MFC r348282 (by lwhsu):

Remove an uneeded indentation introduced in r286196 to silence gcc warnging

Sponsored by: The FreeBSD Foundation

MFC r330245:

Allow the "@" and "!" characters in passwd file GECOS fields.

Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.

PR: 152084, 210187
Submitted by: jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reported by: jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Sponsored by: Dell EMC

MFC r326872: fix expiration arithmetic after r326738 and MFC.

Approved by: mav (mentor)

MFC r326738: pw(8): correct expiration period handling
and command line overrides to preconfigured values for -e, -p and -w flags.

Use non-negative symbols instead of magic values
in passwd_val/pw_password functions.

PR: 223431
Submitted by: Yuri Pankov (in part, patch for the manual)
Approved by: mav (mentor)
Relnotes: yes

MFC r322677: pw usermod: handle empty secondary group lists (-G '')

"pw usermod someuser -G ''" is supposed make sure that someuser
doesn't have any secondary group memberships.

Previouly it was a nop because split_groups() only intitialised
"groups" if at least one group was specified. As a result the
existing secondary group memberships were kept.

PR: 221417
Submitted by: Fabian Keil
Approved by: re (kib)
Obtained from: ElectroBSD
Relnotes: yes

MFC r322678: pw useradd: Validate the user name before creating the entry

Previouly it was possible to create users with spaces in the name with:
pw useradd -u 1234 -g 1234 -n 'test user'

The "-g 1234" is relevant, without it the name was already rejected
as expected:

[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name

Bug unintentionally found with a salt config without explicit name entry:

test user:
user.present:
- uid: 1234
- gid: 1234
- fullname: Test user
- shell: /usr/local/bin/bash
- home: /home/test
- groups:
- wheel
- salt

"Luckily" salt modules rarely bother with input validation either ...

PR: 221416
Submitted by: Fabian Keil
Approved by: re (kib)
Obtained from: ElectroBSD

MFC r319026:

pw: add some basic testcases for groupshow and usershow

- groupshow: test out -a/-g/-n .
- usershow: test out -a/-n/-u .

MFC r318141, r318143-r318144

r318141:
strcpy => strlcpy

Reported by: Coverity
CID: 1352771
Sponsored by: Spectra Logic Corp

r318143:
strcpy => strlcpy

Reported by: Coverity
CID: 1006715
Sponsored by: Spectra Logic Corp

r318144:
Don't depend on assert(3) getting evaluated

Reported by: imp
X-MFC-With: 318141, 318143
Sponsored by: Spectra Logic Corp

MFC r315032-r315036, r315039, r315041

r315032:
Increase WARNS for iconv tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315033:
Increase WARNS for nss tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315034:
Document that the msun tests require WARNS=0

ATF tests have a default WARNS of 0, unlike other usermode programs. This
change is technically a noop, but it documents that the msun tests don't
work with any warnings enabled, at least not on all architectures.

Reviewed by: ngie
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315035:
Increase WARNS for libcrypt tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie, julian
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315036:
Increase WARNS for libmp tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie, julian
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315039:
Increase WARNS for libutil tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie, julian
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315041:
Increase WARNS for pw tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie, julian
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

MFC: r315912 (by eugen@) and r315935

Properly initialise with content of pw.conf(5) that was mistakenly ignored.
Also, respect "defaultgroup" if specified there.

Add a regression test

PR: 217934
Submitted by: Victor Sudakov <vas@mpeks.tomsk.su>

MFC r315776:

Rename tests from <foo> to <foo>_test to match the FreeBSD test suite
naming scheme

usr.bin/diff/diff_test was renamed to usr.bin/diff/netbsd_diff_test
to avoid collisions with the renamed FreeBSD test.

MFC r312644, r312650

r312644:
Readd a feature lost in pw(8) refactoring

pw usermod foo -m

It used to be able to (re)create the home directory if it didn't exists

r312650:
Really restore the old behaviour for pw usermod -m

It again reinstall missing skel files without overwriting changed one
Add a regression test about it

PR: 216224
Reported by: ae

MFC r289172,r290254:

r289172:

Refactor the test/ Makefiles after recent changes to bsd.test.mk (r289158) and
netbsd-tests.test.mk (r289151)

- Eliminate explicit OBJTOP/SRCTOP setting
- Convert all ad hoc NetBSD test integration over to netbsd-tests.test.mk
- Remove unnecessary TESTSDIR setting
- Use SRCTOP where possible for clarity

r290254:

Remove unused variable (SRCDIR)

MFC r308806

Speed up pw operations that edit /etc/group or /etc/passwd

r285050 fixed a bug in pw that could lead to /etc/passwd or /etc/group
corruption on power loss. However, it fixed it by opening those files with
O_SYNC, which is very slow, especially on ZFS. This change replaces O_SYNC
with appropriately placed fsync()s instead, which is much faster. Using a
ZFS tmpdir, the time to run pw's kyua tests drops from 245s to 35s.

MFC r309803:

Fix pw groupshow <gid>

PR: 204676
Submitted by: longwitz@incore.de

MFC r307752

Close some file descriptor leaks in pw

MFC r302778

pw should sanitize the argument of -w.

Otherwise, it will silently disable the login for the selected account if
the argument is unrecognizable.

usr.sbin/pw/pw.h
usr.sbin/pw/pw_conf.c
usr.sbin/pw/pw_user.c
Use separate rules to validate boolean parameters and passwd
parameters. Error out if a password parameter cannot be parsed.

usr.sbin/pw/tests/Makefile
usr.sbin/pw/tests/crypt.c
usr.sbin/pw/tests/pw_useradd.sh
usr.sbin/pw/tests/pw_usermod.sh
Add tests for the validation. Also, enhance existing
password-related tests to actually validate that the correct hash is
written to master.passwd.

Do not try to delete the home of the user if is is not a directory for example
"/dev/null"

PR: 211195
Submitted by: rday <ryan@ryanday.net>
Reported by: eniorm <eniorm@gmail.com>

MFC r300564

Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes

The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.

Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.

Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.

Reduce code indentation by returning early in a couple of places.

Reported by: Coverity
CID: 1006692
Reviewed by: markj (previous version)
Differential Revision: https://reviews.freebsd.org/D6490

MFC r296300:
Fix a typo that prevented pw(8) from setting a user's UID to 0.

MFC r298525:

Add a single example of adding a user that roughly corresponds with the
adduser example in the Handbook.

MFC r297330:

Adjust misleading wording of the -G option and simplify a few
surrounding sentences. From a discussion on -ports.

MFC: r290153 (by bdrewery)

Fix unlikely memory leak.

It is unlikely since the first check in the function is that dir[0] is '/',
but later code changes may make it real.

Coverity CID: 1332104

MFC: 278899

Regression: fix usershow -7

MFC: r292846, r292847, r292849

Restore dryrun support for pw groupmod
Remove useless assignement of linelen
Simplify code for parsing extra groups

MFC: r291658

pw_checkname since the beginning is too strict on GECOS field,
relax it a bit so gecos can be used to store multibytes data.

This was unseen before FreeBSD 10.2 as this validation function was motly unused
since FreeBSD 10.2 the usage of this function has been generalized to improve

Reported by: des

MFC: r291657

Fix handling of numeric-only names with pw lock
Add a regression test about it

PR: 204968

MFC r290174:

In pw_userlock, set 'name' to NULL when we encounter an all number string
because it is also used as an indicator of whether a name or an UID is
being used and we may have undefined results as 'name' may contain
uninitialized stack contents.

MFC r289600:

Initialize `quiet` to false so `pw groupnext` again prints out the next gid
by default

Reported by: Florian Degner <f.degner@gmx.de>
PR: 203876
Sponsored by: EMC / Isilon Storage Division

MFC 289067:
Fix a repeated typo: rootir -> rootdir.

MFC: r287701

Regression: fix pw usermod -d

Mark the user has having been edited if -d option is passed to usermod and
so the request change of home directory actually happen

PR: 203052
Reported by: lenzi.sergio@gmail.com

MFC: r285133,r285136,r285137,r285156,r285157,r285158,r285256,r285318,r285395,
r285396,r285398,r285401,r285403,r285405,r285406,r285408,r285409,r285411,
r285412,r285413,r285415,r285418,r285430,r285433,r285434,r285442,r285948,
r285984,r285985,r285989,r285996,r285997,r286045,r286047,r286066,r286150,
r286151,r286152,r286154,r286155,r286156,r286157,r286173,r286196,r286197,
r286198,r286199,r286200,r286201,r286202,r286203,r286204,r286210,r286211,
r286217,r286218,r286258,r286259,r286341,r286775,r286982,r286986,r286991,
r286993

Validate most pw inputs.
Rewrite the way parsing sub arguments is made to simplify code and improve
maintenability
Add -y (NIS) to userdel/usermod
pw userdel -r <rootdir> now deletes directories in the rootdir
Only parse pw.conf when needed
Reject usermod and userdel if the user concerned is not on the user database
supposed to be manipulated

Fix segfault were modifying the uid of a user

Do a direct commit as the code on head has changed a lot and does not fail in
that case

PR: 202111
Reported by: gondim@bsdinfo.com.br

MFC: r285414, r285440, r285441, r285443

- allow to create users with uid 0
- fix check duplicates logic
- fix gid policy to be in sync with uid if possible

Reported by: Jan Mikkelsen <janm@transactionware.com>
Approved by: re (marius)

MFC: r274011,r274022,r274453,r274542,r274632,r274727,r275653,r275656,r275657,
r275658,r275829,r277652,r277764,r278475,r278767,r278819,r278902,r279256,
r282681,r282683,r282685,r282686,r282687,r282697,r282698,r282699,r282700,
r282709,r282712,r282713,r282716,r282718,r282719,r282720,r282721,r283809,
r283810,r283811,r283814,r283815,r283816,r283818,r283841,r283842,r283843,
r283961,r283962,r284110,r284111,r284112,r284113,r284114,r284117,r284118,
r284119,r284120,r284121,r284122,r284123,r284124,r284126,r284128,r284129,
r284130,r284133,r284135,r284137,r284139,r284140,r284148,r284149,r284392

Lots of cleanup in the pw(8) code
Add pw -R <rootdir>
Add lots of regression tests
More accurate error messages

Approved by: re (kib)
Sponsored by: gandi.net

MFC: r283695

Remove dead declaration

PR: 195928

Fix an apparent mis-merge that happened in r274082. Before that, on the
10-stable branch, this makefile had WARNS=2, and on head the value is
still 2, but in the MFC done in r274082 it got changed to 3, causing build
failures when building with gcc. This direct commit to 10 goes back to
WARNS=2.

MFC: 272445,272578,273772,273779,273782,273786,273787,273791

Add a test for bug 191427 where pw(8) will go into an infinite loop
Add some tests for modifying groups
When a group is renamed then the group has been invalidated for sure.
In that case get the group information using the new name.

Fix a regression in pw usermod -G list

The user was perperly adding the to different groups from "list" but was not
removed from the other groups it could have belong to.

Do not delete the group wheel when bad argument is passed to pw groupdel -g

Check that the -g argument is actually a number, if not report an error.
This argument is converted without checking with atoi(3) later so without this
check it converts any alpha entries into 0 meaning it deletes the group wheel

Ensure pw userdel -u <invalid> do not try to remove root

Check the uid passed is actually a number as early as possible

Fix renaming a group via the gr_copy function

Add a regression test to pw(8) because the bug was discovered via using:
pw groupmod

PR: 193704 [1], 185666 [2], 90114 [3], 187189 [4]
Submitted by: Marc de la Gueronniere [4]
Reported by: az [1], sub.mesa@gmail.com [2], bkoenig@cs.tu-berlin.de [3],
mcdouga9@egr.msu.edu [4]

MFH (r272830): change the hardcoded default back to DES
MFH (r272833): remove last vestige of MD5 password hashes

MFC revisions 262864-262865, 263114, 267970:
r262864: Stop pw(8) from segfaulting when given certain input (julian)
r262865: Part 2 of bug 187310 (julian)
r263114: Fix pw(8) edge-case deletion of group "username" on userdel
r267970: Fix infinite-loop during deletion of users from groups

PR: 187310, 169471, 191427
Submitted by: Voradesh Yenbut, Alexander Pyhalov, Kim Shrier
Obtained from: bug
Approved by: re (gjb)

MFH: r264781, r267669, r267670

Simplify reading pw.conf(5) by using getline(3)

Removed compatibility with pre FreeBSD 2.2 pw_mkdb command [1]
Fix some broken indentattion [1]

Fix changing the username [2]

PR: 189172 [1], 189173 [2]
Submitted by: fullermd@over-yonder.net [1][2]

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Fall back to sha512 if passwd_format is not set.

MFC after: 3 days

There is no reason to disallow setting the password or account expiry
date to the current date.

MFC after: 3 days

Fix -Wunsequenced warning

Submitted by: dt71@gmx.com

mdoc sweep

Prevent a null pointer dereference in pw userdel when deleting
a user whose group != username.

Remove unused variables

Approved by: cperciva
MFC After: 3 days

pw: free group returned by gr_add

Simplify vnextgrent and vnextpwent reusing pw_scan and gr_scan from libutil.

Fix a regression in "pw group show" introduced r242349:
print a newline after printing each group line.

PR: bin/174731
Submitted by: Jan Beich <jbeich@tormail.org>

Simplify the code by using the new gr_add function

Simplify copying of group members by using memcpy

Submitted by: Christoph Mallon <christoph.mallon@gmx.de>

Fix off-by-one error in memory allocation: j entries, one new and a null
terminator is j + 2.

Submitted by: Christoph Mallon <christoph.mallon@gmx.de>

In case of the deletion of a user those whole database has to be regenerated,
otherwise the user planned to be deleted remain in the pwd.db while removed from
the plain text password file.

Fix creating a user and adding it to a group

Reported by: "Sam Fourman Jr." <sfourman@gmail.com>, dim

Simplify string duplication: use strdup instead of malloc + strcpy

Submitted by: db
Approved by: cperciva
MFC after: 2 weeks

Avoid overflowing the file buffer

Submitted by: db
Approved by: cperciva
MFC after: 2 weeks

Use strdup instead of malloc + strcpy

Submitted by: db
Approved by: cperciva
MFC after: 2 weeks

Avoid overflow of file buffer

Submitted by: db
Approved by: cperciva
MFC after: 2 weeks

Remove useless check for NULL prior to free.

Approved by: cperciva
MFC after: 2 weeks

In NIS mode first chmod(2) the temporary file and is succeed then rename(2)

Correctly set the password file mode after renaming in NIS mode

Teach pw(8) about how to use pw/gr API to reduce code duplication

MFC after: 2 months

Do not treat empty name as an uid 0

Reported by: Robert Bonomi <bonomi@mail.r-bonomi.com>

Remove useless atoi(3), previous strspn(3) makes sure that a_name->val is a
number.
This also allow pw user show to work as expected.

PR: bin/172112
Submitted by: "Ilya A. Arkhipov" <rum1cro@yandex.ru>
MFC after: 1 month

Make sure that each va_start has one and only one matching va_end,
especially in error cases.

Handle NULL return from crypt(3). Mostly from DragonFly

readlink len-1

Spelling fixes for usr.sbin/

- document the -l option to usermod

PR: docs/161588
Submitted by: "Luchesar V. ILIEV" <luchesar.iliev@gmail.com>
Approved by: gjb
MFC after: 1 week

In usr.sbin/pw/pw_user.c, use the correct printf length modifier for a
ptrdiff_t.

MFC after: 1 week

Backout r223115 which potentially caused a POLA violation, by restoring
historic behavior (create the default base directory in pw.conf) before
I came up with a better fix for this.

Requested by: nwhitehorn
Approved by: re (kib)

Don't attempt to create the base directory when -d is specified.

MFC after: 1 month

Stop hard-coding default directory mode as 0777.

Do not let pw.conf(5) or -M option affect creation of basehome, e.g., /home.
When the basehome does not exist, it creates all intermediate directories as
required, which is logically equivalent to mkdir(1) with -m and -p options.
However, it modifies all intermediate directories, not just the final home
directory unlike mkdir. This problem was introduced in two revisions, i.e.,
r1.59 (SVN r167919) and r1.60 (SVN r168044).

MFC after: 1 month

mdoc: drop redundant .Pp and .LP calls

They have no effect when coming in pairs, or before .Bl/.Bd

Revert the unrelated patch crept in the previous commit.

Prefer pmap_unmapbios() over pmap_unmapdev(). The binary does not change
after this because pmap_unmapbios() is a macro for pmap_unmapdev() on amd64.

The last big commit: let usr.sbin/ use WARNS=6 by default.

Make pw(8) build without <utmp.h>.

The size of the username record in utmp files should not influence the
maximum username length. Right now ut_user/ut_name is big enough, so in
this case it's dead code anyway.

Use arc4random_uniform() to avoid "modulo bias"

Remove pw_getrand() unneded now: arc4random_uniform() is stronger then
pw_getrand()'s MD5 tricks (inactive) and its active version, mixing
arc4random() bytes in one, not make things better at all.

Before updating the password database, the pw(8) utility first performs a
sanity check by invoking "pwd_mkdb -C". However, if this failed it
silently returned success. Fix this so it fails the update operation
instead.

MFC after: 1 week

- Increase the size of the salt in pw(8) from 8 to 32 (same as in pam_unix(8)).
This makes blowfish password hashes look normal when set using
pw(8)/adduser(8). [1]
- Make it possible to have a '/' in the salt.

PR: 121146 [1]
Submitted by: Jaakko Heinonen [1]
Approved by: rwatson (mentor)
MFC after: 1 month

Add the groupmod '-d' option to pw to allow the deletion of existing users
from a group without the need to perform the same operation by replacing
the existing list via the '-M' option. The '-M' option requires someone
to fetch the existing members with pw, deleting the undesired members from
the list and sending the altered list back to pw.

Approved by: wes (mentor)
MFC after: 5 days

style(9) (verified no object changes)

Approved by: wes (mentor)
MFC after: 5 days

Clarify in what formats the grouplist for the '-G' switch may be accepted.

Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Do the right thing with symlinks in the skeleton directory.

PR: bin/63659

Accept passwords which contain whitespace.

PR: bin/53434

Add home directory creation mode to pw.conf(5) and be a bit
more specific about the effect of the current umask on -M.

Add -M argument to usage() output.

Introduce the new option -M to allow to set the permissions of
the user's newly created home directory. If omitted, it's derived
from the current umask.

PR: bin/16880, bin/83253 (partially), bin/104248
MFC in: 1 month

Better mdoc(7). Bump doc date.

Kicked by: ru

Note the naming convention of files in share/skel and explain the "dot"
prefix is removed.

PR: 103828

o Fix groupadd getopt line and make 'pw groupadd -o' work.

PR: bin/100684
Submitted by: Devon H. O'Dell
MFC after: 3 weeks

Change /home symbolic link, so it will point to usr/home instead of /usr/home.

Previous symlink was confusing:

# cd /jails/virtual_system_1/home
# realpath .
/usr/home

...and slower.

OK'ed by: rwatson, phk

Remove unused variables.

The variable `arglist' has internal linkage in pw.c, don't declare it as extern
here.

Sort sections.

Added the EXIT STATUS section where appropriate.

Don't rely on NULL being a pointer, add a cast before passing it to a variadic
function.

Mechanically kill hard sentence breaks.

Use strlcpy(3) to replace the idiomatic

strncpy(d, s, l);
d[l - 1] = '\0';

statements.

Fix a bug which occurred when the home directory given by the
-d option was equal to the one already saved and which caused
the pw utility to avoid updating values passed by other options
processed before the -d option in the code path.

Spotted by: Richard Caley <rjc@interactive.co.uk>

Shift file locking to source file instead of temp file. This fixes
data buffering issue that corrupts files if two pw(8)'s run at the
same time as well as changing pw(8) so it uses the same locking
mechanism as PAM, vipw(8), pwd_mkdb(8), etc.

PR: bin/23501
Submitted by: Alex Kapranoff <alex (at) kapran (dot) bitmcnit (dot) bryansk (dot) su>
Approved by: rwatson (mentor)
MFC after: 5 days

Add a `-H <fd>' option that is like `-h <fd>', but accepts an already
encrypted password on the specified file descriptor.

PR: bin/22033
MFC after: 2 weeks

mdoc(7): Use the new feature of the .In macro.

The .Xr utility. Spelling. Put NIS under .Tn

Add information about the log file.

PR: 35575
Submitted by: "Simon L. Nielsen" <simon@nitro.dk> (original version)

style.Makefile(5)

There is no sense to use random random() and arc4random() in the same program.
Switch to arc4random() completely.

Changes so the 'pw' command will allow '$' as the last character in a userid
or group name (mainly for the benefit of samba). This pretty much rewrites
he pw_checkname() routine, but should work exactly the same except for the
above change, and that error messages are somewhat more informative.

PR: 28733 46890
Inspired by: example patch written by Terry Lambert
Reviewed by: no objections on freebsd-arch and freebsd-current
MFC plans: no plans, but will do if people want it in stable.

Do not expose password if it is empty and PWF_STANDARD format is requested

MFC after: 1 week

Uniformly refer to a file system as "file system".

Approved by: re

The .Nm utility

de-__P()

Lists follow a colon, not a semicolon.

`pw useradd' could be used with -w without -D option.

PR: docs/39770
Submitted by: sada
Approved by: dd

Print a long with %ld not %d. (We possibly should be using %j here, but
that can be fixed when the many other warnings here are being fixed.)

PR: 39741
Submitted by: Dan Lukes <dan@obluda.cz>
MFC after: 1 week

In the words of the submitter:

This patch explains -F for usershow and groupshow. Because "groupmod
... -F" doesn't do anything, the patch also drops that from groupmod's
command line args.

PR: 35955
Submitted by: Mike DeGraw-Bertsch <mbertsch@radioactivedata.org>

Document the -7 option for usershow.

PR: 36735
Submitted by: Mike DeGraw-Bertsch <mbertsch@radioactivedata.org>

Merge a duplicate description of the -L option into the first one.

PR: docs/34782
MFC after: 1 week

Use correct mode for temporary file.

Reported by: ryan beasley <ryanb@goddamnbastard.org>

Change rmskey() to rmopie() - we don't have skey anymore

For new users, create the home directory before sending the welcome
mail, if configured to do so. Some sites have setups where the user's
mail is delivered to their home directory, so sending mail before is
exists didn't work.

PR: 29892

Unbreak group operations by reverting previous delta which removed the
assignment of `l' in `gr_update' to the return value of snprintf. It
claimed to have fixed the case where snprintf returned -1--in fact, it
broke the entire routine. Not setting `l' here causes fileupdate() to
invariably fail with EINVAL because it does its own check to assert
that the parameter isn't -1.

Properly initialize the random number generator in pw_getpass().
Right now, the automatically generated passwords have been rather
predictable. :-(

MFC after: 1 day

Fix a typo in a variable name that made pw(8) coredump when using
USE_MD5RAND.

MFC after: 2 days

Handle snprintf() returning < 0 (not just -1)

MFC after: 2 weeks

Handle snprintf() returning -1.

MFC after: 2 weeks

Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.

Remove GCC'isms in CFLAGS.

Remove whitespace at EOL.

mdoc(7) police: remove extraneous .Pp before and/or after .Sh.

Fix the type of the NULL arg to execl()

Idea from: Theo de Raadt <deraadt@openbsd.org>

Don't override the default BINMODE.

Submitted by: bde

Fix a harmless format string bogon and mark a function as __printflike().
There is still one instance of non-constant format string use inside that
function, but it's hard to fix.

MFC after: 1 week

Include missing header files which define functions for which gcc has
builtints (e.g., exit, strcmp).

CND has been unused for two years, and RND has been unused for five
years; remove them from CFLAGS.

PR: 23712
Submitted by: Volker Stolz <stolz@i2.informatik.rwth-aachen.de>

- Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.

Use %c for expire/change dates

mdoc(7) police: simplify bogus ``.Ql Fl'' constructs.

Document the lock and unlock commands. This fixes a segmentation fault.

PR: 25187
Approved by: nik

Document the lock and unlock commands.

PR: 25187
Approved by: nik

Switch from using rand() or random() to a stronger, more appropriate PRNG
(random() or arc4random())

Reviewed by: bde

mdoc(7) police: split punctuation characters + misc fixes.

Prepare for mdoc(7)NG.

Fix typo: s/memberhip/membership/

Submitted by: Peter Avalos <pavalos@theshell.com>

Convert to use the <sys/queue.h> macros rather than fiddling with the queue
structure internals.

Reviewed by: markm

Make the comment generated in /etc/pw.conf match reality

PR: misc/23451
Submitted by: Ben Rosengart, ben@narcissus.net

Add `_PATH_DEVZERO'.
Use _PATH_* where where possible.

mdoc(7) police: use the new features of the Nm macro.

Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now. In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by: peter

Move test for -w flag outside of the code dealing with -D (defaults).
This should cause -w's argument not to be ignored in the usermod case,
so it will affect modification of the user's password instead of using
the pw.conf (or internal default=no '*') password method.
PR: bin/11168

Allow -g with an empty argument in the -D case. This allows -g "" to set
no default group (and thus fall back to user-based groups instead).
PR: bin/5717

Fix another missed case where usermod would not set the "modified" flag:
-h - to set no password. But only mark modified if the account is not
already locked (i.e. first char of crypt password field is '*').
PR: bin/19999

Catch up to the fact that we now have tcsh in the tree.

Support propogation of file flags when building a homedir from the
skeleton directory.
sprintf() -> snprintf() cleanup.
PR: bin/8756
Submitted by: "Nickolay N. Dudorov" <nnd@itfs.nsk.su>

Fix breakage introduced by bypassing update for additional 'mod'
functionality when nothing had actually changed; -d changes would
not set the 'something had changed flag'. Actually test for a
change in homedir.
PR: bin/19649

Don't dereference NULL in the userdel case.

Localize ctype too.
Add weekday to showuser expired fields

Localize time/date.
Use ISO 8601 date in logs.
Fix wrong argument type in ctype functions.

Fix obvious braino in assignment statement. usermod -g should work again.
PR: 17877
Submitted by: pius@zyan.com

Be a little more strict about handling command line args. This allows user and
group names like 'help' 'mod' 'user' 'group' etc. to work correctly without
requiring the -n style invocation.
PR: misc/17069

Fix a long-standing bug in the rename case previously masked by another bug
just fixed in .db file updating.

Second and hopefully final fix to .db sync when renaming a user; we must run
a full reindex in this case to remove the old record. #ifdef -u capability
since this is available on FreeBSD only.
PR: bin/16418
Problem pointed out by: Masachika ISHIZUKA <ishizuka@ish.org>

Fix db syncronization when username is changed with -l under usermod.
pw(8) was calling pwd_mkdb -u oldusername instead of newusername, so
the update appears to have failed until the next full pwd_mkdb
syncronization.

PR: bin/16418

Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by: msmith and others

Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by: phk
Reviewed by: phk
Approved by: mdodd

Remove more single-space hard sentence breaks.

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

Portability fixes for other bsd4.4 derivatives.

Revert the libcrypt/libmd stuff back to how it was. This should not have
happened as it was working around problems elsewhere (ie: binutils/ld
not doing the right thing according to the ELF design). libcrypt has
been adjusted to not need the runtime -lmd. It's still not quite right
(ld is supposed to work damnit) but at least it doesn't impact all the
users of libcrypt in Marcel's cross-build model.

Add libmd (or move it after libcrypt). We don't want the linker to be
smart because it will definitely get it wrong. This popped up during
cross-linking.

Don't try updating the passwd file if no data has changed. This allows things
like "pw usermod <name> -m" to work for non-local NIS users; since no attempt
is made to update the password entry, the home directory will be created and
populated as expected without error.

Add new functionality "lock" and "unlock" to provide a simple password
locking mechanism for users. This works by prepending the string
"*LOCKED*" to the password field in master.passwd to prevent successful
decoding.

Missed statement in password update relating to the previous change
to fileupdate() which prevented pwd_mkdb(1) from being run.

Clean up error handling in fileupdate(), which now returns 0 on success
instead of a boolean. This replicated through he front-end sub-functions
relating to add, delete, modify entries in passwd & group files
Errno is now preserved so output of errc()/warnc() will be less obfuscated
by subsequent errors when reporting the problem.

Add more intelligent error handling when attempting to modify/delete NIS
entries with no corresponding local database entry.

[MFC to stable in a couple of weeks to keep both in sync]

Only do a full pwd_mkdb for deletions; other operations may use the -u
option as an optimization.

PR: 13346
Submitted by: Neil Blakey-Milner <nbm@rucus.ru.ac.za>

$Id$ -> $FreeBSD$

Remove some more warnings.

Fix date parsing to allow '0' (none) date value.

Add the ability to print user records in unix version 7 (old) format.

Fix minor nit with command line parsing for pw -V DIR action.

Fix tpyo (sic) and missing 'else' (bad cut n' paste).

1) Do not blindly ignore file update errors which may occur due to concurrent
updating
2) Add -V <etcdir>, which allows maintaining user/group database in alternate
locations other than /etc.

Don't assume a_name is a number just because the first character
is a digit.

PR: bin/9484
Submitted by: Matthew D. Fuller <fullermd@futuresouth.com>

Remove bogus file locking in main().

-Clarification of last commit-
The char that the random letters and numbers are being pulled from is
ended with a '\0'. Using sizeof() includes this '\0' in the 'pool' of
possible characters. This patch decrements by one the size so we don't
accidently end the new password prematurly.

Let's make sure we're at the end of the password string before we apply a \0
and terminate it. This patch ensures passwords will be the correct length of 8,
which is what is implied in the source (but not reflected in the man page).

PR: bin/7817
Reviewed by: Alfred Perlstein <bright@hotjobs.com>
Submitted by: Hiroshi Nishikawa <nis@pluto.dti.ne.jp>

Fix the spelling of `FreeBSD'.

Submitted by: Peter Philipp <pjp@bsd-daemon.net>

Remove useless `BINOWN=root' now that it is the default.

Fix inappropriate use of .Ql macro.

PR: docs/7905
Submitted by: kuma@jp.freebsd.org

The `group{del,mod,show}' take require a '[group|gid]' argument.

PR: docs/7788

- On second thought, attempt to get the read-only lock, but don't
consider it a exit failure if it doesn't work. This means that root
processes can safely get the lock, but normal processes can still use
the 'pw' utility to get information (which may change out from under
them.)

- Removed read-only lock from 'pw'. This removes portions of the FIX
from PR/6787, but allow non-root users to use pw to get password
information. However, this should be safe since the fixes for
disallowing multiple instances from modifying the DB are still intact.

Bug noted by: dima@best.net (Dima Ruban)

Fix race condition in pw caused by multiple instances of pwd_mkdb being
run at the same time.

Notes:
The fileupdate function is still somewhat broken. Instead of
returning a failure code if it can't modify the original file it
renames the .new file and continues as though nothing is wrong.
This will cause the lock on the original file to be lost and could
lead to a similar race condition. I left that portion of the code
alone since I feel that the maintainer of the code would have a
better concept of how he wants to handle errors in that function
than I do.

PR: bin/6787
Submitted by: Craig Spannring <cts@internetcds.com>

.Nm pw -> .Nm.

Overhaul this manpage - removing typos, awkward phrasing, and addressing
a few technical faults.

PR: 5692
Submitted by: dannyman@arh0300.urh.uiuc.edu

pwd_mkdb option '-c' was renamed to -C some weeks ago.

PR: bin/5715
Submitted by: dannyman <dannyman@arh0300.urh.uiuc.edu>

Use consistent spelling,
writeable -> writable (recall prior debate over this? :-)
initialise -> initialize
recognise -> recognize

Merry Christmas! :)

Use err(3) instead of local redefinition. Add rcsid string.

Unquote default group in pw.conf.
PR: 4365
Submitted by: "Andrew L. Moore" <alm@mclink.com>

Fix -p switch.

getuid() -> geteuid().

Remove srandomdev fallback code

Fixes skeleton directory test-it-is-a-directory logic.
PR: 3666
Reviewed by:
Submitted by: iaint@css.tuu.utas.edu.au
Obtained from:

Initialize RNG only once
Use srandomdev() now

Fix srandom arg according to Lite2

Typo fix 'and' -> 'an'.

This is a 2.2 candidate.

Back out MAXLOGNAME fix, Bruce points that copyinstr require NUL

Fix MAXLOGNAME usage, the code has wrong assumption that
it must be NUL terminated

Revert $FreeBSD$ to $Id$

Yet another formatting consistency check.

Fix useage of MAXLOGNAME to include terminating NUL, by using
max(MAXLOGNAME-1,UT_NAMESIZE).
Tidy up "pretty" printing format for longer usernames.

Sort cross references.

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Adds optional NIS passwd file updating and optionally rebuilding
NIS maps.

Suggested by: Peter Wemm

Remove duplicated #include.

Fix reference /etc/acct/pw.conf -> /etc/pw.conf.

Pointed-Out-By: Peter Wemm.

Implemented /home -> /usr/home symlink kludge.
If home basedir would be created in the root partition, create
it under /usr instead, and symlink /basedir -> /usr/basedir.

1) Base home directory is created if it does not already exist if
useradd -m or useradd -D -b are used.
2) Hyphen allowed in username if not first character. Fix trivial
bug in error fmt string.
3) /etc/skeykeys updating changed to do 'inplace' update, commenting
out a username rather than removing it completely.

Correct file modes on updated /etc/skeykeys.

1) 200 users per group limitation removed and pw
will handle lines of any length in /etc/group.
2) Fixed bug with usermod -d not updating user's home
directory.
3) Minor formatting display changes/fixes with *show -P.

Bugfix (cosmetic) for output of generated passwords.

Allow 8-bit characters in the passwd gecos field, and adds a paragraph
to the mangpage explaining the consequences (to be updated at a later
date after login class conf support is added).

Changes to password generator: fallback to MD5 generator disabled
(/dev/urandom used by default under FreeBSD), and implemented a
"portable" but less secure generator for other systems.
Add display of expiry/password change dates in -P user display.

Submitted by: proff@iq.org
Minor fix for security patch.

Reviewed by: davidn@blaze.net.au
Submitted by: proff@iq.org
Security patch for better random password generation.

Update from David, reflecting Wolfram's wishes regarding limitation of
the allowable character set.

Submitted by: David Nugent

Merg-o-matic.

This commit was generated by cvs2svn to compensate for changes in r20302,
which included commits to RCS files with non-trunk default branches.

Merge from the vendor-branch.

This commit was generated by cvs2svn to compensate for changes in r20267,
which included commits to RCS files with non-trunk default branches.

Minor spelling/mdoc/style fixes.

This commit was generated by cvs2svn to compensate for changes in r20253,
which included commits to RCS files with non-trunk default branches.