Commit Graph

56 Commits

Author SHA1 Message Date
Pedro F. Giffuni
efa8af7c73 lib: initial use of reallocarray(3).
Make some use of reallocarray, attempting to limit it to cases where the
parameters are unsigned and there is some theoretical chance of overflow.

MFC afer:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D9980
2017-04-21 19:27:33 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Dag-Erling Smørgrav
e68bca507d Use malloc()ed buffers instead of stack buffers in gr_copy() and pw_copy().
This allows pw(8) to operate on passwd and group files with longer lines
than could be accomodated by a stack buffer.  It doesn't take more than a
few hundred users to exceed 8192 bytes in /etc/group.

MFC after:	3 weeks
Sponsored by:	The University of Oslo
2016-11-28 21:00:19 +00:00
Alan Somers
cbaba16b23 Speed up pw operations that edit /etc/group or /etc/passwd
r285050 fixed a bug in pw that could lead to /etc/passwd or /etc/group
corruption on power loss. However, it fixed it by opening those files with
O_SYNC, which is very slow, especially on ZFS. This change replaces O_SYNC
with appropriately placed fsync()s instead, which is much faster. Using a
ZFS tmpdir, the time to run pw's kyua tests drops from 245s to 35s.

Reviewed by:	allanjude, bapt, vangyzen, garga
Tested on pfSense by:	garga
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D8319
2016-11-18 16:07:08 +00:00
Ed Schouten
e33d251e8e Remove useless calls to basename().
There are a couple of places in the source three where we call
basename() on constant strings. This is bad, because the prototype
standardized by POSIX allows the implementation to use its argument as a
storage buffer.

This change eliminates some of these unportable calls to basename() in
cases where it was only added for cosmetical reasons, namely to trim
argv[0]. There's nothing wrong with setting argv[0] to the full path.

Reviewed by:	jilles
Differential Revision:	https://reviews.freebsd.org/D6093
2016-05-01 08:22:11 +00:00
Renato Botelho
d32a66b2a2 When passwd or group information is changed (by pw, vipw, chpass, ...)
temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.

There is a pfSense bug with more infor about it:

https://redmine.pfsense.org/issues/4523

The following changes were made to protect passwd and group operations:

* lib/libutil/gr_util.c:
 - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
 - After rename(), fsync() call on directory for faster result

* lib/libutil/pw_util.c
 - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file

* usr.sbin/pwd_mkdb/pwd_mkdb.c
 - Added O_SYNC flag on dbopen() calls
 - After rename(), fsync() call on directory for faster result

* lib/libutil/pw_util.3
 - pw_lock() returns a file descriptor to master password file on success

Differential Revision:	https://reviews.freebsd.org/D2978
Approved by:	bapt
Sponsored by:	Netgate
2015-07-02 17:30:59 +00:00
Baptiste Daroussin
c24c3080ea revert r283969,283970 not needed anymore after r283981 2015-06-04 08:00:11 +00:00
Baptiste Daroussin
972cf03ed9 Add a pw_mkdb2(3) function which does the same thing as pw_mkdb(3) except
it takes a new argument allowing to specify the endianness of the database
to generate

Differential Revision:	https://reviews.freebsd.org/D2730
Reviewed by:	ian
2015-06-03 20:48:28 +00:00
Baptiste Daroussin
ede89d5db2 Add O_CLOEXEC to flopen
Requested by:	jilles
2012-12-27 20:24:44 +00:00
Baptiste Daroussin
98e79fb122 Use flopen(3) instead of open(2) + flock(2) 2012-12-27 14:09:50 +00:00
Baptiste Daroussin
b3d9795c98 backout r242319, racy and not done in the right place
Reported by:	Garrett Cooper  <yanegomi@gmail.com>
2012-10-29 18:06:09 +00:00
Baptiste Daroussin
29e575503c make pw_init and gr_init fail if the specified master password or group file is
a directory.

MFC after:	1 month
2012-10-29 17:19:43 +00:00
Baptiste Daroussin
2f1b1e91a3 Revert user comparison back to user names as some user can share uids (root/toor
for example)

get the username information from old_pw structures to still allow renaming of a
user.

Reported by:	Claude Buisson <clbuisson@orange.fr>
Approved by:	des (mentor)
MFC after:	3 weeks
2012-06-19 11:39:56 +00:00
Ed Schouten
e6ad3d22f4 Detect file modification properly by using tv_nsec.
POSIX 2008 standardizes st_mtim, meaning we can simply use nanosecond
precision to detect file modification.

MFC after:	2 weeks
2012-02-10 13:40:32 +00:00
Baptiste Daroussin
a9e4a4780a Add new pw_make_v7 to make a passwd line (in v7 format) out of a struct passwd
while here, fix missing parentheses of the return statement of pw_make.

Approved by:	des (mentor)
2012-01-05 10:40:24 +00:00
Baptiste Daroussin
1926f2f6fa Modify pw_copy:
- if pw is NULL and oldpw is not NULL then the oldpw is deleted
- if pw->pw_name != oldpw->pw_name but pw->pw_uid == oldpw->pw_uid
then it renames the user

add new gr_* functions so now gr_util API is similar to pw_util API,
this allow to manipulate groups in a safe way.

Reviewed by:	des
Approved by:	des
MFC after:	1 month
2011-12-15 22:07:36 +00:00
Dag-Erling Smørgrav
f4fda7679a Old patch I had lying around: clean up and use stpcpy(3) instead of
sprintf(3).
2010-08-16 11:22:12 +00:00
Konstantin Belousov
5dc1529c34 sigset() is the name of function specified by SUSv4.
Replace it to avoid conflict.

MFC after:	3 weeks
2009-11-26 13:41:15 +00:00
Warner Losh
ee7093a640 Remove California Regent's clause 3, per letter 2007-01-09 01:02:06 +00:00
Thomas Quinot
3a1d9c271b Minor comment fix. 2006-09-08 08:14:32 +00:00
Thomas Quinot
71219ddbd1 (pw_copy): Handle the case of a malformed line in master.passwd
(copy it silently, do not dereference NULL pointer).

PR:             bin/102848
Reviewed by:    security-officer (cperciva)
MFC after:      1 week
2006-09-04 15:09:21 +00:00
Stefan Farfeleder
ec18ee18ad Don't depend on NULL's expansion being a pointer, cast it before it is passed
to variadic functions.

Approved by:	das (mentor)
2004-05-18 15:53:58 +00:00
Mark Murray
547fa0d9b7 ANSIfy, WARNSify, CONSTify. Bit of style(9)-ify. 2003-10-18 10:04:16 +00:00
Mark Murray
0ebec5d3c8 Tidy up. Sort headers. 2003-06-14 18:42:37 +00:00
Dag-Erling Smørgrav
b7d6bb0833 Brucify. 2003-04-10 10:26:18 +00:00
Dag-Erling Smørgrav
e7d9d9217c Correctly detect the case where a password entry was changed while we were
preparing to edit it.

PR:		bin/50563
2003-04-09 18:20:51 +00:00
Dag-Erling Smørgrav
e947f78c16 Apply the correct fix for bin/50679: don't mess around with process groups
or the tty, just block selected signals in the parent like system(3) does.
Many thanks to bde for his assistance in finding the correct solution.

PR:		bin/50679
2003-04-09 16:39:47 +00:00
Dag-Erling Smørgrav
c794881f8c Band-aid for the "^C kills the editor" problem. I haven't yet found the
proper way to fix this.  The way this works is to prepend "exec " to
the editor command to eliminate the "shell in the middle" which prevents
us from properly reawakening the editor after a SIGTSTP.

PR:		bin/50679
2003-04-08 18:04:30 +00:00
David Schultz
5d907c3dd2 Make pw_edit() use /bin/sh to interpret the EDITOR environment
variable.

PR:		48748
Reviewed by:	mike (mentor)
2003-03-17 02:12:55 +00:00
Dag-Erling Smørgrav
6dcfea0f37 Don't forget to '\n'-terminate new entries. This unbreaks chpass -a.
Submitted by:	joerg
2002-10-29 13:58:42 +00:00
Nick Hibma
074dccd545 Be more clear in error messages.
Distinguish between a held lock and a failed lock op.

If rpc.lockd is not running on a diskless client this makes clearer
what the problem is.
2002-06-23 19:23:46 +00:00
Dag-Erling Smørgrav
95ed2ab27f If no old_pw was passed to pw_copy, compare just the name.
Sponsored by:	DARPA, NAI Labs
2002-05-08 14:52:32 +00:00
Dag-Erling Smørgrav
e2ef54de51 Add passwd manipulation code based on parts of vipw and chpass.
Sponsored by:	DARPA, NAI Labs
2002-05-08 00:50:07 +00:00
Dag-Erling Smørgrav
f9eaa746eb Make mppath and masterpasswd pointers instead of arrays, and initialize
them to point at static strings that contain the default paths.  This
makes 'vipw -d' work again (I broke it in rev 1.21; apologies for taking
so long to fix it.)

Spotted by:	Olivier Houchard <doginou@cognet.ci0.org>
Sponsored by:	DARPA, NAI Labs
2002-04-17 00:18:15 +00:00
Dag-Erling Smørgrav
1c9fd646f6 Remove bogus reference to _use_yp. 2002-04-15 15:50:59 +00:00
Dag-Erling Smørgrav
93deb2ae12 ANSIfy and constify.
Sponsored by:	DARPA, NAI Labs
2002-02-05 06:49:11 +00:00
Brian Somers
7bc6d0158f Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
Dima Dorfman
3babad2e42 Don't pass NULL to the %s format.
Reviewed by:	kris
2001-04-22 03:00:09 +00:00
Kris Kennaway
0e0b415c72 Don't call warn() without a format string. 2000-07-12 00:50:15 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Pierre Beyssac
9d1163f7c3 Move call to umask(0) back into pw_util(), because the latter
function is also used by chpass(1) and passwd(1).
1999-06-29 01:04:10 +00:00
Pierre Beyssac
2ece3ed4c8 Force umask to 077 (instead of 000) during the edit phase, to get
secure permissions in case the user attempts to save something to
a file of his own.

Move umask stuff out of pw_init() into main() for better visibility
of overall umask tweaking logic.

PR:		misc/11797
1999-06-26 12:15:39 +00:00
Sheldon Hearn
af2d5f9b31 Add -d option to vipw(8) to allow selection of an alternative directory
for the password files.

PR:	2703
Submitted by:	jmg
1999-06-26 07:16:42 +00:00
Matthew Dillon
0e31b6b580 oops. Fix indentation of the 'for' loop I just added. 1998-12-13 01:39:32 +00:00
Matthew Dillon
f16d2ab2d3 Handle the race condition where vipw may lock a password file which has
just been replaced.  After our lock succeeds we check if st_nlink is 0
    and if it is we close the descriptor and retry our open/lock sequence.
1998-12-13 01:36:45 +00:00
Dag-Erling Smørgrav
4da8edd59e Since vfork() was changed to fork(), we have to pass errno back from the
child to the parent somehow.

PR:		8353
Submitted by:	Andrew J. Korty <ajk@purdue.edu>
1998-10-20 11:34:11 +00:00
Dag-Erling Smørgrav
1fd98d7d88 Calls one or more of malloc(), warn(), err(), syslog(), execlp() or
execvp() in the child branch of a vfork(). Changed to use fork()
instead.

Some of these (mv, find, apply, xargs) might benefit greatly from
being rewritten to use vfork() properly.

PR:		Loosely related to bin/8252
Approved by:	jkh and bde
1998-10-13 14:52:33 +00:00
Philippe Charnier
acb61b9eb4 Statisize usage(). 1997-10-27 07:53:22 +00:00
Jordan K. Hubbard
97fe7f477f Changes to support full make parallelism (-j<n>) in the world
target.
Reviewed by:	<many different folks>
Submitted by:	Nickolay N. Dudorov" <nnd@nnd.itfs.nsk.su>
1997-10-05 09:40:24 +00:00
Wolfram Schneider
2af22b06a4 Endless loop.
$ vipw
[corrupt a line in editor, exit editor]
pwd_mkdb: corrupted entry
pwd_mkdb: at line #2
pwd_mkdb:
/etc/pw.012585: Inappropriate file type or format
re-edit the password file? [y]: n^D^D
[hang]
1997-09-29 13:13:51 +00:00