While version 4 entries are architecture-independent, we
also store old (version 3) entries in native byte order.
Also, the hash itself is created in a native byte order.
With this change, pwd_mkdb(8) can be used to cross-build
*pwd.db files for another architecture.
Tested on: i386, amd64, alpha, sparc64
you've specified a directory. It is intended to be used in building
custom releases over NFS where locking may be unreliable at best and
there is no contention that the locking is designed to arbitrate.
Other uses of this flag are discouraged. Document same in usage and
man page (including the warning about unwise).
Sponsored by: Timing Solutions
(1) use strlcpy instead of strncpy since the use here of the latter
was incorrect.
(2) Move 'N' case into proper sorted order (sorted the same way that
ls sorts its args).
do not add the "\xFF" "VERSION" key --- it should only be added once
ALL entries have been updated.
While I'm here, correct the logic that detects whether or not the
user-ID has changed so that it works even if all entries have not
yet been updated to the new format.
Users missing-in-action were
Reported by: tjr, Vallo Kallaste <vallo@estcard.ee>,
leafy <leafy@leafy.idv.tw>
Sponsored by: DARPA, Network Associates Laboratories
at least one consumer outside of libc and pwd_mkdb.
Adjust the versioning in libc and pwd_mkdb accordingly.
named was the application affected, and that fact was first
Reported by: Zherdev Anatoly <tolyar@mx.ru>
Sponsored by: DARPA, Network Associates Laboratories
family of functions using the new nsdispatch(3) core. Remove
arbitrary size limits when using the thread-safe versions.
= Re-implement the traditional getpwent(3)/getgrent(3) functions on
top of the thread-safe versions.
= Update the on-disk format of the hashed version of the passwd(5)
databases to allow for versioned entries. The legacy version is
`3'. (Don't ask.)
= Add support for version `4' entries in the passwd(5) database.
Entries in this format are identical to version 3 entries except
that all integers are stored as 32-bit integers in network byte
order (big endian).
= pwd_mkdb is updated to generate both version 3 and version 4
entries.
Sponsored by: DARPA, Network Associates Laboratories
since that is what we use now and this insulates us from any time_t
tweaks here. We can define a record format that uses 64 bit times if/when
we need to.
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
and gids bigger than 16 bits. Added checks for uids and gids that are
bigger than 32 bits.
Approved by: jkh (partly, this fix is bigger than I first intended)
the environment. This allows big ID warnings to be suppressed for
vipw and chpass as well.
Since the environment variable test is only performed for callers
of pw_scan() that do not set pw_big_ids_warning, the test can still
be overriden. Currently, chpass and pwd_mkdb are the only users
of pw_scan() and neither of them overrides the environment variable
test.
in getopt(). The code was there, the means to use it wasn't.
Also update the usage() statment to reflect reality.
PR: bin/9248
Submitted by: Jos Backus <jbackus@plex.nl>
Forgotten By: dillon
Have pwd_mkdb lock the source file while rebuilding the database. When
called by programs such as vipw, the source file is a temporary file and
this does not conflict with the lock on /etc/master.passwd already held
by vipw. When run manually, however, master.passwd is typically specified
as the argument and the locking prevents other programs from messing with
master.passwd during the database rebuild.
Also pwd_mkdb uses a blocking exclusive lock as it may be called from
a script. The -N option was added to cause pwd_mkdb to get the lock
non-blocking and exit with an error if the attempt fails, again useful
for scripts.
the password file into /etc/master.passwd and optional (-p) into
/etc/passwd. Enable this feature with the compile
option -DPASSWD_IGNORE_COMMENTS.
The character `#' introduces a comment. Leading spaces and tabs are
ignored: '^[ \t]*#.*\n$'
Count an empty line - only spaces, tabs or newline - also as a comment.
An empty line at the bottom of /etc/master.passwd is a common
novice error and increased my mail load: '^[ \t]*\n$'
and both changes need to be pulled into the stable branch). The
problem here is that when pwd_mkdb creates /etc/passwd, it turns
empty UID and GID fields into zeroes. To fix this, we check the
_PWF_UID and _PWF_GID bits in the pw_fields flag: if the bits
are not set, we print an empty field instead of a zero. This way,
you don't get zeroes in the UID or GID fields unless you explicit
want them.
option to pwd_mkdb and adding this option to utilities invoking it.
Further, the filling of both the secure and insecure databases has been
merged into one loop giving also a performance improvemnet.
Note that I did *not* change the adduser command. I don't read perl
(it is a write only language anyway).
The change will drastically improve performance for passwd and
friends with large passwd files. Vipw's performance won't change.
In order to do that some kind of diff should be made between the
old and new master.passwd and depending the amount of changes, an
incremental or complete update of the databases should be agreed
upon.
pwd_mkdb.c:
- Don't save the PLUSCNT and MINUSCNT tokens: we don't need them anymore.
- Count the + and - entires for NIS together instead of counting + and -
entries seperately. Index all special NIS entries using new _PW_KEYYPBYNUM
token.
pwd.h:
- Remove the PLUSBYNUM, MINUSBYNUM, PLUSCNT and MINUSCNT tokens and replace
then with a single _PW_KEYYPBYNUM token.
Note: if you put +::0:0:::::: in /etc/master.passwd as your only NIS
entry, it will cause all NIS uids and gids to be remapped to zero. This
is *intentional*. That's the way it's supposed to work. Enabling NIS with
no remapping at all is done with +:::::::::, not +::0:0::::::. Similarly,
+:::::::::/bin/csh will remap the shells of all NIS users to /bin/csh.
Or, you could do +wpaul:::::::::/bin/csh to remap NIS user wpaul's shell
to /bin/csh but leave everyone else alone.
for +@netgroup/-@netgroup entries. This saves the getpwent functions
from having to do all the work.
- Fix potential bug: when pwd_mkdb writes the YP-enabled flag to the secure
password database, it uses the wrong database descriptor. (It uses the
descriptor from the non-secure database, which is already closed by the time
things are being written into the secure dastabase).
!!!!!!!!
NB
!!!!!!!!
You MUST pwd_mkdb /etc/master.passwd before attempting to use the new
libc, or things may go wrong. (I doubt anything actually /will/ go
wrong, but the actual behavior is undefined. YOU HAVE BEEN WARNED.)
The database format is, however, backwards-compatible, so old executables
will still work.
