Project

General

Profile

Bug #3027 » 0001-Installer-allow-special-characters-in-passwords.patch

piecuch, 04/13/2020 09:12 AM

View differences:

usr.sbin/installer/dfuibe_installer/fn_configure.c
82 82

  
83 83
/** CONFIGURE FUNCTIONS **/
84 84

  
85
#define	PW_NOT_ALLOWED		":;,`~!@#$%^&*()+={}[]\\|/?<>'\" "
85
#define	USERNAME_NOT_ALLOWED	":;,`~!@#$%^&*()+={}[]\\|/?<>'\" "
86 86
#define	GECOS_NOT_ALLOWED	":,\\\""
87 87
#define	FILENAME_NOT_ALLOWED	":;`~!#$^&*()={}[]\\|?<>'\" "
88 88
#define	MEMBERSHIPS_NOT_ALLOWED	":;`~!@#$%^&*()+={}[]\\|/?<>'\" "
......
97 97
	struct command *cmd;
98 98
	const char *username, *home, *passwd_1, *passwd_2, *gecos;
99 99
	const char *shell, *uid, *group, *groups;
100
	const char *const PWD_ENV = "$PASS_TMP";
100 101
	int done = 0;
101 102

  
102 103
	f = dfui_form_create(
......
105 106
	    _("Here you can add a user to an installed system.\n\n"
106 107
	    "You can leave the Home Directory, User ID, and Login Group "
107 108
	    "fields empty if you want these items to be automatically "
108
	    "allocated by the system.\n\n"
109
	    "Note: this user's password will appear in the install log. "
110
	    "If this is a problem, please add the user manually after "
111
	    "rebooting into the installed system instead."),
109
	    "allocated by the system."),
112 110
	    "",
113 111
	    "f", "username", _("Username"),
114 112
	    _("Enter the username the user will log in as"), "",
......
182 180
			/* Passwords don't match; tell the user. */
183 181
			inform(a->c, _("The passwords do not match."));
184 182
			done = 0;
185
		} else if (!assert_clean(a->c, _("Username"), username, PW_NOT_ALLOWED) ||
183
		} else if (!assert_clean(a->c, _("Username"), username, USERNAME_NOT_ALLOWED) ||
186 184
		    !assert_clean(a->c, _("Real Name"), gecos, GECOS_NOT_ALLOWED) ||
187
		    !assert_clean(a->c, _("Password"), passwd_1, PW_NOT_ALLOWED) ||
188 185
		    !assert_clean(a->c, _("Shell"), shell, FILENAME_NOT_ALLOWED) ||
189 186
		    !assert_clean(a->c, _("Home Directory"), home, FILENAME_NOT_ALLOWED) ||
190
		    !assert_clean(a->c, _("User ID"), uid, PW_NOT_ALLOWED) ||
191
		    !assert_clean(a->c, _("Login Group"), group, PW_NOT_ALLOWED) ||
187
		    !assert_clean(a->c, _("User ID"), uid, USERNAME_NOT_ALLOWED) ||
188
		    !assert_clean(a->c, _("Login Group"), group, USERNAME_NOT_ALLOWED) ||
192 189
		    !assert_clean(a->c, _("Group Memberships"), groups, MEMBERSHIPS_NOT_ALLOWED)) {
193 190
			done = 0;
194 191
		} else if (!is_program("%s%s", a->os_root, shell) &&
195 192
		    strcmp(shell, "/nonexistent") != 0) {
196 193
			inform(a->c, _("Chosen shell does not exist on the system."));
197 194
			done = 0;
195
		} else if (setenv(PWD_ENV + 1, passwd_1, 1)) {
196
			inform(a->c, _("setenv: out of memory"));
197
			done = 0;
198 198
		} else {
199 199
			cmds = commands_new();
200 200

  
......
212 212
			    (strlen(home) == 0 || !is_dir("%s", home)) ?
213 213
			    "-m -k /usr/share/skel" : "");
214 214

  
215
			cmd = command_add(cmds, "%s%s '%s' | "
215
			cmd = command_add(cmds, "%s%s \"%s\" | "
216 216
			    "%s%s %smnt/ /%s usermod '%s' -h 0",
217 217
			    a->os_root, cmd_name(a, "ECHO"),
218
			    passwd_1,
218
			    PWD_ENV,
219 219
			    a->os_root, cmd_name(a, "CHROOT"),
220 220
			    a->os_root, cmd_name(a, "PW"),
221 221
			    username);
......
228 228
				inform(a->c, _("User was not successfully added."));
229 229
				done = 0;
230 230
			}
231

  
231
			unsetenv(PWD_ENV + 1);
232 232
			commands_free(cmds);
233 233
		}
234 234

  
......
247 247
	struct commands *cmds;
248 248
	struct command *cmd;
249 249
	const char *root_passwd_1, *root_passwd_2;
250
	const char *const PWD_ENV = "$PASS_TMP";
250 251
	int done = 0;
251 252

  
252 253
	f = dfui_form_create(
......
293 294
			root_passwd_1 = dfui_dataset_get_value(new_ds, "root_passwd_1");
294 295
			root_passwd_2 = dfui_dataset_get_value(new_ds, "root_passwd_2");
295 296

  
296
			if (!assert_clean(a->c, _("Root password"), root_passwd_1, PW_NOT_ALLOWED)) {
297
			if (strlen(root_passwd_1) == 0 && strlen(root_passwd_2) == 0) {
297 298
				done = 0;
298
			} else if (strlen(root_passwd_1) == 0 && strlen(root_passwd_2) == 0) {
299
			} else if (setenv(PWD_ENV + 1, root_passwd_1, 1)) {
299 300
				done = 0;
301
				inform(a->c, _("Cannot create environmental variable, out of memory"));
300 302
			} else if (strcmp(root_passwd_1, root_passwd_2) == 0) {
301 303
				/*
302 304
				 * Passwords match, so set the root password.
303 305
				 */
304 306
				cmds = commands_new();
305
				cmd = command_add(cmds, "%s%s '%s' | "
307
				cmd = command_add(cmds, "%s%s \"%s\" | "
306 308
				    "%s%s %smnt/ /%s usermod root -h 0",
307 309
				    a->os_root, cmd_name(a, "ECHO"),
308
				    root_passwd_1,
310
				    PWD_ENV,
309 311
				    a->os_root, cmd_name(a, "CHROOT"),
310 312
				    a->os_root, cmd_name(a, "PW"));
311 313
				command_set_desc(cmd, _("Setting password..."));
......
317 319
					    "setting the root password."));
318 320
					done = 0;
319 321
				}
322
				unsetenv(PWD_ENV + 1);
320 323
				commands_free(cmds);
321 324
			} else {
322 325
				/*
323
- 
(2-2/2)