Annotation of src/usr.bin/passwd/yp_passwd.c, Revision 1.1.1.1
1.1 deraadt 1: /*
2: * Copyright (c) 1988 The Regents of the University of California.
3: * All rights reserved.
4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: * 1. Redistributions of source code must retain the above copyright
9: * notice, this list of conditions and the following disclaimer.
10: * 2. Redistributions in binary form must reproduce the above copyright
11: * notice, this list of conditions and the following disclaimer in the
12: * documentation and/or other materials provided with the distribution.
13: * 3. All advertising materials mentioning features or use of this software
14: * must display the following acknowledgement:
15: * This product includes software developed by the University of
16: * California, Berkeley and its contributors.
17: * 4. Neither the name of the University nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33: #ifndef lint
34: /*static char sccsid[] = "from: @(#)yp_passwd.c 1.0 2/2/93";*/
35: static char rcsid[] = "$Id: yp_passwd.c,v 1.8 1995/02/08 19:54:12 phil Exp $";
36: #endif /* not lint */
37:
38: #ifdef YP
39:
40: #include <stdio.h>
41: #include <string.h>
42: #include <netdb.h>
43: #include <time.h>
44: #include <pwd.h>
45: #include <errno.h>
46: #include <rpc/rpc.h>
47: #include <rpcsvc/yp_prot.h>
48: #include <rpcsvc/ypclnt.h>
49: #define passwd yp_passwd_rec
50: #include <rpcsvc/yppasswd.h>
51: #undef passwd
52:
53: #ifndef _PASSWORD_LEN
54: #define _PASSWORD_LEN PASS_MAX
55: #endif
56:
57: extern char *progname;
58: static char *getnewpasswd();
59: static struct passwd *ypgetpwnam();
60:
61: static uid_t uid;
62: char *domain;
63:
64: static
65: pw_error(name, err, eval)
66: char *name;
67: int err, eval;
68: {
69: int sverrno;
70:
71: if (err) {
72: sverrno = errno;
73: (void)fprintf(stderr, "%s: ", progname);
74: if (name)
75: (void)fprintf(stderr, "%s: ", name);
76: (void)fprintf(stderr, "%s\n", strerror(sverrno));
77: }
78: (void)fprintf(stderr,
79: "%s: YP passwd database unchanged\n", progname);
80: exit(eval);
81: }
82:
83: yp_passwd(username)
84: char *username;
85: {
86: char *master;
87: char *pp;
88: int r, rpcport, status;
89: struct yppasswd yppasswd;
90: struct passwd *pw;
91: struct timeval tv;
92: CLIENT *client;
93:
94: uid = getuid();
95:
96: /*
97: * Get local domain
98: */
99: if (r = yp_get_default_domain(&domain)) {
100: fprintf(stderr, "%s: can't get local YP domain. Reason: %s\n",
101: progname, yperr_string(r));
102: exit(1);
103: }
104:
105: /*
106: * Find the host for the passwd map; it should be running
107: * the daemon.
108: */
109: if ((r = yp_master(domain, "passwd.byname", &master)) != 0) {
110: fprintf(stderr,
111: "%s: can't find the master YP server. Reason: %s\n",
112: progname, yperr_string(r));
113: exit(1);
114: }
115:
116: /*
117: * Ask the portmapper for the port of the daemon.
118: */
119: if ((rpcport = getrpcport(master, YPPASSWDPROG,
120: YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) {
121: fprintf(stderr,
122: "%s: master YP server not running yppasswd daemon.\n",
123: progname);
124: fprintf(stderr, "\tCan't change password.\n");
125: exit(1);
126: }
127:
128: /*
129: * Be sure the port is priviledged
130: */
131: if (rpcport >= IPPORT_RESERVED) {
132: fprintf(stderr, "%s: yppasswd daemon is on an invalid port.\n",
133: progname);
134: exit(1);
135: }
136:
137: /* Get user's login identity */
138: if (!(pw = ypgetpwnam(username))) {
139: (void)fprintf(stderr, "%s: unknown user %s.\n",
140: progname, username);
141: exit(1);
142: }
143:
144: if (uid && uid != pw->pw_uid) {
145: fprintf(stderr,
146: "%s: you may only change your own password: %s\n",
147: progname, strerror(EACCES));
148: exit(1);
149: }
150:
151: /* prompt for new password */
152: yppasswd.newpw.pw_passwd = getnewpasswd(pw, &yppasswd.oldpass);
153:
154: /* tell rpc.yppasswdd */
155: yppasswd.newpw.pw_name = pw->pw_name;
156: yppasswd.newpw.pw_uid = pw->pw_uid;
157: yppasswd.newpw.pw_gid = pw->pw_gid;
158: yppasswd.newpw.pw_gecos = pw->pw_gecos;
159: yppasswd.newpw.pw_dir = pw->pw_dir;
160: yppasswd.newpw.pw_shell = pw->pw_shell;
161:
162: client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
163: if (client==NULL) {
164: fprintf(stderr, "cannot contact yppasswdd on %s: Reason: %s\n",
165: master, yperr_string(YPERR_YPBIND));
166: return(YPERR_YPBIND);
167: }
168: client->cl_auth = authunix_create_default();
169: tv.tv_sec = 2;
170: tv.tv_usec = 0;
171: r = clnt_call(client, YPPASSWDPROC_UPDATE,
172: xdr_yppasswd, &yppasswd, xdr_int, &status, tv);
173: if (r)
174: fprintf(stderr, "%s: rpc to yppasswdd failed.\n", progname);
175: else if (status)
176: printf("Couldn't change YP password.\n");
177: else
178: printf("The YP password has been changed on %s, the master YP passwd server.\n", master);
179: exit(0);
180: }
181:
182: static char *
183: getnewpasswd(pw, old_pass)
184: register struct passwd *pw;
185: char **old_pass;
186: {
187: static char buf[_PASSWORD_LEN+1];
188: register char *p, *t;
189: int tries;
190: char salt[9], *crypt(), *getpass();
191:
192: (void)printf("Changing YP password for %s.\n", pw->pw_name);
193:
194: if (old_pass) {
195: *old_pass = NULL;
196:
197: if (pw->pw_passwd[0]) {
198: if (strcmp(crypt(p = getpass("Old password:"),
199: pw->pw_passwd), pw->pw_passwd)) {
200: errno = EACCES;
201: pw_error(NULL, 1, 1);
202: }
203: } else {
204: p = "";
205: }
206:
207: *old_pass = strdup(p);
208: }
209: for (buf[0] = '\0', tries = 0;;) {
210: p = getpass("New password:");
211: if (!*p) {
212: (void)printf("Password unchanged.\n");
213: pw_error(NULL, 0, 0);
214: }
215: if (strlen(p) <= 5 && ++tries < 2) {
216: (void)printf("Please enter a longer password.\n");
217: continue;
218: }
219: for (t = p; *t && islower(*t); ++t);
220: if (!*t && ++tries < 2) {
221: (void)printf("Please don't use an all-lower case password.\nUnusual capitalization, control characters or digits are suggested.\n");
222: continue;
223: }
224: (void)strcpy(buf, p);
225: if (!strcmp(buf, getpass("Retype new password:")))
226: break;
227: (void)printf("Mismatch; try again, EOF to quit.\n");
228: }
229: /* grab a random printable character that isn't a colon */
230: (void)srandom((int)time((time_t *)NULL));
231: #ifdef NEWSALT
232: salt[0] = _PASSWORD_EFMT1;
233: to64(&salt[1], (long)(29 * 25), 4);
234: to64(&salt[5], random(), 4);
235: #else
236: to64(&salt[0], random(), 2);
237: #endif
238: return(strdup(crypt(buf, salt)));
239: }
240:
241: static char *
242: pwskip(register char *p)
243: {
244: while (*p && *p != ':' && *p != '\n')
245: ++p;
246: if (*p)
247: *p++ = 0;
248: return (p);
249: }
250:
251: struct passwd *
252: interpret(struct passwd *pwent, char *line)
253: {
254: register char *p = line;
255: register int c;
256:
257: pwent->pw_passwd = "*";
258: pwent->pw_uid = 0;
259: pwent->pw_gid = 0;
260: pwent->pw_gecos = "";
261: pwent->pw_dir = "";
262: pwent->pw_shell = "";
263: pwent->pw_change = 0;
264: pwent->pw_expire = 0;
265: pwent->pw_class = "";
266:
267: /* line without colon separators is no good, so ignore it */
268: if(!strchr(p,':'))
269: return(NULL);
270:
271: pwent->pw_name = p;
272: p = pwskip(p);
273: pwent->pw_passwd = p;
274: p = pwskip(p);
275: pwent->pw_uid = (uid_t)strtoul(p, NULL, 10);
276: p = pwskip(p);
277: pwent->pw_gid = (gid_t)strtoul(p, NULL, 10);
278: p = pwskip(p);
279: pwent->pw_gecos = p;
280: p = pwskip(p);
281: pwent->pw_dir = p;
282: p = pwskip(p);
283: pwent->pw_shell = p;
284: while (*p && *p != '\n')
285: p++;
286: *p = '\0';
287: return (pwent);
288: }
289:
290: static struct passwd *
291: ypgetpwnam(nam)
292: char *nam;
293: {
294: static struct passwd pwent;
295: static char line[1024];
296: char *val;
297: int reason, vallen;
298:
299: reason = yp_match(domain, "passwd.byname", nam, strlen(nam),
300: &val, &vallen);
301: switch(reason) {
302: case 0:
303: break;
304: default:
305: return (NULL);
306: break;
307: }
308: val[vallen] = '\0';
309: strcpy(line, val);
310: free(val);
311:
312: return(interpret(&pwent, line));
313: }
314:
315: #endif /* YP */