Commit Graph

421 Commits

Author SHA1 Message Date
Ian Lepore
029a2d652e Remove some code that's no longer needed because it's now part of pw_scan(3).
It was also leading to segfaults; pw can be NULL when control reaches these
lines now, because of the way my previous change restructured the loops.

Reported by:	lwhsu@
2018-07-27 15:17:24 +00:00
Ian Lepore
3196b50827 Re-apply r336625 which was reverted with r336638, now that the underlying
pw_scan(3) has been fixed in a way that doesn't perturb other callers of
it or the getpwnam(3) family.

Make pw(8) showuser work the same with or without -R <path> for non-root
users.  Without -R, pw(8) uses getpwnam(3), which will open master.passwd
for the root user or passwd for non-root users.  With -R <path> pw(8) was
always opening <path>/master.passwd, which would fail for a non-root user,
then falsely claim the userid you're trying to show doesn't exist.

Now for a non-root user it opens <path>/passwd, and populates the fields in
the returned struct passwd which aren't present in that file with well-known
canonical values, which duplicates the behavior of getpwnam(3).  The net
effect is that the showuser output is identical whether using -R or not.
2018-07-26 20:03:11 +00:00
Ian Lepore
d05db9a4ff Revert r336625 until I figure out why it worked with simple testing but
reportedly fails the kyua tests and causes other real-world problems.

Reported by:	cy@ asomers@
2018-07-23 14:58:44 +00:00
Ian Lepore
1a61d99330 Make pw(8) showuser work the same with or without -R <path> for non-root
users.  Without -R, pw(8) uses getpwnam(3), which will open master.passwd
for the root user or passwd for non-root users.  With -R <path> pw(8) was
always opening <path>/master.passwd, which would fail for a non-root user,
then falsely claim the userid you're trying to show doesn't exist.

Now for a non-root user it opens <path>/passwd and zeroes out the 3 fields
that aren't available in the passwd file, which duplicates the behavior of
getpwnam(3).  The net effect is that the showuser output is identical
whether using -R or not.
2018-07-22 23:41:40 +00:00
David Bright
32bd1c2bb3 Allow the "@" and "!" characters in passwd file GECOS fields.
Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.

PR:		152084, 210187
Submitted by:	jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reported by:	jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reviewed by:	delphij (secteam), vangyzen
MFC after:	1 week
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D14519
2018-03-01 17:47:28 +00:00
Eugene Grosbein
a2c08ce75b pw(8): r326738 broke expiration arithmetic in case of `-D' flag not supplied.
Fix it and rename misnamed time_t variables `expire_days, password_days'
(always holding absolute time) to `expire_time, password_time'.

Add a comment for a case of overloading `cmdcnf->password_days'
and `cmdcnf->expire_days' with absolute time.

Reported by:	markj
Approved by:	mav (mentor)
MFC after:	1 week
2017-12-15 06:05:16 +00:00
Eugene Grosbein
d30f122fa6 pw(8): correct expiration period handling and command line overrides
to preconfigured values for -e, -p and -w flags.

Use non-negative symbols instead of magic values
in passwd_val/pw_password functions.

PR:		223431
Submitted by:	Yuri Pankov (in part, patch for the manual)
Reported by:	mav (mentor)
MFC after:	3 days
Relnotes:	yes
2017-12-09 23:34:00 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Ed Maste
8d2dbd281f pw useradd: Validate the user name before creating the entry
Previouly it was possible to create users with spaces in the name with:
pw useradd -u 1234 -g 1234 -n 'test user'

The "-g 1234" is relevant, without it the name was already rejected
as expected:

[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name

Bug unintentionally found with a salt config without explicit name entry:

test user:
  user.present:
    - uid: 1234
    - gid: 1234
    - fullname: Test user
    - shell: /usr/local/bin/bash
    - home: /home/test
    - groups:
      - wheel
      - salt

"Luckily" salt modules rarely bother with input validation either ...

PR:		221416
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
MFC after:	1 week
2017-08-19 00:32:26 +00:00
Ed Maste
3dc869c257 pw usermod: Properly deal with empty secondary group lists (-G '')
"pw usermod someuser -G ''" is supposed make sure that someuser
doesn't have any secondary group memberships.

Previouly it was a nop because split_groups() only intitialised
"groups" if at least one group was specified. As a result the
existing secondary group memberships were kept.

PR:		221417
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
MFC after:	1 week
Relnotes:	yes
2017-08-19 00:19:23 +00:00
Enji Cooper
d511b20a69 Add HAS_TESTS to all Makefiles that are currently using the
`SUBDIR.${MK_TESTS}+= tests` idiom.

This is a follow up to r321912.
2017-08-02 08:50:42 +00:00
Enji Cooper
4b330699f8 Convert traditional ${MK_TESTS} conditional idiom for including test
directories to SUBDIR.${MK_TESTS} idiom

This is being done to pave the way for future work (and homogenity) in
^/projects/make-check-sandbox .

No functional change intended.

MFC after:	1 weeks
2017-08-02 08:35:51 +00:00
Enji Cooper
b8504cc0a6 pw: add some basic testcases for groupshow and usershow
- groupshow: test out -a/-g/-n .
- usershow: test out -a/-n/-u .

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-05-28 02:15:57 +00:00
Alan Somers
0ce59aa848 Don't depend on assert(3) getting evaluated
Reported by:	imp
MFC after:	3 weeks
X-MFC-With:	318141, 318143
Sponsored by:	Spectra Logic Corp
2017-05-10 16:06:22 +00:00
Alan Somers
daccabe958 strcpy => strlcpy
Reported by:	Coverity
CID:		1006715
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-05-10 15:38:06 +00:00
Baptiste Daroussin
d1005f6a13 Add a regression test for r31512 fix
PR:		217934
MFC after:	1 week
2017-03-25 10:47:58 +00:00
Eugene Grosbein
92bb425e4e Properly initialise with content of pw.conf(5) that was mistakenly ignored.
Also, respect "defaultgroup" if specified there.

PR:		217934
Reported by:	Victor Sudakov <vas@mpeks.tomsk.su>
Reviewed by:	bapt
Approved by:	bapt, vsevolod (mentor)
MFC after:	1 week
2017-03-24 16:18:57 +00:00
Enji Cooper
458cbf0ae6 Rename tests from <foo> to <foo>_test to match the FreeBSD test suite
naming scheme

usr.bin/diff/diff_test was renamed to usr.bin/diff/netbsd_diff_test
to avoid collisions with the renamed FreeBSD test.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-23 03:28:24 +00:00
Alan Somers
58fbd700fa Increase WARNS for pw tests
ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by:  ngie, julian
MFC after:    3 weeks
Sponsored by: Spectra Logic Corporation
Differential Revision:        https://reviews.freebsd.org/D9933
2017-03-11 00:11:20 +00:00
Baptiste Daroussin
b11244e721 Really restore the old behaviour for pw usermod -m
It again reinstall missing skel files without overwriting changed one
Add a regression test about it

Reported by:	ae
MFC after:	3 days
2017-01-22 20:03:18 +00:00
Baptiste Daroussin
6789e5acf2 Readd a feature lost in pw(8) refactoring
pw usermod foo -m

It used to be able to (re)create the home directory if it didn't exists

PR:		216224
Reported by:	ae
MFC after:	3 days
2017-01-22 18:55:01 +00:00
Baptiste Daroussin
abd4699ce2 Fix pkg groupshow <gid>
PR:		204676
Submitted by:	longwitz@incore.de
MFC after:	2 days
2016-12-10 12:48:48 +00:00
Alan Somers
cbaba16b23 Speed up pw operations that edit /etc/group or /etc/passwd
r285050 fixed a bug in pw that could lead to /etc/passwd or /etc/group
corruption on power loss. However, it fixed it by opening those files with
O_SYNC, which is very slow, especially on ZFS. This change replaces O_SYNC
with appropriately placed fsync()s instead, which is much faster. Using a
ZFS tmpdir, the time to run pw's kyua tests drops from 245s to 35s.

Reviewed by:	allanjude, bapt, vangyzen, garga
Tested on pfSense by:	garga
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D8319
2016-11-18 16:07:08 +00:00
Alan Somers
07c4accca8 Close some file descriptor leaks in pw
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D8245
2016-10-21 20:17:19 +00:00
Warren Block
bb00e5490b Add another badly-needed simple example to the pw(8) man page. 2016-09-13 02:18:29 +00:00
Bryan Drewery
776d5e11e9 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-08-31 19:30:46 +00:00
Ed Schouten
9c24291370 Fix up setgrent(3) to have a POSIX-compliant prototype.
Just like with freelocale(3), I haven't been able to find any piece of
code that actually makes use of this function's return value, both in
base and in ports. The reason for this is that FreeBSD seems to be the
only operating system to have such a prototype. This is why I'm deciding
to not use symbol versioning for this.

It does seem that the pw(8) utility depends on the function's typing and
already had a switch in place to toggle between the FreeBSD and POSIX
variant of this function. Clean this up by always expecting the POSIX
variant.

There is also a single port that has a couple of local declarations of
setgrent(3) that need to be patched up. This is in the process of being
fixed.

PR:		211394 (exp-run)
2016-07-31 08:05:15 +00:00
Baptiste Daroussin
7556d9b06a Remove usage of _WITH_GETLINE from usr.sbin 2016-07-30 01:10:05 +00:00
Baptiste Daroussin
1d981d8ef5 Do not try to delete the home of the user if is is not a directory for example
"/dev/null"

PR:		211195
Submitted by:	rday <ryan@ryanday.net>
Reported by:	eniorm <eniorm@gmail.com>
MFC after:	1 day
2016-07-23 10:19:10 +00:00
Alan Somers
7c46e6ef06 pw should sanitize the argument of -w.
Otherwise, it will silently disable the login for the selected account if
the argument is unrecognizable.

usr.sbin/pw/pw.h
usr.sbin/pw/pw_conf.c
usr.sbin/pw/pw_user.c
	Use separate rules to validate boolean parameters and passwd
	parameters.  Error out if a password parameter cannot be parsed.

usr.sbin/pw/tests/Makefile
usr.sbin/pw/tests/crypt.c
usr.sbin/pw/tests/pw_useradd.sh
usr.sbin/pw/tests/pw_usermod.sh
	Add tests for the validation.  Also, enhance existing
	password-related tests to actually validate that the correct hash is
	written to master.passwd.

Reviewed by:	bapt
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6840
2016-07-13 17:09:20 +00:00
Baptiste Daroussin
e1fc61c114 Fix typo preventing pw {user,group}next -C from working as expected
Reported by:	Mike Selnet via forums.freebsd.org
MFC after:	3 days
2016-06-04 16:31:33 +00:00
Don Lewis
660d4fe299 Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking.  Fix this problem by limiting the length
of the name copied.

Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser.  Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.

Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.

Reduce code indentation by returning early in a couple of places.

Reported by:	Coverity
CID:		1006692
Reviewed by:	markj (previous version)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D6490
2016-05-24 05:02:24 +00:00
Enji Cooper
430f7286a5 Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed
after r298107

Summary of changes:

- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
  namespacing is kept with FILES appropriately, and that this shouldn't need
  to be repeated if the namespace changes -- only the definition of PACKAGE
  needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
  `tests`. In the event we get to the point where things can be split up
  enough in the base system, it would make more sense to group the tests
  with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
  previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
  bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
  ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
  and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)

Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.

MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
2016-05-04 23:20:53 +00:00
Warren Block
9b8a603ef0 Add a single example of adding a user that roughly corresponds with the
adduser example in the Handbook.

MFC after:	1 week
2016-04-23 22:57:54 +00:00
Glen Barber
d60840138f MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
Warren Block
579a636f2a Adjust misleading wording of the -G option and simplify a few
surrounding sentences.  From a discussion on -ports.

Reviewed by:	David Wolfskill <david@catwhisker.org>
2016-03-28 02:05:35 +00:00
Baptiste Daroussin
41328b4417 Remove some unneeded headers
Found by 'include-what-you-use'
2016-03-26 11:41:35 +00:00
Glen Barber
7d536dc855 MFH
Sponsored by:	The FreeBSD Foundation
2016-03-10 21:16:01 +00:00
Bryan Drewery
15c433351f DIRDEPS_BUILD: Connect MK_TESTS.
Sponsored by:	EMC / Isilon Storage Division
2016-03-09 22:46:01 +00:00
Glen Barber
52259a98ad MFH
Sponsored by:	The FreeBSD Foundation
2016-03-02 16:14:46 +00:00
Mark Johnston
429008a9ca Fix a typo that prevented pw(8) from setting a user's UID to 0.
MFC after:	1 week
Sponsored by:	EMC / Isilon Storage Division
2016-03-02 04:56:36 +00:00
Glen Barber
43faedc133 First pass to fix the 'tests' packages.
Sponsored by:	The FreeBSD Foundation
2016-02-02 22:26:49 +00:00
Baptiste Daroussin
49d448f523 Simplify code for parsing extra groups 2015-12-29 00:08:32 +00:00
Baptiste Daroussin
4fc9390e7e Remove useless assignement of linelen 2015-12-29 00:02:08 +00:00
Baptiste Daroussin
36a8b62f3a Restore dryrun support for pw groupmod 2015-12-28 23:57:22 +00:00
Baptiste Daroussin
8ab28c4e4b pw_checkname since the beginning if too strict on GECOS field,
relax it a bit so gecos can be used to store multibytes data.

This was unseen before FreeBSD 10.2 as this validation function was motly unused
since FreeBSD 10.2 the usage of this function has been generalized to improve
validation.

Reported by:	des
MFC after:	1 week
2015-12-02 22:35:25 +00:00
Baptiste Daroussin
c514e5a523 Fix handling of numeric-only names with pw lock
Add a regression test about it

PR:		204968
MFC after:	1 week
2015-12-02 22:01:37 +00:00
Xin LI
069cc8a45f In pw_userlock, set 'name' to NULL when we encounter an all number string
because it is also used as an indicator of whether a name or an UID is
being used and we may have undefined results as 'name' may contain
uninitialized stack contents.

MFC after:	2 weeks
2015-10-30 00:46:52 +00:00
Bryan Drewery
b1585b5a06 Fix unlikely memory leak.
It is unlikely since the first check in the function is that dir[0] is '/',
but later code changes may make it real.

Coverity CID:	1332104
2015-10-29 18:29:28 +00:00