Updates, fixes and cleanups -- oh my.
In ypserv: yp_svc.c: - small signal handler tweak (hopefully the last): just use sigemptyset() to clear sa_mask. Makefile.yp: - Let the user specify the location of master.passwd when updating maps (e.g. make MASTER_PASSWD=/some/path/to/master.passwd). Editing the file to change the location of master.passwd still works. This is mostly to let yppassswdd specify the name of the master.passwd file itself. In yppasswdd: yppasswdd.c: - Roll in some minor changes (mostly casts) from Olaf Kirch's latest yppasswd package release (version 0.7). - Use daemon() instead of doing all the deamonizing gruntwork ourselves. - Call pw_init() after daemonizing ourselves. pw_init() sets up some resource limits and blocks some signals for us. We used to do this before every password change, but there's really no point in calling it more than once during the life of the program. - Change install_reaper() so that we can use it to de-install the SIGCHLD handler if we need to (and we do in pw_mkdb() -- this is what I get for splicing code from two different programs together). - Use sigemptyset(&act.sa_mask) rather than act.sa_mask = 0: the latter is decidedly non-portable. (In IRIX, HP-UX and Solaris, sigset_t is an array of longs, not an int.) update.c: - Roll in change from new version (check that we're not modifying an NIS entry in validate_args()). - Get rid of call to pw_init() (moved to yppasswdd.c). - Check return values from pw_util routines and return error status to yppasswd clients if there's a problem. - Straighten out password file copying mechanism a little. Keep a grip on the original password file rather than summarily overwriting it so that we can restore everything if we fail to fork() a process to update the NIS maps. - Pass the name of the password template file (specified with -m or /etc/master.passwd by default) to the yppwupdate script, which in turn should now pass it to /var/yp/Makefile. pw_util.c: - Nuke the pw_edit() and pw_prompt() functions -- we don't need them. - Change all warn()s, warnx()s and err()s to syslog()s. - Make sure we return error status to caller rather than bailing out in pw_lock() and pw_tmp(). - Don't block SIGTERM in pw_init() (by ignoring SIGTERM, we prevent yppasswdd from being shut down cleanly). - Don't let pw_error() exit. (This stuff was stolen from chpass and vipw which are interactive programs; it's okay to let pw_error() bail out for these programs, but not in a daemon like yppasswdd). - Fix signal handling in pw_mkdb (we need to temporarily de-install the SIGCHLD handler so that we can wait on the pwd_mkdb child ourselves). pw_copy.c: - Change all warn()s, warnx()s and err()s to syslog()s. - Add a bunch of returns() and make pw_copy() return and int ( 0 on success, -1 on failure) so that update.c can flag errors properly. - Return -1 after calling pw_error() to signal failures rather than relying on pw_error() to bail out. - Abort copying if we discover that we've been asked to change an entry for a user that exists in the NIS passwd maps but not in the master.passwd template file. This can happen if the passwd maps and the template file fall out of sync with each other (or if somebody tries to spoof us). The old behavior was to create add the entry to the password file, which yppasswdd should not do under any circumstances. Makefile: - update VERSION to 0.7 yppasswdd.8: - fix typo (forgot a carriage return somewhere) - remove bogus reference to pwunconv(8) which FreeBSD doesn't have. - bump version from 0.5 to 0.7 - Reflect changes in password file handling. yppwupdate: - Log map rebuilds to /var/yp/ypupdate.log. - Pass the name of the template password file to /var/yp/Makefile as $MASTER_PASSWD.
This commit is contained in:
parent
622a231988
commit
76064c01e5
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile,v 1.4 1995/02/15 04:35:55 wpaul Exp $
|
||||
# $Id: Makefile,v 1.5 1995/04/01 19:23:11 wpaul Exp $
|
||||
# @(#)Makefile 8.3 (Berkeley) 4/2/94
|
||||
|
||||
PROG= yppasswdd
|
||||
@ -9,7 +9,7 @@ SRCS= yppasswdd.c update.c pw_copy.c pw_util.c
|
||||
LDADD= -lcrypt -lrpcsvc
|
||||
CFLAGS+=-DCRYPT -I${.CURDIR} -I${.CURDIR}/../../../usr.sbin/vipw \
|
||||
-I${.CURDIR}/../../../usr.bin/chpass
|
||||
CFLAGS+=-DVERSION=\"0.5\" -DYPLIBDIR=\"/usr/libexec\" -D_GNU_SOURCE
|
||||
CFLAGS+=-DVERSION=\"0.7\" -DYPLIBDIR=\"/usr/libexec\" -D_GNU_SOURCE
|
||||
|
||||
afterinstall:
|
||||
install -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \
|
||||
|
@ -44,14 +44,16 @@ static char sccsid[] = "@(#)pw_copy.c 8.4 (Berkeley) 4/2/94";
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
|
||||
#include <pw_util.h>
|
||||
#include "pw_copy.h"
|
||||
|
||||
int pw_copy __P((int, int, struct passwd *));
|
||||
|
||||
extern char *tempname;
|
||||
extern char *passfile;
|
||||
|
||||
void
|
||||
int
|
||||
pw_copy(ffd, tfd, pw)
|
||||
int ffd, tfd;
|
||||
struct passwd *pw;
|
||||
@ -60,15 +62,19 @@ pw_copy(ffd, tfd, pw)
|
||||
int done;
|
||||
char *p, buf[8192];
|
||||
|
||||
if (!(from = fdopen(ffd, "r")))
|
||||
if (!(from = fdopen(ffd, "r"))) {
|
||||
pw_error(passfile, 1, 1);
|
||||
if (!(to = fdopen(tfd, "w")))
|
||||
return(-1);
|
||||
}
|
||||
if (!(to = fdopen(tfd, "w"))) {
|
||||
pw_error(tempname, 1, 1);
|
||||
|
||||
return(-1);
|
||||
}
|
||||
for (done = 0; fgets(buf, sizeof(buf), from);) {
|
||||
if (!strchr(buf, '\n')) {
|
||||
warnx("%s: line too long", passfile);
|
||||
syslog(LOG_ERR, "%s: line too long", passfile);
|
||||
pw_error(NULL, 0, 1);
|
||||
goto err;
|
||||
}
|
||||
if (done) {
|
||||
(void)fprintf(to, "%s", buf);
|
||||
@ -77,8 +83,9 @@ pw_copy(ffd, tfd, pw)
|
||||
continue;
|
||||
}
|
||||
if (!(p = strchr(buf, ':'))) {
|
||||
warnx("%s: corrupted entry", passfile);
|
||||
syslog(LOG_ERR, "%s: corrupted entry", passfile);
|
||||
pw_error(NULL, 0, 1);
|
||||
goto err;
|
||||
}
|
||||
*p = '\0';
|
||||
if (strcmp(buf, pw->pw_name)) {
|
||||
@ -96,13 +103,17 @@ pw_copy(ffd, tfd, pw)
|
||||
if (ferror(to))
|
||||
goto err;
|
||||
}
|
||||
if (!done)
|
||||
(void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
|
||||
pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
|
||||
pw->pw_class, pw->pw_change, pw->pw_expire, pw->pw_gecos,
|
||||
pw->pw_dir, pw->pw_shell);
|
||||
|
||||
if (ferror(to))
|
||||
if (!done) {
|
||||
syslog(LOG_ERR, "user \"%s\" not found in %s -- NIS maps and password file possibly out of sync", pw->pw_name, passfile);
|
||||
goto err;
|
||||
}
|
||||
if (ferror(to)) {
|
||||
err: pw_error(NULL, 1, 1);
|
||||
(void)fclose(to);
|
||||
(void)fclose(from);
|
||||
return(-1);
|
||||
}
|
||||
(void)fclose(to);
|
||||
(void)fclose(from);
|
||||
return(0);
|
||||
}
|
||||
|
@ -56,11 +56,16 @@ static char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94";
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <syslog.h>
|
||||
|
||||
#include "pw_util.h"
|
||||
#include <pw_util.h>
|
||||
|
||||
extern void reaper __P((int));
|
||||
extern void install_reaper __P((int));
|
||||
extern char *tempname;
|
||||
extern char *passfile;
|
||||
int pstat;
|
||||
pid_t pid;
|
||||
|
||||
void
|
||||
pw_init()
|
||||
@ -85,7 +90,6 @@ pw_init()
|
||||
(void)signal(SIGINT, SIG_IGN);
|
||||
(void)signal(SIGPIPE, SIG_IGN);
|
||||
(void)signal(SIGQUIT, SIG_IGN);
|
||||
(void)signal(SIGTERM, SIG_IGN);
|
||||
(void)signal(SIGTSTP, SIG_IGN);
|
||||
(void)signal(SIGTTOU, SIG_IGN);
|
||||
|
||||
@ -105,10 +109,14 @@ pw_lock()
|
||||
* Open should allow flock'ing the file; see 4.4BSD. XXX
|
||||
*/
|
||||
lockfd = open(passfile, O_RDONLY, 0);
|
||||
if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1)
|
||||
err(1, "%s", passfile);
|
||||
if (flock(lockfd, LOCK_EX|LOCK_NB))
|
||||
errx(1, "the password db file is busy");
|
||||
if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) {
|
||||
syslog(LOG_NOTICE, "%s: %s", passfile, strerror(errno));
|
||||
return (-1);
|
||||
}
|
||||
if (flock(lockfd, LOCK_EX|LOCK_NB)) {
|
||||
syslog(LOG_NOTICE, "%s: the password db file is busy", passfile);
|
||||
return(-1);
|
||||
}
|
||||
return (lockfd);
|
||||
}
|
||||
|
||||
@ -120,13 +128,15 @@ pw_tmp()
|
||||
char *p;
|
||||
|
||||
sprintf(path,"%s",passfile);
|
||||
if (p = strrchr(path, '/'))
|
||||
if ((p = strrchr(path, '/')))
|
||||
++p;
|
||||
else
|
||||
p = path;
|
||||
strcpy(p, "pw.XXXXXX");
|
||||
if ((fd = mkstemp(path)) == -1)
|
||||
err(1, "%s", path);
|
||||
if ((fd = mkstemp(path)) == -1) {
|
||||
syslog(LOG_ERR, "%s: %s", path, strerror(errno));
|
||||
return(-1);
|
||||
}
|
||||
tempname = path;
|
||||
return (fd);
|
||||
}
|
||||
@ -134,62 +144,25 @@ pw_tmp()
|
||||
int
|
||||
pw_mkdb()
|
||||
{
|
||||
int pstat;
|
||||
pid_t pid;
|
||||
|
||||
warnx("rebuilding the database...");
|
||||
syslog(LOG_NOTICE, "rebuilding the database...");
|
||||
(void)fflush(stderr);
|
||||
/* Temporarily turn off SIGCHLD catching */
|
||||
install_reaper(0);
|
||||
if (!(pid = vfork())) {
|
||||
execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", tempname, NULL);
|
||||
pw_error(_PATH_PWD_MKDB, 1, 1);
|
||||
return(-1);
|
||||
}
|
||||
pid = waitpid(pid, &pstat, 0);
|
||||
if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0)
|
||||
return (0);
|
||||
warnx("done");
|
||||
return (1);
|
||||
}
|
||||
|
||||
void
|
||||
pw_edit(notsetuid)
|
||||
int notsetuid;
|
||||
{
|
||||
int pstat;
|
||||
pid_t pid;
|
||||
char *p, *editor;
|
||||
|
||||
if (!(editor = getenv("EDITOR")))
|
||||
editor = _PATH_VI;
|
||||
if (p = strrchr(editor, '/'))
|
||||
++p;
|
||||
else
|
||||
p = editor;
|
||||
|
||||
if (!(pid = vfork())) {
|
||||
if (notsetuid) {
|
||||
(void)setgid(getgid());
|
||||
(void)setuid(getuid());
|
||||
}
|
||||
execlp(editor, p, tempname, NULL);
|
||||
_exit(1);
|
||||
/* Handle this ourselves. */
|
||||
reaper(SIGCHLD);
|
||||
/* Put the handler back. Foo. */
|
||||
install_reaper(1);
|
||||
if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) {
|
||||
return (-1);
|
||||
}
|
||||
pid = waitpid(pid, (int *)&pstat, 0);
|
||||
if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0)
|
||||
pw_error(editor, 1, 1);
|
||||
}
|
||||
|
||||
void
|
||||
pw_prompt()
|
||||
{
|
||||
int c;
|
||||
|
||||
(void)printf("re-edit the password file? [y]: ");
|
||||
(void)fflush(stdout);
|
||||
c = getchar();
|
||||
if (c != EOF && c != '\n')
|
||||
while (getchar() != '\n');
|
||||
if (c == 'n')
|
||||
pw_error(NULL, 0, 0);
|
||||
syslog(LOG_NOTICE, "done");
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
@ -197,10 +170,9 @@ pw_error(name, err, eval)
|
||||
char *name;
|
||||
int err, eval;
|
||||
{
|
||||
if (err)
|
||||
warn(name);
|
||||
if (err && name != NULL)
|
||||
syslog(LOG_ERR, "%s", name);
|
||||
|
||||
warnx("%s: unchanged", passfile);
|
||||
syslog(LOG_NOTICE,"%s: unchanged", passfile);
|
||||
(void)unlink(tempname);
|
||||
exit(eval);
|
||||
}
|
||||
|
@ -10,6 +10,7 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/param.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <fcntl.h>
|
||||
@ -28,6 +29,11 @@
|
||||
|
||||
char *tempname, *passfile;
|
||||
extern int *allow_chfn, *allow_chsh;
|
||||
extern int pid;
|
||||
extern int pw_copy __P((int, int, struct passwd *));
|
||||
extern int pw_lock __P((void));
|
||||
extern int pw_mkdb __P((void));
|
||||
extern int pw_tmp __P((void));
|
||||
|
||||
#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr)
|
||||
#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port)
|
||||
@ -48,6 +54,11 @@ validate_string(char *str)
|
||||
static int
|
||||
validate_args(struct xpasswd *pw)
|
||||
{
|
||||
if (pw->pw_name[0] == '-' || pw->pw_name[0] == '+') {
|
||||
syslog(LOG_ALERT, "attempt to modify NIS passwd entry \"%s\"",
|
||||
pw->pw_name);
|
||||
}
|
||||
|
||||
return validate_string(pw->pw_passwd)
|
||||
&& validate_string(pw->pw_shell)
|
||||
&& validate_string(pw->pw_gecos);
|
||||
@ -64,7 +75,9 @@ yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp)
|
||||
int chsh = 0, chfn = 0;
|
||||
static int res;
|
||||
char logbuf[255];
|
||||
int pfd, tfd, c;
|
||||
int pfd, tfd;
|
||||
char *passfile_hold;
|
||||
char template[] = "/tmp/yppwtmp.XXXXX";
|
||||
|
||||
newpw = &yppw->newpw;
|
||||
res = 1;
|
||||
@ -81,10 +94,6 @@ yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp)
|
||||
return &res;
|
||||
}
|
||||
|
||||
pw_init();
|
||||
pfd = pw_lock();
|
||||
tfd = pw_tmp();
|
||||
|
||||
/* Check if the user exists
|
||||
*/
|
||||
if (!(pw = getpwnam(yppw->newpw.pw_name))) {
|
||||
@ -104,6 +113,7 @@ yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp)
|
||||
|
||||
/* set the new passwd, shell, and full name
|
||||
*/
|
||||
pw->pw_change = 0;
|
||||
pw->pw_passwd = newpw->pw_passwd;
|
||||
|
||||
if (allow_chsh) {
|
||||
@ -116,40 +126,70 @@ yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp)
|
||||
pw->pw_gecos = newpw->pw_gecos;
|
||||
}
|
||||
|
||||
pw->pw_change = 0;
|
||||
pw_copy(pfd, tfd, pw);
|
||||
/*
|
||||
* Bail if locking the password file or temp file creation fails.
|
||||
* (These operations should log their own failure messages if need be,
|
||||
* so we don't have to log their failures here.)
|
||||
*/
|
||||
if ((pfd = pw_lock()) < 0)
|
||||
return &res;
|
||||
if ((tfd = pw_tmp()) < 0)
|
||||
return &res;
|
||||
|
||||
/* Placeholder in case we need to put the old password file back. */
|
||||
passfile_hold = mktemp((char *)&template);
|
||||
|
||||
/*
|
||||
* Copy the password file to the temp file,
|
||||
* inserting new passwd entry along the way.
|
||||
*/
|
||||
if (pw_copy(pfd, tfd, pw) < 0) {
|
||||
syslog(LOG_ERR, "%s > %s: copy failed. Cleaning up.",
|
||||
tempname, passfile);
|
||||
unlink(tempname);
|
||||
return (&res);
|
||||
}
|
||||
|
||||
rename(passfile, passfile_hold);
|
||||
if (strcmp(passfile, _PATH_MASTERPASSWD)) {
|
||||
close(pfd);
|
||||
close(tfd);
|
||||
rename(tempname,passfile);
|
||||
rename(tempname, passfile);
|
||||
}
|
||||
else
|
||||
if (pw_mkdb()) {
|
||||
syslog ( LOG_WARNING, "%s failed to rebuild password database", logbuf );
|
||||
if (pw_mkdb() < 0) {
|
||||
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
|
||||
return(&res);
|
||||
}
|
||||
|
||||
/* Fork off process to rebuild NIS passwd.* maps. If the fork
|
||||
* fails, restore old passwd file and return an error.
|
||||
*/
|
||||
if ((c = fork()) < 0) {
|
||||
if ((pid = fork()) < 0) {
|
||||
syslog( LOG_ERR, "%s failed", logbuf );
|
||||
syslog( LOG_ERR, "Couldn't fork map update process: %m" );
|
||||
unlink(passfile);
|
||||
rename(passfile_hold, passfile);
|
||||
if (!strcmp(passfile, _PATH_MASTERPASSWD))
|
||||
if (pw_mkdb()) {
|
||||
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
|
||||
return(&res);
|
||||
}
|
||||
|
||||
return (&res);
|
||||
}
|
||||
if (c == 0) {
|
||||
execlp(MAP_UPDATE_PATH, MAP_UPDATE, NULL);
|
||||
if (pid == 0) {
|
||||
unlink(passfile_hold);
|
||||
execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile, NULL);
|
||||
syslog( LOG_ERR, "Error: couldn't exec map update process: %m" );
|
||||
exit(1);
|
||||
}
|
||||
|
||||
syslog ( LOG_INFO, "%s successful. Password changed.", logbuf );
|
||||
syslog (LOG_INFO, "%s successful. Password changed.", logbuf );
|
||||
if (chsh || chfn) {
|
||||
syslog ( LOG_INFO, "Shell %schanged (%s), GECOS %schanged (%s).",
|
||||
chsh? "" : "un", newpw->pw_shell,
|
||||
chfn? "" : "un", newpw->pw_gecos );
|
||||
}
|
||||
res = 0;
|
||||
|
||||
res = 0;
|
||||
return (&res);
|
||||
}
|
||||
|
@ -39,7 +39,8 @@ After updating the
|
||||
.Nm master.passwd
|
||||
file and returning a success
|
||||
notifications to the client,
|
||||
.Nm yppasswdd executes the
|
||||
.Nm yppasswdd
|
||||
executes the
|
||||
.Nm yppwupdate
|
||||
script that updates the NIS server's
|
||||
.Nm master.passwd.*
|
||||
@ -62,9 +63,13 @@ password maps. This file is normally kept in
|
||||
(it must be owned by root and not world readable for security reasons).
|
||||
If you move it somewhere else you'll have to tell yppasswdd using the
|
||||
.Fl m
|
||||
option. (You'll have to change the location of master.passwd specified in
|
||||
option. The location of this file is also passed to
|
||||
.Nm /var/yp/Makefile
|
||||
as well.) When the server is ready to change
|
||||
when time comes to rebuild the NIS password maps. It is recommended,
|
||||
however, that you edit
|
||||
.Nm /var/yp/Makefile
|
||||
to reflect the new location as well.
|
||||
When the server is ready to change
|
||||
a password database entry, it will modify master.passwd, then
|
||||
call the yppwupdate script, which will in turn call
|
||||
.Nm /var/yp/Makefile.
|
||||
@ -118,7 +123,7 @@ IP address and the user name and UID contained in the request. The
|
||||
user-supplied password itself is not logged.
|
||||
.Ss Security
|
||||
Unless I've screwed up completely (as I did with versions prior to
|
||||
version 0.5),
|
||||
version 0.7),
|
||||
.Nm yppasswdd
|
||||
should be as secure or insecure as any
|
||||
program relying on simple password authentication. If you feel that
|
||||
@ -176,7 +181,6 @@ option isn't supplied)
|
||||
.Xr passwd 5 ,
|
||||
.Xr passwd 1 ,
|
||||
.Xr portmap 8 ,
|
||||
.Xr pwunconv 8 ,
|
||||
.Xr yppasswd 1 ,
|
||||
.Xr ypchsh 1 ,
|
||||
.Xr ypchfn 1 ,
|
||||
|
@ -27,6 +27,7 @@
|
||||
#include "yppasswd.h"
|
||||
|
||||
extern char *optarg;
|
||||
extern void pw_init __P((void));
|
||||
static char *program_name = "";
|
||||
static char *version = "yppsswdd " VERSION;
|
||||
char *passfile = _PATH_MASTERPASSWD;
|
||||
@ -46,18 +47,18 @@ yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp)
|
||||
union {
|
||||
yppasswd yppasswdproc_update_1_arg;
|
||||
} argument;
|
||||
char *result;
|
||||
bool_t (*xdr_argument)(), (*xdr_result)();
|
||||
char *result;
|
||||
xdrproc_t xdr_argument, xdr_result;
|
||||
char *(*local)();
|
||||
|
||||
switch (rqstp->rq_proc) {
|
||||
case NULLPROC:
|
||||
(void)svc_sendreply(transp, xdr_void, (char *)NULL);
|
||||
(void)svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL);
|
||||
return;
|
||||
|
||||
case YPPASSWDPROC_UPDATE:
|
||||
xdr_argument = xdr_yppasswd;
|
||||
xdr_result = xdr_int;
|
||||
xdr_argument = (xdrproc_t) xdr_yppasswd;
|
||||
xdr_result = (xdrproc_t) xdr_int;
|
||||
local = (char *(*)()) yppasswdproc_pwupdate_1;
|
||||
break;
|
||||
|
||||
@ -71,7 +72,8 @@ yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp)
|
||||
return;
|
||||
}
|
||||
result = (*local)(&argument, rqstp);
|
||||
if (result != NULL && !svc_sendreply(transp, xdr_result, result)) {
|
||||
if (result != NULL
|
||||
&& !svc_sendreply(transp, (xdrproc_t)xdr_result, result)) {
|
||||
svcerr_systemerr(transp);
|
||||
}
|
||||
if (!svc_freeargs(transp, xdr_argument, &argument)) {
|
||||
@ -90,17 +92,26 @@ usage(FILE *fp, int n)
|
||||
void
|
||||
reaper( int sig )
|
||||
{
|
||||
wait(NULL);
|
||||
extern pid_t pid;
|
||||
extern int pstat;
|
||||
|
||||
pid = waitpid(pid, &pstat, 0);
|
||||
}
|
||||
|
||||
void
|
||||
install_reaper( void )
|
||||
install_reaper( int on )
|
||||
{
|
||||
struct sigaction act, oact;
|
||||
|
||||
act.sa_handler = reaper;
|
||||
act.sa_mask = 0;
|
||||
act.sa_flags = SA_RESTART;
|
||||
if (on) {
|
||||
act.sa_handler = reaper;
|
||||
sigemptyset(&act.sa_mask);
|
||||
act.sa_flags = SA_RESTART;
|
||||
} else {
|
||||
act.sa_handler = SIG_DFL;
|
||||
sigemptyset(&act.sa_mask);
|
||||
act.sa_flags = SA_RESTART;
|
||||
}
|
||||
sigaction( SIGCHLD, &act, &oact );
|
||||
}
|
||||
|
||||
@ -144,27 +155,16 @@ main(int argc, char **argv)
|
||||
usage(stderr, 1);
|
||||
}
|
||||
|
||||
#ifndef RPC_SVC_FG
|
||||
/* We first fork off a child. */
|
||||
if ((c = fork()) > 0)
|
||||
exit(0);
|
||||
if (c < 0) {
|
||||
fprintf(stderr, "yppasswdd: cannot fork: %s\n", strerror(errno));
|
||||
exit(-1);
|
||||
}
|
||||
/* Now we remove ourselves from the foreground. */
|
||||
(void) close(0);
|
||||
(void) close(1);
|
||||
(void) close(2);
|
||||
#ifdef TIOCNOTTY
|
||||
if ((c = open("/dev/tty", O_RDWR)) >= 0) {
|
||||
(void) ioctl(c, TIOCNOTTY, (char *) NULL);
|
||||
(void) close(c);
|
||||
}
|
||||
#else
|
||||
setsid();
|
||||
#endif
|
||||
#endif /* not RPC_SVC_FG */
|
||||
if (daemon(0,0)) {
|
||||
perror("fork");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* We can call this here since it does some necessary setup
|
||||
* for us (blocking signals, setting resourse limits, etc.
|
||||
*/
|
||||
pw_init();
|
||||
|
||||
/* Initialize logging.
|
||||
*/
|
||||
@ -172,7 +172,7 @@ main(int argc, char **argv)
|
||||
|
||||
/* Register a signal handler to reap children after they terminated
|
||||
*/
|
||||
install_reaper();
|
||||
install_reaper(1);
|
||||
|
||||
/*
|
||||
* Create the RPC server
|
||||
|
@ -2,6 +2,26 @@
|
||||
#
|
||||
# This script is invoked by yppasswdd to update the password
|
||||
# maps after the master password file has been modified.
|
||||
# Comment out the LOG=yes line to disable logging.
|
||||
#
|
||||
|
||||
LOG=yes
|
||||
LOGFILE=/var/yp/ypupdate.log
|
||||
|
||||
umask 077
|
||||
cd /var/yp; /usr/bin/make
|
||||
|
||||
if [ ! -f $LOGFILE ];
|
||||
then
|
||||
/usr/bin/touch $LOGFILE
|
||||
echo "# Edit /usr/libexec/yppwupdate to disable" >> $LOGFILE
|
||||
echo "# logging to this file from yppasswdd." >> $LOGFILE
|
||||
echo -n "# Log started on: " >> $LOGFILE
|
||||
/bin/date >> $LOGFILE
|
||||
fi
|
||||
|
||||
if [ ! $LOG ];
|
||||
then
|
||||
cd /var/yp; /usr/bin/make MASTER_PASSWD=$1
|
||||
else
|
||||
cd /var/yp; /usr/bin/make MASTER_PASSWD=$1 >> $LOGFILE
|
||||
fi
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# Makefile for the NIS databases
|
||||
#
|
||||
# $Id: Makefile.yp,v 1.6 1995/04/02 01:53:47 wpaul Exp $
|
||||
# $Id: Makefile.yp,v 1.8 1995/06/18 16:08:15 wpaul Exp $
|
||||
#
|
||||
# This Makefile should only be run on the NIS master server of a domain.
|
||||
# All updated maps will be pushed to all NIS slave servers listed in the
|
||||
@ -55,10 +55,16 @@ YPMAPDIR = $(YPDIR)/$(DOMAINNAME)
|
||||
# real password database is not used by default. However, you may use
|
||||
# the real /etc/passwd and /etc/master.passwd files by:
|
||||
#
|
||||
# - editing this Makefile
|
||||
#
|
||||
# - invoking yppasswdd without the -m option (yppasswdd will use
|
||||
# /etc/master.passwd if no alternate master.passwd file is specified
|
||||
# and do a 'pwd_mkdb' as needed).
|
||||
# - Specifying the location of the master.passwd file using the
|
||||
# MASTER_PASSWD variable, i.e.:
|
||||
#
|
||||
# # make MASTER_PASSWD=/path/to/some/other/master.passwd
|
||||
#
|
||||
# - (optionally): editing this Makefile to change the default location.
|
||||
#
|
||||
# To add a user, edit $(YPDIR)/master.passwd and type 'make'. The raw
|
||||
# passwd file will be generated from the master.passwd file automagically.
|
||||
@ -73,12 +79,17 @@ SERVICES = $(YPSRCDIR)/services
|
||||
GROUP = $(YPSRCDIR)/group
|
||||
NETGROUP = $(YPSRCDIR)/netgroup
|
||||
PASSWD = $(YPDIR)/passwd
|
||||
.if !defined(MASTER_PASSWD)
|
||||
MASTER = $(YPDIR)/master.passwd
|
||||
.else
|
||||
MASTER = $(MASTER_PASSWD)
|
||||
.endif
|
||||
YPSERVERS = $(YPDIR)/ypservers # List of all NIS servers for a domain
|
||||
|
||||
target:
|
||||
target:
|
||||
@if [ ! -d $(DOMAINNAME) ]; then mkdir $(DOMAINNAME); fi; \
|
||||
cd $(DOMAINNAME) ; make -f ../Makefile all
|
||||
cd $(DOMAINNAME) ; echo "NIS Map update started on `date`" ; \
|
||||
make -f ../Makefile all; echo "NIS Map update completed."
|
||||
|
||||
# If you don't want some of these maps built, feel free to comment
|
||||
# them out from this list.
|
||||
@ -86,8 +97,9 @@ target:
|
||||
# since /etc/ethers and /etc/bootparams are not likely to be present
|
||||
# on all systems.
|
||||
#
|
||||
all: master.passwd passwd hosts group networks protocols rpc services \
|
||||
servers netid # netgroup ethers bootparam
|
||||
|
||||
all: master.passwd passwd hosts group networks protocols \
|
||||
rpc services servers netid # netgroup ethers bootparam
|
||||
|
||||
ethers: ethers.byname ethers.byaddr
|
||||
bootparam: bootparams
|
||||
@ -155,6 +167,7 @@ netgroup: $(NETGROUP)
|
||||
-o $(YPMAPDIR)/$@ - $@
|
||||
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
|
||||
@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
|
||||
@$(MAKE) -f ../Makefile netid
|
||||
|
||||
|
||||
hosts.byname: $(HOSTS)
|
||||
@ -166,7 +179,7 @@ hosts.byname: $(HOSTS)
|
||||
-o $(YPMAPDIR)/$@ - $@
|
||||
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
|
||||
@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
|
||||
|
||||
@$(MAKE) -f ../Makefile netid
|
||||
|
||||
hosts.byaddr: $(HOSTS)
|
||||
@echo "Updating $@..."
|
||||
@ -176,6 +189,7 @@ hosts.byaddr: $(HOSTS)
|
||||
| $(DBLOAD) -i $(HOSTS) -o $(YPMAPDIR)/$@ - $@
|
||||
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
|
||||
@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
|
||||
@$(MAKE) -f ../Makefile netid
|
||||
|
||||
|
||||
networks.byname: $(NETWORKS)
|
||||
@ -284,7 +298,6 @@ passwd.byname: $(PASSWD)
|
||||
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
|
||||
@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
|
||||
|
||||
|
||||
passwd.byuid: $(PASSWD)
|
||||
@echo "Updating $@..."
|
||||
$(RM) $@
|
||||
@ -293,6 +306,7 @@ passwd.byuid: $(PASSWD)
|
||||
| $(DBLOAD) -i $(PASSWD) -o $(YPMAPDIR)/$@ - $@
|
||||
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
|
||||
@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
|
||||
@$(MAKE) -f ../Makefile netid
|
||||
|
||||
|
||||
group.byname: $(GROUP)
|
||||
@ -313,6 +327,7 @@ group.bygid: $(GROUP)
|
||||
| $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
|
||||
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
|
||||
@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
|
||||
@$(MAKE) -f ../Makefile netid
|
||||
|
||||
|
||||
netid.byname: $(GROUP) $(PASSWD)
|
||||
|
@ -325,11 +325,12 @@ int main(int argc, char **argv)
|
||||
sigaction(SIGPIPE, NULL, &sa);
|
||||
sa.sa_handler = SIG_IGN;
|
||||
sa.sa_flags |= SA_RESTART;
|
||||
sigemptyset(&sa.sa_mask);
|
||||
sigaction(SIGPIPE, &sa, NULL);
|
||||
sigaction(SIGCHLD, NULL, &sa);
|
||||
sa.sa_flags |= SA_RESTART;
|
||||
sa.sa_handler = reapchild;
|
||||
sa.sa_mask = sigmask(SIGCHLD);
|
||||
sigemptyset(&sa.sa_mask);
|
||||
sigaction(SIGCHLD, &sa, NULL);
|
||||
|
||||
(void) pmap_unset(YPPROG, YPVERS);
|
||||
|
Loading…
Reference in New Issue
Block a user