[src/trunk]: src retire pw_policy(3) -- it is not found useful, there are other

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src retire pw_policy(3) -- it is not found useful, there are other
From: drochner <drochner%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 18:25:34 +0000
details:   https://anonhg.NetBSD.org/src/rev/781183e4c3ae
branches:  trunk
changeset: 751196:781183e4c3ae
user:      drochner <drochner%NetBSD.org@localhost>
date:      Wed Jan 27 19:10:30 2010 +0000

description:
retire pw_policy(3) -- it is not found useful, there are other
(more common) ways to enforce a password strength policy
approved by elad

diffstat:

 distrib/sets/lists/comp/mi |    8 +-
 include/util.h             |    7 +-
 lib/libutil/Makefile       |    6 +-
 lib/libutil/pw_policy.3    |  358 ---------------------------------
 lib/libutil/pw_policy.c    |  475 ---------------------------------------------
 5 files changed, 8 insertions(+), 846 deletions(-)

diffs (truncated from 932 to 300 lines):

diff -r 39cd4832a993 -r 781183e4c3ae distrib/sets/lists/comp/mi
--- a/distrib/sets/lists/comp/mi        Wed Jan 27 18:34:02 2010 +0000
+++ b/distrib/sets/lists/comp/mi        Wed Jan 27 19:10:30 2010 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: mi,v 1.1378 2010/01/26 14:06:35 jruoho Exp $
+#      $NetBSD: mi,v 1.1379 2010/01/27 19:10:30 drochner Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -7456,7 +7456,7 @@
 ./usr/share/man/cat3/pw_init.0                 comp-c-catman           .cat
 ./usr/share/man/cat3/pw_lock.0                 comp-c-catman           .cat
 ./usr/share/man/cat3/pw_mkdb.0                 comp-c-catman           .cat
-./usr/share/man/cat3/pw_policy.0               comp-c-catman           .cat
+./usr/share/man/cat3/pw_policy.0               comp-obsolete           obsolete
 ./usr/share/man/cat3/pw_prompt.0               comp-c-catman           .cat
 ./usr/share/man/cat3/pw_scan.0                 comp-c-catman           .cat
 ./usr/share/man/cat3/pw_setprefix.0            comp-c-catman           .cat
@@ -13094,7 +13094,7 @@
 ./usr/share/man/html3/pw_init.html             comp-c-htmlman          html
 ./usr/share/man/html3/pw_lock.html             comp-c-htmlman          html
 ./usr/share/man/html3/pw_mkdb.html             comp-c-htmlman          html
-./usr/share/man/html3/pw_policy.html           comp-c-htmlman          html
+./usr/share/man/html3/pw_policy.html           comp-obsolete           obsolete
 ./usr/share/man/html3/pw_prompt.html           comp-c-htmlman          html
 ./usr/share/man/html3/pw_scan.html             comp-c-htmlman          html
 ./usr/share/man/html3/pw_setprefix.html                comp-c-htmlman          html
@@ -18732,7 +18732,7 @@
 ./usr/share/man/man3/pw_init.3                 comp-c-man              .man
 ./usr/share/man/man3/pw_lock.3                 comp-c-man              .man
 ./usr/share/man/man3/pw_mkdb.3                 comp-c-man              .man
-./usr/share/man/man3/pw_policy.3               comp-c-man              .man
+./usr/share/man/man3/pw_policy.3               comp-obsolete           obsolete
 ./usr/share/man/man3/pw_prompt.3               comp-c-man              .man
 ./usr/share/man/man3/pw_scan.3                 comp-c-man              .man
 ./usr/share/man/man3/pw_setprefix.3            comp-c-man              .man
diff -r 39cd4832a993 -r 781183e4c3ae include/util.h
--- a/include/util.h    Wed Jan 27 18:34:02 2010 +0000
+++ b/include/util.h    Wed Jan 27 19:10:30 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: util.h,v 1.53 2009/10/13 22:00:31 pooka Exp $  */
+/*     $NetBSD: util.h,v 1.54 2010/01/27 19:10:31 drochner Exp $       */
 
 /*-
  * Copyright (c) 1995
@@ -63,8 +63,6 @@
 struct winsize;
 struct sockaddr;
 
-typedef struct pw_policy *pw_policy_t; 
-
 char          *flags_to_string(unsigned long, const char *);
 pid_t          forkpty(int *, char *, struct termios *, struct winsize *);
 const char     *getbootfile(void);
@@ -110,9 +108,6 @@
 void           pw_init(void);
 int            pw_lock(int);
 int            pw_mkdb(const char *, int);
-pw_policy_t    pw_policy_load(void *, int);
-int            pw_policy_test(pw_policy_t, char *);
-void           pw_policy_free(pw_policy_t);
 void           pw_prompt(void);
 int            pw_setprefix(const char *);
 int            raise_default_signal(int);
diff -r 39cd4832a993 -r 781183e4c3ae lib/libutil/Makefile
--- a/lib/libutil/Makefile      Wed Jan 27 18:34:02 2010 +0000
+++ b/lib/libutil/Makefile      Wed Jan 27 19:10:30 2010 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.62 2009/06/20 14:28:29 christos Exp $
+#      $NetBSD: Makefile,v 1.63 2010/01/27 19:10:31 drochner Exp $
 #      @(#)Makefile    8.1 (Berkeley) 6/4/93
 
 USE_SHLIBDIR=  yes
@@ -16,7 +16,7 @@
        if_media.c \
        login.c loginx.c login_cap.c login_tty.c logout.c logoutx.c \
        logwtmp.c logwtmpx.c opendisk.c parsedate.y \
-       passwd.c pw_scan.c pw_policy.c pidfile.c pidlock.c pty.c \
+       passwd.c pw_scan.c pidfile.c pidlock.c pty.c \
        raise_default_signal.c \
        secure_path.c snprintb.c sockaddr_snprintf.c stat_flags.c \
        ttyaction.c ttymsg.c
@@ -27,7 +27,7 @@
        login.3 login_cap.3 loginx.3 \
        disklabel_dkcksum.3 disklabel_scan.3 \
        opendisk.3 openpty.3 parsedate.3 pidfile.3 pidlock.3 \
-       pw_getconf.3 pw_init.3 pw_lock.3 pw_policy.3 secure_path.3 \
+       pw_getconf.3 pw_init.3 pw_lock.3 secure_path.3 \
        raise_default_signal.3 \
        snprintb.3 sockaddr_snprintf.3 stat_flags.3 ttyaction.3 \
        ttymsg.3 util.3
diff -r 39cd4832a993 -r 781183e4c3ae lib/libutil/pw_policy.3
--- a/lib/libutil/pw_policy.3   Wed Jan 27 18:34:02 2010 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,358 +0,0 @@
-.\" $NetBSD: pw_policy.3,v 1.9 2007/01/09 14:04:44 elad Exp $
-.\"
-.\" Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote products
-.\"    derived from this software without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd March 19, 2006
-.Dt PW_POLICY 3
-.Os
-.Sh NAME
-.Nm pw_policy_load ,
-.Nm pw_policy_test
-.Nd password policy enforcement
-.Sh LIBRARY
-.Lb libutil
-.Sh SYNOPSIS
-.In util.h
-.Ft pw_policy_t
-.Fn pw_policy_load "void *key" "int how"
-.Ft int
-.Fn pw_policy_test "pw_policy_t policy" "char *pw"
-.Ft void
-.Fn pw_policy_free "pw_policy_t policy"
-.Sh DESCRIPTION
-The
-.Fn pw_policy_load ,
-.Fn pw_policy_test ,
-and
-.Fn pw_policy_free
-functions are used as an interface to the system's password policy
-as specified in
-.Pa /etc/passwd.conf .
-.Pp
-.Fn pw_policy_load
-will load a password policy and return a pointer to a
-.Ar pw_policy_t
-containing it.
-It is the caller's responsibility to free this pointer using
-.Fn pw_policy_free .
-.Pp
-Using
-.Xr pw_getconf 3
-terminology,
-.Fn pw_policy_load
-accepts a
-.Ar key
-to be used when searching
-.Pa /etc/passwd.conf
-for a password policy.
-This key contains various options describing different policies.
-Some built-in ones are described along with their syntax below.
-.Pp
-To allow calling from various program contexts
-and using various password policy retrieval schemes,
-.Ar how
-tells
-.Fn pw_policy_load
-how to treat
-.Ar key .
-.Pp
-Possible values for
-.Ar how
-are:
-.Pp
-.Bl -tag -width kungfuninja -compact
-.It Li PW_POLICY_BYSTRING
-.Ar key
-is used as a
-.Ft char * ,
-looking up the string it contains in
-.Pa /etc/passwd.conf .
-.Pp
-.It Li PW_POLICY_BYPASSWD
-.Ar key
-is used as a
-.Ft struct passwd * ,
-first looking up the username in
-.Ft pw_name ,
-and if no key can be found, it will try the login class in
-.Ft pw_class .
-.Pp
-.It Li PW_POLICY_BYGROUP
-.Ar key
-is used as a
-.Ft struct group * ,
-looking up the group name in
-.Ft gr_name .
-.El
-.Pp
-If
-.Ar key
-is
-.Dv NULL ,
-or no specified key can be found, the default key,
-.Dq pw_policy ,
-is used.
-If even the default key can't be found,
-the password is accepted as no policy is defined.
-.Pp
-.Fn pw_policy_test
-can be used to check if the password in
-.Ar pw
-is compliant with the policy in
-.Ar policy .
-.Sh BUILT-IN POLICY SYNTAX
-Available built-in policy options include the following:
-.Pp
-.Bl -tag -width kungfuninja -compact
-.It length
-Length of the password.
-.It uppercase
-Number of upper-case characters in the password.
-.It lowercase
-Number of lower-case characters in the password.
-.It digits
-Number of digits in the password.
-.It punctuation
-Number of punctuation characters in the password.
-.It nclasses
-Number of different character classes in the password.
-.It ntoggles
-How often a user has to toggle between character classes in the password.
-.El
-.Pp
-Options are used inside keys.
-An option uses a format of
-.Dq option = value .
-For the built-in options, we use either
-.Dq N
-or
-.Dq N-M
-for the value.
-.Pp
-The first,
-.Dq N
-format, specifies a single length.
-For example, the following option specifies that the password should
-have exactly 3 upper-case characters:
-.Bd -literal -offset indent
-uppercase = 3
-.Ed
-.Pp
-The second,
-.Dq N-M
-format, can be used to specify a range.
-Forcing a policy for number of digits between 1 and 4 would be:
-.Bd -literal -offset indent
-digits = 1-4
-.Ed
-.Pp
-The characters
-.Sq 0
-and
-.Sq *
-can also be used to indicate
-.Dq not allowed
-and
-.Dq any number ,
-respectively.
-To illustrate, the following example states that the number of
-punctuation characters should be at least two:
-.Bd -literal -offset indent
-punctuation = 2-*
-.Ed
-.Pp
-No more than 7 digits:
-.Bd -literal -offset indent
-digits = *-7
-.Ed
-.Pp
-Any number of lower-case characters:
-.Bd -literal -offset indent
-lowercase = *
-.Ed
-.Pp
-Upper-case characters not allowed:
-.Bd -literal -offset indent
-uppercase = 0
-.Ed
-.Pp
-To specify that the password must be at least 8 characters long:
-.Bd -literal -offset indent
-length = 8-*
-.Ed
Prev by Date: [src/trunk]: src/sys/rump/librump/rumpkern ignore pmf threads if RUMP_THREADS...
Next by Date: [src/trunk]: src/sys/dev/sbus tcx doesn't use bt_dac
Previous by Thread: [src/trunk]: src/sys/rump/librump/rumpkern ignore pmf threads if RUMP_THREADS...
Next by Thread: [src/trunk]: src/sys/dev/sbus tcx doesn't use bt_dac
Indexes:
Home | Main Index | Thread Index | Old Index