Add support for secure maps and master.passwd. -moj

diff --git a/usr.sbin/ypserv/ypinit/Makefile.yp b/usr.sbin/ypserv/ypinit/Makefile.yp
index 60e58bd..c8c1a95 100644 (file)
--- a/usr.sbin/ypserv/ypinit/Makefile.yp
+++ b/usr.sbin/ypserv/ypinit/Makefile.yp
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile.yp,v 1.5 1996/05/30 09:53:17 deraadt Exp $
+#      $OpenBSD: Makefile.yp,v 1.6 1997/03/13 09:50:26 maja Exp $
 
 YPDBDIR=/var/yp
 DIR=/etc
@@ -17,21 +17,47 @@ TOUCH=/usr/bin/touch
 DOMAIN="`/usr/bin/basename ${.CURDIR}`"
 YPPUSH=/usr/sbin/yppush
 
+# Password maps in standard YP is unsecure. This is due to the fact that
+# passwords are accessable for anyone. FreeBSD and now OpenBSD has a common
+# solution to this, maps can be secure (makedbm -s). If a map is secure only
+# a privileged user can access it.
+MAKEDBM-S=$(MAKEDBM) -s
+UNSECURE="True"
+
 all: passwd group hosts ethers networks rpc services protocols netid
 
 passwd.time: $(DIR)/master.passwd
        -@if [ -f $(>) ]; then \
-               $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \
+               if [ ! $(UNSECURE) ]; then \
+                       $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \
+                       $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
+                       { print $$1, $$1":*:"$$3":"$$4":"$$5":"$$6":"$$7 }' -|\
+                       $(MAKEDBM) - passwd.byname; \
+                       $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\
+                       $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
+                       { print $$3, $$1":*:"$$3":"$$4":"$$5":"$$6":"$$7 }' -|\
+                       $(MAKEDBM) - passwd.byuid; \
+               else \
+                       $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \
+                       $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
+                       { print $$1, $$0 }' - | $(MAKEDBM) - passwd.byname; \
+                       $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\
+                       $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
+                       { print $$3, $$0 }' - | $(MAKEDBM) - passwd.byuid; \
+               fi; \
+               $(CAT) $(>) | \
                $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
-               { print $$1, $$0 }' - | $(MAKEDBM) - passwd.byname; \
-               $(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\
+               { print $$1, $$0 }' - | $(MAKEDBM-S) - master.passwd.byname; \
+               $(CAT) $(>) | \
                $(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
-               { print $$3, $$0 }' - | $(MAKEDBM) - passwd.byuid; \
+               { print $$3, $$0 }' - | $(MAKEDBM-S) - master.passwd.byuid; \
                $(TOUCH) $(@); \
                $(ECHO) "updated passwd"; \
                if [ ! $(NOPUSH) ]; then \
                        $(YPPUSH) -d $(DOMAIN) passwd.byname; \
                        $(YPPUSH) -d $(DOMAIN) passwd.byuid; \
+                       $(YPPUSH) -d $(DOMAIN) master.passwd.byname; \
+                       $(YPPUSH) -d $(DOMAIN) master.passwd.byuid; \
                        $(ECHO) "pushed passwd"; \
                else \
                        : ; \
@@ -210,3 +236,4 @@ $(DIR)/rpc:
 $(DIR)/services:
 $(DIR)/protocols:
 $(DIR)/netid:
+$(DIR)/master.passwd: