Add a -H <fd>' option that is like -h <fd>', but accepts an already
encrypted password on the specified file descriptor. PR: bin/22033 MFC after: 2 weeks
This commit is contained in:
Ian Dowse
parent
9b7d991dd4
commit
87d6b5caf6
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=124382
@ -24,7 +24,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd December 9, 1996
|
||||
.Dd January 11, 2004
|
||||
.Dt PW 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -51,7 +51,7 @@
|
||||
.Op Fl s Ar shell
|
||||
.Op Fl o
|
||||
.Op Fl L Ar class
|
||||
.Op Fl h Ar fd
|
||||
.Op Fl h Ar fd | Fl H Ar fd
|
||||
.Op Fl N
|
||||
.Op Fl P
|
||||
.Op Fl Y
|
||||
@ -101,7 +101,7 @@
|
||||
.Op Fl w Ar method
|
||||
.Op Fl s Ar shell
|
||||
.Op Fl L Ar class
|
||||
.Op Fl h Ar fd
|
||||
.Op Fl h Ar fd | Fl H Ar fd
|
||||
.Op Fl N
|
||||
.Op Fl P
|
||||
.Op Fl Y
|
||||
@ -130,7 +130,7 @@
|
||||
.Op Fl g Ar gid
|
||||
.Op Fl M Ar members
|
||||
.Op Fl o
|
||||
.Op Fl h Ar fd
|
||||
.Op Fl h Ar fd | Fl H Ar fd
|
||||
.Op Fl N
|
||||
.Op Fl P
|
||||
.Op Fl Y
|
||||
@ -152,7 +152,7 @@
|
||||
.Op Fl l Ar name
|
||||
.Op Fl M Ar members
|
||||
.Op Fl m Ar newmembers
|
||||
.Op Fl h Ar fd
|
||||
.Op Fl h Ar fd | Fl H Ar fd
|
||||
.Op Fl N
|
||||
.Op Fl P
|
||||
.Op Fl Y
|
||||
@ -508,6 +508,12 @@ is given as the argument
|
||||
then the password will be set to
|
||||
.Ql \&* ,
|
||||
rendering the account inaccessible via password-based login.
|
||||
.It Fl H Ar fd
|
||||
Read an encrypted password string from the specified file descriptor.
|
||||
This is like
|
||||
.Fl h ,
|
||||
but the password should be supplied already encrypted in a form
|
||||
suitable for writing directly to the password database.
|
||||
.El
|
||||
.Pp
|
||||
It is possible to use
|
||||
|
||||
@ -106,18 +106,18 @@ main(int argc, char *argv[])
|
||||
static const char *opts[W_NUM][M_NUM] =
|
||||
{
|
||||
{ /* user */
|
||||
"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:Db:NPy:Y",
|
||||
"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:H:Db:NPy:Y",
|
||||
"V:C:qn:u:rY",
|
||||
"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:FNPY",
|
||||
"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:H:FNPY",
|
||||
"V:C:qn:u:FPa7",
|
||||
"V:C:q",
|
||||
"V:C:q",
|
||||
"V:C:q"
|
||||
},
|
||||
{ /* grp */
|
||||
"V:C:qn:g:h:M:pNPY",
|
||||
"V:C:qn:g:h:H:M:pNPY",
|
||||
"V:C:qn:g:Y",
|
||||
"V:C:qn:g:l:h:FM:m:NPY",
|
||||
"V:C:qn:g:l:h:H:FM:m:NPY",
|
||||
"V:C:qn:g:FPa",
|
||||
"V:C:q"
|
||||
}
|
||||
@ -315,6 +315,7 @@ cmdhelp(int mode, int which)
|
||||
"\t-o duplicate uid ok\n"
|
||||
"\t-L class user class\n"
|
||||
"\t-h fd read password on fd\n"
|
||||
"\t-H fd read encrypted password on fd\n"
|
||||
"\t-Y update NIS maps\n"
|
||||
"\t-N no update\n"
|
||||
" Setting defaults:\n"
|
||||
@ -357,6 +358,7 @@ cmdhelp(int mode, int which)
|
||||
"\t-s shell name of login shell\n"
|
||||
"\t-w method set new password using method\n"
|
||||
"\t-h fd read password on fd\n"
|
||||
"\t-H fd read encrypted password on fd\n"
|
||||
"\t-Y update NIS maps\n"
|
||||
"\t-N no update\n",
|
||||
"usage: pw usershow [uid|name] [switches]\n"
|
||||
|
||||
@ -158,11 +158,13 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args)
|
||||
* software.
|
||||
*/
|
||||
|
||||
if ((arg = getarg(args, 'h')) != NULL) {
|
||||
if ((arg = getarg(args, 'h')) != NULL ||
|
||||
(arg = getarg(args, 'H')) != NULL) {
|
||||
if (strcmp(arg->val, "-") == 0)
|
||||
grp->gr_passwd = "*"; /* No access */
|
||||
else {
|
||||
int fd = atoi(arg->val);
|
||||
int precrypt = (arg->ch == 'H');
|
||||
int b;
|
||||
int istty = isatty(fd);
|
||||
struct termios t;
|
||||
@ -196,7 +198,12 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args)
|
||||
*p = '\0';
|
||||
if (!*line)
|
||||
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
|
||||
grp->gr_passwd = pw_pwcrypt(line);
|
||||
if (precrypt) {
|
||||
if (strchr(line, ':') != NULL)
|
||||
return EX_DATAERR;
|
||||
grp->gr_passwd = line;
|
||||
} else
|
||||
grp->gr_passwd = pw_pwcrypt(line);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -86,6 +86,7 @@ static void rmopie(char const * name);
|
||||
* -L class user class
|
||||
* -l name new login name
|
||||
* -h fd password filehandle
|
||||
* -H fd encrypted password filehandle
|
||||
* -F force print or add
|
||||
* Setting defaults:
|
||||
* -D set user defaults
|
||||
@ -544,7 +545,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
|
||||
warnx("WARNING: home `%s' is not a directory", pwd->pw_dir);
|
||||
}
|
||||
|
||||
if ((arg = getarg(args, 'w')) != NULL && getarg(args, 'h') == NULL) {
|
||||
if ((arg = getarg(args, 'w')) != NULL &&
|
||||
getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) {
|
||||
login_cap_t *lc;
|
||||
|
||||
lc = login_getpwclass(pwd);
|
||||
@ -602,7 +604,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
|
||||
}
|
||||
}
|
||||
|
||||
if ((arg = getarg(args, 'h')) != NULL) {
|
||||
if ((arg = getarg(args, 'h')) != NULL ||
|
||||
(arg = getarg(args, 'H')) != NULL) {
|
||||
if (strcmp(arg->val, "-") == 0) {
|
||||
if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
|
||||
pwd->pw_passwd = "*"; /* No access */
|
||||
@ -610,6 +613,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
|
||||
}
|
||||
} else {
|
||||
int fd = atoi(arg->val);
|
||||
int precrypt = (arg->ch == 'H');
|
||||
int b;
|
||||
int istty = isatty(fd);
|
||||
struct termios t;
|
||||
@ -624,7 +628,10 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
|
||||
/* Disable echo */
|
||||
n.c_lflag &= ~(ECHO);
|
||||
tcsetattr(fd, TCSANOW, &n);
|
||||
printf("%sassword for user %s:", (mode == M_UPDATE) ? "New p" : "P", pwd->pw_name);
|
||||
printf("%s%spassword for user %s:",
|
||||
(mode == M_UPDATE) ? "new " : "",
|
||||
precrypt ? "encrypted " : "",
|
||||
pwd->pw_name);
|
||||
fflush(stdout);
|
||||
}
|
||||
}
|
||||
@ -635,7 +642,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
|
||||
fflush(stdout);
|
||||
}
|
||||
if (b < 0) {
|
||||
warn("-h file descriptor");
|
||||
warn("-%c file descriptor", precrypt ? 'H' :
|
||||
'h');
|
||||
return EX_IOERR;
|
||||
}
|
||||
line[b] = '\0';
|
||||
@ -643,12 +651,18 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
|
||||
*p = '\0';
|
||||
if (!*line)
|
||||
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
|
||||
lc = login_getpwclass(pwd);
|
||||
if (lc == NULL ||
|
||||
login_setcryptfmt(lc, "md5", NULL) == NULL)
|
||||
warn("setting crypt(3) format");
|
||||
login_close(lc);
|
||||
pwd->pw_passwd = pw_pwcrypt(line);
|
||||
if (precrypt) {
|
||||
if (strchr(line, ':') != NULL)
|
||||
return EX_DATAERR;
|
||||
pwd->pw_passwd = line;
|
||||
} else {
|
||||
lc = login_getpwclass(pwd);
|
||||
if (lc == NULL ||
|
||||
login_setcryptfmt(lc, "md5", NULL) == NULL)
|
||||
warn("setting crypt(3) format");
|
||||
login_close(lc);
|
||||
pwd->pw_passwd = pw_pwcrypt(line);
|
||||
}
|
||||
edited = 1;
|
||||
}
|
||||
}
|
||||
@ -1086,7 +1100,8 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user)
|
||||
/*
|
||||
* We give this information back to the user
|
||||
*/
|
||||
if (getarg(args, 'h') == NULL && getarg(args, 'N') == NULL) {
|
||||
if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL &&
|
||||
getarg(args, 'N') == NULL) {
|
||||
if (isatty(STDOUT_FILENO))
|
||||
printf("Password for '%s' is: ", user);
|
||||
printf("%s\n", pwbuf);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user