$OpenBSD: patch-poppassd_c,v 1.1 2005/12/24 16:42:43 sturm Exp $
--- poppassd.c.orig	Sun Dec  4 12:19:00 2005
+++ poppassd.c	Sun Dec  4 12:27:07 2005
@@ -13,11 +13,11 @@
  * 
  * Doesn't actually change any passwords itself.  It simply listens for
  * incoming requests, gathers the required information (user name, old
- * password, new password) and executes /bin/passwd, talking to it over
+ * password, new password) and executes /usr/bin/passwd, talking to it over
  * a pseudo-terminal pair.  The advantage of this is that we don't need
  * to have any knowledge of either the password file format (which may
  * include dbx files that need to be rebuilt) or of any file locking
- * protocol /bin/passwd and cohorts may use (and which isn't documented).
+ * protocol /usr/bin/passwd and cohorts may use (and which isn't documented).
  *
  * The current version has been tested at NU under SunOS release 4.1.2 
  * and 4.1.3, and under HP-UX 8.02 and 9.01. We have tested the server 
@@ -29,7 +29,7 @@
  * Note that unencrypted passwords are transmitted over the network.  If
  * this bothers you, think hard about whether you want to implement the
  * password changing feature.  On the other hand, it's no worse than what
- * happens when you run /bin/passwd while connected via telnet or rlogin.
+ * happens when you run /usr/bin/passwd while connected via telnet or rlogin.
  * Well, maybe it is, since the use of a dedicated port makes it slightly
  * easier for a network snooper to snarf passwords off the wire.
  *
@@ -47,7 +47,7 @@
  * (which talks to /bin/password) is directly descended from Smith's
  * version, with changes for SunOS and HP-UX by Norstad (with help from
  * sample code in "Advanced Programming in the UNIX Environment"
- * by W. Richard Stevens). The code to report /bin/passwd error messages
+ * by W. Richard Stevens). The code to report /usr/bin/passwd error messages
  * back to the client in the final 500 response, and a new version of the
  * code to find the next free pty, is by Norstad.
  *        
@@ -125,7 +125,7 @@
 #include <ctype.h>
 #include <strings.h>
 #include <errno.h>
-#include <varargs.h>
+#include <stdarg.h>
 #include <pwd.h>
 #include <string.h>
 #include <termios.h>
@@ -145,19 +145,20 @@
 static char *P1[] =
    {"Old password:",
     "Changing password for *.\nOld password:",
+    "Changing local password for *.\nOld password:",
     "Changing password for * on *.\nOld password:",
-    "Changing NIS password for * on *.\nOld password:",
+    "Changing NIS password for * on *.\nOld Password: ",
     "Changing password for *\n*'s Old password:",
     ""};
 
 static char *P2[] =
-   {"\nNew password:",
+   {"New password:",
     "\n*'s New password:",
     ""};
 
 static char *P3[] =
    {"\nRe-enter new password:",
-    "\nRetype new password:",
+    "Retype new password:",
     "\nEnter the new password again:",
     "\n*Re-enter *'s new password:",
     "\nVerify:",
@@ -165,9 +166,12 @@ static char *P3[] =
     
 static char *P4[] =
    {"\n",
+    "\npasswd: rebuilding the database...\npasswd: done\n",
     "NIS entry changed on *\n",
+    "\n\nNIS password has been changed on *.\n",
     ""};
 
+void WriteToClient(char *fmt, ...);
 
 main (argc, argv)
 int argc;
@@ -186,11 +190,7 @@ char *argv[];
      
      *user = *oldpass = *newpass = 0;
      
-     if (openlog ("poppassd", LOG_PID, LOG_LOCAL2) < 0)
-     {
-	  WriteToClient ("500 Can't open syslog.");
-	       exit (1);
-     }
+     openlog("poppassd", LOG_PID, LOG_LOCAL2);
      
      WriteToClient ("200 poppassd v%s hello, who are you?", VERSION);
      ReadFromClient (line);
@@ -218,6 +218,7 @@ char *argv[];
 
      if (chkPass (user, oldpass, pw) == FAILURE)
      {
+	  syslog(LOG_ERR, "Incorrect password from %s", user);
 	  WriteToClient ("500 Old password is incorrect.");
 	  exit(1);
      }
@@ -264,28 +265,28 @@ char *argv[];
 
 	  if ((wpid = waitpid (pid, &wstat, 0)) < 0)
 	  {
-	       syslog (LOG_ERR, "wait for /bin/passwd child failed: %m");
+	       syslog (LOG_ERR, "wait for /usr/bin/passwd child failed: %m");
 	       WriteToClient ("500 Server error (wait failed), get help!");
 	       exit (1);
 	  }
 
 	  if (pid != wpid)
 	  {
-	       syslog (LOG_ERR, "wrong child (/bin/passwd waited for!");
+	       syslog (LOG_ERR, "wrong child (/usr/bin/passwd) waited for!");
 	       WriteToClient ("500 Server error (wrong child), get help!");
 	       exit (1);
 	  }
 
 	  if (WIFEXITED (wstat) == 0)
 	  {
-	       syslog (LOG_ERR, "child (/bin/passwd) killed?");
+	       syslog (LOG_ERR, "child (/usr/bin/passwd) killed?");
 	       WriteToClient ("500 Server error (funny wstat), get help!");
 	       exit (1);
 	  }
 
 	  if (WEXITSTATUS (wstat) != 0)
 	  {
-	       syslog (LOG_ERR, "child (/bin/passwd) exited abnormally");
+	       syslog (LOG_ERR, "child (/usr/bin/passwd) exited abnormally");
 	       WriteToClient ("500 Server error (abnormal exit), get help!");
 	       exit (1);
 	  }
@@ -304,17 +305,19 @@ char *argv[];
      }
      else      /* Child */
      {
-	  /*
-	   * Become the user trying who's password is being changed.  We're
-	   * about to exec /bin/passwd with is setuid root anyway, but this
-	   * way it looks to the child completely like it's being run by
-	   * the normal user, which makes it do its own password verification
-	   * before doing any thing.  In theory, we've already verified the
-	   * password, but this extra level of checking doesn't hurt.  Besides,
-	   * the way I do it here, if somebody manages to change somebody
-	   * else's password, you can complain to your vendor about security
-	   * holes, not to me!
-	   */
+          /* Start new session - gets rid of controlling terminal. */
+   
+          if (setsid() < 0) {
+               syslog(LOG_ERR, "setsid failed: %m");
+               return(0);
+	  }
+
+	  /* Set login name */
+
+	  if (setlogin(user) < 0) {
+	       syslog(LOG_ERR, "setlogin failed: %m");
+	       return(0);
+          }
 	  setuid (pw->pw_uid);
 	  setgid (pw->pw_gid);
 	  dochild (master, slavedev, user);
@@ -324,7 +327,7 @@ char *argv[];
 /*
  * dochild
  *
- * Do child stuff - set up slave pty and execl /bin/passwd.
+ * Do child stuff - set up slave pty and execl /usr/bin/passwd.
  *
  * Code adapted from "Advanced Programming in the UNIX Environment"
  * by W. Richard Stevens.
@@ -338,13 +341,6 @@ char *slavedev, *user;
    int slave;
    struct termios stermios;
 
-   /* Start new session - gets rid of controlling terminal. */
-   
-   if (setsid() < 0) {
-      syslog(LOG_ERR, "setsid failed: %m");
-      return(0);
-   }
-
    /* Open slave pty and acquire as new controlling terminal. */
 
    if ((slave = open(slavedev, O_RDWR)) < 0) {
@@ -387,10 +383,10 @@ char *slavedev, *user;
       return(0);
    }
 
-   /* Fork /bin/passwd. */
+   /* Fork /usr/bin/passwd. */
 
-   if (execl("/bin/passwd", "passwd", user, (char*)0) < 0) {
-      syslog(LOG_ERR, "can't exec /bin/passwd: %m");
+   if (execl("/usr/bin/passwd", "passwd", user, (char*)0) < 0) {
+      syslog(LOG_ERR, "can't exec /usr/bin/passwd: %m");
       return(0);
    }
 }
@@ -408,15 +404,20 @@ char *slavedev, *user;
  *
  * Modified by Norstad to remove assumptions about number of pty's allocated
  * on this UNIX box.
+ *
+ * Modified by Stephen Melvin to allocate local space for static character
+ * array, rather than local space to pointer to constant string, which is
+ * not kosher and was crashing FreeBSD 1.1.5.1.
  */
 findpty (slave)
 char **slave;
 {
    int master;
-   static char *line = "/dev/ptyXX";
+   static char line[11];
    DIR *dirp;
    struct dirent *dp;
 
+   strcpy(line,"/dev/ptyXX");
    dirp = opendir("/dev");
    while ((dp = readdir(dirp)) != NULL) {
       if (strncmp(dp->d_name, "pty", 3) == 0 && strlen(dp->d_name) == 5) {
@@ -485,9 +486,11 @@ char *user, *oldpass, *newpass, *emess;
      }
 
      writestring(master, pswd);
-
+     sleep(2);
      if (!expect(master, P4, buf)) return FAILURE;
 
+     close(master);
+
      return SUCCESS;
 }
 
@@ -563,9 +566,11 @@ char *buf;
 	if (m < 0) {
 	   syslog(LOG_ERR, "read error from child: %m");
 	   return FAILURE;
-	}
+	} else if (m == 0)
+	   return SUCCESS;
 	n += m;
 	buf[n] = 0;
+/* syslog(LOG_ERR, "read from child: %s",buf); */
 	initialSegment = 0;
         for (s = expected; **s != 0; s++) {
            result = match(buf, *s);
@@ -630,13 +635,12 @@ char *buf;
    }
 }
 
-WriteToClient (fmt, va_alist)
-char *fmt;
-va_dcl
+void
+WriteToClient (char *fmt, ...)
 {
 	va_list ap;
 	
-	va_start (ap);
+	va_start (ap, fmt);
 	vfprintf (stdout, fmt, ap);
 	fputs ("\r\n", stdout );
 	fflush (stdout);
