summaryrefslogtreecommitdiffstats
path: root/lib/libutil
Commit message (Collapse)AuthorAgeFilesLines
* MFC 287442,287537,288944:jhb2016-02-102-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix corruption of coredumps due to procstat notes changing size during coredump generation. The changes in r287442 required some reworking since the 'fo_fill_kinfo' file op does not exist in stable/10. 287442: Detect badly behaved coredump note helpers Coredump notes depend on being able to invoke dump routines twice; once in a dry-run mode to get the size of the note, and another to actually emit the note to the corefile. When a note helper emits a different length section the second time around than the length it requested the first time, the kernel produces a corrupt coredump. NT_PROCSTAT_FILES output length, when packing kinfo structs, is tied to the length of filenames corresponding to vnodes in the process' fd table via vn_fullpath. As vnodes may move around during dump, this is racy. So: - Detect badly behaved notes in putnote() and pad underfilled notes. - Add a fail point, debug.fail_point.fill_kinfo_vnode__random_path to exercise the NT_PROCSTAT_FILES corruption. It simply picks random lengths to expand or truncate paths to in fo_fill_kinfo_vnode(). - Add a sysctl, kern.coredump_pack_fileinfo, to allow users to disable kinfo packing for PROCSTAT_FILES notes. This should avoid both FILES note corruption and truncation, even if filenames change, at the cost of about 1 kiB in padding bloat per open fd. Document the new sysctl in core.5. - Fix note_procstat_files to self-limit in the 2nd pass. Since sometimes this will result in a short write, pad up to our advertised size. This addresses note corruption, at the risk of sometimes truncating the last several fd info entries. - Fix NT_PROCSTAT_FILES consumers libutil and libprocstat to grok the zero padding. 287537: Follow-up to r287442: Move sysctl to compiled-once file Avoid duplicate sysctl nodes. 288944: Fix core corruption caused by race in note_procstat_vmmap This fix is spiritually similar to r287442 and was discovered thanks to the KASSERT added in that revision. NT_PROCSTAT_VMMAP output length, when packing kinfo structs, is tied to the length of filenames corresponding to vnodes in the process' vm map via vn_fullpath. As vnodes may move during coredump, this is racy. We do not remove the race, only prevent it from causing coredump corruption. - Add a sysctl, kern.coredump_pack_vmmapinfo, to allow users to disable kinfo packing for PROCSTAT_VMMAP notes. This avoids VMMAP corruption and truncation, even if names change, at the cost of up to PATH_MAX bytes per mapped object. The new sysctl is documented in core.5. - Fix note_procstat_vmmap to self-limit in the second pass. This addresses corruption, at the cost of sometimes producing a truncated result. - Fix PROCSTAT_VMMAP consumers libutil (and libprocstat, via copy-paste) to grok the new zero padding. Approved by: re (gjb)
* MFC r290440:smh2015-11-131-2/+2
| | | | | | Correct posix_openpt reference in pty(3) Sponsored by: Multiplay
* MFC 283624,283630:jhb2015-10-014-2/+174
| | | | | | Export a list of VM objects in the system via a sysctl. The list can be examined via 'vmstat -o'. It can be used to determine which files are using physical pages of memory and how much each is using.
* MFC 283622:jhb2015-09-034-4/+8
| | | | | Add <sys/user.h> to the SYNOPSIS of the kinfo_get*() functions since these functions all return types that are defined in that header.
* MFC r285050, r285053, r285059:garga2015-07-063-5/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When passwd or group information is changed (by pw, vipw, chpass, ...) temporary file is created and then a rename() call move it to official file. This operation didn't have any check to make sure data was written to disk and if a power cycle happens system could end up with a 0 length passwd or group database. There is a pfSense bug with more information about it: https://redmine.pfsense.org/issues/4523 The following changes were made to protect passwd and group operations: * lib/libutil/gr_util.c: - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file - After rename(), fsync() call on directory for faster result * lib/libutil/pw_util.c - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file * usr.sbin/pwd_mkdb/pwd_mkdb.c - Added O_SYNC flag on dbopen() calls - After rename(), fsync() call on directory for faster result * lib/libutil/pw_util.3 - pw_lock() returns a file descriptor to master password file on success Differential Revision: https://reviews.freebsd.org/D2978 Approved by: re (kib), bapt (implicit agreed) Sponsored by: Netgate
* MFC, r284192:ken2015-06-161-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------------------------------ r284192 | ken | 2015-06-09 15:39:38 -0600 (Tue, 09 Jun 2015) | 102 lines Add support for reading MAM attributes to camcontrol(8) and libcam(3). MAM is Medium Auxiliary Memory and is most commonly found as flash chips on tapes. This includes support for reading attributes and decoding most known attributes, but does not yet include support for writing attributes or reporting attributes in XML format. libsbuf/Makefile: Add subr_prf.c for the new sbuf_hexdump() function. This function is essentially the same function. libsbuf/Symbol.map: Add a new shared library minor version, and include the sbuf_hexdump() function. libsbuf/Version.def: Add version 1.4 of the libsbuf library. libutil/hexdump.3: Document sbuf_hexdump() alongside hexdump(3), since it is essentially the same function. camcontrol/Makefile: Add attrib.c. camcontrol/attrib.c: Implementation of READ ATTRIBUTE support for camcontrol(8). camcontrol/camcontrol.8: Document the new 'camcontrol attrib' subcommand. camcontrol/camcontrol.c: Add the new 'camcontrol attrib' subcommand. camcontrol/camcontrol.h: Add a function prototype for scsiattrib(). share/man/man9/sbuf.9: Document the existence of sbuf_hexdump() and point users to the hexdump(3) man page for more details. sys/cam/scsi/scsi_all.c: Add a table of known attributes, text descriptions and handler functions. Add a new scsi_attrib_sbuf() function along with a number of other related functions that help decode attributes. scsi_attrib_ascii_sbuf() decodes ASCII format attributes. scsi_attrib_int_sbuf() decodes binary format attributes, and will pass them off to scsi_attrib_hexdump_sbuf() if they're bigger than 8 bytes. scsi_attrib_vendser_sbuf() decodes the vendor and drive serial number attribute. scsi_attrib_volcoh_sbuf() decodes the Volume Coherency Information attribute that LTFS writes out. sys/cam/scsi/scsi_all.h: Add a number of attribute-related structure definitions and other defines. Add function prototypes for all of the functions added in scsi_all.c. sys/kern/subr_prf.c: Add a new function, sbuf_hexdump(). This is the same as the existing hexdump(9) function, except that it puts the result in an sbuf. This also changes subr_prf.c so that it can be compiled in userland for includsion in libsbuf. We should work to change this so that the kernel hexdump implementation is a wrapper around sbuf_hexdump() with a statically allocated sbuf with a drain. That will require a drain function that goes to the kernel printf() buffer that can take a non-NUL terminated string as input. That is because an sbuf isn't NUL-terminated until it is finished, and we don't want to finish it while we're still using it. We should also work to consolidate the userland hexdump and kernel hexdump implemenatations, which are currently separate. This would also mean making applications that currently link in libutil link in libsbuf. sys/sys/sbuf.h: Add the prototype for sbuf_hexdump(), and add another copy of the hexdump flag values if they aren't already defined. Ideally the flags should be defined in one place but the implemenation makes it difficult to do properly. (See above.) Sponsored by: Spectra Logic Corporation ------------------------------------------------------------------------
* MFC: 272445,272578,273772,273779,273782,273786,273787,273791bapt2014-11-041-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a test for bug 191427 where pw(8) will go into an infinite loop Add some tests for modifying groups When a group is renamed then the group has been invalidated for sure. In that case get the group information using the new name. Fix a regression in pw usermod -G list The user was perperly adding the to different groups from "list" but was not removed from the other groups it could have belong to. Do not delete the group wheel when bad argument is passed to pw groupdel -g Check that the -g argument is actually a number, if not report an error. This argument is converted without checking with atoi(3) later so without this check it converts any alpha entries into 0 meaning it deletes the group wheel Ensure pw userdel -u <invalid> do not try to remove root Check the uid passed is actually a number as early as possible Fix renaming a group via the gr_copy function Add a regression test to pw(8) because the bug was discovered via using: pw groupmod PR: 193704 [1], 185666 [2], 90114 [3], 187189 [4] Submitted by: Marc de la Gueronniere [4] Reported by: az [1], sub.mesa@gmail.com [2], bkoenig@cs.tu-berlin.de [3], mcdouga9@egr.msu.edu [4]
* MFC r273837:dim2014-11-011-5/+5
| | | | | | | | | Fix a clang 3.5 warning about abs(3) being given an argument of type quad_t in setusercontext(). While here, sanitize the clamping of the priority value, and use the correct type for the return value of login_getcapnum(). Reviewed by: kib
* MFC r270180:ngie2014-08-278-0/+1406
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r269906: Add missing BSD.tests.dist entry for lib/libutil to unbreak installworld with MK_TESTS == no Phabric: D555 Approved by: jmmv (mentor, implicit) Pointyhat to: ngie r269904: Integrate lib/libutil into the build/kyua Remove the .t wrappers Rename all of the TAP test applications from test-<test> to <test>_test to match the convention described in the TestSuite wiki page humanize_number_test.c: - Fix -Wformat warnings with counter variables - Fix minor style(9) issues: -- Header sorting -- Variable declaration alignment/sorting in main(..) -- Fit the lines in <80 columns - Fix an off by one index error in the testcase output [*] - Remove unnecessary `extern char * optarg;` (this is already provided by unistd.h) Phabric: D555 Approved by: jmmv (mentor) Obtained from: EMC / Isilon Storage Division [*] Submitted by: Casey Peel <cpeel@isilon.com> [*] Sponsored by: EMC / Isilon Storage Division
* MFC r269015:pfg2014-08-161-5/+11
| | | | | | | | | | | | | | | | | fparseln(3): Update from NetBSD sources. -fix a condition so that fparseln() doesn't report spurious empty lines eg after 2 comment lines, or on EOF after a single comment line -no escape character means no escaped characters modify the previous fix so that no pointless realloc()s are done in the case of multiple empty continuation lines, and comment the code to make the logics obvious. fparseln is now part of libc in NetBSD so this changes the previous revision numbering. Obtained from: NetBSD (CVS Rev. 1.6-1.7)
* MFC r265276:markj2014-07-291-1/+1
| | | | Fix a typo.
* MFC r261824:eadler2014-02-161-2/+2
| | | | libutil/pw_util.3: Fix two prototypes.
* don't assert on bad args, instead return an error..jmg2013-10-072-37/+54
| | | | | | | | | | | | | | | Since so many programs don't check return value, always NUL terminate the buf... fix rounding when using base 1024 (the bug that started it all)... add a set of test cases so we can make sure that things don't break in the future... Thanks to Clifton Royston for testing and the test program... Approved by: re (hrs, glebius) MFC after: 1 week
* The round of expand_number() cleanups.pluknet2013-08-301-29/+10
| | | | | | | | | o Fix range error checking to detect overflow when uint64_t < uintmax_t. o Remove a non-functional check for no valid digits as pointed out by Bruce. o Remove a rather pointless comment describing what the function does. o Clean up a bunch of style bugs. Brucified by: bde
* libutil: Use O_CLOEXEC for internal file descriptors from open().jilles2013-08-285-9/+12
|
* Reset errno before strtoumax() call to properly detect ERANGE.pluknet2013-08-211-0/+7
| | | | | | | | Restore saved errno if strtoumax() call is successful. Reported by: ache Reviewed by: jilles MFC after: 1 week
* Check strtoumax(3) for ERANGE in case of non-prefixed string.pluknet2013-08-211-0/+4
| | | | | OK'd by: silence on current@ MFC after: 1 week
* Fix -Wunsequenced warningkientzle2013-06-291-1/+1
| | | | Submitted by: dt71@gmx.com
* When pidptr was passed as NULL to pidfile_open(3), we were returningpjd2013-03-141-13/+18
| | | | | | | | | EAGAIN/EWOULDBLOCK when another daemon was running and had the pidfile open. We should return EEXIST in that case, fix it. Reported by: Dirk Engling <erdgeist@erdgeist.org> Reviewed by: jhb, Dirk Engling <erdgeist@erdgeist.org> MFC after: 1 week
* commit correct tested fix for gr_util.cdb2013-03-091-46/+58
| | | | Approved by: theraven
* Cleanup gr_add() so it does not leak memdb2013-03-072-53/+86
| | | | | | | | | This is part of ongoing work on sbin/pw M libutil.h M gr_util.c Approved by: theraven
* Fixed documented prototype of kinfo_getproc(3).ru2013-03-011-2/+2
|
* libutil: fix typo in comment for gr_fini.mjg2013-01-131-1/+1
| | | | Submitted by: Christoph Mallon <christoph.mallon gmx.de>
* libutil: utilize strsep instead of strcat in a loop in gr_makemjg2013-01-131-6/+10
| | | | Submitted by: Christoph Mallon <christoph.mallon gmx.de>
* libutil: move group_line_format into the scop of its only user.mjg2013-01-131-2/+1
| | | | Submitted by: Christoph Mallon <christoph.mallon gmx.de>
* libutil: eliminate 'found' variable in gr_equalmjg2013-01-131-8/+5
| | | | Submitted by: Christoph Mallon <christoph.mallon gmx.de>
* Simplify pointing dst after the end of all the gr_mem pointers in newgrbapt2012-12-281-2/+1
| | | | | Submitted by: pjd Reviewed by: db
* errno = ENOMEM was supposed to be removed not return (NULL);bapt2012-12-281-1/+1
| | | | Submitted by: gcooper
* malloc() sets errno to ENOMEM already.bapt2012-12-281-5/+1
| | | | Submitted by: Christoph Mallon <christoph.mallon@gmx.de>
* Do not leave parts of the new group uninitialized in gr_dup().bapt2012-12-281-0/+4
| | | | | Submitted by: Christoph Mallon <christoph.mallon@gmx.de> Reported by: pjd
* avoid arithmetic on uintptr_tbapt2012-12-271-1/+1
| | | | | Submitted by: pjd Reviewed by: jilles
* cast to uintptr_t to properly calculate offsetbapt2012-12-271-1/+1
| | | | | Reported by: mdf Submitted by: db
* Add O_CLOEXEC to flopenbapt2012-12-272-2/+2
| | | | Requested by: jilles
* gr_dup: simplify duplication of groupbapt2012-12-271-21/+20
| | | | Submitted by: db
* - Clean up previous gr_add use malloc instead of callocbapt2012-12-272-5/+4
| | | | | | - Fix tinderbox error Submitted by: db
* New gr_add function to provide a clean and safe method to append a new memberbapt2012-12-272-0/+42
| | | | | | into an existing group. Submitted by: db
* Use flopen(3) instead of open(2) + flock(2)bapt2012-12-272-9/+4
|
* only rename(2) after chmod(2) has succeedbapt2012-11-201-7/+3
| | | | | | report error if chmod(2) fails Reported by: jh
* change mode the group file to 0644 after a successfull rename(2)bapt2012-11-201-1/+8
|
* Fix typobapt2012-11-031-1/+1
|
* Correct attribution.des2012-10-311-3/+8
|
* Minor mdoc and language fixes.joel2012-10-301-3/+2
|
* Removed unnecessary bits in the header that shows where I stole the templatebapt2012-10-301-3/+0
|
* Document the pw_util(3) functionsbapt2012-10-302-1/+299
| | | | Reviewed by: des, gjb
* backout r242319, racy and not done in the right placebapt2012-10-292-18/+0
| | | | Reported by: Garrett Cooper <yanegomi@gmail.com>
* make pw_init and gr_init fail if the specified master password or group file isbapt2012-10-292-0/+20
| | | | | | a directory. MFC after: 1 month
* Fix IEC / SI binary prefixes (Ki, Mi, Gi, etc) production by humanize_number(3)bapt2012-09-121-1/+1
| | | | | | PR: bin/171487 Submitted by: matthew MFC after: 1 week
* Switch the default password hash from md5 to sha512.des2012-06-191-1/+1
| | | | MFC after: 1 week
* Revert user comparison back to user names as some user can share uids (root/toorbapt2012-06-191-6/+13
| | | | | | | | | | | for example) get the username information from old_pw structures to still allow renaming of a user. Reported by: Claude Buisson <clbuisson@orange.fr> Approved by: des (mentor) MFC after: 3 weeks
* Finally nuke auth.conf, nine years after it was deprecated. The onlydes2012-06-125-127/+7
| | | | | | | | | | | | | | | | | | thing it was still used for was to set the "global default" password hash. Since the stock auth.conf contained nothing but comments, the global default was actually the first algorithm in crypt(3)'s list, which happens to be DES; I take the fact that nobody noticed as proof that it was not used outside of crypt(3). The only other use in our tree was in the Kerberos support code in in tinyware's passwd(1). I removed that code in an earlier commit; it would not have compiled anyway, as it only supported Kerberos IV. The auth_getval() function is now a stub that always returns NULL, which has the same effect as a functional auth_getval() with an empty auth.conf. MFC after: 3 weeks
OpenPOWER on IntegriCloud