Age | Commit message (Collapse) | Author |
|
a fully qualified pathname if -d was specified (since we take the
basename in that case anyway). deraadt@ OK
|
|
|
|
This means the instructions in the previous commit are now wrong
(replace shadow with _shadow and all will be well).
|
|
group. This changes getpw* to always try the shadow db first and
then fall back to the db w/o password hashes. In the future,
/usr/libexec/auth/login_passwd (and others) will be setgid shadow
instead of setuid root. OK deraadt@
If you track -current you should do the following:
o add group shadow to /etc/group
o chgrp shadow /etc/spwd.db
o chmod 640 /etc/spwd.db
o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
|
|
|
|
|
|
|
|
hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
|
millert@ ok
|
|
used in conjunction with -u user when only the password has changed.
|
|
o use correct db pointers
o don't try to star out an empty password
|
|
|
|
I've also restructured things a bit to cut the number of master.passwd
parses in half from 6 to 3. We can't really get away with fewer than
that without sacrificing locality in the .db files.
|
|
constant). These are not security holes but it is worth fixing
them anyway both for robustness and so folks looking for examples
in the tree are not misled into doing something potentially dangerous.
Furthermore, it is a bad idea to assume that pathnames will not
include '%' in them and that error routines don't return strings
with '%' in them (especially in light of the possibility of locales).
|
|
diagnostic.
Issue a diagnostic message if the master.passwd file isn't specified as an
absolute path.
|
|
of elements in the hash based on master.passwd file size, assuming
an average 128bytes per entry. This is only an estimate so it doesn't
have to be exact.
|
|
|
|
|
|
When building .db versions of passwd and master.passwd, go split
the loops into three (one per key type) so that we get good locality
withing the .db file for getnext style operations (getpwent). With
this change I see about a 20% speedup of getpwent() on very large
passwd files.
|
|
|
|
|
|
|
|
|
|
passwd databases. I found this while analysing netbsd pr#1328 from
August 10, 1995 by hag@gnu.ai.mit.edu. A sample fix was supplied on
14, May 96 by greywolf@defender.VAS.viewlogic.com. The PR mentioned
about 6 or 7 places where this could happen. Greywolf and I had made
all of the fixes ourselves in openbsd a while back (except one subtle
one which he pointed out but I had missed), but not a single one of
the fixes is found in the netbsd source tree... I wonder if Perry has
an exploit for this problem, and perhaps he's using it?
Another damn good reason for making /tmp and /var seperate partitions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
filesystem would result in gibbled passwd databases.
|
|
proper arguments
|
|
with our cross compilation/installation goals...
|
|
|