HardenedBSD/usr.bin/passwd/yp_passwd.c
Bill Paul e49249921c Fix for PR #3141: check for NULL before strdup()ing pw->pw_class.
(I'm not sure why this happens, though I suspect it may be because
the server is configured with only passwd maps instead of both passwd
and master.passwd maps. This is allowed, but I think in this case
pw_class is left NULL, hence the problem.)

Also applied similar patch to chpass/pw_yp.c just for paranoia's sake.
1997-03-29 20:29:12 +00:00

189 lines
5.7 KiB
C

/*
* Copyright (c) 1992/3 Theo de Raadt <deraadt@fsa.ca>
* Copyright (c) 1994 Olaf Kirch <okir@monad.swb.de>
* Copyright (c) 1995 Bill Paul <wpaul@ctr.columbia.edu>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef YP
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <time.h>
#include <sys/types.h>
#include <pwd.h>
#include <errno.h>
#include <unistd.h>
#include <limits.h>
#include <rpc/rpc.h>
#include <rpcsvc/yp_prot.h>
#include <rpcsvc/ypclnt.h>
#include <rpcsvc/yppasswd.h>
#include <pw_yp.h>
#include "yppasswd_comm.h"
extern char *getnewpasswd __P(( struct passwd * , int ));
int
yp_passwd(char *user)
{
struct timeval timeout;
struct yppasswd yppasswd;
struct master_yppasswd master_yppasswd;
struct passwd *pw;
CLIENT *clnt;
struct rpc_err err;
char *master;
int *status = NULL;
uid_t uid;
_use_yp = 1;
uid = getuid();
if ((master = get_yp_master(1)) == NULL) {
warnx("failed to find NIS master server");
return(1);
}
/*
* It is presumed that by the time we get here, use_yp()
* has been called and that we have verified that the user
* actually exists. This being the case, the yp_password
* stucture has already been filled in for us.
*/
/* Use the correct password */
pw = (struct passwd *)&yp_password;
if (pw->pw_uid != uid && uid != 0) {
warnx("Only the super-user may change account information \
for other users");
return(1);
}
pw->pw_change = 0;
/* Initialize password information */
if (suser_override) {
master_yppasswd.newpw.pw_passwd = strdup(pw->pw_passwd);
master_yppasswd.newpw.pw_name = strdup(pw->pw_name);
master_yppasswd.newpw.pw_uid = pw->pw_uid;
master_yppasswd.newpw.pw_gid = pw->pw_gid;
master_yppasswd.newpw.pw_expire = pw->pw_expire;
master_yppasswd.newpw.pw_change = pw->pw_change;
master_yppasswd.newpw.pw_fields = pw->pw_fields;
master_yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos);
master_yppasswd.newpw.pw_dir = strdup(pw->pw_dir);
master_yppasswd.newpw.pw_shell = strdup(pw->pw_shell);
master_yppasswd.newpw.pw_class = pw->pw_class != NULL ?
strdup(pw->pw_class) : "";
master_yppasswd.oldpass = "";
master_yppasswd.domain = yp_domain;
} else {
yppasswd.newpw.pw_passwd = strdup(pw->pw_passwd);
yppasswd.newpw.pw_name = strdup(pw->pw_name);
yppasswd.newpw.pw_uid = pw->pw_uid;
yppasswd.newpw.pw_gid = pw->pw_gid;
yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos);
yppasswd.newpw.pw_dir = strdup(pw->pw_dir);
yppasswd.newpw.pw_shell = strdup(pw->pw_shell);
yppasswd.oldpass = "";
}
if (suser_override)
printf("Changing NIS password for %s on %s in domain %s.\n",
pw->pw_name, master, yp_domain);
else
printf("Changing NIS password for %s on %s.\n",
pw->pw_name, master);
/* Get old password */
if(pw->pw_passwd[0] && !suser_override) {
yppasswd.oldpass = strdup(getpass("Old Password: "));
if (strcmp(crypt(yppasswd.oldpass, pw->pw_passwd),
pw->pw_passwd)) {
errx(1, "Sorry.");
}
}
if (suser_override) {
if ((master_yppasswd.newpw.pw_passwd = getnewpasswd(pw, 1)) == NULL)
return(1);
} else {
if ((yppasswd.newpw.pw_passwd = getnewpasswd(pw, 1)) == NULL)
return(1);
}
if (suser_override) {
if (senddat(&master_yppasswd)) {
warnx("failed to send request to rpc.yppasswdd");
return(1);
}
status = getresp();
} else {
if ((clnt = clnt_create(master, YPPASSWDPROG,
YPPASSWDVERS, "udp")) == NULL) {
warnx("failed to contact rpc.yppasswdd on host %s: %s",
master, clnt_spcreateerror(""));
return(1);
}
/*
* The yppasswd.x file said `unix authentication required',
* so I added it. This is the only reason it is in here.
* My yppasswdd doesn't use it, but maybe some others out there
* do. --okir
*/
clnt->cl_auth = authunix_create_default();
status = yppasswdproc_update_1(&yppasswd, clnt);
clnt_geterr(clnt, &err);
auth_destroy(clnt->cl_auth);
clnt_destroy(clnt);
}
if ((!suser_override && err.re_status != RPC_SUCCESS) ||
status == NULL || *status) {
errx(1, "Failed to change NIS password: %s",
(err.re_status != RPC_SUCCESS && !suser_override) ?
clnt_sperrno(err.re_status) :
"rpc.yppasswdd returned error status");
}
printf("\nNIS password has%s been changed on %s.\n",
((err.re_status != RPC_SUCCESS && !suser_override)
|| status == NULL || *status) ?
" not" : "", master);
return ((err.re_status || status == NULL || *status));
}
#endif /* YP */