#
1.50 |
|
08-Mar-2023 |
guenther |
Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@
|
#
1.49 |
|
04-Dec-2022 |
cheloha |
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.48 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.47 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.46 |
|
14-Sep-2019 |
semarie |
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too
ok mestre@ millert@
|
#
1.45 |
|
30-Apr-2019 |
mestre |
add unveil(2):
chpass(1) without parameters enters in edit mode by default, in here it will need to execute _PATH_BSHELL to spawn a new EDITOR, _PATH_SHELLS to check (read) if we are changing from/to a non-standard shell (in case we are not root) and read access to `tempname' to verify if the file has valid entries and create to unlink it.
If -s is used to change a user's shell then it will need read access to _PATH_SHELLS by the same reason already mentioned above.
Unconditionally we need to unveil _PATH_MASTERPASSWD_LOCK with write/create permissions, _PATH_MASTERPASSWD with read and _PATH_PWD_MKDB to execute pwd_mkdb(8).
In the -a case I'm not unveiling /etc/spwd.db since we can get it through pledge "getpw", which can be added later for completeness of all code paths. Note also that the first pledges need "unveil" since we will call unveil(2) afterwards.
"looks good" deraadt@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.44 |
|
08-Dec-2017 |
deraadt |
Convert snprintf+write into dprintf. It is simply easier to read, and provides retry on short-write file descriptors. ok florian, previous versions seen by millert
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.43 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie
|
#
1.42 |
|
18-Nov-2015 |
tedu |
needs _shadow so it can rewrite the master.passwd file
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.41 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.40 |
|
26-Oct-2014 |
guenther |
Prefer mkostemp(O_CLOEXEC) over mkstemp()+fcntl(F_SETFD) Prefer fopen("re") over fopen("r")+fcntl(F_SETFD)
ok otto@ millert@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.39 |
|
18-Apr-2013 |
okan |
- use FD_CLOEXEC instead of 1 - use O_CLOEXEC with open() instead of open/fcntl
from David Hill
ok otto@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.38 |
|
20-Jun-2012 |
schwarze |
Correct English just like jsing@ did it in passwd/local_passwd.c rev. 1.38 on April 27, 2008. While here, fix a typo and drop an obsolete BUGS section.
"my typo so OK millert@ :-)" and OK jmc@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.37 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.36 |
|
08-Jul-2008 |
sobrado |
fix double "usage:"
|
#
1.35 |
|
19-Jun-2008 |
tobias |
Moved the unset of TZ environment variable out of atot into main, removing an unused static var and test out of atot.
With input by jsing and millert, ok millert
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
27-Mar-2007 |
jmc |
-a requires a separate synopsis; from Daniel Polak via henning
ok henning
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.33 |
|
15-Jan-2007 |
otto |
Fix -a when given an entry with an already existing user. Also, give error message if a user arg has been given with -a. Noted by Dan Brosemer. ok millert@ jaredy@
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.32 |
|
12-Dec-2005 |
deraadt |
ARGSUSED on signal handler
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.31 |
|
10-May-2004 |
wilfried |
unbreak chsh, ok millert
|
#
1.30 |
|
20-Apr-2004 |
millert |
Adapt to new pw_copy() API, closes PR 3698.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.29 |
|
26-Nov-2003 |
espie |
This is ISO C, use string concatenation, instead of bogus use of __CONCAT. (hint: "a" and "b" can't be pasted as a valid C token...) okay millert@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.28 |
|
01-Jul-2003 |
avsm |
- no need for pathnames.h, just use <paths.h> instead - bump mktemp randomness slightly from 8 -> 10 millert@ ok
|
#
1.27 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.26 |
|
31-Jul-2002 |
millert |
When I got removed the use of atexit() I missed the fact that edit() calls pw_error() which in turn calls exit(). Now edit() returns its status so the temp file gets cleaned up nicely if the user makes no changes or if an error occurred. Problem noticed by deraadt@
|
#
1.25 |
|
27-Jun-2002 |
deraadt |
move protos
|
#
1.24 |
|
27-Jun-2002 |
millert |
There is absolutely no reason for the "tempname" or dfd variables to exist outside the scope of the 'op == EDITENTRY' code block. This allows us to get rid of the atexit() call and tempcleanup().
|
#
1.23 |
|
27-Jun-2002 |
deraadt |
cleanup; mpech & millert ok
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
mpech |
Remove \n from err/errx/warn/warnx().
millert@ ok
|
#
1.21 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
27-Aug-2001 |
millert |
Instead of prompting the user whether or not they wish to continue to wait for the lock on password file just tell the user to interrupt with ^C. This simplifies the locking loop a bit.
Update man page to this effect.
|
#
1.19 |
|
16-Aug-2001 |
millert |
extra arg to pw_mkdb
|
#
1.18 |
|
16-Aug-2001 |
millert |
At Theo's request only print 'Please wait' if don't get the lock on the first try.
|
#
1.17 |
|
15-Aug-2001 |
millert |
Move locking of the passwd file *after* we have gotten a new password from the user. Set real/effective/saved uids to 0 and block all signals so the lock cannot be kept longer than necessary. If we cannot lock, try again every 1/4 second for 2 seconds and then ask the user what they wish to do (keep trying, quit).
Same as in local_passwd.c but here we need to remove a temp file in the SIGINT handler because _exit() doesn't call atexit() routines.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
26-Nov-2000 |
millert |
Update for pw_mkdb(3) interface change. All but vipw and userdel can specify a username (and thus avoid rebuilding the while database).
|
#
1.15 |
|
21-Nov-2000 |
aaron |
Sync usage() output with man page; mpech@prosoft.org.lv
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.14 |
|
05-Dec-1999 |
millert |
Fix temp file unlinking. We use atexit() since the libutil passwd routines do their own exit.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.13 |
|
03-Aug-1998 |
millert |
use __progname
|
#
1.12 |
|
02-Aug-1998 |
millert |
add close on exec flag to all opens
|
#
1.11 |
|
29-May-1998 |
millert |
put temp file _PATH_VARTMP
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.10 |
|
30-Mar-1998 |
deraadt |
Y2K fixes from Andreas.Gunnarsson@emw.ericsson.se; culled from various places
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.9 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.8 |
|
13-Feb-1997 |
deraadt |
fix YP and non-YP cases to exit/warn nicely
|
#
1.7 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.6 |
|
20-Oct-1996 |
millert |
better error message if unable to create password temp file.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.5 |
|
23-Sep-1996 |
deraadt |
pw_abort() after yp change, does unlock
|
#
1.4 |
|
31-Aug-1996 |
deraadt |
kill leaks; help from das33@cornell.edu
|
#
1.3 |
|
26-Jun-1996 |
deraadt |
rcsid
|
#
1.2 |
|
22-May-1996 |
deraadt |
libutil
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.49 |
|
04-Dec-2022 |
cheloha |
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.48 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.47 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.46 |
|
14-Sep-2019 |
semarie |
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too
ok mestre@ millert@
|
#
1.45 |
|
30-Apr-2019 |
mestre |
add unveil(2):
chpass(1) without parameters enters in edit mode by default, in here it will need to execute _PATH_BSHELL to spawn a new EDITOR, _PATH_SHELLS to check (read) if we are changing from/to a non-standard shell (in case we are not root) and read access to `tempname' to verify if the file has valid entries and create to unlink it.
If -s is used to change a user's shell then it will need read access to _PATH_SHELLS by the same reason already mentioned above.
Unconditionally we need to unveil _PATH_MASTERPASSWD_LOCK with write/create permissions, _PATH_MASTERPASSWD with read and _PATH_PWD_MKDB to execute pwd_mkdb(8).
In the -a case I'm not unveiling /etc/spwd.db since we can get it through pledge "getpw", which can be added later for completeness of all code paths. Note also that the first pledges need "unveil" since we will call unveil(2) afterwards.
"looks good" deraadt@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.44 |
|
08-Dec-2017 |
deraadt |
Convert snprintf+write into dprintf. It is simply easier to read, and provides retry on short-write file descriptors. ok florian, previous versions seen by millert
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.43 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie
|
#
1.42 |
|
18-Nov-2015 |
tedu |
needs _shadow so it can rewrite the master.passwd file
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.41 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.40 |
|
26-Oct-2014 |
guenther |
Prefer mkostemp(O_CLOEXEC) over mkstemp()+fcntl(F_SETFD) Prefer fopen("re") over fopen("r")+fcntl(F_SETFD)
ok otto@ millert@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.39 |
|
18-Apr-2013 |
okan |
- use FD_CLOEXEC instead of 1 - use O_CLOEXEC with open() instead of open/fcntl
from David Hill
ok otto@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.38 |
|
20-Jun-2012 |
schwarze |
Correct English just like jsing@ did it in passwd/local_passwd.c rev. 1.38 on April 27, 2008. While here, fix a typo and drop an obsolete BUGS section.
"my typo so OK millert@ :-)" and OK jmc@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.37 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.36 |
|
08-Jul-2008 |
sobrado |
fix double "usage:"
|
#
1.35 |
|
19-Jun-2008 |
tobias |
Moved the unset of TZ environment variable out of atot into main, removing an unused static var and test out of atot.
With input by jsing and millert, ok millert
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
27-Mar-2007 |
jmc |
-a requires a separate synopsis; from Daniel Polak via henning
ok henning
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.33 |
|
15-Jan-2007 |
otto |
Fix -a when given an entry with an already existing user. Also, give error message if a user arg has been given with -a. Noted by Dan Brosemer. ok millert@ jaredy@
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.32 |
|
12-Dec-2005 |
deraadt |
ARGSUSED on signal handler
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.31 |
|
10-May-2004 |
wilfried |
unbreak chsh, ok millert
|
#
1.30 |
|
20-Apr-2004 |
millert |
Adapt to new pw_copy() API, closes PR 3698.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.29 |
|
26-Nov-2003 |
espie |
This is ISO C, use string concatenation, instead of bogus use of __CONCAT. (hint: "a" and "b" can't be pasted as a valid C token...) okay millert@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.28 |
|
01-Jul-2003 |
avsm |
- no need for pathnames.h, just use <paths.h> instead - bump mktemp randomness slightly from 8 -> 10 millert@ ok
|
#
1.27 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.26 |
|
31-Jul-2002 |
millert |
When I got removed the use of atexit() I missed the fact that edit() calls pw_error() which in turn calls exit(). Now edit() returns its status so the temp file gets cleaned up nicely if the user makes no changes or if an error occurred. Problem noticed by deraadt@
|
#
1.25 |
|
27-Jun-2002 |
deraadt |
move protos
|
#
1.24 |
|
27-Jun-2002 |
millert |
There is absolutely no reason for the "tempname" or dfd variables to exist outside the scope of the 'op == EDITENTRY' code block. This allows us to get rid of the atexit() call and tempcleanup().
|
#
1.23 |
|
27-Jun-2002 |
deraadt |
cleanup; mpech & millert ok
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
mpech |
Remove \n from err/errx/warn/warnx().
millert@ ok
|
#
1.21 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
27-Aug-2001 |
millert |
Instead of prompting the user whether or not they wish to continue to wait for the lock on password file just tell the user to interrupt with ^C. This simplifies the locking loop a bit.
Update man page to this effect.
|
#
1.19 |
|
16-Aug-2001 |
millert |
extra arg to pw_mkdb
|
#
1.18 |
|
16-Aug-2001 |
millert |
At Theo's request only print 'Please wait' if don't get the lock on the first try.
|
#
1.17 |
|
15-Aug-2001 |
millert |
Move locking of the passwd file *after* we have gotten a new password from the user. Set real/effective/saved uids to 0 and block all signals so the lock cannot be kept longer than necessary. If we cannot lock, try again every 1/4 second for 2 seconds and then ask the user what they wish to do (keep trying, quit).
Same as in local_passwd.c but here we need to remove a temp file in the SIGINT handler because _exit() doesn't call atexit() routines.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
26-Nov-2000 |
millert |
Update for pw_mkdb(3) interface change. All but vipw and userdel can specify a username (and thus avoid rebuilding the while database).
|
#
1.15 |
|
21-Nov-2000 |
aaron |
Sync usage() output with man page; mpech@prosoft.org.lv
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.14 |
|
05-Dec-1999 |
millert |
Fix temp file unlinking. We use atexit() since the libutil passwd routines do their own exit.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.13 |
|
03-Aug-1998 |
millert |
use __progname
|
#
1.12 |
|
02-Aug-1998 |
millert |
add close on exec flag to all opens
|
#
1.11 |
|
29-May-1998 |
millert |
put temp file _PATH_VARTMP
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.10 |
|
30-Mar-1998 |
deraadt |
Y2K fixes from Andreas.Gunnarsson@emw.ericsson.se; culled from various places
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.9 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.8 |
|
13-Feb-1997 |
deraadt |
fix YP and non-YP cases to exit/warn nicely
|
#
1.7 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.6 |
|
20-Oct-1996 |
millert |
better error message if unable to create password temp file.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.5 |
|
23-Sep-1996 |
deraadt |
pw_abort() after yp change, does unlock
|
#
1.4 |
|
31-Aug-1996 |
deraadt |
kill leaks; help from das33@cornell.edu
|
#
1.3 |
|
26-Jun-1996 |
deraadt |
rcsid
|
#
1.2 |
|
22-May-1996 |
deraadt |
libutil
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.48 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.47 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.46 |
|
14-Sep-2019 |
semarie |
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too
ok mestre@ millert@
|
#
1.45 |
|
30-Apr-2019 |
mestre |
add unveil(2):
chpass(1) without parameters enters in edit mode by default, in here it will need to execute _PATH_BSHELL to spawn a new EDITOR, _PATH_SHELLS to check (read) if we are changing from/to a non-standard shell (in case we are not root) and read access to `tempname' to verify if the file has valid entries and create to unlink it.
If -s is used to change a user's shell then it will need read access to _PATH_SHELLS by the same reason already mentioned above.
Unconditionally we need to unveil _PATH_MASTERPASSWD_LOCK with write/create permissions, _PATH_MASTERPASSWD with read and _PATH_PWD_MKDB to execute pwd_mkdb(8).
In the -a case I'm not unveiling /etc/spwd.db since we can get it through pledge "getpw", which can be added later for completeness of all code paths. Note also that the first pledges need "unveil" since we will call unveil(2) afterwards.
"looks good" deraadt@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.44 |
|
08-Dec-2017 |
deraadt |
Convert snprintf+write into dprintf. It is simply easier to read, and provides retry on short-write file descriptors. ok florian, previous versions seen by millert
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.43 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie
|
#
1.42 |
|
18-Nov-2015 |
tedu |
needs _shadow so it can rewrite the master.passwd file
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.41 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.40 |
|
26-Oct-2014 |
guenther |
Prefer mkostemp(O_CLOEXEC) over mkstemp()+fcntl(F_SETFD) Prefer fopen("re") over fopen("r")+fcntl(F_SETFD)
ok otto@ millert@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.39 |
|
18-Apr-2013 |
okan |
- use FD_CLOEXEC instead of 1 - use O_CLOEXEC with open() instead of open/fcntl
from David Hill
ok otto@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.38 |
|
20-Jun-2012 |
schwarze |
Correct English just like jsing@ did it in passwd/local_passwd.c rev. 1.38 on April 27, 2008. While here, fix a typo and drop an obsolete BUGS section.
"my typo so OK millert@ :-)" and OK jmc@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.37 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.36 |
|
08-Jul-2008 |
sobrado |
fix double "usage:"
|
#
1.35 |
|
19-Jun-2008 |
tobias |
Moved the unset of TZ environment variable out of atot into main, removing an unused static var and test out of atot.
With input by jsing and millert, ok millert
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
27-Mar-2007 |
jmc |
-a requires a separate synopsis; from Daniel Polak via henning
ok henning
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.33 |
|
15-Jan-2007 |
otto |
Fix -a when given an entry with an already existing user. Also, give error message if a user arg has been given with -a. Noted by Dan Brosemer. ok millert@ jaredy@
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.32 |
|
12-Dec-2005 |
deraadt |
ARGSUSED on signal handler
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.31 |
|
10-May-2004 |
wilfried |
unbreak chsh, ok millert
|
#
1.30 |
|
20-Apr-2004 |
millert |
Adapt to new pw_copy() API, closes PR 3698.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.29 |
|
26-Nov-2003 |
espie |
This is ISO C, use string concatenation, instead of bogus use of __CONCAT. (hint: "a" and "b" can't be pasted as a valid C token...) okay millert@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.28 |
|
01-Jul-2003 |
avsm |
- no need for pathnames.h, just use <paths.h> instead - bump mktemp randomness slightly from 8 -> 10 millert@ ok
|
#
1.27 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.26 |
|
31-Jul-2002 |
millert |
When I got removed the use of atexit() I missed the fact that edit() calls pw_error() which in turn calls exit(). Now edit() returns its status so the temp file gets cleaned up nicely if the user makes no changes or if an error occurred. Problem noticed by deraadt@
|
#
1.25 |
|
27-Jun-2002 |
deraadt |
move protos
|
#
1.24 |
|
27-Jun-2002 |
millert |
There is absolutely no reason for the "tempname" or dfd variables to exist outside the scope of the 'op == EDITENTRY' code block. This allows us to get rid of the atexit() call and tempcleanup().
|
#
1.23 |
|
27-Jun-2002 |
deraadt |
cleanup; mpech & millert ok
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
mpech |
Remove \n from err/errx/warn/warnx().
millert@ ok
|
#
1.21 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
27-Aug-2001 |
millert |
Instead of prompting the user whether or not they wish to continue to wait for the lock on password file just tell the user to interrupt with ^C. This simplifies the locking loop a bit.
Update man page to this effect.
|
#
1.19 |
|
16-Aug-2001 |
millert |
extra arg to pw_mkdb
|
#
1.18 |
|
16-Aug-2001 |
millert |
At Theo's request only print 'Please wait' if don't get the lock on the first try.
|
#
1.17 |
|
15-Aug-2001 |
millert |
Move locking of the passwd file *after* we have gotten a new password from the user. Set real/effective/saved uids to 0 and block all signals so the lock cannot be kept longer than necessary. If we cannot lock, try again every 1/4 second for 2 seconds and then ask the user what they wish to do (keep trying, quit).
Same as in local_passwd.c but here we need to remove a temp file in the SIGINT handler because _exit() doesn't call atexit() routines.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
26-Nov-2000 |
millert |
Update for pw_mkdb(3) interface change. All but vipw and userdel can specify a username (and thus avoid rebuilding the while database).
|
#
1.15 |
|
21-Nov-2000 |
aaron |
Sync usage() output with man page; mpech@prosoft.org.lv
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.14 |
|
05-Dec-1999 |
millert |
Fix temp file unlinking. We use atexit() since the libutil passwd routines do their own exit.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.13 |
|
03-Aug-1998 |
millert |
use __progname
|
#
1.12 |
|
02-Aug-1998 |
millert |
add close on exec flag to all opens
|
#
1.11 |
|
29-May-1998 |
millert |
put temp file _PATH_VARTMP
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.10 |
|
30-Mar-1998 |
deraadt |
Y2K fixes from Andreas.Gunnarsson@emw.ericsson.se; culled from various places
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.9 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.8 |
|
13-Feb-1997 |
deraadt |
fix YP and non-YP cases to exit/warn nicely
|
#
1.7 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.6 |
|
20-Oct-1996 |
millert |
better error message if unable to create password temp file.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.5 |
|
23-Sep-1996 |
deraadt |
pw_abort() after yp change, does unlock
|
#
1.4 |
|
31-Aug-1996 |
deraadt |
kill leaks; help from das33@cornell.edu
|
#
1.3 |
|
26-Jun-1996 |
deraadt |
rcsid
|
#
1.2 |
|
22-May-1996 |
deraadt |
libutil
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.47 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.46 |
|
14-Sep-2019 |
semarie |
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too
ok mestre@ millert@
|
#
1.45 |
|
30-Apr-2019 |
mestre |
add unveil(2):
chpass(1) without parameters enters in edit mode by default, in here it will need to execute _PATH_BSHELL to spawn a new EDITOR, _PATH_SHELLS to check (read) if we are changing from/to a non-standard shell (in case we are not root) and read access to `tempname' to verify if the file has valid entries and create to unlink it.
If -s is used to change a user's shell then it will need read access to _PATH_SHELLS by the same reason already mentioned above.
Unconditionally we need to unveil _PATH_MASTERPASSWD_LOCK with write/create permissions, _PATH_MASTERPASSWD with read and _PATH_PWD_MKDB to execute pwd_mkdb(8).
In the -a case I'm not unveiling /etc/spwd.db since we can get it through pledge "getpw", which can be added later for completeness of all code paths. Note also that the first pledges need "unveil" since we will call unveil(2) afterwards.
"looks good" deraadt@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.44 |
|
08-Dec-2017 |
deraadt |
Convert snprintf+write into dprintf. It is simply easier to read, and provides retry on short-write file descriptors. ok florian, previous versions seen by millert
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.43 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie
|
#
1.42 |
|
18-Nov-2015 |
tedu |
needs _shadow so it can rewrite the master.passwd file
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.41 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.40 |
|
26-Oct-2014 |
guenther |
Prefer mkostemp(O_CLOEXEC) over mkstemp()+fcntl(F_SETFD) Prefer fopen("re") over fopen("r")+fcntl(F_SETFD)
ok otto@ millert@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.39 |
|
18-Apr-2013 |
okan |
- use FD_CLOEXEC instead of 1 - use O_CLOEXEC with open() instead of open/fcntl
from David Hill
ok otto@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.38 |
|
20-Jun-2012 |
schwarze |
Correct English just like jsing@ did it in passwd/local_passwd.c rev. 1.38 on April 27, 2008. While here, fix a typo and drop an obsolete BUGS section.
"my typo so OK millert@ :-)" and OK jmc@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.37 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.36 |
|
08-Jul-2008 |
sobrado |
fix double "usage:"
|
#
1.35 |
|
19-Jun-2008 |
tobias |
Moved the unset of TZ environment variable out of atot into main, removing an unused static var and test out of atot.
With input by jsing and millert, ok millert
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
27-Mar-2007 |
jmc |
-a requires a separate synopsis; from Daniel Polak via henning
ok henning
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.33 |
|
15-Jan-2007 |
otto |
Fix -a when given an entry with an already existing user. Also, give error message if a user arg has been given with -a. Noted by Dan Brosemer. ok millert@ jaredy@
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.32 |
|
12-Dec-2005 |
deraadt |
ARGSUSED on signal handler
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.31 |
|
10-May-2004 |
wilfried |
unbreak chsh, ok millert
|
#
1.30 |
|
20-Apr-2004 |
millert |
Adapt to new pw_copy() API, closes PR 3698.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.29 |
|
26-Nov-2003 |
espie |
This is ISO C, use string concatenation, instead of bogus use of __CONCAT. (hint: "a" and "b" can't be pasted as a valid C token...) okay millert@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.28 |
|
01-Jul-2003 |
avsm |
- no need for pathnames.h, just use <paths.h> instead - bump mktemp randomness slightly from 8 -> 10 millert@ ok
|
#
1.27 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.26 |
|
31-Jul-2002 |
millert |
When I got removed the use of atexit() I missed the fact that edit() calls pw_error() which in turn calls exit(). Now edit() returns its status so the temp file gets cleaned up nicely if the user makes no changes or if an error occurred. Problem noticed by deraadt@
|
#
1.25 |
|
27-Jun-2002 |
deraadt |
move protos
|
#
1.24 |
|
27-Jun-2002 |
millert |
There is absolutely no reason for the "tempname" or dfd variables to exist outside the scope of the 'op == EDITENTRY' code block. This allows us to get rid of the atexit() call and tempcleanup().
|
#
1.23 |
|
27-Jun-2002 |
deraadt |
cleanup; mpech & millert ok
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
mpech |
Remove \n from err/errx/warn/warnx().
millert@ ok
|
#
1.21 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
27-Aug-2001 |
millert |
Instead of prompting the user whether or not they wish to continue to wait for the lock on password file just tell the user to interrupt with ^C. This simplifies the locking loop a bit.
Update man page to this effect.
|
#
1.19 |
|
16-Aug-2001 |
millert |
extra arg to pw_mkdb
|
#
1.18 |
|
16-Aug-2001 |
millert |
At Theo's request only print 'Please wait' if don't get the lock on the first try.
|
#
1.17 |
|
15-Aug-2001 |
millert |
Move locking of the passwd file *after* we have gotten a new password from the user. Set real/effective/saved uids to 0 and block all signals so the lock cannot be kept longer than necessary. If we cannot lock, try again every 1/4 second for 2 seconds and then ask the user what they wish to do (keep trying, quit).
Same as in local_passwd.c but here we need to remove a temp file in the SIGINT handler because _exit() doesn't call atexit() routines.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
26-Nov-2000 |
millert |
Update for pw_mkdb(3) interface change. All but vipw and userdel can specify a username (and thus avoid rebuilding the while database).
|
#
1.15 |
|
21-Nov-2000 |
aaron |
Sync usage() output with man page; mpech@prosoft.org.lv
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.14 |
|
05-Dec-1999 |
millert |
Fix temp file unlinking. We use atexit() since the libutil passwd routines do their own exit.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.13 |
|
03-Aug-1998 |
millert |
use __progname
|
#
1.12 |
|
02-Aug-1998 |
millert |
add close on exec flag to all opens
|
#
1.11 |
|
29-May-1998 |
millert |
put temp file _PATH_VARTMP
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.10 |
|
30-Mar-1998 |
deraadt |
Y2K fixes from Andreas.Gunnarsson@emw.ericsson.se; culled from various places
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.9 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.8 |
|
13-Feb-1997 |
deraadt |
fix YP and non-YP cases to exit/warn nicely
|
#
1.7 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.6 |
|
20-Oct-1996 |
millert |
better error message if unable to create password temp file.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.5 |
|
23-Sep-1996 |
deraadt |
pw_abort() after yp change, does unlock
|
#
1.4 |
|
31-Aug-1996 |
deraadt |
kill leaks; help from das33@cornell.edu
|
#
1.3 |
|
26-Jun-1996 |
deraadt |
rcsid
|
#
1.2 |
|
22-May-1996 |
deraadt |
libutil
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.46 |
|
14-Sep-2019 |
semarie |
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too
ok mestre@ millert@
|
#
1.45 |
|
30-Apr-2019 |
mestre |
add unveil(2):
chpass(1) without parameters enters in edit mode by default, in here it will need to execute _PATH_BSHELL to spawn a new EDITOR, _PATH_SHELLS to check (read) if we are changing from/to a non-standard shell (in case we are not root) and read access to `tempname' to verify if the file has valid entries and create to unlink it.
If -s is used to change a user's shell then it will need read access to _PATH_SHELLS by the same reason already mentioned above.
Unconditionally we need to unveil _PATH_MASTERPASSWD_LOCK with write/create permissions, _PATH_MASTERPASSWD with read and _PATH_PWD_MKDB to execute pwd_mkdb(8).
In the -a case I'm not unveiling /etc/spwd.db since we can get it through pledge "getpw", which can be added later for completeness of all code paths. Note also that the first pledges need "unveil" since we will call unveil(2) afterwards.
"looks good" deraadt@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.44 |
|
08-Dec-2017 |
deraadt |
Convert snprintf+write into dprintf. It is simply easier to read, and provides retry on short-write file descriptors. ok florian, previous versions seen by millert
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.43 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie
|
#
1.42 |
|
18-Nov-2015 |
tedu |
needs _shadow so it can rewrite the master.passwd file
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.41 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.40 |
|
26-Oct-2014 |
guenther |
Prefer mkostemp(O_CLOEXEC) over mkstemp()+fcntl(F_SETFD) Prefer fopen("re") over fopen("r")+fcntl(F_SETFD)
ok otto@ millert@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.39 |
|
18-Apr-2013 |
okan |
- use FD_CLOEXEC instead of 1 - use O_CLOEXEC with open() instead of open/fcntl
from David Hill
ok otto@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.38 |
|
20-Jun-2012 |
schwarze |
Correct English just like jsing@ did it in passwd/local_passwd.c rev. 1.38 on April 27, 2008. While here, fix a typo and drop an obsolete BUGS section.
"my typo so OK millert@ :-)" and OK jmc@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.37 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.36 |
|
08-Jul-2008 |
sobrado |
fix double "usage:"
|
#
1.35 |
|
19-Jun-2008 |
tobias |
Moved the unset of TZ environment variable out of atot into main, removing an unused static var and test out of atot.
With input by jsing and millert, ok millert
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
27-Mar-2007 |
jmc |
-a requires a separate synopsis; from Daniel Polak via henning
ok henning
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.33 |
|
15-Jan-2007 |
otto |
Fix -a when given an entry with an already existing user. Also, give error message if a user arg has been given with -a. Noted by Dan Brosemer. ok millert@ jaredy@
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.32 |
|
12-Dec-2005 |
deraadt |
ARGSUSED on signal handler
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.31 |
|
10-May-2004 |
wilfried |
unbreak chsh, ok millert
|
#
1.30 |
|
20-Apr-2004 |
millert |
Adapt to new pw_copy() API, closes PR 3698.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.29 |
|
26-Nov-2003 |
espie |
This is ISO C, use string concatenation, instead of bogus use of __CONCAT. (hint: "a" and "b" can't be pasted as a valid C token...) okay millert@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.28 |
|
01-Jul-2003 |
avsm |
- no need for pathnames.h, just use <paths.h> instead - bump mktemp randomness slightly from 8 -> 10 millert@ ok
|
#
1.27 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.26 |
|
31-Jul-2002 |
millert |
When I got removed the use of atexit() I missed the fact that edit() calls pw_error() which in turn calls exit(). Now edit() returns its status so the temp file gets cleaned up nicely if the user makes no changes or if an error occurred. Problem noticed by deraadt@
|
#
1.25 |
|
27-Jun-2002 |
deraadt |
move protos
|
#
1.24 |
|
27-Jun-2002 |
millert |
There is absolutely no reason for the "tempname" or dfd variables to exist outside the scope of the 'op == EDITENTRY' code block. This allows us to get rid of the atexit() call and tempcleanup().
|
#
1.23 |
|
27-Jun-2002 |
deraadt |
cleanup; mpech & millert ok
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
mpech |
Remove \n from err/errx/warn/warnx().
millert@ ok
|
#
1.21 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
27-Aug-2001 |
millert |
Instead of prompting the user whether or not they wish to continue to wait for the lock on password file just tell the user to interrupt with ^C. This simplifies the locking loop a bit.
Update man page to this effect.
|
#
1.19 |
|
16-Aug-2001 |
millert |
extra arg to pw_mkdb
|
#
1.18 |
|
16-Aug-2001 |
millert |
At Theo's request only print 'Please wait' if don't get the lock on the first try.
|
#
1.17 |
|
15-Aug-2001 |
millert |
Move locking of the passwd file *after* we have gotten a new password from the user. Set real/effective/saved uids to 0 and block all signals so the lock cannot be kept longer than necessary. If we cannot lock, try again every 1/4 second for 2 seconds and then ask the user what they wish to do (keep trying, quit).
Same as in local_passwd.c but here we need to remove a temp file in the SIGINT handler because _exit() doesn't call atexit() routines.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
26-Nov-2000 |
millert |
Update for pw_mkdb(3) interface change. All but vipw and userdel can specify a username (and thus avoid rebuilding the while database).
|
#
1.15 |
|
21-Nov-2000 |
aaron |
Sync usage() output with man page; mpech@prosoft.org.lv
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.14 |
|
05-Dec-1999 |
millert |
Fix temp file unlinking. We use atexit() since the libutil passwd routines do their own exit.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.13 |
|
03-Aug-1998 |
millert |
use __progname
|
#
1.12 |
|
02-Aug-1998 |
millert |
add close on exec flag to all opens
|
#
1.11 |
|
29-May-1998 |
millert |
put temp file _PATH_VARTMP
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.10 |
|
30-Mar-1998 |
deraadt |
Y2K fixes from Andreas.Gunnarsson@emw.ericsson.se; culled from various places
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.9 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.8 |
|
13-Feb-1997 |
deraadt |
fix YP and non-YP cases to exit/warn nicely
|
#
1.7 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.6 |
|
20-Oct-1996 |
millert |
better error message if unable to create password temp file.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.5 |
|
23-Sep-1996 |
deraadt |
pw_abort() after yp change, does unlock
|
#
1.4 |
|
31-Aug-1996 |
deraadt |
kill leaks; help from das33@cornell.edu
|
#
1.3 |
|
26-Jun-1996 |
deraadt |
rcsid
|
#
1.2 |
|
22-May-1996 |
deraadt |
libutil
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.45 |
|
30-Apr-2019 |
mestre |
add unveil(2):
chpass(1) without parameters enters in edit mode by default, in here it will need to execute _PATH_BSHELL to spawn a new EDITOR, _PATH_SHELLS to check (read) if we are changing from/to a non-standard shell (in case we are not root) and read access to `tempname' to verify if the file has valid entries and create to unlink it.
If -s is used to change a user's shell then it will need read access to _PATH_SHELLS by the same reason already mentioned above.
Unconditionally we need to unveil _PATH_MASTERPASSWD_LOCK with write/create permissions, _PATH_MASTERPASSWD with read and _PATH_PWD_MKDB to execute pwd_mkdb(8).
In the -a case I'm not unveiling /etc/spwd.db since we can get it through pledge "getpw", which can be added later for completeness of all code paths. Note also that the first pledges need "unveil" since we will call unveil(2) afterwards.
"looks good" deraadt@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.44 |
|
08-Dec-2017 |
deraadt |
Convert snprintf+write into dprintf. It is simply easier to read, and provides retry on short-write file descriptors. ok florian, previous versions seen by millert
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.43 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie
|
#
1.42 |
|
18-Nov-2015 |
tedu |
needs _shadow so it can rewrite the master.passwd file
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.41 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.40 |
|
26-Oct-2014 |
guenther |
Prefer mkostemp(O_CLOEXEC) over mkstemp()+fcntl(F_SETFD) Prefer fopen("re") over fopen("r")+fcntl(F_SETFD)
ok otto@ millert@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.39 |
|
18-Apr-2013 |
okan |
- use FD_CLOEXEC instead of 1 - use O_CLOEXEC with open() instead of open/fcntl
from David Hill
ok otto@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.38 |
|
20-Jun-2012 |
schwarze |
Correct English just like jsing@ did it in passwd/local_passwd.c rev. 1.38 on April 27, 2008. While here, fix a typo and drop an obsolete BUGS section.
"my typo so OK millert@ :-)" and OK jmc@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.37 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.36 |
|
08-Jul-2008 |
sobrado |
fix double "usage:"
|
#
1.35 |
|
19-Jun-2008 |
tobias |
Moved the unset of TZ environment variable out of atot into main, removing an unused static var and test out of atot.
With input by jsing and millert, ok millert
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
27-Mar-2007 |
jmc |
-a requires a separate synopsis; from Daniel Polak via henning
ok henning
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.33 |
|
15-Jan-2007 |
otto |
Fix -a when given an entry with an already existing user. Also, give error message if a user arg has been given with -a. Noted by Dan Brosemer. ok millert@ jaredy@
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.32 |
|
12-Dec-2005 |
deraadt |
ARGSUSED on signal handler
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.31 |
|
10-May-2004 |
wilfried |
unbreak chsh, ok millert
|
#
1.30 |
|
20-Apr-2004 |
millert |
Adapt to new pw_copy() API, closes PR 3698.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.29 |
|
26-Nov-2003 |
espie |
This is ISO C, use string concatenation, instead of bogus use of __CONCAT. (hint: "a" and "b" can't be pasted as a valid C token...) okay millert@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.28 |
|
01-Jul-2003 |
avsm |
- no need for pathnames.h, just use <paths.h> instead - bump mktemp randomness slightly from 8 -> 10 millert@ ok
|
#
1.27 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.26 |
|
31-Jul-2002 |
millert |
When I got removed the use of atexit() I missed the fact that edit() calls pw_error() which in turn calls exit(). Now edit() returns its status so the temp file gets cleaned up nicely if the user makes no changes or if an error occurred. Problem noticed by deraadt@
|
#
1.25 |
|
27-Jun-2002 |
deraadt |
move protos
|
#
1.24 |
|
27-Jun-2002 |
millert |
There is absolutely no reason for the "tempname" or dfd variables to exist outside the scope of the 'op == EDITENTRY' code block. This allows us to get rid of the atexit() call and tempcleanup().
|
#
1.23 |
|
27-Jun-2002 |
deraadt |
cleanup; mpech & millert ok
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
mpech |
Remove \n from err/errx/warn/warnx().
millert@ ok
|
#
1.21 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
27-Aug-2001 |
millert |
Instead of prompting the user whether or not they wish to continue to wait for the lock on password file just tell the user to interrupt with ^C. This simplifies the locking loop a bit.
Update man page to this effect.
|
#
1.19 |
|
16-Aug-2001 |
millert |
extra arg to pw_mkdb
|
#
1.18 |
|
16-Aug-2001 |
millert |
At Theo's request only print 'Please wait' if don't get the lock on the first try.
|
#
1.17 |
|
15-Aug-2001 |
millert |
Move locking of the passwd file *after* we have gotten a new password from the user. Set real/effective/saved uids to 0 and block all signals so the lock cannot be kept longer than necessary. If we cannot lock, try again every 1/4 second for 2 seconds and then ask the user what they wish to do (keep trying, quit).
Same as in local_passwd.c but here we need to remove a temp file in the SIGINT handler because _exit() doesn't call atexit() routines.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
26-Nov-2000 |
millert |
Update for pw_mkdb(3) interface change. All but vipw and userdel can specify a username (and thus avoid rebuilding the while database).
|
#
1.15 |
|
21-Nov-2000 |
aaron |
Sync usage() output with man page; mpech@prosoft.org.lv
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.14 |
|
05-Dec-1999 |
millert |
Fix temp file unlinking. We use atexit() since the libutil passwd routines do their own exit.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.13 |
|
03-Aug-1998 |
millert |
use __progname
|
#
1.12 |
|
02-Aug-1998 |
millert |
add close on exec flag to all opens
|
#
1.11 |
|
29-May-1998 |
millert |
put temp file _PATH_VARTMP
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.10 |
|
30-Mar-1998 |
deraadt |
Y2K fixes from Andreas.Gunnarsson@emw.ericsson.se; culled from various places
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.9 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.8 |
|
13-Feb-1997 |
deraadt |
fix YP and non-YP cases to exit/warn nicely
|
#
1.7 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.6 |
|
20-Oct-1996 |
millert |
better error message if unable to create password temp file.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.5 |
|
23-Sep-1996 |
deraadt |
pw_abort() after yp change, does unlock
|
#
1.4 |
|
31-Aug-1996 |
deraadt |
kill leaks; help from das33@cornell.edu
|
#
1.3 |
|
26-Jun-1996 |
deraadt |
rcsid
|
#
1.2 |
|
22-May-1996 |
deraadt |
libutil
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.44 |
|
08-Dec-2017 |
deraadt |
Convert snprintf+write into dprintf. It is simply easier to read, and provides retry on short-write file descriptors. ok florian, previous versions seen by millert
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.43 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie
|
#
1.42 |
|
18-Nov-2015 |
tedu |
needs _shadow so it can rewrite the master.passwd file
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.41 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.40 |
|
26-Oct-2014 |
guenther |
Prefer mkostemp(O_CLOEXEC) over mkstemp()+fcntl(F_SETFD) Prefer fopen("re") over fopen("r")+fcntl(F_SETFD)
ok otto@ millert@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.39 |
|
18-Apr-2013 |
okan |
- use FD_CLOEXEC instead of 1 - use O_CLOEXEC with open() instead of open/fcntl
from David Hill
ok otto@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.38 |
|
20-Jun-2012 |
schwarze |
Correct English just like jsing@ did it in passwd/local_passwd.c rev. 1.38 on April 27, 2008. While here, fix a typo and drop an obsolete BUGS section.
"my typo so OK millert@ :-)" and OK jmc@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.37 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.36 |
|
08-Jul-2008 |
sobrado |
fix double "usage:"
|
#
1.35 |
|
19-Jun-2008 |
tobias |
Moved the unset of TZ environment variable out of atot into main, removing an unused static var and test out of atot.
With input by jsing and millert, ok millert
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.34 |
|
27-Mar-2007 |
jmc |
-a requires a separate synopsis; from Daniel Polak via henning
ok henning
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.33 |
|
15-Jan-2007 |
otto |
Fix -a when given an entry with an already existing user. Also, give error message if a user arg has been given with -a. Noted by Dan Brosemer. ok millert@ jaredy@
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.32 |
|
12-Dec-2005 |
deraadt |
ARGSUSED on signal handler
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.31 |
|
10-May-2004 |
wilfried |
unbreak chsh, ok millert
|
#
1.30 |
|
20-Apr-2004 |
millert |
Adapt to new pw_copy() API, closes PR 3698.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.29 |
|
26-Nov-2003 |
espie |
This is ISO C, use string concatenation, instead of bogus use of __CONCAT. (hint: "a" and "b" can't be pasted as a valid C token...) okay millert@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.28 |
|
01-Jul-2003 |
avsm |
- no need for pathnames.h, just use <paths.h> instead - bump mktemp randomness slightly from 8 -> 10 millert@ ok
|
#
1.27 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.26 |
|
31-Jul-2002 |
millert |
When I got removed the use of atexit() I missed the fact that edit() calls pw_error() which in turn calls exit(). Now edit() returns its status so the temp file gets cleaned up nicely if the user makes no changes or if an error occurred. Problem noticed by deraadt@
|
#
1.25 |
|
27-Jun-2002 |
deraadt |
move protos
|
#
1.24 |
|
27-Jun-2002 |
millert |
There is absolutely no reason for the "tempname" or dfd variables to exist outside the scope of the 'op == EDITENTRY' code block. This allows us to get rid of the atexit() call and tempcleanup().
|
#
1.23 |
|
27-Jun-2002 |
deraadt |
cleanup; mpech & millert ok
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
mpech |
Remove \n from err/errx/warn/warnx().
millert@ ok
|
#
1.21 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
27-Aug-2001 |
millert |
Instead of prompting the user whether or not they wish to continue to wait for the lock on password file just tell the user to interrupt with ^C. This simplifies the locking loop a bit.
Update man page to this effect.
|
#
1.19 |
|
16-Aug-2001 |
millert |
extra arg to pw_mkdb
|
#
1.18 |
|
16-Aug-2001 |
millert |
At Theo's request only print 'Please wait' if don't get the lock on the first try.
|
#
1.17 |
|
15-Aug-2001 |
millert |
Move locking of the passwd file *after* we have gotten a new password from the user. Set real/effective/saved uids to 0 and block all signals so the lock cannot be kept longer than necessary. If we cannot lock, try again every 1/4 second for 2 seconds and then ask the user what they wish to do (keep trying, quit).
Same as in local_passwd.c but here we need to remove a temp file in the SIGINT handler because _exit() doesn't call atexit() routines.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
26-Nov-2000 |
millert |
Update for pw_mkdb(3) interface change. All but vipw and userdel can specify a username (and thus avoid rebuilding the while database).
|
#
1.15 |
|
21-Nov-2000 |
aaron |
Sync usage() output with man page; mpech@prosoft.org.lv
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.14 |
|
05-Dec-1999 |
millert |
Fix temp file unlinking. We use atexit() since the libutil passwd routines do their own exit.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.13 |
|
03-Aug-1998 |
millert |
use __progname
|
#
1.12 |
|
02-Aug-1998 |
millert |
add close on exec flag to all opens
|
#
1.11 |
|
29-May-1998 |
millert |
put temp file _PATH_VARTMP
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.10 |
|
30-Mar-1998 |
deraadt |
Y2K fixes from Andreas.Gunnarsson@emw.ericsson.se; culled from various places
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.9 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.8 |
|
13-Feb-1997 |
deraadt |
fix YP and non-YP cases to exit/warn nicely
|
#
1.7 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.6 |
|
20-Oct-1996 |
millert |
better error message if unable to create password temp file.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.5 |
|
23-Sep-1996 |
deraadt |
pw_abort() after yp change, does unlock
|
#
1.4 |
|
31-Aug-1996 |
deraadt |
kill leaks; help from das33@cornell.edu
|
#
1.3 |
|
26-Jun-1996 |
deraadt |
rcsid
|
#
1.2 |
|
22-May-1996 |
deraadt |
libutil
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|