/usr/src/usr.sbin/ypserv/ypserv/ypserv

Bug Summary

File:	src/usr.sbin/ypserv/ypserv/ypserv_proc.c
Warning:	line 826, column 8 Call to function 'vfork' is insecure as it can lead to denial of service situations in the parent process. Replace calls to vfork with calls to the safer 'posix_spawn' function

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name ypserv_proc.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.sbin/ypserv/ypserv/obj -resource-dir /usr/local/llvm16/lib/clang/16 -D DAEMON -D OPTDB -I /usr/src/usr.sbin/ypserv/ypserv/../common -I . -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.sbin/ypserv/ypserv/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/usr.sbin/ypserv/ypserv/ypserv_proc.c

1	/* $OpenBSD: ypserv_proc.c,v 1.30 2023/03/08 04:43:15 guenther Exp $ */
2
3	/*
4	* Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
5	* All rights reserved.
6	*
7	* Redistribution and use in source and binary forms, with or without
8	* modification, are permitted provided that the following conditions
9	* are met:
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in the
14	* documentation and/or other materials provided with the distribution.
15	*
16	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
17	* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26	* SUCH DAMAGE.
27	*/
28
29	#include <rpc/rpc.h>
30	#include <rpcsvc/yp.h>
31	#include "ypv1.h"
32	#include <rpcsvc/ypclnt.h>
33	#include <sys/stat.h>
34	#include <sys/socket.h>
35	#include <netinet/in.h>
36	#include <arpa/inet.h>
37	#include "ypdb.h"
38	#include "acl.h"
39	#include <fcntl.h>
40	#include <dirent.h>
41	#include <stdio.h>
42	#include <string.h>
43	#include <unistd.h>
44	#include <stdlib.h>
45	#include "yplog.h"
46	#include "ypdef.h"
47	#include "ypserv.h"
48
49	#ifdef DEBUG
50	#define YPLOGif (!ok) yplog yplog
51	#else /* DEBUG */
52	#define YPLOGif (!ok) yplog if (!ok) yplog
53	#endif /* DEBUG */
54
55	static char *True = "true";
56	static char *False = "FALSE";
57	#define TORF(N)((N) ? True : False) ((N) ? True : False)
58
59	void *
60	ypproc_null_2_svc(void argp, struct svc_req rqstp)
61	{
62	static char *result;
63	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
64	int ok = acl_check_host(&caller->sin_addr);
65
66	YPLOGif (!ok) yplog("null_2: caller=[%s].%d, auth_ok=%s",
67	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False));
68
69	if (!ok) {
70	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
71	return(NULL0);
72	}
73
74	result = NULL0;
75	return ((void *)&result);
76	}
77
78	bool_tint32_t *
79	ypproc_domain_2_svc(domainname argp, struct svc_req rqstp)
80	{
81	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
82	int ok = acl_check_host(&caller->sin_addr);
83	static char domain_path[PATH_MAX1024];
84	static bool_tint32_t result;
85	struct stat finfo;
86
87	if (strchr(*argp, '/'))
88	goto bail;
89	snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH"/var/yp", *argp);
90	result = (bool_tint32_t) ((stat(domain_path, &finfo) == 0) &&
91	S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000));
92
93	YPLOGif (!ok) yplog("domain_2: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
94	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
95	TORF(ok)((ok) ? True : False), *argp, TORF(result)((result) ? True : False));
96
97	if (!ok) {
98	bail:
99	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
100	return(NULL0);
101	}
102	return (&result);
103	}
104
105	bool_tint32_t *
106	ypproc_domain_nonack_2_svc(domainname argp, struct svc_req rqstp)
107	{
108	static bool_tint32_t result; /* is domain served? */
109	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
110	int ok = acl_check_host(&caller->sin_addr);
111	static char domain_path[PATH_MAX1024];
112	struct stat finfo;
113
114	if (strchr(*argp, '/'))
115	goto bail;
116	snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH"/var/yp", *argp);
117	result = (bool_tint32_t) ((stat(domain_path, &finfo) == 0) &&
118	S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000));
119
120	YPLOGif (!ok) yplog("domain_nonack_2: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
121	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
122	*argp, TORF(result)((result) ? True : False));
123
124	if (!ok) {
125	bail:
126	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
127	return(NULL0);
128	}
129
130	if (!result)
131	return(NULL0); /* don't send nack */
132	return (&result);
133	}
134
135	ypresp_val *
136	ypproc_match_2_svc(ypreq_key argp, struct svc_req rqstp)
137	{
138	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
139	int ok = acl_check_host(&caller->sin_addr);
140	int secure = ypdb_secure(argp->domain, argp->map);
141	static ypresp_val res;
142
143	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
144	goto bail;
145	YPLOGif (!ok) yplog("match_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
146	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
147	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
148	argp->domain, argp->map, argp->key.keydat_len, argp->key.keydat_val);
149
150	if (!ok) {
151	bail:
152	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
153	return(NULL0);
154	}
155
156	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
157	res.stat = YP_YPERR;
158	} else {
159	res = ypdb_get_record(argp->domain, argp->map, argp->key, TRUE(1));
160	}
161
162	#ifdef DEBUG
163	yplog(" match2_status: %s", yperr_string(ypprot_err(res.stat)));
164	#endif
165	return (&res);
166	}
167
168	ypresp_key_val *
169	ypproc_first_2_svc(ypreq_nokey argp, struct svc_req rqstp)
170	{
171	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
172	int ok = acl_check_host(&caller->sin_addr);
173	int secure = ypdb_secure(argp->domain, argp->map);
174	static ypresp_key_val res;
175
176	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
177	goto bail;
178	YPLOGif (!ok) yplog( "first_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
179	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
180	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False), argp->domain, argp->map);
181	if (!ok) {
182	bail:
183	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
184	return(NULL0);
185	}
186
187	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
188	res.stat = YP_YPERR;
189	} else {
190	res = ypdb_get_first(argp->domain, argp->map,FALSE(0));
191	}
192
193	#ifdef DEBUG
194	yplog(" first2_status: %s", yperr_string(ypprot_err(res.stat)));
195	#endif
196	return (&res);
197	}
198
199	ypresp_key_val *
200	ypproc_next_2_svc(ypreq_key argp, struct svc_req rqstp)
201	{
202	static ypresp_key_val res;
203	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
204	int ok = acl_check_host(&caller->sin_addr);
205	int secure = ypdb_secure(argp->domain, argp->map);
206
207	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
208	goto bail;
209	YPLOGif (!ok) yplog("next_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
210	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
211	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
212	argp->domain, argp->map, argp->key.keydat_len, argp->key.keydat_val);
213
214	if (!ok) {
215	bail:
216	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
217	return(NULL0);
218	}
219
220	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
221	res.stat = YP_YPERR;
222	} else {
223	res = ypdb_get_next(argp->domain, argp->map, argp->key,FALSE(0));
224	}
225
226	#ifdef DEBUG
227	yplog(" next2_status: %s", yperr_string(ypprot_err(res.stat)));
228	#endif
229	return (&res);
230	}
231
232	ypresp_xfr *
233	ypproc_xfr_2_svc(ypreq_xfr argp, struct svc_req rqstp)
234	{
235	static ypresp_xfr res;
236	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
237	int ok = acl_check_host(&caller->sin_addr);
238	pid_t pid;
239	char tid[11], prog[11], port[11];
240	char ypxfr_proc[] = YPXFR_PROC"/usr/sbin/ypxfr", *ipadd;
241
242	bzero(&res, sizeof(res));
243
244	YPLOGif (!ok) yplog("xfr_2: caller=[%s].%d, auth_ok=%s, domain=%s, tid=%d, prog=%d",
245	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
246	argp->map_parms.domain, argp->transid, argp->prog);
247	YPLOGif (!ok) yplog(" ipadd=%s, port=%d, map=%s", inet_ntoa(caller->sin_addr),
248	argp->port, argp->map_parms.map);
249
250	if (strchr(argp->map_parms.domain, '/') \|\|
251	strchr(argp->map_parms.map, '/') \|\|
252	ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024) {
253	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
254	return(NULL0);
255	}
256
257	snprintf(tid, sizeof(tid), "%d", argp->transid);
258	snprintf(prog, sizeof(prog), "%d", argp->prog);
259	snprintf(port, sizeof(port), "%d", argp->port);
260	ipadd = inet_ntoa(caller->sin_addr);
261
262	pid = vfork();
263	if (pid == -1) {
264	svcerr_systemerr(rqstp->rq_xprt);
265	return(NULL0);
266	}
267	if (pid == 0) {
268	execl(ypxfr_proc, "ypxfr", "-d", argp->map_parms.domain,
269	"-C", tid, prog, ipadd, port, argp->map_parms.map, (char *)NULL0);
270	_exit(1);
271	}
272	/*
273	* XXX: fill in res
274	*/
275	return (&res);
276	}
277
278	void *
279	ypproc_clear_2_svc(void argp, struct svc_req rqstp)
280	{
281	static char *res;
282	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
283	int ok = acl_check_host(&caller->sin_addr);
284
285	YPLOGif (!ok) yplog( "clear_2: caller=[%s].%d, auth_ok=%s, opt=%s",
286	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
287	#ifdef OPTDB1
288	True
289	#else
290	False
291	#endif
292	);
293
294	if (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)
295	ok = FALSE(0);
296
297	if (!ok) {
298	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
299	return(NULL0);
300	}
301
302	res = NULL0;
303
304	#ifdef OPTDB1
305	ypdb_close_all();
306	#endif
307	return ((void *)&res);
308	}
309
310	ypresp_all *
311	ypproc_all_2_svc(ypreq_nokey argp, struct svc_req rqstp)
312	{
313	static ypresp_all res;
314	pid_t pid;
315	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
316	int ok = acl_check_host(&caller->sin_addr);
317	int secure = ypdb_secure(argp->domain, argp->map);
318
319	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
320	goto bail;
321	YPLOGif (!ok) yplog( "all_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
322	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
323	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False), argp->domain, argp->map);
324
325	if (!ok) {
326	bail:
327	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
328	return(NULL0);
329	}
330	bzero(&res, sizeof(res));
331
332	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
333	res.ypresp_all_u.val.stat = YP_YPERR;
334	return(&res);
335	}
336
337	pid = fork();
338	if (pid) {
339	if (pid == -1) {
340	/* XXXCDC An error has occurred */
341	}
342	return(NULL0); /* PARENT: continue */
343	}
344	/* CHILD: send result, then exit */
345
346	if (!svc_sendreply(rqstp->rq_xprt, ypdb_xdr_get_all, (char *)argp)) {
347	svcerr_systemerr(rqstp->rq_xprt);
348	}
349	exit(0);
350	}
351
352	ypresp_master *
353	ypproc_master_2_svc(ypreq_nokey argp, struct svc_req rqstp)
354	{
355	static ypresp_master res;
356	static peername nopeer = "";
357	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
358	int ok = acl_check_host(&caller->sin_addr);
359	int secure = ypdb_secure(argp->domain, argp->map);
360
361	if (strchr(argp->domain, '/') \|\| strchr(argp->map, '/'))
362	goto bail;
363	YPLOGif (!ok) yplog( "master_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
364	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
365	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False), argp->domain, argp->map);
366
367	if (!ok) {
368	bail:
369	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
370	return(NULL0);
371	}
372
373	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
374	res.stat = YP_YPERR;
375	} else {
376	res = ypdb_get_master(argp->domain, argp->map);
377	}
378
379	#ifdef DEBUG
380	yplog(" master2_status: %s", yperr_string(ypprot_err(res.stat)));
381	#endif
382
383	/*
384	* This code was added because a yppoll <unknown-domain>
385	* from a sun crashed the server in xdr_string, trying
386	* to access the peer through a NULL-pointer. yppoll in
387	* this server start asking for order. If order is ok
388	* then it will ask for master. SunOS 4 asks for both
389	* always. I'm not sure this is the best place for the
390	* fix, but for now it will do. xdr_peername or
391	* xdr_string in ypserv_xdr.c may be a better place?
392	*/
393	if (res.peer == NULL0)
394	res.peer = nopeer;
395	return (&res);
396	}
397
398
399	ypresp_order *
400	ypproc_order_2_svc(ypreq_nokey argp, struct svc_req rqstp)
401	{
402	static ypresp_order res;
403	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
404	int ok = acl_check_host(&caller->sin_addr);
405	int secure = ypdb_secure(argp->domain, argp->map);
406
407	if (strchr(argp->domain, '/'))
408	goto bail;
409	YPLOGif (!ok) yplog( "order_2: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
410	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
411	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False), argp->domain, argp->map);
412
413	if (!ok) {
414	bail:
415	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
416	return(NULL0);
417	}
418
419	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
420	res.stat = YP_YPERR;
421	} else if (strchr(argp->map, '/')) {
422	res.stat = YP_NOMAP;
423	} else {
424	res = ypdb_get_order(argp->domain, argp->map);
425	}
426
427	#ifdef DEBUG
428	yplog(" order2_status: %s", yperr_string(ypprot_err(res.stat)));
429	#endif
430	return (&res);
431	}
432
433
434	ypresp_maplist *
435	ypproc_maplist_2_svc(domainname argp, struct svc_req rqstp)
436	{
437	static ypresp_maplist res;
438	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
439	int ok = acl_check_host(&caller->sin_addr);
440	static char domain_path[PATH_MAX1024];
441	struct stat finfo;
442	DIR *dirp = NULL0;
443	struct dirent *dp;
444	char *suffix;
445	ypstat status;
446	struct ypmaplist *m;
447	char *map_name;
448
449	if (strchr(*argp, '/'))
450	goto bail;
451	YPLOGif (!ok) yplog("maplist_2: caller=[%s].%d, auth_ok=%s, domain=%s",
452	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
453	*argp);
454
455	if (!ok) {
456	bail:
457	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
458	return(NULL0);
459	}
460
461	bzero(&res, sizeof(res));
462	snprintf(domain_path, sizeof domain_path, "%s/%s", YP_DB_PATH"/var/yp", *argp);
463
464	status = YP_TRUE;
465	res.maps = NULL0;
466
467	if (!((stat(domain_path, &finfo) == 0) && S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000)))
468	status = YP_NODOM;
469
470	if (status >= 0) {
471	if ((dirp = opendir(domain_path)) == NULL0)
472	status = YP_NODOM;
473	}
474
475	if (status >= 0) {
476	for (dp = readdir(dirp); dp != NULL0; dp = readdir(dirp)) {
477	if ((!strcmp(dp->d_name, ".")) \|\|
478	((!strcmp(dp->d_name, ".."))) \|\|
479	(dp->d_namlen < 4))
480	continue;
481	suffix = (char *) &dp->d_name[dp->d_namlen-3];
482	if (strcmp(suffix, ".db") == 0) {
483	if ((m = malloc(sizeof(struct ypmaplist))) == NULL0) {
484	status = YP_YPERR;
485	break;
486	}
487
488	if ((map_name = malloc(dp->d_namlen - 2)) == NULL0) {
489	free(m);
490	status = YP_YPERR;
491	break;
492	}
493
494	m->next = res.maps;
495	m->map = map_name;
496	res.maps = m;
497	strncpy(map_name, dp->d_name, dp->d_namlen - 3);
498	m->map[dp->d_namlen - 3] = '\0';
499	}
500	}
501	}
502	if (dirp != NULL0)
503	closedir(dirp);
504
505	res.stat = status;
506	#ifdef DEBUG
507	yplog(" maplist_status: %s", yperr_string(ypprot_err(res.stat)));
508	#endif
509	return (&res);
510	}
511
512	void *
513	ypoldproc_null_1_svc(void argp, struct svc_req rqstp)
514	{
515	static char *result;
516	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
517	int ok = acl_check_host(&caller->sin_addr);
518
519	YPLOGif (!ok) yplog("null_1: caller=[%s].%d, auth_ok=%s",
520	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False));
521
522	if (!ok) {
523	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
524	return(NULL0);
525	}
526
527	result = NULL0;
528
529	return ((void *)&result);
530	}
531
532	bool_tint32_t *
533	ypoldproc_domain_1_svc(domainname argp, struct svc_req rqstp)
534	{
535	static bool_tint32_t result; /* is domain_served? */
536	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
537	int ok = acl_check_host(&caller->sin_addr);
538	static char domain_path[PATH_MAX1024];
539	struct stat finfo;
540
541	if (strchr(*argp, '/'))
542	goto bail;
543	snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH"/var/yp", *argp);
544	result = (bool_tint32_t) ((stat(domain_path, &finfo) == 0) &&
545	S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000));
546
547	YPLOGif (!ok) yplog("domain_1: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
548	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
549	TORF(ok)((ok) ? True : False), *argp, TORF(result)((result) ? True : False));
550
551	if (!ok) {
552	bail:
553	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
554	return(NULL0);
555	}
556
557	return (&result);
558	}
559
560	bool_tint32_t *
561	ypoldproc_domain_nonack_1_svc(domainname argp, struct svc_req rqstp)
562	{
563	static bool_tint32_t result; /* is domain served? */
564	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
565	int ok = acl_check_host(&caller->sin_addr);
566	static char domain_path[PATH_MAX1024];
567	struct stat finfo;
568
569	if (strchr(*argp, '/'))
570	goto bail;
571	snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH"/var/yp", *argp);
572	result = (bool_tint32_t) ((stat(domain_path, &finfo) == 0) &&
573	S_ISDIR(finfo.st_mode)((finfo.st_mode & 0170000) == 0040000));
574
575	YPLOGif (!ok) yplog(
576	"domain_nonack_1: caller=[%s].%d, auth_ok=%s, domain=%s, served=%s",
577	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)), TORF(ok)((ok) ? True : False),
578	*argp, TORF(result)((result) ? True : False));
579
580	if (!ok) {
581	bail:
582	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
583	return(NULL0);
584	}
585
586	if (!result) {
587	return(NULL0); /* don't send nack */
588	}
589
590	return (&result);
591	}
592
593	ypresponse *
594	ypoldproc_match_1_svc(yprequest argp, struct svc_req rqstp)
595	{
596	static ypresponse res;
597	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
598	int ok = acl_check_host(&caller->sin_addr);
599	int secure;
600
601	if (strchr(argp->ypmatch_req_domainyprequest_u.yp_req_keytype.domain, '/') \|\|
602	strchr(argp->ypmatch_req_mapyprequest_u.yp_req_keytype.map, '/'))
603	goto bail;
604	res.yp_resptype = YPMATCH_RESPTYPEYPRESP_VAL;
605	res.ypmatch_resp_valptrypresponse_u.yp_resp_valtype.val.valdat_val = "";
606	res.ypmatch_resp_valsizeypresponse_u.yp_resp_valtype.val.valdat_len = 0;
607
608	if (argp->yp_reqtype != YPMATCH_REQTYPEYPREQ_KEY) {
609	res.ypmatch_resp_statusypresponse_u.yp_resp_valtype.stat = YP_BADARGS;
610	return(&res);
611	}
612
613	secure = ypdb_secure(argp->ypmatch_req_domainyprequest_u.yp_req_keytype.domain, argp->ypmatch_req_mapyprequest_u.yp_req_keytype.map);
614
615	YPLOGif (!ok) yplog(
616	"match_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
617	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
618	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
619	argp->ypmatch_req_domainyprequest_u.yp_req_keytype.domain, argp->ypmatch_req_mapyprequest_u.yp_req_keytype.map,
620	argp->ypmatch_req_keysizeyprequest_u.yp_req_keytype.key.keydat_len, argp->ypmatch_req_keyptryprequest_u.yp_req_keytype.key.keydat_val);
621
622	if (!ok) {
623	bail:
624	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
625	return(NULL0);
626	}
627
628	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
629	res.ypmatch_resp_statusypresponse_u.yp_resp_valtype.stat = YP_YPERR;
630	} else {
631	res.ypmatch_resp_valypresponse_u.yp_resp_valtype = ypdb_get_record(
632	argp->ypmatch_req_domainyprequest_u.yp_req_keytype.domain, argp->ypmatch_req_mapyprequest_u.yp_req_keytype.map,
633	argp->ypmatch_req_keydatyprequest_u.yp_req_keytype.key, TRUE(1));
634	}
635
636	#ifdef DEBUG
637	yplog(" match1_status: %s",
638	yperr_string(ypprot_err(res.ypmatch_resp_statusypresponse_u.yp_resp_valtype.stat)));
639	#endif
640
641	return (&res);
642	}
643
644	ypresponse *
645	ypoldproc_first_1_svc(yprequest argp, struct svc_req rqstp)
646	{
647	static ypresponse res;
648	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
649	int ok = acl_check_host(&caller->sin_addr);
650	int secure;
651
652	if (strchr(argp->ypfirst_req_domainyprequest_u.yp_req_nokeytype.domain, '/') \|\|
653	strchr(argp->ypfirst_req_mapyprequest_u.yp_req_nokeytype.map, '/'))
654	goto bail;
655	res.yp_resptype = YPFIRST_RESPTYPEYPRESP_KEY_VAL;
656	res.ypfirst_resp_valptrypresponse_u.yp_resp_key_valtype.val.valdat_val = res.ypfirst_resp_keyptrypresponse_u.yp_resp_key_valtype.key.keydat_val = "";
657	res.ypfirst_resp_valsizeypresponse_u.yp_resp_key_valtype.val.valdat_len = res.ypfirst_resp_keysizeypresponse_u.yp_resp_key_valtype.key.keydat_len = 0;
658
659	if (argp->yp_reqtype != YPREQ_NOKEY) {
660	res.ypfirst_resp_statusypresponse_u.yp_resp_key_valtype.stat = YP_BADARGS;
661	return(&res);
662	}
663
664	secure = ypdb_secure(argp->ypfirst_req_domainyprequest_u.yp_req_nokeytype.domain, argp->ypfirst_req_mapyprequest_u.yp_req_nokeytype.map);
665
666	YPLOGif (!ok) yplog( "first_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
667	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
668	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
669	argp->ypfirst_req_domainyprequest_u.yp_req_nokeytype.domain, argp->ypfirst_req_mapyprequest_u.yp_req_nokeytype.map);
670
671	if (!ok) {
672	bail:
673	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
674	return(NULL0);
675	}
676
677	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
678	res.ypfirst_resp_statusypresponse_u.yp_resp_key_valtype.stat = YP_YPERR;
679	} else {
680	res.ypfirst_resp_valypresponse_u.yp_resp_key_valtype = ypdb_get_first(
681	argp->ypfirst_req_domainyprequest_u.yp_req_nokeytype.domain, argp->ypfirst_req_mapyprequest_u.yp_req_nokeytype.map, FALSE(0));
682	}
683
684	#ifdef DEBUG
685	yplog(" first1_status: %s",
686	yperr_string(ypprot_err(res.ypfirst_resp_statusypresponse_u.yp_resp_key_valtype.stat)));
687	#endif
688
689	return (&res);
690	}
691
692	ypresponse *
693	ypoldproc_next_1_svc(yprequest argp, struct svc_req rqstp)
694	{
695	static ypresponse res;
696	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
697	int ok = acl_check_host(&caller->sin_addr);
698	int secure;
699
700	if (strchr(argp->ypnext_req_domainyprequest_u.yp_req_keytype.domain, '/') \|\|
701	strchr(argp->ypnext_req_mapyprequest_u.yp_req_keytype.map, '/'))
702	goto bail;
703	res.yp_resptype = YPNEXT_RESPTYPEYPRESP_KEY_VAL;
704	res.ypnext_resp_valptrypresponse_u.yp_resp_key_valtype.val.valdat_val = res.ypnext_resp_keyptrypresponse_u.yp_resp_key_valtype.key.keydat_val = "";
705	res.ypnext_resp_valsizeypresponse_u.yp_resp_key_valtype.val.valdat_len = res.ypnext_resp_keysizeypresponse_u.yp_resp_key_valtype.key.keydat_len = 0;
706
707	if (argp->yp_reqtype != YPNEXT_REQTYPEYPREQ_KEY) {
708	res.ypnext_resp_statusypresponse_u.yp_resp_key_valtype.stat = YP_BADARGS;
709	return(&res);
710	}
711
712	secure = ypdb_secure(argp->ypnext_req_domainyprequest_u.yp_req_keytype.domain, argp->ypnext_req_mapyprequest_u.yp_req_keytype.map);
713
714	YPLOGif (!ok) yplog(
715	"next_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, key=%.*s",
716	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
717	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
718	argp->ypnext_req_domainyprequest_u.yp_req_keytype.domain, argp->ypnext_req_mapyprequest_u.yp_req_keytype.map,
719	argp->ypnext_req_keysizeyprequest_u.yp_req_keytype.key.keydat_len, argp->ypnext_req_keyptryprequest_u.yp_req_keytype.key.keydat_val);
720
721	if (!ok) {
722	bail:
723	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
724	return(NULL0);
725	}
726
727	if (secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)) {
728	res.ypnext_resp_statusypresponse_u.yp_resp_key_valtype.stat = YP_YPERR;
729	} else {
730	res.ypnext_resp_valypresponse_u.yp_resp_key_valtype = ypdb_get_next(
731	argp->ypnext_req_domainyprequest_u.yp_req_keytype.domain, argp->ypnext_req_mapyprequest_u.yp_req_keytype.map,
732	argp->ypnext_req_keydatyprequest_u.yp_req_keytype.key, FALSE(0));
733	}
734
735	#ifdef DEBUG
736	yplog(" next1_status: %s",
737	yperr_string(ypprot_err(res.ypnext_resp_statusypresponse_u.yp_resp_key_valtype.stat)));
738	#endif
739
740	return (&res);
741	}
742
743	ypresponse *
744	ypoldproc_poll_1_svc(yprequest argp, struct svc_req rqstp)
745	{
746	static ypresponse res;
747	ypresp_order order;
748	ypresp_master master;
749	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
750	int ok = acl_check_host(&caller->sin_addr);
751	int secure;
752
753	if (strchr(argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain, '/') \|\|
754	strchr(argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map, '/'))
755	goto bail;
756	res.yp_resptype = YPPOLL_RESPTYPEYPRESP_MAP_PARMS;
757	res.yppoll_resp_domainypresponse_u.yp_resp_map_parmstype.domain = argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain;
758	res.yppoll_resp_mapypresponse_u.yp_resp_map_parmstype.map = argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map;
759	res.yppoll_resp_ordernumypresponse_u.yp_resp_map_parmstype.ordernum = 0;
760	res.yppoll_resp_ownerypresponse_u.yp_resp_map_parmstype.peer = "";
761
762	if (argp->yp_reqtype != YPPOLL_REQTYPEYPREQ_NOKEY) {
763	return(&res);
764	}
765
766	secure = ypdb_secure(argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map);
767
768	YPLOGif (!ok) yplog( "poll_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
769	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
770	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
771	argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map);
772
773	if (!ok) {
774	bail:
775	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
776	return(NULL0);
777	}
778
779	if (!(secure && (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024))) {
780	order = ypdb_get_order(argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain,
781	argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map);
782	master = ypdb_get_master(argp->yppoll_req_domainyprequest_u.yp_req_nokeytype.domain,
783	argp->yppoll_req_mapyprequest_u.yp_req_nokeytype.map);
784	res.yppoll_resp_ordernumypresponse_u.yp_resp_map_parmstype.ordernum = order.ordernum;
785	res.yppoll_resp_ownerypresponse_u.yp_resp_map_parmstype.peer = master.peer;
786	}
787
788	#ifdef DEBUG
789	yplog(" poll1_status: %s", "none");
790	#endif
791	return (&res);
792	}
793
794	void *
795	ypoldproc_push_1_svc(yprequest argp, struct svc_req rqstp)
796	{
797	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
798	int ok = acl_check_host(&caller->sin_addr);
799	int secure;
800	pid_t pid;
801	char yppush_proc[] = YPPUSH_PROC"/usr/sbin/yppush";
802
803	if (strchr(argp->yppush_req_domainyprequest_u.yp_req_nokeytype.domain, '/') \|\|
804	strchr(argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map, '/'))
805	goto bail;
806	if (argp->yp_reqtype != YPPUSH_REQTYPEYPREQ_NOKEY) {
807	return(NULL0);
808	}
809
810	secure = ypdb_secure(argp->yppush_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map);
811
812	YPLOGif (!ok) yplog( "push_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
813	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
814	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
815	argp->yppush_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map);
816
817	if (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)
818	ok = FALSE(0);
819
820	if (!ok) {
821	bail:
822	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
823	return(NULL0);
824	}
825
826	pid = vfork();
	Call to function 'vfork' is insecure as it can lead to denial of service situations in the parent process. Replace calls to vfork with calls to the safer 'posix_spawn' function
827	if (pid == -1) {
828	svcerr_systemerr(rqstp->rq_xprt);
829	return(NULL0);
830	}
831	if (pid == 0) {
832	execl(yppush_proc, "yppush", "-d", argp->yppush_req_domainyprequest_u.yp_req_nokeytype.domain,
833	argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map, (char *)NULL0);
834	_exit(1);
835	}
836	return (NULL0);
837	}
838
839	void *
840	ypoldproc_pull_1_svc(yprequest argp, struct svc_req rqstp)
841	{
842	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
843	int ok = acl_check_host(&caller->sin_addr);
844	int secure;
845	pid_t pid;
846	char ypxfr_proc[] = YPXFR_PROC"/usr/sbin/ypxfr";
847
848	if (strchr(argp->yppull_req_domainyprequest_u.yp_req_nokeytype.domain, '/') \|\|
849	strchr(argp->yppull_req_mapyprequest_u.yp_req_nokeytype.map, '/'))
850	goto bail;
851	if (argp->yp_reqtype != YPPULL_REQTYPEYPREQ_NOKEY) {
852	return(NULL0);
853	}
854
855	secure = ypdb_secure(argp->yppull_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppull_req_mapyprequest_u.yp_req_nokeytype.map);
856
857	YPLOGif (!ok) yplog( "pull_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s",
858	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
859	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
860	argp->yppull_req_domainyprequest_u.yp_req_nokeytype.domain, argp->yppull_req_mapyprequest_u.yp_req_nokeytype.map);
861
862	if (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)
863	ok = FALSE(0);
864
865	if (!ok) {
866	bail:
867	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
868	return(NULL0);
869	}
870
871	pid = vfork();
872	if (pid == -1) {
873	svcerr_systemerr(rqstp->rq_xprt);
874	return(NULL0);
875	}
876	if (pid == 0) {
877	execl(ypxfr_proc, "ypxfr", "-d", argp->yppull_req_domainyprequest_u.yp_req_nokeytype.domain,
878	argp->yppull_req_mapyprequest_u.yp_req_nokeytype.map, (char *)NULL0);
879	_exit(1);
880	}
881	return (NULL0);
882	}
883
884	void *
885	ypoldproc_get_1_svc(yprequest argp, struct svc_req rqstp)
886	{
887	struct sockaddr_in *caller = svc_getcaller(rqstp->rq_xprt)(&(rqstp->rq_xprt)->xp_raddr);
888	int ok = acl_check_host(&caller->sin_addr);
889	int secure;
890	pid_t pid;
891	char ypxfr_proc[] = YPXFR_PROC"/usr/sbin/ypxfr";
892
893	if (strchr(argp->ypget_req_domainyprequest_u.yp_req_map_parmstype.domain, '/') \|\|
894	strchr(argp->ypget_req_mapyprequest_u.yp_req_map_parmstype.map, '/'))
895	goto bail;
896	if (argp->yp_reqtype != YPGET_REQTYPEYPREQ_MAP_PARMS)
897	return(NULL0);
898
899	secure = ypdb_secure(argp->ypget_req_domainyprequest_u.yp_req_map_parmstype.domain, argp->ypget_req_mapyprequest_u.yp_req_map_parmstype.map);
900
901	YPLOGif (!ok) yplog( "get_1: caller=[%s].%d, auth_ok=%s, secure=%s, domain=%s, map=%s, owner=%s",
902	inet_ntoa(caller->sin_addr), ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)),
903	TORF(ok)((ok) ? True : False), TORF(secure)((secure) ? True : False),
904	argp->ypget_req_domainyprequest_u.yp_req_map_parmstype.domain, argp->ypget_req_mapyprequest_u.yp_req_map_parmstype.map,
905	argp->ypget_req_owneryprequest_u.yp_req_map_parmstype.peer);
906
907	if (ntohs(caller->sin_port)(__uint16_t)(__builtin_constant_p(caller->sin_port) ? (__uint16_t )(((__uint16_t)(caller->sin_port) & 0xffU) << 8 \| ((__uint16_t)(caller->sin_port) & 0xff00U) >> 8 ) : __swap16md(caller->sin_port)) >= IPPORT_RESERVED1024)
908	ok = FALSE(0);
909
910	if (!ok) {
911	bail:
912	svcerr_auth(rqstp->rq_xprt, AUTH_FAILED);
913	return(NULL0);
914	}
915
916	pid = vfork();
917	if (pid == -1) {
918	svcerr_systemerr(rqstp->rq_xprt);
919	return(NULL0);
920	}
921	if (pid == 0) {
922	execl(ypxfr_proc, "ypxfr", "-d", argp->ypget_req_domainyprequest_u.yp_req_map_parmstype.domain, "-h",
923	argp->ypget_req_owneryprequest_u.yp_req_map_parmstype.peer, argp->yppush_req_mapyprequest_u.yp_req_nokeytype.map, (char *)NULL0);
924	_exit(1);
925	}
926	return (NULL0);
927	}