d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f6f0fafd9b
freebsd-dev/gnu/usr.sbin/yppasswdd/update.c
Bill Paul 76064c01e5 Updates, fixes and cleanups -- oh my. 
In ypserv:

yp_svc.c:
- small signal handler tweak (hopefully the last): just use sigemptyset()
to clear sa_mask.

Makefile.yp:
- Let the user specify the location of master.passwd when updating
maps (e.g. make MASTER_PASSWD=/some/path/to/master.passwd). Editing
the file to change the location of master.passwd still works. This
is mostly to let yppassswdd specify the name of the master.passwd
file itself.

In yppasswdd:

yppasswdd.c:
- Roll in some minor changes (mostly casts) from Olaf Kirch's latest
yppasswd package release (version 0.7).
- Use daemon() instead of doing all the deamonizing gruntwork ourselves.
- Call pw_init() after daemonizing ourselves. pw_init() sets up some
resource limits and blocks some signals for us. We used to do this before
every password change, but there's really no point in calling it more
than once during the life of the program.
- Change install_reaper() so that we can use it to de-install the SIGCHLD
handler if we need to (and we do in pw_mkdb() -- this is what I get for
splicing code from two different programs together).
- Use sigemptyset(&act.sa_mask) rather than act.sa_mask = 0: the latter is
decidedly non-portable. (In IRIX, HP-UX and Solaris, sigset_t is an
array of longs, not an int.)

update.c:
- Roll in change from new version (check that we're not modifying an NIS
entry in validate_args()).
- Get rid of call to pw_init() (moved to yppasswdd.c).
- Check return values from pw_util routines and return error status to
yppasswd clients if there's a problem.
- Straighten out password file copying mechanism a little. Keep a grip
on the original password file rather than summarily overwriting it so
that we can restore everything if we fail to fork() a process to update
the NIS maps.
- Pass the name of the password template file (specified with -m or
/etc/master.passwd by default) to the yppwupdate script, which in
turn should now pass it to /var/yp/Makefile.

pw_util.c:
- Nuke the pw_edit() and pw_prompt() functions -- we don't need them.
- Change all warn()s, warnx()s and err()s to syslog()s.
- Make sure we return error status to caller rather than bailing out
in pw_lock() and pw_tmp().
- Don't block SIGTERM in pw_init() (by ignoring SIGTERM, we prevent
yppasswdd from being shut down cleanly).
- Don't let pw_error() exit. (This stuff was stolen from chpass and vipw
which are interactive programs; it's okay to let pw_error() bail out
for these programs, but not in a daemon like yppasswdd).
- Fix signal handling in pw_mkdb (we need to temporarily de-install the
SIGCHLD handler so that we can wait on the pwd_mkdb child ourselves).

pw_copy.c:
- Change all warn()s, warnx()s and err()s to syslog()s.
- Add a bunch of returns() and make pw_copy() return and int ( 0 on success,
-1 on failure) so that update.c can flag errors properly.
- Return -1 after calling pw_error() to signal failures rather than
relying on pw_error() to bail out.
- Abort copying if we discover that we've been asked to change an entry
for a user that exists in the NIS passwd maps but not in the master.passwd
template file. This can happen if the passwd maps and the template file
fall out of sync with each other (or if somebody tries to spoof
us). The old behavior was to create add the entry to the password file,
which yppasswdd should not do under any circumstances.

Makefile:
- update VERSION to 0.7

yppasswdd.8:
- fix typo (forgot a carriage return somewhere)
- remove bogus reference to pwunconv(8) which FreeBSD doesn't have.
- bump version from 0.5 to 0.7
- Reflect changes in password file handling.

yppwupdate:
- Log map rebuilds to /var/yp/ypupdate.log.
- Pass the name of the template password file to /var/yp/Makefile as
$MASTER_PASSWD.
1995-07-19 17:44:41 +00:00

196 lines
5.4 KiB
C
Raw Blame History

/*
* yppasswdd
* Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
*
* This program is covered by the GNU General Public License, version 2.
* It is provided in the hope that it is useful. However, the author
* disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
*/
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <unistd.h>
#include <ctype.h>
#include <time.h>
#include <pwd.h>
#include <syslog.h>
#include <stdio.h>
#include <string.h>
#include <rpc/rpc.h>
#include <rpc/pmap_clnt.h>
#include "yppasswd.h"
char *tempname, *passfile;
extern int *allow_chfn, *allow_chsh;
extern int pid;
extern int pw_copy __P((int, int, struct passwd *));
extern int pw_lock __P((void));
extern int pw_mkdb __P((void));
extern int pw_tmp __P((void));
#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr)
#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port)
void reaper( int sig );
/*===============================================================*
* Argument validation. Avoid \n... (ouch).
* We can't use isprint, because people may use 8bit chars which
* aren't recognized as printable in the default locale.
*===============================================================*/
static int
validate_string(char *str)
{
while (*str && !iscntrl(*str)) str++;
return (*str == '\0');
}
static int
validate_args(struct xpasswd *pw)
{
if (pw->pw_name[0] == '-' || pw->pw_name[0] == '+') {
syslog(LOG_ALERT, "attempt to modify NIS passwd entry \"%s\"",
pw->pw_name);
}
return validate_string(pw->pw_passwd)
&& validate_string(pw->pw_shell)
&& validate_string(pw->pw_gecos);
}
/*===============================================================*
* The passwd update handler
*===============================================================*/
int *
yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp)
{
struct xpasswd *newpw; /* passwd struct passed by the client */
struct passwd *pw; /* passwd struct obtained from getpwent() */
int chsh = 0, chfn = 0;
static int res;
char logbuf[255];
int pfd, tfd;
char *passfile_hold;
char template[] = "/tmp/yppwtmp.XXXXX";
newpw = &yppw->newpw;
res = 1;
sprintf( logbuf, "update %.12s (uid=%d) from host %s",
yppw->newpw.pw_name,
yppw->newpw.pw_uid,
inet_ntoa(xprt_addr(rqstp->rq_xprt)));
if (!validate_args(newpw)) {
syslog ( LOG_ALERT, "%s failed", logbuf );
syslog ( LOG_ALERT, "Invalid characters in argument. "
"Possible spoof attempt?" );
return &res;
}
/* Check if the user exists
*/
if (!(pw = getpwnam(yppw->newpw.pw_name))) {
syslog ( LOG_WARNING, "%s failed", logbuf );
syslog ( LOG_WARNING, "User not in password file." );
return (&res);
}
/* Check the password.
*/
if (strcmp(crypt(yppw->oldpass, pw->pw_passwd), pw->pw_passwd)) {
syslog ( LOG_WARNING, "%s rejected", logbuf );
syslog ( LOG_WARNING, "Invalid password." );
sleep(1);
return(&res);
}
/* set the new passwd, shell, and full name
*/
pw->pw_change = 0;
pw->pw_passwd = newpw->pw_passwd;
if (allow_chsh) {
chsh = (strcmp(pw->pw_shell, newpw->pw_shell) != 0);
pw->pw_shell = newpw->pw_shell;
}
if (allow_chfn) {
chfn = (strcmp(pw->pw_gecos, newpw->pw_gecos) != 0);
pw->pw_gecos = newpw->pw_gecos;
}
/*
* Bail if locking the password file or temp file creation fails.
* (These operations should log their own failure messages if need be,
* so we don't have to log their failures here.)
*/
if ((pfd = pw_lock()) < 0)
return &res;
if ((tfd = pw_tmp()) < 0)
return &res;
/* Placeholder in case we need to put the old password file back. */
passfile_hold = mktemp((char *)&template);
/*
* Copy the password file to the temp file,
* inserting new passwd entry along the way.
*/
if (pw_copy(pfd, tfd, pw) < 0) {
syslog(LOG_ERR, "%s > %s: copy failed. Cleaning up.",
tempname, passfile);
unlink(tempname);
return (&res);
}
rename(passfile, passfile_hold);
if (strcmp(passfile, _PATH_MASTERPASSWD)) {
rename(tempname, passfile);
}
else
if (pw_mkdb() < 0) {
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
return(&res);
}
/* Fork off process to rebuild NIS passwd.* maps. If the fork
* fails, restore old passwd file and return an error.
*/
if ((pid = fork()) < 0) {
syslog( LOG_ERR, "%s failed", logbuf );
syslog( LOG_ERR, "Couldn't fork map update process: %m" );
unlink(passfile);
rename(passfile_hold, passfile);
if (!strcmp(passfile, _PATH_MASTERPASSWD))
if (pw_mkdb()) {
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
return(&res);
}
return (&res);
}
if (pid == 0) {
unlink(passfile_hold);
execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile, NULL);
syslog( LOG_ERR, "Error: couldn't exec map update process: %m" );
exit(1);
}
syslog (LOG_INFO, "%s successful. Password changed.", logbuf );
if (chsh || chfn) {
syslog ( LOG_INFO, "Shell %schanged (%s), GECOS %schanged (%s).",
chsh? "" : "un", newpw->pw_shell,
chfn? "" : "un", newpw->pw_gecos );
}
res = 0;
return (&res);
}
Reference in New Issue View Git Blame Copy Permalink