From owner-svn-src-all@FreeBSD.ORG Tue Nov 4 07:50:51 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2E1BDD00; Tue, 4 Nov 2014 07:50:51 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E91AF2D; Tue, 4 Nov 2014 07:50:51 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sA47oorZ027063; Tue, 4 Nov 2014 07:50:50 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sA47onOm027052; Tue, 4 Nov 2014 07:50:49 GMT (envelope-from bapt@FreeBSD.org) Message-Id: <201411040750.sA47onOm027052@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f From: Baptiste Daroussin Date: Tue, 4 Nov 2014 07:50:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r274082 - in stable/10: etc/mtree lib/libutil usr.sbin/pw usr.sbin/pw/tests X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 07:50:51 -0000 Author: bapt Date: Tue Nov 4 07:50:48 2014 New Revision: 274082 URL: https://svnweb.freebsd.org/changeset/base/274082 Log: MFC: 272445,272578,273772,273779,273782,273786,273787,273791 Add a test for bug 191427 where pw(8) will go into an infinite loop Add some tests for modifying groups When a group is renamed then the group has been invalidated for sure. In that case get the group information using the new name. Fix a regression in pw usermod -G list The user was perperly adding the to different groups from "list" but was not removed from the other groups it could have belong to. Do not delete the group wheel when bad argument is passed to pw groupdel -g Check that the -g argument is actually a number, if not report an error. This argument is converted without checking with atoi(3) later so without this check it converts any alpha entries into 0 meaning it deletes the group wheel Ensure pw userdel -u do not try to remove root Check the uid passed is actually a number as early as possible Fix renaming a group via the gr_copy function Add a regression test to pw(8) because the bug was discovered via using: pw groupmod PR: 193704 [1], 185666 [2], 90114 [3], 187189 [4] Submitted by: Marc de la Gueronniere [4] Reported by: az [1], sub.mesa@gmail.com [2], bkoenig@cs.tu-berlin.de [3], mcdouga9@egr.msu.edu [4] Added: stable/10/usr.sbin/pw/tests/ - copied from r272445, head/usr.sbin/pw/tests/ stable/10/usr.sbin/pw/tests/pw_modify.sh - copied, changed from r272578, head/usr.sbin/pw/tests/pw_modify.sh Modified: stable/10/etc/mtree/BSD.tests.dist stable/10/lib/libutil/gr_util.c stable/10/usr.sbin/pw/Makefile stable/10/usr.sbin/pw/pw_group.c stable/10/usr.sbin/pw/pw_user.c stable/10/usr.sbin/pw/tests/Makefile stable/10/usr.sbin/pw/tests/pw_delete.sh Directory Properties: stable/10/ (props changed) Modified: stable/10/etc/mtree/BSD.tests.dist ============================================================================== --- stable/10/etc/mtree/BSD.tests.dist Tue Nov 4 07:50:20 2014 (r274081) +++ stable/10/etc/mtree/BSD.tests.dist Tue Nov 4 07:50:48 2014 (r274082) @@ -273,6 +273,8 @@ .. newsyslog .. + pw + .. sa .. .. Modified: stable/10/lib/libutil/gr_util.c ============================================================================== --- stable/10/lib/libutil/gr_util.c Tue Nov 4 07:50:20 2014 (r274081) +++ stable/10/lib/libutil/gr_util.c Tue Nov 4 07:50:48 2014 (r274082) @@ -170,14 +170,21 @@ gr_copy(int ffd, int tfd, const struct g size_t len; int eof, readlen; - sgr = gr; + if (old_gr == NULL && gr == NULL) + return(-1); + + sgr = old_gr; + /* deleting a group */ if (gr == NULL) { line = NULL; - if (old_gr == NULL) + } else { + if ((line = gr_make(gr)) == NULL) return (-1); - sgr = old_gr; - } else if ((line = gr_make(gr)) == NULL) - return (-1); + } + + /* adding a group */ + if (sgr == NULL) + sgr = gr; eof = 0; len = 0; Modified: stable/10/usr.sbin/pw/Makefile ============================================================================== --- stable/10/usr.sbin/pw/Makefile Tue Nov 4 07:50:20 2014 (r274081) +++ stable/10/usr.sbin/pw/Makefile Tue Nov 4 07:50:48 2014 (r274082) @@ -1,14 +1,20 @@ # $FreeBSD$ +.include + PROG= pw MAN= pw.conf.5 pw.8 SRCS= pw.c pw_conf.c pw_user.c pw_group.c pw_log.c pw_nis.c pw_vpw.c \ grupd.c pwupd.c fileupd.c psdate.c \ bitmap.c cpdir.c rm_r.c -WARNS?= 2 +WARNS?= 3 DPADD= ${LIBCRYPT} ${LIBUTIL} LDADD= -lcrypt -lutil +.if ${MK_TESTS} != "no" +SUBDIR+= tests +.endif + .include Modified: stable/10/usr.sbin/pw/pw_group.c ============================================================================== --- stable/10/usr.sbin/pw/pw_group.c Tue Nov 4 07:50:20 2014 (r274081) +++ stable/10/usr.sbin/pw/pw_group.c Tue Nov 4 07:50:48 2014 (r274082) @@ -51,6 +51,7 @@ int pw_group(struct userconf * cnf, int mode, struct cargs * args) { int rc; + struct carg *a_newname = getarg(args, 'l'); struct carg *a_name = getarg(args, 'n'); struct carg *a_gid = getarg(args, 'g'); struct carg *arg; @@ -66,6 +67,11 @@ pw_group(struct userconf * cnf, int mode NULL }; + if (a_gid != NULL) { + if (strspn(a_gid->val, "0123456789") != strlen(a_gid->val)) + errx(EX_USAGE, "-g expects a number"); + } + if (mode == M_LOCK || mode == M_UNLOCK) errx(EX_USAGE, "'lock' command is not available for groups"); @@ -140,8 +146,8 @@ pw_group(struct userconf * cnf, int mode if (a_gid) grp->gr_gid = (gid_t) atoi(a_gid->val); - if ((arg = getarg(args, 'l')) != NULL) - grp->gr_name = pw_checkname((u_char *)arg->val, 0); + if (a_newname != NULL) + grp->gr_name = pw_checkname((u_char *)a_newname->val, 0); } else { if (a_name == NULL) /* Required */ errx(EX_DATAERR, "group name required"); @@ -270,8 +276,10 @@ pw_group(struct userconf * cnf, int mode warn("group update"); return EX_IOERR; } + + arg = a_newname != NULL ? a_newname : a_name; /* grp may have been invalidated */ - if ((grp = GETGRNAM(a_name->val)) == NULL) + if ((grp = GETGRNAM(arg->val)) == NULL) errx(EX_SOFTWARE, "group disappeared during update"); pw_log(cnf, mode, W_GROUP, "%s(%ld)", grp->gr_name, (long) grp->gr_gid); Modified: stable/10/usr.sbin/pw/pw_user.c ============================================================================== --- stable/10/usr.sbin/pw/pw_user.c Tue Nov 4 07:50:20 2014 (r274081) +++ stable/10/usr.sbin/pw/pw_user.c Tue Nov 4 07:50:48 2014 (r274082) @@ -321,6 +321,9 @@ pw_user(struct userconf * cnf, int mode, (a_uid = a_name)->ch = 'u'; a_name = NULL; } + } else { + if (strspn(a_uid->val, "0123456789") != strlen(a_uid->val)) + errx(EX_USAGE, "-u expects a number"); } /* @@ -751,7 +754,25 @@ pw_user(struct userconf * cnf, int mode, */ if (mode == M_ADD || getarg(args, 'G') != NULL) { - int i; + int i, j; + /* First remove the user from all group */ + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + char group[MAXLOGNAME]; + if (grp->gr_mem == NULL) + continue; + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i] , pwd->pw_name) != 0) + continue; + for (j = i; grp->gr_mem[j] != NULL ; j++) + grp->gr_mem[j] = grp->gr_mem[j+1]; + strlcpy(group, grp->gr_name, MAXLOGNAME); + chggrent(group, grp); + } + } + ENDGRENT(); + + /* now add to group where needed */ for (i = 0; cnf->groups[i] != NULL; i++) { grp = GETGRNAM(cnf->groups[i]); grp = gr_add(grp, pwd->pw_name); Modified: stable/10/usr.sbin/pw/tests/Makefile ============================================================================== --- head/usr.sbin/pw/tests/Makefile Thu Oct 2 19:53:37 2014 (r272445) +++ stable/10/usr.sbin/pw/tests/Makefile Tue Nov 4 07:50:48 2014 (r274082) @@ -2,7 +2,7 @@ TESTSDIR= ${TESTSBASE}/usr.sbin/pw -ATF_TESTS_SH= pw_delete +ATF_TESTS_SH= pw_delete pw_modify FILES= group helper_functions.shin master.passwd FILESDIR= ${TESTSDIR} Modified: stable/10/usr.sbin/pw/tests/pw_delete.sh ============================================================================== --- head/usr.sbin/pw/tests/pw_delete.sh Thu Oct 2 19:53:37 2014 (r272445) +++ stable/10/usr.sbin/pw/tests/pw_delete.sh Tue Nov 4 07:50:48 2014 (r274082) @@ -18,7 +18,30 @@ rmuser_seperate_group_body() { pw -V ${HOME} userdel test || atf_fail "delete the user" } +atf_test_case group_do_not_delete_wheel_if_group_unkown +group_do_not_delete_wheel_if_group_unkown_head() { + atf_set "descr" "Make sure we do not consider as gid 0 an unknown group" +} + +group_do_not_delete_wheel_if_group_unkown_body() { + populate_etc_skel + atf_check -s exit:0 -o inline:"wheel:*:0:root\n" -x pw -V ${HOME} groupshow wheel + atf_check -e inline:"pw: -g expects a number\n" -s exit:64 -x pw -V ${HOME} groupdel -g I_do_not_exist + atf_check -s exit:0 -o inline:"wheel:*:0:root\n" -x pw -V ${HOME} groupshow wheel +} + +atf_test_case user_do_not_try_to_delete_root_if_user_unkown +user_do_not_try_to_delete_root_if_user_unkown_head() { + atf_set "descr" "Make sure not to try to remove root if deleteing an unknown user" +} + +user_do_not_try_to_delete_root_if_user_unkown_body() { + populate_etc_skel + atf_check -e inline:"pw: -u expects a number\n" -s exit:64 -x pw -V ${HOME} userdel -u plop +} atf_init_test_cases() { atf_add_test_case rmuser_seperate_group + atf_add_test_case group_do_not_delete_wheel_if_group_unkown + atf_add_test_case user_do_not_try_to_delete_root_if_user_unkown } Copied and modified: stable/10/usr.sbin/pw/tests/pw_modify.sh (from r272578, head/usr.sbin/pw/tests/pw_modify.sh) ============================================================================== --- head/usr.sbin/pw/tests/pw_modify.sh Mon Oct 6 00:16:23 2014 (r272578, copy source) +++ stable/10/usr.sbin/pw/tests/pw_modify.sh Tue Nov 4 07:50:48 2014 (r274082) @@ -27,8 +27,54 @@ groupmod_invalid_user_body() { atf_check -s exit:0 pw -V ${HOME} groupmod test -d foo } +atf_test_case groupmod_bug_193704 +groupmod_bug_193704_head() { + atf_set "descr" "Regression test for the #193704 bug" +} +groupmod_bug_193704_body() { + populate_etc_skel + atf_check -s exit:0 -x pw -V ${HOME} groupadd test + atf_check -s exit:0 -x pw -V ${HOME} groupmod test -l newgroupname + atf_check -s exit:65 -e match:"^pw: unknown group" -x pw -V ${HOME} groupshow test +} + +atf_test_case usermod_bug_185666 +usermod_bug_185666_head() { + atf_set "descr" "Regression test for the #185666 bug" +} + +usermod_bug_185666_body() { + populate_etc_skel + atf_check -s exit:0 -x pw -V ${HOME} useradd testuser + atf_check -s exit:0 -x pw -V ${HOME} groupadd testgroup + atf_check -s exit:0 -x pw -V ${HOME} groupadd testgroup2 + atf_check -s exit:0 -x pw -V ${HOME} usermod testuser -G testgroup + atf_check -o inline:"testuser:*:1001:\n" -x pw -V${HOME} groupshow testuser + atf_check -o inline:"testgroup:*:1002:testuser\n" -x pw -V ${HOME} groupshow testgroup + atf_check -o inline:"testgroup2:*:1003:\n" -x pw -V${HOME} groupshow testgroup2 + atf_check -s exit:0 -x pw -V ${HOME} usermod testuser -G testgroup2 + atf_check -o inline:"testuser:*:1001:\n" -x pw -V ${HOME} groupshow testuser + atf_check -o inline:"testgroup:*:1002:\n" -x pw -V ${HOME} groupshow testgroup + atf_check -o inline:"testgroup2:*:1003:testuser\n" -x pw -V ${HOME} groupshow testgroup2 +} + +atf_test_case do_not_duplicate_group_on_gid_change +do_not_duplicate_group_on_gid_change_head() { + atf_set "descr" "Do not duplicate group on gid change" +} + +do_not_duplicate_group_on_gid_change_body() { + populate_etc_skel + atf_check -s exit:0 -x pw -V ${HOME} groupadd testgroup + atf_check -s exit:0 -x pw -V ${HOME} groupmod testgroup -g 12345 + # use grep to see if the entry has not be duplicated + atf_check -o inline:"testgroup:*:12345:\n" -s exit:0 -x grep "^testgroup" ${HOME}/group +} atf_init_test_cases() { atf_add_test_case groupmod_user atf_add_test_case groupmod_invalid_user + atf_add_test_case groupmod_bug_193704 + atf_add_test_case usermod_bug_185666 + atf_add_test_case do_not_duplicate_group_on_gid_change }