Commit Graph

92 Commits

Author SHA1 Message Date
araujo
f493b25fe2 The sdp opens the database with PERM_SECURE mode and it is different than
dp that opens the database with PERM_INSECURE, so we need to check sdp->put
against sdp instead of use dp->put.

PR:		bin/191720
Submitted by:	Miles Ohlrich <turingsboy@yahoo.com>
Approved by:	rodrigc (mentor)
Differential Revision:	https://reviews.freebsd.org/D4255
2015-12-28 05:48:22 +00:00
brueffer
2dc82f9774 Fix a few mandoc warnings.
MFC after:	1 week
2015-08-12 10:34:05 +00:00
garga
43727d164b When passwd or group information is changed (by pw, vipw, chpass, ...)
temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.

There is a pfSense bug with more infor about it:

https://redmine.pfsense.org/issues/4523

The following changes were made to protect passwd and group operations:

* lib/libutil/gr_util.c:
 - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
 - After rename(), fsync() call on directory for faster result

* lib/libutil/pw_util.c
 - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file

* usr.sbin/pwd_mkdb/pwd_mkdb.c
 - Added O_SYNC flag on dbopen() calls
 - After rename(), fsync() call on directory for faster result

* lib/libutil/pw_util.3
 - pw_lock() returns a file descriptor to master password file on success

Differential Revision:	https://reviews.freebsd.org/D2978
Approved by:	bapt
Sponsored by:	Netgate
2015-07-02 17:30:59 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
delphij
f7eabb8e53 Whitespace changes for r283981. No actual code changes. 2015-06-04 07:25:40 +00:00
delphij
82c0d88211 In r113596, version 4 of entries have been added but pwd_mkdb have
been generating both new (machine independent) and legacy version
entries (endianness sensitive).

The base system have been using the new format for quite some time,
so disable the generation by default.

An interim option, -l, have been added to re-enable old behavior.
The -l, -B and -L options are considered deprecated and will be
removed in FreeBSD 12.0 release.
2015-06-04 07:24:56 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
5e568154a0 Merge head 2014-04-28 07:50:45 +00:00
des
1253516150 Add -p to the example (why isn't this the default?)
MFC after:	1 week
2014-02-06 09:57:27 +00:00
des
13e7f78c73 Add an example of the most common use case.
MFC after:	1 week
2014-02-05 09:28:02 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
ed
14d5ba5322 Mark global functions and/or variables in pwd_mkdb(8) static where possible.
This allows compilers and static analyzers to do more thorough analysis.
2011-11-06 19:02:25 +00:00
gordon
8ac701c982 Only increment the ypcnt once per data record. The old implementation
was incrementing it twice making it impossible to iterate the table
since the records were 1, 3, 5, 7 (or 2, 4, 6, 8 for the v3 records).

MFC after:	10 days
2011-07-06 06:34:08 +00:00
ed
073cafdd42 The last big commit: let usr.sbin/ use WARNS=6 by default. 2010-01-02 11:07:44 +00:00
brian
0c0feffc95 Verify that the username length is smaller than MAXLOGNAME when
asked to verify a passwd file (pwd_mkdb -C).

Entries with oversized usernames are still permitted when building
the passwd database.

When entries are >= MAXLOGNAME in length, they are correctly stored
in passwd, pwd.db and spwd.db but are only correctly retrieved by
getpwent*() and getpwuid*().  getpwnam*() truncates to MAXLOGNAME - 1
when reading from a file (breaking at least sh, tcsh and bash)
and utilities such as su(1) check, complain and fail if the
passed name is >= MAXLOGNAME in length.

MFC after:	3 weeks
2009-05-20 08:32:25 +00:00
dd
f531cb9c12 Correctly handle an input file without a newline on the last line (and
avoid the confusing error message about the line being too long). This
change uses fgetln to detect the right conditions, but the fixed-width
line buffer is kept because too many other places in the program make
assumptions about its maximum width.

Approved by:	re (scottl)
2005-06-15 10:13:04 +00:00
charnier
db28e8fe5e Even if variable is never used uninitialized by the semantic, reduce compiler
warning by giving an initial value in all cases.
2005-05-29 16:01:12 +00:00
ru
bdce891768 Add endianness support.
While version 4 entries are architecture-independent, we
also store old (version 3) entries in native byte order.
Also, the hash itself is created in a native byte order.

With this change, pwd_mkdb(8) can be used to cross-build
*pwd.db files for another architecture.

Tested on:	i386, amd64, alpha, sparc64
2005-02-28 21:05:30 +00:00
stefanf
43fa8deb7c Turn K&R functions into prototypes. 2005-02-10 09:00:55 +00:00
ru
c05985f13f Sort sections. 2005-01-18 20:02:45 +00:00
imp
9fbed704d5 Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)
2004-08-07 04:28:56 +00:00
imp
e2cd05d744 Add 'i' to the getopt string.
Noticed by: jhein
2004-08-05 15:44:26 +00:00
imp
697fd69b85 Add support for ignoring locking failures. This is only enabled when
you've specified a directory.  It is intended to be used in building
custom releases over NFS where locking may be unreliable at best and
there is no contention that the locking is designed to arbitrate.
Other uses of this flag are discouraged.  Document same in usage and
man page (including the warning about unwise).

Sponsored by: Timing Solutions
2004-07-21 17:38:04 +00:00
imp
21933e4a30 Two style related changes:
(1) use strlcpy instead of strncpy since the use here of the latter
    was incorrect.
(2) Move 'N' case into proper sorted order (sorted the same way that
    ls sorts its args).
2004-07-21 17:02:36 +00:00
ru
6294018a20 Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
obrien
7293a24a2b Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
nectar
1c734cdc1b When updating a single entry (i.e. when the `-u' option is given),
do not add the "\xFF" "VERSION" key --- it should only be added once
ALL entries have been updated.

While I'm here, correct the logic that detects whether or not the
user-ID has changed so that it works even if all entries have not
yet been updated to the new format.

Users missing-in-action were
Reported by:	tjr, Vallo Kallaste <vallo@estcard.ee>,
		    leafy <leafy@leafy.idv.tw>

Sponsored by:	DARPA, Network Associates Laboratories
2003-04-28 11:41:56 +00:00
nectar
8e1cb92b6b Revert the definitions of _PW_KEY* to their previous values. There is
at least one consumer outside of libc and pwd_mkdb.
Adjust the versioning in libc and pwd_mkdb accordingly.

named was the application affected, and that fact was first
Reported by:	Zherdev Anatoly <tolyar@mx.ru>

Sponsored by:	DARPA, Network Associates Laboratories
2003-04-18 14:11:17 +00:00
nectar
cd021cdb21 = Implement thread-safe versions of the getpwent(3) and getgrent(3)
family of functions using the new nsdispatch(3) core.  Remove
  arbitrary size limits when using the thread-safe versions.

= Re-implement the traditional getpwent(3)/getgrent(3) functions on
  top of the thread-safe versions.

= Update the on-disk format of the hashed version of the passwd(5)
  databases to allow for versioned entries.  The legacy version is
  `3'.  (Don't ask.)

= Add support for version `4' entries in the passwd(5) database.
  Entries in this format are identical to version 3 entries except
  that all integers are stored as 32-bit integers in network byte
  order (big endian).

= pwd_mkdb is updated to generate both version 3 and version 4
  entries.

Sponsored by:	DARPA, Network Associates Laboratories
2003-04-17 14:15:26 +00:00
obrien
a920d12f89 style.Makefile(5) 2003-04-04 17:49:21 +00:00
ru
041d1287e8 Uniformly refer to a file system as "file system".
Approved by:	re
2002-12-12 17:26:04 +00:00
charnier
d2168fe021 The .Nm utility 2002-07-14 14:47:15 +00:00
alfred
9350b2dc7e WARNS=4 cleanup, de-__P() 2002-07-11 21:16:52 +00:00
trhodes
7d7bd3ffde Consistancy check: s/file system/filesystem/g 2002-05-16 02:28:39 +00:00
dd
165dbb1a74 When reporting that a line is too long, include the line number in the
error message.  While I'm here, add a note that the "line too long"
message isn't always accurate.

PR:		35395
Submitted by:	andrew@ugh.net.au
2002-03-09 03:52:14 +00:00
peter
5a0fafd56a Explicitly use int32_t for on-disk records for pw_change and pw_expire,
since that is what we use now and this insulates us from any time_t
tweaks here.  We can define a record format that uses 64 bit times if/when
we need to.
2001-10-27 02:13:41 +00:00
dd
13626ad8a2 It's bad enough to capitalize the name of the executable at the
beginning of the sentence, but at the very least it shouldn't be done
in the middle of a sentence!
2001-08-04 22:11:08 +00:00
obrien
9c97c8f02d Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
dd
911ca14c87 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
ru
afd506414e - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
ru
f10dc9aca1 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
ru
71e2293ad4 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
nectar
748554442d Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.

= Hesiod has been added to libc (see hesiod(3)).

= A library routine for parsing nsswitch.conf and invoking callback
  functions as specified has been added to libc (see nsdispatch(3)).

= The following C library functions have been modified to use nsdispatch:
    . getgrent, getgrnam, getgrgid
    . getpwent, getpwnam, getpwuid
    . getusershell
    . getaddrinfo
    . gethostbyname, gethostbyname2, gethostbyaddr
    . getnetbyname, getnetbyaddr
    . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr

= host.conf has been removed from src/etc.  rc.network has been modified
  to warn that host.conf is no longer used at boot time.  In addition, if
  there is a host.conf but no nsswitch.conf, the latter is created at boot
  time from the former.

Obtained from:	NetBSD
2000-09-06 18:16:48 +00:00
paul
62f215a16f Fix various unsigned vs signed errors that caused problems with uids
and gids bigger than 16 bits. Added checks for uids and gids that are
bigger than 32 bits.

Approved by:	jkh (partly, this fix is bigger than I first intended)
2000-03-09 18:11:16 +00:00
sheldonh
b2240fc1c0 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 14:09:25 +00:00
sheldonh
8d21f19e4e Replace the -q option to pwd_mkdb with a test for PW_SCAN_BIG_IDS in
the environment.  This allows big ID warnings to be suppressed for
vipw and chpass as well.

Since the environment variable test is only performed for callers
of pw_scan() that do not set pw_big_ids_warning, the test can still
be overriden.  Currently, chpass and pwd_mkdb are the only users
of pw_scan() and neither of them overrides the environment variable
test.
1999-12-02 16:39:15 +00:00