1 /* $NetBSD: yp_passwd.c,v 1.26 2002/11/16 15:59:28 itojun Exp $ */ 2 3 /* 4 * Copyright (c) 1988, 1990, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #ifndef lint 38 #if 0 39 static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; 40 #else 41 __RCSID("$NetBSD: yp_passwd.c,v 1.26 2002/11/16 15:59:28 itojun Exp $"); 42 #endif 43 #endif /* not lint */ 44 45 #ifdef YP 46 47 #include <ctype.h> 48 #include <err.h> 49 #include <errno.h> 50 #include <netdb.h> 51 #include <pwd.h> 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 #include <time.h> 56 #include <unistd.h> 57 58 #include <rpc/rpc.h> 59 #include <rpcsvc/yp_prot.h> 60 #include <rpcsvc/ypclnt.h> 61 62 #include "extern.h" 63 64 #define passwd yp_passwd_rec 65 #include <rpcsvc/yppasswd.h> 66 #undef passwd 67 68 #ifndef _PASSWORD_LEN 69 #define _PASSWORD_LEN PASS_MAX 70 #endif 71 72 static int yflag; 73 74 static char *getnewpasswd __P((struct passwd *, char **)); 75 static int ypgetpwnam __P((const char *)); 76 static void pw_error __P((char *, int, int)); 77 78 static uid_t uid; 79 char *domain; 80 81 static void 82 pw_error(name, err, eval) 83 char *name; 84 int err, eval; 85 { 86 87 if (err) 88 warn("%s", name); 89 errx(eval, "YP passwd database unchanged"); 90 } 91 92 int 93 yp_init(progname) 94 const char *progname; 95 { 96 int yppwd; 97 98 if (strcmp(progname, "yppasswd") == 0) { 99 yppwd = 1; 100 } else 101 yppwd = 0; 102 yflag = 0; 103 if (_yp_check(NULL) == 0) { 104 /* can't use YP. */ 105 if (yppwd) 106 errx(1, "YP not in use."); 107 return(-1); 108 } 109 return (0); 110 } 111 112 int 113 yp_arg(ch, arg) 114 char ch; 115 const char *arg; 116 { 117 switch (ch) { 118 case 'y': 119 yflag = 1; 120 break; 121 default: 122 return(0); 123 } 124 return(1); 125 } 126 127 int 128 yp_arg_end() 129 { 130 if (yflag) 131 return (PW_USE_FORCE); 132 return (PW_USE); 133 } 134 135 void 136 yp_end() 137 { 138 /* NOOP */ 139 } 140 141 int 142 yp_chpw(username) 143 const char *username; 144 { 145 char *master; 146 int r, rpcport, status; 147 struct yppasswd yppasswd; 148 struct passwd *pw; 149 struct timeval tv; 150 CLIENT *client; 151 152 uid = getuid(); 153 154 /* 155 * Get local domain 156 */ 157 if ((r = yp_get_default_domain(&domain)) != 0) 158 errx(1, "can't get local YP domain. Reason: %s", 159 yperr_string(r)); 160 161 /* 162 * Find the host for the passwd map; it should be running 163 * the daemon. 164 */ 165 if ((r = yp_master(domain, "passwd.byname", &master)) != 0) { 166 warnx("can't find the master YP server. Reason: %s", 167 yperr_string(r)); 168 /* continuation */ 169 return(-1); 170 } 171 172 /* 173 * Ask the portmapper for the port of the daemon. 174 */ 175 if ((rpcport = getrpcport(master, YPPASSWDPROG, 176 YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) { 177 warnx("master YP server not running yppasswd daemon.\n\t%s\n", 178 "Can't change YP password."); 179 /* continuation */ 180 return(-1); 181 } 182 183 /* 184 * Be sure the port is privileged 185 */ 186 if (rpcport >= IPPORT_RESERVED) 187 errx(1, "yppasswd daemon is on an invalid port."); 188 189 /* Bail out if this is a local (non-yp) user, */ 190 /* then get user's login identity */ 191 if (!ypgetpwnam(username) || 192 !(pw = getpwnam(username))) { 193 warnx("YP unknown user %s", username); 194 /* continuation */ 195 return(-1); 196 } 197 198 if (uid && uid != pw->pw_uid) 199 errx(1, "you may only change your own password: %s", 200 strerror(EACCES)); 201 202 /* prompt for new password */ 203 yppasswd.newpw.pw_passwd = getnewpasswd(pw, &yppasswd.oldpass); 204 205 /* tell rpc.yppasswdd */ 206 yppasswd.newpw.pw_name = strdup(pw->pw_name); 207 if (!yppasswd.newpw.pw_name) { 208 err(1, "strdup"); 209 /*NOTREACHED*/ 210 } 211 yppasswd.newpw.pw_uid = pw->pw_uid; 212 yppasswd.newpw.pw_gid = pw->pw_gid; 213 yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos); 214 if (!yppasswd.newpw.pw_gecos) { 215 err(1, "strdup"); 216 /*NOTREACHED*/ 217 } 218 yppasswd.newpw.pw_dir = strdup(pw->pw_dir); 219 if (!yppasswd.newpw.pw_dir) { 220 err(1, "strdup"); 221 /*NOTREACHED*/ 222 } 223 yppasswd.newpw.pw_shell = strdup(pw->pw_shell); 224 if (!yppasswd.newpw.pw_shell) { 225 err(1, "strdup"); 226 /*NOTREACHED*/ 227 } 228 229 client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); 230 if (client == NULL) { 231 warnx("cannot contact yppasswdd on %s: Reason: %s", 232 master, yperr_string(YPERR_YPBIND)); 233 return (YPERR_YPBIND); 234 } 235 236 client->cl_auth = authunix_create_default(); 237 tv.tv_sec = 2; 238 tv.tv_usec = 0; 239 r = clnt_call(client, YPPASSWDPROC_UPDATE, 240 xdr_yppasswd, &yppasswd, xdr_int, &status, tv); 241 if (r) 242 errx(1, "rpc to yppasswdd failed."); 243 else if (status) 244 printf("Couldn't change YP password.\n"); 245 else 246 printf("The YP password has been changed on %s, %s\n", 247 master, "the master YP passwd server."); 248 return(0); 249 } 250 251 static char * 252 getnewpasswd(pw, old_pass) 253 struct passwd *pw; 254 char **old_pass; 255 { 256 int tries; 257 char *p, *t; 258 static char buf[_PASSWORD_LEN+1]; 259 char salt[_PASSWORD_LEN+1]; 260 261 (void)printf("Changing YP password for %s.\n", pw->pw_name); 262 263 if (old_pass) { 264 *old_pass = NULL; 265 266 if (pw->pw_passwd[0]) { 267 if (strcmp(crypt(p = getpass("Old password:"), 268 pw->pw_passwd), pw->pw_passwd)) { 269 (void)printf("Sorry.\n"); 270 pw_error(NULL, 0, 1); 271 } 272 } else { 273 p = ""; 274 } 275 276 *old_pass = strdup(p); 277 if (!*old_pass) { 278 (void)printf("not enough core.\n"); 279 pw_error(NULL, 0, 1); 280 } 281 } 282 for (buf[0] = '\0', tries = 0;;) { 283 p = getpass("New password:"); 284 if (!*p) { 285 (void)printf("Password unchanged.\n"); 286 pw_error(NULL, 0, 0); 287 } 288 if (strlen(p) <= 5 && ++tries < 2) { 289 (void)printf("Please enter a longer password.\n"); 290 continue; 291 } 292 for (t = p; *t && islower(*t); ++t); 293 if (!*t && ++tries < 2) { 294 (void)printf("Please don't use an all-lower case " 295 "password.\nUnusual capitalization, " 296 "control characters or digits are " 297 "suggested.\n"); 298 continue; 299 } 300 (void)strlcpy(buf, p, sizeof(buf)); 301 if (!strcmp(buf, getpass("Retype new password:"))) 302 break; 303 (void)printf("Mismatch; try again, EOF to quit.\n"); 304 } 305 306 if (!pwd_gensalt(salt, _PASSWORD_LEN, pw, 'y' )) { 307 (void)printf("Couldn't generate salt.\n"); 308 pw_error(NULL, 0, 0); 309 } 310 p = strdup(crypt(buf, salt)); 311 if (!p) { 312 (void)printf("not enough core.\n"); 313 pw_error(NULL, 0, 0); 314 } 315 return (p); 316 } 317 318 static int 319 ypgetpwnam(nam) 320 const char *nam; 321 { 322 char *val; 323 int reason, vallen; 324 325 val = NULL; 326 reason = yp_match(domain, "passwd.byname", nam, strlen(nam), 327 &val, &vallen); 328 if (reason != 0) { 329 if (val != NULL) 330 free(val); 331 return 0; 332 } 333 free(val); 334 return 1; 335 } 336 337 #endif /* YP */ 338