From 2cc7d414781f7fc0d220f265f9c4bdaf175d0b1c Mon Sep 17 00:00:00 2001 From: millert Date: Thu, 16 Aug 2001 18:22:04 +0000 Subject: Add -s flag to only update secure .db file (/etc/spwd.db). Can be used in conjunction with -u user when only the password has changed. --- usr.sbin/pwd_mkdb/pwd_mkdb.8 | 14 +++++++-- usr.sbin/pwd_mkdb/pwd_mkdb.c | 67 ++++++++++++++++++++++++++------------------ 2 files changed, 52 insertions(+), 29 deletions(-) (limited to 'usr.sbin/pwd_mkdb') diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.8 b/usr.sbin/pwd_mkdb/pwd_mkdb.8 index c790c85f97c..9d36183562b 100644 --- a/usr.sbin/pwd_mkdb/pwd_mkdb.8 +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pwd_mkdb.8,v 1.13 2001/06/08 04:23:25 aaron Exp $ +.\" $OpenBSD: pwd_mkdb.8,v 1.14 2001/08/16 18:22:04 millert Exp $ .\" .\" Copyright (c) 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -42,7 +42,7 @@ .Sh SYNOPSIS .Nm pwd_mkdb .Op Fl c -.Op Fl p +.Op Fl p | Fl s .Op Fl d Ar directory .Op Fl u Ar username .Ar file @@ -71,6 +71,16 @@ Do not change, add, or remove any files. .It Fl p Create a Version 7 style password file and install it into .Pa /etc/passwd . +.It Fl s +Only update the secure version of the database. +This is most commonly used in conjunction with the +.Fl u +flag during a password change. +Because the insecure database doesn't contain the password there +is no reason to update it if the only change is in the password field. +Cannot be used in conjunction with the +.Fl p +flag. .It Fl d Ar directory Operate in a base directory other than the default of .Pa /etc . diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c index f8b1eb27519..fe0b85921d7 100644 --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pwd_mkdb.c,v 1.24 2001/06/07 16:21:49 millert Exp $ */ +/* $OpenBSD: pwd_mkdb.c,v 1.25 2001/08/16 18:22:04 millert Exp $ */ /*- * Copyright (c) 1991, 1993, 1994 @@ -45,7 +45,7 @@ static char copyright[] = #if 0 static char sccsid[] = "from: @(#)pwd_mkdb.c 8.5 (Berkeley) 4/20/94"; #else -static char *rcsid = "$OpenBSD: pwd_mkdb.c,v 1.24 2001/06/07 16:21:49 millert Exp $"; +static char *rcsid = "$OpenBSD: pwd_mkdb.c,v 1.25 2001/08/16 18:22:04 millert Exp $"; #endif #endif /* not lint */ @@ -110,12 +110,12 @@ main(argc, argv) struct passwd pwd; sigset_t set; uid_t olduid; - int ch, tfd, makeold, flags = 0, checkonly = 0; + int ch, tfd, makeold, secureonly, flags, checkonly; char *username, buf[MAX(MAXPATHLEN, LINE_MAX * 2)]; - makeold = 0; + flags = checkonly = makeold = secureonly = 0; username = NULL; - while ((ch = getopt(argc, argv, "cd:pu:v")) != -1) + while ((ch = getopt(argc, argv, "cd:psu:v")) != -1) switch(ch) { case 'c': /* verify only */ checkonly = 1; @@ -128,6 +128,9 @@ main(argc, argv) case 'p': /* create V7 "file.orig" */ makeold = 1; break; + case 's': /* only update spwd.db */ + secureonly = 1; + break; case 'u': /* only update this record */ username = optarg; break; @@ -140,7 +143,8 @@ main(argc, argv) argc -= optind; argv += optind; - if (argc != 1 || (username && (*username == '+' || *username == '-'))) + if (argc != 1 || (makeold && secureonly) || + (username && (*username == '+' || *username == '-'))) usage(); /* @@ -221,19 +225,22 @@ main(argc, argv) clean |= FILE_SECURE; /* Open the temporary insecure password database. */ - (void)snprintf(buf, sizeof(buf), "%s.tmp", - changedir(_PATH_MP_DB, basedir)); - if (username) { - cp(changedir(_PATH_MP_DB, basedir), buf, PERM_INSECURE); - dp = dbopen(buf, - O_RDWR, PERM_INSECURE, DB_HASH, &openinfo); - } else { - dp = dbopen(buf, - O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE, DB_HASH, &openinfo); - } - if (dp == NULL) - error(buf); - clean |= FILE_INSECURE; + if (!secureonly) { + (void)snprintf(buf, sizeof(buf), "%s.tmp", + changedir(_PATH_MP_DB, basedir)); + if (username) { + cp(changedir(_PATH_MP_DB, basedir), buf, PERM_INSECURE); + dp = dbopen(buf, O_RDWR, PERM_INSECURE, DB_HASH, + &openinfo); + } else { + dp = dbopen(buf, O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE, + DB_HASH, &openinfo); + } + if (dp == NULL) + error(buf); + clean |= FILE_INSECURE; + } else + dp = NULL; /* * Open file for old password file. Minor trickiness -- don't want to @@ -287,16 +294,16 @@ main(argc, argv) if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1) error("put"); - if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1) + + if (dp && (dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1) error("put"); } if ((edp->close)(edp)) error("close edp"); - if ((dp->close)(dp)) + if (dp && (dp->close)(dp)) error("close dp"); if (makeold) { - (void)fflush(oldfp); if (fclose(oldfp) == EOF) error("close old"); } @@ -307,9 +314,11 @@ main(argc, argv) error("fclose"); /* Install as the real password files. */ - (void)snprintf(buf, sizeof(buf), "%s.tmp", - changedir(_PATH_MP_DB, basedir)); - mv(buf, changedir(_PATH_MP_DB, basedir)); + if (!secureonly) { + (void)snprintf(buf, sizeof(buf), "%s.tmp", + changedir(_PATH_MP_DB, basedir)); + mv(buf, changedir(_PATH_MP_DB, basedir)); + } (void)snprintf(buf, sizeof(buf), "%s.tmp", changedir(_PATH_SMP_DB, basedir)); mv(buf, changedir(_PATH_SMP_DB, basedir)); @@ -454,7 +463,7 @@ usage() { (void)fprintf(stderr, - "usage: pwd_mkdb [-cp] [-d basedir] [-u username] file\n"); + "usage: pwd_mkdb [-c] [-p | -s] [-d basedir] [-u username] file\n"); exit(1); } @@ -539,7 +548,8 @@ db_store(fp, oldfp, edp, dp, pw, keytype, username, olduid) memcpy(tbuf + 1, &olduid, sizeof(olduid)); key.size = sizeof(olduid) + 1; (edp->del)(edp, &key, 0); - (dp->del)(dp, &key, 0); + if (dp) + (dp->del)(dp, &key, 0); } /* XXX - should check to see if line number changed. */ } @@ -589,6 +599,9 @@ db_store(fp, oldfp, edp, dp, pw, keytype, username, olduid) if ((edp->put)(edp, &key, &data, dbmode) == -1) error("put"); + if (dp == NULL) + continue; + /* Star out password to make insecure record. */ p = buf + strlen(pw->pw_name) + 1; /* skip pw_name */ len = strlen(pw->pw_passwd); -- cgit v1.2.3-59-g8ed1b