diff options
| author | wpaul <wpaul@FreeBSD.org> | 1995-07-19 17:44:41 +0000 |
|---|---|---|
| committer | wpaul <wpaul@FreeBSD.org> | 1995-07-19 17:44:41 +0000 |
| commit | c0d9518d8d7b44a78afdb06a3e0e8dde2f3f5ccc (patch) | |
| tree | 0e8b5c5f019c3e16d37f9efd70bcb83b7b6a7a0a /gnu/usr.sbin | |
| parent | daa31af2a2324690b090f637f42a405ab31584af (diff) | |
| download | FreeBSD-src-c0d9518d8d7b44a78afdb06a3e0e8dde2f3f5ccc.zip FreeBSD-src-c0d9518d8d7b44a78afdb06a3e0e8dde2f3f5ccc.tar.gz | |
Updates, fixes and cleanups -- oh my.
In ypserv:
yp_svc.c:
- small signal handler tweak (hopefully the last): just use sigemptyset()
to clear sa_mask.
Makefile.yp:
- Let the user specify the location of master.passwd when updating
maps (e.g. make MASTER_PASSWD=/some/path/to/master.passwd). Editing
the file to change the location of master.passwd still works. This
is mostly to let yppassswdd specify the name of the master.passwd
file itself.
In yppasswdd:
yppasswdd.c:
- Roll in some minor changes (mostly casts) from Olaf Kirch's latest
yppasswd package release (version 0.7).
- Use daemon() instead of doing all the deamonizing gruntwork ourselves.
- Call pw_init() after daemonizing ourselves. pw_init() sets up some
resource limits and blocks some signals for us. We used to do this before
every password change, but there's really no point in calling it more
than once during the life of the program.
- Change install_reaper() so that we can use it to de-install the SIGCHLD
handler if we need to (and we do in pw_mkdb() -- this is what I get for
splicing code from two different programs together).
- Use sigemptyset(&act.sa_mask) rather than act.sa_mask = 0: the latter is
decidedly non-portable. (In IRIX, HP-UX and Solaris, sigset_t is an
array of longs, not an int.)
update.c:
- Roll in change from new version (check that we're not modifying an NIS
entry in validate_args()).
- Get rid of call to pw_init() (moved to yppasswdd.c).
- Check return values from pw_util routines and return error status to
yppasswd clients if there's a problem.
- Straighten out password file copying mechanism a little. Keep a grip
on the original password file rather than summarily overwriting it so
that we can restore everything if we fail to fork() a process to update
the NIS maps.
- Pass the name of the password template file (specified with -m or
/etc/master.passwd by default) to the yppwupdate script, which in
turn should now pass it to /var/yp/Makefile.
pw_util.c:
- Nuke the pw_edit() and pw_prompt() functions -- we don't need them.
- Change all warn()s, warnx()s and err()s to syslog()s.
- Make sure we return error status to caller rather than bailing out
in pw_lock() and pw_tmp().
- Don't block SIGTERM in pw_init() (by ignoring SIGTERM, we prevent
yppasswdd from being shut down cleanly).
- Don't let pw_error() exit. (This stuff was stolen from chpass and vipw
which are interactive programs; it's okay to let pw_error() bail out
for these programs, but not in a daemon like yppasswdd).
- Fix signal handling in pw_mkdb (we need to temporarily de-install the
SIGCHLD handler so that we can wait on the pwd_mkdb child ourselves).
pw_copy.c:
- Change all warn()s, warnx()s and err()s to syslog()s.
- Add a bunch of returns() and make pw_copy() return and int ( 0 on success,
-1 on failure) so that update.c can flag errors properly.
- Return -1 after calling pw_error() to signal failures rather than
relying on pw_error() to bail out.
- Abort copying if we discover that we've been asked to change an entry
for a user that exists in the NIS passwd maps but not in the master.passwd
template file. This can happen if the passwd maps and the template file
fall out of sync with each other (or if somebody tries to spoof
us). The old behavior was to create add the entry to the password file,
which yppasswdd should not do under any circumstances.
Makefile:
- update VERSION to 0.7
yppasswdd.8:
- fix typo (forgot a carriage return somewhere)
- remove bogus reference to pwunconv(8) which FreeBSD doesn't have.
- bump version from 0.5 to 0.7
- Reflect changes in password file handling.
yppwupdate:
- Log map rebuilds to /var/yp/ypupdate.log.
- Pass the name of the template password file to /var/yp/Makefile as
$MASTER_PASSWD.
Diffstat (limited to 'gnu/usr.sbin')
| -rw-r--r-- | gnu/usr.sbin/yppasswdd/Makefile | 4 | ||||
| -rw-r--r-- | gnu/usr.sbin/yppasswdd/pw_copy.c | 39 | ||||
| -rw-r--r-- | gnu/usr.sbin/yppasswdd/pw_util.c | 96 | ||||
| -rw-r--r-- | gnu/usr.sbin/yppasswdd/update.c | 74 | ||||
| -rw-r--r-- | gnu/usr.sbin/yppasswdd/yppasswdd.8 | 14 | ||||
| -rw-r--r-- | gnu/usr.sbin/yppasswdd/yppasswdd.c | 66 | ||||
| -rw-r--r-- | gnu/usr.sbin/yppasswdd/yppwupdate | 22 | ||||
| -rw-r--r-- | gnu/usr.sbin/ypserv/Makefile.yp | 31 | ||||
| -rw-r--r-- | gnu/usr.sbin/ypserv/yp_svc.c | 3 |
9 files changed, 206 insertions, 143 deletions
diff --git a/gnu/usr.sbin/yppasswdd/Makefile b/gnu/usr.sbin/yppasswdd/Makefile index 79524ee..b2109f6 100644 --- a/gnu/usr.sbin/yppasswdd/Makefile +++ b/gnu/usr.sbin/yppasswdd/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.4 1995/02/15 04:35:55 wpaul Exp $ +# $Id: Makefile,v 1.5 1995/04/01 19:23:11 wpaul Exp $ # @(#)Makefile 8.3 (Berkeley) 4/2/94 PROG= yppasswdd @@ -9,7 +9,7 @@ SRCS= yppasswdd.c update.c pw_copy.c pw_util.c LDADD= -lcrypt -lrpcsvc CFLAGS+=-DCRYPT -I${.CURDIR} -I${.CURDIR}/../../../usr.sbin/vipw \ -I${.CURDIR}/../../../usr.bin/chpass -CFLAGS+=-DVERSION=\"0.5\" -DYPLIBDIR=\"/usr/libexec\" -D_GNU_SOURCE +CFLAGS+=-DVERSION=\"0.7\" -DYPLIBDIR=\"/usr/libexec\" -D_GNU_SOURCE afterinstall: install -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \ diff --git a/gnu/usr.sbin/yppasswdd/pw_copy.c b/gnu/usr.sbin/yppasswdd/pw_copy.c index 8eea0cd..df857e3 100644 --- a/gnu/usr.sbin/yppasswdd/pw_copy.c +++ b/gnu/usr.sbin/yppasswdd/pw_copy.c @@ -44,14 +44,16 @@ static char sccsid[] = "@(#)pw_copy.c 8.4 (Berkeley) 4/2/94"; #include <pwd.h> #include <stdio.h> #include <string.h> +#include <syslog.h> #include <pw_util.h> -#include "pw_copy.h" + +int pw_copy __P((int, int, struct passwd *)); extern char *tempname; extern char *passfile; -void +int pw_copy(ffd, tfd, pw) int ffd, tfd; struct passwd *pw; @@ -60,15 +62,19 @@ pw_copy(ffd, tfd, pw) int done; char *p, buf[8192]; - if (!(from = fdopen(ffd, "r"))) + if (!(from = fdopen(ffd, "r"))) { pw_error(passfile, 1, 1); - if (!(to = fdopen(tfd, "w"))) + return(-1); + } + if (!(to = fdopen(tfd, "w"))) { pw_error(tempname, 1, 1); - + return(-1); + } for (done = 0; fgets(buf, sizeof(buf), from);) { if (!strchr(buf, '\n')) { - warnx("%s: line too long", passfile); + syslog(LOG_ERR, "%s: line too long", passfile); pw_error(NULL, 0, 1); + goto err; } if (done) { (void)fprintf(to, "%s", buf); @@ -77,8 +83,9 @@ pw_copy(ffd, tfd, pw) continue; } if (!(p = strchr(buf, ':'))) { - warnx("%s: corrupted entry", passfile); + syslog(LOG_ERR, "%s: corrupted entry", passfile); pw_error(NULL, 0, 1); + goto err; } *p = '\0'; if (strcmp(buf, pw->pw_name)) { @@ -96,13 +103,17 @@ pw_copy(ffd, tfd, pw) if (ferror(to)) goto err; } - if (!done) - (void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n", - pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid, - pw->pw_class, pw->pw_change, pw->pw_expire, pw->pw_gecos, - pw->pw_dir, pw->pw_shell); - - if (ferror(to)) + if (!done) { + syslog(LOG_ERR, "user \"%s\" not found in %s -- NIS maps and password file possibly out of sync", pw->pw_name, passfile); + goto err; + } + if (ferror(to)) { err: pw_error(NULL, 1, 1); + (void)fclose(to); + (void)fclose(from); + return(-1); + } (void)fclose(to); + (void)fclose(from); + return(0); } diff --git a/gnu/usr.sbin/yppasswdd/pw_util.c b/gnu/usr.sbin/yppasswdd/pw_util.c index 45e3b9d..4ab3ce8 100644 --- a/gnu/usr.sbin/yppasswdd/pw_util.c +++ b/gnu/usr.sbin/yppasswdd/pw_util.c @@ -56,11 +56,16 @@ static char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <syslog.h> -#include "pw_util.h" +#include <pw_util.h> +extern void reaper __P((int)); +extern void install_reaper __P((int)); extern char *tempname; extern char *passfile; +int pstat; +pid_t pid; void pw_init() @@ -85,7 +90,6 @@ pw_init() (void)signal(SIGINT, SIG_IGN); (void)signal(SIGPIPE, SIG_IGN); (void)signal(SIGQUIT, SIG_IGN); - (void)signal(SIGTERM, SIG_IGN); (void)signal(SIGTSTP, SIG_IGN); (void)signal(SIGTTOU, SIG_IGN); @@ -105,10 +109,14 @@ pw_lock() * Open should allow flock'ing the file; see 4.4BSD. XXX */ lockfd = open(passfile, O_RDONLY, 0); - if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) - err(1, "%s", passfile); - if (flock(lockfd, LOCK_EX|LOCK_NB)) - errx(1, "the password db file is busy"); + if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) { + syslog(LOG_NOTICE, "%s: %s", passfile, strerror(errno)); + return (-1); + } + if (flock(lockfd, LOCK_EX|LOCK_NB)) { + syslog(LOG_NOTICE, "%s: the password db file is busy", passfile); + return(-1); + } return (lockfd); } @@ -120,13 +128,15 @@ pw_tmp() char *p; sprintf(path,"%s",passfile); - if (p = strrchr(path, '/')) + if ((p = strrchr(path, '/'))) ++p; else p = path; strcpy(p, "pw.XXXXXX"); - if ((fd = mkstemp(path)) == -1) - err(1, "%s", path); + if ((fd = mkstemp(path)) == -1) { + syslog(LOG_ERR, "%s: %s", path, strerror(errno)); + return(-1); + } tempname = path; return (fd); } @@ -134,62 +144,25 @@ pw_tmp() int pw_mkdb() { - int pstat; - pid_t pid; - warnx("rebuilding the database..."); + syslog(LOG_NOTICE, "rebuilding the database..."); (void)fflush(stderr); + /* Temporarily turn off SIGCHLD catching */ + install_reaper(0); if (!(pid = vfork())) { execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", tempname, NULL); pw_error(_PATH_PWD_MKDB, 1, 1); + return(-1); } - pid = waitpid(pid, &pstat, 0); - if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) - return (0); - warnx("done"); - return (1); -} - -void -pw_edit(notsetuid) - int notsetuid; -{ - int pstat; - pid_t pid; - char *p, *editor; - - if (!(editor = getenv("EDITOR"))) - editor = _PATH_VI; - if (p = strrchr(editor, '/')) - ++p; - else - p = editor; - - if (!(pid = vfork())) { - if (notsetuid) { - (void)setgid(getgid()); - (void)setuid(getuid()); - } - execlp(editor, p, tempname, NULL); - _exit(1); + /* Handle this ourselves. */ + reaper(SIGCHLD); + /* Put the handler back. Foo. */ + install_reaper(1); + if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) { + return (-1); } - pid = waitpid(pid, (int *)&pstat, 0); - if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) - pw_error(editor, 1, 1); -} - -void -pw_prompt() -{ - int c; - - (void)printf("re-edit the password file? [y]: "); - (void)fflush(stdout); - c = getchar(); - if (c != EOF && c != '\n') - while (getchar() != '\n'); - if (c == 'n') - pw_error(NULL, 0, 0); + syslog(LOG_NOTICE, "done"); + return (0); } void @@ -197,10 +170,9 @@ pw_error(name, err, eval) char *name; int err, eval; { - if (err) - warn(name); + if (err && name != NULL) + syslog(LOG_ERR, "%s", name); - warnx("%s: unchanged", passfile); + syslog(LOG_NOTICE,"%s: unchanged", passfile); (void)unlink(tempname); - exit(eval); } diff --git a/gnu/usr.sbin/yppasswdd/update.c b/gnu/usr.sbin/yppasswdd/update.c index 0bb48a1..a8b4f20 100644 --- a/gnu/usr.sbin/yppasswdd/update.c +++ b/gnu/usr.sbin/yppasswdd/update.c @@ -10,6 +10,7 @@ #include <sys/types.h> #include <sys/errno.h> #include <sys/stat.h> +#include <sys/param.h> #include <netinet/in.h> #include <arpa/inet.h> #include <fcntl.h> @@ -28,6 +29,11 @@ char *tempname, *passfile; extern int *allow_chfn, *allow_chsh; +extern int pid; +extern int pw_copy __P((int, int, struct passwd *)); +extern int pw_lock __P((void)); +extern int pw_mkdb __P((void)); +extern int pw_tmp __P((void)); #define xprt_addr(xprt) (svc_getcaller(xprt)->sin_addr) #define xprt_port(xprt) ntohs(svc_getcaller(xprt)->sin_port) @@ -48,6 +54,11 @@ validate_string(char *str) static int validate_args(struct xpasswd *pw) { + if (pw->pw_name[0] == '-' || pw->pw_name[0] == '+') { + syslog(LOG_ALERT, "attempt to modify NIS passwd entry \"%s\"", + pw->pw_name); + } + return validate_string(pw->pw_passwd) && validate_string(pw->pw_shell) && validate_string(pw->pw_gecos); @@ -64,7 +75,9 @@ yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp) int chsh = 0, chfn = 0; static int res; char logbuf[255]; - int pfd, tfd, c; + int pfd, tfd; + char *passfile_hold; + char template[] = "/tmp/yppwtmp.XXXXX"; newpw = &yppw->newpw; res = 1; @@ -81,10 +94,6 @@ yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp) return &res; } - pw_init(); - pfd = pw_lock(); - tfd = pw_tmp(); - /* Check if the user exists */ if (!(pw = getpwnam(yppw->newpw.pw_name))) { @@ -104,6 +113,7 @@ yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp) /* set the new passwd, shell, and full name */ + pw->pw_change = 0; pw->pw_passwd = newpw->pw_passwd; if (allow_chsh) { @@ -116,40 +126,70 @@ yppasswdproc_pwupdate_1(yppasswd *yppw, struct svc_req *rqstp) pw->pw_gecos = newpw->pw_gecos; } - pw->pw_change = 0; - pw_copy(pfd, tfd, pw); + /* + * Bail if locking the password file or temp file creation fails. + * (These operations should log their own failure messages if need be, + * so we don't have to log their failures here.) + */ + if ((pfd = pw_lock()) < 0) + return &res; + if ((tfd = pw_tmp()) < 0) + return &res; + + /* Placeholder in case we need to put the old password file back. */ + passfile_hold = mktemp((char *)&template); + + /* + * Copy the password file to the temp file, + * inserting new passwd entry along the way. + */ + if (pw_copy(pfd, tfd, pw) < 0) { + syslog(LOG_ERR, "%s > %s: copy failed. Cleaning up.", + tempname, passfile); + unlink(tempname); + return (&res); + } + + rename(passfile, passfile_hold); if (strcmp(passfile, _PATH_MASTERPASSWD)) { - close(pfd); - close(tfd); - rename(tempname,passfile); + rename(tempname, passfile); } else - if (pw_mkdb()) { - syslog ( LOG_WARNING, "%s failed to rebuild password database", logbuf ); + if (pw_mkdb() < 0) { + syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf ); return(&res); } /* Fork off process to rebuild NIS passwd.* maps. If the fork * fails, restore old passwd file and return an error. */ - if ((c = fork()) < 0) { + if ((pid = fork()) < 0) { syslog( LOG_ERR, "%s failed", logbuf ); syslog( LOG_ERR, "Couldn't fork map update process: %m" ); + unlink(passfile); + rename(passfile_hold, passfile); + if (!strcmp(passfile, _PATH_MASTERPASSWD)) + if (pw_mkdb()) { + syslog (LOG_WARNING, "%s failed to rebuild password database", logbuf ); + return(&res); + } + return (&res); } - if (c == 0) { - execlp(MAP_UPDATE_PATH, MAP_UPDATE, NULL); + if (pid == 0) { + unlink(passfile_hold); + execlp(MAP_UPDATE_PATH, MAP_UPDATE, passfile, NULL); syslog( LOG_ERR, "Error: couldn't exec map update process: %m" ); exit(1); } - syslog ( LOG_INFO, "%s successful. Password changed.", logbuf ); + syslog (LOG_INFO, "%s successful. Password changed.", logbuf ); if (chsh || chfn) { syslog ( LOG_INFO, "Shell %schanged (%s), GECOS %schanged (%s).", chsh? "" : "un", newpw->pw_shell, chfn? "" : "un", newpw->pw_gecos ); } - res = 0; + res = 0; return (&res); } diff --git a/gnu/usr.sbin/yppasswdd/yppasswdd.8 b/gnu/usr.sbin/yppasswdd/yppasswdd.8 index 53ac85a..1a47ad1 100644 --- a/gnu/usr.sbin/yppasswdd/yppasswdd.8 +++ b/gnu/usr.sbin/yppasswdd/yppasswdd.8 @@ -39,7 +39,8 @@ After updating the .Nm master.passwd file and returning a success notifications to the client, -.Nm yppasswdd executes the +.Nm yppasswdd +executes the .Nm yppwupdate script that updates the NIS server's .Nm master.passwd.* @@ -62,9 +63,13 @@ password maps. This file is normally kept in (it must be owned by root and not world readable for security reasons). If you move it somewhere else you'll have to tell yppasswdd using the .Fl m -option. (You'll have to change the location of master.passwd specified in +option. The location of this file is also passed to +.Nm /var/yp/Makefile +when time comes to rebuild the NIS password maps. It is recommended, +however, that you edit .Nm /var/yp/Makefile -as well.) When the server is ready to change +to reflect the new location as well. +When the server is ready to change a password database entry, it will modify master.passwd, then call the yppwupdate script, which will in turn call .Nm /var/yp/Makefile. @@ -118,7 +123,7 @@ IP address and the user name and UID contained in the request. The user-supplied password itself is not logged. .Ss Security Unless I've screwed up completely (as I did with versions prior to -version 0.5), +version 0.7), .Nm yppasswdd should be as secure or insecure as any program relying on simple password authentication. If you feel that @@ -176,7 +181,6 @@ option isn't supplied) .Xr passwd 5 , .Xr passwd 1 , .Xr portmap 8 , -.Xr pwunconv 8 , .Xr yppasswd 1 , .Xr ypchsh 1 , .Xr ypchfn 1 , diff --git a/gnu/usr.sbin/yppasswdd/yppasswdd.c b/gnu/usr.sbin/yppasswdd/yppasswdd.c index 5d350a4..b69333e 100644 --- a/gnu/usr.sbin/yppasswdd/yppasswdd.c +++ b/gnu/usr.sbin/yppasswdd/yppasswdd.c @@ -27,6 +27,7 @@ #include "yppasswd.h" extern char *optarg; +extern void pw_init __P((void)); static char *program_name = ""; static char *version = "yppsswdd " VERSION; char *passfile = _PATH_MASTERPASSWD; @@ -46,18 +47,18 @@ yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp) union { yppasswd yppasswdproc_update_1_arg; } argument; - char *result; - bool_t (*xdr_argument)(), (*xdr_result)(); + char *result; + xdrproc_t xdr_argument, xdr_result; char *(*local)(); switch (rqstp->rq_proc) { case NULLPROC: - (void)svc_sendreply(transp, xdr_void, (char *)NULL); + (void)svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL); return; case YPPASSWDPROC_UPDATE: - xdr_argument = xdr_yppasswd; - xdr_result = xdr_int; + xdr_argument = (xdrproc_t) xdr_yppasswd; + xdr_result = (xdrproc_t) xdr_int; local = (char *(*)()) yppasswdproc_pwupdate_1; break; @@ -71,7 +72,8 @@ yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp) return; } result = (*local)(&argument, rqstp); - if (result != NULL && !svc_sendreply(transp, xdr_result, result)) { + if (result != NULL + && !svc_sendreply(transp, (xdrproc_t)xdr_result, result)) { svcerr_systemerr(transp); } if (!svc_freeargs(transp, xdr_argument, &argument)) { @@ -90,17 +92,26 @@ usage(FILE *fp, int n) void reaper( int sig ) { - wait(NULL); + extern pid_t pid; + extern int pstat; + + pid = waitpid(pid, &pstat, 0); } void -install_reaper( void ) +install_reaper( int on ) { struct sigaction act, oact; - act.sa_handler = reaper; - act.sa_mask = 0; - act.sa_flags = SA_RESTART; + if (on) { + act.sa_handler = reaper; + sigemptyset(&act.sa_mask); + act.sa_flags = SA_RESTART; + } else { + act.sa_handler = SIG_DFL; + sigemptyset(&act.sa_mask); + act.sa_flags = SA_RESTART; + } sigaction( SIGCHLD, &act, &oact ); } @@ -144,27 +155,16 @@ main(int argc, char **argv) usage(stderr, 1); } -#ifndef RPC_SVC_FG - /* We first fork off a child. */ - if ((c = fork()) > 0) - exit(0); - if (c < 0) { - fprintf(stderr, "yppasswdd: cannot fork: %s\n", strerror(errno)); - exit(-1); - } - /* Now we remove ourselves from the foreground. */ - (void) close(0); - (void) close(1); - (void) close(2); -#ifdef TIOCNOTTY - if ((c = open("/dev/tty", O_RDWR)) >= 0) { - (void) ioctl(c, TIOCNOTTY, (char *) NULL); - (void) close(c); - } -#else - setsid(); -#endif -#endif /* not RPC_SVC_FG */ + if (daemon(0,0)) { + perror("fork"); + exit(1); + } + + /* + * We can call this here since it does some necessary setup + * for us (blocking signals, setting resourse limits, etc. + */ + pw_init(); /* Initialize logging. */ @@ -172,7 +172,7 @@ main(int argc, char **argv) /* Register a signal handler to reap children after they terminated */ - install_reaper(); + install_reaper(1); /* * Create the RPC server diff --git a/gnu/usr.sbin/yppasswdd/yppwupdate b/gnu/usr.sbin/yppasswdd/yppwupdate index 7b699c1..64bd9ef 100644 --- a/gnu/usr.sbin/yppasswdd/yppwupdate +++ b/gnu/usr.sbin/yppasswdd/yppwupdate @@ -2,6 +2,26 @@ # # This script is invoked by yppasswdd to update the password # maps after the master password file has been modified. +# Comment out the LOG=yes line to disable logging. +# + +LOG=yes +LOGFILE=/var/yp/ypupdate.log umask 077 -cd /var/yp; /usr/bin/make + +if [ ! -f $LOGFILE ]; +then + /usr/bin/touch $LOGFILE + echo "# Edit /usr/libexec/yppwupdate to disable" >> $LOGFILE + echo "# logging to this file from yppasswdd." >> $LOGFILE + echo -n "# Log started on: " >> $LOGFILE + /bin/date >> $LOGFILE +fi + +if [ ! $LOG ]; +then + cd /var/yp; /usr/bin/make MASTER_PASSWD=$1 +else + cd /var/yp; /usr/bin/make MASTER_PASSWD=$1 >> $LOGFILE +fi diff --git a/gnu/usr.sbin/ypserv/Makefile.yp b/gnu/usr.sbin/ypserv/Makefile.yp index 7645e0e..4bcf95a 100644 --- a/gnu/usr.sbin/ypserv/Makefile.yp +++ b/gnu/usr.sbin/ypserv/Makefile.yp @@ -1,7 +1,7 @@ # # Makefile for the NIS databases # -# $Id: Makefile.yp,v 1.6 1995/04/02 01:53:47 wpaul Exp $ +# $Id: Makefile.yp,v 1.8 1995/06/18 16:08:15 wpaul Exp $ # # This Makefile should only be run on the NIS master server of a domain. # All updated maps will be pushed to all NIS slave servers listed in the @@ -55,10 +55,16 @@ YPMAPDIR = $(YPDIR)/$(DOMAINNAME) # real password database is not used by default. However, you may use # the real /etc/passwd and /etc/master.passwd files by: # -# - editing this Makefile +# # - invoking yppasswdd without the -m option (yppasswdd will use # /etc/master.passwd if no alternate master.passwd file is specified # and do a 'pwd_mkdb' as needed). +# - Specifying the location of the master.passwd file using the +# MASTER_PASSWD variable, i.e.: +# +# # make MASTER_PASSWD=/path/to/some/other/master.passwd +# +# - (optionally): editing this Makefile to change the default location. # # To add a user, edit $(YPDIR)/master.passwd and type 'make'. The raw # passwd file will be generated from the master.passwd file automagically. @@ -73,12 +79,17 @@ SERVICES = $(YPSRCDIR)/services GROUP = $(YPSRCDIR)/group NETGROUP = $(YPSRCDIR)/netgroup PASSWD = $(YPDIR)/passwd +.if !defined(MASTER_PASSWD) MASTER = $(YPDIR)/master.passwd +.else +MASTER = $(MASTER_PASSWD) +.endif YPSERVERS = $(YPDIR)/ypservers # List of all NIS servers for a domain -target: +target: @if [ ! -d $(DOMAINNAME) ]; then mkdir $(DOMAINNAME); fi; \ - cd $(DOMAINNAME) ; make -f ../Makefile all + cd $(DOMAINNAME) ; echo "NIS Map update started on `date`" ; \ + make -f ../Makefile all; echo "NIS Map update completed." # If you don't want some of these maps built, feel free to comment # them out from this list. @@ -86,8 +97,9 @@ target: # since /etc/ethers and /etc/bootparams are not likely to be present # on all systems. # -all: master.passwd passwd hosts group networks protocols rpc services \ - servers netid # netgroup ethers bootparam + +all: master.passwd passwd hosts group networks protocols \ + rpc services servers netid # netgroup ethers bootparam ethers: ethers.byname ethers.byaddr bootparam: bootparams @@ -155,6 +167,7 @@ netgroup: $(NETGROUP) -o $(YPMAPDIR)/$@ - $@ @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi + @$(MAKE) -f ../Makefile netid hosts.byname: $(HOSTS) @@ -166,7 +179,7 @@ hosts.byname: $(HOSTS) -o $(YPMAPDIR)/$@ - $@ @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi - + @$(MAKE) -f ../Makefile netid hosts.byaddr: $(HOSTS) @echo "Updating $@..." @@ -176,6 +189,7 @@ hosts.byaddr: $(HOSTS) | $(DBLOAD) -i $(HOSTS) -o $(YPMAPDIR)/$@ - $@ @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi + @$(MAKE) -f ../Makefile netid networks.byname: $(NETWORKS) @@ -284,7 +298,6 @@ passwd.byname: $(PASSWD) @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi - passwd.byuid: $(PASSWD) @echo "Updating $@..." $(RM) $@ @@ -293,6 +306,7 @@ passwd.byuid: $(PASSWD) | $(DBLOAD) -i $(PASSWD) -o $(YPMAPDIR)/$@ - $@ @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi + @$(MAKE) -f ../Makefile netid group.byname: $(GROUP) @@ -313,6 +327,7 @@ group.bygid: $(GROUP) | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi + @$(MAKE) -f ../Makefile netid netid.byname: $(GROUP) $(PASSWD) diff --git a/gnu/usr.sbin/ypserv/yp_svc.c b/gnu/usr.sbin/ypserv/yp_svc.c index 2d920a6..739a0e3 100644 --- a/gnu/usr.sbin/ypserv/yp_svc.c +++ b/gnu/usr.sbin/ypserv/yp_svc.c @@ -325,11 +325,12 @@ int main(int argc, char **argv) sigaction(SIGPIPE, NULL, &sa); sa.sa_handler = SIG_IGN; sa.sa_flags |= SA_RESTART; + sigemptyset(&sa.sa_mask); sigaction(SIGPIPE, &sa, NULL); sigaction(SIGCHLD, NULL, &sa); sa.sa_flags |= SA_RESTART; sa.sa_handler = reapchild; - sa.sa_mask = sigmask(SIGCHLD); + sigemptyset(&sa.sa_mask); sigaction(SIGCHLD, &sa, NULL); (void) pmap_unset(YPPROG, YPVERS); |
