Index: head/usr.sbin/ypldap/entries.c =================================================================== --- head/usr.sbin/ypldap/entries.c (revision 290936) +++ head/usr.sbin/ypldap/entries.c (revision 290937) @@ -1,148 +1,149 @@ /* $OpenBSD: entries.c,v 1.3 2015/01/16 06:40:22 deraadt Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include +#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ypldap.h" void flatten_entries(struct env *env) { size_t wrlen; size_t len; char *linep; char *endp; char *tmp; struct userent *ue; struct groupent *ge; log_debug("flattening trees"); /* * This takes all the line pointers in RB elements and * concatenates them in a single string, to be able to * implement next element lookup without tree traversal. * * An extra octet is alloced to make space for an additional NUL. */ wrlen = env->sc_user_line_len; if ((linep = calloc(1, env->sc_user_line_len + 1)) == NULL) { /* * XXX: try allocating a smaller chunk of memory */ fatal("out of memory"); } endp = linep; RB_FOREACH(ue, user_name_tree, env->sc_user_names) { /* * we convert the first nul back to a column, * copy the string and then convert it back to a nul. */ ue->ue_line[strlen(ue->ue_line)] = ':'; log_debug("pushing line: %s", ue->ue_line); len = strlen(ue->ue_line) + 1; memcpy(endp, ue->ue_line, len); endp[strcspn(endp, ":")] = '\0'; free(ue->ue_line); ue->ue_line = endp; endp += len; wrlen -= len; /* * To save memory strdup(3) the netid_line which originally used * LINE_WIDTH bytes */ tmp = ue->ue_netid_line; ue->ue_netid_line = strdup(tmp); if (ue->ue_netid_line == NULL) { fatal("out of memory"); } free(tmp); } env->sc_user_lines = linep; wrlen = env->sc_group_line_len; if ((linep = calloc(1, env->sc_group_line_len + 1)) == NULL) { /* * XXX: try allocating a smaller chunk of memory */ fatal("out of memory"); } endp = linep; RB_FOREACH(ge, group_name_tree, env->sc_group_names) { /* * we convert the first nul back to a column, * copy the string and then convert it back to a nul. */ ge->ge_line[strlen(ge->ge_line)] = ':'; log_debug("pushing line: %s", ge->ge_line); len = strlen(ge->ge_line) + 1; memcpy(endp, ge->ge_line, len); endp[strcspn(endp, ":")] = '\0'; free(ge->ge_line); ge->ge_line = endp; endp += len; wrlen -= len; } env->sc_group_lines = linep; } int userent_name_cmp(struct userent *ue1, struct userent *ue2) { return (strcmp(ue1->ue_line, ue2->ue_line)); } int userent_uid_cmp(struct userent *ue1, struct userent *ue2) { return (ue1->ue_uid - ue2->ue_uid); } int groupent_name_cmp(struct groupent *ge1, struct groupent *ge2) { return (strcmp(ge1->ge_line, ge2->ge_line)); } int groupent_gid_cmp(struct groupent *ge1, struct groupent *ge2) { return (ge1->ge_gid - ge2->ge_gid); } RB_GENERATE(user_name_tree, userent, ue_name_node, userent_name_cmp); RB_GENERATE(user_uid_tree, userent, ue_uid_node, userent_uid_cmp); RB_GENERATE(group_name_tree, groupent, ge_name_node, groupent_name_cmp); RB_GENERATE(group_gid_tree, groupent, ge_gid_node, groupent_gid_cmp); Index: head/usr.sbin/ypldap/parse.y =================================================================== --- head/usr.sbin/ypldap/parse.y (revision 290936) +++ head/usr.sbin/ypldap/parse.y (revision 290937) @@ -1,837 +1,838 @@ /* $OpenBSD: parse.y,v 1.18 2015/01/16 06:40:22 deraadt Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard * Copyright (c) 2007, 2008 Reyk Floeter * Copyright (c) 2004, 2005 Esben Norby * Copyright (c) 2004 Ryan McBride * Copyright (c) 2002, 2003, 2004 Henning Brauer * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Daniel Hartmeier. All rights reserved. * Copyright (c) 2001 Theo de Raadt. All rights reserved. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ %{ #include +#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ypldap.h" TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files); static struct file { TAILQ_ENTRY(file) entry; FILE *stream; char *name; int lineno; int errors; } *file, *topfile; struct file *pushfile(const char *, int); int popfile(void); int check_file_secrecy(int, const char *); int yyparse(void); int yylex(void); int yyerror(const char *, ...) __attribute__((__format__ (printf, 1, 2))) __attribute__((__nonnull__ (1))); int kw_cmp(const void *, const void *); int lookup(char *); int lgetc(int); int lungetc(int); int findeol(void); TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead); struct sym { TAILQ_ENTRY(sym) entry; int used; int persist; char *nam; char *val; }; int symset(const char *, const char *, int); char *symget(const char *); struct env *conf = NULL; struct idm *idm = NULL; static int errors = 0; typedef struct { union { int64_t number; char *string; } v; int lineno; } YYSTYPE; %} %token SERVER FILTER ATTRIBUTE BASEDN BINDDN GROUPDN BINDCRED MAPS CHANGE DOMAIN PROVIDE %token USER GROUP TO EXPIRE HOME SHELL GECOS UID GID INTERVAL %token PASSWD NAME FIXED LIST GROUPNAME GROUPPASSWD GROUPGID MAP %token INCLUDE DIRECTORY CLASS PORT ERROR GROUPMEMBERS %token STRING %token NUMBER %type opcode attribute %type port %% grammar : /* empty */ | grammar '\n' | grammar include '\n' | grammar varset '\n' | grammar directory '\n' | grammar main '\n' | grammar error '\n' { file->errors++; } ; nl : '\n' optnl ; optnl : '\n' optnl | /* empty */ ; include : INCLUDE STRING { struct file *nfile; if ((nfile = pushfile($2, 0)) == NULL) { yyerror("failed to include file %s", $2); free($2); YYERROR; } free($2); file = nfile; lungetc('\n'); } ; varset : STRING '=' STRING { if (symset($1, $3, 0) == -1) fatal("cannot store variable"); free($1); free($3); } ; port : /* empty */ { $$ = NULL; } | PORT STRING { $$ = $2; } ; opcode : GROUP { $$ = 0; } | PASSWD { $$ = 1; } ; attribute : NAME { $$ = 0; } | PASSWD { $$ = 1; } | UID { $$ = 2; } | GID { $$ = 3; } | CLASS { $$ = 4; } | CHANGE { $$ = 5; } | EXPIRE { $$ = 6; } | GECOS { $$ = 7; } | HOME { $$ = 8; } | SHELL { $$ = 9; } | GROUPNAME { $$ = 10; } | GROUPPASSWD { $$ = 11; } | GROUPGID { $$ = 12; } | GROUPMEMBERS { $$ = 13; } ; diropt : BINDDN STRING { idm->idm_flags |= F_NEEDAUTH; if (strlcpy(idm->idm_binddn, $2, sizeof(idm->idm_binddn)) >= sizeof(idm->idm_binddn)) { yyerror("directory binddn truncated"); free($2); YYERROR; } free($2); } | BINDCRED STRING { idm->idm_flags |= F_NEEDAUTH; if (strlcpy(idm->idm_bindcred, $2, sizeof(idm->idm_bindcred)) >= sizeof(idm->idm_bindcred)) { yyerror("directory bindcred truncated"); free($2); YYERROR; } free($2); } | BASEDN STRING { if (strlcpy(idm->idm_basedn, $2, sizeof(idm->idm_basedn)) >= sizeof(idm->idm_basedn)) { yyerror("directory basedn truncated"); free($2); YYERROR; } free($2); } | GROUPDN STRING { if(strlcpy(idm->idm_groupdn, $2, sizeof(idm->idm_groupdn)) >= sizeof(idm->idm_groupdn)) { yyerror("directory groupdn truncated"); free($2); YYERROR; } free($2); } | opcode FILTER STRING { if (strlcpy(idm->idm_filters[$1], $3, sizeof(idm->idm_filters[$1])) >= sizeof(idm->idm_filters[$1])) { yyerror("filter truncated"); free($3); YYERROR; } free($3); } | ATTRIBUTE attribute MAPS TO STRING { if (strlcpy(idm->idm_attrs[$2], $5, sizeof(idm->idm_attrs[$2])) >= sizeof(idm->idm_attrs[$2])) { yyerror("attribute truncated"); free($5); YYERROR; } free($5); } | FIXED ATTRIBUTE attribute STRING { if (strlcpy(idm->idm_attrs[$3], $4, sizeof(idm->idm_attrs[$3])) >= sizeof(idm->idm_attrs[$3])) { yyerror("attribute truncated"); free($4); YYERROR; } idm->idm_flags |= F_FIXED_ATTR($3); free($4); } | LIST attribute MAPS TO STRING { if (strlcpy(idm->idm_attrs[$2], $5, sizeof(idm->idm_attrs[$2])) >= sizeof(idm->idm_attrs[$2])) { yyerror("attribute truncated"); free($5); YYERROR; } idm->idm_list |= F_LIST($2); free($5); } ; directory : DIRECTORY STRING port { if ((idm = calloc(1, sizeof(*idm))) == NULL) fatal(NULL); idm->idm_id = conf->sc_maxid++; if (strlcpy(idm->idm_name, $2, sizeof(idm->idm_name)) >= sizeof(idm->idm_name)) { yyerror("attribute truncated"); free($2); YYERROR; } free($2); } '{' optnl diropts '}' { TAILQ_INSERT_TAIL(&conf->sc_idms, idm, idm_entry); idm = NULL; } ; main : INTERVAL NUMBER { conf->sc_conf_tv.tv_sec = $2; conf->sc_conf_tv.tv_usec = 0; } | DOMAIN STRING { if (strlcpy(conf->sc_domainname, $2, sizeof(conf->sc_domainname)) >= sizeof(conf->sc_domainname)) { yyerror("domainname truncated"); free($2); YYERROR; } free($2); } | PROVIDE MAP STRING { if (strcmp($3, "passwd.byname") == 0) conf->sc_flags |= YPMAP_PASSWD_BYNAME; else if (strcmp($3, "passwd.byuid") == 0) conf->sc_flags |= YPMAP_PASSWD_BYUID; else if (strcmp($3, "master.passwd.byname") == 0) conf->sc_flags |= YPMAP_MASTER_PASSWD_BYNAME; else if (strcmp($3, "master.passwd.byuid") == 0) conf->sc_flags |= YPMAP_MASTER_PASSWD_BYUID; else if (strcmp($3, "group.byname") == 0) conf->sc_flags |= YPMAP_GROUP_BYNAME; else if (strcmp($3, "group.bygid") == 0) conf->sc_flags |= YPMAP_GROUP_BYGID; else if (strcmp($3, "netid.byname") == 0) conf->sc_flags |= YPMAP_NETID_BYNAME; else { yyerror("unsupported map type: %s", $3); free($3); YYERROR; } free($3); } ; diropts : diropts diropt nl | diropt optnl ; %% struct keywords { const char *k_name; int k_val; }; int yyerror(const char *fmt, ...) { va_list ap; char *msg; file->errors++; va_start(ap, fmt); if (vasprintf(&msg, fmt, ap) == -1) fatalx("yyerror vasprintf"); va_end(ap); logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg); free(msg); return (0); } int kw_cmp(const void *k, const void *e) { return (strcmp(k, ((const struct keywords *)e)->k_name)); } int lookup(char *s) { /* this has to be sorted always */ static const struct keywords keywords[] = { { "attribute", ATTRIBUTE }, { "basedn", BASEDN }, { "bindcred", BINDCRED }, { "binddn", BINDDN }, { "change", CHANGE }, { "class", CLASS }, { "directory", DIRECTORY }, { "domain", DOMAIN }, { "expire", EXPIRE }, { "filter", FILTER }, { "fixed", FIXED }, { "gecos", GECOS }, { "gid", GID }, { "group", GROUP }, { "groupdn", GROUPDN }, { "groupgid", GROUPGID }, { "groupmembers", GROUPMEMBERS }, { "groupname", GROUPNAME }, { "grouppasswd", GROUPPASSWD }, { "home", HOME }, { "include", INCLUDE }, { "interval", INTERVAL }, { "list", LIST }, { "map", MAP }, { "maps", MAPS }, { "name", NAME }, { "passwd", PASSWD }, { "port", PORT }, { "provide", PROVIDE }, { "server", SERVER }, { "shell", SHELL }, { "to", TO }, { "uid", UID }, { "user", USER }, }; const struct keywords *p; p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]), sizeof(keywords[0]), kw_cmp); if (p) return (p->k_val); else return (STRING); } #define MAXPUSHBACK 128 u_char *parsebuf; int parseindex; u_char pushback_buffer[MAXPUSHBACK]; int pushback_index = 0; int lgetc(int quotec) { int c, next; if (parsebuf) { /* Read character from the parsebuffer instead of input. */ if (parseindex >= 0) { c = parsebuf[parseindex++]; if (c != '\0') return (c); parsebuf = NULL; } else parseindex++; } if (pushback_index) return (pushback_buffer[--pushback_index]); if (quotec) { if ((c = getc(file->stream)) == EOF) { yyerror("reached end of file while parsing " "quoted string"); if (file == topfile || popfile() == EOF) return (EOF); return (quotec); } return (c); } while ((c = getc(file->stream)) == '\\') { next = getc(file->stream); if (next != '\n') { c = next; break; } yylval.lineno = file->lineno; file->lineno++; } while (c == EOF) { if (file == topfile || popfile() == EOF) return (EOF); c = getc(file->stream); } return (c); } int lungetc(int c) { if (c == EOF) return (EOF); if (parsebuf) { parseindex--; if (parseindex >= 0) return (c); } if (pushback_index < MAXPUSHBACK-1) return (pushback_buffer[pushback_index++] = c); else return (EOF); } int findeol(void) { int c; parsebuf = NULL; /* skip to either EOF or the first real EOL */ while (1) { if (pushback_index) c = pushback_buffer[--pushback_index]; else c = lgetc(0); if (c == '\n') { file->lineno++; break; } if (c == EOF) break; } return (ERROR); } int yylex(void) { u_char buf[8096]; u_char *p, *val; int quotec, next, c; int token; top: p = buf; while ((c = lgetc(0)) == ' ' || c == '\t') ; /* nothing */ yylval.lineno = file->lineno; if (c == '#') while ((c = lgetc(0)) != '\n' && c != EOF) ; /* nothing */ if (c == '$' && parsebuf == NULL) { while (1) { if ((c = lgetc(0)) == EOF) return (0); if (p + 1 >= buf + sizeof(buf) - 1) { yyerror("string too long"); return (findeol()); } if (isalnum(c) || c == '_') { *p++ = c; continue; } *p = '\0'; lungetc(c); break; } val = symget(buf); if (val == NULL) { yyerror("macro '%s' not defined", buf); return (findeol()); } parsebuf = val; parseindex = 0; goto top; } switch (c) { case '\'': case '"': quotec = c; while (1) { if ((c = lgetc(quotec)) == EOF) return (0); if (c == '\n') { file->lineno++; continue; } else if (c == '\\') { if ((next = lgetc(quotec)) == EOF) return (0); if (next == quotec || c == ' ' || c == '\t') c = next; else if (next == '\n') { file->lineno++; continue; } else lungetc(next); } else if (c == quotec) { *p = '\0'; break; } else if (c == '\0') { yyerror("syntax error"); return (findeol()); } if (p + 1 >= buf + sizeof(buf) - 1) { yyerror("string too long"); return (findeol()); } *p++ = c; } yylval.v.string = strdup(buf); if (yylval.v.string == NULL) err(1, "yylex: strdup"); return (STRING); } #define allowed_to_end_number(x) \ (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=') if (c == '-' || isdigit(c)) { do { *p++ = c; if ((unsigned)(p-buf) >= sizeof(buf)) { yyerror("string too long"); return (findeol()); } } while ((c = lgetc(0)) != EOF && isdigit(c)); lungetc(c); if (p == buf + 1 && buf[0] == '-') goto nodigits; if (c == EOF || allowed_to_end_number(c)) { const char *errstr = NULL; *p = '\0'; yylval.v.number = strtonum(buf, LLONG_MIN, LLONG_MAX, &errstr); if (errstr) { yyerror("\"%s\" invalid number: %s", buf, errstr); return (findeol()); } return (NUMBER); } else { nodigits: while (p > buf + 1) lungetc(*--p); c = *--p; if (c == '-') return (c); } } #define allowed_in_string(x) \ (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \ x != '{' && x != '}' && x != '<' && x != '>' && \ x != '!' && x != '=' && x != '#' && \ x != ',')) if (isalnum(c) || c == ':' || c == '_') { do { *p++ = c; if ((unsigned)(p-buf) >= sizeof(buf)) { yyerror("string too long"); return (findeol()); } } while ((c = lgetc(0)) != EOF && (allowed_in_string(c))); lungetc(c); *p = '\0'; if ((token = lookup(buf)) == STRING) if ((yylval.v.string = strdup(buf)) == NULL) err(1, "yylex: strdup"); return (token); } if (c == '\n') { yylval.lineno = file->lineno; file->lineno++; } if (c == EOF) return (0); return (c); } int check_file_secrecy(int fd, const char *fname) { struct stat st; if (fstat(fd, &st)) { log_warn("cannot stat %s", fname); return (-1); } if (st.st_uid != 0 && st.st_uid != getuid()) { log_warnx("%s: owner not root or current user", fname); return (-1); } if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); } struct file * pushfile(const char *name, int secret) { struct file *nfile; if ((nfile = calloc(1, sizeof(struct file))) == NULL) { log_warn("malloc"); return (NULL); } if ((nfile->name = strdup(name)) == NULL) { log_warn("malloc"); free(nfile); return (NULL); } if ((nfile->stream = fopen(nfile->name, "r")) == NULL) { log_warn("%s", nfile->name); free(nfile->name); free(nfile); return (NULL); } else if (secret && check_file_secrecy(fileno(nfile->stream), nfile->name)) { fclose(nfile->stream); free(nfile->name); free(nfile); return (NULL); } nfile->lineno = 1; TAILQ_INSERT_TAIL(&files, nfile, entry); return (nfile); } int popfile(void) { struct file *prev; if ((prev = TAILQ_PREV(file, files, entry)) != NULL) prev->errors += file->errors; TAILQ_REMOVE(&files, file, entry); fclose(file->stream); free(file->name); free(file); file = prev; return (file ? 0 : EOF); } int parse_config(struct env *x_conf, const char *filename, int opts) { struct sym *sym, *next; conf = x_conf; bzero(conf, sizeof(*conf)); TAILQ_INIT(&conf->sc_idms); conf->sc_conf_tv.tv_sec = DEFAULT_INTERVAL; conf->sc_conf_tv.tv_usec = 0; errors = 0; if ((file = pushfile(filename, 1)) == NULL) { return (-1); } topfile = file; /* * parse configuration */ setservent(1); yyparse(); endservent(); errors = file->errors; popfile(); /* Free macros and check which have not been used. */ for (sym = TAILQ_FIRST(&symhead); sym != NULL; sym = next) { next = TAILQ_NEXT(sym, entry); if ((opts & YPLDAP_OPT_VERBOSE) && !sym->used) fprintf(stderr, "warning: macro '%s' not " "used\n", sym->nam); if (!sym->persist) { free(sym->nam); free(sym->val); TAILQ_REMOVE(&symhead, sym, entry); free(sym); } } if (errors) { return (-1); } return (0); } int symset(const char *nam, const char *val, int persist) { struct sym *sym; for (sym = TAILQ_FIRST(&symhead); sym && strcmp(nam, sym->nam); sym = TAILQ_NEXT(sym, entry)) ; /* nothing */ if (sym != NULL) { if (sym->persist == 1) return (0); else { free(sym->nam); free(sym->val); TAILQ_REMOVE(&symhead, sym, entry); free(sym); } } if ((sym = calloc(1, sizeof(*sym))) == NULL) return (-1); sym->nam = strdup(nam); if (sym->nam == NULL) { free(sym); return (-1); } sym->val = strdup(val); if (sym->val == NULL) { free(sym->nam); free(sym); return (-1); } sym->used = 0; sym->persist = persist; TAILQ_INSERT_TAIL(&symhead, sym, entry); return (0); } int cmdline_symset(char *s) { char *sym, *val; int ret; size_t len; if ((val = strrchr(s, '=')) == NULL) return (-1); len = strlen(s) - strlen(val) + 1; if ((sym = malloc(len)) == NULL) errx(1, "cmdline_symset: malloc"); (void)strlcpy(sym, s, len); ret = symset(sym, val + 1, 1); free(sym); return (ret); } char * symget(const char *nam) { struct sym *sym; TAILQ_FOREACH(sym, &symhead, entry) if (strcmp(nam, sym->nam) == 0) { sym->used = 1; return (sym->val); } return (NULL); } Index: head/usr.sbin/ypldap/yp.c =================================================================== --- head/usr.sbin/ypldap/yp.c (revision 290936) +++ head/usr.sbin/ypldap/yp.c (revision 290937) @@ -1,652 +1,653 @@ /* $OpenBSD: yp.c,v 1.14 2015/02/11 01:26:00 pelikan Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include +#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ypldap.h" void yp_dispatch(struct svc_req *, SVCXPRT *); void yp_disable_events(void); void yp_fd_event(int, short, void *); int yp_check(struct svc_req *); int yp_valid_domain(char *, struct ypresp_val *); void yp_make_val(struct ypresp_val *, char *, int); void yp_make_keyval(struct ypresp_key_val *, char *, char *); static struct env *env; struct yp_event { TAILQ_ENTRY(yp_event) ye_entry; struct event ye_event; }; struct yp_data { SVCXPRT *yp_trans_udp; SVCXPRT *yp_trans_tcp; TAILQ_HEAD(, yp_event) yd_events; }; void yp_disable_events(void) { struct yp_event *ye; while ((ye = TAILQ_FIRST(&env->sc_yp->yd_events)) != NULL) { TAILQ_REMOVE(&env->sc_yp->yd_events, ye, ye_entry); event_del(&ye->ye_event); free(ye); } } void yp_enable_events(void) { int i; extern fd_set *__svc_fdset; extern int __svc_fdsetsize; struct yp_event *ye; for (i = 0; i < __svc_fdsetsize; i++) { if (FD_ISSET(i, __svc_fdset)) { if ((ye = calloc(1, sizeof(*ye))) == NULL) fatal(NULL); event_set(&ye->ye_event, i, EV_READ, yp_fd_event, NULL); event_add(&ye->ye_event, NULL); TAILQ_INSERT_TAIL(&env->sc_yp->yd_events, ye, ye_entry); } } } void yp_fd_event(int fd, short event, void *p) { svc_getreq_common(fd); yp_disable_events(); yp_enable_events(); } void yp_init(struct env *x_env) { struct yp_data *yp; if ((yp = calloc(1, sizeof(*yp))) == NULL) fatal(NULL); TAILQ_INIT(&yp->yd_events); env = x_env; env->sc_yp = yp; (void)pmap_unset(YPPROG, YPVERS); if ((yp->yp_trans_udp = svcudp_create(RPC_ANYSOCK)) == NULL) fatal("cannot create udp service"); if ((yp->yp_trans_tcp = svctcp_create(RPC_ANYSOCK, 0, 0)) == NULL) fatal("cannot create tcp service"); if (!svc_register(yp->yp_trans_udp, YPPROG, YPVERS, yp_dispatch, IPPROTO_UDP)) { fatal("unable to register (YPPROG, YPVERS, udp)"); } if (!svc_register(yp->yp_trans_tcp, YPPROG, YPVERS, yp_dispatch, IPPROTO_TCP)) { fatal("unable to register (YPPROG, YPVERS, tcp)"); } } /* * lots of inspiration from ypserv by Mats O Jansson */ void yp_dispatch(struct svc_req *req, SVCXPRT *trans) { xdrproc_t xdr_argument; xdrproc_t xdr_result; char *result; char *(*cb)(char *, struct svc_req *); union { domainname ypproc_domain_2_arg; domainname ypproc_domain_nonack_2_arg; ypreq_key ypproc_match_2_arg; ypreq_nokey ypproc_first_2_arg; ypreq_key ypproc_next_2_arg; ypreq_xfr ypproc_xfr_2_arg; ypreq_nokey ypproc_all_2_arg; ypreq_nokey ypproc_master_2_arg; ypreq_nokey ypproc_order_2_arg; domainname ypproc_maplist_2_arg; } argument; xdr_argument = (xdrproc_t) xdr_void; xdr_result = (xdrproc_t) xdr_void; cb = NULL; switch (req->rq_proc) { case YPPROC_NULL: xdr_argument = (xdrproc_t) xdr_void; xdr_result = (xdrproc_t) xdr_void; if (yp_check(req) == -1) return; result = NULL; if (!svc_sendreply(trans, (xdrproc_t) xdr_void, (void *)&result)) svcerr_systemerr(trans); return; case YPPROC_DOMAIN: xdr_argument = (xdrproc_t) xdr_domainname; xdr_result = (xdrproc_t) xdr_bool; if (yp_check(req) == -1) return; cb = (void *)ypproc_domain_2_svc; break; case YPPROC_DOMAIN_NONACK: xdr_argument = (xdrproc_t) xdr_domainname; xdr_result = (xdrproc_t) xdr_bool; if (yp_check(req) == -1) return; cb = (void *)ypproc_domain_nonack_2_svc; break; case YPPROC_MATCH: xdr_argument = (xdrproc_t) xdr_ypreq_key; xdr_result = (xdrproc_t) xdr_ypresp_val; if (yp_check(req) == -1) return; cb = (void *)ypproc_match_2_svc; break; case YPPROC_FIRST: xdr_argument = (xdrproc_t) xdr_ypreq_nokey; xdr_result = (xdrproc_t) xdr_ypresp_key_val; if (yp_check(req) == -1) return; cb = (void *)ypproc_first_2_svc; break; case YPPROC_NEXT: xdr_argument = (xdrproc_t) xdr_ypreq_key; xdr_result = (xdrproc_t) xdr_ypresp_key_val; if (yp_check(req) == -1) return; cb = (void *)ypproc_next_2_svc; break; case YPPROC_XFR: if (yp_check(req) == -1) return; svcerr_noproc(trans); return; case YPPROC_CLEAR: log_debug("ypproc_clear"); if (yp_check(req) == -1) return; svcerr_noproc(trans); return; case YPPROC_ALL: log_debug("ypproc_all"); if (yp_check(req) == -1) return; cb = (void *)ypproc_all_2_svc; break; case YPPROC_MASTER: log_debug("ypproc_master"); if (yp_check(req) == -1) return; cb = (void *)ypproc_master_2_svc; break; case YPPROC_ORDER: log_debug("ypproc_order"); if (yp_check(req) == -1) return; svcerr_noproc(trans); return; case YPPROC_MAPLIST: log_debug("ypproc_maplist"); if (yp_check(req) == -1) return; cb = (void *)ypproc_maplist_2_svc; break; default: svcerr_noproc(trans); return; } (void)memset(&argument, 0, sizeof(argument)); if (!svc_getargs(trans, xdr_argument, (caddr_t)&argument)) { svcerr_decode(trans); return; } result = (*cb)((char *)&argument, req); if (result != NULL && !svc_sendreply(trans, xdr_result, result)) svcerr_systemerr(trans); if (!svc_freeargs(trans, xdr_argument, (caddr_t)&argument)) { /* * ypserv does it too. */ fatal("unable to free arguments"); } } int yp_check(struct svc_req *req) { struct sockaddr_in *caller; caller = svc_getcaller(req->rq_xprt); /* * We might want to know who we allow here. */ return (0); } int yp_valid_domain(char *domain, struct ypresp_val *res) { if (domain == NULL) { log_debug("NULL domain !"); return (-1); } if (strcmp(domain, env->sc_domainname) != 0) { res->stat = YP_NODOM; return (-1); } return (0); } bool_t * ypproc_domain_2_svc(domainname *arg, struct svc_req *req) { static bool_t res; res = (bool_t)1; if (strcmp(*arg, env->sc_domainname) != 0) res = (bool_t)0; return (&res); } bool_t * ypproc_domain_nonack_2_svc(domainname *arg, struct svc_req *req) { static bool_t res; if (strcmp(*arg, env->sc_domainname) != 0) return NULL; res = (bool_t)1; return (&res); } ypresp_val * ypproc_match_2_svc(ypreq_key *arg, struct svc_req *req) { struct userent ukey; struct userent *ue; struct groupent gkey; struct groupent *ge; static struct ypresp_val res; const char *estr; char *bp, *cp; char key[YPMAXRECORD+1]; log_debug("matching '%.*s' in map %s", arg->key.keydat_len, arg->key.keydat_val, arg->map); if (yp_valid_domain(arg->domain, (struct ypresp_val *)&res) == -1) return (&res); if (env->sc_user_names == NULL) { /* * tree not ready. */ return (NULL); } if (arg->key.keydat_len > YPMAXRECORD) { log_debug("argument too long"); return (NULL); } bzero(key, sizeof(key)); (void)strncpy(key, arg->key.keydat_val, arg->key.keydat_len); if (strcmp(arg->map, "passwd.byname") == 0 || strcmp(arg->map, "master.passwd.byname") == 0) { ukey.ue_line = key; if ((ue = RB_FIND(user_name_tree, env->sc_user_names, &ukey)) == NULL) { res.stat = YP_NOKEY; return (&res); } yp_make_val(&res, ue->ue_line, 1); return (&res); } else if (strcmp(arg->map, "passwd.byuid") == 0 || strcmp(arg->map, "master.passwd.byuid") == 0) { ukey.ue_uid = strtonum(key, 0, UID_MAX, &estr); if (estr) { res.stat = YP_BADARGS; return (&res); } if ((ue = RB_FIND(user_uid_tree, &env->sc_user_uids, &ukey)) == NULL) { res.stat = YP_NOKEY; return (&res); } yp_make_val(&res, ue->ue_line, 1); return (&res); } else if (strcmp(arg->map, "group.bygid") == 0) { gkey.ge_gid = strtonum(key, 0, GID_MAX, &estr); if (estr) { res.stat = YP_BADARGS; return (&res); } if ((ge = RB_FIND(group_gid_tree, &env->sc_group_gids, &gkey)) == NULL) { res.stat = YP_NOKEY; return (&res); } yp_make_val(&res, ge->ge_line, 1); return (&res); } else if (strcmp(arg->map, "group.byname") == 0) { gkey.ge_line = key; if ((ge = RB_FIND(group_name_tree, env->sc_group_names, &gkey)) == NULL) { res.stat = YP_NOKEY; return (&res); } yp_make_val(&res, ge->ge_line, 1); return (&res); } else if (strcmp(arg->map, "netid.byname") == 0) { bp = cp = key; if (strncmp(bp, "unix.", strlen("unix.")) != 0) { res.stat = YP_BADARGS; return (&res); } bp += strlen("unix."); if (*bp == '\0') { res.stat = YP_BADARGS; return (&res); } if (!(cp = strsep(&bp, "@"))) { res.stat = YP_BADARGS; return (&res); } if (strcmp(bp, arg->domain) != 0) { res.stat = YP_BADARGS; return (&res); } ukey.ue_uid = strtonum(cp, 0, UID_MAX, &estr); if (estr) { res.stat = YP_BADARGS; return (&res); } if ((ue = RB_FIND(user_uid_tree, &env->sc_user_uids, &ukey)) == NULL) { res.stat = YP_NOKEY; return (&res); } yp_make_val(&res, ue->ue_netid_line, 0); return (&res); } else { log_debug("unknown map %s", arg->map); res.stat = YP_NOMAP; return (&res); } } ypresp_key_val * ypproc_first_2_svc(ypreq_nokey *arg, struct svc_req *req) { static struct ypresp_key_val res; if (yp_valid_domain(arg->domain, (struct ypresp_val *)&res) == -1) return (&res); if (strcmp(arg->map, "passwd.byname") == 0 || strcmp(arg->map, "master.passwd.byname") == 0) { if (env->sc_user_lines == NULL) return (NULL); yp_make_keyval(&res, env->sc_user_lines, env->sc_user_lines); } else if (strcmp(arg->map, "group.byname") == 0) { if (env->sc_group_lines == NULL) return (NULL); yp_make_keyval(&res, env->sc_group_lines, env->sc_group_lines); } else { log_debug("unknown map %s", arg->map); res.stat = YP_NOMAP; } return (&res); } ypresp_key_val * ypproc_next_2_svc(ypreq_key *arg, struct svc_req *req) { struct userent ukey; struct userent *ue; struct groupent gkey; struct groupent *ge; char *line; static struct ypresp_key_val res; char key[YPMAXRECORD+1]; if (yp_valid_domain(arg->domain, (struct ypresp_val *)&res) == -1) return (&res); if (strcmp(arg->map, "passwd.byname") == 0 || strcmp(arg->map, "master.passwd.byname") == 0) { bzero(key, sizeof(key)); (void)strncpy(key, arg->key.keydat_val, arg->key.keydat_len); ukey.ue_line = key; if ((ue = RB_FIND(user_name_tree, env->sc_user_names, &ukey)) == NULL) { /* * canacar's trick: * the user might have been deleted in between calls * to next since the tree may be modified by a reload. * next should still return the next user in * lexicographical order, hence insert the search key * and look up the next field, then remove it again. */ RB_INSERT(user_name_tree, env->sc_user_names, &ukey); if ((ue = RB_NEXT(user_name_tree, &env->sc_user_names, &ukey)) == NULL) { RB_REMOVE(user_name_tree, env->sc_user_names, &ukey); res.stat = YP_NOKEY; return (&res); } RB_REMOVE(user_name_tree, env->sc_user_names, &ukey); } line = ue->ue_line + (strlen(ue->ue_line) + 1); line = line + (strlen(line) + 1); yp_make_keyval(&res, line, line); return (&res); } else if (strcmp(arg->map, "group.byname") == 0) { bzero(key, sizeof(key)); (void)strncpy(key, arg->key.keydat_val, arg->key.keydat_len); gkey.ge_line = key; if ((ge = RB_FIND(group_name_tree, env->sc_group_names, &gkey)) == NULL) { /* * canacar's trick reloaded. */ RB_INSERT(group_name_tree, env->sc_group_names, &gkey); if ((ge = RB_NEXT(group_name_tree, &env->sc_group_names, &gkey)) == NULL) { RB_REMOVE(group_name_tree, env->sc_group_names, &gkey); res.stat = YP_NOKEY; return (&res); } RB_REMOVE(group_name_tree, env->sc_group_names, &gkey); } line = ge->ge_line + (strlen(ge->ge_line) + 1); line = line + (strlen(line) + 1); yp_make_keyval(&res, line, line); return (&res); } else { log_debug("unknown map %s", arg->map); res.stat = YP_NOMAP; return (&res); } } ypresp_all * ypproc_all_2_svc(ypreq_nokey *arg, struct svc_req *req) { static struct ypresp_all res; if (yp_valid_domain(arg->domain, (struct ypresp_val *)&res) == -1) return (&res); svcerr_auth(req->rq_xprt, AUTH_FAILED); return (NULL); } ypresp_master * ypproc_master_2_svc(ypreq_nokey *arg, struct svc_req *req) { static struct ypresp_master res; if (yp_valid_domain(arg->domain, (struct ypresp_val *)&res) == -1) return (&res); res.stat = YP_YPERR; return (&res); } ypresp_maplist * ypproc_maplist_2_svc(domainname *arg, struct svc_req *req) { size_t i; static struct { char *name; int cond; } mapnames[] = { { "passwd.byname", YPMAP_PASSWD_BYNAME }, { "passwd.byuid", YPMAP_PASSWD_BYUID }, { "master.passwd.byname", YPMAP_MASTER_PASSWD_BYNAME }, { "master.passwd.byuid", YPMAP_MASTER_PASSWD_BYUID }, { "group.byname", YPMAP_GROUP_BYNAME }, { "group.bygid", YPMAP_GROUP_BYGID }, { "netid.byname", YPMAP_NETID_BYNAME }, }; static ypresp_maplist res; static struct ypmaplist maps[sizeof(mapnames) / sizeof(mapnames[0])]; if (yp_valid_domain(*arg, (struct ypresp_val *)&res) == -1) return (&res); res.stat = YP_TRUE; res.maps = NULL; for (i = 0; i < sizeof(mapnames) / sizeof(mapnames[0]); i++) { if (!(env->sc_flags & mapnames[i].cond)) continue; maps[i].map = mapnames[i].name; maps[i].next = res.maps; res.maps = &maps[i]; } return (&res); } void yp_make_val(struct ypresp_val *res, char *line, int replacecolon) { static char buf[LINE_WIDTH]; bzero(buf, sizeof(buf)); if (replacecolon) line[strlen(line)] = ':'; (void)strlcpy(buf, line, sizeof(buf)); if (replacecolon) line[strcspn(line, ":")] = '\0'; log_debug("sending out %s", buf); res->stat = YP_TRUE; res->val.valdat_len = strlen(buf); res->val.valdat_val = buf; } void yp_make_keyval(struct ypresp_key_val *res, char *key, char *line) { static char keybuf[YPMAXRECORD+1]; static char buf[LINE_WIDTH]; bzero(keybuf, sizeof(keybuf)); bzero(buf, sizeof(buf)); (void)strlcpy(keybuf, key, sizeof(keybuf)); res->key.keydat_len = strlen(keybuf); res->key.keydat_val = keybuf; if (*line == '\0') { res->stat = YP_NOMORE; return; } res->stat = YP_TRUE; line[strlen(line)] = ':'; (void)strlcpy(buf, line, sizeof(buf)); line[strcspn(line, ":")] = '\0'; log_debug("sending out %s => %s", keybuf, buf); res->val.valdat_len = strlen(buf); res->val.valdat_val = buf; } Index: head/usr.sbin/ypldap/ypldap.c =================================================================== --- head/usr.sbin/ypldap/ypldap.c (revision 290936) +++ head/usr.sbin/ypldap/ypldap.c (revision 290937) @@ -1,650 +1,651 @@ /* $OpenBSD: ypldap.c,v 1.16 2015/11/02 10:06:06 jmatthew Exp $ */ /* $FreeBSD */ /* * Copyright (c) 2008 Pierre-Yves Ritschard * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include +#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ypldap.h" __dead void usage(void); int check_child(pid_t, const char *); void main_sig_handler(int, short, void *); void main_shutdown(void); void main_dispatch_client(int, short, void *); void main_configure_client(struct env *); void main_init_timer(int, short, void *); void main_start_update(struct env *); void main_trash_update(struct env *); void main_end_update(struct env *); int main_create_user_groups(struct env *); void purge_config(struct env *); void reconfigure(struct env *); int pipe_main2client[2]; pid_t client_pid = 0; char *conffile = YPLDAP_CONF_FILE; int opts = 0; void usage(void) { extern const char *__progname; fprintf(stderr, "usage: %s [-dnv] [-D macro=value] [-f file]\n", __progname); exit(1); } int check_child(pid_t pid, const char *pname) { int status; if (waitpid(pid, &status, WNOHANG) > 0) { if (WIFEXITED(status)) { log_warnx("check_child: lost child %s exited", pname); return (1); } if (WIFSIGNALED(status)) { log_warnx("check_child: lost child %s terminated; " "signal %d", pname, WTERMSIG(status)); return (1); } } return (0); } /* ARGUSED */ void main_sig_handler(int sig, short event, void *p) { int die = 0; switch (sig) { case SIGTERM: case SIGINT: die = 1; /* FALLTHROUGH */ case SIGCHLD: if (check_child(client_pid, "ldap client")) { client_pid = 0; die = 1; } if (die) main_shutdown(); break; case SIGHUP: /* reconfigure */ break; default: fatalx("unexpected signal"); } } void main_shutdown(void) { _exit(0); } void main_start_update(struct env *env) { env->update_trashed = 0; log_debug("starting directory update"); env->sc_user_line_len = 0; env->sc_group_line_len = 0; if ((env->sc_user_names_t = calloc(1, sizeof(*env->sc_user_names_t))) == NULL || (env->sc_group_names_t = calloc(1, sizeof(*env->sc_group_names_t))) == NULL) fatal(NULL); RB_INIT(env->sc_user_names_t); RB_INIT(env->sc_group_names_t); } /* * XXX: Currently this function should only be called when updating is * finished. A notification should be send to ldapclient that it should stop * sending new pwd/grp entries before it can be called from different places. */ void main_trash_update(struct env *env) { struct userent *ue; struct groupent *ge; env->update_trashed = 1; while ((ue = RB_ROOT(env->sc_user_names_t)) != NULL) { RB_REMOVE(user_name_tree, env->sc_user_names_t, ue); free(ue->ue_line); free(ue->ue_netid_line); free(ue); } free(env->sc_user_names_t); env->sc_user_names_t = NULL; while ((ge = RB_ROOT(env->sc_group_names_t)) != NULL) { RB_REMOVE(group_name_tree, env->sc_group_names_t, ge); free(ge->ge_line); free(ge); } free(env->sc_group_names_t); env->sc_group_names_t = NULL; } int main_create_user_groups(struct env *env) { struct userent *ue; struct userent ukey; struct groupent *ge; gid_t pw_gid; char *bp, *cp; char *p; const char *errstr = NULL; size_t len; RB_FOREACH(ue, user_name_tree, env->sc_user_names_t) { bp = cp = ue->ue_line; /* name */ bp += strlen(bp) + 1; /* password */ bp += strcspn(bp, ":") + 1; /* uid */ bp += strcspn(bp, ":") + 1; /* gid */ bp[strcspn(bp, ":")] = '\0'; pw_gid = (gid_t)strtonum(bp, 0, GID_MAX, &errstr); if (errstr) { log_warnx("main: failed to parse gid for uid: %d\n", ue->ue_uid); return (-1); } /* bring gid column back to its proper state */ bp[strlen(bp)] = ':'; if ((ue->ue_netid_line = calloc(1, LINE_WIDTH)) == NULL) { return (-1); } if (snprintf(ue->ue_netid_line, LINE_WIDTH-1, "%d:%d", ue->ue_uid, pw_gid) >= LINE_WIDTH) { return (-1); } ue->ue_gid = pw_gid; } RB_FOREACH(ge, group_name_tree, env->sc_group_names_t) { bp = cp = ge->ge_line; /* name */ bp += strlen(bp) + 1; /* password */ bp += strcspn(bp, ":") + 1; /* gid */ bp += strcspn(bp, ":") + 1; cp = bp; if (*bp == '\0') continue; bp = cp; for (;;) { if (!(cp = strsep(&bp, ","))) break; ukey.ue_line = cp; if ((ue = RB_FIND(user_name_tree, env->sc_user_names_t, &ukey)) == NULL) { /* User not found */ log_warnx("main: user: %s is referenced as a " "group member, but can't be found in the " "users map.\n", ukey.ue_line); if (bp != NULL) *(bp-1) = ','; continue; } if (bp != NULL) *(bp-1) = ','; /* Make sure the new group doesn't equal to the main gid */ if (ge->ge_gid == ue->ue_gid) continue; len = strlen(ue->ue_netid_line); p = ue->ue_netid_line + len; if ((snprintf(p, LINE_WIDTH-len-1, ",%d", ge->ge_gid)) >= (int)(LINE_WIDTH-len)) { return (-1); } } } return (0); } void main_end_update(struct env *env) { struct userent *ue; struct groupent *ge; if (env->update_trashed) return; log_debug("updates are over, cleaning up trees now"); if (main_create_user_groups(env) == -1) { main_trash_update(env); return; } if (env->sc_user_names == NULL) { env->sc_user_names = env->sc_user_names_t; env->sc_user_lines = NULL; env->sc_user_names_t = NULL; env->sc_group_names = env->sc_group_names_t; env->sc_group_lines = NULL; env->sc_group_names_t = NULL; flatten_entries(env); goto make_uids; } /* * clean previous tree. */ while ((ue = RB_ROOT(env->sc_user_names)) != NULL) { RB_REMOVE(user_name_tree, env->sc_user_names, ue); free(ue->ue_netid_line); free(ue); } free(env->sc_user_names); free(env->sc_user_lines); env->sc_user_names = env->sc_user_names_t; env->sc_user_lines = NULL; env->sc_user_names_t = NULL; while ((ge = RB_ROOT(env->sc_group_names)) != NULL) { RB_REMOVE(group_name_tree, env->sc_group_names, ge); free(ge); } free(env->sc_group_names); free(env->sc_group_lines); env->sc_group_names = env->sc_group_names_t; env->sc_group_lines = NULL; env->sc_group_names_t = NULL; flatten_entries(env); /* * trees are flat now. build up uid, gid and netid trees. */ make_uids: RB_INIT(&env->sc_user_uids); RB_INIT(&env->sc_group_gids); RB_FOREACH(ue, user_name_tree, env->sc_user_names) RB_INSERT(user_uid_tree, &env->sc_user_uids, ue); RB_FOREACH(ge, group_name_tree, env->sc_group_names) RB_INSERT(group_gid_tree, &env->sc_group_gids, ge); } void main_dispatch_client(int fd, short events, void *p) { int n; int shut = 0; struct env *env = p; struct imsgev *iev = env->sc_iev; struct imsgbuf *ibuf = &iev->ibuf; struct idm_req ir; struct imsg imsg; if ((events & (EV_READ | EV_WRITE)) == 0) fatalx("unknown event"); if (events & EV_READ) { if ((n = imsg_read(ibuf)) == -1) fatal("imsg_read error"); if (n == 0) shut = 1; } if (events & EV_WRITE) { if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) fatal("msgbuf_write"); if (n == 0) shut = 1; goto done; } for (;;) { if ((n = imsg_get(ibuf, &imsg)) == -1) fatal("main_dispatch_client: imsg_get error"); if (n == 0) break; switch (imsg.hdr.type) { case IMSG_START_UPDATE: main_start_update(env); break; case IMSG_PW_ENTRY: { struct userent *ue; size_t len; if (env->update_trashed) break; (void)memcpy(&ir, imsg.data, sizeof(ir)); if ((ue = calloc(1, sizeof(*ue))) == NULL || (ue->ue_line = strdup(ir.ir_line)) == NULL) { /* * should cancel tree update instead. */ fatal("out of memory"); } ue->ue_uid = ir.ir_key.ik_uid; len = strlen(ue->ue_line) + 1; ue->ue_line[strcspn(ue->ue_line, ":")] = '\0'; if (RB_INSERT(user_name_tree, env->sc_user_names_t, ue) != NULL) { /* dup */ free(ue->ue_line); free(ue); } else env->sc_user_line_len += len; break; } case IMSG_GRP_ENTRY: { struct groupent *ge; size_t len; if (env->update_trashed) break; (void)memcpy(&ir, imsg.data, sizeof(ir)); if ((ge = calloc(1, sizeof(*ge))) == NULL || (ge->ge_line = strdup(ir.ir_line)) == NULL) { /* * should cancel tree update instead. */ fatal("out of memory"); } ge->ge_gid = ir.ir_key.ik_gid; len = strlen(ge->ge_line) + 1; ge->ge_line[strcspn(ge->ge_line, ":")] = '\0'; if (RB_INSERT(group_name_tree, env->sc_group_names_t, ge) != NULL) { /* dup */ free(ge->ge_line); free(ge); } else env->sc_group_line_len += len; break; } case IMSG_TRASH_UPDATE: main_trash_update(env); break; case IMSG_END_UPDATE: { main_end_update(env); break; } default: log_debug("main_dispatch_client: unexpected imsg %d", imsg.hdr.type); break; } imsg_free(&imsg); } done: if (!shut) imsg_event_add(iev); else { log_debug("king bula sez: ran into dead pipe"); event_del(&iev->ev); event_loopexit(NULL); } } void main_configure_client(struct env *env) { struct idm *idm; struct imsgev *iev = env->sc_iev; imsg_compose_event(iev, IMSG_CONF_START, 0, 0, -1, env, sizeof(*env)); TAILQ_FOREACH(idm, &env->sc_idms, idm_entry) { imsg_compose_event(iev, IMSG_CONF_IDM, 0, 0, -1, idm, sizeof(*idm)); } imsg_compose_event(iev, IMSG_CONF_END, 0, 0, -1, NULL, 0); } void main_init_timer(int fd, short event, void *p) { struct env *env = p; main_configure_client(env); } void purge_config(struct env *env) { struct idm *idm; while ((idm = TAILQ_FIRST(&env->sc_idms)) != NULL) { TAILQ_REMOVE(&env->sc_idms, idm, idm_entry); free(idm); } } int main(int argc, char *argv[]) { int c; int debug; struct passwd *pw; struct env env; struct event ev_sigint; struct event ev_sigterm; struct event ev_sigchld; struct event ev_sighup; struct event ev_timer; struct timeval tv; debug = 0; ypldap_process = PROC_MAIN; log_init(1); while ((c = getopt(argc, argv, "dD:nf:v")) != -1) { switch (c) { case 'd': debug = 2; break; case 'D': if (cmdline_symset(optarg) < 0) log_warnx("could not parse macro definition %s", optarg); break; case 'n': debug = 2; opts |= YPLDAP_OPT_NOACTION; break; case 'f': conffile = optarg; break; case 'v': opts |= YPLDAP_OPT_VERBOSE; break; default: usage(); } } argc -= optind; argv += optind; if (argc) usage(); RB_INIT(&env.sc_user_uids); RB_INIT(&env.sc_group_gids); if (parse_config(&env, conffile, opts)) exit(1); if (opts & YPLDAP_OPT_NOACTION) { fprintf(stderr, "configuration OK\n"); exit(0); } if (geteuid()) errx(1, "need root privileges"); log_init(debug); if (!debug) { if (daemon(1, 0) == -1) err(1, "failed to daemonize"); } log_info("startup%s", (debug > 1)?" [debug mode]":""); if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC, pipe_main2client) == -1) fatal("socketpair"); client_pid = ldapclient(pipe_main2client); setproctitle("parent"); event_init(); signal_set(&ev_sigint, SIGINT, main_sig_handler, &env); signal_set(&ev_sigterm, SIGTERM, main_sig_handler, &env); signal_set(&ev_sighup, SIGHUP, main_sig_handler, &env); signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, &env); signal_add(&ev_sigint, NULL); signal_add(&ev_sigterm, NULL); signal_add(&ev_sighup, NULL); signal_add(&ev_sigchld, NULL); close(pipe_main2client[1]); if ((env.sc_iev = calloc(1, sizeof(*env.sc_iev))) == NULL) fatal(NULL); imsg_init(&env.sc_iev->ibuf, pipe_main2client[0]); env.sc_iev->handler = main_dispatch_client; env.sc_iev->events = EV_READ; env.sc_iev->data = &env; event_set(&env.sc_iev->ev, env.sc_iev->ibuf.fd, env.sc_iev->events, env.sc_iev->handler, &env); event_add(&env.sc_iev->ev, NULL); yp_init(&env); if ((pw = getpwnam(YPLDAP_USER)) == NULL) fatal("getpwnam"); #ifndef DEBUG if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("cannot drop privileges"); #else #warning disabling privilege revocation in debug mode #endif bzero(&tv, sizeof(tv)); evtimer_set(&ev_timer, main_init_timer, &env); evtimer_add(&ev_timer, &tv); yp_enable_events(); event_dispatch(); main_shutdown(); return (0); } void imsg_event_add(struct imsgev *iev) { if (iev->handler == NULL) { imsg_flush(&iev->ibuf); return; } iev->events = EV_READ; if (iev->ibuf.w.queued) iev->events |= EV_WRITE; event_del(&iev->ev); event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data); event_add(&iev->ev, NULL); } int imsg_compose_event(struct imsgev *iev, u_int16_t type, u_int32_t peerid, pid_t pid, int fd, void *data, u_int16_t datalen) { int ret; if ((ret = imsg_compose(&iev->ibuf, type, peerid, pid, fd, data, datalen)) != -1) imsg_event_add(iev); return (ret); } Index: head/usr.sbin/ypldap/ypldap_dns.c =================================================================== --- head/usr.sbin/ypldap/ypldap_dns.c (revision 290936) +++ head/usr.sbin/ypldap/ypldap_dns.c (revision 290937) @@ -1,253 +1,254 @@ /* $OpenBSD: ypldap_dns.c,v 1.8 2015/01/16 06:40:22 deraadt Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2003-2008 Henning Brauer * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include +#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ypldap.h" volatile sig_atomic_t quit_dns = 0; struct imsgev *iev_dns; void dns_dispatch_imsg(int, short, void *); void dns_sig_handler(int, short, void *); void dns_shutdown(void); int host_dns(const char *s, struct ypldap_addr **hn); void dns_sig_handler(int sig, short event, void *p) { switch (sig) { case SIGINT: case SIGTERM: dns_shutdown(); break; default: fatalx("unexpected signal"); } } void dns_shutdown(void) { log_info("dns engine exiting"); _exit(0); } pid_t ypldap_dns(int pipe_ntp[2], struct passwd *pw) { pid_t pid; struct event ev_sigint; struct event ev_sigterm; struct event ev_sighup; struct env env; switch (pid = fork()) { case -1: fatal("cannot fork"); break; case 0: break; default: return (pid); } setproctitle("dns engine"); close(pipe_ntp[0]); if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); endservent(); event_init(); signal_set(&ev_sigint, SIGINT, dns_sig_handler, NULL); signal_set(&ev_sigterm, SIGTERM, dns_sig_handler, NULL); signal_set(&ev_sighup, SIGHUP, dns_sig_handler, NULL); signal_add(&ev_sigint, NULL); signal_add(&ev_sigterm, NULL); signal_add(&ev_sighup, NULL); if ((env.sc_iev = calloc(1, sizeof(*env.sc_iev))) == NULL) fatal(NULL); env.sc_iev->events = EV_READ; env.sc_iev->data = &env; imsg_init(&env.sc_iev->ibuf, pipe_ntp[1]); env.sc_iev->handler = dns_dispatch_imsg; event_set(&env.sc_iev->ev, env.sc_iev->ibuf.fd, env.sc_iev->events, env.sc_iev->handler, &env); event_add(&env.sc_iev->ev, NULL); event_dispatch(); dns_shutdown(); return (0); } void dns_dispatch_imsg(int fd, short events, void *p) { struct imsg imsg; int n, cnt; char *name; struct ypldap_addr *h, *hn; struct ibuf *buf; struct env *env = p; struct imsgev *iev = env->sc_iev; struct imsgbuf *ibuf = &iev->ibuf; int shut = 0; if ((events & (EV_READ | EV_WRITE)) == 0) fatalx("unknown event"); if (events & EV_READ) { if ((n = imsg_read(ibuf)) == -1) fatal("imsg_read error"); if (n == 0) shut = 1; } if (events & EV_WRITE) { if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) fatal("msgbuf_write"); if (n == 0) shut = 1; goto done; } for (;;) { if ((n = imsg_get(ibuf, &imsg)) == -1) fatal("client_dispatch_imsg: imsg_get error"); if (n == 0) break; switch (imsg.hdr.type) { case IMSG_HOST_DNS: name = imsg.data; if (imsg.hdr.len < 1 + IMSG_HEADER_SIZE) fatalx("invalid IMSG_HOST_DNS received"); imsg.hdr.len -= 1 + IMSG_HEADER_SIZE; if (name[imsg.hdr.len] != '\0' || strlen(name) != imsg.hdr.len) fatalx("invalid IMSG_HOST_DNS received"); if ((cnt = host_dns(name, &hn)) == -1) break; buf = imsg_create(ibuf, IMSG_HOST_DNS, imsg.hdr.peerid, 0, cnt * sizeof(struct sockaddr_storage)); if (buf == NULL) break; if (cnt > 0) { h = hn; while (h != NULL) { imsg_add(buf, &h->ss, sizeof(h->ss)); hn = h->next; free(h); h = hn; } } imsg_close(ibuf, buf); break; default: break; } imsg_free(&imsg); } done: if (!shut) imsg_event_add(iev); else { /* this pipe is dead, so remove the event handler */ event_del(&iev->ev); event_loopexit(NULL); } } int host_dns(const char *s, struct ypldap_addr **hn) { struct addrinfo hints, *res0, *res; int error, cnt = 0; struct sockaddr_in *sa_in; struct sockaddr_in6 *sa_in6; struct ypldap_addr *h, *hh = NULL; bzero(&hints, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_DGRAM; /* DUMMY */ error = getaddrinfo(s, NULL, &hints, &res0); if (error == EAI_AGAIN || error == EAI_NONAME) return (0); if (error) { log_warnx("could not parse \"%s\": %s", s, gai_strerror(error)); return (-1); } for (res = res0; res && cnt < MAX_SERVERS_DNS; res = res->ai_next) { if (res->ai_family != AF_INET && res->ai_family != AF_INET6) continue; if ((h = calloc(1, sizeof(struct ypldap_addr))) == NULL) fatal(NULL); h->ss.ss_family = res->ai_family; if (res->ai_family == AF_INET) { sa_in = (struct sockaddr_in *)&h->ss; sa_in->sin_len = sizeof(struct sockaddr_in); sa_in->sin_addr.s_addr = ((struct sockaddr_in *) res->ai_addr)->sin_addr.s_addr; } else { sa_in6 = (struct sockaddr_in6 *)&h->ss; sa_in6->sin6_len = sizeof(struct sockaddr_in6); memcpy(&sa_in6->sin6_addr, &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr, sizeof(struct in6_addr)); } h->next = hh; hh = h; cnt++; } freeaddrinfo(res0); *hn = hh; return (cnt); }