The intention of /etc/passwd was to support legacy applications that are
not yet converted to use modern API like getpwent(3). Comments are not
defined in the legacy format, so copying them could break these
applications. Plus, it could leak sensitive information (e.g. encrypted
form of password of an user that was commented out instead of deleted
or disabled).
PR: bin/144652
MFC after: 1 month
My change to allow bootstrapping pwd_mkdb (r363992) resulted in i386 build
failures because the bootstrap header was being included in non-bootstrap chpass.
Dropping the no longer required pwd_mkdb include path from chpass fixes
the build, but to be certain that the failure doesn't get re-introduced,
I've also moved the bootstrap pwd.h into a subdirectory so that adding
-I${SRCTOP}/usr.sbin/pwd_mkdb doesn't pull it in.
Reported by: mjg
We need to provide a struct passwd that is compatible with the target
system and this is not the case when cross-building from macOS/Linux.
It should also be a problem when bootstrapping for an i386 target from a
FreeBSD amd64 host since time_t does not match across those systems.
However, pwd_mkdb always truncates integer values to 32-bit so this
difference does not result in different databases.
Reviewed By: brooks
Differential Revision: https://reviews.freebsd.org/D25931
All of them are needed to be able to boot to single user and be able
to repair a existing FreeBSD installation so put them directly into
FreeBSD-runtime.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D21503
Legacy v3 db support was retired in r333133, and it was v3 support that
required the -B and -L options. The options were retained temporarily,
but now that stable/12 has branched they can be removed.
Sponsored by: The FreeBSD Foundation
pwd_mkdb has emitted v4 password database records since 2003 (r113596)
in addition to v3, and as of r283981 by default it emitted only v4.
As described in r283981, retire the -l legacy option.
The -B and -L options were originally added to set the endianness of v3
records emitted by pwd_mkdb, but they also set the db hash endiannes and
so have been retained temporarily.
Announced on the FreeBSD-Current and FreeBSD-Stable lists. In stable/11
the man page contains a deprecation notice, and pwd_mkdb will emit a
deprecation notice if the -l option is specified.
Reviewed by: delphij, lidl, rgrimes
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D15144
For cross-architecture reproducibility. The db(3) functions work with
hashes of either endianness, and the current (v4) version password db
entries already store integers in network order. Do so with the hash as
well so that identical password databases can be created on big- and
little-endian hosts.
The -B and -L flags exist to set the endianness for legacy (v3) entries
when the -l flag is used, and they will still control hash endianness
(at least until the backwards compatibility infrastructure is removed).
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
r283981 switched pwd_mkdb to emit only v4 database entries by default,
and introduced a -l (legacy) option emit v3 entries in addition. The
commit message claims that legacy support will be removed in 12.0, so
emit a warning now if it is used.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
dp that opens the database with PERM_INSECURE, so we need to check sdp->put
against sdp instead of use dp->put.
PR: bin/191720
Submitted by: Miles Ohlrich <turingsboy@yahoo.com>
Approved by: rodrigc (mentor)
Differential Revision: https://reviews.freebsd.org/D4255
temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.
There is a pfSense bug with more infor about it:
https://redmine.pfsense.org/issues/4523
The following changes were made to protect passwd and group operations:
* lib/libutil/gr_util.c:
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.c
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
* usr.sbin/pwd_mkdb/pwd_mkdb.c
- Added O_SYNC flag on dbopen() calls
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.3
- pw_lock() returns a file descriptor to master password file on success
Differential Revision: https://reviews.freebsd.org/D2978
Approved by: bapt
Sponsored by: Netgate
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
been generating both new (machine independent) and legacy version
entries (endianness sensitive).
The base system have been using the new format for quite some time,
so disable the generation by default.
An interim option, -l, have been added to re-enable old behavior.
The -l, -B and -L options are considered deprecated and will be
removed in FreeBSD 12.0 release.
was incrementing it twice making it impossible to iterate the table
since the records were 1, 3, 5, 7 (or 2, 4, 6, 8 for the v3 records).
MFC after: 10 days
asked to verify a passwd file (pwd_mkdb -C).
Entries with oversized usernames are still permitted when building
the passwd database.
When entries are >= MAXLOGNAME in length, they are correctly stored
in passwd, pwd.db and spwd.db but are only correctly retrieved by
getpwent*() and getpwuid*(). getpwnam*() truncates to MAXLOGNAME - 1
when reading from a file (breaking at least sh, tcsh and bash)
and utilities such as su(1) check, complain and fail if the
passed name is >= MAXLOGNAME in length.
MFC after: 3 weeks
avoid the confusing error message about the line being too long). This
change uses fgetln to detect the right conditions, but the fixed-width
line buffer is kept because too many other places in the program make
assumptions about its maximum width.
Approved by: re (scottl)
While version 4 entries are architecture-independent, we
also store old (version 3) entries in native byte order.
Also, the hash itself is created in a native byte order.
With this change, pwd_mkdb(8) can be used to cross-build
*pwd.db files for another architecture.
Tested on: i386, amd64, alpha, sparc64
you've specified a directory. It is intended to be used in building
custom releases over NFS where locking may be unreliable at best and
there is no contention that the locking is designed to arbitrate.
Other uses of this flag are discouraged. Document same in usage and
man page (including the warning about unwise).
Sponsored by: Timing Solutions
(1) use strlcpy instead of strncpy since the use here of the latter
was incorrect.
(2) Move 'N' case into proper sorted order (sorted the same way that
ls sorts its args).
do not add the "\xFF" "VERSION" key --- it should only be added once
ALL entries have been updated.
While I'm here, correct the logic that detects whether or not the
user-ID has changed so that it works even if all entries have not
yet been updated to the new format.
Users missing-in-action were
Reported by: tjr, Vallo Kallaste <vallo@estcard.ee>,
leafy <leafy@leafy.idv.tw>
Sponsored by: DARPA, Network Associates Laboratories
at least one consumer outside of libc and pwd_mkdb.
Adjust the versioning in libc and pwd_mkdb accordingly.
named was the application affected, and that fact was first
Reported by: Zherdev Anatoly <tolyar@mx.ru>
Sponsored by: DARPA, Network Associates Laboratories
family of functions using the new nsdispatch(3) core. Remove
arbitrary size limits when using the thread-safe versions.
= Re-implement the traditional getpwent(3)/getgrent(3) functions on
top of the thread-safe versions.
= Update the on-disk format of the hashed version of the passwd(5)
databases to allow for versioned entries. The legacy version is
`3'. (Don't ask.)
= Add support for version `4' entries in the passwd(5) database.
Entries in this format are identical to version 3 entries except
that all integers are stored as 32-bit integers in network byte
order (big endian).
= pwd_mkdb is updated to generate both version 3 and version 4
entries.
Sponsored by: DARPA, Network Associates Laboratories