0001-pw-8-Add-an-option-to-accept-encrypted-passwords.patch

jaydg, 05/06/2012 07:27 AM

Download (8.45 KB)

View differences:

usr.sbin/pw/pw.8
23 23
.\" SUCH DAMAGE.
24 24
.\"
25 25
.\" $FreeBSD: src/usr.sbin/pw/pw.8,v 1.19.2.12 2003/05/08 15:01:44 trhodes Exp $
26
.\" $DragonFly: src/usr.sbin/pw/pw.8,v 1.5 2008/05/02 02:05:08 swildner Exp $
27 26
.\"
28
.Dd December 9, 1996
27
.Dd January 11, 2004
29 28
.Dt PW 8
30 29
.Os
31 30
.Sh NAME
......
52 51
.Op Fl s Ar shell
53 52
.Op Fl o
54 53
.Op Fl L Ar class
55
.Op Fl h Ar fd
54
.Op Fl h Ar fd | Fl H Ar fd
56 55
.Op Fl N
57 56
.Op Fl P
58 57
.Op Fl Y
......
102 101
.Op Fl w Ar method
103 102
.Op Fl s Ar shell
104 103
.Op Fl L Ar class
105
.Op Fl h Ar fd
104
.Op Fl h Ar fd | Fl H Ar fd
106 105
.Op Fl N
107 106
.Op Fl P
108 107
.Op Fl Y
......
131 130
.Op Fl g Ar gid
132 131
.Op Fl M Ar members
133 132
.Op Fl o
134
.Op Fl h Ar fd
133
.Op Fl h Ar fd | Fl H Ar fd
135 134
.Op Fl N
136 135
.Op Fl P
137 136
.Op Fl Y
......
153 152
.Op Fl l Ar name
154 153
.Op Fl M Ar members
155 154
.Op Fl m Ar newmembers
156
.Op Fl h Ar fd
155
.Op Fl h Ar fd | Fl H Ar fd
157 156
.Op Fl N
158 157
.Op Fl P
159 158
.Op Fl Y
......
508 507
then the password will be set to
509 508
.Ql \&* ,
510 509
rendering the account inaccessible via password-based login.
510
.It Fl H Ar fd
511
Read an encrypted password string from the specified file descriptor.
512
This is like
513
.Fl h ,
514
but the password should be supplied already encrypted in a form
515
suitable for writing directly to the password database.
511 516
.El
512 517
.Pp
513 518
It is possible to use
usr.sbin/pw/pw.c
24 24
 * SUCH DAMAGE.
25 25
 *
26 26
 * $FreeBSD: src/usr.sbin/pw/pw.c,v 1.18.2.5 2001/07/19 01:46:55 kris Exp $
27
 * $DragonFly: src/usr.sbin/pw/pw.c,v 1.3 2004/12/18 22:48:04 swildner Exp $
28 27
 */
29 28

  
30 29
#include <err.h>
......
104 103
	static const char *opts[W_NUM][M_NUM] =
105 104
	{
106 105
		{ /* user */
107
			"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:Db:NPy:Y",
106
			"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:H:Db:NPy:Y",
108 107
			"V:C:qn:u:rY",
109
			"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:FNPY",
108
			"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:H:FNPY",
110 109
			"V:C:qn:u:FPa7",
111 110
			"V:C:q",
112 111
			"V:C:q",
113 112
			"V:C:q"
114 113
		},
115 114
		{ /* grp  */
116
			"V:C:qn:g:h:M:pNPY",
115
			"V:C:qn:g:h:H:M:pNPY",
117 116
			"V:C:qn:g:Y",
118
			"V:C:qn:g:l:h:FM:m:NPY",
117
			"V:C:qn:g:l:h:H:FM:m:NPY",
119 118
			"V:C:qn:g:FPa",
120 119
			"V:C:q"
121 120
		 }
......
313 312
				"\t-o             duplicate uid ok\n"
314 313
				"\t-L class       user class\n"
315 314
				"\t-h fd          read password on fd\n"
315
				"\t-H fd          read encrypted password on fd\n"
316 316
				"\t-Y             update NIS maps\n"
317 317
				"\t-N             no update\n"
318 318
				"  Setting defaults:\n"
......
355 355
				"\t-s shell       name of login shell\n"
356 356
				"\t-w method      set new password using method\n"
357 357
				"\t-h fd          read password on fd\n"
358
				"\t-H fd          read encrypted password on fd\n"
358 359
				"\t-Y             update NIS maps\n"
359 360
				"\t-N             no update\n",
360 361
				"usage: pw usershow [uid|name] [switches]\n"
usr.sbin/pw/pw_group.c
24 24
 * SUCH DAMAGE.
25 25
 *
26 26
 * $FreeBSD: src/usr.sbin/pw/pw_group.c,v 1.12.2.1 2000/06/28 19:19:04 ache Exp $
27
 * $DragonFly: src/usr.sbin/pw/pw_group.c,v 1.3 2004/09/25 20:38:21 dillon Exp $
28 27
 */
29 28

  
30 29
#include <ctype.h>
......
168 167
	 * software.
169 168
	 */
170 169

  
171
	if ((arg = getarg(args, 'h')) != NULL) {
170
	if ((arg = getarg(args, 'h')) != NULL ||
171
	    (arg = getarg(args, 'H')) != NULL) {
172 172
		if (strcmp(arg->val, "-") == 0)
173 173
			grp->gr_passwd = "*";	/* No access */
174 174
		else {
175 175
			int             fd = atoi(arg->val);
176
			int		precrypt = (arg->ch == 'H');
176 177
			int             b;
177 178
			int             istty = isatty(fd);
178 179
			struct termios  t;
......
206 207
				*p = '\0';
207 208
			if (!*line)
208 209
				errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
209
			grp->gr_passwd = pw_pwcrypt(line);
210
			if (precrypt) {
211
				if (strchr(line, ':') != NULL)
212
					return EX_DATAERR;
213
				grp->gr_passwd = line;
214
			} else
215
				grp->gr_passwd = pw_pwcrypt(line);
210 216
		}
211 217
	}
212 218

  
usr.sbin/pw/pw_user.c
23 23
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 24
 * SUCH DAMAGE.
25 25
 * 
26
 *
27 26
 * $FreeBSD: src/usr.sbin/pw/pw_user.c,v 1.34.2.13 2003/02/01 21:20:10 gad Exp $
28
 * $DragonFly: src/usr.sbin/pw/pw_user.c,v 1.4 2004/11/30 20:12:21 joerg Exp $
29 27
 */
30 28

  
31 29
#include <ctype.h>
......
84 82
 * -L class       user class
85 83
 * -l name        new login name
86 84
 * -h fd          password filehandle
85
 * -H fd          encrypted password filehandle
87 86
 * -F             force print or add
88 87
 *   Setting defaults:
89 88
 * -D             set user defaults
......
541 540
				warnx("WARNING: home `%s' is not a directory", pwd->pw_dir);
542 541
		}
543 542

  
544
		if ((arg = getarg(args, 'w')) != NULL && getarg(args, 'h') == NULL) {
543
		if ((arg = getarg(args, 'w')) != NULL &&
544
		    getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) {
545 545
			login_cap_t *lc;
546 546

  
547 547
			lc = login_getpwclass(pwd);
......
599 599
		}
600 600
	}
601 601

  
602
	if ((arg = getarg(args, 'h')) != NULL) {
602
	if ((arg = getarg(args, 'h')) != NULL ||
603
	    (arg = getarg(args, 'H')) != NULL) {
603 604
		if (strcmp(arg->val, "-") == 0) {
604 605
			if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
605 606
				pwd->pw_passwd = "*";	/* No access */
......
607 608
			}
608 609
		} else {
609 610
			int             fd = atoi(arg->val);
611
			int		precrypt = (arg->ch == 'H');
610 612
			int             b;
611 613
			int             istty = isatty(fd);
612 614
			struct termios  t;
......
621 623
					/* Disable echo */
622 624
					n.c_lflag &= ~(ECHO);
623 625
					tcsetattr(fd, TCSANOW, &n);
624
					printf("%sassword for user %s:", (mode == M_UPDATE) ? "New p" : "P", pwd->pw_name);
626
					printf("%s%spassword for user %s:",
627
					     (mode == M_UPDATE) ? "new " : "",
628
					     precrypt ? "encrypted " : "",
629
					     pwd->pw_name);
625 630
					fflush(stdout);
626 631
				}
627 632
			}
......
632 637
				fflush(stdout);
633 638
			}
634 639
			if (b < 0) {
635
				warn("-h file descriptor");
640
				warn("-%c file descriptor", precrypt ? 'H' :
641
				    'h');
636 642
				return EX_IOERR;
637 643
			}
638 644
			line[b] = '\0';
......
640 646
				*p = '\0';
641 647
			if (!*line)
642 648
				errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
643
			lc = login_getpwclass(pwd);
644
			if (lc == NULL ||
645
			    login_setcryptfmt(lc, "md5", NULL) == NULL)
646
				warn("setting crypt(3) format");
647
			login_close(lc);
648
			pwd->pw_passwd = pw_pwcrypt(line);
649
			if (precrypt) {
650
				if (strchr(line, ':') != NULL)
651
					return EX_DATAERR;
652
				pwd->pw_passwd = line;
653
			} else {
654
				lc = login_getpwclass(pwd);
655
				if (lc == NULL ||
656
				    login_setcryptfmt(lc, "md5", NULL) == NULL)
657
					warn("setting crypt(3) format");
658
				login_close(lc);
659
				pwd->pw_passwd = pw_pwcrypt(line);
660
			}
649 661
			edited = 1;
650 662
		}
651 663
	}
......
1088 1100
		/*
1089 1101
		 * We give this information back to the user
1090 1102
		 */
1091
		if (getarg(args, 'h') == NULL && getarg(args, 'N') == NULL) {
1103
		if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL &&
1104
		    getarg(args, 'N') == NULL) {
1092 1105
			if (isatty(STDOUT_FILENO))
1093 1106
				printf("Password for '%s' is: ", user);
1094 1107
			printf("%s\n", pwbuf);
1095
-