From d565512ed50cfac90dc81990ece288013b474c7f Mon Sep 17 00:00:00 2001 From: Bill Paul Date: Mon, 12 Feb 1996 14:50:23 +0000 Subject: [PATCH] Toss the old yppasswdd into the attic. --- gnu/usr.sbin/yppasswdd/Makefile | 19 --- gnu/usr.sbin/yppasswdd/pw_copy.c | 119 ----------------- gnu/usr.sbin/yppasswdd/pw_util.c | 178 ------------------------- gnu/usr.sbin/yppasswdd/update.c | 195 ---------------------------- gnu/usr.sbin/yppasswdd/yppasswd.h | 57 -------- gnu/usr.sbin/yppasswdd/yppasswdd.8 | 199 ---------------------------- gnu/usr.sbin/yppasswdd/yppasswdd.c | 201 ----------------------------- gnu/usr.sbin/yppasswdd/yppwupdate | 27 ---- 8 files changed, 995 deletions(-) delete mode 100644 gnu/usr.sbin/yppasswdd/Makefile delete mode 100644 gnu/usr.sbin/yppasswdd/pw_copy.c delete mode 100644 gnu/usr.sbin/yppasswdd/pw_util.c delete mode 100644 gnu/usr.sbin/yppasswdd/update.c delete mode 100644 gnu/usr.sbin/yppasswdd/yppasswd.h delete mode 100644 gnu/usr.sbin/yppasswdd/yppasswdd.8 delete mode 100644 gnu/usr.sbin/yppasswdd/yppasswdd.c delete mode 100644 gnu/usr.sbin/yppasswdd/yppwupdate diff --git a/gnu/usr.sbin/yppasswdd/Makefile b/gnu/usr.sbin/yppasswdd/Makefile deleted file mode 100644 index 499405f675fe..000000000000 --- a/gnu/usr.sbin/yppasswdd/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -# $Id: Makefile,v 1.6 1995/07/19 17:44:32 wpaul Exp $ -# @(#)Makefile 8.3 (Berkeley) 4/2/94 - -PROG= yppasswdd -MAN8= yppasswdd.8 - -SRCS= yppasswdd.c update.c pw_copy.c pw_util.c - -LDADD= -lcrypt -lrpcsvc -CFLAGS+=-DCRYPT -I${.CURDIR} -I${.CURDIR}/../../../usr.sbin/vipw \ - -I${.CURDIR}/../../../usr.bin/chpass -CFLAGS+=-DVERSION=\"0.7\" -DYPLIBDIR=\"/usr/libexec\" -D_GNU_SOURCE - -afterinstall: - ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \ - ${.CURDIR}/yppwupdate \ - ${DESTDIR}/usr/libexec/yppwupdate - -.include diff --git a/gnu/usr.sbin/yppasswdd/pw_copy.c b/gnu/usr.sbin/yppasswdd/pw_copy.c deleted file mode 100644 index df857e3f382c..000000000000 --- a/gnu/usr.sbin/yppasswdd/pw_copy.c +++ /dev/null @@ -1,119 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -static char sccsid[] = "@(#)pw_copy.c 8.4 (Berkeley) 4/2/94"; -#endif /* not lint */ - -/* - * This module is used to copy the master password file, replacing a single - * record, by chpass(1) and passwd(1). - */ - -#include -#include -#include -#include -#include - -#include - -int pw_copy __P((int, int, struct passwd *)); - -extern char *tempname; -extern char *passfile; - -int -pw_copy(ffd, tfd, pw) - int ffd, tfd; - struct passwd *pw; -{ - FILE *from, *to; - int done; - char *p, buf[8192]; - - if (!(from = fdopen(ffd, "r"))) { - pw_error(passfile, 1, 1); - return(-1); - } - if (!(to = fdopen(tfd, "w"))) { - pw_error(tempname, 1, 1); - return(-1); - } - for (done = 0; fgets(buf, sizeof(buf), from);) { - if (!strchr(buf, '\n')) { - syslog(LOG_ERR, "%s: line too long", passfile); - pw_error(NULL, 0, 1); - goto err; - } - if (done) { - (void)fprintf(to, "%s", buf); - if (ferror(to)) - goto err; - continue; - } - if (!(p = strchr(buf, ':'))) { - syslog(LOG_ERR, "%s: corrupted entry", passfile); - pw_error(NULL, 0, 1); - goto err; - } - *p = '\0'; - if (strcmp(buf, pw->pw_name)) { - *p = ':'; - (void)fprintf(to, "%s", buf); - if (ferror(to)) - goto err; - continue; - } - (void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n", - pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid, - pw->pw_class, pw->pw_change, pw->pw_expire, pw->pw_gecos, - pw->pw_dir, pw->pw_shell); - done = 1; - if (ferror(to)) - goto err; - } - if (!done) { - syslog(LOG_ERR, "user \"%s\" not found in %s -- NIS maps and password file possibly out of sync", pw->pw_name, passfile); - goto err; - } - if (ferror(to)) { -err: pw_error(NULL, 1, 1); - (void)fclose(to); - (void)fclose(from); - return(-1); - } - (void)fclose(to); - (void)fclose(from); - return(0); -} diff --git a/gnu/usr.sbin/yppasswdd/pw_util.c b/gnu/usr.sbin/yppasswdd/pw_util.c deleted file mode 100644 index 4ab3ce80e955..000000000000 --- a/gnu/usr.sbin/yppasswdd/pw_util.c +++ /dev/null @@ -1,178 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -static char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; -#endif /* not lint */ - -/* - * This file is used by all the "password" programs; vipw(8), chpass(1), - * and passwd(1). - */ - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -extern void reaper __P((int)); -extern void install_reaper __P((int)); -extern char *tempname; -extern char *passfile; -int pstat; -pid_t pid; - -void -pw_init() -{ - struct rlimit rlim; - - /* Unlimited resource limits. */ - rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY; - (void)setrlimit(RLIMIT_CPU, &rlim); - (void)setrlimit(RLIMIT_FSIZE, &rlim); - (void)setrlimit(RLIMIT_STACK, &rlim); - (void)setrlimit(RLIMIT_DATA, &rlim); - (void)setrlimit(RLIMIT_RSS, &rlim); - - /* Don't drop core (not really necessary, but GP's). */ - rlim.rlim_cur = rlim.rlim_max = 0; - (void)setrlimit(RLIMIT_CORE, &rlim); - - /* Turn off signals. */ - (void)signal(SIGALRM, SIG_IGN); - (void)signal(SIGHUP, SIG_IGN); - (void)signal(SIGINT, SIG_IGN); - (void)signal(SIGPIPE, SIG_IGN); - (void)signal(SIGQUIT, SIG_IGN); - (void)signal(SIGTSTP, SIG_IGN); - (void)signal(SIGTTOU, SIG_IGN); - - /* Create with exact permissions. */ - (void)umask(0); -} - -static int lockfd; - -int -pw_lock() -{ - /* - * If the master password file doesn't exist, the system is hosed. - * Might as well try to build one. Set the close-on-exec bit so - * that users can't get at the encrypted passwords while editing. - * Open should allow flock'ing the file; see 4.4BSD. XXX - */ - lockfd = open(passfile, O_RDONLY, 0); - if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) { - syslog(LOG_NOTICE, "%s: %s", passfile, strerror(errno)); - return (-1); - } - if (flock(lockfd, LOCK_EX|LOCK_NB)) { - syslog(LOG_NOTICE, "%s: the password db file is busy", passfile); - return(-1); - } - return (lockfd); -} - -int -pw_tmp() -{ - static char path[MAXPATHLEN]; - int fd; - char *p; - - sprintf(path,"%s",passfile); - if ((p = strrchr(path, '/'))) - ++p; - else - p = path; - strcpy(p, "pw.XXXXXX"); - if ((fd = mkstemp(path)) == -1) { - syslog(LOG_ERR, "%s: %s", path, strerror(errno)); - return(-1); - } - tempname = path; - return (fd); -} - -int -pw_mkdb() -{ - - syslog(LOG_NOTICE, "rebuilding the database..."); - (void)fflush(stderr); - /* Temporarily turn off SIGCHLD catching */ - install_reaper(0); - if (!(pid = vfork())) { - execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", tempname, NULL); - pw_error(_PATH_PWD_MKDB, 1, 1); - return(-1); - } - /* Handle this ourselves. */ - reaper(SIGCHLD); - /* Put the handler back. Foo. */ - install_reaper(1); - if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) { - return (-1); - } - syslog(LOG_NOTICE, "done"); - return (0); -} - -void -pw_error(name, err, eval) - char *name; - int err, eval; -{ - if (err && name != NULL) - syslog(LOG_ERR, "%s", name); - - syslog(LOG_NOTICE,"%s: unchanged", passfile); - (void)unlink(tempname); -} diff --git a/gnu/usr.sbin/yppasswdd/update.c b/gnu/usr.sbin/yppasswdd/update.c deleted file mode 100644 index a8b4f2003b57..000000000000 --- a/gnu/usr.sbin/yppasswdd/update.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * yppasswdd - * Copyright 1994 Olaf Kirch, - * - * This program is covered by the GNU General Public License, version 2. - * It is provided in the hope that it is useful. However, the author - * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include "yppasswd.h" - -char *tempname, *passfile; -extern int *allow_chfn, *allow_chsh; -extern int pid; -extern int pw_copy __P((int, int, struct passwd *)); -extern int pw_lock __P((void)); -extern int pw_mkdb __P((void)); -extern int pw_tmp __P((void)); - -#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr) -#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port) -void reaper( int sig ); - -/*===============================================================* - * Argument validation. Avoid \n... (ouch). - * We can't use isprint, because people may use 8bit chars which - * aren't recognized as printable in the default locale. - *===============================================================*/ -static int -validate_string(char *str) -{ - while (*str && !iscntrl(*str)) str++; - return (*str == '\0'); -} - -static int -validate_args(struct xpasswd *pw) -{ - if (pw->pw_name[0] == '-' || pw->pw_name[0] == '+') { - syslog(LOG_ALERT, "attempt to modify NIS passwd entry \"%s\"", - pw->pw_name); - } - - return validate_string(pw->pw_passwd) - && validate_string(pw->pw_shell) - && validate_string(pw->pw_gecos); -} - -/*===============================================================* - * The passwd update handler - *===============================================================*/ -int * -yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp) -{ - struct xpasswd *newpw; /* passwd struct passed by the client */ - struct passwd *pw; /* passwd struct obtained from getpwent() */ - int chsh = 0, chfn = 0; - static int res; - char logbuf[255]; - int pfd, tfd; - char *passfile_hold; - char template[] = "/tmp/yppwtmp.XXXXX"; - - newpw = &yppw->newpw; - res = 1; - - sprintf( logbuf, "update %.12s (uid=%d) from host %s", - yppw->newpw.pw_name, - yppw->newpw.pw_uid, - inet_ntoa(xprt_addr(rqstp->rq_xprt))); - - if (!validate_args(newpw)) { - syslog ( LOG_ALERT, "%s failed", logbuf ); - syslog ( LOG_ALERT, "Invalid characters in argument. " - "Possible spoof attempt?" ); - return &res; - } - - /* Check if the user exists - */ - if (!(pw = getpwnam(yppw->newpw.pw_name))) { - syslog ( LOG_WARNING, "%s failed", logbuf ); - syslog ( LOG_WARNING, "User not in password file." ); - return (&res); - } - - /* Check the password. - */ - if (strcmp(crypt(yppw->oldpass, pw->pw_passwd), pw->pw_passwd)) { - syslog ( LOG_WARNING, "%s rejected", logbuf ); - syslog ( LOG_WARNING, "Invalid password." ); - sleep(1); - return(&res); - } - - /* set the new passwd, shell, and full name - */ - pw->pw_change = 0; - pw->pw_passwd = newpw->pw_passwd; - - if (allow_chsh) { - chsh = (strcmp(pw->pw_shell, newpw->pw_shell) != 0); - pw->pw_shell = newpw->pw_shell; - } - - if (allow_chfn) { - chfn = (strcmp(pw->pw_gecos, newpw->pw_gecos) != 0); - pw->pw_gecos = newpw->pw_gecos; - } - - /* - * Bail if locking the password file or temp file creation fails. - * (These operations should log their own failure messages if need be, - * so we don't have to log their failures here.) - */ - if ((pfd = pw_lock()) < 0) - return &res; - if ((tfd = pw_tmp()) < 0) - return &res; - - /* Placeholder in case we need to put the old password file back. */ - passfile_hold = mktemp((char *)&template); - - /* - * Copy the password file to the temp file, - * inserting new passwd entry along the way. - */ - if (pw_copy(pfd, tfd, pw) < 0) { - syslog(LOG_ERR, "%s > %s: copy failed. Cleaning up.", - tempname, passfile); - unlink(tempname); - return (&res); - } - - rename(passfile, passfile_hold); - if (strcmp(passfile, _PATH_MASTERPASSWD)) { - rename(tempname, passfile); - } - else - if (pw_mkdb() < 0) { - syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf ); - return(&res); - } - - /* Fork off process to rebuild NIS passwd.* maps. If the fork - * fails, restore old passwd file and return an error. - */ - if ((pid = fork()) < 0) { - syslog( LOG_ERR, "%s failed", logbuf ); - syslog( LOG_ERR, "Couldn't fork map update process: %m" ); - unlink(passfile); - rename(passfile_hold, passfile); - if (!strcmp(passfile, _PATH_MASTERPASSWD)) - if (pw_mkdb()) { - syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf ); - return(&res); - } - - return (&res); - } - if (pid == 0) { - unlink(passfile_hold); - execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile, NULL); - syslog( LOG_ERR, "Error: couldn't exec map update process: %m" ); - exit(1); - } - - syslog (LOG_INFO, "%s successful. Password changed.", logbuf ); - if (chsh || chfn) { - syslog ( LOG_INFO, "Shell %schanged (%s), GECOS %schanged (%s).", - chsh? "" : "un", newpw->pw_shell, - chfn? "" : "un", newpw->pw_gecos ); - } - - res = 0; - return (&res); -} diff --git a/gnu/usr.sbin/yppasswdd/yppasswd.h b/gnu/usr.sbin/yppasswdd/yppasswd.h deleted file mode 100644 index 4f879ceceed0..000000000000 --- a/gnu/usr.sbin/yppasswdd/yppasswd.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * yppasswdd - * Copyright 1994 Olaf Kirch, - * - * This program is covered by the GNU General Public License, version 2. - * It is provided in the hope that it is useful. However, the author - * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. - * - * This file was generated automatically by rpcgen from yppasswd.x, and - * editied manually. - */ - -#ifndef _YPPASSWD_H_ -#define _YPPASSWD_H_ - -#define YPPASSWDPROG ((u_long)100009) -#define YPPASSWDVERS ((u_long)1) -#define YPPASSWDPROC_UPDATE ((u_long)1) - -/* - * The password struct passed by the update call. I renamed it to - * xpasswd to avoid a type clash with the one defined in . - */ -typedef struct xpasswd { - char *pw_name; - char *pw_passwd; - int pw_uid; - int pw_gid; - char *pw_gecos; - char *pw_dir; - char *pw_shell; -} xpasswd; - -/* The updated password information, plus the old password. - */ -typedef struct yppasswd { - char *oldpass; - xpasswd newpw; -} yppasswd; - -/* XDR encoding/decoding routines */ -bool_t xdr_xpasswd (XDR *xdrs, xpasswd *objp); -bool_t xdr_yppasswd(XDR *xdrs, yppasswd *objp); - -/* The server procedure invoked by the main loop. */ -void yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp); - -/* Password update handler. */ -int * yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp); - -/* This command is forked to rebuild the NIS maps after a successful - * update. MAP_UPDATE is used as argv[0]. - */ -#define MAP_UPDATE "yppwupdate" -#define MAP_UPDATE_PATH YPLIBDIR "/yppwupdate" - -#endif _YPPASSWD_H_ diff --git a/gnu/usr.sbin/yppasswdd/yppasswdd.8 b/gnu/usr.sbin/yppasswdd/yppasswdd.8 deleted file mode 100644 index 7dd6c30afb1d..000000000000 --- a/gnu/usr.sbin/yppasswdd/yppasswdd.8 +++ /dev/null @@ -1,199 +0,0 @@ -.\" -.\" Copyright 1994 Olaf Kirch, -.\" -.\" This program is covered by the GNU General Public License, version 2. -.\" It is provided in the hope that it is useful. However, the author -.\" disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. -.\" -.Dd 12 December 1994 -.Dt YPPASSWDD 8 -.Sh NAME -.Nm yppasswdd -.Nd NIS password database update server -.Sh SYNOPSIS -.Nm yppasswdd -.Op Ar -m master password file -.Op Fl s -.Op Fl f -.Op Fl v -.Op Fl h -.Sh DESCRIPTION -.Nm yppasswdd -is the RPC server that lets users change their passwords -in the presence of NIS (a.k.a. YP). It must be run on the NIS master -server for that NIS domain. -.Pp -When a -.Xr yppasswd 1 -client contacts the server, it sends the old user -password along with the new one. -.Nm yppasswdd -will search the system's -NIS password database file for the specified user name, verify that the -given (old) password matches, and update the entry. If the user -specified does not exist, or if the password, UID or GID doesn't match -the information in the password file, the update request is rejected, -and an error returned to the client. -.Pp -After updating the -.Nm master.passwd -file and returning a success -notifications to the client, -.Nm yppasswdd -executes the -.Nm yppwupdate -script that updates the NIS server's -.Nm master.passwd.* -and -.Nm passwd.* -maps. This script invokes -.Nm /var/yp/Makefile -to rebuild the NIS password maps (and propagate them to NIS slave -servers if there are any in the domain). -.Sh OPTIONS -.Bl -tag -width Ds -The following options are available with -.Nm yppasswdd: -.It Fl Ar m master password file -.Nm yppasswdd -server needs to know the location of the -master.passwd file that is to be used to generate updated NIS -password maps. This file is normally kept in -.Nm /var/yp -(it must be owned by root and not world readable for security reasons). -If you move it somewhere else you'll have to tell yppasswdd using the -.Fl m -option. The location of this file is also passed to -.Nm /var/yp/Makefile -when time comes to rebuild the NIS password maps. It is recommended, -however, that you edit -.Nm /var/yp/Makefile -to reflect the new location as well. -When the server is ready to change -a password database entry, it will modify master.passwd, then -call the yppwupdate script, which will in turn call -.Nm /var/yp/Makefile. -.Pp -Without the -m option, -.Nm yppasswdd -expects to use the local -.Nm /etc/master.passwd -file on the NIS master server as the source for -regenerating the password maps (the server will rebuild the local -password databases in this case as well). -.Pp -This is less secure than -using a seperate password database to restrict access to the NIS -master server, but the functionality is provided in the event this -behavior is desired and security is not paramount (such as might be -the case on a closed local network of trusted systems). -Note that you will have to edit -.Nm /var/yp/Makefile -to use -.Nm /etc/master.passwd -instead of -.Nm /var/yp/master.passwd -if you want to use yppasswdd in this way. -.It Fl s -When invoked with the -.Fl s -flag, -.Nm yppasswdd -will allow users to change -the shell field of their NIS password entry. Without it, -.Xr yppasswd 1 -will -appear to succeed when a user tries to change shells, but yppasswdd -will not actually alter the password database. -.It Fl f -This flag works just like -.Fl s , -except it applies to the GECOS or -"fullname" field of a user's NIS password entry instead of the shell field. -Some sites may wish to restrict users' ability to change their shells or -full names for security or administrative reasons, which is why these two -options are provided. -.Sh MISCELLANEOUS -.Ss Logging -.Nm yppasswdd -logs all password update requests to -.Xr syslogd 8 -auth facility. The logging information includes the originating host's -IP address and the user name and UID contained in the request. The -user-supplied password itself is not logged. -.Ss Security -Unless I've screwed up completely (as I did with versions prior to -version 0.7), -.Nm yppasswdd -should be as secure or insecure as any -program relying on simple password authentication. If you feel that -this is not enough, you may want to protect -.Nm yppasswdd -from outside -access by using the 'securenets' feature of -.Xr portmap 8 -version 3. Better still, use Kerberos. -.Sh NOTES -.Ss FreeBSD changes -Unlike the original -.Nm yppasswdd , -the FreeBSD version has no support for -John F. Haugh II's shadow password suite. It doesn't need it: 4.4BSD's -password database system already implements shadow passwords. -.Ss Using the yppasswdd server with non-FreeBSD clients -FreeBSD's -.Nm yppasswdd -should work equally well with non-FreeBSD client machines provided a -few small changes are made to -.Nm /var/yp/Makefile. -FreeBSD's passwd.byname and passwd.byuid maps do not contain actual -encrypted passwords (just like FreeBSD's /etc/passwd file): the real -encrypted passwords are kept in master.passwd.byname and -master.passwd.byuid, which FreeBSD's NIS server will only serve to -the superuser on FreeBSD NIS clients (non-privileged users are not -permitted to access these maps). Non-FreeBSD clients will not function -properly in this situation, since they require the password fields in -the passwd.* maps to be valid. -.Pp -To use -.Nm yppasswdd -with non-FreeBSD clients, you will need to edit -.Nm /var/yp/Makefile -and uncomment the line that says 'UNSECURE=True' and run -.Xr make 1 . -This will cause -.Nm /var/yp/Makefile -to generate passwd.* maps with real passwords in them instead of -stripping them out as it does normally. -.Sh FILES -.Bl -tag -width /usr/libexec/yppwupdate -compact -.It Pa /usr/sbin/yppasswdd -The yppasswdd daemon -.It Pa /usr/libexec/yppwupdate -The NIS map update script -.It Pa /var/yp/master.passwd -NIS password map source file -.It Pa /etc/master.passwd -Raw local password database (only used when -.Fl m -option isn't supplied) -.Sh SEE ALSO -.Xr passwd 1 , -.Xr ypcat 1 , -.Xr ypchsh 1 , -.Xr ypchfn 1 , -.Xr yppasswd 1 , -.Xr passwd 5 , -.Xr ypserv 8 , -.Xr portmap 8 . -.Sh COPYRIGHT -.Nm yppasswdd -is copyright (C) Olaf Kirch. You can use and distribute it -under the GNU General Public License Version 2. -.Sh AUTHOR(S) -.br -Olaf Kirch, -.br -Charles Lopez, (shadow support) -.br -Bill Paul, (port to FreeBSD, various small changes) diff --git a/gnu/usr.sbin/yppasswdd/yppasswdd.c b/gnu/usr.sbin/yppasswdd/yppasswdd.c deleted file mode 100644 index b69333ea95b5..000000000000 --- a/gnu/usr.sbin/yppasswdd/yppasswdd.c +++ /dev/null @@ -1,201 +0,0 @@ -/* - * yppasswdd - * Copyright 1994 Olaf Kirch, - * - * This program is covered by the GNU General Public License, version 2. - * It is provided in the hope that it is useful. However, the author - * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include -#include -#include "yppasswd.h" - -extern char *optarg; -extern void pw_init __P((void)); -static char *program_name = ""; -static char *version = "yppsswdd " VERSION; -char *passfile = _PATH_MASTERPASSWD; -int allow_chfn = 0, allow_chsh = 0; - -#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr) -#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port) -void yppasswdprog_1( struct svc_req *rqstp, SVCXPRT *transp ); -void reaper( int sig ); - -/*==============================================================* - * RPC dispatch function - *==============================================================*/ -void -yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp) -{ - union { - yppasswd yppasswdproc_update_1_arg; - } argument; - char *result; - xdrproc_t xdr_argument, xdr_result; - char *(*local)(); - - switch (rqstp->rq_proc) { - case NULLPROC: - (void)svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL); - return; - - case YPPASSWDPROC_UPDATE: - xdr_argument = (xdrproc_t) xdr_yppasswd; - xdr_result = (xdrproc_t) xdr_int; - local = (char *(*)()) yppasswdproc_pwupdate_1; - break; - - default: - svcerr_noproc(transp); - return; - } - bzero((char *)&argument, sizeof(argument)); - if (!svc_getargs(transp, xdr_argument, &argument)) { - svcerr_decode(transp); - return; - } - result = (*local)(&argument, rqstp); - if (result != NULL - && !svc_sendreply(transp, (xdrproc_t)xdr_result, result)) { - svcerr_systemerr(transp); - } - if (!svc_freeargs(transp, xdr_argument, &argument)) { - (void)fprintf(stderr, "unable to free arguments\n"); - exit(1); - } -} - -static void -usage(FILE *fp, int n) -{ - fprintf (fp, "usage: %s [-m master password file] [-f] [-s] [-h] [-v]\n", program_name ); - exit(n); -} - -void -reaper( int sig ) -{ - extern pid_t pid; - extern int pstat; - - pid = waitpid(pid, &pstat, 0); -} - -void -install_reaper( int on ) -{ - struct sigaction act, oact; - - if (on) { - act.sa_handler = reaper; - sigemptyset(&act.sa_mask); - act.sa_flags = SA_RESTART; - } else { - act.sa_handler = SIG_DFL; - sigemptyset(&act.sa_mask); - act.sa_flags = SA_RESTART; - } - sigaction( SIGCHLD, &act, &oact ); -} - - -int -main(int argc, char **argv) -{ - SVCXPRT *transp; - char *sp; - int opterr; - int c; - - program_name = argv[0]; - if ((sp = strrchr(program_name, '/')) != NULL) { - program_name = ++sp; - } - - /* Parse the command line options and arguments. */ - opterr = 0; - while ((c = getopt(argc, argv, "m:fshv")) != EOF) - switch (c) { - case 'm': - passfile = strdup(optarg); - break; - case 'f': - allow_chfn = 1; - break; - case 's': - allow_chsh = 1; - break; - case 'h': - usage (stdout, 0); - break; - case 'v': - printf("%s\n", version); - exit(0); - case 0: - break; - case '?': - default: - usage(stderr, 1); - } - - if (daemon(0,0)) { - perror("fork"); - exit(1); - } - - /* - * We can call this here since it does some necessary setup - * for us (blocking signals, setting resourse limits, etc. - */ - pw_init(); - - /* Initialize logging. - */ - openlog ( "yppasswdd", LOG_PID, LOG_AUTH ); - - /* Register a signal handler to reap children after they terminated - */ - install_reaper(1); - - /* - * Create the RPC server - */ - (void)pmap_unset(YPPASSWDPROG, YPPASSWDVERS); - - transp = svcudp_create(RPC_ANYSOCK); - if (transp == NULL) { - (void)fprintf(stderr, "cannot create udp service.\n"); - exit(1); - } - if (!svc_register(transp, YPPASSWDPROG, YPPASSWDVERS, yppasswdprog_1, - IPPROTO_UDP)) { - (void)fprintf(stderr, "unable to register yppaswdd udp service.\n"); - exit(1); - } - - /* - * Run the server - */ - svc_run(); - (void)fprintf(stderr, "svc_run returned\n"); - - return 1; -} - diff --git a/gnu/usr.sbin/yppasswdd/yppwupdate b/gnu/usr.sbin/yppasswdd/yppwupdate deleted file mode 100644 index 64bd9ef5bba7..000000000000 --- a/gnu/usr.sbin/yppasswdd/yppwupdate +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# -# This script is invoked by yppasswdd to update the password -# maps after the master password file has been modified. -# Comment out the LOG=yes line to disable logging. -# - -LOG=yes -LOGFILE=/var/yp/ypupdate.log - -umask 077 - -if [ ! -f $LOGFILE ]; -then - /usr/bin/touch $LOGFILE - echo "# Edit /usr/libexec/yppwupdate to disable" >> $LOGFILE - echo "# logging to this file from yppasswdd." >> $LOGFILE - echo -n "# Log started on: " >> $LOGFILE - /bin/date >> $LOGFILE -fi - -if [ ! $LOG ]; -then - cd /var/yp; /usr/bin/make MASTER_PASSWD=$1 -else - cd /var/yp; /usr/bin/make MASTER_PASSWD=$1 >> $LOGFILE -fi