/*
* Figure out the fully qualified network name for the given uid.
* This is a private interface.
*/
int
__getnetnamebyuid(char name[MAXNETNAMELEN + 1], uid_t uid)
{
if (uid == 0)
return (host2netname(name, NULL, NULL));
return (user2netname(name, uid, NULL));
}
/*
* Figure out my fully qualified network name
*/
int
getnetname(char name[MAXNETNAMELEN + 1])
{
uid_t uid;
uid = geteuid();
if (uid == 0)
return (host2netname(name, NULL, NULL));
return (user2netname(name, uid, NULL));
}
/*
* Figure out my fully qualified network name
*/
int
getnetname(char name[MAXNETNAMELEN+1])
{
uid_t uid;
uid = geteuid();
if (uid == 0) {
return (host2netname(name, (char *) NULL, (char *) NULL));
} else {
return (user2netname(name, uid, (char *) NULL));
}
}
int
getnetname (char name[MAXNETNAMELEN + 1])
{
uid_t uid;
int dummy;
uid = __geteuid ();
if (uid == 0)
dummy = host2netname (name, NULL, NULL);
else
dummy = user2netname (name, uid, NULL);
return (dummy);
}
int
yp_update(char *domain, char *map, unsigned int ypop, char *key, int keylen,
char *data, int datalen)
{
char *master;
int rval;
unsigned int res;
struct ypupdate_args upargs;
struct ypdelete_args delargs;
CLIENT *clnt;
char netname[MAXNETNAMELEN+1];
des_block des_key;
struct timeval timeout;
/* Get the master server name for 'domain.' */
if ((rval = yp_master(domain, map, &master)))
return(rval);
/* Check that ypupdated is running there. */
if (getrpcport(master, YPU_PROG, YPU_VERS, ypop))
return(YPERR_DOMAIN);
/* Get a handle. */
if ((clnt = clnt_create(master, YPU_PROG, YPU_VERS, "tcp")) == NULL)
return(YPERR_RPC);
/*
* Assemble netname of server.
* NOTE: It's difficult to discern from the documentation, but
* when you make a Secure RPC call, the netname you pass should
* be the netname of the guy on the other side, not your own
* netname. This is how the client side knows what public key
* to use for the initial exchange. Passing your own netname
* only works if the server on the other side is running under
* your UID.
*/
if (!host2netname(netname, master, domain)) {
clnt_destroy(clnt);
return(YPERR_BADARGS);
}
/* Make up a DES session key. */
key_gendes(&des_key);
/* Set up DES authentication. */
if ((clnt->cl_auth = (AUTH *)authdes_create(netname, WINDOW, NULL,
&des_key)) == NULL) {
clnt_destroy(clnt);
return(YPERR_RESRC);
}
/* Set a timeout for clnt_call(). */
timeout.tv_usec = 0;
timeout.tv_sec = TIMEOUT;
/*
* Make the call. Note that we use clnt_call() here rather than
* the rpcgen-erated client stubs. We could use those stubs, but
* then we'd have to do some gymnastics to get at the error
* information to figure out what error code to send back to the
* caller. With clnt_call(), we get the error status returned to
* us right away, and we only have to exert a small amount of
* extra effort.
*/
switch (ypop) {
case YPOP_CHANGE:
upargs.mapname = map;
upargs.key.yp_buf_len = keylen;
upargs.key.yp_buf_val = key;
upargs.datum.yp_buf_len = datalen;
upargs.datum.yp_buf_val = data;
if ((rval = clnt_call(clnt, YPU_CHANGE,
(xdrproc_t)xdr_ypupdate_args, &upargs,
(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
if (rval == RPC_AUTHERROR)
res = YPERR_ACCESS;
else
res = YPERR_RPC;
}
break;
case YPOP_INSERT:
upargs.mapname = map;
upargs.key.yp_buf_len = keylen;
upargs.key.yp_buf_val = key;
upargs.datum.yp_buf_len = datalen;
upargs.datum.yp_buf_val = data;
if ((rval = clnt_call(clnt, YPU_INSERT,
(xdrproc_t)xdr_ypupdate_args, &upargs,
(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
if (rval == RPC_AUTHERROR)
res = YPERR_ACCESS;
else
res = YPERR_RPC;
}
break;
case YPOP_DELETE:
delargs.mapname = map;
delargs.key.yp_buf_len = keylen;
delargs.key.yp_buf_val = key;
if ((rval = clnt_call(clnt, YPU_DELETE,
(xdrproc_t)xdr_ypdelete_args, &delargs,
(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
if (rval == RPC_AUTHERROR)
res = YPERR_ACCESS;
else
res = YPERR_RPC;
}
break;
case YPOP_STORE:
upargs.mapname = map;
upargs.key.yp_buf_len = keylen;
upargs.key.yp_buf_val = key;
upargs.datum.yp_buf_len = datalen;
upargs.datum.yp_buf_val = data;
if ((rval = clnt_call(clnt, YPU_STORE,
(xdrproc_t)xdr_ypupdate_args, &upargs,
(xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) {
if (rval == RPC_AUTHERROR)
res = YPERR_ACCESS;
else
res = YPERR_RPC;
}
break;
default:
res = YPERR_BADARGS;
break;
}
/* All done: tear down the connection. */
auth_destroy(clnt->cl_auth);
clnt_destroy(clnt);
free(master);
return(res);
}
int
main(int argc, char **argv)
{
char name[MAXNETNAMELEN+1];
char public[HEXKEYBYTES + 1];
char secret[HEXKEYBYTES + 1];
char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
int status;
char *pass;
struct passwd *pw;
uid_t uid;
int force = 0;
int ch;
#ifdef YP
char *master;
#endif
while ((ch = getopt(argc, argv, "f")) != -1)
switch(ch) {
case 'f':
force = 1;
break;
default:
usage();
}
argc -= optind;
argv += optind;
if (argc != 0)
usage();
#ifdef YP
yp_get_default_domain(&domain);
if (yp_master(domain, PKMAP, &master) != 0)
errx(1, "can't find master of publickey database");
#endif
uid = getuid() /*geteuid()*/;
if (uid == 0) {
if (host2netname(name, NULL, NULL) == 0)
errx(1, "cannot convert hostname to netname");
} else {
if (user2netname(name, uid, NULL) == 0)
errx(1, "cannot convert username to netname");
}
printf("Generating new key for %s.\n", name);
if (!force) {
if (uid != 0) {
#ifdef YPPASSWD
pw = ypgetpwuid(uid);
#else
pw = getpwuid(uid);
#endif
if (pw == NULL) {
#ifdef YPPASSWD
errx(1,
"no NIS password entry found: can't change key");
#else
errx(1,
"no password entry found: can't change key");
#endif
}
} else {
pw = getpwuid(0);
if (pw == NULL)
errx(1, "no password entry found: can't change key");
}
}
pass = getpass("Password:"******"invalid password");
}
#else
force = 1; /* Make this mandatory */
#endif
genkeys(public, secret, pass);
memcpy(crypt1, secret, HEXKEYBYTES);
memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
xencrypt(crypt1, pass);
if (force) {
memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
xdecrypt(crypt2, getpass("Retype password:"******"password incorrect");
}
#ifdef YP
printf("Sending key change request to %s...\n", master);
#endif
status = setpublicmap(name, public, crypt1);
if (status != 0) {
#ifdef YP
errx(1, "unable to update NIS database (%u): %s",
status, yperr_string(status));
#else
errx(1, "unable to update publickey database");
#endif
}
if (uid == 0) {
/*
* Root users store their key in /etc/$ROOTKEY so
* that they can auto reboot without having to be
* around to type a password. Storing this in a file
* is rather dubious: it should really be in the EEPROM
* so it does not go over the net.
*/
int fd;
fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
if (fd < 0) {
warn("%s", ROOTKEY);
} else {
char newline = '\n';
if (write(fd, secret, strlen(secret)) < 0 ||
write(fd, &newline, sizeof(newline)) < 0)
warn("%s: write", ROOTKEY);
}
}
if (key_setsecret(secret) < 0)
errx(1, "unable to login with new secret key");
printf("Done.\n");
exit(0);
/* NOTREACHED */
}
_Tt_db_results _Tt_db_client::connectToDB (const _Tt_string &hostname)
{
_tt_auth_level_results *auth_level_results = (_tt_auth_level_results *)NULL;
int _socket;
_socket = -1;
dbHostname = hostname;
// Connect to the dbserver on the specified host.
// If we don't have TI_RPC we cannot depend on CLGET_FD, so
// we have to use clnttcp_create so that we get the socket FD back
// in order to set close_on_exec.
#if defined(OPT_TLI)
#ifdef OPT_HAS_CLNT_CREATE_TIMED
struct timeval tv = { OPT_CLNT_CREATE_TIMEOUT, 0};
dbServer = clnt_create_timed((char *)dbHostname,
TT_DBSERVER_PROG,
TT_DBSERVER_VERS,
(char *)TT_DB_RPC_PROTO,
&tv);
#else
dbServer = clnt_create((char *)dbHostname,
TT_DBSERVER_PROG,
TT_DBSERVER_VERS,
(char *)TT_DB_RPC_PROTO);
#endif
if (dbServer) {
clnt_control(dbServer, CLGET_FD, (char *)&_socket);
}
#else
struct sockaddr_in server_addr;
struct hostent *host_ret;
_Xgethostbynameparams host_buf;
memset((char*) &host_buf, 0, sizeof(_Xgethostbynameparams));
if ((host_ret = _XGethostbyname((char *)dbHostname, host_buf)) != NULL) {
_socket = RPC_ANYSOCK;
memset(&server_addr, 0, sizeof(server_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(0);
memcpy(&server_addr.sin_addr.s_addr,
*(host_ret->h_addr_list),
sizeof(server_addr.sin_addr.s_addr));
dbServer = clnttcp_create(&server_addr,
TT_DBSERVER_PROG,
TT_DBSERVER_VERS,
&_socket,
0, 0);
} else {
// gethostbyname failed, fake RPC error
dbServer = 0;
rpc_createerr.cf_stat = RPC_UNKNOWNHOST;
}
#endif
// Connection failed.
if (!dbServer) {
_tt_syslog(0, LOG_ERR, catgets(_ttcatd, 1, 3,
"clnt_create for rpc.ttdbserverd on %s failed%s"),
(char *)dbHostname, clnt_spcreateerror(""));
// Set dbConnectionResults data member...
SetError(rpc_createerr.cf_stat);
return dbConnectionResults;
}
// Connection succeeded.
clnt_control(dbServer, CLSET_TIMEOUT, (char *)&TT_DB_RPC_QUICK_TIMEOUT);
dbConnectionResults = TT_DB_ERR_DB_CONNECTION_FAILED; // Default value.
for (;dbVersion > 0; dbVersion--) {
if (dbVersion > 1) {
auth_level_results =
_tt_get_min_auth_level_1 ((void *)NULL, dbServer);
} else {
// If dbVersion == 1, then we are talking to an old DB server
static _tt_auth_level_results results;
char *path = "";
clnt_stat rpc_status;
int *result = (int *)NULL;
result = _tt_min_auth_level_1(&path, dbServer, &rpc_status);
if (result) {
results.results = TT_DB_OK;
results.auth_level = *result;
auth_level_results = &results;
}
}
if ((auth_level_results) && (auth_level_results->results == TT_DB_OK)) {
clnt_control(dbServer, CLSET_TIMEOUT,
(char *)&TT_DB_RPC_NORMAL_TIMEOUT);
dbAuthLevel = auth_level_results->auth_level;
dbConnectionResults = TT_DB_OK; // Default return value.
switch (dbAuthLevel) {
case AUTH_NONE:
case AUTH_UNIX:
dbServer->cl_auth = authunix_create_default();
break;
#ifdef OPT_SECURE_RPC
case AUTH_DES: {
char server_net_name [MAXNETNAMELEN+1];
struct hostent *host_ret;
_Xgethostbynameparams host_buf;
if (host2netname(server_net_name, dbHostname, 0) &&
((host_ret = _XGethostbyname((char *)dbHostname, host_buf)) != NULL)) {
#ifdef OPT_TLI
dbServerNetName = server_net_name;
#else
memcpy((caddr_t) &dbSocket.sin_addr,
host_ret->h_addr,
host_ret->h_length);
dbSocket.sin_family = AF_INET;
dbSocket.sin_port = 0;
#endif
} else {
dbConnectionResults =
TT_DB_ERR_DB_CONNECTION_FAILED;
}
}
break;
#endif // OPT_SECURE_RPC
default:
dbConnectionResults =
TT_DB_ERR_DB_CONNECTION_FAILED;
break;
}
break;
} else {
// If _tt_get_min_auth_level_1 is not available, then we are talking
// to an old DB server.
if (_tt_get_rpc_result() != RPC_AUTHERROR) {
_tt_syslog(0, LOG_ERR,
catgets(_ttcatd, 1, 4, "Error: rpc.ttdbserverd on %s is not running"),
(char *)dbHostname);
SetError(_tt_get_rpc_result());
break; // Give up and return error code.
}
}
} // end -for()-
//
// Cleanup if failure.
//
if (dbConnectionResults != TT_DB_OK) {
if (dbServer) {
clnt_destroy(dbServer);
dbServer = (CLIENT *)NULL;
}
}
// Set close-on-exec bit so a libtt client which forks and execs won't
// be short some fd's in the child.
if (-1 != _socket && -1 == fcntl(_socket, F_SETFD, 1)) {
_tt_syslog( 0, LOG_ERR, "_Tt_db_client::connectToDb(): "
"fcntl(F_SETFD): %m");
}
return dbConnectionResults;
}
int
yp_update(char *domain, char *map, unsigned op, char *key, int keylen,
char *data, int datalen)
{
struct ypupdate_args args;
uint_t rslt;
struct timeval total;
CLIENT *client;
char *ypmaster;
char ypmastername[MAXNETNAMELEN+1];
enum clnt_stat stat;
uint_t proc;
switch (op) {
case YPOP_DELETE:
proc = YPU_DELETE;
break;
case YPOP_INSERT:
proc = YPU_INSERT;
break;
case YPOP_CHANGE:
proc = YPU_CHANGE;
break;
case YPOP_STORE:
proc = YPU_STORE;
break;
default:
return (YPERR_BADARGS);
}
if (yp_master(domain, map, &ypmaster) != 0) {
debug("no master found");
return (YPERR_BADDB);
}
client = clnt_create(ypmaster, YPU_PROG, YPU_VERS, "circuit_n");
if (client == NULL) {
#ifdef DEBUG
/* CONSTCOND */
if (debugging) {
clnt_pcreateerror("client create failed");
}
#endif /* DEBUG */
free(ypmaster);
return (YPERR_RPC);
}
if (!host2netname(ypmastername, ypmaster, domain)) {
clnt_destroy(client);
free(ypmaster);
return (YPERR_BADARGS);
}
client->cl_auth = authdes_seccreate(ypmastername, WINDOW,
ypmaster, NULL);
free(ypmaster);
if (client->cl_auth == NULL) {
debug("auth create failed");
clnt_destroy(client);
return (YPERR_RPC);
}
args.mapname = map;
args.key.yp_buf_len = keylen;
args.key.yp_buf_val = key;
args.datum.yp_buf_len = datalen;
args.datum.yp_buf_val = data;
total.tv_sec = TOTAL_TIMEOUT;
total.tv_usec = 0;
clnt_control(client, CLSET_TIMEOUT, (char *)&total);
stat = clnt_call(client, proc,
xdr_ypupdate_args, (char *)&args,
xdr_u_int, (char *)&rslt, total);
if (stat != RPC_SUCCESS) {
#ifdef DEBUG
debug("ypupdate RPC call failed");
/* CONSTCOND */
if (debugging)
clnt_perror(client, "ypupdate call failed");
#endif /* DEBUG */
rslt = YPERR_RPC;
}
auth_destroy(client->cl_auth);
clnt_destroy(client);
return (rslt);
}
