]> git.saurik.com Git - apple/system_cmds.git/blobdiff - pwd_mkdb.tproj/pwd_mkdb.c
system_cmds-880.40.5.tar.gz
[apple/system_cmds.git] / pwd_mkdb.tproj / pwd_mkdb.c
index 5d3d10cf3b7918fc81d8152228277b8e020f1302..7d024228d6cd8754eaea94c61b18487fe8f46d68 100644 (file)
@@ -1,30 +1,10 @@
-/*
- * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
- */
+/*     $OpenBSD: pwd_mkdb.c,v 1.36 2003/06/08 21:14:55 millert Exp $   */
+
 /*-
  * Copyright (c) 1991, 1993, 1994
  *     The Regents of the University of California.  All rights reserved.
+ * Portions Copyright (c) 1994, Jason Downs.  All rights reserved.
+ * Portions Copyright (c) 1998, Todd C. Miller.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *     This product includes software developed by the University of
- *     California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
  * SUCH DAMAGE.
  */
 
+#include <sys/cdefs.h>
 #ifndef lint
-static char copyright[] =
+__unused static const char copyright[] =
 "@(#) Copyright (c) 1991, 1993, 1994\n\
        The Regents of the University of California.  All rights reserved.\n";
 #endif /* not lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)pwd_mkdb.c 8.5 (Berkeley) 4/20/94";
+#if 0
+static const char sccsid[] = "from: @(#)pwd_mkdb.c     8.5 (Berkeley) 4/20/94";
+#else
+__unused static const char rcsid[] = "$OpenBSD: pwd_mkdb.c,v 1.36 2003/06/08 21:14:55 millert Exp $";
+#endif
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -72,6 +53,7 @@ static char sccsid[] = "@(#)pwd_mkdb.c        8.5 (Berkeley) 4/20/94";
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <grp.h>
 #include <limits.h>
 #include <pwd.h>
 #include <signal.h>
@@ -79,7 +61,8 @@ static char sccsid[] = "@(#)pwd_mkdb.c        8.5 (Berkeley) 4/20/94";
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-
+#include <util.h>
+#include <sys/param.h>
 #include "pw_scan.h"
 
 #define        INSECURE        1
@@ -87,44 +70,74 @@ static char sccsid[] = "@(#)pwd_mkdb.c      8.5 (Berkeley) 4/20/94";
 #define        PERM_INSECURE   (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)
 #define        PERM_SECURE     (S_IRUSR|S_IWUSR)
 
+#define FILE_SECURE    0x01
+#define FILE_INSECURE  0x02
+#define FILE_ORIG      0x04
+
+#define        SHADOW_GROUP    "wheel"
+
 HASHINFO openinfo = {
-       4096,           /* bsize */
-       32,             /* ffactor */
-       256,            /* nelem */
-       2048 * 1024,    /* cachesize */
-       NULL,           /* hash() */
-       0               /* lorder */
+       .bsize = 4096,
+       .ffactor = 32,
+       .nelem = 256,
+       .cachesize = 2048 * 1024,
+       .hash = NULL,
+       .lorder = 0
 };
 
-static enum state { FILE_INSECURE, FILE_SECURE, FILE_ORIG } clean;
-static struct passwd pwd;                      /* password structure */
 static char *pname;                            /* password file name */
-
-void   cleanup __P((void));
-void   error __P((char *));
-void   mv __P((char *, char *));
-int    scan __P((FILE *, struct passwd *));
-void   usage __P((void));
+static char *basedir;                          /* dir holding master.passwd */
+static int clean;                              /* what to remove on cleanup */
+static int hasyp;                              /* are we running YP? */
+
+void   cleanup(void);
+void   error(char *);
+void   errorx(char *);
+void   cp(char *, char *, mode_t);
+void   mv(char *, char *);
+int    scan(FILE *, struct passwd *, int *);
+void   usage(void);
+char   *changedir(char *path, char *dir);
+void   db_store(FILE *, FILE *, DB *, DB *,struct passwd *, int, char *, uid_t);
 
 int
-main(argc, argv)
-       int argc;
-       char *argv[];
+main(int argc, char **argv)
 {
        DB *dp, *edp;
        DBT data, key;
-       FILE *fp, *oldfp;
+       FILE *fp, *oldfp = NULL;
+       struct stat st;
+       struct passwd pwd;
+       struct group *grp;
        sigset_t set;
-       int ch, cnt, len, makeold, tfd;
-       char *p, *t;
-       char buf[MAX(MAXPATHLEN, LINE_MAX * 2)], tbuf[1024];
-
-       makeold = 0;
-       while ((ch = getopt(argc, argv, "pv")) != EOF)
-               switch(ch) {
+       uid_t olduid = UID_MAX;
+       gid_t shadow;
+       int ch, tfd, makeold, secureonly, flags, checkonly;
+       char *username, buf[MAX(MAXPATHLEN, LINE_MAX * 2)];
+
+       flags = checkonly = makeold = secureonly = 0;
+       username = NULL;
+       while ((ch = getopt(argc, argv, "cd:psu:v")) != -1)
+               switch (ch) {
+               case 'c':                       /* verify only */
+                       checkonly = 1;
+                       break;
+               case 'd':
+                       basedir = optarg;
+                       if (strlen(basedir) > MAXPATHLEN - 40)
+                               errx(1, "basedir too long");
+                       break;
                case 'p':                       /* create V7 "file.orig" */
                        makeold = 1;
                        break;
+               case 's':                       /* only update spwd.db */
+                       secureonly = 1;
+                       break;
+               case 'u':                       /* only update this record */
+                       username = optarg;
+                       if (strlen(username) > _PW_NAME_LEN)
+                               errx(1, "username too long");
+                       break;
                case 'v':                       /* backward compatible */
                        break;
                case '?':
@@ -134,9 +147,15 @@ main(argc, argv)
        argc -= optind;
        argv += optind;
 
-       if (argc != 1)
+       if (argc != 1 || (makeold && secureonly) ||
+           (username && (*username == '+' || *username == '-')))
                usage();
 
+       if ((grp = getgrnam(SHADOW_GROUP)) == NULL)
+               errx(1, "cannot find `%s' in the group database, aborting",
+                   SHADOW_GROUP);
+       shadow = grp->gr_gid;
+
        /*
         * This could be changed to allow the user to interrupt.
         * Probably not worth the effort.
@@ -152,18 +171,92 @@ main(argc, argv)
        /* We don't care what the user wants. */
        (void)umask(0);
 
-       pname = *argv;
+       if (**argv != '/' && basedir == NULL)
+               errx(1, "%s must be specified as an absolute path", *argv);
+
+       if ((pname = strdup(changedir(*argv, basedir))) == NULL)
+               err(1, NULL);
        /* Open the original password file */
        if (!(fp = fopen(pname, "r")))
                error(pname);
 
-       /* Open the temporary insecure password database. */
-       (void)snprintf(buf, sizeof(buf), "%s.tmp", _PATH_MP_DB);
-       dp = dbopen(buf,
-           O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE, DB_HASH, &openinfo);
-       if (dp == NULL)
+       /* Check only if password database is valid */
+       if (checkonly) {
+               u_int cnt;
+
+               for (cnt = 1; scan(fp, &pwd, &flags); ++cnt)
+                       ;
+               exit(0);
+       }
+
+       if (fstat(fileno(fp), &st) == -1)
+               error(pname);
+
+       /* Tweak openinfo values for large passwd files. */
+       if (st.st_size > (off_t)100*1024)
+               openinfo.cachesize = (u_int)MIN(st.st_size * 20, (off_t)12*1024*1024);
+       if (st.st_size / 128 > openinfo.nelem)
+               openinfo.nelem = (u_int)(st.st_size / 128);
+
+        /* If only updating a single record, stash the old uid */
+       if (username) {
+               dp = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
+               if (dp == NULL)
+                       error(_PATH_MP_DB);
+               buf[0] = _PW_KEYBYNAME;
+               strlcpy(buf + 1, username, sizeof(buf) - 1);
+               key.data = (u_char *)buf;
+               key.size = strlen(buf + 1) + 1;
+               if ((dp->get)(dp, &key, &data, 0) == 0) {
+                       char *p = (char *)data.data;
+                       /* Skip to uid field */
+                       while (*p++ != '\0')
+                               ;
+                       while (*p++ != '\0')
+                               ;
+                       memcpy(&olduid, p, sizeof(olduid));
+               } else
+                       olduid = UID_MAX;
+               (dp->close)(dp);
+       }
+
+       /* Open the temporary encrypted password database. */
+       (void)snprintf(buf, sizeof(buf), "%s.tmp",
+           changedir(_PATH_SMP_DB, basedir));
+       if (username) {
+               cp(changedir(_PATH_SMP_DB, basedir), buf, PERM_SECURE);
+               edp = dbopen(buf,
+                   O_RDWR, PERM_SECURE, DB_HASH, &openinfo);
+       } else {
+               edp = dbopen(buf,
+                   O_RDWR|O_CREAT|O_EXCL, PERM_SECURE, DB_HASH, &openinfo);
+       }
+       if (!edp)
                error(buf);
-       clean = FILE_INSECURE;
+       if (fchown(edp->fd(edp), (uid_t)-1, shadow) != 0)
+               warn("%s: unable to set group to %s", _PATH_SMP_DB,
+                   SHADOW_GROUP);
+       else if (fchmod(edp->fd(edp), PERM_SECURE|S_IRGRP) != 0)
+               warn("%s: unable to make group readable", _PATH_SMP_DB);
+       clean |= FILE_SECURE;
+
+       /* Open the temporary insecure password database. */
+       if (!secureonly) {
+               (void)snprintf(buf, sizeof(buf), "%s.tmp",
+                   changedir(_PATH_MP_DB, basedir));
+               if (username) {
+                       cp(changedir(_PATH_MP_DB, basedir), buf, PERM_INSECURE);
+                       dp = dbopen(buf, O_RDWR, PERM_INSECURE, DB_HASH,
+                           &openinfo);
+               } else {
+                       dp = dbopen(buf, O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE,
+                           DB_HASH, &openinfo);
+               }
+               if (dp == NULL)
+                       error(buf);
+               clean |= FILE_INSECURE;
+       } else
+               dp = NULL;
 
        /*
         * Open file for old password file.  Minor trickiness -- don't want to
@@ -179,7 +272,7 @@ main(argc, argv)
                        error(buf);
                if ((oldfp = fdopen(tfd, "w")) == NULL)
                        error(buf);
-               clean = FILE_ORIG;
+               clean |= FILE_ORIG;
        }
 
        /*
@@ -192,171 +285,97 @@ main(argc, argv)
         * _PW_KEYBYUID character.  The third key is the line number in the
         * original file prepended by the _PW_KEYBYNUM character.  (The special
         * characters are prepended to ensure that the keys do not collide.)
+        *
+        * If we see something go by that looks like YP, we save a special
+        * pointer record, which if YP is enabled in the C lib, will speed
+        * things up.
         */
-       data.data = (u_char *)buf;
-       key.data = (u_char *)tbuf;
-       for (cnt = 1; scan(fp, &pwd); ++cnt) {
-#define        COMPACT(e)      t = e; while (*p++ = *t++);
-               /* Create insecure data. */
-               p = buf;
-               COMPACT(pwd.pw_name);
-               COMPACT("*");
-               memmove(p, &pwd.pw_uid, sizeof(int));
-               p += sizeof(int);
-               memmove(p, &pwd.pw_gid, sizeof(int));
-               p += sizeof(int);
-               memmove(p, &pwd.pw_change, sizeof(time_t));
-               p += sizeof(time_t);
-               COMPACT(pwd.pw_class);
-               COMPACT(pwd.pw_gecos);
-               COMPACT(pwd.pw_dir);
-               COMPACT(pwd.pw_shell);
-               memmove(p, &pwd.pw_expire, sizeof(time_t));
-               p += sizeof(time_t);
-               data.size = p - buf;
-
-               /* Store insecure by name. */
-               tbuf[0] = _PW_KEYBYNAME;
-               len = strlen(pwd.pw_name);
-               memmove(tbuf + 1, pwd.pw_name, len);
-               key.size = len + 1;
-               if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
-                       error("put");
-
-               /* Store insecure by number. */
-               tbuf[0] = _PW_KEYBYNUM;
-               memmove(tbuf + 1, &cnt, sizeof(cnt));
-               key.size = sizeof(cnt) + 1;
-               if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
-                       error("put");
-
-               /* Store insecure by uid. */
-               tbuf[0] = _PW_KEYBYUID;
-               memmove(tbuf + 1, &pwd.pw_uid, sizeof(pwd.pw_uid));
-               key.size = sizeof(pwd.pw_uid) + 1;
-               if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
-                       error("put");
-
-               /* Create original format password file entry */
-               if (makeold)
-                       (void)fprintf(oldfp, "%s:*:%d:%d:%s:%s:%s\n",
-                           pwd.pw_name, pwd.pw_uid, pwd.pw_gid, pwd.pw_gecos,
-                           pwd.pw_dir, pwd.pw_shell);
-       }
-       (void)(dp->close)(dp);
-       if (makeold) {
-               (void)fflush(oldfp);
-               (void)fclose(oldfp);
-       }
-
-       /* Open the temporary encrypted password database. */
-       (void)snprintf(buf, sizeof(buf), "%s.tmp", _PATH_SMP_DB);
-       edp = dbopen(buf,
-           O_RDWR|O_CREAT|O_EXCL, PERM_SECURE, DB_HASH, &openinfo);
-       if (!edp)
-               error(buf);
-       clean = FILE_SECURE;
 
-       rewind(fp);
-       for (cnt = 1; scan(fp, &pwd); ++cnt) {
-
-               /* Create secure data. */
-               p = buf;
-               COMPACT(pwd.pw_name);
-               COMPACT(pwd.pw_passwd);
-               memmove(p, &pwd.pw_uid, sizeof(int));
-               p += sizeof(int);
-               memmove(p, &pwd.pw_gid, sizeof(int));
-               p += sizeof(int);
-               memmove(p, &pwd.pw_change, sizeof(time_t));
-               p += sizeof(time_t);
-               COMPACT(pwd.pw_class);
-               COMPACT(pwd.pw_gecos);
-               COMPACT(pwd.pw_dir);
-               COMPACT(pwd.pw_shell);
-               memmove(p, &pwd.pw_expire, sizeof(time_t));
-               p += sizeof(time_t);
-               data.size = p - buf;
+       /*
+        * Write the .db files.
+        * We do this three times, one per key type (for getpw{nam,uid,ent}).
+        * The first time through we also check for YP, issue warnings
+        * and save the V7 format passwd file if necessary.
+        */
+       db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYNAME, username, olduid);
+       db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYUID, username, olduid);
+       db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYNUM, username, olduid);
 
-               /* Store secure by name. */
-               tbuf[0] = _PW_KEYBYNAME;
-               len = strlen(pwd.pw_name);
-               memmove(tbuf + 1, pwd.pw_name, len);
-               key.size = len + 1;
-               if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
-                       error("put");
+       /* Store YP token, if needed. */
+       if (hasyp && !username) {
+               key.data = (u_char *)_PW_YPTOKEN;
+               key.size = strlen(_PW_YPTOKEN);
+               data.data = (u_char *)NULL;
+               data.size = 0;
 
-               /* Store secure by number. */
-               tbuf[0] = _PW_KEYBYNUM;
-               memmove(tbuf + 1, &cnt, sizeof(cnt));
-               key.size = sizeof(cnt) + 1;
                if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
                        error("put");
 
-               /* Store secure by uid. */
-               tbuf[0] = _PW_KEYBYUID;
-               memmove(tbuf + 1, &pwd.pw_uid, sizeof(pwd.pw_uid));
-               key.size = sizeof(pwd.pw_uid) + 1;
-               if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
+               if (dp && (dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
                        error("put");
        }
 
-       (void)(edp->close)(edp);
+       if ((edp->close)(edp))
+               error("close edp");
+       if (dp && (dp->close)(dp))
+               error("close dp");
+       if (makeold) {
+               if (fclose(oldfp) == EOF)
+                       error("close old");
+       }
 
        /* Set master.passwd permissions, in case caller forgot. */
        (void)fchmod(fileno(fp), S_IRUSR|S_IWUSR);
-       (void)fclose(fp);
+       if (fclose(fp) != 0)
+               error("fclose");
 
        /* Install as the real password files. */
-       (void)snprintf(buf, sizeof(buf), "%s.tmp", _PATH_MP_DB);
-       mv(buf, _PATH_MP_DB);
-       (void)snprintf(buf, sizeof(buf), "%s.tmp", _PATH_SMP_DB);
-       mv(buf, _PATH_SMP_DB);
+       if (!secureonly) {
+               (void)snprintf(buf, sizeof(buf), "%s.tmp",
+                   changedir(_PATH_MP_DB, basedir));
+               mv(buf, changedir(_PATH_MP_DB, basedir));
+       }
+       (void)snprintf(buf, sizeof(buf), "%s.tmp",
+           changedir(_PATH_SMP_DB, basedir));
+       mv(buf, changedir(_PATH_SMP_DB, basedir));
        if (makeold) {
                (void)snprintf(buf, sizeof(buf), "%s.orig", pname);
-               mv(buf, _PATH_PASSWD);
+               mv(buf, changedir(_PATH_PASSWD, basedir));
        }
+
        /*
         * Move the master password LAST -- chpass(1), passwd(1) and vipw(8)
         * all use flock(2) on it to block other incarnations of themselves.
         * The rename means that everything is unlocked, as the original file
         * can no longer be accessed.
         */
-       mv(pname, _PATH_MASTERPASSWD);
+       mv(pname, changedir(_PATH_MASTERPASSWD, basedir));
        exit(0);
 }
 
 int
-scan(fp, pw)
-       FILE *fp;
-       struct passwd *pw;
+scan(FILE *fp, struct passwd *pw, int *flags)
 {
        static int lcnt;
        static char line[LINE_MAX];
        char *p;
 
-#if defined(__APPLE__)
-       do {
-               if (!fgets(line, sizeof(line), fp))
-                   return (0);
-       } while (line[0] == '#');
-#else
-       if (!fgets(line, sizeof(line), fp))
+       if (fgets(line, sizeof(line), fp) == NULL)
                return (0);
-#endif
        ++lcnt;
        /*
         * ``... if I swallow anything evil, put your fingers down my
         * throat...''
         *      -- The Who
         */
-       if (!(p = strchr(line, '\n'))) {
+       p = line;
+       if (*p != '\0' && *(p += strlen(line) - 1) != '\n') {
                warnx("line too long");
                goto fmt;
-
        }
        *p = '\0';
-       if (!pw_scan(line, pw)) {
+       *flags = 0;
+       if (!pw_scan(line, pw, flags)) {
                warnx("at line #%d", lcnt);
 fmt:           errno = EFTYPE; /* XXX */
                error(pname);
@@ -366,13 +385,43 @@ fmt:              errno = EFTYPE; /* XXX */
 }
 
 void
-mv(from, to)
-       char *from, *to;
+cp(char *from, char *to, mode_t mode)
 {
-       char buf[MAXPATHLEN];
+       static char buf[MAXBSIZE];
+       int from_fd, to_fd;
+       ssize_t rcount, wcount;
+
+       if ((from_fd = open(from, O_RDONLY, 0)) < 0)
+               error(from);
+       if ((to_fd = open(to, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0)
+               error(to);
+       while ((rcount = read(from_fd, buf, MAXBSIZE)) > 0) {
+               wcount = write(to_fd, buf, rcount);
+               if (rcount != wcount || wcount == -1) {
+                       int sverrno = errno;
+
+                       (void)snprintf(buf, sizeof(buf), "%s to %s", from, to);
+                       errno = sverrno;
+                       error(buf);
+               }
+       }
+       if (rcount < 0) {
+               int sverrno = errno;
+
+               (void)snprintf(buf, sizeof(buf), "%s to %s", from, to);
+               errno = sverrno;
+               error(buf);
+       }
+}
+
+void
+mv(char *from, char *to)
+{
+       char buf[MAXPATHLEN * 2];
 
        if (rename(from, to)) {
                int sverrno = errno;
+
                (void)snprintf(buf, sizeof(buf), "%s to %s", from, to);
                errno = sverrno;
                error(buf);
@@ -380,39 +429,197 @@ mv(from, to)
 }
 
 void
-error(name)
-       char *name;
+error(char *name)
 {
+       warn("%s", name);
+       cleanup();
+       exit(1);
+}
 
-       warn(name);
+void
+errorx(char *name)
+{
+       warnx("%s", name);
        cleanup();
        exit(1);
 }
 
 void
-cleanup()
+cleanup(void)
 {
        char buf[MAXPATHLEN];
 
-       switch(clean) {
-       case FILE_ORIG:
+       if (clean & FILE_ORIG) {
                (void)snprintf(buf, sizeof(buf), "%s.orig", pname);
                (void)unlink(buf);
-               /* FALLTHROUGH */
-       case FILE_SECURE:
-               (void)snprintf(buf, sizeof(buf), "%s.tmp", _PATH_SMP_DB);
+       }
+       if (clean & FILE_SECURE) {
+               (void)snprintf(buf, sizeof(buf), "%s.tmp",
+                   changedir(_PATH_SMP_DB, basedir));
                (void)unlink(buf);
-               /* FALLTHROUGH */
-       case FILE_INSECURE:
-               (void)snprintf(buf, sizeof(buf), "%s.tmp", _PATH_MP_DB);
+       }
+       if (clean & FILE_INSECURE) {
+               (void)snprintf(buf, sizeof(buf), "%s.tmp",
+                   changedir(_PATH_MP_DB, basedir));
                (void)unlink(buf);
        }
 }
 
 void
-usage()
+usage(void)
 {
-
-       (void)fprintf(stderr, "usage: pwd_mkdb [-p] file\n");
+       (void)fprintf(stderr,
+           "usage: pwd_mkdb [-c] [-p | -s] [-d basedir] [-u username] file\n");
        exit(1);
 }
+
+char *
+changedir(char *path, char *dir)
+{
+       static char fixed[MAXPATHLEN];
+       char *p;
+
+       if (!dir)
+               return (path);
+
+       if ((p = strrchr(path, '/')) != NULL)
+               path = p + 1;
+       snprintf(fixed, sizeof(fixed), "%s/%s", dir, path);
+       return (fixed);
+}
+
+void
+db_store(FILE *fp, FILE *oldfp, DB *edp, DB *dp, struct passwd *pw,
+        int keytype, char *username, uid_t olduid)
+{
+       int flags = 0;
+       int dbmode, found = 0;
+       u_int cnt;
+       char *p, *t, buf[LINE_MAX * 2], tbuf[1024];
+       DBT data, key;
+       size_t len;
+       static int firsttime = 1;
+
+       /* If given a username just add that record to the existing db. */
+       dbmode = username ? 0 : R_NOOVERWRITE;
+
+       rewind(fp);
+       data.data = (u_char *)buf;
+       key.data = (u_char *)tbuf;
+       for (cnt = 1; scan(fp, pw, &flags); ++cnt) {
+
+#ifdef __APPLE__
+               if (pw->pw_name == NULL)
+                       continue;
+#endif
+
+               if (firsttime) {
+                       /* Look like YP? */
+                       if ((pw->pw_name[0] == '+') || (pw->pw_name[0] == '-'))
+                               hasyp++;
+
+                       /* Warn about potentially unsafe uid/gid overrides. */
+                       if (pw->pw_name[0] == '+') {
+                               if (!(flags & _PASSWORD_NOUID) && !pw->pw_uid)
+                                       warnx("line %d: superuser override in "
+                                           "YP inclusion", cnt);
+                               if (!(flags & _PASSWORD_NOGID) && !pw->pw_gid)
+                                       warnx("line %d: wheel override in "
+                                           "YP inclusion", cnt);
+                       }
+
+                       /* Create V7 format password file entry. */
+                       if (oldfp != NULL)
+                               if (fprintf(oldfp, "%s:*:%u:%u:%s:%s:%s\n",
+                                   pw->pw_name, pw->pw_uid, pw->pw_gid,
+                                   pw->pw_gecos, pw->pw_dir, pw->pw_shell)
+                                   == EOF)
+                                       error("write old");
+               }
+
+               /* Are we updating a specific record? */
+               if (username) {
+                       if (strcmp(username, pw->pw_name) != 0)
+                               continue;
+                       found = 1;
+                       /* If the uid changed, remove the old record by uid. */
+                       if (olduid != UID_MAX && olduid != pw->pw_uid) {
+                               tbuf[0] = _PW_KEYBYUID;
+                               memcpy(tbuf + 1, &olduid, sizeof(olduid));
+                               key.size = sizeof(olduid) + 1;
+                               (edp->del)(edp, &key, 0);
+                               if (dp)
+                                       (dp->del)(dp, &key, 0);
+                       }
+                       /* XXX - should check to see if line number changed. */
+               }
+
+               /* Build the key. */
+               tbuf[0] = keytype;
+               switch (keytype) {
+               case _PW_KEYBYNUM:
+                       memmove(tbuf + 1, &cnt, sizeof(cnt));
+                       key.size = sizeof(cnt) + 1;
+                       break;
+
+               case _PW_KEYBYNAME:
+                       len = strlen(pw->pw_name);
+                       memmove(tbuf + 1, pw->pw_name, len);
+                       key.size = len + 1;
+                       break;
+
+               case _PW_KEYBYUID:
+                       memmove(tbuf + 1, &pw->pw_uid, sizeof(pw->pw_uid));
+                       key.size = sizeof(pw->pw_uid) + 1;
+                       break;
+               }
+
+#define        COMPACT(e)      t = e; while ((*p++ = *t++));
+               /* Create the secure record. */
+               p = buf;
+               COMPACT(pw->pw_name);
+               COMPACT(pw->pw_passwd);
+               memmove(p, &pw->pw_uid, sizeof(uid_t));
+               p += sizeof(uid_t);
+               memmove(p, &pw->pw_gid, sizeof(gid_t));
+               p += sizeof(gid_t);
+               memmove(p, &pw->pw_change, sizeof(time_t));
+               p += sizeof(time_t);
+               COMPACT(pw->pw_class);
+               COMPACT(pw->pw_gecos);
+               COMPACT(pw->pw_dir);
+               COMPACT(pw->pw_shell);
+               memmove(p, &pw->pw_expire, sizeof(time_t));
+               p += sizeof(time_t);
+               memmove(p, &flags, sizeof(int));
+               p += sizeof(int);
+               data.size = p - buf;
+
+               /* Write the secure record. */
+               if ((edp->put)(edp, &key, &data, dbmode) == -1)
+                       error("put");
+
+               if (dp == NULL)
+                       continue;
+
+               /* Star out password to make insecure record. */
+               p = buf + strlen(pw->pw_name) + 1;      /* skip pw_name */
+               len = strlen(pw->pw_passwd);
+               memset(p, 0, len);                      /* zero pw_passwd */
+               t = p + len + 1;                        /* skip pw_passwd */
+               if (len != 0)
+                       *p++ = '*';
+               *p++ = '\0';
+               memmove(p, t, data.size - (t - buf));
+               data.size -= len - 1;
+
+               /* Write the insecure record. */
+               if ((dp->put)(dp, &key, &data, dbmode) == -1)
+                       error("put");
+       }
+       if (firsttime) {
+               firsttime = 0;
+               if (username && !found && olduid != UID_MAX)
+                       errorx("can't find user in master.passwd");
+       }
+}