d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Add support for embedding special entries in the password databases

Browse Source 
for +@netgroup/-@netgroup entries. This saves the getpwent functions
from having to do all the work.

- Fix potential bug: when pwd_mkdb writes the YP-enabled flag to the secure
password database, it uses the wrong database descriptor. (It uses the
descriptor from the non-secure database, which is already closed by the time
things are being written into the secure dastabase).
This commit is contained in:
wpaul 1995-03-23 00:54:57 +00:00
parent 15a1bda807
commit d2950ba4f5
1 changed files with 72 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
usr.sbin/pwd_mkdb/pwd_mkdb.c
View File

@ -92,7 +92,7 @@ main(argc, argv)
DBT data, key; DBT data, key;
FILE *fp, *oldfp; FILE *fp, *oldfp;
sigset_t set; sigset_t set;
int ch, cnt, len, makeold, tfd, yp_enabled = 0; int ch, cnt, pluscnt, minuscnt, len, makeold, tfd, yp_enabled = 0;
char *p, *t; char *p, *t;
char buf[MAX(MAXPATHLEN, LINE_MAX * 2)], tbuf[1024]; char buf[MAX(MAXPATHLEN, LINE_MAX * 2)], tbuf[1024];
char buf2[MAXPATHLEN]; char buf2[MAXPATHLEN];
@ -175,6 +175,7 @@ main(argc, argv)
* original file prepended by the _PW_KEYBYNUM character. (The special * original file prepended by the _PW_KEYBYNUM character. (The special
* characters are prepended to ensure that the keys do not collide.) * characters are prepended to ensure that the keys do not collide.)
*/ */
minuscnt = pluscnt = 0;
data.data = (u_char *)buf; data.data = (u_char *)buf;
key.data = (u_char *)tbuf; key.data = (u_char *)tbuf;
for (cnt = 1; scan(fp, &pwd); ++cnt) { for (cnt = 1; scan(fp, &pwd); ++cnt) {
@ -228,6 +229,22 @@ main(argc, argv)
if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1) if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
error("put"); error("put");
/* Store insecure special plus and special minus */
if ((pwd.pw_name[0] == '+' || pwd.pw_name[0] == '-')
&& pwd.pw_name[1] == '@') {
tbuf[0] = (pwd.pw_name[0] == '+') ?
_PW_KEYPLUSBYNUM : _PW_KEYMINUSBYNUM;
memmove(tbuf + 1, (pwd.pw_name[0] == '+') ?
&pluscnt : &minuscnt, sizeof(cnt));
if (pwd.pw_name[0] == '+')
pluscnt++;
else
minuscnt++;
key.size = sizeof(cnt) + 1;
if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
error("put");
}
/* Create original format password file entry */ /* Create original format password file entry */
if (makeold) if (makeold)
(void)fprintf(oldfp, "%s:*:%d:%d:%s:%s:%s\n", (void)fprintf(oldfp, "%s:*:%d:%d:%s:%s:%s\n",
@ -243,6 +260,24 @@ main(argc, argv)
if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1) if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
error("put"); error("put");
} }
/* If we have +@netgroup entries, store the plus counter */
if(pluscnt) {
buf[0] = pluscnt;
data.size = sizeof(pluscnt);
tbuf[0] = _PW_KEYPLUSCNT;
key.size = 1;
if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
error("put");
}
/* If we have -@netgroup entries, store the minus counter */
if(minuscnt) {
buf[0] = minuscnt;
data.size = sizeof(minuscnt);
tbuf[0] = _PW_KEYMINUSCNT;
key.size = 1;
if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
error("put");
}
(void)(dp->close)(dp); (void)(dp->close)(dp);
if (makeold) { if (makeold) {
@ -259,6 +294,7 @@ main(argc, argv)
clean = FILE_SECURE; clean = FILE_SECURE;
rewind(fp); rewind(fp);
minuscnt = pluscnt = 0;
for (cnt = 1; scan(fp, &pwd); ++cnt) { for (cnt = 1; scan(fp, &pwd); ++cnt) {
/* Create secure data. */ /* Create secure data. */
@ -302,6 +338,22 @@ main(argc, argv)
key.size = sizeof(pwd.pw_uid) + 1; key.size = sizeof(pwd.pw_uid) + 1;
if ((dp->put)(edp, &key, &data, R_NOOVERWRITE) == -1) if ((dp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
error("put"); error("put");
/* Store secure special plus and special minus */
if ((pwd.pw_name[0] == '+' || pwd.pw_name[0] == '-')
&& pwd.pw_name[1] == '@') {
tbuf[0] = (pwd.pw_name[0] == '+') ?
_PW_KEYPLUSBYNUM : _PW_KEYMINUSBYNUM;
memmove(tbuf + 1, (pwd.pw_name[0] == '+') ?
&pluscnt : &minuscnt, sizeof(cnt));
if (pwd.pw_name[0] == '+')
pluscnt++;
else
minuscnt++;
key.size = sizeof(cnt) + 1;
if ((dp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
error("put");
}
} }
/* If YP enabled, set flag. */ /* If YP enabled, set flag. */
if(yp_enabled) { if(yp_enabled) {
@ -309,10 +361,27 @@ main(argc, argv)
data.size = 1; data.size = 1;
tbuf[0] = _PW_KEYYPENABLED; tbuf[0] = _PW_KEYYPENABLED;
key.size = 1; key.size = 1;
if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1) if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
error("put");
}
/* If we have +@netgroup entries, store the plus counter */
if(pluscnt) {
buf[0] = pluscnt;
data.size = sizeof(pluscnt);
tbuf[0] = _PW_KEYPLUSCNT;
key.size = 1;
if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
error("put");
}
/* If we have -@netgroup entries, store the minus counter */
if(minuscnt) {
buf[0] = minuscnt;
data.size = sizeof(minuscnt);
tbuf[0] = _PW_KEYMINUSCNT;
key.size = 1;
if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
error("put"); error("put");
} }
(void)(edp->close)(edp); (void)(edp->close)(edp);
/* Set master.passwd permissions, in case caller forgot. */ /* Set master.passwd permissions, in case caller forgot. */