diff options
author | deraadt <deraadt@openbsd.org> | 1996-07-01 00:49:56 +0000 |
---|---|---|
committer | deraadt <deraadt@openbsd.org> | 1996-07-01 00:49:56 +0000 |
commit | 249c1b3f6ae8b6c46be9fdf8c61682137683cdc8 (patch) | |
tree | 4e38a71e59a45657daa323241db713b114dc9f3f | |
parent | whoops (diff) | |
download | wireguard-openbsd-249c1b3f6ae8b6c46be9fdf8c61682137683cdc8.tar.xz wireguard-openbsd-249c1b3f6ae8b6c46be9fdf8c61682137683cdc8.zip |
bind to localhost for ypsetme
-rw-r--r-- | usr.sbin/ypbind/ypbind.c | 71 |
1 files changed, 63 insertions, 8 deletions
diff --git a/usr.sbin/ypbind/ypbind.c b/usr.sbin/ypbind/ypbind.c index 728d0f8616f..6097c107116 100644 --- a/usr.sbin/ypbind/ypbind.c +++ b/usr.sbin/ypbind/ypbind.c @@ -1,7 +1,8 @@ -/* $OpenBSD: ypbind.c,v 1.8 1996/06/10 05:48:51 deraadt Exp $ */ +/* $OpenBSD: ypbind.c,v 1.9 1996/07/01 00:49:56 deraadt Exp $ */ /* - * Copyright (c) 1992, 1993, 1996 Theo de Raadt <deraadt@theos.com> + * Copyright (c) 1996 Theo de Raadt <deraadt@theos.com> + * Copyright (c) 1992, 1993 Theo de Raadt <deraadt@theos.com> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,7 +34,7 @@ */ #ifndef LINT -static char rcsid[] = "$OpenBSD: ypbind.c,v 1.8 1996/06/10 05:48:51 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: ypbind.c,v 1.9 1996/07/01 00:49:56 deraadt Exp $"; #endif #include <sys/param.h> @@ -102,6 +103,7 @@ struct rmtcallres rmtcr; char rmtcr_outval; u_long rmtcr_port; SVCXPRT *udptransp, *tcptransp; +SVCXPRT *ludptransp, *ltcptransp; struct _dom_binding *xid2ypdb __P((int xid)); int unique_xid __P((struct _dom_binding *ypdb)); @@ -214,6 +216,10 @@ ypbindproc_setdom_2x(transp, argp, clnt) switch (ypsetmode) { case YPSET_LOCAL: + if (transp != ludptransp && transp != ltcptransp) { + syslog(LOG_WARNING, "attempted spoof of ypsetme"); + return (bool_t *)NULL; + } if (fromsin->sin_addr.s_addr != htonl(INADDR_LOOPBACK)) return (bool_t *)NULL; break; @@ -312,15 +318,17 @@ usage() exit(0); } +int main(argc, argv) int argc; char *argv[]; { char path[MAXPATHLEN]; + struct sockaddr_in sin; struct timeval tv; fd_set fdsr; - int width, lockfd; - int evil = 0, one; + int width, lockfd, len, lsock; + int evil = 0, one = 1; DIR *dirp; struct dirent *dent; @@ -399,6 +407,54 @@ main(argc, argv) exit(1); } + if (ypsetmode == YPSET_LOCAL) { + /* build UDP local port */ + if ((lsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { + syslog(LOG_ERR, "cannot create local udp socket: %m"); + exit(1); + } + (void)setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, &one, + sizeof one); + len = sizeof(sin); + if (getsockname(udptransp->xp_sock, (struct sockaddr *)&sin, + &len) == -1) { + syslog(LOG_ERR, "cannot getsockname local udp: %m"); + exit(1); + } + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + if (bind(lsock, (struct sockaddr *)&sin, len) != 0) { + syslog(LOG_ERR, "cannot bind local udp: %m"); + exit(1); + } + if ((ludptransp = svcudp_create(lsock)) == NULL) { + fprintf(stderr, "cannot create udp service."); + exit(1); + } + + /* build TCP local port */ + if ((lsock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { + syslog(LOG_ERR, "cannot create udp socket: %m"); + exit(1); + } + (void)setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, &one, + sizeof one); + len = sizeof(sin); + if (getsockname(tcptransp->xp_sock, (struct sockaddr *)&sin, + &len) == -1) { + syslog(LOG_ERR, "cannot getsockname udp: %m"); + exit(1); + } + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + if (bind(lsock, (struct sockaddr *)&sin, len) == -1) { + syslog(LOG_ERR, "cannot bind udp: %m"); + exit(1); + } + if ((ltcptransp = svctcp_create(lsock, 0, 0)) == NULL) { + fprintf(stderr, "cannot create tcp service."); + exit(1); + } + } + if ((rpcsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { perror("socket"); return -1; @@ -407,10 +463,9 @@ main(argc, argv) perror("socket"); return -1; } - + fcntl(rpcsock, F_SETFL, fcntl(rpcsock, F_GETFL, 0) | FNDELAY); fcntl(pingsock, F_SETFL, fcntl(rpcsock, F_GETFL, 0) | FNDELAY); - one = 1; setsockopt(rpcsock, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)); rmtca.prog = YPPROG; rmtca.vers = YPVERS; @@ -799,7 +854,7 @@ try_again: } /* - * LOOPBACK IS MORE IMPORTANT: PUT IN HACK + * We prefer loopback connections. */ rpc_received(dom, raddrp, force) char *dom; |