Add extra sanity checking to the in-place update routine. Sometimes you

find two users with the same UID (i.e. root and toor), but yp_mkdb(8) forbits duplicate keys, so only one of them will end up in the *.byuid maps (probably toor, since it comes after root in the template file). If I asked rpc.yppasswdd(8) to change toor's password, it would update the *.byname maps correctly, but incorrectly modify root's entry in the *.byuid maps since the only matching record with UID=0 in those maps belongs to root. To fix this, we check that both the name and UID are correct before trying to write new entries to the maps.
1996-10-23 21:46:17 +00:00 · 1996-10-23 21:46:17 +00:00 · 323a8537ab
commit 323a8537ab
parent 36be1f6be9
1 changed files with 33 additions and 2 deletions
--- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
+++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
@ -29,7 +29,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *	$Id: yppasswdd_server.c,v 1.7 1996/08/04 22:13:05 wpaul Exp $
+ *	$Id: yppasswdd_server.c,v 1.6 1996/07/01 19:38:38 guido Exp $
 */

 #include <stdio.h>
@ -61,7 +61,7 @@ struct dom_binding {};
 #include "yppasswd_comm.h"

 #ifndef lint
-static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.7 1996/08/04 22:13:05 wpaul Exp $";
+static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.6 1996/07/01 19:38:38 guido Exp $";
 #endif /* not lint */

 char *tempname;
@ -371,6 +371,37 @@ static int update_inplace(pw, domain)
 			return(1);
 		}

+		/*
+		 * XXX Supposing we have more than one user with the same
+		 * UID? (Or more than one user with the same name?) We could
+		 * end up modifying the wrong record if were not careful.
+		 */
+		if (i % 2) {
+			if (strncmp(data.data, pw->pw_name,
+							strlen(pw->pw_name))) {
+				yp_error("warning: found entry for UID %d \
+in map %s@%s with wrong name (%.*s)", pw->pw_uid, maps[i], domain,
+					ptr - (char *)data.data, data.data);
+				yp_error("there may be more than one user \
+with the same UID - continuing");
+				continue;
+			}
+		} else {
+			/*
+			 * We're really being ultra-paranoid here.
+			 * This is generally a 'can't happen' condition.
+			 */
+			snprintf(pwbuf, sizeof(pwbuf), ":%d:%d:", pw->pw_uid,
+								  pw->pw_gid);
+			if (!strstr(data.data, pwbuf)) {
+				yp_error("warning: found entry for user %s \
+in map %s@%s with wrong UID", pw->pw_name, maps[i], domain);
+				yp_error("there may ne more than one user
+with the same name - continuing");
+				continue;
+			}
+		}
+
 		if (i < 2) {
 			snprintf(pwbuf, sizeof(pwbuf), formats[i],
 			   pw->pw_name, pw->pw_passwd, pw->pw_uid,