Recently, I asked:
>I've been trying to get "rpc.yppasswdd" to work, and no matter what I try,
>it fails. The system is a 4/380 running 4.1.
>The program always dumps core in /var/yp. There is always a newly created
>empty file in /etc/security/passwd.adjunct.ptmp.
>Is there anything I can do to make this work, or is it a known bug?
The replies that I received suggested that it was a bug, so I called Sun.
Sure enough, it was a bug.
>From the README...
>Keywords: client..da, passwd, out, time, failed, RPC, dies, client, serve
>Keywords: CTE, security, passwd, -e, c2, aging, passwd.adj, command
>Synopsis: yppasswd will not allow user to change from client..daemon.
>Synopsis: The passwd -e command does not work when c2 security is in place
>SunOS release: 4.1
>BugId's fixed with this patch: 1040334, 1040465
>Architectures for which this patch is available: sun3, sun4, sun4c
>This patch is INCOMPATIBLE with systems running US encryption since they
>each change libc
>Obsoleted by: 4.1.2
>Problem Description 1040334:
>The rpc.yppasswdd was core dumping when used with C2 installed.
>This was caused by the library routine getauditflags.c. It was doing
>a store of 0 to an array with a -1 index and clobbering the runtime stack.
>This occured if there were no audit flags in the passwd.adjunct entry being
>updated by rpc.yppasswdd.
>Note: the command line arguments to rpc.yppasswdd must be set properly or
> or bad and mysterious things will happen. The fragment below
> illustrates how it should be evoked in /etc/rc.local.
>if [ -f /usr/etc/rpc.yppasswdd -a -d /var/yp/`domainname` ] ; then
> if [ -f /etc/security/passwd.adjunct ]; then
> /usr/etc/rpc.yppasswdd /etc/passwd /etc/security/passwd.adjunct -m \
># If the paramaters are incorrect, it is possible to trick the daemon into
># updating /etc/passwd with the adjunct file.
>Problem Description 1040465:
>The changes for passwd aging fall into two areas: getpwaent.c and passwd.c.
>lib/libc/gen/common/getpwanet.c was not parsing the aging information properly.
>The pointer to the string that was susposed to contain the age data was being
>being left pointing at the NULL at the end of the password string.
>There were 2 problems in passwd.c.
>1) /etc/passwd was always being used even though the aging data was in the
> adjunct file.
>2) The current data was not being encoded with the age data when the initial
> aging data was set.
>3) The granularity of time for password aging is a week. Thus days are
> converted into weeks. This is not indicated in the documentation.
>To fix the aging problem, new versions of libc.a are require. This includes
>the shared libraries. Two utilities are effected: passwd and login.
>Login itself does not need changed, it is fixed in the library change, but
>it's functionality changes due to this library change thus it is listed here
>as being effected.
Elizabeth Delaney <firstname.lastname@example.org>
Richard Elling <email@example.com>
Upkar Singh Kohli <firstname.lastname@example.org>
Michael N. Lipp <email@example.com>
Frank Northrup <firstname.lastname@example.org>
Kevin W. Thomas
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:05:59 CDT