Date: Wed, 16 Apr 2003 13:31:47 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Glenn Johnson <glenn@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: can not change NIS password Message-ID: <20030416183147.GB7923@dan.emsphone.com> In-Reply-To: <20030416172105.GA73206@node1.cluster.srrc.usda.gov> References: <20030416172105.GA73206@node1.cluster.srrc.usda.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
--BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In the last episode (Apr 16), Glenn Johnson said: > User passwords can not be changed if they are served by NIS with > -current: > > FreeBSD 5.0-CURRENT #3: Tue Apr 15 11:30:59 CDT 2003 root@node1.cluster.srrc.usda.gov:/usr/obj/usr/src/sys/CLUSTER-FW > > When trying to change a password I get the following: > > Apr 16 12:16:38 node1 passwd: in pam_sm_chauthtok(): yppasswd_remote(): NIS password update failed > > If I place account information into /etc/master.passwd instead of the > NIS master.passwd, then I can successfully change the password. Try the attached patch; I really need to send-pr this :) The current code assumes you always export /etc/master.passwd. There is still a bug in there somewhere that prevents you from changing an NIS password when logged into the NIS master itself, but at least there's a workaround for that (log into a client to change the password). -- Dan Nelson dnelson@allantgroup.com --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="yppasswdd.diff" Index: yppasswdd_server.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/rpc.yppasswdd/yppasswdd_server.c,v retrieving revision 1.26 diff -p -u -r1.26 yppasswdd_server.c --- yppasswdd_server.c 15 May 2002 09:20:06 -0000 1.26 +++ yppasswdd_server.c 13 Dec 2002 19:43:11 -0000 @@ -450,6 +450,7 @@ yppasswdproc_update_1_svc(yppasswd *argp char *oldgecos = NULL; char *passfile_hold; char passfile_buf[MAXPATHLEN + 2]; + char passfile_hold_buf[MAXPATHLEN + 2]; char *domain = yppasswd_domain; static struct sockaddr_in clntaddr; static struct timeval t_saved, t_test; @@ -574,32 +575,64 @@ yppasswdproc_update_1_svc(yppasswd *argp passfile = (char *)&passfile_buf; } + /* Create a filename to hold the original master.passwd so if our call + to yppwupdate fails we can roll back */ + snprintf(passfile_hold_buf, sizeof(passfile_hold_buf), "%s.hold", passfile); + passfile_hold = (char *)&passfile_hold_buf; + /* Step 5: make a new password file with the updated info. */ + yp_error("calling pw_init(%s)",passfile); if (pw_init(dirname(passfile), passfile)) { yp_error("pw_init() failed"); return &result; } + yp_error("calling pw_lock()"); if ((pfd = pw_lock()) == -1) { pw_fini(); yp_error("pw_lock() failed"); return &result; } + yp_error("calling pw_tmp(-1)"); if ((tfd = pw_tmp(-1)) == -1) { pw_fini(); yp_error("pw_tmp() failed"); return &result; } + + yp_error("calling pw_copy()"); if (pw_copy(pfd, tfd, &yp_password, NULL) == -1) { pw_fini(); yp_error("pw_copy() failed"); return &result; } - if (pw_mkdb(yp_password.pw_name) == -1) { + if (rename(passfile, passfile_hold) == -1) { pw_fini(); - yp_error("pw_mkdb() failed"); + yp_error("rename of %s to %s failed", passfile, passfile_hold); return &result; } + if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) { + /* NIS server is exporting the system's master.passwd. */ + /* Call pw_mkdb to rebuild passwd and the .db files */ + yp_error("calling pw_mkdb(%s)",yp_password.pw_name); + if (pw_mkdb(yp_password.pw_name) == -1) { + pw_fini(); + yp_error("pw_mkdb() failed"); + rename(passfile_hold, passfile); + return &result; + } + } else + { + /* NIS server is exporting a private master.passwd. */ + /* Rename tempfile into final location */ + if (rename(pw_tempname(), passfile) == -1) { + pw_fini(); + yp_error("rename of %s to %s failed", pw_tempname(), passfile); + rename(passfile_hold, passfile); + return &result; + } + } + yp_error("calling pw_fini()"); pw_fini(); if (inplace) { @@ -630,14 +663,16 @@ yppasswdproc_update_1_svc(yppasswd *argp return(&result); break; default: + yp_error("removing backup passwd file %s", passfile_hold); unlink(passfile_hold); break; } if (verbose) { - yp_error("update completed for user %s (uid %d):", + yp_error("update completed for user %s (uid %d) in %s:", argp->newpw.pw_name, - argp->newpw.pw_uid); + argp->newpw.pw_uid, + passfile); if (passwd_changed) yp_error("password changed"); @@ -679,7 +714,7 @@ yppasswdproc_update_master_1_svc(master_ transp = rqstp->rq_xprt; /* - * NO AF_INET CONNETCIONS ALLOWED! + * NO AF_INET CONNECTIONS ALLOWED! */ rqhost = svc_getcaller(transp); if (rqhost->sin_family != AF_UNIX) { @@ -782,10 +817,12 @@ allow additions to be made to the passwo yp_error("pw_copy() failed"); return &result; } - if (pw_mkdb(argp->newpw.pw_name) == -1) { - pw_fini(); - yp_error("pw_mkdb() failed"); - return &result; + if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) { + if (pw_mkdb(argp->newpw.pw_name) == -1) { + pw_fini(); + yp_error("pw_mkdb() failed"); + return &result; + } } pw_fini(); --BXVAT5kNtrzKuDFl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030416183147.GB7923>