xref: /freebsd/usr.sbin/rpc.yppasswdd/yppasswdd_server.c (revision 02e9120893770924227138ba49df1edb3896112a)
1 /*-
2  * SPDX-License-Identifier: BSD-4-Clause
3  *
4  * Copyright (c) 1995, 1996
5  *	Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. All advertising materials mentioning features or use of this software
16  *    must display the following acknowledgement:
17  *	This product includes software developed by Bill Paul.
18  * 4. Neither the name of the author nor the names of any co-contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #include <sys/param.h>
36 #include <sys/fcntl.h>
37 #include <sys/socket.h>
38 #include <sys/stat.h>
39 #include <sys/wait.h>
40 
41 #include <arpa/inet.h>
42 #include <netinet/in.h>
43 
44 #include <ctype.h>
45 #include <db.h>
46 #include <dirent.h>
47 #include <errno.h>
48 #include <limits.h>
49 #include <pwd.h>
50 #include <signal.h>
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <string.h>
54 #include <unistd.h>
55 
56 #include <libgen.h>
57 #include <libutil.h>
58 
59 #include <rpc/rpc.h>
60 #include <rpcsvc/yp.h>
61 struct dom_binding;
62 #include <rpcsvc/ypclnt.h>
63 #include "yppasswdd_extern.h"
64 #include "yppasswd.h"
65 #include "yppasswd_private.h"
66 #include "ypxfr_extern.h"
67 #include "yp_extern.h"
68 
69 static struct passwd yp_password;
70 
71 static void
72 xlate_passwd(struct x_master_passwd *xpwd, struct passwd *pwd)
73 {
74 	pwd->pw_name = xpwd->pw_name;
75 	pwd->pw_passwd = xpwd->pw_passwd;
76 	pwd->pw_uid = xpwd->pw_uid;
77 	pwd->pw_gid = xpwd->pw_gid;
78 	pwd->pw_change = xpwd->pw_change;
79 	pwd->pw_class = xpwd->pw_class;
80 	pwd->pw_gecos = xpwd->pw_gecos;
81 	pwd->pw_dir = xpwd->pw_dir;
82 	pwd->pw_shell = xpwd->pw_shell;
83 	pwd->pw_expire = xpwd->pw_expire;
84 	pwd->pw_fields = xpwd->pw_fields;
85 }
86 
87 static void
88 copy_yp_pass(char *p, int x, int m)
89 {
90 	char *t, *s = p;
91 	static char *buf;
92 
93 	yp_password.pw_fields = 0;
94 
95 	buf = realloc(buf, m + 10);
96 	bzero(buf, m + 10);
97 
98 	/* Turn all colons into NULLs */
99 	while (strchr(s, ':')) {
100 		s = (strchr(s, ':') + 1);
101 		*(s - 1)= '\0';
102 	}
103 
104 	t = buf;
105 #define EXPAND(e) do { \
106 	e = t; \
107 	while ((*t++ = *p++)); \
108 } while (0)
109         EXPAND(yp_password.pw_name);
110 	yp_password.pw_fields |= _PWF_NAME;
111         EXPAND(yp_password.pw_passwd);
112 	yp_password.pw_fields |= _PWF_PASSWD;
113 	yp_password.pw_uid = atoi(p);
114         p += (strlen(p) + 1);
115 	yp_password.pw_fields |= _PWF_UID;
116 	yp_password.pw_gid = atoi(p);
117         p += (strlen(p) + 1);
118 	yp_password.pw_fields |= _PWF_GID;
119 	if (x) {
120 		EXPAND(yp_password.pw_class);
121 		yp_password.pw_fields |= _PWF_CLASS;
122 		yp_password.pw_change = atol(p);
123 		p += (strlen(p) + 1);
124 		yp_password.pw_fields |= _PWF_CHANGE;
125 		yp_password.pw_expire = atol(p);
126 		p += (strlen(p) + 1);
127 		yp_password.pw_fields |= _PWF_EXPIRE;
128 	}
129         EXPAND(yp_password.pw_gecos);
130 	yp_password.pw_fields |= _PWF_GECOS;
131         EXPAND(yp_password.pw_dir);
132 	yp_password.pw_fields |= _PWF_DIR;
133         EXPAND(yp_password.pw_shell);
134 	yp_password.pw_fields |= _PWF_SHELL;
135 }
136 
137 static int
138 validchars(char *arg)
139 {
140 	size_t i;
141 
142 	for (i = 0; i < strlen(arg); i++) {
143 		if (iscntrl(arg[i])) {
144 			yp_error("string contains a control character");
145 			return(1);
146 		}
147 		if (arg[i] == ':') {
148 			yp_error("string contains a colon");
149 			return(1);
150 		}
151 		/* Be evil: truncate strings with \n in them silently. */
152 		if (arg[i] == '\n') {
153 			arg[i] = '\0';
154 			return(0);
155 		}
156 	}
157 	return(0);
158 }
159 
160 static int
161 validate_master(struct passwd *opw __unused, struct x_master_passwd *npw)
162 {
163 
164 	if (npw->pw_name[0] == '+' || npw->pw_name[0] == '-') {
165 		yp_error("client tried to modify an NIS entry");
166 		return(1);
167 	}
168 
169 	if (validchars(npw->pw_shell)) {
170 		yp_error("specified shell contains invalid characters");
171 		return(1);
172 	}
173 
174 	if (validchars(npw->pw_gecos)) {
175 		yp_error("specified gecos field contains invalid characters");
176 		return(1);
177 	}
178 
179 	if (validchars(npw->pw_passwd)) {
180 		yp_error("specified password contains invalid characters");
181 		return(1);
182 	}
183 	return(0);
184 }
185 
186 static int
187 validate(struct passwd *opw, struct x_passwd *npw)
188 {
189 
190 	if (npw->pw_name[0] == '+' || npw->pw_name[0] == '-') {
191 		yp_error("client tried to modify an NIS entry");
192 		return(1);
193 	}
194 
195 	if ((uid_t)npw->pw_uid != opw->pw_uid) {
196 		yp_error("UID mismatch: client says user %s has UID %d",
197 			 npw->pw_name, npw->pw_uid);
198 		yp_error("database says user %s has UID %d", opw->pw_name,
199 			 opw->pw_uid);
200 		return(1);
201 	}
202 
203 	if ((gid_t)npw->pw_gid != opw->pw_gid) {
204 		yp_error("GID mismatch: client says user %s has GID %d",
205 			 npw->pw_name, npw->pw_gid);
206 		yp_error("database says user %s has GID %d", opw->pw_name,
207 			 opw->pw_gid);
208 		return(1);
209 	}
210 
211 	/*
212 	 * Don't allow the user to shoot himself in the foot,
213 	 * even on purpose.
214 	 */
215 	if (!no_chsh && !ok_shell(npw->pw_shell)) {
216 		yp_error("%s is not a valid shell", npw->pw_shell);
217 		return(1);
218 	}
219 
220 	if (!no_chsh && validchars(npw->pw_shell)) {
221 		yp_error("specified shell contains invalid characters");
222 		return(1);
223 	}
224 
225 	if (validchars(npw->pw_gecos)) {
226 		yp_error("specified gecos field contains invalid characters");
227 		return(1);
228 	}
229 
230 	if (validchars(npw->pw_passwd)) {
231 		yp_error("specified password contains invalid characters");
232 		return(1);
233 	}
234 	return(0);
235 }
236 
237 /*
238  * Kludge alert:
239  * In order to have one rpc.yppasswdd support multiple domains,
240  * we have to cheat: we search each directory under /var/yp
241  * and try to match the user in each master.passwd.byname
242  * map that we find. If the user matches (username, uid and gid
243  * all agree), then we use that domain. If we match the user in
244  * more than one database, we must abort.
245  */
246 static char *
247 find_domain(struct x_passwd *pw)
248 {
249 	struct stat statbuf;
250 	struct dirent *dirp;
251 	DIR *dird;
252 	char yp_mapdir[MAXPATHLEN + 2];
253 	static char domain[YPMAXDOMAIN];
254 	char *tmp = NULL;
255 	DBT key, data;
256 	int hit = 0;
257 
258 	yp_error("performing multidomain lookup");
259 
260 	if ((dird = opendir(yp_dir)) == NULL) {
261 		yp_error("opendir(%s) failed: %s", yp_dir, strerror(errno));
262 		return(NULL);
263 	}
264 
265 	while ((dirp = readdir(dird)) != NULL) {
266 		snprintf(yp_mapdir, sizeof yp_mapdir, "%s/%s",
267 							yp_dir, dirp->d_name);
268 		if (stat(yp_mapdir, &statbuf) < 0) {
269 			yp_error("stat(%s) failed: %s", yp_mapdir,
270 							strerror(errno));
271 			closedir(dird);
272 			return(NULL);
273 		}
274 		if (S_ISDIR(statbuf.st_mode)) {
275 			tmp = (char *)dirp->d_name;
276 			key.data = pw->pw_name;
277 			key.size = strlen(pw->pw_name);
278 
279 			if (yp_get_record(tmp,"master.passwd.byname",
280 			  		&key, &data, 0) != YP_TRUE) {
281 				continue;
282 			}
283 			*((char *)data.data + data.size) = '\0';
284 			copy_yp_pass(data.data, 1, data.size);
285 			if (yp_password.pw_uid == (uid_t)pw->pw_uid &&
286 			    yp_password.pw_gid == (gid_t)pw->pw_gid) {
287 				hit++;
288 				snprintf(domain, YPMAXDOMAIN, "%s", tmp);
289 			}
290 		}
291 	}
292 
293 	closedir(dird);
294 	if (hit > 1) {
295 		yp_error("found same user in two different domains");
296 		return(NULL);
297 	} else
298 		return((char *)&domain);
299 }
300 
301 static const char *maps[] = {
302 	"master.passwd.byname",
303 	"master.passwd.byuid",
304 	"passwd.byname",
305 	"passwd.byuid"
306 };
307 
308 static const char *formats[] = {
309 	"%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s",
310 	"%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s",
311 	"%s:%s:%d:%d:%s:%s:%s",
312 	"%s:%s:%d:%d:%s:%s:%s"
313 };
314 
315 static int
316 update_inplace(struct passwd *pw, char *domain)
317 {
318 	DB *dbp = NULL;
319 	DBT key = { NULL, 0 };
320 	DBT data = { NULL, 0 };
321 	char *pwbuf;
322 	char keybuf[20];
323 	int i;
324 	char *ptr = NULL;
325 	static char yp_last[] = "YP_LAST_MODIFIED";
326 	char yplastbuf[64];
327 
328 	snprintf(yplastbuf, sizeof yplastbuf, "%llu",
329 	    (unsigned long long)time(NULL));
330 	pwbuf = NULL;
331 
332 	for (i = 0; i < 4; i++) {
333 
334 		if (i % 2) {
335 			snprintf(keybuf, sizeof keybuf,
336 			    "%llu", (unsigned long long)pw->pw_uid);
337 			key.data = &keybuf;
338 			key.size = strlen(keybuf);
339 		} else {
340 			key.data = pw->pw_name;
341 			key.size = strlen(pw->pw_name);
342 		}
343 
344 		/*
345 		 * XXX The passwd.byname and passwd.byuid maps come in
346 		 * two flavors: secure and insecure. The secure version
347 		 * has a '*' in the password field whereas the insecure one
348 		 * has a real crypted password. The maps will be insecure
349 		 * if they were built with 'unsecure = TRUE' enabled in
350 		 * /var/yp/Makefile, but we'd have no way of knowing if
351 		 * this has been done unless we were to try parsing the
352 		 * Makefile, which is a disgusting thought. Instead, we
353 		 * read the records from the maps, skip to the first ':'
354 		 * in them, and then look at the character immediately
355 		 * following it. If it's an '*' then the map is 'secure'
356 		 * and we must not insert a real password into the pw_passwd
357 		 * field. If it's not an '*', then we put the real crypted
358 		 * password in.
359 		 */
360 		if (yp_get_record(domain,maps[i],&key,&data,1) != YP_TRUE) {
361 			yp_error("couldn't read %s/%s: %s", domain,
362 						maps[i], strerror(errno));
363 			goto ret1;
364 		}
365 
366 		if ((ptr = strchr(data.data, ':')) == NULL) {
367 			yp_error("no colon in passwd record?!");
368 			goto ret1;
369 		}
370 
371 		/*
372 		 * XXX Supposing we have more than one user with the same
373 		 * UID? (Or more than one user with the same name?) We could
374 		 * end up modifying the wrong record if were not careful.
375 		 */
376 		if (i % 2) {
377 			if (strncmp(data.data, pw->pw_name,
378 							strlen(pw->pw_name))) {
379 				yp_error("warning: found entry for UID %d \
380 in map %s@%s with wrong name (%.*s)", pw->pw_uid, maps[i], domain,
381 				    (int)(ptr - (char *)data.data),
382 				    (char *)data.data);
383 				yp_error("there may be more than one user \
384 with the same UID - continuing");
385 				continue;
386 			}
387 		} else {
388 			/*
389 			 * We're really being ultra-paranoid here.
390 			 * This is generally a 'can't happen' condition.
391 			 */
392 			free(pwbuf);
393 			asprintf(&pwbuf, ":%d:%d:", pw->pw_uid, pw->pw_gid);
394 			if (pwbuf == NULL) {
395 				yp_error("no memory");
396 				goto ret1;
397 			}
398 			if (!strstr(data.data, pwbuf)) {
399 				yp_error("warning: found entry for user %s \
400 in map %s@%s with wrong UID", pw->pw_name, maps[i], domain);
401 				yp_error("there may be more than one user \
402 with the same name - continuing");
403 				continue;
404 			}
405 		}
406 
407 		if (i < 2) {
408 			free(pwbuf);
409 			asprintf(&pwbuf, formats[i],
410 			   pw->pw_name, pw->pw_passwd, pw->pw_uid,
411 			   pw->pw_gid, pw->pw_class, pw->pw_change,
412 			   pw->pw_expire, pw->pw_gecos, pw->pw_dir,
413 			   pw->pw_shell);
414 		} else {
415 			free(pwbuf);
416 			asprintf(&pwbuf, formats[i],
417 			   pw->pw_name, *(ptr+1) == '*' ? "*" : pw->pw_passwd,
418 			   pw->pw_uid, pw->pw_gid, pw->pw_gecos, pw->pw_dir,
419 			   pw->pw_shell);
420 		}
421 		if (pwbuf == NULL) {
422 			yp_error("no memory");
423 			goto ret1;
424 		}
425 
426 #define FLAGS O_RDWR|O_CREAT
427 
428 		if ((dbp = yp_open_db_rw(domain, maps[i], FLAGS)) == NULL) {
429 			yp_error("couldn't open %s/%s r/w: %s",domain,
430 						maps[i],strerror(errno));
431 			goto ret1;
432 		}
433 
434 		data.data = pwbuf;
435 		data.size = strlen(pwbuf);
436 
437 		if (yp_put_record(dbp, &key, &data, 1) != YP_TRUE) {
438 			yp_error("failed to update record in %s/%s", domain,
439 								maps[i]);
440 			(void)(dbp->close)(dbp);
441 			goto ret1;
442 		}
443 
444 		key.data = yp_last;
445 		key.size = strlen(yp_last);
446 		data.data = (char *)&yplastbuf;
447 		data.size = strlen(yplastbuf);
448 
449 		if (yp_put_record(dbp, &key, &data, 1) != YP_TRUE) {
450 			yp_error("failed to update timestamp in %s/%s", domain,
451 								maps[i]);
452 			(void)(dbp->close)(dbp);
453 			goto ret1;
454 		}
455 
456 		(void)(dbp->close)(dbp);
457 	}
458 
459 	free(pwbuf);
460 	return (0);
461 ret1:
462 	free(pwbuf);
463 	return (1);
464 }
465 
466 int *
467 yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
468 {
469 	static int  result;
470 	struct sockaddr_in *rqhost;
471 	DBT key, data;
472 	int rval = 0;
473 	int pfd, tfd;
474 	int pid;
475 	int passwd_changed = 0;
476 	int shell_changed = 0;
477 	int gecos_changed = 0;
478 	char *cryptpw;
479 	char *oldshell = NULL;
480 	char *oldgecos = NULL;
481 	char *passdir;
482 	char *passfile_hold;
483 	char passdir_buf[MAXPATHLEN + 2];
484 	char passfile_buf[MAXPATHLEN + 2];
485 	char passfile_hold_buf[MAXPATHLEN + 2];
486 	char *domain = yppasswd_domain;
487 	static struct sockaddr_in clntaddr;
488 	static struct timeval t_saved, t_test;
489 
490 	/*
491 	 * Normal user updates always use the 'default' master.passwd file.
492 	 */
493 
494 	passfile = passfile_default;
495 	result = 1;
496 
497 	rqhost = svc_getcaller(rqstp->rq_xprt);
498 
499 	gettimeofday(&t_test, NULL);
500 	if (!bcmp(rqhost, &clntaddr, sizeof *rqhost) &&
501 		t_test.tv_sec > t_saved.tv_sec &&
502 		t_test.tv_sec - t_saved.tv_sec < 300) {
503 
504 		bzero(&clntaddr, sizeof clntaddr);
505 		bzero(&t_saved, sizeof t_saved);
506 		return(NULL);
507 	}
508 
509 	bcopy(rqhost, &clntaddr, sizeof clntaddr);
510 	gettimeofday(&t_saved, NULL);
511 
512 	if (yp_access(resvport ? "master.passwd.byname" : NULL, rqstp)) {
513 		yp_error("rejected update request from unauthorized host");
514 		svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED);
515 		return(&result);
516 	}
517 
518 	/*
519 	 * Step one: find the user. (It's kinda pointless to
520 	 * proceed if the user doesn't exist.) We look for the
521 	 * user in the master.passwd.byname database, _NOT_ by
522 	 * using getpwent() and friends! We can't use getpwent()
523 	 * since the NIS master server is not guaranteed to be
524 	 * configured as an NIS client.
525 	 */
526 
527 	if (multidomain) {
528 		if ((domain = find_domain(&argp->newpw)) == NULL) {
529 			yp_error("multidomain lookup failed - aborting update");
530 			return(&result);
531 		} else
532 			yp_error("updating user %s in domain %s",
533 					argp->newpw.pw_name, domain);
534 	}
535 
536 	key.data = argp->newpw.pw_name;
537 	key.size = strlen(argp->newpw.pw_name);
538 
539 	if ((rval = yp_get_record(domain,"master.passwd.byname",
540 		  	&key, &data, 0)) != YP_TRUE) {
541 		if (rval == YP_NOKEY) {
542 			yp_error("user %s not found in passwd database",
543 			 	argp->newpw.pw_name);
544 		} else {
545 			yp_error("database access error: %s",
546 			 	yperr_string(rval));
547 		}
548 		return(&result);
549 	}
550 
551 	/* Nul terminate, please. */
552 	*((char *)data.data + data.size) = '\0';
553 
554 	copy_yp_pass(data.data, 1, data.size);
555 
556 	/* Step 2: check that the supplied oldpass is valid. */
557 
558 	cryptpw = crypt(argp->oldpass, yp_password.pw_passwd);
559 	if (cryptpw == NULL || strcmp(cryptpw, yp_password.pw_passwd)) {
560 		yp_error("rejected change attempt -- bad password");
561 		yp_error("client address: %s username: %s",
562 			  inet_ntoa(rqhost->sin_addr),
563 			  argp->newpw.pw_name);
564 		return(&result);
565 	}
566 
567 	/* Step 3: validate the arguments passed to us by the client. */
568 
569 	if (validate(&yp_password, &argp->newpw)) {
570 		yp_error("rejecting change attempt: bad arguments");
571 		yp_error("client address: %s username: %s",
572 			 inet_ntoa(rqhost->sin_addr),
573 			 argp->newpw.pw_name);
574 		svcerr_decode(rqstp->rq_xprt);
575 		return(&result);
576 	}
577 
578 	/* Step 4: update the user's passwd structure. */
579 
580 	if (!no_chsh && strcmp(argp->newpw.pw_shell, yp_password.pw_shell)) {
581 		oldshell = yp_password.pw_shell;
582 		yp_password.pw_shell = argp->newpw.pw_shell;
583 		shell_changed++;
584 	}
585 
586 
587 	if (!no_chfn && strcmp(argp->newpw.pw_gecos, yp_password.pw_gecos)) {
588 		oldgecos = yp_password.pw_gecos;
589 		yp_password.pw_gecos = argp->newpw.pw_gecos;
590 		gecos_changed++;
591 	}
592 
593 	if (strcmp(argp->newpw.pw_passwd, yp_password.pw_passwd)) {
594 		yp_password.pw_passwd = argp->newpw.pw_passwd;
595 		yp_password.pw_change = 0;
596 		passwd_changed++;
597 	}
598 
599 	/*
600 	 * If the caller specified a domain other than our 'default'
601 	 * domain, change the path to master.passwd accordingly.
602 	 */
603 
604 	if (strcmp(domain, yppasswd_domain)) {
605 		snprintf(passfile_buf, sizeof(passfile_buf),
606 			"%s/%s/master.passwd", yp_dir, domain);
607 		passfile = (char *)&passfile_buf;
608 	}
609 
610 	/*
611 	 * Create a filename to hold the original master.passwd
612 	 * so if our call to yppwupdate fails we can roll back
613 	 */
614 	snprintf(passfile_hold_buf, sizeof(passfile_hold_buf),
615 	    "%s.hold", passfile);
616 	passfile_hold = (char *)&passfile_hold_buf;
617 
618 
619 	/* Step 5: make a new password file with the updated info. */
620 
621 	snprintf(passdir_buf, sizeof(passdir_buf), "%s", passfile);
622 	passdir = dirname(passdir_buf);
623 
624 	if (pw_init(passdir, passfile)) {
625 		yp_error("pw_init() failed");
626 		return &result;
627 	}
628 	if ((pfd = pw_lock()) == -1) {
629 		pw_fini();
630 		yp_error("pw_lock() failed");
631 		return &result;
632 	}
633 	if ((tfd = pw_tmp(-1)) == -1) {
634 		pw_fini();
635 		yp_error("pw_tmp() failed");
636 		return &result;
637 	}
638 	if (pw_copy(pfd, tfd, &yp_password, NULL) == -1) {
639 		pw_fini();
640 		yp_error("pw_copy() failed");
641 		return &result;
642 	}
643 	if (rename(passfile, passfile_hold) == -1) {
644 		pw_fini();
645 		yp_error("rename of %s to %s failed", passfile,
646 		    passfile_hold);
647 		return &result;
648 	}
649 
650 	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
651 		/*
652 		 * NIS server is exporting the system's master.passwd.
653 		 * Call pw_mkdb to rebuild passwd and the .db files
654 		 */
655 		if (pw_mkdb(yp_password.pw_name) == -1) {
656 			pw_fini();
657 			yp_error("pw_mkdb() failed");
658 			rename(passfile_hold, passfile);
659 			return &result;
660 		}
661 	} else {
662 		/*
663 		 * NIS server is exporting a private master.passwd.
664 		 * Rename tempfile into final location
665 		 */
666 		if (rename(pw_tempname(), passfile) == -1) {
667 			pw_fini();
668 			yp_error("rename of %s to %s failed",
669 			    pw_tempname(), passfile);
670 			rename(passfile_hold, passfile);
671 			return &result;
672 		}
673 	}
674 
675 	pw_fini();
676 
677 	if (inplace) {
678 		if ((rval = update_inplace(&yp_password, domain))) {
679 			yp_error("inplace update failed -- rebuilding maps");
680 		}
681 	}
682 
683 	switch ((pid = fork())) {
684 	case 0:
685 		if (inplace && !rval) {
686     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
687 				yppasswd_domain, "pushpw", (char *)NULL);
688 		} else {
689     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
690 				yppasswd_domain, (char *)NULL);
691 		}
692     		yp_error("couldn't exec map update process: %s",
693 					strerror(errno));
694 		unlink(passfile);
695 		rename(passfile_hold, passfile);
696     		exit(1);
697 		break;
698 	case -1:
699 		yp_error("fork() failed: %s", strerror(errno));
700 		unlink(passfile);
701 		rename(passfile_hold, passfile);
702 		return(&result);
703 		break;
704 	default:
705 		unlink(passfile_hold);
706 		break;
707 	}
708 
709 	if (verbose) {
710 		yp_error("update completed for user %s (uid %d) in %s:",
711 		    argp->newpw.pw_name, argp->newpw.pw_uid, passfile);
712 
713 		if (passwd_changed)
714 			yp_error("password changed");
715 
716 		if (gecos_changed)
717 			yp_error("gecos changed ('%s' -> '%s')",
718 					oldgecos, argp->newpw.pw_gecos);
719 
720 		if (shell_changed)
721 			yp_error("shell changed ('%s' -> '%s')",
722 					oldshell, argp->newpw.pw_shell);
723 	}
724 
725 	result = 0;
726 	return (&result);
727 }
728 
729 /*
730  * Note that this function performs a little less sanity checking
731  * than the last one. Since only the superuser is allowed to use it,
732  * it is assumed that the caller knows what he's doing.
733  */
734 int *
735 yppasswdproc_update_master_1_svc(master_yppasswd *argp,
736     struct svc_req *rqstp)
737 {
738 	static int result;
739 	int pfd, tfd;
740 	int pid;
741 	uid_t uid;
742 	int rval = 0;
743 	DBT key, data;
744 	char *passdir;
745 	char *passfile_hold;
746 	char passdir_buf[MAXPATHLEN + 2];
747 	char passfile_buf[MAXPATHLEN + 2];
748 	char passfile_hold_buf[MAXPATHLEN + 2];
749 	struct sockaddr_in *rqhost;
750 	SVCXPRT	*transp;
751 	struct passwd newpasswd;
752 
753 	result = 1;
754 	transp = rqstp->rq_xprt;
755 
756 	/*
757 	 * NO AF_INET CONNETCIONS ALLOWED!
758 	 */
759 	rqhost = svc_getcaller(transp);
760 	if (rqhost->sin_family != AF_UNIX) {
761 		yp_error("Alert! %s/%d attempted to use superuser-only \
762 procedure!\n", inet_ntoa(rqhost->sin_addr), rqhost->sin_port);
763 		svcerr_auth(transp, AUTH_BADCRED);
764 		return(&result);
765 	}
766 
767 	if (rqstp->rq_cred.oa_flavor != AUTH_SYS) {
768 		yp_error("caller didn't send proper credentials");
769 		svcerr_auth(transp, AUTH_BADCRED);
770 		return(&result);
771 	}
772 
773 	if (__rpc_get_local_uid(transp, &uid) < 0) {
774 		yp_error("caller didn't send proper credentials");
775 		svcerr_auth(transp, AUTH_BADCRED);
776 		return(&result);
777 	}
778 
779 	if (uid) {
780 		yp_error("caller euid is %d, expecting 0 -- rejecting request",
781 		    uid);
782 		svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED);
783 		return(&result);
784 	}
785 
786 	passfile = passfile_default;
787 
788 	key.data = argp->newpw.pw_name;
789 	key.size = strlen(argp->newpw.pw_name);
790 
791 	/*
792 	 * The superuser may add entries to the passwd maps if
793 	 * rpc.yppasswdd is started with the -a flag. Paranoia
794 	 * prevents me from allowing additions by default.
795 	 */
796 	if ((rval = yp_get_record(argp->domain, "master.passwd.byname",
797 			  &key, &data, 0)) != YP_TRUE) {
798 		if (rval == YP_NOKEY) {
799 			yp_error("user %s not found in passwd database",
800 				 argp->newpw.pw_name);
801 			if (allow_additions)
802 				yp_error("notice: adding user %s to \
803 master.passwd database for domain %s", argp->newpw.pw_name, argp->domain);
804 			else
805 				yp_error("restart rpc.yppasswdd with the -a flag to \
806 allow additions to be made to the password database");
807 		} else {
808 			yp_error("database access error: %s",
809 				 yperr_string(rval));
810 		}
811 		if (!allow_additions)
812 			return(&result);
813 	} else {
814 
815 		/* Nul terminate, please. */
816 		*((char *)data.data + data.size) = '\0';
817 
818 		copy_yp_pass(data.data, 1, data.size);
819 	}
820 
821 	/*
822 	 * Perform a small bit of sanity checking.
823 	 */
824 	if (validate_master(rval == YP_TRUE ? &yp_password:NULL,&argp->newpw)){
825 		yp_error("rejecting update attempt for %s: bad arguments",
826 			 argp->newpw.pw_name);
827 		return(&result);
828 	}
829 
830 	/*
831 	 * If the caller specified a domain other than our 'default'
832 	 * domain, change the path to master.passwd accordingly.
833 	 */
834 
835 	if (strcmp(argp->domain, yppasswd_domain)) {
836 		snprintf(passfile_buf, sizeof(passfile_buf),
837 			"%s/%s/master.passwd", yp_dir, argp->domain);
838 		passfile = (char *)&passfile_buf;
839 	}
840 
841 	/*
842 	 * Create a filename to hold the original master.passwd
843 	 * so if our call to yppwupdate fails we can roll back
844 	 */
845 	snprintf(passfile_hold_buf, sizeof(passfile_hold_buf),
846 	    "%s.hold", passfile);
847 	passfile_hold = (char *)&passfile_hold_buf;
848 
849 	snprintf(passdir_buf, sizeof(passdir_buf), "%s", passfile);
850 	passdir = dirname(passdir_buf);
851 
852 	if (pw_init(passdir, passfile)) {
853 		yp_error("pw_init() failed");
854 		return &result;
855 	}
856 	if ((pfd = pw_lock()) == -1) {
857 		pw_fini();
858 		yp_error("pw_lock() failed");
859 		return &result;
860 	}
861 	if ((tfd = pw_tmp(-1)) == -1) {
862 		pw_fini();
863 		yp_error("pw_tmp() failed");
864 		return &result;
865 	}
866 	xlate_passwd(&argp->newpw, &newpasswd);
867 	if (pw_copy(pfd, tfd, &newpasswd, NULL) == -1) {
868 		pw_fini();
869 		yp_error("pw_copy() failed");
870 		return &result;
871 	}
872 	if (rename(passfile, passfile_hold) == -1) {
873 		pw_fini();
874 		yp_error("rename of %s to %s failed", passfile,
875 		    passfile_hold);
876 		return &result;
877 	}
878 	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
879 		/*
880 		 * NIS server is exporting the system's master.passwd.
881 		 * Call pw_mkdb to rebuild passwd and the .db files
882 		 */
883 		if (pw_mkdb(argp->newpw.pw_name) == -1) {
884 			pw_fini();
885 			yp_error("pw_mkdb() failed");
886 			rename(passfile_hold, passfile);
887 			return &result;
888 		}
889 	} else {
890 		/*
891 		 * NIS server is exporting a private master.passwd.
892 		 * Rename tempfile into final location
893 		 */
894 		if (rename(pw_tempname(), passfile) == -1) {
895 			pw_fini();
896 			yp_error("rename of %s to %s failed",
897 			    pw_tempname(), passfile);
898 			rename(passfile_hold, passfile);
899 			return &result;
900 		}
901 	}
902 	pw_fini();
903 
904 	if (inplace) {
905 		xlate_passwd(&argp->newpw, &newpasswd);
906 		if ((rval = update_inplace(&newpasswd, argp->domain))) {
907 			yp_error("inplace update failed -- rebuilding maps");
908 		}
909 	}
910 
911 	switch ((pid = fork())) {
912 	case 0:
913 		if (inplace && !rval) {
914     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
915 				argp->domain, "pushpw", (char *)NULL);
916     		} else {
917 			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
918 				argp->domain, (char *)NULL);
919 		}
920     		yp_error("couldn't exec map update process: %s",
921 					strerror(errno));
922 		unlink(passfile);
923 		rename(passfile_hold, passfile);
924     		exit(1);
925 		break;
926 	case -1:
927 		yp_error("fork() failed: %s", strerror(errno));
928 		unlink(passfile);
929 		rename(passfile_hold, passfile);
930 		return(&result);
931 		break;
932 	default:
933 		unlink(passfile_hold);
934 		break;
935 	}
936 
937 	yp_error("performed update of user %s (uid %d) domain %s",
938 						argp->newpw.pw_name,
939 						argp->newpw.pw_uid,
940 						argp->domain);
941 
942 	result = 0;
943 	return(&result);
944 }
945