From 09acfb95717de6c2b93a0d318be244723fde1fe0 Mon Sep 17 00:00:00 2001 From: Enji Cooper Date: Mon, 19 Oct 2015 18:29:32 +0000 Subject: Initialize `quiet` to false so `pw groupnext` again prints out the next gid by default Reported by: Florian Degner MFC after: 1 week PR: 203876 Sponsored by: EMC / Isilon Storage Division --- pw/pw_group.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index 711ef68..67beab9 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -259,7 +259,7 @@ pw_group_next(int argc, char **argv, char *arg1 __unused) struct userconf *cnf; const char *cfg = NULL; int ch; - bool quiet; + bool quiet = false; while ((ch = getopt(argc, argv, "Cq")) != -1) { switch (ch) { -- cgit v1.2.3-56-ge451 From 8c48ca9d4605032f3756e520f3afe9785f46f0f6 Mon Sep 17 00:00:00 2001 From: Bryan Drewery Date: Thu, 29 Oct 2015 18:29:28 +0000 Subject: Fix unlikely memory leak. It is unlikely since the first check in the function is that dir[0] is '/', but later code changes may make it real. Coverity CID: 1332104 --- pw/pw_user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 1af8f81..345f642 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -107,8 +107,10 @@ mkdir_home_parents(int dfd, const char *dir) errx(EX_UNAVAILABLE, "out of memory"); tmp = strrchr(dirs, '/'); - if (tmp == NULL) + if (tmp == NULL) { + free(dirs); return; + } tmp[0] = '\0'; /* -- cgit v1.2.3-56-ge451 From 492360f4ac483b5d0bff8961d5c7713700b55ab1 Mon Sep 17 00:00:00 2001 From: Xin LI Date: Fri, 30 Oct 2015 00:46:52 +0000 Subject: In pw_userlock, set 'name' to NULL when we encounter an all number string because it is also used as an indicator of whether a name or an UID is being used and we may have undefined results as 'name' may contain uninitialized stack contents. MFC after: 2 weeks --- pw/pw_user.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 345f642..5c168ab 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -282,9 +282,10 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') + if (arg1[strspn(arg1, "0123456789")] == '\0') { id = pw_checkid(arg1, UID_MAX); - else + name = NULL; + } else name = arg1; pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); -- cgit v1.2.3-56-ge451 From 589645e2892df41b0acc5fed5073098a2bfab6a7 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Wed, 2 Dec 2015 22:01:37 +0000 Subject: Fix handling of numeric-only names with pw lock Add a regression test about it PR: 204968 MFC after: 1 week --- pw/pw_user.c | 21 ++++++++++++--------- pw/tests/pw_lock.sh | 20 ++++++++++++++++++++ 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 5c168ab..61c2440 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -274,7 +274,7 @@ pw_userlock(char *arg1, int mode) char *passtmp = NULL; char *name; bool locked = false; - uid_t id; + uid_t id = (uid_t)-1; if (geteuid() != 0) errx(EX_NOPERM, "you must be root"); @@ -282,16 +282,19 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') { - id = pw_checkid(arg1, UID_MAX); - name = NULL; - } else - name = arg1; + name = arg1; + if (arg1[strspn(name, "0123456789")] == '\0') + id = pw_checkid(name, UID_MAX); - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + pwd = GETPWNAM(pw_checkname(name, 0)); + if (pwd == NULL && id != (uid_t)-1) { + pwd = GETPWUID(id); + if (pwd != NULL) + name = pwd->pw_name; + } if (pwd == NULL) { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); + if (id == (uid_t)-1) + errx(EX_NOUSER, "no such name or uid `%ju'", (uintmax_t) id); errx(EX_NOUSER, "no such user `%s'", name); } diff --git a/pw/tests/pw_lock.sh b/pw/tests/pw_lock.sh index 9f14e24..5ec1b09 100755 --- a/pw/tests/pw_lock.sh +++ b/pw/tests/pw_lock.sh @@ -16,7 +16,27 @@ user_locking_body() { grep "^test:\*:1001:" $HOME/master.passwd } +atf_test_case numeric_locking cleanup +numeric_locking_body() { + populate_etc_skel + ${PW} useradd test || atf_fail "Creating test user" + ${PW} lock 1001 || atf_fail "Locking the user" + atf_check -s exit:0 -o match:"^test:\*LOCKED\*\*:1001:" \ + grep "^test:\*LOCKED\*\*:1001:" $HOME/master.passwd + ${PW} unlock 1001 || atf_fail "Unlocking the user" + atf_check -s exit:0 -o match:"^test:\*:1001:" \ + grep "^test:\*:1001:" $HOME/master.passwd + # Now numeric names + ${PW} useradd -n 1001 || atf_fail "Creating test user" + ${PW} lock 1001 || atf_fail "Locking the user" + atf_check -s exit:0 -o match:"^1001:\*LOCKED\*\*:1002:" \ + grep "^1001:\*LOCKED\*\*:1002:" $HOME/master.passwd + ${PW} unlock 1001 || atf_fail "Unlocking the user" + atf_check -s exit:0 -o match:"^1001:\*:1002:" \ + grep "^1001:\*:1002:" $HOME/master.passwd +} atf_init_test_cases() { atf_add_test_case user_locking + atf_add_test_case numeric_locking } -- cgit v1.2.3-56-ge451 From 3fad668210aeec37d615b35f1814e65454c5c27c Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Wed, 2 Dec 2015 22:35:25 +0000 Subject: pw_checkname since the beginning if too strict on GECOS field, relax it a bit so gecos can be used to store multibytes data. This was unseen before FreeBSD 10.2 as this validation function was motly unused since FreeBSD 10.2 the usage of this function has been generalized to improve validation. Reported by: des MFC after: 1 week --- pw/pw_user.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 61c2440..30a2749 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -642,7 +642,8 @@ pw_checkname(char *name, int gecos) } if (!reject) { while (*ch) { - if (strchr(badchars, *ch) != NULL || *ch < ' ' || + if (strchr(badchars, *ch) != NULL || + (!gecos && *ch < ' ') || *ch == 127) { reject = 1; break; -- cgit v1.2.3-56-ge451 From 653a82f1ba01a2c969ef6a5780535959dd2e78ab Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 28 Dec 2015 23:57:22 +0000 Subject: Restore dryrun support for pw groupmod --- pw/pw_group.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pw/pw_group.c b/pw/pw_group.c index 67beab9..289a4c8 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -664,6 +664,11 @@ pw_group_mod(int argc, char **argv, char *arg1) grp_add_members(&grp, newmembers); } + if (dryrun) { + print_group(grp, pretty); + return (EXIT_SUCCESS); + } + if ((rc = chggrent(name, grp)) != 0) { if (rc == -1) errx(EX_IOERR, "group '%s' not available (NIS?)", -- cgit v1.2.3-56-ge451 From 43df04c2007248c1825c092ee03363be924d69d4 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 29 Dec 2015 00:02:08 +0000 Subject: Remove useless assignement of linelen --- pw/pw_vpw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/pw/pw_vpw.c b/pw/pw_vpw.c index a23c66e..2d1c75b 100644 --- a/pw/pw_vpw.c +++ b/pw/pw_vpw.c @@ -70,7 +70,6 @@ vnextpwent(char const *nam, uid_t uid, int doclose) pw = NULL; line = NULL; linecap = 0; - linelen = 0; if (pwd_fp != NULL || (pwd_fp = fopen(getpwpath(_MASTERPASSWD), "r")) != NULL) { while ((linelen = getline(&line, &linecap, pwd_fp)) > 0) { @@ -153,7 +152,6 @@ vnextgrent(char const *nam, gid_t gid, int doclose) gr = NULL; line = NULL; linecap = 0; - linelen = 0; if (grp_fp != NULL || (grp_fp = fopen(getgrpath(_GROUP), "r")) != NULL) { while ((linelen = getline(&line, &linecap, grp_fp)) > 0) { -- cgit v1.2.3-56-ge451 From a05d621a3b9a8e41b02c61a781b9d6390d6d30ec Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 29 Dec 2015 00:08:32 +0000 Subject: Simplify code for parsing extra groups --- pw/pw_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index e9606b4..d30c80e 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -313,7 +313,7 @@ read_userconfig(char const * file) ? NULL : newstr(q); break; case _UC_EXTRAGROUPS: - for (i = 0; q != NULL; q = strtok(NULL, toks)) { + while ((q = strtok(NULL, toks)) != NULL) { if (config.groups == NULL) config.groups = sl_init(); sl_add(config.groups, newstr(q)); -- cgit v1.2.3-56-ge451