Problem: rpc.yppasswdd didn't work if invoked with the "-noshell" option.

Reason: In routine make_passwd() in yppasswdd_mkpw.c, fgets() is used
to read master.passwd line-by-line. The lines are then parsed using
pw_scan(), without removing the trailing \n from the line. pw_scan()
fills in the shell name into pw.pw_shell, including the trailing \n.

Subsequently, rpc.yppasswdd calls pw_copy(), which copies master.passwd
to ptmp, updating the entry for pw.pw_name. pw_copy() terminates the
updated entry with an additonal \n, so that there is now an empty line
in ptmp.

Finally, rpc.yppasswdd calls pw_mkdb(3), which exec's /usr/sbin/pwd_mkdb
to install ptmp to master.passwd (and to create the pwd.db and spwd.db
data bases). pwd_mkdb chokes on the empty ptmp line.

Fix: remove the trailing \n from the buffer fgets() returns. As a side
effect, this gets us some additional error checking.

Reviewed by <tron>.
This commit is contained in:
wennmach 2004-05-12 08:25:53 +00:00
parent 6a835c2b56
commit 0269a1249b

View File

@ -1,4 +1,4 @@
/* $NetBSD: yppasswdd_mkpw.c,v 1.11 2003/11/12 13:31:07 grant Exp $ */
/* $NetBSD: yppasswdd_mkpw.c,v 1.12 2004/05/12 08:25:53 wennmach Exp $ */
/*
* Copyright (c) 1996 Jason R. Thorpe <thorpej@NetBSD.org>
@ -36,7 +36,7 @@
#include <sys/cdefs.h>
#ifndef lint
__RCSID("$NetBSD: yppasswdd_mkpw.c,v 1.11 2003/11/12 13:31:07 grant Exp $");
__RCSID("$NetBSD: yppasswdd_mkpw.c,v 1.12 2004/05/12 08:25:53 wennmach Exp $");
#endif /* not lint */
#include <sys/types.h>
@ -72,6 +72,8 @@ make_passwd(yppasswd *argp, struct svc_req *rqstp, SVCXPRT *transp)
int pfd, tfd;
char mpwd[MAXPATHLEN];
char buf[8192]; /* from libutil */
char *p;
int lineno;
FILE *fpw;
#define REPLY(val) do { \
@ -100,7 +102,7 @@ make_passwd(yppasswd *argp, struct svc_req *rqstp, SVCXPRT *transp)
warnx("%s", mpwd);
RETURN(1);
}
for(;;) {
for(lineno = 1; ; lineno++) {
if (fgets(buf, sizeof(buf), fpw) == NULL) {
if (feof(fpw))
warnx("%s: %s not found", mpwd,
@ -109,6 +111,12 @@ make_passwd(yppasswd *argp, struct svc_req *rqstp, SVCXPRT *transp)
warnx("%s: %s", mpwd, strerror(errno));
RETURN(1);
}
if ((p = strchr(buf, '\n')) == NULL) {
warnx("line %d too long", lineno);
RETURN(1);
}
/* get rid of trailing \n */
*p = '\0';
if (pw_scan(buf, &pw, NULL) == 0)
continue;
if (strncmp(argp->newpw.pw_name, pw.pw_name, MAXLOGNAME) == 0)