MFC

7 files changed, 437 insertions, 24 deletions

diff --git a/adduser/adduser.conf.5 b/adduser/adduser.conf.5
new file mode 100644
index 0000000..c7c4f5d
--- /dev/null
+++ b/adduser/adduser.conf.5
@@ -0,0 +1,221 @@
+.\"
+.\" Copyright (c) 2004 Tom Rhodes
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd April 12, 2007
+.Dt ADDUSER.CONF 5
+.Os
+.Sh NAME
+.Nm adduser.conf
+.Nd
+.Xr adduser 8
+configuration file
+.Sh DESCRIPTION
+The
+.Pa /etc/adduser.conf
+file is automatically generated by the
+.Xr adduser 8
+utility when invoked with the
+.Fl C
+command-line option.
+It is not meant to be edited by hand.
+.Pp
+The
+.Pa /etc/adduser.conf
+file is used to pre-set certain configuration options for
+the
+.Xr adduser 8
+utility.
+When
+.Xr adduser 8
+is invoked, it will check to see if this file exists, and
+if so, the configuration will be used or offered as the
+default settings.
+The
+.Nm
+file offers three types of configuration:
+.Bl -bullet
+.It
+Default settings offered by
+.Xr adduser 8 .
+These options are specified in the configuration file and offered
+as the default during every invocation of the
+.Xr adduser 8
+utility.
+.It
+Configuration options which can be set in
+.Nm ,
+but overridden by passing a flag to
+.Xr adduser 8 .
+.It
+Configuration supported by
+.Xr adduser 8
+but not offered by a flag or during initial invocation.
+.El
+.Pp
+In the first case, these options can be set in
+.Nm
+but will still be offered when
+.Xr adduser 8
+is invoked.
+In the second case,
+.Xr adduser 8
+will read the configuration data unless a flag
+has been passed to override it.
+For example, the
+.Va defaultshell
+option.
+In the third case, the configuration will be utilized, but the
+user will never be prompted to modify the default setting by
+either a flag or an
+.Xr adduser 8
+prompt.
+For example, the
+.Va upwexpire
+setting.
+.Pp
+The following configuration options can be set in
+.Nm :
+.Bl -tag -width ".Va defaultgroups" -offset indent
+.It Va defaultLgroup
+The default group new users will be added to.
+.It Va defaultclass
+The default class to place users in as described in
+.Xr login.conf 5 .
+.It Va defaultgroups
+This option is used to specify what other groups the new account
+should be added to.
+.It Va passwdtype
+May be one of
+.Cm no , none , random ,
+or
+.Cm yes ,
+as described in
+.Xr adduser 8 .
+As such, the text is not duplicated here and may be
+read in
+.Xr adduser 8 .
+.It Va homeprefix
+The default home directory prefix, usually
+.Pa /home .
+.It Va defaultshell
+The user's default shell which may be any of the shells listed in
+.Xr shells 5 .
+.It Va udotdir
+Defines the location of the default shell and environment
+configuration files.
+.It Va msgfile
+Location of the default new user message file.
+This message will be sent to all new users if specified
+here or at the
+.Xr adduser 8
+prompt.
+.It Va disableflag
+The default message enclosed in brackets for the
+lock account prompt.
+.It Va upwexpire
+The default password expiration time.
+Format of the date is either a
+.Ux
+time in decimal, or a date in
+.Sm off
+.Ar dd No - Ar mmm No - Ar yy Op Ar yy
+.Sm on
+format, where
+.Ar dd
+is the day,
+.Ar mmm
+is the month in either numeric or
+alphabetic format, and
+.Ar yy Ns Op Ar yy
+is either a two or four digit year.
+This option also accepts a relative date in the form of
+.Sm off
+.Ar n Op Ar m h d w o y
+.Sm on
+where
+.Ar n
+is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit
+followed by the number of Minutes, Hours, Days, Weeks, Months or
+Years from the current date at
+which the expiration time is to be set.
+.It Va uexpire
+The default account expire time.
+The format is similar to the
+.Va upwexpire
+option.
+.It Va ugecos
+The default information to be held in the GECOS field of
+.Pa /etc/master.passwd .
+.It Va uidstart
+The default user ID setting.
+This must be a number above 1000 and fewer than 65534.
+.El
+.Sh EXAMPLES
+The following is an example
+.Nm
+file created with the
+.Fl C
+.Xr adduser 8
+flag and modified.
+.Bd -literal -offset indent
+# Configuration file for adduser(8).
+# NOTE: only *some* variables are saved.
+# Last Modified on Fri Mar 30 14:04:05 EST 2004.
+
+defaultLgroup=
+defaultclass=
+defaultgroups=
+passwdtype=yes
+homeprefix=/home
+defaultshell=/bin/csh
+udotdir=/usr/share/skel
+msgfile=/etc/adduser.msg
+disableflag=
+upwexpire=91d # Expire passwords 91 days after creation.
+.Ed
+.Sh SEE ALSO
+.Xr group 5 ,
+.Xr passwd 5 ,
+.Xr adduser 8 ,
+.Xr pw 8 ,
+.Xr rmuser 8
+.Sh HISTORY
+The
+.Nm
+manual page first appeared in
+.Fx 5.3 .
+.Sh AUTHORS
+This manual page was written by
+.An Tom Rhodes Aq trhodes@FreeBSD.org .
+.Sh BUGS
+The internal variables documented here may change without notice.
+Do not rely on them.
+To modify this file invoke
+.Xr adduser 8
+with the
+.Fl C
+option instead.
diff --git a/adduser/adduser.sh b/adduser/adduser.sh
index f645f59..4b0a6f6 100644
--- a/adduser/adduser.sh
+++ b/adduser/adduser.sh
@@ -488,6 +488,7 @@ get_uid() {
 	_prompt=
 
 	if [ -n "$uuid" ]; then
+		uuid=`get_nextuid $uuid`
 		_prompt="Uid [$uuid]: "
 	else
 		_prompt="Uid (Leave empty for default): "
diff --git a/chpass/util.c b/chpass/util.c
new file mode 100644
index 0000000..baf160e
--- /dev/null
+++ b/chpass/util.c
@@ -0,0 +1,182 @@
+/*-
+ * Copyright (c) 1988, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * Portions of this software were developed for the FreeBSD Project by
+ * ThinkSec AS and NAI Labs, the Security Research Division of Network
+ * Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static char sccsid[] = "@(#)util.c	8.4 (Berkeley) 4/2/94";
+#endif
+#endif /* not lint */
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "chpass.h"
+
+static const char *months[] =
+	{ "January", "February", "March", "April", "May", "June",
+	  "July", "August", "September", "October", "November",
+	  "December", NULL };
+
+char *
+ttoa(time_t tval)
+{
+	struct tm *tp;
+	static char tbuf[50];
+
+	if (tval) {
+		tp = localtime(&tval);
+		(void)sprintf(tbuf, "%s %d, %d", months[tp->tm_mon],
+		    tp->tm_mday, tp->tm_year + 1900);
+	}
+	else
+		*tbuf = '\0';
+	return (tbuf);
+}
+
+int
+atot(char *p, time_t *store)
+{
+	static struct tm *lt;
+	char *t;
+	const char **mp;
+	time_t tval;
+	int day, month, year;
+
+	if (!*p) {
+		*store = 0;
+		return (0);
+	}
+	if (!lt) {
+		unsetenv("TZ");
+		(void)time(&tval);
+		lt = localtime(&tval);
+	}
+	if (!(t = strtok(p, " \t")))
+		goto bad;
+	if (isdigit(*t)) {
+		month = atoi(t);
+	} else {
+		for (mp = months;; ++mp) {
+			if (!*mp)
+				goto bad;
+			if (!strncasecmp(*mp, t, 3)) {
+				month = mp - months + 1;
+				break;
+			}
+		}
+	}
+	if (!(t = strtok(NULL, " \t,")) || !isdigit(*t))
+		goto bad;
+	day = atoi(t);
+	if (!(t = strtok(NULL, " \t,")) || !isdigit(*t))
+		goto bad;
+	year = atoi(t);
+	if (day < 1 || day > 31 || month < 1 || month > 12)
+		goto bad;
+	/* Allow two digit years 1969-2068 */
+	if (year < 69)
+		year += 2000;
+	else if (year < 100)
+		year += 1900;
+	if (year < 1969)
+bad:		return (1);
+	lt->tm_year = year - 1900;
+	lt->tm_mon = month - 1;
+	lt->tm_mday = day;
+	lt->tm_hour = 0;
+	lt->tm_min = 0;
+	lt->tm_sec = 0;
+	lt->tm_isdst = -1;
+	if ((tval = mktime(lt)) < 0)
+		return (1);
+	*store = tval;
+	return (0);
+}
+
+int
+ok_shell(char *name)
+{
+	char *p, *sh;
+
+	setusershell();
+	while ((sh = getusershell())) {
+		if (!strcmp(name, sh)) {
+			endusershell();
+			return (1);
+		}
+		/* allow just shell name, but use "real" path */
+		if ((p = strrchr(sh, '/')) && strcmp(name, p + 1) == 0) {
+			endusershell();
+			return (1);
+		}
+	}
+	endusershell();
+	return (0);
+}
+
+char *
+dup_shell(char *name)
+{
+	char *p, *sh, *ret;
+
+	setusershell();
+	while ((sh = getusershell())) {
+		if (!strcmp(name, sh)) {
+			endusershell();
+			return (strdup(name));
+		}
+		/* allow just shell name, but use "real" path */
+		if ((p = strrchr(sh, '/')) && strcmp(name, p + 1) == 0) {
+			ret = strdup(sh);
+			endusershell();
+			return (ret);
+		}
+	}
+	endusershell();
+	return (NULL);
+}
diff --git a/libutil/libutil.h b/libutil/libutil.h
index b6bdbe0..bf42766 100644
--- a/libutil/libutil.h
+++ b/libutil/libutil.h
@@ -71,14 +71,14 @@ typedef	__uid_t		uid_t;
 #define	PROPERTY_MAX_NAME	64
 #define	PROPERTY_MAX_VALUE	512
 
-/* for properties.c */
+/* For properties.c. */
 typedef struct _property {
 	struct _property *next;
 	char	*name;
 	char	*value;
 } *properties;
 
-/* Avoid pulling in all the include files for no need */
+/* Avoid pulling in all the include files for no need. */
 struct in_addr;
 struct pidfh;
 struct sockaddr;
@@ -132,7 +132,11 @@ int	uu_lock(const char *_ttyname);
 int	uu_unlock(const char *_ttyname);
 int	uu_lock_txfr(const char *_ttyname, pid_t _pid);
 
-#ifdef _STDIO_H_	/* avoid adding new includes */
+/*
+ * Conditionally prototype the following functions if the include
+ * files upon which they depend have been included.
+ */
+#ifdef _STDIO_H_
 char	*fparseln(FILE *_fp, size_t *_len, size_t *_lineno,
 	    const char _delim[3], int _flags);
 #endif
@@ -150,26 +154,26 @@ char	*pw_make(const struct passwd *_pw);
 char	*pw_make_v7(const struct passwd *_pw);
 int	pw_mkdb(const char *_user);
 int	pw_lock(void);
-struct passwd
-	*pw_scan(const char *_line, int _flags);
-const char
-	*pw_tempname(void);
+struct passwd *
+	pw_scan(const char *_line, int _flags);
+const char *
+	pw_tempname(void);
 int	pw_tmp(int _mfd);
 #endif
 
 #ifdef _GRP_H_
 int 	gr_copy(int __ffd, int _tfd, const struct group *_gr,
 	    struct group *_old_gr);
-struct group
-	*gr_dup(const struct group *_gr);
+struct group *
+	gr_dup(const struct group *_gr);
 int	gr_equal(const struct group *_gr1, const struct group *_gr2);
 void	gr_fini(void);
 int	gr_init(const char *_dir, const char *_master);
 int	gr_lock(void);
 char	*gr_make(const struct group *_gr);
 int	gr_mkdb(void);
-struct group
-	*gr_scan(const char *_line);
+struct group *
+	gr_scan(const char *_line);
 int	gr_tmp(int _mdf);
 #endif
 
@@ -209,18 +213,18 @@ __END_DECLS
 #define	HD_OMIT_HEX		(1 << 17)
 #define	HD_OMIT_CHARS		(1 << 18)
 
-/* Flags for humanize_number(3) flags. */
+/* Values for humanize_number(3)'s flags parameter. */
 #define	HN_DECIMAL		0x01
 #define	HN_NOSPACE		0x02
 #define	HN_B			0x04
 #define	HN_DIVISOR_1000		0x08
 #define	HN_IEC_PREFIXES		0x10
 
-/* Flags for humanize_number(3) scale. */
+/* Values for humanize_number(3)'s scale parameter. */
 #define	HN_GETSCALE		0x10
 #define	HN_AUTOSCALE		0x20
 
-/* return values from realhostname(). */
+/* Return values from realhostname(). */
 #define	HOSTNAME_FOUND		0
 #define	HOSTNAME_INCORRECTNAME	1
 #define	HOSTNAME_INVALIDADDR	2
@@ -233,12 +237,12 @@ __END_DECLS
 /* Return values from uu_lock(). */
 #define	UU_LOCK_INUSE		1
 #define	UU_LOCK_OK		0
-#define	UU_LOCK_OPEN_ERR	-1
-#define	UU_LOCK_READ_ERR	-2
-#define	UU_LOCK_CREAT_ERR	-3
-#define	UU_LOCK_WRITE_ERR	-4
-#define	UU_LOCK_LINK_ERR	-5
-#define	UU_LOCK_TRY_ERR		-6
-#define	UU_LOCK_OWNER_ERR	-7
+#define	UU_LOCK_OPEN_ERR	(-1)
+#define	UU_LOCK_READ_ERR	(-2)
+#define	UU_LOCK_CREAT_ERR	(-3)
+#define	UU_LOCK_WRITE_ERR	(-4)
+#define	UU_LOCK_LINK_ERR	(-5)
+#define	UU_LOCK_TRY_ERR		(-6)
+#define	UU_LOCK_OWNER_ERR	(-7)
 
 #endif /* !_LIBUTIL_H_ */
diff --git a/libutil/pw_util.c b/libutil/pw_util.c
index 5cd27b1..63c63de 100644
--- a/libutil/pw_util.c
+++ b/libutil/pw_util.c
@@ -347,7 +347,8 @@ pw_edit(int notsetuid)
 	sigprocmask(SIG_SETMASK, &oldsigset, NULL);
 	if (stat(tempname, &st2) == -1)
 		return (-1);
-	return (st1.st_mtime != st2.st_mtime);
+	return (st1.st_mtim.tv_sec != st2.st_mtim.tv_sec ||
+	    st1.st_mtim.tv_nsec != st2.st_mtim.tv_nsec);
 }
 
 /*
diff --git a/pw/cpdir.c b/pw/cpdir.c
index c5534e5..0fd671b 100644
--- a/pw/cpdir.c
+++ b/pw/cpdir.c
@@ -84,7 +84,7 @@ copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid
 							if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0)
 								copymkdir(dst, src, st.st_mode & _DEF_DIRMODE, uid, gid);
 								chflags(dst, st.st_flags);	/* propagate flags */
-						    } else if (S_ISLNK(st.st_mode) && (len = readlink(src, lnk, sizeof(lnk))) != -1) {
+						    } else if (S_ISLNK(st.st_mode) && (len = readlink(src, lnk, sizeof(lnk) - 1)) != -1) {
 							lnk[len] = '\0';
 							symlink(lnk, dst);
 							lchown(dst, uid, gid);
diff --git a/pw/pw_user.c b/pw/pw_user.c
index 0001a41..b59789c 100644
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -1028,6 +1028,7 @@ pw_pwcrypt(char *password)
 {
 	int             i;
 	char            salt[SALTSIZE + 1];
+	char		*cryptpw;
 
 	static char     buf[256];
 
@@ -1038,7 +1039,10 @@ pw_pwcrypt(char *password)
 		salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)];
 	salt[SALTSIZE] = '\0';
 
-	return strcpy(buf, crypt(password, salt));
+	cryptpw = crypt(password, salt);
+	if (cryptpw == NULL)
+		errx(EX_CONFIG, "crypt(3) failure");
+	return strcpy(buf, cryptpw);
 }