| Age | Commit message (Collapse) | Author |
|---|
|
This is the userland portion. OK deraadt@ sashan@
|
|
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
|
|
Based on a diff from Stefan R. Filipek.
|
|
gid_from_group() when we are only checking whether an entry already
exists. Fixes crashes caused by the getpw* pointer invalidation
changes. OK bluhm@
|
|
uid_from_user(3). This started happening a few days ago after the change to
the pwcache in libc.
OK millert@
|
|
returning const char *.
|
|
While here sort headers and add missing prototypes
OK tb@
|
|
(passwords) as soon as they are not needed on memory anymore.
OK millert@
|
|
creategid() function and in the failure message since it makes more sense in
this chunck of code.
OK millert@
|
|
OK millert@
|
|
while here, clean the text up a bit;
from mestre and myself
|
|
with an unique UID, if it's not already created (not in the manpage), but this
wasn't implemented.
This implements that functionality similar to what NetBSD has, but with some
corrections by adding a fd closure in case of failure and on the failure
message itself which they got it wrong.
OK tb@
|
|
should be fixed to do error checks.
ok jsg
|
|
to set a password hash with usermod if an additional flag was specified.
ok mestre@ tom@ jung@
|
|
license in 2005 in NetBSD.
https://mail-index.netbsd.org/source-changes/2005/11/25/0002.html
|
|
ok jmc
|
|
ok jmc
|
|
able to put whatever they like in the encrypted password field,
regardless of whether it can be matched or not. Having this check
just makes it harder to add new encrypted password functions.
This also fixes "usermode -Z" which was the impetus for the change.
OK benno@
|
|
passwd hash early, instead of getpwnam(3), then close fds by calling
endpwent(3) and finally only call pledge(2) after it, otherwise on any
modification to the user it would destroy the passwd hash and therefore
forbidding him/her to login again to the machine.
Reported and tested by Edgar Pettijohn <edgar ! pettijohn-web at com>
According to deraadt@ "that looks better then"
|
|
to long long. OK ajacoutot@
|
|
useradd: stdio rpath wpath cpath fattr flock proc exec getpw id
usermod: stdio rpath wpath cpath fattr flock proc exec getpw id
userdel: stdio rpath wpath cpath fattr flock proc exec getpw id
userinfo: stdio getpw
groupadd: stdio rpath wpath cpath fattr flock getpw
groupmod: stdio rpath wpath cpath fattr flock
groupdel: stdio rpath wpath cpath fattr flock
groupinfo: stdio getpw
This was extensively tested by me and tim@ who found some issues on my first
versions. deraadt@ prodded me to commit this now to check who uses it in order
to report back any fallbacks with the diff, if you find any please inform us.
|
|
correctly - logically complete that now by removing MLINKS from base;
authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;
ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung
|
|
many bytes it couldn't allocate
Suggested and OK from natano@ and millert@ also agrees
|
|
user.c
-Remove MIN and MAX #defines which are not being in use since the last 16 years
-Move last #define to user.c and remove file defs.h
-Remove lint comments
OK natano@ after his suggestions and also OK jung@ on an earlier version
|
|
OK gsoares@
|
|
if (ptr!=NULL) around them since they are not needed.
OK millert@ and jung@
|
|
The gettytab(5) and termcap(5) get FILES, others don't need anything.
With input from & okay schwarze@
|
|
spwd, then apply to a new password database. This runs into issues
also with the new shadow routines. Needs to be looked at more, but
for now remove pledge to make the shadow issues easier to figure out..
|
|
top. It is a lot, maybe someone will take the time to find smaller
chunks later in the program.
tested by jca
|
|
group file, like entirely missing the point.
ok jca
|
|
|
|
ok millert krw
|
|
optarg.
fixes a segfault introduced by the atoi to strtonum change and
reported by ajacatout@
|
|
|
|
"and" and "or" to join sentence clauses, and you can use commas, but both hinders
reading;
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
|
|
encryption for usermod and friends.
OK millert@, seems reasonable for now tedu@
|
|
the errno of an intervening cleanup operation like close/unlink/etc.
Diff from Doug Hogan (doug (at) acyclic.org)
|
|
|
|
check for skeldir set to the empty string. Fixes a problem where
the owner/mode is not set on the user's homedir if the specified
skeldir does not exist. OK ajacoutot@
|
|
This matches what pw_scan() expects. OK deraadt@
|
|
|
|
ok guenther
|
|
or 13*. Also make sure to never endup with an empty password.
cluebat and ok miod@
|
|
Do not try to (un)lock system users; people wanting to do so (???) will
know what they do and use vipw(8).
unlocking issue reported by Andre Stobe on tech@
cluesticks and ok miod@, ok deraadt@
|
|
created users into their own primary group.
This does not change existing installations that already have a
usermgmt.conf(5).
ok todd@ beck@
|
|
-U to unlock an account
-Z to lock an account
Locking means adding a '*' prefix to the encrypted password and appending
a '-' to the user's shell... and obviously the opposite for unlocking.
some inputs from sthen@, otto@ and deraadt@
ok todd@
|
