#
1.68 |
|
22-Jan-2024 |
deraadt |
I forgot that chpass(1) and passwd(1) reach-around into libc for getpwent.c (isn't it horrible), and therefore lack visibility of the the libc-internal __hash_open() function. Use -DFORCE_DBOPEN in chpass/Makefile and passwd/Makefile and adjust getpwent.c to use the external visible interface. Is there a better way?
|
#
1.67 |
|
22-Jan-2024 |
deraadt |
getpwnam(3) uses dbopen(3), which pulls all 3 database backends into static binaries. If we call libc-private __hash_open() instead, it results in a ~40K reduction in many static binaries. ok millert
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.66 |
|
02-Aug-2022 |
deraadt |
1) The yp_bind/yp_unbind and internal _yp_dobind/_yp_unbind sequences shared dom_binding structs between threads, which is unsafe -- example, dom_vers signalled retry events, and structs+socket would get deallocated in _yp_unbind. Change all yp_first (and similar) functions to understand that _yp_dobind now provides a private dom_binding and socket, which must be released using _yp_unbind. Use similar methods in the one-step yp_all function. 2) domainname caching in get* is not neccessary now that the domainname cannot change relative to ypconnect(2)'s decisions. Many fields in dom_binding struct become unused, so delete them. ok jmatthew, also tested by miod
|
#
1.65 |
|
17-Jul-2022 |
deraadt |
since yp_bind() and yp_all() don't use open, fstat, read, socket, and other rich system calls to perform YP/LDAP lookups, there is no need to access() /var/run/ypbind.lock to "hint" to pledge that it should open up those system calls. ok jmatthew, miod
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.64 |
|
07-Dec-2021 |
deraadt |
The ypproto buffer (which supports + lines in master.passwd) was correct length for maximum amount of strings, but forgot about the struct passwd taken from the start, and it isn't clear if the missing non-string elements cover for that shortage. It would require misconfiguration by root to exceed the buffer. As well, the strings don't need to be aligned, and thus sys/param.h isn't needed for ALIGN() ok millert
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.63 |
|
02-Jul-2019 |
deraadt |
The "always hint that getpw operation is happening with access() the YP lock file" would trash errno, creating confusion. One instance found by richardipsum@fastmail, other two identified from original commit ok millert
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.62 |
|
21-Aug-2018 |
millert |
Use an mmap()'d buffer instead of a static buffer for the contents of the pointer returned by getpw{ent,nam,uid}(). We unmap the buffer each time to catch callers using a stale passwd struct pointer. As a special case, we do not unmap the buffer if the previous lookup was for the same name or uid. This special case may be removed in the future. OK deraadt@
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
07-May-2016 |
tedu |
stop opening the shadow database by default. only programs that request it via the _shadow functions will open now, preventing some programs running as root from accidentally loading password hashes it into their memory. ok deraadt
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.60 |
|
28-Dec-2015 |
mmcc |
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
#
1.59 |
|
01-Dec-2015 |
deraadt |
modify getpw*(), getgr*(), and getgrouplist() functions to access the YP lock file unconditionally. This hints to the kernel that a "getpw" operation is happening, even in the non-YP case. This looks like a gruesome hack, but helps refine the ways these functions are called and mandates the right pledge requests. Once the tree is fully annotated we will know better how to improve the backing store management. ok semarie espie beck
|
#
1.58 |
|
24-Nov-2015 |
millert |
Use reentrant versions of getpw{nam,uid} and getgr{nam,gid} within libc to avoid reusing the static buffers returned by the non-reentrant versions. Since this is inside libc we can use constants for the buffer sizes instead of having to call sysconf(). OK guenther@ deraadt@
|
#
1.57 |
|
18-Nov-2015 |
tedu |
Add _shadow variants to the two popular getpw functions (uid and nam). This version of the function will always open the secure/shadow/master password files. Soon, the regular variants of these functions will not. (Intermixing shadow and regular gets a little weird; don't do that.) Not using struct spwd and getspwnam functions to reduce churn in callers. Should just be a one line diff in most places. ok deraadt
|
#
1.56 |
|
14-Sep-2015 |
tedu |
remove null check before free. from Michael McConville ok semarie
|
#
1.55 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.54 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.53 |
|
16-Jan-2015 |
deraadt |
Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.52 |
|
12-Mar-2014 |
schwarze |
Make sure that setgrent(), endgrent(), and endpwent() do not clobber errno; they might do so on open() and close() failures, but by POSIX, they are not supposed to fail. Note that ignoring failures inside setgrent() does not matter, the following getgrent() is bound to fail the same way again, anyway. If you insist on detecting open() failure, use setgroupent(), even though that is less portable. While here, remove two pointless (void) casts. ok millert@ jca@
|
#
1.51 |
|
12-Mar-2014 |
schwarze |
The functions getpw{nam,uid}_r() no longer set errno, not even if an error occurs, but of course they do return the error. This matches what getgr{nam,gid}_r() have already been doing. Original idea by kettenis@, and deraadt@ called that idea "the only sane approach". ok kettenis@ millert@
|
#
1.50 |
|
08-Mar-2014 |
schwarze |
Fix getpw{nam,uid}{,_r}() errno handling for the non-YP case. Prevent close(2) and syslog(3) from stomping on errno; from guenther@. Set ERANGE if the buf is too small, required by POSIX; from jca@. ok millert@
|
#
1.49 |
|
05-Mar-2014 |
schwarze |
Fix the return values of getpwnam_r(), getpwuid_r(), getgrnam_r(), and getgrgid_r() to agree with POSIX. Not touching errno handling yet, which will also need fixing.
Problem originally reported by william at 25thandClement dot com on bugs@. OK sthen@, and kettenis@ agrees it's "a step in the right direction".
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.48 |
|
15-Nov-2013 |
benno |
getpwnam_r() and getpwuid_r() reopen the passwd even when called with setpassent(stayopen).
Bug found and fixed by Erik Lax <erik-AT-halon-DOT-se> ok millert@ guenther@
|
#
1.47 |
|
12-Nov-2013 |
deraadt |
ANSI prototypes
|
#
1.46 |
|
15-Aug-2013 |
miod |
Align stack yp buffers to 64-bit boundaries now, for they might contain a struct passwd. ok deraadt@ guenther@ kettenis@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.45 |
|
21-Mar-2013 |
deraadt |
Do not need machine/param.h
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.44 |
|
07-Jan-2013 |
deraadt |
use a size_t instead of an int to avoid signed compare spotted by Ilja Van Sprundel ok millert
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.43 |
|
05-Sep-2011 |
guenther |
Preserve errno across calls to open the password database(s), so that errno isn't changed when a normal user (who can't open spwd.db) does a lookup.
Problem pointed out by Tim van der Molen (tbvdm at xs4all.nl)
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.42 |
|
21-Nov-2009 |
chl |
remove unused variable
ok deraadt@
|
#
1.41 |
|
12-Nov-2009 |
deraadt |
simplify the code looking for + in the password database, after analysis of a false positive made by parfait; ok millert
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.40 |
|
03-Jun-2009 |
schwarze |
Take advantage of the surprise libc bump to bring in YP group(5) exclusion, i.e. support -groupname:*:: in /etc/group. Such groups will be excluded from later +:*::, in just the same was as it is already done for passwd(5). I have been running this since the autumn of 2008. Discussed with several (including deraadt@, millert@, jmc@).
|
#
1.39 |
|
27-Mar-2009 |
schwarze |
getgrouplist: If YP is #defined and enabled in /etc/group(5) and /etc/netid(5) contains a matching entry, use that and refrain from accessing YP. getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed out by deraadt@: When YP was configured but temporarily unavailable, even root login would block, hindering you when trying to do repairs. To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@. "commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.38 |
|
23-Jul-2008 |
deraadt |
Avoid an occasional double free in getpwent() which corrupted memory. It happened only in the case of a + record indicating to use YP, but with ypbind not actually running. Problem found by pyr; solution found with millert ok millert pyr
|
#
1.37 |
|
06-Jul-2008 |
deraadt |
oops, fix getpwent() use of wrong buffers found by alexander.schrijver
|
#
1.36 |
|
25-Jun-2008 |
millert |
Add _PW_BUF_LEN define and use it instead of hard-coding 1024 for the buffer size. OK deraadt@
|
#
1.35 |
|
24-Jun-2008 |
deraadt |
implement getpwnam_r() and getpwuid_r() -- very nearly a rewrite of the entire file. much help from kurt, and tested by many
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
08-Aug-2005 |
espie |
zap remaining rcsid.
Kill old files that are no longer compiled.
okay theo
|
#
1.33 |
|
25-Mar-2005 |
otto |
deregister (and deauto!). ok millert@ marco@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
18-May-2004 |
jfb |
ansify function definitions and zap some `register'
ok millert@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.31 |
|
25-Jun-2003 |
deraadt |
protos
|
#
1.30 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.29 |
|
01-May-2003 |
avsm |
add missing enumeration case to select to kill gcc warning millert@ ok
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.28 |
|
21-Nov-2002 |
millert |
Add a "shadow" group and make the shadow passwd db readable by that group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@
If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.27 |
|
06-Jul-2002 |
deraadt |
KNF
|
#
1.26 |
|
06-Jul-2002 |
deraadt |
cope better if realloc fails; better fix than cloder@acm.org
|
#
1.25 |
|
24-May-2002 |
deraadt |
try to use strlcpy and snprintf more; ok various
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.24 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.23 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.22 |
|
10-Jul-2001 |
deraadt |
put another YP-only piece inside the ifdef
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.21 |
|
13-Feb-2001 |
pjanzen |
Avoid theoretical potential buffer overflow
|
#
1.20 |
|
31-Jan-2001 |
deraadt |
move utmp to large format, usernames to 32 chars; downsj
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.19 |
|
25-Apr-2000 |
deraadt |
well if you cannot do a libc commit properly a week before 2.7 tree lock, surely it can wait till after 2.7
|
#
1.18 |
|
25-Apr-2000 |
d |
getpw*_r()
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
15-Sep-1999 |
deraadt |
redo master.passwd.byname check if either the uid or euid changes, this was a case of bad caching; peter and I
|
#
1.16 |
|
14-Sep-1999 |
deraadt |
indent
|
#
1.15 |
|
03-Sep-1999 |
millert |
Use strtol() and strtoul() instead of atoi(). This allows us to catch errors reasonably and deal correctly with unsigned quantities.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.14 |
|
14-Aug-1998 |
deraadt |
realloc repair
|
#
1.13 |
|
14-Jul-1998 |
deraadt |
avoid calling __has_yppw() everytime through getpwent(), by caching the YP status along with the open file status
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.12 |
|
18-Dec-1997 |
deraadt |
handle long usernames more carefully
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.10 |
|
18-Apr-1997 |
deraadt |
constrain length of db lookups better; reported by adam@math.tau.ac.il
|
#
1.9 |
|
13-Apr-1997 |
deraadt |
buf oflow; bitblt
|
#
1.8 |
|
16-Oct-1996 |
downsj |
kill __yp_token, other clean ups.
|
#
1.7 |
|
15-Oct-1996 |
downsj |
* optimal exclusions support -- don't waste memory with DB. assumes exclusions lists are typically small. * move YP_OVERRIDE_PASSWD to a static var. needs some way for the system to set this. * clean up variable names and some code. * invisibly support FreeBSD ypserv running in "secure" mode.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
16-Sep-1996 |
millert |
uid_t is now a u_int32_t, treat it as such.
|
#
1.5 |
|
15-Sep-1996 |
tholo |
Add a couple of syscalls; bring more prototypes into scope
|
#
1.4 |
|
15-Sep-1996 |
tholo |
Remove dead code Remove unused variables Silence some warnings lint(1) is your friend
|
#
1.3 |
|
19-Aug-1996 |
tholo |
Fix RCS ids Make sure everything uses {SYS,}LIBC_SCCS properly
|
#
1.2 |
|
24-Apr-1996 |
deraadt |
yp_prot.h lies -> use yp.h (from yp.x) instead, change lots of structure accesses to match. change xdr_domainname() and some other functions to take "char **" instead of "char *", as rpcgen intended -- helps programs linking against rpcgen output of yp.x. yp_all() should not free it's return value. split xdryp.c and yplib.c into ~20 files so binaries like "csh" need not link in functions like yp_maplist(). NIS+'s YP emulation code lacks YPPROC_ORDER... attempt to deal nicely.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.66 |
|
02-Aug-2022 |
deraadt |
1) The yp_bind/yp_unbind and internal _yp_dobind/_yp_unbind sequences shared dom_binding structs between threads, which is unsafe -- example, dom_vers signalled retry events, and structs+socket would get deallocated in _yp_unbind. Change all yp_first (and similar) functions to understand that _yp_dobind now provides a private dom_binding and socket, which must be released using _yp_unbind. Use similar methods in the one-step yp_all function. 2) domainname caching in get* is not neccessary now that the domainname cannot change relative to ypconnect(2)'s decisions. Many fields in dom_binding struct become unused, so delete them. ok jmatthew, also tested by miod
|
#
1.65 |
|
17-Jul-2022 |
deraadt |
since yp_bind() and yp_all() don't use open, fstat, read, socket, and other rich system calls to perform YP/LDAP lookups, there is no need to access() /var/run/ypbind.lock to "hint" to pledge that it should open up those system calls. ok jmatthew, miod
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.64 |
|
07-Dec-2021 |
deraadt |
The ypproto buffer (which supports + lines in master.passwd) was correct length for maximum amount of strings, but forgot about the struct passwd taken from the start, and it isn't clear if the missing non-string elements cover for that shortage. It would require misconfiguration by root to exceed the buffer. As well, the strings don't need to be aligned, and thus sys/param.h isn't needed for ALIGN() ok millert
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.63 |
|
02-Jul-2019 |
deraadt |
The "always hint that getpw operation is happening with access() the YP lock file" would trash errno, creating confusion. One instance found by richardipsum@fastmail, other two identified from original commit ok millert
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.62 |
|
21-Aug-2018 |
millert |
Use an mmap()'d buffer instead of a static buffer for the contents of the pointer returned by getpw{ent,nam,uid}(). We unmap the buffer each time to catch callers using a stale passwd struct pointer. As a special case, we do not unmap the buffer if the previous lookup was for the same name or uid. This special case may be removed in the future. OK deraadt@
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
07-May-2016 |
tedu |
stop opening the shadow database by default. only programs that request it via the _shadow functions will open now, preventing some programs running as root from accidentally loading password hashes it into their memory. ok deraadt
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.60 |
|
28-Dec-2015 |
mmcc |
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
#
1.59 |
|
01-Dec-2015 |
deraadt |
modify getpw*(), getgr*(), and getgrouplist() functions to access the YP lock file unconditionally. This hints to the kernel that a "getpw" operation is happening, even in the non-YP case. This looks like a gruesome hack, but helps refine the ways these functions are called and mandates the right pledge requests. Once the tree is fully annotated we will know better how to improve the backing store management. ok semarie espie beck
|
#
1.58 |
|
24-Nov-2015 |
millert |
Use reentrant versions of getpw{nam,uid} and getgr{nam,gid} within libc to avoid reusing the static buffers returned by the non-reentrant versions. Since this is inside libc we can use constants for the buffer sizes instead of having to call sysconf(). OK guenther@ deraadt@
|
#
1.57 |
|
18-Nov-2015 |
tedu |
Add _shadow variants to the two popular getpw functions (uid and nam). This version of the function will always open the secure/shadow/master password files. Soon, the regular variants of these functions will not. (Intermixing shadow and regular gets a little weird; don't do that.) Not using struct spwd and getspwnam functions to reduce churn in callers. Should just be a one line diff in most places. ok deraadt
|
#
1.56 |
|
14-Sep-2015 |
tedu |
remove null check before free. from Michael McConville ok semarie
|
#
1.55 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.54 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.53 |
|
16-Jan-2015 |
deraadt |
Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.52 |
|
12-Mar-2014 |
schwarze |
Make sure that setgrent(), endgrent(), and endpwent() do not clobber errno; they might do so on open() and close() failures, but by POSIX, they are not supposed to fail. Note that ignoring failures inside setgrent() does not matter, the following getgrent() is bound to fail the same way again, anyway. If you insist on detecting open() failure, use setgroupent(), even though that is less portable. While here, remove two pointless (void) casts. ok millert@ jca@
|
#
1.51 |
|
12-Mar-2014 |
schwarze |
The functions getpw{nam,uid}_r() no longer set errno, not even if an error occurs, but of course they do return the error. This matches what getgr{nam,gid}_r() have already been doing. Original idea by kettenis@, and deraadt@ called that idea "the only sane approach". ok kettenis@ millert@
|
#
1.50 |
|
08-Mar-2014 |
schwarze |
Fix getpw{nam,uid}{,_r}() errno handling for the non-YP case. Prevent close(2) and syslog(3) from stomping on errno; from guenther@. Set ERANGE if the buf is too small, required by POSIX; from jca@. ok millert@
|
#
1.49 |
|
05-Mar-2014 |
schwarze |
Fix the return values of getpwnam_r(), getpwuid_r(), getgrnam_r(), and getgrgid_r() to agree with POSIX. Not touching errno handling yet, which will also need fixing.
Problem originally reported by william at 25thandClement dot com on bugs@. OK sthen@, and kettenis@ agrees it's "a step in the right direction".
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.48 |
|
15-Nov-2013 |
benno |
getpwnam_r() and getpwuid_r() reopen the passwd even when called with setpassent(stayopen).
Bug found and fixed by Erik Lax <erik-AT-halon-DOT-se> ok millert@ guenther@
|
#
1.47 |
|
12-Nov-2013 |
deraadt |
ANSI prototypes
|
#
1.46 |
|
15-Aug-2013 |
miod |
Align stack yp buffers to 64-bit boundaries now, for they might contain a struct passwd. ok deraadt@ guenther@ kettenis@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.45 |
|
21-Mar-2013 |
deraadt |
Do not need machine/param.h
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.44 |
|
07-Jan-2013 |
deraadt |
use a size_t instead of an int to avoid signed compare spotted by Ilja Van Sprundel ok millert
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.43 |
|
05-Sep-2011 |
guenther |
Preserve errno across calls to open the password database(s), so that errno isn't changed when a normal user (who can't open spwd.db) does a lookup.
Problem pointed out by Tim van der Molen (tbvdm at xs4all.nl)
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.42 |
|
21-Nov-2009 |
chl |
remove unused variable
ok deraadt@
|
#
1.41 |
|
12-Nov-2009 |
deraadt |
simplify the code looking for + in the password database, after analysis of a false positive made by parfait; ok millert
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.40 |
|
03-Jun-2009 |
schwarze |
Take advantage of the surprise libc bump to bring in YP group(5) exclusion, i.e. support -groupname:*:: in /etc/group. Such groups will be excluded from later +:*::, in just the same was as it is already done for passwd(5). I have been running this since the autumn of 2008. Discussed with several (including deraadt@, millert@, jmc@).
|
#
1.39 |
|
27-Mar-2009 |
schwarze |
getgrouplist: If YP is #defined and enabled in /etc/group(5) and /etc/netid(5) contains a matching entry, use that and refrain from accessing YP. getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed out by deraadt@: When YP was configured but temporarily unavailable, even root login would block, hindering you when trying to do repairs. To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@. "commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.38 |
|
23-Jul-2008 |
deraadt |
Avoid an occasional double free in getpwent() which corrupted memory. It happened only in the case of a + record indicating to use YP, but with ypbind not actually running. Problem found by pyr; solution found with millert ok millert pyr
|
#
1.37 |
|
06-Jul-2008 |
deraadt |
oops, fix getpwent() use of wrong buffers found by alexander.schrijver
|
#
1.36 |
|
25-Jun-2008 |
millert |
Add _PW_BUF_LEN define and use it instead of hard-coding 1024 for the buffer size. OK deraadt@
|
#
1.35 |
|
24-Jun-2008 |
deraadt |
implement getpwnam_r() and getpwuid_r() -- very nearly a rewrite of the entire file. much help from kurt, and tested by many
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
08-Aug-2005 |
espie |
zap remaining rcsid.
Kill old files that are no longer compiled.
okay theo
|
#
1.33 |
|
25-Mar-2005 |
otto |
deregister (and deauto!). ok millert@ marco@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
18-May-2004 |
jfb |
ansify function definitions and zap some `register'
ok millert@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.31 |
|
25-Jun-2003 |
deraadt |
protos
|
#
1.30 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.29 |
|
01-May-2003 |
avsm |
add missing enumeration case to select to kill gcc warning millert@ ok
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.28 |
|
21-Nov-2002 |
millert |
Add a "shadow" group and make the shadow passwd db readable by that group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@
If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.27 |
|
06-Jul-2002 |
deraadt |
KNF
|
#
1.26 |
|
06-Jul-2002 |
deraadt |
cope better if realloc fails; better fix than cloder@acm.org
|
#
1.25 |
|
24-May-2002 |
deraadt |
try to use strlcpy and snprintf more; ok various
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.24 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.23 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.22 |
|
10-Jul-2001 |
deraadt |
put another YP-only piece inside the ifdef
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.21 |
|
13-Feb-2001 |
pjanzen |
Avoid theoretical potential buffer overflow
|
#
1.20 |
|
31-Jan-2001 |
deraadt |
move utmp to large format, usernames to 32 chars; downsj
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.19 |
|
25-Apr-2000 |
deraadt |
well if you cannot do a libc commit properly a week before 2.7 tree lock, surely it can wait till after 2.7
|
#
1.18 |
|
25-Apr-2000 |
d |
getpw*_r()
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
15-Sep-1999 |
deraadt |
redo master.passwd.byname check if either the uid or euid changes, this was a case of bad caching; peter and I
|
#
1.16 |
|
14-Sep-1999 |
deraadt |
indent
|
#
1.15 |
|
03-Sep-1999 |
millert |
Use strtol() and strtoul() instead of atoi(). This allows us to catch errors reasonably and deal correctly with unsigned quantities.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.14 |
|
14-Aug-1998 |
deraadt |
realloc repair
|
#
1.13 |
|
14-Jul-1998 |
deraadt |
avoid calling __has_yppw() everytime through getpwent(), by caching the YP status along with the open file status
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.12 |
|
18-Dec-1997 |
deraadt |
handle long usernames more carefully
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.10 |
|
18-Apr-1997 |
deraadt |
constrain length of db lookups better; reported by adam@math.tau.ac.il
|
#
1.9 |
|
13-Apr-1997 |
deraadt |
buf oflow; bitblt
|
#
1.8 |
|
16-Oct-1996 |
downsj |
kill __yp_token, other clean ups.
|
#
1.7 |
|
15-Oct-1996 |
downsj |
* optimal exclusions support -- don't waste memory with DB. assumes exclusions lists are typically small. * move YP_OVERRIDE_PASSWD to a static var. needs some way for the system to set this. * clean up variable names and some code. * invisibly support FreeBSD ypserv running in "secure" mode.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
16-Sep-1996 |
millert |
uid_t is now a u_int32_t, treat it as such.
|
#
1.5 |
|
15-Sep-1996 |
tholo |
Add a couple of syscalls; bring more prototypes into scope
|
#
1.4 |
|
15-Sep-1996 |
tholo |
Remove dead code Remove unused variables Silence some warnings lint(1) is your friend
|
#
1.3 |
|
19-Aug-1996 |
tholo |
Fix RCS ids Make sure everything uses {SYS,}LIBC_SCCS properly
|
#
1.2 |
|
24-Apr-1996 |
deraadt |
yp_prot.h lies -> use yp.h (from yp.x) instead, change lots of structure accesses to match. change xdr_domainname() and some other functions to take "char **" instead of "char *", as rpcgen intended -- helps programs linking against rpcgen output of yp.x. yp_all() should not free it's return value. split xdryp.c and yplib.c into ~20 files so binaries like "csh" need not link in functions like yp_maplist(). NIS+'s YP emulation code lacks YPPROC_ORDER... attempt to deal nicely.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.65 |
|
17-Jul-2022 |
deraadt |
since yp_bind() and yp_all() don't use open, fstat, read, socket, and other rich system calls to perform YP/LDAP lookups, there is no need to access() /var/run/ypbind.lock to "hint" to pledge that it should open up those system calls. ok jmatthew, miod
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.64 |
|
07-Dec-2021 |
deraadt |
The ypproto buffer (which supports + lines in master.passwd) was correct length for maximum amount of strings, but forgot about the struct passwd taken from the start, and it isn't clear if the missing non-string elements cover for that shortage. It would require misconfiguration by root to exceed the buffer. As well, the strings don't need to be aligned, and thus sys/param.h isn't needed for ALIGN() ok millert
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.63 |
|
02-Jul-2019 |
deraadt |
The "always hint that getpw operation is happening with access() the YP lock file" would trash errno, creating confusion. One instance found by richardipsum@fastmail, other two identified from original commit ok millert
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.62 |
|
21-Aug-2018 |
millert |
Use an mmap()'d buffer instead of a static buffer for the contents of the pointer returned by getpw{ent,nam,uid}(). We unmap the buffer each time to catch callers using a stale passwd struct pointer. As a special case, we do not unmap the buffer if the previous lookup was for the same name or uid. This special case may be removed in the future. OK deraadt@
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
07-May-2016 |
tedu |
stop opening the shadow database by default. only programs that request it via the _shadow functions will open now, preventing some programs running as root from accidentally loading password hashes it into their memory. ok deraadt
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.60 |
|
28-Dec-2015 |
mmcc |
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
#
1.59 |
|
01-Dec-2015 |
deraadt |
modify getpw*(), getgr*(), and getgrouplist() functions to access the YP lock file unconditionally. This hints to the kernel that a "getpw" operation is happening, even in the non-YP case. This looks like a gruesome hack, but helps refine the ways these functions are called and mandates the right pledge requests. Once the tree is fully annotated we will know better how to improve the backing store management. ok semarie espie beck
|
#
1.58 |
|
24-Nov-2015 |
millert |
Use reentrant versions of getpw{nam,uid} and getgr{nam,gid} within libc to avoid reusing the static buffers returned by the non-reentrant versions. Since this is inside libc we can use constants for the buffer sizes instead of having to call sysconf(). OK guenther@ deraadt@
|
#
1.57 |
|
18-Nov-2015 |
tedu |
Add _shadow variants to the two popular getpw functions (uid and nam). This version of the function will always open the secure/shadow/master password files. Soon, the regular variants of these functions will not. (Intermixing shadow and regular gets a little weird; don't do that.) Not using struct spwd and getspwnam functions to reduce churn in callers. Should just be a one line diff in most places. ok deraadt
|
#
1.56 |
|
14-Sep-2015 |
tedu |
remove null check before free. from Michael McConville ok semarie
|
#
1.55 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.54 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.53 |
|
16-Jan-2015 |
deraadt |
Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.52 |
|
12-Mar-2014 |
schwarze |
Make sure that setgrent(), endgrent(), and endpwent() do not clobber errno; they might do so on open() and close() failures, but by POSIX, they are not supposed to fail. Note that ignoring failures inside setgrent() does not matter, the following getgrent() is bound to fail the same way again, anyway. If you insist on detecting open() failure, use setgroupent(), even though that is less portable. While here, remove two pointless (void) casts. ok millert@ jca@
|
#
1.51 |
|
12-Mar-2014 |
schwarze |
The functions getpw{nam,uid}_r() no longer set errno, not even if an error occurs, but of course they do return the error. This matches what getgr{nam,gid}_r() have already been doing. Original idea by kettenis@, and deraadt@ called that idea "the only sane approach". ok kettenis@ millert@
|
#
1.50 |
|
08-Mar-2014 |
schwarze |
Fix getpw{nam,uid}{,_r}() errno handling for the non-YP case. Prevent close(2) and syslog(3) from stomping on errno; from guenther@. Set ERANGE if the buf is too small, required by POSIX; from jca@. ok millert@
|
#
1.49 |
|
05-Mar-2014 |
schwarze |
Fix the return values of getpwnam_r(), getpwuid_r(), getgrnam_r(), and getgrgid_r() to agree with POSIX. Not touching errno handling yet, which will also need fixing.
Problem originally reported by william at 25thandClement dot com on bugs@. OK sthen@, and kettenis@ agrees it's "a step in the right direction".
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.48 |
|
15-Nov-2013 |
benno |
getpwnam_r() and getpwuid_r() reopen the passwd even when called with setpassent(stayopen).
Bug found and fixed by Erik Lax <erik-AT-halon-DOT-se> ok millert@ guenther@
|
#
1.47 |
|
12-Nov-2013 |
deraadt |
ANSI prototypes
|
#
1.46 |
|
15-Aug-2013 |
miod |
Align stack yp buffers to 64-bit boundaries now, for they might contain a struct passwd. ok deraadt@ guenther@ kettenis@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.45 |
|
21-Mar-2013 |
deraadt |
Do not need machine/param.h
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.44 |
|
07-Jan-2013 |
deraadt |
use a size_t instead of an int to avoid signed compare spotted by Ilja Van Sprundel ok millert
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.43 |
|
05-Sep-2011 |
guenther |
Preserve errno across calls to open the password database(s), so that errno isn't changed when a normal user (who can't open spwd.db) does a lookup.
Problem pointed out by Tim van der Molen (tbvdm at xs4all.nl)
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.42 |
|
21-Nov-2009 |
chl |
remove unused variable
ok deraadt@
|
#
1.41 |
|
12-Nov-2009 |
deraadt |
simplify the code looking for + in the password database, after analysis of a false positive made by parfait; ok millert
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.40 |
|
03-Jun-2009 |
schwarze |
Take advantage of the surprise libc bump to bring in YP group(5) exclusion, i.e. support -groupname:*:: in /etc/group. Such groups will be excluded from later +:*::, in just the same was as it is already done for passwd(5). I have been running this since the autumn of 2008. Discussed with several (including deraadt@, millert@, jmc@).
|
#
1.39 |
|
27-Mar-2009 |
schwarze |
getgrouplist: If YP is #defined and enabled in /etc/group(5) and /etc/netid(5) contains a matching entry, use that and refrain from accessing YP. getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed out by deraadt@: When YP was configured but temporarily unavailable, even root login would block, hindering you when trying to do repairs. To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@. "commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.38 |
|
23-Jul-2008 |
deraadt |
Avoid an occasional double free in getpwent() which corrupted memory. It happened only in the case of a + record indicating to use YP, but with ypbind not actually running. Problem found by pyr; solution found with millert ok millert pyr
|
#
1.37 |
|
06-Jul-2008 |
deraadt |
oops, fix getpwent() use of wrong buffers found by alexander.schrijver
|
#
1.36 |
|
25-Jun-2008 |
millert |
Add _PW_BUF_LEN define and use it instead of hard-coding 1024 for the buffer size. OK deraadt@
|
#
1.35 |
|
24-Jun-2008 |
deraadt |
implement getpwnam_r() and getpwuid_r() -- very nearly a rewrite of the entire file. much help from kurt, and tested by many
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
08-Aug-2005 |
espie |
zap remaining rcsid.
Kill old files that are no longer compiled.
okay theo
|
#
1.33 |
|
25-Mar-2005 |
otto |
deregister (and deauto!). ok millert@ marco@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
18-May-2004 |
jfb |
ansify function definitions and zap some `register'
ok millert@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.31 |
|
25-Jun-2003 |
deraadt |
protos
|
#
1.30 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.29 |
|
01-May-2003 |
avsm |
add missing enumeration case to select to kill gcc warning millert@ ok
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.28 |
|
21-Nov-2002 |
millert |
Add a "shadow" group and make the shadow passwd db readable by that group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@
If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.27 |
|
06-Jul-2002 |
deraadt |
KNF
|
#
1.26 |
|
06-Jul-2002 |
deraadt |
cope better if realloc fails; better fix than cloder@acm.org
|
#
1.25 |
|
24-May-2002 |
deraadt |
try to use strlcpy and snprintf more; ok various
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.24 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.23 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.22 |
|
10-Jul-2001 |
deraadt |
put another YP-only piece inside the ifdef
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.21 |
|
13-Feb-2001 |
pjanzen |
Avoid theoretical potential buffer overflow
|
#
1.20 |
|
31-Jan-2001 |
deraadt |
move utmp to large format, usernames to 32 chars; downsj
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.19 |
|
25-Apr-2000 |
deraadt |
well if you cannot do a libc commit properly a week before 2.7 tree lock, surely it can wait till after 2.7
|
#
1.18 |
|
25-Apr-2000 |
d |
getpw*_r()
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
15-Sep-1999 |
deraadt |
redo master.passwd.byname check if either the uid or euid changes, this was a case of bad caching; peter and I
|
#
1.16 |
|
14-Sep-1999 |
deraadt |
indent
|
#
1.15 |
|
03-Sep-1999 |
millert |
Use strtol() and strtoul() instead of atoi(). This allows us to catch errors reasonably and deal correctly with unsigned quantities.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.14 |
|
14-Aug-1998 |
deraadt |
realloc repair
|
#
1.13 |
|
14-Jul-1998 |
deraadt |
avoid calling __has_yppw() everytime through getpwent(), by caching the YP status along with the open file status
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.12 |
|
18-Dec-1997 |
deraadt |
handle long usernames more carefully
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.10 |
|
18-Apr-1997 |
deraadt |
constrain length of db lookups better; reported by adam@math.tau.ac.il
|
#
1.9 |
|
13-Apr-1997 |
deraadt |
buf oflow; bitblt
|
#
1.8 |
|
16-Oct-1996 |
downsj |
kill __yp_token, other clean ups.
|
#
1.7 |
|
15-Oct-1996 |
downsj |
* optimal exclusions support -- don't waste memory with DB. assumes exclusions lists are typically small. * move YP_OVERRIDE_PASSWD to a static var. needs some way for the system to set this. * clean up variable names and some code. * invisibly support FreeBSD ypserv running in "secure" mode.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
16-Sep-1996 |
millert |
uid_t is now a u_int32_t, treat it as such.
|
#
1.5 |
|
15-Sep-1996 |
tholo |
Add a couple of syscalls; bring more prototypes into scope
|
#
1.4 |
|
15-Sep-1996 |
tholo |
Remove dead code Remove unused variables Silence some warnings lint(1) is your friend
|
#
1.3 |
|
19-Aug-1996 |
tholo |
Fix RCS ids Make sure everything uses {SYS,}LIBC_SCCS properly
|
#
1.2 |
|
24-Apr-1996 |
deraadt |
yp_prot.h lies -> use yp.h (from yp.x) instead, change lots of structure accesses to match. change xdr_domainname() and some other functions to take "char **" instead of "char *", as rpcgen intended -- helps programs linking against rpcgen output of yp.x. yp_all() should not free it's return value. split xdryp.c and yplib.c into ~20 files so binaries like "csh" need not link in functions like yp_maplist(). NIS+'s YP emulation code lacks YPPROC_ORDER... attempt to deal nicely.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.64 |
|
07-Dec-2021 |
deraadt |
The ypproto buffer (which supports + lines in master.passwd) was correct length for maximum amount of strings, but forgot about the struct passwd taken from the start, and it isn't clear if the missing non-string elements cover for that shortage. It would require misconfiguration by root to exceed the buffer. As well, the strings don't need to be aligned, and thus sys/param.h isn't needed for ALIGN() ok millert
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.63 |
|
02-Jul-2019 |
deraadt |
The "always hint that getpw operation is happening with access() the YP lock file" would trash errno, creating confusion. One instance found by richardipsum@fastmail, other two identified from original commit ok millert
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.62 |
|
21-Aug-2018 |
millert |
Use an mmap()'d buffer instead of a static buffer for the contents of the pointer returned by getpw{ent,nam,uid}(). We unmap the buffer each time to catch callers using a stale passwd struct pointer. As a special case, we do not unmap the buffer if the previous lookup was for the same name or uid. This special case may be removed in the future. OK deraadt@
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
07-May-2016 |
tedu |
stop opening the shadow database by default. only programs that request it via the _shadow functions will open now, preventing some programs running as root from accidentally loading password hashes it into their memory. ok deraadt
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.60 |
|
28-Dec-2015 |
mmcc |
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
#
1.59 |
|
01-Dec-2015 |
deraadt |
modify getpw*(), getgr*(), and getgrouplist() functions to access the YP lock file unconditionally. This hints to the kernel that a "getpw" operation is happening, even in the non-YP case. This looks like a gruesome hack, but helps refine the ways these functions are called and mandates the right pledge requests. Once the tree is fully annotated we will know better how to improve the backing store management. ok semarie espie beck
|
#
1.58 |
|
24-Nov-2015 |
millert |
Use reentrant versions of getpw{nam,uid} and getgr{nam,gid} within libc to avoid reusing the static buffers returned by the non-reentrant versions. Since this is inside libc we can use constants for the buffer sizes instead of having to call sysconf(). OK guenther@ deraadt@
|
#
1.57 |
|
18-Nov-2015 |
tedu |
Add _shadow variants to the two popular getpw functions (uid and nam). This version of the function will always open the secure/shadow/master password files. Soon, the regular variants of these functions will not. (Intermixing shadow and regular gets a little weird; don't do that.) Not using struct spwd and getspwnam functions to reduce churn in callers. Should just be a one line diff in most places. ok deraadt
|
#
1.56 |
|
14-Sep-2015 |
tedu |
remove null check before free. from Michael McConville ok semarie
|
#
1.55 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.54 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.53 |
|
16-Jan-2015 |
deraadt |
Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.52 |
|
12-Mar-2014 |
schwarze |
Make sure that setgrent(), endgrent(), and endpwent() do not clobber errno; they might do so on open() and close() failures, but by POSIX, they are not supposed to fail. Note that ignoring failures inside setgrent() does not matter, the following getgrent() is bound to fail the same way again, anyway. If you insist on detecting open() failure, use setgroupent(), even though that is less portable. While here, remove two pointless (void) casts. ok millert@ jca@
|
#
1.51 |
|
12-Mar-2014 |
schwarze |
The functions getpw{nam,uid}_r() no longer set errno, not even if an error occurs, but of course they do return the error. This matches what getgr{nam,gid}_r() have already been doing. Original idea by kettenis@, and deraadt@ called that idea "the only sane approach". ok kettenis@ millert@
|
#
1.50 |
|
08-Mar-2014 |
schwarze |
Fix getpw{nam,uid}{,_r}() errno handling for the non-YP case. Prevent close(2) and syslog(3) from stomping on errno; from guenther@. Set ERANGE if the buf is too small, required by POSIX; from jca@. ok millert@
|
#
1.49 |
|
05-Mar-2014 |
schwarze |
Fix the return values of getpwnam_r(), getpwuid_r(), getgrnam_r(), and getgrgid_r() to agree with POSIX. Not touching errno handling yet, which will also need fixing.
Problem originally reported by william at 25thandClement dot com on bugs@. OK sthen@, and kettenis@ agrees it's "a step in the right direction".
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.48 |
|
15-Nov-2013 |
benno |
getpwnam_r() and getpwuid_r() reopen the passwd even when called with setpassent(stayopen).
Bug found and fixed by Erik Lax <erik-AT-halon-DOT-se> ok millert@ guenther@
|
#
1.47 |
|
12-Nov-2013 |
deraadt |
ANSI prototypes
|
#
1.46 |
|
15-Aug-2013 |
miod |
Align stack yp buffers to 64-bit boundaries now, for they might contain a struct passwd. ok deraadt@ guenther@ kettenis@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.45 |
|
21-Mar-2013 |
deraadt |
Do not need machine/param.h
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.44 |
|
07-Jan-2013 |
deraadt |
use a size_t instead of an int to avoid signed compare spotted by Ilja Van Sprundel ok millert
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.43 |
|
05-Sep-2011 |
guenther |
Preserve errno across calls to open the password database(s), so that errno isn't changed when a normal user (who can't open spwd.db) does a lookup.
Problem pointed out by Tim van der Molen (tbvdm at xs4all.nl)
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.42 |
|
21-Nov-2009 |
chl |
remove unused variable
ok deraadt@
|
#
1.41 |
|
12-Nov-2009 |
deraadt |
simplify the code looking for + in the password database, after analysis of a false positive made by parfait; ok millert
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.40 |
|
03-Jun-2009 |
schwarze |
Take advantage of the surprise libc bump to bring in YP group(5) exclusion, i.e. support -groupname:*:: in /etc/group. Such groups will be excluded from later +:*::, in just the same was as it is already done for passwd(5). I have been running this since the autumn of 2008. Discussed with several (including deraadt@, millert@, jmc@).
|
#
1.39 |
|
27-Mar-2009 |
schwarze |
getgrouplist: If YP is #defined and enabled in /etc/group(5) and /etc/netid(5) contains a matching entry, use that and refrain from accessing YP. getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed out by deraadt@: When YP was configured but temporarily unavailable, even root login would block, hindering you when trying to do repairs. To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@. "commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.38 |
|
23-Jul-2008 |
deraadt |
Avoid an occasional double free in getpwent() which corrupted memory. It happened only in the case of a + record indicating to use YP, but with ypbind not actually running. Problem found by pyr; solution found with millert ok millert pyr
|
#
1.37 |
|
06-Jul-2008 |
deraadt |
oops, fix getpwent() use of wrong buffers found by alexander.schrijver
|
#
1.36 |
|
25-Jun-2008 |
millert |
Add _PW_BUF_LEN define and use it instead of hard-coding 1024 for the buffer size. OK deraadt@
|
#
1.35 |
|
24-Jun-2008 |
deraadt |
implement getpwnam_r() and getpwuid_r() -- very nearly a rewrite of the entire file. much help from kurt, and tested by many
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
08-Aug-2005 |
espie |
zap remaining rcsid.
Kill old files that are no longer compiled.
okay theo
|
#
1.33 |
|
25-Mar-2005 |
otto |
deregister (and deauto!). ok millert@ marco@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
18-May-2004 |
jfb |
ansify function definitions and zap some `register'
ok millert@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.31 |
|
25-Jun-2003 |
deraadt |
protos
|
#
1.30 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.29 |
|
01-May-2003 |
avsm |
add missing enumeration case to select to kill gcc warning millert@ ok
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.28 |
|
21-Nov-2002 |
millert |
Add a "shadow" group and make the shadow passwd db readable by that group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@
If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.27 |
|
06-Jul-2002 |
deraadt |
KNF
|
#
1.26 |
|
06-Jul-2002 |
deraadt |
cope better if realloc fails; better fix than cloder@acm.org
|
#
1.25 |
|
24-May-2002 |
deraadt |
try to use strlcpy and snprintf more; ok various
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.24 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.23 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.22 |
|
10-Jul-2001 |
deraadt |
put another YP-only piece inside the ifdef
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.21 |
|
13-Feb-2001 |
pjanzen |
Avoid theoretical potential buffer overflow
|
#
1.20 |
|
31-Jan-2001 |
deraadt |
move utmp to large format, usernames to 32 chars; downsj
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.19 |
|
25-Apr-2000 |
deraadt |
well if you cannot do a libc commit properly a week before 2.7 tree lock, surely it can wait till after 2.7
|
#
1.18 |
|
25-Apr-2000 |
d |
getpw*_r()
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
15-Sep-1999 |
deraadt |
redo master.passwd.byname check if either the uid or euid changes, this was a case of bad caching; peter and I
|
#
1.16 |
|
14-Sep-1999 |
deraadt |
indent
|
#
1.15 |
|
03-Sep-1999 |
millert |
Use strtol() and strtoul() instead of atoi(). This allows us to catch errors reasonably and deal correctly with unsigned quantities.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.14 |
|
14-Aug-1998 |
deraadt |
realloc repair
|
#
1.13 |
|
14-Jul-1998 |
deraadt |
avoid calling __has_yppw() everytime through getpwent(), by caching the YP status along with the open file status
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.12 |
|
18-Dec-1997 |
deraadt |
handle long usernames more carefully
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.10 |
|
18-Apr-1997 |
deraadt |
constrain length of db lookups better; reported by adam@math.tau.ac.il
|
#
1.9 |
|
13-Apr-1997 |
deraadt |
buf oflow; bitblt
|
#
1.8 |
|
16-Oct-1996 |
downsj |
kill __yp_token, other clean ups.
|
#
1.7 |
|
15-Oct-1996 |
downsj |
* optimal exclusions support -- don't waste memory with DB. assumes exclusions lists are typically small. * move YP_OVERRIDE_PASSWD to a static var. needs some way for the system to set this. * clean up variable names and some code. * invisibly support FreeBSD ypserv running in "secure" mode.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
16-Sep-1996 |
millert |
uid_t is now a u_int32_t, treat it as such.
|
#
1.5 |
|
15-Sep-1996 |
tholo |
Add a couple of syscalls; bring more prototypes into scope
|
#
1.4 |
|
15-Sep-1996 |
tholo |
Remove dead code Remove unused variables Silence some warnings lint(1) is your friend
|
#
1.3 |
|
19-Aug-1996 |
tholo |
Fix RCS ids Make sure everything uses {SYS,}LIBC_SCCS properly
|
#
1.2 |
|
24-Apr-1996 |
deraadt |
yp_prot.h lies -> use yp.h (from yp.x) instead, change lots of structure accesses to match. change xdr_domainname() and some other functions to take "char **" instead of "char *", as rpcgen intended -- helps programs linking against rpcgen output of yp.x. yp_all() should not free it's return value. split xdryp.c and yplib.c into ~20 files so binaries like "csh" need not link in functions like yp_maplist(). NIS+'s YP emulation code lacks YPPROC_ORDER... attempt to deal nicely.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.63 |
|
02-Jul-2019 |
deraadt |
The "always hint that getpw operation is happening with access() the YP lock file" would trash errno, creating confusion. One instance found by richardipsum@fastmail, other two identified from original commit ok millert
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.62 |
|
21-Aug-2018 |
millert |
Use an mmap()'d buffer instead of a static buffer for the contents of the pointer returned by getpw{ent,nam,uid}(). We unmap the buffer each time to catch callers using a stale passwd struct pointer. As a special case, we do not unmap the buffer if the previous lookup was for the same name or uid. This special case may be removed in the future. OK deraadt@
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
07-May-2016 |
tedu |
stop opening the shadow database by default. only programs that request it via the _shadow functions will open now, preventing some programs running as root from accidentally loading password hashes it into their memory. ok deraadt
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.60 |
|
28-Dec-2015 |
mmcc |
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
#
1.59 |
|
01-Dec-2015 |
deraadt |
modify getpw*(), getgr*(), and getgrouplist() functions to access the YP lock file unconditionally. This hints to the kernel that a "getpw" operation is happening, even in the non-YP case. This looks like a gruesome hack, but helps refine the ways these functions are called and mandates the right pledge requests. Once the tree is fully annotated we will know better how to improve the backing store management. ok semarie espie beck
|
#
1.58 |
|
24-Nov-2015 |
millert |
Use reentrant versions of getpw{nam,uid} and getgr{nam,gid} within libc to avoid reusing the static buffers returned by the non-reentrant versions. Since this is inside libc we can use constants for the buffer sizes instead of having to call sysconf(). OK guenther@ deraadt@
|
#
1.57 |
|
18-Nov-2015 |
tedu |
Add _shadow variants to the two popular getpw functions (uid and nam). This version of the function will always open the secure/shadow/master password files. Soon, the regular variants of these functions will not. (Intermixing shadow and regular gets a little weird; don't do that.) Not using struct spwd and getspwnam functions to reduce churn in callers. Should just be a one line diff in most places. ok deraadt
|
#
1.56 |
|
14-Sep-2015 |
tedu |
remove null check before free. from Michael McConville ok semarie
|
#
1.55 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.54 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.53 |
|
16-Jan-2015 |
deraadt |
Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.52 |
|
12-Mar-2014 |
schwarze |
Make sure that setgrent(), endgrent(), and endpwent() do not clobber errno; they might do so on open() and close() failures, but by POSIX, they are not supposed to fail. Note that ignoring failures inside setgrent() does not matter, the following getgrent() is bound to fail the same way again, anyway. If you insist on detecting open() failure, use setgroupent(), even though that is less portable. While here, remove two pointless (void) casts. ok millert@ jca@
|
#
1.51 |
|
12-Mar-2014 |
schwarze |
The functions getpw{nam,uid}_r() no longer set errno, not even if an error occurs, but of course they do return the error. This matches what getgr{nam,gid}_r() have already been doing. Original idea by kettenis@, and deraadt@ called that idea "the only sane approach". ok kettenis@ millert@
|
#
1.50 |
|
08-Mar-2014 |
schwarze |
Fix getpw{nam,uid}{,_r}() errno handling for the non-YP case. Prevent close(2) and syslog(3) from stomping on errno; from guenther@. Set ERANGE if the buf is too small, required by POSIX; from jca@. ok millert@
|
#
1.49 |
|
05-Mar-2014 |
schwarze |
Fix the return values of getpwnam_r(), getpwuid_r(), getgrnam_r(), and getgrgid_r() to agree with POSIX. Not touching errno handling yet, which will also need fixing.
Problem originally reported by william at 25thandClement dot com on bugs@. OK sthen@, and kettenis@ agrees it's "a step in the right direction".
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.48 |
|
15-Nov-2013 |
benno |
getpwnam_r() and getpwuid_r() reopen the passwd even when called with setpassent(stayopen).
Bug found and fixed by Erik Lax <erik-AT-halon-DOT-se> ok millert@ guenther@
|
#
1.47 |
|
12-Nov-2013 |
deraadt |
ANSI prototypes
|
#
1.46 |
|
15-Aug-2013 |
miod |
Align stack yp buffers to 64-bit boundaries now, for they might contain a struct passwd. ok deraadt@ guenther@ kettenis@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.45 |
|
21-Mar-2013 |
deraadt |
Do not need machine/param.h
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.44 |
|
07-Jan-2013 |
deraadt |
use a size_t instead of an int to avoid signed compare spotted by Ilja Van Sprundel ok millert
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.43 |
|
05-Sep-2011 |
guenther |
Preserve errno across calls to open the password database(s), so that errno isn't changed when a normal user (who can't open spwd.db) does a lookup.
Problem pointed out by Tim van der Molen (tbvdm at xs4all.nl)
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.42 |
|
21-Nov-2009 |
chl |
remove unused variable
ok deraadt@
|
#
1.41 |
|
12-Nov-2009 |
deraadt |
simplify the code looking for + in the password database, after analysis of a false positive made by parfait; ok millert
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.40 |
|
03-Jun-2009 |
schwarze |
Take advantage of the surprise libc bump to bring in YP group(5) exclusion, i.e. support -groupname:*:: in /etc/group. Such groups will be excluded from later +:*::, in just the same was as it is already done for passwd(5). I have been running this since the autumn of 2008. Discussed with several (including deraadt@, millert@, jmc@).
|
#
1.39 |
|
27-Mar-2009 |
schwarze |
getgrouplist: If YP is #defined and enabled in /etc/group(5) and /etc/netid(5) contains a matching entry, use that and refrain from accessing YP. getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed out by deraadt@: When YP was configured but temporarily unavailable, even root login would block, hindering you when trying to do repairs. To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@. "commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.38 |
|
23-Jul-2008 |
deraadt |
Avoid an occasional double free in getpwent() which corrupted memory. It happened only in the case of a + record indicating to use YP, but with ypbind not actually running. Problem found by pyr; solution found with millert ok millert pyr
|
#
1.37 |
|
06-Jul-2008 |
deraadt |
oops, fix getpwent() use of wrong buffers found by alexander.schrijver
|
#
1.36 |
|
25-Jun-2008 |
millert |
Add _PW_BUF_LEN define and use it instead of hard-coding 1024 for the buffer size. OK deraadt@
|
#
1.35 |
|
24-Jun-2008 |
deraadt |
implement getpwnam_r() and getpwuid_r() -- very nearly a rewrite of the entire file. much help from kurt, and tested by many
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
08-Aug-2005 |
espie |
zap remaining rcsid.
Kill old files that are no longer compiled.
okay theo
|
#
1.33 |
|
25-Mar-2005 |
otto |
deregister (and deauto!). ok millert@ marco@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
18-May-2004 |
jfb |
ansify function definitions and zap some `register'
ok millert@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.31 |
|
25-Jun-2003 |
deraadt |
protos
|
#
1.30 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.29 |
|
01-May-2003 |
avsm |
add missing enumeration case to select to kill gcc warning millert@ ok
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.28 |
|
21-Nov-2002 |
millert |
Add a "shadow" group and make the shadow passwd db readable by that group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@
If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.27 |
|
06-Jul-2002 |
deraadt |
KNF
|
#
1.26 |
|
06-Jul-2002 |
deraadt |
cope better if realloc fails; better fix than cloder@acm.org
|
#
1.25 |
|
24-May-2002 |
deraadt |
try to use strlcpy and snprintf more; ok various
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.24 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.23 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.22 |
|
10-Jul-2001 |
deraadt |
put another YP-only piece inside the ifdef
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.21 |
|
13-Feb-2001 |
pjanzen |
Avoid theoretical potential buffer overflow
|
#
1.20 |
|
31-Jan-2001 |
deraadt |
move utmp to large format, usernames to 32 chars; downsj
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.19 |
|
25-Apr-2000 |
deraadt |
well if you cannot do a libc commit properly a week before 2.7 tree lock, surely it can wait till after 2.7
|
#
1.18 |
|
25-Apr-2000 |
d |
getpw*_r()
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
15-Sep-1999 |
deraadt |
redo master.passwd.byname check if either the uid or euid changes, this was a case of bad caching; peter and I
|
#
1.16 |
|
14-Sep-1999 |
deraadt |
indent
|
#
1.15 |
|
03-Sep-1999 |
millert |
Use strtol() and strtoul() instead of atoi(). This allows us to catch errors reasonably and deal correctly with unsigned quantities.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.14 |
|
14-Aug-1998 |
deraadt |
realloc repair
|
#
1.13 |
|
14-Jul-1998 |
deraadt |
avoid calling __has_yppw() everytime through getpwent(), by caching the YP status along with the open file status
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.12 |
|
18-Dec-1997 |
deraadt |
handle long usernames more carefully
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.10 |
|
18-Apr-1997 |
deraadt |
constrain length of db lookups better; reported by adam@math.tau.ac.il
|
#
1.9 |
|
13-Apr-1997 |
deraadt |
buf oflow; bitblt
|
#
1.8 |
|
16-Oct-1996 |
downsj |
kill __yp_token, other clean ups.
|
#
1.7 |
|
15-Oct-1996 |
downsj |
* optimal exclusions support -- don't waste memory with DB. assumes exclusions lists are typically small. * move YP_OVERRIDE_PASSWD to a static var. needs some way for the system to set this. * clean up variable names and some code. * invisibly support FreeBSD ypserv running in "secure" mode.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
16-Sep-1996 |
millert |
uid_t is now a u_int32_t, treat it as such.
|
#
1.5 |
|
15-Sep-1996 |
tholo |
Add a couple of syscalls; bring more prototypes into scope
|
#
1.4 |
|
15-Sep-1996 |
tholo |
Remove dead code Remove unused variables Silence some warnings lint(1) is your friend
|
#
1.3 |
|
19-Aug-1996 |
tholo |
Fix RCS ids Make sure everything uses {SYS,}LIBC_SCCS properly
|
#
1.2 |
|
24-Apr-1996 |
deraadt |
yp_prot.h lies -> use yp.h (from yp.x) instead, change lots of structure accesses to match. change xdr_domainname() and some other functions to take "char **" instead of "char *", as rpcgen intended -- helps programs linking against rpcgen output of yp.x. yp_all() should not free it's return value. split xdryp.c and yplib.c into ~20 files so binaries like "csh" need not link in functions like yp_maplist(). NIS+'s YP emulation code lacks YPPROC_ORDER... attempt to deal nicely.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.62 |
|
21-Aug-2018 |
millert |
Use an mmap()'d buffer instead of a static buffer for the contents of the pointer returned by getpw{ent,nam,uid}(). We unmap the buffer each time to catch callers using a stale passwd struct pointer. As a special case, we do not unmap the buffer if the previous lookup was for the same name or uid. This special case may be removed in the future. OK deraadt@
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
07-May-2016 |
tedu |
stop opening the shadow database by default. only programs that request it via the _shadow functions will open now, preventing some programs running as root from accidentally loading password hashes it into their memory. ok deraadt
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.60 |
|
28-Dec-2015 |
mmcc |
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
#
1.59 |
|
01-Dec-2015 |
deraadt |
modify getpw*(), getgr*(), and getgrouplist() functions to access the YP lock file unconditionally. This hints to the kernel that a "getpw" operation is happening, even in the non-YP case. This looks like a gruesome hack, but helps refine the ways these functions are called and mandates the right pledge requests. Once the tree is fully annotated we will know better how to improve the backing store management. ok semarie espie beck
|
#
1.58 |
|
24-Nov-2015 |
millert |
Use reentrant versions of getpw{nam,uid} and getgr{nam,gid} within libc to avoid reusing the static buffers returned by the non-reentrant versions. Since this is inside libc we can use constants for the buffer sizes instead of having to call sysconf(). OK guenther@ deraadt@
|
#
1.57 |
|
18-Nov-2015 |
tedu |
Add _shadow variants to the two popular getpw functions (uid and nam). This version of the function will always open the secure/shadow/master password files. Soon, the regular variants of these functions will not. (Intermixing shadow and regular gets a little weird; don't do that.) Not using struct spwd and getspwnam functions to reduce churn in callers. Should just be a one line diff in most places. ok deraadt
|
#
1.56 |
|
14-Sep-2015 |
tedu |
remove null check before free. from Michael McConville ok semarie
|
#
1.55 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.54 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.53 |
|
16-Jan-2015 |
deraadt |
Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.52 |
|
12-Mar-2014 |
schwarze |
Make sure that setgrent(), endgrent(), and endpwent() do not clobber errno; they might do so on open() and close() failures, but by POSIX, they are not supposed to fail. Note that ignoring failures inside setgrent() does not matter, the following getgrent() is bound to fail the same way again, anyway. If you insist on detecting open() failure, use setgroupent(), even though that is less portable. While here, remove two pointless (void) casts. ok millert@ jca@
|
#
1.51 |
|
12-Mar-2014 |
schwarze |
The functions getpw{nam,uid}_r() no longer set errno, not even if an error occurs, but of course they do return the error. This matches what getgr{nam,gid}_r() have already been doing. Original idea by kettenis@, and deraadt@ called that idea "the only sane approach". ok kettenis@ millert@
|
#
1.50 |
|
08-Mar-2014 |
schwarze |
Fix getpw{nam,uid}{,_r}() errno handling for the non-YP case. Prevent close(2) and syslog(3) from stomping on errno; from guenther@. Set ERANGE if the buf is too small, required by POSIX; from jca@. ok millert@
|
#
1.49 |
|
05-Mar-2014 |
schwarze |
Fix the return values of getpwnam_r(), getpwuid_r(), getgrnam_r(), and getgrgid_r() to agree with POSIX. Not touching errno handling yet, which will also need fixing.
Problem originally reported by william at 25thandClement dot com on bugs@. OK sthen@, and kettenis@ agrees it's "a step in the right direction".
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.48 |
|
15-Nov-2013 |
benno |
getpwnam_r() and getpwuid_r() reopen the passwd even when called with setpassent(stayopen).
Bug found and fixed by Erik Lax <erik-AT-halon-DOT-se> ok millert@ guenther@
|
#
1.47 |
|
12-Nov-2013 |
deraadt |
ANSI prototypes
|
#
1.46 |
|
15-Aug-2013 |
miod |
Align stack yp buffers to 64-bit boundaries now, for they might contain a struct passwd. ok deraadt@ guenther@ kettenis@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.45 |
|
21-Mar-2013 |
deraadt |
Do not need machine/param.h
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.44 |
|
07-Jan-2013 |
deraadt |
use a size_t instead of an int to avoid signed compare spotted by Ilja Van Sprundel ok millert
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.43 |
|
05-Sep-2011 |
guenther |
Preserve errno across calls to open the password database(s), so that errno isn't changed when a normal user (who can't open spwd.db) does a lookup.
Problem pointed out by Tim van der Molen (tbvdm at xs4all.nl)
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.42 |
|
21-Nov-2009 |
chl |
remove unused variable
ok deraadt@
|
#
1.41 |
|
12-Nov-2009 |
deraadt |
simplify the code looking for + in the password database, after analysis of a false positive made by parfait; ok millert
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.40 |
|
03-Jun-2009 |
schwarze |
Take advantage of the surprise libc bump to bring in YP group(5) exclusion, i.e. support -groupname:*:: in /etc/group. Such groups will be excluded from later +:*::, in just the same was as it is already done for passwd(5). I have been running this since the autumn of 2008. Discussed with several (including deraadt@, millert@, jmc@).
|
#
1.39 |
|
27-Mar-2009 |
schwarze |
getgrouplist: If YP is #defined and enabled in /etc/group(5) and /etc/netid(5) contains a matching entry, use that and refrain from accessing YP. getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed out by deraadt@: When YP was configured but temporarily unavailable, even root login would block, hindering you when trying to do repairs. To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@. "commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.38 |
|
23-Jul-2008 |
deraadt |
Avoid an occasional double free in getpwent() which corrupted memory. It happened only in the case of a + record indicating to use YP, but with ypbind not actually running. Problem found by pyr; solution found with millert ok millert pyr
|
#
1.37 |
|
06-Jul-2008 |
deraadt |
oops, fix getpwent() use of wrong buffers found by alexander.schrijver
|
#
1.36 |
|
25-Jun-2008 |
millert |
Add _PW_BUF_LEN define and use it instead of hard-coding 1024 for the buffer size. OK deraadt@
|
#
1.35 |
|
24-Jun-2008 |
deraadt |
implement getpwnam_r() and getpwuid_r() -- very nearly a rewrite of the entire file. much help from kurt, and tested by many
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
08-Aug-2005 |
espie |
zap remaining rcsid.
Kill old files that are no longer compiled.
okay theo
|
#
1.33 |
|
25-Mar-2005 |
otto |
deregister (and deauto!). ok millert@ marco@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
18-May-2004 |
jfb |
ansify function definitions and zap some `register'
ok millert@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.31 |
|
25-Jun-2003 |
deraadt |
protos
|
#
1.30 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.29 |
|
01-May-2003 |
avsm |
add missing enumeration case to select to kill gcc warning millert@ ok
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.28 |
|
21-Nov-2002 |
millert |
Add a "shadow" group and make the shadow passwd db readable by that group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@
If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.27 |
|
06-Jul-2002 |
deraadt |
KNF
|
#
1.26 |
|
06-Jul-2002 |
deraadt |
cope better if realloc fails; better fix than cloder@acm.org
|
#
1.25 |
|
24-May-2002 |
deraadt |
try to use strlcpy and snprintf more; ok various
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.24 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.23 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.22 |
|
10-Jul-2001 |
deraadt |
put another YP-only piece inside the ifdef
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.21 |
|
13-Feb-2001 |
pjanzen |
Avoid theoretical potential buffer overflow
|
#
1.20 |
|
31-Jan-2001 |
deraadt |
move utmp to large format, usernames to 32 chars; downsj
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.19 |
|
25-Apr-2000 |
deraadt |
well if you cannot do a libc commit properly a week before 2.7 tree lock, surely it can wait till after 2.7
|
#
1.18 |
|
25-Apr-2000 |
d |
getpw*_r()
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
15-Sep-1999 |
deraadt |
redo master.passwd.byname check if either the uid or euid changes, this was a case of bad caching; peter and I
|
#
1.16 |
|
14-Sep-1999 |
deraadt |
indent
|
#
1.15 |
|
03-Sep-1999 |
millert |
Use strtol() and strtoul() instead of atoi(). This allows us to catch errors reasonably and deal correctly with unsigned quantities.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.14 |
|
14-Aug-1998 |
deraadt |
realloc repair
|
#
1.13 |
|
14-Jul-1998 |
deraadt |
avoid calling __has_yppw() everytime through getpwent(), by caching the YP status along with the open file status
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.12 |
|
18-Dec-1997 |
deraadt |
handle long usernames more carefully
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.10 |
|
18-Apr-1997 |
deraadt |
constrain length of db lookups better; reported by adam@math.tau.ac.il
|
#
1.9 |
|
13-Apr-1997 |
deraadt |
buf oflow; bitblt
|
#
1.8 |
|
16-Oct-1996 |
downsj |
kill __yp_token, other clean ups.
|
#
1.7 |
|
15-Oct-1996 |
downsj |
* optimal exclusions support -- don't waste memory with DB. assumes exclusions lists are typically small. * move YP_OVERRIDE_PASSWD to a static var. needs some way for the system to set this. * clean up variable names and some code. * invisibly support FreeBSD ypserv running in "secure" mode.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
16-Sep-1996 |
millert |
uid_t is now a u_int32_t, treat it as such.
|
#
1.5 |
|
15-Sep-1996 |
tholo |
Add a couple of syscalls; bring more prototypes into scope
|
#
1.4 |
|
15-Sep-1996 |
tholo |
Remove dead code Remove unused variables Silence some warnings lint(1) is your friend
|
#
1.3 |
|
19-Aug-1996 |
tholo |
Fix RCS ids Make sure everything uses {SYS,}LIBC_SCCS properly
|
#
1.2 |
|
24-Apr-1996 |
deraadt |
yp_prot.h lies -> use yp.h (from yp.x) instead, change lots of structure accesses to match. change xdr_domainname() and some other functions to take "char **" instead of "char *", as rpcgen intended -- helps programs linking against rpcgen output of yp.x. yp_all() should not free it's return value. split xdryp.c and yplib.c into ~20 files so binaries like "csh" need not link in functions like yp_maplist(). NIS+'s YP emulation code lacks YPPROC_ORDER... attempt to deal nicely.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.61 |
|
07-May-2016 |
tedu |
stop opening the shadow database by default. only programs that request it via the _shadow functions will open now, preventing some programs running as root from accidentally loading password hashes it into their memory. ok deraadt
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.60 |
|
28-Dec-2015 |
mmcc |
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
#
1.59 |
|
01-Dec-2015 |
deraadt |
modify getpw*(), getgr*(), and getgrouplist() functions to access the YP lock file unconditionally. This hints to the kernel that a "getpw" operation is happening, even in the non-YP case. This looks like a gruesome hack, but helps refine the ways these functions are called and mandates the right pledge requests. Once the tree is fully annotated we will know better how to improve the backing store management. ok semarie espie beck
|
#
1.58 |
|
24-Nov-2015 |
millert |
Use reentrant versions of getpw{nam,uid} and getgr{nam,gid} within libc to avoid reusing the static buffers returned by the non-reentrant versions. Since this is inside libc we can use constants for the buffer sizes instead of having to call sysconf(). OK guenther@ deraadt@
|
#
1.57 |
|
18-Nov-2015 |
tedu |
Add _shadow variants to the two popular getpw functions (uid and nam). This version of the function will always open the secure/shadow/master password files. Soon, the regular variants of these functions will not. (Intermixing shadow and regular gets a little weird; don't do that.) Not using struct spwd and getspwnam functions to reduce churn in callers. Should just be a one line diff in most places. ok deraadt
|
#
1.56 |
|
14-Sep-2015 |
tedu |
remove null check before free. from Michael McConville ok semarie
|
#
1.55 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.54 |
|
03-Jun-2015 |
millert |
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.53 |
|
16-Jan-2015 |
deraadt |
Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.52 |
|
12-Mar-2014 |
schwarze |
Make sure that setgrent(), endgrent(), and endpwent() do not clobber errno; they might do so on open() and close() failures, but by POSIX, they are not supposed to fail. Note that ignoring failures inside setgrent() does not matter, the following getgrent() is bound to fail the same way again, anyway. If you insist on detecting open() failure, use setgroupent(), even though that is less portable. While here, remove two pointless (void) casts. ok millert@ jca@
|
#
1.51 |
|
12-Mar-2014 |
schwarze |
The functions getpw{nam,uid}_r() no longer set errno, not even if an error occurs, but of course they do return the error. This matches what getgr{nam,gid}_r() have already been doing. Original idea by kettenis@, and deraadt@ called that idea "the only sane approach". ok kettenis@ millert@
|
#
1.50 |
|
08-Mar-2014 |
schwarze |
Fix getpw{nam,uid}{,_r}() errno handling for the non-YP case. Prevent close(2) and syslog(3) from stomping on errno; from guenther@. Set ERANGE if the buf is too small, required by POSIX; from jca@. ok millert@
|
#
1.49 |
|
05-Mar-2014 |
schwarze |
Fix the return values of getpwnam_r(), getpwuid_r(), getgrnam_r(), and getgrgid_r() to agree with POSIX. Not touching errno handling yet, which will also need fixing.
Problem originally reported by william at 25thandClement dot com on bugs@. OK sthen@, and kettenis@ agrees it's "a step in the right direction".
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.48 |
|
15-Nov-2013 |
benno |
getpwnam_r() and getpwuid_r() reopen the passwd even when called with setpassent(stayopen).
Bug found and fixed by Erik Lax <erik-AT-halon-DOT-se> ok millert@ guenther@
|
#
1.47 |
|
12-Nov-2013 |
deraadt |
ANSI prototypes
|
#
1.46 |
|
15-Aug-2013 |
miod |
Align stack yp buffers to 64-bit boundaries now, for they might contain a struct passwd. ok deraadt@ guenther@ kettenis@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.45 |
|
21-Mar-2013 |
deraadt |
Do not need machine/param.h
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.44 |
|
07-Jan-2013 |
deraadt |
use a size_t instead of an int to avoid signed compare spotted by Ilja Van Sprundel ok millert
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.43 |
|
05-Sep-2011 |
guenther |
Preserve errno across calls to open the password database(s), so that errno isn't changed when a normal user (who can't open spwd.db) does a lookup.
Problem pointed out by Tim van der Molen (tbvdm at xs4all.nl)
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.42 |
|
21-Nov-2009 |
chl |
remove unused variable
ok deraadt@
|
#
1.41 |
|
12-Nov-2009 |
deraadt |
simplify the code looking for + in the password database, after analysis of a false positive made by parfait; ok millert
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.40 |
|
03-Jun-2009 |
schwarze |
Take advantage of the surprise libc bump to bring in YP group(5) exclusion, i.e. support -groupname:*:: in /etc/group. Such groups will be excluded from later +:*::, in just the same was as it is already done for passwd(5). I have been running this since the autumn of 2008. Discussed with several (including deraadt@, millert@, jmc@).
|
#
1.39 |
|
27-Mar-2009 |
schwarze |
getgrouplist: If YP is #defined and enabled in /etc/group(5) and /etc/netid(5) contains a matching entry, use that and refrain from accessing YP. getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed out by deraadt@: When YP was configured but temporarily unavailable, even root login would block, hindering you when trying to do repairs. To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@. "commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.38 |
|
23-Jul-2008 |
deraadt |
Avoid an occasional double free in getpwent() which corrupted memory. It happened only in the case of a + record indicating to use YP, but with ypbind not actually running. Problem found by pyr; solution found with millert ok millert pyr
|
#
1.37 |
|
06-Jul-2008 |
deraadt |
oops, fix getpwent() use of wrong buffers found by alexander.schrijver
|
#
1.36 |
|
25-Jun-2008 |
millert |
Add _PW_BUF_LEN define and use it instead of hard-coding 1024 for the buffer size. OK deraadt@
|
#
1.35 |
|
24-Jun-2008 |
deraadt |
implement getpwnam_r() and getpwuid_r() -- very nearly a rewrite of the entire file. much help from kurt, and tested by many
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
08-Aug-2005 |
espie |
zap remaining rcsid.
Kill old files that are no longer compiled.
okay theo
|
#
1.33 |
|
25-Mar-2005 |
otto |
deregister (and deauto!). ok millert@ marco@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
18-May-2004 |
jfb |
ansify function definitions and zap some `register'
ok millert@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.31 |
|
25-Jun-2003 |
deraadt |
protos
|
#
1.30 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.29 |
|
01-May-2003 |
avsm |
add missing enumeration case to select to kill gcc warning millert@ ok
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.28 |
|
21-Nov-2002 |
millert |
Add a "shadow" group and make the shadow passwd db readable by that group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@
If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.27 |
|
06-Jul-2002 |
deraadt |
KNF
|
#
1.26 |
|
06-Jul-2002 |
deraadt |
cope better if realloc fails; better fix than cloder@acm.org
|
#
1.25 |
|
24-May-2002 |
deraadt |
try to use strlcpy and snprintf more; ok various
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.24 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.23 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.22 |
|
10-Jul-2001 |
deraadt |
put another YP-only piece inside the ifdef
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.21 |
|
13-Feb-2001 |
pjanzen |
Avoid theoretical potential buffer overflow
|
#
1.20 |
|
31-Jan-2001 |
deraadt |
move utmp to large format, usernames to 32 chars; downsj
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.19 |
|
25-Apr-2000 |
deraadt |
well if you cannot do a libc commit properly a week before 2.7 tree lock, surely it can wait till after 2.7
|
#
1.18 |
|
25-Apr-2000 |
d |
getpw*_r()
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
15-Sep-1999 |
deraadt |
redo master.passwd.byname check if either the uid or euid changes, this was a case of bad caching; peter and I
|
#
1.16 |
|
14-Sep-1999 |
deraadt |
indent
|
#
1.15 |
|
03-Sep-1999 |
millert |
Use strtol() and strtoul() instead of atoi(). This allows us to catch errors reasonably and deal correctly with unsigned quantities.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.14 |
|
14-Aug-1998 |
deraadt |
realloc repair
|
#
1.13 |
|
14-Jul-1998 |
deraadt |
avoid calling __has_yppw() everytime through getpwent(), by caching the YP status along with the open file status
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.12 |
|
18-Dec-1997 |
deraadt |
handle long usernames more carefully
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.10 |
|
18-Apr-1997 |
deraadt |
constrain length of db lookups better; reported by adam@math.tau.ac.il
|
#
1.9 |
|
13-Apr-1997 |
deraadt |
buf oflow; bitblt
|
#
1.8 |
|
16-Oct-1996 |
downsj |
kill __yp_token, other clean ups.
|
#
1.7 |
|
15-Oct-1996 |
downsj |
* optimal exclusions support -- don't waste memory with DB. assumes exclusions lists are typically small. * move YP_OVERRIDE_PASSWD to a static var. needs some way for the system to set this. * clean up variable names and some code. * invisibly support FreeBSD ypserv running in "secure" mode.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
16-Sep-1996 |
millert |
uid_t is now a u_int32_t, treat it as such.
|
#
1.5 |
|
15-Sep-1996 |
tholo |
Add a couple of syscalls; bring more prototypes into scope
|
#
1.4 |
|
15-Sep-1996 |
tholo |
Remove dead code Remove unused variables Silence some warnings lint(1) is your friend
|
#
1.3 |
|
19-Aug-1996 |
tholo |
Fix RCS ids Make sure everything uses {SYS,}LIBC_SCCS properly
|
#
1.2 |
|
24-Apr-1996 |
deraadt |
yp_prot.h lies -> use yp.h (from yp.x) instead, change lots of structure accesses to match. change xdr_domainname() and some other functions to take "char **" instead of "char *", as rpcgen intended -- helps programs linking against rpcgen output of yp.x. yp_all() should not free it's return value. split xdryp.c and yplib.c into ~20 files so binaries like "csh" need not link in functions like yp_maplist(). NIS+'s YP emulation code lacks YPPROC_ORDER... attempt to deal nicely.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|