int yp_passwd(char *username) { struct yppasswd yppwd; int r, rpcport, status, secure=0; struct passwd *pw; struct timeval tv; login_cap_t *lc; CLIENT *client; char *master; uid_t uid; /* * Get local domain */ if ((r = yp_get_default_domain(&domain)) != 0) { warnx("can't get local YP domain. Reason: %s", yperr_string(r)); return (1); } /* * Find the host for the passwd map; it should be running * the daemon. */ if ((r = yp_master(domain, "master.passwd.byname", &master)) == 0) { secure=1; } else if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { warnx("can't find the master YP server. Reason: %s", yperr_string(r)); return (1); } /* * Ask the portmapper for the port of the daemon. */ if ((rpcport = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { warnx("master YP server not running yppasswd daemon."); warnx("Can't change password."); return (1); } /* * Be sure the port is privileged */ if (rpcport >= IPPORT_RESERVED) { warnx("yppasswd daemon is on an invalid port."); return (1); } /* Get user's login identity */ if (!(pw = ypgetpwnam(username, secure))) { warnx("unknown user %s.", username); return (1); } if ((lc = login_getclass(pw->pw_class)) == NULL) { warnx("unable to get login class for user %s.", username); return (1); } uid = getuid(); if (uid && uid != pw->pw_uid) { warnx("you may only change your own password: %s", strerror(EACCES)); return (1); } /* prompt for new password */ yppwd.newpw.pw_passwd = ypgetnewpasswd(pw, lc, &yppwd.oldpass); /* tell rpc.yppasswdd */ yppwd.newpw.pw_name = pw->pw_name; yppwd.newpw.pw_uid = pw->pw_uid; yppwd.newpw.pw_gid = pw->pw_gid; yppwd.newpw.pw_gecos = pw->pw_gecos; yppwd.newpw.pw_dir = pw->pw_dir; yppwd.newpw.pw_shell = pw->pw_shell; client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); if (client==NULL) { warnx("cannot contact yppasswdd on %s: Reason: %s", master, yperr_string(YPERR_YPBIND)); free(yppwd.newpw.pw_passwd); return (YPERR_YPBIND); } client->cl_auth = authunix_create_default(); tv.tv_sec = 2; tv.tv_usec = 0; r = clnt_call(client, YPPASSWDPROC_UPDATE, xdr_yppasswd, &yppwd, xdr_int, &status, tv); if (r) { printf("rpc to yppasswdd failed.\n"); free(yppwd.newpw.pw_passwd); return (1); } else if (status) { printf("Couldn't change YP password.\n"); free(yppwd.newpw.pw_passwd); return (1); } else { printf("The YP password has been changed on %s, " "the master YP passwd server.\n", master); free(yppwd.newpw.pw_passwd); return (0); } }
void yp_chpass(char *username) { char *master; int r, rpcport, status; struct yppasswd yppasswd; struct passwd *pw; struct timeval tv; CLIENT *client; extern char *domain; (void)signal(SIGINT, kbintr); (void)signal(SIGQUIT, kbintr); if ((r = yp_get_default_domain(&domain)) != 0) { warnx("can't get local YP domain. Reason: %s", yperr_string(r)); exit(1); } /* * Find the host for the passwd map; it should be running * the daemon. */ if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { warnx("can't find the master YP server. Reason: %s", yperr_string(r)); exit(1); } /* Ask the portmapper for the port of the daemon. */ if ((rpcport = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { warnx("master YP server not running yppasswd daemon."); warnx("Can't change password."); exit(1); } if (rpcport >= IPPORT_RESERVED) { warnx("yppasswd daemon is on an invalid port."); exit(1); } /* If user doesn't exist, just prompt for old password and exit. */ pw = ypgetpwnam(username); if (pw) { if (pw->pw_uid == 0) { syslog(LOG_ERR, "attempted root password change"); pw = NULL; } else if (*pw->pw_passwd == '\0') { syslog(LOG_ERR, "%s attempting to add password", username); pw = NULL; } } if (pw == NULL) { char *p, salt[_PASSWORD_LEN + 1]; login_cap_t *lc; /* no such user, get appropriate salt to thwart timing attack */ if ((p = getpass("Old password:"******"xx", sizeof(salt)); crypt(p, salt); memset(p, 0, strlen(p)); } warnx("YP passwd database unchanged."); exit(1); } /* prompt for new password */ yppasswd.newpw.pw_passwd = ypgetnewpasswd(pw, &yppasswd.oldpass); /* tell rpc.yppasswdd */ yppasswd.newpw.pw_name = pw->pw_name; yppasswd.newpw.pw_uid = pw->pw_uid; yppasswd.newpw.pw_gid = pw->pw_gid; yppasswd.newpw.pw_gecos = pw->pw_gecos; yppasswd.newpw.pw_dir = pw->pw_dir; yppasswd.newpw.pw_shell = pw->pw_shell; client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); if (client == NULL) { warnx("cannot contact yppasswdd on %s: Reason: %s", master, yperr_string(YPERR_YPBIND)); free(yppasswd.newpw.pw_passwd); exit(1); } client->cl_auth = authunix_create_default(); tv.tv_sec = 2; tv.tv_usec = 0; r = clnt_call(client, YPPASSWDPROC_UPDATE, xdr_yppasswd, &yppasswd, xdr_int, &status, tv); if (r) warnx("rpc to yppasswdd failed."); else if (status) { printf("Couldn't change YP password.\n"); free(yppasswd.newpw.pw_passwd); exit(1); } printf("The YP password has been changed on %s, the master YP passwd server.\n", master); free(yppasswd.newpw.pw_passwd); (void)writev(BACK_CHANNEL, iov, 2); exit(0); }