Commit Graph

186 Commits

Author SHA1 Message Date
Naman Sood
1a8d37b8cf
pw: Use existing group entry, even if it already has members
Fix the following problem:

1. A nonexistent user, someuser, is added to /etc/group as
   someuser:*:12345:someuser.
2. someuser is then created with the default login group.

A second group entry for someuser will be created.

   someuser:*:12345:someuser
   someuser:*:12346:

With this fix, the existing group entry will be used.

PR:		238995
Reviewed by:	bapt, jrm
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D41057
2023-07-19 10:40:53 -03:00
Naman Sood
17839f45d8
pw: Ensure group membership is not duplicated
Fix the following problem:

1. A nonexistent user, someuser, is added to somegroup in /etc/group.
2. someuser is then created with membership in somegroup.

The entry for somegroup in /etc/group will then contain

    somegroup:*:12345:someuser,someuser

With this fix, the entry will be

    somegroup:*:12345:someuser

PR:		238995
Reviewed by:	bapt, jrm
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D41076
2023-07-19 10:36:09 -03:00
Mike Karels
bbb2d2ce42 pw: do not move /home/$user to /usr/home
When adding a user, pw will create the path to the home directory
if needed.  However, if creating a path with just one component,
i.e.  that appears to be in the root directory, pw would create the
directory in /usr, and create a symlink from the root directory.
Most commonly, this meant that the default of /home/$user would turn
into /usr/home/$user.  This was added in a self-described kludge 26
years ago.  It made (some) sense when root was generally a small
partition, with most of the space in /usr.  However, the default is
now one large partition.  /home really doesn't belong under /usr,
and anyone who wants to use /usr/home can specify it explicitly.
Remove the kludge to move /home under /usr and create the symlink,
and just use the specified path.  Note that this operation was
done only on the first invocation for a path, and this happened most
commonly when adding a user during the install.

Modify the test that checked for the creation of the symlink to
verify that the symlink is *not* made, but rather a directory.
Add a test that intermediate directories are still created.

Reviewed by:	rgrimes, bapt
Differential Revision:	https://reviews.freebsd.org/D40085
2023-05-23 07:17:42 -05:00
pbuff
e0155c6989 pw: The pw_checkname function has added ';' checking.
The pw_checkname function forgot to include a ';'
when checking usernames, causing shell commands
to be executed when a username with a ';' is deleted.

PR:		271427
MFC After:	3 days
2023-05-16 08:48:08 +02:00
Baptiste Daroussin
ef7d0eb948 pw: do not call system()
Calling system makes pw(8) spawn a shell, which can then be abused.

MFC After:	3 days
2023-05-15 08:59:08 +02:00
Warner Losh
4d846d260e spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with:		pfg
MFC After:		3 days
Sponsored by:		Netflix
2023-05-12 10:44:03 -06:00
Eugene Grosbein
1cbe5012cf pw(8): fix combination of modes -N and -w random
The command "pw usermod nobody -Nw random" (or useradd)
generates random password and prints it in encrypted form
but skips choosen random string that makes not much sense
and contradicts the manual page pw.8

Fix it by showing random password in plain text with -N and
without it equally. Add yet another example of how to generate
pw-style random password.

MFC after:	2 weeks
2022-11-28 21:22:39 +07:00
Baptiste Daroussin
c0358afd5b pw: exit with an error in case of using an illegal option
PR:		263188
Reported by:	Dennis Clarke <dclarke@blastwave.org>
MFC After:	1 week
2022-10-12 12:06:32 +02:00
Dag-Erling Smørgrav
0aa2700123 Put OPIE to rest.
Differential Revision: https://reviews.freebsd.org/D36592
2022-10-02 03:37:29 +02:00
Mark Johnston
645c2851e2 pw: Handle errors from ftell() when removing records from /etc/opiekeys.
Reported by:	Coverity
MFC after:	1 week
Sponsored by:	NetApp, Inc.
Sponsored by:	Klara, Inc.
2020-09-01 15:15:09 +00:00
Li-Wen Hsu
60f043fe8e Remove an uneeded indentation introduced in r286196 to silence gcc warnging
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2019-05-25 21:57:01 +00:00
David Bright
32bd1c2bb3 Allow the "@" and "!" characters in passwd file GECOS fields.
Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.

PR:		152084, 210187
Submitted by:	jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reported by:	jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reviewed by:	delphij (secteam), vangyzen
MFC after:	1 week
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D14519
2018-03-01 17:47:28 +00:00
Eugene Grosbein
a2c08ce75b pw(8): r326738 broke expiration arithmetic in case of `-D' flag not supplied.
Fix it and rename misnamed time_t variables `expire_days, password_days'
(always holding absolute time) to `expire_time, password_time'.

Add a comment for a case of overloading `cmdcnf->password_days'
and `cmdcnf->expire_days' with absolute time.

Reported by:	markj
Approved by:	mav (mentor)
MFC after:	1 week
2017-12-15 06:05:16 +00:00
Eugene Grosbein
d30f122fa6 pw(8): correct expiration period handling and command line overrides
to preconfigured values for -e, -p and -w flags.

Use non-negative symbols instead of magic values
in passwd_val/pw_password functions.

PR:		223431
Submitted by:	Yuri Pankov (in part, patch for the manual)
Reported by:	mav (mentor)
MFC after:	3 days
Relnotes:	yes
2017-12-09 23:34:00 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Ed Maste
8d2dbd281f pw useradd: Validate the user name before creating the entry
Previouly it was possible to create users with spaces in the name with:
pw useradd -u 1234 -g 1234 -n 'test user'

The "-g 1234" is relevant, without it the name was already rejected
as expected:

[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name

Bug unintentionally found with a salt config without explicit name entry:

test user:
  user.present:
    - uid: 1234
    - gid: 1234
    - fullname: Test user
    - shell: /usr/local/bin/bash
    - home: /home/test
    - groups:
      - wheel
      - salt

"Luckily" salt modules rarely bother with input validation either ...

PR:		221416
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
MFC after:	1 week
2017-08-19 00:32:26 +00:00
Ed Maste
3dc869c257 pw usermod: Properly deal with empty secondary group lists (-G '')
"pw usermod someuser -G ''" is supposed make sure that someuser
doesn't have any secondary group memberships.

Previouly it was a nop because split_groups() only intitialised
"groups" if at least one group was specified. As a result the
existing secondary group memberships were kept.

PR:		221417
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
MFC after:	1 week
Relnotes:	yes
2017-08-19 00:19:23 +00:00
Alan Somers
0ce59aa848 Don't depend on assert(3) getting evaluated
Reported by:	imp
MFC after:	3 weeks
X-MFC-With:	318141, 318143
Sponsored by:	Spectra Logic Corp
2017-05-10 16:06:22 +00:00
Alan Somers
daccabe958 strcpy => strlcpy
Reported by:	Coverity
CID:		1006715
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-05-10 15:38:06 +00:00
Eugene Grosbein
92bb425e4e Properly initialise with content of pw.conf(5) that was mistakenly ignored.
Also, respect "defaultgroup" if specified there.

PR:		217934
Reported by:	Victor Sudakov <vas@mpeks.tomsk.su>
Reviewed by:	bapt
Approved by:	bapt, vsevolod (mentor)
MFC after:	1 week
2017-03-24 16:18:57 +00:00
Baptiste Daroussin
b11244e721 Really restore the old behaviour for pw usermod -m
It again reinstall missing skel files without overwriting changed one
Add a regression test about it

Reported by:	ae
MFC after:	3 days
2017-01-22 20:03:18 +00:00
Baptiste Daroussin
6789e5acf2 Readd a feature lost in pw(8) refactoring
pw usermod foo -m

It used to be able to (re)create the home directory if it didn't exists

PR:		216224
Reported by:	ae
MFC after:	3 days
2017-01-22 18:55:01 +00:00
Alan Somers
7c46e6ef06 pw should sanitize the argument of -w.
Otherwise, it will silently disable the login for the selected account if
the argument is unrecognizable.

usr.sbin/pw/pw.h
usr.sbin/pw/pw_conf.c
usr.sbin/pw/pw_user.c
	Use separate rules to validate boolean parameters and passwd
	parameters.  Error out if a password parameter cannot be parsed.

usr.sbin/pw/tests/Makefile
usr.sbin/pw/tests/crypt.c
usr.sbin/pw/tests/pw_useradd.sh
usr.sbin/pw/tests/pw_usermod.sh
	Add tests for the validation.  Also, enhance existing
	password-related tests to actually validate that the correct hash is
	written to master.passwd.

Reviewed by:	bapt
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6840
2016-07-13 17:09:20 +00:00
Baptiste Daroussin
e1fc61c114 Fix typo preventing pw {user,group}next -C from working as expected
Reported by:	Mike Selnet via forums.freebsd.org
MFC after:	3 days
2016-06-04 16:31:33 +00:00
Baptiste Daroussin
41328b4417 Remove some unneeded headers
Found by 'include-what-you-use'
2016-03-26 11:41:35 +00:00
Mark Johnston
429008a9ca Fix a typo that prevented pw(8) from setting a user's UID to 0.
MFC after:	1 week
Sponsored by:	EMC / Isilon Storage Division
2016-03-02 04:56:36 +00:00
Baptiste Daroussin
8ab28c4e4b pw_checkname since the beginning if too strict on GECOS field,
relax it a bit so gecos can be used to store multibytes data.

This was unseen before FreeBSD 10.2 as this validation function was motly unused
since FreeBSD 10.2 the usage of this function has been generalized to improve
validation.

Reported by:	des
MFC after:	1 week
2015-12-02 22:35:25 +00:00
Baptiste Daroussin
c514e5a523 Fix handling of numeric-only names with pw lock
Add a regression test about it

PR:		204968
MFC after:	1 week
2015-12-02 22:01:37 +00:00
Xin LI
069cc8a45f In pw_userlock, set 'name' to NULL when we encounter an all number string
because it is also used as an indicator of whether a name or an UID is
being used and we may have undefined results as 'name' may contain
uninitialized stack contents.

MFC after:	2 weeks
2015-10-30 00:46:52 +00:00
Bryan Drewery
b1585b5a06 Fix unlikely memory leak.
It is unlikely since the first check in the function is that dir[0] is '/',
but later code changes may make it real.

Coverity CID:	1332104
2015-10-29 18:29:28 +00:00
Baptiste Daroussin
3d85e406bb Regression: fix usershow -7
Submitted by:	Dan McGregor (via IRC)
MFC after:	2 days
2015-09-14 19:23:00 +00:00
Baptiste Daroussin
ec4f7bd978 Regression: fix pw usermod -d
Mark the user has having been edited if -d option is passed to usermod and
so the request change of home directory actually happen

PR:		203052
Reported by:	lenzi.sergio@gmail.com
MFC after:	2 days
2015-09-12 08:24:25 +00:00
Baptiste Daroussin
729d9b2caa Fix /home symlink creation
Add regression test about it
2015-08-21 09:28:20 +00:00
Baptiste Daroussin
95c64defd7 Fix useradd regression:
Readd the function to create the parents home directory if it does not exists.
if it is only a directory at the top level of the hierarchy symlink it into /usr
as it used to be done before.

Reported by:	kevlo, adrian
2015-08-21 07:09:53 +00:00
Baptiste Daroussin
5770ce6f1d Regression: fix pw usermod -w xxx
Reported by:	gjb
2015-08-14 13:39:55 +00:00
Ed Schouten
fc6ab77011 Avoid calling strlen() where we can use the strspn() return value. 2015-08-03 22:07:50 +00:00
Baptiste Daroussin
5e52b667a7 Fix bugs spotted by gcc
Reported by:	adrian
2015-08-03 06:06:56 +00:00
Adrian Chadd
bbec1b5a7b Actually set quiet to something.
/usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c: In function 'pw_user_next':
/usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c:680: warning: statement with no effect
2015-08-03 05:59:30 +00:00
Baptiste Daroussin
9261982d92 Split some extra long lines 2015-08-02 13:32:23 +00:00
Baptiste Daroussin
bcbdb01e56 Cleanup a bit includes 2015-08-02 13:22:46 +00:00
Baptiste Daroussin
a64b90fbaa Fix regression: report again if a username already exists when creating it 2015-08-02 12:54:15 +00:00
Baptiste Daroussin
d2d022b9fd Rewrite parsing subcommands arguments of pw(8)
Now each subcommands checks its arguments in a dedicated functions.

This helps improving input validation, code readability/maintainability
While here:
- Add a -y option to pw userdel/usermod so it can maintain NIS servers if
  nispasswd is not defined in pw.conf(5)
- Allow pw -r <rootdir> to remove directory with userdel -r
- Fix bug when renaming a user which was not renaming the user name it groups
  it is a member of.
- Only parse pw.conf(5) when needed.
2015-08-02 12:47:50 +00:00
Baptiste Daroussin
7493058fb6 Partial revert of r286152
More work needed on the cli validation
2015-08-01 12:18:48 +00:00
Baptiste Daroussin
80d9f89289 Validate expiration days and password days from commmand line and pw.conf 2015-08-01 10:25:55 +00:00
Baptiste Daroussin
50698e6718 Cast uid/git to uintmax_t when using printf-like functions so the size of
uid/gid size remains a implementation detail
2015-08-01 09:55:47 +00:00
Baptiste Daroussin
bbdee3ebde Reject usermod and userdel if the user concerned is not on the user database
supposed to be manipulated

This prevent pw usermod creating a new local user when requesting to usermod on
a username is defined in LDAP.

This issue only happens when modifying the local user database (not inpacting
commands when -V or -R are used).

PR:		187653
Submitted by:	tmwalaszek@gmail.com
2015-07-28 21:49:38 +00:00
Baptiste Daroussin
81e2ba845c Fix wrong warning printed after changing or updating NIS users
PR:		37672
Submitted by:	chris+freebsd@chrullrich.de
2015-07-28 20:52:10 +00:00
Baptiste Daroussin
d7747c3c6f Regression fix: allow to create users with uid0
Reported by:	Jan Mikkelsen <janm@transactionware.com>
2015-07-13 09:08:27 +00:00
Baptiste Daroussin
28b2f1294f Ensure skeldir is abolute path (relatively to the rootdir) 2015-07-12 22:08:58 +00:00
Baptiste Daroussin
ee8c5d1451 pw -R <rootdir> userdel can now cleanup installation
Rewrite rm_r to use *at function, allowing to remove home directories along with
users. only crontabs and at(1) installation are not removed

Relnotes:	yes
2015-07-12 21:43:57 +00:00