Cameron Katri [Sun, 2 May 2021 20:00:07 +0000 (16:00 -0400)]
Recommit everything, add chpass, improve history (except for a few files that git-filter-repo dislikes for some reason [_secure_path.c and login_cap.h])
Stefan Eßer [Wed, 18 Nov 2020 19:44:30 +0000 (19:44 +0000)]
Add function getlocalbase() to libutil.
This function returns the path to the local software base directory, by
default "/usr/local" (or the value of _PATH_LOCALBASE in include/paths.h
when building the world).
The value returned can be overridden by 2 methods:
- the LOCALBASE environment variable (ignored by SUID programs)
- else a non-default user.localbase sysctl value
Let's have two entries in the synopsis:
- chpass now lists options which can be used for non-NIS-specific
functionalities.
- ypchpass additionally lists the NIS-specific flags.
Technically, it is an artificial distinction, as chpass and ypchpass behave
identically. Nevertheless, it might help navigating the synopsis section.
Clean up the synopsis section & fix mandoc warnings
The synopsis section had two very similar entries. The flags documented by
the first one were a strict subset of the second one. Let's just keep only
the second entry for simplicity.
Scott Long [Sat, 14 Nov 2020 17:57:50 +0000 (17:57 +0000)]
Add the library function getlocalbase and its manual page. This helps to
unify the retrieval of the various ways that the local software base directory,
typically "/usr/local", is expressed in the system.
Reviewed by: se
Differential Revision: https://reviews.freebsd.org/D27022
Mark Johnston [Tue, 1 Sep 2020 15:14:26 +0000 (15:14 +0000)]
pw: Remove unnecessary errp checks.
The caller-supplied pointer is unconditionally dereferenced at the
beginning of the function, so there is no point in comparing it with
NULL thereafter.
Reported by: Coverity
MFC after: 1 week
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Alex Richardson [Sat, 8 Aug 2020 10:05:27 +0000 (10:05 +0000)]
Fix i386 build of chpass after r363992
My change to allow bootstrapping pwd_mkdb (r363992) resulted in i386 build
failures because the bootstrap header was being included in non-bootstrap chpass.
Dropping the no longer required pwd_mkdb include path from chpass fixes
the build, but to be certain that the failure doesn't get re-introduced,
I've also moved the bootstrap pwd.h into a subdirectory so that adding
-I${SRCTOP}/usr.sbin/pwd_mkdb doesn't pull it in.
Unable to find an editor, vipw would give this error:
# env EDITOR=fnord vipw
vipw: pw_edit(): No such file or directory
vigr or crontab do better:
# env EDITOR=fnord crontab -e
crontab: no crontab for root - using an empty one
crontab: fnord: No such file or directory
crontab: "fnord" exited with status 1
After this change, vipw behaves more like vigr or crontab:
# env EDITOR=fnord vipw
vipw: fnord: No such file or directory
vipw: "fnord" exited with status 1
adduser: allow standard IFS characters in passwords
Notably, the default IFS contains space/tab, thus any leading/trailing
whitespace characters tend to be removed.
Set IFS= for just the read lines to mitigate this, allowing the user to be
less surprised when their leading/trailing spaces weren't actually captured
in the password as they are with other means of setting a user's password.
When deleting a user, if its home directory does not belong to it, it should
not be removed. This is the promise that the manpage makes, the tool should
ensure that it respects that promise.
Add a regression test about it
PR: 244967
Submitted by: Eric Hanneken <eric@erichanneken.com>
MFC after: 3 days
Add an example to pw.8 about how to add an existing user to a group.
Instead of using pw to modify group membership, users often edit
/etc/group by hand, which is discouraged. Provide an example of
adding a user to the wheel group, which is a common use case.
I'm using a different user here as in the previous example as that
deleted the user (although the examples don't necessarily have to
be followed in order).
Yuri Pankov [Mon, 15 Oct 2018 20:11:53 +0000 (20:11 +0000)]
pw: respect path specified using -V when writing pw.conf, and -C is not
explicitly specified. -V path is already used to determine which file
to read default values from, so it's only logical to write them to the
same file.
Ian Lepore [Fri, 27 Jul 2018 15:17:24 +0000 (15:17 +0000)]
Remove some code that's no longer needed because it's now part of pw_scan(3).
It was also leading to segfaults; pw can be NULL when control reaches these
lines now, because of the way my previous change restructured the loops.
Ian Lepore [Thu, 26 Jul 2018 20:03:11 +0000 (20:03 +0000)]
Re-apply r336625 which was reverted with r336638, now that the underlying
pw_scan(3) has been fixed in a way that doesn't perturb other callers of
it or the getpwnam(3) family.
Make pw(8) showuser work the same with or without -R <path> for non-root
users. Without -R, pw(8) uses getpwnam(3), which will open master.passwd
for the root user or passwd for non-root users. With -R <path> pw(8) was
always opening <path>/master.passwd, which would fail for a non-root user,
then falsely claim the userid you're trying to show doesn't exist.
Now for a non-root user it opens <path>/passwd, and populates the fields in
the returned struct passwd which aren't present in that file with well-known
canonical values, which duplicates the behavior of getpwnam(3). The net
effect is that the showuser output is identical whether using -R or not.
Ian Lepore [Thu, 26 Jul 2018 18:34:38 +0000 (18:34 +0000)]
Make pw_scan(3) more compatible with getpwent(3) et. al. when processing
data from /etc/passwd rather than /etc/master.passwd.
The libc getpwent(3) and related functions automatically read master.passwd
when run by root, or passwd when run by a non-root user. When run by non-
root, getpwent() copes with the missing data by setting the corresponding
fields in the passwd struct to known values (zeroes for numbers, or a
pointer to an empty string for literals). When libutil's pw_scan(3) was
used to parse a line without the root-accessible data, it was leaving
garbage in the corresponding fields.
These changes rename the static pw_init() function used by getpwent() and
friends to __pw_initpwd(), and move it into pw_scan.c so that common init
code can be shared between libc and libutil. pw_scan(3) now calls
__pw_initpwd() before __pw_scan(), just like the getpwent() family does, so
that reading an arbitrary passwd file in either format and parsing it with
pw_scan(3) returns the same results as getpwent(3) would.
This also adds a new pw_initpwd(3) function to libutil, so that code which
creates passwd structs from scratch in some manner that doesn't involve
pw_scan() can initialize the struct to the values expected by lots of
existing code, which doesn't expect to encounter NULL pointers or garbage
values in some fields.
Ian Lepore [Sun, 22 Jul 2018 23:41:40 +0000 (23:41 +0000)]
Make pw(8) showuser work the same with or without -R <path> for non-root
users. Without -R, pw(8) uses getpwnam(3), which will open master.passwd
for the root user or passwd for non-root users. With -R <path> pw(8) was
always opening <path>/master.passwd, which would fail for a non-root user,
then falsely claim the userid you're trying to show doesn't exist.
Now for a non-root user it opens <path>/passwd and zeroes out the 3 fields
that aren't available in the passwd file, which duplicates the behavior of
getpwnam(3). The net effect is that the showuser output is identical
whether using -R or not.
Ian Lepore [Sun, 22 Jul 2018 22:34:20 +0000 (22:34 +0000)]
Set the pw_class field to NULL when scanning the non-master passwd file.
This avoids a null pointer deref in pw_dup(), which assumes that all
pointers are either NULL or valid.
John Baldwin [Tue, 3 Jul 2018 17:31:45 +0000 (17:31 +0000)]
Clean up the vcs ID strings in libc's gen/ directory.
- Move CSRG IDs into __SCCSID().
- When a file has been copied, consistently use 'From: <tag>' for strings
referencing the version of the source file copied from in the license
block comment.
- Some of the 'From:' tags were using $FreeBSD$ that was being expanded on
each checkout. Fix those to hardcode the FreeBSD tag from the file that
was copied at the time of the copy.
- When multiple strings are present list them in "chronological" order,
so CSRG (__SCCSID) before FreeBSD (__FBSDID). If a file came from
OtherBSD and contains a CSRG ID from the OtherBSD file, use the order
CSRG -> OtherBSD -> FreeBSD.
John Baldwin [Wed, 23 May 2018 17:02:12 +0000 (17:02 +0000)]
Use __SCCSID() for SCCS IDs.
- Define NO__SCCSID in CFLAGS to preserve existing behavior of omitting
SCCS IDs by default.
- While here, fix the $FreeBSD$ in pw_util.c to use __FBSDID.
Ed Maste [Thu, 19 Apr 2018 12:50:49 +0000 (12:50 +0000)]
chpass: reject change/expiry dates beyond y2106
The pwd.db and spwd.db files store the change and expire dates as
unsigned 32-bit ints, which overflow in 2106. Reject larger values for
now, until the introduction of a v5 password database.
i386 has 32-bit time_t and so dates beyond y2038 are already rejected by
mktime.
PR: 227589
Reviewed by: lidl
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
David Bright [Thu, 1 Mar 2018 17:47:28 +0000 (17:47 +0000)]
Allow the "@" and "!" characters in passwd file GECOS fields.
Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.
Pedro F. Giffuni [Mon, 27 Nov 2017 15:37:16 +0000 (15:37 +0000)]
various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Pedro F. Giffuni [Sun, 26 Nov 2017 02:00:33 +0000 (02:00 +0000)]
lib: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Pedro F. Giffuni [Mon, 20 Nov 2017 19:49:47 +0000 (19:49 +0000)]
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Pedro F. Giffuni [Sat, 18 Nov 2017 14:26:50 +0000 (14:26 +0000)]
spdx: initial adoption of licensing ID tags.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Initially, only tag files that use BSD 4-Clause "Original" license.
Ed Maste [Sat, 19 Aug 2017 00:19:23 +0000 (00:19 +0000)]
pw usermod: Properly deal with empty secondary group lists (-G '')
"pw usermod someuser -G ''" is supposed make sure that someuser
doesn't have any secondary group memberships.
Previouly it was a nop because split_groups() only intitialised
"groups" if at least one group was specified. As a result the
existing secondary group memberships were kept.
Warner Losh [Tue, 28 Feb 2017 23:42:47 +0000 (23:42 +0000)]
Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
Use malloc()ed buffers instead of stack buffers in gr_copy() and pw_copy().
This allows pw(8) to operate on passwd and group files with longer lines
than could be accomodated by a stack buffer. It doesn't take more than a
few hundred users to exceed 8192 bytes in /etc/group.
MFC after: 3 weeks
Sponsored by: The University of Oslo
Dimitry Andric [Thu, 24 Nov 2016 22:54:55 +0000 (22:54 +0000)]
Upgrade our copies of clang, llvm, lldb, compiler-rt and libc++ to 3.9.0
release, and add lld 3.9.0. Also completely revamp the build system for
clang, llvm, lldb and their related tools.
Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11
support to build; see UPDATING for more information.
Release notes for llvm, clang and lld are available here:
<http://llvm.org/releases/3.9.0/docs/ReleaseNotes.html>
<http://llvm.org/releases/3.9.0/tools/clang/docs/ReleaseNotes.html>
<http://llvm.org/releases/3.9.0/tools/lld/docs/ReleaseNotes.html>
Thanks to Ed Maste, Bryan Drewery, Andrew Turner, Antoine Brodin and Jan
Beich for their help.
Add a warning against modifying this code without understanding it, and
an example of how not to make it more portable. I've had this lying
around uncommitted since 2009...
Alan Somers [Fri, 18 Nov 2016 16:07:08 +0000 (16:07 +0000)]
Speed up pw operations that edit /etc/group or /etc/passwd
r285050 fixed a bug in pw that could lead to /etc/passwd or /etc/group
corruption on power loss. However, it fixed it by opening those files with
O_SYNC, which is very slow, especially on ZFS. This change replaces O_SYNC
with appropriately placed fsync()s instead, which is much faster. Using a
ZFS tmpdir, the time to run pw's kyua tests drops from 245s to 35s.
Ed Schouten [Sun, 31 Jul 2016 08:05:15 +0000 (08:05 +0000)]
Fix up setgrent(3) to have a POSIX-compliant prototype.
Just like with freelocale(3), I haven't been able to find any piece of
code that actually makes use of this function's return value, both in
base and in ports. The reason for this is that FreeBSD seems to be the
only operating system to have such a prototype. This is why I'm deciding
to not use symbol versioning for this.
It does seem that the pw(8) utility depends on the function's typing and
already had a switch in place to toggle between the FreeBSD and POSIX
variant of this function. Clean this up by always expecting the POSIX
variant.
There is also a single port that has a couple of local declarations of
setgrent(3) that need to be patched up. This is in the process of being
fixed.
Alan Somers [Wed, 13 Jul 2016 17:09:20 +0000 (17:09 +0000)]
pw should sanitize the argument of -w.
Otherwise, it will silently disable the login for the selected account if
the argument is unrecognizable.
usr.sbin/pw/pw.h
usr.sbin/pw/pw_conf.c
usr.sbin/pw/pw_user.c
Use separate rules to validate boolean parameters and passwd
parameters. Error out if a password parameter cannot be parsed.
usr.sbin/pw/tests/Makefile
usr.sbin/pw/tests/crypt.c
usr.sbin/pw/tests/pw_useradd.sh
usr.sbin/pw/tests/pw_usermod.sh
Add tests for the validation. Also, enhance existing
password-related tests to actually validate that the correct hash is
written to master.passwd.
Don Lewis [Tue, 24 May 2016 05:02:24 +0000 (05:02 +0000)]
Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
Ed Schouten [Sun, 1 May 2016 08:22:11 +0000 (08:22 +0000)]
Remove useless calls to basename().
There are a couple of places in the source three where we call
basename() on constant strings. This is bad, because the prototype
standardized by POSIX allows the implementation to use its argument as a
storage buffer.
This change eliminates some of these unportable calls to basename() in
cases where it was only added for cosmetical reasons, namely to trim
argv[0]. There's nothing wrong with setting argv[0] to the full path.
pw_checkname since the beginning if too strict on GECOS field,
relax it a bit so gecos can be used to store multibytes data.
This was unseen before FreeBSD 10.2 as this validation function was motly unused
since FreeBSD 10.2 the usage of this function has been generalized to improve
validation.
git.ckatri.com / pw-darwin.git / log