int _yppasswd(char *oldpass, struct x_passwd *newpw) { char *server; char *domain; int rval, result; struct yppasswd yppasswd; yppasswd.newpw = *newpw; yppasswd.oldpass = oldpass; if (yp_get_default_domain(&domain)) return (-1); if (yp_master(domain, "passwd.byname", &server)) return(-1); rval = getrpcport(server, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); if (rval == 0 || rval >= IPPORT_RESERVED) { free(server); return(-1); } rval = callrpc(server, YPPASSWDPROG, YPPASSWDVERS, YPPASSWDPROC_UPDATE, (xdrproc_t)xdr_yppasswd, (char *)&yppasswd, (xdrproc_t)xdr_int, (char *)&result); free(server); if (rval || result) return(-1); else return(0); }
static char *getNISserver(pam_handle_t *pamh) { char *master; char *domainname; int port, err; if ((err = yp_get_default_domain(&domainname)) != 0) { _log_err(LOG_WARNING, pamh, "can't get local yp domain: %s\n", yperr_string(err)); return NULL; } if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) { _log_err(LOG_WARNING, pamh, "can't find the master ypserver: %s\n", yperr_string(err)); return NULL; } port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); if (port == 0) { _log_err(LOG_WARNING, pamh, "yppasswdd not running on NIS master host\n"); return NULL; } if (port >= IPPORT_RESERVED) { _log_err(LOG_WARNING, pamh, "yppasswd daemon running on illegal port.\n"); return NULL; } return master; }
int main(int argc, char *argv[]) { char *domainname; char *hostname = NULL; char *inmap, *master; int order; int c, r, tcp = 0; (void)yp_get_default_domain(&domainname); while ((c = getopt(argc, argv, "Th:d:")) != -1) { switch (c) { case 'T': tcp = 1; break; case 'd': domainname = optarg; break; case 'h': hostname = optarg; break; default: usage(); /*NOTREACHED*/ } } if (domainname == NULL) errx(1, "YP domain name not set"); argc -= optind; argv += optind; if (argc != 1) usage(); inmap = argv[0]; if (hostname != NULL) r = get_remote_info(domainname, inmap, hostname, &order, &master, tcp); else { r = yp_order(domainname, inmap, &order); if (r == 0) r = yp_master(domainname, inmap, &master); } if (r != 0) errx(1, "no such map %s. Reason: %s", inmap, yperr_string(r)); (void)printf("Map %s has order number %d. %s", inmap, order, ctime((void *)&order)); (void)printf("The master server is %s.\n", master); return 0; }
/*! @decl string server(string map) *! *! Returns the hostname of the server serving the map @[map]. @[map] *! is the YP-map to search in. This must be the full map name. *! eg @tt{passwd.byname@} instead of just @tt{passwd@}. */ static void f_server(INT32 args) { int err; char *ret, *map; get_all_args(NULL, args, "%s", &map); err = yp_master(this->domain, map, &ret); YPERROR( err ); pop_n_elems( args ); push_text( ret ); }
/* * Careful: yp_master() returns a pointer to a dynamically allocated * buffer. Calling ypproc_master_2() ourselves also returns a pointer * to dynamically allocated memory, though this time it's memory * allocated by the XDR routines. We have to rememver to free() or * xdr_free() the memory as required to avoid leaking memory. */ char * ypxfr_get_master(char *domain, char *map, char *source, const int yplib) { static char mastername[MAXPATHLEN + 2]; bzero((char *)&mastername, sizeof(mastername)); if (yplib) { int res; char *master; if ((res = yp_master(domain, map, &master))) { switch (res) { case YPERR_DOMAIN: yp_errno = YPXFR_NODOM; break; case YPERR_MAP: yp_errno = YPXFR_NOMAP; break; case YPERR_YPERR: default: yp_errno = YPXFR_YPERR; break; } return(NULL); } else { snprintf(mastername, sizeof(mastername), "%s", master); free(master); return((char *)&mastername); } } else { CLIENT *clnt; ypresp_master *resp; ypreq_nokey req; if ((clnt = clnt_create(source,YPPROG,YPVERS,"udp")) == NULL) { yp_error("%s",clnt_spcreateerror("failed to \ create udp handle to ypserv")); yp_errno = YPXFR_RPC; return(NULL); } req.map = map; req.domain = domain; if ((resp = ypproc_master_2(&req, clnt)) == NULL) { yp_error("%s",clnt_sperror(clnt,"YPPROC_MASTER \ failed")); clnt_destroy(clnt); yp_errno = YPXFR_RPC; return(NULL); }
static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) { char *master; char *domainname; int port, err; #ifdef HAVE_YP_GET_DEFAULT_DOMAIN if ((err = yp_get_default_domain(&domainname)) != 0) { pam_syslog(pamh, LOG_WARNING, "can't get local yp domain: %s", yperr_string(err)); return NULL; } #elif defined(HAVE_GETDOMAINNAME) char domainname_res[256]; if (getdomainname (domainname_res, sizeof (domainname_res)) == 0) { if (strcmp (domainname_res, "(none)") == 0) { /* If domainname is not set, some systems will return "(none)" */ domainname_res[0] = '\0'; } domainname = domainname_res; } else domainname = NULL; #endif if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) { pam_syslog(pamh, LOG_WARNING, "can't find the master ypserver: %s", yperr_string(err)); return NULL; } port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); if (port == 0) { pam_syslog(pamh, LOG_WARNING, "yppasswdd not running on NIS master host"); return NULL; } if (port >= IPPORT_RESERVED) { pam_syslog(pamh, LOG_WARNING, "yppasswd daemon running on illegal port"); return NULL; } if (on(UNIX_DEBUG, ctrl)) { pam_syslog(pamh, LOG_DEBUG, "Use NIS server on %s with port %d", master, port); } return master; }
VALUE rb_yp_master(VALUE self, VALUE domain, VALUE map) { int res; char *master; VALUE obj; if( domain == Qnil ) { domain = rb_yp_get_default_domain(self); }; res = yp_master(STR2CSTR(domain), STR2CSTR(map), &master); rb_yp_check_yperr(res); obj = rb_tainted_str_new2(master); free(master); return obj; };
int nis_init(char *map, time_t *tp) { int order; int yp_order_result; char *master; if (!domain) { int error = determine_nis_domain(); if (error) return error; } /* * To see if the map exists, try to find * a master for it. */ yp_order_result = yp_order(domain, map, &order); switch (yp_order_result) { case 0: has_yp_order = TRUE; *tp = (time_t)order; #ifdef DEBUG dlog("NIS master for %s@%s has order %d", map, domain, order); #endif break; case YPERR_YPERR: plog(XLOG_ERROR, "%s: %s", map, "NIS+ server"); /* NIS+ server found ! */ has_yp_order = FALSE; /* try yp_master() instead */ if (yp_master(domain, map, &master)) return ENOENT; else *tp = time(NULL); /* Use fake timestamps */ break; default: return ENOENT; } return 0; }
static nismaplist * nis_maplist (void) { nisresp_maplist *list; char *dom; CLIENT *cl, *clnt_create(); char *server = NULL; int mapi = 0; int err; if ((err = yp_get_default_domain (&dom)) != 0) { nis_error(err); return NULL; } while (!server && aliases[mapi].map != 0L) { yp_master (dom, aliases[mapi].map, &server); mapi++; } if (!server) { PyErr_SetString(NisError, "No NIS master found for any map"); return NULL; } cl = clnt_create(server, YPPROG, YPVERS, "tcp"); if (cl == NULL) { PyErr_SetString(NisError, clnt_spcreateerror(server)); goto finally; } list = nisproc_maplist_2 (&dom, cl); clnt_destroy(cl); if (list == NULL) goto finally; if (list->stat != NIS_TRUE) goto finally; free(server); return list->maps; finally: free(server); return NULL; }
int ypclnt_connect(ypclnt_t *ypclnt) { int r; /* get default domain name unless specified */ if (ypclnt->domain == NULL) { if ((ypclnt->domain = malloc(MAXHOSTNAMELEN)) == NULL) { ypclnt_error(ypclnt, __func__, "%s", strerror(errno)); return (-1); } if (getdomainname(ypclnt->domain, MAXHOSTNAMELEN) != 0) { ypclnt_error(ypclnt, __func__, "can't get NIS domain name"); return (-1); } } /* map must be specified */ if (ypclnt->map == NULL) { ypclnt_error(ypclnt, __func__, "caller must specify map name"); return (-1); } /* get master server for requested map unless specified */ if (ypclnt->server == NULL) { r = yp_master(ypclnt->domain, ypclnt->map, &ypclnt->server); if (r != 0) { ypclnt_error(ypclnt, __func__, "can't get NIS server name: %s", yperr_string(r)); return (-1); } } ypclnt_error(ypclnt, NULL, NULL); return (0); }
/* * chfn - change a user's password file information * * This command controls the GECOS field information in the password * file entry. * * The valid options are * * -f full name * -r room number * -w work phone number * -h home phone number * -o other information (*) * * (*) requires root permission to execute. */ int main (int argc, char **argv) { const struct passwd *pw; /* password file entry */ char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */ char *user; /* * Get the program name. The program name is used as a * prefix to most error messages. */ Prog = Basename (argv[0]); sanitize_env (); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); /* * This command behaves different for root and non-root * users. */ amroot = (getuid () == 0); OPENLOG ("chfn"); /* parse the command line options */ process_flags (argc, argv); /* * Get the name of the user to check. It is either the command line * name, or the name getlogin() returns. */ if (optind < argc) { user = argv[optind]; pw = xgetpwnam (user); if (NULL == pw) { fprintf (stderr, _("%s: user '%s' does not exist\n"), Prog, user); fail_exit (E_NOPERM); } } else { pw = get_my_pwent (); if (NULL == pw) { fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)", (unsigned long) getuid ())); fail_exit (E_NOPERM); } user = xstrdup (pw->pw_name); } #ifdef USE_NIS /* * Now we make sure this is a LOCAL password entry for this user ... */ if (__ispwNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: cannot change user '%s' on NIS client.\n"), Prog, user); if (!yp_get_default_domain (&nis_domain) && !yp_master (nis_domain, "passwd.byname", &nis_master)) { fprintf (stderr, _ ("%s: '%s' is the NIS master for this client.\n"), Prog, nis_master); } fail_exit (E_NOPERM); } #endif /* Check that the caller is allowed to change the gecos of the * specified user */ check_perms (pw); /* If some fields were not set on the command line, load the value from * the old gecos fields. */ get_old_fields (pw->pw_gecos); /* * If none of the fields were changed from the command line, let the * user interactively change them. */ if (!fflg && !rflg && !wflg && !hflg && !oflg) { printf (_("Changing the user information for %s\n"), user); new_fields (); } /* * Check all of the fields for valid information */ check_fields (); /* * Build the new GECOS field by plastering all the pieces together, * if they will fit ... */ if ((strlen (fullnm) + strlen (roomno) + strlen (workph) + strlen (homeph) + strlen (slop)) > (unsigned int) 80) { fprintf (stderr, _("%s: fields too long\n"), Prog); fail_exit (E_NOPERM); } snprintf (new_gecos, sizeof new_gecos, "%s,%s,%s,%s%s%s", fullnm, roomno, workph, homeph, ('\0' != slop[0]) ? "," : "", slop); /* Rewrite the user's gecos in the passwd file */ update_gecos (user, new_gecos); SYSLOG ((LOG_INFO, "changed user '%s' information", user)); nscd_flush_cache ("passwd"); closelog (); exit (E_SUCCESS); }
int yp_update(char *domain, char *map, unsigned op, char *key, int keylen, char *data, int datalen) { struct ypupdate_args args; uint_t rslt; struct timeval total; CLIENT *client; char *ypmaster; char ypmastername[MAXNETNAMELEN+1]; enum clnt_stat stat; uint_t proc; switch (op) { case YPOP_DELETE: proc = YPU_DELETE; break; case YPOP_INSERT: proc = YPU_INSERT; break; case YPOP_CHANGE: proc = YPU_CHANGE; break; case YPOP_STORE: proc = YPU_STORE; break; default: return (YPERR_BADARGS); } if (yp_master(domain, map, &ypmaster) != 0) { debug("no master found"); return (YPERR_BADDB); } client = clnt_create(ypmaster, YPU_PROG, YPU_VERS, "circuit_n"); if (client == NULL) { #ifdef DEBUG /* CONSTCOND */ if (debugging) { clnt_pcreateerror("client create failed"); } #endif /* DEBUG */ free(ypmaster); return (YPERR_RPC); } if (!host2netname(ypmastername, ypmaster, domain)) { clnt_destroy(client); free(ypmaster); return (YPERR_BADARGS); } client->cl_auth = authdes_seccreate(ypmastername, WINDOW, ypmaster, NULL); free(ypmaster); if (client->cl_auth == NULL) { debug("auth create failed"); clnt_destroy(client); return (YPERR_RPC); } args.mapname = map; args.key.yp_buf_len = keylen; args.key.yp_buf_val = key; args.datum.yp_buf_len = datalen; args.datum.yp_buf_val = data; total.tv_sec = TOTAL_TIMEOUT; total.tv_usec = 0; clnt_control(client, CLSET_TIMEOUT, (char *)&total); stat = clnt_call(client, proc, xdr_ypupdate_args, (char *)&args, xdr_u_int, (char *)&rslt, total); if (stat != RPC_SUCCESS) { #ifdef DEBUG debug("ypupdate RPC call failed"); /* CONSTCOND */ if (debugging) clnt_perror(client, "ypupdate call failed"); #endif /* DEBUG */ rslt = YPERR_RPC; } auth_destroy(client->cl_auth); clnt_destroy(client); return (rslt); }
int pw_yp(struct passwd *pw, uid_t uid) { char uidbuf[20], gidbuf[20], *master, *p; int r, rpcport, status, alen; struct yppasswd yppasswd; struct timeval tv; CLIENT *client; /* * Get local domain */ if (!domain && (r = yp_get_default_domain(&domain))) { fprintf(stderr, "%s: can't get local YP domain. Reason: %s\n", __progname, yperr_string(r)); return(0); } /* * Find the host for the passwd map; it should be running * the daemon. */ if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { fprintf(stderr, "%s: can't find the master YP server. Reason: %s\n", __progname, yperr_string(r)); return(0); } /* * Ask the portmapper for the port of the daemon. */ if ((rpcport = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { fprintf(stderr, "%s: master YP server not running yppasswd daemon.\n", __progname); fprintf(stderr, "\tCan't change password.\n"); return(0); } /* * Be sure the port is privileged */ if (rpcport >= IPPORT_RESERVED) { (void)fprintf(stderr, "%s: yppasswd daemon running on an invalid port.\n", __progname); return(0); } /* prompt for old password */ bzero(&yppasswd, sizeof yppasswd); yppasswd.oldpass = "******"; yppasswd.oldpass = getpass("Old password:"******"Cancelled.\n"); return(0); } for (alen = 0, p = pw->pw_gecos; *p; p++) if (*p == '&') alen = alen + strlen(pw->pw_name) - 1; (void)snprintf(uidbuf, sizeof uidbuf, "%u", pw->pw_uid); (void)snprintf(gidbuf, sizeof gidbuf, "%u", pw->pw_gid); if (strlen(pw->pw_name) + 1 + strlen(pw->pw_passwd) + 1 + strlen(uidbuf) + 1 + strlen(gidbuf) + 1 + strlen(pw->pw_gecos) + alen + 1 + strlen(pw->pw_dir) + 1 + strlen(pw->pw_shell) >= 1023) { warnx("entries too long"); return (0); } /* tell rpc.yppasswdd */ yppasswd.newpw.pw_name = pw->pw_name; yppasswd.newpw.pw_passwd= pw->pw_passwd; yppasswd.newpw.pw_uid = pw->pw_uid; yppasswd.newpw.pw_gid = pw->pw_gid; yppasswd.newpw.pw_gecos = pw->pw_gecos; yppasswd.newpw.pw_dir = pw->pw_dir; yppasswd.newpw.pw_shell = pw->pw_shell; client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); if (client==NULL) { fprintf(stderr, "can't contact yppasswdd on %s: Reason: %s\n", master, yperr_string(YPERR_YPBIND)); return(1); } client->cl_auth = authunix_create_default(); tv.tv_sec = 5; tv.tv_usec = 0; r = clnt_call(client, YPPASSWDPROC_UPDATE, xdr_yppasswd, &yppasswd, xdr_int, &status, tv); if (r) { fprintf(stderr, "%s: rpc to yppasswdd failed. %d\n", __progname, r); clnt_destroy(client); return(1); } else if (status) { printf("Couldn't change YP password information.\n"); clnt_destroy(client); return(1); } printf("The YP password information has been changed on %s, the master YP passwd server.\n", master); clnt_destroy(client); return(0); }
int main(int argc, char **argv) { char name[MAXNETNAMELEN+1]; char public[HEXKEYBYTES + 1]; char secret[HEXKEYBYTES + 1]; char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; int status; char *pass; struct passwd *pw; uid_t uid; int force = 0; int ch; #ifdef YP char *master; #endif while ((ch = getopt(argc, argv, "f")) != -1) switch(ch) { case 'f': force = 1; break; default: usage(); } argc -= optind; argv += optind; if (argc != 0) usage(); #ifdef YP yp_get_default_domain(&domain); if (yp_master(domain, PKMAP, &master) != 0) errx(1, "can't find master of publickey database"); #endif uid = getuid() /*geteuid()*/; if (uid == 0) { if (host2netname(name, NULL, NULL) == 0) errx(1, "cannot convert hostname to netname"); } else { if (user2netname(name, uid, NULL) == 0) errx(1, "cannot convert username to netname"); } printf("Generating new key for %s.\n", name); if (!force) { if (uid != 0) { #ifdef YPPASSWD pw = ypgetpwuid(uid); #else pw = getpwuid(uid); #endif if (pw == NULL) { #ifdef YPPASSWD errx(1, "no NIS password entry found: can't change key"); #else errx(1, "no password entry found: can't change key"); #endif } } else { pw = getpwuid(0); if (pw == NULL) errx(1, "no password entry found: can't change key"); } } pass = getpass("Password:"******"invalid password"); } #else force = 1; /* Make this mandatory */ #endif genkeys(public, secret, pass); memcpy(crypt1, secret, HEXKEYBYTES); memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE); crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0; xencrypt(crypt1, pass); if (force) { memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1); xdecrypt(crypt2, getpass("Retype password:"******"password incorrect"); } #ifdef YP printf("Sending key change request to %s...\n", master); #endif status = setpublicmap(name, public, crypt1); if (status != 0) { #ifdef YP errx(1, "unable to update NIS database (%u): %s", status, yperr_string(status)); #else errx(1, "unable to update publickey database"); #endif } if (uid == 0) { /* * Root users store their key in /etc/$ROOTKEY so * that they can auto reboot without having to be * around to type a password. Storing this in a file * is rather dubious: it should really be in the EEPROM * so it does not go over the net. */ int fd; fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0); if (fd < 0) { warn("%s", ROOTKEY); } else { char newline = '\n'; if (write(fd, secret, strlen(secret)) < 0 || write(fd, &newline, sizeof(newline)) < 0) warn("%s: write", ROOTKEY); } } if (key_setsecret(secret) < 0) errx(1, "unable to login with new secret key"); printf("Done.\n"); exit(0); /* NOTREACHED */ }
int yp_passwd(char *username) { struct yppasswd yppwd; int r, rpcport, status, secure=0; struct passwd *pw; struct timeval tv; login_cap_t *lc; CLIENT *client; char *master; uid_t uid; /* * Get local domain */ if ((r = yp_get_default_domain(&domain)) != 0) { warnx("can't get local YP domain. Reason: %s", yperr_string(r)); return (1); } /* * Find the host for the passwd map; it should be running * the daemon. */ if ((r = yp_master(domain, "master.passwd.byname", &master)) == 0) { secure=1; } else if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { warnx("can't find the master YP server. Reason: %s", yperr_string(r)); return (1); } /* * Ask the portmapper for the port of the daemon. */ if ((rpcport = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { warnx("master YP server not running yppasswd daemon."); warnx("Can't change password."); return (1); } /* * Be sure the port is privileged */ if (rpcport >= IPPORT_RESERVED) { warnx("yppasswd daemon is on an invalid port."); return (1); } /* Get user's login identity */ if (!(pw = ypgetpwnam(username, secure))) { warnx("unknown user %s.", username); return (1); } if ((lc = login_getclass(pw->pw_class)) == NULL) { warnx("unable to get login class for user %s.", username); return (1); } uid = getuid(); if (uid && uid != pw->pw_uid) { warnx("you may only change your own password: %s", strerror(EACCES)); return (1); } /* prompt for new password */ yppwd.newpw.pw_passwd = ypgetnewpasswd(pw, lc, &yppwd.oldpass); /* tell rpc.yppasswdd */ yppwd.newpw.pw_name = pw->pw_name; yppwd.newpw.pw_uid = pw->pw_uid; yppwd.newpw.pw_gid = pw->pw_gid; yppwd.newpw.pw_gecos = pw->pw_gecos; yppwd.newpw.pw_dir = pw->pw_dir; yppwd.newpw.pw_shell = pw->pw_shell; client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); if (client==NULL) { warnx("cannot contact yppasswdd on %s: Reason: %s", master, yperr_string(YPERR_YPBIND)); free(yppwd.newpw.pw_passwd); return (YPERR_YPBIND); } client->cl_auth = authunix_create_default(); tv.tv_sec = 2; tv.tv_usec = 0; r = clnt_call(client, YPPASSWDPROC_UPDATE, xdr_yppasswd, &yppwd, xdr_int, &status, tv); if (r) { printf("rpc to yppasswdd failed.\n"); free(yppwd.newpw.pw_passwd); return (1); } else if (status) { printf("Couldn't change YP password.\n"); free(yppwd.newpw.pw_passwd); return (1); } else { printf("The YP password has been changed on %s, " "the master YP passwd server.\n", master); free(yppwd.newpw.pw_passwd); return (0); } }
void yp_chpass(char *username) { char *master; int r, rpcport, status; struct yppasswd yppasswd; struct passwd *pw; struct timeval tv; CLIENT *client; extern char *domain; (void)signal(SIGINT, kbintr); (void)signal(SIGQUIT, kbintr); if ((r = yp_get_default_domain(&domain)) != 0) { warnx("can't get local YP domain. Reason: %s", yperr_string(r)); exit(1); } /* * Find the host for the passwd map; it should be running * the daemon. */ if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { warnx("can't find the master YP server. Reason: %s", yperr_string(r)); exit(1); } /* Ask the portmapper for the port of the daemon. */ if ((rpcport = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { warnx("master YP server not running yppasswd daemon."); warnx("Can't change password."); exit(1); } if (rpcport >= IPPORT_RESERVED) { warnx("yppasswd daemon is on an invalid port."); exit(1); } /* If user doesn't exist, just prompt for old password and exit. */ pw = ypgetpwnam(username); if (pw) { if (pw->pw_uid == 0) { syslog(LOG_ERR, "attempted root password change"); pw = NULL; } else if (*pw->pw_passwd == '\0') { syslog(LOG_ERR, "%s attempting to add password", username); pw = NULL; } } if (pw == NULL) { char *p, salt[_PASSWORD_LEN + 1]; login_cap_t *lc; /* no such user, get appropriate salt to thwart timing attack */ if ((p = getpass("Old password:"******"xx", sizeof(salt)); crypt(p, salt); memset(p, 0, strlen(p)); } warnx("YP passwd database unchanged."); exit(1); } /* prompt for new password */ yppasswd.newpw.pw_passwd = ypgetnewpasswd(pw, &yppasswd.oldpass); /* tell rpc.yppasswdd */ yppasswd.newpw.pw_name = pw->pw_name; yppasswd.newpw.pw_uid = pw->pw_uid; yppasswd.newpw.pw_gid = pw->pw_gid; yppasswd.newpw.pw_gecos = pw->pw_gecos; yppasswd.newpw.pw_dir = pw->pw_dir; yppasswd.newpw.pw_shell = pw->pw_shell; client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); if (client == NULL) { warnx("cannot contact yppasswdd on %s: Reason: %s", master, yperr_string(YPERR_YPBIND)); free(yppasswd.newpw.pw_passwd); exit(1); } client->cl_auth = authunix_create_default(); tv.tv_sec = 2; tv.tv_usec = 0; r = clnt_call(client, YPPASSWDPROC_UPDATE, xdr_yppasswd, &yppasswd, xdr_int, &status, tv); if (r) warnx("rpc to yppasswdd failed."); else if (status) { printf("Couldn't change YP password.\n"); free(yppasswd.newpw.pw_passwd); exit(1); } printf("The YP password has been changed on %s, the master YP passwd server.\n", master); free(yppasswd.newpw.pw_passwd); (void)writev(BACK_CHANNEL, iov, 2); exit(0); }
int main(int argc, char *argv[]) { char *domnam = NULL, *master; char *map = NULL; struct ypmaplist *ypml, *y; struct hostent *hent; struct sockaddr_in lsin; int notrans, mode; int c, r; u_int i; notrans = mode = 0; while ((c = getopt(argc, argv, "xd:mt")) != -1) switch (c) { case 'x': for (i = 0; i<sizeof ypaliases/sizeof ypaliases[0]; i++) printf("\"%s\" is an alias for \"%s\"\n", ypaliases[i].alias, ypaliases[i].name); exit(0); case 'd': domnam = optarg; break; case 't': notrans++; break; case 'm': mode++; break; default: usage(); } if (!domnam) yp_get_default_domain(&domnam); if (mode == 0) { switch (argc-optind) { case 0: bzero(&lsin, sizeof lsin); lsin.sin_family = AF_INET; lsin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); if (bind_host(domnam, &lsin)) exit(ERR_NOBINDING); break; case 1: bzero(&lsin, sizeof lsin); lsin.sin_family = AF_INET; if ((lsin.sin_addr.s_addr = inet_addr(argv[optind])) == INADDR_NONE) { hent = gethostbyname(argv[optind]); if (!hent) errx(ERR_NOSUCHHOST, "host %s unknown", argv[optind]); bcopy((char *)hent->h_addr_list[0], (char *)&lsin.sin_addr, sizeof lsin.sin_addr); } if (bind_host(domnam, &lsin)) exit(ERR_NOBINDING); break; default: usage(); } exit(0); } if (argc-optind > 1) usage(); if (argv[optind]) { map = argv[optind]; for (i = 0; (!notrans) && i<sizeof ypaliases/sizeof ypaliases[0]; i++) if (strcmp(map, ypaliases[i].alias) == 0) map = ypaliases[i].name; r = yp_master(domnam, map, &master); switch (r) { case 0: printf("%s\n", master); free(master); break; case YPERR_YPBIND: errx(ERR_NOYPBIND, "not running ypbind"); default: errx(ERR_NOMASTER, "can't find master for map %s: reason: %s", map, yperr_string(r)); } exit(0); } ypml = NULL; r = yp_maplist(domnam, &ypml); switch (r) { case 0: for (y = ypml; y;) { ypml = y; r = yp_master(domnam, ypml->ypml_name, &master); switch (r) { case 0: printf("%s %s\n", ypml->ypml_name, master); free(master); break; default: warnx("can't find the master of %s: reason: %s", ypml->ypml_name, yperr_string(r)); break; } y = ypml->ypml_next; free(ypml); } break; case YPERR_YPBIND: errx(ERR_NOYPBIND, "not running ypbind"); default: errx(ERR_NOMASTER, "can't get map list for domain %s: reason: %s", domnam, yperr_string(r)); } exit(0); }
/* * process_flags - perform command line argument setting * * process_flags() interprets the command line arguments and sets the * values that the user will be created with accordingly. The values * are checked for sanity. */ static void process_flags (int argc, char **argv) { const struct group *grp; const struct passwd *pwd; const struct spwd *spwd = NULL; int anyflag = 0; int arg; if (argc == 1 || argv[argc - 1][0] == '-') usage (); if (!(pwd = getpwnam (argv[argc - 1]))) { fprintf (stderr, _("%s: user %s does not exist\n"), Prog, argv[argc - 1]); exit (E_NOTFOUND); } user_name = argv[argc - 1]; user_id = pwd->pw_uid; user_gid = pwd->pw_gid; user_comment = xstrdup (pwd->pw_gecos); user_home = xstrdup (pwd->pw_dir); user_shell = xstrdup (pwd->pw_shell); #ifdef WITH_AUDIT user_newname = user_name; user_newid = user_id; user_newgid = user_gid; user_newcomment = user_comment; user_newhome = user_home; user_newshell = user_shell; #endif #ifdef USE_NIS /* * Now make sure it isn't an NIS user. */ if (__ispwNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: user %s is a NIS user\n"), Prog, user_name); if (!yp_get_default_domain (&nis_domain) && !yp_master (nis_domain, "passwd.byname", &nis_master)) { fprintf (stderr, _("%s: %s is the NIS master\n"), Prog, nis_master); } exit (E_NOTFOUND); } #endif if (is_shadow_pwd && (spwd = getspnam (user_name))) { user_expire = spwd->sp_expire; user_inactive = spwd->sp_inact; #ifdef WITH_AUDIT user_newexpire = user_expire; user_newinactive = user_inactive; #endif } { /* * Parse the command line options. */ int c; static struct option long_options[] = { {"append", required_argument, NULL, 'a'}, {"comment", required_argument, NULL, 'c'}, {"home", required_argument, NULL, 'd'}, {"expiredate", required_argument, NULL, 'e'}, {"inactive", required_argument, NULL, 'f'}, {"gid", required_argument, NULL, 'g'}, {"groups", required_argument, NULL, 'G'}, {"help", no_argument, NULL, 'h'}, {"login", required_argument, NULL, 'l'}, {"lock", no_argument, NULL, 'L'}, {"move-home", no_argument, NULL, 'm'}, {"non-unique", no_argument, NULL, 'o'}, {"password", required_argument, NULL, 'p'}, {"shell", required_argument, NULL, 's'}, {"uid", required_argument, NULL, 'u'}, {"unlock", no_argument, NULL, 'U'}, {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, "ac:d:e:f:g:G:l:Lmop:s:u:U", long_options, NULL)) != -1) { switch (c) { case 'a': aflg++; break; case 'c': if (!VALID (optarg)) { fprintf (stderr, _("%s: invalid field `%s'\n"), Prog, optarg); exit (E_BAD_ARG); } #ifdef WITH_AUDIT user_newcomment = optarg; #else user_comment = optarg; #endif cflg++; break; case 'd': if (!VALID (optarg)) { fprintf (stderr, _("%s: invalid field `%s'\n"), Prog, optarg); exit (E_BAD_ARG); } dflg++; user_newhome = optarg; break; case 'e': if (*optarg) { #ifdef WITH_AUDIT user_newexpire = strtoday (optarg); if (user_newexpire == -1) { #else user_expire = strtoday (optarg); if (user_expire == -1) { #endif fprintf (stderr, _ ("%s: invalid date `%s'\n"), Prog, optarg); exit (E_BAD_ARG); } #ifdef WITH_AUDIT user_newexpire *= DAY / SCALE; #else user_expire *= DAY / SCALE; #endif } else #ifdef WITH_AUDIT user_newexpire = -1; #else user_expire = -1; #endif eflg++; break; case 'f': #ifdef WITH_AUDIT user_newinactive = get_number (optarg); #else user_inactive = get_number (optarg); #endif fflg++; break; case 'g': grp = getgr_nam_gid (optarg); if (!grp) { fprintf (stderr, _("%s: unknown group %s\n"), Prog, optarg); exit (E_NOTFOUND); } user_newgid = grp->gr_gid; gflg++; break; case 'G': if (get_groups (optarg)) exit (E_NOTFOUND); Gflg++; break; case 'l': if (!check_user_name (optarg)) { fprintf (stderr, _("%s: invalid field `%s'\n"), Prog, optarg); exit (E_BAD_ARG); } /* * If the name does not really change, we mustn't * set the flag as this will cause rather serious * problems later! */ if (strcmp (user_name, optarg)) lflg++; user_newname = optarg; break; case 'L': if (Uflg || pflg) usage (); Lflg++; break; case 'm': if (!dflg) usage (); mflg++; break; case 'o': if (!uflg) usage (); oflg++; break; case 'p': if (Lflg || Uflg) usage (); user_pass = optarg; pflg++; break; case 's': if (!VALID (optarg)) { fprintf (stderr, _("%s: invalid field `%s'\n"), Prog, optarg); exit (E_BAD_ARG); } #ifdef WITH_AUDIT user_newshell = optarg; #else user_shell = optarg; #endif sflg++; break; case 'u': user_newid = get_id (optarg); uflg++; break; case 'U': if (Lflg && pflg) usage (); Uflg++; break; default: usage (); } anyflag++; } } if (anyflag == 0) { fprintf (stderr, _("%s: no flags given\n"), Prog); exit (E_USAGE); } if (!is_shadow_pwd && (eflg || fflg)) { fprintf (stderr, _ ("%s: shadow passwords required for -e and -f\n"), Prog); exit (E_USAGE); } if (optind != argc - 1) usage (); if (aflg && (!Gflg)) { fprintf (stderr, _("%s: -a flag is ONLY allowed with the -G flag\n"), Prog); usage (); exit (E_USAGE); } if (dflg && strcmp (user_home, user_newhome) == 0) dflg = mflg = 0; if (uflg && user_id == user_newid) uflg = oflg = 0; if (lflg && getpwnam (user_newname)) { fprintf (stderr, _("%s: user %s exists\n"), Prog, user_newname); exit (E_NAME_IN_USE); } if (uflg && !oflg && getpwuid (user_newid)) { fprintf (stderr, _("%s: uid %lu is not unique\n"), Prog, (unsigned long) user_newid); exit (E_UID_IN_USE); } } /* * close_files - close all of the files that were opened * * close_files() closes all of the files that were opened for this new * user. This causes any modified entries to be written out. */ static void close_files (void) { if (!pw_close ()) { fprintf (stderr, _("%s: cannot rewrite password file\n"), Prog); fail_exit (E_PW_UPDATE); } if (is_shadow_pwd && !spw_close ()) { fprintf (stderr, _("%s: cannot rewrite shadow password file\n"), Prog); fail_exit (E_PW_UPDATE); } if (is_shadow_pwd) spw_unlock (); (void) pw_unlock (); /* * Close the DBM and/or flat files */ endpwent (); endspent (); endgrent (); #ifdef SHADOWGRP endsgent (); #endif } /* * open_files - lock and open the password files * * open_files() opens the two password files. */ static void open_files (void) { if (!pw_lock ()) { fprintf (stderr, _("%s: unable to lock password file\n"), Prog); exit (E_PW_UPDATE); } if (!pw_open (O_RDWR)) { fprintf (stderr, _("%s: unable to open password file\n"), Prog); fail_exit (E_PW_UPDATE); } if (is_shadow_pwd && !spw_lock ()) { fprintf (stderr, _("%s: cannot lock shadow password file\n"), Prog); fail_exit (E_PW_UPDATE); } if (is_shadow_pwd && !spw_open (O_RDWR)) { fprintf (stderr, _("%s: cannot open shadow password file\n"), Prog); fail_exit (E_PW_UPDATE); } } /* * usr_update - create the user entries * * usr_update() creates the password file entries for this user and * will update the group entries if required. */ static void usr_update (void) { struct passwd pwent; const struct passwd *pwd; struct spwd spent; const struct spwd *spwd = NULL; /* * Locate the entry in /etc/passwd, which MUST exist. */ pwd = pw_locate (user_name); if (!pwd) { fprintf (stderr, _("%s: %s not found in /etc/passwd\n"), Prog, user_name); fail_exit (E_NOTFOUND); } pwent = *pwd; new_pwent (&pwent); /* * Locate the entry in /etc/shadow. It doesn't have to exist, and * won't be created if it doesn't. */ if (is_shadow_pwd && (spwd = spw_locate (user_name))) { spent = *spwd; new_spent (&spent); } if (lflg || uflg || gflg || cflg || dflg || sflg || pflg || Lflg || Uflg) { if (!pw_update (&pwent)) { fprintf (stderr, _("%s: error changing password entry\n"), Prog); fail_exit (E_PW_UPDATE); } if (lflg && !pw_remove (user_name)) { fprintf (stderr, _("%s: error removing password entry\n"), Prog); fail_exit (E_PW_UPDATE); } } if (spwd && (lflg || eflg || fflg || pflg || Lflg || Uflg)) { if (!spw_update (&spent)) { fprintf (stderr, _ ("%s: error adding new shadow password entry\n"), Prog); fail_exit (E_PW_UPDATE); } if (lflg && !spw_remove (user_name)) { fprintf (stderr, _ ("%s: error removing shadow password entry\n"), Prog); fail_exit (E_PW_UPDATE); } } } /* * move_home - move the user's home directory * * move_home() moves the user's home directory to a new location. The * files will be copied if the directory cannot simply be renamed. */ static void move_home (void) { struct stat sb; if (mflg && stat (user_home, &sb) == 0) { /* * Don't try to move it if it is not a directory * (but /dev/null for example). --marekm */ if (!S_ISDIR (sb.st_mode)) return; if (access (user_newhome, F_OK) == 0) { fprintf (stderr, _("%s: directory %s exists\n"), Prog, user_newhome); fail_exit (E_HOMEDIR); } else if (rename (user_home, user_newhome)) { if (errno == EXDEV) { if (mkdir (user_newhome, sb.st_mode & 0777)) { fprintf (stderr, _ ("%s: can't create %s\n"), Prog, user_newhome); } if (chown (user_newhome, sb.st_uid, sb.st_gid)) { fprintf (stderr, _("%s: can't chown %s\n"), Prog, user_newhome); rmdir (user_newhome); fail_exit (E_HOMEDIR); } if (copy_tree (user_home, user_newhome, uflg ? user_newid : -1, gflg ? user_newgid : -1) == 0) { if (remove_tree (user_home) != 0 || rmdir (user_home) != 0) fprintf (stderr, _ ("%s: warning: failed to completely remove old home directory %s"), Prog, user_home); #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "moving home directory", user_newname, user_newid, 1); #endif return; } (void) remove_tree (user_newhome); (void) rmdir (user_newhome); } fprintf (stderr, _ ("%s: cannot rename directory %s to %s\n"), Prog, user_home, user_newhome); fail_exit (E_HOMEDIR); } #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "moving home directory", user_newname, user_newid, 1); #endif } if (uflg || gflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "changing home directory owner", user_newname, user_newid, 1); #endif chown (dflg ? user_newhome : user_home, uflg ? user_newid : user_id, gflg ? user_newgid : user_gid); } } /* * update_files - update the lastlog and faillog files */ static void update_files (void) { struct lastlog ll; struct faillog fl; int fd; /* * Relocate the "lastlog" entries for the user. The old entry is * left alone in case the UID was shared. It doesn't hurt anything * to just leave it be. */ if ((fd = open (LASTLOG_FILE, O_RDWR)) != -1) { lseek (fd, (off_t) user_id * sizeof ll, SEEK_SET); if (read (fd, (char *) &ll, sizeof ll) == sizeof ll) { lseek (fd, (off_t) user_newid * sizeof ll, SEEK_SET); write (fd, (char *) &ll, sizeof ll); } close (fd); } /* * Relocate the "faillog" entries in the same manner. */ if ((fd = open (FAILLOG_FILE, O_RDWR)) != -1) { lseek (fd, (off_t) user_id * sizeof fl, SEEK_SET); if (read (fd, (char *) &fl, sizeof fl) == sizeof fl) { lseek (fd, (off_t) user_newid * sizeof fl, SEEK_SET); write (fd, (char *) &fl, sizeof fl); } close (fd); } } #ifndef NO_MOVE_MAILBOX /* * This is the new and improved code to carefully chown/rename the user's * mailbox. Maybe I am too paranoid but the mail spool dir sometimes * happens to be mode 1777 (this makes mail user agents work without * being setgid mail, but is NOT recommended; they all should be fixed * to use movemail). --marekm */ static void move_mailbox (void) { const char *maildir; char mailfile[1024], newmailfile[1024]; int fd; struct stat st; maildir = getdef_str ("MAIL_DIR"); #ifdef MAIL_SPOOL_DIR if (!maildir && !getdef_str ("MAIL_FILE")) maildir = MAIL_SPOOL_DIR; #endif if (!maildir) return; /* * O_NONBLOCK is to make sure open won't hang on mandatory locks. * We do fstat/fchown to make sure there are no races (someone * replacing /var/spool/mail/luser with a hard link to /etc/passwd * between stat and chown). --marekm */ snprintf (mailfile, sizeof mailfile, "%s/%s", maildir, user_name); fd = open (mailfile, O_RDONLY | O_NONBLOCK, 0); if (fd < 0) { /* no need for warnings if the mailbox doesn't exist */ if (errno != ENOENT) perror (mailfile); return; } if (fstat (fd, &st) < 0) { perror ("fstat"); close (fd); return; } if (st.st_uid != user_id) { /* better leave it alone */ fprintf (stderr, _("%s: warning: %s not owned by %s\n"), Prog, mailfile, user_name); close (fd); return; } if (uflg) { if (fchown (fd, user_newid, (gid_t) - 1) < 0) { perror (_("failed to change mailbox owner")); } #ifdef WITH_AUDIT else { audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "changing mail file owner", user_newname, user_newid, 1); } #endif } close (fd); if (lflg) { snprintf (newmailfile, sizeof newmailfile, "%s/%s", maildir, user_newname); if (link (mailfile, newmailfile) || unlink (mailfile)) { perror (_("failed to rename mailbox")); } #ifdef WITH_AUDIT else { audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "changing mail file name", user_newname, user_newid, 1); } #endif } } #endif /* * main - usermod command */ int main (int argc, char **argv) { int grp_err = 0; #ifdef USE_PAM pam_handle_t *pamh = NULL; struct passwd *pampw; int retval; #endif #ifdef WITH_AUDIT audit_help_open (); #endif /* * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); sys_ngroups = sysconf (_SC_NGROUPS_MAX); user_groups = malloc ((1 + sys_ngroups) * sizeof (char *)); user_groups[0] = (char *) 0; OPENLOG ("usermod"); is_shadow_pwd = spw_file_present (); #ifdef SHADOWGRP is_shadow_grp = sgr_file_present (); #endif process_flags (argc, argv); #ifdef USE_PAM retval = PAM_SUCCESS; pampw = getpwuid (getuid ()); if (pampw == NULL) { retval = PAM_USER_UNKNOWN; } if (retval == PAM_SUCCESS) { retval = pam_start ("usermod", pampw->pw_name, &conv, &pamh); } if (retval == PAM_SUCCESS) { retval = pam_authenticate (pamh, 0); if (retval != PAM_SUCCESS) { pam_end (pamh, retval); } } if (retval == PAM_SUCCESS) { retval = pam_acct_mgmt (pamh, 0); if (retval != PAM_SUCCESS) { pam_end (pamh, retval); } } if (retval != PAM_SUCCESS) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (1); } #endif /* USE_PAM */ /* * Do the hard stuff - open the files, change the user entries, * change the home directory, then close and update the files. */ open_files (); usr_update (); nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); close_files (); if (Gflg || lflg) grp_err = grp_update (); if (mflg) move_home (); #ifndef NO_MOVE_MAILBOX if (lflg || uflg) move_mailbox (); #endif if (uflg) { update_files (); /* * Change the UID on all of the files owned by `user_id' to * `user_newid' in the user's home directory. */ chown_tree (dflg ? user_newhome : user_home, user_id, user_newid, user_gid, gflg ? user_newgid : user_gid); } if (grp_err) exit (E_GRP_UPDATE); #ifdef USE_PAM if (retval == PAM_SUCCESS) pam_end (pamh, PAM_SUCCESS); #endif /* USE_PAM */ exit (E_SUCCESS); /* NOT REACHED */ }
/* * main - groupmod command * */ int main (int argc, char **argv) { #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM pam_handle_t *pamh = NULL; int retval; #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ /* * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); OPENLOG ("groupmod"); #ifdef WITH_AUDIT audit_help_open (); #endif if (atexit (do_cleanups) != 0) { fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); exit (1); } process_flags (argc, argv); #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM { struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (NULL == pampw) { fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); exit (1); } retval = pam_start ("groupmod", pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); } if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); } if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM: %s\n"), Prog, pam_strerror (pamh, retval)); SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); if (NULL != pamh) { (void) pam_end (pamh, retval); } exit (1); } (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ #ifdef SHADOWGRP is_shadow_grp = sgr_file_present (); #endif { struct group *grp; /* * Start with a quick check to see if the group exists. */ grp = getgrnam (group_name); /* local, no need for xgetgrnam */ if (NULL == grp) { fprintf (stderr, _("%s: group '%s' does not exist\n"), Prog, group_name); exit (E_NOTFOUND); } else { group_id = grp->gr_gid; } } #ifdef USE_NIS /* * Now make sure it isn't an NIS group. */ if (__isgrNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: group %s is a NIS group\n"), Prog, group_name); if (!yp_get_default_domain (&nis_domain) && !yp_master (nis_domain, "group.byname", &nis_master)) { fprintf (stderr, _("%s: %s is the NIS master\n"), Prog, nis_master); } exit (E_NOTFOUND); } #endif if (gflg) { check_new_gid (); } if (nflg) { check_new_name (); } lock_files (); /* * Now if the group is not changed, it's our fault. * Make sure failures will be reported. */ prepare_failure_reports (); /* * Do the hard stuff - open the files, create the group entries, * then close and update the files. */ open_files (); grp_update (); close_files (); nscd_flush_cache ("group"); return E_SUCCESS; }
/* * chfn - change a user's password file information * * This command controls the GECOS field information in the password * file entry. * * The valid options are * * -f full name * -r room number * -w work phone number * -h home phone number * -o other information (*) * * (*) requires root permission to execute. */ int main (int argc, char **argv) { char *cp; /* temporary character pointer */ const struct passwd *pw; /* password file entry */ struct passwd pwent; /* modified password file entry */ char old_gecos[BUFSIZ]; /* buffer for old GECOS fields */ char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */ int flag; /* flag currently being processed */ int fflg = 0; /* -f - set full name */ int rflg = 0; /* -r - set room number */ int wflg = 0; /* -w - set work phone number */ int hflg = 0; /* -h - set home phone number */ int oflg = 0; /* -o - set other information */ char *user; #ifdef USE_PAM pam_handle_t *pamh = NULL; struct passwd *pampw; int retval; #endif sanitize_env (); setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); /* * This command behaves different for root and non-root * users. */ amroot = (getuid () == 0); /* * Get the program name. The program name is used as a * prefix to most error messages. */ Prog = Basename (argv[0]); OPENLOG ("chfn"); /* * The remaining arguments will be processed one by one and executed * by this command. The name is the last argument if it does not * begin with a "-", otherwise the name is determined from the * environment and must agree with the real UID. Also, the UID will * be checked for any commands which are restricted to root only. */ while ((flag = getopt (argc, argv, "f:r:w:h:o:")) != EOF) { switch (flag) { case 'f': if (!may_change_field ('f')) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); exit (E_NOPERM); } fflg++; STRFCPY (fullnm, optarg); break; case 'h': if (!may_change_field ('h')) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); exit (E_NOPERM); } hflg++; STRFCPY (homeph, optarg); break; case 'r': if (!may_change_field ('r')) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); exit (E_NOPERM); } rflg++; STRFCPY (roomno, optarg); break; case 'o': if (!amroot) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); exit (E_NOPERM); } oflg++; STRFCPY (slop, optarg); break; case 'w': if (!may_change_field ('w')) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); exit (E_NOPERM); } wflg++; STRFCPY (workph, optarg); break; default: usage (); } } /* * Get the name of the user to check. It is either the command line * name, or the name getlogin() returns. */ if (optind < argc) { user = argv[optind]; pw = getpwnam (user); if (!pw) { fprintf (stderr, _("%s: unknown user %s\n"), Prog, user); exit (E_NOPERM); } } else { pw = get_my_pwent (); if (!pw) { fprintf (stderr, _ ("%s: Cannot determine your user name.\n"), Prog); exit (E_NOPERM); } user = xstrdup (pw->pw_name); } #ifdef USE_NIS /* * Now we make sure this is a LOCAL password entry for this user ... */ if (__ispwNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: cannot change user `%s' on NIS client.\n"), Prog, user); if (!yp_get_default_domain (&nis_domain) && !yp_master (nis_domain, "passwd.byname", &nis_master)) { fprintf (stderr, _ ("%s: `%s' is the NIS master for this client.\n"), Prog, nis_master); } exit (E_NOPERM); } #endif /* * Non-privileged users are only allowed to change the gecos field * if the UID of the user matches the current real UID. */ if (!amroot && pw->pw_uid != getuid ()) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); closelog (); exit (E_NOPERM); } #ifdef WITH_SELINUX /* * If the UID of the user does not match the current real UID, * check if the change is allowed by SELinux policy. */ if ((pw->pw_uid != getuid ()) && (selinux_check_passwd_access (PASSWD__CHFN) != 0)) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); closelog (); exit (E_NOPERM); } #endif #ifndef USE_PAM /* * Non-privileged users are optionally authenticated (must enter the * password of the user whose information is being changed) before * any changes can be made. Idea from util-linux chfn/chsh. * --marekm */ if (!amroot && getdef_bool ("CHFN_AUTH")) passwd_check (pw->pw_name, pw->pw_passwd, "chfn"); #else /* !USE_PAM */ retval = PAM_SUCCESS; pampw = getpwuid (getuid ()); if (pampw == NULL) { retval = PAM_USER_UNKNOWN; } if (retval == PAM_SUCCESS) { retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh); } if (retval == PAM_SUCCESS) { retval = pam_authenticate (pamh, 0); if (retval != PAM_SUCCESS) { pam_end (pamh, retval); } } if (retval == PAM_SUCCESS) { retval = pam_acct_mgmt (pamh, 0); if (retval != PAM_SUCCESS) { pam_end (pamh, retval); } } if (retval != PAM_SUCCESS) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (E_NOPERM); } #endif /* USE_PAM */ /* * Now get the full name. It is the first comma separated field in * the GECOS field. */ STRFCPY (old_gecos, pw->pw_gecos); cp = copy_field (old_gecos, fflg ? (char *) 0 : fullnm, slop); /* * Now get the room number. It is the next comma separated field, * if there is indeed one. */ if (cp) cp = copy_field (cp, rflg ? (char *) 0 : roomno, slop); /* * Now get the work phone number. It is the third field. */ if (cp) cp = copy_field (cp, wflg ? (char *) 0 : workph, slop); /* * Now get the home phone number. It is the fourth field. */ if (cp) cp = copy_field (cp, hflg ? (char *) 0 : homeph, slop); /* * Anything left over is "slop". */ if (cp && !oflg) { if (slop[0]) strcat (slop, ","); strcat (slop, cp); } /* * If none of the fields were changed from the command line, let the * user interactively change them. */ if (!fflg && !rflg && !wflg && !hflg && !oflg) { printf (_("Changing the user information for %s\n"), user); new_fields (); } /* * Check all of the fields for valid information */ if (valid_field (fullnm, ":,=")) { fprintf (stderr, _("%s: invalid name: \"%s\"\n"), Prog, fullnm); closelog (); exit (E_NOPERM); } if (valid_field (roomno, ":,=")) { fprintf (stderr, _("%s: invalid room number: \"%s\"\n"), Prog, roomno); closelog (); exit (E_NOPERM); } if (valid_field (workph, ":,=")) { fprintf (stderr, _("%s: invalid work phone: \"%s\"\n"), Prog, workph); closelog (); exit (E_NOPERM); } if (valid_field (homeph, ":,=")) { fprintf (stderr, _("%s: invalid home phone: \"%s\"\n"), Prog, homeph); closelog (); exit (E_NOPERM); } if (valid_field (slop, ":")) { fprintf (stderr, _("%s: \"%s\" contains illegal characters\n"), Prog, slop); closelog (); exit (E_NOPERM); } /* * Build the new GECOS field by plastering all the pieces together, * if they will fit ... */ if (strlen (fullnm) + strlen (roomno) + strlen (workph) + strlen (homeph) + strlen (slop) > (unsigned int) 80) { fprintf (stderr, _("%s: fields too long\n"), Prog); closelog (); exit (E_NOPERM); } snprintf (new_gecos, sizeof new_gecos, "%s,%s,%s,%s%s%s", fullnm, roomno, workph, homeph, slop[0] ? "," : "", slop); /* * Before going any further, raise the ulimit to prevent colliding * into a lowered ulimit, and set the real UID to root to protect * against unexpected signals. Any keyboard signals are set to be * ignored. */ if (setuid (0)) { fprintf (stderr, _("Cannot change ID to root.\n")); SYSLOG ((LOG_ERR, "can't setuid(0)")); closelog (); exit (E_NOPERM); } pwd_init (); /* * The passwd entry is now ready to be committed back to the * password file. Get a lock on the file and open it. */ if (!pw_lock ()) { fprintf (stderr, _ ("Cannot lock the password file; try again later.\n")); SYSLOG ((LOG_WARN, "can't lock /etc/passwd")); closelog (); exit (E_NOPERM); } if (!pw_open (O_RDWR)) { fprintf (stderr, _("Cannot open the password file.\n")); pw_unlock (); SYSLOG ((LOG_ERR, "can't open /etc/passwd")); closelog (); exit (E_NOPERM); } /* * Get the entry to update using pw_locate() - we want the real one * from /etc/passwd, not the one from getpwnam() which could contain * the shadow password if (despite the warnings) someone enables * AUTOSHADOW (or SHADOW_COMPAT in libc). --marekm */ pw = pw_locate (user); if (!pw) { pw_unlock (); fprintf (stderr, _("%s: %s not found in /etc/passwd\n"), Prog, user); exit (E_NOPERM); } /* * Make a copy of the entry, then change the gecos field. The other * fields remain unchanged. */ pwent = *pw; pwent.pw_gecos = new_gecos; /* * Update the passwd file entry. If there is a DBM file, update that * entry as well. */ if (!pw_update (&pwent)) { fprintf (stderr, _("Error updating the password entry.\n")); pw_unlock (); SYSLOG ((LOG_ERR, "error updating passwd entry")); closelog (); exit (E_NOPERM); } /* * Changes have all been made, so commit them and unlock the file. */ if (!pw_close ()) { fprintf (stderr, _("Cannot commit password file changes.\n")); pw_unlock (); SYSLOG ((LOG_ERR, "can't rewrite /etc/passwd")); closelog (); exit (E_NOPERM); } if (!pw_unlock ()) { fprintf (stderr, _("Cannot unlock the password file.\n")); SYSLOG ((LOG_ERR, "can't unlock /etc/passwd")); closelog (); exit (E_NOPERM); } SYSLOG ((LOG_INFO, "changed user `%s' information", user)); nscd_flush_cache ("passwd"); #ifdef USE_PAM if (retval == PAM_SUCCESS) pam_end (pamh, PAM_SUCCESS); #endif /* USE_PAM */ closelog (); exit (E_SUCCESS); }
int main(int argc, char **argv) { char *cp; /* temporary character pointer */ const struct passwd *pw; /* password file entry */ struct passwd pwent; /* modified password file entry */ char old_gecos[BUFSIZ]; /* buffer for old GECOS fields */ char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */ int flag; /* flag currently being processed */ int fflg = 0; /* -f - set full name */ int rflg = 0; /* -r - set room number */ int wflg = 0; /* -w - set work phone number */ int hflg = 0; /* -h - set home phone number */ int oflg = 0; /* -o - set other information */ char *user; sanitize_env(); setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); /* * This command behaves different for root and non-root * users. */ amroot = (getuid () == 0); #ifdef NDBM pw_dbm_mode = O_RDWR; #endif /* * Get the program name. The program name is used as a * prefix to most error messages. It is also used as input * to the openlog() function for error logging. */ Prog = Basename(argv[0]); openlog("chfn", LOG_PID, LOG_AUTH); /* * The remaining arguments will be processed one by one and * executed by this command. The name is the last argument * if it does not begin with a "-", otherwise the name is * determined from the environment and must agree with the * real UID. Also, the UID will be checked for any commands * which are restricted to root only. */ while ((flag = getopt (argc, argv, "f:r:w:h:o:")) != EOF) { switch (flag) { case 'f': if (!may_change_field('f')) { fprintf(stderr, _("%s: Permission denied.\n"), Prog); exit(1); } fflg++; STRFCPY(fullnm, optarg); break; case 'r': if (!may_change_field('r')) { fprintf(stderr, _("%s: Permission denied.\n"), Prog); exit(1); } rflg++; STRFCPY(roomno, optarg); break; case 'w': if (!may_change_field('w')) { fprintf(stderr, _("%s: Permission denied.\n"), Prog); exit(1); } wflg++; STRFCPY(workph, optarg); break; case 'h': if (!may_change_field('h')) { fprintf(stderr, _("%s: Permission denied.\n"), Prog); exit(1); } hflg++; STRFCPY(homeph, optarg); break; case 'o': if (!amroot) { fprintf(stderr, _("%s: Permission denied.\n"), Prog); exit(1); } oflg++; STRFCPY(slop, optarg); break; default: usage(); } } /* * Get the name of the user to check. It is either * the command line name, or the name getlogin() * returns. */ if (optind < argc) { user = argv[optind]; pw = getpwnam(user); if (!pw) { fprintf(stderr, _("%s: Unknown user %s\n"), Prog, user); exit(1); } } else { pw = get_my_pwent(); if (!pw) { fprintf(stderr, _("%s: Cannot determine your user name.\n"), Prog); exit(1); } user = xstrdup(pw->pw_name); } #ifdef USE_NIS /* * Now we make sure this is a LOCAL password entry for * this user ... */ if (__ispwNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: cannot change user `%s' on NIS client.\n"), Prog, user); if (! yp_get_default_domain (&nis_domain) && ! yp_master (nis_domain, "passwd.byname", &nis_master)) { fprintf (stderr, _("%s: `%s' is the NIS master for this client.\n"), Prog, nis_master); } exit (1); } #endif /* * Non-privileged users are only allowed to change the * gecos field if the UID of the user matches the current * real UID. */ if (!amroot && pw->pw_uid != getuid()) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); closelog(); exit(1); } /* * Non-privileged users are optionally authenticated * (must enter the password of the user whose information * is being changed) before any changes can be made. * Idea from util-linux chfn/chsh. --marekm */ if (!amroot && getdef_bool("CHFN_AUTH")) passwd_check(pw->pw_name, pw->pw_passwd, "chfn"); /* * Now get the full name. It is the first comma separated field * in the GECOS field. */ STRFCPY(old_gecos, pw->pw_gecos); cp = copy_field (old_gecos, fflg ? (char *) 0:fullnm, slop); /* * Now get the room number. It is the next comma separated field, * if there is indeed one. */ if (cp) cp = copy_field (cp, rflg ? (char *) 0:roomno, slop); /* * Now get the work phone number. It is the third field. */ if (cp) cp = copy_field (cp, wflg ? (char *) 0:workph, slop); /* * Now get the home phone number. It is the fourth field. */ if (cp) cp = copy_field (cp, hflg ? (char *) 0:homeph, slop); /* * Anything left over is "slop". */ if (cp && !oflg) { if (slop[0]) strcat (slop, ","); strcat (slop, cp); } /* * If none of the fields were changed from the command line, * let the user interactively change them. */ if (!fflg && !rflg && !wflg && !hflg && !oflg) { printf(_("Changing the user information for %s\n"), user); new_fields(); } /* * Check all of the fields for valid information */ if (valid_field(fullnm, ":,=")) { fprintf(stderr, _("%s: invalid name: \"%s\"\n"), Prog, fullnm); closelog(); exit(1); } if (valid_field(roomno, ":,=")) { fprintf(stderr, _("%s: invalid room number: \"%s\"\n"), Prog, roomno); closelog(); exit(1); } if (valid_field(workph, ":,=")) { fprintf(stderr, _("%s: invalid work phone: \"%s\"\n"), Prog, workph); closelog(); exit(1); } if (valid_field (homeph, ":,=")) { fprintf(stderr, _("%s: invalid home phone: \"%s\"\n"), Prog, homeph); closelog(); exit(1); } if (valid_field(slop, ":")) { fprintf(stderr, _("%s: \"%s\" contains illegal characters\n"), Prog, slop); closelog(); exit(1); } /* * Build the new GECOS field by plastering all the pieces together, * if they will fit ... */ if (strlen(fullnm) + strlen(roomno) + strlen(workph) + strlen(homeph) + strlen(slop) > (unsigned int) 80) { fprintf(stderr, _("%s: fields too long\n"), Prog); closelog(); exit(1); } snprintf(new_gecos, sizeof new_gecos, "%s,%s,%s,%s%s%s", fullnm, roomno, workph, homeph, slop[0] ? "," : "", slop); /* * Before going any further, raise the ulimit to prevent * colliding into a lowered ulimit, and set the real UID * to root to protect against unexpected signals. Any * keyboard signals are set to be ignored. */ if (setuid(0)) { fprintf(stderr, _("Cannot change ID to root.\n")); SYSLOG((LOG_ERR, NOTROOT2)); closelog(); exit(1); } pwd_init(); /* * The passwd entry is now ready to be committed back to * the password file. Get a lock on the file and open it. */ if (!pw_lock()) { fprintf(stderr, _("Cannot lock the password file; try again later.\n")); SYSLOG((LOG_WARN, PWDBUSY2)); closelog(); exit(1); } if (!pw_open(O_RDWR)) { fprintf(stderr, _("Cannot open the password file.\n")); pw_unlock(); SYSLOG((LOG_ERR, OPNERROR2)); closelog(); exit(1); } /* * Get the entry to update using pw_locate() - we want the real * one from /etc/passwd, not the one from getpwnam() which could * contain the shadow password if (despite the warnings) someone * enables AUTOSHADOW (or SHADOW_COMPAT in libc). --marekm */ pw = pw_locate(user); if (!pw) { pw_unlock(); fprintf(stderr, _("%s: %s not found in /etc/passwd\n"), Prog, user); exit(1); } /* * Make a copy of the entry, then change the gecos field. The other * fields remain unchanged. */ pwent = *pw; pwent.pw_gecos = new_gecos; /* * Update the passwd file entry. If there is a DBM file, * update that entry as well. */ if (!pw_update(&pwent)) { fprintf(stderr, _("Error updating the password entry.\n")); pw_unlock(); SYSLOG((LOG_ERR, UPDERROR2)); closelog(); exit(1); } #ifdef NDBM if (pw_dbm_present() && !pw_dbm_update(&pwent)) { fprintf(stderr, _("Error updating the DBM password entry.\n")); pw_unlock (); SYSLOG((LOG_ERR, DBMERROR2)); closelog(); exit(1); } endpwent(); #endif /* * Changes have all been made, so commit them and unlock the * file. */ if (!pw_close()) { fprintf(stderr, _("Cannot commit password file changes.\n")); pw_unlock(); SYSLOG((LOG_ERR, CLSERROR2)); closelog(); exit(1); } if (!pw_unlock()) { fprintf(stderr, _("Cannot unlock the password file.\n")); SYSLOG((LOG_ERR, UNLKERROR2)); closelog(); exit(1); } SYSLOG((LOG_INFO, CHGGECOS, user)); closelog(); exit (0); }
/*ARGSUSED*/ int nis_put_printer(const ns_printer_t *printer) { static char *domain = NULL; char *map = "printers.conf.byname"; char *tmp = NULL; char *host = NULL; char lfile[BUFSIZ]; char rfile[BUFSIZ]; char cmd[BUFSIZ]; if (domain == NULL) (void) yp_get_default_domain(&domain); if ((yp_master(domain, (char *)map, &host) != 0) && (yp_master(domain, "passwd.byname", &host) != 0)) return (-1); if (snprintf(lfile, sizeof (lfile), "/tmp/%s", map) >= sizeof (lfile)) { syslog(LOG_ERR, "nis_put_printer:lfile buffer overflow"); return (-1); } if (snprintf(rfile, sizeof (rfile), "root@%s:/etc/%s", host, map) >= sizeof (rfile)) { syslog(LOG_ERR, "nis_put_printer:rfile buffer overflow"); return (-1); } if (((tmp = strrchr(rfile, '.')) != NULL) && (strcmp(tmp, ".byname") == 0)) *tmp = NULL; /* strip the .byname */ /* copy it local */ if (snprintf(cmd, sizeof (cmd), "rcp %s %s >/dev/null 2>&1", rfile, lfile) >= sizeof (cmd)) { syslog(LOG_ERR, "nis_put_printer:buffer overflow building cmd"); return (-1); } (void) system(cmd); /* could fail because it doesn't exist */ /* update it */ if (_file_put_printer(lfile, printer) != 0) return (-1); /* copy it back */ if (snprintf(cmd, sizeof (cmd), "rcp %s %s >/dev/null 2>&1", lfile, rfile) >= sizeof (cmd)) { syslog(LOG_ERR, "nis_put_printer:buffer overflow building cmd"); return (-1); } if (system(cmd) != 0) return (-1); /* copy the Makefile excerpt */ if (snprintf(cmd, sizeof (cmd), "rcp %s root@%s:%s.print >/dev/null 2>&1", MAKE_EXCERPT, host, NIS_MAKEFILE) >= sizeof (cmd)) { syslog(LOG_ERR, "nis_put_printer:buffer overflow building cmd"); return (-1); } if (system(cmd) != 0) return (-1); /* run the make */ if (snprintf(cmd, sizeof (cmd), "/bin/sh -c 'PATH=/usr/ccs/bin:/bin:/usr/bin:$PATH " "make -f %s -f %s.print printers.conf >/dev/null 2>&1'", NIS_MAKEFILE, NIS_MAKEFILE) >= sizeof (cmd)) { syslog(LOG_ERR, "nis_put_printer:buffer overflow on make"); return (-1); } return (remote_command(cmd, host)); }
int yp_update(char *domain, char *map, unsigned int ypop, char *key, int keylen, char *data, int datalen) { char *master; int rval; unsigned int res; struct ypupdate_args upargs; struct ypdelete_args delargs; CLIENT *clnt; char netname[MAXNETNAMELEN+1]; des_block des_key; struct timeval timeout; /* Get the master server name for 'domain.' */ if ((rval = yp_master(domain, map, &master))) return(rval); /* Check that ypupdated is running there. */ if (getrpcport(master, YPU_PROG, YPU_VERS, ypop)) return(YPERR_DOMAIN); /* Get a handle. */ if ((clnt = clnt_create(master, YPU_PROG, YPU_VERS, "tcp")) == NULL) return(YPERR_RPC); /* * Assemble netname of server. * NOTE: It's difficult to discern from the documentation, but * when you make a Secure RPC call, the netname you pass should * be the netname of the guy on the other side, not your own * netname. This is how the client side knows what public key * to use for the initial exchange. Passing your own netname * only works if the server on the other side is running under * your UID. */ if (!host2netname(netname, master, domain)) { clnt_destroy(clnt); return(YPERR_BADARGS); } /* Make up a DES session key. */ key_gendes(&des_key); /* Set up DES authentication. */ if ((clnt->cl_auth = (AUTH *)authdes_create(netname, WINDOW, NULL, &des_key)) == NULL) { clnt_destroy(clnt); return(YPERR_RESRC); } /* Set a timeout for clnt_call(). */ timeout.tv_usec = 0; timeout.tv_sec = TIMEOUT; /* * Make the call. Note that we use clnt_call() here rather than * the rpcgen-erated client stubs. We could use those stubs, but * then we'd have to do some gymnastics to get at the error * information to figure out what error code to send back to the * caller. With clnt_call(), we get the error status returned to * us right away, and we only have to exert a small amount of * extra effort. */ switch (ypop) { case YPOP_CHANGE: upargs.mapname = map; upargs.key.yp_buf_len = keylen; upargs.key.yp_buf_val = key; upargs.datum.yp_buf_len = datalen; upargs.datum.yp_buf_val = data; if ((rval = clnt_call(clnt, YPU_CHANGE, (xdrproc_t)xdr_ypupdate_args, &upargs, (xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) { if (rval == RPC_AUTHERROR) res = YPERR_ACCESS; else res = YPERR_RPC; } break; case YPOP_INSERT: upargs.mapname = map; upargs.key.yp_buf_len = keylen; upargs.key.yp_buf_val = key; upargs.datum.yp_buf_len = datalen; upargs.datum.yp_buf_val = data; if ((rval = clnt_call(clnt, YPU_INSERT, (xdrproc_t)xdr_ypupdate_args, &upargs, (xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) { if (rval == RPC_AUTHERROR) res = YPERR_ACCESS; else res = YPERR_RPC; } break; case YPOP_DELETE: delargs.mapname = map; delargs.key.yp_buf_len = keylen; delargs.key.yp_buf_val = key; if ((rval = clnt_call(clnt, YPU_DELETE, (xdrproc_t)xdr_ypdelete_args, &delargs, (xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) { if (rval == RPC_AUTHERROR) res = YPERR_ACCESS; else res = YPERR_RPC; } break; case YPOP_STORE: upargs.mapname = map; upargs.key.yp_buf_len = keylen; upargs.key.yp_buf_val = key; upargs.datum.yp_buf_len = datalen; upargs.datum.yp_buf_val = data; if ((rval = clnt_call(clnt, YPU_STORE, (xdrproc_t)xdr_ypupdate_args, &upargs, (xdrproc_t)xdr_u_int, &res, timeout)) != RPC_SUCCESS) { if (rval == RPC_AUTHERROR) res = YPERR_ACCESS; else res = YPERR_RPC; } break; default: res = YPERR_BADARGS; break; } /* All done: tear down the connection. */ auth_destroy(clnt->cl_auth); clnt_destroy(clnt); free(master); return(res); }
/* * main - userdel command */ int main (int argc, char **argv) { int errors = 0; /* Error in the removal of the home directory */ #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM pam_handle_t *pamh = NULL; int retval; #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ /* * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); OPENLOG ("userdel"); #ifdef WITH_AUDIT audit_help_open (); #endif /* WITH_AUDIT */ { /* * Parse the command line options. */ int c; static struct option long_options[] = { {"force", no_argument, NULL, 'f'}, {"help", no_argument, NULL, 'h'}, {"remove", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, #ifdef WITH_SELINUX {"selinux-user", no_argument, NULL, 'Z'}, #endif /* WITH_SELINUX */ {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX "fhrR:Z", #else /* !WITH_SELINUX */ "fhrR:", #endif /* !WITH_SELINUX */ long_options, NULL)) != -1) { switch (c) { case 'f': /* force remove even if not owned by user */ fflg = true; break; case 'h': usage (E_SUCCESS); break; case 'r': /* remove home dir and mailbox */ rflg = true; break; case 'R': /* no-op, handled in process_root_flag () */ break; #ifdef WITH_SELINUX case 'Z': if (is_selinux_enabled () > 0) { Zflg = true; } else { fprintf (stderr, _("%s: -Z requires SELinux enabled kernel\n"), Prog); exit (E_BAD_ARG); } break; #endif /* WITH_SELINUX */ default: usage (E_USAGE); } } } if ((optind + 1) != argc) { usage (E_USAGE); } #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM { struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (pampw == NULL) { fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); exit (E_PW_UPDATE); } retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); } if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); } if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM: %s\n"), Prog, pam_strerror (pamh, retval)); SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); if (NULL != pamh) { (void) pam_end (pamh, retval); } exit (E_PW_UPDATE); } (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ is_shadow_pwd = spw_file_present (); #ifdef SHADOWGRP is_shadow_grp = sgr_file_present (); #endif /* SHADOWGRP */ #ifdef ENABLE_SUBIDS is_sub_uid = sub_uid_file_present (); is_sub_gid = sub_gid_file_present (); #endif /* ENABLE_SUBIDS */ /* * Start with a quick check to see if the user exists. */ user_name = argv[argc - 1]; { struct passwd *pwd; pwd = getpwnam (user_name); /* local, no need for xgetpwnam */ if (NULL == pwd) { fprintf (stderr, _("%s: user '%s' does not exist\n"), Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "deleting user not found", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ exit (E_NOTFOUND); } user_id = pwd->pw_uid; user_gid = pwd->pw_gid; user_home = xstrdup (pwd->pw_dir); } #ifdef WITH_TCB if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) { exit (E_NOTFOUND); } #endif /* WITH_TCB */ #ifdef USE_NIS /* * Now make sure it isn't an NIS user. */ if (__ispwNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: user %s is a NIS user\n"), Prog, user_name); if ( !yp_get_default_domain (&nis_domain) && !yp_master (nis_domain, "passwd.byname", &nis_master)) { fprintf (stderr, _("%s: %s is the NIS master\n"), Prog, nis_master); } exit (E_NOTFOUND); } #endif /* USE_NIS */ /* * Check to make certain the user isn't logged in. * Note: This is a best effort basis. The user may log in between, * a cron job may be started on her behalf, etc. */ if (user_busy (user_name, user_id) != 0) { if (!fflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "deleting user logged in", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ exit (E_USER_BUSY); } } /* * Do the hard stuff - open the files, create the user entries, * create the home directory, then close and update the files. */ open_files (); update_user (); update_groups (); if (rflg) { errors += remove_mailbox (); } if (rflg) { int home_owned = is_owner (user_id, user_home); if (-1 == home_owned) { fprintf (stderr, _("%s: %s home directory (%s) not found\n"), Prog, user_name, user_home); rflg = 0; } else if ((0 == home_owned) && !fflg) { fprintf (stderr, _("%s: %s not owned by %s, not removing\n"), Prog, user_home, user_name); rflg = 0; errors++; /* continue */ } } #ifdef EXTRA_CHECK_HOME_DIR /* This may be slow, the above should be good enough. */ if (rflg && !fflg) { struct passwd *pwd; /* * For safety, refuse to remove the home directory if it * would result in removing some other user's home * directory. Still not perfect so be careful, but should * prevent accidents if someone has /home or / as home * directory... --marekm */ setpwent (); while ((pwd = getpwent ())) { if (strcmp (pwd->pw_name, user_name) == 0) { continue; } if (path_prefix (user_home, pwd->pw_dir)) { fprintf (stderr, _("%s: not removing directory %s (would remove home of user %s)\n"), Prog, user_home, pwd->pw_name); rflg = false; errors++; /* continue */ break; } } endpwent (); } #endif /* EXTRA_CHECK_HOME_DIR */ if (rflg) { if (remove_tree (user_home, true) != 0) { fprintf (stderr, _("%s: error removing directory %s\n"), Prog, user_home); errors++; /* continue */ } #ifdef WITH_AUDIT else { audit_logger (AUDIT_DEL_USER, Prog, "deleting home directory", user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } #endif /* WITH_AUDIT */ } #ifdef WITH_AUDIT if (0 != errors) { audit_logger (AUDIT_DEL_USER, Prog, "deleting home directory", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); } #endif /* WITH_AUDIT */ #ifdef WITH_SELINUX if (Zflg) { if (del_seuser (user_name) != 0) { fprintf (stderr, _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, "removing SELinux user mapping", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SE_UPDATE); } } #endif /* WITH_SELINUX */ /* * Cancel any crontabs or at jobs. Have to do this before we remove * the entry from /etc/passwd. */ user_cancel (user_name); close_files (); #ifdef WITH_TCB errors += remove_tcbdir (user_name, user_id); #endif /* WITH_TCB */ nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); return ((0 != errors) ? E_HOMEDIR : E_SUCCESS); }
int main(int argc, char *argv[]) { int cflag = 0, fflag = 0, Cflag = 0; char *domain, *host = NULL, *srcdomain = NULL; char *tid = NULL, *prog = NULL, *ipadd = NULL; char *port = NULL, *map = NULL; int status, xfr_status, ch, srvport; u_int32_t ordernum, new_ordernum; struct ypall_callback callback; CLIENT *client = NULL; extern char *optarg; yp_get_default_domain(&domain); while ((ch = getopt(argc, argv, "cd:fh:s:C:")) != -1) switch (ch) { case 'c': cflag++; break; case 'd': if (strchr(optarg, '/')) /* Ha ha, we are not listening */ break; domain = optarg; break; case 'f': fflag++; break; case 'h': host = optarg; break; case 's': if (strchr(optarg, '/')) /* Ha ha, we are not listening */ break; srcdomain = optarg; break; case 'C': if (optind + 3 >= argc) usage(); Cflag++; tid = optarg; prog = argv[optind++]; ipadd = argv[optind++]; port = argv[optind++]; break; default: usage(); break; } status = YPPUSH_SUCC; if (optind + 1 != argc) usage(); map = argv[optind]; if (status > 0) { ypopenlog(); yplog("ypxfr: Arguments:"); yplog("YP clear to local: %s", (cflag) ? "no" : "yes"); yplog(" Force transfer: %s", (fflag) ? "yes" : "no"); yplog(" domain: %s", domain); yplog(" host: %s", host); yplog(" source domain: %s", srcdomain); yplog(" transid: %s", tid); yplog(" prog: %s", prog); yplog(" port: %s", port); yplog(" ipadd: %s", ipadd); yplog(" map: %s", map); if (fflag != 0) { ordernum = 0; } else { status = get_local_ordernum(domain, map, &ordernum); } } if (status > 0) { yplog("Get Master"); if (host == NULL) { if (srcdomain == NULL) { status = yp_master(domain, map, &host); } else { status = yp_master(srcdomain, map, &host); } if (status == 0) { status = YPPUSH_SUCC; } else { status = -status; } } } /* XXX this is raceable if portmap has holes! */ if (status > 0) { yplog("Check for reserved port on host: %s", host); srvport = getrpcport(host, YPPROG, YPVERS, IPPROTO_TCP); if (srvport >= IPPORT_RESERVED) status = YPPUSH_REFUSED; } if (status > 0) { yplog("Connect host: %s", host); client = yp_bind_host(host, YPPROG, YPVERS, 0, 1); status = get_remote_ordernum(client, domain, map, ordernum, &new_ordernum); } if (status == YPPUSH_SUCC) { char tmpmapname[MAXPATHLEN]; int fd; /* Create temporary db */ snprintf(tmpmapname, sizeof tmpmapname, "%s/%s/ypdbXXXXXXXXXX", YP_DB_PATH, domain); fd = mkstemp(tmpmapname); if (fd == -1) status = YPPUSH_DBM; else close(fd); if (status > 0) { db = create_db(domain, map, tmpmapname); if (db == NULL) status = YPPUSH_DBM; } /* Add ORDER */ if (status > 0) status = add_order(db, new_ordernum); /* Add MASTER */ if (status > 0) status = add_master(client, domain, map, db); /* Add INTERDOMAIN */ if (status > 0) status = add_interdomain(client, domain, map, db); /* Add SECURE */ if (status > 0) status = add_secure(client, domain, map, db); if (status > 0) { callback.foreach = ypxfr_foreach; status = get_map(client, domain, map, &callback); } /* Close db */ if (db != NULL) ypdb_close(db); /* Rename db */ if (status > 0) { status = install_db(domain, map, tmpmapname); } else { unlink(tmpmapname); status = YPPUSH_SUCC; } } xfr_status = status; if (client != NULL) clnt_destroy(client); /* YP_CLEAR */ if (!cflag) { client = yp_bind_local(YPPROG, YPVERS); status = send_clear(client); clnt_destroy(client); } if (Cflag > 0) { /* Send Response */ client = yp_bind_host(ipadd, atoi(prog), 1, atoi(port), 0); status = send_reply(client, xfr_status, atoi(tid)); clnt_destroy(client); } return (0); }
int main(int argc, char **argv) { struct passwd *pwd; int arg; int errors = 0; /* * Get my name so that I can use it to report errors. */ Prog = Basename(argv[0]); setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); openlog(Prog, LOG_PID|LOG_CONS|LOG_NOWAIT, LOG_AUTH); #ifdef SHADOWPWD is_shadow_pwd = spw_file_present(); #endif #ifdef SHADOWGRP is_shadow_grp = sgr_file_present(); #endif /* * The open routines for the DBM files don't use read-write * as the mode, so we have to clue them in. */ #ifdef NDBM pw_dbm_mode = O_RDWR; #ifdef SHADOWPWD sp_dbm_mode = O_RDWR; #endif gr_dbm_mode = O_RDWR; #ifdef SHADOWGRP sg_dbm_mode = O_RDWR; #endif #endif while ((arg = getopt (argc, argv, "fr")) != EOF) { switch (arg) { case 'f': /* force remove even if not owned by user */ fflg++; break; case 'r': /* remove home dir and mailbox */ rflg++; break; default: usage(); } } if (optind + 1 != argc) usage (); /* * Start with a quick check to see if the user exists. */ user_name = argv[argc - 1]; if (! (pwd = getpwnam (user_name))) { fprintf(stderr, _("%s: user %s does not exist\n"), Prog, user_name); exit(E_NOTFOUND); } #ifdef USE_NIS /* * Now make sure it isn't an NIS user. */ if (__ispwNIS ()) { char *nis_domain; char *nis_master; fprintf(stderr, _("%s: user %s is a NIS user\n"), Prog, user_name); if (! yp_get_default_domain (&nis_domain) && ! yp_master (nis_domain, "passwd.byname", &nis_master)) { fprintf(stderr, _("%s: %s is the NIS master\n"), Prog, nis_master); } exit(E_NOTFOUND); } #endif user_id = pwd->pw_uid; user_home = xstrdup(pwd->pw_dir); /* * Check to make certain the user isn't logged in. */ user_busy (user_name, user_id); /* * Do the hard stuff - open the files, create the user entries, * create the home directory, then close and update the files. */ open_files (); update_user (); update_groups (); #ifndef NO_REMOVE_MAILBOX if (rflg) remove_mailbox(); #endif if (rflg && !fflg && !is_owner(user_id, user_home)) { fprintf(stderr, _("%s: %s not owned by %s, not removing\n"), Prog, user_home, user_name); rflg = 0; errors++; } /* This may be slow, the above should be good enough. */ #ifdef EXTRA_CHECK_HOME_DIR if (rflg && !fflg) { /* * For safety, refuse to remove the home directory * if it would result in removing some other user's * home directory. Still not perfect so be careful, * but should prevent accidents if someone has /home * or / as home directory... --marekm */ setpwent(); while ((pwd = getpwent())) { if (strcmp(pwd->pw_name, user_name) == 0) continue; if (path_prefix(user_home, pwd->pw_dir)) { fprintf(stderr, _("%s: not removing directory %s (would remove home of user %s)\n"), Prog, user_home, pwd->pw_name); rflg = 0; errors++; break; } } } #endif if (rflg) { if (remove_tree(user_home) || rmdir(user_home)) { fprintf(stderr, _("%s: error removing directory %s\n"), Prog, user_home); errors++; } } /* * Cancel any crontabs or at jobs. Have to do this before we * remove the entry from /etc/passwd. */ user_cancel(user_name); close_files (); exit(errors ? E_HOMEDIR : E_SUCCESS); /*NOTREACHED*/ }
void pwyp_process(const char *username, int argc, char **argv) { char *master; int ch, r, rpcport, status; enum clnt_stat yr; struct yppasswd ypp; struct passwd pwb, pwb2, *pw; char pwbuf[1024]; struct timeval tv; CLIENT *client; while ((ch = getopt(argc, argv, "y")) != -1) { switch (ch) { case 'y': /* * Abosrb the -y that may have gotten us here. */ break; default: usage(); /* NOTREACHED */ } } argc -= optind; argv += optind; switch (argc) { case 0: /* username already provided */ break; case 1: username = argv[0]; break; default: usage(); /*NOTREACHED*/ } if (_yp_check(NULL) == 0) { /* can't use YP. */ errx(EXIT_FAILURE, "NIS not in use."); } uid = getuid(); /* * Get local domain */ if ((r = yp_get_default_domain(&domain)) != 0) errx(EXIT_FAILURE, "Can't get local NIS domain (%s)", yperr_string(r)); /* * Find the host for the passwd map; it should be running * the daemon. */ if ((r = yp_master(domain, "passwd.byname", &master)) != 0) errx(EXIT_FAILURE, "Can't find the master NIS server (%s)", yperr_string(r)); /* * Ask the portmapper for the port of the daemon. */ if ((rpcport = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) errx(EXIT_FAILURE, "Master NIS server not running yppasswd " "daemon"); /* * Be sure the port is privileged */ if (rpcport >= IPPORT_RESERVED) errx(EXIT_FAILURE, "Yppasswd daemon is on an invalid port"); /* Bail out if this is a local (non-yp) user, */ /* then get user's login identity */ if (!ypgetpwnam(username, &pwb) || getpwnam_r(username, &pwb2, pwbuf, sizeof(pwbuf), &pw) || pw == NULL) errx(EXIT_FAILURE, "NIS unknown user %s", username); if (uid && uid != pwb.pw_uid) { errno = EACCES; err(EXIT_FAILURE, "You may only change your own password"); } makeypp(&ypp, &pwb); client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); if (client == NULL) errx(EXIT_FAILURE, "Cannot contact yppasswdd on %s (%s)", master, yperr_string(YPERR_YPBIND)); client->cl_auth = authunix_create_default(); tv.tv_sec = 2; tv.tv_usec = 0; yr = clnt_call(client, YPPASSWDPROC_UPDATE, xdr_yppasswd, &ypp, xdr_int, &status, tv); if (yr != RPC_SUCCESS) errx(EXIT_FAILURE, "RPC to yppasswdd failed (%s)", clnt_sperrno(yr)); else if (status) printf("Couldn't change NIS password.\n"); else printf("The NIS password has been changed on %s, %s\n", master, "the master NIS passwd server."); }
int main(int argc, char *argv[]) { struct ypall_callback ypcb; extern char *optarg; extern int optind; char *domain, *map, *hostname; int c, r, i; char *ypmap = "ypservers"; CLIENT *client; static char map_path[MAXPATHLEN]; struct stat finfo; DBM *yp_databas; char order_key[YP_LAST_LEN] = YP_LAST_KEY; datum o; yp_get_default_domain(&domain); hostname = NULL; while ((c=getopt(argc, argv, "d:h:v")) != -1) switch (c) { case 'd': domain = optarg; break; case 'h': hostname = optarg; break; case 'v': Verbose = 1; break; default: usage(); /*NOTREACHED*/ } if (optind + 1 != argc ) usage(); map = argv[optind]; strncpy(Domain, domain, sizeof(Domain)-1); Domain[sizeof(Domain)-1] = '\0'; strncpy(Map, map, sizeof(Map)-1); Map[sizeof(Map)-1] = '\0'; /* Check domain */ snprintf(map_path, sizeof map_path, "%s/%s", YP_DB_PATH, domain); if (!((stat(map_path, &finfo) == 0) && S_ISDIR(finfo.st_mode))) { fprintf(stderr, "yppush: Map does not exist.\n"); exit(1); } /* Check map */ snprintf(map_path, sizeof map_path, "%s/%s/%s%s", YP_DB_PATH, domain, Map, YPDB_SUFFIX); if (!(stat(map_path, &finfo) == 0)) { fprintf(stderr, "yppush: Map does not exist.\n"); exit(1); } snprintf(map_path, sizeof map_path, "%s/%s/%s", YP_DB_PATH, domain, Map); yp_databas = ypdb_open(map_path, 0, O_RDONLY); OrderNum=0xffffffff; if (yp_databas == 0) { fprintf(stderr, "yppush: %s%s: Cannot open database\n", map_path, YPDB_SUFFIX); } else { o.dptr = (char *) &order_key; o.dsize = YP_LAST_LEN; o = ypdb_fetch(yp_databas, o); if (o.dptr == NULL) { fprintf(stderr, "yppush: %s: Cannot determine order number\n", Map); } else { OrderNum=0; for (i=0; i<o.dsize-1; i++) { if (!isdigit(o.dptr[i])) OrderNum=0xffffffff; } if (OrderNum != 0) { fprintf(stderr, "yppush: %s: Invalid order number '%s'\n", Map, o.dptr); } else { OrderNum = atoi(o.dptr); } } } yp_bind(Domain); r = yp_master(Domain, ypmap, &master); if (r != 0) { fprintf(stderr, "yppush: could not get ypservers map\n"); exit(1); } if (hostname != NULL) { push(strlen(hostname), hostname); } else { if (Verbose) { printf("Contacting master for ypservers (%s).\n", master); } client = yp_bind_host(master, YPPROG, YPVERS, 0, 1); ypcb.foreach = pushit; ypcb.data = NULL; r = yp_all_host(client, Domain, ypmap, &ypcb); } exit(0); }
int main (int argc, char **argv) { #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM pam_handle_t *pamh = NULL; int retval; #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ #ifdef WITH_AUDIT audit_help_open (); #endif atexit (do_cleanups); /* * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); if (argc != 2) { usage (); } group_name = argv[1]; OPENLOG ("groupdel"); #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM { struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (pampw == NULL) { fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); exit (1); } retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); } if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); } if (NULL != pamh) { (void) pam_end (pamh, retval); } if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (1); } #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ #ifdef SHADOWGRP is_shadow_grp = sgr_file_present (); #endif { struct group *grp; /* * Start with a quick check to see if the group exists. */ grp = getgrnam (group_name); /* local, no need for xgetgrnam */ if (NULL == grp) { fprintf (stderr, _("%s: group '%s' does not exist\n"), Prog, group_name); exit (E_NOTFOUND); } group_id = grp->gr_gid; } #ifdef USE_NIS /* * Make sure this isn't a NIS group */ if (__isgrNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: group '%s' is a NIS group\n"), Prog, group_name); if (!yp_get_default_domain (&nis_domain) && !yp_master (nis_domain, "group.byname", &nis_master)) { fprintf (stderr, _("%s: %s is the NIS master\n"), Prog, nis_master); } exit (E_NOTFOUND); } #endif /* * Make sure this isn't the primary group of anyone. */ group_busy (group_id); /* * Do the hard stuff - open the files, delete the group entries, * then close and update the files. */ open_files (); grp_update (); close_files (); nscd_flush_cache ("group"); return E_SUCCESS; }
int _updateoldyp( const char *action, const char *printername, const char *printserver, const char *extensions, const char *comment, const char *isdefault) { ns_printer_t *printer; ns_bsd_addr_t *addr; int status = 0; char mkcmd[BUFSIZ]; char *domain = NULL; char *host = NULL; /* * libprint returns before we know that the printers.conf * map is made. So we'll make it again. */ (void) yp_get_default_domain(&domain); if ((yp_master(domain, "printers.conf.byname", &host) != 0) && (yp_master(domain, "passwd.byname", &host) != 0)) { strcpy(mkcmd, "/usr/bin/sleep 1"); } else { sprintf(mkcmd, "/usr/bin/rsh -n %s 'cd /var/yp; " "/usr/ccs/bin/make -f /var/yp/Makefile " "-f /var/yp/Makefile.print printers.conf " "> /dev/null'", host); } if (strcmp(action, "delete") == 0) { if ((printer = (ns_printer_t *) ns_printer_get_name(printername, "nis")) == NULL) { return (0); } printer->attributes = NULL; status = ns_printer_put(printer); if (status != 0) { (void) free(printer); return (status); } if ((printer = (ns_printer_t *) ns_printer_get_name("_default", "nis")) != NULL) { char *dflt = (char *) ns_get_value_string("use", printer); if ((dflt != NULL) && (strcmp(dflt, printername) == 0)) { printer->attributes = NULL; status = ns_printer_put(printer); if (status != 0) { (void) free(printer); return (status); } } } (void) free(printer); (void) system(mkcmd); return (0); } else if (strcmp(action, "add") == 0) { printer = (ns_printer_t *)malloc(sizeof (*printer)); memset(printer, 0, sizeof (*printer)); printer->name = (char *)printername; printer->source = "nis"; addr = (ns_bsd_addr_t *)malloc(sizeof (*addr)); memset(addr, 0, sizeof (*addr)); addr->printer = (char *)printername; addr->server = (char *)printserver; if ((extensions != NULL) && (strlen(extensions) > 0)) { addr->extension = (char *)extensions; } ns_set_value("bsdaddr", addr, printer); if ((comment != NULL) && (strlen(comment) > 0)) { ns_set_value_from_string("description", comment, printer); } status = ns_printer_put(printer); if (status != 0) { (void) free(addr); (void) free(printer); return (status); } if (strcmp(isdefault, "true") == 0) { printer->name = "_default"; printer->attributes = NULL; ns_set_value_from_string("use", printername, printer); status = ns_printer_put(printer); if (status != 0) { (void) free(addr); (void) free(printer); return (status); } } (void) free(addr); (void) free(printer); (void) system(mkcmd); return (0); } /* * Modify */ if ((printer = (ns_printer_t *) ns_printer_get_name(printername, "nis")) == NULL) { return (1); } if ((comment != NULL) && (strlen(comment) > 0)) { ns_set_value_from_string("description", comment, printer); } else { ns_set_value_from_string("description", NULL, printer); } status = ns_printer_put(printer); if (status != 0) { (void) free(printer); return (status); } if ((printer = (ns_printer_t *) ns_printer_get_name("_default", "nis")) != NULL) { char *dflt = (char *)ns_get_value_string("use", printer); if (strcmp(printername, dflt) == 0) { if (strcmp(isdefault, "false") == 0) { /* * We were the default printer but not * any more. */ printer->attributes = NULL; status = ns_printer_put(printer); if (status != 0) { (void) free(printer); return (status); } } } else { if (strcmp(isdefault, "true") == 0) { ns_set_value_from_string("use", printername, printer); status = ns_printer_put(printer); if (status != 0) { (void) free(printer); return (status); } } } } else { printer = (ns_printer_t *)malloc(sizeof (*printer)); memset(printer, 0, sizeof (*printer)); printer->name = "_default"; printer->source = "nis"; ns_set_value_from_string("use", printername, printer); status = ns_printer_put(printer); if (status != 0) { (void) free(printer); return (status); } } (void) system(mkcmd); return (0); }