mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-18 17:00:49 +01:00
76064c01e5
In ypserv: yp_svc.c: - small signal handler tweak (hopefully the last): just use sigemptyset() to clear sa_mask. Makefile.yp: - Let the user specify the location of master.passwd when updating maps (e.g. make MASTER_PASSWD=/some/path/to/master.passwd). Editing the file to change the location of master.passwd still works. This is mostly to let yppassswdd specify the name of the master.passwd file itself. In yppasswdd: yppasswdd.c: - Roll in some minor changes (mostly casts) from Olaf Kirch's latest yppasswd package release (version 0.7). - Use daemon() instead of doing all the deamonizing gruntwork ourselves. - Call pw_init() after daemonizing ourselves. pw_init() sets up some resource limits and blocks some signals for us. We used to do this before every password change, but there's really no point in calling it more than once during the life of the program. - Change install_reaper() so that we can use it to de-install the SIGCHLD handler if we need to (and we do in pw_mkdb() -- this is what I get for splicing code from two different programs together). - Use sigemptyset(&act.sa_mask) rather than act.sa_mask = 0: the latter is decidedly non-portable. (In IRIX, HP-UX and Solaris, sigset_t is an array of longs, not an int.) update.c: - Roll in change from new version (check that we're not modifying an NIS entry in validate_args()). - Get rid of call to pw_init() (moved to yppasswdd.c). - Check return values from pw_util routines and return error status to yppasswd clients if there's a problem. - Straighten out password file copying mechanism a little. Keep a grip on the original password file rather than summarily overwriting it so that we can restore everything if we fail to fork() a process to update the NIS maps. - Pass the name of the password template file (specified with -m or /etc/master.passwd by default) to the yppwupdate script, which in turn should now pass it to /var/yp/Makefile. pw_util.c: - Nuke the pw_edit() and pw_prompt() functions -- we don't need them. - Change all warn()s, warnx()s and err()s to syslog()s. - Make sure we return error status to caller rather than bailing out in pw_lock() and pw_tmp(). - Don't block SIGTERM in pw_init() (by ignoring SIGTERM, we prevent yppasswdd from being shut down cleanly). - Don't let pw_error() exit. (This stuff was stolen from chpass and vipw which are interactive programs; it's okay to let pw_error() bail out for these programs, but not in a daemon like yppasswdd). - Fix signal handling in pw_mkdb (we need to temporarily de-install the SIGCHLD handler so that we can wait on the pwd_mkdb child ourselves). pw_copy.c: - Change all warn()s, warnx()s and err()s to syslog()s. - Add a bunch of returns() and make pw_copy() return and int ( 0 on success, -1 on failure) so that update.c can flag errors properly. - Return -1 after calling pw_error() to signal failures rather than relying on pw_error() to bail out. - Abort copying if we discover that we've been asked to change an entry for a user that exists in the NIS passwd maps but not in the master.passwd template file. This can happen if the passwd maps and the template file fall out of sync with each other (or if somebody tries to spoof us). The old behavior was to create add the entry to the password file, which yppasswdd should not do under any circumstances. Makefile: - update VERSION to 0.7 yppasswdd.8: - fix typo (forgot a carriage return somewhere) - remove bogus reference to pwunconv(8) which FreeBSD doesn't have. - bump version from 0.5 to 0.7 - Reflect changes in password file handling. yppwupdate: - Log map rebuilds to /var/yp/ypupdate.log. - Pass the name of the template password file to /var/yp/Makefile as $MASTER_PASSWD.
196 lines
5.4 KiB
C
196 lines
5.4 KiB
C
/*
|
|
* yppasswdd
|
|
* Copyright 1994 Olaf Kirch, <okir@monad.swb.de>
|
|
*
|
|
* This program is covered by the GNU General Public License, version 2.
|
|
* It is provided in the hope that it is useful. However, the author
|
|
* disclaims ALL WARRANTIES, expressed or implied. See the GPL for details.
|
|
*/
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/errno.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/param.h>
|
|
#include <netinet/in.h>
|
|
#include <arpa/inet.h>
|
|
#include <fcntl.h>
|
|
#include <unistd.h>
|
|
#include <ctype.h>
|
|
#include <time.h>
|
|
#include <pwd.h>
|
|
|
|
#include <syslog.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
#include <rpc/rpc.h>
|
|
#include <rpc/pmap_clnt.h>
|
|
#include "yppasswd.h"
|
|
|
|
char *tempname, *passfile;
|
|
extern int *allow_chfn, *allow_chsh;
|
|
extern int pid;
|
|
extern int pw_copy __P((int, int, struct passwd *));
|
|
extern int pw_lock __P((void));
|
|
extern int pw_mkdb __P((void));
|
|
extern int pw_tmp __P((void));
|
|
|
|
#define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr)
|
|
#define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port)
|
|
void reaper( int sig );
|
|
|
|
/*===============================================================*
|
|
* Argument validation. Avoid \n... (ouch).
|
|
* We can't use isprint, because people may use 8bit chars which
|
|
* aren't recognized as printable in the default locale.
|
|
*===============================================================*/
|
|
static int
|
|
validate_string(char *str)
|
|
{
|
|
while (*str && !iscntrl(*str)) str++;
|
|
return (*str == '\0');
|
|
}
|
|
|
|
static int
|
|
validate_args(struct xpasswd *pw)
|
|
{
|
|
if (pw->pw_name[0] == '-' || pw->pw_name[0] == '+') {
|
|
syslog(LOG_ALERT, "attempt to modify NIS passwd entry \"%s\"",
|
|
pw->pw_name);
|
|
}
|
|
|
|
return validate_string(pw->pw_passwd)
|
|
&& validate_string(pw->pw_shell)
|
|
&& validate_string(pw->pw_gecos);
|
|
}
|
|
|
|
/*===============================================================*
|
|
* The passwd update handler
|
|
*===============================================================*/
|
|
int *
|
|
yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp)
|
|
{
|
|
struct xpasswd *newpw; /* passwd struct passed by the client */
|
|
struct passwd *pw; /* passwd struct obtained from getpwent() */
|
|
int chsh = 0, chfn = 0;
|
|
static int res;
|
|
char logbuf[255];
|
|
int pfd, tfd;
|
|
char *passfile_hold;
|
|
char template[] = "/tmp/yppwtmp.XXXXX";
|
|
|
|
newpw = &yppw->newpw;
|
|
res = 1;
|
|
|
|
sprintf( logbuf, "update %.12s (uid=%d) from host %s",
|
|
yppw->newpw.pw_name,
|
|
yppw->newpw.pw_uid,
|
|
inet_ntoa(xprt_addr(rqstp->rq_xprt)));
|
|
|
|
if (!validate_args(newpw)) {
|
|
syslog ( LOG_ALERT, "%s failed", logbuf );
|
|
syslog ( LOG_ALERT, "Invalid characters in argument. "
|
|
"Possible spoof attempt?" );
|
|
return &res;
|
|
}
|
|
|
|
/* Check if the user exists
|
|
*/
|
|
if (!(pw = getpwnam(yppw->newpw.pw_name))) {
|
|
syslog ( LOG_WARNING, "%s failed", logbuf );
|
|
syslog ( LOG_WARNING, "User not in password file." );
|
|
return (&res);
|
|
}
|
|
|
|
/* Check the password.
|
|
*/
|
|
if (strcmp(crypt(yppw->oldpass, pw->pw_passwd), pw->pw_passwd)) {
|
|
syslog ( LOG_WARNING, "%s rejected", logbuf );
|
|
syslog ( LOG_WARNING, "Invalid password." );
|
|
sleep(1);
|
|
return(&res);
|
|
}
|
|
|
|
/* set the new passwd, shell, and full name
|
|
*/
|
|
pw->pw_change = 0;
|
|
pw->pw_passwd = newpw->pw_passwd;
|
|
|
|
if (allow_chsh) {
|
|
chsh = (strcmp(pw->pw_shell, newpw->pw_shell) != 0);
|
|
pw->pw_shell = newpw->pw_shell;
|
|
}
|
|
|
|
if (allow_chfn) {
|
|
chfn = (strcmp(pw->pw_gecos, newpw->pw_gecos) != 0);
|
|
pw->pw_gecos = newpw->pw_gecos;
|
|
}
|
|
|
|
/*
|
|
* Bail if locking the password file or temp file creation fails.
|
|
* (These operations should log their own failure messages if need be,
|
|
* so we don't have to log their failures here.)
|
|
*/
|
|
if ((pfd = pw_lock()) < 0)
|
|
return &res;
|
|
if ((tfd = pw_tmp()) < 0)
|
|
return &res;
|
|
|
|
/* Placeholder in case we need to put the old password file back. */
|
|
passfile_hold = mktemp((char *)&template);
|
|
|
|
/*
|
|
* Copy the password file to the temp file,
|
|
* inserting new passwd entry along the way.
|
|
*/
|
|
if (pw_copy(pfd, tfd, pw) < 0) {
|
|
syslog(LOG_ERR, "%s > %s: copy failed. Cleaning up.",
|
|
tempname, passfile);
|
|
unlink(tempname);
|
|
return (&res);
|
|
}
|
|
|
|
rename(passfile, passfile_hold);
|
|
if (strcmp(passfile, _PATH_MASTERPASSWD)) {
|
|
rename(tempname, passfile);
|
|
}
|
|
else
|
|
if (pw_mkdb() < 0) {
|
|
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
|
|
return(&res);
|
|
}
|
|
|
|
/* Fork off process to rebuild NIS passwd.* maps. If the fork
|
|
* fails, restore old passwd file and return an error.
|
|
*/
|
|
if ((pid = fork()) < 0) {
|
|
syslog( LOG_ERR, "%s failed", logbuf );
|
|
syslog( LOG_ERR, "Couldn't fork map update process: %m" );
|
|
unlink(passfile);
|
|
rename(passfile_hold, passfile);
|
|
if (!strcmp(passfile, _PATH_MASTERPASSWD))
|
|
if (pw_mkdb()) {
|
|
syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf );
|
|
return(&res);
|
|
}
|
|
|
|
return (&res);
|
|
}
|
|
if (pid == 0) {
|
|
unlink(passfile_hold);
|
|
execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile, NULL);
|
|
syslog( LOG_ERR, "Error: couldn't exec map update process: %m" );
|
|
exit(1);
|
|
}
|
|
|
|
syslog (LOG_INFO, "%s successful. Password changed.", logbuf );
|
|
if (chsh || chfn) {
|
|
syslog ( LOG_INFO, "Shell %schanged (%s), GECOS %schanged (%s).",
|
|
chsh? "" : "un", newpw->pw_shell,
|
|
chfn? "" : "un", newpw->pw_gecos );
|
|
}
|
|
|
|
res = 0;
|
|
return (&res);
|
|
}
|