Commit Graph

419 Commits

Author SHA1 Message Date
dab
fad14883a6 Allow the "@" and "!" characters in passwd file GECOS fields.
Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.

PR:		152084, 210187
Submitted by:	jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reported by:	jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reviewed by:	delphij (secteam), vangyzen
MFC after:	1 week
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D14519
2018-03-01 17:47:28 +00:00
eugen
8306e41a53 pw(8): r326738 broke expiration arithmetic in case of `-D' flag not supplied.
Fix it and rename misnamed time_t variables `expire_days, password_days'
(always holding absolute time) to `expire_time, password_time'.

Add a comment for a case of overloading `cmdcnf->password_days'
and `cmdcnf->expire_days' with absolute time.

Reported by:	markj
Approved by:	mav (mentor)
MFC after:	1 week
2017-12-15 06:05:16 +00:00
eugen
3cfe33fd3b pw(8): correct expiration period handling and command line overrides
to preconfigured values for -e, -p and -w flags.

Use non-negative symbols instead of magic values
in passwd_val/pw_password functions.

PR:		223431
Submitted by:	Yuri Pankov (in part, patch for the manual)
Reported by:	mav (mentor)
MFC after:	3 days
Relnotes:	yes
2017-12-09 23:34:00 +00:00
pfg
7551d83c35 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
bdrewery
a598c4b809 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
emaste
e182a6c1cb pw useradd: Validate the user name before creating the entry
Previouly it was possible to create users with spaces in the name with:
pw useradd -u 1234 -g 1234 -n 'test user'

The "-g 1234" is relevant, without it the name was already rejected
as expected:

[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name

Bug unintentionally found with a salt config without explicit name entry:

test user:
  user.present:
    - uid: 1234
    - gid: 1234
    - fullname: Test user
    - shell: /usr/local/bin/bash
    - home: /home/test
    - groups:
      - wheel
      - salt

"Luckily" salt modules rarely bother with input validation either ...

PR:		221416
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
MFC after:	1 week
2017-08-19 00:32:26 +00:00
emaste
0c4cd99556 pw usermod: Properly deal with empty secondary group lists (-G '')
"pw usermod someuser -G ''" is supposed make sure that someuser
doesn't have any secondary group memberships.

Previouly it was a nop because split_groups() only intitialised
"groups" if at least one group was specified. As a result the
existing secondary group memberships were kept.

PR:		221417
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
MFC after:	1 week
Relnotes:	yes
2017-08-19 00:19:23 +00:00
ngie
d26727d972 Add HAS_TESTS to all Makefiles that are currently using the
`SUBDIR.${MK_TESTS}+= tests` idiom.

This is a follow up to r321912.
2017-08-02 08:50:42 +00:00
ngie
734d081ed1 MFhead@r321912 2017-08-02 08:38:36 +00:00
ngie
bfaf90f3d4 pw: add some basic testcases for groupshow and usershow
- groupshow: test out -a/-g/-n .
- usershow: test out -a/-n/-u .

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-05-28 02:15:57 +00:00
asomers
0ef1036c0b Don't depend on assert(3) getting evaluated
Reported by:	imp
MFC after:	3 weeks
X-MFC-With:	318141, 318143
Sponsored by:	Spectra Logic Corp
2017-05-10 16:06:22 +00:00
asomers
0891ab2b07 strcpy => strlcpy
Reported by:	Coverity
CID:		1006715
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-05-10 15:38:06 +00:00
bapt
050efd538d Add a regression test for r31512 fix
PR:		217934
MFC after:	1 week
2017-03-25 10:47:58 +00:00
eugen
d0fd62f968 Properly initialise with content of pw.conf(5) that was mistakenly ignored.
Also, respect "defaultgroup" if specified there.

PR:		217934
Reported by:	Victor Sudakov <vas@mpeks.tomsk.su>
Reviewed by:	bapt
Approved by:	bapt, vsevolod (mentor)
MFC after:	1 week
2017-03-24 16:18:57 +00:00
ngie
5ad4f59bfb Rename tests from <foo> to <foo>_test to match the FreeBSD test suite
naming scheme

usr.bin/diff/diff_test was renamed to usr.bin/diff/netbsd_diff_test
to avoid collisions with the renamed FreeBSD test.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-23 03:28:24 +00:00
asomers
45e17566f9 Increase WARNS for pw tests
ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by:  ngie, julian
MFC after:    3 weeks
Sponsored by: Spectra Logic Corporation
Differential Revision:        https://reviews.freebsd.org/D9933
2017-03-11 00:11:20 +00:00
bapt
e89b4016c8 Really restore the old behaviour for pw usermod -m
It again reinstall missing skel files without overwriting changed one
Add a regression test about it

Reported by:	ae
MFC after:	3 days
2017-01-22 20:03:18 +00:00
bapt
42f5c8a914 Readd a feature lost in pw(8) refactoring
pw usermod foo -m

It used to be able to (re)create the home directory if it didn't exists

PR:		216224
Reported by:	ae
MFC after:	3 days
2017-01-22 18:55:01 +00:00
bapt
1fd84d9b40 Fix pkg groupshow <gid>
PR:		204676
Submitted by:	longwitz@incore.de
MFC after:	2 days
2016-12-10 12:48:48 +00:00
asomers
9e66c6e8f0 Speed up pw operations that edit /etc/group or /etc/passwd
r285050 fixed a bug in pw that could lead to /etc/passwd or /etc/group
corruption on power loss. However, it fixed it by opening those files with
O_SYNC, which is very slow, especially on ZFS. This change replaces O_SYNC
with appropriately placed fsync()s instead, which is much faster. Using a
ZFS tmpdir, the time to run pw's kyua tests drops from 245s to 35s.

Reviewed by:	allanjude, bapt, vangyzen, garga
Tested on pfSense by:	garga
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D8319
2016-11-18 16:07:08 +00:00
asomers
5e03799fd4 Close some file descriptor leaks in pw
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D8245
2016-10-21 20:17:19 +00:00
wblock
20708486a1 Add another badly-needed simple example to the pw(8) man page. 2016-09-13 02:18:29 +00:00
bdrewery
621419c360 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-08-31 19:30:46 +00:00
ed
786c3926a6 Fix up setgrent(3) to have a POSIX-compliant prototype.
Just like with freelocale(3), I haven't been able to find any piece of
code that actually makes use of this function's return value, both in
base and in ports. The reason for this is that FreeBSD seems to be the
only operating system to have such a prototype. This is why I'm deciding
to not use symbol versioning for this.

It does seem that the pw(8) utility depends on the function's typing and
already had a switch in place to toggle between the FreeBSD and POSIX
variant of this function. Clean this up by always expecting the POSIX
variant.

There is also a single port that has a couple of local declarations of
setgrent(3) that need to be patched up. This is in the process of being
fixed.

PR:		211394 (exp-run)
2016-07-31 08:05:15 +00:00
bapt
8204e4e32a Remove usage of _WITH_GETLINE from usr.sbin 2016-07-30 01:10:05 +00:00
bapt
067f6948ac Do not try to delete the home of the user if is is not a directory for example
"/dev/null"

PR:		211195
Submitted by:	rday <ryan@ryanday.net>
Reported by:	eniorm <eniorm@gmail.com>
MFC after:	1 day
2016-07-23 10:19:10 +00:00
asomers
3cee0b0310 pw should sanitize the argument of -w.
Otherwise, it will silently disable the login for the selected account if
the argument is unrecognizable.

usr.sbin/pw/pw.h
usr.sbin/pw/pw_conf.c
usr.sbin/pw/pw_user.c
	Use separate rules to validate boolean parameters and passwd
	parameters.  Error out if a password parameter cannot be parsed.

usr.sbin/pw/tests/Makefile
usr.sbin/pw/tests/crypt.c
usr.sbin/pw/tests/pw_useradd.sh
usr.sbin/pw/tests/pw_usermod.sh
	Add tests for the validation.  Also, enhance existing
	password-related tests to actually validate that the correct hash is
	written to master.passwd.

Reviewed by:	bapt
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6840
2016-07-13 17:09:20 +00:00
bapt
3169b6e8ad Fix typo preventing pw {user,group}next -C from working as expected
Reported by:	Mike Selnet via forums.freebsd.org
MFC after:	3 days
2016-06-04 16:31:33 +00:00
truckman
9f44a80b1c Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking.  Fix this problem by limiting the length
of the name copied.

Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser.  Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.

Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.

Reduce code indentation by returning early in a couple of places.

Reported by:	Coverity
CID:		1006692
Reviewed by:	markj (previous version)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D6490
2016-05-24 05:02:24 +00:00
ngie
92100036c8 Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed
after r298107

Summary of changes:

- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
  namespacing is kept with FILES appropriately, and that this shouldn't need
  to be repeated if the namespace changes -- only the definition of PACKAGE
  needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
  `tests`. In the event we get to the point where things can be split up
  enough in the base system, it would make more sense to group the tests
  with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
  previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
  bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
  ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
  and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)

Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.

MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
2016-05-04 23:20:53 +00:00
wblock
bb0d234bf3 Add a single example of adding a user that roughly corresponds with the
adduser example in the Handbook.

MFC after:	1 week
2016-04-23 22:57:54 +00:00
gjb
1dc4c40e3b MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
wblock
b98b691b5e Adjust misleading wording of the -G option and simplify a few
surrounding sentences.  From a discussion on -ports.

Reviewed by:	David Wolfskill <david@catwhisker.org>
2016-03-28 02:05:35 +00:00
bapt
ecb384a0ef Remove some unneeded headers
Found by 'include-what-you-use'
2016-03-26 11:41:35 +00:00
gjb
1c7e318a9a MFH
Sponsored by:	The FreeBSD Foundation
2016-03-10 21:16:01 +00:00
bdrewery
aab40fdc3d DIRDEPS_BUILD: Connect MK_TESTS.
Sponsored by:	EMC / Isilon Storage Division
2016-03-09 22:46:01 +00:00
gjb
955ce29ea3 MFH
Sponsored by:	The FreeBSD Foundation
2016-03-02 16:14:46 +00:00
markj
87175eabd7 Fix a typo that prevented pw(8) from setting a user's UID to 0.
MFC after:	1 week
Sponsored by:	EMC / Isilon Storage Division
2016-03-02 04:56:36 +00:00
gjb
a6998ad84f First pass to fix the 'tests' packages.
Sponsored by:	The FreeBSD Foundation
2016-02-02 22:26:49 +00:00
bapt
ebf326060e Simplify code for parsing extra groups 2015-12-29 00:08:32 +00:00
bapt
87d5fd23fe Remove useless assignement of linelen 2015-12-29 00:02:08 +00:00
bapt
abb886fc3d Restore dryrun support for pw groupmod 2015-12-28 23:57:22 +00:00
bapt
9d1a130e58 pw_checkname since the beginning if too strict on GECOS field,
relax it a bit so gecos can be used to store multibytes data.

This was unseen before FreeBSD 10.2 as this validation function was motly unused
since FreeBSD 10.2 the usage of this function has been generalized to improve
validation.

Reported by:	des
MFC after:	1 week
2015-12-02 22:35:25 +00:00
bapt
5df8300abf Fix handling of numeric-only names with pw lock
Add a regression test about it

PR:		204968
MFC after:	1 week
2015-12-02 22:01:37 +00:00
delphij
2e85b00467 In pw_userlock, set 'name' to NULL when we encounter an all number string
because it is also used as an indicator of whether a name or an UID is
being used and we may have undefined results as 'name' may contain
uninitialized stack contents.

MFC after:	2 weeks
2015-10-30 00:46:52 +00:00
bdrewery
ef07697d65 Fix unlikely memory leak.
It is unlikely since the first check in the function is that dir[0] is '/',
but later code changes may make it real.

Coverity CID:	1332104
2015-10-29 18:29:28 +00:00
ngie
02a1e0f621 Initialize quiet to false so pw groupnext again prints out the next gid
by default

Reported by: Florian Degner <f.degner@gmx.de>
MFC after: 1 week
PR: 203876
Sponsored by: EMC / Isilon Storage Division
2015-10-19 18:29:32 +00:00
ngie
dd1f618367 Refactor the test/ Makefiles after recent changes to bsd.test.mk (r289158) and
netbsd-tests.test.mk (r289151)

- Eliminate explicit OBJTOP/SRCTOP setting
- Convert all ad hoc NetBSD test integration over to netbsd-tests.test.mk
- Remove unnecessary TESTSDIR setting
- Use SRCTOP where possible for clarity

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Divison
2015-10-12 08:16:03 +00:00
wblock
deaa35894c Fix a repeated typo: rootir -> rootdir.
Approved by:	bapt
MFC after:	1 week
2015-10-09 14:55:55 +00:00
bapt
7322dfff51 Regression: fix usershow -7
Submitted by:	Dan McGregor (via IRC)
MFC after:	2 days
2015-09-14 19:23:00 +00:00