search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / ypcmd / yppasswd / changepasswd.c
blob78056c1f1fe5bf92fab1c0761c530cea744fdf1e
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * Beware those who enter here.
28 * The logic may appear hairy, but it's been ARCed.
29 * See /shared/sac/PSARC/1995/122/mail
30 */
31
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <ctype.h>
35 #include <unistd.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <stdio.h>
39 #include <errno.h>
40 #include <syslog.h>
41 #include <pwd.h>
42 #include <shadow.h>
43 #include <signal.h>
44 #include <crypt.h>
45 #include <rpc/rpc.h>
46 #include <rpcsvc/yppasswd.h>
47 #include <utmpx.h>
48 #include <nss_dbdefs.h>
49
50 #define STRSIZE 100
51 #define FINGERSIZE (4 * STRSIZE - 4)
52 #define SHELLSIZE (STRSIZE - 2)
53 #define UTUSERLEN (sizeof (((struct utmpx *)NULL)->ut_user))
54
55 /* Prototypes */
56 extern bool_t validloginshell(char *sh, char *arg, int);
57 extern int validstr(char *str, size_t size);
58 extern int yplckpwdf();
59 extern int ypulckpwdf();
60 extern struct passwd *fgetpwent(FILE *);
61
62 static char *
63 cryptoldpasswd(char *oldpass, char *salt, char *acctname)
64 {
65 char *oldpass_crypt = NULL;
66
67 if ((oldpass_crypt = crypt(oldpass, salt)) == NULL) {
68 if (errno == EINVAL) {
69 syslog(LOG_ERR,
70 "yppasswdd: password not changed for \"%s\" - "
71 "crypt module not supported on the master\n",
72 acctname);
73 } else {
74 syslog(LOG_ERR,
75 "yppasswdd: password not changed for \"%s\" - "
76 "%s\n", acctname, strerror(errno));
77 }
78 }
79 return (oldpass_crypt);
80 }
81
82 void
83 changepasswd(SVCXPRT *transp)
84 {
85 /*
86 * Put these numeric constants into const variables so
87 * a) they're visible in a debugger
88 * b) the compiler can play it's cool games with em
89 */
90 static const int cryptpwsize = CRYPT_MAXCIPHERTEXTLEN;
91 static const int fingersize = FINGERSIZE;
92 static const int shellsize = SHELLSIZE;
93
94 struct yppasswd yppwd;
95 struct passwd newpw, opwd;
96 struct spwd ospwd;
97 struct sigaction sa, osa1, osa2, osa3;
98 struct stat pwstat, spstat, adjstat;
99 char *oldpass_crypt = NULL;
100
101 char newpasswdfile[FILENAME_MAX];
102 char newshadowfile[FILENAME_MAX];
103 char newadjunctfile[FILENAME_MAX];
104 char tmppasswdfile[FILENAME_MAX];
105 char tmpshadowfile[FILENAME_MAX];
106 char tmpadjunctfile[FILENAME_MAX];
107 char pwbuf[NSS_LINELEN_PASSWD], spbuf[NSS_LINELEN_SHADOW];
108 char adjbuf[BUFSIZ+1], adjbuf_new[BUFSIZ+1], cmdbuf[BUFSIZ];
109 char adj_encrypt[CRYPT_MAXCIPHERTEXTLEN + 1];
110 /*
111 * The adj_crypt_* pointers are used to point into adjbuf
112 * NOT adj_encrypt
113 */
114 char *adj_crypt_begin, *adj_crypt_end;
115 char name[UTUSERLEN + sizeof (":")];
116 char *p;
117
118 FILE *opwfp = NULL, *ospfp = NULL, *oadjfp = NULL,
119 *npwfp = NULL, *nspfp = NULL, *nadjfp = NULL;
120 int npwfd = -1, nspfd = -1, nadjfd = -1;
121
122 int i, ans, chsh, chpw, chgecos, namelen;
123 int gotadjunct = 0, gotshadow = 0, gotpasswd = 0;
124 int doneflag = 0, root_on_master = 0;
125 pid_t retval;
126
127 time_t now;
128
129 long pwpos = 0, sppos = 0;
130
131 /* Globals :-( */
132 extern int single, nogecos, noshell, nopw, mflag, Mstart, Argc;
133 extern char **Argv;
134 extern char passwd_file[], shadow_file[], adjunct_file[];
135 extern int useadjunct;
136 extern int useshadow;
137
138 /* Clean out yppwd */
139 memset(&yppwd, 0, sizeof (struct yppasswd));
140
141 /* Get the RPC args */
142 if (!svc_getargs(transp, xdr_yppasswd, (caddr_t)&yppwd)) {
143 svcerr_decode(transp);
144 return;
145 }
146
147 /* Perform basic validation */
148 if (/* (!validstr(yppwd.oldpass, PWSIZE)) || */ /* see PR:nis/38 */
149 (!validstr(yppwd.newpw.pw_passwd, cryptpwsize)) ||
150 (!validstr(yppwd.newpw.pw_name, UTUSERLEN)) ||
151 (!validstr(yppwd.newpw.pw_gecos, fingersize)) ||
152 (!validstr(yppwd.newpw.pw_shell, shellsize))) {
153 svcerr_decode(transp);
154 return;
155 }
156
157 /*
158 * Special case: root on the master server can change other users'
159 * passwords without first entering the old password. We need to
160 * ensure that this is indeed root on the master server. (bug 1253949)
161 */
162 if (strcmp(transp->xp_netid, "ticlts") == 0) {
163 svc_local_cred_t cred;
164 if (!svc_get_local_cred(transp, &cred)) {
165 syslog(LOG_ERR, "yppasswdd: Couldn't get "
166 "local user credentials.\n");
167 } else if (cred.ruid == 0)
168 root_on_master = 1;
169 }
170
171 newpw = yppwd.newpw;
172 strcpy(name, newpw.pw_name);
173 strcat(name, ":");
174 namelen = strlen(name);
175 ans = 2;
176 chsh = chpw = chgecos = 0;
177
178 /* Get all the filenames straight */
179 strcpy(newpasswdfile, passwd_file);
180 strcat(newpasswdfile, ".ptmp");
181 strcpy(newshadowfile, shadow_file);
182 strcat(newshadowfile, ".ptmp");
183 strcpy(newadjunctfile, adjunct_file);
184 strcat(newadjunctfile, ".ptmp");
185
186 memset(&sa, 0, sizeof (struct sigaction));
187 sa.sa_handler = SIG_IGN;
188 sigaction(SIGTSTP, &sa, NULL);
189 sigaction(SIGHUP, &sa, &osa1);
190 sigaction(SIGINT, &sa, &osa2);
191 sigaction(SIGQUIT, &sa, &osa3);
192
193 /* Lock, then open the passwd and shadow files */
194
195 if (yplckpwdf() < 0) {
196 syslog(LOG_ERR,
197 "yppasswdd: Password file(s) busy. "
198 "Try again later.\n");
199 ans = 8;
200 goto cleanup;
201 }
202
203 if ((opwfp = fopen(passwd_file, "r")) == NULL) {
204 syslog(LOG_ERR, "yppasswdd: Could not open %s\n", passwd_file);
205 goto cleanup;
206 }
207
208 fstat(fileno(opwfp), &pwstat);
209
210 if (useshadow) {
211 if ((ospfp = fopen(shadow_file, "r")) == NULL) {
212 syslog(LOG_ERR,
213 "yppasswdd: Could not open %s\n", shadow_file);
214 goto cleanup;
215 }
216
217 fstat(fileno(ospfp), &spstat);
218 }
219
220 if (useadjunct) {
221 if ((oadjfp = fopen(adjunct_file, "r")) == NULL) {
222 syslog(LOG_ERR,
223 "yppasswdd: Could not open %s\n",
224 adjunct_file);
225 goto cleanup;
226 }
227
228 fstat(fileno(oadjfp), &adjstat);
229 }
230
231 /*
232 * Open the new passwd and shadow tmp files,
233 * first with open and then create a FILE * with fdopen()
234 */
235 if ((npwfd = open(newpasswdfile, O_WRONLY | O_CREAT | O_EXCL,
236 pwstat.st_mode)) < 0) {
237 if (errno == EEXIST) {
238 syslog(LOG_WARNING,
239 "yppasswdd: passwd file busy - try again\n");
240 ans = 8;
241 } else {
242 syslog(LOG_ERR, "yppasswdd: %s: %m",
243 newpasswdfile);
244 ans = 9;
245 }
246 goto cleanup;
247 }
248
249 fchown(npwfd, pwstat.st_uid, pwstat.st_gid);
250
251 if ((npwfp = fdopen(npwfd, "w")) == NULL) {
252 syslog(LOG_ERR,
253 "yppasswdd: fdopen() on %s failed\n", newpasswdfile);
254 goto cleanup;
255 }
256
257 if (useshadow) {
258 if ((nspfd = open(newshadowfile, O_WRONLY | O_CREAT | O_EXCL,
259 spstat.st_mode)) < 0) {
260 if (errno == EEXIST) {
261 syslog(LOG_WARNING,
262 "yppasswdd: shadow file busy - try "
263 "again\n");
264 ans = 8;
265 } else {
266 syslog(LOG_ERR, "yppasswdd: %s: %m",
267 newshadowfile);
268 ans = 9;
269 }
270 goto cleanup;
271 }
272
273 fchown(nspfd, spstat.st_uid, spstat.st_gid);
274
275 if ((nspfp = fdopen(nspfd, "w")) == NULL) {
276 syslog(LOG_ERR,
277 "yppasswdd: fdopen() on %s failed\n",
278 newshadowfile);
279 goto cleanup;
280 }
281 }
282
283 if (useadjunct) {
284 if ((nadjfd = open(newadjunctfile, O_WRONLY | O_CREAT | O_EXCL,
285 adjstat.st_mode)) < 0) {
286 if (errno == EEXIST) {
287 syslog(LOG_WARNING,
288 "yppasswdd: adjunct file busy - try "
289 "again\n");
290 ans = 8;
291 } else {
292 syslog(LOG_ERR, "yppasswdd: %s: %m",
293 newadjunctfile);
294 ans = 9;
295 }
296 goto cleanup;
297 }
298
299 fchown(nadjfd, adjstat.st_uid, adjstat.st_gid);
300
301 if ((nadjfp = fdopen(nadjfd, "w")) == NULL) {
302 syslog(LOG_ERR,
303 "yppasswdd: fdopen() on %s failed\n",
304 newadjunctfile);
305 goto cleanup;
306 }
307 }
308
309 /*
310 * The following code may not seem all that elegant, but my
311 * interpretation of the man pages relating to the passwd and
312 * shadow files would seem to indicate that there is no guarantee
313 * that the entries contained in those files will be in the same
314 * order...
315 *
316 * So here's the high level overview:
317 *
318 * Loop through the passwd file reading in lines and writing them
319 * out to the new file UNTIL we get to the correct entry.
320 * IF we have a shadow file, loop through it reading in lines and
321 * writing them out to the new file UNTIL we get to the correct
322 * entry. IF we have an adjunct file, loop through it reading in
323 * lines and writing them out to the new file UNTIL we get to the
324 * correct entry.
325 *
326 * Figure out what's changing, contruct the new passwd, shadow,
327 * and adjunct entries and spit em out to the temp files.
328 * At this point, set the done flag and leap back into the loop(s)
329 * until you're finished with the files and then leap to the
330 * section that installs the new files.
331 */
332
333 loop_in_files:
334 /* While we find things in the passwd file */
335 while (fgets(pwbuf, NSS_LINELEN_PASSWD, opwfp)) {
336
337 /*
338 * Is this the passwd entry we want?
339 * If not, then write it out to the new passwd temp file
340 * and remember our position.
341 */
342 if (doneflag || strncmp(name, pwbuf, namelen)) {
343 if (fputs(pwbuf, npwfp) == EOF) {
344 syslog(LOG_ERR,
345 "yppasswdd: write to passwd file "
346 "failed.\n");
347 goto cleanup;
348 }
349 pwpos = ftell(opwfp);
350 continue;
351 }
352 gotpasswd = 1;
353 break;
354 }
355
356 /* no match */
357 if (!gotpasswd) {
358 syslog(LOG_ERR, "yppasswdd: user %s does not exist\n", name);
359 goto cleanup;
360 }
361
362 /* While we find things in the shadow file */
363 while (useshadow && fgets(spbuf, NSS_LINELEN_SHADOW, ospfp)) {
364
365 /*
366 * Is this the shadow entry that we want?
367 * If not, write it out to the new shadow temp file
368 * and remember our position.
369 */
370 if (doneflag || strncmp(name, spbuf, namelen)) {
371 if (fputs(spbuf, nspfp) == EOF) {
372 syslog(LOG_ERR,
373 "yppasswdd: write to shadow file "
374 "failed.\n");
375 goto cleanup;
376 }
377 sppos = ftell(ospfp);
378 continue;
379 }
380 gotshadow = 1;
381 break;
382 }
383
384 /* While we find things in the adjunct file */
385 while (useadjunct && fgets(adjbuf, BUFSIZ, oadjfp)) {
386
387 /*
388 * is this the adjunct entry that we want?
389 * If not, write it out to the new temp file
390 * and remember our position.
391 */
392 if (doneflag || strncmp(name, adjbuf, namelen)) {
393 if (fputs(adjbuf, nadjfp) == EOF) {
394 syslog(LOG_ERR,
395 "yppasswdd: write to adjunct file "
396 "failed.\n");
397 goto cleanup;
398 }
399 continue;
400 }
401 gotadjunct = 1;
402 break;
403 }
404
405 if (doneflag)
406 goto install_files;
407
408 if (useshadow && !gotshadow) {
409 syslog(LOG_ERR, "yppasswdd: no passwd in shadow for %s\n",
410 newpw.pw_name);
411 ans = 4;
412 goto cleanup;
413 }
414 if (useadjunct && !gotadjunct) {
415 syslog(LOG_ERR, "yppasswdd: no passwd in adjunct for %s\n",
416 newpw.pw_name);
417 ans = 4;
418 goto cleanup;
419 }
420
421 /*
422 * Now that we've read in the correct passwd AND
423 * shadow lines, we'll rewind to the beginning of
424 * those lines and let the fget*ent() calls do
425 * the work. Since we are only working with the
426 * first two fields of the adjunct entry, leave
427 * it as a char array.
428 */
429 fseek(opwfp, pwpos, SEEK_SET);
430 opwd = *fgetpwent(opwfp);
431
432 if (useshadow) {
433 fseek(ospfp, sppos, SEEK_SET);
434 ospwd = *fgetspent(ospfp);
435 }
436
437 oldpass_crypt = cryptoldpasswd(yppwd.oldpass, newpw.pw_passwd,
438 newpw.pw_name);
439 if (oldpass_crypt == NULL) {
440 ans = 3;
441 goto cleanup;
442 }
443 p = newpw.pw_passwd;
444 if ((!nopw) &&
445 p && *p &&
446 !((*p++ == '#') && (*p++ == '#') &&
447 (strcmp(p, opwd.pw_name) == 0)) &&
448 (strcmp(oldpass_crypt, newpw.pw_passwd) != 0))
449 chpw = 1;
450 oldpass_crypt = NULL;
451
452 if ((!noshell) && (strcmp(opwd.pw_shell, newpw.pw_shell) != 0)) {
453 if (single)
454 chpw = 0;
455 chsh = 1;
456 }
457
458 if ((!nogecos) && (strcmp(opwd.pw_gecos, newpw.pw_gecos) != 0)) {
459 if (single) {
460 chpw = 0;
461 chsh = 0;
462 }
463 chgecos = 1;
464 }
465
466 if (!(chpw + chsh + chgecos)) {
467 syslog(LOG_NOTICE, "yppasswdd: no change for %s\n",
468 newpw.pw_name);
469 ans = 3;
470 goto cleanup;
471 }
472
473 if (useshadow && !root_on_master) {
474 oldpass_crypt = cryptoldpasswd(yppwd.oldpass, ospwd.sp_pwdp,
475 newpw.pw_name);
476 if (oldpass_crypt == NULL)
477 goto cleanup;
478 if (ospwd.sp_pwdp && *ospwd.sp_pwdp &&
479 (strcmp(oldpass_crypt, ospwd.sp_pwdp) != 0)) {
480
481 syslog(LOG_NOTICE, "yppasswdd: passwd incorrect\n",
482 newpw.pw_name);
483 ans = 7;
484 goto cleanup;
485 }
486 } else if (useadjunct) {
487 /*
488 * Clear the adj_encrypt array. Extract the encrypted passwd
489 * into adj_encrypt by setting adj_crypt_begin and
490 * adj_crypt_end to point at the first character of the
491 * encrypted passwd and the first character following the
492 * encrypted passwd in adjbuf, respectively, and copy the
493 * stuff between (there may not be anything) into adj_ecrypt.
494 * Then, check that adj_encrypt contains something and that
495 * the old passwd is correct.
496 */
497 memset(adj_encrypt, 0, sizeof (adj_encrypt));
498 adj_crypt_begin = adjbuf + namelen;
499 adj_crypt_end = strchr(adj_crypt_begin, ':');
500 strncpy(adj_encrypt, adj_crypt_begin,
501 adj_crypt_end - adj_crypt_begin);
502 oldpass_crypt = cryptoldpasswd(yppwd.oldpass, adj_encrypt,
503 newpw.pw_name);
504 if (oldpass_crypt == NULL)
505 goto cleanup;
506 if (!root_on_master && *adj_encrypt &&
507 (strcmp(oldpass_crypt, adj_encrypt) != 0)) {
508
509 syslog(LOG_NOTICE, "yppasswdd: passwd incorrect\n",
510 newpw.pw_name);
511 ans = 7;
512 goto cleanup;
513 }
514 } else {
515 oldpass_crypt = cryptoldpasswd(yppwd.oldpass, opwd.pw_passwd,
516 newpw.pw_name);
517 if (oldpass_crypt == NULL)
518 goto cleanup;
519 if (!root_on_master && opwd.pw_passwd && *opwd.pw_passwd &&
520 (strcmp(oldpass_crypt, opwd.pw_passwd) != 0)) {
521
522 syslog(LOG_NOTICE, "yppasswdd: passwd incorrect\n",
523 newpw.pw_name);
524 ans = 7;
525 goto cleanup;
526 }
527 }
528
529 #ifdef DEBUG
530 printf("%d %d %d\n", chsh, chgecos, chpw);
531
532 printf("%s %s %s\n",
533 yppwd.newpw.pw_shell,
534 yppwd.newpw.pw_gecos,
535 yppwd.newpw.pw_passwd);
536
537 printf("%s %s %s\n",
538 opwd.pw_shell,
539 opwd.pw_gecos,
540 ospwd.sp_pwdp);
541 #endif
542
543 if (chsh &&
544 !validloginshell(opwd.pw_shell, newpw.pw_shell, root_on_master)) {
545 goto cleanup;
546 }
547
548 /* security hole fix from original source */
549 for (p = newpw.pw_name; (*p != '\0'); p++)
550 if ((*p == ':') || !(isprint(*p)))
551 *p = '$'; /* you lose buckwheat */
552 for (p = newpw.pw_passwd; (*p != '\0'); p++)
553 if ((*p == ':') || !(isprint(*p)))
554 *p = '$'; /* you lose buckwheat */
555
556 if (chgecos)
557 opwd.pw_gecos = newpw.pw_gecos;
558
559 if (chsh)
560 opwd.pw_shell = newpw.pw_shell;
561
562 /*
563 * If we're changing the shell or gecos fields and we're
564 * using a shadow or adjunct file or not changing the passwd
565 * then go ahead and update the passwd file. The case where
566 * the passwd is being changed and we are not using a shadow
567 * or adjunct file is handled later.
568 */
569 if ((chsh || chgecos) && (useshadow || useadjunct || !chpw) &&
570 putpwent(&opwd, npwfp)) {
571
572 syslog(LOG_ERR, "yppasswdd: putpwent failed: %s\n",
573 passwd_file);
574 goto cleanup;
575 }
576
577 if (chpw) {
578 if (useshadow) {
579 ospwd.sp_pwdp = newpw.pw_passwd;
580 now = DAY_NOW;
581 /* password aging - bug for bug compatibility */
582 if (ospwd.sp_max != -1) {
583 if (now < ospwd.sp_lstchg + ospwd.sp_min) {
584 syslog(LOG_ERR,
585 "yppasswdd: Sorry: < %ld days "
586 "since the last change.\n",
587 ospwd.sp_min);
588 goto cleanup;
589 }
590 }
591 ospwd.sp_lstchg = now;
592 if (putspent(&ospwd, nspfp)) {
593 syslog(LOG_ERR,
594 "yppasswdd: putspent failed: %s\n",
595 shadow_file);
596 goto cleanup;
597 }
598 } else if (useadjunct) {
599 sprintf(adjbuf_new,
600 "%s%s%s", name, newpw.pw_passwd, adj_crypt_end);
601 if (fputs(adjbuf_new, nadjfp) == EOF) {
602 syslog(LOG_ERR,
603 "yppasswdd: write to adjunct failed: %s\n",
604 adjunct_file);
605 goto cleanup;
606 }
607 } else {
608 opwd.pw_passwd = newpw.pw_passwd;
609 if (putpwent(&opwd, npwfp)) {
610 syslog(LOG_ERR,
611 "yppasswdd: putpwent failed: %s\n",
612 passwd_file);
613 goto cleanup;
614 }
615 }
616 }
617
618 if (!doneflag) {
619 doneflag = 1;
620 goto loop_in_files;
621 }
622
623 install_files:
624 /*
625 * Critical section, nothing special needs to be done since we
626 * hold exclusive access to the *.ptmp files
627 */
628 fflush(npwfp);
629 if (useshadow)
630 fflush(nspfp);
631 if (useadjunct)
632 fflush(nadjfp);
633
634 strcpy(tmppasswdfile, passwd_file);
635 strcat(tmppasswdfile, "-");
636 if (useshadow) {
637 strcpy(tmpshadowfile, shadow_file);
638 strcat(tmpshadowfile, "-");
639 }
640 if (useadjunct) {
641 strcpy(tmpadjunctfile, adjunct_file);
642 strcat(tmpadjunctfile, "-");
643 }
644
645 if ((!useshadow && !useadjunct) || (chsh || chgecos)) {
646 if (rename(passwd_file, tmppasswdfile) < 0) {
647 syslog(LOG_CRIT, "yppasswdd: failed to backup "
648 "passwd file: %m");
649 goto cleanup;
650 } else {
651 if (rename(newpasswdfile, passwd_file) < 0) {
652 syslog(LOG_CRIT,
653 "yppasswdd: failed to mv passwd: %m");
654 if (rename(tmppasswdfile, passwd_file) < 0) {
655 syslog(LOG_CRIT,
656 "yppasswdd: failed to restore "
657 "backup of passwd file: %m");
658 }
659 goto cleanup;
660 }
661 }
662 }
663
664 if (useshadow && chpw) {
665 if (rename(shadow_file, tmpshadowfile) < 0) {
666 syslog(LOG_CRIT, "yppasswdd: failed to back up "
667 "shadow file: %m");
668 if (rename(tmppasswdfile, passwd_file) < 0) {
669 syslog(LOG_CRIT,
670 "yppasswdd: failed to restore "
671 "backup of passwd file: %m");
672 }
673 goto cleanup;
674 } else {
675 if (rename(newshadowfile, shadow_file) < 0) {
676 syslog(LOG_CRIT,
677 "yppasswdd: failed to mv shadow: %m");
678 if (rename(tmpshadowfile, shadow_file) < 0) {
679 syslog(LOG_CRIT,
680 "yppasswdd: failed to restore "
681 "backup of shadow file: %m");
682 }
683 if (rename(tmppasswdfile, passwd_file) < 0) {
684 syslog(LOG_CRIT,
685 "yppasswdd: failed to restore "
686 "backup of passwd file: %m");
687 }
688 goto cleanup;
689 }
690 }
691 } else if (useadjunct && chpw) {
692 if (rename(adjunct_file, tmpadjunctfile) < 0) {
693 syslog(LOG_CRIT, "yppasswdd: failed to back up "
694 "adjunct file: %m");
695 if (rename(tmppasswdfile, passwd_file) < 0) {
696 syslog(LOG_CRIT,
697 "yppasswdd: failed to restore backup "
698 "of passwd: %m");
699 }
700 goto cleanup;
701 } else {
702 if (rename(newadjunctfile, adjunct_file) < 0) {
703 syslog(LOG_CRIT,
704 "yppassdd: failed to mv adjunct: %m");
705 if (rename(tmppasswdfile, passwd_file) < 0) {
706 syslog(LOG_CRIT,
707 "yppasswdd: failed to restore "
708 "backup of passwd file: %m");
709 }
710 if (rename(tmpadjunctfile, adjunct_file) < 0) {
711 syslog(LOG_CRIT,
712 "yppasswdd: failed to restore "
713 "backup of adjunct file: %m");
714 }
715 goto cleanup;
716 }
717 }
718 }
719
720 if (doneflag)
721 ans = 0;
722 /* End critical section */
723
724 /*
725 * Here we have come only after the new files have been successfully
726 * renamed to original files. At this point, the temp files would still
727 * be existing we need to remove them from the /etc directory
728 */
729 unlink(tmppasswdfile);
730 if (useshadow)
731 unlink(tmpshadowfile);
732 if (useadjunct)
733 unlink(tmpadjunctfile);
734
735 cleanup:
736
737 /* If we don't have opwfp, then we didn't do anything */
738 if (opwfp) {
739 fclose(opwfp);
740
741 if (ospfp) {
742 fclose(ospfp);
743 }
744
745 if (oadjfp) {
746 fclose(oadjfp);
747 }
748
749 unlink(newpasswdfile);
750 /* These tests are cheaper than failing syscalls */
751 if (useshadow)
752 unlink(newshadowfile);
753 if (useadjunct)
754 unlink(newadjunctfile);
755
756 if (npwfp) {
757 fclose(npwfp);
758
759 if (nspfp) {
760 fclose(nspfp);
761 }
762 if (nadjfp) {
763 fclose(nadjfp);
764 }
765 }
766 }
767
768 ypulckpwdf();
769
770 if (doneflag && mflag) {
771 retval = fork();
772 if (retval < 0) {
773 syslog(LOG_ERR, "yppasswdd: Fork failed %m");
774 } else if (retval == 0) {
775 strcpy(cmdbuf, "/usr/ccs/bin/make");
776 for (i = Mstart + 1; i < Argc; i++) {
777 strcat(cmdbuf, " ");
778 strcat(cmdbuf, Argv[i]);
779 }
780
781 #ifdef DEBUG
782 syslog(LOG_ERR, "yppasswdd: about to "
783 "execute %s\n", cmdbuf);
784 #else
785 if (yplckpwdf() < 0) {
786 syslog(LOG_ERR, "yppasswdd: Couldn't get the "
787 "lock to update the maps");
788 } else {
789 setpgrp();
790 system(cmdbuf);
791 ypulckpwdf();
792 }
793 #endif
794 exit(0);
795 }
796 }
797
798 sigaction(SIGHUP, &osa1, NULL);
799 sigaction(SIGINT, &osa2, NULL);
800 sigaction(SIGQUIT, &osa3, NULL);
801
802 if (!svc_sendreply(transp, xdr_int, (char *)&ans))
803 syslog(LOG_WARNING,
804 "yppasswdd: couldn\'t reply to RPC call\n");
805 }
unleashed repo fork