Bug #2362 ยป 0001-pw-8-Add-an-option-to-accept-encrypted-passwords.patch
usr.sbin/pw/pw.8 | ||
---|---|---|
23 | 23 |
.\" SUCH DAMAGE. |
24 | 24 |
.\" |
25 | 25 |
.\" $FreeBSD: src/usr.sbin/pw/pw.8,v 1.19.2.12 2003/05/08 15:01:44 trhodes Exp $ |
26 |
.\" $DragonFly: src/usr.sbin/pw/pw.8,v 1.5 2008/05/02 02:05:08 swildner Exp $ |
|
27 | 26 |
.\" |
28 |
.Dd December 9, 1996
|
|
27 |
.Dd January 11, 2004
|
|
29 | 28 |
.Dt PW 8 |
30 | 29 |
.Os |
31 | 30 |
.Sh NAME |
... | ... | |
52 | 51 |
.Op Fl s Ar shell |
53 | 52 |
.Op Fl o |
54 | 53 |
.Op Fl L Ar class |
55 |
.Op Fl h Ar fd |
|
54 |
.Op Fl h Ar fd | Fl H Ar fd
|
|
56 | 55 |
.Op Fl N |
57 | 56 |
.Op Fl P |
58 | 57 |
.Op Fl Y |
... | ... | |
102 | 101 |
.Op Fl w Ar method |
103 | 102 |
.Op Fl s Ar shell |
104 | 103 |
.Op Fl L Ar class |
105 |
.Op Fl h Ar fd |
|
104 |
.Op Fl h Ar fd | Fl H Ar fd
|
|
106 | 105 |
.Op Fl N |
107 | 106 |
.Op Fl P |
108 | 107 |
.Op Fl Y |
... | ... | |
131 | 130 |
.Op Fl g Ar gid |
132 | 131 |
.Op Fl M Ar members |
133 | 132 |
.Op Fl o |
134 |
.Op Fl h Ar fd |
|
133 |
.Op Fl h Ar fd | Fl H Ar fd
|
|
135 | 134 |
.Op Fl N |
136 | 135 |
.Op Fl P |
137 | 136 |
.Op Fl Y |
... | ... | |
153 | 152 |
.Op Fl l Ar name |
154 | 153 |
.Op Fl M Ar members |
155 | 154 |
.Op Fl m Ar newmembers |
156 |
.Op Fl h Ar fd |
|
155 |
.Op Fl h Ar fd | Fl H Ar fd
|
|
157 | 156 |
.Op Fl N |
158 | 157 |
.Op Fl P |
159 | 158 |
.Op Fl Y |
... | ... | |
508 | 507 |
then the password will be set to |
509 | 508 |
.Ql \&* , |
510 | 509 |
rendering the account inaccessible via password-based login. |
510 |
.It Fl H Ar fd |
|
511 |
Read an encrypted password string from the specified file descriptor. |
|
512 |
This is like |
|
513 |
.Fl h , |
|
514 |
but the password should be supplied already encrypted in a form |
|
515 |
suitable for writing directly to the password database. |
|
511 | 516 |
.El |
512 | 517 |
.Pp |
513 | 518 |
It is possible to use |
usr.sbin/pw/pw.c | ||
---|---|---|
24 | 24 |
* SUCH DAMAGE. |
25 | 25 |
* |
26 | 26 |
* $FreeBSD: src/usr.sbin/pw/pw.c,v 1.18.2.5 2001/07/19 01:46:55 kris Exp $ |
27 |
* $DragonFly: src/usr.sbin/pw/pw.c,v 1.3 2004/12/18 22:48:04 swildner Exp $ |
|
28 | 27 |
*/ |
29 | 28 | |
30 | 29 |
#include <err.h> |
... | ... | |
104 | 103 |
static const char *opts[W_NUM][M_NUM] = |
105 | 104 |
{ |
106 | 105 |
{ /* user */ |
107 |
"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:Db:NPy:Y", |
|
106 |
"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:H:Db:NPy:Y",
|
|
108 | 107 |
"V:C:qn:u:rY", |
109 |
"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:FNPY", |
|
108 |
"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:H:FNPY",
|
|
110 | 109 |
"V:C:qn:u:FPa7", |
111 | 110 |
"V:C:q", |
112 | 111 |
"V:C:q", |
113 | 112 |
"V:C:q" |
114 | 113 |
}, |
115 | 114 |
{ /* grp */ |
116 |
"V:C:qn:g:h:M:pNPY", |
|
115 |
"V:C:qn:g:h:H:M:pNPY",
|
|
117 | 116 |
"V:C:qn:g:Y", |
118 |
"V:C:qn:g:l:h:FM:m:NPY", |
|
117 |
"V:C:qn:g:l:h:H:FM:m:NPY",
|
|
119 | 118 |
"V:C:qn:g:FPa", |
120 | 119 |
"V:C:q" |
121 | 120 |
} |
... | ... | |
313 | 312 |
"\t-o duplicate uid ok\n" |
314 | 313 |
"\t-L class user class\n" |
315 | 314 |
"\t-h fd read password on fd\n" |
315 |
"\t-H fd read encrypted password on fd\n" |
|
316 | 316 |
"\t-Y update NIS maps\n" |
317 | 317 |
"\t-N no update\n" |
318 | 318 |
" Setting defaults:\n" |
... | ... | |
355 | 355 |
"\t-s shell name of login shell\n" |
356 | 356 |
"\t-w method set new password using method\n" |
357 | 357 |
"\t-h fd read password on fd\n" |
358 |
"\t-H fd read encrypted password on fd\n" |
|
358 | 359 |
"\t-Y update NIS maps\n" |
359 | 360 |
"\t-N no update\n", |
360 | 361 |
"usage: pw usershow [uid|name] [switches]\n" |
usr.sbin/pw/pw_group.c | ||
---|---|---|
24 | 24 |
* SUCH DAMAGE. |
25 | 25 |
* |
26 | 26 |
* $FreeBSD: src/usr.sbin/pw/pw_group.c,v 1.12.2.1 2000/06/28 19:19:04 ache Exp $ |
27 |
* $DragonFly: src/usr.sbin/pw/pw_group.c,v 1.3 2004/09/25 20:38:21 dillon Exp $ |
|
28 | 27 |
*/ |
29 | 28 | |
30 | 29 |
#include <ctype.h> |
... | ... | |
168 | 167 |
* software. |
169 | 168 |
*/ |
170 | 169 | |
171 |
if ((arg = getarg(args, 'h')) != NULL) { |
|
170 |
if ((arg = getarg(args, 'h')) != NULL || |
|
171 |
(arg = getarg(args, 'H')) != NULL) { |
|
172 | 172 |
if (strcmp(arg->val, "-") == 0) |
173 | 173 |
grp->gr_passwd = "*"; /* No access */ |
174 | 174 |
else { |
175 | 175 |
int fd = atoi(arg->val); |
176 |
int precrypt = (arg->ch == 'H'); |
|
176 | 177 |
int b; |
177 | 178 |
int istty = isatty(fd); |
178 | 179 |
struct termios t; |
... | ... | |
206 | 207 |
*p = '\0'; |
207 | 208 |
if (!*line) |
208 | 209 |
errx(EX_DATAERR, "empty password read on file descriptor %d", fd); |
209 |
grp->gr_passwd = pw_pwcrypt(line); |
|
210 |
if (precrypt) { |
|
211 |
if (strchr(line, ':') != NULL) |
|
212 |
return EX_DATAERR; |
|
213 |
grp->gr_passwd = line; |
|
214 |
} else |
|
215 |
grp->gr_passwd = pw_pwcrypt(line); |
|
210 | 216 |
} |
211 | 217 |
} |
212 | 218 |
usr.sbin/pw/pw_user.c | ||
---|---|---|
23 | 23 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
24 | 24 |
* SUCH DAMAGE. |
25 | 25 |
* |
26 |
* |
|
27 | 26 |
* $FreeBSD: src/usr.sbin/pw/pw_user.c,v 1.34.2.13 2003/02/01 21:20:10 gad Exp $ |
28 |
* $DragonFly: src/usr.sbin/pw/pw_user.c,v 1.4 2004/11/30 20:12:21 joerg Exp $ |
|
29 | 27 |
*/ |
30 | 28 | |
31 | 29 |
#include <ctype.h> |
... | ... | |
84 | 82 |
* -L class user class |
85 | 83 |
* -l name new login name |
86 | 84 |
* -h fd password filehandle |
85 |
* -H fd encrypted password filehandle |
|
87 | 86 |
* -F force print or add |
88 | 87 |
* Setting defaults: |
89 | 88 |
* -D set user defaults |
... | ... | |
541 | 540 |
warnx("WARNING: home `%s' is not a directory", pwd->pw_dir); |
542 | 541 |
} |
543 | 542 | |
544 |
if ((arg = getarg(args, 'w')) != NULL && getarg(args, 'h') == NULL) { |
|
543 |
if ((arg = getarg(args, 'w')) != NULL && |
|
544 |
getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) { |
|
545 | 545 |
login_cap_t *lc; |
546 | 546 | |
547 | 547 |
lc = login_getpwclass(pwd); |
... | ... | |
599 | 599 |
} |
600 | 600 |
} |
601 | 601 | |
602 |
if ((arg = getarg(args, 'h')) != NULL) { |
|
602 |
if ((arg = getarg(args, 'h')) != NULL || |
|
603 |
(arg = getarg(args, 'H')) != NULL) { |
|
603 | 604 |
if (strcmp(arg->val, "-") == 0) { |
604 | 605 |
if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { |
605 | 606 |
pwd->pw_passwd = "*"; /* No access */ |
... | ... | |
607 | 608 |
} |
608 | 609 |
} else { |
609 | 610 |
int fd = atoi(arg->val); |
611 |
int precrypt = (arg->ch == 'H'); |
|
610 | 612 |
int b; |
611 | 613 |
int istty = isatty(fd); |
612 | 614 |
struct termios t; |
... | ... | |
621 | 623 |
/* Disable echo */ |
622 | 624 |
n.c_lflag &= ~(ECHO); |
623 | 625 |
tcsetattr(fd, TCSANOW, &n); |
624 |
printf("%sassword for user %s:", (mode == M_UPDATE) ? "New p" : "P", pwd->pw_name); |
|
626 |
printf("%s%spassword for user %s:", |
|
627 |
(mode == M_UPDATE) ? "new " : "", |
|
628 |
precrypt ? "encrypted " : "", |
|
629 |
pwd->pw_name); |
|
625 | 630 |
fflush(stdout); |
626 | 631 |
} |
627 | 632 |
} |
... | ... | |
632 | 637 |
fflush(stdout); |
633 | 638 |
} |
634 | 639 |
if (b < 0) { |
635 |
warn("-h file descriptor"); |
|
640 |
warn("-%c file descriptor", precrypt ? 'H' : |
|
641 |
'h'); |
|
636 | 642 |
return EX_IOERR; |
637 | 643 |
} |
638 | 644 |
line[b] = '\0'; |
... | ... | |
640 | 646 |
*p = '\0'; |
641 | 647 |
if (!*line) |
642 | 648 |
errx(EX_DATAERR, "empty password read on file descriptor %d", fd); |
643 |
lc = login_getpwclass(pwd); |
|
644 |
if (lc == NULL || |
|
645 |
login_setcryptfmt(lc, "md5", NULL) == NULL) |
|
646 |
warn("setting crypt(3) format"); |
|
647 |
login_close(lc); |
|
648 |
pwd->pw_passwd = pw_pwcrypt(line); |
|
649 |
if (precrypt) { |
|
650 |
if (strchr(line, ':') != NULL) |
|
651 |
return EX_DATAERR; |
|
652 |
pwd->pw_passwd = line; |
|
653 |
} else { |
|
654 |
lc = login_getpwclass(pwd); |
|
655 |
if (lc == NULL || |
|
656 |
login_setcryptfmt(lc, "md5", NULL) == NULL) |
|
657 |
warn("setting crypt(3) format"); |
|
658 |
login_close(lc); |
|
659 |
pwd->pw_passwd = pw_pwcrypt(line); |
|
660 |
} |
|
649 | 661 |
edited = 1; |
650 | 662 |
} |
651 | 663 |
} |
... | ... | |
1088 | 1100 |
/* |
1089 | 1101 |
* We give this information back to the user |
1090 | 1102 |
*/ |
1091 |
if (getarg(args, 'h') == NULL && getarg(args, 'N') == NULL) { |
|
1103 |
if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL && |
|
1104 |
getarg(args, 'N') == NULL) { |
|
1092 | 1105 |
if (isatty(STDOUT_FILENO)) |
1093 | 1106 |
printf("Password for '%s' is: ", user); |
1094 | 1107 |
printf("%s\n", pwbuf); |
1095 |
- |