From owner-cvs-all Mon Mar 18 4:19:24 2002 Delivered-To: cvs-all@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 609AD37B43F; Mon, 18 Mar 2002 04:19:04 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020318121903.GMWD1147.rwcrmhc52.attbi.com@blossom.cjclark.org>; Mon, 18 Mar 2002 12:19:03 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2ICJ1t59550; Mon, 18 Mar 2002 04:19:01 -0800 (PST) (envelope-from cjc) Date: Mon, 18 Mar 2002 04:19:01 -0800 From: "Crist J. Clark" To: Dag-Erling Smorgrav , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/chpass chpass.c pw_copy.c pw_copy.h Message-ID: <20020318041901.A59516@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <200203180222.g2I2Ms309830@freefall.freebsd.org> <20020318135824.A1326@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020318135824.A1326@straylight.oblivion.bg>; from roam@ringlet.net on Mon, Mar 18, 2002 at 01:58:24PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Mar 18, 2002 at 01:58:24PM +0200, Peter Pentchev wrote: > On Sun, Mar 17, 2002 at 06:22:53PM -0800, Crist J. Clark wrote: > > cjc 2002/03/17 18:22:53 PST > > > > Modified files: > > usr.bin/chpass chpass.c pw_copy.c pw_copy.h > > Log: > > It was possible for an unprivileged user to tie up the password > > information (no one else can vipw(8), chpass(1), or even passwd(1)), > > either on purpose or by accident, until an administrator manually > > intervened. Instead, do not lock the master.passwd file while a user > > is editing his information. But once we go to write the new > > information, check that the modified user's information has not > > changed in the password database since we started. Abort the changes > > if it has. > > > > Add a $FreeBSD$ to pw_copy.h. > > > > PR: i386/35816 > > Obtained from: NetBSD > > MFC after: 1 week > > [des@ CC'd because of a proposed libpam patch] > > Errr... did this really go through a buildworld? :) > I think that at least the attached patches are needed to catch up > with pw_copy.c's including pw_scan.h and pw_copy()'s growing a fourth > parameter.. Sorry, that kind of dependency never occurred to me. But I thought they did survive a buildworld (not that I actually did it to check these changes). This is all quite a mess. We have chpass(8) using __pw_scan from libc and source in vipw(8), and PAM modules sharing all of this code too. Wouldn't the Right Thing be to put these functions in a library somewhere? I think NetBSD has a lot of this stuffed in libutil. Thanks for the patches. The PAM stuff look good, DES? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message