diff options
Diffstat (limited to 'usr.sbin/rpc.yppasswdd')
-rw-r--r-- | usr.sbin/rpc.yppasswdd/Makefile | 4 | ||||
-rw-r--r-- | usr.sbin/rpc.yppasswdd/rpc.yppasswdd.8 | 42 | ||||
-rw-r--r-- | usr.sbin/rpc.yppasswdd/yppasswdd_extern.h | 5 | ||||
-rw-r--r-- | usr.sbin/rpc.yppasswdd/yppasswdd_main.c | 26 | ||||
-rw-r--r-- | usr.sbin/rpc.yppasswdd/yppasswdd_server.c | 10 |
5 files changed, 75 insertions, 12 deletions
diff --git a/usr.sbin/rpc.yppasswdd/Makefile b/usr.sbin/rpc.yppasswdd/Makefile index 8632fd8..9fefac2 100644 --- a/usr.sbin/rpc.yppasswdd/Makefile +++ b/usr.sbin/rpc.yppasswdd/Makefile @@ -1,8 +1,8 @@ -# $Id: Makefile,v 1.3 1996/02/11 02:46:48 wpaul Exp $ +# $Id: Makefile,v 1.1.1.1 1996/02/12 15:09:01 wpaul Exp $ PROG= rpc.yppasswdd SRCS= pw_copy.c pw_util.c yppasswd_svc.c yp_error.c ypxfr_misc.c \ - yp_clnt.c yp_dblookup.c yppasswd_private_xdr.c \ + yp_clnt.c yp_dblookup.c yp_access.c yppasswd_private_xdr.c \ util.c yppasswdd_server.c yppasswd_comm.c yppasswdd_main.c .PATH: ${.CURDIR}/../../usr.sbin/ypserv ${.CURDIR}/../../usr.bin/chpass \ diff --git a/usr.sbin/rpc.yppasswdd/rpc.yppasswdd.8 b/usr.sbin/rpc.yppasswdd/rpc.yppasswdd.8 index fd51b96..32706fe 100644 --- a/usr.sbin/rpc.yppasswdd/rpc.yppasswdd.8 +++ b/usr.sbin/rpc.yppasswdd/rpc.yppasswdd.8 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: rpc.yppasswdd.8,v 1.3 1996/02/12 14:44:15 wpaul Exp $ +.\" $Id: rpc.yppasswdd.8,v 1.5 1996/02/24 21:41:47 wpaul Exp $ .\" .Dd February 8, 1996 .Dt RPC.YPPASSWDD 8 @@ -46,6 +46,7 @@ .Op Fl a .Op Fl m .Op Fl v +.Op Fl u .Op Fl h .Sh DESCRIPTION The @@ -80,7 +81,19 @@ or commands. (Some administrators don't want users to be able to change their full name information or shells; the server can be invoked with option flags that disallow such changes.) When the server receives an update request, -it checks the 'old' password supplied by the user to make sure it's +it compares the address of the client making the request against the +.Pa securenets +rules outlined in +.Pa /var/yp/securenets . +(See the +.Xr ypserv 8 +manual page for more information on securenets; the +.Nm rpc.yppasswdd +server uses the same access control mechanism as +.Xr ypserv 8 .) +.Pp +The server then +checks the 'old' password supplied by the user to make sure it's valid, then performs some sanity checks on the updated information (these include checking for embedded control characters, colons or invalid shells). Once it is satisfied that the update request is valid, the server modifies @@ -229,6 +242,31 @@ updates for the super-user on the NIS master server. Running the server with the .Fl v flag will cause it to log informational messages for all updates. +.It Fl u +Many commercial +.Xr yppasswd 1 +clients do not use a reserved port when sending requests to +.Nm rpc.yppasswdd . +This is either because the +.Xr yppasswd 1 +program is not installed set-uid root, or because the RPC +implementation does not place any emphasis on binding to reserved +ports when establishing client connections for the super-user. +By default, +.Nm rpc.yppasswdd +expects to receive requests from clients using reserved ports; requests +received from non-privileged ports are rejected. Unfortunately, this +behavior prevents any client systems that to not use privileged +ports from sucessfully submitting password updates. Specifying +the +.Fl u +flag to +.Nm rpc.yppasswdd +disables the privileged port check so that it will work with +.Xr yppasswd 1 +clients that don't use privileged ports. This reduces security to +a certain small degree, but it might be necessary in cases where it +is not possible to change the client behavior. .It Fl h Displays the list of flags and options understood by .Nm rpc.yppasswdd . diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_extern.h b/usr.sbin/rpc.yppasswdd/yppasswdd_extern.h index 84e7eed..6c6885d 100644 --- a/usr.sbin/rpc.yppasswdd/yppasswdd_extern.h +++ b/usr.sbin/rpc.yppasswdd/yppasswdd_extern.h @@ -29,7 +29,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: yppasswdd_extern.h,v 1.4 1996/02/01 04:38:39 wpaul Exp $ + * $Id: yppasswdd_extern.h,v 1.5 1996/02/24 21:41:36 wpaul Exp $ */ #include <sys/types.h> @@ -65,7 +65,10 @@ extern int no_chsh; extern int no_chfn; extern int allow_additions; extern int multidomain; +extern int resvport; extern int verbose; extern int _rpc_dtablesize __P((void)); extern void yp_error __P((const char *, ...)); +extern void load_securenets __P(( void )); +extern int yp_access __P((const char *, const struct svc_req * )); extern int yp_get_record __P(( const char *, const char *, const DBT *, DBT *, int)); diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_main.c b/usr.sbin/rpc.yppasswdd/yppasswdd_main.c index 358345f..66da559 100644 --- a/usr.sbin/rpc.yppasswdd/yppasswdd_main.c +++ b/usr.sbin/rpc.yppasswdd/yppasswdd_main.c @@ -29,7 +29,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: yppasswdd_main.c,v 1.8 1996/02/09 04:21:35 wpaul Exp $ + * $Id: yppasswdd_main.c,v 1.10 1996/02/24 21:41:15 wpaul Exp $ */ #include "yppasswd.h" @@ -72,7 +72,7 @@ struct dom_binding {}; #define _RPCSVC_CLOSEDOWN 120 #ifndef lint -static const char rcsid[] = "$Id: yppasswdd_main.c,v 1.8 1996/02/09 04:21:35 wpaul Exp $"; +static const char rcsid[] = "$Id: yppasswdd_main.c,v 1.10 1996/02/24 21:41:15 wpaul Exp $"; #endif /* not lint */ int _rpcpmstart = 0; /* Started by a port monitor ? */ static int _rpcfdtype; @@ -93,6 +93,7 @@ int no_chfn = 0; int allow_additions = 0; int multidomain = 0; int verbose = 0; +int resvport = 1; char *yp_dir = "/var/yp/"; int yp_sock; @@ -145,7 +146,13 @@ static void terminate(sig) unlink(sockname); exit(0); } - + +static void reload(sig) + int sig; +{ + load_securenets(); +} + static void closedown(int sig) { @@ -181,7 +188,7 @@ closedown(int sig) static void usage() { fprintf(stderr, "Usage: %s [-t master.passwd file] [-d domain] \ -[-p path] [-s] [-f] [-m] [-a] [-v] [-h]\n", +[-p path] [-s] [-f] [-m] [-a] [-v] [-u] [-h]\n", progname); exit(1); } @@ -230,6 +237,9 @@ main(argc, argv) case 'v': verbose++; break; + case 'u': + resvport = 0; + break; default: case 'h': usage(); @@ -245,6 +255,8 @@ name isn't set -- aborting"); } } + load_securenets(); + if (getrpcport("localhost", YPPROG, YPVERS, IPPROTO_UDP) <= 0) { yp_error("this host is not an NIS server -- aborting"); exit(1); @@ -266,6 +278,8 @@ name isn't set -- aborting"); exit(1); } + debug = 0; + if (getsockname(0, (struct sockaddr *)&saddr, &asize) == 0) { int ssize = sizeof (int); @@ -343,13 +357,15 @@ name isn't set -- aborting"); (void) signal(SIGALRM, (SIG_PF) closedown); (void) alarm(_RPCSVC_CLOSEDOWN/2); } - /* set up resporce limits and block signals */ + /* set up resource limits and block signals */ pw_init(); /* except SIGCHLD, which we need to catch */ install_reaper(1); signal(SIGTERM, (SIG_PF) terminate); + signal(SIGHUP, (SIG_PF) reload); + unlink(sockname); yp_sock = makeservsock(); if (chmod(sockname, 0)) diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c index fa2551a..205ca77 100644 --- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c +++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c @@ -29,7 +29,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: yppasswdd_server.c,v 1.8 1996/02/09 04:38:19 wpaul Exp $ + * $Id: yppasswdd_server.c,v 1.11 1996/02/24 21:41:15 wpaul Exp $ */ #include <stdio.h> @@ -60,7 +60,7 @@ struct dom_binding {}; #include "yppasswd_comm.h" #ifndef lint -static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.8 1996/02/09 04:38:19 wpaul Exp $"; +static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.11 1996/02/24 21:41:15 wpaul Exp $"; #endif /* not lint */ char *tempname; @@ -338,6 +338,12 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp) rqhost = svc_getcaller(rqstp->rq_xprt); + if (yp_access(resvport ? "master.passwd.byname" : NULL, rqstp)) { + yp_error("rejected update request from unauthorized host"); + svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED); + return(&result); + } + /* * Step one: find the user. (It's kinda pointless to * proceed if the user doesn't exist.) We look for the |