From owner-freebsd-current@FreeBSD.ORG Wed Apr 16 11:31:49 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FD0137B401; Wed, 16 Apr 2003 11:31:49 -0700 (PDT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90B7243F75; Wed, 16 Apr 2003 11:31:48 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.9/8.12.9) id h3GIVlGL082250; Wed, 16 Apr 2003 13:31:47 -0500 (CDT) (envelope-from dan) Date: Wed, 16 Apr 2003 13:31:47 -0500 From: Dan Nelson To: Glenn Johnson , current@FreeBSD.ORG Message-ID: <20030416183147.GB7923@dan.emsphone.com> References: <20030416172105.GA73206@node1.cluster.srrc.usda.gov> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="BXVAT5kNtrzKuDFl" Content-Disposition: inline In-Reply-To: <20030416172105.GA73206@node1.cluster.srrc.usda.gov> X-OS: FreeBSD 5.0-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.4i Subject: Re: can not change NIS password X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 18:31:49 -0000 --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In the last episode (Apr 16), Glenn Johnson said: > User passwords can not be changed if they are served by NIS with > -current: > > FreeBSD 5.0-CURRENT #3: Tue Apr 15 11:30:59 CDT 2003 root@node1.cluster.srrc.usda.gov:/usr/obj/usr/src/sys/CLUSTER-FW > > When trying to change a password I get the following: > > Apr 16 12:16:38 node1 passwd: in pam_sm_chauthtok(): yppasswd_remote(): NIS password update failed > > If I place account information into /etc/master.passwd instead of the > NIS master.passwd, then I can successfully change the password. Try the attached patch; I really need to send-pr this :) The current code assumes you always export /etc/master.passwd. There is still a bug in there somewhere that prevents you from changing an NIS password when logged into the NIS master itself, but at least there's a workaround for that (log into a client to change the password). -- Dan Nelson dnelson@allantgroup.com --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="yppasswdd.diff" Index: yppasswdd_server.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/rpc.yppasswdd/yppasswdd_server.c,v retrieving revision 1.26 diff -p -u -r1.26 yppasswdd_server.c --- yppasswdd_server.c 15 May 2002 09:20:06 -0000 1.26 +++ yppasswdd_server.c 13 Dec 2002 19:43:11 -0000 @@ -450,6 +450,7 @@ yppasswdproc_update_1_svc(yppasswd *argp char *oldgecos = NULL; char *passfile_hold; char passfile_buf[MAXPATHLEN + 2]; + char passfile_hold_buf[MAXPATHLEN + 2]; char *domain = yppasswd_domain; static struct sockaddr_in clntaddr; static struct timeval t_saved, t_test; @@ -574,32 +575,64 @@ yppasswdproc_update_1_svc(yppasswd *argp passfile = (char *)&passfile_buf; } + /* Create a filename to hold the original master.passwd so if our call + to yppwupdate fails we can roll back */ + snprintf(passfile_hold_buf, sizeof(passfile_hold_buf), "%s.hold", passfile); + passfile_hold = (char *)&passfile_hold_buf; + /* Step 5: make a new password file with the updated info. */ + yp_error("calling pw_init(%s)",passfile); if (pw_init(dirname(passfile), passfile)) { yp_error("pw_init() failed"); return &result; } + yp_error("calling pw_lock()"); if ((pfd = pw_lock()) == -1) { pw_fini(); yp_error("pw_lock() failed"); return &result; } + yp_error("calling pw_tmp(-1)"); if ((tfd = pw_tmp(-1)) == -1) { pw_fini(); yp_error("pw_tmp() failed"); return &result; } + + yp_error("calling pw_copy()"); if (pw_copy(pfd, tfd, &yp_password, NULL) == -1) { pw_fini(); yp_error("pw_copy() failed"); return &result; } - if (pw_mkdb(yp_password.pw_name) == -1) { + if (rename(passfile, passfile_hold) == -1) { pw_fini(); - yp_error("pw_mkdb() failed"); + yp_error("rename of %s to %s failed", passfile, passfile_hold); return &result; } + if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) { + /* NIS server is exporting the system's master.passwd. */ + /* Call pw_mkdb to rebuild passwd and the .db files */ + yp_error("calling pw_mkdb(%s)",yp_password.pw_name); + if (pw_mkdb(yp_password.pw_name) == -1) { + pw_fini(); + yp_error("pw_mkdb() failed"); + rename(passfile_hold, passfile); + return &result; + } + } else + { + /* NIS server is exporting a private master.passwd. */ + /* Rename tempfile into final location */ + if (rename(pw_tempname(), passfile) == -1) { + pw_fini(); + yp_error("rename of %s to %s failed", pw_tempname(), passfile); + rename(passfile_hold, passfile); + return &result; + } + } + yp_error("calling pw_fini()"); pw_fini(); if (inplace) { @@ -630,14 +663,16 @@ yppasswdproc_update_1_svc(yppasswd *argp return(&result); break; default: + yp_error("removing backup passwd file %s", passfile_hold); unlink(passfile_hold); break; } if (verbose) { - yp_error("update completed for user %s (uid %d):", + yp_error("update completed for user %s (uid %d) in %s:", argp->newpw.pw_name, - argp->newpw.pw_uid); + argp->newpw.pw_uid, + passfile); if (passwd_changed) yp_error("password changed"); @@ -679,7 +714,7 @@ yppasswdproc_update_master_1_svc(master_ transp = rqstp->rq_xprt; /* - * NO AF_INET CONNETCIONS ALLOWED! + * NO AF_INET CONNECTIONS ALLOWED! */ rqhost = svc_getcaller(transp); if (rqhost->sin_family != AF_UNIX) { @@ -782,10 +817,12 @@ allow additions to be made to the passwo yp_error("pw_copy() failed"); return &result; } - if (pw_mkdb(argp->newpw.pw_name) == -1) { - pw_fini(); - yp_error("pw_mkdb() failed"); - return &result; + if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) { + if (pw_mkdb(argp->newpw.pw_name) == -1) { + pw_fini(); + yp_error("pw_mkdb() failed"); + return &result; + } } pw_fini(); --BXVAT5kNtrzKuDFl--