summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/pwd_mkdb/pwd_mkdb.814
-rw-r--r--usr.sbin/pwd_mkdb/pwd_mkdb.c67
2 files changed, 52 insertions, 29 deletions
diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.8 b/usr.sbin/pwd_mkdb/pwd_mkdb.8
index c790c85f97c..9d36183562b 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.8
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pwd_mkdb.8,v 1.13 2001/06/08 04:23:25 aaron Exp $
+.\" $OpenBSD: pwd_mkdb.8,v 1.14 2001/08/16 18:22:04 millert Exp $
.\"
.\" Copyright (c) 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -42,7 +42,7 @@
.Sh SYNOPSIS
.Nm pwd_mkdb
.Op Fl c
-.Op Fl p
+.Op Fl p | Fl s
.Op Fl d Ar directory
.Op Fl u Ar username
.Ar file
@@ -71,6 +71,16 @@ Do not change, add, or remove any files.
.It Fl p
Create a Version 7 style password file and install it into
.Pa /etc/passwd .
+.It Fl s
+Only update the secure version of the database.
+This is most commonly used in conjunction with the
+.Fl u
+flag during a password change.
+Because the insecure database doesn't contain the password there
+is no reason to update it if the only change is in the password field.
+Cannot be used in conjunction with the
+.Fl p
+flag.
.It Fl d Ar directory
Operate in a base directory other than the default of
.Pa /etc .
diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index f8b1eb27519..fe0b85921d7 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pwd_mkdb.c,v 1.24 2001/06/07 16:21:49 millert Exp $ */
+/* $OpenBSD: pwd_mkdb.c,v 1.25 2001/08/16 18:22:04 millert Exp $ */
/*-
* Copyright (c) 1991, 1993, 1994
@@ -45,7 +45,7 @@ static char copyright[] =
#if 0
static char sccsid[] = "from: @(#)pwd_mkdb.c 8.5 (Berkeley) 4/20/94";
#else
-static char *rcsid = "$OpenBSD: pwd_mkdb.c,v 1.24 2001/06/07 16:21:49 millert Exp $";
+static char *rcsid = "$OpenBSD: pwd_mkdb.c,v 1.25 2001/08/16 18:22:04 millert Exp $";
#endif
#endif /* not lint */
@@ -110,12 +110,12 @@ main(argc, argv)
struct passwd pwd;
sigset_t set;
uid_t olduid;
- int ch, tfd, makeold, flags = 0, checkonly = 0;
+ int ch, tfd, makeold, secureonly, flags, checkonly;
char *username, buf[MAX(MAXPATHLEN, LINE_MAX * 2)];
- makeold = 0;
+ flags = checkonly = makeold = secureonly = 0;
username = NULL;
- while ((ch = getopt(argc, argv, "cd:pu:v")) != -1)
+ while ((ch = getopt(argc, argv, "cd:psu:v")) != -1)
switch(ch) {
case 'c': /* verify only */
checkonly = 1;
@@ -128,6 +128,9 @@ main(argc, argv)
case 'p': /* create V7 "file.orig" */
makeold = 1;
break;
+ case 's': /* only update spwd.db */
+ secureonly = 1;
+ break;
case 'u': /* only update this record */
username = optarg;
break;
@@ -140,7 +143,8 @@ main(argc, argv)
argc -= optind;
argv += optind;
- if (argc != 1 || (username && (*username == '+' || *username == '-')))
+ if (argc != 1 || (makeold && secureonly) ||
+ (username && (*username == '+' || *username == '-')))
usage();
/*
@@ -221,19 +225,22 @@ main(argc, argv)
clean |= FILE_SECURE;
/* Open the temporary insecure password database. */
- (void)snprintf(buf, sizeof(buf), "%s.tmp",
- changedir(_PATH_MP_DB, basedir));
- if (username) {
- cp(changedir(_PATH_MP_DB, basedir), buf, PERM_INSECURE);
- dp = dbopen(buf,
- O_RDWR, PERM_INSECURE, DB_HASH, &openinfo);
- } else {
- dp = dbopen(buf,
- O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE, DB_HASH, &openinfo);
- }
- if (dp == NULL)
- error(buf);
- clean |= FILE_INSECURE;
+ if (!secureonly) {
+ (void)snprintf(buf, sizeof(buf), "%s.tmp",
+ changedir(_PATH_MP_DB, basedir));
+ if (username) {
+ cp(changedir(_PATH_MP_DB, basedir), buf, PERM_INSECURE);
+ dp = dbopen(buf, O_RDWR, PERM_INSECURE, DB_HASH,
+ &openinfo);
+ } else {
+ dp = dbopen(buf, O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE,
+ DB_HASH, &openinfo);
+ }
+ if (dp == NULL)
+ error(buf);
+ clean |= FILE_INSECURE;
+ } else
+ dp = NULL;
/*
* Open file for old password file. Minor trickiness -- don't want to
@@ -287,16 +294,16 @@ main(argc, argv)
if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
error("put");
- if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
+
+ if (dp && (dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
error("put");
}
if ((edp->close)(edp))
error("close edp");
- if ((dp->close)(dp))
+ if (dp && (dp->close)(dp))
error("close dp");
if (makeold) {
- (void)fflush(oldfp);
if (fclose(oldfp) == EOF)
error("close old");
}
@@ -307,9 +314,11 @@ main(argc, argv)
error("fclose");
/* Install as the real password files. */
- (void)snprintf(buf, sizeof(buf), "%s.tmp",
- changedir(_PATH_MP_DB, basedir));
- mv(buf, changedir(_PATH_MP_DB, basedir));
+ if (!secureonly) {
+ (void)snprintf(buf, sizeof(buf), "%s.tmp",
+ changedir(_PATH_MP_DB, basedir));
+ mv(buf, changedir(_PATH_MP_DB, basedir));
+ }
(void)snprintf(buf, sizeof(buf), "%s.tmp",
changedir(_PATH_SMP_DB, basedir));
mv(buf, changedir(_PATH_SMP_DB, basedir));
@@ -454,7 +463,7 @@ usage()
{
(void)fprintf(stderr,
- "usage: pwd_mkdb [-cp] [-d basedir] [-u username] file\n");
+ "usage: pwd_mkdb [-c] [-p | -s] [-d basedir] [-u username] file\n");
exit(1);
}
@@ -539,7 +548,8 @@ db_store(fp, oldfp, edp, dp, pw, keytype, username, olduid)
memcpy(tbuf + 1, &olduid, sizeof(olduid));
key.size = sizeof(olduid) + 1;
(edp->del)(edp, &key, 0);
- (dp->del)(dp, &key, 0);
+ if (dp)
+ (dp->del)(dp, &key, 0);
}
/* XXX - should check to see if line number changed. */
}
@@ -589,6 +599,9 @@ db_store(fp, oldfp, edp, dp, pw, keytype, username, olduid)
if ((edp->put)(edp, &key, &data, dbmode) == -1)
error("put");
+ if (dp == NULL)
+ continue;
+
/* Star out password to make insecure record. */
p = buf + strlen(pw->pw_name) + 1; /* skip pw_name */
len = strlen(pw->pw_passwd);