jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-30 06:32:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Toss the old yppasswdd into the attic.

Browse Source
This commit is contained in:
Bill Paul 1996-02-12 14:50:23 +00:00
parent e4a8c82437
commit d565512ed5
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=14061
8 changed files with 0 additions and 995 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
gnu/usr.sbin/yppasswdd/Makefile
View File

@ -1,19 +0,0 @@
# $Id: Makefile,v 1.6 1995/07/19 17:44:32 wpaul Exp $
# @(#)Makefile 8.3 (Berkeley) 4/2/94
PROG= yppasswdd
MAN8= yppasswdd.8
SRCS= yppasswdd.c update.c pw_copy.c pw_util.c
LDADD= -lcrypt -lrpcsvc
CFLAGS+=-DCRYPT -I${.CURDIR} -I${.CURDIR}/../../../usr.sbin/vipw \
-I${.CURDIR}/../../../usr.bin/chpass
CFLAGS+=-DVERSION=\"0.7\" -DYPLIBDIR=\"/usr/libexec\" -D_GNU_SOURCE
afterinstall:
${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \
${.CURDIR}/yppwupdate \
${DESTDIR}/usr/libexec/yppwupdate
.include <bsd.prog.mk>

119
gnu/usr.sbin/yppasswdd/pw_copy.c
View File

@ -1,119 +0,0 @@
/*-
* Copyright (c) 1990, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static char sccsid[] = "@(#)pw_copy.c 8.4 (Berkeley) 4/2/94";
#endif /* not lint */
/*
* This module is used to copy the master password file, replacing a single
* record, by chpass(1) and passwd(1).
*/
#include <err.h>
#include <pwd.h>
#include <stdio.h>
#include <string.h>
#include <syslog.h>
#include <pw_util.h>
int pw_copy __P((int, int, struct passwd *));
extern char *tempname;
extern char *passfile;
int
pw_copy(ffd, tfd, pw)
int ffd, tfd;
struct passwd *pw;
{
FILE *from, *to;
int done;
char *p, buf[8192];
if (!(from = fdopen(ffd, "r"))) {
pw_error(passfile, 1, 1);
return(-1);
}
if (!(to = fdopen(tfd, "w"))) {
pw_error(tempname, 1, 1);
return(-1);
}
for (done = 0; fgets(buf, sizeof(buf), from);) {
if (!strchr(buf, '\n')) {
syslog(LOG_ERR, "%s: line too long", passfile);
pw_error(NULL, 0, 1);
goto err;
}
if (done) {
(void)fprintf(to, "%s", buf);
if (ferror(to))
goto err;
continue;
}
if (!(p = strchr(buf, ':'))) {
syslog(LOG_ERR, "%s: corrupted entry", passfile);
pw_error(NULL, 0, 1);
goto err;
}
*p = '\0';
if (strcmp(buf, pw->pw_name)) {
*p = ':';
(void)fprintf(to, "%s", buf);
if (ferror(to))
goto err;
continue;
}
(void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
pw->pw_class, pw->pw_change, pw->pw_expire, pw->pw_gecos,
pw->pw_dir, pw->pw_shell);
done = 1;
if (ferror(to))
goto err;
}
if (!done) {
syslog(LOG_ERR, "user \"%s\" not found in %s -- NIS maps and password file possibly out of sync", pw->pw_name, passfile);
goto err;
}
if (ferror(to)) {
err: pw_error(NULL, 1, 1);
(void)fclose(to);
(void)fclose(from);
return(-1);
}
(void)fclose(to);
(void)fclose(from);
return(0);
}

178
gnu/usr.sbin/yppasswdd/pw_util.c
View File

@ -1,178 +0,0 @@
/*-
* Copyright (c) 1990, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94";
#endif /* not lint */
/*
* This file is used by all the "password" programs; vipw(8), chpass(1),
* and passwd(1).
*/
#include <sys/param.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <paths.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <syslog.h>
#include <pw_util.h>
extern void reaper __P((int));
extern void install_reaper __P((int));
extern char *tempname;
extern char *passfile;
int pstat;
pid_t pid;
void
pw_init()
{
struct rlimit rlim;
/* Unlimited resource limits. */
rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
(void)setrlimit(RLIMIT_CPU, &rlim);
(void)setrlimit(RLIMIT_FSIZE, &rlim);
(void)setrlimit(RLIMIT_STACK, &rlim);
(void)setrlimit(RLIMIT_DATA, &rlim);
(void)setrlimit(RLIMIT_RSS, &rlim);
/* Don't drop core (not really necessary, but GP's). */
rlim.rlim_cur = rlim.rlim_max = 0;
(void)setrlimit(RLIMIT_CORE, &rlim);
/* Turn off signals. */
(void)signal(SIGALRM, SIG_IGN);
(void)signal(SIGHUP, SIG_IGN);
(void)signal(SIGINT, SIG_IGN);
(void)signal(SIGPIPE, SIG_IGN);
(void)signal(SIGQUIT, SIG_IGN);
(void)signal(SIGTSTP, SIG_IGN);
(void)signal(SIGTTOU, SIG_IGN);
/* Create with exact permissions. */
(void)umask(0);
}
static int lockfd;
int
pw_lock()
{
/*
* If the master password file doesn't exist, the system is hosed.
* Might as well try to build one. Set the close-on-exec bit so
* that users can't get at the encrypted passwords while editing.
* Open should allow flock'ing the file; see 4.4BSD. XXX
*/
lockfd = open(passfile, O_RDONLY, 0);
if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) {
syslog(LOG_NOTICE, "%s: %s", passfile, strerror(errno));
return (-1);
}
if (flock(lockfd, LOCK_EX|LOCK_NB)) {
syslog(LOG_NOTICE, "%s: the password db file is busy", passfile);
return(-1);
}
return (lockfd);
}
int
pw_tmp()
{
static char path[MAXPATHLEN];
int fd;
char *p;
sprintf(path,"%s",passfile);
if ((p = strrchr(path, '/')))
++p;
else
p = path;
strcpy(p, "pw.XXXXXX");
if ((fd = mkstemp(path)) == -1) {
syslog(LOG_ERR, "%s: %s", path, strerror(errno));
return(-1);
}
tempname = path;
return (fd);
}
int
pw_mkdb()
{
syslog(LOG_NOTICE, "rebuilding the database...");
(void)fflush(stderr);
/* Temporarily turn off SIGCHLD catching */
install_reaper(0);
if (!(pid = vfork())) {
execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", tempname, NULL);
pw_error(_PATH_PWD_MKDB, 1, 1);
return(-1);
}
/* Handle this ourselves. */
reaper(SIGCHLD);
/* Put the handler back. Foo. */
install_reaper(1);
if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) {
return (-1);
}
syslog(LOG_NOTICE, "done");
return (0);
}
void
pw_error(name, err, eval)
char *name;
int err, eval;
{
if (err && name != NULL)
syslog(LOG_ERR, "%s", name);
syslog(LOG_NOTICE,"%s: unchanged", passfile);
(void)unlink(tempname);
}

195
gnu/usr.sbin/yppasswdd/update.c
View File

@ -1,195 +0,0 @@
/*
* yppasswdd
* Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
*
* This program is covered by the GNU General Public License, version 2.
* It is provided in the hope that it is useful. However, the author
* disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
*/
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <unistd.h>
#include <ctype.h>
#include <time.h>
#include <pwd.h>
#include <syslog.h>
#include <stdio.h>
#include <string.h>
#include <rpc/rpc.h>
#include <rpc/pmap_clnt.h>
#include "yppasswd.h"
char *tempname, *passfile;
extern int *allow_chfn, *allow_chsh;
extern int pid;
extern int pw_copy __P((int, int, struct passwd *));
extern int pw_lock __P((void));
extern int pw_mkdb __P((void));
extern int pw_tmp __P((void));
#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr)
#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port)
void reaper( int sig );
/*===============================================================*
* Argument validation. Avoid \n... (ouch).
* We can't use isprint, because people may use 8bit chars which
* aren't recognized as printable in the default locale.
*===============================================================*/
static int
validate_string(char *str)
{
while (*str && !iscntrl(*str)) str++;
return (*str == '\0');
}
static int
validate_args(struct xpasswd *pw)
{
if (pw->pw_name[0] == '-' || pw->pw_name[0] == '+') {
syslog(LOG_ALERT, "attempt to modify NIS passwd entry \"%s\"",
pw->pw_name);
}
return validate_string(pw->pw_passwd)
&& validate_string(pw->pw_shell)
&& validate_string(pw->pw_gecos);
}
/*===============================================================*
* The passwd update handler
*===============================================================*/
int *
yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp)
{
struct xpasswd *newpw; /* passwd struct passed by the client */
struct passwd *pw; /* passwd struct obtained from getpwent() */
int chsh = 0, chfn = 0;
static int res;
char logbuf[255];
int pfd, tfd;
char *passfile_hold;
char template[] = "/tmp/yppwtmp.XXXXX";
newpw = &yppw->newpw;
res = 1;
sprintf( logbuf, "update %.12s (uid=%d) from host %s",
yppw->newpw.pw_name,
yppw->newpw.pw_uid,
inet_ntoa(xprt_addr(rqstp->rq_xprt)));
if (!validate_args(newpw)) {
syslog ( LOG_ALERT, "%s failed", logbuf );
syslog ( LOG_ALERT, "Invalid characters in argument. "
"Possible spoof attempt?" );
return &res;
}
/* Check if the user exists
*/
if (!(pw = getpwnam(yppw->newpw.pw_name))) {
syslog ( LOG_WARNING, "%s failed", logbuf );
syslog ( LOG_WARNING, "User not in password file." );
return (&res);
}
/* Check the password.
*/
if (strcmp(crypt(yppw->oldpass, pw->pw_passwd), pw->pw_passwd)) {
syslog ( LOG_WARNING, "%s rejected", logbuf );
syslog ( LOG_WARNING, "Invalid password." );
sleep(1);
return(&res);
}
/* set the new passwd, shell, and full name
*/
pw->pw_change = 0;
pw->pw_passwd = newpw->pw_passwd;
if (allow_chsh) {
chsh = (strcmp(pw->pw_shell, newpw->pw_shell) != 0);
pw->pw_shell = newpw->pw_shell;
}
if (allow_chfn) {
chfn = (strcmp(pw->pw_gecos, newpw->pw_gecos) != 0);
pw->pw_gecos = newpw->pw_gecos;
}
/*
* Bail if locking the password file or temp file creation fails.
* (These operations should log their own failure messages if need be,
* so we don't have to log their failures here.)
*/
if ((pfd = pw_lock()) < 0)
return &res;
if ((tfd = pw_tmp()) < 0)
return &res;
/* Placeholder in case we need to put the old password file back. */
passfile_hold = mktemp((char *)&template);
/*
* Copy the password file to the temp file,
* inserting new passwd entry along the way.
*/
if (pw_copy(pfd, tfd, pw) < 0) {
syslog(LOG_ERR, "%s > %s: copy failed. Cleaning up.",
tempname, passfile);
unlink(tempname);
return (&res);
}
rename(passfile, passfile_hold);
if (strcmp(passfile, _PATH_MASTERPASSWD)) {
rename(tempname, passfile);
}
else
if (pw_mkdb() < 0) {
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
return(&res);
}
/* Fork off process to rebuild NIS passwd.* maps. If the fork
* fails, restore old passwd file and return an error.
*/
if ((pid = fork()) < 0) {
syslog( LOG_ERR, "%s failed", logbuf );
syslog( LOG_ERR, "Couldn't fork map update process: %m" );
unlink(passfile);
rename(passfile_hold, passfile);
if (!strcmp(passfile, _PATH_MASTERPASSWD))
if (pw_mkdb()) {
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
return(&res);
}
return (&res);
}
if (pid == 0) {
unlink(passfile_hold);
execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile, NULL);
syslog( LOG_ERR, "Error: couldn't exec map update process: %m" );
exit(1);
}
syslog (LOG_INFO, "%s successful. Password changed.", logbuf );
if (chsh || chfn) {
syslog ( LOG_INFO, "Shell %schanged (%s), GECOS %schanged (%s).",
chsh? "" : "un", newpw->pw_shell,
chfn? "" : "un", newpw->pw_gecos );
}
res = 0;
return (&res);
}

57
gnu/usr.sbin/yppasswdd/yppasswd.h
View File

@ -1,57 +0,0 @@
/*
* yppasswdd
* Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
*
* This program is covered by the GNU General Public License, version 2.
* It is provided in the hope that it is useful. However, the author
* disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
*
* This file was generated automatically by rpcgen from yppasswd.x, and
* editied manually.
*/
#ifndef _YPPASSWD_H_
#define _YPPASSWD_H_
#define YPPASSWDPROG ((u_long)100009)
#define YPPASSWDVERS ((u_long)1)
#define YPPASSWDPROC_UPDATE ((u_long)1)
/*
* The password struct passed by the update call. I renamed it to
* xpasswd to avoid a type clash with the one defined in <pwd.h>.
*/
typedef struct xpasswd {
char *pw_name;
char *pw_passwd;
int pw_uid;
int pw_gid;
char *pw_gecos;
char *pw_dir;
char *pw_shell;
} xpasswd;
/* The updated password information, plus the old password.
*/
typedef struct yppasswd {
char *oldpass;
xpasswd newpw;
} yppasswd;
/* XDR encoding/decoding routines */
bool_t xdr_xpasswd (XDR *xdrs, xpasswd *objp);
bool_t xdr_yppasswd(XDR *xdrs, yppasswd *objp);
/* The server procedure invoked by the main loop. */
void yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp);
/* Password update handler. */
int * yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp);
/* This command is forked to rebuild the NIS maps after a successful
* update. MAP_UPDATE is used as argv[0].
*/
#define MAP_UPDATE "yppwupdate"
#define MAP_UPDATE_PATH YPLIBDIR "/yppwupdate"
#endif _YPPASSWD_H_

199
gnu/usr.sbin/yppasswdd/yppasswdd.8
View File

@ -1,199 +0,0 @@
.\"
.\" Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
.\"
.\" This program is covered by the GNU General Public License, version 2.
.\" It is provided in the hope that it is useful. However, the author
.\" disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
.\"
.Dd 12 December 1994
.Dt YPPASSWDD 8
.Sh NAME
.Nm yppasswdd
.Nd NIS password database update server
.Sh SYNOPSIS
.Nm yppasswdd
.Op Ar -m master password file
.Op Fl s
.Op Fl f
.Op Fl v
.Op Fl h
.Sh DESCRIPTION
.Nm yppasswdd
is the RPC server that lets users change their passwords
in the presence of NIS (a.k.a. YP). It must be run on the NIS master
server for that NIS domain.
.Pp
When a
.Xr yppasswd 1
client contacts the server, it sends the old user
password along with the new one.
.Nm yppasswdd
will search the system's
NIS password database file for the specified user name, verify that the
given (old) password matches, and update the entry. If the user
specified does not exist, or if the password, UID or GID doesn't match
the information in the password file, the update request is rejected,
and an error returned to the client.
.Pp
After updating the
.Nm master.passwd
file and returning a success
notifications to the client,
.Nm yppasswdd
executes the
.Nm yppwupdate
script that updates the NIS server's
.Nm master.passwd.*
and
.Nm passwd.*
maps. This script invokes
.Nm /var/yp/Makefile
to rebuild the NIS password maps (and propagate them to NIS slave
servers if there are any in the domain).
.Sh OPTIONS
.Bl -tag -width Ds
The following options are available with
.Nm yppasswdd:
.It Fl Ar m master password file
.Nm yppasswdd
server needs to know the location of the
master.passwd file that is to be used to generate updated NIS
password maps. This file is normally kept in
.Nm /var/yp
(it must be owned by root and not world readable for security reasons).
If you move it somewhere else you'll have to tell yppasswdd using the
.Fl m
option. The location of this file is also passed to
.Nm /var/yp/Makefile
when time comes to rebuild the NIS password maps. It is recommended,
however, that you edit
.Nm /var/yp/Makefile
to reflect the new location as well.
When the server is ready to change
a password database entry, it will modify master.passwd, then
call the yppwupdate script, which will in turn call
.Nm /var/yp/Makefile.
.Pp
Without the -m option,
.Nm yppasswdd
expects to use the local
.Nm /etc/master.passwd
file on the NIS master server as the source for
regenerating the password maps (the server will rebuild the local
password databases in this case as well).
.Pp
This is less secure than
using a seperate password database to restrict access to the NIS
master server, but the functionality is provided in the event this
behavior is desired and security is not paramount (such as might be
the case on a closed local network of trusted systems).
Note that you will have to edit
.Nm /var/yp/Makefile
to use
.Nm /etc/master.passwd
instead of
.Nm /var/yp/master.passwd
if you want to use yppasswdd in this way.
.It Fl s
When invoked with the
.Fl s
flag,
.Nm yppasswdd
will allow users to change
the shell field of their NIS password entry. Without it,
.Xr yppasswd 1
will
appear to succeed when a user tries to change shells, but yppasswdd
will not actually alter the password database.
.It Fl f
This flag works just like
.Fl s ,
except it applies to the GECOS or
"fullname" field of a user's NIS password entry instead of the shell field.
Some sites may wish to restrict users' ability to change their shells or
full names for security or administrative reasons, which is why these two
options are provided.
.Sh MISCELLANEOUS
.Ss Logging
.Nm yppasswdd
logs all password update requests to
.Xr syslogd 8
auth facility. The logging information includes the originating host's
IP address and the user name and UID contained in the request. The
user-supplied password itself is not logged.
.Ss Security
Unless I've screwed up completely (as I did with versions prior to
version 0.7),
.Nm yppasswdd
should be as secure or insecure as any
program relying on simple password authentication. If you feel that
this is not enough, you may want to protect
.Nm yppasswdd
from outside
access by using the 'securenets' feature of
.Xr portmap 8
version 3. Better still, use Kerberos.
.Sh NOTES
.Ss FreeBSD changes
Unlike the original
.Nm yppasswdd ,
the FreeBSD version has no support for
John F. Haugh II's shadow password suite. It doesn't need it: 4.4BSD's
password database system already implements shadow passwords.
.Ss Using the yppasswdd server with non-FreeBSD clients
FreeBSD's
.Nm yppasswdd
should work equally well with non-FreeBSD client machines provided a
few small changes are made to
.Nm /var/yp/Makefile.
FreeBSD's passwd.byname and passwd.byuid maps do not contain actual
encrypted passwords (just like FreeBSD's /etc/passwd file): the real
encrypted passwords are kept in master.passwd.byname and
master.passwd.byuid, which FreeBSD's NIS server will only serve to
the superuser on FreeBSD NIS clients (non-privileged users are not
permitted to access these maps). Non-FreeBSD clients will not function
properly in this situation, since they require the password fields in
the passwd.* maps to be valid.
.Pp
To use
.Nm yppasswdd
with non-FreeBSD clients, you will need to edit
.Nm /var/yp/Makefile
and uncomment the line that says 'UNSECURE=True' and run
.Xr make 1 .
This will cause
.Nm /var/yp/Makefile
to generate passwd.* maps with real passwords in them instead of
stripping them out as it does normally.
.Sh FILES
.Bl -tag -width /usr/libexec/yppwupdate -compact
.It Pa /usr/sbin/yppasswdd
The yppasswdd daemon
.It Pa /usr/libexec/yppwupdate
The NIS map update script
.It Pa /var/yp/master.passwd
NIS password map source file
.It Pa /etc/master.passwd
Raw local password database (only used when
.Fl m
option isn't supplied)
.Sh SEE ALSO
.Xr passwd 1 ,
.Xr ypcat 1 ,
.Xr ypchsh 1 ,
.Xr ypchfn 1 ,
.Xr yppasswd 1 ,
.Xr passwd 5 ,
.Xr ypserv 8 ,
.Xr portmap 8 .
.Sh COPYRIGHT
.Nm yppasswdd
is copyright (C) Olaf Kirch. You can use and distribute it
under the GNU General Public License Version 2.
.Sh AUTHOR(S)
.br
Olaf Kirch, <okir@monad.swb.de>
.br
Charles Lopez, <tjarls@infm.ulst.ac.uk> (shadow support)
.br
Bill Paul, <wpaul@ctr.columbia.edu> (port to FreeBSD, various small changes)

201
gnu/usr.sbin/yppasswdd/yppasswdd.c
View File

@ -1,201 +0,0 @@
/*
* yppasswdd
* Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
*
* This program is covered by the GNU General Public License, version 2.
* It is provided in the hope that it is useful. However, the author
* disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
*/
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/ioctl.h>
#include <sys/wait.h>
#include <termios.h>
#include <signal.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdlib.h>
#include <syslog.h>
#include <stdio.h>
#include <string.h>
#include <pwd.h>
#include <rpc/rpc.h>
#include <rpc/pmap_clnt.h>
#include "yppasswd.h"
extern char *optarg;
extern void pw_init __P((void));
static char *program_name = "";
static char *version = "yppsswdd " VERSION;
char *passfile = _PATH_MASTERPASSWD;
int allow_chfn = 0, allow_chsh = 0;
#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr)
#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port)
void yppasswdprog_1( struct svc_req *rqstp, SVCXPRT *transp );
void reaper( int sig );
/*==============================================================*
* RPC dispatch function
*==============================================================*/
void
yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp)
{
union {
yppasswd yppasswdproc_update_1_arg;
} argument;
char *result;
xdrproc_t xdr_argument, xdr_result;
char *(*local)();
switch (rqstp->rq_proc) {
case NULLPROC:
(void)svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL);
return;
case YPPASSWDPROC_UPDATE:
xdr_argument = (xdrproc_t) xdr_yppasswd;
xdr_result = (xdrproc_t) xdr_int;
local = (char *(*)()) yppasswdproc_pwupdate_1;
break;
default:
svcerr_noproc(transp);
return;
}
bzero((char *)&argument, sizeof(argument));
if (!svc_getargs(transp, xdr_argument, &argument)) {
svcerr_decode(transp);
return;
}
result = (*local)(&argument, rqstp);
if (result != NULL
&& !svc_sendreply(transp, (xdrproc_t)xdr_result, result)) {
svcerr_systemerr(transp);
}
if (!svc_freeargs(transp, xdr_argument, &argument)) {
(void)fprintf(stderr, "unable to free arguments\n");
exit(1);
}
}
static void
usage(FILE *fp, int n)
{
fprintf (fp, "usage: %s [-m master password file] [-f] [-s] [-h] [-v]\n", program_name );
exit(n);
}
void
reaper( int sig )
{
extern pid_t pid;
extern int pstat;
pid = waitpid(pid, &pstat, 0);
}
void
install_reaper( int on )
{
struct sigaction act, oact;
if (on) {
act.sa_handler = reaper;
sigemptyset(&act.sa_mask);
act.sa_flags = SA_RESTART;
} else {
act.sa_handler = SIG_DFL;
sigemptyset(&act.sa_mask);
act.sa_flags = SA_RESTART;
}
sigaction( SIGCHLD, &act, &oact );
}
int
main(int argc, char **argv)
{
SVCXPRT *transp;
char *sp;
int opterr;
int c;
program_name = argv[0];
if ((sp = strrchr(program_name, '/')) != NULL) {
program_name = ++sp;
}
/* Parse the command line options and arguments. */
opterr = 0;
while ((c = getopt(argc, argv, "m:fshv")) != EOF)
switch (c) {
case 'm':
passfile = strdup(optarg);
break;
case 'f':
allow_chfn = 1;
break;
case 's':
allow_chsh = 1;
break;
case 'h':
usage (stdout, 0);
break;
case 'v':
printf("%s\n", version);
exit(0);
case 0:
break;
case '?':
default:
usage(stderr, 1);
}
if (daemon(0,0)) {
perror("fork");
exit(1);
}
/*
* We can call this here since it does some necessary setup
* for us (blocking signals, setting resourse limits, etc.
*/
pw_init();
/* Initialize logging.
*/
openlog ( "yppasswdd", LOG_PID, LOG_AUTH );
/* Register a signal handler to reap children after they terminated
*/
install_reaper(1);
/*
* Create the RPC server
*/
(void)pmap_unset(YPPASSWDPROG, YPPASSWDVERS);
transp = svcudp_create(RPC_ANYSOCK);
if (transp == NULL) {
(void)fprintf(stderr, "cannot create udp service.\n");
exit(1);
}
if (!svc_register(transp, YPPASSWDPROG, YPPASSWDVERS, yppasswdprog_1,
IPPROTO_UDP)) {
(void)fprintf(stderr, "unable to register yppaswdd udp service.\n");
exit(1);
}
/*
* Run the server
*/
svc_run();
(void)fprintf(stderr, "svc_run returned\n");
return 1;
}

27
gnu/usr.sbin/yppasswdd/yppwupdate
View File

@ -1,27 +0,0 @@
#!/bin/sh
#
# This script is invoked by yppasswdd to update the password
# maps after the master password file has been modified.
# Comment out the LOG=yes line to disable logging.
#
LOG=yes
LOGFILE=/var/yp/ypupdate.log
umask 077
if [ ! -f $LOGFILE ];
then
/usr/bin/touch $LOGFILE
echo "# Edit /usr/libexec/yppwupdate to disable" >> $LOGFILE
echo "# logging to this file from yppasswdd." >> $LOGFILE
echo -n "# Log started on: " >> $LOGFILE
/bin/date >> $LOGFILE
fi
if [ ! $LOG ];
then
cd /var/yp; /usr/bin/make MASTER_PASSWD=$1
else
cd /var/yp; /usr/bin/make MASTER_PASSWD=$1 >> $LOGFILE
fi