NetBSD Problem Report #46398

From Wolfgang.Stukenbrock@nagler-company.com  Wed May  2 08:13:24 2012
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 0CDD363BA4F
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  2 May 2012 08:13:24 +0000 (UTC)
Message-Id: <20120502081327.B007A1E80A9@test-s0.nagler-company.com>
Date: Wed,  2 May 2012 10:13:27 +0200 (CEST)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: rpc.yppasswdd creates spwd.db and pwd.db even if not required and may run into problems
X-Send-Pr-Version: 3.95

>Number:         46398
>Category:       bin
>Synopsis:       rpc.yppasswdd creates spwd.db and pwd.db even if not required and may run into problems
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed May 02 08:15:00 +0000 2012
>Originator:     Wolfgang.Stukenbrock@nagler-company.com
>Release:        NetBSD 5.1
>Organization:
Dr. Nagler & Company GmbH
>Environment:


System: NetBSD test-s0 4.0 NetBSD 4.0 (NSW-WS) #0: Tue Aug 17 17:28:09 CEST 2010 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
	In the default setup, the YP-Master server uses /etc/master.passwd as source for the YP-database.
	This enables login of all YP-Users to this server - that is not usefull in larger setups.
	It is possible to use a private master.passwd file - e.g. /var/yp/<DOM-Master-Dir>/etc/master.passwd -
	by specifiying the -d option to yppasswd and define the path in the yp-makefile.
	So far so good.
	But if the master.passwd files gets constructured during yp-make, a problem with the generated DB files
	spwd.db and pwd.db arises.
	Constructing the master-passwd file for YP is very usefull, if you have groups of users with several administrators
	and you need to give these admins the access the the password-Master version for their users without opening the
	whole server for them.
	Normaly the DB files are maintained by the command vipw and the rpc.yppasswdd to enshure mutal exclusion
	implemented with the library libutil and the pwd_mkdb binary. (a passwd-lock-file is used here too.)
	But if an installation uses a private master version of this file on a YP-master server, theese files doesn't
	realy make sence, because nobody other than the pwd_mkdb binary ever uses them.
	In case that the master password file is constructed from different sources or the master-YP-file is edited like
	all other YP-master-files with a normal editor (e.g. vi) the generated DB files gets out of sync all times
	forcing the call of rpc.yppasswd to pwd_mkdb for a password update to fail.
	This can be avoided if the generation of the DB files can be disabled on the commandline of rpc.yppasswd.
>How-To-Repeat:
	Use a YP-master setup where an own (private) master-passwd file is used and the passwd-master-file gets
	constructed by the make or add an user to that file with vi and try to use yppasswd.
	You will run into problems when updateing a password from a client, because the generated spwd.db and pwd.db
	files are out of date.
>Fix:
	The following patch will add an option to rpc.yppasswd that avoids the call to pwd_mkdb and renames the
	generated password lock file instead.


--- extern.h.orig	2012-05-02 09:32:46.000000000 +0200
+++ extern.h	2012-05-02 09:32:46.000000000 +0200
@@ -35,5 +35,5 @@
 void	make_passwd(yppasswd *, struct svc_req *, SVCXPRT *);

 /* rpc.yppasswdd.c */
-extern int	noshell, nogecos, nopw, domake;
+extern int	noshell, nogecos, nopw, nodbfiles, domake;
 extern char	make_arg[_POSIX2_LINE_MAX];


--- rpc.yppasswdd.8.orig	2012-05-02 09:32:45.000000000 +0200
+++ rpc.yppasswdd.8	2012-05-02 09:32:45.000000000 +0200
@@ -57,7 +57,8 @@
 to
 .Ar directory .
 It is important to create the binary database files (pwd.db and spwd.db)
-when using this switch or the password change will fail.
+when using this switch or the password change will fail (except the
+nodbfiles option is used).
 The databases need to be created only once with the following command:
 .Pp
 .Dl pwd_mkdb -d directory directory/etc/master.passwd
@@ -67,6 +68,8 @@
 Don't allow changes of the gecos field in the passwd file.
 .It Fl nopw
 Don't allow changes of the password in the passwd file.
+.It Fl nodbfiles
+Suppress creation of the binary database files (pwd.db and spwd.db).
 .It Fl m Ar arg1 Op Ar arg2 ...
 Additional arguments to pass to
 .Ar make


--- rpc.yppasswdd.c.orig	2012-05-02 09:32:45.000000000 +0200
+++ rpc.yppasswdd.c	2012-05-02 09:32:46.000000000 +0200
@@ -55,7 +55,7 @@

 #include "extern.h"

-int	noshell, nogecos, nopw;
+int	noshell, nogecos, nopw, nodbfiles;
 char	make_arg[_POSIX2_LINE_MAX] = "make";

 int	main(int, char *[]);
@@ -87,6 +87,8 @@
 			nogecos = 1;
 		else if (strcmp("nopw", arg) == 0)
 			nopw = 1;
+		else if (strcmp("nodbfiles", arg) == 0)
+			nodbfiles = 1;
 		else if (strcmp("m", arg) == 0) {
 			int len;

@@ -177,6 +179,6 @@
 {

 	fprintf(stderr, "usage: %s [-d directory] [-noshell] [-nogecos] "
-	    "[-nopw] [-m arg1 [arg2 ...]]\n", getprogname());
+	    "[-nopw] [-nodbfiles] [-m arg1 [arg2 ...]]\n", getprogname());
 	exit(EXIT_FAILURE);
 }


--- yppasswdd_mkpw.c.orig	2012-05-02 09:32:45.000000000 +0200
+++ yppasswdd_mkpw.c	2012-05-02 09:32:45.000000000 +0200
@@ -159,10 +159,22 @@

 	pw_copy(pfd, tfd, &pw, NULL);

-	if (pw_mkdb(pw.pw_name, 0) < 0) {
-		warnx("pw_mkdb failed");
-		pw_abort();
-		RETURN(1);
+	if (!nodbfiles) {
+		if (pw_mkdb(pw.pw_name, 0) < 0) {
+			warnx("pw_mkdb failed");
+			pw_abort();
+			RETURN(1);
+		}
+	} else {
+		char from[MAXPATHLEN];
+
+		(void)strlcpy(from, pw_getprefix(), sizeof(from));
+		(void)strlcat(from, _PATH_MASTERPASSWD_LOCK, sizeof(from));
+		if (rename(from, mpwd) < 0) {
+			warnx("rename from %s to %s failed with errno = %d strerror = %s\n", from, mpwd, errno, strerror(errno));
+			pw_abort();
+			RETURN(1);
+		}
 	}

 	/* XXX RESTORE SIGNAL STATE? XXX */

>Unformatted:

Home	PR Database Search