Home | History | Annotate | Line # | Download | only in passwd
yp_passwd.c revision 1.25 
      1 /*	$NetBSD: yp_passwd.c,v 1.25 2002/11/16 04:41:50 itojun Exp $	*/
      2 
      3 /*
      4  * Copyright (c) 1988, 1990, 1993, 1994
      5  *	The Regents of the University of California.  All rights reserved.
      6  *
      7  * Redistribution and use in source and binary forms, with or without
      8  * modification, are permitted provided that the following conditions
      9  * are met:
     10  * 1. Redistributions of source code must retain the above copyright
     11  *    notice, this list of conditions and the following disclaimer.
     12  * 2. Redistributions in binary form must reproduce the above copyright
     13  *    notice, this list of conditions and the following disclaimer in the
     14  *    documentation and/or other materials provided with the distribution.
     15  * 3. All advertising materials mentioning features or use of this software
     16  *    must display the following acknowledgement:
     17  *	This product includes software developed by the University of
     18  *	California, Berkeley and its contributors.
     19  * 4. Neither the name of the University nor the names of its contributors
     20  *    may be used to endorse or promote products derived from this software
     21  *    without specific prior written permission.
     22  *
     23  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
     24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
     27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     33  * SUCH DAMAGE.
     34  */
     35 
     36 #include <sys/cdefs.h>
     37 #ifndef lint
     38 #if 0
     39 static char sccsid[] = "from:  @(#)local_passwd.c    8.3 (Berkeley) 4/2/94";
     40 #else
     41 __RCSID("$NetBSD: yp_passwd.c,v 1.25 2002/11/16 04:41:50 itojun Exp $");
     42 #endif
     43 #endif /* not lint */
     44 
     45 #ifdef	YP
     46 
     47 #include <ctype.h>
     48 #include <err.h>
     49 #include <errno.h>
     50 #include <netdb.h>
     51 #include <pwd.h>
     52 #include <stdio.h>
     53 #include <stdlib.h>
     54 #include <string.h>
     55 #include <time.h>
     56 #include <unistd.h>
     57 
     58 #include <rpc/rpc.h>
     59 #include <rpcsvc/yp_prot.h>
     60 #include <rpcsvc/ypclnt.h>
     61 
     62 #include "extern.h"
     63 
     64 #define passwd yp_passwd_rec
     65 #include <rpcsvc/yppasswd.h>
     66 #undef passwd
     67 
     68 #ifndef _PASSWORD_LEN
     69 #define _PASSWORD_LEN PASS_MAX
     70 #endif
     71 
     72 static	int yflag;
     73 
     74 static	char		*getnewpasswd __P((struct passwd *, char **));
     75 static	int		 ypgetpwnam __P((const char *));
     76 static	void		 pw_error __P((char *, int, int));
     77 
     78 static uid_t uid;
     79 char *domain;
     80 
     81 static void
     82 pw_error(name, err, eval)
     83 	char *name;
     84 	int err, eval;
     85 {
     86 
     87 	if (err)
     88 		warn("%s", name);
     89 	errx(eval, "YP passwd database unchanged");
     90 }
     91 
     92 int
     93 yp_init(progname)
     94 	const char *progname;
     95 {
     96 	int yppwd;
     97 
     98 	if (strcmp(progname, "yppasswd") == 0) {
     99 		yppwd = 1;
    100 	} else
    101 		yppwd = 0;
    102 	yflag = 0;
    103 	if (_yp_check(NULL) == 0) {
    104 		/* can't use YP. */
    105 		if (yppwd)
    106 			errx(1, "YP not in use.");
    107 		return(-1);
    108 	}
    109 	return (0);
    110 }
    111 
    112 int
    113 yp_arg(ch, arg)
    114 	char ch;
    115 	const char *arg;
    116 {
    117 	switch (ch) {
    118 	case 'y':
    119 		yflag = 1;
    120 		break;
    121 	default:
    122 		return(0);
    123 	}
    124 	return(1);
    125 }
    126 
    127 int
    128 yp_arg_end()
    129 {
    130 	if (yflag)
    131 		return (PW_USE_FORCE);
    132 	return (PW_USE);
    133 }
    134 
    135 void
    136 yp_end()
    137 {
    138 	/* NOOP */
    139 }
    140 
    141 int
    142 yp_chpw(username)
    143 	const char *username;
    144 {
    145 	char *master;
    146 	int r, rpcport, status;
    147 	struct yppasswd yppasswd;
    148 	struct passwd *pw;
    149 	struct timeval tv;
    150 	CLIENT *client;
    151 
    152 	uid = getuid();
    153 
    154 	/*
    155 	 * Get local domain
    156 	 */
    157 	if ((r = yp_get_default_domain(&domain)) != 0)
    158 		errx(1, "can't get local YP domain.  Reason: %s",
    159 		    yperr_string(r));
    160 
    161 	/*
    162 	 * Find the host for the passwd map; it should be running
    163 	 * the daemon.
    164 	 */
    165 	if ((r = yp_master(domain, "passwd.byname", &master)) != 0) {
    166 		warnx("can't find the master YP server.  Reason: %s",
    167 		    yperr_string(r));
    168 		/* continuation */
    169 		return(-1);
    170 	}
    171 
    172 	/*
    173 	 * Ask the portmapper for the port of the daemon.
    174 	 */
    175 	if ((rpcport = getrpcport(master, YPPASSWDPROG,
    176 	    YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) {
    177 		warnx("master YP server not running yppasswd daemon.\n\t%s\n",
    178 		    "Can't change YP password.");
    179 		/* continuation */
    180 		return(-1);
    181 	}
    182 
    183 	/*
    184 	 * Be sure the port is privileged
    185 	 */
    186 	if (rpcport >= IPPORT_RESERVED)
    187 		errx(1, "yppasswd daemon is on an invalid port.");
    188 
    189 	/* Bail out if this is a local (non-yp) user, */
    190 	/* then get user's login identity */
    191 	if (!ypgetpwnam(username) ||
    192 	    !(pw = getpwnam(username))) {
    193 		warnx("YP unknown user %s", username);
    194 		/* continuation */
    195 		return(-1);
    196 	}
    197 
    198 	if (uid && uid != pw->pw_uid)
    199 		errx(1, "you may only change your own password: %s",
    200 		    strerror(EACCES));
    201 
    202 	/* prompt for new password */
    203 	yppasswd.newpw.pw_passwd = getnewpasswd(pw, &yppasswd.oldpass);
    204 
    205 	/* tell rpc.yppasswdd */
    206 	yppasswd.newpw.pw_name	= strdup(pw->pw_name);
    207 	yppasswd.newpw.pw_uid 	= pw->pw_uid;
    208 	yppasswd.newpw.pw_gid	= pw->pw_gid;
    209 	yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos);
    210 	yppasswd.newpw.pw_dir	= strdup(pw->pw_dir);
    211 	yppasswd.newpw.pw_shell	= strdup(pw->pw_shell);
    212 
    213 	client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
    214 	if (client == NULL) {
    215 		warnx("cannot contact yppasswdd on %s:  Reason: %s",
    216 		    master, yperr_string(YPERR_YPBIND));
    217 		return (YPERR_YPBIND);
    218 	}
    219 
    220 	client->cl_auth = authunix_create_default();
    221 	tv.tv_sec = 2;
    222 	tv.tv_usec = 0;
    223 	r = clnt_call(client, YPPASSWDPROC_UPDATE,
    224 	    xdr_yppasswd, &yppasswd, xdr_int, &status, tv);
    225 	if (r)
    226 		errx(1, "rpc to yppasswdd failed.");
    227 	else if (status)
    228 		printf("Couldn't change YP password.\n");
    229 	else
    230 		printf("The YP password has been changed on %s, %s\n",
    231 		    master, "the master YP passwd server.");
    232 	return(0);
    233 }
    234 
    235 static char *
    236 getnewpasswd(pw, old_pass)
    237 	struct passwd *pw;
    238 	char **old_pass;
    239 {
    240 	int tries;
    241 	char *p, *t;
    242 	static char buf[_PASSWORD_LEN+1];
    243 	char salt[_PASSWORD_LEN+1];
    244 
    245 	(void)printf("Changing YP password for %s.\n", pw->pw_name);
    246 
    247 	if (old_pass) {
    248 		*old_pass = NULL;
    249 
    250 		if (pw->pw_passwd[0]) {
    251 			if (strcmp(crypt(p = getpass("Old password:"),
    252 					 pw->pw_passwd),  pw->pw_passwd)) {
    253 				   (void)printf("Sorry.\n");
    254 				   pw_error(NULL, 0, 1);
    255 			}
    256 		} else {
    257 			p = "";
    258 		}
    259 
    260 		*old_pass = strdup(p);
    261 	}
    262 	for (buf[0] = '\0', tries = 0;;) {
    263 		p = getpass("New password:");
    264 		if (!*p) {
    265 			(void)printf("Password unchanged.\n");
    266 			pw_error(NULL, 0, 0);
    267 		}
    268 		if (strlen(p) <= 5 && ++tries < 2) {
    269 			(void)printf("Please enter a longer password.\n");
    270 			continue;
    271 		}
    272 		for (t = p; *t && islower(*t); ++t);
    273 		if (!*t && ++tries < 2) {
    274 			(void)printf("Please don't use an all-lower case "
    275 				     "password.\nUnusual capitalization, "
    276 				     "control characters or digits are "
    277 				     "suggested.\n");
    278 			continue;
    279 		}
    280 		(void)strlcpy(buf, p, sizeof(buf));
    281 		if (!strcmp(buf, getpass("Retype new password:")))
    282 			break;
    283 		(void)printf("Mismatch; try again, EOF to quit.\n");
    284 	}
    285 
    286         if(!pwd_gensalt(salt, _PASSWORD_LEN, pw, 'y' )) {
    287                 (void)printf("Couldn't generate salt.\n");
    288                 pw_error(NULL, 0, 0);
    289         }
    290 	return(strdup(crypt(buf, salt)));
    291 }
    292 
    293 static int
    294 ypgetpwnam(nam)
    295 	const char *nam;
    296 {
    297 	char *val;
    298 	int reason, vallen;
    299 
    300 	val = NULL;
    301 	reason = yp_match(domain, "passwd.byname", nam, strlen(nam),
    302 			  &val, &vallen);
    303 	if (reason != 0) {
    304 		if (val != NULL)
    305 			free(val);
    306 		return 0;
    307 	}
    308 	free(val);
    309 	return 1;
    310 }
    311 
    312 #endif	/* YP */
    313