Only call pw_mkdb if passfile == _PATH_MASTERPASSWD.

Otherwise, rename master.passwd to a temp filename, rename
the new passwd to master.passwd, and let yppwupdate update
passwd as it sees fit.

PR:		52601, 7968
Reviewed by:	des
Submitted by:	Dan Nelson <dnelson@allantgroup.com>

1 files changed, 47 insertions, 9 deletions

diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
index 1cc5322..7932753 100644
--- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
+++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
@@ -448,6 +448,7 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
 	char *oldgecos = NULL;
 	char *passfile_hold;
 	char passfile_buf[MAXPATHLEN + 2];
+	char passfile_hold_buf[MAXPATHLEN + 2];
 	char *domain = yppasswd_domain;
 	static struct sockaddr_in clntaddr;
 	static struct timeval t_saved, t_test;
@@ -572,6 +573,15 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
 		passfile = (char *)&passfile_buf;
 	}
 
+	/*
+	 * Create a filename to hold the original master.passwd
+	 * so if our call to yppwupdate fails we can roll back
+	 */
+	snprintf(passfile_hold_buf, sizeof(passfile_hold_buf),
+	    "%s.hold", passfile);
+	passfile_hold = (char *)&passfile_hold_buf;
+	
+
 	/* Step 5: make a new password file with the updated info. */
 
 	if (pw_init(dirname(passfile), passfile)) {
@@ -593,11 +603,38 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
 		yp_error("pw_copy() failed");
 		return &result;
 	}
-	if (pw_mkdb(yp_password.pw_name) == -1) {
+	if (rename(passfile, passfile_hold) == -1) {
 		pw_fini();
-		yp_error("pw_mkdb() failed");
+		yp_error("rename of %s to %s failed", passfile,
+		    passfile_hold);
 		return &result;
 	}
+
+	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) { 
+		/*
+		 * NIS server is exporting the system's master.passwd.
+		 * Call pw_mkdb to rebuild passwd and the .db files
+		 */
+		if (pw_mkdb(yp_password.pw_name) == -1) {
+			pw_fini();
+			yp_error("pw_mkdb() failed");
+			rename(passfile_hold, passfile);
+			return &result;
+		}
+	} else {
+		/*
+		 * NIS server is exporting a private master.passwd.
+		 * Rename tempfile into final location
+		 */
+		if (rename(pw_tempname(), passfile) == -1) {
+			pw_fini();
+			yp_error("rename of %s to %s failed",
+			    pw_tempname(), passfile);
+			rename(passfile_hold, passfile);
+			return &result;
+		}
+	}
+
 	pw_fini();
 
 	if (inplace) {
@@ -633,9 +670,8 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
 	}
 
 	if (verbose) {
-		yp_error("update completed for user %s (uid %d):",
-						argp->newpw.pw_name,
-						argp->newpw.pw_uid);
+		yp_error("update completed for user %s (uid %d) in %s:",
+		    argp->newpw.pw_name, argp->newpw.pw_uid, passfile);
 
 		if (passwd_changed)
 			yp_error("password changed");
@@ -780,10 +816,12 @@ allow additions to be made to the password database");
 		yp_error("pw_copy() failed");
 		return &result;
 	}
-	if (pw_mkdb(argp->newpw.pw_name) == -1) {
-		pw_fini();
-		yp_error("pw_mkdb() failed");
-		return &result;
+	if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
+		if (pw_mkdb(argp->newpw.pw_name) == -1) {
+			pw_fini();
+			yp_error("pw_mkdb() failed");
+			return &result;
+		}
 	}
 	pw_fini();