333094 |
30-Apr-2018 |
emaste |
MFC r332902: pwd_mkdb: default to network (big) endian hash order
For cross-architecture reproducibility. The db(3) functions work with hashes of either endianness, and the current (v4) version password db entries already store integers in network order. Do so with the hash as well so that identical password databases can be created on big- and little-endian hosts.
The -B and -L flags exist to set the endianness for legacy (v3) entries when the -l flag is used, and they will still control hash endianness (at least until the backwards compatibility infrastructure is removed [a change that will not be merged to stable/11]).
Sponsored by: The FreeBSD Foundation |
332929 |
24-Apr-2018 |
emaste |
pwd_mkdb: add legacy support deprecation notice
MFC r332789: pwd_mkdb: warn that legacy support is deprecated (if specified)
r283981 switched pwd_mkdb to emit only v4 database entries by default, and introduced a -l (legacy) option emit v3 entries in addition. The commit message claims that legacy support will be removed in 12.0, so emit a warning now if it is used.
MFC r332875: pwd_mkdb: add deprecation notice in manpage too
Followon to r332789; as reported on the -current and -stable lists and in review D15144 the -l option will be removed before FreeBSD 12.0.
Relnotes: Yes Sponsored by: The FreeBSD Foundation |
295925 |
23-Feb-2016 |
dwmalone |
Following revision r295924, the changes to a db file should be fsynced before the file is closed. Consequently, it shouldn't be necessary to open the file with O_SYNC any more.
This improves the performance of building large .db files for large password files a lot and should resolve this problem:
https://forums.freebsd.org/threads/10-2-pre-pwd_mkdb-slow-on-larger-master-passwd.52700/
Differential Revision: https://reviews.freebsd.org/D5186 Reviewed by: garga, vangyzen, bapt, se MFC after: 1 week
|
285050 |
02-Jul-2015 |
garga |
When passwd or group information is changed (by pw, vipw, chpass, ...) temporary file is created and then a rename() call move it to official file. This operation didn't have any check to make sure data was written to disk and if a power cycle happens system could end up with a 0 length passwd or group database.
There is a pfSense bug with more infor about it:
https://redmine.pfsense.org/issues/4523
The following changes were made to protect passwd and group operations:
* lib/libutil/gr_util.c: - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file - After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.c - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
* usr.sbin/pwd_mkdb/pwd_mkdb.c - Added O_SYNC flag on dbopen() calls - After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.3 - pw_lock() returns a file descriptor to master password file on success
Differential Revision: https://reviews.freebsd.org/D2978 Approved by: bapt Sponsored by: Netgate
|
283981 |
04-Jun-2015 |
delphij |
In r113596, version 4 of entries have been added but pwd_mkdb have been generating both new (machine independent) and legacy version entries (endianness sensitive).
The base system have been using the new format for quite some time, so disable the generation by default.
An interim option, -l, have been added to re-enable old behavior. The -l, -B and -L options are considered deprecated and will be removed in FreeBSD 12.0 release.
|
223818 |
06-Jul-2011 |
gordon |
Only increment the ypcnt once per data record. The old implementation was incrementing it twice making it impossible to iterate the table since the records were 1, 3, 5, 7 (or 2, 4, 6, 8 for the v3 records).
MFC after: 10 days
|
192432 |
20-May-2009 |
brian |
Verify that the username length is smaller than MAXLOGNAME when asked to verify a passwd file (pwd_mkdb -C).
Entries with oversized usernames are still permitted when building the passwd database.
When entries are >= MAXLOGNAME in length, they are correctly stored in passwd, pwd.db and spwd.db but are only correctly retrieved by getpwent*() and getpwuid*(). getpwnam*() truncates to MAXLOGNAME - 1 when reading from a file (breaking at least sh, tcsh and bash) and utilities such as su(1) check, complain and fail if the passed name is >= MAXLOGNAME in length.
MFC after: 3 weeks
|
142832 |
28-Feb-2005 |
ru |
Add endianness support.
While version 4 entries are architecture-independent, we also store old (version 3) entries in native byte order. Also, the hash itself is created in a native byte order.
With this change, pwd_mkdb(8) can be used to cross-build *pwd.db files for another architecture.
Tested on: i386, amd64, alpha, sparc64
|
114159 |
28-Apr-2003 |
nectar |
When updating a single entry (i.e. when the `-u' option is given), do not add the "\xFF" "VERSION" key --- it should only be added once ALL entries have been updated.
While I'm here, correct the logic that detects whether or not the user-ID has changed so that it works even if all entries have not yet been updated to the new format.
Users missing-in-action were Reported by: tjr, Vallo Kallaste <vallo@estcard.ee>, leafy <leafy@leafy.idv.tw>
Sponsored by: DARPA, Network Associates Laboratories
|
113666 |
18-Apr-2003 |
nectar |
Revert the definitions of _PW_KEY* to their previous values. There is at least one consumer outside of libc and pwd_mkdb. Adjust the versioning in libc and pwd_mkdb accordingly.
named was the application affected, and that fact was first Reported by: Zherdev Anatoly <tolyar@mx.ru>
Sponsored by: DARPA, Network Associates Laboratories
|
65532 |
06-Sep-2000 |
nectar |
Add nsswitch support. By creating an /etc/nsswitch.conf file, you can configure FreeBSD so that various databases such as passwd and group can be looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch: . getgrent, getgrnam, getgrgid . getpwent, getpwnam, getpwuid . getusershell . getaddrinfo . gethostbyname, gethostbyname2, gethostbyaddr . getnetbyname, getnetbyaddr . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified to warn that host.conf is no longer used at boot time. In addition, if there is a host.conf but no nsswitch.conf, the latter is created at boot time from the former.
Obtained from: NetBSD
|
54034 |
02-Dec-1999 |
sheldonh |
Replace the -q option to pwd_mkdb with a test for PW_SCAN_BIG_IDS in the environment. This allows big ID warnings to be suppressed for vipw and chpass as well.
Since the environment variable test is only performed for callers of pw_scan() that do not set pw_big_ids_warning, the test can still be overriden. Currently, chpass and pwd_mkdb are the only users of pw_scan() and neither of them overrides the environment variable test.
|
48791 |
12-Jul-1999 |
nik |
Add $Id$, to make it simpler for members of the translation teams to track.
The Id line is normally at the bottom of the main comment block in the man page, separated from the rest of the manpage by an empty comment, like so;
.\" $Id$ .\"
If the immediately preceding comment is a @(#) format ID marker than the the $Id$ will line up underneath it with no intervening blank lines. Otherwise, an additional blank line is inserted.
Approved by: bde
|
41712 |
13-Dec-1998 |
dillon |
PR: bin/3478
Have pwd_mkdb lock the source file while rebuilding the database. When called by programs such as vipw, the source file is a temporary file and this does not conflict with the lock on /etc/master.passwd already held by vipw. When run manually, however, master.passwd is typically specified as the argument and the locking prevents other programs from messing with master.passwd during the database rebuild.
Also pwd_mkdb uses a blocking exclusive lock as it may be called from a script. The -N option was added to cause pwd_mkdb to get the lock non-blocking and exit with an error if the attempt fails, again useful for scripts.
|
19085 |
22-Oct-1996 |
wpaul |
Begin closing out PR #1519 (this requires a change to chpass too, and both changes need to be pulled into the stable branch). The problem here is that when pwd_mkdb creates /etc/passwd, it turns empty UID and GID fields into zeroes. To fix this, we check the _PWF_UID and _PWF_GID bits in the pw_fields flag: if the bits are not set, we print an empty field instead of a zero. This way, you don't get zeroes in the UID or GID fields unless you explicit want them.
|
16876 |
01-Jul-1996 |
guido |
Implement incremental passwd database updates. This is done by ading a '-u' option to pwd_mkdb and adding this option to utilities invoking it. Further, the filling of both the secure and insecure databases has been merged into one loop giving also a performance improvemnet. Note that I did *not* change the adduser command. I don't read perl (it is a write only language anyway). The change will drastically improve performance for passwd and friends with large passwd files. Vipw's performance won't change. In order to do that some kind of diff should be made between the old and new master.passwd and depending the amount of changes, an incremental or complete update of the databases should be agreed upon.
|
15268 |
16-Apr-1996 |
wpaul |
NIS cleanups and fixes, the next generation, continued.
pwd_mkdb.c:
- Don't save the PLUSCNT and MINUSCNT tokens: we don't need them anymore.
- Count the + and - entires for NIS together instead of counting + and - entries seperately. Index all special NIS entries using new _PW_KEYYPBYNUM token.
pwd.h:
- Remove the PLUSBYNUM, MINUSBYNUM, PLUSCNT and MINUSCNT tokens and replace then with a single _PW_KEYYPBYNUM token.
|
7291 |
23-Mar-1995 |
wpaul |
Re-enable +::::::::: wildcards that I had previously disallowed.
Note: if you put +::0:0:::::: in /etc/master.passwd as your only NIS entry, it will cause all NIS uids and gids to be remapped to zero. This is *intentional*. That's the way it's supposed to work. Enabling NIS with no remapping at all is done with +:::::::::, not +::0:0::::::. Similarly, +:::::::::/bin/csh will remap the shells of all NIS users to /bin/csh. Or, you could do +wpaul:::::::::/bin/csh to remap NIS user wpaul's shell to /bin/csh but leave everyone else alone.
|
7257 |
23-Mar-1995 |
wpaul |
- Add support for embedding special entries in the password databases for +@netgroup/-@netgroup entries. This saves the getpwent functions from having to do all the work.
- Fix potential bug: when pwd_mkdb writes the YP-enabled flag to the secure password database, it uses the wrong database descriptor. (It uses the descriptor from the non-secure database, which is already closed by the time things are being written into the secure dastabase).
|
2916 |
20-Sep-1994 |
wollman |
Maintain pw_fields, and output same to password database.
!!!!!!!! NB !!!!!!!! You MUST pwd_mkdb /etc/master.passwd before attempting to use the new libc, or things may go wrong. (I doubt anything actually /will/ go wrong, but the actual behavior is undefined. YOU HAVE BEEN WARNED.) The database format is, however, backwards-compatible, so old executables will still work.
|