]> git.cameronkatri.com Git - pw-darwin.git/blob - chpass/pw_yp.c
git.ckatri.com / pw-darwin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Forbid adding duplicate users with the name of "0".
[pw-darwin.git] / chpass / pw_yp.c
1 /*
2 * Copyright (c) 1995
3 * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Bill Paul.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * NIS interface routines for chpass
33 *
34 * Written by Bill Paul <wpaul@ctr.columbia.edu>
35 * Center for Telecommunications Research
36 * Columbia University, New York City
37 *
38 * $FreeBSD$
39 */
40
41 #ifdef YP
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #include <netdb.h>
46 #include <time.h>
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <pwd.h>
50 #include <errno.h>
51 #include <err.h>
52 #include <unistd.h>
53 #include <db.h>
54 #include <fcntl.h>
55 #include <utmp.h>
56 #include <sys/types.h>
57 #include <sys/stat.h>
58 #include <sys/param.h>
59 #include <limits.h>
60 #include <rpc/rpc.h>
61 #include <rpcsvc/yp.h>
62 struct dom_binding {};
63 #include <rpcsvc/ypclnt.h>
64 #include <rpcsvc/yppasswd.h>
65 #include <pw_util.h>
66 #include "pw_yp.h"
67 #include "ypxfr_extern.h"
68 #include "yppasswd_private.h"
69
70 #define PERM_SECURE (S_IRUSR|S_IWUSR)
71 static HASHINFO openinfo = {
72 4096, /* bsize */
73 32, /* ffactor */
74 256, /* nelem */
75 2048 * 1024, /* cachesize */
76 NULL, /* hash */
77 0, /* lorder */
78 };
79
80 int force_old = 0;
81 int _use_yp = 0;
82 int suser_override = 0;
83 int yp_in_pw_file = 0;
84 char *yp_domain = NULL;
85 char *yp_server = NULL;
86
87 extern char *tempname;
88
89 /* Save the local and NIS password information */
90 struct passwd local_password;
91 struct passwd yp_password;
92
93 void copy_yp_pass(p, x, m)
94 char *p;
95 int x, m;
96 {
97 register char *t, *s = p;
98 static char *buf;
99
100 yp_password.pw_fields = 0;
101
102 buf = (char *)realloc(buf, m + 10);
103 bzero(buf, m + 10);
104
105 /* Turn all colons into NULLs */
106 while (strchr(s, ':')) {
107 s = (strchr(s, ':') + 1);
108 *(s - 1)= '\0';
109 }
110
111 t = buf;
112 #define EXPAND(e) e = t; while ((*t++ = *p++));
113 EXPAND(yp_password.pw_name);
114 yp_password.pw_fields |= _PWF_NAME;
115 EXPAND(yp_password.pw_passwd);
116 yp_password.pw_fields |= _PWF_PASSWD;
117 yp_password.pw_uid = atoi(p);
118 p += (strlen(p) + 1);
119 yp_password.pw_fields |= _PWF_UID;
120 yp_password.pw_gid = atoi(p);
121 p += (strlen(p) + 1);
122 yp_password.pw_fields |= _PWF_GID;
123 if (x) {
124 EXPAND(yp_password.pw_class);
125 yp_password.pw_fields |= _PWF_CLASS;
126 yp_password.pw_change = atol(p);
127 p += (strlen(p) + 1);
128 yp_password.pw_fields |= _PWF_CHANGE;
129 yp_password.pw_expire = atol(p);
130 p += (strlen(p) + 1);
131 yp_password.pw_fields |= _PWF_EXPIRE;
132 }
133 EXPAND(yp_password.pw_gecos);
134 yp_password.pw_fields |= _PWF_GECOS;
135 EXPAND(yp_password.pw_dir);
136 yp_password.pw_fields |= _PWF_DIR;
137 EXPAND(yp_password.pw_shell);
138 yp_password.pw_fields |= _PWF_SHELL;
139
140 return;
141 }
142
143 void copy_local_pass(p,m)
144 char *p;
145 int m;
146 {
147 register char *t;
148 static char *buf;
149
150 buf = (char *)realloc(buf, m + 10);
151 bzero(buf, m + 10);
152
153 t = buf;
154 EXPAND(local_password.pw_name);
155 EXPAND(local_password.pw_passwd);
156 bcopy(p, (char *)&local_password.pw_uid, sizeof(int));
157 p += sizeof(int);
158 bcopy(p, (char *)&local_password.pw_gid, sizeof(int));
159 p += sizeof(int);
160 bcopy(p, (char *)&local_password.pw_change, sizeof(time_t));
161 p += sizeof(time_t);
162 EXPAND(local_password.pw_class);
163 EXPAND(local_password.pw_gecos);
164 EXPAND(local_password.pw_dir);
165 EXPAND(local_password.pw_shell);
166 bcopy(p, (char *)&local_password.pw_expire, sizeof(time_t));
167 p += sizeof(time_t);
168 bcopy(p, (char *)&local_password.pw_fields, sizeof local_password.pw_fields);
169 p += sizeof local_password.pw_fields;
170
171 return;
172 }
173
174 /*
175 * It is not mandatory that an NIS master server also be a client.
176 * However, if the NIS master is not configured as a client, then the
177 * domain name will not be set and ypbind will not be running, so we
178 * will be unable to use the ypclnt routines inside libc. We therefore
179 * need our own magic version of yp_match() which we can use in any
180 * environment.
181 */
182 static int my_yp_match(server, domain, map, key, keylen, result, resultlen)
183 char *server;
184 char *domain;
185 char *map;
186 char *key;
187 unsigned long keylen;
188 char **result;
189 unsigned long *resultlen;
190 {
191 ypreq_key ypkey;
192 ypresp_val *ypval;
193 CLIENT *clnt;
194 static char buf[YPMAXRECORD + 2];
195
196 bzero((char *)buf, sizeof(buf));
197
198 /*
199 * Don't make this a fatal error. The inability to contact
200 * a server is, for our purposes, equivalent to not finding
201 * the record we were looking for. Letting use_yp() know
202 * that the lookup failed is sufficient.
203 */
204 if ((clnt = clnt_create(server, YPPROG,YPVERS,"udp")) == NULL) {
205 return(1);
206 #ifdef notdef
207 warnx("failed to create UDP handle: %s",
208 clnt_spcreateerror(server));
209 pw_error(tempname, 0, 1);
210 #endif
211 }
212
213 ypkey.domain = domain;
214 ypkey.map = map;
215 ypkey.key.keydat_len = keylen;
216 ypkey.key.keydat_val = key;
217
218 if ((ypval = ypproc_match_2(&ypkey, clnt)) == NULL) {
219 clnt_destroy(clnt);
220 return(1);
221 #ifdef notdef
222 warnx("%s",clnt_sperror(clnt,"YPPROC_MATCH failed"));
223 pw_error(tempname, 0, 1);
224 #endif
225 }
226
227 clnt_destroy(clnt);
228
229 if (ypval->stat != YP_TRUE) {
230 xdr_free(xdr_ypresp_val, (char *)ypval);
231 return(1);
232 #ifdef notdef
233 int stat = ypval->stat;
234 xdr_free(xdr_ypresp_val, (char *)ypval);
235 if (stat == YP_NOMAP && strstr(map, "master.passwd"))
236 return(1);
237 if (stat == YP_NOKEY)
238 return(1);
239 warnx("ypmatch failed: %s", yperr_string(ypprot_err(stat)));
240 pw_error(tempname, 0, 1);
241 #endif
242 }
243
244
245 strncpy((char *)&buf, ypval->val.valdat_val, ypval->val.valdat_len);
246
247 *result = (char *)&buf;
248 *resultlen = ypval->val.valdat_len;
249
250 xdr_free(xdr_ypresp_val, (char *)ypval);
251
252 return(0);
253 }
254
255 /*
256 * Check if the user we're working with is local or in NIS.
257 */
258 int use_yp (user, uid, which)
259 char *user;
260 uid_t uid;
261 int which; /* 0 = use username, 1 = use uid */
262 {
263 int user_local = 0, user_yp = 0, user_exists = 0;
264 DB *dbp;
265 DBT key,data;
266 char bf[UT_NAMESIZE + 2];
267 char *result;
268 char *server;
269 long resultlen;
270 char ubuf[UT_NAMESIZE + 2];
271
272 if (which) {
273 snprintf(ubuf, sizeof(ubuf), "%lu", (unsigned long)uid);
274 user = (char *)&ubuf;
275 }
276
277 /* Grope around for the user in the usual way */
278 if (which) {
279 if (getpwuid(uid) != NULL)
280 user_exists = 1;
281 } else {
282 if (getpwnam(user) != NULL)
283 user_exists = 1;
284 }
285
286 /* Now grope directly through the user database */
287 if ((dbp = dbopen(_PATH_SMP_DB, O_RDONLY, PERM_SECURE,
288 DB_HASH, &openinfo)) == NULL) {
289 warn("error opening database: %s.", _PATH_MP_DB);
290 pw_error(tempname, 0, 1);
291 }
292
293 /* Is NIS turned on */
294 bf[0] = _PW_KEYYPENABLED;
295 key.data = (u_char *)bf;
296 key.size = 1;
297 yp_in_pw_file = !(dbp->get)(dbp,&key,&data,0);
298 if (_yp_check(NULL) || (yp_domain && yp_server)) {
299 server = get_yp_master(0);
300
301 /* Is the user in the NIS passwd map */
302 if (!my_yp_match(server, yp_domain, which ? "passwd.byuid" :
303 "passwd.byname", user, strlen(user),
304 &result, &resultlen)) {
305 user_yp = user_exists = 1;
306 *(char *)(result + resultlen) = '\0';
307 copy_yp_pass(result, 0, resultlen);
308 }
309 /* Is the user in the NIS master.passwd map */
310 if (user_yp && !my_yp_match(server, yp_domain, which ?
311 "master.passwd.byuid" : "master.passwd.byname",
312 user, strlen(user),
313 &result, &resultlen)) {
314 *(char *)(result + resultlen) = '\0';
315 copy_yp_pass(result, 1, resultlen);
316 }
317 }
318
319 /* Is the user in the local password database */
320
321 bf[0] = which ? _PW_KEYBYUID : _PW_KEYBYNAME;
322 if (which)
323 bcopy((char *)&uid, bf + 1, sizeof(uid));
324 else
325 bcopy((char *)user, bf + 1, MIN(strlen(user), UT_NAMESIZE));
326 key.data = (u_char *)bf;
327 key.size = which ? sizeof(uid) + 1 : strlen(user) + 1;
328 if (!(dbp->get)(dbp,&key,&data,0)) {
329 user_local = 1;
330 copy_local_pass(data.data, data.size);
331 }
332
333 (dbp->close)(dbp);
334
335 if (user_local && user_yp && user_exists)
336 return(USER_YP_AND_LOCAL);
337 else if (!user_local && user_yp && user_exists)
338 return(USER_YP_ONLY);
339 else if (user_local && !user_yp && user_exists)
340 return(USER_LOCAL_ONLY);
341 else if (!user_exists)
342 return(USER_UNKNOWN);
343
344 return(-1);
345 }
346
347 /*
348 * Find the name of the NIS master server for this domain
349 * and make sure it's running yppasswdd.
350 */
351 char *get_yp_master(getserver)
352 int getserver;
353 {
354 char *mastername;
355 int rval, localport;
356 struct stat st;
357 char *sockname = YP_SOCKNAME;
358
359 /*
360 * Sometimes we are called just to probe for rpc.yppasswdd and
361 * set the suser_override flag. Just return NULL and leave
362 * suser_override at 0 if _use_yp doesn't indicate that NIS is
363 * in use and we weren't called from use_yp() itself.
364 * Without this check, we might try probing and fail with an NIS
365 * error in non-NIS environments.
366 */
367 if ((_use_yp == USER_UNKNOWN || _use_yp == USER_LOCAL_ONLY) &&
368 getserver)
369 return(NULL);
370
371 /* Get default NIS domain. */
372
373 if (yp_domain == NULL && (rval = yp_get_default_domain(&yp_domain))) {
374 warnx("can't get local NIS domain name: %s",yperr_string(rval));
375 pw_error(tempname, 0, 1);
376 }
377
378 /* Get master server of passwd map. */
379
380 if ((mastername = ypxfr_get_master(yp_domain, "passwd.byname",
381 yp_server, yp_server ? 0 : 1)) == NULL) {
382 warnx("can't get name of master NIS server");
383 pw_error(tempname, 0, 1);
384 }
385
386 if (!getserver)
387 return(mastername);
388
389 /* Check if yppasswdd is out there. */
390
391 if ((rval = getrpcport(mastername, YPPASSWDPROG, YPPASSWDPROC_UPDATE,
392 IPPROTO_UDP)) == 0) {
393 warnx("rpc.yppasswdd is not running on the NIS master server");
394 pw_error(tempname, 0, 1);
395 }
396
397 /*
398 * Make sure it's on a reserved port.
399 * XXX Might break with yppasswdd servers running on Solaris 2.x.
400 */
401
402 if (rval >= IPPORT_RESERVED) {
403 warnx("rpc.yppasswdd server not running on reserved port");
404 pw_error(tempname, 0, 1);
405 }
406
407 /* See if _we_ are the master server. */
408 if (!force_old && !getuid() && (localport = getrpcport("localhost",
409 YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP)) != 0) {
410 if (localport == rval && stat(sockname, &st) != -1) {
411 suser_override = 1;
412 mastername = "localhost";
413 }
414 }
415
416 /* Everything checks out: return the name of the server. */
417
418 return (mastername);
419 }
420
421 /*
422 * Ask the user for his NIS password and submit the new information
423 * to yppasswdd. Note that rpc.yppasswdd requires password authentication
424 * and only allows changes to existing records rather than the addition
425 * of new records. (To do actual updates we would need something like
426 * secure RPC and ypupdated, which FreeBSD doesn't have yet.) The FreeBSD
427 * rpc.yppasswdd has some special hooks to allow the superuser update
428 * information without specifying a password, however this only works
429 * for the superuser on the NIS master server.
430 */
431 void yp_submit(pw)
432 struct passwd *pw;
433 {
434 struct yppasswd yppasswd;
435 struct master_yppasswd master_yppasswd;
436 CLIENT *clnt;
437 char *master, *password;
438 int *status = NULL;
439 struct rpc_err err;
440 char *sockname = YP_SOCKNAME;
441
442 _use_yp = 1;
443
444 /* Get NIS master server name */
445
446 master = get_yp_master(1);
447
448 /* Populate the yppasswd structure that gets handed to yppasswdd. */
449
450 if (suser_override) {
451 master_yppasswd.newpw.pw_passwd = strdup(pw->pw_passwd);
452 master_yppasswd.newpw.pw_name = strdup(pw->pw_name);
453 master_yppasswd.newpw.pw_uid = pw->pw_uid;
454 master_yppasswd.newpw.pw_gid = pw->pw_gid;
455 master_yppasswd.newpw.pw_expire = pw->pw_expire;
456 master_yppasswd.newpw.pw_change = pw->pw_change;
457 master_yppasswd.newpw.pw_fields = pw->pw_fields;
458 master_yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos);
459 master_yppasswd.newpw.pw_dir = strdup(pw->pw_dir);
460 master_yppasswd.newpw.pw_shell = strdup(pw->pw_shell);
461 master_yppasswd.newpw.pw_class = pw->pw_class != NULL ?
462 strdup(pw->pw_class) : "";
463 master_yppasswd.oldpass = ""; /* not really needed */
464 master_yppasswd.domain = yp_domain;
465 } else {
466 yppasswd.newpw.pw_passwd = strdup(pw->pw_passwd);
467 yppasswd.newpw.pw_name = strdup(pw->pw_name);
468 yppasswd.newpw.pw_uid = pw->pw_uid;
469 yppasswd.newpw.pw_gid = pw->pw_gid;
470 yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos);
471 yppasswd.newpw.pw_dir = strdup(pw->pw_dir);
472 yppasswd.newpw.pw_shell = strdup(pw->pw_shell);
473 yppasswd.oldpass = "";
474 }
475
476 /* Get the user's password for authentication purposes. */
477
478 printf ("Changing NIS information for %s on %s\n",
479 pw->pw_name, master);
480
481 if (pw->pw_passwd[0] && !suser_override) {
482 password = getpass("Please enter password: ");
483 if (strncmp(crypt(password,pw->pw_passwd),
484 pw->pw_passwd,strlen(pw->pw_passwd))) {
485 warnx("Password incorrect.");
486 pw_error(tempname, 0, 1);
487 }
488 yppasswd.oldpass = password; /* XXX */
489 }
490
491 if (suser_override) {
492 /* Talk to server via AF_UNIX socket. */
493 clnt = clnt_create(sockname, MASTER_YPPASSWDPROG,
494 MASTER_YPPASSWDVERS, "unix");
495 if (clnt == NULL) {
496 warnx("failed to contact rpc.yppasswdd: %s",
497 clnt_spcreateerror(master));
498 pw_error(tempname, 0, 1);
499 }
500 } else {
501 /* Create a handle to yppasswdd. */
502
503 if ((clnt = clnt_create(master, YPPASSWDPROG,
504 YPPASSWDVERS, "udp")) == NULL) {
505 warnx("failed to contact rpc.yppasswdd: %s",
506 clnt_spcreateerror(master));
507 pw_error(tempname, 0, 1);
508 }
509 }
510
511 clnt->cl_auth = authunix_create_default();
512
513 if (suser_override)
514 status = yppasswdproc_update_master_1(&master_yppasswd, clnt);
515 else
516 status = yppasswdproc_update_1(&yppasswd, clnt);
517
518 clnt_geterr(clnt, &err);
519
520 auth_destroy(clnt->cl_auth);
521 clnt_destroy(clnt);
522
523 /* Call failed: signal the error. */
524
525 if (err.re_status != RPC_SUCCESS || status == NULL || *status) {
526 warnx("NIS update failed: %s", clnt_sperrno(err.re_status));
527 pw_error(NULL, 0, 1);
528 }
529
530 /* Success. */
531
532 if (suser_override)
533 warnx("NIS information changed on host %s, domain %s",
534 master, yp_domain);
535 else
536 warnx("NIS information changed on host %s", master);
537
538 return;
539 }
540 #endif /* YP */
A port of FreeBSDs pw for Darwin