Added passwd.adjunct support in yppasswdd to recognize password format correctly when changing password using yppasswd Resolves: #699667
fixed hiding the change request when external script is used in rpc.yppasswdd
This commit is contained in:
parent
f234e015e5
commit
766ce6a059
30
ypserv-2.26-request.patch
Normal file
30
ypserv-2.26-request.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
diff -up ypserv-2.26/rpc.yppasswdd/update.c.request ypserv-2.26/rpc.yppasswdd/update.c
|
||||||
|
--- ypserv-2.26/rpc.yppasswdd/update.c.request 2011-08-31 15:25:24.760227846 +0200
|
||||||
|
+++ ypserv-2.26/rpc.yppasswdd/update.c 2011-08-31 15:26:24.214227279 +0200
|
||||||
|
@@ -742,7 +742,7 @@ external_update_env (yppasswd *yppw)
|
||||||
|
*
|
||||||
|
*===============================================================*/
|
||||||
|
|
||||||
|
-static char *
|
||||||
|
+static void
|
||||||
|
remove_password (char *str)
|
||||||
|
{
|
||||||
|
char *ptr = strstr (str, " o:");
|
||||||
|
@@ -761,8 +761,6 @@ remove_password (char *str)
|
||||||
|
while (*ptr && *ptr != ' ')
|
||||||
|
*ptr++ = 'X';
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- return ptr;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
@@ -940,7 +938,7 @@ external_update_pipe (yppasswd *yppw, ch
|
||||||
|
fclose(fp);
|
||||||
|
|
||||||
|
if (!debug_flag)
|
||||||
|
- parentmsg = remove_password (parentmsg);
|
||||||
|
+ remove_password (parentmsg);
|
||||||
|
|
||||||
|
if (strspn(childresponse, "OK") < 2)
|
||||||
|
{
|
133
ypserv-2.26-shadow.patch
Normal file
133
ypserv-2.26-shadow.patch
Normal file
@ -0,0 +1,133 @@
|
|||||||
|
diff -up ypserv-2.26/rpc.yppasswdd/update.c.shadow ypserv-2.26/rpc.yppasswdd/update.c
|
||||||
|
--- ypserv-2.26/rpc.yppasswdd/update.c.shadow 2011-09-14 10:34:51.689163960 +0200
|
||||||
|
+++ ypserv-2.26/rpc.yppasswdd/update.c 2011-09-14 10:44:16.592158574 +0200
|
||||||
|
@@ -79,6 +79,8 @@ char *path_shadow_old = NULL;
|
||||||
|
/* Will be set by the main function */
|
||||||
|
char *external_update_program = NULL;
|
||||||
|
|
||||||
|
+static bool_t adjuct_used = FALSE;
|
||||||
|
+
|
||||||
|
static int external_update_env (yppasswd *yppw);
|
||||||
|
static int external_update_pipe (yppasswd *yppw, char *logbuf);
|
||||||
|
static int update_files (yppasswd *yppw, char *logbuf, int *shadow_changed,
|
||||||
|
@@ -142,6 +144,76 @@ shell_ok (char *shell)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Read shadow file manually, to handle different colons count.
|
||||||
|
+ When we use passwd.adjunct, shadow file contains 6 colons, but if
|
||||||
|
+ we don't use passwd.adjunct, shadow file contains 8 colons.
|
||||||
|
+ This function can handle both counts, but fgetspent doesn't */
|
||||||
|
+static struct spwd *
|
||||||
|
+fgetspent_adjunct(FILE *fp)
|
||||||
|
+{
|
||||||
|
+ static char line_buffer[1024];
|
||||||
|
+ char *buffer_mark;
|
||||||
|
+ struct spwd* result;
|
||||||
|
+ int i, colons = 0;
|
||||||
|
+
|
||||||
|
+ /* Reserve two bytes for theoretic colons */
|
||||||
|
+ while (fgets(line_buffer, sizeof(line_buffer) - 2, fp) != NULL)
|
||||||
|
+ {
|
||||||
|
+ /* We don't need a new line character in the end */
|
||||||
|
+ if ((buffer_mark = strchr(line_buffer, '\n')) != NULL)
|
||||||
|
+ buffer_mark[0] = '\0';
|
||||||
|
+
|
||||||
|
+ /* Skip commented or empty lines */
|
||||||
|
+ if (line_buffer[0] == '\0' || line_buffer[0] == '#')
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ /* Count number of colons in the line */
|
||||||
|
+ for (i = 0; line_buffer[i] != '\0'; ++i)
|
||||||
|
+ if (line_buffer[i] == ':')
|
||||||
|
+ ++colons;
|
||||||
|
+
|
||||||
|
+ /* When we use passwd.adjunct, shadow file contains 6 colons,
|
||||||
|
+ but we need 8 colons to properly parse the line, so we
|
||||||
|
+ just add two colons to the end of the line */
|
||||||
|
+ if (colons == 6)
|
||||||
|
+ {
|
||||||
|
+ strcat(line_buffer, "::");
|
||||||
|
+ adjuct_used = TRUE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Try to parse the line, if not success, read the next line */
|
||||||
|
+ if (result = sgetspent(line_buffer))
|
||||||
|
+ return result;
|
||||||
|
+
|
||||||
|
+ }
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Write an entry to the given stream.
|
||||||
|
+ When we use passwd.adjunct, shadow file contains 6 colons, but if
|
||||||
|
+ we don't use passwd.adjunct, shadow file contains 8 colons.
|
||||||
|
+ This function can handle both counts, but putspent doesn't */
|
||||||
|
+static int
|
||||||
|
+putspent_adjunct (const struct spwd *p, FILE *stream)
|
||||||
|
+{
|
||||||
|
+ if (!adjuct_used)
|
||||||
|
+ return putspent(p, stream);
|
||||||
|
+
|
||||||
|
+ int errors = 0;
|
||||||
|
+
|
||||||
|
+ flockfile (stream);
|
||||||
|
+
|
||||||
|
+ if (fprintf (stream, "%s:%s:::::", p->sp_namp, p->sp_pwdp ? p->sp_pwdp : "") < 0)
|
||||||
|
+ ++errors;
|
||||||
|
+
|
||||||
|
+ if (putc_unlocked ('\n', stream) == EOF)
|
||||||
|
+ ++errors;
|
||||||
|
+
|
||||||
|
+ funlockfile (stream);
|
||||||
|
+
|
||||||
|
+ return errors ? -1 : 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* Check if the password the user supplied matches the old one */
|
||||||
|
static int
|
||||||
|
password_ok (char *plain, char *crypted, char *root)
|
||||||
|
@@ -476,11 +548,12 @@ update_files (yppasswd *yppw, char *logb
|
||||||
|
|
||||||
|
/* Check the password. At first check for a shadow password. */
|
||||||
|
if (oldsf != NULL &&
|
||||||
|
- pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0')
|
||||||
|
+ ((pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') ||
|
||||||
|
+ (pw->pw_passwd[0] == '#' && pw->pw_passwd[1] == '#')))
|
||||||
|
{
|
||||||
|
#ifdef HAVE_GETSPNAM /* shadow password */
|
||||||
|
/* Search for the shadow entry of this user */
|
||||||
|
- while ((spw = fgetspent (oldsf)) != NULL)
|
||||||
|
+ while ((spw = fgetspent_adjunct (oldsf)) != NULL)
|
||||||
|
{
|
||||||
|
if (strcmp (yppw->newpw.pw_name, spw->sp_namp) == 0)
|
||||||
|
{
|
||||||
|
@@ -493,7 +566,7 @@ update_files (yppasswd *yppw, char *logb
|
||||||
|
/* Password is ok, leave while loop */
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- else if (putspent (spw, newsf) < 0)
|
||||||
|
+ else if (putspent_adjunct (spw, newsf) < 0)
|
||||||
|
{
|
||||||
|
log_msg ("%s failed", logbuf);
|
||||||
|
log_msg ("Error while writing new shadow file: %m");
|
||||||
|
@@ -545,7 +618,7 @@ update_files (yppasswd *yppw, char *logb
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if (putspent (spw, newsf) < 0)
|
||||||
|
+ if (putspent_adjunct (spw, newsf) < 0)
|
||||||
|
{
|
||||||
|
log_msg ("%s failed", logbuf);
|
||||||
|
log_msg ("Error while writing new shadow file: %m");
|
||||||
|
@@ -554,8 +627,8 @@ update_files (yppasswd *yppw, char *logb
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Copy all missing entries */
|
||||||
|
- while ((spw = fgetspent (oldsf)) != NULL)
|
||||||
|
- if (putspent (spw, newsf) < 0)
|
||||||
|
+ while ((spw = fgetspent_adjunct (oldsf)) != NULL)
|
||||||
|
+ if (putspent_adjunct (spw, newsf) < 0)
|
||||||
|
{
|
||||||
|
log_msg ("%s failed", logbuf);
|
||||||
|
log_msg ("Error while writing new shadow file: %m");
|
15
ypserv.spec
15
ypserv.spec
@ -2,7 +2,7 @@ Summary: The NIS (Network Information Service) server
|
|||||||
Url: http://www.linux-nis.org/nis/ypserv/index.html
|
Url: http://www.linux-nis.org/nis/ypserv/index.html
|
||||||
Name: ypserv
|
Name: ypserv
|
||||||
Version: 2.26
|
Version: 2.26
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/ypserv-%{version}.tar.bz2
|
Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/ypserv-%{version}.tar.bz2
|
||||||
@ -27,6 +27,8 @@ Patch7: ypserv-2.24-manfix.patch
|
|||||||
Patch8: ypserv-2.24-aliases.patch
|
Patch8: ypserv-2.24-aliases.patch
|
||||||
Patch9: ypserv-2.25-systemd.patch
|
Patch9: ypserv-2.25-systemd.patch
|
||||||
Patch10: ypserv-2.25-portmanfix.patch
|
Patch10: ypserv-2.25-portmanfix.patch
|
||||||
|
Patch11: ypserv-2.26-request.patch
|
||||||
|
Patch12: ypserv-2.26-shadow.patch
|
||||||
BuildRequires: gdbm-devel
|
BuildRequires: gdbm-devel
|
||||||
BuildRequires: systemd-units
|
BuildRequires: systemd-units
|
||||||
|
|
||||||
@ -59,6 +61,8 @@ machines.
|
|||||||
%patch8 -p1 -b .aliases
|
%patch8 -p1 -b .aliases
|
||||||
%patch9 -p1 -b .systemd
|
%patch9 -p1 -b .systemd
|
||||||
%patch10 -p1 -b .portmanfix
|
%patch10 -p1 -b .portmanfix
|
||||||
|
%patch11 -p1 -b .request
|
||||||
|
%patch12 -p1 -b .shadow
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cp etc/README etc/README.etc
|
cp etc/README etc/README.etc
|
||||||
@ -150,6 +154,15 @@ exit 0
|
|||||||
%{_includedir}/*/*
|
%{_includedir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 14 2011 Honza Horak <hhorak@redhat.com> - 2.26-4
|
||||||
|
- Added passwd.adjunct support in yppasswdd to recognize
|
||||||
|
password format correctly when changing password using yppasswd
|
||||||
|
Resolves: #699667
|
||||||
|
|
||||||
|
* Wed Aug 31 2011 Honza Horak <hhorak@redhat.com> - 2.26-3
|
||||||
|
- fixed hiding the change request when external script is used
|
||||||
|
in rpc.yppasswdd
|
||||||
|
|
||||||
* Wed Aug 03 2011 Honza Horak <hhorak@redhat.com> - 2.26-2
|
* Wed Aug 03 2011 Honza Horak <hhorak@redhat.com> - 2.26-2
|
||||||
- fixed systemd unit files requires and description
|
- fixed systemd unit files requires and description
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user