 @@ -1,14 +1,14 @@
-/*	$NetBSD: pwd_mkdb.c,v 1.41 2009/06/18 17:46:24 christos Exp $	*/
+/*	$NetBSD: pwd_mkdb.c,v 1.42 2009/06/18 21:59:24 christos Exp $	*/
 /*
  * Copyright (c) 2000, 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -81,27 +81,27 @@
  */
 #if HAVE_NBTOOL_CONFIG_H
 #include "nbtool_config.h"
 #endif
 #include <sys/cdefs.h>
 #if !defined(lint)
 __COPYRIGHT("@(#) Copyright (c) 2000, 2009\
  The NetBSD Foundation, Inc.  All rights reserved.\
   Copyright (c) 1991, 1993, 1994\
  The Regents of the University of California.  All rights reserved.");
 __SCCSID("from: @(#)pwd_mkdb.c	8.5 (Berkeley) 4/20/94");
-__RCSID("$NetBSD: pwd_mkdb.c,v 1.41 2009/06/18 17:46:24 christos Exp $");
+__RCSID("$NetBSD: pwd_mkdb.c,v 1.42 2009/06/18 21:59:24 christos Exp $");
 #endif /* not lint */
 #if HAVE_NBTOOL_CONFIG_H
 #include "compat_pwd.h"
 #else
 #include <pwd.h>
 #endif
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #ifndef HAVE_NBTOOL_CONFIG_H
 @@ -136,118 +136,184 @@ extern const char __yp_token[];
 static HASHINFO openinfo = {
 ,		/* bsize */
 ,		/* ffactor */
 ,		/* nelem */
 ,		/* cachesize */
 	NULL,		/* hash() */
 		/* lorder */
 };
 #define	FILE_INSECURE	0x01
 #define	FILE_SECURE	0x02
 #define	FILE_ORIG	0x04
 struct pwddb {
 	DB *db;
 	char dbname[MAX(MAXPATHLEN, LINE_MAX * 2)];
 	const char *fname;
 	uint32_t rversion;
 	uint32_t wversion;
 };
 static char	*pname;				/* password file name */
 static char	prefix[MAXPATHLEN];
 static char	oldpwdfile[MAX(MAXPATHLEN, LINE_MAX * 2)];
 static char	pwd_db_tmp[MAX(MAXPATHLEN, LINE_MAX * 2)];
 static char	pwd_Sdb_tmp[MAX(MAXPATHLEN, LINE_MAX * 2)];
 static int 	lorder = BYTE_ORDER;
 static int	clean;
 static int	verbose;
 static int	warning;
 static struct pwddb sdb, idb;
 void	bailout(void) __attribute__((__noreturn__));
 void	cp(const char *, const char *, mode_t);
-int	deldbent(DB *, const char *, int, void *);
+int	deldbent(struct pwddb *, int, void *);
 void	error(const char *);
-int	getdbent(DB *, const char *, int, void *, struct passwd **, uint32_t);
+int	getdbent(struct pwddb *, int, void *, struct passwd **);
 void	inconsistancy(void);
 void	install(const char *, const char *);
 int	main(int, char **);
-void	putdbents(DB *, struct passwd *, const char *, int, const char *, int,
+void	putdbents(struct pwddb *, struct passwd *, const char *, int, int, int,
-    int, int, uint32_t);
+    int);
-void	putyptoken(DB *, const char *);
+void	putyptoken(struct pwddb *);
 void	rm(const char *);
 int	scan(FILE *, struct passwd *, int *, int *);
 void	usage(void) __attribute__((__noreturn__));
 void	wr_error(const char *);
-void	checkversion(uint32_t, uint32_t);
+void	checkversion(struct pwddb *);
 uint32_t getversion(const char *);
-void	setversion(DB *, uint32_t);
+void	setversion(struct pwddb *);
 #define SWAP(sw) \
     ((sizeof(sw) == 2 ? (typeof(sw))bswap16((uint16_t)sw) : \
     (sizeof(sw) == 4 ? (typeof(sw))bswap32((uint32_t)sw) : \
     (sizeof(sw) == 8 ? (typeof(sw))bswap64((uint64_t)sw) : (abort(), 0)))))
 static void
 closedb(struct pwddb *db)
+{
     if ((*db->db->close)(db->db) < 0)
 	    wr_error(db->dbname);
+}
 static void
 opendb(struct pwddb *db, const char *dbname, const char *username,
     uint32_t req_version, int flags, int perm)
+{
 	char buf[MAXPATHLEN];
 	(void)snprintf(db->dbname, sizeof(db->dbname), "%s%s.tmp", prefix,
 	    dbname);
 	if (username != NULL) {
 		snprintf(buf, sizeof(buf), "%s%s", prefix, dbname);
 		cp(buf, db->dbname, perm);
+	}
 	db->db = dbopen(db->dbname, flags, perm, DB_HASH, &openinfo);
 	if (db->db == NULL)
 		error(db->dbname);
 	db->fname = dbname;
 	db->rversion = getversion(dbname);
 	if (req_version == ~0U)
 		db->wversion = db->rversion;
 	else
 		db->wversion = req_version;
 	if (warning && db->rversion == 0 && db->wversion == 0) {
 		warnx("Database %s is a version %u database.",
 		    db->fname, db->rversion);
 		warnx("Use %s -V 1 to upgrade once you've recompiled "
 		    "all your binaries.", getprogname());
+	}
 	if (verbose)
 		fprintf(stderr, "%s: %s version %u requested %u\n",
 		    getprogname(), db->fname, db->rversion, db->wversion);
 	if (db->wversion != db->rversion) {
 		if (username != NULL)
 			checkversion(db);
 		else if (verbose) {
 		    fprintf(stderr, "%s: changing %s from version "
 			"%u to version %u\n",
 			getprogname(), db->fname,
 			db->rversion, db->wversion);
+		}
+	}
 	setversion(db);
+}
 int
 main(int argc, char *argv[])
+{
-	int ch, makeold, tfd, lineno, found, rv, hasyp, secureonly, verbose;
+	int ch, makeold, tfd, lineno, found, rv, hasyp, secureonly;
 	struct passwd pwd, *tpwd;
 	char *username;
 	DB *dp, *edp;
 	FILE *fp, *oldfp;
 	sigset_t set;
 	int dbflg, uid_dbflg, newuser, olduid, flags;
 	char buf[MAXPATHLEN];
 	struct stat st;
 	u_int cachesize;
-	uint32_t version, req_version;
+	uint32_t req_version;
 	uint32_t sversion, req_sversion;
 	prefix[0] = '\0';
 	makeold = 0;
 	oldfp = NULL;
 	username = NULL;
 	hasyp = 0;
 	secureonly = 0;
 	found = 0;
 	newuser = 0;
 	dp = NULL;
 	cachesize = 0;
 	verbose = 0;
-	req_version = req_sversion = ~0U;
+	warning = 0;
 	req_version = ~0U;
-	while ((ch = getopt(argc, argv, "BLc:d:psu:V:v")) != -1)
+	while ((ch = getopt(argc, argv, "BLc:d:psu:V:vw")) != -1)
 		switch (ch) {
 		case 'B':			/* big-endian output */
 			lorder = BIG_ENDIAN;
 			break;
 		case 'L':			/* little-endian output */
 			lorder = LITTLE_ENDIAN;
 			break;
 		case 'c':
 			cachesize = atoi(optarg) * 1024 * 1024;
 			break;
 		case 'd':			/* set prefix */
 			strlcpy(prefix, optarg, sizeof(prefix));
 			break;
 		case 'p':			/* create V7 "file.orig" */
 			makeold = 1;
 			break;
 		case 's':			/* modify secure db only */
 			secureonly = 1;
 			break;
 		case 'u':			/* modify one user only */
 			username = optarg;
 			break;
 		case 'V':
-			req_sversion = req_version = (uint32_t)atoi(optarg);
+			req_version = (uint32_t)atoi(optarg);
 			if (req_version > 1)
 				err(1, "Unknown version %u\n", req_version);
 			break;
 		case 'v':
 			verbose++;
 			break;
 		case 'w':
 			warning++;
 			break;
 		case '?':
 		default:
 			usage();
+		}
 	argc -= optind;
 	argv += optind;
 	if (argc != 1)
 		usage();
 	if (username != NULL)
 		if (username[0] == '+' || username[0] == '-')
 			usage();
 	if (secureonly)
 @@ -287,110 +353,62 @@ main(int argc, char *argv[])
 		openinfo.cachesize = cachesize;
 	} else {
 		/* Tweak openinfo values for large passwd files. */
 		cachesize = st.st_size * 20;
 		if (cachesize > MAX_CACHESIZE)
 			cachesize = MAX_CACHESIZE;
 		else if (cachesize < MIN_CACHESIZE)
 			cachesize = MIN_CACHESIZE;
 		openinfo.cachesize = cachesize;
+	}
 	/* Open the temporary insecure password database. */
 	if (!secureonly) {
-		(void)snprintf(pwd_db_tmp, sizeof(pwd_db_tmp), "%s%s.tmp",
+		opendb(&idb, _PATH_MP_DB, username, req_version,
-		    prefix, _PATH_MP_DB);
+		    flags, PERM_INSECURE);
 		if (username != NULL) {
 			snprintf(buf, sizeof(buf), "%s" _PATH_MP_DB, prefix);
 			cp(buf, pwd_db_tmp, PERM_INSECURE);
 		dp = dbopen(pwd_db_tmp, flags, PERM_INSECURE, DB_HASH,
 		    &openinfo);
 		if (dp == NULL)
 			error(pwd_db_tmp);
 		clean |= FILE_INSECURE;
 		version = getversion(_PATH_MP_DB);
 		if (req_version == ~0U)
 			req_version = version;
 		if (verbose)
 			fprintf(stderr, "%s: " _PATH_MP_DB
 			    " version %u requested %u\n",
 			    getprogname(), version, req_version);
 		if (username != NULL && req_version != version)
 			checkversion(req_version, version);
 		else if (req_version != version) {
 			if (verbose)
 				fprintf(stderr, "%s: changing " _PATH_MP_DB
 				    " from version %u to version %u\n",
 				    getprogname(), version, req_version);
 			setversion(dp, req_version);
+	}
 	/* Open the temporary encrypted password database. */
-	(void)snprintf(pwd_Sdb_tmp, sizeof(pwd_Sdb_tmp), "%s%s.tmp", prefix,
+	opendb(&sdb, _PATH_SMP_DB, username, req_version, flags, PERM_SECURE);
 		_PATH_SMP_DB);
 	if (username != NULL) {
 		snprintf(buf, sizeof(buf), "%s" _PATH_SMP_DB, prefix);
 		cp(buf, pwd_Sdb_tmp, PERM_SECURE);
 	edp = dbopen(pwd_Sdb_tmp, flags, PERM_SECURE, DB_HASH, &openinfo);
 	if (!edp)
 		error(pwd_Sdb_tmp);
 	clean |= FILE_SECURE;
 	sversion = getversion(_PATH_SMP_DB);
 	if (verbose)
 		fprintf(stderr, "%s: " _PATH_SMP_DB
 		    " version %u requested %u\n",
 		    getprogname(), sversion, req_version);
 	if (req_sversion == ~0U)
 		req_sversion = sversion;
 	if (username != NULL)
 		checkversion(req_sversion, sversion);
 	else if (req_sversion != sversion) {
 		if (verbose)
 			fprintf(stderr, "%s: changing " _PATH_SMP_DB
 			    " from version %u to version %u\n",
 			    getprogname(), sversion, req_sversion);
 		setversion(edp, req_sversion);
 	/*
 	 * Open file for old password file.  Minor trickiness -- don't want to
 	 * chance the file already existing, since someone (stupidly) might
 	 * still be using this for permission checking.  So, open it first and
 	 * fdopen the resulting fd.  The resulting file should be readable by
 	 * everyone.
 	 */
 	if (makeold) {
 		(void)snprintf(oldpwdfile, sizeof(oldpwdfile), "%s.orig",
 		    pname);
 		if ((tfd = open(oldpwdfile, O_WRONLY | O_CREAT | O_EXCL,
 		    PERM_INSECURE)) < 0)
 			error(oldpwdfile);
 		clean |= FILE_ORIG;
 		if ((oldfp = fdopen(tfd, "w")) == NULL)
 			error(oldpwdfile);
+	}
 	if (username != NULL) {
 		uid_dbflg = 0;
 		dbflg = 0;
 		/*
 		 * Determine if this is a new entry.
 		 */
-		if (getdbent(edp, pwd_Sdb_tmp, _PW_KEYBYNAME, username, &tpwd,
+		if (getdbent(&sdb, _PW_KEYBYNAME, username, &tpwd))
 		    sversion))
 			newuser = 1;
 		else {
 			newuser = 0;
 			olduid = tpwd->pw_uid;
+		}
 	} else {
 		uid_dbflg = R_NOOVERWRITE;
 		dbflg = R_NOOVERWRITE;
+	}
 	/*
 	 * If we see something go by that looks like YP, we save a special
 @@ -418,127 +436,121 @@ main(int argc, char *argv[])
 			if (pwd.pw_name[0] == '+') {
 				if ((flags & _PASSWORD_NOUID) == 0 &&
 				    pwd.pw_uid == 0)
 					warnx("line %d: superuser override "
 					    "in YP inclusion", lineno);
 				if ((flags & _PASSWORD_NOGID) == 0 &&
 				    pwd.pw_gid == 0)
 					warnx("line %d: wheel override "
 					    "in YP inclusion", lineno);
+			}
 			/* Write the database entry out. */
 			if (!secureonly)
-				putdbents(dp, &pwd, "*", flags, pwd_db_tmp,
+				putdbents(&idb, &pwd, "*", flags, lineno, dbflg,
-				    lineno, dbflg, uid_dbflg, req_version);
+				    uid_dbflg);
 			continue;
 		} else if (strcmp(username, pwd.pw_name) != 0)
 			continue;
 		if (found) {
 			warnx("user `%s' listed twice in password file",
 			    username);
 			bailout();
+		}
 		/*
 		 * Ensure that the text file and database agree on
 		 * which line the record is from.
 		 */
-		rv = getdbent(edp, pwd_Sdb_tmp, _PW_KEYBYNUM, &lineno, &tpwd,
+		rv = getdbent(&sdb, _PW_KEYBYNUM, &lineno, &tpwd);
 		    sversion);
 		if (newuser) {
 			if (rv == 0)
 				inconsistancy();
 		} else if (rv == -1 ||
 			strcmp(username, tpwd->pw_name) != 0)
 			inconsistancy();
 		else if ((uid_t)olduid != pwd.pw_uid) {
 			/*
 			 * If we're changing UID, remove the BYUID
 			 * record for the old UID only if it has the
 			 * same username.
 			 */
-			if (!getdbent(edp, pwd_Sdb_tmp, _PW_KEYBYUID, &olduid,
+			if (!getdbent(&sdb, _PW_KEYBYUID, &olduid, &tpwd)) {
 			    &tpwd, sversion)) {
 				if (strcmp(username, tpwd->pw_name) == 0) {
 					if (!secureonly)
-						deldbent(dp, pwd_db_tmp,
+						deldbent(&idb, _PW_KEYBYUID,
-						    _PW_KEYBYUID, &olduid);
+						    &olduid);
-					deldbent(edp, pwd_Sdb_tmp,
+					deldbent(&sdb, _PW_KEYBYUID, &olduid);
 					    _PW_KEYBYUID, &olduid);
+				}
 			} else
 				inconsistancy();
+		}
 		/*
 		 * If there's an existing BYUID record for the new UID and
 		 * the username doesn't match then be sure not to overwrite
 		 * it.
 		 */
-		if (!getdbent(edp, pwd_Sdb_tmp, _PW_KEYBYUID, &pwd.pw_uid,
+		if (!getdbent(&sdb, _PW_KEYBYUID, &pwd.pw_uid, &tpwd))
 		    &tpwd, sversion))
 			if (strcmp(username, tpwd->pw_name) != 0)
 				uid_dbflg = R_NOOVERWRITE;
 		/* Write the database entries out */
 		if (!secureonly)
-			putdbents(dp, &pwd, "*", flags, pwd_db_tmp, lineno,
+			putdbents(&idb, &pwd, "*", flags, lineno, dbflg,
-			    dbflg, uid_dbflg, req_version);
+			    uid_dbflg);
-		putdbents(edp, &pwd, pwd.pw_passwd, flags, pwd_Sdb_tmp,
+		putdbents(&sdb, &pwd, pwd.pw_passwd, flags, lineno, dbflg,
-		    lineno, dbflg, uid_dbflg, req_sversion);
+		    uid_dbflg);
 		found = 1;
 		if (!makeold)
 			break;
+	}
 	if (!secureonly) {
 		/* Store YP token if needed. */
 		if (hasyp)
-			putyptoken(dp, pwd_db_tmp);
+			putyptoken(&idb);
 		/* Close the insecure database. */
-		if ((*dp->close)(dp) < 0)
+		closedb(&idb);
 			wr_error(pwd_db_tmp);
+	}
 	/*
 	 * If rebuilding the databases, we re-parse the text file and write
 	 * the secure entries out in a separate pass.
 	 */
 	if (username == NULL) {
 		rewind(fp);
 		for (lineno = 0; scan(fp, &pwd, &flags, &lineno);)
-			putdbents(edp, &pwd, pwd.pw_passwd, flags, pwd_Sdb_tmp,
+			putdbents(&sdb, &pwd, pwd.pw_passwd, flags,
-			    lineno, dbflg, uid_dbflg, req_sversion);
+			    lineno, dbflg, uid_dbflg);
 		/* Store YP token if needed. */
 		if (hasyp)
-			putyptoken(edp, pwd_Sdb_tmp);
+			putyptoken(&sdb);
 	} else if (!found) {
 		warnx("user `%s' not found in password file", username);
 		bailout();
+	}
 	/* Close the secure database. */
-	if ((*edp->close)(edp) < 0)
+	closedb(&sdb);
 		wr_error(pwd_Sdb_tmp);
 	/* Install as the real password files. */
 	if (!secureonly)
-		install(pwd_db_tmp, _PATH_MP_DB);
+		install(idb.dbname, idb.fname);
-	install(pwd_Sdb_tmp, _PATH_SMP_DB);
+	install(sdb.dbname, sdb.fname);
 	/* Install the V7 password file. */
 	if (makeold) {
 		if (fflush(oldfp) == EOF)
 			wr_error(oldpwdfile);
 		if (fclose(oldfp) == EOF)
 			wr_error(oldpwdfile);
 		install(oldpwdfile, _PATH_PASSWD);
+	}
 	/* Set master.passwd permissions, in case caller forgot. */
 	(void)fchmod(fileno(fp), S_IRUSR|S_IWUSR);
 	if (fclose(fp) == EOF)
 @@ -672,140 +684,144 @@ inconsistancy(void)
 	warnx("text files and databases are inconsistent");
 	warnx("re-build the databases without -u");
 	bailout();
+}
 void
 bailout(void)
+{
 	if ((clean & FILE_ORIG) != 0)
 		rm(oldpwdfile);
 	if ((clean & FILE_SECURE) != 0)
-		rm(pwd_Sdb_tmp);
+		rm(sdb.dbname);
 	if ((clean & FILE_INSECURE) != 0)
-		rm(pwd_db_tmp);
+		rm(idb.dbname);
 	exit(EXIT_FAILURE);
+}
 uint32_t
 getversion(const char *fname)
+{
 	DBT data, key;
 	int ret;
 	uint32_t version = 0;
-	DB *dp;
+	DB *db;
-	dp = dbopen(fname, O_RDONLY, PERM_INSECURE, DB_HASH, NULL);
+	db = dbopen(fname, O_RDONLY, PERM_INSECURE, DB_HASH, NULL);
-	if (dp == NULL) {
+	if (db == NULL) {
 		warn("Cannot open database %s", fname);
 		bailout();
+	}
 	key.data = __UNCONST("VERSION");
 	key.size = strlen((const char *)key.data) + 1;
-	switch (ret = (*dp->get)(dp, &key, &data, 0)) {
+	switch (ret = (*db->get)(db, &key, &data, 0)) {
 	case -1:	/* Error */
 		warn("Cannot get VERSION record from database");
 		goto out;
 	case 0:
 		if (data.size != sizeof(version)) {
 		    warnx("Bad VERSION record in database");
 		    goto out;
+		}
 		memcpy(&version, data.data, sizeof(version));
 		/*FALLTHROUGH*/
 	case 1:
-		(*dp->close)(dp);
+		if (ret == 1)
 			warnx("Database %s has no version info", fname);
 		(*db->close)(db);
 		return version;
 	default:
 		warnx("internal error db->get returns %d", ret);
 		goto out;
+	}
 out:
-	(*dp->close)(dp);
+	(*db->close)(db);
 	bailout();
+}
 void
-setversion(DB *dp, uint32_t version)
+setversion(struct pwddb *db)
+{
 	DBT data, key;
 	key.data = __UNCONST("VERSION");
 	key.size = strlen((const char *)key.data) + 1;
-	data.data = &version;
+	data.data = &db->wversion;
 	data.size = sizeof(uint32_t);
-	if ((*dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
+	if ((*db->db->put)(db->db, &key, &data, R_NOOVERWRITE) != 0) {
-		wr_error("setversion");
+		warn("Can't write VERSION record to %s", db->dbname);
 		bailout();
+	}
+}
 void
-checkversion(uint32_t req_version, uint32_t version)
+checkversion(struct pwddb *db)
+{
 	(void)fprintf(stderr, "%s: you cannot change a single "
 	    "record from version %u to version %u\n", getprogname(),
-	    version, req_version);
+	    db->rversion, db->wversion);
 	bailout();
+}
 /*
  * Write entries to a database for a single user.
+ *
  * The databases actually contain three copies of the original data.  Each
  * password file entry is converted into a rough approximation of a ``struct
  * passwd'', with the strings placed inline.  This object is then stored as
  * the data for three separate keys.  The first key * is the pw_name field
  * prepended by the _PW_KEYBYNAME character.  The second key is the pw_uid
  * field prepended by the _PW_KEYBYUID character.  The third key is the line
  * number in the original file prepended by the _PW_KEYBYNUM character.
  * (The special characters are prepended to ensure that the keys do not
  * collide.)
  */
 #define	COMPACT(e)	for (t = e; (*p++ = *t++) != '\0';)
 void
-putdbents(DB *dp, struct passwd *pw, const char *passwd, int flags,
+putdbents(struct pwddb *db, struct passwd *pw, const char *passwd, int flags,
-      const char *fn, int lineno, int dbflg, int uid_dbflg, uint32_t version)
+      int lineno, int dbflg, int uid_dbflg)
+{
 	struct passwd pwd;
 	char buf[MAX(MAXPATHLEN, LINE_MAX * 2)], tbuf[1024], *p;
 	DBT data, key;
 	const char *t;
 	u_int32_t x;
 	int len;
 	memcpy(&pwd, pw, sizeof(pwd));
 	data.data = (u_char *)buf;
 	key.data = (u_char *)tbuf;
 	if (lorder != BYTE_ORDER) {
 		pwd.pw_uid = SWAP(pwd.pw_uid);
 		pwd.pw_gid = SWAP(pwd.pw_gid);
+	}
 #define WRITEPWTIMEVAR(pwvar) \
 	do { \
-		if (version == 0 && \
+		if (db->wversion == 0 && \
 		    sizeof(pwvar) == sizeof(uint64_t)) { \
 			uint32_t tmp = (uint32_t)pwvar; \
 			if (lorder != BYTE_ORDER) \
 				tmp = SWAP(tmp); \
 			memmove(p, &tmp, sizeof(tmp)); \
 			p += sizeof(tmp); \
-		} else if (version == 1 && \
+		} else if (db->wversion == 1 && \
 		    sizeof(pwvar) == sizeof(uint32_t)) { \
 			uint64_t tmp = pwvar; \
 			if (lorder != BYTE_ORDER) \
 				tmp = SWAP(tmp); \
 			memmove(p, &tmp, sizeof(tmp)); \
 			p += sizeof(tmp); \
 		} else { \
 			if (lorder != BYTE_ORDER) \
 				pwvar = SWAP(pwvar); \
 			memmove(p, &pwvar, sizeof(pwvar)); \
 			p += sizeof(pwvar); \
 		} \
 	} while (/*CONSTCOND*/0)
 @@ -826,82 +842,81 @@ putdbents(DB *dp, struct passwd *pw, con
 	WRITEPWTIMEVAR(pwd.pw_expire);
 	x = flags;
 	if (lorder != BYTE_ORDER)
 		x = SWAP(x);
 	memmove(p, &x, sizeof(x));
 	p += sizeof(flags);
 	data.size = p - buf;
 	/* Store insecure by name. */
 	tbuf[0] = _PW_KEYBYNAME;
 	len = strlen(pwd.pw_name);
 	memmove(tbuf + 1, pwd.pw_name, len);
 	key.size = len + 1;
-	if ((*dp->put)(dp, &key, &data, dbflg) == -1)
+	if ((*db->db->put)(db->db, &key, &data, dbflg) == -1)
-		wr_error(fn);
+		wr_error(db->dbname);
 	/* Store insecure by number. */
 	tbuf[0] = _PW_KEYBYNUM;
 	x = lineno;
 	if (lorder != BYTE_ORDER)
 		x = SWAP(x);
 	memmove(tbuf + 1, &x, sizeof(x));
 	key.size = sizeof(x) + 1;
-	if ((*dp->put)(dp, &key, &data, dbflg) == -1)
+	if ((*db->db->put)(db->db, &key, &data, dbflg) == -1)
-		wr_error(fn);
+		wr_error(db->dbname);
 	/* Store insecure by uid. */
 	tbuf[0] = _PW_KEYBYUID;
 	memmove(tbuf + 1, &pwd.pw_uid, sizeof(pwd.pw_uid));
 	key.size = sizeof(pwd.pw_uid) + 1;
-	if ((*dp->put)(dp, &key, &data, uid_dbflg) == -1)
+	if ((*db->db->put)(db->db, &key, &data, uid_dbflg) == -1)
-		wr_error(fn);
+		wr_error(db->dbname);
+}
 int
-deldbent(DB *dp, const char *fn, int type, void *keyp)
+deldbent(struct pwddb *db, int type, void *keyp)
+{
 	char tbuf[1024];
 	DBT key;
 	u_int32_t x;
 	int len, rv;
 	key.data = (u_char *)tbuf;
 	switch (tbuf[0] = type) {
 	case _PW_KEYBYNAME:
 		len = strlen((char *)keyp);
 		memcpy(tbuf + 1, keyp, len);
 		key.size = len + 1;
 		break;
 	case _PW_KEYBYNUM:
 	case _PW_KEYBYUID:
 		x = *(int *)keyp;
 		if (lorder != BYTE_ORDER)
 			x = SWAP(x);
 		memmove(tbuf + 1, &x, sizeof(x));
 		key.size = sizeof(x) + 1;
 		break;
+	}
-	if ((rv = (*dp->del)(dp, &key, 0)) == -1)
+	if ((rv = (*db->db->del)(db->db, &key, 0)) == -1)
-		wr_error(fn);
+		wr_error(db->dbname);
 	return (rv);
+}
 int
-getdbent(DB *dp, const char *fn, int type, void *keyp, struct passwd **tpwd,
+getdbent(struct pwddb *db, int type, void *keyp, struct passwd **tpwd)
     uint32_t version)
+{
 	static char buf[MAX(MAXPATHLEN, LINE_MAX * 2)];
 	static struct passwd pwd;
 	char tbuf[1024], *p;
 	DBT key, data;
 	u_int32_t x;
 	int len, rv;
 	data.data = (u_char *)buf;
 	data.size = sizeof(buf);
 	key.data = (u_char *)tbuf;
 	switch (tbuf[0] = type) {
 @@ -911,57 +926,57 @@ getdbent(DB *dp, const char *fn, int typ
 		key.size = len + 1;
 		break;
 	case _PW_KEYBYNUM:
 	case _PW_KEYBYUID:
 		x = *(int *)keyp;
 		if (lorder != BYTE_ORDER)
 			x = SWAP(x);
 		memmove(tbuf + 1, &x, sizeof(x));
 		key.size = sizeof(x) + 1;
 		break;
+	}
-	if ((rv = (*dp->get)(dp, &key, &data, 0)) == 1)
+	if ((rv = (*db->db->get)(db->db, &key, &data, 0)) == 1)
 		return (rv);
 	if (rv == -1)
-		error(pwd_Sdb_tmp);
+		error(db->dbname);
 	p = (char *)data.data;
 	pwd.pw_name = p;
 	while (*p++ != '\0')
 		continue;
 	pwd.pw_passwd = p;
 	while (*p++ != '\0')
 		continue;
 	memcpy(&pwd.pw_uid, p, sizeof(pwd.pw_uid));
 	p += sizeof(pwd.pw_uid);
 	memcpy(&pwd.pw_gid, p, sizeof(pwd.pw_gid));
 	p += sizeof(pwd.pw_gid);
 #define READPWTIMEVAR(pwvar) \
 	do { \
-		if (version == 0 && \
+		if (db->rversion == 0 && \
 		    sizeof(pwvar) == sizeof(uint64_t)) { \
 			uint32_t tmp; \
 			memcpy(&tmp, p, sizeof(tmp)); \
 			p += sizeof(tmp); \
 			if (lorder != BYTE_ORDER) \
 				pwvar = SWAP(tmp); \
 			else \
 				pwvar = tmp; \
-		} else if (version == 1 && \
+		} else if (db->rversion == 1 && \
 		    sizeof(pwvar) == sizeof(uint32_t)) { \
 			uint64_t tmp; \
 			memcpy(&tmp, p, sizeof(tmp)); \
 			p += sizeof(tmp); \
 			if (lorder != BYTE_ORDER) \
 				pwvar = (uint32_t)SWAP(tmp); \
 			else \
 				pwvar = (uint32_t)tmp; \
 		} else { \
 			memcpy(&pwvar, p, sizeof(pwvar)); \
 			p += sizeof(pwvar); \
 			if (lorder != BYTE_ORDER) \
 				pwvar = SWAP(pwvar); \
 @@ -985,36 +1000,36 @@ getdbent(DB *dp, const char *fn, int typ
 	READPWTIMEVAR(pwd.pw_expire);
 	if (lorder != BYTE_ORDER) {
 		pwd.pw_uid = SWAP(pwd.pw_uid);
 		pwd.pw_gid = SWAP(pwd.pw_gid);
+	}
 	*tpwd = &pwd;
 	return (0);
+}
 void
-putyptoken(DB *dp, const char *fn)
+putyptoken(struct pwddb *db)
+{
 	DBT data, key;
 	key.data = __UNCONST(__yp_token);
 	key.size = strlen(__yp_token);
 	data.data = (u_char *)NULL;
 	data.size = 0;
-	if ((*dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
+	if ((*db->db->put)(db->db, &key, &data, R_NOOVERWRITE) == -1)
-		wr_error(fn);
+		wr_error(db->dbname);
+}
 void
 usage(void)
+{
 	(void)fprintf(stderr,
-	    "Usage: %s [-BLpsv] [-c cachesize] [-d directory] [-u user] "
+	    "Usage: %s [-BLpsvw] [-c cachesize] [-d directory] [-u user] "
 	    "[-V version] file\n",
 	    getprogname());
 	exit(EXIT_FAILURE);
+}

 @@ -1,14 +1,14 @@
-.\"	$NetBSD: pwd_mkdb.8,v 1.24 2009/06/18 17:46:24 christos Exp $
+.\"	$NetBSD: pwd_mkdb.8,v 1.25 2009/06/18 21:59:24 christos Exp $
 .\"
 .\" Copyright (c) 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\" 3. Neither the name of the University nor the names of its contributors
 @@ -27,27 +27,27 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\"	from: @(#)pwd_mkdb.8	8.2 (Berkeley) 4/27/95
 .\"
 .Dd June 18, 2009
 .Dt PWD_MKDB 8
 .Os
 .Sh NAME
 .Nm pwd_mkdb
 .Nd generate the password databases
 .Sh SYNOPSIS
 .Nm
-.Op Fl BLpsv
+.Op Fl BLpsvw
 .Op Fl c Ar cachesize
 .Op Fl d Ar directory
 .Op Fl u Ar username
 .Op Fl V Ar version
 .Ar file
 .Sh DESCRIPTION
 .Nm
 creates
 .Xr db 3
 style secure and insecure databases for the specified file.
 These databases are then installed into
 .Dq Pa /etc/spwd.db
 and
 @@ -113,26 +113,28 @@ cannot read version
 .Dv 1
 databases.
 All versions above
 .Nx 5.0
 can read and write both version
 .Dv 0
 and version
 .Dv 1
 databases.
 By default the databases stay in the version they were before the command
 was run.
 .It Fl v
 Mention when a version change occurs.
 .It Fl w
 Print a warning if the system is using old style databases.
 .El
 .Pp
 The two databases differ in that the secure version contains the user's
 encrypted password and the insecure version has an asterisk
 .Pq Dq * .
 .Pp
 The databases are used by the C library password routines (see
 .Xr getpwent 3 ) .
 .Sh EXIT STATUS
 .Nm
 exits zero on success, non-zero on failure.
 .Sh FILES
 .Bl -tag -width Pa -compact