static char *getNISserver(pam_handle_t *pamh)
{
char *master;
char *domainname;
int port, err;
if ((err = yp_get_default_domain(&domainname)) != 0) {
_log_err(LOG_WARNING, pamh, "can't get local yp domain: %s\n",
yperr_string(err));
return NULL;
}
if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) {
_log_err(LOG_WARNING, pamh, "can't find the master ypserver: %s\n",
yperr_string(err));
return NULL;
}
port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP);
if (port == 0) {
_log_err(LOG_WARNING, pamh,
"yppasswdd not running on NIS master host\n");
return NULL;
}
if (port >= IPPORT_RESERVED) {
_log_err(LOG_WARNING, pamh,
"yppasswd daemon running on illegal port.\n");
return NULL;
}
return master;
}
static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
{
char *master;
char *domainname;
int port, err;
#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
if ((err = yp_get_default_domain(&domainname)) != 0) {
pam_syslog(pamh, LOG_WARNING, "can't get local yp domain: %s",
yperr_string(err));
return NULL;
}
#elif defined(HAVE_GETDOMAINNAME)
char domainname_res[256];
if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
{
if (strcmp (domainname_res, "(none)") == 0)
{
/* If domainname is not set, some systems will return "(none)" */
domainname_res[0] = '\0';
}
domainname = domainname_res;
}
else domainname = NULL;
#endif
if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) {
pam_syslog(pamh, LOG_WARNING, "can't find the master ypserver: %s",
yperr_string(err));
return NULL;
}
port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP);
if (port == 0) {
pam_syslog(pamh, LOG_WARNING,
"yppasswdd not running on NIS master host");
return NULL;
}
if (port >= IPPORT_RESERVED) {
pam_syslog(pamh, LOG_WARNING,
"yppasswd daemon running on illegal port");
return NULL;
}
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_DEBUG, "Use NIS server on %s with port %d",
master, port);
}
return master;
}
struct passwd *
ypgetpwuid(uid_t uid)
{
static struct passwd pwent;
int reason, vallen, secure = 0;
char namebuf[16], *val;
if (!domain && (reason = yp_get_default_domain(&domain))) {
fprintf(stderr, "%s: can't get local YP domain. Reason: %s\n",
__progname, yperr_string(reason));
exit(1);
}
snprintf(namebuf, sizeof namebuf, "%u", (u_int)uid);
if (!yp_match(domain, "master.passwd.byuid", namebuf, strlen(namebuf),
&val, &vallen))
secure = 1;
else if (yp_match(domain, "passwd.byuid", namebuf, strlen(namebuf),
&val, &vallen))
return (NULL);
val[vallen] = '\0';
if (__yplin)
free(__yplin);
if (!(__yplin = malloc(vallen + 1)))
err(1, NULL);
strlcpy(__yplin, val, vallen + 1);
free(val);
return(interpret(&pwent, __yplin, secure));
}
int
nis_reload(mnt_map *m, char *map, void (*fn)())
{
struct ypall_callback cbinfo;
int error;
struct nis_callback_data data;
if (!domain) {
error = determine_nis_domain();
if (error)
return error;
}
data.ncd_m = m;
data.ncd_map = map;
data.ncd_fn = fn;
cbinfo.data = (void *)&data;
cbinfo.foreach = (void *)&callback;
error = yp_all(domain, map, &cbinfo);
if (error)
plog(XLOG_ERROR, "error grabbing nis map of %s: %s",
map, yperr_string(ypprot_err(error)));
return error;
}
struct passwd *
ypgetpwnam(char *nam)
{
static struct passwd pwent;
int reason, vallen, secure = 0;
char *val;
/*
* Get local domain
*/
if (!domain && (reason = yp_get_default_domain(&domain))) {
fprintf(stderr, "%s: can't get local YP domain. Reason: %s\n",
__progname, yperr_string(reason));
exit(1);
}
if (!yp_match(domain, "master.passwd.byname", nam, strlen(nam),
&val, &vallen))
secure = 1;
else if (yp_match(domain, "passwd.byname", nam, strlen(nam),
&val, &vallen))
return (NULL);
val[vallen] = '\0';
if (__yplin)
free(__yplin);
if (!(__yplin = malloc(vallen + 1)))
err(1, NULL);
strlcpy(__yplin, val, vallen + 1);
free(val);
return(interpret(&pwent, __yplin, secure));
}
/* {{{ php_foreach_cat
*/
static int php_foreach_cat (int instatus, char *inkey, int inkeylen, char *inval, int invallen, char *indata)
{
int err;
err = ypprot_err (instatus);
if (!err)
{
if (inkeylen) {
char *key = emalloc(inkeylen+1);
strlcpy(key, inkey, inkeylen+1);
add_assoc_stringl_ex((zval *) indata, key, inkeylen+1, inval, invallen, 1);
efree(key);
}
return 0;
}
if (err != YPERR_NOMORE)
{
TSRMLS_FETCH();
YP(error) = err;
php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", yperr_string (err));
}
return 0;
}
/*
* Like yp_bind except can query a specific host
*/
static int
bind_host(char *dom, struct sockaddr_in *lsin)
{
struct hostent *hent = NULL;
struct ypbind_resp ypbr;
struct timeval tv;
CLIENT *client;
int sock, r;
struct in_addr ss_addr;
sock = RPC_ANYSOCK;
tv.tv_sec = 15;
tv.tv_usec = 0;
client = clntudp_create(lsin, YPBINDPROG, YPBINDVERS, tv, &sock);
if (client == NULL) {
warnx("can't clntudp_create: %s", yperr_string(YPERR_YPBIND));
return (YPERR_YPBIND);
}
tv.tv_sec = 5;
tv.tv_usec = 0;
r = clnt_call(client, YPBINDPROC_DOMAIN,
(xdrproc_t)xdr_domainname, &dom,
(xdrproc_t)xdr_ypbind_resp, &ypbr, tv);
if (r != RPC_SUCCESS) {
warnx("can't clnt_call: %s", yperr_string(YPERR_YPBIND));
clnt_destroy(client);
return (YPERR_YPBIND);
} else {
if (ypbr.ypbind_status != YPBIND_SUCC_VAL) {
warnx("can't yp_bind: reason: %s",
ypbinderr_string(ypbr.ypbind_respbody.ypbind_error));
clnt_destroy(client);
return (r);
}
}
clnt_destroy(client);
ss_addr = ypbr.ypbind_respbody.ypbind_bindinfo.ypbind_binding_addr;
/*printf("%08x\n", ss_addr);*/
hent = gethostbyaddr((char *)&ss_addr, sizeof(ss_addr), AF_INET);
if (hent)
printf("%s\n", hent->h_name);
else
printf("%s\n", inet_ntoa(ss_addr));
return (0);
}
int
main(int argc, char *argv[])
{
char *domainname;
char *hostname = NULL;
char *inmap, *master;
int order;
int c, r, tcp = 0;
(void)yp_get_default_domain(&domainname);
while ((c = getopt(argc, argv, "Th:d:")) != -1) {
switch (c) {
case 'T':
tcp = 1;
break;
case 'd':
domainname = optarg;
break;
case 'h':
hostname = optarg;
break;
default:
usage();
/*NOTREACHED*/
}
}
if (domainname == NULL)
errx(1, "YP domain name not set");
argc -= optind;
argv += optind;
if (argc != 1)
usage();
inmap = argv[0];
if (hostname != NULL)
r = get_remote_info(domainname, inmap, hostname,
&order, &master, tcp);
else {
r = yp_order(domainname, inmap, &order);
if (r == 0)
r = yp_master(domainname, inmap, &master);
}
if (r != 0)
errx(1, "no such map %s. Reason: %s",
inmap, yperr_string(r));
(void)printf("Map %s has order number %d. %s", inmap, order,
ctime((void *)&order));
(void)printf("The master server is %s.\n", master);
return 0;
}
int
main(int argc, char *argv[])
{
char *domain = NULL, *inmap;
struct ypall_callback ypcb;
extern char *optarg;
extern int optind;
int notrans, c, r, i;
notrans = key = 0;
while ((c=getopt(argc, argv, "xd:kt")) != -1)
switch (c) {
case 'x':
for (i=0; i<sizeof ypaliases/sizeof ypaliases[0]; i++)
printf("Use \"%s\" for \"%s\"\n",
ypaliases[i].alias, ypaliases[i].name);
exit(0);
case 'd':
domain = optarg;
break;
case 't':
notrans++;
break;
case 'k':
key++;
break;
default:
usage();
}
if (optind + 1 != argc )
usage();
if (!domain)
yp_get_default_domain(&domain);
inmap = argv[optind];
if (!notrans) {
for (i=0; i<sizeof ypaliases/sizeof ypaliases[0]; i++)
if (strcmp(inmap, ypaliases[i].alias) == 0)
inmap = ypaliases[i].name;
}
ypcb.foreach = printit;
ypcb.data = NULL;
r = yp_all(domain, inmap, &ypcb);
switch (r) {
case 0:
break;
case YPERR_YPBIND:
fprintf(stderr, "ypcat: not running ypbind\n");
exit(1);
default:
fprintf(stderr, "No such map %s. Reason: %s\n",
inmap, yperr_string(r));
exit(1);
}
exit(0);
}
void
rb_yp_check_yperr(err)
{
switch( err ) {
case YPERR_SUCCESS:
break;
default:
rb_raise(rb_eYPError, yperr_string(err));
};
};
VALUE
rb_yp_get_default_domain(VALUE self)
{
char *domainname;
int err;
if((err = yp_get_default_domain(&domainname)) != 0) {
rb_raise(rb_eYPError, yperr_string(err));
};
return rb_tainted_str_new2(domainname);
};
static int
bind_tohost(struct sockaddr_in *sin, char *dom, char *server)
{
struct ypbind_setdom ypsd;
struct in_addr iaddr;
struct hostent *hp;
struct timeval tv;
CLIENT *client;
int sock, port, r;
port = getrpcport(server, YPPROG, YPPROC_NULL, IPPROTO_UDP);
if (port == 0)
errx(1, "%s not running ypserv", server);
port = htons(port);
memset(&ypsd, 0, sizeof ypsd);
if (inet_aton(server, &iaddr) == 0) {
hp = gethostbyname(server);
if (hp == NULL)
errx(1, "can't find address for %s", server);
memmove(&iaddr.s_addr, hp->h_addr, sizeof(iaddr.s_addr));
}
ypsd.ypsetdom_domain = dom;
bcopy(&iaddr.s_addr, &ypsd.ypsetdom_binding.ypbind_binding_addr,
sizeof(ypsd.ypsetdom_binding.ypbind_binding_addr));
bcopy(&port, &ypsd.ypsetdom_binding.ypbind_binding_port,
sizeof(ypsd.ypsetdom_binding.ypbind_binding_port));
ypsd.ypsetdom_vers = YPVERS;
tv.tv_sec = 15;
tv.tv_usec = 0;
sock = RPC_ANYSOCK;
client = clntudp_create(sin, YPBINDPROG, YPBINDVERS, tv, &sock);
if (client == NULL) {
warnx("can't yp_bind: reason: %s", yperr_string(YPERR_YPBIND));
return YPERR_YPBIND;
}
client->cl_auth = authunix_create_default();
r = clnt_call(client, YPBINDPROC_SETDOM,
xdr_ypbind_setdom, &ypsd, xdr_void, NULL, tv);
if (r) {
warnx("Cannot ypset for domain %s on host %s: %s", dom,
server, clnt_sperrno(r));
clnt_destroy(client);
return YPERR_YPBIND;
}
clnt_destroy(client);
return 0;
}
/*
* Callback from yp_all
*/
static int
callback(int status, char *key, int kl, char *val,
int vl, struct nis_callback_data *data)
{
if (status == YP_TRUE) {
/*
* Add to list of maps
*/
char *kp = strnsave(key, kl);
char *vp = strnsave(val, vl);
(*data->ncd_fn)(data->ncd_m, kp, vp);
/*
* We want more ...
*/
return FALSE;
} else {
/*
* NOMORE means end of map - otherwise log error
*/
if (status != YP_NOMORE) {
/*
* Check what went wrong
*/
int e = ypprot_err(status);
#ifdef DEBUG
plog(XLOG_ERROR, "yp enumeration of %s: %s, status=%d, e=%d",
data->ncd_map, yperr_string(e), status, e);
#else
plog(XLOG_ERROR, "yp enumeration of %s: %s",
data->ncd_map, yperr_string(e));
#endif
}
return TRUE;
}
}
char *
ypclnt_get(ypclnt_t *ypc, const char *key)
{
char *value;
int len, r;
r = yp_match(ypc->domain, ypc->map,
key, (int)strlen(key), &value, &len);
if (r != 0) {
ypclnt_error(ypc, __func__, "%s", yperr_string(r));
return (NULL);
}
return (value);
}
int
ypclnt_connect(ypclnt_t *ypclnt)
{
int r;
/* get default domain name unless specified */
if (ypclnt->domain == NULL) {
if ((ypclnt->domain = malloc(MAXHOSTNAMELEN)) == NULL) {
ypclnt_error(ypclnt, __func__,
"%s", strerror(errno));
return (-1);
}
if (getdomainname(ypclnt->domain, MAXHOSTNAMELEN) != 0) {
ypclnt_error(ypclnt, __func__,
"can't get NIS domain name");
return (-1);
}
}
/* map must be specified */
if (ypclnt->map == NULL) {
ypclnt_error(ypclnt, __func__,
"caller must specify map name");
return (-1);
}
/* get master server for requested map unless specified */
if (ypclnt->server == NULL) {
r = yp_master(ypclnt->domain, ypclnt->map, &ypclnt->server);
if (r != 0) {
ypclnt_error(ypclnt, __func__,
"can't get NIS server name: %s", yperr_string(r));
return (-1);
}
}
ypclnt_error(ypclnt, NULL, NULL);
return (0);
}
/*
* Try to locate a key using NIS.
*/
int
nis_search(mnt_map *m, char *map, char *key, char **val, time_t *tp)
{
int outlen;
int order;
int res;
/*
* Make sure domain initialised
*/
if (has_yp_order) {
/* check if map has changed */
if (yp_order(domain, map, &order))
return EIO;
if ((time_t) order > *tp) {
*tp = (time_t) order;
return -1;
}
} else {
/*
* NIS+ server without yp_order
* Check if timeout has expired to invalidate the cache
*/
order = time(NULL);
if ((time_t)order - *tp > am_timeo) {
*tp = (time_t)order;
return(-1);
}
}
if (has_yp_order) {
/*
* Check if map has changed
*/
if (yp_order(domain, map, &order))
return EIO;
if ((time_t) order > *tp) {
*tp = (time_t) order;
return -1;
}
} else {
/*
* NIS+ server without yp_order
* Check if timeout has expired to invalidate the cache
*/
order = time(NULL);
if ((time_t)order - *tp > am_timeo) {
*tp = (time_t)order;
return(-1);
}
}
/*
* Lookup key
*/
res = yp_match(domain, map, key, strlen(key), val, &outlen);
/*
* Do something interesting with the return code
*/
switch (res) {
case 0:
return 0;
case YPERR_KEY:
return ENOENT;
default:
plog(XLOG_ERROR, "%s: %s", map, yperr_string(res));
return EIO;
}
}
int
main(int argc, char **argv)
{
char name[MAXNETNAMELEN+1];
char public[HEXKEYBYTES + 1];
char secret[HEXKEYBYTES + 1];
char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
int status;
char *pass;
struct passwd *pw;
uid_t uid;
int force = 0;
int ch;
#ifdef YP
char *master;
#endif
while ((ch = getopt(argc, argv, "f")) != -1)
switch(ch) {
case 'f':
force = 1;
break;
default:
usage();
}
argc -= optind;
argv += optind;
if (argc != 0)
usage();
#ifdef YP
yp_get_default_domain(&domain);
if (yp_master(domain, PKMAP, &master) != 0)
errx(1, "can't find master of publickey database");
#endif
uid = getuid() /*geteuid()*/;
if (uid == 0) {
if (host2netname(name, NULL, NULL) == 0)
errx(1, "cannot convert hostname to netname");
} else {
if (user2netname(name, uid, NULL) == 0)
errx(1, "cannot convert username to netname");
}
printf("Generating new key for %s.\n", name);
if (!force) {
if (uid != 0) {
#ifdef YPPASSWD
pw = ypgetpwuid(uid);
#else
pw = getpwuid(uid);
#endif
if (pw == NULL) {
#ifdef YPPASSWD
errx(1,
"no NIS password entry found: can't change key");
#else
errx(1,
"no password entry found: can't change key");
#endif
}
} else {
pw = getpwuid(0);
if (pw == NULL)
errx(1, "no password entry found: can't change key");
}
}
pass = getpass("Password:"******"invalid password");
}
#else
force = 1; /* Make this mandatory */
#endif
genkeys(public, secret, pass);
memcpy(crypt1, secret, HEXKEYBYTES);
memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
xencrypt(crypt1, pass);
if (force) {
memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
xdecrypt(crypt2, getpass("Retype password:"******"password incorrect");
}
#ifdef YP
printf("Sending key change request to %s...\n", master);
#endif
status = setpublicmap(name, public, crypt1);
if (status != 0) {
#ifdef YP
errx(1, "unable to update NIS database (%u): %s",
status, yperr_string(status));
#else
errx(1, "unable to update publickey database");
#endif
}
if (uid == 0) {
/*
* Root users store their key in /etc/$ROOTKEY so
* that they can auto reboot without having to be
* around to type a password. Storing this in a file
* is rather dubious: it should really be in the EEPROM
* so it does not go over the net.
*/
int fd;
fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
if (fd < 0) {
warn("%s", ROOTKEY);
} else {
char newline = '\n';
if (write(fd, secret, strlen(secret)) < 0 ||
write(fd, &newline, sizeof(newline)) < 0)
warn("%s: write", ROOTKEY);
}
}
if (key_setsecret(secret) < 0)
errx(1, "unable to login with new secret key");
printf("Done.\n");
exit(0);
/* NOTREACHED */
}
/*
* ypdb_open_db
*/
DBM *
ypdb_open_db(const char *domain, const char *map, u_int *status,
struct opt_map **map_info)
{
static const char *domain_key = YP_INTERDOMAIN_KEY;
static const char *secure_key = YP_SECURE_KEY;
char map_path[MAXPATHLEN];
struct stat finfo;
struct opt_domain *d = NULL;
struct opt_map *m = NULL;
DBM *db;
datum k, v;
*status = YP_TRUE; /* defaults to true */
/*
* check for illegal domain and map names
*/
if (_yp_invalid_domain(domain)) {
*status = YP_NODOM;
return (NULL);
}
if (_yp_invalid_map(map)) {
*status = YP_NOMAP;
return (NULL);
}
/*
* check for domain, file.
*/
(void)snprintf(map_path, sizeof(map_path), "%s/%s", YP_DB_PATH, domain);
if (stat(map_path, &finfo) < 0 || !S_ISDIR(finfo.st_mode)) {
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: no domain %s (map=%s)", domain, map);
#endif
*status = YP_NODOM;
} else {
(void)snprintf(map_path, sizeof(map_path), "%s/%s/%s%s",
YP_DB_PATH, domain, map, YPDB_SUFFIX);
if (stat(map_path, &finfo) < 0) {
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: no map %s (domain=%s)", map,
domain);
#endif
*status = YP_NOMAP;
}
}
/*
* check for preloaded domain, map
*/
for (d = doms.lh_first; d != NULL; d = d->domsl.le_next)
if (strcmp(domain, d->domain) == 0)
break;
if (d)
for (m = d->dmaps.lh_first; m != NULL; m = m->mapsl.le_next)
if (strcmp(map, m->map) == 0)
break;
/*
* map found open?
*/
if (m) {
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: cached open: domain=%s, map=%s, db=%p,",
domain, map, m->db);
syslog(LOG_DEBUG,
"\tdbdev %d new %d; dbino %d new %d; dbmtime %ld new %ld",
m->dbdev, finfo.st_dev, m->dbino, finfo.st_ino,
(long) m->dbmtime, (long) finfo.st_mtime);
#endif
/*
* if status != YP_TRUE, then this cached database is now
* non-existent
*/
if (*status != YP_TRUE) {
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: cached db is now unavailable - "
"closing: status %s",
yperr_string(ypprot_err(*status)));
#endif
ypdb_close_map(m);
return (NULL);
}
/*
* is this the same db?
*/
if (finfo.st_dev == m->dbdev && finfo.st_ino == m->dbino &&
finfo.st_mtime == m->dbmtime) {
CIRCLEQ_REMOVE(&maps, m, mapsq); /* adjust LRU queue */
CIRCLEQ_INSERT_HEAD(&maps, m, mapsq);
if (map_info)
*map_info = m;
return (m->db);
} else {
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: db changed; closing");
#endif
ypdb_close_map(m);
m = NULL;
}
}
/*
* not cached and non-existent, return
*/
if (*status != YP_TRUE)
return (NULL);
/*
* open map
*/
(void)snprintf(map_path, sizeof(map_path), "%s/%s/%s",
YP_DB_PATH, domain, map);
#ifdef OPTIMIZE_DB
retryopen:
#endif /* OPTIMIZE_DB */
db = ypdb_open(map_path);
#ifdef OPTIMIZE_DB
if (db == NULL) {
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: errno %d (%s)", errno, strerror(errno));
#endif /* DEBUG */
if ((errno == ENFILE) || (errno == EMFILE)) {
ypdb_close_last();
goto retryopen;
}
}
#endif /* OPTIMIZE_DB */
*status = YP_NOMAP; /* see note below */
if (db == NULL) {
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: ypdb_open FAILED: map %s (domain=%s)",
map, domain);
#endif
return (NULL);
}
/*
* note: status now YP_NOMAP
*/
if (d == NULL) { /* allocate new domain? */
d = (struct opt_domain *) malloc(sizeof(*d));
if (d)
d->domain = strdup(domain);
if (d == NULL || d->domain == NULL) {
syslog(LOG_ERR,
"ypdb_open_db: MALLOC failed");
ypdb_close(db);
if (d)
free(d);
return (NULL);
}
LIST_INIT(&d->dmaps);
LIST_INSERT_HEAD(&doms, d, domsl);
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: NEW DOMAIN %s", domain);
#endif
}
/*
* m must be NULL since we couldn't find a map. allocate new one
*/
m = (struct opt_map *) malloc(sizeof(*m));
if (m)
m->map = strdup(map);
if (m == NULL || m->map == NULL) {
if (m)
free(m);
syslog(LOG_ERR, "ypdb_open_db: MALLOC failed");
ypdb_close(db);
return (NULL);
}
m->db = db;
m->dom = d;
m->host_lookup = FALSE;
m->dbdev = finfo.st_dev;
m->dbino = finfo.st_ino;
m->dbmtime = finfo.st_mtime;
CIRCLEQ_INSERT_HEAD(&maps, m, mapsq);
LIST_INSERT_HEAD(&d->dmaps, m, mapsl);
if (strcmp(map, YP_HOSTNAME) == 0 || strcmp(map, YP_HOSTADDR) == 0) {
if (!usedns) {
k.dptr = domain_key;
k.dsize = YP_INTERDOMAIN_LEN;
v = ypdb_fetch(db, k);
if (v.dptr)
m->host_lookup = TRUE;
} else
m->host_lookup = TRUE;
}
m->secure = FALSE;
k.dptr = secure_key;
k.dsize = YP_SECURE_LEN;
v = ypdb_fetch(db, k);
if (v.dptr != NULL)
m->secure = TRUE;
*status = YP_TRUE;
if (map_info)
*map_info = m;
#ifdef DEBUG
syslog(LOG_DEBUG,
"ypdb_open_db: NEW MAP domain=%s, map=%s, hl=%d, s=%d, db=%p",
domain, map, m->host_lookup, m->secure, m->db);
#endif
return (m->db);
}
int
yp_passwd(char *username)
{
struct yppasswd yppwd;
int r, rpcport, status, secure=0;
struct passwd *pw;
struct timeval tv;
login_cap_t *lc;
CLIENT *client;
char *master;
uid_t uid;
/*
* Get local domain
*/
if ((r = yp_get_default_domain(&domain)) != 0) {
warnx("can't get local YP domain. Reason: %s",
yperr_string(r));
return (1);
}
/*
* Find the host for the passwd map; it should be running
* the daemon.
*/
if ((r = yp_master(domain, "master.passwd.byname", &master)) == 0) {
secure=1;
} else if ((r = yp_master(domain, "passwd.byname", &master)) != 0) {
warnx("can't find the master YP server. Reason: %s",
yperr_string(r));
return (1);
}
/*
* Ask the portmapper for the port of the daemon.
*/
if ((rpcport = getrpcport(master, YPPASSWDPROG,
YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) {
warnx("master YP server not running yppasswd daemon.");
warnx("Can't change password.");
return (1);
}
/*
* Be sure the port is privileged
*/
if (rpcport >= IPPORT_RESERVED) {
warnx("yppasswd daemon is on an invalid port.");
return (1);
}
/* Get user's login identity */
if (!(pw = ypgetpwnam(username, secure))) {
warnx("unknown user %s.", username);
return (1);
}
if ((lc = login_getclass(pw->pw_class)) == NULL) {
warnx("unable to get login class for user %s.", username);
return (1);
}
uid = getuid();
if (uid && uid != pw->pw_uid) {
warnx("you may only change your own password: %s",
strerror(EACCES));
return (1);
}
/* prompt for new password */
yppwd.newpw.pw_passwd = ypgetnewpasswd(pw, lc, &yppwd.oldpass);
/* tell rpc.yppasswdd */
yppwd.newpw.pw_name = pw->pw_name;
yppwd.newpw.pw_uid = pw->pw_uid;
yppwd.newpw.pw_gid = pw->pw_gid;
yppwd.newpw.pw_gecos = pw->pw_gecos;
yppwd.newpw.pw_dir = pw->pw_dir;
yppwd.newpw.pw_shell = pw->pw_shell;
client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
if (client==NULL) {
warnx("cannot contact yppasswdd on %s: Reason: %s",
master, yperr_string(YPERR_YPBIND));
free(yppwd.newpw.pw_passwd);
return (YPERR_YPBIND);
}
client->cl_auth = authunix_create_default();
tv.tv_sec = 2;
tv.tv_usec = 0;
r = clnt_call(client, YPPASSWDPROC_UPDATE,
xdr_yppasswd, &yppwd, xdr_int, &status, tv);
if (r) {
printf("rpc to yppasswdd failed.\n");
free(yppwd.newpw.pw_passwd);
return (1);
} else if (status) {
printf("Couldn't change YP password.\n");
free(yppwd.newpw.pw_passwd);
return (1);
} else {
printf("The YP password has been changed on %s, "
"the master YP passwd server.\n", master);
free(yppwd.newpw.pw_passwd);
return (0);
}
}
int
pw_yp(struct passwd *pw, uid_t uid)
{
char uidbuf[20], gidbuf[20], *master, *p;
int r, rpcport, status, alen;
struct yppasswd yppasswd;
struct timeval tv;
CLIENT *client;
/*
* Get local domain
*/
if (!domain && (r = yp_get_default_domain(&domain))) {
fprintf(stderr, "%s: can't get local YP domain. Reason: %s\n",
__progname, yperr_string(r));
return(0);
}
/*
* Find the host for the passwd map; it should be running
* the daemon.
*/
if ((r = yp_master(domain, "passwd.byname", &master)) != 0) {
fprintf(stderr,
"%s: can't find the master YP server. Reason: %s\n",
__progname, yperr_string(r));
return(0);
}
/*
* Ask the portmapper for the port of the daemon.
*/
if ((rpcport = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE,
IPPROTO_UDP)) == 0) {
fprintf(stderr,
"%s: master YP server not running yppasswd daemon.\n",
__progname);
fprintf(stderr, "\tCan't change password.\n");
return(0);
}
/*
* Be sure the port is privileged
*/
if (rpcport >= IPPORT_RESERVED) {
(void)fprintf(stderr,
"%s: yppasswd daemon running on an invalid port.\n",
__progname);
return(0);
}
/* prompt for old password */
bzero(&yppasswd, sizeof yppasswd);
yppasswd.oldpass = "******";
yppasswd.oldpass = getpass("Old password:"******"Cancelled.\n");
return(0);
}
for (alen = 0, p = pw->pw_gecos; *p; p++)
if (*p == '&')
alen = alen + strlen(pw->pw_name) - 1;
(void)snprintf(uidbuf, sizeof uidbuf, "%u", pw->pw_uid);
(void)snprintf(gidbuf, sizeof gidbuf, "%u", pw->pw_gid);
if (strlen(pw->pw_name) + 1 + strlen(pw->pw_passwd) + 1 +
strlen(uidbuf) + 1 + strlen(gidbuf) + 1 +
strlen(pw->pw_gecos) + alen + 1 + strlen(pw->pw_dir) + 1 +
strlen(pw->pw_shell) >= 1023) {
warnx("entries too long");
return (0);
}
/* tell rpc.yppasswdd */
yppasswd.newpw.pw_name = pw->pw_name;
yppasswd.newpw.pw_passwd= pw->pw_passwd;
yppasswd.newpw.pw_uid = pw->pw_uid;
yppasswd.newpw.pw_gid = pw->pw_gid;
yppasswd.newpw.pw_gecos = pw->pw_gecos;
yppasswd.newpw.pw_dir = pw->pw_dir;
yppasswd.newpw.pw_shell = pw->pw_shell;
client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
if (client==NULL) {
fprintf(stderr, "can't contact yppasswdd on %s: Reason: %s\n",
master, yperr_string(YPERR_YPBIND));
return(1);
}
client->cl_auth = authunix_create_default();
tv.tv_sec = 5;
tv.tv_usec = 0;
r = clnt_call(client, YPPASSWDPROC_UPDATE,
xdr_yppasswd, &yppasswd, xdr_int, &status, tv);
if (r) {
fprintf(stderr, "%s: rpc to yppasswdd failed. %d\n",
__progname, r);
clnt_destroy(client);
return(1);
} else if (status) {
printf("Couldn't change YP password information.\n");
clnt_destroy(client);
return(1);
}
printf("The YP password information has been changed on %s, the master YP passwd server.\n", master);
clnt_destroy(client);
return(0);
}
void
pwyp_process(const char *username, int argc, char **argv)
{
char *master;
int ch, r, rpcport, status;
enum clnt_stat yr;
struct yppasswd ypp;
struct passwd pwb, pwb2, *pw;
char pwbuf[1024];
struct timeval tv;
CLIENT *client;
while ((ch = getopt(argc, argv, "y")) != -1) {
switch (ch) {
case 'y':
/*
* Abosrb the -y that may have gotten us here.
*/
break;
default:
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
switch (argc) {
case 0:
/* username already provided */
break;
case 1:
username = argv[0];
break;
default:
usage();
/*NOTREACHED*/
}
if (_yp_check(NULL) == 0) {
/* can't use YP. */
errx(EXIT_FAILURE, "NIS not in use.");
}
uid = getuid();
/*
* Get local domain
*/
if ((r = yp_get_default_domain(&domain)) != 0)
errx(EXIT_FAILURE, "Can't get local NIS domain (%s)",
yperr_string(r));
/*
* Find the host for the passwd map; it should be running
* the daemon.
*/
if ((r = yp_master(domain, "passwd.byname", &master)) != 0)
errx(EXIT_FAILURE, "Can't find the master NIS server (%s)",
yperr_string(r));
/*
* Ask the portmapper for the port of the daemon.
*/
if ((rpcport = getrpcport(master, YPPASSWDPROG,
YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0)
errx(EXIT_FAILURE, "Master NIS server not running yppasswd "
"daemon");
/*
* Be sure the port is privileged
*/
if (rpcport >= IPPORT_RESERVED)
errx(EXIT_FAILURE, "Yppasswd daemon is on an invalid port");
/* Bail out if this is a local (non-yp) user, */
/* then get user's login identity */
if (!ypgetpwnam(username, &pwb) ||
getpwnam_r(username, &pwb2, pwbuf, sizeof(pwbuf), &pw) ||
pw == NULL)
errx(EXIT_FAILURE, "NIS unknown user %s", username);
if (uid && uid != pwb.pw_uid) {
errno = EACCES;
err(EXIT_FAILURE, "You may only change your own password");
}
makeypp(&ypp, &pwb);
client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
if (client == NULL)
errx(EXIT_FAILURE, "Cannot contact yppasswdd on %s (%s)",
master, yperr_string(YPERR_YPBIND));
client->cl_auth = authunix_create_default();
tv.tv_sec = 2;
tv.tv_usec = 0;
yr = clnt_call(client, YPPASSWDPROC_UPDATE,
xdr_yppasswd, &ypp, xdr_int, &status, tv);
if (yr != RPC_SUCCESS)
errx(EXIT_FAILURE, "RPC to yppasswdd failed (%s)",
clnt_sperrno(yr));
else if (status)
printf("Couldn't change NIS password.\n");
else
printf("The NIS password has been changed on %s, %s\n",
master, "the master NIS passwd server.");
}
int
main(int argc, char *argv[])
{
char *domainname = NULL;
char *inkey, *inmap, *outbuf;
int outbuflen, key, notrans;
int c, r;
u_int i;
notrans = key = 0;
while ((c = getopt(argc, argv, "xd:kt")) != -1)
switch (c) {
case 'x':
for (i = 0; i<sizeof ypaliases/sizeof ypaliases[0]; i++)
printf("Use \"%s\" for \"%s\"\n",
ypaliases[i].alias,
ypaliases[i].name);
exit(0);
case 'd':
domainname = optarg;
break;
case 't':
notrans++;
break;
case 'k':
key++;
break;
default:
usage();
}
if ((argc-optind) < 2)
usage();
if (!domainname)
yp_get_default_domain(&domainname);
inmap = argv[argc-1];
for (i = 0; (!notrans) && i<sizeof ypaliases/sizeof ypaliases[0]; i++)
if (strcmp(inmap, ypaliases[i].alias) == 0)
inmap = ypaliases[i].name;
for (; optind < argc-1; optind++) {
inkey = argv[optind];
r = yp_match(domainname, inmap, inkey,
strlen(inkey), &outbuf, &outbuflen);
switch (r) {
case 0:
if (key)
printf("%s ", inkey);
printf("%*.*s\n", outbuflen, outbuflen, outbuf);
break;
case YPERR_YPBIND:
errx(1, "not running ypbind");
default:
errx(1, "can't match key %s in map %s. reason: %s",
inkey, inmap, yperr_string(r));
}
}
exit(0);
}
static PyObject *
nis_error (int err)
{
PyErr_SetString(NisError, yperr_string(err));
return NULL;
}
void
yp_chpass(char *username)
{
char *master;
int r, rpcport, status;
struct yppasswd yppasswd;
struct passwd *pw;
struct timeval tv;
CLIENT *client;
extern char *domain;
(void)signal(SIGINT, kbintr);
(void)signal(SIGQUIT, kbintr);
if ((r = yp_get_default_domain(&domain)) != 0) {
warnx("can't get local YP domain. Reason: %s", yperr_string(r));
exit(1);
}
/*
* Find the host for the passwd map; it should be running
* the daemon.
*/
if ((r = yp_master(domain, "passwd.byname", &master)) != 0) {
warnx("can't find the master YP server. Reason: %s",
yperr_string(r));
exit(1);
}
/* Ask the portmapper for the port of the daemon. */
if ((rpcport = getrpcport(master, YPPASSWDPROG,
YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) {
warnx("master YP server not running yppasswd daemon.");
warnx("Can't change password.");
exit(1);
}
if (rpcport >= IPPORT_RESERVED) {
warnx("yppasswd daemon is on an invalid port.");
exit(1);
}
/* If user doesn't exist, just prompt for old password and exit. */
pw = ypgetpwnam(username);
if (pw) {
if (pw->pw_uid == 0) {
syslog(LOG_ERR, "attempted root password change");
pw = NULL;
} else if (*pw->pw_passwd == '\0') {
syslog(LOG_ERR, "%s attempting to add password",
username);
pw = NULL;
}
}
if (pw == NULL) {
char *p, salt[_PASSWORD_LEN + 1];
login_cap_t *lc;
/* no such user, get appropriate salt to thwart timing attack */
if ((p = getpass("Old password:"******"xx", sizeof(salt));
crypt(p, salt);
memset(p, 0, strlen(p));
}
warnx("YP passwd database unchanged.");
exit(1);
}
/* prompt for new password */
yppasswd.newpw.pw_passwd = ypgetnewpasswd(pw, &yppasswd.oldpass);
/* tell rpc.yppasswdd */
yppasswd.newpw.pw_name = pw->pw_name;
yppasswd.newpw.pw_uid = pw->pw_uid;
yppasswd.newpw.pw_gid = pw->pw_gid;
yppasswd.newpw.pw_gecos = pw->pw_gecos;
yppasswd.newpw.pw_dir = pw->pw_dir;
yppasswd.newpw.pw_shell = pw->pw_shell;
client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
if (client == NULL) {
warnx("cannot contact yppasswdd on %s: Reason: %s",
master, yperr_string(YPERR_YPBIND));
free(yppasswd.newpw.pw_passwd);
exit(1);
}
client->cl_auth = authunix_create_default();
tv.tv_sec = 2;
tv.tv_usec = 0;
r = clnt_call(client, YPPASSWDPROC_UPDATE,
xdr_yppasswd, &yppasswd, xdr_int, &status, tv);
if (r)
warnx("rpc to yppasswdd failed.");
else if (status) {
printf("Couldn't change YP password.\n");
free(yppasswd.newpw.pw_passwd);
exit(1);
}
printf("The YP password has been changed on %s, the master YP passwd server.\n",
master);
free(yppasswd.newpw.pw_passwd);
(void)writev(BACK_CHANNEL, iov, 2);
exit(0);
}
int
main(int argc, char *argv[])
{
char *domnam = NULL, *master;
char *map = NULL;
struct ypmaplist *ypml, *y;
struct hostent *hent;
struct sockaddr_in lsin;
int notrans, mode;
int c, r;
u_int i;
notrans = mode = 0;
while ((c = getopt(argc, argv, "xd:mt")) != -1)
switch (c) {
case 'x':
for (i = 0; i<sizeof ypaliases/sizeof ypaliases[0]; i++)
printf("\"%s\" is an alias for \"%s\"\n",
ypaliases[i].alias,
ypaliases[i].name);
exit(0);
case 'd':
domnam = optarg;
break;
case 't':
notrans++;
break;
case 'm':
mode++;
break;
default:
usage();
}
if (!domnam)
yp_get_default_domain(&domnam);
if (mode == 0) {
switch (argc-optind) {
case 0:
bzero(&lsin, sizeof lsin);
lsin.sin_family = AF_INET;
lsin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
if (bind_host(domnam, &lsin))
exit(ERR_NOBINDING);
break;
case 1:
bzero(&lsin, sizeof lsin);
lsin.sin_family = AF_INET;
if ((lsin.sin_addr.s_addr = inet_addr(argv[optind])) == INADDR_NONE) {
hent = gethostbyname(argv[optind]);
if (!hent)
errx(ERR_NOSUCHHOST, "host %s unknown", argv[optind]);
bcopy((char *)hent->h_addr_list[0],
(char *)&lsin.sin_addr, sizeof lsin.sin_addr);
}
if (bind_host(domnam, &lsin))
exit(ERR_NOBINDING);
break;
default:
usage();
}
exit(0);
}
if (argc-optind > 1)
usage();
if (argv[optind]) {
map = argv[optind];
for (i = 0; (!notrans) && i<sizeof ypaliases/sizeof ypaliases[0]; i++)
if (strcmp(map, ypaliases[i].alias) == 0)
map = ypaliases[i].name;
r = yp_master(domnam, map, &master);
switch (r) {
case 0:
printf("%s\n", master);
free(master);
break;
case YPERR_YPBIND:
errx(ERR_NOYPBIND, "not running ypbind");
default:
errx(ERR_NOMASTER, "can't find master for map %s: reason: %s",
map, yperr_string(r));
}
exit(0);
}
ypml = NULL;
r = yp_maplist(domnam, &ypml);
switch (r) {
case 0:
for (y = ypml; y;) {
ypml = y;
r = yp_master(domnam, ypml->ypml_name, &master);
switch (r) {
case 0:
printf("%s %s\n", ypml->ypml_name, master);
free(master);
break;
default:
warnx("can't find the master of %s: reason: %s",
ypml->ypml_name, yperr_string(r));
break;
}
y = ypml->ypml_next;
free(ypml);
}
break;
case YPERR_YPBIND:
errx(ERR_NOYPBIND, "not running ypbind");
default:
errx(ERR_NOMASTER, "can't get map list for domain %s: reason: %s",
domnam, yperr_string(r));
}
exit(0);
}
VALUE
rb_yperr_string(VALUE self, VALUE err)
{
return rb_tainted_str_new2(yperr_string(FIX2INT(err)));
};
