mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
Maintain pw_fields, and output same to password database.
!!!!!!!! NB !!!!!!!! You MUST pwd_mkdb /etc/master.passwd before attempting to use the new libc, or things may go wrong. (I doubt anything actually /will/ go wrong, but the actual behavior is undefined. YOU HAVE BEEN WARNED.) The database format is, however, backwards-compatible, so old executables will still work.
This commit is contained in:
parent
6913240fbc
commit
28ca30918a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=2916
@ -62,15 +62,20 @@ pw_scan(bp, pw)
|
||||
int root;
|
||||
char *p, *sh;
|
||||
|
||||
pw->pw_fields = 0;
|
||||
if (!(pw->pw_name = strsep(&bp, ":"))) /* login */
|
||||
goto fmt;
|
||||
root = !strcmp(pw->pw_name, "root");
|
||||
if(pw->pw_name[0] && (pw->pw_name[0] != '+' || pw->pw_name[1] == '\0'))
|
||||
pw->pw_fields |= _PWF_NAME;
|
||||
|
||||
if (!(pw->pw_passwd = strsep(&bp, ":"))) /* passwd */
|
||||
goto fmt;
|
||||
if(pw->pw_passwd[0]) pw->pw_fields |= _PWF_PASSWD;
|
||||
|
||||
if (!(p = strsep(&bp, ":"))) /* uid */
|
||||
goto fmt;
|
||||
if(p[0]) pw->pw_fields |= _PWF_UID;
|
||||
id = atol(p);
|
||||
if (root && id) {
|
||||
warnx("root uid should be 0");
|
||||
@ -84,6 +89,7 @@ pw_scan(bp, pw)
|
||||
|
||||
if (!(p = strsep(&bp, ":"))) /* gid */
|
||||
goto fmt;
|
||||
if(p[0]) pw->pw_fields |= _PWF_GID;
|
||||
id = atol(p);
|
||||
if (id > USHRT_MAX) {
|
||||
warnx("%s > max gid value (%d)", p, USHRT_MAX);
|
||||
@ -92,14 +98,24 @@ pw_scan(bp, pw)
|
||||
pw->pw_gid = id;
|
||||
|
||||
pw->pw_class = strsep(&bp, ":"); /* class */
|
||||
if(pw->pw_class[0]) pw->pw_fields |= _PWF_CLASS;
|
||||
|
||||
if (!(p = strsep(&bp, ":"))) /* change */
|
||||
goto fmt;
|
||||
if(p[0]) pw->pw_fields |= _PWF_CHANGE;
|
||||
pw->pw_change = atol(p);
|
||||
|
||||
if (!(p = strsep(&bp, ":"))) /* expire */
|
||||
goto fmt;
|
||||
if(p[0]) pw->pw_fields |= _PWF_EXPIRE;
|
||||
pw->pw_expire = atol(p);
|
||||
|
||||
pw->pw_gecos = strsep(&bp, ":"); /* gecos */
|
||||
if(pw->pw_gecos[0]) pw->pw_fields |= _PWF_GECOS;
|
||||
|
||||
pw->pw_dir = strsep(&bp, ":"); /* directory */
|
||||
if(pw->pw_dir[0]) pw->pw_fields |= _PWF_DIR;
|
||||
|
||||
if (!(pw->pw_shell = strsep(&bp, ":"))) /* shell */
|
||||
goto fmt;
|
||||
|
||||
@ -113,6 +129,7 @@ pw_scan(bp, pw)
|
||||
if (!strcmp(p, sh))
|
||||
break;
|
||||
}
|
||||
if(p[0]) pw->pw_fields |= _PWF_SHELL;
|
||||
|
||||
if (p = strsep(&bp, ":")) { /* too many */
|
||||
fmt: warnx("corrupted entry");
|
||||
|
@ -62,15 +62,20 @@ pw_scan(bp, pw)
|
||||
int root;
|
||||
char *p, *sh;
|
||||
|
||||
pw->pw_fields = 0;
|
||||
if (!(pw->pw_name = strsep(&bp, ":"))) /* login */
|
||||
goto fmt;
|
||||
root = !strcmp(pw->pw_name, "root");
|
||||
if(pw->pw_name[0] && (pw->pw_name[0] != '+' || pw->pw_name[1] == '\0'))
|
||||
pw->pw_fields |= _PWF_NAME;
|
||||
|
||||
if (!(pw->pw_passwd = strsep(&bp, ":"))) /* passwd */
|
||||
goto fmt;
|
||||
if(pw->pw_passwd[0]) pw->pw_fields |= _PWF_PASSWD;
|
||||
|
||||
if (!(p = strsep(&bp, ":"))) /* uid */
|
||||
goto fmt;
|
||||
if(p[0]) pw->pw_fields |= _PWF_UID;
|
||||
id = atol(p);
|
||||
if (root && id) {
|
||||
warnx("root uid should be 0");
|
||||
@ -84,6 +89,7 @@ pw_scan(bp, pw)
|
||||
|
||||
if (!(p = strsep(&bp, ":"))) /* gid */
|
||||
goto fmt;
|
||||
if(p[0]) pw->pw_fields |= _PWF_GID;
|
||||
id = atol(p);
|
||||
if (id > USHRT_MAX) {
|
||||
warnx("%s > max gid value (%d)", p, USHRT_MAX);
|
||||
@ -92,14 +98,24 @@ pw_scan(bp, pw)
|
||||
pw->pw_gid = id;
|
||||
|
||||
pw->pw_class = strsep(&bp, ":"); /* class */
|
||||
if(pw->pw_class[0]) pw->pw_fields |= _PWF_CLASS;
|
||||
|
||||
if (!(p = strsep(&bp, ":"))) /* change */
|
||||
goto fmt;
|
||||
if(p[0]) pw->pw_fields |= _PWF_CHANGE;
|
||||
pw->pw_change = atol(p);
|
||||
|
||||
if (!(p = strsep(&bp, ":"))) /* expire */
|
||||
goto fmt;
|
||||
if(p[0]) pw->pw_fields |= _PWF_EXPIRE;
|
||||
pw->pw_expire = atol(p);
|
||||
|
||||
pw->pw_gecos = strsep(&bp, ":"); /* gecos */
|
||||
if(pw->pw_gecos[0]) pw->pw_fields |= _PWF_GECOS;
|
||||
|
||||
pw->pw_dir = strsep(&bp, ":"); /* directory */
|
||||
if(pw->pw_dir[0]) pw->pw_fields |= _PWF_DIR;
|
||||
|
||||
if (!(pw->pw_shell = strsep(&bp, ":"))) /* shell */
|
||||
goto fmt;
|
||||
|
||||
@ -113,6 +129,7 @@ pw_scan(bp, pw)
|
||||
if (!strcmp(p, sh))
|
||||
break;
|
||||
}
|
||||
if(p[0]) pw->pw_fields |= _PWF_SHELL;
|
||||
|
||||
if (p = strsep(&bp, ":")) { /* too many */
|
||||
fmt: warnx("corrupted entry");
|
||||
|
@ -92,7 +92,7 @@ main(argc, argv)
|
||||
DBT data, key;
|
||||
FILE *fp, *oldfp;
|
||||
sigset_t set;
|
||||
int ch, cnt, len, makeold, tfd;
|
||||
int ch, cnt, len, makeold, tfd, yp_enabled = 0;
|
||||
char *p, *t;
|
||||
char buf[MAX(MAXPATHLEN, LINE_MAX * 2)], tbuf[1024];
|
||||
char buf2[MAXPATHLEN];
|
||||
@ -178,6 +178,7 @@ main(argc, argv)
|
||||
data.data = (u_char *)buf;
|
||||
key.data = (u_char *)tbuf;
|
||||
for (cnt = 1; scan(fp, &pwd); ++cnt) {
|
||||
if(pwd.pw_name[0] == '+') yp_enabled = 1;
|
||||
#define COMPACT(e) t = e; while (*p++ = *t++);
|
||||
/* Create insecure data. */
|
||||
p = buf;
|
||||
@ -195,6 +196,8 @@ main(argc, argv)
|
||||
COMPACT(pwd.pw_shell);
|
||||
memmove(p, &pwd.pw_expire, sizeof(time_t));
|
||||
p += sizeof(time_t);
|
||||
memmove(p, &pwd.pw_fields, sizeof pwd.pw_fields);
|
||||
p += sizeof pwd.pw_fields;
|
||||
data.size = p - buf;
|
||||
|
||||
/* Store insecure by name. */
|
||||
@ -225,6 +228,14 @@ main(argc, argv)
|
||||
pwd.pw_name, pwd.pw_uid, pwd.pw_gid, pwd.pw_gecos,
|
||||
pwd.pw_dir, pwd.pw_shell);
|
||||
}
|
||||
/* If YP enabled, set flag. */
|
||||
if(yp_enabled) {
|
||||
tbuf[0] = _PW_KEYYPENABLED;
|
||||
key.size = 1;
|
||||
if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
|
||||
error("put");
|
||||
}
|
||||
|
||||
(void)(dp->close)(dp);
|
||||
if (makeold) {
|
||||
(void)fflush(oldfp);
|
||||
@ -258,6 +269,8 @@ main(argc, argv)
|
||||
COMPACT(pwd.pw_shell);
|
||||
memmove(p, &pwd.pw_expire, sizeof(time_t));
|
||||
p += sizeof(time_t);
|
||||
memmove(p, &pwd.pw_fields, sizeof pwd.pw_fields);
|
||||
p += sizeof pwd.pw_fields;
|
||||
data.size = p - buf;
|
||||
|
||||
/* Store secure by name. */
|
||||
@ -283,6 +296,14 @@ main(argc, argv)
|
||||
error("put");
|
||||
}
|
||||
|
||||
/* If YP enabled, set flag. */
|
||||
if(yp_enabled) {
|
||||
tbuf[0] = _PW_KEYYPENABLED;
|
||||
key.size = 1;
|
||||
if ((dp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
|
||||
error("put");
|
||||
}
|
||||
|
||||
(void)(edp->close)(edp);
|
||||
|
||||
/* Set master.passwd permissions, in case caller forgot. */
|
||||
|
Loading…
Reference in New Issue
Block a user