From owner-freebsd-bugs@FreeBSD.ORG  Mon Dec  6 19:00:19 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B635B1065674
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  6 Dec 2010 19:00:19 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 65E708FC1A
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  6 Dec 2010 19:00:19 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oB6J0JnQ057880
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 6 Dec 2010 19:00:19 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oB6J0JRi057879;
	Mon, 6 Dec 2010 19:00:19 GMT (envelope-from gnats)
Resent-Date: Mon, 6 Dec 2010 19:00:19 GMT
Resent-Message-Id: <201012061900.oB6J0JRi057879@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Kris Moore <kmoore@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6BE8E106566C
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon,  6 Dec 2010 18:55:12 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 4FABE8FC0A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon,  6 Dec 2010 18:55:12 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oB6ItCG6086207
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 6 Dec 2010 18:55:12 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id oB6ItCxR086206;
	Mon, 6 Dec 2010 18:55:12 GMT (envelope-from nobody)
Message-Id: <201012061855.oB6ItCxR086206@red.freebsd.org>
Date: Mon, 6 Dec 2010 18:55:12 GMT
From: Kris Moore <kmoore@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: bin/152868: bin: usr.sbin/pc-sysinstall - Add support for using
	encrypted pass strings
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Dec 2010 19:00:19 -0000


>Number:         152868
>Category:       bin
>Synopsis:       bin: usr.sbin/pc-sysinstall - Add support for using encrypted pass strings
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 06 19:00:19 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Kris Moore
>Release:        9.0-Current
>Organization:
PC-BSD / iXsystems
>Environment:
>Description:
The following patch adds support for using encrypted password strings when setting the root / user passwords via pc-sysinstall
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN src.o/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh src/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
--- src.o/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh	2010-11-15 15:18:24.632396280 -0500
+++ src/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh	2010-12-06 13:28:16.269745784 -0500
@@ -372,19 +372,32 @@
 # Function which sets the root password from the install config
 set_root_pw()
 {
+  # Get the plaintext string
   get_value_from_cfg_with_spaces rootPass
-  PW="${VAL}"
+  local PW="${VAL}"
+
+  # Get the encrypted string
+  get_value_from_cfg_with_spaces rootEncPass
+  local ENCPW="${VAL}"
 
   # If we don't have a root pass, return
-  if [ -z "${PW}" ]
-  then
-    return 0
-  fi
+  if [ -z "${PW}" -a -z "${ENCPW}" ] ; then return 0 ; fi
 
   echo_log "Setting root password"
-  echo "${PW}" > ${FSMNT}/.rootpw
-  run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
-  rc_halt "rm ${FSMNT}/.rootpw"
+
+  # Check if setting plaintext password
+  if [ ! -z "${PW}" ] ; then
+    echo "${PW}" > ${FSMNT}/.rootpw
+    run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
+    rc_halt "rm ${FSMNT}/.rootpw"
+  fi
+
+  # Check if setting encrypted password
+  if [ ! -z "${ENCPW}" ] ; then
+    echo "${ENCPW}" > ${FSMNT}/.rootpw
+    run_chroot_cmd "cat /.rootpw | pw usermod root -H 0"
+    rc_halt "rm ${FSMNT}/.rootpw"
+  fi
 
 };
 
diff -ruN src.o/usr.sbin/pc-sysinstall/backend/functions-users.sh src/usr.sbin/pc-sysinstall/backend/functions-users.sh
--- src.o/usr.sbin/pc-sysinstall/backend/functions-users.sh	2010-11-15 15:18:24.626384838 -0500
+++ src/usr.sbin/pc-sysinstall/backend/functions-users.sh	2010-12-06 13:41:36.664751903 -0500
@@ -93,6 +93,13 @@
       USERPASS="$VAL"
     fi
 
+    echo $line | grep "^userEncPass=" >/dev/null 2>/dev/null
+    if [ "$?" = "0" ]
+    then
+      get_value_from_string "${line}"
+      USERENCPASS="$VAL"
+    fi
+
     echo $line | grep "^userShell=" >/dev/null 2>/dev/null
     if [ "$?" = "0" ]
     then
@@ -135,6 +142,10 @@
         then
           ARGS="${ARGS} -h 0"
           echo "${USERPASS}" >${FSMNT}/.tmpPass
+	elif [ ! -z "${USERENCPASS}" ] 
+	then
+          ARGS="${ARGS} -H 0"
+          echo "${USERENCPASS}" >${FSMNT}/.tmpPass
         else
           ARGS="${ARGS} -h -"
           rm ${FSMNT}/.tmpPass 2>/dev/null 2>/dev/null
@@ -160,7 +171,7 @@
         add_user "${ARGS}"
 
         # Unset our vars before looking for any more users
-        unset USERNAME USERCOMMENT USERPASS USERSHELL USERHOME USERGROUPS
+        unset USERNAME USERCOMMENT USERPASS USERENCPASS USERSHELL USERHOME USERGROUPS
       else
         exit_err "ERROR: commitUser was called without any userName= entry!!!" 
       fi
diff -ruN src.o/usr.sbin/pc-sysinstall/examples/README src/usr.sbin/pc-sysinstall/examples/README
--- src.o/usr.sbin/pc-sysinstall/examples/README	2010-11-15 15:18:24.515381431 -0500
+++ src/usr.sbin/pc-sysinstall/examples/README	2010-12-06 13:31:52.103433323 -0500
@@ -286,7 +286,12 @@
 
 # rootPass=root
 
-Set the root password of the installed system to the specified string
+Set the root password of the installed system to the specified plaintext string
+
+# rootEncPass=<encryptedstring>
+
+Set the root password of the installed system to the specified encrypted string
+
 
 The below variables are used to setup a user on the installed system
 Be sure to call commitUser after after adding these values, and before
@@ -295,6 +300,8 @@
 # userName=kris
 # userComment=Kris Moore
 # userPass=mypass
+or
+# userEncPass=<encryptedstring>
 # userShell=/bin/csh
 # userHome=/home/kris
 # userGroups=wheel,operator


>Release-Note:
>Audit-Trail:
>Unformatted: