diff options
| author | wpaul <wpaul@FreeBSD.org> | 1996-10-23 21:46:17 +0000 |
|---|---|---|
| committer | wpaul <wpaul@FreeBSD.org> | 1996-10-23 21:46:17 +0000 |
| commit | c2980df72278572757dffbeb8519d5d4d82a3072 (patch) | |
| tree | 8432bfed75946bfe2c3c92cab9f6005d7fbfac27 /usr.sbin/rpc.yppasswdd | |
| parent | b9fc5c00e59d52cfef8c165e6a7db0fb77338e50 (diff) | |
| download | FreeBSD-src-c2980df72278572757dffbeb8519d5d4d82a3072.zip FreeBSD-src-c2980df72278572757dffbeb8519d5d4d82a3072.tar.gz | |
Add extra sanity checking to the in-place update routine. Sometimes you
find two users with the same UID (i.e. root and toor), but yp_mkdb(8)
forbits duplicate keys, so only one of them will end up in the *.byuid
maps (probably toor, since it comes after root in the template file).
If I asked rpc.yppasswdd(8) to change toor's password, it would update
the *.byname maps correctly, but incorrectly modify root's entry in
the *.byuid maps since the only matching record with UID=0 in those
maps belongs to root.
To fix this, we check that both the name and UID are correct before trying
to write new entries to the maps.
Diffstat (limited to 'usr.sbin/rpc.yppasswdd')
| -rw-r--r-- | usr.sbin/rpc.yppasswdd/yppasswdd_server.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c index d82890b..22320e7 100644 --- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c +++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c @@ -29,7 +29,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: yppasswdd_server.c,v 1.7 1996/08/04 22:13:05 wpaul Exp $ + * $Id: yppasswdd_server.c,v 1.6 1996/07/01 19:38:38 guido Exp $ */ #include <stdio.h> @@ -61,7 +61,7 @@ struct dom_binding {}; #include "yppasswd_comm.h" #ifndef lint -static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.7 1996/08/04 22:13:05 wpaul Exp $"; +static const char rcsid[] = "$Id: yppasswdd_server.c,v 1.6 1996/07/01 19:38:38 guido Exp $"; #endif /* not lint */ char *tempname; @@ -371,6 +371,37 @@ static int update_inplace(pw, domain) return(1); } + /* + * XXX Supposing we have more than one user with the same + * UID? (Or more than one user with the same name?) We could + * end up modifying the wrong record if were not careful. + */ + if (i % 2) { + if (strncmp(data.data, pw->pw_name, + strlen(pw->pw_name))) { + yp_error("warning: found entry for UID %d \ +in map %s@%s with wrong name (%.*s)", pw->pw_uid, maps[i], domain, + ptr - (char *)data.data, data.data); + yp_error("there may be more than one user \ +with the same UID - continuing"); + continue; + } + } else { + /* + * We're really being ultra-paranoid here. + * This is generally a 'can't happen' condition. + */ + snprintf(pwbuf, sizeof(pwbuf), ":%d:%d:", pw->pw_uid, + pw->pw_gid); + if (!strstr(data.data, pwbuf)) { + yp_error("warning: found entry for user %s \ +in map %s@%s with wrong UID", pw->pw_name, maps[i], domain); + yp_error("there may ne more than one user +with the same name - continuing"); + continue; + } + } + if (i < 2) { snprintf(pwbuf, sizeof(pwbuf), formats[i], pw->pw_name, pw->pw_passwd, pw->pw_uid, |
