#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 1, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# SunOS/5/gen_passwd_sets - 06/14/93
# Updated 10/10/01 for pam enabled passwords (ARC)
#
#-----------------------------------------------------------------------------
#

local=0
for parm
do
  case "$parm" in
    -p) passwordflag=Y;;
    -l) local=1;;
    *)	outfile="$parm";;
  esac
done
zappasswd()
{
  IFS=:
  while read user passwd rest
  do
    case $passwd in
      [a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./])
	     passwd="xxxxxxxxxxxxx"
	   ;;
        ' ')  passwd=" "
           ;;
	*)
	     passwd="*"
	   ;;
    esac
    echo "$user:$passwd:$rest" >> $OUTPUT
  done
}

INPUTS=`
$GREP '^passwd' /etc/nsswitch.conf |
$AWK '{
       for(i=2;i<=NF;i++)
          print $i
      }'
`

for source in $INPUTS
do
  case $source in
    files)
           $SORT /etc/passwd |sed -e "s/:$/:\/dev\/null/"> $WORKDIR/p.$$
	   $SORT /etc/shadow |
	   $JOIN -t: -e " " -o 2.1 1.2 2.3 2.4 2.5 2.6 2.7 - $WORKDIR/p.$$ |
	   {
	     if [ "$passwordflag" = 'Y' ]; then
	       $CAT
	     else
	       zappasswd
	     fi
	   } > $WORKDIR/etc_passwd.$$
	   $GREP '^+' $WORKDIR/etc_passwd.$$ && {
	     echo "--WARN-- [miscxxxx] The '+' key in the /etc/passwd file should only be used in nsswitch 'compat' mode."
	   }
	   
	   [ -s $WORKDIR/etc_passwd.$$ ] && {
	     echo "/etc/passwd" > $WORKDIR/etc_passwd.$$.src
	     echo $WORKDIR/etc_passwd.$$ >> $outfile
	   }
	   $RM -f $WORKDIR/p.$$
	 ;;
    nis)   [ "$local" != 1 ] && {
             $YPCAT passwd > $WORKDIR/nis_passwd.$$
	     echo "NIS" > $WORKDIR/nis_passwd.$$.src
	     echo $WORKDIR/nis_passwd.$$ >> $outfile
	   }
	 ;;
    nisplus) [ "$local" != 1 ] && {
               $NISCAT passwd.org_dir > $WORKDIR/nisplus_passwd.$$
	       echo "NIS+" > $WORKDIR/nisplus_passwd.$$.src
	       echo "$WORKDIR/nisplus_passwd.$$" >> $outfile
	     }
         ;;
    *)
         ;;
  esac
done
