Add securenets support (uses same access control mechanism as ypserv,

also controlled by /var/yp/securenets).

Add -u flag to turn off the privileged port check done by yp_access();
some commercial systems (IRIX, Solaris 2.x, HP-UX, and probably others)
don't use a reserved port for submitting yppasswd updates. If we always
enforce the check, these client systems will be unable to submit updates
to us.

Document securenets support and -u flag in man page.

Like ypserv, you can compile rpc.yppasswdd to use the tcpwrapper package
instead of securenets if you want to.

usr.sbin/rpc.yppasswdd/Makefile

@@ -1,8 +1,8 @@
-# $Id: Makefile,v 1.3 1996/02/11 02:46:48 wpaul Exp $
+# $Id: Makefile,v 1.1.1.1 1996/02/12 15:09:01 wpaul Exp $
 
 PROG=	rpc.yppasswdd
 SRCS=	pw_copy.c pw_util.c yppasswd_svc.c yp_error.c ypxfr_misc.c \
-	yp_clnt.c yp_dblookup.c yppasswd_private_xdr.c \
+	yp_clnt.c yp_dblookup.c yp_access.c yppasswd_private_xdr.c \
 	util.c yppasswdd_server.c yppasswd_comm.c yppasswdd_main.c
 
 .PATH:	${.CURDIR}/../../usr.sbin/ypserv ${.CURDIR}/../../usr.bin/chpass \

usr.sbin/rpc.yppasswdd/rpc.yppasswdd.8

@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$Id: rpc.yppasswdd.8,v 1.3 1996/02/12 14:44:15 wpaul Exp $
+.\"	$Id: rpc.yppasswdd.8,v 1.5 1996/02/24 21:41:47 wpaul Exp $
 .\"
 .Dd February 8, 1996
 .Dt RPC.YPPASSWDD 8
@@ -46,6 +46,7 @@
 .Op Fl a
 .Op Fl m
 .Op Fl v
+.Op Fl u
 .Op Fl h
 .Sh DESCRIPTION
 The
@@ -80,7 +81,19 @@ or
 commands. (Some administrators don't want users to be able to change their
 full name information or shells; the server can be invoked with option flags
 that disallow such changes.) When the server receives an update request,
-it checks the 'old' password supplied by the user to make sure it's
+it compares the address of the client making the request against the
+.Pa securenets
+rules outlined in
+.Pa /var/yp/securenets .
+(See the
+.Xr ypserv 8
+manual page for more information on securenets; the
+.Nm rpc.yppasswdd
+server uses the same access control mechanism as
+.Xr ypserv 8 .)
+.Pp
+The server then
+checks the 'old' password supplied by the user to make sure it's
 valid, then performs some sanity checks on the updated information (these
 include checking for embedded control characters, colons or invalid shells).
 Once it is satisfied that the update request is valid, the server modifies
@@ -229,6 +242,31 @@ updates for the super-user on the NIS master server. Running the server
 with the
 .Fl v
 flag will cause it to log informational messages for all updates.
+.It Fl u
+Many commercial
+.Xr yppasswd 1
+clients do not use a reserved port when sending requests to
+.Nm rpc.yppasswdd .
+This is either because the
+.Xr yppasswd 1
+program is not installed set-uid root, or because the RPC
+implementation does not place any emphasis on binding to reserved
+ports when establishing client connections for the super-user.
+By default,
+.Nm rpc.yppasswdd
+expects to receive requests from clients using reserved ports; requests
+received from non-privileged ports are rejected. Unfortunately, this
+behavior prevents any client systems that to not use privileged
+ports from sucessfully submitting password updates. Specifying
+the
+.Fl u
+flag to
+.Nm rpc.yppasswdd
+disables the privileged port check so that it will work with
+.Xr yppasswd 1
+clients that don't use privileged ports. This reduces security to
+a certain small degree, but it might be necessary in cases where it
+is not possible to change the client behavior.
 .It Fl h
 Displays the list of flags and options understood by
 .Nm rpc.yppasswdd .

usr.sbin/rpc.yppasswdd/yppasswdd_extern.h

@@ -29,7 +29,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: yppasswdd_extern.h,v 1.4 1996/02/01 04:38:39 wpaul Exp $
+ *	$Id: yppasswdd_extern.h,v 1.5 1996/02/24 21:41:36 wpaul Exp $
  */
 
 #include <sys/types.h>
@@ -65,7 +65,10 @@ extern int	no_chsh;
 extern int	no_chfn;
 extern int	allow_additions;
 extern int	multidomain;
+extern int	resvport;
 extern int	verbose;
 extern int	_rpc_dtablesize __P((void));
 extern void	yp_error __P((const char *, ...));
+extern void	load_securenets __P(( void ));
+extern int      yp_access __P((const char *, const struct svc_req * ));
 extern int	yp_get_record __P(( const char *, const char *, const DBT *, DBT *, int));

usr.sbin/rpc.yppasswdd/yppasswdd_main.c

@@ -29,7 +29,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: yppasswdd_main.c,v 1.8 1996/02/09 04:21:35 wpaul Exp $
+ *	$Id: yppasswdd_main.c,v 1.10 1996/02/24 21:41:15 wpaul Exp $
  */
 
 #include "yppasswd.h"
@@ -72,7 +72,7 @@ struct dom_binding {};
 
 #define	_RPCSVC_CLOSEDOWN 120
 #ifndef lint
-static const char rcsid[] = "$Id: yppasswdd_main.c,v 1.8 1996/02/09 04:21:35 wpaul Exp $";
+static const char rcsid[] = "$Id: yppasswdd_main.c,v 1.10 1996/02/24 21:41:15 wpaul Exp $";
 #endif /* not lint */
 int _rpcpmstart = 0;		/* Started by a port monitor ? */
 static int _rpcfdtype;
@@ -93,6 +93,7 @@ int no_chfn = 0;
 int allow_additions = 0;
 int multidomain = 0;
 int verbose = 0;
+int resvport = 1;
 char *yp_dir = "/var/yp/";
 int yp_sock;
 
@@ -145,7 +146,13 @@ static void terminate(sig)
 	unlink(sockname);
 	exit(0);
 }
-	
+
+static void reload(sig)
+	int sig;
+{
+	load_securenets();
+}
+
 static void
 closedown(int sig)
 {
@@ -181,7 +188,7 @@ closedown(int sig)
 static void usage()
 {
 	fprintf(stderr, "Usage: %s [-t master.passwd file] [-d domain] \
-[-p path] [-s] [-f] [-m] [-a] [-v] [-h]\n",
+[-p path] [-s] [-f] [-m] [-a] [-v] [-u] [-h]\n",
 		progname);
 	exit(1);
 }
@@ -230,6 +237,9 @@ main(argc, argv)
 		case 'v':
 			verbose++;
 			break;
+		case 'u':
+			resvport = 0;
+			break;
 		default:
 		case 'h':
 			usage();
@@ -245,6 +255,8 @@ name isn't set -- aborting");
 		}
 	}
 
+	load_securenets();
+
 	if (getrpcport("localhost", YPPROG, YPVERS, IPPROTO_UDP) <= 0) {
 		yp_error("this host is not an NIS server -- aborting");
 		exit(1);
@@ -266,6 +278,8 @@ name isn't set -- aborting");
 		exit(1);
 	}
 
+	debug = 0;
+
 	if (getsockname(0, (struct sockaddr *)&saddr, &asize) == 0) {
 		int ssize = sizeof (int);
 
@@ -343,13 +357,15 @@ name isn't set -- aborting");
 		(void) signal(SIGALRM, (SIG_PF) closedown);
 		(void) alarm(_RPCSVC_CLOSEDOWN/2);
 	}
-	/* set up resporce limits and block signals */
+	/* set up resource limits and block signals */
 	pw_init();
 
 	/* except SIGCHLD, which we need to catch */
 	install_reaper(1);
 	signal(SIGTERM, (SIG_PF) terminate);
 
+	signal(SIGHUP, (SIG_PF) reload);
+
 	unlink(sockname);
 	yp_sock = makeservsock();
 	if (chmod(sockname, 0))

usr.sbin/rpc.yppasswdd/yppasswdd_server.c

@@ -29,7 +29,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: yppasswdd_server.c,v 1.8 1996/02/09 04:38:19 wpaul Exp $
+ *	$Id: yppasswdd_server.c,v 1.11 1996/02/24 21:41:15 wpaul Exp $
  */
 
 #include <stdio.h>
@@ -60,7 +60,7 @@ struct dom_binding {};
 #include "yppasswd_comm.h"
 
 #ifndef lint
-static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.8 1996/02/09 04:38:19 wpaul Exp $";
+static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.11 1996/02/24 21:41:15 wpaul Exp $";
 #endif /* not lint */
 
 char *tempname;
@@ -338,6 +338,12 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
 
 	rqhost = svc_getcaller(rqstp->rq_xprt);
 
+	if (yp_access(resvport ? "master.passwd.byname" : NULL, rqstp)) {
+		yp_error("rejected update request from unauthorized host");
+		svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED);
+		return(&result);
+	}
+
 	/*
 	 * Step one: find the user. (It's kinda pointless to
 	 * proceed if the user doesn't exist.) We look for the