/usr/src/usr.sbin/ypserv/ypserv/ypserv

Bug Summary

File:	src/usr.sbin/ypserv/ypserv/ypserv_proc.c
Warning:	line 829, column 8 Call to function 'vfork' is insecure as it can lead to denial of service situations in the parent process. Replace calls to vfork with calls to the safer 'posix_spawn' function

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name ypserv_proc.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.sbin/ypserv/ypserv/obj -resource-dir /usr/local/lib/clang/13.0.0 -D DAEMON -D OPTDB -I /usr/src/usr.sbin/ypserv/ypserv/../common -I . -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.sbin/ypserv/ypserv/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.sbin/ypserv/ypserv/ypserv_proc.c

1	/* $OpenBSD: ypserv_proc.c,v 1.29 2015/01/16 06:40:23 deraadt Exp $ */
2
3	/*
4	* Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
5	* All rights reserved.
6	*
7	* Redistribution and use in source and binary forms, with or without
8	* modification, are permitted provided that the following conditions
9	* are met:
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in the
14	* documentation and/or other materials provided with the distribution.
15	*
16	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
17	* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26	* SUCH DAMAGE.
27	*/
28
29	#include <rpc/rpc.h>
30	#include <rpcsvc/yp.h>
31	#include "ypv1.h"
32	#include <rpcsvc/ypclnt.h>
33	#include <sys/stat.h>
34	#include <sys/socket.h>
35	#include <netinet/in.h>
36	#include <arpa/inet.h>
37	#include "ypdb.h"
38	#include "acl.h"
39	#include <fcntl.h>
40	#include <dirent.h>
41	#include <stdio.h>
42	#include <string.h>
43	#include <unistd.h>
44	#include <stdlib.h>
45	#include "yplog.h"
46	#include "ypdef.h"
47	#include "ypserv.h"
48
49	#ifdef DEBUG
50	#define YPLOGif (!ok) yplog yplog
51	#else /* DEBUG */
52	#define YPLOGif (!ok) yplog if (!ok) yplog
53	#endif /* DEBUG */
54
55	static char *True = "true";
56	static char *False = "FALSE";
57	#define TORF(N)((N) ? True : False) ((N) ? True : False)
58
59	/ARGSUSED/
60	void *
61	ypproc_null_2_svc(void argp, struct svc_req rqstp)
62	{
63	static char *result;
64	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
65	int ok = acl_check_host(&caller->sin_addr);
66
67	YPLOGif (!ok) yplog("null_2: caller=[%s].%d, auth_ok=%s",
68	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False));
69
70	if (!ok) {
71	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
72	return(NULL0);
73	}
74
75	result = NULL0;
76	return ((void *)&result);
77	}
78
79	bool_tint32_t *
80	ypproc_domain_2_svc(domainname argp, struct svc_req rqstp)
81	{
82	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
83	int ok = acl_check_host(&caller->sin_addr);
84	static char domain_path[PATH_MAX1024];
85	static bool_tint32_t result;
86	struct stat finfo;
87
88	if (strchr(*argp, '/'))
89	goto bail;
90	snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH"/var/yp", *argp);
91	result = (bool_tint32_t) ((stat(domain_path, &finfo) == 0) &&
92	S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000));
93
94	YPLOGif (!ok) yplog("domain_2: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
95	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
96	TORF(ok)((ok) ? True : False), *argp, TORF(result)((result) ? True : False));
97
98	if (!ok) {
99	bail:
100	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
101	return(NULL0);
102	}
103	return (&result);
104	}
105
106	bool_tint32_t *
107	ypproc_domain_nonack_2_svc(domainname argp, struct svc_req rqstp)
108	{
109	static bool_tint32_t result; /* is domain served? */
110	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
111	int ok = acl_check_host(&caller->sin_addr);
112	static char domain_path[PATH_MAX1024];
113	struct stat finfo;
114
115	if (strchr(*argp, '/'))
116	goto bail;
117	snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH"/var/yp", *argp);
118	result = (bool_tint32_t) ((stat(domain_path, &finfo) == 0) &&
119	S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000));
120
121	YPLOGif (!ok) yplog("domain_nonack_2: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
122	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
123	*argp, TORF(result)((result) ? True : False));
124
125	if (!ok) {
126	bail:
127	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
128	return(NULL0);
129	}
130
131	if (!result)
132	return(NULL0); /* don't send nack */
133	return (&result);
134	}
135
136	ypresp_val *
137	ypproc_match_2_svc(ypreq_key argp, struct svc_req rqstp)
138	{
139	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
140	int ok = acl_check_host(&caller->sin_addr);
141	int secure = ypdb_secure(argp->domain, argp->map);
142	static ypresp_val res;
143
144	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
145	goto bail;
146	YPLOGif (!ok) yplog("match_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
147	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
148	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
149	argp->domain, argp->map, argp->key.keydat_len, argp->key.keydat_val);
150
151	if (!ok) {
152	bail:
153	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
154	return(NULL0);
155	}
156
157	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
158	res.stat = YP_YPERR;
159	} else {
160	res = ypdb_get_record(argp->domain, argp->map, argp->key, TRUE(1));
161	}
162
163	#ifdef DEBUG
164	yplog(" match2_status: %s", yperr_string(ypprot_err(res.stat)));
165	#endif
166	return (&res);
167	}
168
169	ypresp_key_val *
170	ypproc_first_2_svc(ypreq_nokey argp, struct svc_req rqstp)
171	{
172	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
173	int ok = acl_check_host(&caller->sin_addr);
174	int secure = ypdb_secure(argp->domain, argp->map);
175	static ypresp_key_val res;
176
177	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
178	goto bail;
179	YPLOGif (!ok) yplog( "first_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
180	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
181	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False), argp->domain, argp->map);
182	if (!ok) {
183	bail:
184	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
185	return(NULL0);
186	}
187
188	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
189	res.stat = YP_YPERR;
190	} else {
191	res = ypdb_get_first(argp->domain, argp->map,FALSE(0));
192	}
193
194	#ifdef DEBUG
195	yplog(" first2_status: %s", yperr_string(ypprot_err(res.stat)));
196	#endif
197	return (&res);
198	}
199
200	ypresp_key_val *
201	ypproc_next_2_svc(ypreq_key argp, struct svc_req rqstp)
202	{
203	static ypresp_key_val res;
204	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
205	int ok = acl_check_host(&caller->sin_addr);
206	int secure = ypdb_secure(argp->domain, argp->map);
207
208	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
209	goto bail;
210	YPLOGif (!ok) yplog("next_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
211	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
212	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
213	argp->domain, argp->map, argp->key.keydat_len, argp->key.keydat_val);
214
215	if (!ok) {
216	bail:
217	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
218	return(NULL0);
219	}
220
221	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
222	res.stat = YP_YPERR;
223	} else {
224	res = ypdb_get_next(argp->domain, argp->map, argp->key,FALSE(0));
225	}
226
227	#ifdef DEBUG
228	yplog(" next2_status: %s", yperr_string(ypprot_err(res.stat)));
229	#endif
230	return (&res);
231	}
232
233	ypresp_xfr *
234	ypproc_xfr_2_svc(ypreq_xfr argp, struct svc_req rqstp)
235	{
236	static ypresp_xfr res;
237	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
238	int ok = acl_check_host(&caller->sin_addr);
239	pid_t pid;
240	char tid[11], prog[11], port[11];
241	char ypxfr_proc[] = YPXFR_PROC"/usr/sbin/ypxfr", *ipadd;
242
243	bzero(&res, sizeof(res));
244
245	YPLOGif (!ok) yplog("xfr_2: caller=[%s].%d, auth_ok=%s, domain=%s, tid=%d, prog=%d",
246	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
247	argp->map_parms.domain, argp->transid, argp->prog);
248	YPLOGif (!ok) yplog(" ipadd=%s, port=%d, map=%s", inet_ntoa(caller->sin_addr),
249	argp->port, argp->map_parms.map);
250
251	if (strchr(argp->map_parms.domain, '/') \|\|
252	strchr(argp->map_parms.map, '/') \|\|
253	ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024) {
254	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
255	return(NULL0);
256	}
257
258	snprintf(tid, sizeof(tid), "%d", argp->transid);
259	snprintf(prog, sizeof(prog), "%d", argp->prog);
260	snprintf(port, sizeof(port), "%d", argp->port);
261	ipadd = inet_ntoa(caller->sin_addr);
262
263	pid = vfork();
264	if (pid == -1) {
265	svcerr_systemerr(rqstp->rq_xprt);
266	return(NULL0);
267	}
268	if (pid == 0) {
269	execl(ypxfr_proc, "ypxfr", "-d", argp->map_parms.domain,
270	"-C", tid, prog, ipadd, port, argp->map_parms.map, (char *)NULL0);
271	_exit(1);
272	}
273	/*
274	* XXX: fill in res
275	*/
276	return (&res);
277	}
278
279	/ARGSUSED/
280	void *
281	ypproc_clear_2_svc(void argp, struct svc_req rqstp)
282	{
283	static char *res;
284	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
285	int ok = acl_check_host(&caller->sin_addr);
286
287	YPLOGif (!ok) yplog( "clear_2: caller=[%s].%d, auth_ok=%s, opt=%s",
288	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
289	#ifdef OPTDB1
290	True
291	#else
292	False
293	#endif
294	);
295
296	if (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)
297	ok = FALSE(0);
298
299	if (!ok) {
300	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
301	return(NULL0);
302	}
303
304	res = NULL0;
305
306	#ifdef OPTDB1
307	ypdb_close_all();
308	#endif
309	return ((void *)&res);
310	}
311
312	ypresp_all *
313	ypproc_all_2_svc(ypreq_nokey argp, struct svc_req rqstp)
314	{
315	static ypresp_all res;
316	pid_t pid;
317	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
318	int ok = acl_check_host(&caller->sin_addr);
319	int secure = ypdb_secure(argp->domain, argp->map);
320
321	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
322	goto bail;
323	YPLOGif (!ok) yplog( "all_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
324	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
325	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False), argp->domain, argp->map);
326
327	if (!ok) {
328	bail:
329	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
330	return(NULL0);
331	}
332	bzero(&res, sizeof(res));
333
334	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
335	res.ypresp_all_u.val.stat = YP_YPERR;
336	return(&res);
337	}
338
339	pid = fork();
340	if (pid) {
341	if (pid == -1) {
342	/* XXXCDC An error has occurred */
343	}
344	return(NULL0); /* PARENT: continue */
345	}
346	/* CHILD: send result, then exit */
347
348	if (!svc_sendreply(rqstp->rq_xprt, ypdb_xdr_get_all, (char *)argp)) {
349	svcerr_systemerr(rqstp->rq_xprt);
350	}
351	exit(0);
352	}
353
354	ypresp_master *
355	ypproc_master_2_svc(ypreq_nokey argp, struct svc_req rqstp)
356	{
357	static ypresp_master res;
358	static peername nopeer = "";
359	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
360	int ok = acl_check_host(&caller->sin_addr);
361	int secure = ypdb_secure(argp->domain, argp->map);
362
363	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
364	goto bail;
365	YPLOGif (!ok) yplog( "master_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
366	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
367	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False), argp->domain, argp->map);
368
369	if (!ok) {
370	bail:
371	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
372	return(NULL0);
373	}
374
375	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
376	res.stat = YP_YPERR;
377	} else {
378	res = ypdb_get_master(argp->domain, argp->map);
379	}
380
381	#ifdef DEBUG
382	yplog(" master2_status: %s", yperr_string(ypprot_err(res.stat)));
383	#endif
384
385	/*
386	* This code was added because a yppoll <unknown-domain>
387	* from a sun crashed the server in xdr_string, trying
388	* to access the peer through a NULL-pointer. yppoll in
389	* this server start asking for order. If order is ok
390	* then it will ask for master. SunOS 4 asks for both
391	* always. I'm not sure this is the best place for the
392	* fix, but for now it will do. xdr_peername or
393	* xdr_string in ypserv_xdr.c may be a better place?
394	*/
395	if (res.peer == NULL0)
396	res.peer = nopeer;
397	return (&res);
398	}
399
400
401	ypresp_order *
402	ypproc_order_2_svc(ypreq_nokey argp, struct svc_req rqstp)
403	{
404	static ypresp_order res;
405	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
406	int ok = acl_check_host(&caller->sin_addr);
407	int secure = ypdb_secure(argp->domain, argp->map);
408
409	if (strchr(argp->domain, '/'))
410	goto bail;
411	YPLOGif (!ok) yplog( "order_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
412	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
413	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False), argp->domain, argp->map);
414
415	if (!ok) {
416	bail:
417	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
418	return(NULL0);
419	}
420
421	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
422	res.stat = YP_YPERR;
423	} else if (strchr(argp->map, '/')) {
424	res.stat = YP_NOMAP;
425	} else {
426	res = ypdb_get_order(argp->domain, argp->map);
427	}
428
429	#ifdef DEBUG
430	yplog(" order2_status: %s", yperr_string(ypprot_err(res.stat)));
431	#endif
432	return (&res);
433	}
434
435
436	ypresp_maplist *
437	ypproc_maplist_2_svc(domainname argp, struct svc_req rqstp)
438	{
439	static ypresp_maplist res;
440	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
441	int ok = acl_check_host(&caller->sin_addr);
442	static char domain_path[PATH_MAX1024];
443	struct stat finfo;
444	DIR *dirp = NULL0;
445	struct dirent *dp;
446	char *suffix;
447	ypstat status;
448	struct ypmaplist *m;
449	char *map_name;
450
451	if (strchr(*argp, '/'))
452	goto bail;
453	YPLOGif (!ok) yplog("maplist_2: caller=[%s].%d, auth_ok=%s, domain=%s",
454	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
455	*argp);
456
457	if (!ok) {
458	bail:
459	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
460	return(NULL0);
461	}
462
463	bzero(&res, sizeof(res));
464	snprintf(domain_path, sizeof domain_path, "%s/%s", YP_DB_PATH"/var/yp", *argp);
465
466	status = YP_TRUE;
467	res.maps = NULL0;
468
469	if (!((stat(domain_path, &finfo) == 0) && S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000)))
470	status = YP_NODOM;
471
472	if (status >= 0) {
473	if ((dirp = opendir(domain_path)) == NULL0)
474	status = YP_NODOM;
475	}
476
477	if (status >= 0) {
478	for (dp = readdir(dirp); dp != NULL0; dp = readdir(dirp)) {
479	if ((!strcmp(dp->d_name, ".")) \|\|
480	((!strcmp(dp->d_name, ".."))) \|\|
481	(dp->d_namlen < 4))
482	continue;
483	suffix = (char *) &dp->d_name[dp->d_namlen-3];
484	if (strcmp(suffix, ".db") == 0) {
485	if ((m = malloc(sizeof(struct ypmaplist))) == NULL0) {
486	status = YP_YPERR;
487	break;
488	}
489
490	if ((map_name = malloc(dp->d_namlen - 2)) == NULL0) {
491	free(m);
492	status = YP_YPERR;
493	break;
494	}
495
496	m->next = res.maps;
497	m->map = map_name;
498	res.maps = m;
499	strncpy(map_name, dp->d_name, dp->d_namlen - 3);
500	m->map[dp->d_namlen - 3] = '\0';
501	}
502	}
503	}
504	if (dirp != NULL0)
505	closedir(dirp);
506
507	res.stat = status;
508	#ifdef DEBUG
509	yplog(" maplist_status: %s", yperr_string(ypprot_err(res.stat)));
510	#endif
511	return (&res);
512	}
513
514	/ARGSUSED/
515	void *
516	ypoldproc_null_1_svc(void argp, struct svc_req rqstp)
517	{
518	static char *result;
519	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
520	int ok = acl_check_host(&caller->sin_addr);
521
522	YPLOGif (!ok) yplog("null_1: caller=[%s].%d, auth_ok=%s",
523	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False));
524
525	if (!ok) {
526	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
527	return(NULL0);
528	}
529
530	result = NULL0;
531
532	return ((void *)&result);
533	}
534
535	bool_tint32_t *
536	ypoldproc_domain_1_svc(domainname argp, struct svc_req rqstp)
537	{
538	static bool_tint32_t result; /* is domain_served? */
539	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
540	int ok = acl_check_host(&caller->sin_addr);
541	static char domain_path[PATH_MAX1024];
542	struct stat finfo;
543
544	if (strchr(*argp, '/'))
545	goto bail;
546	snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH"/var/yp", *argp);
547	result = (bool_tint32_t) ((stat(domain_path, &finfo) == 0) &&
548	S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000));
549
550	YPLOGif (!ok) yplog("domain_1: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
551	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
552	TORF(ok)((ok) ? True : False), *argp, TORF(result)((result) ? True : False));
553
554	if (!ok) {
555	bail:
556	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
557	return(NULL0);
558	}
559
560	return (&result);
561	}
562
563	bool_tint32_t *
564	ypoldproc_domain_nonack_1_svc(domainname argp, struct svc_req rqstp)
565	{
566	static bool_tint32_t result; /* is domain served? */
567	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
568	int ok = acl_check_host(&caller->sin_addr);
569	static char domain_path[PATH_MAX1024];
570	struct stat finfo;
571
572	if (strchr(*argp, '/'))
573	goto bail;
574	snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH"/var/yp", *argp);
575	result = (bool_tint32_t) ((stat(domain_path, &finfo) == 0) &&
576	S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000));
577
578	YPLOGif (!ok) yplog(
579	"domain_nonack_1: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
580	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
581	*argp, TORF(result)((result) ? True : False));
582
583	if (!ok) {
584	bail:
585	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
586	return(NULL0);
587	}
588
589	if (!result) {
590	return(NULL0); /* don't send nack */
591	}
592
593	return (&result);
594	}
595
596	ypresponse *
597	ypoldproc_match_1_svc(yprequest argp, struct svc_req rqstp)
598	{
599	static ypresponse res;
600	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
601	int ok = acl_check_host(&caller->sin_addr);
602	int secure;
603
604	if (strchr(argp->ypmatch_req_domainyprequest_u.yp_req_keytype.domain, '/') \|\|
605	strchr(argp->ypmatch_req_mapyprequest_u.yp_req_keytype.map, '/'))
606	goto bail;
607	res.yp_resptype = YPMATCH_RESPTYPEYPRESP_VAL;
608	res.ypmatch_resp_valptrypresponse_u.yp_resp_valtype.val.valdat_val = "";
609	res.ypmatch_resp_valsizeypresponse_u.yp_resp_valtype.val.valdat_len = 0;
610
611	if (argp->yp_reqtype != YPMATCH_REQTYPEYPREQ_KEY) {
612	res.ypmatch_resp_statusypresponse_u.yp_resp_valtype.stat = YP_BADARGS;
613	return(&res);
614	}
615
616	secure = ypdb_secure(argp->ypmatch_req_domainyprequest_u.yp_req_keytype.domain, argp->ypmatch_req_mapyprequest_u.yp_req_keytype.map);
617
618	YPLOGif (!ok) yplog(
619	"match_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
620	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
621	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
622	argp->ypmatch_req_domainyprequest_u.yp_req_keytype.domain, argp->ypmatch_req_mapyprequest_u.yp_req_keytype.map,
623	argp->ypmatch_req_keysizeyprequest_u.yp_req_keytype.key.keydat_len, argp->ypmatch_req_keyptryprequest_u.yp_req_keytype.key.keydat_val);
624
625	if (!ok) {
626	bail:
627	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
628	return(NULL0);
629	}
630
631	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
632	res.ypmatch_resp_statusypresponse_u.yp_resp_valtype.stat = YP_YPERR;
633	} else {
634	res.ypmatch_resp_valypresponse_u.yp_resp_valtype = ypdb_get_record(
635	argp->ypmatch_req_domainyprequest_u.yp_req_keytype.domain, argp->ypmatch_req_mapyprequest_u.yp_req_keytype.map,
636	argp->ypmatch_req_keydatyprequest_u.yp_req_keytype.key, TRUE(1));
637	}
638
639	#ifdef DEBUG
640	yplog(" match1_status: %s",
641	yperr_string(ypprot_err(res.ypmatch_resp_statusypresponse_u.yp_resp_valtype.stat)));
642	#endif
643
644	return (&res);
645	}
646
647	ypresponse *
648	ypoldproc_first_1_svc(yprequest argp, struct svc_req rqstp)
649	{
650	static ypresponse res;
651	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
652	int ok = acl_check_host(&caller->sin_addr);
653	int secure;
654
655	if (strchr(argp->ypfirst_req_domainyprequest_u.yp_req_nokeytype.domain, '/') \|\|
656	strchr(argp->ypfirst_req_mapyprequest_u.yp_req_nokeytype.map, '/'))
657	goto bail;
658	res.yp_resptype = YPFIRST_RESPTYPEYPRESP_KEY_VAL;
659	res.ypfirst_resp_valptrypresponse_u.yp_resp_key_valtype.val.valdat_val = res.ypfirst_resp_keyptrypresponse_u.yp_resp_key_valtype.key.keydat_val = "";
660	res.ypfirst_resp_valsizeypresponse_u.yp_resp_key_valtype.val.valdat_len = res.ypfirst_resp_keysizeypresponse_u.yp_resp_key_valtype.key.keydat_len = 0;
661
662	if (argp->yp_reqtype != YPREQ_NOKEY) {
663	res.ypfirst_resp_statusypresponse_u.yp_resp_key_valtype.stat = YP_BADARGS;
664	return(&res);
665	}
666
667	secure = ypdb_secure(argp->ypfirst_req_domainyprequest_u.yp_req_nokeytype.domain, argp->ypfirst_req_mapyprequest_u.yp_req_nokeytype.map);
668
669	YPLOGif (!ok) yplog( "first_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
670	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
671	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
672	argp->ypfirst_req_domainyprequest_u.yp_req_nokeytype.domain, argp->ypfirst_req_mapyprequest_u.yp_req_nokeytype.map);
673
674	if (!ok) {
675	bail:
676	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
677	return(NULL0);
678	}
679
680	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
681	res.ypfirst_resp_statusypresponse_u.yp_resp_key_valtype.stat = YP_YPERR;
682	} else {
683	res.ypfirst_resp_valypresponse_u.yp_resp_key_valtype = ypdb_get_first(
684	argp->ypfirst_req_domainyprequest_u.yp_req_nokeytype.domain, argp->ypfirst_req_mapyprequest_u.yp_req_nokeytype.map, FALSE(0));
685	}
686
687	#ifdef DEBUG
688	yplog(" first1_status: %s",
689	yperr_string(ypprot_err(res.ypfirst_resp_statusypresponse_u.yp_resp_key_valtype.stat)));
690	#endif
691
692	return (&res);
693	}
694
695	ypresponse *
696	ypoldproc_next_1_svc(yprequest argp, struct svc_req rqstp)
697	{
698	static ypresponse res;
699	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
700	int ok = acl_check_host(&caller->sin_addr);
701	int secure;
702
703	if (strchr(argp->ypnext_req_domainyprequest_u.yp_req_keytype.domain, '/') \|\|
704	strchr(argp->ypnext_req_mapyprequest_u.yp_req_keytype.map, '/'))
705	goto bail;
706	res.yp_resptype = YPNEXT_RESPTYPEYPRESP_KEY_VAL;
707	res.ypnext_resp_valptrypresponse_u.yp_resp_key_valtype.val.valdat_val = res.ypnext_resp_keyptrypresponse_u.yp_resp_key_valtype.key.keydat_val = "";
708	res.ypnext_resp_valsizeypresponse_u.yp_resp_key_valtype.val.valdat_len = res.ypnext_resp_keysizeypresponse_u.yp_resp_key_valtype.key.keydat_len = 0;
709
710	if (argp->yp_reqtype != YPNEXT_REQTYPEYPREQ_KEY) {
711	res.ypnext_resp_statusypresponse_u.yp_resp_key_valtype.stat = YP_BADARGS;
712	return(&res);
713	}
714
715	secure = ypdb_secure(argp->ypnext_req_domainyprequest_u.yp_req_keytype.domain, argp->ypnext_req_mapyprequest_u.yp_req_keytype.map);
716
717	YPLOGif (!ok) yplog(
718	"next_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
719	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
720	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
721	argp->ypnext_req_domainyprequest_u.yp_req_keytype.domain, argp->ypnext_req_mapyprequest_u.yp_req_keytype.map,
722	argp->ypnext_req_keysizeyprequest_u.yp_req_keytype.key.keydat_len, argp->ypnext_req_keyptryprequest_u.yp_req_keytype.key.keydat_val);
723
724	if (!ok) {
725	bail:
726	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
727	return(NULL0);
728	}
729
730	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
731	res.ypnext_resp_statusypresponse_u.yp_resp_key_valtype.stat = YP_YPERR;
732	} else {
733	res.ypnext_resp_valypresponse_u.yp_resp_key_valtype = ypdb_get_next(
734	argp->ypnext_req_domainyprequest_u.yp_req_keytype.domain, argp->ypnext_req_mapyprequest_u.yp_req_keytype.map,
735	argp->ypnext_req_keydatyprequest_u.yp_req_keytype.key, FALSE(0));
736	}
737
738	#ifdef DEBUG
739	yplog(" next1_status: %s",
740	yperr_string(ypprot_err(res.ypnext_resp_statusypresponse_u.yp_resp_key_valtype.stat)));
741	#endif
742
743	return (&res);
744	}
745
746	ypresponse *
747	ypoldproc_poll_1_svc(yprequest argp, struct svc_req rqstp)
748	{
749	static ypresponse res;
750	ypresp_order order;
751	ypresp_master master;
752	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
753	int ok = acl_check_host(&caller->sin_addr);
754	int secure;
755
756	if (strchr(argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain, '/') \|\|
757	strchr(argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map, '/'))
758	goto bail;
759	res.yp_resptype = YPPOLL_RESPTYPEYPRESP_MAP_PARMS;
760	res.yppoll_resp_domainypresponse_u.yp_resp_map_parmstype.domain = argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain;
761	res.yppoll_resp_mapypresponse_u.yp_resp_map_parmstype.map = argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map;
762	res.yppoll_resp_ordernumypresponse_u.yp_resp_map_parmstype.ordernum = 0;
763	res.yppoll_resp_ownerypresponse_u.yp_resp_map_parmstype.peer = "";
764
765	if (argp->yp_reqtype != YPPOLL_REQTYPEYPREQ_NOKEY) {
766	return(&res);
767	}
768
769	secure = ypdb_secure(argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map);
770
771	YPLOGif (!ok) yplog( "poll_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
772	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
773	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
774	argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map);
775
776	if (!ok) {
777	bail:
778	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
779	return(NULL0);
780	}
781
782	if (!(secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024))) {
783	order = ypdb_get_order(argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain,
784	argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map);
785	master = ypdb_get_master(argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain,
786	argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map);
787	res.yppoll_resp_ordernumypresponse_u.yp_resp_map_parmstype.ordernum = order.ordernum;
788	res.yppoll_resp_ownerypresponse_u.yp_resp_map_parmstype.peer = master.peer;
789	}
790
791	#ifdef DEBUG
792	yplog(" poll1_status: %s", "none");
793	#endif
794	return (&res);
795	}
796
797	void *
798	ypoldproc_push_1_svc(yprequest argp, struct svc_req rqstp)
799	{
800	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
801	int ok = acl_check_host(&caller->sin_addr);
802	int secure;
803	pid_t pid;
804	char yppush_proc[] = YPPUSH_PROC"/usr/sbin/yppush";
805
806	if (strchr(argp->yppush_req_domainyprequest_u.yp_req_nokeytype.domain, '/') \|\|
807	strchr(argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map, '/'))
808	goto bail;
809	if (argp->yp_reqtype != YPPUSH_REQTYPEYPREQ_NOKEY) {
810	return(NULL0);
811	}
812
813	secure = ypdb_secure(argp->yppush_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map);
814
815	YPLOGif (!ok) yplog( "push_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
816	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
817	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
818	argp->yppush_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map);
819
820	if (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)
821	ok = FALSE(0);
822
823	if (!ok) {
824	bail:
825	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
826	return(NULL0);
827	}
828
829	pid = vfork();
	Call to function 'vfork' is insecure as it can lead to denial of service situations in the parent process. Replace calls to vfork with calls to the safer 'posix_spawn' function
830	if (pid == -1) {
831	svcerr_systemerr(rqstp->rq_xprt);
832	return(NULL0);
833	}
834	if (pid == 0) {
835	execl(yppush_proc, "yppush", "-d", argp->yppush_req_domainyprequest_u.yp_req_nokeytype.domain,
836	argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map, (char *)NULL0);
837	_exit(1);
838	}
839	return (NULL0);
840	}
841
842	void *
843	ypoldproc_pull_1_svc(yprequest argp, struct svc_req rqstp)
844	{
845	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
846	int ok = acl_check_host(&caller->sin_addr);
847	int secure;
848	pid_t pid;
849	char ypxfr_proc[] = YPXFR_PROC"/usr/sbin/ypxfr";
850
851	if (strchr(argp->yppull_req_domainyprequest_u.yp_req_nokeytype.domain, '/') \|\|
852	strchr(argp->yppull_req_mapyprequest_u.yp_req_nokeytype.map, '/'))
853	goto bail;
854	if (argp->yp_reqtype != YPPULL_REQTYPEYPREQ_NOKEY) {
855	return(NULL0);
856	}
857
858	secure = ypdb_secure(argp->yppull_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppull_req_mapyprequest_u.yp_req_nokeytype.map);
859
860	YPLOGif (!ok) yplog( "pull_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
861	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
862	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
863	argp->yppull_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppull_req_mapyprequest_u.yp_req_nokeytype.map);
864
865	if (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)
866	ok = FALSE(0);
867
868	if (!ok) {
869	bail:
870	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
871	return(NULL0);
872	}
873
874	pid = vfork();
875	if (pid == -1) {
876	svcerr_systemerr(rqstp->rq_xprt);
877	return(NULL0);
878	}
879	if (pid == 0) {
880	execl(ypxfr_proc, "ypxfr", "-d", argp->yppull_req_domainyprequest_u.yp_req_nokeytype.domain,
881	argp->yppull_req_mapyprequest_u.yp_req_nokeytype.map, (char *)NULL0);
882	_exit(1);
883	}
884	return (NULL0);
885	}
886
887	void *
888	ypoldproc_get_1_svc(yprequest argp, struct svc_req rqstp)
889	{
890	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
891	int ok = acl_check_host(&caller->sin_addr);
892	int secure;
893	pid_t pid;
894	char ypxfr_proc[] = YPXFR_PROC"/usr/sbin/ypxfr";
895
896	if (strchr(argp->ypget_req_domainyprequest_u.yp_req_map_parmstype.domain, '/') \|\|
897	strchr(argp->ypget_req_mapyprequest_u.yp_req_map_parmstype.map, '/'))
898	goto bail;
899	if (argp->yp_reqtype != YPGET_REQTYPEYPREQ_MAP_PARMS)
900	return(NULL0);
901
902	secure = ypdb_secure(argp->ypget_req_domainyprequest_u.yp_req_map_parmstype.domain, argp->ypget_req_mapyprequest_u.yp_req_map_parmstype.map);
903
904	YPLOGif (!ok) yplog( "get_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, owner=%s",
905	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
906	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
907	argp->ypget_req_domainyprequest_u.yp_req_map_parmstype.domain, argp->ypget_req_mapyprequest_u.yp_req_map_parmstype.map,
908	argp->ypget_req_owneryprequest_u.yp_req_map_parmstype.peer);
909
910	if (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)
911	ok = FALSE(0);
912
913	if (!ok) {
914	bail:
915	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
916	return(NULL0);
917	}
918
919	pid = vfork();
920	if (pid == -1) {
921	svcerr_systemerr(rqstp->rq_xprt);
922	return(NULL0);
923	}
924	if (pid == 0) {
925	execl(ypxfr_proc, "ypxfr", "-d", argp->ypget_req_domainyprequest_u.yp_req_map_parmstype.domain, "-h",
926	argp->ypget_req_owneryprequest_u.yp_req_map_parmstype.peer, argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map, (char *)NULL0);
927	_exit(1);
928	}
929	return (NULL0);
930	}