From nobody@FreeBSD.org  Thu Jan 27 16:06:15 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 300EA16A4CF
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 27 Jan 2005 16:06:15 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 106CC43D41
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 27 Jan 2005 16:06:15 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j0RG6EL6004484
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 27 Jan 2005 16:06:14 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j0RG6DnE004483;
	Thu, 27 Jan 2005 16:06:13 GMT
	(envelope-from nobody)
Message-Id: <200501271606.j0RG6DnE004483@www.freebsd.org>
Date: Thu, 27 Jan 2005 16:06:13 GMT
From: Lee Burton <lburton@extremezone.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: function pw_equal in pw_util.c does not test pw_passwd field so any changes made by chpass to that field are ignored.
X-Send-Pr-Version: www-2.3

>Number:         76756
>Category:       bin
>Synopsis:       function pw_equal in pw_util.c does not test pw_passwd field so any changes made by chpass to that field are ignored.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 27 16:10:16 GMT 2005
>Closed-Date:    
>Last-Modified:  Tue Feb  1 16:10:23 GMT 2005
>Originator:     Lee Burton
>Release:        5.3
>Organization:
Extrenme Internet
>Environment:
FreeBSD eiscanner01.extremezone.com 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov  5 04:19:18 UTC 2004     root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
Our organization uses the "splat" method of disabling users, i.e. an
asterisk is prepended to the encrypted password string using chpass.
After upgrading to 5.3, attempts to change the encrypted string resulted
in a "user information unchanged".
>How-To-Repeat:
Use chpass to modify only the pw_passwd field.
>Fix:
Add the following line to pw_equal:

strcmp(pw1->pw_passwd, pw2->pw_passwd) == 0 &&

so pw_equal looks like:

/*
 * Compares two struct pwds.
 */
int
pw_equal(const struct passwd *pw1, const struct passwd *pw2)
{
        return (strcmp(pw1->pw_name, pw2->pw_name) == 0 &&
            strcmp(pw1->pw_passwd, pw2->pw_passwd) == 0 &&
            pw1->pw_uid == pw2->pw_uid &&
            pw1->pw_gid == pw2->pw_gid &&
            strcmp(pw1->pw_class, pw2->pw_class) == 0 &&
            pw1->pw_change == pw2->pw_change &&
            pw1->pw_expire == pw2->pw_expire &&
            strcmp(pw1->pw_gecos, pw2->pw_gecos) == 0 &&
            strcmp(pw1->pw_dir, pw2->pw_dir) == 0 &&
            strcmp(pw1->pw_shell, pw2->pw_shell) == 0);
}

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Tue Feb 1 14:46:49 GMT 2005 
Responsible-Changed-Why:  
The suggestion seems reasonable to me. Dag-Erling did the change, 
let him look at PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76756 

From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=)
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/76756
Date: Tue, 01 Feb 2005 17:01:52 +0100

 IIRC, pw_equal() is intended for (and used in) cases where "equal"
 really means "equal except for the password".  Thus it cannot be
 changed as suggested.
 
 You should use 'pw lock <username>' instead - it's a lot simpler and
 less error-prone.
 
 DES
 --=20
 Dag-Erling Sm=F8rgrav - des@des.no
>Unformatted:
