1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-26 11:47:31 +00:00
Mirror of the FreeBSD src repository https://git.FreeBSD.org/src.git .
Go to file
Bill Paul 2be5d4cba8 Add support for detecting and hopefully using the passwd.adjunct.byname
NIS map which is present on SunOS NIS servers with the SunOS C2 security
hack^Woption installed. I'm convinced that the C2 security option restricts
access to the passwd.adjunct.byname map in the same way that I restrict
access to the master.passwd.{byname,buid} maps (checking for reserved ports),
which means that we should be able to handle passwd.adjunct.byname map
correctly.

If _havemaster() doesn't find a master.passwd.byname map, it will now
test for a passwd.adjunct.byname map before defaulting back to the
standard non-shadowed passwd.{byname,byuid} maps. If _pw_breakout_yp()
sees that the adjunct map was found and the password from the standard
maps starts with ##, it will try to grab the correct password field
from the adjunct map. As with the master.passwd maps, this only happens
if the caller is root, so the shadowing feature is preserved; non-root
users just get back ##username as the encrypted password.

Note that all we do is grab the second field from the passwd.adjunct.byname
entry, which is designated to be the real encrypted password. There are
other auditing fields in the entry but they aren't of much use to us.

Also switched back to using yp_order() to probe for the maps (instead
of yp_first()). The original problem with yp_order() was that it barfed
with NIS+ servers in YP compat mode since they don't support the
YPPROC_ORDER procedure. This condition is handled a bit more gracefully
in yplib now: we can detect the error and just punt on the probing.
1996-12-03 17:55:49 +00:00
bin Bruce says: "You have been programming in the kernel for too long :-)." 1996-11-13 20:00:03 +00:00
contrib Use LANG=C, LC_CTYPE=C, LC_TIME=C 1996-11-26 08:58:57 +00:00
eBones First round of moving secure telnet (AKA kerberised telnet) to its new home 1996-10-26 17:20:52 +00:00
etc Add share/misc. Definite 2.2 candidate, if we want it to be consistent 1996-11-26 10:01:28 +00:00
games Fix minor typo/grammatical error 1996-11-22 22:16:25 +00:00
gnu Allow baud rate of 230400. 1996-12-02 12:12:19 +00:00
include Update to more current reality. 1996-11-28 09:57:31 +00:00
lib Add support for detecting and hopefully using the passwd.adjunct.byname 1996-12-03 17:55:49 +00:00
libexec Truncate the file when opening it with write intent. Otherwise, 1996-11-30 20:59:32 +00:00
lkm Make snake 3.0-CURRENT here. 1996-11-11 14:18:40 +00:00
release Don't run routed by default. 1996-12-02 05:01:02 +00:00
sbin Fix math in SIGINFO printer. 1996-12-02 21:42:11 +00:00
secure Secure telnet is now in eBones. 1996-11-07 14:42:57 +00:00
share Added FURUSAWA Kazuhisa for his port of xloadface. 1996-12-03 13:38:40 +00:00
sys Clear the busfree interrupt when one occurs, after a SELTO, or a bus reset. 1996-12-03 17:06:00 +00:00
tools Back out a little more of the previous changes. No longer change 1996-10-31 15:57:25 +00:00
usr.bin Display multicast addresses if the "a" flag is used in combination 1996-12-02 06:38:30 +00:00
usr.sbin Remove file that we don't have any way of using. We don't have the other 1996-12-03 06:21:49 +00:00
COPYRIGHT This is the official 4.4 Lite copyright. 1994-09-11 07:53:28 +00:00
Makefile Use LC_TIME=C instead of LC_TIME= (POSIX) 1996-11-26 03:26:31 +00:00