NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/46398: rpc.yppasswdd creates spwd.db and pwd.db even if not required and may run into problems
>Number: 46398
>Category: bin
>Synopsis: rpc.yppasswdd creates spwd.db and pwd.db even if not required
>and may run into problems
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Wed May 02 08:15:00 +0000 2012
>Originator: Wolfgang.Stukenbrock%nagler-company.com@localhost
>Release: NetBSD 5.1
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD test-s0 4.0 NetBSD 4.0 (NSW-WS) #0: Tue Aug 17 17:28:09 CEST
2010 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
In the default setup, the YP-Master server uses /etc/master.passwd as
source for the YP-database.
This enables login of all YP-Users to this server - that is not usefull
in larger setups.
It is possible to use a private master.passwd file - e.g.
/var/yp/<DOM-Master-Dir>/etc/master.passwd -
by specifiying the -d option to yppasswd and define the path in the
yp-makefile.
So far so good.
But if the master.passwd files gets constructured during yp-make, a
problem with the generated DB files
spwd.db and pwd.db arises.
Constructing the master-passwd file for YP is very usefull, if you have
groups of users with several administrators
and you need to give these admins the access the the password-Master
version for their users without opening the
whole server for them.
Normaly the DB files are maintained by the command vipw and the
rpc.yppasswdd to enshure mutal exclusion
implemented with the library libutil and the pwd_mkdb binary. (a
passwd-lock-file is used here too.)
But if an installation uses a private master version of this file on a
YP-master server, theese files doesn't
realy make sence, because nobody other than the pwd_mkdb binary ever
uses them.
In case that the master password file is constructed from different
sources or the master-YP-file is edited like
all other YP-master-files with a normal editor (e.g. vi) the generated
DB files gets out of sync all times
forcing the call of rpc.yppasswd to pwd_mkdb for a password update to
fail.
This can be avoided if the generation of the DB files can be disabled
on the commandline of rpc.yppasswd.
>How-To-Repeat:
Use a YP-master setup where an own (private) master-passwd file is used
and the passwd-master-file gets
constructed by the make or add an user to that file with vi and try to
use yppasswd.
You will run into problems when updateing a password from a client,
because the generated spwd.db and pwd.db
files are out of date.
>Fix:
The following patch will add an option to rpc.yppasswd that avoids the
call to pwd_mkdb and renames the
generated password lock file instead.
--- extern.h.orig 2012-05-02 09:32:46.000000000 +0200
+++ extern.h 2012-05-02 09:32:46.000000000 +0200
@@ -35,5 +35,5 @@
void make_passwd(yppasswd *, struct svc_req *, SVCXPRT *);
/* rpc.yppasswdd.c */
-extern int noshell, nogecos, nopw, domake;
+extern int noshell, nogecos, nopw, nodbfiles, domake;
extern char make_arg[_POSIX2_LINE_MAX];
--- rpc.yppasswdd.8.orig 2012-05-02 09:32:45.000000000 +0200
+++ rpc.yppasswdd.8 2012-05-02 09:32:45.000000000 +0200
@@ -57,7 +57,8 @@
to
.Ar directory .
It is important to create the binary database files (pwd.db and spwd.db)
-when using this switch or the password change will fail.
+when using this switch or the password change will fail (except the
+nodbfiles option is used).
The databases need to be created only once with the following command:
.Pp
.Dl pwd_mkdb -d directory directory/etc/master.passwd
@@ -67,6 +68,8 @@
Don't allow changes of the gecos field in the passwd file.
.It Fl nopw
Don't allow changes of the password in the passwd file.
+.It Fl nodbfiles
+Suppress creation of the binary database files (pwd.db and spwd.db).
.It Fl m Ar arg1 Op Ar arg2 ...
Additional arguments to pass to
.Ar make
--- rpc.yppasswdd.c.orig 2012-05-02 09:32:45.000000000 +0200
+++ rpc.yppasswdd.c 2012-05-02 09:32:46.000000000 +0200
@@ -55,7 +55,7 @@
#include "extern.h"
-int noshell, nogecos, nopw;
+int noshell, nogecos, nopw, nodbfiles;
char make_arg[_POSIX2_LINE_MAX] = "make";
int main(int, char *[]);
@@ -87,6 +87,8 @@
nogecos = 1;
else if (strcmp("nopw", arg) == 0)
nopw = 1;
+ else if (strcmp("nodbfiles", arg) == 0)
+ nodbfiles = 1;
else if (strcmp("m", arg) == 0) {
int len;
@@ -177,6 +179,6 @@
{
fprintf(stderr, "usage: %s [-d directory] [-noshell] [-nogecos] "
- "[-nopw] [-m arg1 [arg2 ...]]\n", getprogname());
+ "[-nopw] [-nodbfiles] [-m arg1 [arg2 ...]]\n", getprogname());
exit(EXIT_FAILURE);
}
--- yppasswdd_mkpw.c.orig 2012-05-02 09:32:45.000000000 +0200
+++ yppasswdd_mkpw.c 2012-05-02 09:32:45.000000000 +0200
@@ -159,10 +159,22 @@
pw_copy(pfd, tfd, &pw, NULL);
- if (pw_mkdb(pw.pw_name, 0) < 0) {
- warnx("pw_mkdb failed");
- pw_abort();
- RETURN(1);
+ if (!nodbfiles) {
+ if (pw_mkdb(pw.pw_name, 0) < 0) {
+ warnx("pw_mkdb failed");
+ pw_abort();
+ RETURN(1);
+ }
+ } else {
+ char from[MAXPATHLEN];
+
+ (void)strlcpy(from, pw_getprefix(), sizeof(from));
+ (void)strlcat(from, _PATH_MASTERPASSWD_LOCK, sizeof(from));
+ if (rename(from, mpwd) < 0) {
+ warnx("rename from %s to %s failed with errno = %d
strerror = %s\n", from, mpwd, errno, strerror(errno));
+ pw_abort();
+ RETURN(1);
+ }
}
/* XXX RESTORE SIGNAL STATE? XXX */
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index