- Add support for embedding special entries in the password databases

for +@netgroup/-@netgroup entries. This saves the getpwent functions
from having to do all the work.

- Fix potential bug: when pwd_mkdb writes the YP-enabled flag to the secure
password database, it uses the wrong database descriptor. (It uses the
descriptor from the non-secure database, which is already closed by the time
things are being written into the secure dastabase).

1 files changed, 72 insertions, 3 deletions

diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index 9c1ecc7..0bea7f9 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -92,7 +92,7 @@ main(argc, argv)
 	DBT data, key;
 	FILE *fp, *oldfp;
 	sigset_t set;
-	int ch, cnt, len, makeold, tfd, yp_enabled = 0;
+	int ch, cnt, pluscnt, minuscnt, len, makeold, tfd, yp_enabled = 0;
 	char *p, *t;
 	char buf[MAX(MAXPATHLEN, LINE_MAX * 2)], tbuf[1024];
 	char buf2[MAXPATHLEN];
@@ -175,6 +175,7 @@ main(argc, argv)
 	 * original file prepended by the _PW_KEYBYNUM character.  (The special
 	 * characters are prepended to ensure that the keys do not collide.)
 	 */
+	minuscnt = pluscnt = 0;
 	data.data = (u_char *)buf;
 	key.data = (u_char *)tbuf;
 	for (cnt = 1; scan(fp, &pwd); ++cnt) {
@@ -228,6 +229,22 @@ main(argc, argv)
 		if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
 			error("put");
 
+		/* Store insecure special plus and special minus */
+		if ((pwd.pw_name[0] == '+' || pwd.pw_name[0] == '-')
+			&& pwd.pw_name[1] == '@') {
+			tbuf[0] = (pwd.pw_name[0] == '+') ?
+				_PW_KEYPLUSBYNUM : _PW_KEYMINUSBYNUM;
+			memmove(tbuf + 1, (pwd.pw_name[0] == '+') ?
+				&pluscnt : &minuscnt, sizeof(cnt));
+			if (pwd.pw_name[0] == '+')
+				pluscnt++;
+			else
+				minuscnt++;
+			key.size = sizeof(cnt) + 1;
+			if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
+				error("put");
+		}
+
 		/* Create original format password file entry */
 		if (makeold)
 			(void)fprintf(oldfp, "%s:*:%d:%d:%s:%s:%s\n",
@@ -243,6 +260,24 @@ main(argc, argv)
 		if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
 			error("put");
 	}
+	/* If we have +@netgroup entries, store the plus counter */
+	if(pluscnt) {
+		buf[0] = pluscnt;
+		data.size = sizeof(pluscnt);
+		tbuf[0] = _PW_KEYPLUSCNT;
+		key.size = 1;
+		if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
+			error("put");
+	}
+	/* If we have -@netgroup entries, store the minus counter */
+	if(minuscnt) {
+		buf[0] = minuscnt;
+		data.size = sizeof(minuscnt);
+		tbuf[0] = _PW_KEYMINUSCNT;
+		key.size = 1;
+		if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
+			error("put");
+	}
 
 	(void)(dp->close)(dp);
 	if (makeold) {
@@ -259,6 +294,7 @@ main(argc, argv)
 	clean = FILE_SECURE;
 
 	rewind(fp);
+	minuscnt = pluscnt = 0;
 	for (cnt = 1; scan(fp, &pwd); ++cnt) {
 
 		/* Create secure data. */
@@ -302,6 +338,22 @@ main(argc, argv)
 		key.size = sizeof(pwd.pw_uid) + 1;
 		if ((dp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
 			error("put");
+
+		/* Store secure special plus and special minus */
+		if ((pwd.pw_name[0] == '+' || pwd.pw_name[0] == '-')
+			&& pwd.pw_name[1] == '@') {
+			tbuf[0] = (pwd.pw_name[0] == '+') ?
+				_PW_KEYPLUSBYNUM : _PW_KEYMINUSBYNUM;
+			memmove(tbuf + 1, (pwd.pw_name[0] == '+') ?
+				&pluscnt : &minuscnt, sizeof(cnt));
+			if (pwd.pw_name[0] == '+')
+				pluscnt++;
+			else
+				minuscnt++;
+			key.size = sizeof(cnt) + 1;
+			if ((dp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
+				error("put");
+		}
 	}
 	/* If YP enabled, set flag. */
 	if(yp_enabled) {
@@ -309,10 +361,27 @@ main(argc, argv)
 		data.size = 1;
 		tbuf[0] = _PW_KEYYPENABLED;
 		key.size = 1;
-		if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
+		if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
+			error("put");
+	}
+	/* If we have +@netgroup entries, store the plus counter */
+	if(pluscnt) {
+		buf[0] = pluscnt;
+		data.size = sizeof(pluscnt);
+		tbuf[0] = _PW_KEYPLUSCNT;
+		key.size = 1;
+		if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
+			error("put");
+	}
+	/* If we have -@netgroup entries, store the minus counter */
+	if(minuscnt) {
+		buf[0] = minuscnt;
+		data.size = sizeof(minuscnt);
+		tbuf[0] = _PW_KEYMINUSCNT;
+		key.size = 1;
+		if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
 			error("put");
 	}
-
 	(void)(edp->close)(edp);
 
 	/* Set master.passwd permissions, in case caller forgot. */