NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/50057: yp-map transfer removes SECURE-flag

>Number:         50057
>Category:       bin
>Synopsis:       yp-map transfer removes SECURE-flag
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 17 11:35:00 +0000 2015
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 6.1
Dr. Nagler & Company GmbH
System: NetBSD s010 6.1 NetBSD 6.1 (NSW-VM) #8: Mon Jul 14 10:19:49 CEST 2014 tsdauche@s012:/export/NetBSD-6.1/N+C-build/.OBJDIR_amd64/export/NetBSD-6.1/src/sys/arch/amd64/compile/NSW-VM amd64
Architecture: x86_64
Machine: amd64
	When transfering a SECURE yp-map to a slave server (both NetBSD 6.1) the SECURE-flag gets lost.
	Setup a YP-Master with a secure map and a YP-Slave server and transfer the map.

	Example - map on Master:

	s010# makedbm -u master.passwd.byname | head -4
	YP_LAST_MODIFIED 1435744801
	aabock aabock:XXXXXXXXXX:1097:1100::0:0:Alona Bock:/home/schn/aabock:/bin/sh

	Example - map on Slave after transfer - remark: no local ypserv running on test-system:

	test-s0# ypxfr -d N+C -h s010 master.passwd.byname
	test-s0# makedbm -u master.passwd.byname | head -4
	YP_LAST_MODIFIED 1435744801
	aabock aabock:XXXXXXXXXX:1097:1100::0:0:Alona Bock:/home/schn/aabock:/bin/sh
	aakral aakral:XXXXXXXXXX:1311:1100::0:0:Attila Kral:/home/schn/aakral:/bin/sh

	remark: password fields replaced by XXXXXXXXXX
	remark: running 'ypcat master.passwd.byname' against the Slave-Server reports the information to any user
	The ypxfr programm uses yp_match_host() in function add_secure(). This tries to get the entry with
	YPPROC_MATCH and that fails, because ypserv does not accept any requet to YP-private entries.
	The following patch to /usr/src/usr.sbin/ypserv/ypserv/ypserv.c will fix this problem.
	It allows requesting YP-private map entries in a "ypmatch"-call when connected from a secure port.
	No "normal" client is affected.
	The patch uses the secure-flag of the map to avoid an additional call to securecheck() or to save
	the result of the previous call.

diff -u -r1.1 ypserv_proc.c
--- ypserv_proc.c       2015/07/10 09:24:06     1.1
+++ ypserv_proc.c       2015/07/10 09:26:47
@@ -166,7 +166,8 @@
        if (secure && securecheck(caller))
                res.status = YP_YPERR;
-               res = ypdb_get_record(k->domain, k->map, k->keydat, FALSE);
+               /* fix transport of secure maps */
+               res = ypdb_get_record(k->domain, k->map, k->keydat, secure);
        return ((void *)&res);


Home | Main Index | Thread Index | Old Index