Bug fix: use the use_yp() function in the chpass(1) code to determine

correctly whether a user is local or NIS (or both, or neither). If you
have a user that exists locally but not in NIS, passwd(1) could get
confused and try to submit the password change to NIS. (Fortunately,
yppasswdd is smart enough to spot the error and reject the change.)

Bug reported by: Charles Owens <owensc@enc.edu>

3 files changed, 34 insertions, 48 deletions

diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c
index 44c8ffe..a8700ea 100644
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@@ -50,6 +50,9 @@ static char sccsid[] = "@(#)local_passwd.c	8.3 (Berkeley) 4/2/94";
 
 #include <pw_copy.h>
 #include <pw_util.h>
+#ifdef YP
+#include <pw_yp.h>
+#endif
 
 #include "extern.h"
 
@@ -139,6 +142,10 @@ local_passwd(uname)
 	if (!(pw = getpwnam(uname)))
 		errx(1, "unknown user %s", uname);
 
+#ifdef YP
+	/* Use the right password information. */
+	pw = (struct passwd *)&local_password;
+#endif
 	uid = getuid();
 	if (uid && uid != pw->pw_uid)
 		errx(1, "%s", strerror(EACCES));
diff --git a/usr.bin/passwd/passwd.c b/usr.bin/passwd/passwd.c
index aee2e6e..31e005d 100644
--- a/usr.bin/passwd/passwd.c
+++ b/usr.bin/passwd/passwd.c
@@ -40,7 +40,7 @@ static char copyright[] =
 #ifndef lint
 static char sccsid[] = "From: @(#)passwd.c	8.3 (Berkeley) 4/2/94";
 static const char rcsid[] =
-	"$Id: passwd.c,v 1.4 1995/06/16 03:33:10 wpaul Exp $";
+	"$Id: passwd.c,v 1.5 1995/08/13 16:07:35 wpaul Exp $";
 #endif /* not lint */
 
 #include <err.h>
@@ -51,13 +51,9 @@ static const char rcsid[] =
 
 #ifdef YP
 #include <pwd.h>
-#include <limits.h>
-#include <db.h>
-#include <fcntl.h>
-#include <utmp.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
+#include <pw_yp.h>
+char *prog_name;
+int __use_yp = 0;
 #endif
 
 #ifdef KERBEROS
@@ -70,20 +66,6 @@ void	usage __P((void));
 
 int use_local_passwd = 0;
 
-#ifdef YP
-#define PERM_SECURE (S_IRUSR|S_IWUSR)
-int _use_yp = 0;
-char *prog_name;
-HASHINFO openinfo = {
-        4096,           /* bsize */
-        32,             /* ffactor */
-        256,            /* nelem */
-        2048 * 1024,    /* cachesize */
-        NULL,           /* hash */
-        0,              /* lorder */
-};
-#endif
-
 int
 main(argc, argv)
 	int argc;
@@ -110,11 +92,9 @@ main(argc, argv)
 #endif
 
 #ifdef YP
-	DB *dbp;
-	DBT key,data;
-	char bf[UT_NAMESIZE + 2];
+	int res = 0;
 
-	if (strstr(argv[0], (prog_name = "yppasswd"))) _use_yp = 1;
+	if (strstr(argv[0], (prog_name = "yppasswd"))) __use_yp = 1;
 #endif
 
 	while ((ch = getopt(argc, argv, OPTIONS)) != EOF) {
@@ -135,7 +115,7 @@ main(argc, argv)
 #endif /* KERBEROS */
 #ifdef	YP
 		case 'y':			/* Change NIS password */
-			_use_yp = 1;
+			__use_yp = 1;
 			break;
 #endif
 		default:
@@ -165,36 +145,28 @@ main(argc, argv)
 	 * If NIS is turned on in the password database, use it, else punt.
 	 */
 #ifdef KERBEROS
-	if (iflag == NULL && rflag == NULL && uflag == NULL) {
+	if (__use_yp || (iflag == NULL && rflag == NULL && uflag == NULL)) {
 #endif
-		if ((dbp = dbopen(_PATH_MP_DB, O_RDONLY, PERM_SECURE,
-				DB_HASH, &openinfo)) == NULL)
-			errx(1, "error opening database: %s.", _PATH_MP_DB);
-
-		bf[0] = _PW_KEYYPENABLED;
-		key.data = (u_char *)bf;
-		key.size = 1;
-		if ((dbp->get)(dbp,&key,&data,0))
-			(dbp->close)(dbp);
-		else {
+		res = use_yp(uname);
+		if (res == USER_YP_ONLY) {
 			if (!use_local_passwd) {
-				(dbp->close)(dbp);
 				exit(yp_passwd(uname));
 			} else {
 			/*
 			 * Reject -l flag if NIS is turned on and the user
 			 * doesn't exist in the local password database.
 			 */
-				bf[0] = _PW_KEYBYNAME;
-				bcopy(uname, bf + 1, MIN(strlen(uname), UT_NAMESIZE));
-				key.data = (u_char *)bf;
-				key.size = strlen(uname) + 1;
-				if ((dbp->get)(dbp,&key,&data,0)) {
-					(dbp->close)(dbp);
-					errx(1, "unknown local user: %s.", uname);
-				}
-			(dbp->close)(dbp);
+				errx(1, "unknown local user: %s.", uname);
 			}
+		} else if (res == USER_LOCAL_ONLY) {
+			/*
+			 * Reject -y flag if user only exists locally.
+			 */
+			if (__use_yp)
+				errx(1, "unknown NIS user: %s.", uname);
+		} else if (res == USER_YP_AND_LOCAL) {
+			if (!use_local_passwd)
+				exit(yp_passwd(uname));
 		}
 #ifdef KERBEROS
 	}
diff --git a/usr.bin/passwd/yp_passwd.c b/usr.bin/passwd/yp_passwd.c
index f6e7d6f..a481f2d 100644
--- a/usr.bin/passwd/yp_passwd.c
+++ b/usr.bin/passwd/yp_passwd.c
@@ -1,6 +1,7 @@
 /*
  * Copyright (c) 1992/3 Theo de Raadt <deraadt@fsa.ca>
  * Copyright (c) 1994 Olaf Kirch <okir@monad.swb.de>
+ * Copyright (c) 1995 Bill Paul <wpaul@ctr.columbia.edu>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28,6 +29,7 @@
  * SUCH DAMAGE.
  */
 
+#ifdef YP
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -42,6 +44,7 @@
 #include <rpcsvc/yp_prot.h>
 #include <rpcsvc/ypclnt.h>
 #include <rpcsvc/yppasswd.h>
+#include <pw_yp.h>
 
 extern char *prog_name;
 uid_t	uid;
@@ -116,6 +119,9 @@ yp_passwd(char *user)
       }
   }
 
+  /* Use the correct password */
+  pw = (struct passwd *)&yp_password;
+
   /* Initialize password information */
   yppasswd.newpw.pw_passwd = pw->pw_passwd;
   yppasswd.newpw.pw_name = pw->pw_name;
@@ -172,3 +178,4 @@ yp_passwd(char *user)
   clnt_destroy( clnt );
   exit ((err || status) != 0);
 }
+#endif /* YP */