From owner-freebsd-current@FreeBSD.ORG Thu Jun 4 07:45:51 2015 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9A0E9B21 for ; Thu, 4 Jun 2015 07:45:51 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8116D1F3C for ; Thu, 4 Jun 2015 07:45:51 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from Xins-MBP.home.us.delphij.net (c-71-202-112-39.hsd1.ca.comcast.net [71.202.112.39]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id A9E5F17D31 for ; Thu, 4 Jun 2015 00:45:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1433403945; x=1433418345; bh=OjK2//XZgW4JRhETah+bd7Hmy2I1BczKVOsqpYFt/B0=; h=Date:From:To:Subject:References:In-Reply-To; b=uZx0VWmSIcQdt215Oz/D8507VzKC2nCAevEY5Ge2oDZrZiUHMihuYOvNCurLVX+DZ auvjCQuINWmaMkC68xcbp8ABJLSxLkAY3Z0BVNmFdLPgYpeczC52oS3zoAnZ37rO6G Rvi/0hJES2/b857R9qQwMOpMDX+0wH7Bi/kjhlus= Message-ID: <55700227.2000804@delphij.net> Date: Thu, 04 Jun 2015 00:45:43 -0700 From: Xin Li User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-current@FreeBSD.org Subject: HEADSUP: password database format change [Was: svn commit: r283981 - head/usr.sbin/pwd_mkdb] References: <201506040724.t547OuIh090193@svn.freebsd.org> In-Reply-To: <201506040724.t547OuIh090193@svn.freebsd.org> X-Forwarded-Message-Id: <201506040724.t547OuIh090193@svn.freebsd.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 07:45:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Please be advised that the password database format have been changed and no longer have legacy, endianness sensitive formatted entries, as of r283981. This change should not have any visible impact to current users other than slightly smaller password databases, as the base system have been changed to use the new, machine independent formatted entries more than 12 years ago, and all modern FreeBSD releases have supported them since 5.x time. Old behavior can be restored by specifying '-l' from command line, if desirable. Please report any breakage as we currently plan to remove the -l, -B and -L options from pwd_mkdb(8) in 12.0-RELEASE. Cheers, - -------- Forwarded Message -------- Subject: svn commit: r283981 - head/usr.sbin/pwd_mkdb Date: Thu, 4 Jun 2015 07:24:56 +0000 (UTC) From: Xin LI To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Author: delphij Date: Thu Jun 4 07:24:56 2015 New Revision: 283981 URL: https://svnweb.freebsd.org/changeset/base/283981 Log: In r113596, version 4 of entries have been added but pwd_mkdb have been generating both new (machine independent) and legacy version entries (endianness sensitive). The base system have been using the new format for quite some time, so disable the generation by default. An interim option, -l, have been added to re-enable old behavior. The -l, -B and -L options are considered deprecated and will be removed in FreeBSD 12.0 release. Modified: head/usr.sbin/pwd_mkdb/pwd_mkdb.8 head/usr.sbin/pwd_mkdb/pwd_mkdb.c Modified: head/usr.sbin/pwd_mkdb/pwd_mkdb.8 ======================================================================== ====== - --- head/usr.sbin/pwd_mkdb/pwd_mkdb.8 Thu Jun 4 06:30:39 2015 (r283980) +++ head/usr.sbin/pwd_mkdb/pwd_mkdb.8 Thu Jun 4 07:24:56 2015 (r283981) @@ -36,7 +36,7 @@ .Nd "generate the password databases" .Sh SYNOPSIS .Nm - -.Op Fl BCiLNp +.Op Fl BCilLNp .Op Fl d Ar directory .Op Fl s Ar cachesize .Op Fl u Ar username @@ -61,14 +61,10 @@ different from the historic Version 7 st .Pp The options are as follows: .Bl -tag -width flag - -.It Fl B - -Store data in big-endian format. .It Fl C Check if the password file is in the correct format. Do not change, add, or remove any files. - -.It Fl L - -Store data in little-endian format. .It Fl N Tell .Nm @@ -116,6 +112,34 @@ encrypted password and the insecure vers The databases are used by the C library password routines (see .Xr getpwent 3 ) . .Pp +By default, +the +.Nm +utility generates new, +machine independent format +.Pq v4 +entries only. +For compatibility with +.Fx 5.0 +and earlier releases, +the +.Fl l +option may be specified, +which enables generation of legacy format +.Pq v3 +entries. +The legacy format entries are endianness dependent. +.Pp +The following options may be specified and will affect the +generation of legacy entries. +.Pp +.Bl -tag -width flag +.It Fl B +Store data in big-endian format. +.It Fl L +Store data in little-endian format. +.El +.Pp The .Nm utility exits zero on success, non-zero on failure. Modified: head/usr.sbin/pwd_mkdb/pwd_mkdb.c ======================================================================== ====== - --- head/usr.sbin/pwd_mkdb/pwd_mkdb.c Thu Jun 4 06:30:39 2015 (r283980) +++ head/usr.sbin/pwd_mkdb/pwd_mkdb.c Thu Jun 4 07:24:56 2015 (r283981) @@ -112,15 +112,15 @@ main(int argc, char *argv[]) char sbuf2[MAXPATHLEN]; char *username; u_int method, methoduid; - - int Cflag, dflag, iflag; + int Cflag, dflag, iflag, lflag; int nblock = 0; - - iflag = dflag = Cflag = 0; + iflag = dflag = Cflag = lflag = 0; strcpy(prefix, _PATH_PWD); makeold = 0; username = NULL; oldfp = NULL; - - while ((ch = getopt(argc, argv, "BCLNd:ips:u:v")) != -1) + while ((ch = getopt(argc, argv, "BCLlNd:ips:u:v")) != -1) switch(ch) { case 'B': /* big-endian output */ openinfo.lorder = BIG_ENDIAN; @@ -128,6 +128,9 @@ main(int argc, char *argv[]) case 'C': /* verify only */ Cflag = 1; break; + case 'l': /* generate legacy entries */ + lflag = 1; + break; case 'L': /* little-endian output */ openinfo.lorder = LITTLE_ENDIAN; break; @@ -465,6 +468,7 @@ main(int argc, char *argv[]) error("put"); } + if (lflag) { /* Create insecure data. (legacy version) */ p = buf; COMPACT(pwd.pw_name); @@ -555,6 +559,7 @@ main(int argc, char *argv[]) error("put"); } } + } /* Create original format password file entry */ if (is_comment && makeold){ /* copy comments */ if (fprintf(oldfp, "%s\n", line) < 0) @@ -583,6 +588,7 @@ main(int argc, char *argv[]) error("put"); if ((sdp->put)(sdp, &key, &data, method) == -1) error("put"); + if (lflag) { tbuf[0] = LEGACY_VERSION(_PW_KEYYPENABLED); key.size = 1; if ((dp->put)(dp, &key, &data, method) == -1) @@ -590,6 +596,7 @@ main(int argc, char *argv[]) if ((sdp->put)(sdp, &key, &data, method) == -1) error("put"); } + } if ((dp->close)(dp) == -1) error("close"); -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVcAIlAAoJEJW2GBstM+nsR7cP/RA7ziz97t0kpc6AVPighAYA yqTuqKPlbVD2oYolDeTqGgR/jYpqZCvBcLZ/TNh6vpEayLrcafQUPby9af6yReU6 bogqDNdzIFnEJekVVEVmPmHCkpJpyZcKMPIoD/AXLQmC90uQxThV5YCXNpgA0gyU ButgI0LoWFNWR5lwfN7c1vnHCA+RRV/1kL0fmrgOwkgtTaHCfy8UWZPb8U5J7NNj dtiTI7kb3wYma5I0O8b2MgPgCpWeYhAzb/ADfXmFXrQt5YyHC3wn81orcQupS/Ch eP9Kg1tAyVrBS7DNN/w4RPAHXTI3V9JUWlLeB1+60rq642TGLTRgYrRhZ8/BqIk6 4DkwyVd89GuFLZnd2/EUu5sK7qSLonr5PtK17WKXu+xsIvzVbNxSrzNJrVPlNvb/ XEpsuWAl6DLZghmzUkquJ0LkAQtk8pqiQrKNFKuoX2xk4tIhpg8+Ayo0wR6M6BXJ BHbpCqOflS6UPK+R8PPQkFmc6/pQiZIjUvW9CU1jEibxXVWkPvk1h7oM0KYCoPBz 7LEM+kUm2EmK6zfe/SWjQMzmbwGQEfPNB8OyxBVjarJ0fI9FnQVJTOlT7NnPK0Lh eJ3vmat6g/MalSws+uPLxjFgJwsf65Q6DVIn5/H4VUGOg0GTT/j26AHCceC1kmF6 AnZW4mR4/ZMNBNdo38Tf =Mvf7 -----END PGP SIGNATURE-----