From brook@mail.educ.utas.edu.au  Mon Oct 16 15:58:14 2000
Return-Path: <brook@mail.educ.utas.edu.au>
Received: from mail.educ.utas.edu.au (mail.educ.utas.edu.au [144.6.57.106])
	by hub.freebsd.org (Postfix) with ESMTP id B000037B66E
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Oct 2000 15:58:08 -0700 (PDT)
Received: (from root@localhost)
	by mail.educ.utas.edu.au (8.11.1/8.11.1) id e9GN0wL24904;
	Tue, 17 Oct 2000 10:00:58 +1100 (EST)
	(envelope-from brook)
Message-Id: <200010162300.e9GN0wL24904@mail.educ.utas.edu.au>
Date: Tue, 17 Oct 2000 10:00:58 +1100 (EST)
From: Brook.Schofield@bigfoot.com
Sender: brook@mail.educ.utas.edu.au
Reply-To: Brook.Schofield@bigfoot.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: pw [PATCH] to allow encrypted password to be entered via fd
X-Send-Pr-Version: 3.2

>Number:         22033
>Category:       bin
>Synopsis:       [PATCH] to pw(8) to allow encrypted password to be entered via fd
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    iedowse
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 16 16:00:01 PDT 2000
>Closed-Date:    Sun Jan 25 12:44:45 PST 2004
>Last-Modified:  Sun Jan 25 12:44:45 PST 2004
>Originator:     Brook Schofield
>Release:        FreeBSD 4.1.1-STABLE i386
>Organization:
University of Tasmania
>Environment:

FreeBSD 4.1.1-STABLE i386

>Description:

pw(8) doesn't allow an already encrypted password to be added to the password file. This patch allows such by modifying the activity of '-w method' to allow 'crypt' option which causes '-h' to read the password literally and include in the password file, with the exception of an input containing a ':'.

>How-To-Repeat:

Apply the following patch to pw

>Fix:


diff -ur pw_dir/pw.8 pw_dir2/pw.8
--- pw_dir/pw.8	Fri Mar  3 01:53:37 2000
+++ pw_dir2/pw.8	Tue Oct 17 00:09:23 2000
@@ -604,6 +604,9 @@
 force a blank password
 .It random
 generate a random password
+.It crypt
+the supplied password is encrypted. Suitable only with
+.Ql Fl h
 .El
 .Pp
 The
diff -ur pw_dir/pw_conf.c pw_dir2/pw_conf.c
--- pw_dir/pw_conf.c	Sun Jul 16 11:48:12 2000
+++ pw_dir2/pw_conf.c	Tue Oct 17 00:14:48 2000
@@ -187,6 +187,11 @@
 			return -1;
 		if (strcmp(str, "none") == 0)
 			return -2;
+		/*
+		 * Special case for encrypted password
+		 */
+		if (strcmp(str, "crypt") == 0)
+			return -3;
 	}
 	return dflt;
 }
diff -ur pw_dir/pw_group.c pw_dir2/pw_group.c
--- pw_dir/pw_group.c	Thu Jun 29 05:19:04 2000
+++ pw_dir2/pw_group.c	Tue Oct 17 09:52:20 2000
@@ -196,7 +196,16 @@
 				*p = '\0';
 			if (!*line)
 				errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
-			grp->gr_passwd = pw_pwcrypt(line);
+			if (((arg = getarg(args, 'w')) != NULL) &&
+				(boolean_val(arg->val, cnf->default_password) == -3)) {
+				int i;
+                                for (i = 0; i < strlen(line); i++) {
+                                        if (line[i] == ':')
+                                                return EX_DATAERR;
+                                }
+				grp->gr_passwd = line;
+			} else
+				grp->gr_passwd = pw_pwcrypt(line);
 		}
 	}
 
diff -ur pw_dir/pw_user.c pw_dir2/pw_user.c
--- pw_dir/pw_user.c	Wed Oct 11 14:57:59 2000
+++ pw_dir2/pw_user.c	Tue Oct 17 09:50:53 2000
@@ -643,12 +643,24 @@
 				*p = '\0';
 			if (!*line)
 				errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
-			lc = login_getpwclass(pwd);
-			if (lc == NULL ||
-			    login_setcryptfmt(lc, "md5", NULL) == NULL)
-				warn("setting crypt(3) format");
-			login_close(lc);
-			pwd->pw_passwd = pw_pwcrypt(line);
+			/* check for encrypted/literal password in file descriptor */
+			if (((arg = getarg(args, 'w')) != NULL) &&
+				(boolean_val(arg->val, cnf->default_password) == -3)) {
+				int i;
+				/* password is encrypted - check for ':' in password */
+				for (i = 0; i < strlen(line); i++) {
+					if (line[i] == ':') 
+						return EX_DATAERR;
+				}
+				pwd->pw_passwd = line;
+			} else {			
+				lc = login_getpwclass(pwd);
+				if (lc == NULL ||
+				    login_setcryptfmt(lc, "md5", NULL) == NULL)
+					warn("setting crypt(3) format");
+				login_close(lc);
+				pwd->pw_passwd = pw_pwcrypt(line);
+			}
 			edited = 1;
 		}
 	}


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->iedowse 
Responsible-Changed-By: iedowse 
Responsible-Changed-When: Sat Nov 30 17:35:51 PST 2002 
Responsible-Changed-Why:  

I have a modified version of this patch that I must have forgotten 
to commit. I'll do it after 5.0-RELEASE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22033 
State-Changed-From-To: open->patched 
State-Changed-By: iedowse 
State-Changed-When: Sun Jan 11 10:28:26 PST 2004 
State-Changed-Why:  

I have added a `-H <fd>' option in -CURRENT and will merge this 
into -STABLE in a few weeks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22033 
State-Changed-From-To: patched->closed 
State-Changed-By: iedowse 
State-Changed-When: Sun Jan 25 12:43:26 PST 2004 
State-Changed-Why:  

Merged into -STABLE now. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22033 
>Unformatted:
