/* * Figure out the fully qualified network name for the given uid. * This is a private interface. */ int __getnetnamebyuid(char name[MAXNETNAMELEN + 1], uid_t uid) { if (uid == 0) return (host2netname(name, NULL, NULL)); return (user2netname(name, uid, NULL)); }
/* * Figure out my fully qualified network name */ int getnetname(char name[MAXNETNAMELEN + 1]) { uid_t uid; uid = geteuid(); if (uid == 0) return (host2netname(name, NULL, NULL)); return (user2netname(name, uid, NULL)); }
/* * Figure out my fully qualified network name */ int getnetname(char name[MAXNETNAMELEN+1]) { uid_t uid; uid = geteuid(); if (uid == 0) { return (host2netname(name, (char *) NULL, (char *) NULL)); } else { return (user2netname(name, uid, (char *) NULL)); } }
int getnetname (char name[MAXNETNAMELEN + 1]) { uid_t uid; int dummy; uid = __geteuid (); if (uid == 0) dummy = host2netname (name, NULL, NULL); else dummy = user2netname (name, uid, NULL); return (dummy); }
int yp_update(char *domain, char *map, unsigned int ypop, char *key, int keylen, char *data, int datalen) { char *master; int rval; unsigned int res; struct ypupdate_args upargs; struct ypdelete_args delargs; CLIENT *clnt; char netname[MAXNETNAMELEN+1]; des_block des_key; struct timeval timeout; /* Get the master server name for 'domain.' */ if ((rval = yp_master(domain, map, &master))) return(rval); /* Check that ypupdated is running there. */ if (getrpcport(master, YPU_PROG, YPU_VERS, ypop)) return(YPERR_DOMAIN); /* Get a handle. */ if ((clnt = clnt_create(master, YPU_PROG, YPU_VERS, "tcp")) == NULL) return(YPERR_RPC); /* * Assemble netname of server. * NOTE: It's difficult to discern from the documentation, but * when you make a Secure RPC call, the netname you pass should * be the netname of the guy on the other side, not your own * netname. This is how the client side knows what public key * to use for the initial exchange. Passing your own netname * only works if the server on the other side is running under * your UID. */ if (!host2netname(netname, master, domain)) { clnt_destroy(clnt); return(YPERR_BADARGS); } /* Make up a DES session key. */ key_gendes(&des_key); /* Set up DES authentication. */ if ((clnt->cl_auth = (AUTH *)authdes_create(netname, WINDOW, NULL, &des_key)) == NULL) { clnt_destroy(clnt); return(YPERR_RESRC); } /* Set a timeout for clnt_call(). */ timeout.tv_usec = 0; timeout.tv_sec = TIMEOUT; /* * Make the call. Note that we use clnt_call() here rather than * the rpcgen-erated client stubs. We could use those stubs, but * then we'd have to do some gymnastics to get at the error * information to figure out what error code to send back to the * caller. With clnt_call(), we get the error status returned to * us right away, and we only have to exert a small amount of * extra effort. */ switch (ypop) { case YPOP_CHANGE: upargs.mapname = map; upargs.key.yp_buf_len = keylen; upargs.key.yp_buf_val = key; upargs.datum.yp_buf_len = datalen; upargs.datum.yp_buf_val = data; if ((rval = clnt_call(clnt, YPU_CHANGE, (xdrproc_t)xdr_ypupdate_args, &upargs, (xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) { if (rval == RPC_AUTHERROR) res = YPERR_ACCESS; else res = YPERR_RPC; } break; case YPOP_INSERT: upargs.mapname = map; upargs.key.yp_buf_len = keylen; upargs.key.yp_buf_val = key; upargs.datum.yp_buf_len = datalen; upargs.datum.yp_buf_val = data; if ((rval = clnt_call(clnt, YPU_INSERT, (xdrproc_t)xdr_ypupdate_args, &upargs, (xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) { if (rval == RPC_AUTHERROR) res = YPERR_ACCESS; else res = YPERR_RPC; } break; case YPOP_DELETE: delargs.mapname = map; delargs.key.yp_buf_len = keylen; delargs.key.yp_buf_val = key; if ((rval = clnt_call(clnt, YPU_DELETE, (xdrproc_t)xdr_ypdelete_args, &delargs, (xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) { if (rval == RPC_AUTHERROR) res = YPERR_ACCESS; else res = YPERR_RPC; } break; case YPOP_STORE: upargs.mapname = map; upargs.key.yp_buf_len = keylen; upargs.key.yp_buf_val = key; upargs.datum.yp_buf_len = datalen; upargs.datum.yp_buf_val = data; if ((rval = clnt_call(clnt, YPU_STORE, (xdrproc_t)xdr_ypupdate_args, &upargs, (xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) { if (rval == RPC_AUTHERROR) res = YPERR_ACCESS; else res = YPERR_RPC; } break; default: res = YPERR_BADARGS; break; } /* All done: tear down the connection. */ auth_destroy(clnt->cl_auth); clnt_destroy(clnt); free(master); return(res); }
int main(int argc, char **argv) { char name[MAXNETNAMELEN+1]; char public[HEXKEYBYTES + 1]; char secret[HEXKEYBYTES + 1]; char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; int status; char *pass; struct passwd *pw; uid_t uid; int force = 0; int ch; #ifdef YP char *master; #endif while ((ch = getopt(argc, argv, "f")) != -1) switch(ch) { case 'f': force = 1; break; default: usage(); } argc -= optind; argv += optind; if (argc != 0) usage(); #ifdef YP yp_get_default_domain(&domain); if (yp_master(domain, PKMAP, &master) != 0) errx(1, "can't find master of publickey database"); #endif uid = getuid() /*geteuid()*/; if (uid == 0) { if (host2netname(name, NULL, NULL) == 0) errx(1, "cannot convert hostname to netname"); } else { if (user2netname(name, uid, NULL) == 0) errx(1, "cannot convert username to netname"); } printf("Generating new key for %s.\n", name); if (!force) { if (uid != 0) { #ifdef YPPASSWD pw = ypgetpwuid(uid); #else pw = getpwuid(uid); #endif if (pw == NULL) { #ifdef YPPASSWD errx(1, "no NIS password entry found: can't change key"); #else errx(1, "no password entry found: can't change key"); #endif } } else { pw = getpwuid(0); if (pw == NULL) errx(1, "no password entry found: can't change key"); } } pass = getpass("Password:"******"invalid password"); } #else force = 1; /* Make this mandatory */ #endif genkeys(public, secret, pass); memcpy(crypt1, secret, HEXKEYBYTES); memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE); crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0; xencrypt(crypt1, pass); if (force) { memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1); xdecrypt(crypt2, getpass("Retype password:"******"password incorrect"); } #ifdef YP printf("Sending key change request to %s...\n", master); #endif status = setpublicmap(name, public, crypt1); if (status != 0) { #ifdef YP errx(1, "unable to update NIS database (%u): %s", status, yperr_string(status)); #else errx(1, "unable to update publickey database"); #endif } if (uid == 0) { /* * Root users store their key in /etc/$ROOTKEY so * that they can auto reboot without having to be * around to type a password. Storing this in a file * is rather dubious: it should really be in the EEPROM * so it does not go over the net. */ int fd; fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0); if (fd < 0) { warn("%s", ROOTKEY); } else { char newline = '\n'; if (write(fd, secret, strlen(secret)) < 0 || write(fd, &newline, sizeof(newline)) < 0) warn("%s: write", ROOTKEY); } } if (key_setsecret(secret) < 0) errx(1, "unable to login with new secret key"); printf("Done.\n"); exit(0); /* NOTREACHED */ }
_Tt_db_results _Tt_db_client::connectToDB (const _Tt_string &hostname) { _tt_auth_level_results *auth_level_results = (_tt_auth_level_results *)NULL; int _socket; _socket = -1; dbHostname = hostname; // Connect to the dbserver on the specified host. // If we don't have TI_RPC we cannot depend on CLGET_FD, so // we have to use clnttcp_create so that we get the socket FD back // in order to set close_on_exec. #if defined(OPT_TLI) #ifdef OPT_HAS_CLNT_CREATE_TIMED struct timeval tv = { OPT_CLNT_CREATE_TIMEOUT, 0}; dbServer = clnt_create_timed((char *)dbHostname, TT_DBSERVER_PROG, TT_DBSERVER_VERS, (char *)TT_DB_RPC_PROTO, &tv); #else dbServer = clnt_create((char *)dbHostname, TT_DBSERVER_PROG, TT_DBSERVER_VERS, (char *)TT_DB_RPC_PROTO); #endif if (dbServer) { clnt_control(dbServer, CLGET_FD, (char *)&_socket); } #else struct sockaddr_in server_addr; struct hostent *host_ret; _Xgethostbynameparams host_buf; memset((char*) &host_buf, 0, sizeof(_Xgethostbynameparams)); if ((host_ret = _XGethostbyname((char *)dbHostname, host_buf)) != NULL) { _socket = RPC_ANYSOCK; memset(&server_addr, 0, sizeof(server_addr)); server_addr.sin_family = AF_INET; server_addr.sin_port = htons(0); memcpy(&server_addr.sin_addr.s_addr, *(host_ret->h_addr_list), sizeof(server_addr.sin_addr.s_addr)); dbServer = clnttcp_create(&server_addr, TT_DBSERVER_PROG, TT_DBSERVER_VERS, &_socket, 0, 0); } else { // gethostbyname failed, fake RPC error dbServer = 0; rpc_createerr.cf_stat = RPC_UNKNOWNHOST; } #endif // Connection failed. if (!dbServer) { _tt_syslog(0, LOG_ERR, catgets(_ttcatd, 1, 3, "clnt_create for rpc.ttdbserverd on %s failed%s"), (char *)dbHostname, clnt_spcreateerror("")); // Set dbConnectionResults data member... SetError(rpc_createerr.cf_stat); return dbConnectionResults; } // Connection succeeded. clnt_control(dbServer, CLSET_TIMEOUT, (char *)&TT_DB_RPC_QUICK_TIMEOUT); dbConnectionResults = TT_DB_ERR_DB_CONNECTION_FAILED; // Default value. for (;dbVersion > 0; dbVersion--) { if (dbVersion > 1) { auth_level_results = _tt_get_min_auth_level_1 ((void *)NULL, dbServer); } else { // If dbVersion == 1, then we are talking to an old DB server static _tt_auth_level_results results; char *path = ""; clnt_stat rpc_status; int *result = (int *)NULL; result = _tt_min_auth_level_1(&path, dbServer, &rpc_status); if (result) { results.results = TT_DB_OK; results.auth_level = *result; auth_level_results = &results; } } if ((auth_level_results) && (auth_level_results->results == TT_DB_OK)) { clnt_control(dbServer, CLSET_TIMEOUT, (char *)&TT_DB_RPC_NORMAL_TIMEOUT); dbAuthLevel = auth_level_results->auth_level; dbConnectionResults = TT_DB_OK; // Default return value. switch (dbAuthLevel) { case AUTH_NONE: case AUTH_UNIX: dbServer->cl_auth = authunix_create_default(); break; #ifdef OPT_SECURE_RPC case AUTH_DES: { char server_net_name [MAXNETNAMELEN+1]; struct hostent *host_ret; _Xgethostbynameparams host_buf; if (host2netname(server_net_name, dbHostname, 0) && ((host_ret = _XGethostbyname((char *)dbHostname, host_buf)) != NULL)) { #ifdef OPT_TLI dbServerNetName = server_net_name; #else memcpy((caddr_t) &dbSocket.sin_addr, host_ret->h_addr, host_ret->h_length); dbSocket.sin_family = AF_INET; dbSocket.sin_port = 0; #endif } else { dbConnectionResults = TT_DB_ERR_DB_CONNECTION_FAILED; } } break; #endif // OPT_SECURE_RPC default: dbConnectionResults = TT_DB_ERR_DB_CONNECTION_FAILED; break; } break; } else { // If _tt_get_min_auth_level_1 is not available, then we are talking // to an old DB server. if (_tt_get_rpc_result() != RPC_AUTHERROR) { _tt_syslog(0, LOG_ERR, catgets(_ttcatd, 1, 4, "Error: rpc.ttdbserverd on %s is not running"), (char *)dbHostname); SetError(_tt_get_rpc_result()); break; // Give up and return error code. } } } // end -for()- // // Cleanup if failure. // if (dbConnectionResults != TT_DB_OK) { if (dbServer) { clnt_destroy(dbServer); dbServer = (CLIENT *)NULL; } } // Set close-on-exec bit so a libtt client which forks and execs won't // be short some fd's in the child. if (-1 != _socket && -1 == fcntl(_socket, F_SETFD, 1)) { _tt_syslog( 0, LOG_ERR, "_Tt_db_client::connectToDb(): " "fcntl(F_SETFD): %m"); } return dbConnectionResults; }
int yp_update(char *domain, char *map, unsigned op, char *key, int keylen, char *data, int datalen) { struct ypupdate_args args; uint_t rslt; struct timeval total; CLIENT *client; char *ypmaster; char ypmastername[MAXNETNAMELEN+1]; enum clnt_stat stat; uint_t proc; switch (op) { case YPOP_DELETE: proc = YPU_DELETE; break; case YPOP_INSERT: proc = YPU_INSERT; break; case YPOP_CHANGE: proc = YPU_CHANGE; break; case YPOP_STORE: proc = YPU_STORE; break; default: return (YPERR_BADARGS); } if (yp_master(domain, map, &ypmaster) != 0) { debug("no master found"); return (YPERR_BADDB); } client = clnt_create(ypmaster, YPU_PROG, YPU_VERS, "circuit_n"); if (client == NULL) { #ifdef DEBUG /* CONSTCOND */ if (debugging) { clnt_pcreateerror("client create failed"); } #endif /* DEBUG */ free(ypmaster); return (YPERR_RPC); } if (!host2netname(ypmastername, ypmaster, domain)) { clnt_destroy(client); free(ypmaster); return (YPERR_BADARGS); } client->cl_auth = authdes_seccreate(ypmastername, WINDOW, ypmaster, NULL); free(ypmaster); if (client->cl_auth == NULL) { debug("auth create failed"); clnt_destroy(client); return (YPERR_RPC); } args.mapname = map; args.key.yp_buf_len = keylen; args.key.yp_buf_val = key; args.datum.yp_buf_len = datalen; args.datum.yp_buf_val = data; total.tv_sec = TOTAL_TIMEOUT; total.tv_usec = 0; clnt_control(client, CLSET_TIMEOUT, (char *)&total); stat = clnt_call(client, proc, xdr_ypupdate_args, (char *)&args, xdr_u_int, (char *)&rslt, total); if (stat != RPC_SUCCESS) { #ifdef DEBUG debug("ypupdate RPC call failed"); /* CONSTCOND */ if (debugging) clnt_perror(client, "ypupdate call failed"); #endif /* DEBUG */ rslt = YPERR_RPC; } auth_destroy(client->cl_auth); clnt_destroy(client); return (rslt); }