yp_passwd.c revision 1.15.2.1
1 1.15.2.1 mellon /* $NetBSD: yp_passwd.c,v 1.15.2.1 1997/11/26 04:21:38 mellon Exp $ */ 2 1.9 thorpej 3 1.1 brezak /* 4 1.11 tls * Copyright (c) 1988, 1990, 1993, 1994 5 1.11 tls * The Regents of the University of California. All rights reserved. 6 1.1 brezak * 7 1.1 brezak * Redistribution and use in source and binary forms, with or without 8 1.1 brezak * modification, are permitted provided that the following conditions 9 1.1 brezak * are met: 10 1.1 brezak * 1. Redistributions of source code must retain the above copyright 11 1.1 brezak * notice, this list of conditions and the following disclaimer. 12 1.1 brezak * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 brezak * notice, this list of conditions and the following disclaimer in the 14 1.1 brezak * documentation and/or other materials provided with the distribution. 15 1.1 brezak * 3. All advertising materials mentioning features or use of this software 16 1.1 brezak * must display the following acknowledgement: 17 1.1 brezak * This product includes software developed by the University of 18 1.1 brezak * California, Berkeley and its contributors. 19 1.1 brezak * 4. Neither the name of the University nor the names of its contributors 20 1.1 brezak * may be used to endorse or promote products derived from this software 21 1.1 brezak * without specific prior written permission. 22 1.1 brezak * 23 1.1 brezak * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 1.1 brezak * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.1 brezak * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.1 brezak * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 1.1 brezak * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.1 brezak * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.1 brezak * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.1 brezak * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.1 brezak * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.1 brezak * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.1 brezak * SUCH DAMAGE. 34 1.1 brezak */ 35 1.9 thorpej 36 1.15 lukem #include <sys/cdefs.h> 37 1.1 brezak #ifndef lint 38 1.9 thorpej #if 0 39 1.11 tls static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; 40 1.9 thorpej #else 41 1.15.2.1 mellon __RCSID("$NetBSD: yp_passwd.c,v 1.15.2.1 1997/11/26 04:21:38 mellon Exp $"); 42 1.9 thorpej #endif 43 1.1 brezak #endif /* not lint */ 44 1.1 brezak 45 1.1 brezak #ifdef YP 46 1.1 brezak 47 1.15 lukem #include <ctype.h> 48 1.9 thorpej #include <err.h> 49 1.15 lukem #include <errno.h> 50 1.15 lukem #include <netdb.h> 51 1.15 lukem #include <pwd.h> 52 1.1 brezak #include <stdio.h> 53 1.15 lukem #include <stdlib.h> 54 1.1 brezak #include <string.h> 55 1.1 brezak #include <time.h> 56 1.15 lukem #include <unistd.h> 57 1.15 lukem 58 1.1 brezak #include <rpc/rpc.h> 59 1.1 brezak #include <rpcsvc/yp_prot.h> 60 1.1 brezak #include <rpcsvc/ypclnt.h> 61 1.15 lukem 62 1.15 lukem #include "extern.h" 63 1.15 lukem 64 1.1 brezak #define passwd yp_passwd_rec 65 1.1 brezak #include <rpcsvc/yppasswd.h> 66 1.1 brezak #undef passwd 67 1.4 deraadt 68 1.1 brezak #ifndef _PASSWORD_LEN 69 1.1 brezak #define _PASSWORD_LEN PASS_MAX 70 1.1 brezak #endif 71 1.4 deraadt 72 1.9 thorpej extern char *__progname; /* from crt0.o */ 73 1.9 thorpej 74 1.10 thorpej extern int yflag, yppwd; 75 1.10 thorpej 76 1.15 lukem static char *getnewpasswd __P((struct passwd *, char **)); 77 1.15 lukem static struct passwd *interpret __P((struct passwd *, char *)); 78 1.15 lukem static struct passwd *ypgetpwnam __P((char *)); 79 1.15 lukem static void pw_error __P((char *, int, int)); 80 1.15.2.1 mellon static void test_local __P((char *)); 81 1.1 brezak 82 1.1 brezak static uid_t uid; 83 1.1 brezak char *domain; 84 1.1 brezak 85 1.15 lukem static void 86 1.4 deraadt pw_error(name, err, eval) 87 1.4 deraadt char *name; 88 1.4 deraadt int err, eval; 89 1.4 deraadt { 90 1.15 lukem if (err) 91 1.15 lukem warn("%s", name ? name : ""); 92 1.9 thorpej errx(eval, "YP passwd database unchanged"); 93 1.4 deraadt } 94 1.4 deraadt 95 1.15.2.1 mellon static void 96 1.15.2.1 mellon test_local(username) 97 1.15.2.1 mellon char *username; 98 1.15.2.1 mellon { 99 1.15.2.1 mellon /* 100 1.15.2.1 mellon * Something failed recoverably stating that the YP system couldn't 101 1.15.2.1 mellon * find this user. Look for a local passwd entry, and change that 102 1.15.2.1 mellon * if and only if we weren't run as yppasswd or with the -y option. 103 1.15.2.1 mellon * This function does not return if a local entry is found. 104 1.15.2.1 mellon */ 105 1.15.2.1 mellon if (yppwd == 0 && yflag == 0) 106 1.15.2.1 mellon if ((getpwnam(username) != NULL) && !local_passwd(username)) 107 1.15.2.1 mellon exit(0); 108 1.15.2.1 mellon } 109 1.15.2.1 mellon 110 1.9 thorpej int 111 1.5 deraadt yp_passwd(username) 112 1.5 deraadt char *username; 113 1.1 brezak { 114 1.4 deraadt char *master; 115 1.4 deraadt int r, rpcport, status; 116 1.4 deraadt struct yppasswd yppasswd; 117 1.4 deraadt struct passwd *pw; 118 1.1 brezak struct timeval tv; 119 1.1 brezak CLIENT *client; 120 1.4 deraadt 121 1.4 deraadt uid = getuid(); 122 1.4 deraadt 123 1.4 deraadt /* 124 1.4 deraadt * Get local domain 125 1.4 deraadt */ 126 1.15 lukem if ((r = yp_get_default_domain(&domain)) != NULL) 127 1.9 thorpej errx(1, "can't get local YP domain. Reason: %s", 128 1.9 thorpej yperr_string(r)); 129 1.4 deraadt 130 1.4 deraadt /* 131 1.4 deraadt * Find the host for the passwd map; it should be running 132 1.4 deraadt * the daemon. 133 1.4 deraadt */ 134 1.15.2.1 mellon if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { 135 1.15.2.1 mellon test_local(username); 136 1.9 thorpej errx(1, "can't find the master YP server. Reason: %s", 137 1.9 thorpej yperr_string(r)); 138 1.15.2.1 mellon } 139 1.1 brezak 140 1.4 deraadt /* 141 1.4 deraadt * Ask the portmapper for the port of the daemon. 142 1.4 deraadt */ 143 1.4 deraadt if ((rpcport = getrpcport(master, YPPASSWDPROG, 144 1.10 thorpej YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { 145 1.15.2.1 mellon test_local(username); 146 1.9 thorpej errx(1, "master YP server not running yppasswd daemon.\n\t%s\n", 147 1.9 thorpej "Can't change password."); 148 1.10 thorpej } 149 1.1 brezak 150 1.4 deraadt /* 151 1.4 deraadt * Be sure the port is priviledged 152 1.4 deraadt */ 153 1.9 thorpej if (rpcport >= IPPORT_RESERVED) 154 1.9 thorpej errx(1, "yppasswd daemon is on an invalid port."); 155 1.4 deraadt 156 1.4 deraadt /* Get user's login identity */ 157 1.15.2.1 mellon if (!(pw = ypgetpwnam(username))) { 158 1.15.2.1 mellon test_local(username); 159 1.9 thorpej errx(1, "unknown user %s", username); 160 1.15.2.1 mellon } 161 1.9 thorpej 162 1.9 thorpej if (uid && uid != pw->pw_uid) 163 1.9 thorpej errx(1, "you may only change your own password: %s", 164 1.9 thorpej strerror(EACCES)); 165 1.1 brezak 166 1.4 deraadt /* prompt for new password */ 167 1.4 deraadt yppasswd.newpw.pw_passwd = getnewpasswd(pw, &yppasswd.oldpass); 168 1.1 brezak 169 1.4 deraadt /* tell rpc.yppasswdd */ 170 1.4 deraadt yppasswd.newpw.pw_name = pw->pw_name; 171 1.4 deraadt yppasswd.newpw.pw_uid = pw->pw_uid; 172 1.4 deraadt yppasswd.newpw.pw_gid = pw->pw_gid; 173 1.4 deraadt yppasswd.newpw.pw_gecos = pw->pw_gecos; 174 1.4 deraadt yppasswd.newpw.pw_dir = pw->pw_dir; 175 1.4 deraadt yppasswd.newpw.pw_shell = pw->pw_shell; 176 1.15.2.1 mellon 177 1.4 deraadt client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); 178 1.4 deraadt if (client==NULL) { 179 1.9 thorpej warnx("cannot contact yppasswdd on %s: Reason: %s", 180 1.5 deraadt master, yperr_string(YPERR_YPBIND)); 181 1.4 deraadt return(YPERR_YPBIND); 182 1.4 deraadt } 183 1.9 thorpej 184 1.4 deraadt client->cl_auth = authunix_create_default(); 185 1.4 deraadt tv.tv_sec = 2; 186 1.4 deraadt tv.tv_usec = 0; 187 1.4 deraadt r = clnt_call(client, YPPASSWDPROC_UPDATE, 188 1.9 thorpej xdr_yppasswd, &yppasswd, xdr_int, &status, tv); 189 1.4 deraadt if (r) 190 1.9 thorpej errx(1, "rpc to yppasswdd failed."); 191 1.4 deraadt else if (status) 192 1.4 deraadt printf("Couldn't change YP password.\n"); 193 1.4 deraadt else 194 1.9 thorpej printf("The YP password has been changed on %s, %s\n", 195 1.9 thorpej master, "the master YP passwd server."); 196 1.4 deraadt exit(0); 197 1.1 brezak } 198 1.1 brezak 199 1.1 brezak static char * 200 1.1 brezak getnewpasswd(pw, old_pass) 201 1.11 tls struct passwd *pw; 202 1.4 deraadt char **old_pass; 203 1.1 brezak { 204 1.11 tls int tries; 205 1.11 tls char *p, *t; 206 1.4 deraadt static char buf[_PASSWORD_LEN+1]; 207 1.15 lukem char salt[9]; 208 1.4 deraadt 209 1.2 brezak (void)printf("Changing YP password for %s.\n", pw->pw_name); 210 1.1 brezak 211 1.6 deraadt if (old_pass) { 212 1.4 deraadt *old_pass = NULL; 213 1.4 deraadt 214 1.8 phil if (pw->pw_passwd[0]) { 215 1.8 phil if (strcmp(crypt(p = getpass("Old password:"), 216 1.8 phil pw->pw_passwd), pw->pw_passwd)) { 217 1.4 deraadt errno = EACCES; 218 1.4 deraadt pw_error(NULL, 1, 1); 219 1.8 phil } 220 1.7 phil } else { 221 1.7 phil p = ""; 222 1.4 deraadt } 223 1.7 phil 224 1.4 deraadt *old_pass = strdup(p); 225 1.4 deraadt } 226 1.1 brezak for (buf[0] = '\0', tries = 0;;) { 227 1.1 brezak p = getpass("New password:"); 228 1.1 brezak if (!*p) { 229 1.1 brezak (void)printf("Password unchanged.\n"); 230 1.1 brezak pw_error(NULL, 0, 0); 231 1.1 brezak } 232 1.4 deraadt if (strlen(p) <= 5 && ++tries < 2) { 233 1.1 brezak (void)printf("Please enter a longer password.\n"); 234 1.1 brezak continue; 235 1.1 brezak } 236 1.1 brezak for (t = p; *t && islower(*t); ++t); 237 1.4 deraadt if (!*t && ++tries < 2) { 238 1.13 thorpej (void)printf("Please don't use an all-lower case " 239 1.13 thorpej "password.\nUnusual capitalization, " 240 1.13 thorpej "control characters or digits are " 241 1.13 thorpej "suggested.\n"); 242 1.1 brezak continue; 243 1.1 brezak } 244 1.12 mrg (void)strncpy(buf, p, sizeof(buf) - 1); 245 1.1 brezak if (!strcmp(buf, getpass("Retype new password:"))) 246 1.1 brezak break; 247 1.1 brezak (void)printf("Mismatch; try again, EOF to quit.\n"); 248 1.1 brezak } 249 1.1 brezak /* grab a random printable character that isn't a colon */ 250 1.1 brezak (void)srandom((int)time((time_t *)NULL)); 251 1.1 brezak #ifdef NEWSALT 252 1.1 brezak salt[0] = _PASSWORD_EFMT1; 253 1.1 brezak to64(&salt[1], (long)(29 * 25), 4); 254 1.1 brezak to64(&salt[5], random(), 4); 255 1.1 brezak #else 256 1.1 brezak to64(&salt[0], random(), 2); 257 1.1 brezak #endif 258 1.1 brezak return(strdup(crypt(buf, salt))); 259 1.1 brezak } 260 1.1 brezak 261 1.1 brezak static char * 262 1.14 lukem pwskip(char *p) 263 1.1 brezak { 264 1.1 brezak while (*p && *p != ':' && *p != '\n') 265 1.1 brezak ++p; 266 1.1 brezak if (*p) 267 1.1 brezak *p++ = 0; 268 1.1 brezak return (p); 269 1.1 brezak } 270 1.1 brezak 271 1.15 lukem static struct passwd * 272 1.15 lukem interpret(pwent, line) 273 1.15 lukem struct passwd *pwent; 274 1.15 lukem char *line; 275 1.1 brezak { 276 1.14 lukem char *p = line; 277 1.1 brezak 278 1.4 deraadt pwent->pw_passwd = "*"; 279 1.4 deraadt pwent->pw_uid = 0; 280 1.4 deraadt pwent->pw_gid = 0; 281 1.4 deraadt pwent->pw_gecos = ""; 282 1.4 deraadt pwent->pw_dir = ""; 283 1.4 deraadt pwent->pw_shell = ""; 284 1.1 brezak pwent->pw_change = 0; 285 1.1 brezak pwent->pw_expire = 0; 286 1.1 brezak pwent->pw_class = ""; 287 1.4 deraadt 288 1.4 deraadt /* line without colon separators is no good, so ignore it */ 289 1.4 deraadt if(!strchr(p,':')) 290 1.4 deraadt return(NULL); 291 1.1 brezak 292 1.1 brezak pwent->pw_name = p; 293 1.1 brezak p = pwskip(p); 294 1.1 brezak pwent->pw_passwd = p; 295 1.1 brezak p = pwskip(p); 296 1.1 brezak pwent->pw_uid = (uid_t)strtoul(p, NULL, 10); 297 1.1 brezak p = pwskip(p); 298 1.1 brezak pwent->pw_gid = (gid_t)strtoul(p, NULL, 10); 299 1.1 brezak p = pwskip(p); 300 1.1 brezak pwent->pw_gecos = p; 301 1.1 brezak p = pwskip(p); 302 1.1 brezak pwent->pw_dir = p; 303 1.1 brezak p = pwskip(p); 304 1.1 brezak pwent->pw_shell = p; 305 1.1 brezak while (*p && *p != '\n') 306 1.1 brezak p++; 307 1.1 brezak *p = '\0'; 308 1.1 brezak return (pwent); 309 1.1 brezak } 310 1.1 brezak 311 1.1 brezak static struct passwd * 312 1.1 brezak ypgetpwnam(nam) 313 1.4 deraadt char *nam; 314 1.1 brezak { 315 1.4 deraadt static struct passwd pwent; 316 1.4 deraadt static char line[1024]; 317 1.4 deraadt char *val; 318 1.4 deraadt int reason, vallen; 319 1.4 deraadt 320 1.14 lukem val = NULL; 321 1.4 deraadt reason = yp_match(domain, "passwd.byname", nam, strlen(nam), 322 1.4 deraadt &val, &vallen); 323 1.14 lukem if (reason != 0) { 324 1.14 lukem if (val != NULL) 325 1.14 lukem free(val); 326 1.4 deraadt return (NULL); 327 1.4 deraadt } 328 1.4 deraadt val[vallen] = '\0'; 329 1.12 mrg (void)strncpy(line, val, sizeof(line) - 1); 330 1.4 deraadt free(val); 331 1.1 brezak 332 1.4 deraadt return(interpret(&pwent, line)); 333 1.1 brezak } 334 1.1 brezak 335 1.1 brezak #endif /* YP */ 336
Indexes created Mon Oct 27 20:09:55 GMT 2025