From owner-freebsd-questions  Tue Mar 18  8:44: 5 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 17BDB37B404
	for <freebsd-questions@FreeBSD.ORG>; Tue, 18 Mar 2003 08:44:00 -0800 (PST)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 20FCA43FAF
	for <freebsd-questions@FreeBSD.ORG>; Tue, 18 Mar 2003 08:43:59 -0800 (PST)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.12.7/8.12.7) id h2IGhwcD074081;
	Tue, 18 Mar 2003 10:43:58 -0600 (CST)
	(envelope-from dan)
Date: Tue, 18 Mar 2003 10:43:58 -0600
From: Dan Nelson <dnelson@allantgroup.com>
To: Robert Kellner <kellner.robert@gmx.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: noone can change password with yppasswd
Message-ID: <20030318164358.GB2054@dan.emsphone.com>
References: <20030318172040.3491700f.kellner.robert@gmx.net>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
In-Reply-To: <20030318172040.3491700f.kellner.robert@gmx.net>
X-OS: FreeBSD 5.0-CURRENT
X-message-flag: Outlook Error
User-Agent: Mutt/1.5.3i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

In the last episode (Mar 18), Robert Kellner said:
> I have a problem with passwords on FreeBSD 5.0: I am using NIS, but
> neither root, nor the users can change their nis passwords with
> yppasswd. Root is asked for the old password and when trying to set a
> new one it fails. If a user tries to change his password, this will
> not succeed either.
> 
> here are some loggings:
> root tries to change a password:
> 
> Changing NIS password for testuser
> Old Password:
> New Password:
> Retype New Password:
> yppasswd: pam_chauthtok(): error in service module
> 
> from /var/log/messages:
> Mar 18 16:15:30 server yppasswd: in pam_sm_chauthtok(): yppasswd_local(): failed to connect to rpc.yppasswdd: server.mydomain.com: RPC: Program not registered

I get this too;  trying to change the password as a regular user from
the NIS server fails with the same error.  I have no workaround for
this.
 
> a user tries to change a password:
> 
> Changing NIS account information for testuser on server.mydomain.com.
> Changing NIS password for testuser on server.mydomain.com.
> Please enter new password:
> Please retype new password:
> Error while changing the NIS password.
> The NIS password has not been changed on server.mydomain.com.
> 
> and from /var/logmessages:
> Mar 18 16:17:24 btcips73x1 rpc.yppasswdd[2320]: pw_mkdb() failed

Are you exporting /etc/master.passwd via NIS, or are you exporting
/var/yp/master.passwd?  There are a couple bugs in rpc.yppasswdd when
you are not exporting /etc/master.passwd.  Try the attached patch and
see if it helps.  Make backups of /etc/master.passwd and
/var/yp/master.passwd just in case :)

-- 
	Dan Nelson
	dnelson@allantgroup.com

--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="yppasswdd.diff"

Index: yppasswdd_server.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/rpc.yppasswdd/yppasswdd_server.c,v
retrieving revision 1.26
diff -u -p -r1.26 yppasswdd_server.c
--- yppasswdd_server.c	15 May 2002 09:20:06 -0000	1.26
+++ yppasswdd_server.c	13 Dec 2002 19:43:11 -0000
@@ -450,6 +450,7 @@ yppasswdproc_update_1_svc(yppasswd *argp
 	char *oldgecos = NULL;
 	char *passfile_hold;
 	char passfile_buf[MAXPATHLEN + 2];
+	char passfile_hold_buf[MAXPATHLEN + 2];
 	char *domain = yppasswd_domain;
 	static struct sockaddr_in clntaddr;
 	static struct timeval t_saved, t_test;
@@ -574,32 +575,64 @@ yppasswdproc_update_1_svc(yppasswd *argp
 		passfile = (char *)&passfile_buf;
 	}
 
+	/* Create a filename to hold the original master.passwd so if our call
+	   to yppwupdate fails we can roll back */
+	snprintf(passfile_hold_buf, sizeof(passfile_hold_buf), "%s.hold", passfile);
+	passfile_hold = (char *)&passfile_hold_buf;
+
 	/* Step 5: make a new password file with the updated info. */
 
+	yp_error("calling pw_init(%s)",passfile);
 	if (pw_init(dirname(passfile), passfile)) {
 		yp_error("pw_init() failed");
 		return &result;
 	}
+	yp_error("calling pw_lock()");
 	if ((pfd = pw_lock()) == -1) {
 		pw_fini();
 		yp_error("pw_lock() failed");
 		return &result;
 	}
+	yp_error("calling pw_tmp(-1)");
 	if ((tfd = pw_tmp(-1)) == -1) {
 		pw_fini();
 		yp_error("pw_tmp() failed");
 		return &result;
 	}
+
+	yp_error("calling pw_copy()");
 	if (pw_copy(pfd, tfd, &yp_password, NULL) == -1) {
 		pw_fini();
 		yp_error("pw_copy() failed");
 		return &result;
 	}
-	if (pw_mkdb(yp_password.pw_name) == -1) {
+	if (rename(passfile, passfile_hold) == -1) {
 		pw_fini();
-		yp_error("pw_mkdb() failed");
+		yp_error("rename of %s to %s failed", passfile, passfile_hold);
 		return &result;
 	}
+	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) { 
+		/* NIS server is exporting the system's master.passwd. */
+		/* Call pw_mkdb to rebuild passwd and the .db files */
+		yp_error("calling pw_mkdb(%s)",yp_password.pw_name);
+		if (pw_mkdb(yp_password.pw_name) == -1) {
+			pw_fini();
+			yp_error("pw_mkdb() failed");
+			rename(passfile_hold, passfile);
+			return &result;
+		}
+	} else
+	{
+		/* NIS server is exporting a private master.passwd. */
+		/* Rename tempfile into final location */
+		if (rename(pw_tempname(), passfile) == -1) {
+			pw_fini();
+			yp_error("rename of %s to %s failed", pw_tempname(), passfile);
+			rename(passfile_hold, passfile);
+			return &result;
+		}
+	}
+	yp_error("calling pw_fini()");
 	pw_fini();
 
 	if (inplace) {
@@ -630,14 +663,16 @@ yppasswdproc_update_1_svc(yppasswd *argp
 		return(&result);
 		break;
 	default:
+		yp_error("removing backup passwd file %s", passfile_hold);
 		unlink(passfile_hold);
 		break;
 	}
 
 	if (verbose) {
-		yp_error("update completed for user %s (uid %d):",
+		yp_error("update completed for user %s (uid %d) in %s:",
 						argp->newpw.pw_name,
-						argp->newpw.pw_uid);
+						argp->newpw.pw_uid,
+						passfile);
 
 		if (passwd_changed)
 			yp_error("password changed");
@@ -679,7 +714,7 @@ yppasswdproc_update_master_1_svc(master_
 	transp = rqstp->rq_xprt;
 
 	/*
-	 * NO AF_INET CONNETCIONS ALLOWED!
+	 * NO AF_INET CONNECTIONS ALLOWED!
 	 */
 	rqhost = svc_getcaller(transp);
 	if (rqhost->sin_family != AF_UNIX) {
@@ -782,10 +817,12 @@ allow additions to be made to the passwo
 		yp_error("pw_copy() failed");
 		return &result;
 	}
-	if (pw_mkdb(argp->newpw.pw_name) == -1) {
-		pw_fini();
-		yp_error("pw_mkdb() failed");
-		return &result;
+	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
+		if (pw_mkdb(argp->newpw.pw_name) == -1) {
+			pw_fini();
+			yp_error("pw_mkdb() failed");
+			return &result;
+		}
 	}
 	pw_fini();
 

--45Z9DzgjV8m4Oswq--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message