Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 04 Jun 2015 00:45:43 -0700
From:      Xin Li <delphij@delphij.net>
To:        freebsd-current@FreeBSD.org
Subject:   HEADSUP: password database format change [Was: svn commit: r283981 - head/usr.sbin/pwd_mkdb]
Message-ID:  <55700227.2000804@delphij.net>
In-Reply-To: <201506040724.t547OuIh090193@svn.freebsd.org>
References:  <201506040724.t547OuIh090193@svn.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Please be advised that the password database format have been changed
and no longer have legacy, endianness sensitive formatted entries, as
of r283981.

This change should not have any visible impact to current users other
than slightly smaller password databases, as the base system have been
changed to use the new, machine independent formatted entries more
than 12 years ago, and all modern FreeBSD releases have supported them
since 5.x time.

Old behavior can be restored by specifying '-l' from command line, if
desirable.  Please report any breakage as we currently plan to remove
the -l, -B and -L options from pwd_mkdb(8) in 12.0-RELEASE.

Cheers,


- -------- Forwarded Message --------
Subject: svn commit: r283981 - head/usr.sbin/pwd_mkdb
Date: Thu, 4 Jun 2015 07:24:56 +0000 (UTC)
From: Xin LI <delphij@FreeBSD.org>
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
svn-src-head@freebsd.org

Author: delphij
Date: Thu Jun  4 07:24:56 2015
New Revision: 283981
URL: https://svnweb.freebsd.org/changeset/base/283981

Log:
  In r113596, version 4 of entries have been added but pwd_mkdb have
  been generating both new (machine independent) and legacy version
  entries (endianness sensitive).

  The base system have been using the new format for quite some time,
  so disable the generation by default.

  An interim option, -l, have been added to re-enable old behavior.
  The -l, -B and -L options are considered deprecated and will be
  removed in FreeBSD 12.0 release.

Modified:
  head/usr.sbin/pwd_mkdb/pwd_mkdb.8
  head/usr.sbin/pwd_mkdb/pwd_mkdb.c

Modified: head/usr.sbin/pwd_mkdb/pwd_mkdb.8
========================================================================
======
- --- head/usr.sbin/pwd_mkdb/pwd_mkdb.8	Thu Jun  4 06:30:39 2015	(r283980)
+++ head/usr.sbin/pwd_mkdb/pwd_mkdb.8	Thu Jun  4 07:24:56 2015	(r283981)
@@ -36,7 +36,7 @@
 .Nd "generate the password databases"
 .Sh SYNOPSIS
 .Nm
- -.Op Fl BCiLNp
+.Op Fl BCilLNp
 .Op Fl d Ar directory
 .Op Fl s Ar cachesize
 .Op Fl u Ar username
@@ -61,14 +61,10 @@ different from the historic Version 7 st
 .Pp
 The options are as follows:
 .Bl -tag -width flag
- -.It Fl B
- -Store data in big-endian format.
 .It Fl C
 Check if the password file is in the correct format.
 Do not
 change, add, or remove any files.
- -.It Fl L
- -Store data in little-endian format.
 .It Fl N
 Tell
 .Nm
@@ -116,6 +112,34 @@ encrypted password and the insecure vers
 The databases are used by the C library password routines (see
 .Xr getpwent 3 ) .
 .Pp
+By default,
+the
+.Nm
+utility generates new,
+machine independent format
+.Pq v4
+entries only.
+For compatibility with
+.Fx 5.0
+and earlier releases,
+the
+.Fl l
+option may be specified,
+which enables generation of legacy format
+.Pq v3
+entries.
+The legacy format entries are endianness dependent.
+.Pp
+The following options may be specified and will affect the
+generation of legacy entries.
+.Pp
+.Bl -tag -width flag
+.It Fl B
+Store data in big-endian format.
+.It Fl L
+Store data in little-endian format.
+.El
+.Pp
 The
 .Nm
 utility exits zero on success, non-zero on failure.

Modified: head/usr.sbin/pwd_mkdb/pwd_mkdb.c
========================================================================
======
- --- head/usr.sbin/pwd_mkdb/pwd_mkdb.c	Thu Jun  4 06:30:39 2015	(r283980)
+++ head/usr.sbin/pwd_mkdb/pwd_mkdb.c	Thu Jun  4 07:24:56 2015	(r283981)
@@ -112,15 +112,15 @@ main(int argc, char *argv[])
 	char sbuf2[MAXPATHLEN];
 	char *username;
 	u_int method, methoduid;
- -	int Cflag, dflag, iflag;
+	int Cflag, dflag, iflag, lflag;
 	int nblock = 0;

- -	iflag = dflag = Cflag = 0;
+	iflag = dflag = Cflag = lflag = 0;
 	strcpy(prefix, _PATH_PWD);
 	makeold = 0;
 	username = NULL;
 	oldfp = NULL;
- -	while ((ch = getopt(argc, argv, "BCLNd:ips:u:v")) != -1)
+	while ((ch = getopt(argc, argv, "BCLlNd:ips:u:v")) != -1)
 		switch(ch) {
 		case 'B':			/* big-endian output */
 			openinfo.lorder = BIG_ENDIAN;
@@ -128,6 +128,9 @@ main(int argc, char *argv[])
 		case 'C':                       /* verify only */
 			Cflag = 1;
 			break;
+		case 'l':			/* generate legacy entries */
+			lflag = 1;
+			break;
 		case 'L':			/* little-endian output */
 			openinfo.lorder = LITTLE_ENDIAN;
 			break;
@@ -465,6 +468,7 @@ main(int argc, char *argv[])
 					error("put");
 			}

+			if (lflag) {
 			/* Create insecure data. (legacy version) */
 			p = buf;
 			COMPACT(pwd.pw_name);
@@ -555,6 +559,7 @@ main(int argc, char *argv[])
 					error("put");
 			}
 		}
+		}
 		/* Create original format password file entry */
 		if (is_comment && makeold){	/* copy comments */
 			if (fprintf(oldfp, "%s\n", line) < 0)
@@ -583,6 +588,7 @@ main(int argc, char *argv[])
 			error("put");
 		if ((sdp->put)(sdp, &key, &data, method) == -1)
 			error("put");
+		if (lflag) {
 		tbuf[0] = LEGACY_VERSION(_PW_KEYYPENABLED);
 		key.size = 1;
 		if ((dp->put)(dp, &key, &data, method) == -1)
@@ -590,6 +596,7 @@ main(int argc, char *argv[])
 		if ((sdp->put)(sdp, &key, &data, method) == -1)
 			error("put");
 	}
+	}

 	if ((dp->close)(dp) == -1)
 		error("close");



-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVcAIlAAoJEJW2GBstM+nsR7cP/RA7ziz97t0kpc6AVPighAYA
yqTuqKPlbVD2oYolDeTqGgR/jYpqZCvBcLZ/TNh6vpEayLrcafQUPby9af6yReU6
bogqDNdzIFnEJekVVEVmPmHCkpJpyZcKMPIoD/AXLQmC90uQxThV5YCXNpgA0gyU
ButgI0LoWFNWR5lwfN7c1vnHCA+RRV/1kL0fmrgOwkgtTaHCfy8UWZPb8U5J7NNj
dtiTI7kb3wYma5I0O8b2MgPgCpWeYhAzb/ADfXmFXrQt5YyHC3wn81orcQupS/Ch
eP9Kg1tAyVrBS7DNN/w4RPAHXTI3V9JUWlLeB1+60rq642TGLTRgYrRhZ8/BqIk6
4DkwyVd89GuFLZnd2/EUu5sK7qSLonr5PtK17WKXu+xsIvzVbNxSrzNJrVPlNvb/
XEpsuWAl6DLZghmzUkquJ0LkAQtk8pqiQrKNFKuoX2xk4tIhpg8+Ayo0wR6M6BXJ
BHbpCqOflS6UPK+R8PPQkFmc6/pQiZIjUvW9CU1jEibxXVWkPvk1h7oM0KYCoPBz
7LEM+kUm2EmK6zfe/SWjQMzmbwGQEfPNB8OyxBVjarJ0fI9FnQVJTOlT7NnPK0Lh
eJ3vmat6g/MalSws+uPLxjFgJwsf65Q6DVIn5/H4VUGOg0GTT/j26AHCceC1kmF6
AnZW4mR4/ZMNBNdo38Tf
=Mvf7
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55700227.2000804>