1994/09/23 10:25:38 davidg Exp $";
#include <rpc/rpc.h>
#include <rpc/xdr.h>
#include <net/if.h>
+#include <netinet/in.h>
#include <arpa/inet.h>
#include <rpc/pmap_clnt.h>
#include <rpc/pmap_prot.h>
@@ -98,6 +99,8 @@ int check;
#define YPSET_ALL 2
int ypsetmode = YPSET_NO;
+int ypsecuremode = 0;
+
int rpcsock;
struct rmtcallargs rmtca;
struct rmtcallres rmtcr;
@@ -304,7 +307,9 @@ char **argv;
if( strcmp("-ypset", argv[i]) == 0)
ypsetmode = YPSET_ALL;
else if (strcmp("-ypsetme", argv[i]) == 0)
- ypsetmode = YPSET_LOCAL;
+ ypsetmode = YPSET_LOCAL;
+ else if (strcmp("-s", argv[i]) == 0)
+ ypsecuremode++;
}
/* blow away everything in BINDINGDIR */
@@ -444,17 +449,16 @@ checkwork()
ypdb->dom_server_addr, ypdb->dom_alive);
ypdb->dom_check_t = t + ypdb->dom_interval;
ypdb->dom_answered = 0;
- if (ypdb->dom_vers == 0)
- syslog (LOG_NOTICE,
- "NIS server [%s] for domain %s not responding.",
- inet_ntoa(ypdb->dom_server_addr.sin_addr),
- ypdb->dom_domain);
} else
if (!ypdb->dom_answered && ypdb->dom_alive &&
ypdb->dom_check_t < (t + FAIL_THRESHOLD)) {
- ypdb->dom_check_t = ypdb->dom_alive =
+ ypdb->dom_check_t = ypdb->dom_alive =
ypdb->dom_vers = 0;
ypdb->dom_interval = 5;
+ syslog (LOG_NOTICE,
+ "NIS server [%s] for domain %s not responding.",
+ inet_ntoa(ypdb->dom_server_addr.sin_addr),
+ ypdb->dom_domain);
}
}
}
@@ -570,7 +574,6 @@ int direct;
}
} else
continue;
-
in = ((struct sockaddr_in *)&ifreq.ifr_addr)->sin_addr;
bsin.sin_addr = in;
if( sendto(rpcsock, buf, outlen, 0,
@@ -650,11 +653,20 @@ int force;
char path[MAXPATHLEN];
int fd;
- /*printf("returned from %s about %s\n", inet_ntoa(raddrp->sin_addr), dom);*/
+ /*printf("returned from %s/%d about %s\n", inet_ntoa(raddrp->sin_addr),
+ ntohs(raddrp->sin_port), dom);*/
if(dom==NULL)
return;
+ /* if in securemode, check originating port number */
+ if (ypsecuremode && (ntohs(raddrp->sin_port) >= IPPORT_RESERVED)) {
+ syslog(LOG_WARNING, "Rejected NIS server on [%s/%d] for domain %s.",
+ inet_ntoa(raddrp->sin_addr), ntohs(raddrp->sin_port),
+ dom);
+ return;
+ }
+
for(ypdb=ypbindlist; ypdb; ypdb=ypdb->dom_pnext)
if( strcmp(ypdb->dom_domain, dom) == 0)
break;
@@ -672,7 +684,8 @@ int force;
/* soft update, alive, less than FAIL_THRESHOLD seconds old */
if(ypdb->dom_alive==1 && (force==0 || ypdb->dom_answered == 0)
- && (ypdb->dom_check_t - FAIL_THRESHOLD) > time(NULL)) {
+ && (ypdb->dom_check_t - FAIL_THRESHOLD) > time(NULL)
+ && (ypdb->dom_server_addr.sin_port == raddrp->sin_port)) {
ypdb->dom_answered = 1;
ypdb->dom_interval = 60;
return;
@@ -683,8 +696,7 @@ int force;
*/
if (ypdb->dom_vers == 0)
syslog(LOG_NOTICE, "NIS server [%s] for domain %s OK.",
- inet_ntoa(ypdb->dom_server_addr.sin_addr),
- ypdb->dom_domain);
+ inet_ntoa(raddrp->sin_addr), ypdb->dom_domain);
bcopy((char *)raddrp, (char *)&ypdb->dom_server_addr,
sizeof ypdb->dom_server_addr);
OpenPOWER on IntegriCloud