yp_passwd.c revision 1.30
1 /* $NetBSD: yp_passwd.c,v 1.30 2005/01/12 03:34:58 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1988, 1990, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 #ifndef lint 34 #if 0 35 static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; 36 #else 37 __RCSID("$NetBSD: yp_passwd.c,v 1.30 2005/01/12 03:34:58 christos Exp $"); 38 #endif 39 #endif /* not lint */ 40 41 #ifdef YP 42 43 #include <ctype.h> 44 #include <err.h> 45 #include <errno.h> 46 #include <netdb.h> 47 #include <pwd.h> 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <time.h> 52 #include <unistd.h> 53 #include <limits.h> 54 #include <util.h> 55 56 #include <rpc/rpc.h> 57 #include <rpcsvc/yp_prot.h> 58 #include <rpcsvc/ypclnt.h> 59 60 #include "extern.h" 61 62 #define passwd yp_passwd_rec 63 #include <rpcsvc/yppasswd.h> 64 #undef passwd 65 66 #ifndef _PASSWORD_LEN 67 #define _PASSWORD_LEN PASS_MAX 68 #endif 69 70 static int yflag; 71 72 static char *getnewpasswd __P((struct passwd *, char **)); 73 static int ypgetpwnam __P((const char *)); 74 static void pwerror __P((char *, int, int)); 75 76 static uid_t uid; 77 char *domain; 78 79 static void 80 pwerror(name, err, eval) 81 char *name; 82 int err, eval; 83 { 84 85 if (err) 86 warn("%s", name); 87 errx(eval, "YP passwd database unchanged"); 88 } 89 90 int 91 yp_init(progname) 92 const char *progname; 93 { 94 int yppwd; 95 96 if (strcmp(progname, "yppasswd") == 0) { 97 yppwd = 1; 98 } else 99 yppwd = 0; 100 yflag = 0; 101 if (_yp_check(NULL) == 0) { 102 /* can't use YP. */ 103 if (yppwd) 104 errx(1, "YP not in use."); 105 return(-1); 106 } 107 return (0); 108 } 109 110 int 111 yp_arg(ch, arg) 112 char ch; 113 const char *arg; 114 { 115 switch (ch) { 116 case 'y': 117 yflag = 1; 118 break; 119 default: 120 return(0); 121 } 122 return(1); 123 } 124 125 int 126 yp_arg_end() 127 { 128 if (yflag) 129 return (PW_USE_FORCE); 130 return (PW_USE); 131 } 132 133 void 134 yp_end() 135 { 136 /* NOOP */ 137 } 138 139 int 140 yp_chpw(username) 141 const char *username; 142 { 143 char *master; 144 int r, rpcport, status; 145 struct yppasswd yppasswd; 146 struct passwd *pw; 147 struct timeval tv; 148 CLIENT *client; 149 150 uid = getuid(); 151 152 /* 153 * Get local domain 154 */ 155 if ((r = yp_get_default_domain(&domain)) != 0) 156 errx(1, "can't get local YP domain. Reason: %s", 157 yperr_string(r)); 158 159 /* 160 * Find the host for the passwd map; it should be running 161 * the daemon. 162 */ 163 if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { 164 warnx("can't find the master YP server. Reason: %s", 165 yperr_string(r)); 166 /* continuation */ 167 return(-1); 168 } 169 170 /* 171 * Ask the portmapper for the port of the daemon. 172 */ 173 if ((rpcport = getrpcport(master, YPPASSWDPROG, 174 YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { 175 warnx("master YP server not running yppasswd daemon.\n\t%s\n", 176 "Can't change YP password."); 177 /* continuation */ 178 return(-1); 179 } 180 181 /* 182 * Be sure the port is privileged 183 */ 184 if (rpcport >= IPPORT_RESERVED) 185 errx(1, "yppasswd daemon is on an invalid port."); 186 187 /* Bail out if this is a local (non-yp) user, */ 188 /* then get user's login identity */ 189 if (!ypgetpwnam(username) || 190 !(pw = getpwnam(username))) { 191 warnx("YP unknown user %s", username); 192 /* continuation */ 193 return(-1); 194 } 195 196 if (uid && uid != pw->pw_uid) 197 errx(1, "you may only change your own password: %s", 198 strerror(EACCES)); 199 200 /* prompt for new password */ 201 yppasswd.newpw.pw_passwd = getnewpasswd(pw, &yppasswd.oldpass); 202 203 /* tell rpc.yppasswdd */ 204 yppasswd.newpw.pw_name = strdup(pw->pw_name); 205 if (!yppasswd.newpw.pw_name) { 206 err(1, "strdup"); 207 /*NOTREACHED*/ 208 } 209 yppasswd.newpw.pw_uid = pw->pw_uid; 210 yppasswd.newpw.pw_gid = pw->pw_gid; 211 yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos); 212 if (!yppasswd.newpw.pw_gecos) { 213 err(1, "strdup"); 214 /*NOTREACHED*/ 215 } 216 yppasswd.newpw.pw_dir = strdup(pw->pw_dir); 217 if (!yppasswd.newpw.pw_dir) { 218 err(1, "strdup"); 219 /*NOTREACHED*/ 220 } 221 yppasswd.newpw.pw_shell = strdup(pw->pw_shell); 222 if (!yppasswd.newpw.pw_shell) { 223 err(1, "strdup"); 224 /*NOTREACHED*/ 225 } 226 227 client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); 228 if (client == NULL) { 229 warnx("cannot contact yppasswdd on %s: Reason: %s", 230 master, yperr_string(YPERR_YPBIND)); 231 return (YPERR_YPBIND); 232 } 233 234 client->cl_auth = authunix_create_default(); 235 tv.tv_sec = 2; 236 tv.tv_usec = 0; 237 r = clnt_call(client, YPPASSWDPROC_UPDATE, 238 xdr_yppasswd, &yppasswd, xdr_int, &status, tv); 239 if (r) 240 errx(1, "rpc to yppasswdd failed."); 241 else if (status) 242 printf("Couldn't change YP password.\n"); 243 else 244 printf("The YP password has been changed on %s, %s\n", 245 master, "the master YP passwd server."); 246 return(0); 247 } 248 249 static char * 250 getnewpasswd(pw, old_pass) 251 struct passwd *pw; 252 char **old_pass; 253 { 254 int tries; 255 char *p, *t; 256 static char buf[_PASSWORD_LEN+1]; 257 char salt[_PASSWORD_LEN+1]; 258 char option[LINE_MAX], *key, *opt; 259 260 (void)printf("Changing YP password for %s.\n", pw->pw_name); 261 262 if (old_pass) { 263 *old_pass = NULL; 264 265 if (pw->pw_passwd[0]) { 266 if (strcmp(crypt(p = getpass("Old password:"), 267 pw->pw_passwd), pw->pw_passwd)) { 268 (void)printf("Sorry.\n"); 269 pwerror(NULL, 0, 1); 270 } 271 } else { 272 p = ""; 273 } 274 275 *old_pass = strdup(p); 276 if (!*old_pass) { 277 (void)printf("not enough core.\n"); 278 pwerror(NULL, 0, 1); 279 } 280 } 281 for (buf[0] = '\0', tries = 0;;) { 282 p = getpass("New password:"); 283 if (!*p) { 284 (void)printf("Password unchanged.\n"); 285 pwerror(NULL, 0, 0); 286 } 287 if (strlen(p) <= 5 && ++tries < 2) { 288 (void)printf("Please enter a longer password.\n"); 289 continue; 290 } 291 for (t = p; *t && islower((unsigned char)*t); ++t); 292 if (!*t && ++tries < 2) { 293 (void)printf("Please don't use an all-lower case " 294 "password.\nUnusual capitalization, " 295 "control characters or digits are " 296 "suggested.\n"); 297 continue; 298 } 299 (void)strlcpy(buf, p, sizeof(buf)); 300 if (!strcmp(buf, getpass("Retype new password:"))) 301 break; 302 (void)printf("Mismatch; try again, EOF to quit.\n"); 303 } 304 305 pw_getpwconf(option, sizeof(option), pw, "ypcipher"); 306 opt = option; 307 key = strsep(&opt, ","); 308 if (pw_gensalt(salt, _PASSWORD_LEN, key, opt) == -1) { 309 warn("Couldn't generate salt"); 310 pwerror(NULL, 0, 0); 311 } 312 p = strdup(crypt(buf, salt)); 313 if (!p) { 314 (void)printf("not enough core.\n"); 315 pwerror(NULL, 0, 0); 316 } 317 return (p); 318 } 319 320 static int 321 ypgetpwnam(nam) 322 const char *nam; 323 { 324 char *val; 325 int reason, vallen; 326 327 val = NULL; 328 reason = yp_match(domain, "passwd.byname", nam, strlen(nam), 329 &val, &vallen); 330 if (reason != 0) { 331 if (val != NULL) 332 free(val); 333 return 0; 334 } 335 free(val); 336 return 1; 337 } 338 339 #endif /* YP */ 340
Indexes created Wed Oct 01 15:09:59 GMT 2025