diff options
28 files changed, 782 insertions, 264 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1 index d4c7e48..56e78d6 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -882,7 +882,7 @@ distributeworld installworld: _installcheck_world ${IMAKEENV} rm -rf ${INSTALLTMP} .if make(distributeworld) .for dist in ${EXTRA_DISTRIBUTIONS} - find ${DESTDIR}/${DISTDIR}/${dist} -mindepth 1 -empty -delete + find ${DESTDIR}/${DISTDIR}/${dist} -mindepth 1 -type d -empty -delete .endfor .if defined(NO_ROOT) .for dist in base ${EXTRA_DISTRIBUTIONS} diff --git a/contrib/libarchive/README b/contrib/libarchive/README deleted file mode 100644 index 180d284..0000000 --- a/contrib/libarchive/README +++ /dev/null @@ -1,163 +0,0 @@ -README for libarchive bundle. - -Questions? Issues? - * http://www.libarchive.org is the home for ongoing - libarchive development, including documentation, and - links to the libarchive mailing lists. - * To report an issue, use the issue tracker at - https://github.com/libarchive/libarchive/issues - * To submit an enhancement to libarchive, please submit - a pull request via GitHub. - https://github.com/libarchive/libarchive/pulls - -This distribution bundle includes the following components: - * libarchive: a library for reading and writing streaming archives - * tar: the 'bsdtar' program is a full-featured 'tar' - implementation built on libarchive - * cpio: the 'bsdcpio' program is a different interface to - essentially the same functionality - * cat: the 'bsdcat' program is a simple replacement tool for - zcat, bzcat, xzcat, and such - * examples: Some small example programs that you may find useful. - * examples/minitar: a compact sample demonstrating use of libarchive. - * contrib: Various items sent to me by third parties; - please contact the authors with any questions. - -The top-level directory contains the following information files: - * NEWS - highlights of recent changes - * COPYING - what you can do with this - * INSTALL - installation instructions - * README - this file - * configure - configuration script, see INSTALL for details. - * CMakeLists.txt - input for "cmake" build tool, see INSTALL - -The following files in the top-level directory are used by the -'configure' script: - * Makefile.am, aclocal.m4, configure.ac - - used to build this distribution, only needed by maintainers - * Makefile.in, config.h.in - - templates used by configure script - -Guide to Documentation installed by this system: - * bsdtar.1 explains the use of the bsdtar program - * bsdcpio.1 explains the use of the bsdcpio program - * bsdcat.1 explains the use of the bsdcat program - * libarchive.3 gives an overview of the library as a whole - * archive_read.3, archive_write.3, archive_write_disk.3, and - archive_read_disk.3 provide detailed calling sequences for the read - and write APIs - * archive_entry.3 details the "struct archive_entry" utility class - * archive_internals.3 provides some insight into libarchive's - internal structure and operation. - * libarchive-formats.5 documents the file formats supported by the library - * cpio.5, mtree.5, and tar.5 provide detailed information about these - popular archive formats, including hard-to-find details about - modern cpio and tar variants. -The manual pages above are provided in the 'doc' directory in -a number of different formats. - -You should also read the copious comments in "archive.h" and the -source code for the sample programs for more details. Please let us -know about any errors or omissions you find. - -Currently, the library automatically detects and reads the following fomats: - * GNU tar format (including GNU long filenames, long link names, and sparse files) - * Solaris 9 extended tar format (including ACLs) - * Old V7 tar archives - * POSIX ustar - * POSIX pax interchange format - * POSIX octet-oriented cpio - * SVR4 ASCII cpio - * POSIX octet-oriented cpio - * Binary cpio (big-endian or little-endian) - * ISO9660 CD-ROM images (with optional Rockridge or Joliet extensions) - * ZIP archives (with uncompressed or "deflate" compressed entries) - * GNU and BSD 'ar' archives - * 'mtree' format - * 7-Zip archives - * Microsoft CAB format - * LHA and LZH archives - * RAR archives - * XAR archives - -The library also detects and handles any of the following before evaluating the archive: - * uuencoded files - * files with RPM wrapper - * gzip compression - * bzip2 compression - * compress/LZW compression - * lzma, lzip, and xz compression - * lz4 compression - * lzop compression - -The library can create archives in any of the following formats: - * POSIX ustar - * POSIX pax interchange format - * "restricted" pax format, which will create ustar archives except for - entries that require pax extensions (for long filenames, ACLs, etc). - * Old GNU tar format - * Old V7 tar format - * POSIX octet-oriented cpio - * SVR4 "newc" cpio - * shar archives - * ZIP archives (with uncompressed or "deflate" compressed entries) - * GNU and BSD 'ar' archives - * 'mtree' format - * ISO9660 format - * 7-Zip archives - * XAR archives - -When creating archives, the result can be filtered with any of the following: - * uuencode - * gzip compression - * bzip2 compression - * compress/LZW compression - * lzma, lzip, and xz compression - * lz4 compression - * lzop compression - -Notes about the library architecture: - - * This is a heavily stream-oriented system. There is no direct - support for in-place modification or random access. - - * The library is designed to be extended with new compression and - archive formats. The only requirement is that the format be - readable or writable as a stream and that each archive entry be - independent. There are articles on the libarchive Wiki explaining - how to extend libarchive. - - * On read, compression and format are always detected automatically. - - * I've attempted to minimize static link pollution. If you don't - explicitly invoke a particular feature (such as support for a - particular compression or format), it won't get pulled in to - statically-linked programs. In particular, if you don't explicitly - enable a particular compression or decompression support, you won't - need to link against the corresponding compression or decompression - libraries. This also reduces the size of statically-linked - binaries in environments where that matters. - - * On read, the library accepts whatever blocks you hand it. - Your read callback is free to pass the library a byte at a time - or mmap the entire archive and give it to the library at once. - On write, the library always produces correctly-blocked output. - - * The object-style approach allows you to have multiple archive streams - open at once. bsdtar uses this in its "@archive" extension. - - * The archive itself is read/written using callback functions. - You can read an archive directly from an in-memory buffer or - write it to a socket, if you wish. There are some utility - functions to provide easy-to-use "open file," etc, capabilities. - - * The read/write APIs are designed to allow individual entries - to be read or written to any data source: You can create - a block of data in memory and add it to a tar archive without - first writing a temporary file. You can also read an entry from - an archive and write the data directly to a socket. If you want - to read/write entries to disk, there are convenience functions to - make this especially easy. - - * Note: "pax interchange format" is really an extended tar format, - despite what the name says. diff --git a/contrib/libarchive/README.md b/contrib/libarchive/README.md new file mode 100644 index 0000000..be6c13b --- /dev/null +++ b/contrib/libarchive/README.md @@ -0,0 +1,222 @@ +# Welcome to libarchive! + +The libarchive project develops a portable, efficient C library that +can read and write streaming archives in a variety of formats. It +also includes implementations of the common `tar`, `cpio`, and `zcat` +command-line tools that use the libarchive library. + +## Questions? Issues? + +* http://www.libarchive.org is the home for ongoing + libarchive development, including documentation, + and links to the libarchive mailing lists. +* To report an issue, use the issue tracker at + https://github.com/libarchive/libarchive/issues +* To submit an enhancement to libarchive, please + submit a pull request via GitHub: https://github.com/libarchive/libarchive/pulls + +## Contents of the Distribution + +This distribution bundle includes the following major components: + +* **libarchive**: a library for reading and writing streaming archives +* **tar**: the 'bsdtar' program is a full-featured 'tar' implementation built on libarchive +* **cpio**: the 'bsdcpio' program is a different interface to essentially the same functionality +* **cat**: the 'bsdcat' program is a simple replacement tool for zcat, bzcat, xzcat, and such +* **examples**: Some small example programs that you may find useful. +* **examples/minitar**: a compact sample demonstrating use of libarchive. +* **contrib**: Various items sent to me by third parties; please contact the authors with any questions. + +The top-level directory contains the following information files: + +* **NEWS** - highlights of recent changes +* **COPYING** - what you can do with this +* **INSTALL** - installation instructions +* **README** - this file +* **CMakeLists.txt** - input for "cmake" build tool, see INSTALL +* **configure** - configuration script, see INSTALL for details. If your copy of the source lacks a `configure` script, you can try to construct it by running the script in `build/autogen.sh` (or use `cmake`). + +The following files in the top-level directory are used by the 'configure' script: +* `Makefile.am`, `aclocal.m4`, `configure.ac` - used to build this distribution, only needed by maintainers +* `Makefile.in`, `config.h.in` - templates used by configure script + +## Documentation + +In addition to the informational articles and documentation +in the online [libarchive Wiki](https://github.com/libarchive/libarchive/wiki), +the distribution also includes a number of manual pages: + + * bsdtar.1 explains the use of the bsdtar program + * bsdcpio.1 explains the use of the bsdcpio program + * bsdcat.1 explains the use of the bsdcat program + * libarchive.3 gives an overview of the library as a whole + * archive_read.3, archive_write.3, archive_write_disk.3, and + archive_read_disk.3 provide detailed calling sequences for the read + and write APIs + * archive_entry.3 details the "struct archive_entry" utility class + * archive_internals.3 provides some insight into libarchive's + internal structure and operation. + * libarchive-formats.5 documents the file formats supported by the library + * cpio.5, mtree.5, and tar.5 provide detailed information about these + popular archive formats, including hard-to-find details about + modern cpio and tar variants. + +The manual pages above are provided in the 'doc' directory in +a number of different formats. + +You should also read the copious comments in `archive.h` and the +source code for the sample programs for more details. Please let us +know about any errors or omissions you find. + +## Supported Formats + +Currently, the library automatically detects and reads the following fomats: + * Old V7 tar archives + * POSIX ustar + * GNU tar format (including GNU long filenames, long link names, and sparse files) + * Solaris 9 extended tar format (including ACLs) + * POSIX pax interchange format + * POSIX octet-oriented cpio + * SVR4 ASCII cpio + * POSIX octet-oriented cpio + * Binary cpio (big-endian or little-endian) + * ISO9660 CD-ROM images (with optional Rockridge or Joliet extensions) + * ZIP archives (with uncompressed or "deflate" compressed entries, including support for encrypted Zip archives) + * GNU and BSD 'ar' archives + * 'mtree' format + * 7-Zip archives + * Microsoft CAB format + * LHA and LZH archives + * RAR archives (with some limitations due to RAR's proprietary status) + * XAR archives + +The library also detects and handles any of the following before evaluating the archive: + * uuencoded files + * files with RPM wrapper + * gzip compression + * bzip2 compression + * compress/LZW compression + * lzma, lzip, and xz compression + * lz4 compression + * lzop compression + +The library can create archives in any of the following formats: + * POSIX ustar + * POSIX pax interchange format + * "restricted" pax format, which will create ustar archives except for + entries that require pax extensions (for long filenames, ACLs, etc). + * Old GNU tar format + * Old V7 tar format + * POSIX octet-oriented cpio + * SVR4 "newc" cpio + * shar archives + * ZIP archives (with uncompressed or "deflate" compressed entries) + * GNU and BSD 'ar' archives + * 'mtree' format + * ISO9660 format + * 7-Zip archives + * XAR archives + +When creating archives, the result can be filtered with any of the following: + * uuencode + * gzip compression + * bzip2 compression + * compress/LZW compression + * lzma, lzip, and xz compression + * lz4 compression + * lzop compression + +## Notes about the Library Design + +The following notes address many of the most common +questions we are asked about libarchive: + +* This is a heavily stream-oriented system. That means that + it is optimized to read or write the archive in a single + pass from beginning to end. For example, this allows + libarchive to process archives too large to store on disk + by processing them on-the-fly as they are read from or + written to a network or tape drive. This also makes + libarchive useful for tools that need to produce + archives on-the-fly (such as webservers that provide + archived contents of a users account). + +* In-place modification and random access to the contents + of an archive are not directly supported. For some formats, + this is not an issue: For example, tar.gz archives are not + designed for random access. In some other cases, libarchive + can re-open an archive and scan it from the beginning quickly + enough to provide the needed abilities even without true + random access. Of course, some applications do require true + random access; those applications should consider alternatives + to libarchive. + +* The library is designed to be extended with new compression and + archive formats. The only requirement is that the format be + readable or writable as a stream and that each archive entry be + independent. There are articles on the libarchive Wiki explaining + how to extend libarchive. + +* On read, compression and format are always detected automatically. + +* The same API is used for all formats; in particular, it's very + easy for software using libarchive to transparently handle + any of libarchive's archiving formats. + +* Libarchive's automatic support for decompression can be used + without archiving by explicitly selecting the "raw" and "empty" + formats. + +* I've attempted to minimize static link pollution. If you don't + explicitly invoke a particular feature (such as support for a + particular compression or format), it won't get pulled in to + statically-linked programs. In particular, if you don't explicitly + enable a particular compression or decompression support, you won't + need to link against the corresponding compression or decompression + libraries. This also reduces the size of statically-linked + binaries in environments where that matters. + +* The library is generally _thread safe_ depending on the platform: + it does not define any global variables of its own. However, some + platforms do not provide fully thread-safe versions of key C library + functions. On those platforms, libarchive will use the non-thread-safe + functions. Patches to improve this are of great interest to us. + +* In particular, libarchive's modules to read or write a directory + tree do use `chdir()` to optimize the directory traversals. This + can cause problems for programs that expect to do disk access from + multiple threads. Of course, those modules are completely + optional and you can use the rest of libarchive without them. + +* The library is _not_ thread aware, however. It does no locking + or thread management of any kind. If you create a libarchive + object and need to access it from multiple threads, you will + need to provide your own locking. + +* On read, the library accepts whatever blocks you hand it. + Your read callback is free to pass the library a byte at a time + or mmap the entire archive and give it to the library at once. + On write, the library always produces correctly-blocked output. + +* The object-style approach allows you to have multiple archive streams + open at once. bsdtar uses this in its "@archive" extension. + +* The archive itself is read/written using callback functions. + You can read an archive directly from an in-memory buffer or + write it to a socket, if you wish. There are some utility + functions to provide easy-to-use "open file," etc, capabilities. + +* The read/write APIs are designed to allow individual entries + to be read or written to any data source: You can create + a block of data in memory and add it to a tar archive without + first writing a temporary file. You can also read an entry from + an archive and write the data directly to a socket. If you want + to read/write entries to disk, there are convenience functions to + make this especially easy. + +* Note: The "pax interchange format" is a POSIX standard extended tar + format that should be used when the older _ustar_ format is not + appropriate. It has many advantages over other tar formats + (including the legacy GNU tar format) and is widely supported by + current tar implementations. + diff --git a/contrib/libarchive/libarchive/archive_acl.c b/contrib/libarchive/libarchive/archive_acl.c index bf4b610..d128920 100644 --- a/contrib/libarchive/libarchive/archive_acl.c +++ b/contrib/libarchive/libarchive/archive_acl.c @@ -707,10 +707,11 @@ archive_acl_text_l(struct archive_acl *acl, int flags, if (r != 0) return (-1); *p++ = separator; - if (flags & ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID) + if (name == NULL || (flags & ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID)) { id = ap->id; - else + } else { id = -1; + } append_entry(&p, NULL, ap->tag, name, ap->permset, id); count++; diff --git a/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c b/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c index 29b4b6c..f2148da 100644 --- a/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c +++ b/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c @@ -419,12 +419,32 @@ setup_acls(struct archive_read_disk *a, if (accpath == NULL) accpath = archive_entry_pathname(entry); + if (*fd < 0 && a->tree != NULL) { + if (a->follow_symlinks || + archive_entry_filetype(entry) != AE_IFLNK) + *fd = a->open_on_current_dir(a->tree, + accpath, O_RDONLY | O_NONBLOCK); + if (*fd < 0) { + if (a->tree_enter_working_dir(a->tree) != 0) { + archive_set_error(&a->archive, errno, + "Couldn't access %s", accpath); + return (ARCHIVE_FAILED); + } + } + } + archive_entry_acl_clear(entry); + acl = NULL; + #ifdef ACL_TYPE_NFS4 /* Try NFS4 ACL first. */ if (*fd >= 0) +#if HAVE_ACL_GET_FD_NP + acl = acl_get_fd_np(*fd, ACL_TYPE_NFS4); +#else acl = acl_get_fd(*fd); +#endif #if HAVE_ACL_GET_LINK_NP else if (!a->follow_symlinks) acl = acl_get_link_np(accpath, ACL_TYPE_NFS4); @@ -437,12 +457,19 @@ setup_acls(struct archive_read_disk *a, #endif else acl = acl_get_file(accpath, ACL_TYPE_NFS4); + #if HAVE_ACL_IS_TRIVIAL_NP - /* Ignore "trivial" ACLs that just mirror the file mode. */ - acl_is_trivial_np(acl, &r); - if (r) { - acl_free(acl); - acl = NULL; + if (acl != NULL && acl_is_trivial_np(acl, &r) == 0) { + /* Ignore "trivial" ACLs that just mirror the file mode. */ + if (r) { + acl_free(acl); + acl = NULL; + /* + * Simultaneous NFSv4 and POSIX.1e ACLs for the same + * entry are not allowed, so we should return here + */ + return (ARCHIVE_OK); + } } #endif if (acl != NULL) { @@ -450,7 +477,7 @@ setup_acls(struct archive_read_disk *a, acl_free(acl); return (ARCHIVE_OK); } -#endif +#endif /* ACL_TYPE_NFS4 */ /* Retrieve access ACL from file. */ if (*fd >= 0) @@ -467,10 +494,22 @@ setup_acls(struct archive_read_disk *a, #endif else acl = acl_get_file(accpath, ACL_TYPE_ACCESS); + +#if HAVE_ACL_IS_TRIVIAL_NP + /* Ignore "trivial" ACLs that just mirror the file mode. */ + if (acl != NULL && acl_is_trivial_np(acl, &r) == 0) { + if (r) { + acl_free(acl); + acl = NULL; + } + } +#endif + if (acl != NULL) { translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_ACCESS); acl_free(acl); + acl = NULL; } /* Only directories can have default ACLs. */ diff --git a/contrib/libarchive/libarchive/archive_read_disk_posix.c b/contrib/libarchive/libarchive/archive_read_disk_posix.c index 5901a87..19604b6 100644 --- a/contrib/libarchive/libarchive/archive_read_disk_posix.c +++ b/contrib/libarchive/libarchive/archive_read_disk_posix.c @@ -1504,10 +1504,19 @@ setup_current_filesystem(struct archive_read_disk *a) struct tree *t = a->tree; struct statfs sfs; #if defined(HAVE_GETVFSBYNAME) && defined(VFCF_SYNTHETIC) -# if defined(HAVE_STRUCT_VFSCONF) - struct vfsconf vfc; -# else +/* TODO: configure should set GETVFSBYNAME_ARG_TYPE to make + * this accurate; some platforms have both and we need the one that's + * used by getvfsbyname() + * + * Then the following would become: + * #if defined(GETVFSBYNAME_ARG_TYPE) + * GETVFSBYNAME_ARG_TYPE vfc; + * #endif + */ +# if defined(HAVE_STRUCT_XVFSCONF) struct xvfsconf vfc; +# else + struct vfsconf vfc; # endif #endif int r, xr = 0; diff --git a/contrib/libarchive/libarchive/test/test_acl_freebsd_posix1e.c b/contrib/libarchive/libarchive/test/test_acl_freebsd_posix1e.c index 36f9499..2eb0a00 100644 --- a/contrib/libarchive/libarchive/test/test_acl_freebsd_posix1e.c +++ b/contrib/libarchive/libarchive/test/test_acl_freebsd_posix1e.c @@ -70,15 +70,9 @@ set_acls(struct archive_entry *ae, struct myacl_t *acls) } static int -acl_match(acl_entry_t aclent, struct myacl_t *myacl) -{ - gid_t g, *gp; - uid_t u, *up; - acl_tag_t tag_type; - acl_permset_t opaque_ps; +acl_entry_get_perm(acl_entry_t aclent) { int permset = 0; - - acl_get_tag_type(aclent, &tag_type); + acl_permset_t opaque_ps; /* translate the silly opaque permset to a bitmap */ acl_get_permset(aclent, &opaque_ps); @@ -88,10 +82,61 @@ acl_match(acl_entry_t aclent, struct myacl_t *myacl) permset |= ARCHIVE_ENTRY_ACL_WRITE; if (acl_get_perm_np(opaque_ps, ACL_READ)) permset |= ARCHIVE_ENTRY_ACL_READ; + return permset; +} + +#if 0 +static int +acl_get_specific_entry(acl_t acl, acl_tag_t requested_tag_type, int requested_tag) { + int entry_id = ACL_FIRST_ENTRY; + acl_entry_t acl_entry; + acl_tag_t acl_tag_type; + + while (1 == acl_get_entry(acl, entry_id, &acl_entry)) { + /* After the first time... */ + entry_id = ACL_NEXT_ENTRY; + + /* If this matches, return perm mask */ + acl_get_tag_type(acl_entry, &acl_tag_type); + if (acl_tag_type == requested_tag_type) { + switch (acl_tag_type) { + case ACL_USER_OBJ: + if ((uid_t)requested_tag == *(uid_t *)(acl_get_qualifier(acl_entry))) { + return acl_entry_get_perm(acl_entry); + } + break; + case ACL_GROUP_OBJ: + if ((gid_t)requested_tag == *(gid_t *)(acl_get_qualifier(acl_entry))) { + return acl_entry_get_perm(acl_entry); + } + break; + case ACL_USER: + case ACL_GROUP: + case ACL_OTHER: + return acl_entry_get_perm(acl_entry); + default: + failure("Unexpected ACL tag type"); + assert(0); + } + } + - if (permset != myacl->permset) + } + return -1; +} +#endif + +static int +acl_match(acl_entry_t aclent, struct myacl_t *myacl) +{ + gid_t g, *gp; + uid_t u, *up; + acl_tag_t tag_type; + + if (myacl->permset != acl_entry_get_perm(aclent)) return (0); + acl_get_tag_type(aclent, &tag_type); switch (tag_type) { case ACL_USER_OBJ: if (myacl->tag != ARCHIVE_ENTRY_ACL_USER_OBJ) return (0); @@ -190,7 +235,7 @@ compare_acls(acl_t acl, struct myacl_t *myacls) * Verify ACL restore-to-disk. This test is FreeBSD-specific. */ -DEFINE_TEST(test_acl_freebsd_posix1e) +DEFINE_TEST(test_acl_freebsd_posix1e_restore) { #if !defined(__FreeBSD__) skipping("FreeBSD-specific ACL restore test"); @@ -263,3 +308,111 @@ DEFINE_TEST(test_acl_freebsd_posix1e) acl_free(acl); #endif } + +/* + * Verify ACL reaed-from-disk. This test is FreeBSD-specific. + */ +DEFINE_TEST(test_acl_freebsd_posix1e_read) +{ +#if !defined(__FreeBSD__) + skipping("FreeBSD-specific ACL read test"); +#elif __FreeBSD__ < 5 + skipping("ACL read supported only on FreeBSD 5.0 and later"); +#else + struct archive *a; + struct archive_entry *ae; + int n, fd; + const char *acl1_text, *acl2_text; + acl_t acl1, acl2; + + /* + * Manually construct a directory and two files with + * different ACLs. This also serves to verify that ACLs + * are supported on the local filesystem. + */ + + /* Create a test file f1 with acl1 */ + acl1_text = "user::rwx,group::rwx,other::rwx,user:1:rw-,group:15:r-x,mask::rwx"; + acl1 = acl_from_text(acl1_text); + assert((void *)acl1 != NULL); + fd = open("f1", O_WRONLY | O_CREAT | O_EXCL, 0777); + failure("Could not create test file?!"); + if (!assert(fd >= 0)) { + acl_free(acl1); + return; + } + n = acl_set_fd(fd, acl1); + acl_free(acl1); + if (n != 0 && errno == EOPNOTSUPP) { + close(fd); + skipping("ACL tests require that ACL support be enabled on the filesystem"); + return; + } + if (n != 0 && errno == EINVAL) { + close(fd); + skipping("This filesystem does not support POSIX.1e ACLs"); + return; + } + failure("acl_set_fd(): errno = %d (%s)", + errno, strerror(errno)); + assertEqualInt(0, n); + close(fd); + + assertMakeDir("d", 0700); + + /* + * Create file d/f1 with acl2 + * + * This differs from acl1 in the u:1: and g:15: permissions. + * + * This file deliberately has the same name but a different ACL. + * Github Issue #777 explains how libarchive's directory traversal + * did not always correctly enter directories before attempting + * to read ACLs, resulting in reading the ACL from a like-named + * file in the wrong directory. + */ + acl2_text = "user::rwx,group::rwx,other::---,user:1:r--,group:15:r--,mask::rwx"; + acl2 = acl_from_text(acl2_text); + assert((void *)acl2 != NULL); + fd = open("d/f1", O_WRONLY | O_CREAT | O_EXCL, 0777); + failure("Could not create test file?!"); + if (!assert(fd >= 0)) { + acl_free(acl2); + return; + } + n = acl_set_fd(fd, acl2); + acl_free(acl2); + if (n != 0 && errno == EOPNOTSUPP) { + close(fd); + skipping("ACL tests require that ACL support be enabled on the filesystem"); + return; + } + if (n != 0 && errno == EINVAL) { + close(fd); + skipping("This filesystem does not support POSIX.1e ACLs"); + return; + } + failure("acl_set_fd(): errno = %d (%s)", + errno, strerror(errno)); + assertEqualInt(0, n); + close(fd); + + /* Create a read-from-disk object. */ + assert(NULL != (a = archive_read_disk_new())); + assertEqualIntA(a, ARCHIVE_OK, archive_read_disk_open(a, ".")); + assert(NULL != (ae = archive_entry_new())); + + /* Walk the dir until we see both of the files */ + while (ARCHIVE_OK == archive_read_next_header2(a, ae)) { + archive_read_disk_descend(a); + if (strcmp(archive_entry_pathname(ae), "./f1") == 0) { + assertEqualString(archive_entry_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS), acl1_text); + + } else if (strcmp(archive_entry_pathname(ae), "./d/f1") == 0) { + assertEqualString(archive_entry_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS), acl2_text); + } + } + + archive_free(a); +#endif +} diff --git a/lib/atf/libatf-c++/Makefile b/lib/atf/libatf-c++/Makefile index ea8434d..caffdca 100644 --- a/lib/atf/libatf-c++/Makefile +++ b/lib/atf/libatf-c++/Makefile @@ -35,15 +35,15 @@ SHLIB_MAJOR= 2 DPADD= ${LIBATF_C} LDADD= -latf-c -LDFLAGS+= -L${.OBJDIR}/../libatf-c +LDFLAGS+= -L${.OBJDIR:H}/libatf-c -ATF= ${.CURDIR:H:H:H}/contrib/atf +ATF= ${SRCTOP}/contrib/atf .PATH: ${ATF} .PATH: ${ATF}/atf-c++ .PATH: ${ATF}/atf-c++/detail CFLAGS+= -I${ATF} -CFLAGS+= -I${.CURDIR}/../libatf-c +CFLAGS+= -I${.CURDIR:H}/libatf-c CFLAGS+= -I. CFLAGS+= -DHAVE_CONFIG_H diff --git a/lib/atf/libatf-c/Makefile b/lib/atf/libatf-c/Makefile index 858bbf7..6a0e88b 100644 --- a/lib/atf/libatf-c/Makefile +++ b/lib/atf/libatf-c/Makefile @@ -27,25 +27,37 @@ .include <bsd.init.mk> -_CFLAGS:= ${CFLAGS} -_CPPFLAGS:= ${CPPFLAGS} -_CXXFLAGS:= ${CXXFLAGS} +# Store the toolchain executable in ATF_BUILD_{CC,CPP,CXX} to ensure other +# values -- like -target, -B ..., etc -- don't get leaked into the tests. +# +# Be sure to omit ${CCACHE_BIN} (if specified) from the variable as it gets +# automatically appended to the variables in bsd.compiler.mk when +# ${MK_CCACHE_BUILD} != no. +ATF_BUILD_CC:= ${CC:N${CCACHE_BIN}:[1]} +ATF_BUILD_CPP:= ${CPP:N${CCACHE_BIN}:[1]} +ATF_BUILD_CXX:= ${CXX:N${CCACHE_BIN}:[1]} + +# Only capture defines, includes, linker flags, optimization levels, warnings +# and preprocessor flags when building ATF_BUILD_{C,CPP,CXX}FLAGS. +ATF_BUILD_CFLAGS:= ${CFLAGS:M-[DILOWf]*} +ATF_BUILD_CPPFLAGS:= ${CPPFLAGS:M-[DILOWf]*} +ATF_BUILD_CXXFLAGS:= ${CXXFLAGS:M-[DILOWf]*} LIB= atf-c PRIVATELIB= true SHLIB_MAJOR= 1 -ATF= ${.CURDIR:H:H:H}/contrib/atf +ATF= ${SRCTOP}/contrib/atf .PATH: ${ATF} .PATH: ${ATF}/atf-c .PATH: ${ATF}/atf-c/detail -CFLAGS+= -DATF_BUILD_CC='"${CC}"' -CFLAGS+= -DATF_BUILD_CFLAGS='"${_CFLAGS}"' -CFLAGS+= -DATF_BUILD_CPP='"${CPP}"' -CFLAGS+= -DATF_BUILD_CPPFLAGS='"${_CPPFLAGS}"' -CFLAGS+= -DATF_BUILD_CXX='"${CXX}"' -CFLAGS+= -DATF_BUILD_CXXFLAGS='"${_CXXFLAGS}"' +CFLAGS+= -DATF_BUILD_CC='"${ATF_BUILD_CC}"' +CFLAGS+= -DATF_BUILD_CFLAGS='"${ATF_BUILD_CFLAGS}"' +CFLAGS+= -DATF_BUILD_CPP='"${ATF_BUILD_CPP}"' +CFLAGS+= -DATF_BUILD_CPPFLAGS='"${ATF_BUILD_CPPFLAGS}"' +CFLAGS+= -DATF_BUILD_CXX='"${ATF_BUILD_CXX}"' +CFLAGS+= -DATF_BUILD_CXXFLAGS='"${ATF_BUILD_CXXFLAGS}"' CFLAGS+= -I${ATF} CFLAGS+= -I${.CURDIR} CFLAGS+= -I. diff --git a/lib/libarchive/config_freebsd.h b/lib/libarchive/config_freebsd.h index 9394054..c82c8cc 100644 --- a/lib/libarchive/config_freebsd.h +++ b/lib/libarchive/config_freebsd.h @@ -28,6 +28,7 @@ /* FreeBSD 5.0 and later have ACL and extattr support. */ #if __FreeBSD__ > 4 #define HAVE_ACL_CREATE_ENTRY 1 +#define HAVE_ACL_GET_FD_NP 1 #define HAVE_ACL_GET_LINK_NP 1 #define HAVE_ACL_GET_PERM_NP 1 #define HAVE_ACL_INIT 1 @@ -43,6 +44,7 @@ #define HAVE_EXTATTR_LIST_FILE 1 #define HAVE_EXTATTR_SET_FD 1 #define HAVE_EXTATTR_SET_FILE 1 +#define HAVE_STRUCT_XVFSCONF 1 #define HAVE_SYS_ACL_H 1 #define HAVE_SYS_EXTATTR_H 1 #endif diff --git a/share/man/man4/ddb.4 b/share/man/man4/ddb.4 index 7a7759c..e810028 100644 --- a/share/man/man4/ddb.4 +++ b/share/man/man4/ddb.4 @@ -611,6 +611,13 @@ See the header file for more details on the exact meaning of the structure fields. .\" .Pp +.It Ic show Cm callout Ar addr +Show information about the callout structure +.Vt struct callout +present at +.Ar addr . +.\" +.Pp .It Ic show Cm cbstat Show brief information about the TTY subsystem. .\" @@ -839,6 +846,10 @@ option is specified the complete object is printed. .\" .Pp +.It Ic show Cm panic +Print the panic message if set. +.\" +.Pp .It Ic show Cm page Show statistics on VM pages. .\" diff --git a/sys/cddl/compat/opensolaris/sys/random.h b/sys/cddl/compat/opensolaris/sys/random.h index 0cdea34..e0ecd9c 100644 --- a/sys/cddl/compat/opensolaris/sys/random.h +++ b/sys/cddl/compat/opensolaris/sys/random.h @@ -32,6 +32,6 @@ #include_next <sys/random.h> #define random_get_bytes(p, s) read_random((p), (int)(s)) -#define random_get_pseudo_bytes(p, s) read_random((p), (int)(s)) +#define random_get_pseudo_bytes(p, s) arc4rand((p), (int)(s), 0) #endif /* !_OPENSOLARIS_SYS_RANDOM_H_ */ diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_prop.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_prop.c index 8586cb6..25a7d96 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_prop.c +++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_prop.c @@ -54,6 +54,8 @@ dodefault(zfs_prop_t prop, int intsz, int numints, void *buf) return (SET_ERROR(ENOENT)); if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) { + if (zfs_prop_default_string(prop) == NULL) + return (SET_ERROR(ENOENT)); if (intsz != 1) return (SET_ERROR(EOVERFLOW)); (void) strncpy(buf, zfs_prop_default_string(prop), diff --git a/sys/dev/ahci/ahci.c b/sys/dev/ahci/ahci.c index 1295de7..5fabdaf 100644 --- a/sys/dev/ahci/ahci.c +++ b/sys/dev/ahci/ahci.c @@ -668,6 +668,21 @@ ahci_ch_attach(device_t dev) if (!(ch->r_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, RF_ACTIVE))) return (ENXIO); + ch->chcaps = ATA_INL(ch->r_mem, AHCI_P_CMD); + version = ATA_INL(ctlr->r_mem, AHCI_VS); + if (version < 0x00010200 && (ctlr->caps & AHCI_CAP_FBSS)) + ch->chcaps |= AHCI_P_CMD_FBSCP; + if (ch->caps2 & AHCI_CAP2_SDS) + ch->chscaps = ATA_INL(ch->r_mem, AHCI_P_DEVSLP); + if (bootverbose) { + device_printf(dev, "Caps:%s%s%s%s%s%s\n", + (ch->chcaps & AHCI_P_CMD_HPCP) ? " HPCP":"", + (ch->chcaps & AHCI_P_CMD_MPSP) ? " MPSP":"", + (ch->chcaps & AHCI_P_CMD_CPD) ? " CPD":"", + (ch->chcaps & AHCI_P_CMD_ESP) ? " ESP":"", + (ch->chcaps & AHCI_P_CMD_FBSCP) ? " FBSCP":"", + (ch->chscaps & AHCI_P_DEVSLP_DSP) ? " DSP":""); + } ahci_dmainit(dev); ahci_slotsalloc(dev); mtx_lock(&ch->mtx); @@ -686,21 +701,6 @@ ahci_ch_attach(device_t dev) error = ENXIO; goto err1; } - ch->chcaps = ATA_INL(ch->r_mem, AHCI_P_CMD); - version = ATA_INL(ctlr->r_mem, AHCI_VS); - if (version < 0x00010200 && (ctlr->caps & AHCI_CAP_FBSS)) - ch->chcaps |= AHCI_P_CMD_FBSCP; - if (ch->caps2 & AHCI_CAP2_SDS) - ch->chscaps = ATA_INL(ch->r_mem, AHCI_P_DEVSLP); - if (bootverbose) { - device_printf(dev, "Caps:%s%s%s%s%s%s\n", - (ch->chcaps & AHCI_P_CMD_HPCP) ? " HPCP":"", - (ch->chcaps & AHCI_P_CMD_MPSP) ? " MPSP":"", - (ch->chcaps & AHCI_P_CMD_CPD) ? " CPD":"", - (ch->chcaps & AHCI_P_CMD_ESP) ? " ESP":"", - (ch->chcaps & AHCI_P_CMD_FBSCP) ? " FBSCP":"", - (ch->chscaps & AHCI_P_DEVSLP_DSP) ? " DSP":""); - } /* Create the device queue for our SIM. */ devq = cam_simq_alloc(ch->numslots); if (devq == NULL) { diff --git a/sys/dev/usb/input/ums.c b/sys/dev/usb/input/ums.c index cc52b99..4b122f2 100644 --- a/sys/dev/usb/input/ums.c +++ b/sys/dev/usb/input/ums.c @@ -288,9 +288,9 @@ ums_intr_callback(struct usb_xfer *xfer, usb_error_t error) /* translate T-axis into button presses until further */ if (dt > 0) - buttons |= 1UL << 3; + buttons |= 1UL << 5; else if (dt < 0) - buttons |= 1UL << 4; + buttons |= 1UL << 6; sc->sc_status.button = buttons; sc->sc_status.dx += dx; diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c index 8139c8c..d590555 100644 --- a/sys/kern/kern_shutdown.c +++ b/sys/kern/kern_shutdown.c @@ -1031,3 +1031,14 @@ mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); kdh->parity = kerneldump_parity(kdh); } + +#ifdef DDB +DB_SHOW_COMMAND(panic, db_show_panic) +{ + + if (panicstr == NULL) + db_printf("panicstr not set\n"); + else + db_printf("panic: %s\n", panicstr); +} +#endif diff --git a/sys/kern/kern_timeout.c b/sys/kern/kern_timeout.c index 7e5aab7..f3c4e78 100644 --- a/sys/kern/kern_timeout.c +++ b/sys/kern/kern_timeout.c @@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$"); #include "opt_callout_profiling.h" #include "opt_kdtrace.h" +#include "opt_ddb.h" #if defined(__arm__) #include "opt_timer.h" #endif @@ -60,6 +61,11 @@ __FBSDID("$FreeBSD$"); #include <sys/sysctl.h> #include <sys/smp.h> +#ifdef DDB +#include <ddb/ddb.h> +#include <machine/_inttypes.h> +#endif + #ifdef SMP #include <machine/cpu.h> #endif @@ -1576,3 +1582,34 @@ SYSCTL_PROC(_kern, OID_AUTO, callout_stat, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 0, sysctl_kern_callout_stat, "I", "Dump immediate statistic snapshot of the scheduled callouts"); + +#ifdef DDB +static void +_show_callout(struct callout *c) +{ + + db_printf("callout %p\n", c); +#define C_DB_PRINTF(f, e) db_printf(" %s = " f "\n", #e, c->e); + db_printf(" &c_links = %p\n", &(c->c_links)); + C_DB_PRINTF("%" PRId64, c_time); + C_DB_PRINTF("%" PRId64, c_precision); + C_DB_PRINTF("%p", c_arg); + C_DB_PRINTF("%p", c_func); + C_DB_PRINTF("%p", c_lock); + C_DB_PRINTF("%#x", c_flags); + C_DB_PRINTF("%#x", c_iflags); + C_DB_PRINTF("%d", c_cpu); +#undef C_DB_PRINTF +} + +DB_SHOW_COMMAND(callout, db_show_callout) +{ + + if (!have_addr) { + db_printf("usage: show callout <struct callout *>\n"); + return; + } + + _show_callout((struct callout *)addr); +} +#endif /* DDB */ diff --git a/sys/vm/swap_pager.c b/sys/vm/swap_pager.c index 1bf2ad6..5a62114 100644 --- a/sys/vm/swap_pager.c +++ b/sys/vm/swap_pager.c @@ -1764,36 +1764,49 @@ static void swap_pager_swapoff(struct swdevt *sp) { struct swblock *swap; + vm_object_t locked_obj, object; + vm_pindex_t pindex; int i, j, retries; GIANT_REQUIRED; retries = 0; + locked_obj = NULL; full_rescan: mtx_lock(&swhash_mtx); for (i = 0; i <= swhash_mask; i++) { /* '<=' is correct here */ restart: for (swap = swhash[i]; swap != NULL; swap = swap->swb_hnext) { - vm_object_t object = swap->swb_object; - vm_pindex_t pindex = swap->swb_index; + object = swap->swb_object; + pindex = swap->swb_index; for (j = 0; j < SWAP_META_PAGES; ++j) { - if (swp_pager_isondev(swap->swb_pages[j], sp)) { - /* avoid deadlock */ + if (!swp_pager_isondev(swap->swb_pages[j], sp)) + continue; + if (locked_obj != object) { + if (locked_obj != NULL) + VM_OBJECT_WUNLOCK(locked_obj); + locked_obj = object; if (!VM_OBJECT_TRYWLOCK(object)) { - break; - } else { mtx_unlock(&swhash_mtx); - swp_pager_force_pagein(object, - pindex + j); - VM_OBJECT_WUNLOCK(object); + /* Depends on type-stability. */ + VM_OBJECT_WLOCK(object); mtx_lock(&swhash_mtx); goto restart; } } + MPASS(locked_obj == object); + mtx_unlock(&swhash_mtx); + swp_pager_force_pagein(object, pindex + j); + mtx_lock(&swhash_mtx); + goto restart; } } } mtx_unlock(&swhash_mtx); + if (locked_obj != NULL) { + VM_OBJECT_WUNLOCK(locked_obj); + locked_obj = NULL; + } if (sp->sw_used) { /* * Objects may be locked or paging to the device being diff --git a/sys/x86/x86/identcpu.c b/sys/x86/x86/identcpu.c index b6c7f95..fc32c8d 100644 --- a/sys/x86/x86/identcpu.c +++ b/sys/x86/x86/identcpu.c @@ -1683,7 +1683,7 @@ print_AMD_info(void) * As long as that bug pops up very rarely (intensive machine usage * on other operating systems generally generates one unexplainable * crash any 2 months) and as long as a model specific fix would be - * impratical at this stage, print out a warning string if the broken + * impractical at this stage, print out a warning string if the broken * model and family are identified. */ if (CPUID_TO_FAMILY(cpu_id) == 0xf && CPUID_TO_MODEL(cpu_id) >= 0x20 && diff --git a/tests/sys/acl/04.sh b/tests/sys/acl/04.sh index ff1d3cb..917f5ac 100644 --- a/tests/sys/acl/04.sh +++ b/tests/sys/acl/04.sh @@ -50,6 +50,7 @@ MNT=`mktemp -dt acltools` zpool create -m $MNT acltools /dev/$MD if [ $? -ne 0 ]; then echo "not ok 1 - 'zpool create' failed." + echo 'Bail out!' exit 1 fi diff --git a/tests/sys/mac/bsdextended/matches_test.sh b/tests/sys/mac/bsdextended/matches_test.sh index 5aff413..11cac81 100644 --- a/tests/sys/mac/bsdextended/matches_test.sh +++ b/tests/sys/mac/bsdextended/matches_test.sh @@ -144,30 +144,36 @@ else fail $desc fi -# -# Subject Match on jail -# -rm -f $playground/test-jail - -desc="subject matching jailid" -jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"` -ugidfw set 1 subject jailid $jailid object mode rasx -sleep 10 - -if [ -f $playground/test-jail ]; then - fail "TODO $desc: this testcase fails (see bug # 205481)" -else - pass $desc -fi - -rm -f $playground/test-jail -desc="subject nonmatching jailid" -jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"` -sleep 10 -if [ -f $playground/test-jail ]; then - pass $desc +if which jail >/dev/null; then + # + # Subject Match on jail + # + rm -f $playground/test-jail + + desc="subject matching jailid" + jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"` + ugidfw set 1 subject jailid $jailid object mode rasx + sleep 10 + + if [ -f $playground/test-jail ]; then + fail "TODO $desc: this testcase fails (see bug # 205481)" + else + pass $desc + fi + + rm -f $playground/test-jail + desc="subject nonmatching jailid" + jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"` + sleep 10 + if [ -f $playground/test-jail ]; then + pass $desc + else + fail $desc + fi else - fail $desc + # XXX: kyua is too dumb to parse skip ranges, still.. + pass "skip jail(8) not installed" + pass "skip jail(8) not installed" fi # diff --git a/usr.sbin/pw/pw.h b/usr.sbin/pw/pw.h index b389f12..05a51c2 100644 --- a/usr.sbin/pw/pw.h +++ b/usr.sbin/pw/pw.h @@ -93,6 +93,7 @@ int groupadd(struct userconf *, char *name, gid_t id, char *members, int fd, int nis_update(void); int boolean_val(char const * str, int dflt); +int passwd_val(char const * str, int dflt); char const *boolean_str(int val); char *newstr(char const * p); diff --git a/usr.sbin/pw/pw_conf.c b/usr.sbin/pw/pw_conf.c index d30c80e..a3bd0bd 100644 --- a/usr.sbin/pw/pw_conf.c +++ b/usr.sbin/pw/pw_conf.c @@ -186,6 +186,22 @@ boolean_val(char const * str, int dflt) for (i = 0; boolfalse[i]; i++) if (strcmp(str, boolfalse[i]) == 0) return 0; + } + return dflt; +} + +int +passwd_val(char const * str, int dflt) +{ + if ((str = unquote(str)) != NULL) { + int i; + + for (i = 0; booltrue[i]; i++) + if (strcmp(str, booltrue[i]) == 0) + return 1; + for (i = 0; boolfalse[i]; i++) + if (strcmp(str, boolfalse[i]) == 0) + return 0; /* * Special cases for defaultpassword @@ -194,6 +210,8 @@ boolean_val(char const * str, int dflt) return -1; if (strcmp(str, "none") == 0) return -2; + + errx(1, "Invalid value for default password"); } return dflt; } @@ -258,7 +276,7 @@ read_userconfig(char const * file) #endif switch (i) { case _UC_DEFAULTPWD: - config.default_password = boolean_val(q, 1); + config.default_password = passwd_val(q, 1); break; case _UC_REUSEUID: config.reuse_uids = boolean_val(q, 0); diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c index 2f87b56..6e6b3cd 100644 --- a/usr.sbin/pw/pw_user.c +++ b/usr.sbin/pw/pw_user.c @@ -1317,7 +1317,7 @@ pw_user_add(int argc, char **argv, char *arg1) mix_config(cmdcnf, cnf); if (default_passwd) - cmdcnf->default_password = boolean_val(default_passwd, + cmdcnf->default_password = passwd_val(default_passwd, cnf->default_password); if (genconf) { if (name != NULL) @@ -1719,7 +1719,7 @@ pw_user_mod(int argc, char **argv, char *arg1) if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); - cnf->default_password = boolean_val(passwd, + cnf->default_password = passwd_val(passwd, cnf->default_password); pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun); edited = true; diff --git a/usr.sbin/pw/tests/Makefile b/usr.sbin/pw/tests/Makefile index a1605aa..07a8069 100644 --- a/usr.sbin/pw/tests/Makefile +++ b/usr.sbin/pw/tests/Makefile @@ -2,6 +2,11 @@ TESTSDIR= ${TESTSBASE}/usr.sbin/pw +BINDIR= ${TESTSDIR} + +PROGS+= crypt +LDADD+= -lcrypt + ATF_TESTS_SH= pw_etcdir \ pw_lock \ pw_config \ diff --git a/usr.sbin/pw/tests/crypt.c b/usr.sbin/pw/tests/crypt.c new file mode 100644 index 0000000..586fccd --- /dev/null +++ b/usr.sbin/pw/tests/crypt.c @@ -0,0 +1,45 @@ +/*- + * Copyright (c) 2016 Spectra Logic Corporation + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <err.h> +#include <stdio.h> +#include <unistd.h> + +int main(int argc, char** argv) +{ + char *salt, *pass, *hash; + + if (argc < 3) + errx(1, "Usage: crypt <salt> <password>"); + salt = argv[1]; + pass = argv[2]; + + hash = crypt(pass, salt); + printf("%s", hash); + return (hash == NULL ? 1 : 0); +} diff --git a/usr.sbin/pw/tests/pw_useradd.sh b/usr.sbin/pw/tests/pw_useradd.sh index cb62944..b1ff8d4 100755 --- a/usr.sbin/pw/tests/pw_useradd.sh +++ b/usr.sbin/pw/tests/pw_useradd.sh @@ -235,9 +235,12 @@ atf_test_case user_add_password_from_h user_add_password_from_h_body() { populate_etc_skel - atf_check -s exit:0 ${PW} useradd test -h 0 <<-EOF - $(echo test) + atf_check -s exit:0 ${PW} useradd foo -h 0 <<-EOF + $(echo mypassword) EOF + passhash=`awk -F ':' '/^foo:/ {print $2}' $HOME/master.passwd` + atf_check -s exit:0 -o inline:$passhash \ + $(atf_get_srcdir)/crypt $passhash "mypassword" } atf_test_case user_add_R @@ -325,17 +328,47 @@ user_add_already_exists_body() { ${PW} useradd foo } +atf_test_case user_add_w_error +user_add_w_error_body() { + populate_etc_skel + + atf_check -s exit:1 -e match:"pw: Invalid value for default password" \ + ${PW} useradd foo -w invalid_value +} + +atf_test_case user_add_w_no +user_add_w_no_body() { + populate_etc_skel + + atf_check -s exit:0 ${PW} useradd foo -w no + atf_check -s exit:0 -o match:"^foo:\*" grep "^foo:" $HOME/master.passwd +} + +atf_test_case user_add_w_none +user_add_w_none_body() { + populate_etc_skel + + atf_check -s exit:0 ${PW} useradd foo -w none + atf_check -s exit:0 -o match:"^foo::" grep "^foo:" $HOME/master.passwd +} + +atf_test_case user_add_w_random +user_add_w_random_body() { + populate_etc_skel + + password=`${PW} useradd foo -w random | cat` + passhash=`awk -F ':' '/^foo:/ {print $2}' $HOME/master.passwd` + atf_check -s exit:0 -o inline:$passhash \ + $(atf_get_srcdir)/crypt $passhash "$password" +} + atf_test_case user_add_w_yes user_add_w_yes_body() { populate_etc_skel - atf_check -s exit:0 ${PW} useradd foo -w yes - atf_check -s exit:0 \ - -o match:'^foo:\$.*' \ - grep "^foo" ${HOME}/master.passwd - atf_check -s exit:0 ${PW} usermod foo -w yes - atf_check -s exit:0 \ - -o match:'^foo:\$.*' \ - grep "^foo" ${HOME}/master.passwd + password=`${PW} useradd foo -w random | cat` + passhash=`awk -F ':' '/^foo:/ {print $2}' $HOME/master.passwd` + atf_check -s exit:0 -o inline:$passhash \ + $(atf_get_srcdir)/crypt $passhash "$password" } atf_test_case user_add_with_pw_conf @@ -380,6 +413,10 @@ atf_init_test_cases() { atf_add_test_case user_add_uid_too_large atf_add_test_case user_add_bad_shell atf_add_test_case user_add_already_exists + atf_add_test_case user_add_w_error + atf_add_test_case user_add_w_no + atf_add_test_case user_add_w_none + atf_add_test_case user_add_w_random atf_add_test_case user_add_w_yes atf_add_test_case user_add_with_pw_conf } diff --git a/usr.sbin/pw/tests/pw_usermod.sh b/usr.sbin/pw/tests/pw_usermod.sh index 236fd27..df056e0 100755 --- a/usr.sbin/pw/tests/pw_usermod.sh +++ b/usr.sbin/pw/tests/pw_usermod.sh @@ -157,8 +157,9 @@ user_mod_h_body() { atf_check -s exit:0 ${PW} usermod foo -h 0 <<- EOF $(echo a) EOF - atf_check -s exit:0 -o not-match:"^foo:\*:.*" \ - grep "^foo" ${HOME}/master.passwd + passhash=`awk -F ':' '/^foo:/ {print $2}' $HOME/master.passwd` + atf_check -s exit:0 -o inline:$passhash \ + $(atf_get_srcdir)/crypt $passhash "a" atf_check -s exit:0 ${PW} usermod foo -h - <<- EOF $(echo b) EOF @@ -203,6 +204,56 @@ user_mod_uid_body() { atf_check -s exit:0 ${PW} usermod foo -u 5000 } +atf_test_case user_mod_w_error +user_mod_w_error_body() { + populate_etc_skel + + atf_check -s exit:0 ${PW} useradd foo + atf_check -s exit:1 -e match:"pw: Invalid value for default password" \ + ${PW} usermod foo -w invalid_value +} + +atf_test_case user_mod_w_no +user_mod_w_no_body() { + populate_etc_skel + + atf_check -s exit:0 ${PW} useradd foo + atf_check -s exit:0 ${PW} usermod foo -w no + atf_check -s exit:0 -o match:"^foo:\*" grep "^foo:" $HOME/master.passwd +} + +atf_test_case user_mod_w_none +user_mod_w_none_body() { + populate_etc_skel + + atf_check -s exit:0 ${PW} useradd foo + atf_check -s exit:0 ${PW} usermod foo -w none + atf_check -s exit:0 -o match:"^foo::" grep "^foo:" $HOME/master.passwd +} + +atf_test_case user_mod_w_random +user_mod_w_random_body() { + populate_etc_skel + + atf_check -s exit:0 ${PW} useradd foo + password=`${PW} usermod foo -w random | cat` + passhash=`awk -F ':' '/^foo:/ {print $2}' $HOME/master.passwd` + atf_check -s exit:0 -o inline:$passhash \ + $(atf_get_srcdir)/crypt $passhash "$password" +} + +atf_test_case user_mod_w_yes +user_mod_w_yes_body() { + populate_etc_skel + + atf_check -s exit:0 ${PW} useradd foo + atf_check -s exit:0 ${PW} usermod foo -w yes + passhash=`awk -F ':' '/^foo:/ {print $2}' $HOME/master.passwd` + atf_check -s exit:0 -o inline:$passhash \ + $(atf_get_srcdir)/crypt $passhash "foo" +} + + atf_init_test_cases() { atf_add_test_case user_mod atf_add_test_case user_mod_noupdate @@ -219,4 +270,9 @@ atf_init_test_cases() { atf_add_test_case user_mod_H atf_add_test_case user_mod_renamehome atf_add_test_case user_mod_uid + atf_add_test_case user_mod_w_error + atf_add_test_case user_mod_w_no + atf_add_test_case user_mod_w_none + atf_add_test_case user_mod_w_random + atf_add_test_case user_mod_w_yes } |
