From 766ce6a059e62f7084336d4218673fea15dc987e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Honza=20Hor=C3=A1k?= Date: Wed, 14 Sep 2011 10:50:41 +0200 Subject: [PATCH] Added passwd.adjunct support in yppasswdd to recognize password format correctly when changing password using yppasswd Resolves: #699667 fixed hiding the change request when external script is used in rpc.yppasswdd --- ypserv-2.26-request.patch | 30 +++++++++ ypserv-2.26-shadow.patch | 133 ++++++++++++++++++++++++++++++++++++++ ypserv.spec | 15 ++++- 3 files changed, 177 insertions(+), 1 deletion(-) create mode 100644 ypserv-2.26-request.patch create mode 100644 ypserv-2.26-shadow.patch diff --git a/ypserv-2.26-request.patch b/ypserv-2.26-request.patch new file mode 100644 index 0000000..84b6f71 --- /dev/null +++ b/ypserv-2.26-request.patch @@ -0,0 +1,30 @@ +diff -up ypserv-2.26/rpc.yppasswdd/update.c.request ypserv-2.26/rpc.yppasswdd/update.c +--- ypserv-2.26/rpc.yppasswdd/update.c.request 2011-08-31 15:25:24.760227846 +0200 ++++ ypserv-2.26/rpc.yppasswdd/update.c 2011-08-31 15:26:24.214227279 +0200 +@@ -742,7 +742,7 @@ external_update_env (yppasswd *yppw) + * + *===============================================================*/ + +-static char * ++static void + remove_password (char *str) + { + char *ptr = strstr (str, " o:"); +@@ -761,8 +761,6 @@ remove_password (char *str) + while (*ptr && *ptr != ' ') + *ptr++ = 'X'; + } +- +- return ptr; + } + + static int +@@ -940,7 +938,7 @@ external_update_pipe (yppasswd *yppw, ch + fclose(fp); + + if (!debug_flag) +- parentmsg = remove_password (parentmsg); ++ remove_password (parentmsg); + + if (strspn(childresponse, "OK") < 2) + { diff --git a/ypserv-2.26-shadow.patch b/ypserv-2.26-shadow.patch new file mode 100644 index 0000000..570a0cc --- /dev/null +++ b/ypserv-2.26-shadow.patch @@ -0,0 +1,133 @@ +diff -up ypserv-2.26/rpc.yppasswdd/update.c.shadow ypserv-2.26/rpc.yppasswdd/update.c +--- ypserv-2.26/rpc.yppasswdd/update.c.shadow 2011-09-14 10:34:51.689163960 +0200 ++++ ypserv-2.26/rpc.yppasswdd/update.c 2011-09-14 10:44:16.592158574 +0200 +@@ -79,6 +79,8 @@ char *path_shadow_old = NULL; + /* Will be set by the main function */ + char *external_update_program = NULL; + ++static bool_t adjuct_used = FALSE; ++ + static int external_update_env (yppasswd *yppw); + static int external_update_pipe (yppasswd *yppw, char *logbuf); + static int update_files (yppasswd *yppw, char *logbuf, int *shadow_changed, +@@ -142,6 +144,76 @@ shell_ok (char *shell) + return 0; + } + ++/* Read shadow file manually, to handle different colons count. ++ When we use passwd.adjunct, shadow file contains 6 colons, but if ++ we don't use passwd.adjunct, shadow file contains 8 colons. ++ This function can handle both counts, but fgetspent doesn't */ ++static struct spwd * ++fgetspent_adjunct(FILE *fp) ++{ ++ static char line_buffer[1024]; ++ char *buffer_mark; ++ struct spwd* result; ++ int i, colons = 0; ++ ++ /* Reserve two bytes for theoretic colons */ ++ while (fgets(line_buffer, sizeof(line_buffer) - 2, fp) != NULL) ++ { ++ /* We don't need a new line character in the end */ ++ if ((buffer_mark = strchr(line_buffer, '\n')) != NULL) ++ buffer_mark[0] = '\0'; ++ ++ /* Skip commented or empty lines */ ++ if (line_buffer[0] == '\0' || line_buffer[0] == '#') ++ continue; ++ ++ /* Count number of colons in the line */ ++ for (i = 0; line_buffer[i] != '\0'; ++i) ++ if (line_buffer[i] == ':') ++ ++colons; ++ ++ /* When we use passwd.adjunct, shadow file contains 6 colons, ++ but we need 8 colons to properly parse the line, so we ++ just add two colons to the end of the line */ ++ if (colons == 6) ++ { ++ strcat(line_buffer, "::"); ++ adjuct_used = TRUE; ++ } ++ ++ /* Try to parse the line, if not success, read the next line */ ++ if (result = sgetspent(line_buffer)) ++ return result; ++ ++ } ++ return NULL; ++} ++ ++/* Write an entry to the given stream. ++ When we use passwd.adjunct, shadow file contains 6 colons, but if ++ we don't use passwd.adjunct, shadow file contains 8 colons. ++ This function can handle both counts, but putspent doesn't */ ++static int ++putspent_adjunct (const struct spwd *p, FILE *stream) ++{ ++ if (!adjuct_used) ++ return putspent(p, stream); ++ ++ int errors = 0; ++ ++ flockfile (stream); ++ ++ if (fprintf (stream, "%s:%s:::::", p->sp_namp, p->sp_pwdp ? p->sp_pwdp : "") < 0) ++ ++errors; ++ ++ if (putc_unlocked ('\n', stream) == EOF) ++ ++errors; ++ ++ funlockfile (stream); ++ ++ return errors ? -1 : 0; ++} ++ + /* Check if the password the user supplied matches the old one */ + static int + password_ok (char *plain, char *crypted, char *root) +@@ -476,11 +548,12 @@ update_files (yppasswd *yppw, char *logb + + /* Check the password. At first check for a shadow password. */ + if (oldsf != NULL && +- pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') ++ ((pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') || ++ (pw->pw_passwd[0] == '#' && pw->pw_passwd[1] == '#'))) + { + #ifdef HAVE_GETSPNAM /* shadow password */ + /* Search for the shadow entry of this user */ +- while ((spw = fgetspent (oldsf)) != NULL) ++ while ((spw = fgetspent_adjunct (oldsf)) != NULL) + { + if (strcmp (yppw->newpw.pw_name, spw->sp_namp) == 0) + { +@@ -493,7 +566,7 @@ update_files (yppasswd *yppw, char *logb + /* Password is ok, leave while loop */ + break; + } +- else if (putspent (spw, newsf) < 0) ++ else if (putspent_adjunct (spw, newsf) < 0) + { + log_msg ("%s failed", logbuf); + log_msg ("Error while writing new shadow file: %m"); +@@ -545,7 +618,7 @@ update_files (yppasswd *yppw, char *logb + goto error; + } + } +- if (putspent (spw, newsf) < 0) ++ if (putspent_adjunct (spw, newsf) < 0) + { + log_msg ("%s failed", logbuf); + log_msg ("Error while writing new shadow file: %m"); +@@ -554,8 +627,8 @@ update_files (yppasswd *yppw, char *logb + } + + /* Copy all missing entries */ +- while ((spw = fgetspent (oldsf)) != NULL) +- if (putspent (spw, newsf) < 0) ++ while ((spw = fgetspent_adjunct (oldsf)) != NULL) ++ if (putspent_adjunct (spw, newsf) < 0) + { + log_msg ("%s failed", logbuf); + log_msg ("Error while writing new shadow file: %m"); diff --git a/ypserv.spec b/ypserv.spec index 95e214e..f0250fd 100644 --- a/ypserv.spec +++ b/ypserv.spec @@ -2,7 +2,7 @@ Summary: The NIS (Network Information Service) server Url: http://www.linux-nis.org/nis/ypserv/index.html Name: ypserv Version: 2.26 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: System Environment/Daemons Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/ypserv-%{version}.tar.bz2 @@ -27,6 +27,8 @@ Patch7: ypserv-2.24-manfix.patch Patch8: ypserv-2.24-aliases.patch Patch9: ypserv-2.25-systemd.patch Patch10: ypserv-2.25-portmanfix.patch +Patch11: ypserv-2.26-request.patch +Patch12: ypserv-2.26-shadow.patch BuildRequires: gdbm-devel BuildRequires: systemd-units @@ -59,6 +61,8 @@ machines. %patch8 -p1 -b .aliases %patch9 -p1 -b .systemd %patch10 -p1 -b .portmanfix +%patch11 -p1 -b .request +%patch12 -p1 -b .shadow %build cp etc/README etc/README.etc @@ -150,6 +154,15 @@ exit 0 %{_includedir}/*/* %changelog +* Wed Sep 14 2011 Honza Horak - 2.26-4 +- Added passwd.adjunct support in yppasswdd to recognize + password format correctly when changing password using yppasswd + Resolves: #699667 + +* Wed Aug 31 2011 Honza Horak - 2.26-3 +- fixed hiding the change request when external script is used + in rpc.yppasswdd + * Wed Aug 03 2011 Honza Horak - 2.26-2 - fixed systemd unit files requires and description