xref: /netbsd/usr.bin/passwd/yp_passwd.c (revision c4a72b64) 
1 /*	$NetBSD: yp_passwd.c,v 1.26 2002/11/16 15:59:28 itojun Exp $	*/
2 
3 /*
4  * Copyright (c) 1988, 1990, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. All advertising materials mentioning features or use of this software
16  *    must display the following acknowledgement:
17  *	This product includes software developed by the University of
18  *	California, Berkeley and its contributors.
19  * 4. Neither the name of the University nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include <sys/cdefs.h>
37 #ifndef lint
38 #if 0
39 static char sccsid[] = "from:  @(#)local_passwd.c    8.3 (Berkeley) 4/2/94";
40 #else
41 __RCSID("$NetBSD: yp_passwd.c,v 1.26 2002/11/16 15:59:28 itojun Exp $");
42 #endif
43 #endif /* not lint */
44 
45 #ifdef	YP
46 
47 #include <ctype.h>
48 #include <err.h>
49 #include <errno.h>
50 #include <netdb.h>
51 #include <pwd.h>
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <string.h>
55 #include <time.h>
56 #include <unistd.h>
57 
58 #include <rpc/rpc.h>
59 #include <rpcsvc/yp_prot.h>
60 #include <rpcsvc/ypclnt.h>
61 
62 #include "extern.h"
63 
64 #define passwd yp_passwd_rec
65 #include <rpcsvc/yppasswd.h>
66 #undef passwd
67 
68 #ifndef _PASSWORD_LEN
69 #define _PASSWORD_LEN PASS_MAX
70 #endif
71 
72 static	int yflag;
73 
74 static	char		*getnewpasswd __P((struct passwd *, char **));
75 static	int		 ypgetpwnam __P((const char *));
76 static	void		 pw_error __P((char *, int, int));
77 
78 static uid_t uid;
79 char *domain;
80 
81 static void
82 pw_error(name, err, eval)
83 	char *name;
84 	int err, eval;
85 {
86 
87 	if (err)
88 		warn("%s", name);
89 	errx(eval, "YP passwd database unchanged");
90 }
91 
92 int
93 yp_init(progname)
94 	const char *progname;
95 {
96 	int yppwd;
97 
98 	if (strcmp(progname, "yppasswd") == 0) {
99 		yppwd = 1;
100 	} else
101 		yppwd = 0;
102 	yflag = 0;
103 	if (_yp_check(NULL) == 0) {
104 		/* can't use YP. */
105 		if (yppwd)
106 			errx(1, "YP not in use.");
107 		return(-1);
108 	}
109 	return (0);
110 }
111 
112 int
113 yp_arg(ch, arg)
114 	char ch;
115 	const char *arg;
116 {
117 	switch (ch) {
118 	case 'y':
119 		yflag = 1;
120 		break;
121 	default:
122 		return(0);
123 	}
124 	return(1);
125 }
126 
127 int
128 yp_arg_end()
129 {
130 	if (yflag)
131 		return (PW_USE_FORCE);
132 	return (PW_USE);
133 }
134 
135 void
136 yp_end()
137 {
138 	/* NOOP */
139 }
140 
141 int
142 yp_chpw(username)
143 	const char *username;
144 {
145 	char *master;
146 	int r, rpcport, status;
147 	struct yppasswd yppasswd;
148 	struct passwd *pw;
149 	struct timeval tv;
150 	CLIENT *client;
151 
152 	uid = getuid();
153 
154 	/*
155 	 * Get local domain
156 	 */
157 	if ((r = yp_get_default_domain(&domain)) != 0)
158 		errx(1, "can't get local YP domain.  Reason: %s",
159 		    yperr_string(r));
160 
161 	/*
162 	 * Find the host for the passwd map; it should be running
163 	 * the daemon.
164 	 */
165 	if ((r = yp_master(domain, "passwd.byname", &master)) != 0) {
166 		warnx("can't find the master YP server.  Reason: %s",
167 		    yperr_string(r));
168 		/* continuation */
169 		return(-1);
170 	}
171 
172 	/*
173 	 * Ask the portmapper for the port of the daemon.
174 	 */
175 	if ((rpcport = getrpcport(master, YPPASSWDPROG,
176 	    YPPASSWDPROC_UPDATE, IPPROTO_UDP)) == 0) {
177 		warnx("master YP server not running yppasswd daemon.\n\t%s\n",
178 		    "Can't change YP password.");
179 		/* continuation */
180 		return(-1);
181 	}
182 
183 	/*
184 	 * Be sure the port is privileged
185 	 */
186 	if (rpcport >= IPPORT_RESERVED)
187 		errx(1, "yppasswd daemon is on an invalid port.");
188 
189 	/* Bail out if this is a local (non-yp) user, */
190 	/* then get user's login identity */
191 	if (!ypgetpwnam(username) ||
192 	    !(pw = getpwnam(username))) {
193 		warnx("YP unknown user %s", username);
194 		/* continuation */
195 		return(-1);
196 	}
197 
198 	if (uid && uid != pw->pw_uid)
199 		errx(1, "you may only change your own password: %s",
200 		    strerror(EACCES));
201 
202 	/* prompt for new password */
203 	yppasswd.newpw.pw_passwd = getnewpasswd(pw, &yppasswd.oldpass);
204 
205 	/* tell rpc.yppasswdd */
206 	yppasswd.newpw.pw_name	= strdup(pw->pw_name);
207 	if (!yppasswd.newpw.pw_name) {
208 		err(1, "strdup");
209 		/*NOTREACHED*/
210 	}
211 	yppasswd.newpw.pw_uid 	= pw->pw_uid;
212 	yppasswd.newpw.pw_gid	= pw->pw_gid;
213 	yppasswd.newpw.pw_gecos = strdup(pw->pw_gecos);
214 	if (!yppasswd.newpw.pw_gecos) {
215 		err(1, "strdup");
216 		/*NOTREACHED*/
217 	}
218 	yppasswd.newpw.pw_dir	= strdup(pw->pw_dir);
219 	if (!yppasswd.newpw.pw_dir) {
220 		err(1, "strdup");
221 		/*NOTREACHED*/
222 	}
223 	yppasswd.newpw.pw_shell	= strdup(pw->pw_shell);
224 	if (!yppasswd.newpw.pw_shell) {
225 		err(1, "strdup");
226 		/*NOTREACHED*/
227 	}
228 
229 	client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
230 	if (client == NULL) {
231 		warnx("cannot contact yppasswdd on %s:  Reason: %s",
232 		    master, yperr_string(YPERR_YPBIND));
233 		return (YPERR_YPBIND);
234 	}
235 
236 	client->cl_auth = authunix_create_default();
237 	tv.tv_sec = 2;
238 	tv.tv_usec = 0;
239 	r = clnt_call(client, YPPASSWDPROC_UPDATE,
240 	    xdr_yppasswd, &yppasswd, xdr_int, &status, tv);
241 	if (r)
242 		errx(1, "rpc to yppasswdd failed.");
243 	else if (status)
244 		printf("Couldn't change YP password.\n");
245 	else
246 		printf("The YP password has been changed on %s, %s\n",
247 		    master, "the master YP passwd server.");
248 	return(0);
249 }
250 
251 static char *
252 getnewpasswd(pw, old_pass)
253 	struct passwd *pw;
254 	char **old_pass;
255 {
256 	int tries;
257 	char *p, *t;
258 	static char buf[_PASSWORD_LEN+1];
259 	char salt[_PASSWORD_LEN+1];
260 
261 	(void)printf("Changing YP password for %s.\n", pw->pw_name);
262 
263 	if (old_pass) {
264 		*old_pass = NULL;
265 
266 		if (pw->pw_passwd[0]) {
267 			if (strcmp(crypt(p = getpass("Old password:"),
268 					 pw->pw_passwd),  pw->pw_passwd)) {
269 				(void)printf("Sorry.\n");
270 				pw_error(NULL, 0, 1);
271 			}
272 		} else {
273 			p = "";
274 		}
275 
276 		*old_pass = strdup(p);
277 		if (!*old_pass) {
278 			(void)printf("not enough core.\n");
279 			pw_error(NULL, 0, 1);
280 		}
281 	}
282 	for (buf[0] = '\0', tries = 0;;) {
283 		p = getpass("New password:");
284 		if (!*p) {
285 			(void)printf("Password unchanged.\n");
286 			pw_error(NULL, 0, 0);
287 		}
288 		if (strlen(p) <= 5 && ++tries < 2) {
289 			(void)printf("Please enter a longer password.\n");
290 			continue;
291 		}
292 		for (t = p; *t && islower(*t); ++t);
293 		if (!*t && ++tries < 2) {
294 			(void)printf("Please don't use an all-lower case "
295 				     "password.\nUnusual capitalization, "
296 				     "control characters or digits are "
297 				     "suggested.\n");
298 			continue;
299 		}
300 		(void)strlcpy(buf, p, sizeof(buf));
301 		if (!strcmp(buf, getpass("Retype new password:")))
302 			break;
303 		(void)printf("Mismatch; try again, EOF to quit.\n");
304 	}
305 
306 	if (!pwd_gensalt(salt, _PASSWORD_LEN, pw, 'y' )) {
307 		(void)printf("Couldn't generate salt.\n");
308 		pw_error(NULL, 0, 0);
309 	}
310 	p = strdup(crypt(buf, salt));
311 	if (!p) {
312 		(void)printf("not enough core.\n");
313 		pw_error(NULL, 0, 0);
314 	}
315 	return (p);
316 }
317 
318 static int
319 ypgetpwnam(nam)
320 	const char *nam;
321 {
322 	char *val;
323 	int reason, vallen;
324 
325 	val = NULL;
326 	reason = yp_match(domain, "passwd.byname", nam, strlen(nam),
327 			  &val, &vallen);
328 	if (reason != 0) {
329 		if (val != NULL)
330 			free(val);
331 		return 0;
332 	}
333 	free(val);
334 	return 1;
335 }
336 
337 #endif	/* YP */
338