Date: Tue, 17 Oct 2000 10:00:58 +1100 (EST) From: Brook.Schofield@bigfoot.com To: FreeBSD-gnats-submit@freebsd.org Subject: bin/22033: pw [PATCH] to allow encrypted password to be entered via fd Message-ID: <200010162300.e9GN0wL24904@mail.educ.utas.edu.au>
next in thread | raw e-mail | index | archive | help
>Number: 22033
>Category: bin
>Synopsis: [PATCH] to pw(8) to allow encrypted password to be entered via fd
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 16 16:00:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Brook Schofield
>Release: FreeBSD 4.1.1-STABLE i386
>Organization:
University of Tasmania
>Environment:
FreeBSD 4.1.1-STABLE i386
>Description:
pw(8) doesn't allow an already encrypted password to be added to the password file. This patch allows such by modifying the activity of '-w method' to allow 'crypt' option which causes '-h' to read the password literally and include in the password file, with the exception of an input containing a ':'.
>How-To-Repeat:
Apply the following patch to pw
>Fix:
diff -ur pw_dir/pw.8 pw_dir2/pw.8
--- pw_dir/pw.8 Fri Mar 3 01:53:37 2000
+++ pw_dir2/pw.8 Tue Oct 17 00:09:23 2000
@@ -604,6 +604,9 @@
force a blank password
.It random
generate a random password
+.It crypt
+the supplied password is encrypted. Suitable only with
+.Ql Fl h
.El
.Pp
The
diff -ur pw_dir/pw_conf.c pw_dir2/pw_conf.c
--- pw_dir/pw_conf.c Sun Jul 16 11:48:12 2000
+++ pw_dir2/pw_conf.c Tue Oct 17 00:14:48 2000
@@ -187,6 +187,11 @@
return -1;
if (strcmp(str, "none") == 0)
return -2;
+ /*
+ * Special case for encrypted password
+ */
+ if (strcmp(str, "crypt") == 0)
+ return -3;
}
return dflt;
}
diff -ur pw_dir/pw_group.c pw_dir2/pw_group.c
--- pw_dir/pw_group.c Thu Jun 29 05:19:04 2000
+++ pw_dir2/pw_group.c Tue Oct 17 09:52:20 2000
@@ -196,7 +196,16 @@
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
- grp->gr_passwd = pw_pwcrypt(line);
+ if (((arg = getarg(args, 'w')) != NULL) &&
+ (boolean_val(arg->val, cnf->default_password) == -3)) {
+ int i;
+ for (i = 0; i < strlen(line); i++) {
+ if (line[i] == ':')
+ return EX_DATAERR;
+ }
+ grp->gr_passwd = line;
+ } else
+ grp->gr_passwd = pw_pwcrypt(line);
}
}
diff -ur pw_dir/pw_user.c pw_dir2/pw_user.c
--- pw_dir/pw_user.c Wed Oct 11 14:57:59 2000
+++ pw_dir2/pw_user.c Tue Oct 17 09:50:53 2000
@@ -643,12 +643,24 @@
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
- lc = login_getpwclass(pwd);
- if (lc == NULL ||
- login_setcryptfmt(lc, "md5", NULL) == NULL)
- warn("setting crypt(3) format");
- login_close(lc);
- pwd->pw_passwd = pw_pwcrypt(line);
+ /* check for encrypted/literal password in file descriptor */
+ if (((arg = getarg(args, 'w')) != NULL) &&
+ (boolean_val(arg->val, cnf->default_password) == -3)) {
+ int i;
+ /* password is encrypted - check for ':' in password */
+ for (i = 0; i < strlen(line); i++) {
+ if (line[i] == ':')
+ return EX_DATAERR;
+ }
+ pwd->pw_passwd = line;
+ } else {
+ lc = login_getpwclass(pwd);
+ if (lc == NULL ||
+ login_setcryptfmt(lc, "md5", NULL) == NULL)
+ warn("setting crypt(3) format");
+ login_close(lc);
+ pwd->pw_passwd = pw_pwcrypt(line);
+ }
edited = 1;
}
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010162300.e9GN0wL24904>