diff options
| author | Mats O Jansson <maja@cvs.openbsd.org> | 1997-03-13 09:50:27 +0000 |
|---|---|---|
| committer | Mats O Jansson <maja@cvs.openbsd.org> | 1997-03-13 09:50:27 +0000 |
| commit | be237ba9085f9b3f55227ce48c1ba82b642f9682 (patch) | |
| tree | 42189694e147734a8a736a369a52f60fd46d332c /usr.sbin/ypserv | |
| parent | 6fc26c5eb709472017d27370a8bb6d09bd596da1 (diff) | |
Add support for secure maps and master.passwd. -moj
Diffstat (limited to 'usr.sbin/ypserv')
| -rw-r--r-- | usr.sbin/ypserv/ypinit/Makefile.yp | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/usr.sbin/ypserv/ypinit/Makefile.yp b/usr.sbin/ypserv/ypinit/Makefile.yp index 60e58bd3e7a..c8c1a952b6f 100644 --- a/usr.sbin/ypserv/ypinit/Makefile.yp +++ b/usr.sbin/ypserv/ypinit/Makefile.yp @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.yp,v 1.5 1996/05/30 09:53:17 deraadt Exp $ +# $OpenBSD: Makefile.yp,v 1.6 1997/03/13 09:50:26 maja Exp $ YPDBDIR=/var/yp DIR=/etc @@ -17,21 +17,47 @@ TOUCH=/usr/bin/touch DOMAIN="`/usr/bin/basename ${.CURDIR}`" YPPUSH=/usr/sbin/yppush +# Password maps in standard YP is unsecure. This is due to the fact that +# passwords are accessable for anyone. FreeBSD and now OpenBSD has a common +# solution to this, maps can be secure (makedbm -s). If a map is secure only +# a privileged user can access it. +MAKEDBM-S=$(MAKEDBM) -s +UNSECURE="True" + all: passwd group hosts ethers networks rpc services protocols netid passwd.time: $(DIR)/master.passwd -@if [ -f $(>) ]; then \ - $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \ + if [ ! $(UNSECURE) ]; then \ + $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \ + $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \ + { print $$1, $$1":*:"$$3":"$$4":"$$5":"$$6":"$$7 }' -|\ + $(MAKEDBM) - passwd.byname; \ + $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\ + $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \ + { print $$3, $$1":*:"$$3":"$$4":"$$5":"$$6":"$$7 }' -|\ + $(MAKEDBM) - passwd.byuid; \ + else \ + $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \ + $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \ + { print $$1, $$0 }' - | $(MAKEDBM) - passwd.byname; \ + $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\ + $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \ + { print $$3, $$0 }' - | $(MAKEDBM) - passwd.byuid; \ + fi; \ + $(CAT) $(>) | \ $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \ - { print $$1, $$0 }' - | $(MAKEDBM) - passwd.byname; \ - $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\ + { print $$1, $$0 }' - | $(MAKEDBM-S) - master.passwd.byname; \ + $(CAT) $(>) | \ $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \ - { print $$3, $$0 }' - | $(MAKEDBM) - passwd.byuid; \ + { print $$3, $$0 }' - | $(MAKEDBM-S) - master.passwd.byuid; \ $(TOUCH) $(@); \ $(ECHO) "updated passwd"; \ if [ ! $(NOPUSH) ]; then \ $(YPPUSH) -d $(DOMAIN) passwd.byname; \ $(YPPUSH) -d $(DOMAIN) passwd.byuid; \ + $(YPPUSH) -d $(DOMAIN) master.passwd.byname; \ + $(YPPUSH) -d $(DOMAIN) master.passwd.byuid; \ $(ECHO) "pushed passwd"; \ else \ : ; \ @@ -210,3 +236,4 @@ $(DIR)/rpc: $(DIR)/services: $(DIR)/protocols: $(DIR)/netid: +$(DIR)/master.passwd: |