mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Change the second arg to pw_mkdb() from a boolean flag to a set of

Browse Source 
bit flags ORed together.  Currently the only flags defined are
_PASSWORD_SECUREONLY and _PASSWORD_OMITV7 but this is enough to
cause pw_mkdb() to run pwd_mkdb with the options we want.

With this change we no longer generate the old V7 passwd file when
only the extra fields in master.passwd (or the encrypted password)
have changed.  There are other programs that could probably use
the _PASSWORD_OMITV7 flag; they will be converted at a future date.
This commit is contained in:
millert 2001-08-26 03:28:30 +00:00
parent e858136eb6
commit 00ca34bf62
4 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/pwd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pwd.h,v 1.11 2001/02/13 14:48:40 pjanzen Exp $ */ /* $OpenBSD: pwd.h,v 1.12 2001/08/26 03:28:30 millert Exp $ */
/* $NetBSD: pwd.h,v 1.9 1996/05/15 21:36:45 jtc Exp $ */ /* $NetBSD: pwd.h,v 1.9 1996/05/15 21:36:45 jtc Exp $ */
/*- /*-
@ -75,6 +75,10 @@
#define _PASSWORD_NOCHG 0x04 /* flag for no specified change. */ #define _PASSWORD_NOCHG 0x04 /* flag for no specified change. */
#define _PASSWORD_NOEXP 0x08 /* flag for no specified expire. */ #define _PASSWORD_NOEXP 0x08 /* flag for no specified expire. */
/* Flags for pw_mkdb(3) */
#define _PASSWORD_SECUREONLY 0x01 /* only generate spwd.db file */
#define _PASSWORD_OMITV7 0x02 /* don't generate v7 passwd file */
#endif #endif
struct passwd { struct passwd {

12
lib/libutil/passwd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: passwd.c,v 1.27 2001/08/16 18:24:32 millert Exp $ */ /* $OpenBSD: passwd.c,v 1.28 2001/08/26 03:28:30 millert Exp $ */
/* /*
* Copyright (c) 1987, 1993, 1994, 1995 * Copyright (c) 1987, 1993, 1994, 1995
@ -34,7 +34,7 @@
*/ */
#if defined(LIBC_SCCS) && !defined(lint) #if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: passwd.c,v 1.27 2001/08/16 18:24:32 millert Exp $"; static char rcsid[] = "$OpenBSD: passwd.c,v 1.28 2001/08/26 03:28:30 millert Exp $";
#endif /* LIBC_SCCS and not lint */ #endif /* LIBC_SCCS and not lint */
#include <sys/types.h> #include <sys/types.h>
@ -273,9 +273,9 @@ pw_lock(retries)
} }
int int
pw_mkdb(username, secureonly) pw_mkdb(username, flags)
char *username; char *username;
int secureonly; int flags;
{ {
int pstat, ac; int pstat, ac;
pid_t pid; pid_t pid;
@ -295,9 +295,9 @@ pw_mkdb(username, secureonly)
av[ac++] = "pwd_mkdb"; av[ac++] = "pwd_mkdb";
av[ac++] = "-d"; av[ac++] = "-d";
av[ac++] = pw_dir; av[ac++] = pw_dir;
if (secureonly) if (flags & _PASSWORD_SECUREONLY)
av[ac++] = "-s"; av[ac++] = "-s";
else else if (!(flags & _PASSWORD_OMITV7))
av[ac++] = "-p"; av[ac++] = "-p";
if (username) { if (username) {
av[ac++] = "-u"; av[ac++] = "-u";

30
lib/libutil/pw_lock.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: pw_lock.3,v 1.7 2001/08/16 18:24:32 millert Exp $ .\" $OpenBSD: pw_lock.3,v 1.8 2001/08/26 03:28:30 millert Exp $
.\" .\"
.\" Copyright (c) 1995 .\" Copyright (c) 1995
.\" The Regents of the University of California. All rights reserved. .\" The Regents of the University of California. All rights reserved.
@ -35,7 +35,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd December 15, 1995 .Dd August 20, 2001
.Dt PW_LOCK 3 .Dt PW_LOCK 3
.Os .Os
.Sh NAME .Sh NAME
@ -48,7 +48,7 @@
.Ft int .Ft int
.Fn pw_lock "int retries" .Fn pw_lock "int retries"
.Ft int .Ft int
.Fn pw_mkdb "char *username" "int secureonly" .Fn pw_mkdb "char *username" "int pwflags"
.Ft void .Ft void
.Fn pw_abort .Fn pw_abort
.Sh DESCRIPTION .Sh DESCRIPTION
@ -84,13 +84,23 @@ via
If a If a
.Fa username .Fa username
is specified, only the record for the specified user will be updated. is specified, only the record for the specified user will be updated.
If the The
.Fa secureonly .Fa pwflags
argument is non-zero, only the secure database file, are specified by
.Pa /etc/spwd.db , .Tn OR Ns 'ing
will be updated. the following values:
This is useful for cases when the password field is the only part of the .Pp
entry that has been modified. .Bl -tag -width _PASSWORD_SECUREONLY -offset "xxxx" -compact
.It Dv _PASSWORD_SECUREONLY
only update the secure database file
.Po Pa /etc/spwd.db Pc .
.It Dv _PASSWORD_OMITV7
do not update the Version 7 format password file
.Po Pa /etc/passwd Pc .
.El
.Pp
By default the secure, insecure and Version 7 format password databases
are updated.
You should finish writing to and close the file descriptor returned by You should finish writing to and close the file descriptor returned by
.Fn pw_lock .Fn pw_lock
before calling before calling

10
usr.bin/passwd/local_passwd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: local_passwd.c,v 1.19 2001/08/18 19:58:46 millert Exp $ */ /* $OpenBSD: local_passwd.c,v 1.20 2001/08/26 03:28:30 millert Exp $ */
/*- /*-
* Copyright (c) 1990 The Regents of the University of California. * Copyright (c) 1990 The Regents of the University of California.
@ -35,7 +35,7 @@
#ifndef lint #ifndef lint
/*static const char sccsid[] = "from: @(#)local_passwd.c 5.5 (Berkeley) 5/6/91";*/ /*static const char sccsid[] = "from: @(#)local_passwd.c 5.5 (Berkeley) 5/6/91";*/
static const char rcsid[] = "$OpenBSD: local_passwd.c,v 1.19 2001/08/18 19:58:46 millert Exp $"; static const char rcsid[] = "$OpenBSD: local_passwd.c,v 1.20 2001/08/26 03:28:30 millert Exp $";
#endif /* not lint */ #endif /* not lint */
#include <sys/types.h> #include <sys/types.h>
@ -70,7 +70,7 @@ local_passwd(uname, authenticated)
sigset_t fullset; sigset_t fullset;
time_t period; time_t period;
int pfd, tfd = -1; int pfd, tfd = -1;
int secureonly = 0; int pwflags = _PASSWORD_OMITV7;
char *s = NULL; char *s = NULL;
if (!(pw = getpwnam(uname))) { if (!(pw = getpwnam(uname))) {
@ -107,7 +107,7 @@ local_passwd(uname, authenticated)
if (pw->pw_change != 0) if (pw->pw_change != 0)
pw->pw_change = 0; pw->pw_change = 0;
else else
secureonly = 1; pwflags = _PASSWORD_SECUREONLY;
} }
/* Drop user's real uid and block all signals to avoid a DoS. */ /* Drop user's real uid and block all signals to avoid a DoS. */
@ -161,7 +161,7 @@ local_passwd(uname, authenticated)
/* Update master.passwd file and rebuild spwd.db. */ /* Update master.passwd file and rebuild spwd.db. */
pw_copy(pfd, tfd, pw); pw_copy(pfd, tfd, pw);
if (pw_mkdb(uname, secureonly) < 0) if (pw_mkdb(uname, pwflags) < 0)
pw_error(NULL, 0, 1); pw_error(NULL, 0, 1);
return(0); return(0);