Date: Wed, 16 Apr 2003 13:31:47 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Glenn Johnson <glenn@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: can not change NIS password Message-ID: <20030416183147.GB7923@dan.emsphone.com> In-Reply-To: <20030416172105.GA73206@node1.cluster.srrc.usda.gov> References: <20030416172105.GA73206@node1.cluster.srrc.usda.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
--BXVAT5kNtrzKuDFl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In the last episode (Apr 16), Glenn Johnson said:
> User passwords can not be changed if they are served by NIS with
> -current:
>
> FreeBSD 5.0-CURRENT #3: Tue Apr 15 11:30:59 CDT 2003 root@node1.cluster.srrc.usda.gov:/usr/obj/usr/src/sys/CLUSTER-FW
>
> When trying to change a password I get the following:
>
> Apr 16 12:16:38 node1 passwd: in pam_sm_chauthtok(): yppasswd_remote(): NIS password update failed
>
> If I place account information into /etc/master.passwd instead of the
> NIS master.passwd, then I can successfully change the password.
Try the attached patch; I really need to send-pr this :) The current
code assumes you always export /etc/master.passwd.
There is still a bug in there somewhere that prevents you from changing
an NIS password when logged into the NIS master itself, but at least
there's a workaround for that (log into a client to change the
password).
--
Dan Nelson
dnelson@allantgroup.com
--BXVAT5kNtrzKuDFl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="yppasswdd.diff"
Index: yppasswdd_server.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/rpc.yppasswdd/yppasswdd_server.c,v
retrieving revision 1.26
diff -p -u -r1.26 yppasswdd_server.c
--- yppasswdd_server.c 15 May 2002 09:20:06 -0000 1.26
+++ yppasswdd_server.c 13 Dec 2002 19:43:11 -0000
@@ -450,6 +450,7 @@ yppasswdproc_update_1_svc(yppasswd *argp
char *oldgecos = NULL;
char *passfile_hold;
char passfile_buf[MAXPATHLEN + 2];
+ char passfile_hold_buf[MAXPATHLEN + 2];
char *domain = yppasswd_domain;
static struct sockaddr_in clntaddr;
static struct timeval t_saved, t_test;
@@ -574,32 +575,64 @@ yppasswdproc_update_1_svc(yppasswd *argp
passfile = (char *)&passfile_buf;
}
+ /* Create a filename to hold the original master.passwd so if our call
+ to yppwupdate fails we can roll back */
+ snprintf(passfile_hold_buf, sizeof(passfile_hold_buf), "%s.hold", passfile);
+ passfile_hold = (char *)&passfile_hold_buf;
+
/* Step 5: make a new password file with the updated info. */
+ yp_error("calling pw_init(%s)",passfile);
if (pw_init(dirname(passfile), passfile)) {
yp_error("pw_init() failed");
return &result;
}
+ yp_error("calling pw_lock()");
if ((pfd = pw_lock()) == -1) {
pw_fini();
yp_error("pw_lock() failed");
return &result;
}
+ yp_error("calling pw_tmp(-1)");
if ((tfd = pw_tmp(-1)) == -1) {
pw_fini();
yp_error("pw_tmp() failed");
return &result;
}
+
+ yp_error("calling pw_copy()");
if (pw_copy(pfd, tfd, &yp_password, NULL) == -1) {
pw_fini();
yp_error("pw_copy() failed");
return &result;
}
- if (pw_mkdb(yp_password.pw_name) == -1) {
+ if (rename(passfile, passfile_hold) == -1) {
pw_fini();
- yp_error("pw_mkdb() failed");
+ yp_error("rename of %s to %s failed", passfile, passfile_hold);
return &result;
}
+ if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
+ /* NIS server is exporting the system's master.passwd. */
+ /* Call pw_mkdb to rebuild passwd and the .db files */
+ yp_error("calling pw_mkdb(%s)",yp_password.pw_name);
+ if (pw_mkdb(yp_password.pw_name) == -1) {
+ pw_fini();
+ yp_error("pw_mkdb() failed");
+ rename(passfile_hold, passfile);
+ return &result;
+ }
+ } else
+ {
+ /* NIS server is exporting a private master.passwd. */
+ /* Rename tempfile into final location */
+ if (rename(pw_tempname(), passfile) == -1) {
+ pw_fini();
+ yp_error("rename of %s to %s failed", pw_tempname(), passfile);
+ rename(passfile_hold, passfile);
+ return &result;
+ }
+ }
+ yp_error("calling pw_fini()");
pw_fini();
if (inplace) {
@@ -630,14 +663,16 @@ yppasswdproc_update_1_svc(yppasswd *argp
return(&result);
break;
default:
+ yp_error("removing backup passwd file %s", passfile_hold);
unlink(passfile_hold);
break;
}
if (verbose) {
- yp_error("update completed for user %s (uid %d):",
+ yp_error("update completed for user %s (uid %d) in %s:",
argp->newpw.pw_name,
- argp->newpw.pw_uid);
+ argp->newpw.pw_uid,
+ passfile);
if (passwd_changed)
yp_error("password changed");
@@ -679,7 +714,7 @@ yppasswdproc_update_master_1_svc(master_
transp = rqstp->rq_xprt;
/*
- * NO AF_INET CONNETCIONS ALLOWED!
+ * NO AF_INET CONNECTIONS ALLOWED!
*/
rqhost = svc_getcaller(transp);
if (rqhost->sin_family != AF_UNIX) {
@@ -782,10 +817,12 @@ allow additions to be made to the passwo
yp_error("pw_copy() failed");
return &result;
}
- if (pw_mkdb(argp->newpw.pw_name) == -1) {
- pw_fini();
- yp_error("pw_mkdb() failed");
- return &result;
+ if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
+ if (pw_mkdb(argp->newpw.pw_name) == -1) {
+ pw_fini();
+ yp_error("pw_mkdb() failed");
+ return &result;
+ }
}
pw_fini();
--BXVAT5kNtrzKuDFl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030416183147.GB7923>