xref: /freebsd/usr.sbin/rpc.yppasswdd/yppasswdd_server.c (revision ccb59683b98360afaf5b5bb641a68fea22c68d0b)
1 /*-
2  * SPDX-License-Identifier: BSD-4-Clause
3  *
4  * Copyright (c) 1995, 1996
5  *	Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. All advertising materials mentioning features or use of this software
16  *    must display the following acknowledgement:
17  *	This product includes software developed by Bill Paul.
18  * 4. Neither the name of the author nor the names of any co-contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
37 
38 #include <sys/param.h>
39 #include <sys/fcntl.h>
40 #include <sys/socket.h>
41 #include <sys/stat.h>
42 #include <sys/wait.h>
43 
44 #include <arpa/inet.h>
45 #include <netinet/in.h>
46 
47 #include <ctype.h>
48 #include <db.h>
49 #include <dirent.h>
50 #include <errno.h>
51 #include <limits.h>
52 #include <pwd.h>
53 #include <signal.h>
54 #include <stdio.h>
55 #include <stdlib.h>
56 #include <string.h>
57 #include <unistd.h>
58 
59 #include <libgen.h>
60 #include <libutil.h>
61 
62 #include <rpc/rpc.h>
63 #include <rpcsvc/yp.h>
64 struct dom_binding;
65 #include <rpcsvc/ypclnt.h>
66 #include "yppasswdd_extern.h"
67 #include "yppasswd.h"
68 #include "yppasswd_private.h"
69 #include "ypxfr_extern.h"
70 #include "yp_extern.h"
71 
72 static struct passwd yp_password;
73 
74 static void
75 xlate_passwd(struct x_master_passwd *xpwd, struct passwd *pwd)
76 {
77 	pwd->pw_name = xpwd->pw_name;
78 	pwd->pw_passwd = xpwd->pw_passwd;
79 	pwd->pw_uid = xpwd->pw_uid;
80 	pwd->pw_gid = xpwd->pw_gid;
81 	pwd->pw_change = xpwd->pw_change;
82 	pwd->pw_class = xpwd->pw_class;
83 	pwd->pw_gecos = xpwd->pw_gecos;
84 	pwd->pw_dir = xpwd->pw_dir;
85 	pwd->pw_shell = xpwd->pw_shell;
86 	pwd->pw_expire = xpwd->pw_expire;
87 	pwd->pw_fields = xpwd->pw_fields;
88 }
89 
90 static void
91 copy_yp_pass(char *p, int x, int m)
92 {
93 	char *t, *s = p;
94 	static char *buf;
95 
96 	yp_password.pw_fields = 0;
97 
98 	buf = realloc(buf, m + 10);
99 	bzero(buf, m + 10);
100 
101 	/* Turn all colons into NULLs */
102 	while (strchr(s, ':')) {
103 		s = (strchr(s, ':') + 1);
104 		*(s - 1)= '\0';
105 	}
106 
107 	t = buf;
108 #define EXPAND(e) do { \
109 	e = t; \
110 	while ((*t++ = *p++)); \
111 } while (0)
112         EXPAND(yp_password.pw_name);
113 	yp_password.pw_fields |= _PWF_NAME;
114         EXPAND(yp_password.pw_passwd);
115 	yp_password.pw_fields |= _PWF_PASSWD;
116 	yp_password.pw_uid = atoi(p);
117         p += (strlen(p) + 1);
118 	yp_password.pw_fields |= _PWF_UID;
119 	yp_password.pw_gid = atoi(p);
120         p += (strlen(p) + 1);
121 	yp_password.pw_fields |= _PWF_GID;
122 	if (x) {
123 		EXPAND(yp_password.pw_class);
124 		yp_password.pw_fields |= _PWF_CLASS;
125 		yp_password.pw_change = atol(p);
126 		p += (strlen(p) + 1);
127 		yp_password.pw_fields |= _PWF_CHANGE;
128 		yp_password.pw_expire = atol(p);
129 		p += (strlen(p) + 1);
130 		yp_password.pw_fields |= _PWF_EXPIRE;
131 	}
132         EXPAND(yp_password.pw_gecos);
133 	yp_password.pw_fields |= _PWF_GECOS;
134         EXPAND(yp_password.pw_dir);
135 	yp_password.pw_fields |= _PWF_DIR;
136         EXPAND(yp_password.pw_shell);
137 	yp_password.pw_fields |= _PWF_SHELL;
138 }
139 
140 static int
141 validchars(char *arg)
142 {
143 	size_t i;
144 
145 	for (i = 0; i < strlen(arg); i++) {
146 		if (iscntrl(arg[i])) {
147 			yp_error("string contains a control character");
148 			return(1);
149 		}
150 		if (arg[i] == ':') {
151 			yp_error("string contains a colon");
152 			return(1);
153 		}
154 		/* Be evil: truncate strings with \n in them silently. */
155 		if (arg[i] == '\n') {
156 			arg[i] = '\0';
157 			return(0);
158 		}
159 	}
160 	return(0);
161 }
162 
163 static int
164 validate_master(struct passwd *opw __unused, struct x_master_passwd *npw)
165 {
166 
167 	if (npw->pw_name[0] == '+' || npw->pw_name[0] == '-') {
168 		yp_error("client tried to modify an NIS entry");
169 		return(1);
170 	}
171 
172 	if (validchars(npw->pw_shell)) {
173 		yp_error("specified shell contains invalid characters");
174 		return(1);
175 	}
176 
177 	if (validchars(npw->pw_gecos)) {
178 		yp_error("specified gecos field contains invalid characters");
179 		return(1);
180 	}
181 
182 	if (validchars(npw->pw_passwd)) {
183 		yp_error("specified password contains invalid characters");
184 		return(1);
185 	}
186 	return(0);
187 }
188 
189 static int
190 validate(struct passwd *opw, struct x_passwd *npw)
191 {
192 
193 	if (npw->pw_name[0] == '+' || npw->pw_name[0] == '-') {
194 		yp_error("client tried to modify an NIS entry");
195 		return(1);
196 	}
197 
198 	if ((uid_t)npw->pw_uid != opw->pw_uid) {
199 		yp_error("UID mismatch: client says user %s has UID %d",
200 			 npw->pw_name, npw->pw_uid);
201 		yp_error("database says user %s has UID %d", opw->pw_name,
202 			 opw->pw_uid);
203 		return(1);
204 	}
205 
206 	if ((gid_t)npw->pw_gid != opw->pw_gid) {
207 		yp_error("GID mismatch: client says user %s has GID %d",
208 			 npw->pw_name, npw->pw_gid);
209 		yp_error("database says user %s has GID %d", opw->pw_name,
210 			 opw->pw_gid);
211 		return(1);
212 	}
213 
214 	/*
215 	 * Don't allow the user to shoot himself in the foot,
216 	 * even on purpose.
217 	 */
218 	if (!no_chsh && !ok_shell(npw->pw_shell)) {
219 		yp_error("%s is not a valid shell", npw->pw_shell);
220 		return(1);
221 	}
222 
223 	if (!no_chsh && validchars(npw->pw_shell)) {
224 		yp_error("specified shell contains invalid characters");
225 		return(1);
226 	}
227 
228 	if (validchars(npw->pw_gecos)) {
229 		yp_error("specified gecos field contains invalid characters");
230 		return(1);
231 	}
232 
233 	if (validchars(npw->pw_passwd)) {
234 		yp_error("specified password contains invalid characters");
235 		return(1);
236 	}
237 	return(0);
238 }
239 
240 /*
241  * Kludge alert:
242  * In order to have one rpc.yppasswdd support multiple domains,
243  * we have to cheat: we search each directory under /var/yp
244  * and try to match the user in each master.passwd.byname
245  * map that we find. If the user matches (username, uid and gid
246  * all agree), then we use that domain. If we match the user in
247  * more than one database, we must abort.
248  */
249 static char *
250 find_domain(struct x_passwd *pw)
251 {
252 	struct stat statbuf;
253 	struct dirent *dirp;
254 	DIR *dird;
255 	char yp_mapdir[MAXPATHLEN + 2];
256 	static char domain[YPMAXDOMAIN];
257 	char *tmp = NULL;
258 	DBT key, data;
259 	int hit = 0;
260 
261 	yp_error("performing multidomain lookup");
262 
263 	if ((dird = opendir(yp_dir)) == NULL) {
264 		yp_error("opendir(%s) failed: %s", yp_dir, strerror(errno));
265 		return(NULL);
266 	}
267 
268 	while ((dirp = readdir(dird)) != NULL) {
269 		snprintf(yp_mapdir, sizeof yp_mapdir, "%s/%s",
270 							yp_dir, dirp->d_name);
271 		if (stat(yp_mapdir, &statbuf) < 0) {
272 			yp_error("stat(%s) failed: %s", yp_mapdir,
273 							strerror(errno));
274 			closedir(dird);
275 			return(NULL);
276 		}
277 		if (S_ISDIR(statbuf.st_mode)) {
278 			tmp = (char *)dirp->d_name;
279 			key.data = pw->pw_name;
280 			key.size = strlen(pw->pw_name);
281 
282 			if (yp_get_record(tmp,"master.passwd.byname",
283 			  		&key, &data, 0) != YP_TRUE) {
284 				continue;
285 			}
286 			*((char *)data.data + data.size) = '\0';
287 			copy_yp_pass(data.data, 1, data.size);
288 			if (yp_password.pw_uid == (uid_t)pw->pw_uid &&
289 			    yp_password.pw_gid == (gid_t)pw->pw_gid) {
290 				hit++;
291 				snprintf(domain, YPMAXDOMAIN, "%s", tmp);
292 			}
293 		}
294 	}
295 
296 	closedir(dird);
297 	if (hit > 1) {
298 		yp_error("found same user in two different domains");
299 		return(NULL);
300 	} else
301 		return((char *)&domain);
302 }
303 
304 static const char *maps[] = {
305 	"master.passwd.byname",
306 	"master.passwd.byuid",
307 	"passwd.byname",
308 	"passwd.byuid"
309 };
310 
311 static const char *formats[] = {
312 	"%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s",
313 	"%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s",
314 	"%s:%s:%d:%d:%s:%s:%s",
315 	"%s:%s:%d:%d:%s:%s:%s"
316 };
317 
318 static int
319 update_inplace(struct passwd *pw, char *domain)
320 {
321 	DB *dbp = NULL;
322 	DBT key = { NULL, 0 };
323 	DBT data = { NULL, 0 };
324 	char *pwbuf;
325 	char keybuf[20];
326 	int i;
327 	char *ptr = NULL;
328 	static char yp_last[] = "YP_LAST_MODIFIED";
329 	char yplastbuf[64];
330 
331 	snprintf(yplastbuf, sizeof yplastbuf, "%llu",
332 	    (unsigned long long)time(NULL));
333 	pwbuf = NULL;
334 
335 	for (i = 0; i < 4; i++) {
336 
337 		if (i % 2) {
338 			snprintf(keybuf, sizeof keybuf,
339 			    "%llu", (unsigned long long)pw->pw_uid);
340 			key.data = &keybuf;
341 			key.size = strlen(keybuf);
342 		} else {
343 			key.data = pw->pw_name;
344 			key.size = strlen(pw->pw_name);
345 		}
346 
347 		/*
348 		 * XXX The passwd.byname and passwd.byuid maps come in
349 		 * two flavors: secure and insecure. The secure version
350 		 * has a '*' in the password field whereas the insecure one
351 		 * has a real crypted password. The maps will be insecure
352 		 * if they were built with 'unsecure = TRUE' enabled in
353 		 * /var/yp/Makefile, but we'd have no way of knowing if
354 		 * this has been done unless we were to try parsing the
355 		 * Makefile, which is a disgusting thought. Instead, we
356 		 * read the records from the maps, skip to the first ':'
357 		 * in them, and then look at the character immediately
358 		 * following it. If it's an '*' then the map is 'secure'
359 		 * and we must not insert a real password into the pw_passwd
360 		 * field. If it's not an '*', then we put the real crypted
361 		 * password in.
362 		 */
363 		if (yp_get_record(domain,maps[i],&key,&data,1) != YP_TRUE) {
364 			yp_error("couldn't read %s/%s: %s", domain,
365 						maps[i], strerror(errno));
366 			goto ret1;
367 		}
368 
369 		if ((ptr = strchr(data.data, ':')) == NULL) {
370 			yp_error("no colon in passwd record?!");
371 			goto ret1;
372 		}
373 
374 		/*
375 		 * XXX Supposing we have more than one user with the same
376 		 * UID? (Or more than one user with the same name?) We could
377 		 * end up modifying the wrong record if were not careful.
378 		 */
379 		if (i % 2) {
380 			if (strncmp(data.data, pw->pw_name,
381 							strlen(pw->pw_name))) {
382 				yp_error("warning: found entry for UID %d \
383 in map %s@%s with wrong name (%.*s)", pw->pw_uid, maps[i], domain,
384 				    (int)(ptr - (char *)data.data),
385 				    (char *)data.data);
386 				yp_error("there may be more than one user \
387 with the same UID - continuing");
388 				continue;
389 			}
390 		} else {
391 			/*
392 			 * We're really being ultra-paranoid here.
393 			 * This is generally a 'can't happen' condition.
394 			 */
395 			free(pwbuf);
396 			asprintf(&pwbuf, ":%d:%d:", pw->pw_uid, pw->pw_gid);
397 			if (pwbuf == NULL) {
398 				yp_error("no memory");
399 				goto ret1;
400 			}
401 			if (!strstr(data.data, pwbuf)) {
402 				yp_error("warning: found entry for user %s \
403 in map %s@%s with wrong UID", pw->pw_name, maps[i], domain);
404 				yp_error("there may be more than one user \
405 with the same name - continuing");
406 				continue;
407 			}
408 		}
409 
410 		if (i < 2) {
411 			free(pwbuf);
412 			asprintf(&pwbuf, formats[i],
413 			   pw->pw_name, pw->pw_passwd, pw->pw_uid,
414 			   pw->pw_gid, pw->pw_class, pw->pw_change,
415 			   pw->pw_expire, pw->pw_gecos, pw->pw_dir,
416 			   pw->pw_shell);
417 		} else {
418 			free(pwbuf);
419 			asprintf(&pwbuf, formats[i],
420 			   pw->pw_name, *(ptr+1) == '*' ? "*" : pw->pw_passwd,
421 			   pw->pw_uid, pw->pw_gid, pw->pw_gecos, pw->pw_dir,
422 			   pw->pw_shell);
423 		}
424 		if (pwbuf == NULL) {
425 			yp_error("no memory");
426 			goto ret1;
427 		}
428 
429 #define FLAGS O_RDWR|O_CREAT
430 
431 		if ((dbp = yp_open_db_rw(domain, maps[i], FLAGS)) == NULL) {
432 			yp_error("couldn't open %s/%s r/w: %s",domain,
433 						maps[i],strerror(errno));
434 			goto ret1;
435 		}
436 
437 		data.data = pwbuf;
438 		data.size = strlen(pwbuf);
439 
440 		if (yp_put_record(dbp, &key, &data, 1) != YP_TRUE) {
441 			yp_error("failed to update record in %s/%s", domain,
442 								maps[i]);
443 			(void)(dbp->close)(dbp);
444 			goto ret1;
445 		}
446 
447 		key.data = yp_last;
448 		key.size = strlen(yp_last);
449 		data.data = (char *)&yplastbuf;
450 		data.size = strlen(yplastbuf);
451 
452 		if (yp_put_record(dbp, &key, &data, 1) != YP_TRUE) {
453 			yp_error("failed to update timestamp in %s/%s", domain,
454 								maps[i]);
455 			(void)(dbp->close)(dbp);
456 			goto ret1;
457 		}
458 
459 		(void)(dbp->close)(dbp);
460 	}
461 
462 	free(pwbuf);
463 	return (0);
464 ret1:
465 	free(pwbuf);
466 	return (1);
467 }
468 
469 int *
470 yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
471 {
472 	static int  result;
473 	struct sockaddr_in *rqhost;
474 	DBT key, data;
475 	int rval = 0;
476 	int pfd, tfd;
477 	int pid;
478 	int passwd_changed = 0;
479 	int shell_changed = 0;
480 	int gecos_changed = 0;
481 	char *cryptpw;
482 	char *oldshell = NULL;
483 	char *oldgecos = NULL;
484 	char *passdir;
485 	char *passfile_hold;
486 	char passdir_buf[MAXPATHLEN + 2];
487 	char passfile_buf[MAXPATHLEN + 2];
488 	char passfile_hold_buf[MAXPATHLEN + 2];
489 	char *domain = yppasswd_domain;
490 	static struct sockaddr_in clntaddr;
491 	static struct timeval t_saved, t_test;
492 
493 	/*
494 	 * Normal user updates always use the 'default' master.passwd file.
495 	 */
496 
497 	passfile = passfile_default;
498 	result = 1;
499 
500 	rqhost = svc_getcaller(rqstp->rq_xprt);
501 
502 	gettimeofday(&t_test, NULL);
503 	if (!bcmp(rqhost, &clntaddr, sizeof *rqhost) &&
504 		t_test.tv_sec > t_saved.tv_sec &&
505 		t_test.tv_sec - t_saved.tv_sec < 300) {
506 
507 		bzero(&clntaddr, sizeof clntaddr);
508 		bzero(&t_saved, sizeof t_saved);
509 		return(NULL);
510 	}
511 
512 	bcopy(rqhost, &clntaddr, sizeof clntaddr);
513 	gettimeofday(&t_saved, NULL);
514 
515 	if (yp_access(resvport ? "master.passwd.byname" : NULL, rqstp)) {
516 		yp_error("rejected update request from unauthorized host");
517 		svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED);
518 		return(&result);
519 	}
520 
521 	/*
522 	 * Step one: find the user. (It's kinda pointless to
523 	 * proceed if the user doesn't exist.) We look for the
524 	 * user in the master.passwd.byname database, _NOT_ by
525 	 * using getpwent() and friends! We can't use getpwent()
526 	 * since the NIS master server is not guaranteed to be
527 	 * configured as an NIS client.
528 	 */
529 
530 	if (multidomain) {
531 		if ((domain = find_domain(&argp->newpw)) == NULL) {
532 			yp_error("multidomain lookup failed - aborting update");
533 			return(&result);
534 		} else
535 			yp_error("updating user %s in domain %s",
536 					argp->newpw.pw_name, domain);
537 	}
538 
539 	key.data = argp->newpw.pw_name;
540 	key.size = strlen(argp->newpw.pw_name);
541 
542 	if ((rval = yp_get_record(domain,"master.passwd.byname",
543 		  	&key, &data, 0)) != YP_TRUE) {
544 		if (rval == YP_NOKEY) {
545 			yp_error("user %s not found in passwd database",
546 			 	argp->newpw.pw_name);
547 		} else {
548 			yp_error("database access error: %s",
549 			 	yperr_string(rval));
550 		}
551 		return(&result);
552 	}
553 
554 	/* Nul terminate, please. */
555 	*((char *)data.data + data.size) = '\0';
556 
557 	copy_yp_pass(data.data, 1, data.size);
558 
559 	/* Step 2: check that the supplied oldpass is valid. */
560 
561 	cryptpw = crypt(argp->oldpass, yp_password.pw_passwd);
562 	if (cryptpw == NULL || strcmp(cryptpw, yp_password.pw_passwd)) {
563 		yp_error("rejected change attempt -- bad password");
564 		yp_error("client address: %s username: %s",
565 			  inet_ntoa(rqhost->sin_addr),
566 			  argp->newpw.pw_name);
567 		return(&result);
568 	}
569 
570 	/* Step 3: validate the arguments passed to us by the client. */
571 
572 	if (validate(&yp_password, &argp->newpw)) {
573 		yp_error("rejecting change attempt: bad arguments");
574 		yp_error("client address: %s username: %s",
575 			 inet_ntoa(rqhost->sin_addr),
576 			 argp->newpw.pw_name);
577 		svcerr_decode(rqstp->rq_xprt);
578 		return(&result);
579 	}
580 
581 	/* Step 4: update the user's passwd structure. */
582 
583 	if (!no_chsh && strcmp(argp->newpw.pw_shell, yp_password.pw_shell)) {
584 		oldshell = yp_password.pw_shell;
585 		yp_password.pw_shell = argp->newpw.pw_shell;
586 		shell_changed++;
587 	}
588 
589 
590 	if (!no_chfn && strcmp(argp->newpw.pw_gecos, yp_password.pw_gecos)) {
591 		oldgecos = yp_password.pw_gecos;
592 		yp_password.pw_gecos = argp->newpw.pw_gecos;
593 		gecos_changed++;
594 	}
595 
596 	if (strcmp(argp->newpw.pw_passwd, yp_password.pw_passwd)) {
597 		yp_password.pw_passwd = argp->newpw.pw_passwd;
598 		yp_password.pw_change = 0;
599 		passwd_changed++;
600 	}
601 
602 	/*
603 	 * If the caller specified a domain other than our 'default'
604 	 * domain, change the path to master.passwd accordingly.
605 	 */
606 
607 	if (strcmp(domain, yppasswd_domain)) {
608 		snprintf(passfile_buf, sizeof(passfile_buf),
609 			"%s/%s/master.passwd", yp_dir, domain);
610 		passfile = (char *)&passfile_buf;
611 	}
612 
613 	/*
614 	 * Create a filename to hold the original master.passwd
615 	 * so if our call to yppwupdate fails we can roll back
616 	 */
617 	snprintf(passfile_hold_buf, sizeof(passfile_hold_buf),
618 	    "%s.hold", passfile);
619 	passfile_hold = (char *)&passfile_hold_buf;
620 
621 
622 	/* Step 5: make a new password file with the updated info. */
623 
624 	snprintf(passdir_buf, sizeof(passdir_buf), "%s", passfile);
625 	passdir = dirname(passdir_buf);
626 
627 	if (pw_init(passdir, passfile)) {
628 		yp_error("pw_init() failed");
629 		return &result;
630 	}
631 	if ((pfd = pw_lock()) == -1) {
632 		pw_fini();
633 		yp_error("pw_lock() failed");
634 		return &result;
635 	}
636 	if ((tfd = pw_tmp(-1)) == -1) {
637 		pw_fini();
638 		yp_error("pw_tmp() failed");
639 		return &result;
640 	}
641 	if (pw_copy(pfd, tfd, &yp_password, NULL) == -1) {
642 		pw_fini();
643 		yp_error("pw_copy() failed");
644 		return &result;
645 	}
646 	if (rename(passfile, passfile_hold) == -1) {
647 		pw_fini();
648 		yp_error("rename of %s to %s failed", passfile,
649 		    passfile_hold);
650 		return &result;
651 	}
652 
653 	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
654 		/*
655 		 * NIS server is exporting the system's master.passwd.
656 		 * Call pw_mkdb to rebuild passwd and the .db files
657 		 */
658 		if (pw_mkdb(yp_password.pw_name) == -1) {
659 			pw_fini();
660 			yp_error("pw_mkdb() failed");
661 			rename(passfile_hold, passfile);
662 			return &result;
663 		}
664 	} else {
665 		/*
666 		 * NIS server is exporting a private master.passwd.
667 		 * Rename tempfile into final location
668 		 */
669 		if (rename(pw_tempname(), passfile) == -1) {
670 			pw_fini();
671 			yp_error("rename of %s to %s failed",
672 			    pw_tempname(), passfile);
673 			rename(passfile_hold, passfile);
674 			return &result;
675 		}
676 	}
677 
678 	pw_fini();
679 
680 	if (inplace) {
681 		if ((rval = update_inplace(&yp_password, domain))) {
682 			yp_error("inplace update failed -- rebuilding maps");
683 		}
684 	}
685 
686 	switch ((pid = fork())) {
687 	case 0:
688 		if (inplace && !rval) {
689     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
690 				yppasswd_domain, "pushpw", (char *)NULL);
691 		} else {
692     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
693 				yppasswd_domain, (char *)NULL);
694 		}
695     		yp_error("couldn't exec map update process: %s",
696 					strerror(errno));
697 		unlink(passfile);
698 		rename(passfile_hold, passfile);
699     		exit(1);
700 		break;
701 	case -1:
702 		yp_error("fork() failed: %s", strerror(errno));
703 		unlink(passfile);
704 		rename(passfile_hold, passfile);
705 		return(&result);
706 		break;
707 	default:
708 		unlink(passfile_hold);
709 		break;
710 	}
711 
712 	if (verbose) {
713 		yp_error("update completed for user %s (uid %d) in %s:",
714 		    argp->newpw.pw_name, argp->newpw.pw_uid, passfile);
715 
716 		if (passwd_changed)
717 			yp_error("password changed");
718 
719 		if (gecos_changed)
720 			yp_error("gecos changed ('%s' -> '%s')",
721 					oldgecos, argp->newpw.pw_gecos);
722 
723 		if (shell_changed)
724 			yp_error("shell changed ('%s' -> '%s')",
725 					oldshell, argp->newpw.pw_shell);
726 	}
727 
728 	result = 0;
729 	return (&result);
730 }
731 
732 /*
733  * Note that this function performs a little less sanity checking
734  * than the last one. Since only the superuser is allowed to use it,
735  * it is assumed that the caller knows what he's doing.
736  */
737 int *
738 yppasswdproc_update_master_1_svc(master_yppasswd *argp,
739     struct svc_req *rqstp)
740 {
741 	static int result;
742 	int pfd, tfd;
743 	int pid;
744 	uid_t uid;
745 	int rval = 0;
746 	DBT key, data;
747 	char *passdir;
748 	char *passfile_hold;
749 	char passdir_buf[MAXPATHLEN + 2];
750 	char passfile_buf[MAXPATHLEN + 2];
751 	char passfile_hold_buf[MAXPATHLEN + 2];
752 	struct sockaddr_in *rqhost;
753 	SVCXPRT	*transp;
754 	struct passwd newpasswd;
755 
756 	result = 1;
757 	transp = rqstp->rq_xprt;
758 
759 	/*
760 	 * NO AF_INET CONNETCIONS ALLOWED!
761 	 */
762 	rqhost = svc_getcaller(transp);
763 	if (rqhost->sin_family != AF_UNIX) {
764 		yp_error("Alert! %s/%d attempted to use superuser-only \
765 procedure!\n", inet_ntoa(rqhost->sin_addr), rqhost->sin_port);
766 		svcerr_auth(transp, AUTH_BADCRED);
767 		return(&result);
768 	}
769 
770 	if (rqstp->rq_cred.oa_flavor != AUTH_SYS) {
771 		yp_error("caller didn't send proper credentials");
772 		svcerr_auth(transp, AUTH_BADCRED);
773 		return(&result);
774 	}
775 
776 	if (__rpc_get_local_uid(transp, &uid) < 0) {
777 		yp_error("caller didn't send proper credentials");
778 		svcerr_auth(transp, AUTH_BADCRED);
779 		return(&result);
780 	}
781 
782 	if (uid) {
783 		yp_error("caller euid is %d, expecting 0 -- rejecting request",
784 		    uid);
785 		svcerr_auth(rqstp->rq_xprt, AUTH_BADCRED);
786 		return(&result);
787 	}
788 
789 	passfile = passfile_default;
790 
791 	key.data = argp->newpw.pw_name;
792 	key.size = strlen(argp->newpw.pw_name);
793 
794 	/*
795 	 * The superuser may add entries to the passwd maps if
796 	 * rpc.yppasswdd is started with the -a flag. Paranoia
797 	 * prevents me from allowing additions by default.
798 	 */
799 	if ((rval = yp_get_record(argp->domain, "master.passwd.byname",
800 			  &key, &data, 0)) != YP_TRUE) {
801 		if (rval == YP_NOKEY) {
802 			yp_error("user %s not found in passwd database",
803 				 argp->newpw.pw_name);
804 			if (allow_additions)
805 				yp_error("notice: adding user %s to \
806 master.passwd database for domain %s", argp->newpw.pw_name, argp->domain);
807 			else
808 				yp_error("restart rpc.yppasswdd with the -a flag to \
809 allow additions to be made to the password database");
810 		} else {
811 			yp_error("database access error: %s",
812 				 yperr_string(rval));
813 		}
814 		if (!allow_additions)
815 			return(&result);
816 	} else {
817 
818 		/* Nul terminate, please. */
819 		*((char *)data.data + data.size) = '\0';
820 
821 		copy_yp_pass(data.data, 1, data.size);
822 	}
823 
824 	/*
825 	 * Perform a small bit of sanity checking.
826 	 */
827 	if (validate_master(rval == YP_TRUE ? &yp_password:NULL,&argp->newpw)){
828 		yp_error("rejecting update attempt for %s: bad arguments",
829 			 argp->newpw.pw_name);
830 		return(&result);
831 	}
832 
833 	/*
834 	 * If the caller specified a domain other than our 'default'
835 	 * domain, change the path to master.passwd accordingly.
836 	 */
837 
838 	if (strcmp(argp->domain, yppasswd_domain)) {
839 		snprintf(passfile_buf, sizeof(passfile_buf),
840 			"%s/%s/master.passwd", yp_dir, argp->domain);
841 		passfile = (char *)&passfile_buf;
842 	}
843 
844 	/*
845 	 * Create a filename to hold the original master.passwd
846 	 * so if our call to yppwupdate fails we can roll back
847 	 */
848 	snprintf(passfile_hold_buf, sizeof(passfile_hold_buf),
849 	    "%s.hold", passfile);
850 	passfile_hold = (char *)&passfile_hold_buf;
851 
852 	snprintf(passdir_buf, sizeof(passdir_buf), "%s", passfile);
853 	passdir = dirname(passdir_buf);
854 
855 	if (pw_init(passdir, passfile)) {
856 		yp_error("pw_init() failed");
857 		return &result;
858 	}
859 	if ((pfd = pw_lock()) == -1) {
860 		pw_fini();
861 		yp_error("pw_lock() failed");
862 		return &result;
863 	}
864 	if ((tfd = pw_tmp(-1)) == -1) {
865 		pw_fini();
866 		yp_error("pw_tmp() failed");
867 		return &result;
868 	}
869 	xlate_passwd(&argp->newpw, &newpasswd);
870 	if (pw_copy(pfd, tfd, &newpasswd, NULL) == -1) {
871 		pw_fini();
872 		yp_error("pw_copy() failed");
873 		return &result;
874 	}
875 	if (rename(passfile, passfile_hold) == -1) {
876 		pw_fini();
877 		yp_error("rename of %s to %s failed", passfile,
878 		    passfile_hold);
879 		return &result;
880 	}
881 	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
882 		/*
883 		 * NIS server is exporting the system's master.passwd.
884 		 * Call pw_mkdb to rebuild passwd and the .db files
885 		 */
886 		if (pw_mkdb(argp->newpw.pw_name) == -1) {
887 			pw_fini();
888 			yp_error("pw_mkdb() failed");
889 			rename(passfile_hold, passfile);
890 			return &result;
891 		}
892 	} else {
893 		/*
894 		 * NIS server is exporting a private master.passwd.
895 		 * Rename tempfile into final location
896 		 */
897 		if (rename(pw_tempname(), passfile) == -1) {
898 			pw_fini();
899 			yp_error("rename of %s to %s failed",
900 			    pw_tempname(), passfile);
901 			rename(passfile_hold, passfile);
902 			return &result;
903 		}
904 	}
905 	pw_fini();
906 
907 	if (inplace) {
908 		xlate_passwd(&argp->newpw, &newpasswd);
909 		if ((rval = update_inplace(&newpasswd, argp->domain))) {
910 			yp_error("inplace update failed -- rebuilding maps");
911 		}
912 	}
913 
914 	switch ((pid = fork())) {
915 	case 0:
916 		if (inplace && !rval) {
917     			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
918 				argp->domain, "pushpw", (char *)NULL);
919     		} else {
920 			execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile,
921 				argp->domain, (char *)NULL);
922 		}
923     		yp_error("couldn't exec map update process: %s",
924 					strerror(errno));
925 		unlink(passfile);
926 		rename(passfile_hold, passfile);
927     		exit(1);
928 		break;
929 	case -1:
930 		yp_error("fork() failed: %s", strerror(errno));
931 		unlink(passfile);
932 		rename(passfile_hold, passfile);
933 		return(&result);
934 		break;
935 	default:
936 		unlink(passfile_hold);
937 		break;
938 	}
939 
940 	yp_error("performed update of user %s (uid %d) domain %s",
941 						argp->newpw.pw_name,
942 						argp->newpw.pw_uid,
943 						argp->domain);
944 
945 	result = 0;
946 	return(&result);
947 }
948