ypclnt_passwd.c revision 94577
1/*- 2 * Copyright (c) 2002 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by ThinkSec AS and 6 * NAI Labs, the Security Research Division of Network Associates, Inc. 7 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8 * DARPA CHATS research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote 19 * products derived from this software without specific prior written 20 * permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $FreeBSD: head/lib/libypclnt/ypclnt_passwd.c 94577 2002-04-13 06:57:14Z des $ 35 */ 36 37#include <sys/types.h> 38#include <sys/socket.h> 39#include <netinet/in.h> 40 41#include <err.h> 42#include <errno.h> 43#include <netconfig.h> 44#include <netdb.h> 45#include <pwd.h> 46#include <stdlib.h> 47#include <string.h> 48#include <unistd.h> 49 50#include <rpcsvc/ypclnt.h> 51#include <rpcsvc/yppasswd.h> 52 53#include "ypclnt.h" 54#include "yppasswd_private.h" 55 56static int yppasswd_remote(ypclnt_t *, const struct passwd *, const char *); 57static int yppasswd_local(ypclnt_t *, const struct passwd *, const char *); 58 59int 60ypclnt_passwd(ypclnt_t *ypclnt, const struct passwd *pwd, const char *passwd) 61{ 62 struct addrinfo hints, *res; 63 int sd; 64 65 /* check that rpc.yppasswdd is running */ 66 if (getrpcport(ypclnt->server, YPPASSWDPROG, 67 YPPASSWDPROC_UPDATE, IPPROTO_UDP) == 0) { 68 ypclnt_error(ypclnt, __func__, "no rpc.yppasswdd on server"); 69 return (-1); 70 } 71 72 /* if we're not root, use remote method */ 73 if (getuid() != 0) 74 goto remote; 75 76 /* try to determine if we are the server */ 77 memset(&hints, 0, sizeof(hints)); 78 hints.ai_family = AF_UNSPEC; 79 hints.ai_socktype = SOCK_STREAM; 80 hints.ai_protocol = 0; 81 if (getaddrinfo(ypclnt->server, NULL, &hints, &res) != 0) 82 goto remote; 83 sd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); 84 if (sd == -1) { 85 freeaddrinfo(res); 86 goto remote; 87 } 88 if (bind(sd, res->ai_addr, res->ai_addrlen) == -1) { 89 close(sd); 90 freeaddrinfo(res); 91 goto remote; 92 } 93 freeaddrinfo(res); 94 close(sd); 95 YPCLNT_DEBUG("using local update method"); 96 return (yppasswd_local(ypclnt, pwd, passwd)); 97 remote: 98 YPCLNT_DEBUG("using remote update method"); 99 return (yppasswd_remote(ypclnt, pwd, passwd)); 100} 101 102/* 103 * yppasswd_remote and yppasswd_local are quite similar but still 104 * sufficiently different that merging them into one makes the code 105 * significantly less readable, IMHO, so we keep them separate. 106 */ 107 108static int 109yppasswd_local(ypclnt_t *ypclnt, const struct passwd *pwd, const char *passwd) 110{ 111 struct master_yppasswd yppwd; 112 struct rpc_err rpcerr; 113 struct netconfig *nc = NULL; 114 CLIENT *clnt = NULL; 115 int ret, *result; 116 117 /* fill the master_yppasswd structure */ 118 memset(&yppwd, 0, sizeof yppwd); 119 yppwd.newpw.pw_uid = pwd->pw_uid; 120 yppwd.newpw.pw_gid = pwd->pw_gid; 121 yppwd.newpw.pw_change = pwd->pw_change; 122 yppwd.newpw.pw_expire = pwd->pw_expire; 123 yppwd.newpw.pw_fields = pwd->pw_fields; 124 if ((yppwd.newpw.pw_name = strdup(pwd->pw_name)) == NULL || 125 (yppwd.newpw.pw_passwd = strdup(pwd->pw_passwd)) == NULL || 126 (yppwd.newpw.pw_class = strdup(pwd->pw_class)) == NULL || 127 (yppwd.newpw.pw_gecos = strdup(pwd->pw_gecos)) == NULL || 128 (yppwd.newpw.pw_dir = strdup(pwd->pw_dir)) == NULL || 129 (yppwd.newpw.pw_shell = strdup(pwd->pw_shell)) == NULL || 130 (yppwd.oldpass = strdup(passwd)) == NULL) { 131 ypclnt_error(ypclnt, __func__, strerror(errno)); 132 ret = -1; 133 goto done; 134 } 135 136 /* connect to rpc.yppasswdd */ 137 nc = getnetconfigent("unix"); 138 clnt = clnt_tp_create(ypclnt->server, YPPASSWDPROG, YPPASSWDVERS, nc); 139 if (clnt == NULL) { 140 ypclnt_error(ypclnt, __func__, 141 "failed to connect to rpc.yppasswdd: %s", 142 clnt_spcreateerror(ypclnt->server)); 143 ret = -1; 144 goto done; 145 } 146 clnt->cl_auth = authunix_create_default(); 147 148 /* request the update */ 149 result = yppasswdproc_update_master_1(&yppwd, clnt); 150 151 /* check for RPC errors */ 152 clnt_geterr(clnt, &rpcerr); 153 if (rpcerr.re_status != RPC_SUCCESS) { 154 ypclnt_error(ypclnt, __func__, 155 "NIS password update failed: %s", 156 clnt_sperror(clnt, ypclnt->server)); 157 ret = -1; 158 goto done; 159 } 160 161 /* check the result of the update */ 162 if (result == NULL || *result != 0) { 163 ypclnt_error(ypclnt, __func__, 164 "NIS password update failed"); 165 /* XXX how do we get more details? */ 166 ret = -1; 167 goto done; 168 } 169 170 ypclnt_error(ypclnt, NULL, NULL); 171 ret = 0; 172 173 done: 174 if (clnt != NULL) { 175 auth_destroy(clnt->cl_auth); 176 clnt_destroy(clnt); 177 } 178 if (nc != NULL) 179 freenetconfigent(nc); 180 free(yppwd.newpw.pw_name); 181 free(yppwd.newpw.pw_passwd); 182 free(yppwd.newpw.pw_class); 183 free(yppwd.newpw.pw_gecos); 184 free(yppwd.newpw.pw_dir); 185 free(yppwd.newpw.pw_shell); 186 if (yppwd.oldpass != NULL) { 187 memset(yppwd.oldpass, 0, strlen(yppwd.oldpass)); 188 free(yppwd.oldpass); 189 } 190 return (ret); 191} 192 193static int 194yppasswd_remote(ypclnt_t *ypclnt, const struct passwd *pwd, const char *passwd) 195{ 196 struct yppasswd yppwd; 197 struct rpc_err rpcerr; 198 CLIENT *clnt = NULL; 199 int ret, *result; 200 201 /* fill the yppasswd structure */ 202 memset(&yppwd, 0, sizeof yppwd); 203 yppwd.newpw.pw_uid = pwd->pw_uid; 204 yppwd.newpw.pw_gid = pwd->pw_gid; 205 if ((yppwd.newpw.pw_name = strdup(pwd->pw_name)) == NULL || 206 (yppwd.newpw.pw_passwd = strdup(pwd->pw_passwd)) == NULL || 207 (yppwd.newpw.pw_gecos = strdup(pwd->pw_gecos)) == NULL || 208 (yppwd.newpw.pw_dir = strdup(pwd->pw_dir)) == NULL || 209 (yppwd.newpw.pw_shell = strdup(pwd->pw_shell)) == NULL || 210 (yppwd.oldpass = strdup(passwd)) == NULL) { 211 ypclnt_error(ypclnt, __func__, strerror(errno)); 212 ret = -1; 213 goto done; 214 } 215 216 /* connect to rpc.yppasswdd */ 217 clnt = clnt_create(ypclnt->server, YPPASSWDPROG, YPPASSWDVERS, "udp"); 218 if (clnt == NULL) { 219 ypclnt_error(ypclnt, __func__, 220 "failed to connect to rpc.yppasswdd: %s", 221 clnt_spcreateerror(ypclnt->server)); 222 ret = -1; 223 goto done; 224 } 225 clnt->cl_auth = authunix_create_default(); 226 227 /* request the update */ 228 result = yppasswdproc_update_1(&yppwd, clnt); 229 230 /* check for RPC errors */ 231 clnt_geterr(clnt, &rpcerr); 232 if (rpcerr.re_status != RPC_SUCCESS) { 233 ypclnt_error(ypclnt, __func__, 234 "NIS password update failed: %s", 235 clnt_sperror(clnt, ypclnt->server)); 236 ret = -1; 237 goto done; 238 } 239 240 /* check the result of the update */ 241 if (result == NULL || *result != 0) { 242 ypclnt_error(ypclnt, __func__, 243 "NIS password update failed"); 244 /* XXX how do we get more details? */ 245 ret = -1; 246 goto done; 247 } 248 249 ypclnt_error(ypclnt, NULL, NULL); 250 ret = 0; 251 252 done: 253 if (clnt != NULL) { 254 auth_destroy(clnt->cl_auth); 255 clnt_destroy(clnt); 256 } 257 free(yppwd.newpw.pw_name); 258 free(yppwd.newpw.pw_passwd); 259 free(yppwd.newpw.pw_gecos); 260 free(yppwd.newpw.pw_dir); 261 free(yppwd.newpw.pw_shell); 262 if (yppwd.oldpass != NULL) { 263 memset(yppwd.oldpass, 0, strlen(yppwd.oldpass)); 264 free(yppwd.oldpass); 265 } 266 return (ret); 267} 268