NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/46398: rpc.yppasswdd creates spwd.db and pwd.db even if not required and may run into problems

>Number:         46398
>Category:       bin
>Synopsis:       rpc.yppasswdd creates spwd.db and pwd.db even if not required 
>and may run into problems
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed May 02 08:15:00 +0000 2012
>Release:        NetBSD 5.1
Dr. Nagler & Company GmbH
System: NetBSD test-s0 4.0 NetBSD 4.0 (NSW-WS) #0: Tue Aug 17 17:28:09 CEST 
2010 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
        In the default setup, the YP-Master server uses /etc/master.passwd as 
source for the YP-database.
        This enables login of all YP-Users to this server - that is not usefull 
in larger setups.
        It is possible to use a private master.passwd file - e.g. 
/var/yp/<DOM-Master-Dir>/etc/master.passwd -
        by specifiying the -d option to yppasswd and define the path in the 
        So far so good.
        But if the master.passwd files gets constructured during yp-make, a 
problem with the generated DB files
        spwd.db and pwd.db arises.
        Constructing the master-passwd file for YP is very usefull, if you have 
groups of users with several administrators
        and you need to give these admins the access the the password-Master 
version for their users without opening the
        whole server for them.
        Normaly the DB files are maintained by the command vipw and the 
rpc.yppasswdd to enshure mutal exclusion
        implemented with the library libutil and the pwd_mkdb binary. (a 
passwd-lock-file is used here too.)
        But if an installation uses a private master version of this file on a 
YP-master server, theese files doesn't
        realy make sence, because nobody other than the pwd_mkdb binary ever 
uses them.
        In case that the master password file is constructed from different 
sources or the master-YP-file is edited like
        all other YP-master-files with a normal editor (e.g. vi) the generated 
DB files gets out of sync all times
        forcing the call of rpc.yppasswd to pwd_mkdb for a password update to 
        This can be avoided if the generation of the DB files can be disabled 
on the commandline of rpc.yppasswd.
        Use a YP-master setup where an own (private) master-passwd file is used 
and the passwd-master-file gets
        constructed by the make or add an user to that file with vi and try to 
use yppasswd.
        You will run into problems when updateing a password from a client, 
because the generated spwd.db and pwd.db
        files are out of date.
        The following patch will add an option to rpc.yppasswd that avoids the 
call to pwd_mkdb and renames the
        generated password lock file instead.

--- extern.h.orig       2012-05-02 09:32:46.000000000 +0200
+++ extern.h    2012-05-02 09:32:46.000000000 +0200
@@ -35,5 +35,5 @@
 void   make_passwd(yppasswd *, struct svc_req *, SVCXPRT *);
 /* rpc.yppasswdd.c */
-extern int     noshell, nogecos, nopw, domake;
+extern int     noshell, nogecos, nopw, nodbfiles, domake;
 extern char    make_arg[_POSIX2_LINE_MAX];

--- rpc.yppasswdd.8.orig        2012-05-02 09:32:45.000000000 +0200
+++ rpc.yppasswdd.8     2012-05-02 09:32:45.000000000 +0200
@@ -57,7 +57,8 @@
 .Ar directory .
 It is important to create the binary database files (pwd.db and spwd.db)
-when using this switch or the password change will fail.
+when using this switch or the password change will fail (except the
+nodbfiles option is used).
 The databases need to be created only once with the following command:
 .Dl pwd_mkdb -d directory directory/etc/master.passwd
@@ -67,6 +68,8 @@
 Don't allow changes of the gecos field in the passwd file.
 .It Fl nopw
 Don't allow changes of the password in the passwd file.
+.It Fl nodbfiles
+Suppress creation of the binary database files (pwd.db and spwd.db).
 .It Fl m Ar arg1 Op Ar arg2 ...
 Additional arguments to pass to
 .Ar make

--- rpc.yppasswdd.c.orig        2012-05-02 09:32:45.000000000 +0200
+++ rpc.yppasswdd.c     2012-05-02 09:32:46.000000000 +0200
@@ -55,7 +55,7 @@
 #include "extern.h"
-int    noshell, nogecos, nopw;
+int    noshell, nogecos, nopw, nodbfiles;
 char   make_arg[_POSIX2_LINE_MAX] = "make";
 int    main(int, char *[]);
@@ -87,6 +87,8 @@
                        nogecos = 1;
                else if (strcmp("nopw", arg) == 0)
                        nopw = 1;
+               else if (strcmp("nodbfiles", arg) == 0)
+                       nodbfiles = 1;
                else if (strcmp("m", arg) == 0) {
                        int len;
@@ -177,6 +179,6 @@
        fprintf(stderr, "usage: %s [-d directory] [-noshell] [-nogecos] "
-           "[-nopw] [-m arg1 [arg2 ...]]\n", getprogname());
+           "[-nopw] [-nodbfiles] [-m arg1 [arg2 ...]]\n", getprogname());

--- yppasswdd_mkpw.c.orig       2012-05-02 09:32:45.000000000 +0200
+++ yppasswdd_mkpw.c    2012-05-02 09:32:45.000000000 +0200
@@ -159,10 +159,22 @@
        pw_copy(pfd, tfd, &pw, NULL);
-       if (pw_mkdb(pw.pw_name, 0) < 0) {
-               warnx("pw_mkdb failed");
-               pw_abort();
-               RETURN(1);
+       if (!nodbfiles) {
+               if (pw_mkdb(pw.pw_name, 0) < 0) {
+                       warnx("pw_mkdb failed");
+                       pw_abort();
+                       RETURN(1);
+               }
+       } else {
+               char from[MAXPATHLEN];
+               (void)strlcpy(from, pw_getprefix(), sizeof(from));
+               (void)strlcat(from, _PATH_MASTERPASSWD_LOCK, sizeof(from));
+               if (rename(from, mpwd) < 0) {
+                       warnx("rename from %s to %s failed with errno = %d 
strerror = %s\n", from, mpwd, errno, strerror(errno));
+                       pw_abort();
+                       RETURN(1);
+               }


Home | Main Index | Thread Index | Old Index