Bug fix: use the use_yp() function in the chpass(1) code to determine

correctly whether a user is local or NIS (or both, or neither). If you have a user that exists locally but not in NIS, passwd(1) could get confused and try to submit the password change to NIS. (Fortunately, yppasswdd is smart enough to spot the error and reject the change.) Bug reported by: Charles Owens <owensc@enc.edu>
1995-09-02 04:02:28 +00:00 · 1995-09-02 04:02:28 +00:00 · b62f3dc428
commit b62f3dc428
parent 9219423651
3 changed files with 34 additions and 48 deletions
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@ -50,6 +50,9 @@ static char sccsid[] = "@(#)local_passwd.c	8.3 (Berkeley) 4/2/94";

 #include <pw_copy.h>
 #include <pw_util.h>
+#ifdef YP
+#include <pw_yp.h>
+#endif

 #include "extern.h"

@ -139,6 +142,10 @@ local_passwd(uname)
 	if (!(pw = getpwnam(uname)))
 		errx(1, "unknown user %s", uname);

+#ifdef YP
+	/* Use the right password information. */
+	pw = (struct passwd *)&local_password;
+#endif
 	uid = getuid();
 	if (uid && uid != pw->pw_uid)
 		errx(1, "%s", strerror(EACCES));
--- a/usr.bin/passwd/passwd.c
+++ b/usr.bin/passwd/passwd.c
@ -40,7 +40,7 @@ static char copyright[] =
 #ifndef lint
 static char sccsid[] = "From: @(#)passwd.c	8.3 (Berkeley) 4/2/94";
 static const char rcsid[] =
-	"$Id: passwd.c,v 1.4 1995/06/16 03:33:10 wpaul Exp $";
+	"$Id: passwd.c,v 1.5 1995/08/13 16:07:35 wpaul Exp $";
 #endif /* not lint */

 #include <err.h>
@ -51,13 +51,9 @@ static const char rcsid[] =

 #ifdef YP
 #include <pwd.h>
-#include <limits.h>
-#include <db.h>
-#include <fcntl.h>
-#include <utmp.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
+#include <pw_yp.h>
+char *prog_name;
+int __use_yp = 0;
 #endif

 #ifdef KERBEROS
@ -70,20 +66,6 @@ void	usage __P((void));

 int use_local_passwd = 0;

-#ifdef YP
-#define PERM_SECURE (S_IRUSR|S_IWUSR)
-int _use_yp = 0;
-char *prog_name;
-HASHINFO openinfo = {
-        4096,           /* bsize */
-        32,             /* ffactor */
-        256,            /* nelem */
-        2048 * 1024,    /* cachesize */
-        NULL,           /* hash */
-        0,              /* lorder */
-};
-#endif
-
 int
 main(argc, argv)
 	int argc;
@ -110,11 +92,9 @@ main(argc, argv)
 #endif

 #ifdef YP
-	DB *dbp;
-	DBT key,data;
-	char bf[UT_NAMESIZE + 2];
+	int res = 0;

-	if (strstr(argv[0], (prog_name = "yppasswd"))) _use_yp = 1;
+	if (strstr(argv[0], (prog_name = "yppasswd"))) __use_yp = 1;
 #endif

 	while ((ch = getopt(argc, argv, OPTIONS)) != EOF) {
@ -135,7 +115,7 @@ main(argc, argv)
 #endif /* KERBEROS */
 #ifdef	YP
 		case 'y':			/* Change NIS password */
-			_use_yp = 1;
+			__use_yp = 1;
 			break;
 #endif
 		default:
@ -165,36 +145,28 @@ main(argc, argv)
 	 * If NIS is turned on in the password database, use it, else punt.
 	 */
 #ifdef KERBEROS
-	if (iflag == NULL && rflag == NULL && uflag == NULL) {
+	if (__use_yp || (iflag == NULL && rflag == NULL && uflag == NULL)) {
 #endif
-		if ((dbp = dbopen(_PATH_MP_DB, O_RDONLY, PERM_SECURE,
-				DB_HASH, &openinfo)) == NULL)
-			errx(1, "error opening database: %s.", _PATH_MP_DB);
-
-		bf[0] = _PW_KEYYPENABLED;
-		key.data = (u_char *)bf;
-		key.size = 1;
-		if ((dbp->get)(dbp,&key,&data,0))
-			(dbp->close)(dbp);
-		else {
+		res = use_yp(uname);
+		if (res == USER_YP_ONLY) {
 			if (!use_local_passwd) {
-				(dbp->close)(dbp);
 				exit(yp_passwd(uname));
 			} else {
 			/*
 			 * Reject -l flag if NIS is turned on and the user
 			 * doesn't exist in the local password database.
 			 */
-				bf[0] = _PW_KEYBYNAME;
-				bcopy(uname, bf + 1, MIN(strlen(uname), UT_NAMESIZE));
-				key.data = (u_char *)bf;
-				key.size = strlen(uname) + 1;
-				if ((dbp->get)(dbp,&key,&data,0)) {
-					(dbp->close)(dbp);
-					errx(1, "unknown local user: %s.", uname);
-				}
-			(dbp->close)(dbp);
+				errx(1, "unknown local user: %s.", uname);
 			}
+		} else if (res == USER_LOCAL_ONLY) {
+			/*
+			 * Reject -y flag if user only exists locally.
+			 */
+			if (__use_yp)
+				errx(1, "unknown NIS user: %s.", uname);
+		} else if (res == USER_YP_AND_LOCAL) {
+			if (!use_local_passwd)
+				exit(yp_passwd(uname));
 		}
 #ifdef KERBEROS
 	}
--- a/usr.bin/passwd/yp_passwd.c
+++ b/usr.bin/passwd/yp_passwd.c
@ -1,6 +1,7 @@
 /*
 * Copyright (c) 1992/3 Theo de Raadt <deraadt@fsa.ca>
 * Copyright (c) 1994 Olaf Kirch <okir@monad.swb.de>
+ * Copyright (c) 1995 Bill Paul <wpaul@ctr.columbia.edu>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@ -28,6 +29,7 @@
 * SUCH DAMAGE.
 */

+#ifdef YP
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -42,6 +44,7 @@
 #include <rpcsvc/yp_prot.h>
 #include <rpcsvc/ypclnt.h>
 #include <rpcsvc/yppasswd.h>
+#include <pw_yp.h>

 extern char *prog_name;
 uid_t	uid;
@ -116,6 +119,9 @@ yp_passwd(char *user)
      }
  }

+  /* Use the correct password */
+  pw = (struct passwd *)&yp_password;
+
  /* Initialize password information */
  yppasswd.newpw.pw_passwd = pw->pw_passwd;
  yppasswd.newpw.pw_name = pw->pw_name;
@ -172,3 +178,4 @@ yp_passwd(char *user)
  clnt_destroy( clnt );
  exit ((err || status) != 0);
 }
+#endif /* YP */