Commit da1f7c03 authored by Mike Hibler's avatar Mike Hibler

Merge branch 'master' of gitlab.flux.utah.edu:emulab/emulab-devel

parents 9e1ea712 280b80fe
......@@ -2015,6 +2015,9 @@ sub DoMaxExtension()
$webtask->output($errmsg) if (defined($errmsg));
$webtask->Exited($errcode);
}
if ($errcode < 0) {
print STDERR "\n\n" . $instance->webURL() . "\n";
}
exit($errcode);
}
......
......@@ -77,12 +77,12 @@ int parse_ptop(tb_pgraph &pg, tb_sgraph &sg, istream& input)
{
int num_nodes = 0;
int line=0,errors=0;
char inbuf[32768];
char inbuf[65536];
string_vector parsed_line;
while (!input.eof()) {
line++;
input.getline(inbuf,32768);
input.getline(inbuf,65536);
parsed_line = split_line(inbuf,' ');
if (parsed_line.size() == 0) {continue;}
......
......@@ -4617,6 +4617,7 @@ outfiles="Makeconf GNUmakefile setversion \
tmcc/ubuntu16/GNUmakefile \
tmcc/ubuntu16-ms/GNUmakefile \
tmcc/ubuntu18/GNUmakefile \
tmcc/ubuntu18-ms/GNUmakefile \
tmcc/linux-ms/GNUmakefile \
tmcc/archlinux/GNUmakefile \
tmcc/alpine/GNUmakefile \
......
......@@ -305,6 +305,7 @@ outfiles="Makeconf GNUmakefile setversion \
tmcc/ubuntu16/GNUmakefile \
tmcc/ubuntu16-ms/GNUmakefile \
tmcc/ubuntu18/GNUmakefile \
tmcc/ubuntu18-ms/GNUmakefile \
tmcc/linux-ms/GNUmakefile \
tmcc/archlinux/GNUmakefile \
tmcc/alpine/GNUmakefile \
......
......@@ -1701,7 +1701,7 @@ int
event_notification_insert_hmac(event_handle_t handle,
event_notification_t notification)
{
HMAC_CTX ctx;
HMAC_CTX *ctxp;
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int len = EVP_MAX_MD_SIZE;
......@@ -1720,22 +1720,42 @@ event_notification_insert_hmac(event_handle_t handle,
pubsub_notification_remove(notification->pubsub_notification,
"___elvin_ordered___", &handle->status);
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
HMAC_CTX ctx;
ctxp = &ctx;
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen, EVP_sha1(), NULL);
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#endif
#endif
if (!pubsub_notification_traverse(notification->pubsub_notification,
hmac_traverse,
&ctx, &handle->status)) {
ctxp, &handle->status)) {
ERROR("event_notification_insert_hmac failed: hmac_traverse\n");
HMAC_cleanup(&ctx);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return 1;
}
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
ctxp = NULL;
if (0) {
hmac_dump("event_notification_insert_hmac", mac, len);
......@@ -1833,7 +1853,10 @@ static int
event_notification_check_hmac(event_handle_t handle,
event_notification_t notification)
{
HMAC_CTX ctx;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
HMAC_CTX ctx;
#endif
HMAC_CTX *ctxp = NULL;
unsigned char srcmac[EVP_MAX_MD_SIZE], mac[EVP_MAX_MD_SIZE];
char *pmac;
unsigned int srclen, len = EVP_MAX_MD_SIZE;
......@@ -1842,6 +1865,11 @@ event_notification_check_hmac(event_handle_t handle,
#ifdef ELVIN_COMPAT
struct elvin_hashtable *hashtable;
#endif
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
ctxp = &ctx;
#endif
if (0)
INFO("event_notification_check_hmac (key): %s\n",
handle->keydata);
......@@ -1900,18 +1928,32 @@ event_notification_check_hmac(event_handle_t handle,
* order, and uses __hmac__ to compare against.
*/
if (! elvin_ordered) {
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen,
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen,
EVP_sha1(), NULL);
#endif
#endif
hashtable = elvin_hashtable_alloc(0, &handle->status);
if (hashtable == NULL) {
ERROR("event_notification_check_hmac failed: "
"hashtable alloc\n");
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
if (!pubsub_notification_traverse(pubsub_notification,
......@@ -1921,18 +1963,32 @@ event_notification_check_hmac(event_handle_t handle,
ERROR("event_notification_check_hmac failed: "
"hmac_fill_hash\n");
elvin_hashtable_free(hashtable);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
if (!elvin_hashtable_traverse(hashtable, hmac_traverse,
&ctx, &handle->status)) {
ctxp, &handle->status)) {
ERROR("event_notification_check_hmac failed: "
"notify_traverse\n");
elvin_hashtable_free(hashtable);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
elvin_hashtable_free(hashtable);
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_reset(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
if (0) {
hmac_dump("event_notification_check_hmac (elvin)",
......@@ -1945,22 +2001,44 @@ event_notification_check_hmac(event_handle_t handle,
/*
* Do a normal HMAC check.
*/
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
if (!ctxp) {
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
}
else {
HMAC_CTX_reset(ctxp);
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen, EVP_sha1(), NULL);
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#endif
#endif
if (!pubsub_notification_traverse(pubsub_notification,
hmac_traverse,
&ctx, &handle->status)) {
HMAC_cleanup(&ctx);
ctxp, &handle->status)) {
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
if (0) {
hmac_dump("event_notification_check_hmac (plain)", mac, len);
......
......@@ -750,8 +750,12 @@ convpubkey(struct pubkeydata *k)
BN_bin2bn(k->modulus, k->keylength, mod);
BN_bin2bn(k->exponent, k->expsize, exp);
/* set up the RSA public key structure */
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
RSA_set0_key(rsa,mod,exp,NULL);
#else
rsa->n = mod;
rsa->e = exp;
#endif
return rsa;
}
......
......@@ -71,6 +71,8 @@ init_checksum(char *keyfile)
{
char str[1024];
FILE *file;
BIGNUM *n, *e, *dmp1, *dmq1, *iqmp;
n = e = dmp1 = dmq1 = iqmp = NULL;
if (keyfile == NULL || (file = fopen(keyfile, "r")) == NULL) {
fprintf(stderr, "%s: cannot open keyfile\n", keyfile);
......@@ -81,22 +83,33 @@ init_checksum(char *keyfile)
return 0;
}
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->n, str);
BN_hex2bn(&n, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->e, str);
BN_hex2bn(&e, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->dmp1, str);
BN_hex2bn(&dmp1, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->dmq1, str);
BN_hex2bn(&dmq1, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->iqmp, str);
BN_hex2bn(&iqmp, str);
fclose(file);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
RSA_set0_key(signature_key, n, e, NULL);
RSA_set0_crt_params(signature_key, dmp1, dmq1, iqmp);
#else
signature_key->n = n;
signature_key->e = e;
signature_key->dmp1 = dmp1;
signature_key->dmq1 = dmq1;
signature_key->iqmp = iqmp;
#endif
return 1;
bad:
......
......@@ -1396,21 +1396,29 @@ decrypt_buffer(unsigned char *dest, const unsigned char *source,
int update_count = 0;
int final_count = 0;
int error = 0;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
EVP_CIPHER_CTX context;
#endif
EVP_CIPHER_CTX *contextp;
EVP_CIPHER const *ecipher;
EVP_CIPHER_CTX_init(&context);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
contextp = EVP_CIPHER_CTX_new();
#else
contextp = &context;
EVP_CIPHER_CTX_init(contextp);
#endif
ecipher = EVP_bf_cbc();
EVP_DecryptInit(&context, ecipher, NULL, header->enc_iv);
EVP_CIPHER_CTX_set_key_length(&context, ENC_MAX_KEYLEN);
EVP_DecryptInit(&context, NULL, encryption_key, NULL);
EVP_DecryptInit(contextp, ecipher, NULL, header->enc_iv);
EVP_CIPHER_CTX_set_key_length(contextp, ENC_MAX_KEYLEN);
EVP_DecryptInit(contextp, NULL, encryption_key, NULL);
/* decrypt */
EVP_DecryptUpdate(&context, dest, &update_count, source, header->size);
EVP_DecryptUpdate(contextp, dest, &update_count, source, header->size);
/* cleanup */
error = EVP_DecryptFinal(&context, dest + update_count, &final_count);
error = EVP_DecryptFinal(contextp, dest + update_count, &final_count);
if (!error) {
char keystr[ENC_MAX_KEYLEN*2 + 1];
fprintf(stderr, "Padding was incorrect.\n");
......
......@@ -3215,6 +3215,21 @@ output_public_key(char *imagename, RSA *key)
fprintf(stderr, "Cannot create keyfile %s\n", fname);
exit(1);
}
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
const BIGNUM *n = NULL, *e = NULL;
const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
RSA_get0_key(key,&n,&e,NULL);
BN_print_fp(file, n);
fprintf(file, "\n");
BN_print_fp(file, e);
fprintf(file, "\n");
BN_print_fp(file, dmp1);
fprintf(file, "\n");
BN_print_fp(file, dmq1);
fprintf(file, "\n");
BN_print_fp(file, iqmp);
fprintf(file, "\n");
#else
BN_print_fp(file, key->n);
fprintf(file, "\n");
BN_print_fp(file, key->e);
......@@ -3225,6 +3240,7 @@ output_public_key(char *imagename, RSA *key)
fprintf(file, "\n");
BN_print_fp(file, key->iqmp);
fprintf(file, "\n");
#endif
fclose(file);
fprintf(stderr, "Signing pubkey written to %s\n", fname);
......@@ -3305,7 +3321,12 @@ checksum_finish(blockhdr_t *hdr)
/*
* Encryption functions
*/
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
static EVP_CIPHER_CTX *cipher_ctxp;
#else
static EVP_CIPHER_CTX cipher_ctx;
static EVP_CIPHER_CTX *cipher_ctxp = &cipher_ctx;
#endif
static const EVP_CIPHER *ecipher;
/* XXX: the size of the IV may have to change with different ciphers */
static uint8_t iv[ENC_MAX_KEYLEN];
......@@ -3325,7 +3346,11 @@ encrypt_start(blockhdr_t *hdr)
/*
* Pick our cipher - currently, only Blowfish in CBC mode is supported
*/
EVP_CIPHER_CTX_init(&cipher_ctx);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
cipher_ctxp = EVP_CIPHER_CTX_new();
#else
EVP_CIPHER_CTX_init(cipher_ctxp);
#endif
ecipher = EVP_bf_cbc();
/*
......@@ -3367,13 +3392,13 @@ encrypt_start(blockhdr_t *hdr)
/*
* Set the cipher and IV
*/
EVP_EncryptInit(&cipher_ctx, ecipher, NULL, iv);
EVP_EncryptInit(cipher_ctxp, ecipher, NULL, iv);
/*
* Bump up the key length and set the key
*/
EVP_CIPHER_CTX_set_key_length(&cipher_ctx, ENC_MAX_KEYLEN);
EVP_EncryptInit(&cipher_ctx, NULL, enc_key, NULL);
EVP_CIPHER_CTX_set_key_length(cipher_ctxp, ENC_MAX_KEYLEN);
EVP_EncryptInit(cipher_ctxp, NULL, enc_key, NULL);
/*
* Copy the IV into the header
......@@ -3393,9 +3418,9 @@ encrypt_chunk(uint8_t *buf, off_t size, off_t maxsize)
int encrypted_this_round = 0;
/* man page says encrypted output could be this large */
assert(size + EVP_CIPHER_CTX_block_size(&cipher_ctx) - 1 <= maxsize);
assert(size + EVP_CIPHER_CTX_block_size(cipher_ctxp) - 1 <= maxsize);
EVP_EncryptUpdate(&cipher_ctx, ebuffer_current, &encrypted_this_round,
EVP_EncryptUpdate(cipher_ctxp, ebuffer_current, &encrypted_this_round,
buf, size);
encrypted_bytes += encrypted_this_round;
ebuffer_current = encryption_buffer + encrypted_bytes;
......@@ -3406,7 +3431,7 @@ encrypt_finish(blockhdr_t *hdr, uint8_t *outbuf, uint32_t *out_size)
{
int encrypted_this_round = 0;
EVP_EncryptFinal(&cipher_ctx, ebuffer_current, &encrypted_this_round);
EVP_EncryptFinal(cipher_ctxp, ebuffer_current, &encrypted_this_round);
encrypted_bytes += encrypted_this_round;
/*
......
......@@ -96,6 +96,9 @@ endif
ifeq ($(MDSUBDIR),redhat9)
MDSUBDIR = linux9
endif
ifeq ($(MDSUBDIR),MoonshotUbuntu18)
MDSUBDIR = ubuntu18-ms
endif
ifeq ($(MDSUBDIR),MoonshotUbuntu16)
MDSUBDIR = ubuntu16-ms
endif
......
......@@ -137,7 +137,9 @@ Linux)
rel=1.0 # XXX probably wrong
fi
if [ "$dist" = "Ubuntu" -a `uname -m` = "aarch64" ]; then
if [ "$rel" = "16.04" ]; then
if [ "$rel" = "18.04" ]; then
tag=MoonshotUbuntu18
elif [ "$rel" = "16.04" ]; then
tag=MoonshotUbuntu16
else
tag=Moonshot
......
setenv bootargs ${bootargs} root=/dev/sda1
#
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
#
# XXX ONLY RUN THIS INSTALL ON AN UBUNTU LINUX TESTBED NODE!
#
# Trivial. These things just need to be installed into the right place
# on a testbed node before cutting an image.
#
#
SRCDIR = @srcdir@
TESTBED_SRCDIR = @top_srcdir@
OBJDIR = @top_builddir@
SUBDIR = $(subst $(TESTBED_SRCDIR)/,,$(SRCDIR))
include $(OBJDIR)/Makeconf
SCRIPTS =
#
# Force dependencies on the scripts so that they will be rerun through
# configure if the .in file is changed.
#
all: supfile ifcfgs
include $(TESTBED_SRCDIR)/GNUmakerules
SYSETCDIR = $(DESTDIR)/etc
ETCDIR = $(DESTDIR)$(CLIENT_ETCDIR)
BINDIR = $(DESTDIR)$(CLIENT_BINDIR)
VARDIR = $(DESTDIR)$(CLIENT_VARDIR)
RCDIR = $(SYSETCDIR)
RRCDIR = /etc
INSTALL = /usr/bin/install -c
COMMON = $(SRCDIR)/../common
DEFRUNLVLDIR ?= $(SYSETCDIR)/rc3.d
install client-install: common-install etc-install \
script-install bin-install sysetc-fixup sysetc-install \
systemd-install
@echo "Remember to install the PEM files if necessary"
simple-install: common-install script-install bin-install
dir-install:
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) dir-install)
$(INSTALL) -m 755 -o root -g root -d $(SYSETCDIR)/flash-kernel
$(INSTALL) -m 755 -o root -g root -d $(SYSETCDIR)/flash-kernel/ubootenv.d
common-install: dir-install
(cd ../common; $(MAKE) DESTDIR=$(DESTDIR) local-install)
bin-install: dir-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) bin-install)
etc-install: dir-install common-sysetc-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) etc-install)
$(INSTALL) -m 644 $(SRCDIR)/group $(ETCDIR)/group
$(INSTALL) -m 644 $(SRCDIR)/passwd $(ETCDIR)/passwd
$(INSTALL) -m 600 $(SRCDIR)/shadow $(ETCDIR)/shadow
$(INSTALL) -m 600 $(SRCDIR)/gshadow $(ETCDIR)/gshadow
common-sysetc-install: dir-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) common-sysetc-install)
sysetc-fixup:
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) sysetc-fixup)
sysetc-install: dir-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) sysetc-install)
$(INSTALL) -m 644 $(SRCDIR)/99-emulab $(SYSETCDIR)/flash-kernel/ubootenv.d/99-emulab
systemd-install: dir-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) systemd-install)
script-install: dir-install $(SCRIPTS)
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) script-install)
genirack-install:
sfs-install:
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
systemd-journal:x:101:
systemd-timesync:x:102:
systemd-network:x:103:
systemd-resolve:x:104:
input:x:106:
crontab:x:107:
syslog:x:108:
netdev:x:109:
messagebus:x:110:
uuidd:x:111:
mlocate:x:112:
ssh:x:113:
_cvsadmin:x:114:
ntp:x:115:
scanner:x:116:
colord:x:117:
ssl-cert:x:118:
postfix:x:105:
postdrop:x:119:
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::syslog
tty:*::
disk:*::
lp:*::
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*::
voice:*::
cdrom:*::
floppy:*::
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
systemd-journal:!::
systemd-timesync:!::
systemd-network:!::
systemd-resolve:!::
input:!::
crontab:!::
syslog:!::
netdev:!::
messagebus:!::
uuidd:!::
mlocate:!::
ssh:!::
_cvsadmin:!::
ntp:!::
scanner:!::
colord:!::
ssl-cert:!::
postfix:!::
postdrop:!::
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
messagebus:x:106:110::/var/run/dbus:/bin/false
uuidd:x:107:111::/run/uuidd:/bin/false
sshd:x:108:65534::/var/run/sshd:/usr/sbin/nologin
ntp:x:109:115::/home/ntp:/bin/false
colord:x:110:117:colord colour management daemon,,,:/var/lib/colord:/bin/false
statd:x:111:65534::/var/lib/nfs:/bin/false
postfix:x:103:105::/var/spool/postfix:/usr/sbin/nologin
root:$6$oVbtEIWC$TqOn/RqsXd9oWP05qPx8Sehp747uhl/1sFOtqOLkWQ3AVeWLF64xRCk3wLRlt8MtVbfw8xvQjVQF33qogjNGf.:17711:0:99999:7:::
daemon:*:16997:0:99999:7:::
bin:*:16997:0:99999:7:::
sys:*:16997:0:99999:7:::
sync:*:16997:0:99999:7:::
games:*:16997:0:99999:7:::
man:*:16997:0:99999:7:::
lp:*:16997:0:99999:7:::
mail:*:16997:0:99999:7:::
news:*:16997:0:99999:7:::
uucp:*:16997:0:99999:7:::
proxy:*:16997:0:99999:7:::
www-data:*:16997:0:99999:7:::
backup:*:16997:0:99999:7:::
list:*:16997:0:99999:7:::
irc:*:16997:0:99999:7:::
gnats:*:16997:0:99999:7:::