1 files changed, 241 insertions, 0 deletions
diff --git a/chpass/pw_yp.c b/chpass/pw_yp.c
new file mode 100644
index 0000000..6fd87f5
--- /dev/null
+++ b/chpass/pw_yp.c
@@ -0,0 +1,241 @@
+/*
+ * Copyright (c) 1995
+ *	Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * NIS interface routines for chpass
+ * 
+ * Written by Bill Paul <wpaul@ctr.columbia.edu>
+ * Center for Telecommunications Research
+ * Columbia University, New York City
+ *
+ *	$Id$
+ */
+
+#ifdef YP
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>  
+#include <netdb.h>
+#include <time.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+#include <err.h>
+#include <unistd.h>
+#include <db.h>
+#include <fcntl.h>
+#include <utmp.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <limits.h>
+#include <rpc/rpc.h>
+#include <rpcsvc/yp_prot.h>
+#include <rpcsvc/ypclnt.h>
+#include <rpcsvc/yppasswd.h>
+#include <pw_util.h>
+#include "pw_yp.h"
+
+#define PERM_SECURE (S_IRUSR|S_IWUSR)
+HASHINFO openinfo = {
+        4096,           /* bsize */
+        32,             /* ffactor */
+        256,            /* nelem */
+        2048 * 1024,    /* cachesize */
+        NULL,           /* hash */
+        0,              /* lorder */
+};
+
+int _use_yp = 0;
+
+/*
+ * Check if the user we're working with is local or in NIS.
+ */
+int use_yp (user)
+char *user;
+{
+	int yp_enabled = 0, user_not_local = 0, exists = 0;
+	DB *dbp;
+	DBT key,data;
+	char bf[UT_NAMESIZE + 2];
+
+	if ((dbp = dbopen(_PATH_MP_DB, O_RDONLY, PERM_SECURE,
+			DB_HASH, &openinfo)) == NULL)
+			errx(1, "error opening database: %s.", _PATH_MP_DB);
+	bf[0] = _PW_KEYYPENABLED;
+	key.data = (u_char *)bf;
+	key.size = 1;
+	if (!(dbp->get)(dbp,&key,&data,0))
+		yp_enabled = 1;
+
+	bf[0] = _PW_KEYBYNAME;
+	bcopy((char *)user, bf + 1, MIN(strlen(user), UT_NAMESIZE));
+	key.data = (u_char *)bf;
+	key.size = strlen(user) + 1;
+	if ((dbp->get)(dbp,&key,&data,0))
+		user_not_local = 1;
+	
+	(dbp->close)(dbp);
+
+	if (getpwnam(user) != NULL)
+		exists = 1;
+
+	if (yp_enabled && user_not_local && exists)
+		return(1);
+	else
+		return(0);
+}
+
+/*
+ * Find the name of the NIS master server for this domain
+ * and make sure it's running yppasswdd.
+ */
+static char *get_yp_master(void)
+{
+	char *domain, *mastername;
+	int rval;
+
+	/* Get default NIS domain. */
+
+	if ((rval = yp_get_default_domain(&domain))) {
+		warnx("can't get local NIS domain name: %s",yperr_string(rval));
+		pw_error(NULL, 0, 1);
+	}
+
+	/* Get master server of passwd map. */
+
+	if ((rval = yp_master(domain, "passwd.byname", &mastername))) {
+		warnx("can't get master NIS server: %s", yperr_string(rval));
+		pw_error(NULL, 0, 1);
+	}
+
+	/* Check if yppasswdd is out there. */
+
+	if ((rval = getrpcport(mastername, YPPASSWDPROG, YPPASSWDPROC_UPDATE,
+		IPPROTO_UDP)) == 0) {
+		warnx("yppasswdd not running on NIS master server");
+		pw_error(NULL, 0, 1);
+	}
+
+	/*
+	 * Make sure it's on a reserved port.
+	 * XXX Might break with yppasswdd servers running on Solaris 2.x.
+	 */
+
+	if (rval >= IPPORT_RESERVED) {
+		warnx("yppasswdd server not running on reserved port");
+		pw_error(NULL, 0, 1);
+	}
+
+	/* Everything checks out: return the name of the server. */
+
+	return (mastername);
+}
+/*
+ * Ask the user for his NIS password and submit the new information
+ * to yppasswdd. Note that yppasswdd requires password authentication
+ * and only allows changes to existing records rather than the addition
+ * of new records. (To do actual updates we would need something like
+ * secure RPC and ypupdated, which FreeBSD doesn't have yet.) This means
+ * that the superuser cannot use chpass(1) to add new users records to
+ * the NIS password database.
+ */
+void yp_submit(pw)
+struct passwd *pw;
+{
+	struct yppasswd yppasswd;
+	CLIENT *clnt;
+	char *master, *password, *encpass;
+	int rval, status = 0;
+	struct timeval	tv;
+
+	/* Populate the yppasswd structure that gets handed to yppasswdd. */
+	/*
+	 * XXX This is done first to work around what looks like a very
+	 * strange memory corruption bug: the text fields pointed to
+	 * by the members of the 'pw' structure appear to be clobbered
+	 * after get_yp_master() returns (in particular, it happens
+	 * during getrpcport()). I don't know exactly where the problem
+	 * lies: I traced it all the way to gethostbyname(), then gave
+	 * up.
+	 */
+	yppasswd.newpw.pw_passwd = strdup(pw->pw_passwd);
+	yppasswd.newpw.pw_name = strdup(pw->pw_name);
+	yppasswd.newpw.pw_uid = pw->pw_uid;
+	yppasswd.newpw.pw_gid = pw->pw_gid;
+	yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos);
+	yppasswd.newpw.pw_dir = strdup(pw->pw_dir);
+	yppasswd.newpw.pw_shell = strdup(pw->pw_shell);
+
+	/* Get NIS master server name */
+
+	master = get_yp_master();
+
+	/* Get the user's password for authentication purposes. */
+
+	printf ("Changing NIS information for %s on %s\n",
+					yppasswd.newpw.pw_name, master);
+	encpass = (getpwnam(yppasswd.newpw.pw_name))->pw_passwd;
+	password = getpass("Please enter password: ");
+	if (strncmp(crypt(password, encpass), encpass, strlen(encpass))) {
+		warnx("Password incorrect.");
+		pw_error(NULL, 0, 1);
+	}
+
+	yppasswd.oldpass = password;	/* XXX */
+
+	/* Create a handle to yppasswdd. */
+
+	clnt = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
+	clnt->cl_auth = authunix_create_default();
+
+	/* Set a timeout and make the RPC call. */
+
+	tv.tv_sec = 20;
+	tv.tv_usec = 0;
+	rval = clnt_call(clnt, YPPASSWDPROC_UPDATE, xdr_yppasswd,
+		(char *)&yppasswd, xdr_int, (char *)&status, &tv);
+
+	/* Call failed: signal the error. */
+
+	if (rval) {
+		warnx("NIS update failed: %s", clnt_sperrno(rval));
+		pw_error(NULL, 0, 1);
+	}
+
+	/* Success. */
+
+	auth_destroy(clnt->cl_auth);
+	clnt_destroy(clnt);
+	warnx("NIS information changed on host %s", master);
+
+	return;
+}
+#endif /* YP */