Date: 12 Nov 2001 19:01:02 -0000 From: Ted Cabeen <ted@impulse.net> To: FreeBSD-gnats-submit@freebsd.org Cc: Marcus Reid <marcus@impulse.net>, Ken Alker <ken@impulse.net> Subject: bin/31933: pw can interpret numeric name as userid during userdel Message-ID: <20011112190102.57126.qmail@red.impulse.net>
next in thread | raw e-mail | index | archive | help
>Number: 31933
>Category: bin
>Synopsis: pw can interpret numeric name as userid during userdel
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 12 11:10:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Ted Cabeen
>Release: FreeBSD 4.4-RELEASE i386
>Organization:
Impulse Internet Services
>Environment:
System: FreeBSD red.impulse.net 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Wed Oct 17 14:34:57 PDT 2001 root@solaria.impulse.net:/usr/obj/usr/src/sys/RED i386
>Description:
When pw is given a non-existenent numeric username as part of a delete, print
or modify command, it will interpret that username as a uid. This occurs even
if the username was expliclity set using the -n argument. This occurs because
the -n argument is overloaded. It can be used both explicitly, and implicitly
for the initial username/uid argument.
>How-To-Repeat:
root@red# pw useradd -n testpw -u 41001
root@red# id testpw
uid=41001(testpw) gid=41001(testpw) groups=41001(testpw)
root@red# id 41001
uid=41001(testpw) gid=41001(testpw) groups=41001(testpw)
root@red# pw userdel -n 41001
root@red# id testpw
id: testpw: no such user
root@red# id 41001
id: 41001: no such user
>Fix:
This is a patch to the CVS version of pw. It changes the implicit argument
prepended to the initial name/uid argument from "-n" to "--". "--" is an
illegal argument on the command line, so by using it here, we avoid
overloading any of our user given arguments. Besides removing the
overloading from the "-n" argument, we also make sure that we only do the
name->uid conversion if we need to and if the "--" argument isn't NULL.
cvs server: Diffing .
Index: pw.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/pw/pw.c,v
retrieving revision 1.26
diff -c -r1.26 pw.c
*** pw.c 2001/07/09 09:24:01 1.26
--- pw.c 2001/11/12 18:58:37
***************
*** 168,174 ****
} else if (strcmp(argv[1], "help") == 0 && argv[2] == NULL)
cmdhelp(mode, which);
else if (which != -1 && mode != -1)
! addarg(&arglist, 'n', argv[1]);
else
errx(EX_USAGE, "unknown keyword `%s'", argv[1]);
++argv;
--- 168,174 ----
} else if (strcmp(argv[1], "help") == 0 && argv[2] == NULL)
cmdhelp(mode, which);
else if (which != -1 && mode != -1)
! addarg(&arglist, '-', argv[1]);
else
errx(EX_USAGE, "unknown keyword `%s'", argv[1]);
++argv;
Index: pw_user.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/pw/pw_user.c,v
retrieving revision 1.50
diff -c -r1.50 pw_user.c
*** pw_user.c 2001/10/19 10:45:14 1.50
--- pw_user.c 2001/11/12 18:58:38
***************
*** 292,299 ****
return EXIT_SUCCESS;
}
! if ((a_name = getarg(args, 'n')) != NULL)
pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, 0));
a_uid = getarg(args, 'u');
if (a_uid == NULL) {
--- 292,304 ----
return EXIT_SUCCESS;
}
! /* Test both possible name arguments */
! if ((a_name = getarg(args, '-')) != NULL)
pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, 0));
+ if ((arg = getarg(args, 'n')) != NULL) {
+ a_name = arg;
+ pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, 0));
+ }
a_uid = getarg(args, 'u');
if (a_uid == NULL) {
***************
*** 301,311 ****
errx(EX_DATAERR, "user name or id required");
/*
! * Determine whether 'n' switch is name or uid - we don't
* really don't really care which we have, but we need to
* know.
*/
! if (mode != M_ADD && pwd == NULL
&& strspn(a_name->val, "0123456789") == strlen(a_name->val)
&& atoi(a_name->val) > 0) { /* Assume uid */
(a_uid = a_name)->ch = 'u';
--- 306,316 ----
errx(EX_DATAERR, "user name or id required");
/*
! * Determine whether '-' switch is name or uid - we don't
* really don't really care which we have, but we need to
* know.
*/
! if (mode != M_ADD && pwd == NULL && getarg(args, '-') != NULL
&& strspn(a_name->val, "0123456789") == strlen(a_name->val)
&& atoi(a_name->val) > 0) { /* Assume uid */
(a_uid = a_name)->ch = 'u';
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011112190102.57126.qmail>