#
559a218c |
|
01-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
libc: Purge unneeded cdefs.h These sys/cdefs.h are not needed. Purge them. They are mostly left-over from the $FreeBSD$ removal. A few in libc are still required for macros that cdefs.h defines. Keep those. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D42385
|
#
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
701473ef |
|
27-Nov-2021 |
Konstantin Belousov <kib@FreeBSD.org> |
libc/gen/getpwent.c: plug warnings about write-only variables Sponsored by: The FreeBSD Foundation MFC after: 1 week
|
#
3b666932 |
|
05-Apr-2021 |
Mark Johnston <markj@FreeBSD.org> |
libc: Fix the WITH_HESIOD build Reported by: Daniel Braniss <danny@cs.huji.ac.il> MFC after: 1 week
|
#
5619d49e |
|
21-Jan-2021 |
Mark Johnston <markj@FreeBSD.org> |
libc/nss: Restore iterator state when doing passwd/group lookups The getpwent(3) and getgrent(3) implementations maintain some internal iterator state. Interleaved calls to functions which do passwd/group lookups using a key, such as getpwnam(3), would in some cases clobber this state, causing a subsequent getpwent() or getgrent() call to restart iteration from the beginning of the database or to terminate early. This is particularly troublesome in programming environments where execution of green threads is interleaved within a single OS thread. Take care to restore any iterator state following a keyed lookup. The "files" provider for the passwd database was already handling this correctly, but "compat" was not, and both providers had this problem when accessing the group database. PR: 252094 Submitted by: Viktor Dukhovni <ietf-dane@dukhovni.org> MFC after: 1 month
|
#
9ad1d357 |
|
19-Sep-2020 |
Alan Somers <asomers@FreeBSD.org> |
fix integer underflow in getgrnam_r and getpwnam_r Sometimes nscd(8) will return a 1-byte buffer for a nonexistent entry. This triggered an integer underflow in grp_unmarshal_func, causing getgrnam_r to return ERANGE instead of 0. Fix the user's buffer size check, and add a correct check for a too-small nscd buffer. PR: 248932 Event: September 2020 Bugathon Reviewed by: markj MFC after: 2 weeks Sponsored by: Axcient Differential Revision: https://reviews.freebsd.org/D26204
|
#
6671366a |
|
15-Apr-2020 |
Brooks Davis <brooks@FreeBSD.org> |
Fix -Wvoid-pointer-to-enum-cast warnings. This pattern is used in callbacks with void * data arguments and seems both relatively uncommon and relatively harmless. Silence the warning by casting through uintptr_t. This warning is on by default in Clang 11. Reviewed by: arichardson Obtained from: CheriBSD (partial) MFC after: 1 week Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D24425
|
#
34e9190d |
|
26-Jul-2018 |
Ian Lepore <ian@FreeBSD.org> |
Make pw_scan(3) more compatible with getpwent(3) et. al. when processing data from /etc/passwd rather than /etc/master.passwd. The libc getpwent(3) and related functions automatically read master.passwd when run by root, or passwd when run by a non-root user. When run by non- root, getpwent() copes with the missing data by setting the corresponding fields in the passwd struct to known values (zeroes for numbers, or a pointer to an empty string for literals). When libutil's pw_scan(3) was used to parse a line without the root-accessible data, it was leaving garbage in the corresponding fields. These changes rename the static pw_init() function used by getpwent() and friends to __pw_initpwd(), and move it into pw_scan.c so that common init code can be shared between libc and libutil. pw_scan(3) now calls __pw_initpwd() before __pw_scan(), just like the getpwent() family does, so that reading an arbitrary passwd file in either format and parsing it with pw_scan(3) returns the same results as getpwent(3) would. This also adds a new pw_initpwd(3) function to libutil, so that code which creates passwd structs from scratch in some manner that doesn't involve pw_scan() can initialize the struct to the values expected by lots of existing code, which doesn't expect to encounter NULL pointers or garbage values in some fields.
|
#
d915a14e |
|
25-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
libc: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
|
#
bf51882a |
|
16-Apr-2016 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
libc: make some more use of the nitems() macro. We have an nitems() macro in the <sys/param.h> header that is convenient to re-use as it makes things easier to read. Given that it is available already without adding additional headers and other parts of libc already use it, extend a bit more its use.
|
#
3e973f9b |
|
25-Oct-2015 |
Enji Cooper <ngie@FreeBSD.org> |
Fix compiling with gcc [4.2.1] after r287797 when MK_HESOID == no and MK_NIS == no by converting `i` back to an int, and instead cast the loop comparison to `int` The loop comparison is iterating the len(ns_dtab)-1, because the last element is the sentinel tuple { NULL, NULL, NULL, }, so when both HESOID and NIS are off, len(ns_dtab)-1 == 1 - 1 == 0, and the loop is skipped because the expression is tautologically false While here, convert `(sizeof(x) / sizeof(x[0]))` to `nitems(x)` Tested with: clang 3.7.0, gcc 4.2.1, and gcc 4.9.4 [*] with MK_NIS={no,yes} and by running bash -lc 'id -u && id -g && id' * gcc 4.9.4 needs another patch in order for the compile to succeed with -Werror with lib/libc/gen/getgrent.c Reported by: jhibbits
|
#
e263ec16 |
|
14-Sep-2015 |
Craig Rodrigues <rodrigc@FreeBSD.org> |
Use unsigned variables in a few places. Eliminates gcc 4.9 warnings.
|
#
b3d078e6 |
|
06-Mar-2015 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
compat_passwd(): yet another uninitialized access to stayopen. CID: 1018731
|
#
a69a20fa |
|
19-Feb-2015 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
Fix small memleaks in nis_passwd() and nis_group(). These only occur upon error. Code Review: https://reviews.freebsd.org/D1849 Reviewed by: delphij CID: 1016715 CID: 1016717
|
#
09cc2762 |
|
15-Feb-2015 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
More tidy-ups on uninitialized scalar variable As a followup to r278363, there is one more case where stayopen can be accessed uninitialized, but even after swapping arguments, access is possible in some other cases so prevent it completely by initializing stayopen. CID: 1018729 CID: 1018732
|
#
eb77fbdc |
|
07-Feb-2015 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
Protect uninitialized scalar variable from being accessed In a couple of cases a variable "stayopen" can be checked unitialized. This is of no danger as the complementary condition is false but prevent the access by switching the checks. CID: 1018729 CID: 1018732
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
06a99fe3 |
|
27-Apr-2006 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- Extend the nsswitch to support Services, Protocols and Rpc databases. - Make nsswitch support caching. Submitted by: Michael Bushkov <bushman__at__rsu.ru> Sponsored by: Google Summer of Code 2005
|
#
5edb850f |
|
17-May-2004 |
Tim Kientzle <kientzle@FreeBSD.org> |
POSIX prohibits any library function from setting errno to 0. Correct my previous commit and add a comment to the manpage indicating that the user must set errno to 0 if they wish to distinguish "no such user" from "error". Pointed out by: Jacques Vidrine (nectar@)
|
#
b4cc8687 |
|
17-May-2004 |
Tim Kientzle <kientzle@FreeBSD.org> |
If getpwent/getpwuid/getpwnam return NULL, they must also set errno.
|
#
dbb4b1c8 |
|
21-Apr-2004 |
Jonathan Chen <jon@FreeBSD.org> |
Fix a bug that could result in getpw*() incorrectly returning NULL when NIS adjunct maps are used. One symtom of this bug is sshd saying: login_get_lastlog: Cannot find account for uid X when logging in. The problem here is caused by an incorrect reuse of the rv variable when previous values are needed later.
|
#
16fc3635 |
|
05-Mar-2004 |
Mark Murray <markm@FreeBSD.org> |
Make NULL a (void*)0 whereever possible, and fix the warnings(-Werror) that this provokes. "Wherever possible" means "In the kernel OR NOT C++" (implying C). There are places where (void *) pointers are not valid, such as for function pointers, but in the special case of (void *)0, agreement settles on it being OK. Most of the fixes were NULL where an integer zero was needed; many of the fixes were NULL where ascii <nul> ('\0') was needed, and a few were just "other". Tested on: i386 sparc64
|
#
3beb62d3 |
|
12-Jan-2004 |
Jacques Vidrine <nectar@FreeBSD.org> |
Kill whitespace at end of lines.
|
#
2734a36f |
|
12-Jan-2004 |
Jacques Vidrine <nectar@FreeBSD.org> |
Fix a bug that could result in a null pointer dereference in getpwent(3) or getpwuid(3) when using NIS adjunct maps. The bug was present in the internal `nis_passwd' function. The lookup in the adjunct map used the name passed into `nis_passwd', however no name was of course supplied by getpwent or getpwuid. Correctly use the name from the `struct pwd' that was found instead. PR: bin/59962 Submitted by: Gabriel Gomez <ggomez@fing.edu.uy>
|
#
0287aa1c |
|
18-Jul-2003 |
Bill Paul <wpaul@FreeBSD.org> |
Revert to using yp_order() to probe for master.paswd.by* maps and don't probe the server at all for passwd.by* maps. This fixes interoperability with the Services For UNIX NIS server (which is really a front end to Captive^WActiveDirectory). This server incorrectly returns success for all YPPROC_MASTER requests, even for maps that don't exist, which makes it impossible to (ab)use it to probe for the existence of the master.passwd.by* maps. This is a little kludgey, but basically restores the original behavior of getpwent.c as it is in -stable, and works around both the lack of YPPROC_ORDER on NIS+ servers as well as the broken YPPROC_MASTER on Services For UNIX servers.
|
#
788940b4 |
|
26-Jun-2003 |
John W. De Boskey <jwd@FreeBSD.org> |
fix NIS+ YP compat mode PR: bin/52792 Submitted by: TOMITA Yoshinori <yoshint@flab.fujitsu.co.jp>
|
#
d0509082 |
|
01-May-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Back out the `hiding' of strlcpy and strlcat. Several people vocally objected to this safety belt.
|
#
5723e501 |
|
29-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
`Hide' strlcpy and strlcat (using the namespace.h / __weak_reference technique) so that we don't wind up calling into an application's version if the application defines them. Inspired by: qpopper's interfering and buggy version of strlcpy
|
#
c14d379d |
|
25-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
When using `compat' mode, be sure to re-dispatch setpwent, endpwent, setgrent, and endgrent also. (The previous NSS implementation used to simply twiddle the internal data of the various modules directly.) A symptom (group list set incorrectly in sshd) was Reported by: Glenn Johnson <gjohnson@srrc.ars.usda.gov> Sponsored by: DARPA, Network Associates Laboratories
|
#
e2527daf |
|
24-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
In compat mode, we `redispatch' the lookup. It is probably a good idea to re-initialize `struct passwd', because e.g. pw_class might get set by one module, but not by another. Add another call to the internal pwd_init function to accomplish this. Sponsored by: DARPA, Network Associates Laboratories
|
#
d3fc864f |
|
21-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Don't try to access the NIS `master' maps unless we have superuser privileges. To do so may cause the NIS server to log spurious and annoying `access denied' messages. Reported by: Philip Paeps <philip@paeps.cx> Sponsored by: DARPA, Network Associates Laboratories
|
#
171614bf |
|
18-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Follow-up to revision 1.74: Using the result buffer to store our empty string was an incredibly dumb idea (of course it will be changed by an NSS module on success!). Use a static empty string instead. Sponsored by: DARPA, Network Associates Laboratories
|
#
a9ceaa9d |
|
18-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Follow-up to revision 1.73: set _PWF_FILES when `compat' source is used but user is found in local file. Reported by: Shizuka Kudo <shizukakudo_99@yahoo.com> Sponsored by: DARPA, Network Associates Laboratories
|
#
4c3c0fec |
|
18-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Don't use `memset' to initialize a struct passwd. A module may not fill in all fields, and in the case of string fields, this could cause trouble for applications. (The only likely example is `pw_class', because this field is not used by all modules in all cases.) Move initialization of struct passwd from module-specific code to the dispatch code. The problem of a NULL pw_class was Noticed by: Philip Paeps <philip@paeps.cx> and the c^Htrusty ssh(1) command. Déjà vu by: getpwent.c revision 1.56 Sponsored by: DARPA, Network Associates Laboratories
|
#
71cc8f07 |
|
18-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Correctly set _PWF_FILES in pw_fields when appropriate. (_PWF_NIS and _PWF_HESIOD were already being set.) Reported by: Shizuka Kudo <shizukakudo_99@yahoo.com> Sponsored by: DARPA, Network Associates Laboratories
|
#
b4603f3d |
|
18-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Revert the definitions of _PW_KEY* to their previous values. There is at least one consumer outside of libc and pwd_mkdb. Adjust the versioning in libc and pwd_mkdb accordingly. named was the application affected, and that fact was first Reported by: Zherdev Anatoly <tolyar@mx.ru> Sponsored by: DARPA, Network Associates Laboratories
|
#
1b467db2 |
|
17-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
The default if nsswitch.conf(5) is not present is supposed to be the hated `compat' source, not `files'. Reported by: Philip Paeps <philip@paeps.cx> Sponsored by: DARPA, Network Associates Laboratories
|
#
05f98035 |
|
17-Apr-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
= Implement thread-safe versions of the getpwent(3) and getgrent(3) family of functions using the new nsdispatch(3) core. Remove arbitrary size limits when using the thread-safe versions. = Re-implement the traditional getpwent(3)/getgrent(3) functions on top of the thread-safe versions. = Update the on-disk format of the hashed version of the passwd(5) databases to allow for versioned entries. The legacy version is `3'. (Don't ask.) = Add support for version `4' entries in the passwd(5) database. Entries in this format are identical to version 3 entries except that all integers are stored as 32-bit integers in network byte order (big endian). = pwd_mkdb is updated to generate both version 3 and version 4 entries. Sponsored by: DARPA, Network Associates Laboratories
|
#
2bbd7cf8 |
|
27-Feb-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Eliminate 19 warnings in libc (at level WARNS=2) of the `implicit declaration of function' variety.
|
#
e0554a53 |
|
16-Feb-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Eliminate 61 warnings emitted at WARNS=2 (leaving 53 to go). Only warnings that could be fixed without changing the generated object code and without restructuring the source code have been handled. Reviewed by: /sbin/md5
|
#
719137a6 |
|
07-May-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix bug that causes passwd and friends to fail when the user has a '+' in their passwd file for NIS because _PWF_SOURCE is not set. Submitted by: amigus (perforce change 10969)
|
#
00d9b6b8 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Missed a spot in previous commit. Sponsored by: DARPA, NAI Labs
|
#
e479b601 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
(ab)use unused bits in the pw_fields member of struct passwd to record the source of the data contained in the structure. Sponsored by: DARPA, NAI Labs
|
#
b231cb39 |
|
31-Jan-2002 |
David E. O'Brien <obrien@FreeBSD.org> |
* Remove __P and convert to ANSI prototypes. * Remove 'register'. (some functions had 7+ register functions...) * Fix SCM ID's.
|
#
56bcbf00 |
|
30-Jan-2002 |
Bruce Evans <bde@FreeBSD.org> |
Fixed world breakage due to missing include of <sys/cdefs.h> in previous commit. Fixed related style bugs: basename.c: misplaced '#if 0' dirname.c: misplaced '#if 0' getgrent.c: missing '#if 0', and tab lossage in vendor id (the previous commit fixed the complete corruption of the vendor id but lost a tab) getpwent.c: missing '#if 0'
|
#
135b57f9 |
|
30-Jan-2002 |
David E. O'Brien <obrien@FreeBSD.org> |
Fix FreeBSD IDs.
|
#
9213df7c |
|
26-Oct-2001 |
Peter Wemm <peter@FreeBSD.org> |
Explicitly use int32_t for on-disk records for pw_change and pw_expire, since that is what we use now and this insulates us from any time_t tweaks here. We can define a record format that uses 64 bit times if/when we need to.
|
#
75328eca |
|
18-Jun-2001 |
David Malone <dwmalone@FreeBSD.org> |
If the username we are trying to look up in the db files won't fit into the buffer then act like it doesn't exist. The buffer is always big enough for any valid username. PR: 27860 Reviewed by: nectar
|
#
d201fe46 |
|
24-Jan-2001 |
Daniel Eischen <deischen@FreeBSD.org> |
Remove _THREAD_SAFE and make libc thread-safe by default by adding (weak definitions to) stubs for some of the pthread functions. If the threads library is linked in, the real pthread functions will pulled in. Use the following convention for system calls wrapped by the threads library: __sys_foo - actual system call _foo - weak definition to __sys_foo foo - weak definition to __sys_foo Change all libc uses of system calls wrapped by the threads library from foo to _foo. In order to define the prototypes for _foo(), we introduce namespace.h and un-namespace.h (suggested by bde). All files that need to reference these system calls, should include namespace.h before any standard includes, then include un-namespace.h after the standard includes and before any local includes. <db.h> is an exception and shouldn't be included in between namespace.h and un-namespace.h namespace.h will define foo to _foo, and un-namespace.h will undefine foo. Try to eliminate some of the recursive calls to MT-safe functions in libc/stdio in preparation for adding a mutex to FILE. We have recursive mutexes, but would like to avoid using them if possible. Remove uneeded includes of <errno.h> from a few files. Add $FreeBSD$ to a few files in order to pass commitprep. Approved by: -arch
|
#
0634de0c |
|
13-Nov-2000 |
Jacques Vidrine <nectar@FreeBSD.org> |
Fix bug introduced in previous commit: users obtained via compat mode had uid, gid set to 0 if not otherwise specified! Submitted by: eivind
|
#
61a33b7c |
|
10-Nov-2000 |
Jacques Vidrine <nectar@FreeBSD.org> |
Fix passwd entry `prototypes' in compat mode. I broke this in revision 1.55 when importing nsswitch from NetBSD. Reported by: Naoki Kobayashi <shibata@geo.titech.ac.jp>
|
#
580ef747 |
|
27-Oct-2000 |
Jacques Vidrine <nectar@FreeBSD.org> |
Explicitly initialize _pw_passwd.
|
#
248aee62 |
|
06-Sep-2000 |
Jacques Vidrine <nectar@FreeBSD.org> |
Add nsswitch support. By creating an /etc/nsswitch.conf file, you can configure FreeBSD so that various databases such as passwd and group can be looked up using flat files, NIS, or Hesiod. = Hesiod has been added to libc (see hesiod(3)). = A library routine for parsing nsswitch.conf and invoking callback functions as specified has been added to libc (see nsdispatch(3)). = The following C library functions have been modified to use nsdispatch: . getgrent, getgrnam, getgrgid . getpwent, getpwnam, getpwuid . getusershell . getaddrinfo . gethostbyname, gethostbyname2, gethostbyaddr . getnetbyname, getnetbyaddr . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr = host.conf has been removed from src/etc. rc.network has been modified to warn that host.conf is no longer used at boot time. In addition, if there is a host.conf but no nsswitch.conf, the latter is created at boot time from the former. Obtained from: NetBSD
|
#
8f6d4800 |
|
04-Aug-2000 |
Kris Kennaway <kris@FreeBSD.org> |
sprintf -> snprintf paranoia
|
#
0200080b |
|
15-Oct-1999 |
Andrey A. Chernov <ache@FreeBSD.org> |
YP/NIS code: remove unnecessary endgrent() calls which can cause fail on next try over chroot (descriptor closed). getgrnam() used already handles endgrent() properly and honors _gr_stayopen. Automatically call setgroupent(1) when _pw_stayopen is set (for YP/NIS code).
|
#
8b7690ea |
|
16-Oct-1999 |
Andrey A. Chernov <ache@FreeBSD.org> |
Fix longstanding bug "unused stayopen" introduced in rev1.11 PR: 14201
|
#
ecab1f68 |
|
06-Sep-1999 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't forget to reset _pw_stepping_yp to 0 before returning. Fixes a bug where getpwent() would ignore wildcard entries that followed a netgroup entry. PR: misc/12999 Submitted by: David Hedley <david@inty.net>
|
#
a180d48d |
|
03-Jun-1999 |
Bill Paul <wpaul@FreeBSD.org> |
Apply patch for PR #12008: remember to reset _yp_enabled flag in endpwent() so we don't trip over a NULL db pointer later. PR: 12008 Submitted by: Valentin Netchayev <netch@lucky.net>
|
#
9b030d10 |
|
27-Mar-1999 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Partial fix for the forking problem: if we can't access the master maps, try again with the unrestricted map. PR: bin/10821
|
#
630dc76f |
|
17-Dec-1998 |
Eivind Eklund <eivind@FreeBSD.org> |
Restore old semantics (broken in rev 1.47's buffer overflow fix).
|
#
ebed2088 |
|
29-Oct-1998 |
Mike Smith <msmith@FreeBSD.org> |
Prevent buffer overflow in getpwnam() PR: bin/8176 Submitted by: Archie Cobbs <archie@whistle.com>
|
#
e8420087 |
|
15-Sep-1998 |
Warner Losh <imp@FreeBSD.org> |
Replace memory leaking instances of realloc with non-leaking reallocf. In some cases replace if (a == null) a = malloc(x); else a = realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is guaranteed to be the same thing. I've been running these on my system here w/o ill effects for some time. However, the CTM-express is at part 6 of 34 for the CAM changes, so I've not been able to do a build world with the CAM in the tree with these changes. Shouldn't impact anything, but...
|
#
b5acd001 |
|
15-Sep-1998 |
Dmitrij Tejblum <dt@FreeBSD.org> |
Don't initialize NIS until it is really necessary. Now, in case of network or NIS server problems, local user can login without a pause. Also, -Wsomething cleanup.
|
#
2e645a20 |
|
31-Jan-1998 |
Steve Price <steve@FreeBSD.org> |
XOpen says the void setpwent(void) is correct. Also call setpassent(0) instead of duplicating code, albeit trivial (inspired by NetBSD). PR: 5524
|
#
d030d2d2 |
|
18-Sep-1997 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Many places in the code NULL is used in integer context, where plain 0 should be used. This happens to work because we #define NULL to 0, but is stylistically wrong and can cause problems for people trying to port bits of code to other environments. PR: 2752 Submitted by: Arne Henrik Juul <arnej@imf.unit.no>
|
#
211fed7e |
|
15-Sep-1997 |
Wolfram Schneider <wosch@FreeBSD.org> |
Fix yet a minor stylistic nit from Bruce. (`cvs diff -ib' print one new char ;-).
|
#
8be26e5d |
|
14-Sep-1997 |
Wolfram Schneider <wosch@FreeBSD.org> |
Potential bufferflow in getpwent(), getpwnam() and getpwuid() PR: bin/4134 Submitted by: nick@foobar.org
|
#
c333ae82 |
|
26-Mar-1997 |
David Nugent <davidn@FreeBSD.org> |
Remove minor warning (for -Wall -Wshadow); clarifies code.
|
#
adf6ad9e |
|
11-Mar-1997 |
Peter Wemm <peter@FreeBSD.org> |
Merge from Lite2: filesystem include updates, duplicate group suppression, cleanups, filesystem whiteout support (unionfs), bidir popen().
|
#
662909a7 |
|
11-Mar-1997 |
Peter Wemm <peter@FreeBSD.org> |
Import CSRG 4.4BSD-Lite2 lib/libc onto vendor branch
|
#
09e84628 |
|
10-Mar-1997 |
Bill Paul <wpaul@FreeBSD.org> |
Fix brain-o in SunOS passwd.adjunct stuff: !strstr(s, "##") is a) bad style and b) the wrong logic. Should be strstr(s, "##") != NULL. (Note that the passwd.adjunct stuff has not been merged into 2.2 so this bug is not in that branch.)
|
#
1d2493ff |
|
27-Dec-1996 |
Bill Paul <wpaul@FreeBSD.org> |
Small yet significant tweaks/cleanups: - getpwent: o adjunctbuf should be NUL terminated after copying o _pw_breakout_yp() needs to know the length of the buffer returned from YP so it can properly NUL terminate its local buffer. - getgrent: o YP buffers should be YPMAXRECORD + 2 bytes long and NUL terminated. (Previously they were hardcoded to 1024 bytes.) - getnetgrent: o YP data should be copied with snprintf(), not sprintf() These are 2.2 candidates. I will wait a few days to make sure these don't break anything and then, if there are no objections, move them to the 2.2 branch.
|
#
2be5d4cb |
|
03-Dec-1996 |
Bill Paul <wpaul@FreeBSD.org> |
Add support for detecting and hopefully using the passwd.adjunct.byname NIS map which is present on SunOS NIS servers with the SunOS C2 security hack^Woption installed. I'm convinced that the C2 security option restricts access to the passwd.adjunct.byname map in the same way that I restrict access to the master.passwd.{byname,buid} maps (checking for reserved ports), which means that we should be able to handle passwd.adjunct.byname map correctly. If _havemaster() doesn't find a master.passwd.byname map, it will now test for a passwd.adjunct.byname map before defaulting back to the standard non-shadowed passwd.{byname,byuid} maps. If _pw_breakout_yp() sees that the adjunct map was found and the password from the standard maps starts with ##, it will try to grab the correct password field from the adjunct map. As with the master.passwd maps, this only happens if the caller is root, so the shadowing feature is preserved; non-root users just get back ##username as the encrypted password. Note that all we do is grab the second field from the passwd.adjunct.byname entry, which is designated to be the real encrypted password. There are other auditing fields in the entry but they aren't of much use to us. Also switched back to using yp_order() to probe for the maps (instead of yp_first()). The original problem with yp_order() was that it barfed with NIS+ servers in YP compat mode since they don't support the YPPROC_ORDER procedure. This condition is handled a bit more gracefully in yplib now: we can detect the error and just punt on the probing.
|
#
51295a4d |
|
12-Jul-1996 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
General -Wall warning cleanup, part I. Submitted-By: Kent Vander Velden <graphix@iastate.edu>
|
#
03cee47d |
|
07-May-1996 |
Bill Paul <wpaul@FreeBSD.org> |
Grrrr... yet another variation on Murphy's Law: the best way to find bugs in your code is to put it in the -stable branch. (Corollary: the day you discover the bug is the day the Internet decides to route your telnet session to the repository box via Zimbabwe.) Remove one bogus free(result) (from _havemaster()) that slipped by me. Flagged by: phkmalloc Pointed out to me by: Stefan Esser
|
#
88ce2dd1 |
|
29-Apr-1996 |
Bill Paul <wpaul@FreeBSD.org> |
Very minor tweak: In __initdb(), a failure to open the local password database is supposed to result in a warning message being syslog()ed. This warning is only supposed to be generated as long as the 'warned' flag hasn't been yet; once the warning is generated, the flag should be set so that the message is only syslog()ed once. However, while the state of the flag is checked properly, the flag's state is never changed, so you always get multiple warnings instead of just one. Pointed out by: Peter Wemm
|
#
94c53e1f |
|
15-Apr-1996 |
Bill Paul <wpaul@FreeBSD.org> |
NIS cleanups and fixes, the next generation. getnetgrent.c: - Catch one bogon that snuck by: in _listmatch(), check for '\0' rather than '\n'; strings returned from yp_match() are terminated with a nul, not a newline. getpwent.c: - Rip out all of the +inclusion/-exclusion stuff from before and replace it with something a little less grotty. The main problem with the old mechanism was that it wasted many cycles processing NIS entries even after it already knew they were to be exlcuded (or not included, depending on your pointof view). The highlights of these changes include: o Uses an in-memory hash database table to keep track of all the -@netgroup, -user, and -@group exclusions. o Tries harder to duplicate the behavior normally obtained when using NIS inclusions/exclusions on a flat /etc/passwd file (meaning things come out in much the same order). o Uses seperate methods for handling getpwent() and getpwnam()/getpwuid() operations instead of trying to do everything with one general function, which didn't work as well as I thought it would. o Uses both getnetgrent() and innetgr() to try to save time where possible. o Use only one special token in the local password database (_PW_KEYYPBYNUM) instead of seperate tokens to mark + and - entries (and stop using the counter tokens too). If this new token doesn't exist, the code will make due with the standard _PW_KEYBYNUM token in order to support older databases that won't have the new token in them. All this is an attempt to make this stuff work better in environments with large NIS passwd databases.
|
#
70520b51 |
|
29-Jan-1996 |
Mike Pritchard <mpp@FreeBSD.org> |
Getpwent() and getservent() can wind up calling free() with an invalid pointer if a call to yp_first() fails. Closes PR # 964, and possibly # 952.
|
#
8b102407 |
|
22-Oct-1995 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Minor cleanup, mostly unused vars and missing #includes.
|
#
3948edc2 |
|
11-Oct-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Another tweak/speedup pass: - Fix buffer overflow problem once and for all: do away with the buffer copies to 'user' prior to calling _scancaches() and just pass a pointer to the buffer returned by yp_match()/yp_first()/yp_next()/whatever. (We turn the first ':' to a NUL first so strcmp() works, then change it back later. Submitted by Bill Fenner <fenner@parc.xerox.com> and tweaked slightly by me. - Give _pw_breakout_yp() the 'more elegant solution' I promised way back when. Eliminate several copies to static buffers and replace them with just one copy. (The buffer returned by the NIS functions is at most YPMAXRECORD bytes long, so we should only need one static buffer of the same length (plus 2 for paranoia's sake).) - Also in _pw_breakout_yp(): always set pw.pw_passwd to the username obtained via NIS regardless of what pw_fields says: usernames cannot be overridden so we have no choice but to use the name returned by NIS. - _Again_ in _pw_breakout_yp(): before doing anything else, check that the first character of the NIS-returned buffer is not a '+' or '-'. If it is, drop the entry. (#define EXTRA_PARANOIA 1 :) - Probe for the master.passwd.* maps once during __initdb() instead of doing it each time _getyppass() or _nextyppass() is called. - Don't copy the NIS data buffers to static memory in _getyppass() and _nextyppass(): this is done in _pw_breakout_yp() now. - Test against phkmalloc and phkmalloc/2 (TNG!) to make sure we're free()ing the yp buffers sanely. - Put _havemaster(), _getyppass() and nextyppass() prototypes under #ifdef YP. (Somehow they ended up on the wrong side of the #endif.) - Remove unused variable ___yp_only.
|
#
400b8413 |
|
05-Sep-1995 |
Bill Paul <wpaul@FreeBSD.org> |
getgrent.c: adjust _nextypgroup() slightly so that it continues processing the group map after encountering a badly formatted entry. getpwent.c: same as above for _nextyppass(), and also turn a couple of sprintf()s into snprintf()s to avoid potential buffer overruns. (The other day I nearly went mad because of a username in my NIS database that's actually 9 characters long instead of 8. Stuffing a 9-character username into an 8-character buffer can do some strange things.) (This reminds me: I hope somebody's planning to fix the buffer overrun security hole in syslog(3) before 2.1 ships.)
|
#
d454389c |
|
01-Sep-1995 |
Bill Paul <wpaul@FreeBSD.org> |
getpwent.c: turn the code that checks the override caches into a seperate function to avoid duplication. Also fix getpwent() a small bit to properly handle the case where the magic NIS '+' entry appears before the end of the password file. getgrent.c: be a little more SunOS-ish. Make it look like the NIS group map is 'inserted' at the the point(s) where the magic NIS '+' entry/entries appear. getgrent: fix a file descriptor leak: remember to close the netgroup file after we determine that we're using NIS-only innetgr() lookups.
|
#
6c0828a6 |
|
26-Jun-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Do the same sanity checking in _pw_breakout_yp() that we do in _gr_breakout_yp(): if we encounter a NULL pointer generated as the result of a badly formatted NIS passwd entry (e.g. missing fields), we punt and return an error code, thereby silently skipping the bad entry.
|
#
85e8f5be |
|
16-Jun-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Make _havemaster() use yp_first() (again) instead of yp_order() to ward off possible NIS+ evil. (I might be overly paranoid with this, but it doesn't hurt, so...)
|
#
d3628763 |
|
11-Jun-1995 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
Merge RELENG_2_0_5 into HEAD
|
#
6c06b4e2 |
|
29-May-1995 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
Remove trailing whitespace.
|
#
243ae8c7 |
|
22-Apr-1995 |
Bill Paul <wpaul@FreeBSD.org> |
in _freecaches(): strdup() allocates us memory -- remember to free it.
|
#
8efe1172 |
|
14-Apr-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Head off potential core dump in _havemaster() (we don't need to free any memory here: the underlying YP routines handle this one for us).
|
#
c98fda6e |
|
14-Apr-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Better conformance to SunOS behavior: if we can't match a user to one of the plus or minus lists at all, reject him. This lets you create a +@netgroup list of users that you want to admit and reject everybody else. If you end your +@netgroup list with the wildcard line (+:::::::::) then you'll have a +@netgroup list that remaps the specified people but leaves people not in any netgroup unaffected.
|
#
958f4e36 |
|
03-Apr-1995 |
Bill Paul <wpaul@FreeBSD.org> |
getpwent.c: fix problem with emacs dumping core when NIS is enabled. Also add #includes for YP headers when compiling with -DYP to avoid some implicit declarations. getgrent.c & getnetgrent.c: add some #includes to avoid implicit declarations of YP functions.
|
#
b38bb6d3 |
|
27-Mar-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Use yp_order() instead of yp_first() in _havemaster() to check for the presence of the master.passwd.byname map, and remember to free the returned order value before exiting.
|
#
f05daed9 |
|
24-Mar-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Add calls to endgrent() and endnetgrent() to the end of _createcaches().
|
#
82844700 |
|
24-Mar-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Yikes! Fix stupid mistake I made in last commit that made getpwent() ignore local password entries when YP was enabled. (How the heck did that get by me!?)
|
#
d34ef3d6 |
|
23-Mar-1995 |
Bill Paul <wpaul@FreeBSD.org> |
As per Justin T. Gibbs's request, agument the +@netgroup/-@netgroup remapping mechanism in the following manner: if given an entry +@foo and there is no netgroup named 'foo,' try searching for a regular user group called 'foo' and build the cache using the members of group 'foo' instead. If both a netgroup 'foo' and a user group 'foo' exist, the 'foo' netgroup takes precedence, since we're primarily interested in netgroup matching anyway. This allows access control schemes based on ordinary user groups (which are also available via NIS) rather than netgroups, since netgroups on some systems are limited in really brain-damaged ways.
|
#
353fefe3 |
|
23-Mar-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Very important sanity checks: today I clobbered all four NIS servers on my network because setnetgrent() was trying to do a lookup on group "". It seems that an attempt to do a yp_match() (and possible yp_next()) on a null or empty key causes Sun's ypserv in SunOS 4.1.3 to exit suddenly (and without warning). Our ypserv behaves badly in this situation too, thoush it doesn't appear to crash. In any event, getpwent, getnetgrent and yp_match() and yp_next() are now extra careful not to accidentally pass on null or empty arguments. Also made a small change to getpwent.c to allow +::::::::: wildcarding, which I had disabled previously.
|
#
5f115c9d |
|
23-Mar-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Lots of fixes/improvements in the +user substitution handling: - Have the +@netgroup/-@netgroup caches handle the +user/-user cases too. - Clean up getpwent() to take advantage of the improved +user/-user handling.
|
#
89395683 |
|
22-Mar-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Small cleanups: - Prepend a '_' to a couple of things - Make sure YP is enabled in _createcaches() - Remove a couple of unused/uneeded variables from _createcaches()
|
#
9531ca93 |
|
22-Mar-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Phew! Done at last: getpwent now understands +@netgroup/-@netgroup directives in addition to the existing NIS substitutions. I may tweak this a bit in the future, but the important stuff is all here.
|
#
d66efc62 |
|
04-Feb-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Collapsed _masterpw_breakout_yp() and _pw_breakout_yp() into a single function.
|
#
a393cc06 |
|
02-Feb-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Fixed a rather serious bug that presents itself when FreeBSD is configured as an NIS client. The pw_breakout_yp routines that are used to populate the _pw_passwd structire only do anything if the bits in the pw_fields member _pw_passwd are cleared. Unfortunately, we can get into a state where pw_fields has garbage in it right before the YP lookup functions are called, which causes the breakout functions to screw up in a big way. Here's how to duplicate the problem: - Configure FreeBSD as an NIS client - Log in as a user who's password database records reside only in the NIS passwd maps. - Type ps -aux Result: your processes appear to be owned by 'root' or 'deamon.' /bin/ls can exhibit the same problem. The reason this happens: - When ps(1) needs to match a username to a UID, it calls getpwuid(). - root is in the local password file, so getpwuid() calls __hashpw() and __hashpw() populates the _pw_passwd struct, including the pw_fields member. This happens before NIS lookups take place because, by coincidence, ps(1) tends to display processes owned by root before it happens upon a proccess owned by you. - When your UID comes up, __hashpw() fails to find your entry in the local password database, so it bails out, BUT THE BITS IN THE pw_fields STRUCTURE OF _pw_passwd ARE NEVER CLEARED AND STILL CONTAIN INFORMATION FROM THE PREVIOUS CALL TO __hash_pw()!! - If we have NIS enabled, the NIS lookup functions are called. - The pw_breakout_yp routines see that the pw_fields bits are set and decline to place the data retrieved from the NIS passwd maps into the _pw_passwd structure. - getpwuid() returns the results of the last __hashpw() lookup instead of the valid NIS data. - Hijinxs ensue when user_from_uid() caches this bogus information and starts handing out the wrong usernames. AAAARRRRRRRRRGGGGGGHHHHHHHHHH!!! *Please* don't tell me I'm the only person to have noticed this. Fixed by having __hashpw() check the state of pw_fields just before bailing out on a failed lookup and clearing away any leftover garbage. What a fun way to spend an afternoon.
|
#
320ce7b7 |
|
01-Feb-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Fix for that last fix... pass the hat. :)
|
#
c768efa1 |
|
01-Feb-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Small fix to _getyppass(): sometimes we can construct the wrong mapname when looking for master.passwd.whatever.
|
#
d0ef6688 |
|
31-Jan-1995 |
Bill Paul <wpaul@FreeBSD.org> |
Some changes for YP password map handling: - FreeBSD's NIS server can supply a master.passwd map, which has more fields in it than a standard passwd map, so we need a _master_pw_breakout() fuction. - When doing passwd map lookups, look for master.passwd.* by attempting a _yp_first() on master.passwd.byname. If it exists, we're being served by a FreeBSD NIS server and we should use this map. - If we aren't the superuser, retrieve only the standard passwd maps. If we're being served by a FreeBSD system, then the passwd map has no passwords in it, and it won't serve us the master.passwd map unless we're superuser anyway. There's a small speed hit for the superuser inherent in the check for the master.passwd map, but this lets us dynamically decide what to do rather than rely on a non-standard config file somewhere. Since all of this is bypassed for normal users, they shouldn't notice the difference.
|
#
bb38a730 |
|
19-Jan-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Fix unbalanced #endif introduced by yesterday's change.
|
#
c7da24dd |
|
17-Jan-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Prevent sites from shooting themselves in the foot while enabling/disabling YP by disallowing `+' entries as logins in all cases. (This handles the case of a `+' entry in the password file but YP not running, which should never happen but is easy enough to check for so we'll apply some prophylaxis.)
|
#
468bb86a |
|
20-Sep-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Second half of YP security hole fix. Needs updated password database in order to operate.
|
#
d5b7518d |
|
19-Sep-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Re-implement YP password file support from scratch. This implementation correctly handles +user entries and + entries with local overrides.
|
#
58f0484f |
|
26-May-1994 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
BSD 4.4 Lite Lib Sources
|