yp_passwd.c revision 1.22.4.1
1 1.22.4.1 he /* $NetBSD: yp_passwd.c,v 1.22.4.1 2002/02/26 22:09:34 he Exp $ */ 2 1.9 thorpej 3 1.1 brezak /* 4 1.11 tls * Copyright (c) 1988, 1990, 1993, 1994 5 1.11 tls * The Regents of the University of California. All rights reserved. 6 1.1 brezak * 7 1.1 brezak * Redistribution and use in source and binary forms, with or without 8 1.1 brezak * modification, are permitted provided that the following conditions 9 1.1 brezak * are met: 10 1.1 brezak * 1. Redistributions of source code must retain the above copyright 11 1.1 brezak * notice, this list of conditions and the following disclaimer. 12 1.1 brezak * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 brezak * notice, this list of conditions and the following disclaimer in the 14 1.1 brezak * documentation and/or other materials provided with the distribution. 15 1.1 brezak * 3. All advertising materials mentioning features or use of this software 16 1.1 brezak * must display the following acknowledgement: 17 1.1 brezak * This product includes software developed by the University of 18 1.1 brezak * California, Berkeley and its contributors. 19 1.1 brezak * 4. Neither the name of the University nor the names of its contributors 20 1.1 brezak * may be used to endorse or promote products derived from this software 21 1.1 brezak * without specific prior written permission. 22 1.1 brezak * 23 1.1 brezak * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 1.1 brezak * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.1 brezak * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.1 brezak * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 1.1 brezak * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.1 brezak * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.1 brezak * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.1 brezak * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.1 brezak * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.1 brezak * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.1 brezak * SUCH DAMAGE. 34 1.1 brezak */ 35 1.9 thorpej 36 1.15 lukem #include <sys/cdefs.h> 37 1.1 brezak #ifndef lint 38 1.9 thorpej #if 0 39 1.11 tls static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; 40 1.9 thorpej #else 41 1.22.4.1 he __RCSID("$NetBSD: yp_passwd.c,v 1.22.4.1 2002/02/26 22:09:34 he Exp $"); 42 1.9 thorpej #endif 43 1.1 brezak #endif /* not lint */ 44 1.1 brezak 45 1.1 brezak #ifdef YP 46 1.1 brezak 47 1.15 lukem #include <ctype.h> 48 1.9 thorpej #include <err.h> 49 1.15 lukem #include <errno.h> 50 1.15 lukem #include <netdb.h> 51 1.15 lukem #include <pwd.h> 52 1.1 brezak #include <stdio.h> 53 1.15 lukem #include <stdlib.h> 54 1.1 brezak #include <string.h> 55 1.1 brezak #include <time.h> 56 1.15 lukem #include <unistd.h> 57 1.15 lukem 58 1.1 brezak #include <rpc/rpc.h> 59 1.1 brezak #include <rpcsvc/yp_prot.h> 60 1.1 brezak #include <rpcsvc/ypclnt.h> 61 1.15 lukem 62 1.15 lukem #include "extern.h" 63 1.15 lukem 64 1.1 brezak #define passwd yp_passwd_rec 65 1.1 brezak #include <rpcsvc/yppasswd.h> 66 1.1 brezak #undef passwd 67 1.4 deraadt 68 1.1 brezak #ifndef _PASSWORD_LEN 69 1.1 brezak #define _PASSWORD_LEN PASS_MAX 70 1.1 brezak #endif 71 1.4 deraadt 72 1.9 thorpej extern char *__progname; /* from crt0.o */ 73 1.9 thorpej 74 1.22 aidan static int yflag; 75 1.10 thorpej 76 1.15 lukem static char *getnewpasswd __P((struct passwd *, char **)); 77 1.22 aidan static int ypgetpwnam __P((const char *)); 78 1.15 lukem static void pw_error __P((char *, int, int)); 79 1.1 brezak 80 1.1 brezak static uid_t uid; 81 1.1 brezak char *domain; 82 1.1 brezak 83 1.15 lukem static void 84 1.4 deraadt pw_error(name, err, eval) 85 1.4 deraadt char *name; 86 1.4 deraadt int err, eval; 87 1.4 deraadt { 88 1.17 mrg 89 1.15 lukem if (err) 90 1.18 mrg warn("%s", name); 91 1.9 thorpej errx(eval, "YP passwd database unchanged"); 92 1.4 deraadt } 93 1.4 deraadt 94 1.22 aidan int 95 1.22 aidan yp_init(progname) 96 1.22 aidan const char *progname; 97 1.22 aidan { 98 1.22 aidan int yppwd; 99 1.22 aidan 100 1.22 aidan if (strcmp(progname, "yppasswd") == 0) { 101 1.22 aidan yppwd = 1; 102 1.22 aidan } else 103 1.22 aidan yppwd = 0; 104 1.22 aidan yflag = 0; 105 1.22 aidan if (_yp_check(NULL) == 0) { 106 1.22 aidan /* can't use YP. */ 107 1.22 aidan if (yppwd) 108 1.22 aidan errx(1, "YP not in use."); 109 1.22 aidan return(-1); 110 1.22 aidan } 111 1.22 aidan return (0); 112 1.22 aidan } 113 1.22 aidan 114 1.22 aidan int 115 1.22 aidan yp_arg(ch, arg) 116 1.22 aidan char ch; 117 1.22 aidan const char *arg; 118 1.22 aidan { 119 1.22 aidan switch (ch) { 120 1.22 aidan case 'y': 121 1.22 aidan yflag = 1; 122 1.22 aidan break; 123 1.22 aidan default: 124 1.22 aidan return(0); 125 1.22 aidan } 126 1.22 aidan return(1); 127 1.22 aidan } 128 1.22 aidan 129 1.22 aidan int 130 1.22 aidan yp_arg_end() 131 1.16 tv { 132 1.22 aidan if (yflag) 133 1.22 aidan return (PW_USE_FORCE); 134 1.22 aidan return (PW_USE); 135 1.22 aidan } 136 1.17 mrg 137 1.22 aidan void 138 1.22 aidan yp_end() 139 1.22 aidan { 140 1.22 aidan /* NOOP */ 141 1.16 tv } 142 1.16 tv 143 1.9 thorpej int 144 1.22 aidan yp_chpw(username) 145 1.22 aidan const char *username; 146 1.1 brezak { 147 1.4 deraadt char *master; 148 1.4 deraadt int r, rpcport, status; 149 1.4 deraadt struct yppasswd yppasswd; 150 1.4 deraadt struct passwd *pw; 151 1.1 brezak struct timeval tv; 152 1.1 brezak CLIENT *client; 153 1.21 mjl 154 1.4 deraadt uid = getuid(); 155 1.4 deraadt 156 1.4 deraadt /* 157 1.4 deraadt * Get local domain 158 1.4 deraadt */ 159 1.22 aidan if ((r = yp_get_default_domain(&domain)) != 0) 160 1.9 thorpej errx(1, "can't get local YP domain. Reason: %s", 161 1.9 thorpej yperr_string(r)); 162 1.4 deraadt 163 1.4 deraadt /* 164 1.4 deraadt * Find the host for the passwd map; it should be running 165 1.4 deraadt * the daemon. 166 1.4 deraadt */ 167 1.16 tv if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { 168 1.22 aidan warnx("can't find the master YP server. Reason: %s", 169 1.9 thorpej yperr_string(r)); 170 1.22 aidan /* continuation */ 171 1.22 aidan return(-1); 172 1.16 tv } 173 1.1 brezak 174 1.4 deraadt /* 175 1.4 deraadt * Ask the portmapper for the port of the daemon. 176 1.4 deraadt */ 177 1.4 deraadt if ((rpcport = getrpcport(master, YPPASSWDPROG, 178 1.10 thorpej YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { 179 1.22 aidan warnx("master YP server not running yppasswd daemon.\n\t%s\n", 180 1.22 aidan "Can't change YP password."); 181 1.22 aidan /* continuation */ 182 1.22 aidan return(-1); 183 1.10 thorpej } 184 1.1 brezak 185 1.4 deraadt /* 186 1.20 simonb * Be sure the port is privileged 187 1.4 deraadt */ 188 1.9 thorpej if (rpcport >= IPPORT_RESERVED) 189 1.9 thorpej errx(1, "yppasswd daemon is on an invalid port."); 190 1.4 deraadt 191 1.21 mjl /* Bail out if this is a local (non-yp) user, */ 192 1.21 mjl /* then get user's login identity */ 193 1.21 mjl if (!ypgetpwnam(username) || 194 1.21 mjl !(pw = getpwnam(username))) { 195 1.22 aidan warnx("YP unknown user %s", username); 196 1.22 aidan /* continuation */ 197 1.22 aidan return(-1); 198 1.16 tv } 199 1.9 thorpej 200 1.9 thorpej if (uid && uid != pw->pw_uid) 201 1.9 thorpej errx(1, "you may only change your own password: %s", 202 1.9 thorpej strerror(EACCES)); 203 1.1 brezak 204 1.4 deraadt /* prompt for new password */ 205 1.4 deraadt yppasswd.newpw.pw_passwd = getnewpasswd(pw, &yppasswd.oldpass); 206 1.1 brezak 207 1.4 deraadt /* tell rpc.yppasswdd */ 208 1.19 mycroft yppasswd.newpw.pw_name = strdup(pw->pw_name); 209 1.4 deraadt yppasswd.newpw.pw_uid = pw->pw_uid; 210 1.4 deraadt yppasswd.newpw.pw_gid = pw->pw_gid; 211 1.19 mycroft yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos); 212 1.19 mycroft yppasswd.newpw.pw_dir = strdup(pw->pw_dir); 213 1.19 mycroft yppasswd.newpw.pw_shell = strdup(pw->pw_shell); 214 1.16 tv 215 1.4 deraadt client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); 216 1.17 mrg if (client == NULL) { 217 1.9 thorpej warnx("cannot contact yppasswdd on %s: Reason: %s", 218 1.5 deraadt master, yperr_string(YPERR_YPBIND)); 219 1.17 mrg return (YPERR_YPBIND); 220 1.4 deraadt } 221 1.9 thorpej 222 1.4 deraadt client->cl_auth = authunix_create_default(); 223 1.4 deraadt tv.tv_sec = 2; 224 1.4 deraadt tv.tv_usec = 0; 225 1.4 deraadt r = clnt_call(client, YPPASSWDPROC_UPDATE, 226 1.9 thorpej xdr_yppasswd, &yppasswd, xdr_int, &status, tv); 227 1.4 deraadt if (r) 228 1.9 thorpej errx(1, "rpc to yppasswdd failed."); 229 1.4 deraadt else if (status) 230 1.4 deraadt printf("Couldn't change YP password.\n"); 231 1.4 deraadt else 232 1.9 thorpej printf("The YP password has been changed on %s, %s\n", 233 1.9 thorpej master, "the master YP passwd server."); 234 1.22 aidan return(0); 235 1.1 brezak } 236 1.1 brezak 237 1.1 brezak static char * 238 1.1 brezak getnewpasswd(pw, old_pass) 239 1.11 tls struct passwd *pw; 240 1.4 deraadt char **old_pass; 241 1.1 brezak { 242 1.11 tls int tries; 243 1.11 tls char *p, *t; 244 1.4 deraadt static char buf[_PASSWORD_LEN+1]; 245 1.22.4.1 he char salt[_PASSWORD_LEN+1]; 246 1.22.4.1 he 247 1.2 brezak (void)printf("Changing YP password for %s.\n", pw->pw_name); 248 1.1 brezak 249 1.6 deraadt if (old_pass) { 250 1.4 deraadt *old_pass = NULL; 251 1.4 deraadt 252 1.8 phil if (pw->pw_passwd[0]) { 253 1.8 phil if (strcmp(crypt(p = getpass("Old password:"), 254 1.8 phil pw->pw_passwd), pw->pw_passwd)) { 255 1.18 mrg (void)printf("Sorry.\n"); 256 1.18 mrg pw_error(NULL, 0, 1); 257 1.8 phil } 258 1.7 phil } else { 259 1.7 phil p = ""; 260 1.4 deraadt } 261 1.7 phil 262 1.4 deraadt *old_pass = strdup(p); 263 1.4 deraadt } 264 1.1 brezak for (buf[0] = '\0', tries = 0;;) { 265 1.1 brezak p = getpass("New password:"); 266 1.1 brezak if (!*p) { 267 1.1 brezak (void)printf("Password unchanged.\n"); 268 1.1 brezak pw_error(NULL, 0, 0); 269 1.1 brezak } 270 1.4 deraadt if (strlen(p) <= 5 && ++tries < 2) { 271 1.1 brezak (void)printf("Please enter a longer password.\n"); 272 1.1 brezak continue; 273 1.1 brezak } 274 1.1 brezak for (t = p; *t && islower(*t); ++t); 275 1.4 deraadt if (!*t && ++tries < 2) { 276 1.13 thorpej (void)printf("Please don't use an all-lower case " 277 1.13 thorpej "password.\nUnusual capitalization, " 278 1.13 thorpej "control characters or digits are " 279 1.13 thorpej "suggested.\n"); 280 1.1 brezak continue; 281 1.1 brezak } 282 1.12 mrg (void)strncpy(buf, p, sizeof(buf) - 1); 283 1.1 brezak if (!strcmp(buf, getpass("Retype new password:"))) 284 1.1 brezak break; 285 1.1 brezak (void)printf("Mismatch; try again, EOF to quit.\n"); 286 1.1 brezak } 287 1.22.4.1 he 288 1.22.4.1 he if(!pwd_gensalt(salt, _PASSWORD_LEN, pw, 'y' )) { 289 1.22.4.1 he (void)printf("Couldn't generate salt.\n"); 290 1.22.4.1 he pw_error(NULL, 0, 0); 291 1.22.4.1 he } 292 1.1 brezak return(strdup(crypt(buf, salt))); 293 1.1 brezak } 294 1.1 brezak 295 1.21 mjl static int 296 1.1 brezak ypgetpwnam(nam) 297 1.22 aidan const char *nam; 298 1.1 brezak { 299 1.4 deraadt char *val; 300 1.4 deraadt int reason, vallen; 301 1.4 deraadt 302 1.14 lukem val = NULL; 303 1.4 deraadt reason = yp_match(domain, "passwd.byname", nam, strlen(nam), 304 1.4 deraadt &val, &vallen); 305 1.14 lukem if (reason != 0) { 306 1.14 lukem if (val != NULL) 307 1.14 lukem free(val); 308 1.21 mjl return 0; 309 1.4 deraadt } 310 1.4 deraadt free(val); 311 1.21 mjl return 1; 312 1.1 brezak } 313 1.1 brezak 314 1.1 brezak #endif /* YP */ 315
Indexes created Thu Oct 30 16:09:53 GMT 2025