xref: /freebsd/usr.sbin/rpc.yppasswdd/yppasswdd_server.c (revision 39beb93c3f8bdbf72a61fda42300b5ebed7390c8)
1 /*
2  * Copyright (c) 1995, 1996
3  *	Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *	This product includes software developed by Bill Paul.
16  * 4. Neither the name of the author nor the names of any co-contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include <sys/param.h>
37 #include <sys/fcntl.h>
38 #include <sys/socket.h>
39 #include <sys/stat.h>
40 #include <sys/wait.h>
41 
42 #include <arpa/inet.h>
43 #include <netinet/in.h>
44 
45 #include <ctype.h>
46 #include <db.h>
47 #include <dirent.h>
48 #include <errno.h>
49 #include <limits.h>
50 #include <pwd.h>
51 #include <signal.h>
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <string.h>
55 #include <unistd.h>
56 
57 #include <libgen.h>
58 #include <libutil.h>
59 
60 #include <rpc/rpc.h>
61 #include <rpcsvc/yp.h>
62 struct dom_binding;
63 #include <rpcsvc/ypclnt.h>
64 #include "yppasswdd_extern.h"
65 #include "yppasswd.h"
66 #include "yppasswd_private.h"
67 #include "ypxfr_extern.h"
68 #include "yp_extern.h"
69 
70 static struct passwd yp_password;
71 
72 static void
73 xlate_passwd(struct x_master_passwd *xpwd, struct passwd *pwd)
74 {
75 	pwd->pw_name = xpwd->pw_name;
76 	pwd->pw_passwd = xpwd->pw_passwd;
77 	pwd->pw_uid = xpwd->pw_uid;
78 	pwd->pw_gid = xpwd->pw_gid;
79 	pwd->pw_change = xpwd->pw_change;
80 	pwd->pw_class = xpwd->pw_class;
81 	pwd->pw_gecos = xpwd->pw_gecos;
82 	pwd->pw_dir = xpwd->pw_dir;
83 	pwd->pw_shell = xpwd->pw_shell;
84 	pwd->pw_expire = xpwd->pw_expire;
85 	pwd->pw_fields = xpwd->pw_fields;
86 }
87 
88 static void
89 copy_yp_pass(char *p, int x, int m)
90 {
91 	char *t, *s = p;
92 	static char *buf;
93 
94 	yp_password.pw_fields = 0;
95 
96 	buf = realloc(buf, m + 10);
97 	bzero(buf, m + 10);
98 
99 	/* Turn all colons into NULLs */
100 	while (strchr(s, ':')) {
101 		s = (strchr(s, ':') + 1);
102 		*(s - 1)= '\0';
103 	}
104 
105 	t = buf;
106 #define EXPAND(e)       e = t; while ((*t++ = *p++));
107         EXPAND(yp_password.pw_name);
108 	yp_password.pw_fields |= _PWF_NAME;
109         EXPAND(yp_password.pw_passwd);
110 	yp_password.pw_fields |= _PWF_PASSWD;
111 	yp_password.pw_uid = atoi(p);
112         p += (strlen(p) + 1);
113 	yp_password.pw_fields |= _PWF_UID;
114 	yp_password.pw_gid = atoi(p);
115         p += (strlen(p) + 1);
116 	yp_password.pw_fields |= _PWF_GID;
117 	if (x) {
118 		EXPAND(yp_password.pw_class);
119 		yp_password.pw_fields |= _PWF_CLASS;
120 		yp_password.pw_change = atol(p);
121 		p += (strlen(p) + 1);
122 		yp_password.pw_fields |= _PWF_CHANGE;
123 		yp_password.pw_expire = atol(p);
124 		p += (strlen(p) + 1);
125 		yp_password.pw_fields |= _PWF_EXPIRE;
126 	}
127         EXPAND(yp_password.pw_gecos);
128 	yp_password.pw_fields |= _PWF_GECOS;
129         EXPAND(yp_password.pw_dir);
130 	yp_password.pw_fields |= _PWF_DIR;
131         EXPAND(yp_password.pw_shell);
132 	yp_password.pw_fields |= _PWF_SHELL;
133 
134 	return;
135 }
136 
137 static int
138 validchars(char *arg)
139 {
140 	size_t i;
141 
142 	for (i = 0; i < strlen(arg); i++) {
143 		if (iscntrl(arg[i])) {
144 			yp_error("string contains a control character");
145 			return(1);
146 		}
147 		if (arg[i] == ':') {
148 			yp_error("string contains a colon");
149 			return(1);
150 		}
151 		/* Be evil: truncate strings with \n in them silently. */
152 		if (arg[i] == '\n') {
153 			arg[i] = '\0';
154 			return(0);
155 		}
156 	}
157 	return(0);
158 }
159 
160 static int
161 validate_master(struct passwd *opw __unused, struct x_master_passwd *npw)
162 {
163 
164 	if (npw->pw_name[0] == '+' || npw->pw_name[0] == '-') {
165 		yp_error("client tried to modify an NIS entry");
166 		return(1);
167 	}
168 
169 	if (validchars(npw->pw_shell)) {
170 		yp_error("specified shell contains invalid characters");
171 		return(1);
172 	}
173 
174 	if (validchars(npw->pw_gecos)) {
175 		yp_error("specified gecos field contains invalid characters");
176 		return(1);
177 	}
178 
179 	if (validchars(npw->pw_passwd)) {
180 		yp_error("specified password contains invalid characters");
181 		return(1);
182 	}
183 	return(0);
184 }
185 
186 static int
187 validate(struct passwd *opw, struct x_passwd *npw)
188 {
189 
190 	if (npw->pw_name[0] == '+' || npw->pw_name[0] == '-') {
191 		yp_error("client tried to modify an NIS entry");
192 		return(1);
193 	}
194 
195 	if ((uid_t)npw->pw_uid != opw->pw_uid) {
196 		yp_error("UID mismatch: client says user %s has UID %d",
197 			 npw->pw_name, npw->pw_uid);
198 		yp_error("database says user %s has UID %d", opw->pw_name,
199 			 opw->pw_uid);
200 		return(1);
201 	}
202 
203 	if ((gid_t)npw->pw_gid != opw->pw_gid) {
204 		yp_error("GID mismatch: client says user %s has GID %d",
205 			 npw->pw_name, npw->pw_gid);
206 		yp_error("database says user %s has GID %d", opw->pw_name,
207 			 opw->pw_gid);
208 		return(1);
209 	}
210 
211 	/*
212 	 * Don't allow the user to shoot himself in the foot,
213 	 * even on purpose.
214 	 */
215 	if (!ok_shell(npw->pw_shell)) {
216 		yp_error("%s is not a valid shell", npw->pw_shell);
217 		return(1);
218 	}
219 
220 	if (validchars(npw->pw_shell)) {
221 		yp_error("specified shell contains invalid characters");
222 		return(1);
223 	}
224 
225 	if (validchars(npw->pw_gecos)) {
226 		yp_error("specified gecos field contains invalid characters");
227 		return(1);
228 	}
229 
230 	if (validchars(npw->pw_passwd)) {
231 		yp_error("specified password contains invalid characters");
232 		return(1);
233 	}
234 	return(0);
235 }
236 
237 /*
238  * Kludge alert:
239  * In order to have one rpc.yppasswdd support multiple domains,
240  * we have to cheat: we search each directory under /var/yp
241  * and try to match the user in each master.passwd.byname
242  * map that we find. If the user matches (username, uid and gid
243  * all agree), then we use that domain. If we match the user in
244  * more than one database, we must abort.
245  */
246 static char *
247 find_domain(struct x_passwd *pw)
248 {
249 	struct stat statbuf;
250 	struct dirent *dirp;
251 	DIR *dird;
252 	char yp_mapdir[MAXPATHLEN + 2];
253 	static char domain[YPMAXDOMAIN];
254 	char *tmp = NULL;
255 	DBT key, data;
256 	int hit = 0;
257 
258 	yp_error("performing multidomain lookup");
259 
260 	if ((dird = opendir(yp_dir)) == NULL) {
261 		yp_error("opendir(%s) failed: %s", yp_dir, strerror(errno));
262 		return(NULL);
263 	}
264 
265 	while ((dirp = readdir(dird)) != NULL) {
266 		snprintf(yp_mapdir, sizeof yp_mapdir, "%s/%s",
267 							yp_dir, dirp->d_name);
268 		if (stat(yp_mapdir, &statbuf) < 0) {
269 			yp_error("stat(%s) failed: %s", yp_mapdir,
270 							strerror(errno));
271 			closedir(dird);
272 			return(NULL);
273 		}
274 		if (S_ISDIR(statbuf.st_mode)) {
275 			tmp = (char *)dirp->d_name;
276 			key.data = pw->pw_name;
277 			key.size = strlen(pw->pw_name);
278 
279 			if (yp_get_record(tmp,"master.passwd.byname",
280 			  		&key, &data, 0) != YP_TRUE) {
281 				continue;
282 			}
283 			*((char *)data.data + data.size) = '\0';
284 			copy_yp_pass(data.data, 1, data.size);
285 			if (yp_password.pw_uid == (uid_t)pw->pw_uid &&
286 			    yp_password.pw_gid == (gid_t)pw->pw_gid) {
287 				hit++;
288 				snprintf(domain, YPMAXDOMAIN, "%s", tmp);
289 			}
290 		}
291 	}
292 
293 	closedir(dird);
294 	if (hit > 1) {
295 		yp_error("found same user in two different domains");
296 		return(NULL);
297 	} else
298 		return((char *)&domain);
299 }
300 
301 static const char *maps[] = {
302 	"master.passwd.byname",
303 	"master.passwd.byuid",
304 	"passwd.byname",
305 	"passwd.byuid"
306 };
307 
308 static const char *formats[] = {
309 	"%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s",
310 	"%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s",
311 	"%s:%s:%d:%d:%s:%s:%s",
312 	"%s:%s:%d:%d:%s:%s:%s"
313 };
314 
315 static int
316 update_inplace(struct passwd *pw, char *domain)
317 {
318 	DB *dbp = NULL;
319 	DBT key = { NULL, 0 };
320 	DBT data = { NULL, 0 };
321 	char pwbuf[YPMAXRECORD];
322 	char keybuf[20];
323 	int i;
324 	char *ptr = NULL;
325 	static char yp_last[] = "YP_LAST_MODIFIED";
326 	char yplastbuf[YPMAXRECORD];
327 
328 	snprintf(yplastbuf, sizeof yplastbuf, "%llu",
329 	    (unsigned long long)time(NULL));
330 
331 	for (i = 0; i < 4; i++) {
332 
333 		if (i % 2) {
334 			snprintf(keybuf, sizeof keybuf,
335 			    "%llu", (unsigned long long)pw->pw_uid);
336 			key.data = &keybuf;
337 			key.size = strlen(keybuf);
338 		} else {
339 			key.data = pw->pw_name;
340 			key.size = strlen(pw->pw_name);
341 		}
342 
343 		/*
344 		 * XXX The passwd.byname and passwd.byuid maps come in
345 		 * two flavors: secure and insecure. The secure version
346 		 * has a '*' in the password field whereas the insecure one
347 		 * has a real crypted password. The maps will be insecure
348 		 * if they were built with 'unsecure = TRUE' enabled in
349 		 * /var/yp/Makefile, but we'd have no way of knowing if
350 		 * this has been done unless we were to try parsing the
351 		 * Makefile, which is a disgusting thought. Instead, we
352 		 * read the records from the maps, skip to the first ':'
353 		 * in them, and then look at the character immediately
354 		 * following it. If it's an '*' then the map is 'secure'
355 		 * and we must not insert a real password into the pw_passwd
356 		 * field. If it's not an '*', then we put the real crypted
357 		 * password in.
358 		 */
359 		if (yp_get_record(domain,maps[i],&key,&data,1) != YP_TRUE) {
360 			yp_error("couldn't read %s/%s: %s", domain,
361 						maps[i], strerror(errno));
362 			return(1);
363 		}
364 
365 		if ((ptr = strchr(data.data, ':')) == NULL) {
366 			yp_error("no colon in passwd record?!");
367 			return(1);
368 		}
369 
370 		/*
371 		 * XXX Supposing we have more than one user with the same
372 		 * UID? (Or more than one user with the same name?) We could
373 		 * end up modifying the wrong record if were not careful.
374 		 */
375 		if (i % 2) {
376 			if (strncmp(data.data, pw->pw_name,
377 							strlen(pw->pw_name))) {
378 				yp_error("warning: found entry for UID %d \
379 in map %s@%s with wrong name (%.*s)", pw->pw_uid, maps[i], domain,
380 				    (int)(ptr - (char *)data.data),
381 				    (char *)data.data);
382 				yp_error("there may be more than one user \
383 with the same UID - continuing");
384 				continue;
385 			}
386 		} else {
387 			/*
388 			 * We're really being ultra-paranoid here.
389 			 * This is generally a 'can't happen' condition.
390 			 */
391 			snprintf(pwbuf, sizeof pwbuf, ":%d:%d:", pw->pw_uid,
392 								  pw->pw_gid);
393 			if (!strstr(data.data, pwbuf)) {
394 				yp_error("warning: found entry for user %s \
395 in map %s@%s with wrong UID", pw->pw_name, maps[i], domain);
396 				yp_error("there may be more than one user \
397 with the same name - continuing");
398 				continue;
399 			}
400 		}
401 
402 		if (i < 2) {
403 			snprintf(pwbuf, sizeof pwbuf, formats[i],
404 			   pw->pw_name, pw->pw_passwd, pw->pw_uid,
405 			   pw->pw_gid, pw->pw_class, pw->pw_change,
406 			   pw->pw_expire, pw->pw_gecos, pw->pw_dir,
407 			   pw->pw_shell);
408 		} else {
409 			snprintf(pwbuf, sizeof pwbuf, formats[i],
410 			   pw->pw_name, *(ptr+1) == '*' ? "*" : pw->pw_passwd,
411 			   pw->pw_uid, pw->pw_gid, pw->pw_gecos, pw->pw_dir,
412 			   pw->pw_shell);
413 		}
414 
415 #define FLAGS O_RDWR|O_CREAT
416 
417 		if ((dbp = yp_open_db_rw(domain, maps[i], FLAGS)) == NULL) {
418 			yp_error("couldn't open %s/%s r/w: %s",domain,
419 						maps[i],strerror(errno));
420 			return(1);
421 		}
422 
423 		data.data = pwbuf;
424 		data.size = strlen(pwbuf);
425 
426 		if (yp_put_record(dbp, &key, &data, 1) != YP_TRUE) {
427 			yp_error("failed to update record in %s/%s", domain,
428 								maps[i]);
429 			(void)(dbp->close)(dbp);
430 			return(1);
431 		}
432 
433 		key.data = yp_last;
434 		key.size = strlen(yp_last);
435 		data.data = (char *)&yplastbuf;
436 		data.size = strlen(yplastbuf);
437 
438 		if (yp_put_record(dbp, &key, &data, 1) != YP_TRUE) {
439 			yp_error("failed to update timestamp in %s/%s", domain,
440 								maps[i]);
441 			(void)(dbp->close)(dbp);
442 			return(1);
443 		}
444 
445 		(void)(dbp->close)(dbp);
446 	}
447 
448 	return(0);
449 }
450 
451 int *
452 yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
453 {
454 	static int  result;
455 	struct sockaddr_in *rqhost;
456 	DBT key, data;
457 	int rval = 0;
458 	int pfd, tfd;
459 	int pid;
460 	int passwd_changed = 0;
461 	int shell_changed = 0;
462 	int gecos_changed = 0;
463 	char *oldshell = NULL;
464 	char *oldgecos = NULL;
465 	char *passfile_hold;
466 	char passfile_buf[MAXPATHLEN + 2];
467 	char passfile_hold_buf[MAXPATHLEN + 2];
468 	char *domain = yppasswd_domain;
469 	static struct sockaddr_in clntaddr;
470 	static struct timeval t_saved, t_test;
471 
472 	/*
473 	 * Normal user updates always use the 'default' master.passwd file.
474 	 */
475 
476 	passfile = passfile_default;
477 	result = 1;
478 
479 	rqhost = svc_getcaller(rqstp->rq_xprt);
480 
481 	gettimeofday(&t_test, NULL);
482 	if (!bcmp(rqhost, &clntaddr, sizeof *rqhost) &&
483 		t_test.tv_sec > t_saved.tv_sec &&
484 		t_test.tv_sec - t_saved.tv_sec < 300) {
485 
486 		bzero(&clntaddr, sizeof clntaddr);
487 		bzero(&t_saved, sizeof t_saved);
488 		return(NULL);
489 	}
490 
491 	bcopy(rqhost, &clntaddr, sizeof clntaddr);
492 	gettimeofday(&t_saved, NULL);
493 
494 	if (yp_access(resvport ? "master.passwd.byname" : NULL, rqstp)) {
495 		yp_error("rejected update request from unauthorized host");
496 		svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED);
497 		return(&result);
498 	}
499 
500 	/*
501 	 * Step one: find the user. (It's kinda pointless to
502 	 * proceed if the user doesn't exist.) We look for the
503 	 * user in the master.passwd.byname database, _NOT_ by
504 	 * using getpwent() and friends! We can't use getpwent()
505 	 * since the NIS master server is not guaranteed to be
506 	 * configured as an NIS client.
507 	 */
508 
509 	if (multidomain) {
510 		if ((domain = find_domain(&argp->newpw)) == NULL) {
511 			yp_error("multidomain lookup failed - aborting update");
512 			return(&result);
513 		} else
514 			yp_error("updating user %s in domain %s",
515 					argp->newpw.pw_name, domain);
516 	}
517 
518 	key.data = argp->newpw.pw_name;
519 	key.size = strlen(argp->newpw.pw_name);
520 
521 	if ((rval = yp_get_record(domain,"master.passwd.byname",
522 		  	&key, &data, 0)) != YP_TRUE) {
523 		if (rval == YP_NOKEY) {
524 			yp_error("user %s not found in passwd database",
525 			 	argp->newpw.pw_name);
526 		} else {
527 			yp_error("database access error: %s",
528 			 	yperr_string(rval));
529 		}
530 		return(&result);
531 	}
532 
533 	/* Nul terminate, please. */
534 	*((char *)data.data + data.size) = '\0';
535 
536 	copy_yp_pass(data.data, 1, data.size);
537 
538 	/* Step 2: check that the supplied oldpass is valid. */
539 
540 	if (strcmp(crypt(argp->oldpass, yp_password.pw_passwd),
541 					yp_password.pw_passwd)) {
542 		yp_error("rejected change attempt -- bad password");
543 		yp_error("client address: %s username: %s",
544 			  inet_ntoa(rqhost->sin_addr),
545 			  argp->newpw.pw_name);
546 		return(&result);
547 	}
548 
549 	/* Step 3: validate the arguments passed to us by the client. */
550 
551 	if (validate(&yp_password, &argp->newpw)) {
552 		yp_error("rejecting change attempt: bad arguments");
553 		yp_error("client address: %s username: %s",
554 			 inet_ntoa(rqhost->sin_addr),
555 			 argp->newpw.pw_name);
556 		svcerr_decode(rqstp->rq_xprt);
557 		return(&result);
558 	}
559 
560 	/* Step 4: update the user's passwd structure. */
561 
562 	if (!no_chsh && strcmp(argp->newpw.pw_shell, yp_password.pw_shell)) {
563 		oldshell = yp_password.pw_shell;
564 		yp_password.pw_shell = argp->newpw.pw_shell;
565 		shell_changed++;
566 	}
567 
568 
569 	if (!no_chfn && strcmp(argp->newpw.pw_gecos, yp_password.pw_gecos)) {
570 		oldgecos = yp_password.pw_gecos;
571 		yp_password.pw_gecos = argp->newpw.pw_gecos;
572 		gecos_changed++;
573 	}
574 
575 	if (strcmp(argp->newpw.pw_passwd, yp_password.pw_passwd)) {
576 		yp_password.pw_passwd = argp->newpw.pw_passwd;
577 		yp_password.pw_change = 0;
578 		passwd_changed++;
579 	}
580 
581 	/*
582 	 * If the caller specified a domain other than our 'default'
583 	 * domain, change the path to master.passwd accordingly.
584 	 */
585 
586 	if (strcmp(domain, yppasswd_domain)) {
587 		snprintf(passfile_buf, sizeof(passfile_buf),
588 			"%s/%s/master.passwd", yp_dir, domain);
589 		passfile = (char *)&passfile_buf;
590 	}
591 
592 	/*
593 	 * Create a filename to hold the original master.passwd
594 	 * so if our call to yppwupdate fails we can roll back
595 	 */
596 	snprintf(passfile_hold_buf, sizeof(passfile_hold_buf),
597 	    "%s.hold", passfile);
598 	passfile_hold = (char *)&passfile_hold_buf;
599 
600 
601 	/* Step 5: make a new password file with the updated info. */
602 
603 	if (pw_init(dirname(passfile), passfile)) {
604 		yp_error("pw_init() failed");
605 		return &result;
606 	}
607 	if ((pfd = pw_lock()) == -1) {
608 		pw_fini();
609 		yp_error("pw_lock() failed");
610 		return &result;
611 	}
612 	if ((tfd = pw_tmp(-1)) == -1) {
613 		pw_fini();
614 		yp_error("pw_tmp() failed");
615 		return &result;
616 	}
617 	if (pw_copy(pfd, tfd, &yp_password, NULL) == -1) {
618 		pw_fini();
619 		yp_error("pw_copy() failed");
620 		return &result;
621 	}
622 	if (rename(passfile, passfile_hold) == -1) {
623 		pw_fini();
624 		yp_error("rename of %s to %s failed", passfile,
625 		    passfile_hold);
626 		return &result;
627 	}
628 
629 	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
630 		/*
631 		 * NIS server is exporting the system's master.passwd.
632 		 * Call pw_mkdb to rebuild passwd and the .db files
633 		 */
634 		if (pw_mkdb(yp_password.pw_name) == -1) {
635 			pw_fini();
636 			yp_error("pw_mkdb() failed");
637 			rename(passfile_hold, passfile);
638 			return &result;
639 		}
640 	} else {
641 		/*
642 		 * NIS server is exporting a private master.passwd.
643 		 * Rename tempfile into final location
644 		 */
645 		if (rename(pw_tempname(), passfile) == -1) {
646 			pw_fini();
647 			yp_error("rename of %s to %s failed",
648 			    pw_tempname(), passfile);
649 			rename(passfile_hold, passfile);
650 			return &result;
651 		}
652 	}
653 
654 	pw_fini();
655 
656 	if (inplace) {
657 		if ((rval = update_inplace(&yp_password, domain))) {
658 			yp_error("inplace update failed -- rebuilding maps");
659 		}
660 	}
661 
662 	switch ((pid = fork())) {
663 	case 0:
664 		if (inplace && !rval) {
665     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
666 				yppasswd_domain, "pushpw", (char *)NULL);
667 		} else {
668     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
669 				yppasswd_domain, (char *)NULL);
670 		}
671     		yp_error("couldn't exec map update process: %s",
672 					strerror(errno));
673 		unlink(passfile);
674 		rename(passfile_hold, passfile);
675     		exit(1);
676 		break;
677 	case -1:
678 		yp_error("fork() failed: %s", strerror(errno));
679 		unlink(passfile);
680 		rename(passfile_hold, passfile);
681 		return(&result);
682 		break;
683 	default:
684 		unlink(passfile_hold);
685 		break;
686 	}
687 
688 	if (verbose) {
689 		yp_error("update completed for user %s (uid %d) in %s:",
690 		    argp->newpw.pw_name, argp->newpw.pw_uid, passfile);
691 
692 		if (passwd_changed)
693 			yp_error("password changed");
694 
695 		if (gecos_changed)
696 			yp_error("gecos changed ('%s' -> '%s')",
697 					oldgecos, argp->newpw.pw_gecos);
698 
699 		if (shell_changed)
700 			yp_error("shell changed ('%s' -> '%s')",
701 					oldshell, argp->newpw.pw_shell);
702 	}
703 
704 	result = 0;
705 	return (&result);
706 }
707 
708 /*
709  * Note that this function performs a little less sanity checking
710  * than the last one. Since only the superuser is allowed to use it,
711  * it is assumed that the caller knows what he's doing.
712  */
713 int *
714 yppasswdproc_update_master_1_svc(master_yppasswd *argp,
715     struct svc_req *rqstp)
716 {
717 	static int result;
718 	int pfd, tfd;
719 	int pid;
720 	uid_t uid;
721 	int rval = 0;
722 	DBT key, data;
723 	char *passfile_hold;
724 	char passfile_buf[MAXPATHLEN + 2];
725 	char passfile_hold_buf[MAXPATHLEN + 2];
726 	struct sockaddr_in *rqhost;
727 	SVCXPRT	*transp;
728 	struct passwd newpasswd;
729 
730 	result = 1;
731 	transp = rqstp->rq_xprt;
732 
733 	/*
734 	 * NO AF_INET CONNETCIONS ALLOWED!
735 	 */
736 	rqhost = svc_getcaller(transp);
737 	if (rqhost->sin_family != AF_UNIX) {
738 		yp_error("Alert! %s/%d attempted to use superuser-only \
739 procedure!\n", inet_ntoa(rqhost->sin_addr), rqhost->sin_port);
740 		svcerr_auth(transp, AUTH_BADCRED);
741 		return(&result);
742 	}
743 
744 	if (rqstp->rq_cred.oa_flavor != AUTH_SYS) {
745 		yp_error("caller didn't send proper credentials");
746 		svcerr_auth(transp, AUTH_BADCRED);
747 		return(&result);
748 	}
749 
750 	if (__rpc_get_local_uid(transp, &uid) < 0) {
751 		yp_error("caller didn't send proper credentials");
752 		svcerr_auth(transp, AUTH_BADCRED);
753 		return(&result);
754 	}
755 
756 	if (uid) {
757 		yp_error("caller euid is %d, expecting 0 -- rejecting request",
758 		    uid);
759 		svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED);
760 		return(&result);
761 	}
762 
763 	passfile = passfile_default;
764 
765 	key.data = argp->newpw.pw_name;
766 	key.size = strlen(argp->newpw.pw_name);
767 
768 	/*
769 	 * The superuser may add entries to the passwd maps if
770 	 * rpc.yppasswdd is started with the -a flag. Paranoia
771 	 * prevents me from allowing additions by default.
772 	 */
773 	if ((rval = yp_get_record(argp->domain, "master.passwd.byname",
774 			  &key, &data, 0)) != YP_TRUE) {
775 		if (rval == YP_NOKEY) {
776 			yp_error("user %s not found in passwd database",
777 				 argp->newpw.pw_name);
778 			if (allow_additions)
779 				yp_error("notice: adding user %s to \
780 master.passwd database for domain %s", argp->newpw.pw_name, argp->domain);
781 			else
782 				yp_error("restart rpc.yppasswdd with the -a flag to \
783 allow additions to be made to the password database");
784 		} else {
785 			yp_error("database access error: %s",
786 				 yperr_string(rval));
787 		}
788 		if (!allow_additions)
789 			return(&result);
790 	} else {
791 
792 		/* Nul terminate, please. */
793 		*((char *)data.data + data.size) = '\0';
794 
795 		copy_yp_pass(data.data, 1, data.size);
796 	}
797 
798 	/*
799 	 * Perform a small bit of sanity checking.
800 	 */
801 	if (validate_master(rval == YP_TRUE ? &yp_password:NULL,&argp->newpw)){
802 		yp_error("rejecting update attempt for %s: bad arguments",
803 			 argp->newpw.pw_name);
804 		return(&result);
805 	}
806 
807 	/*
808 	 * If the caller specified a domain other than our 'default'
809 	 * domain, change the path to master.passwd accordingly.
810 	 */
811 
812 	if (strcmp(argp->domain, yppasswd_domain)) {
813 		snprintf(passfile_buf, sizeof(passfile_buf),
814 			"%s/%s/master.passwd", yp_dir, argp->domain);
815 		passfile = (char *)&passfile_buf;
816 	}
817 
818 	/*
819 	 * Create a filename to hold the original master.passwd
820 	 * so if our call to yppwupdate fails we can roll back
821 	 */
822 	snprintf(passfile_hold_buf, sizeof(passfile_hold_buf),
823 	    "%s.hold", passfile);
824 	passfile_hold = (char *)&passfile_hold_buf;
825 
826 	if (pw_init(dirname(passfile), passfile)) {
827 		yp_error("pw_init() failed");
828 		return &result;
829 	}
830 	if ((pfd = pw_lock()) == -1) {
831 		pw_fini();
832 		yp_error("pw_lock() failed");
833 		return &result;
834 	}
835 	if ((tfd = pw_tmp(-1)) == -1) {
836 		pw_fini();
837 		yp_error("pw_tmp() failed");
838 		return &result;
839 	}
840 	xlate_passwd(&argp->newpw, &newpasswd);
841 	if (pw_copy(pfd, tfd, &newpasswd, NULL) == -1) {
842 		pw_fini();
843 		yp_error("pw_copy() failed");
844 		return &result;
845 	}
846 	if (rename(passfile, passfile_hold) == -1) {
847 		pw_fini();
848 		yp_error("rename of %s to %s failed", passfile,
849 		    passfile_hold);
850 		return &result;
851 	}
852 	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
853 		/*
854 		 * NIS server is exporting the system's master.passwd.
855 		 * Call pw_mkdb to rebuild passwd and the .db files
856 		 */
857 		if (pw_mkdb(argp->newpw.pw_name) == -1) {
858 			pw_fini();
859 			yp_error("pw_mkdb() failed");
860 			rename(passfile_hold, passfile);
861 			return &result;
862 		}
863 	} else {
864 		/*
865 		 * NIS server is exporting a private master.passwd.
866 		 * Rename tempfile into final location
867 		 */
868 		if (rename(pw_tempname(), passfile) == -1) {
869 			pw_fini();
870 			yp_error("rename of %s to %s failed",
871 			    pw_tempname(), passfile);
872 			rename(passfile_hold, passfile);
873 			return &result;
874 		}
875 	}
876 	pw_fini();
877 
878 	if (inplace) {
879 		xlate_passwd(&argp->newpw, &newpasswd);
880 		if ((rval = update_inplace(&newpasswd, argp->domain))) {
881 			yp_error("inplace update failed -- rebuilding maps");
882 		}
883 	}
884 
885 	switch ((pid = fork())) {
886 	case 0:
887 		if (inplace && !rval) {
888     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
889 				argp->domain, "pushpw", (char *)NULL);
890     		} else {
891 			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
892 				argp->domain, (char *)NULL);
893 		}
894     		yp_error("couldn't exec map update process: %s",
895 					strerror(errno));
896 		unlink(passfile);
897 		rename(passfile_hold, passfile);
898     		exit(1);
899 		break;
900 	case -1:
901 		yp_error("fork() failed: %s", strerror(errno));
902 		unlink(passfile);
903 		rename(passfile_hold, passfile);
904 		return(&result);
905 		break;
906 	default:
907 		unlink(passfile_hold);
908 		break;
909 	}
910 
911 	yp_error("performed update of user %s (uid %d) domain %s",
912 						argp->newpw.pw_name,
913 						argp->newpw.pw_uid,
914 						argp->domain);
915 
916 	result = 0;
917 	return(&result);
918 }
919