Project

General

Profile

Feature #8

Add ability to edit local users (GUI)

Added by Anonymous about 9 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Critical
Assignee:
-
Category:
GUI (new)
Target version:
-
Estimated time:
Severity:
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

We need the ability to add/delete/modify local users. Including passwords. We need to store the unix encrypted password, as well as the smb binary blob. We need to integrate both of these, and build /etc/master.passwd and /usr/local/etc/smbpasswd from the database (or from 'stub' files in the base system, for maximum flexibility).

This is for the GUI part of the task.

History

#1 Updated by Anonymous about 9 years ago

The GUI needs to edit the following fields. The back-end will use them to generate /etc/passwd. There is a slight asymmetry of data between the edit and add views. This is important, so I'll repeat it later.

The following fields are needed:

username : normal unix name
uid : number associated with the user. typically will be unique in the system. might be nice to have a way to automatically generate a uid.
gid: Group ID for this user by default (see below: we may also need to manage groups)
home directory: path to home directory (may need to create it, but the pw back-end will code)
shell: shell from /etc/shells the user gets to use. Most likely it will be /bin/nologin, but there are some cases where people may want fuller access than that.
Full name: Full name of the user.
password : the password for the user.

The password actualy is an interesting field. In the gui, it must be typed twice to confirm that it is set right. However, in the database, it needs to be stored as two fields. One field is the unix-salted has format. The other is whatever we need to store to feed to smbpasswd to get it to cope. That's a problem that the back end will need to cope with, but the middleware needs to know about this issue.

We may also need to add the user to one or more groups on the system from /etc/groups. If so, we'll also need a way to manage that as well...

#2 Updated by Vince - about 9 years ago

Agreed.

#3 Updated by Josh Paetzel almost 9 years ago

  • Status changed from Unscreened to Closed

Completed in r5778

#4 Updated by Jordan Hubbard over 4 years ago

  • Target version deleted (2)

#5 Avatar?id=14398&size=24x24 Updated by Kris Moore over 4 years ago

Commit: b37237ca66d074f9a694df584046813cb5ac0eff
https://github.com/pcbsd/freebsd-ports/commit/b37237ca66d074f9a694df584046813cb5ac0eff
Author: Bernard Spil <>
Date: 2015-09-10 (Thu, 10 Sep 2015)

Log Message:
-----------
Merge pull request #8 from pcbsd/master

Align with upstream

#6 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

Commit: 74ee4b3cf50478aaee3b7941ead10f2092321b8c
https://github.com/pcbsd/freebsd-ports/commit/74ee4b3cf50478aaee3b7941ead10f2092321b8c
Author: truckman <>
Date: 2015-11-14 (Sat, 14 Nov 2015)

Log Message:
-----------
Upgrade to version 0.9.0.

[ Henry Stern ]
  • New "query timeout" feature which allows for a configurable timeout on the
    execution of certain types of queries. Introduces new function
    dnstable_query_set_timeout() and new result code dnstable_res_timeout
    (#8).
  • New "time fencing" feature which filters based on 'time_first' and
    'time_last' values. Introduces new enum dnstable_filter_parameter_type and
    new function dnstable_query_set_filter_parameter() (#9).
  • Performance enhancement for some IP range and prefix searches (#11).
  • Fix unhandled IPv4/IPv6 address overflow for IP range/prefix queries
    (#14).
[ Robert Edmonds ]
  • dnstable_convert: Assert vendor 'SIE' and message type 'dnsdedupe' so that
    the following cast of the return value of nmsg_message_get_payload() is
    safe (#10).
  • Use CLOCK_MONOTONIC_COARSE rather than CLOCK_MONOTONIC_RAW for query
    timeouts (#12).
  • query_iter_next_ip(): Fix zero fill condition (#15).

Sponsored by: Farsight Security, Inc.

#7 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

Commit: a75070f2f050858412b1fc96729509285564f00c
https://github.com/pcbsd/freebsd-ports/commit/a75070f2f050858412b1fc96729509285564f00c
Author: miwi <>
Date: 2016-01-10 (Sun, 10 Jan 2016)

Log Message:
-----------
PyCryptodome is a fork of PyCrypto. It brings the following
enhancements with respect to the last official version of
PyCrypto (2.6.1):

  • Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
  • Accelerated AES on Intel platforms via AES-NI
  • First class support for PyPy
  • SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms
  • Salsa20 and ChaCha20 stream ciphers
  • scrypt and HKDF
  • Deterministic DSA
  • Password-protected PKCS#8 key containers
  • Shamir's Secret Sharing scheme
  • Random numbers get sourced directly from the OS (and not from
    a CSPRNG in userspace)
  • Simplified install process, including better support for Windows
  • Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
  • Major clean ups and simplification of the code base

WWW: https://pypi.python.org/pypi/pycryptodome/

PR: 206095
Submitted by: Yuri Victorovich <>

#8 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

Commit: a75070f2f050858412b1fc96729509285564f00c
https://github.com/pcbsd/freebsd-ports/commit/a75070f2f050858412b1fc96729509285564f00c
Author: miwi <>
Date: 2016-01-10 (Sun, 10 Jan 2016)

Log Message:
-----------
PyCryptodome is a fork of PyCrypto. It brings the following
enhancements with respect to the last official version of
PyCrypto (2.6.1):

  • Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
  • Accelerated AES on Intel platforms via AES-NI
  • First class support for PyPy
  • SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms
  • Salsa20 and ChaCha20 stream ciphers
  • scrypt and HKDF
  • Deterministic DSA
  • Password-protected PKCS#8 key containers
  • Shamir's Secret Sharing scheme
  • Random numbers get sourced directly from the OS (and not from
    a CSPRNG in userspace)
  • Simplified install process, including better support for Windows
  • Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
  • Major clean ups and simplification of the code base

WWW: https://pypi.python.org/pypi/pycryptodome/

PR: 206095
Submitted by: Yuri Victorovich <>

Also available in: Atom PDF