src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	2009-02-15 21:43:41 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	2009-02-15 21:43:41 +0000
commit	4bc705a974cf5b2f0fa562237577fa1cb61002f6 (patch)
tree	bd47bc37bbcc9ec38dd0a76d933cb4bf541a2293 /usr.bin/chpass
parent	3148243edf22adf790721842f1ea1a518e9f6667 (diff)

in a secure YP context, a chpass would whack the user's password to *

which is clearly not the intent. PR 4177, fix from schwarze@usta.de

Diffstat (limited to 'usr.bin/chpass')

-rw-r--r--

usr.bin/chpass/pw_yp.c

1 files changed, 28 insertions, 22 deletions

diff --git a/usr.bin/chpass/pw_yp.c b/usr.bin/chpass/pw_yp.c
index 219cf830adc..4240ecb769c 100644
--- a/usr.bin/chpass/pw_yp.c
+++ b/usr.bin/chpass/pw_yp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pw_yp.c,v 1.21 2006/03/31 00:29:13 deraadt Exp $ */

+/* $OpenBSD: pw_yp.c,v 1.22 2009/02/15 21:43:40 deraadt Exp $ */

/* $NetBSD: pw_yp.c,v 1.5 1995/03/26 04:55:33 glass Exp $ */

@@ -33,7 +33,7 @@

#if 0

static char sccsid[] = "@(#)pw_yp.c 1.0 2/2/93";

#else

-static char rcsid[] = "$OpenBSD: pw_yp.c,v 1.21 2006/03/31 00:29:13 deraadt Exp $";

+static char rcsid[] = "$OpenBSD: pw_yp.c,v 1.22 2009/02/15 21:43:40 deraadt Exp $";

#endif

#endif /* not lint */

@@ -181,7 +181,7 @@ pwskip(char *p)

}

static struct passwd *

-interpret(struct passwd *pwent, char *line)

+interpret(struct passwd *pwent, char *line, const int secure)

{

char *p = line;

@@ -196,7 +196,7 @@ interpret(struct passwd *pwent, char *line)

pwent->pw_class = "";

/* line without colon separators is no good, so ignore it */

- if(!strchr(p,':'))

+ if (!strchr(p,':'))

return(NULL);

pwent->pw_name = p;

@@ -207,6 +207,14 @@ interpret(struct passwd *pwent, char *line)

p = pwskip(p);

pwent->pw_gid = (gid_t)strtoul(p, NULL, 10);

p = pwskip(p);

+ if (secure == 1) {

+ pwent->pw_class = p;

+ p = pwskip(p);

+ pwent->pw_change = (time_t)strtoul(p, NULL, 10);

+ p = pwskip(p);

+ pwent->pw_expire = (time_t)strtoul(p, NULL, 10);

+ p = pwskip(p);

+ }

pwent->pw_gecos = p;

p = pwskip(p);

pwent->pw_dir = p;

@@ -224,7 +232,7 @@ struct passwd *

ypgetpwnam(char *nam)

{

static struct passwd pwent;

- int reason, vallen;

+ int reason, vallen, secure = 0;

char *val;

@@ -236,14 +244,13 @@ ypgetpwnam(char *nam)

exit(1);

}

- reason = yp_match(domain, "passwd.byname", nam, strlen(nam),

- &val, &vallen);

- switch(reason) {

- case 0:

- break;

- default:

+ if (!yp_match(domain, "master.passwd.byname", nam, strlen(nam),

+ &val, &vallen))

+ secure = 1;

+ else if (yp_match(domain, "passwd.byname", nam, strlen(nam),

+ &val, &vallen))

return (NULL);

- }

val[vallen] = '\0';

if (__yplin)

free(__yplin);

@@ -252,14 +259,14 @@ ypgetpwnam(char *nam)

strlcpy(__yplin, val, vallen + 1);

free(val);

- return(interpret(&pwent, __yplin));

+ return(interpret(&pwent, __yplin, secure));

}

struct passwd *

ypgetpwuid(uid_t uid)

{

static struct passwd pwent;

- int reason, vallen;

+ int reason, vallen, secure = 0;

char namebuf[16], *val;

if (!domain && (reason = yp_get_default_domain(&domain))) {

@@ -269,14 +276,13 @@ ypgetpwuid(uid_t uid)

}

snprintf(namebuf, sizeof namebuf, "%u", (u_int)uid);

- reason = yp_match(domain, "passwd.byuid", namebuf, strlen(namebuf),

- &val, &vallen);

- switch(reason) {

- case 0:

- break;

- default:

+ if (!yp_match(domain, "master.passwd.byuid", namebuf, strlen(namebuf),

+ &val, &vallen))

+ secure = 1;

+ else if (yp_match(domain, "passwd.byuid", namebuf, strlen(namebuf),

+ &val, &vallen))

return (NULL);

- }

val[vallen] = '\0';

if (__yplin)

free(__yplin);

@@ -285,7 +291,7 @@ ypgetpwuid(uid_t uid)

strlcpy(__yplin, val, vallen + 1);

free(val);

- return(interpret(&pwent, __yplin));

+ return(interpret(&pwent, __yplin, secure));

}

#endif /* YP */