summaryrefslogtreecommitdiffstats
path: root/usr.sbin/user (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX.millert2019-10-171-5/+5
| | | | This is the userland portion. OK deraadt@ sashan@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-2/+2
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-20/+20
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* mkstemp() returns -1 on failurederaadt2019-06-281-6/+6
|
* A bad uid range on the command line should be a fatal error.millert2018-12-311-3/+4
| | | | Based on a diff from Stefan R. Filipek.
* Use user_from_uid(), uid_from_user(), group_from_gid() andmillert2018-10-151-17/+48
| | | | | | gid_from_group() when we are only checking whether an entry already exists. Fixes crashes caused by the getpw* pointer invalidation changes. OK bluhm@
* Fix segfault in usermod -l by swapping one of the getpwnam(3) withmestre2018-09-261-2/+4
| | | | | | | uid_from_user(3). This started happening a few days ago after the change to the pwcache in libc. OK millert@
* Fix warnings caused by user_from_uid() and group_from_gid() nowmillert2018-09-131-2/+2
| | | | returning const char *.
* Remove 2 unused parameters from copydotfiles functionmestre2017-05-241-5/+28
| | | | | | While here sort headers and add missing prototypes OK tb@
* Replace memset(3) with explicit_bzero(3) on user(8) on sensitive datamestre2017-05-121-4/+4
| | | | | | (passwords) as soon as they are not needed on memory anymore. OK millert@
* Since pwp->pw_gid is equal to pwp->pw_uid then use the former instead inmestre2016-11-301-4/+4
| | | | | | | creategid() function and in the failure message since it makes more sense in this chunck of code. OK millert@
* Mitigate some fd leaks on user(8)mestre2016-11-301-1/+6
| | | | OK millert@
* note that no group is created if a group already exists when using =uid;jmc2016-11-302-21/+18
| | | | | | while here, clean the text up a bit; from mestre and myself
* According to usermod(8) manpage if -g =uid is used it should create a new groupmestre2016-11-301-4/+12
| | | | | | | | | | with an unique UID, if it's not already created (not in the manpage), but this wasn't implemented. This implements that functionality similar to what NetBSD has, but with some corrections by adding a fd closure in case of failure and on the failure message itself which they got it wrong. OK tb@
* remove all the (void) casts which are irrelevant. The remaining onesderaadt2016-11-291-156/+158
| | | | | should be fixed to do error checks. ok jsg
* Correct a bit test introduced in user.c rev 1.111 that made it impossiblejsg2016-11-291-2/+3
| | | | | | to set a password hash with usermod if an additional flag was specified. ok mestre@ tom@ jung@
* Alistair Crooks rescinded the advertising clause of his user(8)jsg2016-11-2913-75/+36
| | | | | | license in 2005 in NetBSD. https://mail-index.netbsd.org/source-changes/2005/11/25/0002.html
* Xr encrypt(1) here as well to be consistent with useradd(8).tb2016-08-162-6/+9
| | | | ok jmc
* Xr encrypt(1) in the explanation of the -p option.tb2016-08-141-3/+5
| | | | ok jmc
* Remove the encrypted password length check. The admin should bemillert2016-08-101-71/+5
| | | | | | | | able to put whatever they like in the encrypted password field, regardless of whether it can be matched or not. Having this check just makes it harder to add new encrypted password functions. This also fixes "usermode -Z" which was the impetus for the change. OK benno@
* Fix regression on usermod/userdel by calling getpwnam_shadow(3) and savingmestre2016-05-031-7/+17
| | | | | | | | | | | passwd hash early, instead of getpwnam(3), then close fds by calling endpwent(3) and finally only call pledge(2) after it, otherwise on any modification to the user it would destroy the passwd hash and therefore forbidding him/her to login again to the machine. Reported and tested by Edgar Pettijohn <edgar ! pettijohn-web at com> According to deraadt@ "that looks better then"
* When writing master.password entries, use %lld for time_t and castmillert2016-05-021-7/+7
| | | | to long long. OK ajacoutot@
* Add pledge(2) promises independently on each user(8)'s functions as follows:mestre2016-04-261-1/+36
| | | | | | | | | | | | | | | useradd: stdio rpath wpath cpath fattr flock proc exec getpw id usermod: stdio rpath wpath cpath fattr flock proc exec getpw id userdel: stdio rpath wpath cpath fattr flock proc exec getpw id userinfo: stdio getpw groupadd: stdio rpath wpath cpath fattr flock getpw groupmod: stdio rpath wpath cpath fattr flock groupdel: stdio rpath wpath cpath fattr flock groupinfo: stdio getpw This was extensively tested by me and tim@ who found some issues on my first versions. deraadt@ prodded me to commit this now to check who uses it in order to report back any fallbacks with the diff, if you find any please inform us.
* for some time now mandoc has not required MLINKS to functionjmc2016-03-301-3/+1
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* If program cannot reserve memory then the user doesn't need to know exactly howmestre2016-03-291-3/+2
| | | | | | many bytes it couldn't allocate Suggested and OK from natano@ and millert@ also agrees
* -Remove function #defines from defs.h and use the actual code accordingly inmestre2016-03-293-88/+15
| | | | | | | | | user.c -Remove MIN and MAX #defines which are not being in use since the last 16 years -Move last #define to user.c and remove file defs.h -Remove lint comments OK natano@ after his suggestions and also OK jung@ on an earlier version
* Remove cast from free(3)mestre2016-03-281-2/+2
| | | | OK gsoares@
* Remove handrolled #define FREE and use free(3) directly without wrappingmestre2016-03-282-17/+7
| | | | | | if (ptr!=NULL) around them since they are not needed. OK millert@ and jung@
* Zap extraneous SYNOPSIS sections.zhuk2016-01-081-4/+2
| | | | | | The gettytab(5) and termcap(5) get FILES, others don't need anything. With input from & okay schwarze@
* pledge regression: some operations appear to want to getpwent fromderaadt2015-11-301-5/+1
| | | | | | spwd, then apply to a new password database. This runs into issues also with the new shadow routines. Needs to be looked at more, but for now remove pledge to make the shadow issues easier to figure out..
* pledge "stdio rpath wpath cpath fattr getpw flock id proc exec" at thederaadt2015-11-151-1/+5
| | | | | | top. It is a lot, maybe someone will take the time to find smaller chunks later in the program. tested by jca
* Really silly to chmod "st_mode & 07777" when making a copy of thederaadt2015-11-151-5/+5
| | | | | group file, like entirely missing the point. ok jca
* use .Cm for fixed string argumentsschwarze2015-09-123-31/+19
|
* stdlib.h is in scope; do not cast malloc/calloc/realloc*deraadt2015-08-201-3/+3
| | | | ok millert krw
* read_defaults has the thing for strtonum to chew on in cp, notdlg2015-04-241-2/+2
| | | | | | | optarg. fixes a segfault introduced by the atoi to strtonum change and reported by ajacatout@
* Replace atoi() usage with strtonum(). OK deraadt@millert2015-04-231-71/+61
|
* remove the first comma from constructs like ", and," and ", or,": you can usejmc2015-03-133-14/+14
| | | | | "and" and "or" to join sentence clauses, and you can use commas, but both hinders reading;
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-3/+4
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* use reallocarray() deep inside an macro ugly as sinderaadt2014-12-011-5/+9
|
* Add missing capability to handle new $2b version of blowfish passwordsebastia2014-08-271-5/+8
| | | | | | encryption for usermod and friends. OK millert@, seems reasonable for now tedu@
* Make sure the correct errno is reported by warn* or err* and notguenther2014-07-201-39/+63
| | | | | | the errno of an intervening cleanup operation like close/unlink/etc. Diff from Doug Hogan (doug (at) acyclic.org)
* unsigned char casts for ctype; ok jcaderaadt2013-11-231-14/+16
|
* Move the chown and chmod out of copydotfiles() and add an explicitmillert2013-09-101-3/+6
| | | | | | check for skeldir set to the empty string. Fixes a problem where the owner/mode is not set on the user's homedir if the specified skeldir does not exist. OK ajacoutot@
* Write uids/gids as unsigned in the passwd file and error messages.millert2013-08-061-13/+13
| | | | This matches what pw_scan() expects. OK deraadt@
* use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@schwarze2013-07-1610-30/+30
|
* for parsing time values, fall back to atoll() for time_tderaadt2013-04-021-2/+2
| | | | ok guenther
* When locking/unlocking an account, never touch passwords that are "*"ajacoutot2013-03-041-4/+9
| | | | | | or 13*. Also make sure to never endup with an empty password. cluebat and ok miod@
* Fix unlocking on 32bits arch where it would fuck up the shell...ajacoutot2013-02-161-4/+6
| | | | | | | | Do not try to (un)lock system users; people wanting to do so (???) will know what they do and use vipw(8). unlocking issue reported by Andre Stobe on tech@ cluesticks and ok miod@, ok deraadt@
* Be consistent with what the installer and useradd(8) do and put newlyajacoutot2012-09-201-2/+2
| | | | | | | | created users into their own primary group. This does not change existing installations that already have a usermgmt.conf(5). ok todd@ beck@
* Add 2 new knobs to usermod(8):ajacoutot2012-09-182-7/+117
| | | | | | | | | | | -U to unlock an account -Z to lock an account Locking means adding a '*' prefix to the encrypted password and appending a '-' to the user's shell... and obviously the opposite for unlocking. some inputs from sthen@, otto@ and deraadt@ ok todd@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.