Commit Graph

70 Commits

Author SHA1 Message Date
agc
65feb98718 Some patches from Todd C. Miller:
1. Use REG_NEWLINE, rather than matching "\n".

2. Fix a bug where rm_user_from_groups would mangle group entries in
/etc/group when the user to be removed is the only member of the group,
by using substring matches.
2003-06-12 17:00:53 +00:00
agc
9878b0d124 The "default" case usually occurs at the end of all other options, so change
it to follow convention.

Add /* NOTREACHED */ comments, per share/misc/style.
2003-04-14 17:40:07 +00:00
dsl
238b338f74 Report usage() if getopt() returns '?'
Partial fix for bin/21146
2003-04-14 09:49:15 +00:00
jrf
151509e229 This addresses PR 20156. isalnum(), isdigit() and isspace() are used with
char as a parameter. On platforms with char signed by default, those are wrong.
Thanks to Christian Biere christianbiere@gmx.de for the patch he supplied.
I tested the patch and agc approved it for commit.
2003-03-14 16:56:39 +00:00
agc
7cb1f145f5 Add a check for the length of the login name given by the user.
Provided by Ben Collver in PR 20154
2003-02-03 12:20:46 +00:00
agc
d6b0aed068 When deleting a user with preservation, use a password of
"*************" rather than a single asterisk - it's just as difficult
to hash to the longer password since the asterisk character itself is
not in its alphabet, and pwd_mkdb now thinks it's a valid DES password.
2002-11-08 11:53:20 +00:00
agc
7843f87c3d Factor out some common code. 2002-11-08 11:44:37 +00:00
itojun
7cf12fa457 valid_password_length() is a boolean function, so there's no point in
having "> 0" in if clause.
2002-10-01 02:50:51 +00:00
agc
92ef00aeba Update previous to reflect reality. For blowfish passwords, the salt
can be a variable length field, so check the (fixed length) password
length, rather then the length of the whole password+salt+cipher.

Use a cipher type of "$2a" for blowfish.
2002-09-30 14:15:47 +00:00
agc
e7bdda1971 Handle PR 18474 in a more safe and scalable fashion - keep a table of
password types, and their associated lengths, and check in useradd or
usermod whether the given encrypted password has the correct length.

This removes the (duplicated) hardcoded lengths which had crept in
with the last commit, and also checks the length of the given password
against the expected length.
2002-09-30 10:32:40 +00:00
itojun
84237f231a support MD5/blowfish password. PR 18474. 2002-09-30 04:05:22 +00:00
agc
18e50dcd89 Use syslog(3) to log new users and groups, deletions of users and groups,
and modification of user and group information.

Syslog priority is LOG_INFO, facility is LOG_USER (there is no need to
do this via LOG_AUTH, since the password and group files are world
readable).

Suggested by Hubert Feyrer, after a similar facility in Linux.
2002-08-27 12:38:02 +00:00
agc
051f76f577 Generalise the function which checks if a user is local to work for groups
as well.

Use the new function when modifying a group's information.
2002-08-27 11:25:29 +00:00
wiz
aea5088350 Set the default password (if not specified) to a single star instead
of PasswordLength stars.
2002-08-07 14:24:52 +00:00
agc
b35288ab0c Add a function is_local_user(), and use it in moduser(), to check that
the user is not found through NIS.

Completes fix of PR 17849, from Grant Beattie (grant@netbsd.org).

Also, don't cast return type of pw_abort(3) to void, as it already is void.
2002-08-06 11:56:26 +00:00
agc
569d79bd84 Remove the /etc/ptmp file via pw_abort(3) if the pw_mkdb(3) call fails.
Addresses part of PR 17849 from Grant Beattie, grant@netbsd.org.
2002-08-06 09:03:55 +00:00
grant
eda9e509bb sweep of errx/warnx, remove unnecessary trailing \n 2002-07-20 08:40:16 +00:00
agc
c24c69434f Remove user from supplementary groups when deleting a user and not
preserving information.

Remove BUGS section from userdel(8) accordingly.

Make this utility compile with WARNS=3 - add const-poisoning and
shadow variable name resolution.
2002-07-08 22:17:47 +00:00
grant
9210200e15 add usermgmt.conf man page.
user -e and -f now accepts "month day year" (ala chpass(1)) and
seconds-since-epoch.
correct man pages accordingly.
2002-06-01 06:28:06 +00:00
agc
0a602aa3de Handle multiple ranges on the command line and in the defaults file,
based on some code from Todd C.  Miller, which in turn was based on a
patch from Brian Poole <raj@cerias.purdue.edu>.

Look first in any uid ranges specified on the command line, in the order
they were given on the command line, and then in any ranges specified in
the defaults file.

With thanks to Brian for nudging me a number of times to fix this.
2002-05-03 10:31:14 +00:00
agc
2de2bc02d6 Fix for skeleton directory changes to defaults file from Brian Poole
<raj@cerias.purdue.edu>

Previous behaviour as follows:

# useradd -D -k /foo/bar
group           users
base_dir        /home
skel_dir        /foo/bar
shell           /bin/csh
class
inactive        0
expire          Null (unset)
range           10200..10300
range           10600..10700
# useradd -D
group           users
base_dir        /home
skel_dir        /etc/skel
shell           /bin/csh
class
inactive        0
expire          Null (unset)
range           10200..10300
range           10600..10700
2002-05-03 10:11:16 +00:00
agc
3db3295859 Fix from Brian Poole <raj@cerias.purdue.edu> for improper handling of
UID ranges. Previous behaviour is demonstrated below...

# useradd -D
group           users
base_dir        /home
skel_dir        /etc/skel
shell           /bin/csh
class
inactive        0
expire          Null (unset)
range           10200..10300
# useradd -D -r 10200..10300 -r 10400..10500
# useradd -D
group           users
base_dir        /home
skel_dir        /etc/skel
shell           /bin/csh
class
inactive        0
expire          Null (unset)
range           10400..10500

The second command should have put 2 ranges back into the config file,
but it really only put one because the first range on the command line
was marked as a duplicate (but when it got to writing the config file,
it only wrote command line ranges, so the 10200 got skipped).  Fix
this by initializing defrc to 0 and then only looking after defrc for
duplicate ranges.
2002-05-03 10:05:28 +00:00
agc
00ee66cd54 Modifications from Brian Poole <raj@cerias.purdue.edu>, via OpenBSD:
+ if the cd built-in fails, don't try to copy the directory hierarchy
  with pax - s/;/&&/ in a shell command
+ clean up after ourselves if a rename fails - remove the newly-created
  group file.
2002-05-03 08:07:02 +00:00
agc
3387a6a54e Do the previous differently. Run through the possible ranges for uids in
the command line order, then check the default range after that, if none
has yet been found.

Prompted by Brian Poole <raj@cerias.purdue.edu>.
2002-03-31 21:31:10 +00:00
agc
bf3822aec1 Search uid ranges properly, using command line ranges if provided, and
using the default range last.

Problem reported by Cillian Sharkey <cns@redbrick.dcu.ie>
2002-02-05 19:18:29 +00:00
agc
cd27040c88 + add backwards compatibility hook for old pw_mkdb() calls with no args
+ remove some unused code in a comment.

+ add F_SHELL flag in userdel

+ use a separate local declaration for a temporary variable, rather
than overloading a variable that's used for something else.
2001-10-22 11:00:05 +00:00
wiz
4c99916337 va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
hubertf
5653bfc431 if creategid() fails, don't try to print system error message (use errx()
instead of err()), as all error cases in creategid() are already commented
properly from inside creategid().

This prevents funny errors like:

	miyu# groupadd test2
	miyu# groupadd test2
	groupadd: group `test2' already exists
	groupadd: can't add group: problems with /etc/group file: Inappropriate ioctl for device
2001-09-16 18:08:37 +00:00
christos
9a9926ee57 PR/13874: Hubert Feyrer: Add -L class to useradd 2001-09-05 21:37:32 +00:00
ad
1e8e78ed07 Update for pw_mkdb() change: restrict updates to one user's records and/or
the secure database where appropriate.
2001-08-18 19:35:32 +00:00
joda
3a2248a4e7 (usermod): ~F_MKDIR is usually much better than !F_MKDIR in bit masks 2001-08-17 08:29:00 +00:00
itojun
85856f18c0 do not make "useradd foo -s bar" to ignore "-s bar" silently. require
exactly one username.
2001-06-23 02:42:32 +00:00
cgd
25bdbb661e convert to use getprogname() 2001-02-19 23:22:40 +00:00
lukem
e379b8ae5f groupmod: ensure that the modified group has the trailing newline 2001-02-13 21:27:03 +00:00
wiz
1d1f43e05c Improve handling of -l with -m, and update documentation.
Based on an idea by Alistair Crooks in bin/11707.
2000-12-23 17:19:48 +00:00
wiz
39df6581fe Fix moving a user's home directory with 'useradd -md /new/home/dir user'.
Clarify code (newpwp was referencing the same struct as pwp).
Fixes first part of bin/11707.
2000-12-23 16:29:35 +00:00
wiz
89d963e947 Don't try to create or move directory if only '-d' is given (man page
says '-m' is needed for that). Problem reported by Johnny C. Lam.
2000-12-07 17:44:03 +00:00
simonb
3854f3f705 Fix behaviour of 'useradd -m': it is now a fatal error if the target home
directory already exists.  Previously new skel files from /etc/skel were
copied and permissions/ownerships changed even if the directory already
existed.
2000-11-04 04:31:43 +00:00
simonb
a2358fe791 Remove some debugging cruft in the removal of user home directories
accidently left in from revision 1.25.
2000-11-01 22:35:30 +00:00
simonb
dc598d2a0c Run a "chmod -R u+w <newhomedir>" after copying files from skeldir.
Noted by Hubert Feyrer in private mail.
2000-11-01 22:29:10 +00:00
simonb
2ad83f6dcf Don't let usage messages wrap around on an 80 column terminal.
Problem noted by Hubert Feyrer in private mail.
2000-11-01 22:18:22 +00:00
assar
e89ad55da9 cast pw_change (a time_t) into long and printf it as %ld 2000-10-18 01:45:12 +00:00
simonb
6dfb84a930 For userinfo - if a password change or expiry time_t is 0, print "NEVER"
instead of some date around Jan 1, 1970.
2000-10-17 05:43:10 +00:00
simonb
5114e81f10 Handle -G for the useradd case (usermod was already correct). Also
show warning if a non-existant group is specified.

Patch from PR bin/11123 by David Edmondson.
2000-10-17 05:31:50 +00:00
simonb
97c54a1bab Use flags to set which parts of a passwd entry are to be changed.
Before removing the home directory of a user check that
  + the user does not have uid 0
  + the user is the owner of the directory.
and remove the files using the effective user-id of the user.  Show
a warning if the directory is not removed.

Use asprintf and fgetln for some string work to remove arbitary string
length limitations.

Fixes for PRs bin/11100 and bin/11103.
2000-10-17 04:53:27 +00:00
is
d8302e2d73 More format string cleanups by sommerfeld. 2000-10-11 20:23:46 +00:00
simonb
7ebee5683d Save the "preserve" value in the defaults file.
Use _PATH_CSHELL from <paths.h> instead of the string "/bin/csh".
Don't cast NULL to the pointer type being checked.
2000-10-01 08:56:28 +00:00
agc
9da93f35c8 Add functionality for adding usernames to secondary groups via the
"usermod -G group user" command.

Fixes PR/11071.
2000-09-29 10:37:26 +00:00
agc
4361ae7cb0 Correct a pasto in moduser(), the effect of which was to replace the
contents of the GECOS comment field with the default shell name, when
a user's information was modified.
Fixes PR 11072.
2000-09-26 11:35:48 +00:00
agc
61daa070a6 If we're about to add a user whose specified home directory does
not exist, and the "-m" argument has not been specified, then output
a warning.
2000-09-20 19:28:40 +00:00