NetBSD Problem Report #46398
From Wolfgang.Stukenbrock@nagler-company.com Wed May 2 08:13:24 2012
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 0CDD363BA4F
for <gnats-bugs@gnats.NetBSD.org>; Wed, 2 May 2012 08:13:24 +0000 (UTC)
Message-Id: <20120502081327.B007A1E80A9@test-s0.nagler-company.com>
Date: Wed, 2 May 2012 10:13:27 +0200 (CEST)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: rpc.yppasswdd creates spwd.db and pwd.db even if not required and may run into problems
X-Send-Pr-Version: 3.95
>Number: 46398
>Category: bin
>Synopsis: rpc.yppasswdd creates spwd.db and pwd.db even if not required and may run into problems
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Wed May 02 08:15:00 +0000 2012
>Originator: Wolfgang.Stukenbrock@nagler-company.com
>Release: NetBSD 5.1
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD test-s0 4.0 NetBSD 4.0 (NSW-WS) #0: Tue Aug 17 17:28:09 CEST 2010 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
In the default setup, the YP-Master server uses /etc/master.passwd as source for the YP-database.
This enables login of all YP-Users to this server - that is not usefull in larger setups.
It is possible to use a private master.passwd file - e.g. /var/yp/<DOM-Master-Dir>/etc/master.passwd -
by specifiying the -d option to yppasswd and define the path in the yp-makefile.
So far so good.
But if the master.passwd files gets constructured during yp-make, a problem with the generated DB files
spwd.db and pwd.db arises.
Constructing the master-passwd file for YP is very usefull, if you have groups of users with several administrators
and you need to give these admins the access the the password-Master version for their users without opening the
whole server for them.
Normaly the DB files are maintained by the command vipw and the rpc.yppasswdd to enshure mutal exclusion
implemented with the library libutil and the pwd_mkdb binary. (a passwd-lock-file is used here too.)
But if an installation uses a private master version of this file on a YP-master server, theese files doesn't
realy make sence, because nobody other than the pwd_mkdb binary ever uses them.
In case that the master password file is constructed from different sources or the master-YP-file is edited like
all other YP-master-files with a normal editor (e.g. vi) the generated DB files gets out of sync all times
forcing the call of rpc.yppasswd to pwd_mkdb for a password update to fail.
This can be avoided if the generation of the DB files can be disabled on the commandline of rpc.yppasswd.
>How-To-Repeat:
Use a YP-master setup where an own (private) master-passwd file is used and the passwd-master-file gets
constructed by the make or add an user to that file with vi and try to use yppasswd.
You will run into problems when updateing a password from a client, because the generated spwd.db and pwd.db
files are out of date.
>Fix:
The following patch will add an option to rpc.yppasswd that avoids the call to pwd_mkdb and renames the
generated password lock file instead.
--- extern.h.orig 2012-05-02 09:32:46.000000000 +0200
+++ extern.h 2012-05-02 09:32:46.000000000 +0200
@@ -35,5 +35,5 @@
void make_passwd(yppasswd *, struct svc_req *, SVCXPRT *);
/* rpc.yppasswdd.c */
-extern int noshell, nogecos, nopw, domake;
+extern int noshell, nogecos, nopw, nodbfiles, domake;
extern char make_arg[_POSIX2_LINE_MAX];
--- rpc.yppasswdd.8.orig 2012-05-02 09:32:45.000000000 +0200
+++ rpc.yppasswdd.8 2012-05-02 09:32:45.000000000 +0200
@@ -57,7 +57,8 @@
to
.Ar directory .
It is important to create the binary database files (pwd.db and spwd.db)
-when using this switch or the password change will fail.
+when using this switch or the password change will fail (except the
+nodbfiles option is used).
The databases need to be created only once with the following command:
.Pp
.Dl pwd_mkdb -d directory directory/etc/master.passwd
@@ -67,6 +68,8 @@
Don't allow changes of the gecos field in the passwd file.
.It Fl nopw
Don't allow changes of the password in the passwd file.
+.It Fl nodbfiles
+Suppress creation of the binary database files (pwd.db and spwd.db).
.It Fl m Ar arg1 Op Ar arg2 ...
Additional arguments to pass to
.Ar make
--- rpc.yppasswdd.c.orig 2012-05-02 09:32:45.000000000 +0200
+++ rpc.yppasswdd.c 2012-05-02 09:32:46.000000000 +0200
@@ -55,7 +55,7 @@
#include "extern.h"
-int noshell, nogecos, nopw;
+int noshell, nogecos, nopw, nodbfiles;
char make_arg[_POSIX2_LINE_MAX] = "make";
int main(int, char *[]);
@@ -87,6 +87,8 @@
nogecos = 1;
else if (strcmp("nopw", arg) == 0)
nopw = 1;
+ else if (strcmp("nodbfiles", arg) == 0)
+ nodbfiles = 1;
else if (strcmp("m", arg) == 0) {
int len;
@@ -177,6 +179,6 @@
{
fprintf(stderr, "usage: %s [-d directory] [-noshell] [-nogecos] "
- "[-nopw] [-m arg1 [arg2 ...]]\n", getprogname());
+ "[-nopw] [-nodbfiles] [-m arg1 [arg2 ...]]\n", getprogname());
exit(EXIT_FAILURE);
}
--- yppasswdd_mkpw.c.orig 2012-05-02 09:32:45.000000000 +0200
+++ yppasswdd_mkpw.c 2012-05-02 09:32:45.000000000 +0200
@@ -159,10 +159,22 @@
pw_copy(pfd, tfd, &pw, NULL);
- if (pw_mkdb(pw.pw_name, 0) < 0) {
- warnx("pw_mkdb failed");
- pw_abort();
- RETURN(1);
+ if (!nodbfiles) {
+ if (pw_mkdb(pw.pw_name, 0) < 0) {
+ warnx("pw_mkdb failed");
+ pw_abort();
+ RETURN(1);
+ }
+ } else {
+ char from[MAXPATHLEN];
+
+ (void)strlcpy(from, pw_getprefix(), sizeof(from));
+ (void)strlcat(from, _PATH_MASTERPASSWD_LOCK, sizeof(from));
+ if (rename(from, mpwd) < 0) {
+ warnx("rename from %s to %s failed with errno = %d strerror = %s\n", from, mpwd, errno, strerror(errno));
+ pw_abort();
+ RETURN(1);
+ }
}
/* XXX RESTORE SIGNAL STATE? XXX */
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.