Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Jan 2005 16:06:13 GMT
From:      Lee Burton <lburton@extremezone.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/76756: function pw_equal in pw_util.c does not test pw_passwd field so any changes made by chpass to that field are ignored.
Message-ID:  <200501271606.j0RG6DnE004483@www.freebsd.org>
Resent-Message-ID: <200501271610.j0RGAG3o085020@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         76756
>Category:       bin
>Synopsis:       function pw_equal in pw_util.c does not test pw_passwd field so any changes made by chpass to that field are ignored.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 27 16:10:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Lee Burton
>Release:        5.3
>Organization:
Extrenme Internet
>Environment:
FreeBSD eiscanner01.extremezone.com 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov  5 04:19:18 UTC 2004     root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
Our organization uses the "splat" method of disabling users, i.e. an
asterisk is prepended to the encrypted password string using chpass.
After upgrading to 5.3, attempts to change the encrypted string resulted
in a "user information unchanged".
>How-To-Repeat:
Use chpass to modify only the pw_passwd field.
>Fix:
Add the following line to pw_equal:

strcmp(pw1->pw_passwd, pw2->pw_passwd) == 0 &&

so pw_equal looks like:

/*
 * Compares two struct pwds.
 */
int
pw_equal(const struct passwd *pw1, const struct passwd *pw2)
{
        return (strcmp(pw1->pw_name, pw2->pw_name) == 0 &&
            strcmp(pw1->pw_passwd, pw2->pw_passwd) == 0 &&
            pw1->pw_uid == pw2->pw_uid &&
            pw1->pw_gid == pw2->pw_gid &&
            strcmp(pw1->pw_class, pw2->pw_class) == 0 &&
            pw1->pw_change == pw2->pw_change &&
            pw1->pw_expire == pw2->pw_expire &&
            strcmp(pw1->pw_gecos, pw2->pw_gecos) == 0 &&
            strcmp(pw1->pw_dir, pw2->pw_dir) == 0 &&
            strcmp(pw1->pw_shell, pw2->pw_shell) == 0);
}

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501271606.j0RG6DnE004483>