Date: Wed, 8 Oct 1997 13:59:46 +1100 (EST) From: Brook Schofield <brook@CU-SeeMe.educ.utas.edu.au> To: freebsd-hackers@freebsd.org Subject: Modification to the `pw' command Message-ID: <Pine.BSF.3.96.971008135727.6021A-100000@CU-SeeMe.educ.utas.edu.au>
next in thread | raw e-mail | index | archive | help
#This is a modification to the `pw' command that I have made to allow the
#enabling, disabling and setting of an encrypted password on the command
#line. Comments, bugs... security problems please!
#Brook
diff -c -r pw/README pw.new/README
*** pw/README Tue Dec 10 01:05:35 1996
--- pw.new/README Sun Sep 28 17:40:45 1997
***************
*** 20,22 ****
--- 20,23 ----
$Id: README,v 1.1.1.1 1996/12/09 14:05:35 joerg Exp $
+ Modifications to the `pw' command by Brook Schofiled <brook@tassie.net.au> include the `-W' command which allows the command line enabling, disabling and changing of passwords (in encrypted form). 19970928
diff -c -r pw/pw.8 pw.new/pw.8
*** pw/pw.8 Thu Mar 6 16:34:43 1997
--- pw.new/pw.8 Sun Sep 28 17:33:43 1997
***************
*** 22,30 ****
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
! .\" $Id: pw.8,v 1.1.1.1.2.3 1997/03/06 05:34:43 mpp Exp $
.\"
! .Dd December 9, 1996
.Dt PW 8
.Os
.Sh NAME
--- 22,30 ----
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
! .\" $Id: pw.8,v 1.1.1.1.2.3 1997/09/28 05:34:43 mpp Exp $
.\"
! .Dd September 28, 1997
.Dt PW 8
.Os
.Sh NAME
***************
*** 52,57 ****
--- 52,58 ----
.Op Fl h Ar fd
.Op Fl N
.Op Fl P
+ .Op Fl W Ar enc_pass
.Nm pw
.Ar useradd
.Op name|uid
***************
*** 96,101 ****
--- 97,103 ----
.Op Fl h Ar fd
.Op Fl N
.Op Fl P
+ .Op Fl W Ar enc_pass
.Nm pw
.Ar usershow
.Op name|uid
***************
*** 120,125 ****
--- 122,128 ----
.Op Fl h Ar fd
.Op Fl N
.Op Fl P
+ .Op Fl W Ar enc_pass
.Nm pw
.Ar groupdel
.Op Fl n Ar name
***************
*** 137,142 ****
--- 140,146 ----
.Op Fl h Ar fd
.Op Fl N
.Op Fl P
+ .Op Fl W Ar enc_pass
.Nm pw
.Ar groupshow
.Op Fl n Ar name
***************
*** 429,434 ****
--- 433,462 ----
then the password will be set to
.Ql \&* ,
rendering the account inaccessible via passworded login.
+ .It Fl W Ar enc_pass
+ The
+ .Ql Fl w
+ option sets or modifies the value of the password for the account. The
+ .Ar enc_pass
+ is one of:
+ .Pp
+ .Bl -tag -width enc_pass -offset indent -compact
+ .It \&-
+ disables the account by prepending an
+ .Ql \&*
+ to the password.
+ .It \&+
+ enables the account by removing an
+ .Ql \&*
+ from the password.
+ .It enc_pass
+ changes password entry to supplied string. The string
+ .Ar enc_pass
+ must already be encrypted with the
+ .Ar crypt()
+ function for the password to operate correctly.
+ .El
+ .Pp
.El
.Pp
It is possible to use
***************
*** 787,793 ****
.Xr pw.conf 5 ,
.Xr pwd_mkdb 8 ,
.Xr login.conf 5 ,
! .Xr vipw 8
.Sh HISTORY
.Nm pw
was written to mimic many of the options used in the SYSV
--- 815,822 ----
.Xr pw.conf 5 ,
.Xr pwd_mkdb 8 ,
.Xr login.conf 5 ,
! .Xr vipw 8 ,
! .Xr crypt 3
.Sh HISTORY
.Nm pw
was written to mimic many of the options used in the SYSV
***************
*** 797,799 ****
--- 826,833 ----
.Bx 4.4
operating system, and combines all of the major elements
into a single command.
+ .Nm pw
+ has been modified to allow the command line enabling, disabling and setting of
+ the password field using the
+ .Fl W
+ command.
diff -c -r pw/pw.c pw.new/pw.c
*** pw/pw.c Fri Feb 7 22:21:45 1997
--- pw.new/pw.c Sun Sep 28 17:51:26 1997
***************
*** 58,73 ****
static const char *opts[W_NUM][M_NUM] =
{
{ /* user */
! "C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:Db:NP",
"C:qn:u:r",
! "C:qn:u:c:d:e:l:p:g:G:mk:s:w:L:h:FNP",
"C:qn:u:FPa",
"C:q"
},
{ /* grp */
! "C:qn:g:h:M:pNP",
"C:qn:g:",
! "C:qn:g:l:h:FM:m:NP",
"C:qn:g:FPa",
"C:q"
}
--- 58,73 ----
static const char *opts[W_NUM][M_NUM] =
{
{ /* user */
! "C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:W:h:Db:NP",
"C:qn:u:r",
! "C:qn:u:c:d:e:l:p:g:G:mk:s:w:W:L:h:FNP",
"C:qn:u:FPa",
"C:q"
},
{ /* grp */
! "C:qn:g:h:W:M:pNP",
"C:qn:g:",
! "C:qn:g:l:h:W:FM:m:NP",
"C:qn:g:FPa",
"C:q"
}
***************
*** 226,231 ****
--- 226,232 ----
"\t-L class user class\n"
"\t-h fd read password on fd\n"
"\t-N no update\n"
+ "\t-W enc_pass modified or encrypted password\n"
" Setting defaults:\n"
"\t-D set user defaults\n"
"\t-b dir default home root dir\n"
***************
*** 262,267 ****
--- 263,269 ----
"\t-w method set new password using method\n"
"\t-h fd read password on fd\n"
"\t-N no update\n",
+ "\t-W enc_pass modified or encrypted password\n"
"usage: %s usershow [uid|name] [switches]\n"
"\t-n name login name\n"
"\t-u uid user id\n"
diff -c -r pw/pw_user.c pw.new/pw_user.c
*** pw/pw_user.c Fri Feb 7 22:21:46 1997
--- pw.new/pw_user.c Sun Sep 28 18:15:16 1997
***************
*** 427,433 ****
fprintf(stderr, "WARNING: home `%s' is not a directory\n", pwd->pw_dir);
}
! if ((arg = getarg(args, 'w')) != NULL && getarg(args, 'h') == NULL)
pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name);
} else {
--- 427,433 ----
fprintf(stderr, "WARNING: home `%s' is not a directory\n", pwd->pw_dir);
}
! if (getarg(args,'W') != NULL && (arg = getarg(args, 'w')) != NULL && getarg(args, 'h') == NULL)
pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name);
} else {
***************
*** 457,462 ****
--- 457,518 ----
/*
* Shared add/edit code
*/
+ if ((arg = getarg(args, 'W')) != NULL) {
+ /* All New Stuff Added by Brook!
+ * Modified by Brook Schofield 19970928A
+ *
+ * This new code suppliments the code for the -h & -w commands
+ * that the pw command uses to read from a file handle and generate
+ * a password. This code reads the password or options from the
+ * command line and either enables (+ option), disables (- option)
+ * or enters a password directly into the password database.
+ * This code if functionally equivalent to that of -h & -w and
+ * as expected without removing the security of the original `pw' code.
+ */
+
+ if (strcmp(arg->val, "-") == 0) { /* option `-W -' used */
+ if (strncmp(pwd->pw_passwd, "*", 1) == 0) { /* test to see if account is disabled */
+ if (mode == M_ADD) { /* option `adduser' used */
+ pwd->pw_passwd = "*"; /* set password to `*' if -W specified during `adduser' */
+ } else {
+ return EXIT_SUCCESS; /* return success as account is already disabled */
+ }
+ } else {
+ strcpy(line,"*"); /* disable account by prepending an `*' */
+ strcat(line,pwd->pw_passwd); /* to the start of the password entry */
+ pwd->pw_passwd = line; /* store modified password */
+ }
+ } else if (strcmp(arg->val, "+") == 0) { /* option `-W +' used */
+ int i;
+ if (strncmp(pwd->pw_passwd, "*", 1) == 0) { /* test to see if accout is disabled */
+ for(i = 1; pwd->pw_passwd[i] != '\0'; i++) {
+ line[i-1] = pwd->pw_passwd[i]; /* transfer all but first character to new passwd */
+ }
+ line[i-1] = '\0'; /* terminate the password string */
+ pwd->pw_passwd = line; /* store modified password */
+ } else {
+ if (mode == M_ADD) { /* option `adduser' used */
+ pwd->pw_passwd = "*"; /* set password to `*' if -W specified during `adduser' */
+ } else {
+ return EXIT_SUCCESS; /* return success as account is enabled */
+ }
+ }
+ } else {
+ int i; /* if an encrypted password was specified on the command line */
+ if (strchr(arg->val,':')) /* check to see if the password contains invalid characters */
+ cmderr(EX_DATAERR, "password contains invalid character");
+ /* EX_DATAERR password contains invalid character */
+
+ for(i = 0; arg->val[i] != '\0'; i++) { /* checks for the occurrance of non-printing characters including spaces */
+ if (!isgraph(arg->val[i])) /* uses isgraph(c) from <ctype.h> */
+ cmderr(EX_DATAERR, "password contains non-printing character");
+ } /* the password should only contain `0-9a-zA-Z$.' other characters are */
+ /* allowed by wouldn't be useful and would make the account disabled */
+
+ pwd->pw_passwd = arg->val; /* enter specified password as the new encrypted password */
+ }
+ }
+
if ((arg = getarg(args, 'c')) != NULL)
pwd->pw_gecos = pw_checkname((u_char*)arg->val, 1);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971008135727.6021A-100000>