mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-11 09:50:12 +00:00
Toss the old yppasswdd into the attic.
This commit is contained in:
parent
e4a8c82437
commit
d565512ed5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=14061
@ -1,19 +0,0 @@
|
||||
# $Id: Makefile,v 1.6 1995/07/19 17:44:32 wpaul Exp $
|
||||
# @(#)Makefile 8.3 (Berkeley) 4/2/94
|
||||
|
||||
PROG= yppasswdd
|
||||
MAN8= yppasswdd.8
|
||||
|
||||
SRCS= yppasswdd.c update.c pw_copy.c pw_util.c
|
||||
|
||||
LDADD= -lcrypt -lrpcsvc
|
||||
CFLAGS+=-DCRYPT -I${.CURDIR} -I${.CURDIR}/../../../usr.sbin/vipw \
|
||||
-I${.CURDIR}/../../../usr.bin/chpass
|
||||
CFLAGS+=-DVERSION=\"0.7\" -DYPLIBDIR=\"/usr/libexec\" -D_GNU_SOURCE
|
||||
|
||||
afterinstall:
|
||||
${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \
|
||||
${.CURDIR}/yppwupdate \
|
||||
${DESTDIR}/usr/libexec/yppwupdate
|
||||
|
||||
.include <bsd.prog.mk>
|
@ -1,119 +0,0 @@
|
||||
/*-
|
||||
* Copyright (c) 1990, 1993, 1994
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static char sccsid[] = "@(#)pw_copy.c 8.4 (Berkeley) 4/2/94";
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
* This module is used to copy the master password file, replacing a single
|
||||
* record, by chpass(1) and passwd(1).
|
||||
*/
|
||||
|
||||
#include <err.h>
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
|
||||
#include <pw_util.h>
|
||||
|
||||
int pw_copy __P((int, int, struct passwd *));
|
||||
|
||||
extern char *tempname;
|
||||
extern char *passfile;
|
||||
|
||||
int
|
||||
pw_copy(ffd, tfd, pw)
|
||||
int ffd, tfd;
|
||||
struct passwd *pw;
|
||||
{
|
||||
FILE *from, *to;
|
||||
int done;
|
||||
char *p, buf[8192];
|
||||
|
||||
if (!(from = fdopen(ffd, "r"))) {
|
||||
pw_error(passfile, 1, 1);
|
||||
return(-1);
|
||||
}
|
||||
if (!(to = fdopen(tfd, "w"))) {
|
||||
pw_error(tempname, 1, 1);
|
||||
return(-1);
|
||||
}
|
||||
for (done = 0; fgets(buf, sizeof(buf), from);) {
|
||||
if (!strchr(buf, '\n')) {
|
||||
syslog(LOG_ERR, "%s: line too long", passfile);
|
||||
pw_error(NULL, 0, 1);
|
||||
goto err;
|
||||
}
|
||||
if (done) {
|
||||
(void)fprintf(to, "%s", buf);
|
||||
if (ferror(to))
|
||||
goto err;
|
||||
continue;
|
||||
}
|
||||
if (!(p = strchr(buf, ':'))) {
|
||||
syslog(LOG_ERR, "%s: corrupted entry", passfile);
|
||||
pw_error(NULL, 0, 1);
|
||||
goto err;
|
||||
}
|
||||
*p = '\0';
|
||||
if (strcmp(buf, pw->pw_name)) {
|
||||
*p = ':';
|
||||
(void)fprintf(to, "%s", buf);
|
||||
if (ferror(to))
|
||||
goto err;
|
||||
continue;
|
||||
}
|
||||
(void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
|
||||
pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
|
||||
pw->pw_class, pw->pw_change, pw->pw_expire, pw->pw_gecos,
|
||||
pw->pw_dir, pw->pw_shell);
|
||||
done = 1;
|
||||
if (ferror(to))
|
||||
goto err;
|
||||
}
|
||||
if (!done) {
|
||||
syslog(LOG_ERR, "user \"%s\" not found in %s -- NIS maps and password file possibly out of sync", pw->pw_name, passfile);
|
||||
goto err;
|
||||
}
|
||||
if (ferror(to)) {
|
||||
err: pw_error(NULL, 1, 1);
|
||||
(void)fclose(to);
|
||||
(void)fclose(from);
|
||||
return(-1);
|
||||
}
|
||||
(void)fclose(to);
|
||||
(void)fclose(from);
|
||||
return(0);
|
||||
}
|
@ -1,178 +0,0 @@
|
||||
/*-
|
||||
* Copyright (c) 1990, 1993, 1994
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94";
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
* This file is used by all the "password" programs; vipw(8), chpass(1),
|
||||
* and passwd(1).
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/resource.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <paths.h>
|
||||
#include <pwd.h>
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <syslog.h>
|
||||
|
||||
#include <pw_util.h>
|
||||
|
||||
extern void reaper __P((int));
|
||||
extern void install_reaper __P((int));
|
||||
extern char *tempname;
|
||||
extern char *passfile;
|
||||
int pstat;
|
||||
pid_t pid;
|
||||
|
||||
void
|
||||
pw_init()
|
||||
{
|
||||
struct rlimit rlim;
|
||||
|
||||
/* Unlimited resource limits. */
|
||||
rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
|
||||
(void)setrlimit(RLIMIT_CPU, &rlim);
|
||||
(void)setrlimit(RLIMIT_FSIZE, &rlim);
|
||||
(void)setrlimit(RLIMIT_STACK, &rlim);
|
||||
(void)setrlimit(RLIMIT_DATA, &rlim);
|
||||
(void)setrlimit(RLIMIT_RSS, &rlim);
|
||||
|
||||
/* Don't drop core (not really necessary, but GP's). */
|
||||
rlim.rlim_cur = rlim.rlim_max = 0;
|
||||
(void)setrlimit(RLIMIT_CORE, &rlim);
|
||||
|
||||
/* Turn off signals. */
|
||||
(void)signal(SIGALRM, SIG_IGN);
|
||||
(void)signal(SIGHUP, SIG_IGN);
|
||||
(void)signal(SIGINT, SIG_IGN);
|
||||
(void)signal(SIGPIPE, SIG_IGN);
|
||||
(void)signal(SIGQUIT, SIG_IGN);
|
||||
(void)signal(SIGTSTP, SIG_IGN);
|
||||
(void)signal(SIGTTOU, SIG_IGN);
|
||||
|
||||
/* Create with exact permissions. */
|
||||
(void)umask(0);
|
||||
}
|
||||
|
||||
static int lockfd;
|
||||
|
||||
int
|
||||
pw_lock()
|
||||
{
|
||||
/*
|
||||
* If the master password file doesn't exist, the system is hosed.
|
||||
* Might as well try to build one. Set the close-on-exec bit so
|
||||
* that users can't get at the encrypted passwords while editing.
|
||||
* Open should allow flock'ing the file; see 4.4BSD. XXX
|
||||
*/
|
||||
lockfd = open(passfile, O_RDONLY, 0);
|
||||
if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) {
|
||||
syslog(LOG_NOTICE, "%s: %s", passfile, strerror(errno));
|
||||
return (-1);
|
||||
}
|
||||
if (flock(lockfd, LOCK_EX|LOCK_NB)) {
|
||||
syslog(LOG_NOTICE, "%s: the password db file is busy", passfile);
|
||||
return(-1);
|
||||
}
|
||||
return (lockfd);
|
||||
}
|
||||
|
||||
int
|
||||
pw_tmp()
|
||||
{
|
||||
static char path[MAXPATHLEN];
|
||||
int fd;
|
||||
char *p;
|
||||
|
||||
sprintf(path,"%s",passfile);
|
||||
if ((p = strrchr(path, '/')))
|
||||
++p;
|
||||
else
|
||||
p = path;
|
||||
strcpy(p, "pw.XXXXXX");
|
||||
if ((fd = mkstemp(path)) == -1) {
|
||||
syslog(LOG_ERR, "%s: %s", path, strerror(errno));
|
||||
return(-1);
|
||||
}
|
||||
tempname = path;
|
||||
return (fd);
|
||||
}
|
||||
|
||||
int
|
||||
pw_mkdb()
|
||||
{
|
||||
|
||||
syslog(LOG_NOTICE, "rebuilding the database...");
|
||||
(void)fflush(stderr);
|
||||
/* Temporarily turn off SIGCHLD catching */
|
||||
install_reaper(0);
|
||||
if (!(pid = vfork())) {
|
||||
execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", tempname, NULL);
|
||||
pw_error(_PATH_PWD_MKDB, 1, 1);
|
||||
return(-1);
|
||||
}
|
||||
/* Handle this ourselves. */
|
||||
reaper(SIGCHLD);
|
||||
/* Put the handler back. Foo. */
|
||||
install_reaper(1);
|
||||
if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) {
|
||||
return (-1);
|
||||
}
|
||||
syslog(LOG_NOTICE, "done");
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
pw_error(name, err, eval)
|
||||
char *name;
|
||||
int err, eval;
|
||||
{
|
||||
if (err && name != NULL)
|
||||
syslog(LOG_ERR, "%s", name);
|
||||
|
||||
syslog(LOG_NOTICE,"%s: unchanged", passfile);
|
||||
(void)unlink(tempname);
|
||||
}
|
@ -1,195 +0,0 @@
|
||||
/*
|
||||
* yppasswdd
|
||||
* Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
|
||||
*
|
||||
* This program is covered by the GNU General Public License, version 2.
|
||||
* It is provided in the hope that it is useful. However, the author
|
||||
* disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/param.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
#include <ctype.h>
|
||||
#include <time.h>
|
||||
#include <pwd.h>
|
||||
|
||||
#include <syslog.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <rpc/rpc.h>
|
||||
#include <rpc/pmap_clnt.h>
|
||||
#include "yppasswd.h"
|
||||
|
||||
char *tempname, *passfile;
|
||||
extern int *allow_chfn, *allow_chsh;
|
||||
extern int pid;
|
||||
extern int pw_copy __P((int, int, struct passwd *));
|
||||
extern int pw_lock __P((void));
|
||||
extern int pw_mkdb __P((void));
|
||||
extern int pw_tmp __P((void));
|
||||
|
||||
#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr)
|
||||
#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port)
|
||||
void reaper( int sig );
|
||||
|
||||
/*===============================================================*
|
||||
* Argument validation. Avoid \n... (ouch).
|
||||
* We can't use isprint, because people may use 8bit chars which
|
||||
* aren't recognized as printable in the default locale.
|
||||
*===============================================================*/
|
||||
static int
|
||||
validate_string(char *str)
|
||||
{
|
||||
while (*str && !iscntrl(*str)) str++;
|
||||
return (*str == '\0');
|
||||
}
|
||||
|
||||
static int
|
||||
validate_args(struct xpasswd *pw)
|
||||
{
|
||||
if (pw->pw_name[0] == '-' || pw->pw_name[0] == '+') {
|
||||
syslog(LOG_ALERT, "attempt to modify NIS passwd entry \"%s\"",
|
||||
pw->pw_name);
|
||||
}
|
||||
|
||||
return validate_string(pw->pw_passwd)
|
||||
&& validate_string(pw->pw_shell)
|
||||
&& validate_string(pw->pw_gecos);
|
||||
}
|
||||
|
||||
/*===============================================================*
|
||||
* The passwd update handler
|
||||
*===============================================================*/
|
||||
int *
|
||||
yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp)
|
||||
{
|
||||
struct xpasswd *newpw; /* passwd struct passed by the client */
|
||||
struct passwd *pw; /* passwd struct obtained from getpwent() */
|
||||
int chsh = 0, chfn = 0;
|
||||
static int res;
|
||||
char logbuf[255];
|
||||
int pfd, tfd;
|
||||
char *passfile_hold;
|
||||
char template[] = "/tmp/yppwtmp.XXXXX";
|
||||
|
||||
newpw = &yppw->newpw;
|
||||
res = 1;
|
||||
|
||||
sprintf( logbuf, "update %.12s (uid=%d) from host %s",
|
||||
yppw->newpw.pw_name,
|
||||
yppw->newpw.pw_uid,
|
||||
inet_ntoa(xprt_addr(rqstp->rq_xprt)));
|
||||
|
||||
if (!validate_args(newpw)) {
|
||||
syslog ( LOG_ALERT, "%s failed", logbuf );
|
||||
syslog ( LOG_ALERT, "Invalid characters in argument. "
|
||||
"Possible spoof attempt?" );
|
||||
return &res;
|
||||
}
|
||||
|
||||
/* Check if the user exists
|
||||
*/
|
||||
if (!(pw = getpwnam(yppw->newpw.pw_name))) {
|
||||
syslog ( LOG_WARNING, "%s failed", logbuf );
|
||||
syslog ( LOG_WARNING, "User not in password file." );
|
||||
return (&res);
|
||||
}
|
||||
|
||||
/* Check the password.
|
||||
*/
|
||||
if (strcmp(crypt(yppw->oldpass, pw->pw_passwd), pw->pw_passwd)) {
|
||||
syslog ( LOG_WARNING, "%s rejected", logbuf );
|
||||
syslog ( LOG_WARNING, "Invalid password." );
|
||||
sleep(1);
|
||||
return(&res);
|
||||
}
|
||||
|
||||
/* set the new passwd, shell, and full name
|
||||
*/
|
||||
pw->pw_change = 0;
|
||||
pw->pw_passwd = newpw->pw_passwd;
|
||||
|
||||
if (allow_chsh) {
|
||||
chsh = (strcmp(pw->pw_shell, newpw->pw_shell) != 0);
|
||||
pw->pw_shell = newpw->pw_shell;
|
||||
}
|
||||
|
||||
if (allow_chfn) {
|
||||
chfn = (strcmp(pw->pw_gecos, newpw->pw_gecos) != 0);
|
||||
pw->pw_gecos = newpw->pw_gecos;
|
||||
}
|
||||
|
||||
/*
|
||||
* Bail if locking the password file or temp file creation fails.
|
||||
* (These operations should log their own failure messages if need be,
|
||||
* so we don't have to log their failures here.)
|
||||
*/
|
||||
if ((pfd = pw_lock()) < 0)
|
||||
return &res;
|
||||
if ((tfd = pw_tmp()) < 0)
|
||||
return &res;
|
||||
|
||||
/* Placeholder in case we need to put the old password file back. */
|
||||
passfile_hold = mktemp((char *)&template);
|
||||
|
||||
/*
|
||||
* Copy the password file to the temp file,
|
||||
* inserting new passwd entry along the way.
|
||||
*/
|
||||
if (pw_copy(pfd, tfd, pw) < 0) {
|
||||
syslog(LOG_ERR, "%s > %s: copy failed. Cleaning up.",
|
||||
tempname, passfile);
|
||||
unlink(tempname);
|
||||
return (&res);
|
||||
}
|
||||
|
||||
rename(passfile, passfile_hold);
|
||||
if (strcmp(passfile, _PATH_MASTERPASSWD)) {
|
||||
rename(tempname, passfile);
|
||||
}
|
||||
else
|
||||
if (pw_mkdb() < 0) {
|
||||
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
|
||||
return(&res);
|
||||
}
|
||||
|
||||
/* Fork off process to rebuild NIS passwd.* maps. If the fork
|
||||
* fails, restore old passwd file and return an error.
|
||||
*/
|
||||
if ((pid = fork()) < 0) {
|
||||
syslog( LOG_ERR, "%s failed", logbuf );
|
||||
syslog( LOG_ERR, "Couldn't fork map update process: %m" );
|
||||
unlink(passfile);
|
||||
rename(passfile_hold, passfile);
|
||||
if (!strcmp(passfile, _PATH_MASTERPASSWD))
|
||||
if (pw_mkdb()) {
|
||||
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
|
||||
return(&res);
|
||||
}
|
||||
|
||||
return (&res);
|
||||
}
|
||||
if (pid == 0) {
|
||||
unlink(passfile_hold);
|
||||
execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile, NULL);
|
||||
syslog( LOG_ERR, "Error: couldn't exec map update process: %m" );
|
||||
exit(1);
|
||||
}
|
||||
|
||||
syslog (LOG_INFO, "%s successful. Password changed.", logbuf );
|
||||
if (chsh || chfn) {
|
||||
syslog ( LOG_INFO, "Shell %schanged (%s), GECOS %schanged (%s).",
|
||||
chsh? "" : "un", newpw->pw_shell,
|
||||
chfn? "" : "un", newpw->pw_gecos );
|
||||
}
|
||||
|
||||
res = 0;
|
||||
return (&res);
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
/*
|
||||
* yppasswdd
|
||||
* Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
|
||||
*
|
||||
* This program is covered by the GNU General Public License, version 2.
|
||||
* It is provided in the hope that it is useful. However, the author
|
||||
* disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
|
||||
*
|
||||
* This file was generated automatically by rpcgen from yppasswd.x, and
|
||||
* editied manually.
|
||||
*/
|
||||
|
||||
#ifndef _YPPASSWD_H_
|
||||
#define _YPPASSWD_H_
|
||||
|
||||
#define YPPASSWDPROG ((u_long)100009)
|
||||
#define YPPASSWDVERS ((u_long)1)
|
||||
#define YPPASSWDPROC_UPDATE ((u_long)1)
|
||||
|
||||
/*
|
||||
* The password struct passed by the update call. I renamed it to
|
||||
* xpasswd to avoid a type clash with the one defined in <pwd.h>.
|
||||
*/
|
||||
typedef struct xpasswd {
|
||||
char *pw_name;
|
||||
char *pw_passwd;
|
||||
int pw_uid;
|
||||
int pw_gid;
|
||||
char *pw_gecos;
|
||||
char *pw_dir;
|
||||
char *pw_shell;
|
||||
} xpasswd;
|
||||
|
||||
/* The updated password information, plus the old password.
|
||||
*/
|
||||
typedef struct yppasswd {
|
||||
char *oldpass;
|
||||
xpasswd newpw;
|
||||
} yppasswd;
|
||||
|
||||
/* XDR encoding/decoding routines */
|
||||
bool_t xdr_xpasswd (XDR *xdrs, xpasswd *objp);
|
||||
bool_t xdr_yppasswd(XDR *xdrs, yppasswd *objp);
|
||||
|
||||
/* The server procedure invoked by the main loop. */
|
||||
void yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp);
|
||||
|
||||
/* Password update handler. */
|
||||
int * yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp);
|
||||
|
||||
/* This command is forked to rebuild the NIS maps after a successful
|
||||
* update. MAP_UPDATE is used as argv[0].
|
||||
*/
|
||||
#define MAP_UPDATE "yppwupdate"
|
||||
#define MAP_UPDATE_PATH YPLIBDIR "/yppwupdate"
|
||||
|
||||
#endif _YPPASSWD_H_
|
@ -1,199 +0,0 @@
|
||||
.\"
|
||||
.\" Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
|
||||
.\"
|
||||
.\" This program is covered by the GNU General Public License, version 2.
|
||||
.\" It is provided in the hope that it is useful. However, the author
|
||||
.\" disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
|
||||
.\"
|
||||
.Dd 12 December 1994
|
||||
.Dt YPPASSWDD 8
|
||||
.Sh NAME
|
||||
.Nm yppasswdd
|
||||
.Nd NIS password database update server
|
||||
.Sh SYNOPSIS
|
||||
.Nm yppasswdd
|
||||
.Op Ar -m master password file
|
||||
.Op Fl s
|
||||
.Op Fl f
|
||||
.Op Fl v
|
||||
.Op Fl h
|
||||
.Sh DESCRIPTION
|
||||
.Nm yppasswdd
|
||||
is the RPC server that lets users change their passwords
|
||||
in the presence of NIS (a.k.a. YP). It must be run on the NIS master
|
||||
server for that NIS domain.
|
||||
.Pp
|
||||
When a
|
||||
.Xr yppasswd 1
|
||||
client contacts the server, it sends the old user
|
||||
password along with the new one.
|
||||
.Nm yppasswdd
|
||||
will search the system's
|
||||
NIS password database file for the specified user name, verify that the
|
||||
given (old) password matches, and update the entry. If the user
|
||||
specified does not exist, or if the password, UID or GID doesn't match
|
||||
the information in the password file, the update request is rejected,
|
||||
and an error returned to the client.
|
||||
.Pp
|
||||
After updating the
|
||||
.Nm master.passwd
|
||||
file and returning a success
|
||||
notifications to the client,
|
||||
.Nm yppasswdd
|
||||
executes the
|
||||
.Nm yppwupdate
|
||||
script that updates the NIS server's
|
||||
.Nm master.passwd.*
|
||||
and
|
||||
.Nm passwd.*
|
||||
maps. This script invokes
|
||||
.Nm /var/yp/Makefile
|
||||
to rebuild the NIS password maps (and propagate them to NIS slave
|
||||
servers if there are any in the domain).
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width Ds
|
||||
The following options are available with
|
||||
.Nm yppasswdd:
|
||||
.It Fl Ar m master password file
|
||||
.Nm yppasswdd
|
||||
server needs to know the location of the
|
||||
master.passwd file that is to be used to generate updated NIS
|
||||
password maps. This file is normally kept in
|
||||
.Nm /var/yp
|
||||
(it must be owned by root and not world readable for security reasons).
|
||||
If you move it somewhere else you'll have to tell yppasswdd using the
|
||||
.Fl m
|
||||
option. The location of this file is also passed to
|
||||
.Nm /var/yp/Makefile
|
||||
when time comes to rebuild the NIS password maps. It is recommended,
|
||||
however, that you edit
|
||||
.Nm /var/yp/Makefile
|
||||
to reflect the new location as well.
|
||||
When the server is ready to change
|
||||
a password database entry, it will modify master.passwd, then
|
||||
call the yppwupdate script, which will in turn call
|
||||
.Nm /var/yp/Makefile.
|
||||
.Pp
|
||||
Without the -m option,
|
||||
.Nm yppasswdd
|
||||
expects to use the local
|
||||
.Nm /etc/master.passwd
|
||||
file on the NIS master server as the source for
|
||||
regenerating the password maps (the server will rebuild the local
|
||||
password databases in this case as well).
|
||||
.Pp
|
||||
This is less secure than
|
||||
using a seperate password database to restrict access to the NIS
|
||||
master server, but the functionality is provided in the event this
|
||||
behavior is desired and security is not paramount (such as might be
|
||||
the case on a closed local network of trusted systems).
|
||||
Note that you will have to edit
|
||||
.Nm /var/yp/Makefile
|
||||
to use
|
||||
.Nm /etc/master.passwd
|
||||
instead of
|
||||
.Nm /var/yp/master.passwd
|
||||
if you want to use yppasswdd in this way.
|
||||
.It Fl s
|
||||
When invoked with the
|
||||
.Fl s
|
||||
flag,
|
||||
.Nm yppasswdd
|
||||
will allow users to change
|
||||
the shell field of their NIS password entry. Without it,
|
||||
.Xr yppasswd 1
|
||||
will
|
||||
appear to succeed when a user tries to change shells, but yppasswdd
|
||||
will not actually alter the password database.
|
||||
.It Fl f
|
||||
This flag works just like
|
||||
.Fl s ,
|
||||
except it applies to the GECOS or
|
||||
"fullname" field of a user's NIS password entry instead of the shell field.
|
||||
Some sites may wish to restrict users' ability to change their shells or
|
||||
full names for security or administrative reasons, which is why these two
|
||||
options are provided.
|
||||
.Sh MISCELLANEOUS
|
||||
.Ss Logging
|
||||
.Nm yppasswdd
|
||||
logs all password update requests to
|
||||
.Xr syslogd 8
|
||||
auth facility. The logging information includes the originating host's
|
||||
IP address and the user name and UID contained in the request. The
|
||||
user-supplied password itself is not logged.
|
||||
.Ss Security
|
||||
Unless I've screwed up completely (as I did with versions prior to
|
||||
version 0.7),
|
||||
.Nm yppasswdd
|
||||
should be as secure or insecure as any
|
||||
program relying on simple password authentication. If you feel that
|
||||
this is not enough, you may want to protect
|
||||
.Nm yppasswdd
|
||||
from outside
|
||||
access by using the 'securenets' feature of
|
||||
.Xr portmap 8
|
||||
version 3. Better still, use Kerberos.
|
||||
.Sh NOTES
|
||||
.Ss FreeBSD changes
|
||||
Unlike the original
|
||||
.Nm yppasswdd ,
|
||||
the FreeBSD version has no support for
|
||||
John F. Haugh II's shadow password suite. It doesn't need it: 4.4BSD's
|
||||
password database system already implements shadow passwords.
|
||||
.Ss Using the yppasswdd server with non-FreeBSD clients
|
||||
FreeBSD's
|
||||
.Nm yppasswdd
|
||||
should work equally well with non-FreeBSD client machines provided a
|
||||
few small changes are made to
|
||||
.Nm /var/yp/Makefile.
|
||||
FreeBSD's passwd.byname and passwd.byuid maps do not contain actual
|
||||
encrypted passwords (just like FreeBSD's /etc/passwd file): the real
|
||||
encrypted passwords are kept in master.passwd.byname and
|
||||
master.passwd.byuid, which FreeBSD's NIS server will only serve to
|
||||
the superuser on FreeBSD NIS clients (non-privileged users are not
|
||||
permitted to access these maps). Non-FreeBSD clients will not function
|
||||
properly in this situation, since they require the password fields in
|
||||
the passwd.* maps to be valid.
|
||||
.Pp
|
||||
To use
|
||||
.Nm yppasswdd
|
||||
with non-FreeBSD clients, you will need to edit
|
||||
.Nm /var/yp/Makefile
|
||||
and uncomment the line that says 'UNSECURE=True' and run
|
||||
.Xr make 1 .
|
||||
This will cause
|
||||
.Nm /var/yp/Makefile
|
||||
to generate passwd.* maps with real passwords in them instead of
|
||||
stripping them out as it does normally.
|
||||
.Sh FILES
|
||||
.Bl -tag -width /usr/libexec/yppwupdate -compact
|
||||
.It Pa /usr/sbin/yppasswdd
|
||||
The yppasswdd daemon
|
||||
.It Pa /usr/libexec/yppwupdate
|
||||
The NIS map update script
|
||||
.It Pa /var/yp/master.passwd
|
||||
NIS password map source file
|
||||
.It Pa /etc/master.passwd
|
||||
Raw local password database (only used when
|
||||
.Fl m
|
||||
option isn't supplied)
|
||||
.Sh SEE ALSO
|
||||
.Xr passwd 1 ,
|
||||
.Xr ypcat 1 ,
|
||||
.Xr ypchsh 1 ,
|
||||
.Xr ypchfn 1 ,
|
||||
.Xr yppasswd 1 ,
|
||||
.Xr passwd 5 ,
|
||||
.Xr ypserv 8 ,
|
||||
.Xr portmap 8 .
|
||||
.Sh COPYRIGHT
|
||||
.Nm yppasswdd
|
||||
is copyright (C) Olaf Kirch. You can use and distribute it
|
||||
under the GNU General Public License Version 2.
|
||||
.Sh AUTHOR(S)
|
||||
.br
|
||||
Olaf Kirch, <okir@monad.swb.de>
|
||||
.br
|
||||
Charles Lopez, <tjarls@infm.ulst.ac.uk> (shadow support)
|
||||
.br
|
||||
Bill Paul, <wpaul@ctr.columbia.edu> (port to FreeBSD, various small changes)
|
@ -1,201 +0,0 @@
|
||||
/*
|
||||
* yppasswdd
|
||||
* Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
|
||||
*
|
||||
* This program is covered by the GNU General Public License, version 2.
|
||||
* It is provided in the hope that it is useful. However, the author
|
||||
* disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/wait.h>
|
||||
#include <termios.h>
|
||||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <syslog.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <pwd.h>
|
||||
|
||||
#include <rpc/rpc.h>
|
||||
#include <rpc/pmap_clnt.h>
|
||||
#include "yppasswd.h"
|
||||
|
||||
extern char *optarg;
|
||||
extern void pw_init __P((void));
|
||||
static char *program_name = "";
|
||||
static char *version = "yppsswdd " VERSION;
|
||||
char *passfile = _PATH_MASTERPASSWD;
|
||||
int allow_chfn = 0, allow_chsh = 0;
|
||||
|
||||
#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr)
|
||||
#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port)
|
||||
void yppasswdprog_1( struct svc_req *rqstp, SVCXPRT *transp );
|
||||
void reaper( int sig );
|
||||
|
||||
/*==============================================================*
|
||||
* RPC dispatch function
|
||||
*==============================================================*/
|
||||
void
|
||||
yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp)
|
||||
{
|
||||
union {
|
||||
yppasswd yppasswdproc_update_1_arg;
|
||||
} argument;
|
||||
char *result;
|
||||
xdrproc_t xdr_argument, xdr_result;
|
||||
char *(*local)();
|
||||
|
||||
switch (rqstp->rq_proc) {
|
||||
case NULLPROC:
|
||||
(void)svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL);
|
||||
return;
|
||||
|
||||
case YPPASSWDPROC_UPDATE:
|
||||
xdr_argument = (xdrproc_t) xdr_yppasswd;
|
||||
xdr_result = (xdrproc_t) xdr_int;
|
||||
local = (char *(*)()) yppasswdproc_pwupdate_1;
|
||||
break;
|
||||
|
||||
default:
|
||||
svcerr_noproc(transp);
|
||||
return;
|
||||
}
|
||||
bzero((char *)&argument, sizeof(argument));
|
||||
if (!svc_getargs(transp, xdr_argument, &argument)) {
|
||||
svcerr_decode(transp);
|
||||
return;
|
||||
}
|
||||
result = (*local)(&argument, rqstp);
|
||||
if (result != NULL
|
||||
&& !svc_sendreply(transp, (xdrproc_t)xdr_result, result)) {
|
||||
svcerr_systemerr(transp);
|
||||
}
|
||||
if (!svc_freeargs(transp, xdr_argument, &argument)) {
|
||||
(void)fprintf(stderr, "unable to free arguments\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
usage(FILE *fp, int n)
|
||||
{
|
||||
fprintf (fp, "usage: %s [-m master password file] [-f] [-s] [-h] [-v]\n", program_name );
|
||||
exit(n);
|
||||
}
|
||||
|
||||
void
|
||||
reaper( int sig )
|
||||
{
|
||||
extern pid_t pid;
|
||||
extern int pstat;
|
||||
|
||||
pid = waitpid(pid, &pstat, 0);
|
||||
}
|
||||
|
||||
void
|
||||
install_reaper( int on )
|
||||
{
|
||||
struct sigaction act, oact;
|
||||
|
||||
if (on) {
|
||||
act.sa_handler = reaper;
|
||||
sigemptyset(&act.sa_mask);
|
||||
act.sa_flags = SA_RESTART;
|
||||
} else {
|
||||
act.sa_handler = SIG_DFL;
|
||||
sigemptyset(&act.sa_mask);
|
||||
act.sa_flags = SA_RESTART;
|
||||
}
|
||||
sigaction( SIGCHLD, &act, &oact );
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
SVCXPRT *transp;
|
||||
char *sp;
|
||||
int opterr;
|
||||
int c;
|
||||
|
||||
program_name = argv[0];
|
||||
if ((sp = strrchr(program_name, '/')) != NULL) {
|
||||
program_name = ++sp;
|
||||
}
|
||||
|
||||
/* Parse the command line options and arguments. */
|
||||
opterr = 0;
|
||||
while ((c = getopt(argc, argv, "m:fshv")) != EOF)
|
||||
switch (c) {
|
||||
case 'm':
|
||||
passfile = strdup(optarg);
|
||||
break;
|
||||
case 'f':
|
||||
allow_chfn = 1;
|
||||
break;
|
||||
case 's':
|
||||
allow_chsh = 1;
|
||||
break;
|
||||
case 'h':
|
||||
usage (stdout, 0);
|
||||
break;
|
||||
case 'v':
|
||||
printf("%s\n", version);
|
||||
exit(0);
|
||||
case 0:
|
||||
break;
|
||||
case '?':
|
||||
default:
|
||||
usage(stderr, 1);
|
||||
}
|
||||
|
||||
if (daemon(0,0)) {
|
||||
perror("fork");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* We can call this here since it does some necessary setup
|
||||
* for us (blocking signals, setting resourse limits, etc.
|
||||
*/
|
||||
pw_init();
|
||||
|
||||
/* Initialize logging.
|
||||
*/
|
||||
openlog ( "yppasswdd", LOG_PID, LOG_AUTH );
|
||||
|
||||
/* Register a signal handler to reap children after they terminated
|
||||
*/
|
||||
install_reaper(1);
|
||||
|
||||
/*
|
||||
* Create the RPC server
|
||||
*/
|
||||
(void)pmap_unset(YPPASSWDPROG, YPPASSWDVERS);
|
||||
|
||||
transp = svcudp_create(RPC_ANYSOCK);
|
||||
if (transp == NULL) {
|
||||
(void)fprintf(stderr, "cannot create udp service.\n");
|
||||
exit(1);
|
||||
}
|
||||
if (!svc_register(transp, YPPASSWDPROG, YPPASSWDVERS, yppasswdprog_1,
|
||||
IPPROTO_UDP)) {
|
||||
(void)fprintf(stderr, "unable to register yppaswdd udp service.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Run the server
|
||||
*/
|
||||
svc_run();
|
||||
(void)fprintf(stderr, "svc_run returned\n");
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -1,27 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# This script is invoked by yppasswdd to update the password
|
||||
# maps after the master password file has been modified.
|
||||
# Comment out the LOG=yes line to disable logging.
|
||||
#
|
||||
|
||||
LOG=yes
|
||||
LOGFILE=/var/yp/ypupdate.log
|
||||
|
||||
umask 077
|
||||
|
||||
if [ ! -f $LOGFILE ];
|
||||
then
|
||||
/usr/bin/touch $LOGFILE
|
||||
echo "# Edit /usr/libexec/yppwupdate to disable" >> $LOGFILE
|
||||
echo "# logging to this file from yppasswdd." >> $LOGFILE
|
||||
echo -n "# Log started on: " >> $LOGFILE
|
||||
/bin/date >> $LOGFILE
|
||||
fi
|
||||
|
||||
if [ ! $LOG ];
|
||||
then
|
||||
cd /var/yp; /usr/bin/make MASTER_PASSWD=$1
|
||||
else
|
||||
cd /var/yp; /usr/bin/make MASTER_PASSWD=$1 >> $LOGFILE
|
||||
fi
|
Loading…
Reference in New Issue
Block a user