Change the second arg to pw_mkdb() from a boolean flag to a set of

bit flags ORed together. Currently the only flags defined are _PASSWORD_SECUREONLY and _PASSWORD_OMITV7 but this is enough to cause pw_mkdb() to run pwd_mkdb with the options we want. With this change we no longer generate the old V7 passwd file when only the extra fields in master.passwd (or the encrypted password) have changed. There are other programs that could probably use the _PASSWORD_OMITV7 flag; they will be converted at a future date.
2025-01-10 06:47:55 -08:00 · 2001-08-26 03:28:30 +00:00 · 2001-08-26 03:28:30 +00:00 · 00ca34bf62
commit 00ca34bf62
parent e858136eb6
4 changed files with 36 additions and 22 deletions
--- a/include/pwd.h
+++ b/include/pwd.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: pwd.h,v 1.11 2001/02/13 14:48:40 pjanzen Exp $	*/
+/*	$OpenBSD: pwd.h,v 1.12 2001/08/26 03:28:30 millert Exp $	*/
 /*	$NetBSD: pwd.h,v 1.9 1996/05/15 21:36:45 jtc Exp $	*/

 /*-
@ -75,6 +75,10 @@
 #define _PASSWORD_NOCHG		0x04	/* flag for no specified change. */
 #define _PASSWORD_NOEXP		0x08	/* flag for no specified expire. */

+/* Flags for pw_mkdb(3) */
+#define	_PASSWORD_SECUREONLY	0x01	/* only generate spwd.db file */
+#define	_PASSWORD_OMITV7	0x02	/* don't generate v7 passwd file */
+
 #endif

 struct passwd {
--- a/lib/libutil/passwd.c
+++ b/lib/libutil/passwd.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: passwd.c,v 1.27 2001/08/16 18:24:32 millert Exp $	*/
+/*	$OpenBSD: passwd.c,v 1.28 2001/08/26 03:28:30 millert Exp $	*/

 /*
 * Copyright (c) 1987, 1993, 1994, 1995
@ -34,7 +34,7 @@
 */

 #if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: passwd.c,v 1.27 2001/08/16 18:24:32 millert Exp $";
+static char rcsid[] = "$OpenBSD: passwd.c,v 1.28 2001/08/26 03:28:30 millert Exp $";
 #endif /* LIBC_SCCS and not lint */

 #include <sys/types.h>
@ -273,9 +273,9 @@ pw_lock(retries)
 }

 int
-pw_mkdb(username, secureonly)
+pw_mkdb(username, flags)
 	char *username;
-	int secureonly;
+	int flags;
 {
 	int pstat, ac;
 	pid_t pid;
@ -295,9 +295,9 @@ pw_mkdb(username, secureonly)
 	av[ac++] = "pwd_mkdb";
 	av[ac++] = "-d";
 	av[ac++] = pw_dir;
-	if (secureonly)
+	if (flags & _PASSWORD_SECUREONLY)
 		av[ac++] = "-s";
-	else
+	else if (!(flags & _PASSWORD_OMITV7))
 		av[ac++] = "-p";
 	if (username) {
 		av[ac++] = "-u";
--- a/lib/libutil/pw_lock.3
+++ b/lib/libutil/pw_lock.3
@ -1,4 +1,4 @@
-.\"	$OpenBSD: pw_lock.3,v 1.7 2001/08/16 18:24:32 millert Exp $
+.\"	$OpenBSD: pw_lock.3,v 1.8 2001/08/26 03:28:30 millert Exp $
 .\"
 .\" Copyright (c) 1995
 .\"	The Regents of the University of California.  All rights reserved.
@ -35,7 +35,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd December 15, 1995
+.Dd August 20, 2001
 .Dt PW_LOCK 3
 .Os
 .Sh NAME
@ -48,7 +48,7 @@
 .Ft int
 .Fn pw_lock "int retries"
 .Ft int
-.Fn pw_mkdb "char *username" "int secureonly"
+.Fn pw_mkdb "char *username" "int pwflags"
 .Ft void
 .Fn pw_abort
 .Sh DESCRIPTION
@ -84,13 +84,23 @@ via
 If a
 .Fa username
 is specified, only the record for the specified user will be updated.
-If the
-.Fa secureonly
-argument is non-zero, only the secure database file,
-.Pa /etc/spwd.db ,
-will be updated.
-This is useful for cases when the password field is the only part of the
-entry that has been modified.
+The
+.Fa pwflags
+are specified by
+.Tn OR Ns 'ing
+the following values:
+.Pp
+.Bl -tag -width _PASSWORD_SECUREONLY -offset "xxxx" -compact
+.It Dv _PASSWORD_SECUREONLY
+only update the secure database file
+.Po Pa /etc/spwd.db Pc .
+.It Dv _PASSWORD_OMITV7
+do not update the Version 7 format password file
+.Po Pa /etc/passwd Pc .
+.El
+.Pp
+By default the secure, insecure and Version 7 format password databases
+are updated.
 You should finish writing to and close the file descriptor returned by
 .Fn pw_lock
 before calling
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: local_passwd.c,v 1.19 2001/08/18 19:58:46 millert Exp $	*/
+/*	$OpenBSD: local_passwd.c,v 1.20 2001/08/26 03:28:30 millert Exp $	*/

 /*-
 * Copyright (c) 1990 The Regents of the University of California.
@ -35,7 +35,7 @@

 #ifndef lint
 /*static const char sccsid[] = "from: @(#)local_passwd.c	5.5 (Berkeley) 5/6/91";*/
-static const char rcsid[] = "$OpenBSD: local_passwd.c,v 1.19 2001/08/18 19:58:46 millert Exp $";
+static const char rcsid[] = "$OpenBSD: local_passwd.c,v 1.20 2001/08/26 03:28:30 millert Exp $";
 #endif /* not lint */

 #include <sys/types.h>
@ -70,7 +70,7 @@ local_passwd(uname, authenticated)
 	sigset_t fullset;
 	time_t period;
 	int pfd, tfd = -1;
-	int secureonly = 0;
+	int pwflags = _PASSWORD_OMITV7;
 	char *s = NULL;

 	if (!(pw = getpwnam(uname))) {
@ -107,7 +107,7 @@ local_passwd(uname, authenticated)
 		if (pw->pw_change != 0)
 			pw->pw_change = 0;
 		else
-			secureonly = 1;
+			pwflags = _PASSWORD_SECUREONLY;
 	}

 	/* Drop user's real uid and block all signals to avoid a DoS. */
@ -161,7 +161,7 @@ local_passwd(uname, authenticated)

 	/* Update master.passwd file and rebuild spwd.db. */
 	pw_copy(pfd, tfd, pw);
-	if (pw_mkdb(uname, secureonly) < 0)
+	if (pw_mkdb(uname, pwflags) < 0)
 		pw_error(NULL, 0, 1);

 	return(0);