"*************" rather than a single asterisk - it's just as difficult
to hash to the longer password since the asterisk character itself is
not in its alphabet, and pwd_mkdb now thinks it's a valid DES password.
can be a variable length field, so check the (fixed length) password
length, rather then the length of the whole password+salt+cipher.
Use a cipher type of "$2a" for blowfish.
password types, and their associated lengths, and check in useradd or
usermod whether the given encrypted password has the correct length.
This removes the (duplicated) hardcoded lengths which had crept in
with the last commit, and also checks the length of the given password
against the expected length.
and modification of user and group information.
Syslog priority is LOG_INFO, facility is LOG_USER (there is no need to
do this via LOG_AUTH, since the password and group files are world
readable).
Suggested by Hubert Feyrer, after a similar facility in Linux.
the user is not found through NIS.
Completes fix of PR 17849, from Grant Beattie (grant@netbsd.org).
Also, don't cast return type of pw_abort(3) to void, as it already is void.
preserving information.
Remove BUGS section from userdel(8) accordingly.
Make this utility compile with WARNS=3 - add const-poisoning and
shadow variable name resolution.
based on some code from Todd C. Miller, which in turn was based on a
patch from Brian Poole <raj@cerias.purdue.edu>.
Look first in any uid ranges specified on the command line, in the order
they were given on the command line, and then in any ranges specified in
the defaults file.
With thanks to Brian for nudging me a number of times to fix this.
UID ranges. Previous behaviour is demonstrated below...
# useradd -D
group users
base_dir /home
skel_dir /etc/skel
shell /bin/csh
class
inactive 0
expire Null (unset)
range 10200..10300
# useradd -D -r 10200..10300 -r 10400..10500
# useradd -D
group users
base_dir /home
skel_dir /etc/skel
shell /bin/csh
class
inactive 0
expire Null (unset)
range 10400..10500
The second command should have put 2 ranges back into the config file,
but it really only put one because the first range on the command line
was marked as a duplicate (but when it got to writing the config file,
it only wrote command line ranges, so the 10200 got skipped). Fix
this by initializing defrc to 0 and then only looking after defrc for
duplicate ranges.
+ if the cd built-in fails, don't try to copy the directory hierarchy
with pax - s/;/&&/ in a shell command
+ clean up after ourselves if a rename fails - remove the newly-created
group file.
+ remove some unused code in a comment.
+ add F_SHELL flag in userdel
+ use a separate local declaration for a temporary variable, rather
than overloading a variable that's used for something else.
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).
Improved by comments from enami and christos -- thanks!
Heimdal/krb4/KAME changes already fed back, rest to follow.
Inspired by, but not not based on, OpenBSD.
instead of err()), as all error cases in creategid() are already commented
properly from inside creategid().
This prevents funny errors like:
miyu# groupadd test2
miyu# groupadd test2
groupadd: group `test2' already exists
groupadd: can't add group: problems with /etc/group file: Inappropriate ioctl for device
directory already exists. Previously new skel files from /etc/skel were
copied and permissions/ownerships changed even if the directory already
existed.
Before removing the home directory of a user check that
+ the user does not have uid 0
+ the user is the owner of the directory.
and remove the files using the effective user-id of the user. Show
a warning if the directory is not removed.
Use asprintf and fgetln for some string work to remove arbitary string
length limitations.
Fixes for PRs bin/11100 and bin/11103.
Options without arguments go first in a bunch (see /usr/share/misc/style)
"add", "del", "info", "mod" arguments to user(8) and group(8) are command
modifiers, not normal text.
-D is not optional when setting the defaults for useradd(8)
Also add a missing .Ar to groupinfo.8
There's a glitch in the display describing the "group" option in
usermgmt.conf. I can't get rid of the blank line above it without it
losing the line break after the colon as well. Anyone?
+ Use _PATH_GROUP and _PATH_MASTERPASSWD (from OpenBSD)
+ Use -G group1,group2,group3 for multiple groups in useradd and usermod
(pointed out by Matt Green, and also changed in OpenBSD, but done more
efficiently here)
+ is_number should not be inside #ifdef EXTENSIONS (from OpenBSD)
+ clear up yet another usage message (for user(8) and group(8)) - noticed
in passing, unknown if fixed anywhere else
- Move SEE ALSO section before the HISTORY section as described in
mdoc(7) with:
+ removing traing dot.
+ spliting files into FILES section.
- Refer pathnames using .Pa (rather .Ar or .Xr).
+ copy all files and directories in <skeldir> to new user's home
directory, not just if they begin with a '.'
+ use pax to copy files from <skeldir>, as this will allow <skeldir>
to contain directory trees as well as regular files
+ use -h arg to chown(1) in case any symlinks have been created in the
new user's home directory
+ getpwnam(3) does not set errno, so use errx(3) and warnx(3)
+ use nologin(8) in preference to false(1) when deleting users but
preserving information
+ in usage messages, specify [-r lowuid..highuid] rather than a simple
[-r range]
+ Moved all internal definitions from usermgmt.h to user.c
+ Added prototypes to usermgmt.h
+ Allow defaults to be set at build time
+ Check the effective uid is 0 if any data is to be modified
+ Check all numeric uids and gids really are numeric
+ Fix a bug (reported by lenb at sasquatch.com) where new ranges were
appended to old ranges, rather than replacing them
+ Add userinfo(8) and groupinfo(8) utilities (if EXTENSIONS is
defined), whereby user and group information can be displayed. Add
manual pages for new utilities. Add front-end calling from user(8)
and group(8) accordingly.
+ Make all functions visible outside the user.c file again. User and
group manipulation may be split out into a separate shared lib in the
future
+ Split off main function into a separate main.c
+ Changed default group to be "users"
+ Changed despatch table for commands to work in a more sane manner
+ Added "default-group" target to Makefile, so that the default group
can be made easily.
- put `usage' at the start of each message
- put a space between the option and arg in [-x foo]
* fix command parsing for when a two word command is invoked without
args or with an invalid second arg so that a more appropriate error
message is printed.
groupadd/groupmod/groupdel functionality, along with two front-end
utilities, user(8) and group(8).
Based on the addnerd package, but most of the interface has been
completely rewritten, and suggestions from simonb and mrg have been
incorporated.