From owner-svn-src-head@freebsd.org Tue Jul 28 21:49:39 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0BC69ADE84; Tue, 28 Jul 2015 21:49:39 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C74942F8; Tue, 28 Jul 2015 21:49:39 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6SLndJ0050934; Tue, 28 Jul 2015 21:49:39 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6SLndDQ050933; Tue, 28 Jul 2015 21:49:39 GMT (envelope-from bapt@FreeBSD.org) Message-Id: <201507282149.t6SLndDQ050933@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f From: Baptiste Daroussin Date: Tue, 28 Jul 2015 21:49:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285989 - head/usr.sbin/pw X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2015 21:49:40 -0000 Author: bapt Date: Tue Jul 28 21:49:38 2015 New Revision: 285989 URL: https://svnweb.freebsd.org/changeset/base/285989 Log: Reject usermod and userdel if the user concerned is not on the user database supposed to be manipulated This prevent pw usermod creating a new local user when requesting to usermod on a username is defined in LDAP. This issue only happens when modifying the local user database (not inpacting commands when -V or -R are used). PR: 187653 Submitted by: tmwalaszek@gmail.com Modified: head/usr.sbin/pw/pw_user.c Modified: head/usr.sbin/pw/pw_user.c ============================================================================== --- head/usr.sbin/pw/pw_user.c Tue Jul 28 21:47:37 2015 (r285988) +++ head/usr.sbin/pw/pw_user.c Tue Jul 28 21:49:38 2015 (r285989) @@ -310,6 +310,7 @@ pw_user(int mode, char *name, long id, s FILE *fp; char *dmode_c; void *set = NULL; + int valid_type = _PWF_FILES; static struct passwd fakeuser = { @@ -505,6 +506,14 @@ pw_user(int mode, char *name, long id, s errx(EX_NOUSER, "no such user `%s'", name); } + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') + valid_type = _PWF_NIS; + + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) + errx(EX_NOUSER, "no such %s user `%s'", + valid_type == _PWF_FILES ? "local" : "NIS" , name); + if (name == NULL) name = pwd->pw_name; @@ -1076,6 +1085,7 @@ pw_userdel(char *name, long id) char grname[LOGNAMESIZE]; int rc; struct stat st; + int valid_type = _PWF_FILES; if (id < 0 && name == NULL) errx(EX_DATAERR, "username or id required"); @@ -1086,6 +1096,15 @@ pw_userdel(char *name, long id) errx(EX_NOUSER, "no such uid `%ld'", id); errx(EX_NOUSER, "no such user `%s'", name); } + + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') + valid_type = _PWF_NIS; + + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) + errx(EX_NOUSER, "no such %s user `%s'", + valid_type == _PWF_FILES ? "local" : "NIS" , name); + uid = pwd->pw_uid; if (name == NULL) name = pwd->pw_name;