1 /* 2 * Copyright (c) 1988, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#) Copyright (c) 1988, 1993, 1994 The Regents of the University of California. All rights reserved. 34 * @(#)passwd.c 8.3 (Berkeley) 4/2/94 35 * $FreeBSD: src/usr.bin/passwd/passwd.c,v 1.16.2.1 2001/03/12 10:48:08 assar Exp $ 36 * $DragonFly: src/usr.bin/passwd/passwd.c,v 1.3 2003/10/04 20:36:50 hmp Exp $ 37 */ 38 39 #include <sys/types.h> 40 41 #include <err.h> 42 #include <errno.h> 43 #include <libutil.h> 44 #include <stdio.h> 45 #include <stdlib.h> 46 #include <string.h> 47 #include <unistd.h> 48 49 #ifdef YP 50 #include <pwd.h> 51 #include <pw_yp.h> 52 #include <rpcsvc/yp.h> 53 int __use_yp = 0; 54 int yp_errno = YP_TRUE; 55 extern int yp_passwd( char * ); 56 #endif 57 58 #ifdef KERBEROS 59 #include "krb.h" 60 #endif 61 62 #include "extern.h" 63 64 static void usage(void); 65 66 int use_local_passwd = 0; 67 68 int 69 main(int argc, char **argv) 70 { 71 int ch; 72 char *uname; 73 #ifdef KERBEROS 74 char *iflag = 0, *rflag = 0, *uflag = 0; 75 char *k; 76 #endif 77 78 #ifdef YP 79 #ifdef KERBEROS 80 char realm[REALM_SZ]; 81 #define OPTIONS "d:h:lysfoi:r:u:" 82 #else 83 #define OPTIONS "d:h:lysfo" 84 #endif 85 #else 86 #ifdef KERBEROS 87 char realm[REALM_SZ]; 88 #define OPTIONS "li:r:u:" 89 #else 90 #define OPTIONS "l" 91 #endif 92 #endif 93 94 #ifdef YP 95 int res = 0; 96 97 if (strstr(argv[0], "yppasswd")) __use_yp = 1; 98 #endif 99 100 while ((ch = getopt(argc, argv, OPTIONS)) != -1) { 101 switch (ch) { 102 case 'l': /* change local password file */ 103 use_local_passwd = 1; 104 break; 105 #ifdef KERBEROS 106 case 'i': 107 iflag = optarg; 108 break; 109 case 'r': 110 rflag = optarg; 111 break; 112 case 'u': 113 uflag = optarg; 114 break; 115 #endif /* KERBEROS */ 116 #ifdef YP 117 case 'y': /* Change NIS password */ 118 __use_yp = 1; 119 break; 120 case 'd': /* Specify NIS domain. */ 121 #ifdef PARANOID 122 if (!getuid()) { 123 #endif 124 yp_domain = optarg; 125 if (yp_server == NULL) 126 yp_server = "localhost"; 127 #ifdef PARANOID 128 } else { 129 warnx("only the super-user may use the -d flag"); 130 } 131 #endif 132 break; 133 case 'h': /* Specify NIS server. */ 134 #ifdef PARANOID 135 if (!getuid()) { 136 #endif 137 yp_server = optarg; 138 #ifdef PARANOID 139 } else { 140 warnx("only the super-user may use the -h flag"); 141 } 142 #endif 143 break; 144 case 'o': 145 force_old++; 146 break; 147 #endif 148 default: 149 case '?': 150 usage(); 151 } 152 } 153 154 argc -= optind; 155 argv += optind; 156 157 if ((uname = getlogin()) == NULL) 158 err(1, "getlogin"); 159 160 switch(argc) { 161 case 0: 162 break; 163 case 1: 164 uname = argv[0]; 165 break; 166 default: 167 usage(); 168 } 169 170 #ifdef YP 171 /* 172 * If NIS is turned on in the password database, use it, else punt. 173 */ 174 #ifdef KERBEROS 175 if (__use_yp || (iflag == NULL && rflag == NULL && uflag == NULL)) { 176 #endif 177 res = use_yp(uname, 0, 0); 178 if (res == USER_YP_ONLY) { 179 if (!use_local_passwd) { 180 exit(yp_passwd(uname)); 181 } else { 182 /* 183 * Reject -l flag if NIS is turned on and the user 184 * doesn't exist in the local password database. 185 */ 186 errx(1, "unknown local user: %s", uname); 187 } 188 } else if (res == USER_LOCAL_ONLY) { 189 /* 190 * Reject -y flag if user only exists locally. 191 */ 192 if (__use_yp) 193 errx(1, "unknown NIS user: %s", uname); 194 } else if (res == USER_YP_AND_LOCAL) { 195 if (!use_local_passwd && (yp_in_pw_file || __use_yp)) 196 exit(yp_passwd(uname)); 197 } 198 #ifdef KERBEROS 199 } 200 #endif 201 #endif 202 203 if (!use_local_passwd) { 204 #ifdef KERBEROS 205 k = auth_getval("auth_list"); 206 if (k && strstr(k, "kerberos")) 207 if(krb_get_lrealm(realm, 0) == KSUCCESS) { 208 setuid(getuid()); 209 fprintf(stderr, "realm %s\n", realm); 210 exit(krb_passwd(argv[0], iflag, rflag, uflag)); 211 } 212 #endif 213 } 214 exit(local_passwd(uname)); 215 } 216 217 static void 218 usage(void) 219 { 220 221 #ifdef YP 222 #ifdef KERBEROS 223 fprintf(stderr, "%s\n%s\n", 224 "usage: passwd [-l] [-i instance] [-r realm] [-u fullname]", 225 " passwd [-l] [-y] [-o] [-d domain [-h host]] [user]"); 226 #else 227 (void)fprintf(stderr, 228 "usage: passwd [-l] [-y] [-o] [-d domain [-h host]] [user]\n"); 229 #endif 230 #else 231 #ifdef KERBEROS 232 fprintf(stderr, 233 "usage: passwd [-l] [-i instance] [-r realm] [-u fullname] [user]\n"); 234 #else 235 (void)fprintf(stderr, "usage: passwd user\n"); 236 #endif 237 #endif 238 exit(1); 239 } 240