diff --git a/include/pwd.h b/include/pwd.h index af6c812f619..6307980c7fc 100644 --- a/include/pwd.h +++ b/include/pwd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pwd.h,v 1.11 2001/02/13 14:48:40 pjanzen Exp $ */ +/* $OpenBSD: pwd.h,v 1.12 2001/08/26 03:28:30 millert Exp $ */ /* $NetBSD: pwd.h,v 1.9 1996/05/15 21:36:45 jtc Exp $ */ /*- @@ -75,6 +75,10 @@ #define _PASSWORD_NOCHG 0x04 /* flag for no specified change. */ #define _PASSWORD_NOEXP 0x08 /* flag for no specified expire. */ +/* Flags for pw_mkdb(3) */ +#define _PASSWORD_SECUREONLY 0x01 /* only generate spwd.db file */ +#define _PASSWORD_OMITV7 0x02 /* don't generate v7 passwd file */ + #endif struct passwd { diff --git a/lib/libutil/passwd.c b/lib/libutil/passwd.c index 6912f7adae9..a0f817ae9c7 100644 --- a/lib/libutil/passwd.c +++ b/lib/libutil/passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: passwd.c,v 1.27 2001/08/16 18:24:32 millert Exp $ */ +/* $OpenBSD: passwd.c,v 1.28 2001/08/26 03:28:30 millert Exp $ */ /* * Copyright (c) 1987, 1993, 1994, 1995 @@ -34,7 +34,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: passwd.c,v 1.27 2001/08/16 18:24:32 millert Exp $"; +static char rcsid[] = "$OpenBSD: passwd.c,v 1.28 2001/08/26 03:28:30 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -273,9 +273,9 @@ pw_lock(retries) } int -pw_mkdb(username, secureonly) +pw_mkdb(username, flags) char *username; - int secureonly; + int flags; { int pstat, ac; pid_t pid; @@ -295,9 +295,9 @@ pw_mkdb(username, secureonly) av[ac++] = "pwd_mkdb"; av[ac++] = "-d"; av[ac++] = pw_dir; - if (secureonly) + if (flags & _PASSWORD_SECUREONLY) av[ac++] = "-s"; - else + else if (!(flags & _PASSWORD_OMITV7)) av[ac++] = "-p"; if (username) { av[ac++] = "-u"; diff --git a/lib/libutil/pw_lock.3 b/lib/libutil/pw_lock.3 index 3146d936bc3..78d42acba54 100644 --- a/lib/libutil/pw_lock.3 +++ b/lib/libutil/pw_lock.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pw_lock.3,v 1.7 2001/08/16 18:24:32 millert Exp $ +.\" $OpenBSD: pw_lock.3,v 1.8 2001/08/26 03:28:30 millert Exp $ .\" .\" Copyright (c) 1995 .\" The Regents of the University of California. All rights reserved. @@ -35,7 +35,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 15, 1995 +.Dd August 20, 2001 .Dt PW_LOCK 3 .Os .Sh NAME @@ -48,7 +48,7 @@ .Ft int .Fn pw_lock "int retries" .Ft int -.Fn pw_mkdb "char *username" "int secureonly" +.Fn pw_mkdb "char *username" "int pwflags" .Ft void .Fn pw_abort .Sh DESCRIPTION @@ -84,13 +84,23 @@ via If a .Fa username is specified, only the record for the specified user will be updated. -If the -.Fa secureonly -argument is non-zero, only the secure database file, -.Pa /etc/spwd.db , -will be updated. -This is useful for cases when the password field is the only part of the -entry that has been modified. +The +.Fa pwflags +are specified by +.Tn OR Ns 'ing +the following values: +.Pp +.Bl -tag -width _PASSWORD_SECUREONLY -offset "xxxx" -compact +.It Dv _PASSWORD_SECUREONLY +only update the secure database file +.Po Pa /etc/spwd.db Pc . +.It Dv _PASSWORD_OMITV7 +do not update the Version 7 format password file +.Po Pa /etc/passwd Pc . +.El +.Pp +By default the secure, insecure and Version 7 format password databases +are updated. You should finish writing to and close the file descriptor returned by .Fn pw_lock before calling diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c index cbe650cd212..231570ae3d8 100644 --- a/usr.bin/passwd/local_passwd.c +++ b/usr.bin/passwd/local_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: local_passwd.c,v 1.19 2001/08/18 19:58:46 millert Exp $ */ +/* $OpenBSD: local_passwd.c,v 1.20 2001/08/26 03:28:30 millert Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -35,7 +35,7 @@ #ifndef lint /*static const char sccsid[] = "from: @(#)local_passwd.c 5.5 (Berkeley) 5/6/91";*/ -static const char rcsid[] = "$OpenBSD: local_passwd.c,v 1.19 2001/08/18 19:58:46 millert Exp $"; +static const char rcsid[] = "$OpenBSD: local_passwd.c,v 1.20 2001/08/26 03:28:30 millert Exp $"; #endif /* not lint */ #include @@ -70,7 +70,7 @@ local_passwd(uname, authenticated) sigset_t fullset; time_t period; int pfd, tfd = -1; - int secureonly = 0; + int pwflags = _PASSWORD_OMITV7; char *s = NULL; if (!(pw = getpwnam(uname))) { @@ -107,7 +107,7 @@ local_passwd(uname, authenticated) if (pw->pw_change != 0) pw->pw_change = 0; else - secureonly = 1; + pwflags = _PASSWORD_SECUREONLY; } /* Drop user's real uid and block all signals to avoid a DoS. */ @@ -161,7 +161,7 @@ local_passwd(uname, authenticated) /* Update master.passwd file and rebuild spwd.db. */ pw_copy(pfd, tfd, pw); - if (pw_mkdb(uname, secureonly) < 0) + if (pw_mkdb(uname, pwflags) < 0) pw_error(NULL, 0, 1); return(0);