From: maja <maja@openbsd.org>
Date: Thu, 13 Mar 1997 09:50:26 +0000 (+0000)
Subject: Add support for secure maps and master.passwd. -moj
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b0f200b9a768afcd207214d24560c07078ec9dca;p=openbsd

Add support for secure maps and passwd. -moj
---

diff --git a/usr.sbin/ypserv/ypinit/Makefile.yp b/usr.sbin/ypserv/ypinit/Makefile.yp
index 60e58bd3e7a..c8c1a952b6f 100644
--- a/usr.sbin/ypserv/ypinit/Makefile.yp
+++ b/usr.sbin/ypserv/ypinit/Makefile.yp
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.yp,v 1.5 1996/05/30 09:53:17 deraadt Exp $
+#	$OpenBSD: Makefile.yp,v 1.6 1997/03/13 09:50:26 maja Exp $
 
 YPDBDIR=/var/yp
 DIR=/etc
@@ -17,21 +17,47 @@ TOUCH=/usr/bin/touch
 DOMAIN="`/usr/bin/basename ${.CURDIR}`"
 YPPUSH=/usr/sbin/yppush
 
+# Password maps in standard YP is unsecure. This is due to the fact that
+# passwords are accessable for anyone. FreeBSD and now OpenBSD has a common
+# solution to this, maps can be secure (makedbm -s). If a map is secure only
+# a privileged user can access it.
+MAKEDBM-S=$(MAKEDBM) -s
+UNSECURE="True"
+
 all: passwd group hosts ethers networks rpc services protocols netid
 
 passwd.time: $(DIR)/master.passwd
 	-@if [ -f $(>) ]; then \
-		$(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \
+		if [ ! $(UNSECURE) ]; then \
+			$(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \
+			$(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
+			{ print $$1, $$1":*:"$$3":"$$4":"$$5":"$$6":"$$7 }' -|\
+			$(MAKEDBM) - passwd.byname; \
+			$(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\
+			$(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
+			{ print $$3, $$1":*:"$$3":"$$4":"$$5":"$$6":"$$7 }' -|\
+			$(MAKEDBM) - passwd.byuid; \
+		else \
+			$(CAT) $(>) | $(CUT) -d: -f1-4,8-10 | \
+			$(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
+			{ print $$1, $$0 }' - | $(MAKEDBM) - passwd.byname; \
+			$(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\
+			$(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
+			{ print $$3, $$0 }' - | $(MAKEDBM) - passwd.byuid; \
+		fi; \
+		$(CAT) $(>) | \
 		$(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
-		{ print $$1, $$0 }' - | $(MAKEDBM) - passwd.byname; \
-		$(CAT) $(>) | $(CUT) -d: -f1-4,8-10 |\
+		{ print $$1, $$0 }' - | $(MAKEDBM-S) - master.passwd.byname; \
+		$(CAT) $(>) | \
 		$(AWK) 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ \
-		{ print $$3, $$0 }' - | $(MAKEDBM) - passwd.byuid; \
+		{ print $$3, $$0 }' - | $(MAKEDBM-S) - master.passwd.byuid; \
 		$(TOUCH) $(@); \
 		$(ECHO) "updated passwd"; \
 		if [ ! $(NOPUSH) ]; then \
 			$(YPPUSH) -d $(DOMAIN) passwd.byname; \
 			$(YPPUSH) -d $(DOMAIN) passwd.byuid; \
+			$(YPPUSH) -d $(DOMAIN) master.passwd.byname; \
+			$(YPPUSH) -d $(DOMAIN) master.passwd.byuid; \
 			$(ECHO) "pushed passwd"; \
 		else \
 			: ; \
@@ -210,3 +236,4 @@ $(DIR)/rpc:
 $(DIR)/services:
 $(DIR)/protocols:
 $(DIR)/netid:
+$(DIR)/master.passwd: