of NFS home directory and root directory processing fails to include
additional groups. This doesn't impact the final credential, but does
mean that users may be denied login even when additional groups might
allow it.
reserved word, causing breakage when a C++ program included libutil.h
This change will be propagated elsewhere shortly.
Submitted by: jkh
Obtained from: TrustedBSD Project
utility functions which convert between string namespace names and
numeric constants used by the interface. Right now, two namespaces
are supported, EXTATTR_NAMESPACE_SYSTEM ("system") and
EXTATTR_NAMESPACE_USER ("user"). These functions are used by
various userland EA utilities, rather than hard coding the routines
all over the place.
Obtained from: TrustedBSD Project
that applications know how large of a buffer they must allocate before
calling property_find(). Also added a $FreeBSD$ tag while I'm here.
Approved by: jkh
getting libutil/libcrypt to work properly. I've determined that GCC
thinks it can inline all functions, including weak-symboled ones, if
it feels like it.
Create a new stub.c and move any stubs there to prevent inlining.
Thanks to jdp and William S. Duncanson for helping me finally find the
problem.
and bump __FreeBSD_version to 500012 to mark the occasion.
setproctitle() is prototyped in unistd.h as opposed to stdlib.h
where OpenBSD and NetBSD have it.
Reviewed by: peter
for crypt(3) by now. In any case:
Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).
The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)
Reviewed by: peter
via IPv6, the hostname is trimed due to the length of IPv6 address.
This change saves it as possible.
I have a grudge against the shortage of UT_HOSTSIZE.
to be applied to the value given. This does not break installed
/etc/login.conf files, since un-suffixed numbers are interpreted as
they were before.
PR: 19750
Submitted by: Paul Herman <pherman@frenchfries.net>
when connecting via IPv6, hostname was not recorded to utmp anymore.
Because, if hostname is longer than buffer size, getnameinfo() returns
with ENI_MEMORY.
Reviewed by: shin
Approved by: jkh
Now libutil depends on libc.so.4, so needs to update the major version.
Without this, old binaries which use libutil and build with libc.so.3
will coredump on recent 4.0.
Solicited comment for cvs-committers and there seems to be no objection.
Approved by: jkh
string to u_long and back using two functions, flags_to_string and
string_to_flags, which co-existed with 'ls'. As time has progressed
more and more other tools have used these private functions to
manipulate the file flags.
Recently I moved these functions from /usr/src/bin/ls to libutil,
but after some discussion with bde it's been decided that they
really ought to go in libc.
There are two already existing libc functions for manipulating file
modes: setmode and getmode. In keeping with these flags_to_string
has been renamed getflags and string_to_flags to setflags.
The manual page could probably be improved upon ;)
This fixes some nasty procfs problems for SMP, makes ps(1) run much faster,
and makes ps(1) even less dependent on /proc which will aid chroot and
jails alike.
To disable this facility and revert to previous behaviour:
sysctl -w kern.ps_arg_cache_limit=0
For full details see the current@FreeBSD.org mail-archives.
- Sort xrefs
- FreeBSD.ORG -> FreeBSD.org
- Be consistent with section names as outlines in mdoc(7)
- Other misc mdoc cleanup.
PR: doc/13144
Submitted by: Alexy M. Zelkin <phantom@cris.net>
secure permissions in case the user attempts to save something to
a file of his own.
Move umask stuff out of pw_init() into main() for better visibility
of overall umask tweaking logic.
PR: misc/11797
"passwordtime" is what passwd(1) has actually been using. I suspect
passwordperiod was the original intent. I can't figure-out which,
if either, BSDi uses. If anyone knows...
an unimprovement here. I thought it would be an improvement, as in libkvm,
but here we can access the strings directly.
Use sysctlbyname() instead of sysctl() and trust it to give a nonzero
address if it succeeds.
execvp() in the child branch of a vfork(). Changed to use fork()
instead.
Some of these (mv, find, apply, xargs) might benefit greatly from
being rewritten to use vfork() properly.
PR: Loosely related to bin/8252
Approved by: jkh and bde
shouldn't include other ones (which, unfortunately, is also a hellish
rule since he broke interfaces like sysctl this way by requiring undocumented
header files to be included just in order to be able to use them now - SIGH!).
I'll convert sysinstall to use shortly) and a simple call which uses
this mechanism to implement an /etc/auth.conf file. I'll let Mark Murray
handle the format and checkin of the sample auth.conf file.
Reviewed by: markm
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
guaranteed to be the same thing.
I've been running these on my system here w/o ill effects for some
time. However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes. Shouldn't impact anything, but...
Here is a some example for avoiding a confusion.
It asssumes a logged host domain is "spec.co.jp". All
example is longer than UT_HOSTNAMELEN value.
1) turbo.tama.spec.co.jp: 192.19.0.2 -> trubo.tama
2) turbo.tama.foo.co.jp : 192.19.0.2 -> 192.19.0.2
3) specgw.spec.co.jp : 202.32.13.1 -> specgw
Submitted by: Atsushi Murai <amurai@spec.co.jp>
Commented out docmentation of nonexistent authenticate() and
auth_timesok(). authenticate() seems to be obsolete and
auth_timesok() never existed in FreeBSD.
that this source is compiled against. This source is referenced by
install which is needed as a build tool and must be able to compile
against NetBSD headers and libraries if we have a hope of supporting
another architecture.
With this change, that's two working programs down and 3945 (?) to go.
The other one was make, but that didn't need any changes to work under
FreeBSD/Alpha. 8-)
ISSUES:
An example and better explansion on how to specify a user's login
class in /etc/master passwd is needed.
(As I don't seem to be specifiying it right, I can't do it).
$ vipw
[corrupt a line in editor, exit editor]
pwd_mkdb: corrupted entry
pwd_mkdb: at line #2
pwd_mkdb:
/etc/pw.012585: Inappropriate file type or format
re-edit the password file? [y]: n^D^D
[hang]
These changes add the ability to specify that a UFS file/directory
cannot be unlinked. This is basically a scaled back version
of the IMMUTABLE flag. The reason is to allow an administrator
to create a directory hierarchy that a group of users
can arbitrarily add/delete files from, but that the hierarchy
itself is safe from removal by them.
If the NOUNLINK definition is set to 0
then this results in no change to what happens normally.
(and results in identical binary (in the kernel)).
It can be proven that if this bit is never set by the admin,
no new behaviour is introduced..
Several "good idea" comments from reviewers plus one grumble
about creeping featurism.
This code is in production in 2.2 based systems
visible type names in prototypes in user space headers. libutil.h
generates warnings with -Wall over the use of "const char *ttyname".
It's lucky it wasn't a #define conflict.
Is a single '_' prefix acceptable? or does it need to be two?
bumped only 0.1 or 1.0 between releases. (See handbook.)
Note that if you have built world in -current in the last 48 hours or
so, you should manually remove /usr/lib/libutil.so.2.3 before
rebuilding world to cleanse your system.
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
Use snprintf instead of sprintf to avoid buffer overflows
Use snprintf in uu_lockerr instead of lots of hardcoded constants
and not null-terminated strncpy
Return "" for OK and "device in use" for INUSE, it allows simple
strcpy(buf, uu_lockerr(retcode)) without testing for special OK
case (NULL was there) and obtaining meaningful result for INUSE
("" was there) without special testing for it too.
in uu_lock(). Add uu_lockerr() for turning the results of
uu_lock into something printable. Remove bogus section in man page
about race conditions allowing both processes to get the lock.
Include libutil.h and use uu_lock() correctly where it should.
Suggested by: ache@freebsd.org
allocated size not reset to 0 causing NULL dereference
on call after login_close().
2) Modify login_capsize() behaviour to match manpage, allow
concatenated sizes; ie. 10m500k
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
were added with the login class stuff. This is needed since libutil.so.2.1
is what is used in RELENG_2_2 and well into the release cycle. We only
bump once per release cycle as needed.
also add the missing declaration of forkpty() to libutil.h.
Btw., the calling interface for login(3) is crude. Some better
abstraction is needed, perhaps similar to logwtmp(3).
2.2 candidate, but i'll wait for the spelling police first. :)
option to pwd_mkdb and adding this option to utilities invoking it.
Further, the filling of both the secure and insecure databases has been
merged into one loop giving also a performance improvemnet.
Note that I did *not* change the adduser command. I don't read perl
(it is a write only language anyway).
The change will drastically improve performance for passwd and
friends with large passwd files. Vipw's performance won't change.
In order to do that some kind of diff should be made between the
old and new master.passwd and depending the amount of changes, an
incremental or complete update of the databases should be agreed
upon.
the statically compiled PS_STRINGS and USRSTACK variables. This prevents
programs using setproctitle from coredumping if the kernel VM is increased,
and stops libkvm users (w, ps, etc) from needing to be recompiled if only
the VM layout changes.
Install (optional) libutil.h with prototypes for the functions and
document this in the man page.
minor cleanups to the various routines, include the prototype file, declare
return codes etc.
replace the dozen other various hacks in the code that do all sorts
of crude things including spamming the envrionment strings with the new
argv string.
This version is mainly inspired by the sendmail version, with a couple of
ideas taken from the NetBSD implementation as well.
'NIS information unchanged' or '/etc/master.passwd unchanged'
depending on which was is being modified (conditional on -DYP).
This is to save me the trouble of writing a whole other error
routine (nis_error()?) for the upcoming changes to passwd and
chpass.