Revert the definitions of _PW_KEY* to their previous values. There is
at least one consumer outside of libc and pwd_mkdb. Adjust the versioning in libc and pwd_mkdb accordingly. named was the application affected, and that fact was first Reported by: Zherdev Anatoly <tolyar@mx.ru> Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
parent
b37d8ead52
commit
b4603f3dd4
@ -78,17 +78,36 @@ typedef __size_t size_t;
|
||||
|
||||
#define _PATH_PWD_MKDB "/usr/sbin/pwd_mkdb"
|
||||
|
||||
#define _PWD_VERSION_KEY "\xFF" "VERSION"
|
||||
#define _PWD_CURRENT_VERSION '\x04'
|
||||
/* Historically, the keys in _PATH_MP_DB/_PATH_SMP_DB had the format
|
||||
* `1 octet tag | key', where the tag is one of the _PW_KEY* values
|
||||
* listed below. These values happen to be ASCII digits. Starting
|
||||
* with FreeBSD 5.1, the tag is now still a single octet, but the
|
||||
* upper 4 bits are interpreted as a version. Pre-FreeBSD 5.1 format
|
||||
* entries are version `3' -- this conveniently results in the same
|
||||
* key values as before. The new, architecture-independent entries
|
||||
* are version `4'.
|
||||
* As it happens, some applications read the database directly.
|
||||
* (Bad app, no cookie!) Thus, we leave the _PW_KEY* symbols at their
|
||||
* old pre-FreeBSD 5.1 values so these apps still work. Consequently
|
||||
* we have to do muck around a bit more to get the correct, versioned
|
||||
* tag, and that is what the _PW_VERSIONED macros is about.
|
||||
*/
|
||||
|
||||
#define _PW_VERSION_MASK '0xF0'
|
||||
#define _PW_VERSION(x) ((unsigned char)((x)<<4))
|
||||
#define _PW_VERSIONED(x, v) ((unsigned char)(((x) & 0xCF) | ((v)<<4)))
|
||||
|
||||
#define _PW_KEYBYNAME '\x01' /* stored by name */
|
||||
#define _PW_KEYBYNUM '\x02' /* stored by entry in the "file" */
|
||||
#define _PW_KEYBYUID '\x03' /* stored by uid */
|
||||
#define _PW_KEYYPENABLED '\x04' /* YP is enabled */
|
||||
#define _PW_KEYYPBYNUM '\x05' /* special +@netgroup entries */
|
||||
#define _PW_KEYBYNAME '\x31' /* stored by name */
|
||||
#define _PW_KEYBYNUM '\x32' /* stored by entry in the "file" */
|
||||
#define _PW_KEYBYUID '\x33' /* stored by uid */
|
||||
#define _PW_KEYYPENABLED '\x34' /* YP is enabled */
|
||||
#define _PW_KEYYPBYNUM '\x35' /* special +@netgroup entries */
|
||||
|
||||
/* The database also contains a key to indicate the format version of
|
||||
* the entries therein. There may be other, older versioned entries
|
||||
* as well.
|
||||
*/
|
||||
#define _PWD_VERSION_KEY "\xFF" "VERSION"
|
||||
#define _PWD_CURRENT_VERSION '\x04'
|
||||
|
||||
#define _PASSWORD_EFMT1 '_' /* extended encryption format */
|
||||
|
||||
|
@ -593,7 +593,7 @@ files_passwd(void *retval, void *mdata, va_list ap)
|
||||
}
|
||||
break;
|
||||
}
|
||||
keybuf[0] |= _PW_VERSION(st->version);
|
||||
keybuf[0] = _PW_VERSIONED(keybuf[0], st->version);
|
||||
rv = st->db->get(st->db, &key, &entry, 0);
|
||||
if (rv < 0 || rv > 1) { /* should never return > 1 */
|
||||
*errnop = errno;
|
||||
@ -1500,7 +1500,7 @@ compat_passwd(void *retval, void *mdata, va_list ap)
|
||||
memcpy(&keybuf[1], &store, sizeof(store));
|
||||
key.size = sizeof(store) + 1;
|
||||
}
|
||||
keybuf[0] = _PW_KEYBYNUM | _PW_VERSION(st->version);
|
||||
keybuf[0] = _PW_VERSIONED(_PW_KEYBYNUM, st->version);
|
||||
rv = st->db->get(st->db, &key, &entry, 0);
|
||||
if (rv < 0 || rv > 1) { /* should never return > 1 */
|
||||
*errnop = errno;
|
||||
|
@ -67,8 +67,8 @@ static const char rcsid[] =
|
||||
#define SECURE 2
|
||||
#define PERM_INSECURE (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)
|
||||
#define PERM_SECURE (S_IRUSR|S_IWUSR)
|
||||
#define LEGACY_VERSION _PW_VERSION(3)
|
||||
#define CURRENT_VERSION _PW_VERSION(4)
|
||||
#define LEGACY_VERSION(x) _PW_VERSIONED(x, 3)
|
||||
#define CURRENT_VERSION(x) _PW_VERSIONED(x, 4)
|
||||
|
||||
HASHINFO openinfo = {
|
||||
4096, /* bsize */
|
||||
@ -229,7 +229,7 @@ main(int argc, char *argv[])
|
||||
pw_db = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
|
||||
if (!pw_db)
|
||||
error(_MP_DB);
|
||||
buf[0] = _PW_KEYBYNAME | CURRENT_VERSION;
|
||||
buf[0] = CURRENT_VERSION(_PW_KEYBYNAME);
|
||||
len = strlen(username);
|
||||
|
||||
/* Only check that username fits in buffer */
|
||||
@ -245,7 +245,7 @@ main(int argc, char *argv[])
|
||||
while (*p++)
|
||||
;
|
||||
|
||||
buf[0] = _PW_KEYBYUID | CURRENT_VERSION;
|
||||
buf[0] = CURRENT_VERSION(_PW_KEYBYUID);
|
||||
memmove(buf + 1, p, sizeof(int));
|
||||
key.data = (u_char *)buf;
|
||||
key.size = sizeof(int) + 1;
|
||||
@ -372,7 +372,7 @@ main(int argc, char *argv[])
|
||||
sdata.size = p - sbuf;
|
||||
|
||||
/* Store insecure by name. */
|
||||
tbuf[0] = _PW_KEYBYNAME | CURRENT_VERSION;
|
||||
tbuf[0] = CURRENT_VERSION(_PW_KEYBYNAME);
|
||||
len = strlen(pwd.pw_name);
|
||||
memmove(tbuf + 1, pwd.pw_name, len);
|
||||
key.size = len + 1;
|
||||
@ -380,7 +380,7 @@ main(int argc, char *argv[])
|
||||
error("put");
|
||||
|
||||
/* Store insecure by number. */
|
||||
tbuf[0] = _PW_KEYBYNUM | CURRENT_VERSION;
|
||||
tbuf[0] = CURRENT_VERSION(_PW_KEYBYNUM);
|
||||
store = htonl(cnt);
|
||||
memmove(tbuf + 1, &store, sizeof(store));
|
||||
key.size = sizeof(store) + 1;
|
||||
@ -388,7 +388,7 @@ main(int argc, char *argv[])
|
||||
error("put");
|
||||
|
||||
/* Store insecure by uid. */
|
||||
tbuf[0] = _PW_KEYBYUID | CURRENT_VERSION;
|
||||
tbuf[0] = CURRENT_VERSION(_PW_KEYBYUID);
|
||||
store = htonl(pwd.pw_uid);
|
||||
memmove(tbuf + 1, &store, sizeof(store));
|
||||
key.size = sizeof(store) + 1;
|
||||
@ -396,7 +396,7 @@ main(int argc, char *argv[])
|
||||
error("put");
|
||||
|
||||
/* Store secure by name. */
|
||||
tbuf[0] = _PW_KEYBYNAME | CURRENT_VERSION;
|
||||
tbuf[0] = CURRENT_VERSION(_PW_KEYBYNAME);
|
||||
len = strlen(pwd.pw_name);
|
||||
memmove(tbuf + 1, pwd.pw_name, len);
|
||||
key.size = len + 1;
|
||||
@ -404,7 +404,7 @@ main(int argc, char *argv[])
|
||||
error("put");
|
||||
|
||||
/* Store secure by number. */
|
||||
tbuf[0] = _PW_KEYBYNUM | CURRENT_VERSION;
|
||||
tbuf[0] = CURRENT_VERSION(_PW_KEYBYNUM);
|
||||
store = htonl(cnt);
|
||||
memmove(tbuf + 1, &store, sizeof(store));
|
||||
key.size = sizeof(store) + 1;
|
||||
@ -412,7 +412,7 @@ main(int argc, char *argv[])
|
||||
error("put");
|
||||
|
||||
/* Store secure by uid. */
|
||||
tbuf[0] = _PW_KEYBYUID | CURRENT_VERSION;
|
||||
tbuf[0] = CURRENT_VERSION(_PW_KEYBYUID);
|
||||
store = htonl(pwd.pw_uid);
|
||||
memmove(tbuf + 1, &store, sizeof(store));
|
||||
key.size = sizeof(store) + 1;
|
||||
@ -421,7 +421,7 @@ main(int argc, char *argv[])
|
||||
|
||||
/* Store insecure and secure special plus and special minus */
|
||||
if (pwd.pw_name[0] == '+' || pwd.pw_name[0] == '-') {
|
||||
tbuf[0] = _PW_KEYYPBYNUM | CURRENT_VERSION;
|
||||
tbuf[0] = CURRENT_VERSION(_PW_KEYYPBYNUM);
|
||||
store = htonl(ypcnt);
|
||||
memmove(tbuf + 1, &store, sizeof(store));
|
||||
ypcnt++;
|
||||
@ -473,7 +473,7 @@ main(int argc, char *argv[])
|
||||
sdata.size = p - sbuf;
|
||||
|
||||
/* Store insecure by name. */
|
||||
tbuf[0] = _PW_KEYBYNAME | LEGACY_VERSION;
|
||||
tbuf[0] = LEGACY_VERSION(_PW_KEYBYNAME);
|
||||
len = strlen(pwd.pw_name);
|
||||
memmove(tbuf + 1, pwd.pw_name, len);
|
||||
key.size = len + 1;
|
||||
@ -481,21 +481,21 @@ main(int argc, char *argv[])
|
||||
error("put");
|
||||
|
||||
/* Store insecure by number. */
|
||||
tbuf[0] = _PW_KEYBYNUM | LEGACY_VERSION;
|
||||
tbuf[0] = LEGACY_VERSION(_PW_KEYBYNUM);
|
||||
memmove(tbuf + 1, &cnt, sizeof(cnt));
|
||||
key.size = sizeof(cnt) + 1;
|
||||
if ((dp->put)(dp, &key, &data, method) == -1)
|
||||
error("put");
|
||||
|
||||
/* Store insecure by uid. */
|
||||
tbuf[0] = _PW_KEYBYUID | LEGACY_VERSION;
|
||||
tbuf[0] = LEGACY_VERSION(_PW_KEYBYUID);
|
||||
memmove(tbuf + 1, &pwd.pw_uid, sizeof(pwd.pw_uid));
|
||||
key.size = sizeof(pwd.pw_uid) + 1;
|
||||
if ((dp->put)(dp, &key, &data, methoduid) == -1)
|
||||
error("put");
|
||||
|
||||
/* Store secure by name. */
|
||||
tbuf[0] = _PW_KEYBYNAME | LEGACY_VERSION;
|
||||
tbuf[0] = LEGACY_VERSION(_PW_KEYBYNAME);
|
||||
len = strlen(pwd.pw_name);
|
||||
memmove(tbuf + 1, pwd.pw_name, len);
|
||||
key.size = len + 1;
|
||||
@ -503,14 +503,14 @@ main(int argc, char *argv[])
|
||||
error("put");
|
||||
|
||||
/* Store secure by number. */
|
||||
tbuf[0] = _PW_KEYBYNUM | LEGACY_VERSION;
|
||||
tbuf[0] = LEGACY_VERSION(_PW_KEYBYNUM);
|
||||
memmove(tbuf + 1, &cnt, sizeof(cnt));
|
||||
key.size = sizeof(cnt) + 1;
|
||||
if ((sdp->put)(sdp, &key, &sdata, method) == -1)
|
||||
error("put");
|
||||
|
||||
/* Store secure by uid. */
|
||||
tbuf[0] = _PW_KEYBYUID | LEGACY_VERSION;
|
||||
tbuf[0] = LEGACY_VERSION(_PW_KEYBYUID);
|
||||
memmove(tbuf + 1, &pwd.pw_uid, sizeof(pwd.pw_uid));
|
||||
key.size = sizeof(pwd.pw_uid) + 1;
|
||||
if ((sdp->put)(sdp, &key, &sdata, methoduid) == -1)
|
||||
@ -518,7 +518,7 @@ main(int argc, char *argv[])
|
||||
|
||||
/* Store insecure and secure special plus and special minus */
|
||||
if (pwd.pw_name[0] == '+' || pwd.pw_name[0] == '-') {
|
||||
tbuf[0] = _PW_KEYYPBYNUM | LEGACY_VERSION;
|
||||
tbuf[0] = LEGACY_VERSION(_PW_KEYYPBYNUM);
|
||||
memmove(tbuf + 1, &ypcnt, sizeof(cnt));
|
||||
ypcnt++;
|
||||
key.size = sizeof(cnt) + 1;
|
||||
@ -550,7 +550,13 @@ main(int argc, char *argv[])
|
||||
if (yp_enabled) {
|
||||
buf[0] = yp_enabled + 2;
|
||||
data.size = 1;
|
||||
tbuf[0] = _PW_KEYYPENABLED | LEGACY_VERSION;
|
||||
key.size = 1;
|
||||
tbuf[0] = CURRENT_VERSION(_PW_KEYYPENABLED);
|
||||
if ((dp->put)(dp, &key, &data, method) == -1)
|
||||
error("put");
|
||||
if ((sdp->put)(sdp, &key, &data, method) == -1)
|
||||
error("put");
|
||||
tbuf[0] = LEGACY_VERSION(_PW_KEYYPENABLED);
|
||||
key.size = 1;
|
||||
if ((dp->put)(dp, &key, &data, method) == -1)
|
||||
error("put");
|
||||
|
Loading…
Reference in New Issue
Block a user