From nobody@FreeBSD.org  Mon Dec  6 18:55:12 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6BE8E106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  6 Dec 2010 18:55:12 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 4FABE8FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  6 Dec 2010 18:55:12 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oB6ItCG6086207
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 6 Dec 2010 18:55:12 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id oB6ItCxR086206;
	Mon, 6 Dec 2010 18:55:12 GMT
	(envelope-from nobody)
Message-Id: <201012061855.oB6ItCxR086206@red.freebsd.org>
Date: Mon, 6 Dec 2010 18:55:12 GMT
From: Kris Moore <kmoore@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: bin: usr.sbin/pc-sysinstall - Add support for using encrypted pass strings
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         152868
>Category:       bin
>Synopsis:       [patch] pc-sysinstall(8) - Add support for using encrypted pass strings
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    imp
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 06 19:00:19 UTC 2010
>Closed-Date:    Mon Jan 10 19:58:08 UTC 2011
>Last-Modified:  Mon Jan 10 20:00:31 UTC 2011
>Originator:     Kris Moore
>Release:        9.0-Current
>Organization:
PC-BSD / iXsystems
>Environment:
>Description:
The following patch adds support for using encrypted password strings when setting the root / user passwords via pc-sysinstall
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN src.o/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh src/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
--- src.o/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh	2010-11-15 15:18:24.632396280 -0500
+++ src/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh	2010-12-06 13:28:16.269745784 -0500
@@ -372,19 +372,32 @@
 # Function which sets the root password from the install config
 set_root_pw()
 {
+  # Get the plaintext string
   get_value_from_cfg_with_spaces rootPass
-  PW="${VAL}"
+  local PW="${VAL}"
+
+  # Get the encrypted string
+  get_value_from_cfg_with_spaces rootEncPass
+  local ENCPW="${VAL}"
 
   # If we don't have a root pass, return
-  if [ -z "${PW}" ]
-  then
-    return 0
-  fi
+  if [ -z "${PW}" -a -z "${ENCPW}" ] ; then return 0 ; fi
 
   echo_log "Setting root password"
-  echo "${PW}" > ${FSMNT}/.rootpw
-  run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
-  rc_halt "rm ${FSMNT}/.rootpw"
+
+  # Check if setting plaintext password
+  if [ ! -z "${PW}" ] ; then
+    echo "${PW}" > ${FSMNT}/.rootpw
+    run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
+    rc_halt "rm ${FSMNT}/.rootpw"
+  fi
+
+  # Check if setting encrypted password
+  if [ ! -z "${ENCPW}" ] ; then
+    echo "${ENCPW}" > ${FSMNT}/.rootpw
+    run_chroot_cmd "cat /.rootpw | pw usermod root -H 0"
+    rc_halt "rm ${FSMNT}/.rootpw"
+  fi
 
 };
 
diff -ruN src.o/usr.sbin/pc-sysinstall/backend/functions-users.sh src/usr.sbin/pc-sysinstall/backend/functions-users.sh
--- src.o/usr.sbin/pc-sysinstall/backend/functions-users.sh	2010-11-15 15:18:24.626384838 -0500
+++ src/usr.sbin/pc-sysinstall/backend/functions-users.sh	2010-12-06 13:41:36.664751903 -0500
@@ -93,6 +93,13 @@
       USERPASS="$VAL"
     fi
 
+    echo $line | grep "^userEncPass=" >/dev/null 2>/dev/null
+    if [ "$?" = "0" ]
+    then
+      get_value_from_string "${line}"
+      USERENCPASS="$VAL"
+    fi
+
     echo $line | grep "^userShell=" >/dev/null 2>/dev/null
     if [ "$?" = "0" ]
     then
@@ -135,6 +142,10 @@
         then
           ARGS="${ARGS} -h 0"
           echo "${USERPASS}" >${FSMNT}/.tmpPass
+	elif [ ! -z "${USERENCPASS}" ] 
+	then
+          ARGS="${ARGS} -H 0"
+          echo "${USERENCPASS}" >${FSMNT}/.tmpPass
         else
           ARGS="${ARGS} -h -"
           rm ${FSMNT}/.tmpPass 2>/dev/null 2>/dev/null
@@ -160,7 +171,7 @@
         add_user "${ARGS}"
 
         # Unset our vars before looking for any more users
-        unset USERNAME USERCOMMENT USERPASS USERSHELL USERHOME USERGROUPS
+        unset USERNAME USERCOMMENT USERPASS USERENCPASS USERSHELL USERHOME USERGROUPS
       else
         exit_err "ERROR: commitUser was called without any userName= entry!!!" 
       fi
diff -ruN src.o/usr.sbin/pc-sysinstall/examples/README src/usr.sbin/pc-sysinstall/examples/README
--- src.o/usr.sbin/pc-sysinstall/examples/README	2010-11-15 15:18:24.515381431 -0500
+++ src/usr.sbin/pc-sysinstall/examples/README	2010-12-06 13:31:52.103433323 -0500
@@ -286,7 +286,12 @@
 
 # rootPass=root
 
-Set the root password of the installed system to the specified string
+Set the root password of the installed system to the specified plaintext string
+
+# rootEncPass=<encryptedstring>
+
+Set the root password of the installed system to the specified encrypted string
+
 
 The below variables are used to setup a user on the installed system
 Be sure to call commitUser after after adding these values, and before
@@ -295,6 +300,8 @@
 # userName=kris
 # userComment=Kris Moore
 # userPass=mypass
+or
+# userEncPass=<encryptedstring>
 # userShell=/bin/csh
 # userHome=/home/kris
 # userGroups=wheel,operator


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->imp 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Dec 6 20:17:51 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152868 
State-Changed-From-To: open->closed 
State-Changed-By: jpaetzel 
State-Changed-When: Mon Jan 10 19:57:49 UTC 2011 
State-Changed-Why:  
Committed, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152868 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/152868: commit references a PR
Date: Mon, 10 Jan 2011 19:57:26 +0000 (UTC)

 Author: jpaetzel (ports committer)
 Date: Mon Jan 10 19:57:18 2011
 New Revision: 217234
 URL: http://svn.freebsd.org/changeset/base/217234
 
 Log:
   Add support for using encrypted password strings when setting
   the root / user passwords
   
   PR:	bin/152868
   Submitted by:	kmoore
   Approved by:	imp
 
 Modified:
   head/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
   head/usr.sbin/pc-sysinstall/backend/functions-users.sh
   head/usr.sbin/pc-sysinstall/examples/README
 
 Modified: head/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
 ==============================================================================
 --- head/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh	Mon Jan 10 19:55:30 2011	(r217233)
 +++ head/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh	Mon Jan 10 19:57:18 2011	(r217234)
 @@ -371,19 +371,32 @@ setup_gjournal()
  # Function which sets the root password from the install config
  set_root_pw()
  {
 +  # Get the plaintext string
    get_value_from_cfg_with_spaces rootPass
 -  PW="${VAL}"
 +  local PW="${VAL}"
 +
 +  # Get the encrypted string
 +  get_value_from_cfg_with_spaces rootEncPass
 +  local ENCPW="${VAL}"
  
    # If we don't have a root pass, return
 -  if [ -z "${PW}" ]
 -  then
 -    return 0
 -  fi
 +  if [ -z "${PW}" -a -z "${ENCPW}" ] ; then return 0 ; fi
  
    echo_log "Setting root password"
 -  echo "${PW}" > ${FSMNT}/.rootpw
 -  run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
 -  rc_halt "rm ${FSMNT}/.rootpw"
 +
 +  # Check if setting plaintext password
 +  if [ ! -z "${PW}" ] ; then
 +    echo "${PW}" > ${FSMNT}/.rootpw
 +    run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
 +    rc_halt "rm ${FSMNT}/.rootpw"
 +  fi
 +
 +  # Check if setting encrypted password
 +  if [ ! -z "${ENCPW}" ] ; then
 +    echo "${ENCPW}" > ${FSMNT}/.rootpw
 +    run_chroot_cmd "cat /.rootpw | pw usermod root -H 0"
 +    rc_halt "rm ${FSMNT}/.rootpw"
 +  fi
  
  };
  
 
 Modified: head/usr.sbin/pc-sysinstall/backend/functions-users.sh
 ==============================================================================
 --- head/usr.sbin/pc-sysinstall/backend/functions-users.sh	Mon Jan 10 19:55:30 2011	(r217233)
 +++ head/usr.sbin/pc-sysinstall/backend/functions-users.sh	Mon Jan 10 19:57:18 2011	(r217234)
 @@ -93,6 +93,13 @@ setup_users()
        USERPASS="$VAL"
      fi
  
 +    echo $line | grep "^userEncPass=" >/dev/null 2>/dev/null
 +    if [ "$?" = "0" ]
 +    then
 +      get_value_from_string "${line}"
 +      USERENCPASS="$VAL"
 +    fi
 +
      echo $line | grep "^userShell=" >/dev/null 2>/dev/null
      if [ "$?" = "0" ]
      then
 @@ -135,6 +142,10 @@ setup_users()
          then
            ARGS="${ARGS} -h 0"
            echo "${USERPASS}" >${FSMNT}/.tmpPass
 +	elif [ ! -z "${USERENCPASS}" ] 
 +	then
 +          ARGS="${ARGS} -H 0"
 +          echo "${USERENCPASS}" >${FSMNT}/.tmpPass
          else
            ARGS="${ARGS} -h -"
            rm ${FSMNT}/.tmpPass 2>/dev/null 2>/dev/null
 @@ -160,7 +171,7 @@ setup_users()
          add_user "${ARGS}"
  
          # Unset our vars before looking for any more users
 -        unset USERNAME USERCOMMENT USERPASS USERSHELL USERHOME USERGROUPS
 +        unset USERNAME USERCOMMENT USERPASS USERENCPASS USERSHELL USERHOME USERGROUPS
        else
          exit_err "ERROR: commitUser was called without any userName= entry!!!" 
        fi
 
 Modified: head/usr.sbin/pc-sysinstall/examples/README
 ==============================================================================
 --- head/usr.sbin/pc-sysinstall/examples/README	Mon Jan 10 19:55:30 2011	(r217233)
 +++ head/usr.sbin/pc-sysinstall/examples/README	Mon Jan 10 19:57:18 2011	(r217234)
 @@ -286,7 +286,11 @@ Options for setting up usernames and pas
  
  # rootPass=root
  
 -Set the root password of the installed system to the specified string
 +Set the root password of the installed system to the specified plaintext string
 +
 +# rootEncPass=<encryptedstring>
 +
 +Set the root password of the installed system to the specified encrypted string
  
  The below variables are used to setup a user on the installed system
  Be sure to call commitUser after after adding these values, and before
 @@ -295,6 +299,8 @@ starting another user block
  # userName=kris
  # userComment=Kris Moore
  # userPass=mypass
 +or
 +# userEncPass=<encryptedstring>
  # userShell=/bin/csh
  # userHome=/home/kris
  # userGroups=wheel,operator
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
