From 1c0ed465609e58caba31e75d241d0f467fcca12e Mon Sep 17 00:00:00 2001
From: Miod Vallat <miod@cvs.openbsd.org>
Date: Thu, 9 Oct 2008 21:10:09 +0000
Subject: When adding a new user, do not move a potential yp line
 (+:*:::0:0::::) to the end of the file, for this would make logins coming
 after the yp line (such as nomadic or fallback accounts) to come back before
 the yp line and take precedence. Found the hard way installing packages
 needing a user to be created.

ok deraadt@
---
 usr.sbin/user/user.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

(limited to 'usr.sbin')

diff --git a/usr.sbin/user/user.c b/usr.sbin/user/user.c
index ee6c4cffa26..34397055e70 100644
--- a/usr.sbin/user/user.c
+++ b/usr.sbin/user/user.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: user.c,v 1.72 2007/08/02 16:18:05 deraadt Exp $ */
+/* $OpenBSD: user.c,v 1.73 2008/10/09 21:10:08 miod Exp $ */
 /* $NetBSD: user.c,v 1.69 2003/04/14 17:40:07 agc Exp $ */
 
 /*
@@ -985,9 +985,14 @@ adduser(char *login_name, user_t *up)
 	}
 	while (fgets(buf, sizeof(buf), fp) != NULL) {
 		cc = strlen(buf);
+		/*
+		 * Stop copying the file at the yp entry; we want to
+		 * put the new user before it, and preserve entries
+		 * after the yp entry.
+		 */
 		if (cc > 1 && buf[0] == '+' && buf[1] == ':') {
 			yp = 1;
-			continue;
+			break;
 		}
 		if (write(ptmpfd, buf, (size_t)(cc)) != cc) {
 			(void) fclose(fp);
@@ -1129,6 +1134,7 @@ adduser(char *login_name, user_t *up)
 		err(EXIT_FAILURE, "can't add `%s'", buf);
 	}
 	if (yp) {
+		/* put back the + line */
 		cc = snprintf(buf, sizeof(buf), "+:*::::::::\n");
 		if (cc == -1 || cc >= sizeof(buf)) {
 			(void) close(ptmpfd);
@@ -1140,6 +1146,22 @@ adduser(char *login_name, user_t *up)
 			pw_abort();
 			err(EXIT_FAILURE, "can't add `%s'", buf);
 		}
+		/* copy the entries following it, if any */
+		while (fgets(buf, sizeof(buf), fp) != NULL) {
+			cc = strlen(buf);
+			if (write(ptmpfd, buf, (size_t)(cc)) != cc) {
+				(void) fclose(fp);
+				(void) close(ptmpfd);
+				pw_abort();
+				err(EXIT_FAILURE, "short write to /etc/ptmp (not %d chars)", cc);
+			}
+		}
+		if (ferror(fp)) {
+			(void) fclose(fp);
+			(void) close(ptmpfd);
+			pw_abort();
+			err(EXIT_FAILURE, "read error on %s", _PATH_MASTERPASSWD);
+		}
 	}
 	if (up->u_flags & F_MKDIR) {
 		if (lstat(home, &st) == 0) {
-- 
cgit v1.2.3