Add extra sanity checking to the in-place update routine. Sometimes you
find two users with the same UID (i.e. root and toor), but yp_mkdb(8) forbits duplicate keys, so only one of them will end up in the *.byuid maps (probably toor, since it comes after root in the template file). If I asked rpc.yppasswdd(8) to change toor's password, it would update the *.byname maps correctly, but incorrectly modify root's entry in the *.byuid maps since the only matching record with UID=0 in those maps belongs to root. To fix this, we check that both the name and UID are correct before trying to write new entries to the maps.
This commit is contained in:
Bill Paul
parent
36be1f6be9
commit
323a8537ab
@ -29,7 +29,7 @@
|
|||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $Id: yppasswdd_server.c,v 1.7 1996/08/04 22:13:05 wpaul Exp $
|
* $Id: yppasswdd_server.c,v 1.6 1996/07/01 19:38:38 guido Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@ -61,7 +61,7 @@ struct dom_binding {};
|
|||||||
#include "yppasswd_comm.h"
|
#include "yppasswd_comm.h"
|
||||||
|
|
||||||
#ifndef lint
|
#ifndef lint
|
||||||
static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.7 1996/08/04 22:13:05 wpaul Exp $";
|
static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.6 1996/07/01 19:38:38 guido Exp $";
|
||||||
#endif /* not lint */
|
#endif /* not lint */
|
||||||
|
|
||||||
char *tempname;
|
char *tempname;
|
||||||
@ -371,6 +371,37 @@ static int update_inplace(pw, domain)
|
|||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* XXX Supposing we have more than one user with the same
|
||||||
|
* UID? (Or more than one user with the same name?) We could
|
||||||
|
* end up modifying the wrong record if were not careful.
|
||||||
|
*/
|
||||||
|
if (i % 2) {
|
||||||
|
if (strncmp(data.data, pw->pw_name,
|
||||||
|
strlen(pw->pw_name))) {
|
||||||
|
yp_error("warning: found entry for UID %d \
|
||||||
|
in map %s@%s with wrong name (%.*s)", pw->pw_uid, maps[i], domain,
|
||||||
|
ptr - (char *)data.data, data.data);
|
||||||
|
yp_error("there may be more than one user \
|
||||||
|
with the same UID - continuing");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/*
|
||||||
|
* We're really being ultra-paranoid here.
|
||||||
|
* This is generally a 'can't happen' condition.
|
||||||
|
*/
|
||||||
|
snprintf(pwbuf, sizeof(pwbuf), ":%d:%d:", pw->pw_uid,
|
||||||
|
pw->pw_gid);
|
||||||
|
if (!strstr(data.data, pwbuf)) {
|
||||||
|
yp_error("warning: found entry for user %s \
|
||||||
|
in map %s@%s with wrong UID", pw->pw_name, maps[i], domain);
|
||||||
|
yp_error("there may ne more than one user
|
||||||
|
with the same name - continuing");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (i < 2) {
|
if (i < 2) {
|
||||||
snprintf(pwbuf, sizeof(pwbuf), formats[i],
|
snprintf(pwbuf, sizeof(pwbuf), formats[i],
|
||||||
pw->pw_name, pw->pw_passwd, pw->pw_uid,
|
pw->pw_name, pw->pw_passwd, pw->pw_uid,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user