Project

General

Profile

Bug #2362 ยป 0001-pw-8-Add-an-option-to-accept-encrypted-passwords.patch

jaydg, 05/06/2012 07:27 AM

View differences:

usr.sbin/pw/pw.8
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD: src/usr.sbin/pw/pw.8,v 1.19.2.12 2003/05/08 15:01:44 trhodes Exp $
.\" $DragonFly: src/usr.sbin/pw/pw.8,v 1.5 2008/05/02 02:05:08 swildner Exp $
.\"
.Dd December 9, 1996
.Dd January 11, 2004
.Dt PW 8
.Os
.Sh NAME
......
.Op Fl s Ar shell
.Op Fl o
.Op Fl L Ar class
.Op Fl h Ar fd
.Op Fl h Ar fd | Fl H Ar fd
.Op Fl N
.Op Fl P
.Op Fl Y
......
.Op Fl w Ar method
.Op Fl s Ar shell
.Op Fl L Ar class
.Op Fl h Ar fd
.Op Fl h Ar fd | Fl H Ar fd
.Op Fl N
.Op Fl P
.Op Fl Y
......
.Op Fl g Ar gid
.Op Fl M Ar members
.Op Fl o
.Op Fl h Ar fd
.Op Fl h Ar fd | Fl H Ar fd
.Op Fl N
.Op Fl P
.Op Fl Y
......
.Op Fl l Ar name
.Op Fl M Ar members
.Op Fl m Ar newmembers
.Op Fl h Ar fd
.Op Fl h Ar fd | Fl H Ar fd
.Op Fl N
.Op Fl P
.Op Fl Y
......
then the password will be set to
.Ql \&* ,
rendering the account inaccessible via password-based login.
.It Fl H Ar fd
Read an encrypted password string from the specified file descriptor.
This is like
.Fl h ,
but the password should be supplied already encrypted in a form
suitable for writing directly to the password database.
.El
.Pp
It is possible to use
usr.sbin/pw/pw.c
* SUCH DAMAGE.
*
* $FreeBSD: src/usr.sbin/pw/pw.c,v 1.18.2.5 2001/07/19 01:46:55 kris Exp $
* $DragonFly: src/usr.sbin/pw/pw.c,v 1.3 2004/12/18 22:48:04 swildner Exp $
*/
#include <err.h>
......
static const char *opts[W_NUM][M_NUM] =
{
{ /* user */
"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:Db:NPy:Y",
"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:H:Db:NPy:Y",
"V:C:qn:u:rY",
"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:FNPY",
"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:H:FNPY",
"V:C:qn:u:FPa7",
"V:C:q",
"V:C:q",
"V:C:q"
},
{ /* grp */
"V:C:qn:g:h:M:pNPY",
"V:C:qn:g:h:H:M:pNPY",
"V:C:qn:g:Y",
"V:C:qn:g:l:h:FM:m:NPY",
"V:C:qn:g:l:h:H:FM:m:NPY",
"V:C:qn:g:FPa",
"V:C:q"
}
......
"\t-o duplicate uid ok\n"
"\t-L class user class\n"
"\t-h fd read password on fd\n"
"\t-H fd read encrypted password on fd\n"
"\t-Y update NIS maps\n"
"\t-N no update\n"
" Setting defaults:\n"
......
"\t-s shell name of login shell\n"
"\t-w method set new password using method\n"
"\t-h fd read password on fd\n"
"\t-H fd read encrypted password on fd\n"
"\t-Y update NIS maps\n"
"\t-N no update\n",
"usage: pw usershow [uid|name] [switches]\n"
usr.sbin/pw/pw_group.c
* SUCH DAMAGE.
*
* $FreeBSD: src/usr.sbin/pw/pw_group.c,v 1.12.2.1 2000/06/28 19:19:04 ache Exp $
* $DragonFly: src/usr.sbin/pw/pw_group.c,v 1.3 2004/09/25 20:38:21 dillon Exp $
*/
#include <ctype.h>
......
* software.
*/
if ((arg = getarg(args, 'h')) != NULL) {
if ((arg = getarg(args, 'h')) != NULL ||
(arg = getarg(args, 'H')) != NULL) {
if (strcmp(arg->val, "-") == 0)
grp->gr_passwd = "*"; /* No access */
else {
int fd = atoi(arg->val);
int precrypt = (arg->ch == 'H');
int b;
int istty = isatty(fd);
struct termios t;
......
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
grp->gr_passwd = pw_pwcrypt(line);
if (precrypt) {
if (strchr(line, ':') != NULL)
return EX_DATAERR;
grp->gr_passwd = line;
} else
grp->gr_passwd = pw_pwcrypt(line);
}
}
usr.sbin/pw/pw_user.c
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* $FreeBSD: src/usr.sbin/pw/pw_user.c,v 1.34.2.13 2003/02/01 21:20:10 gad Exp $
* $DragonFly: src/usr.sbin/pw/pw_user.c,v 1.4 2004/11/30 20:12:21 joerg Exp $
*/
#include <ctype.h>
......
* -L class user class
* -l name new login name
* -h fd password filehandle
* -H fd encrypted password filehandle
* -F force print or add
* Setting defaults:
* -D set user defaults
......
warnx("WARNING: home `%s' is not a directory", pwd->pw_dir);
}
if ((arg = getarg(args, 'w')) != NULL && getarg(args, 'h') == NULL) {
if ((arg = getarg(args, 'w')) != NULL &&
getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) {
login_cap_t *lc;
lc = login_getpwclass(pwd);
......
}
}
if ((arg = getarg(args, 'h')) != NULL) {
if ((arg = getarg(args, 'h')) != NULL ||
(arg = getarg(args, 'H')) != NULL) {
if (strcmp(arg->val, "-") == 0) {
if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
pwd->pw_passwd = "*"; /* No access */
......
}
} else {
int fd = atoi(arg->val);
int precrypt = (arg->ch == 'H');
int b;
int istty = isatty(fd);
struct termios t;
......
/* Disable echo */
n.c_lflag &= ~(ECHO);
tcsetattr(fd, TCSANOW, &n);
printf("%sassword for user %s:", (mode == M_UPDATE) ? "New p" : "P", pwd->pw_name);
printf("%s%spassword for user %s:",
(mode == M_UPDATE) ? "new " : "",
precrypt ? "encrypted " : "",
pwd->pw_name);
fflush(stdout);
}
}
......
fflush(stdout);
}
if (b < 0) {
warn("-h file descriptor");
warn("-%c file descriptor", precrypt ? 'H' :
'h');
return EX_IOERR;
}
line[b] = '\0';
......
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
lc = login_getpwclass(pwd);
if (lc == NULL ||
login_setcryptfmt(lc, "md5", NULL) == NULL)
warn("setting crypt(3) format");
login_close(lc);
pwd->pw_passwd = pw_pwcrypt(line);
if (precrypt) {
if (strchr(line, ':') != NULL)
return EX_DATAERR;
pwd->pw_passwd = line;
} else {
lc = login_getpwclass(pwd);
if (lc == NULL ||
login_setcryptfmt(lc, "md5", NULL) == NULL)
warn("setting crypt(3) format");
login_close(lc);
pwd->pw_passwd = pw_pwcrypt(line);
}
edited = 1;
}
}
......
/*
* We give this information back to the user
*/
if (getarg(args, 'h') == NULL && getarg(args, 'N') == NULL) {
if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL &&
getarg(args, 'N') == NULL) {
if (isatty(STDOUT_FILENO))
printf("Password for '%s' is: ", user);
printf("%s\n", pwbuf);
    (1-1/1)