Project

General

Profile

Bug #3027 » 0001-Installer-allow-special-characters-in-passwords.patch

piecuch, 04/13/2020 09:12 AM

View differences:

usr.sbin/installer/dfuibe_installer/fn_configure.c
/** CONFIGURE FUNCTIONS **/
#define PW_NOT_ALLOWED ":;,`~!@#$%^&*()+={}[]\\|/?<>'\" "
#define USERNAME_NOT_ALLOWED ":;,`~!@#$%^&*()+={}[]\\|/?<>'\" "
#define GECOS_NOT_ALLOWED ":,\\\""
#define FILENAME_NOT_ALLOWED ":;`~!#$^&*()={}[]\\|?<>'\" "
#define MEMBERSHIPS_NOT_ALLOWED ":;`~!@#$%^&*()+={}[]\\|/?<>'\" "
......
struct command *cmd;
const char *username, *home, *passwd_1, *passwd_2, *gecos;
const char *shell, *uid, *group, *groups;
const char *const PWD_ENV = "$PASS_TMP";
int done = 0;
f = dfui_form_create(
......
_("Here you can add a user to an installed system.\n\n"
"You can leave the Home Directory, User ID, and Login Group "
"fields empty if you want these items to be automatically "
"allocated by the system.\n\n"
"Note: this user's password will appear in the install log. "
"If this is a problem, please add the user manually after "
"rebooting into the installed system instead."),
"allocated by the system."),
"",
"f", "username", _("Username"),
_("Enter the username the user will log in as"), "",
......
/* Passwords don't match; tell the user. */
inform(a->c, _("The passwords do not match."));
done = 0;
} else if (!assert_clean(a->c, _("Username"), username, PW_NOT_ALLOWED) ||
} else if (!assert_clean(a->c, _("Username"), username, USERNAME_NOT_ALLOWED) ||
!assert_clean(a->c, _("Real Name"), gecos, GECOS_NOT_ALLOWED) ||
!assert_clean(a->c, _("Password"), passwd_1, PW_NOT_ALLOWED) ||
!assert_clean(a->c, _("Shell"), shell, FILENAME_NOT_ALLOWED) ||
!assert_clean(a->c, _("Home Directory"), home, FILENAME_NOT_ALLOWED) ||
!assert_clean(a->c, _("User ID"), uid, PW_NOT_ALLOWED) ||
!assert_clean(a->c, _("Login Group"), group, PW_NOT_ALLOWED) ||
!assert_clean(a->c, _("User ID"), uid, USERNAME_NOT_ALLOWED) ||
!assert_clean(a->c, _("Login Group"), group, USERNAME_NOT_ALLOWED) ||
!assert_clean(a->c, _("Group Memberships"), groups, MEMBERSHIPS_NOT_ALLOWED)) {
done = 0;
} else if (!is_program("%s%s", a->os_root, shell) &&
strcmp(shell, "/nonexistent") != 0) {
inform(a->c, _("Chosen shell does not exist on the system."));
done = 0;
} else if (setenv(PWD_ENV + 1, passwd_1, 1)) {
inform(a->c, _("setenv: out of memory"));
done = 0;
} else {
cmds = commands_new();
......
(strlen(home) == 0 || !is_dir("%s", home)) ?
"-m -k /usr/share/skel" : "");
cmd = command_add(cmds, "%s%s '%s' | "
cmd = command_add(cmds, "%s%s \"%s\" | "
"%s%s %smnt/ /%s usermod '%s' -h 0",
a->os_root, cmd_name(a, "ECHO"),
passwd_1,
PWD_ENV,
a->os_root, cmd_name(a, "CHROOT"),
a->os_root, cmd_name(a, "PW"),
username);
......
inform(a->c, _("User was not successfully added."));
done = 0;
}
unsetenv(PWD_ENV + 1);
commands_free(cmds);
}
......
struct commands *cmds;
struct command *cmd;
const char *root_passwd_1, *root_passwd_2;
const char *const PWD_ENV = "$PASS_TMP";
int done = 0;
f = dfui_form_create(
......
root_passwd_1 = dfui_dataset_get_value(new_ds, "root_passwd_1");
root_passwd_2 = dfui_dataset_get_value(new_ds, "root_passwd_2");
if (!assert_clean(a->c, _("Root password"), root_passwd_1, PW_NOT_ALLOWED)) {
if (strlen(root_passwd_1) == 0 && strlen(root_passwd_2) == 0) {
done = 0;
} else if (strlen(root_passwd_1) == 0 && strlen(root_passwd_2) == 0) {
} else if (setenv(PWD_ENV + 1, root_passwd_1, 1)) {
done = 0;
inform(a->c, _("Cannot create environmental variable, out of memory"));
} else if (strcmp(root_passwd_1, root_passwd_2) == 0) {
/*
* Passwords match, so set the root password.
*/
cmds = commands_new();
cmd = command_add(cmds, "%s%s '%s' | "
cmd = command_add(cmds, "%s%s \"%s\" | "
"%s%s %smnt/ /%s usermod root -h 0",
a->os_root, cmd_name(a, "ECHO"),
root_passwd_1,
PWD_ENV,
a->os_root, cmd_name(a, "CHROOT"),
a->os_root, cmd_name(a, "PW"));
command_set_desc(cmd, _("Setting password..."));
......
"setting the root password."));
done = 0;
}
unsetenv(PWD_ENV + 1);
commands_free(cmds);
} else {
/*
(2-2/2)