From owner-svn-src-all@freebsd.org  Sat Jul  4 15:27:06 2015
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 878BD94F8;
 Sat,  4 Jul 2015 15:27:06 +0000 (UTC)
 (envelope-from bapt@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6AC09125C;
 Sat,  4 Jul 2015 15:27:06 +0000 (UTC)
 (envelope-from bapt@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t64FR6dv062239;
 Sat, 4 Jul 2015 15:27:06 GMT (envelope-from bapt@FreeBSD.org)
Received: (from bapt@localhost)
 by repo.freebsd.org (8.14.9/8.14.9/Submit) id t64FR5eC062234;
 Sat, 4 Jul 2015 15:27:05 GMT (envelope-from bapt@FreeBSD.org)
Message-Id: <201507041527.t64FR5eC062234@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bapt set sender to
 bapt@FreeBSD.org using -f
From: Baptiste Daroussin <bapt@FreeBSD.org>
Date: Sat, 4 Jul 2015 15:27:05 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r285133 - in head/usr.sbin/pw: . tests
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jul 2015 15:27:06 -0000

Author: bapt
Date: Sat Jul  4 15:27:04 2015
New Revision: 285133
URL: https://svnweb.freebsd.org/changeset/base/285133

Log:
  Validate input of pw usermod -h and pwusermod -H
  
  Push the code that set the password into a separate function to improve
  readability
  
  Add regression tests about pw usermod -h and pw usermod -H

Modified:
  head/usr.sbin/pw/pw.c
  head/usr.sbin/pw/pw_user.c
  head/usr.sbin/pw/pwupd.h
  head/usr.sbin/pw/tests/pw_usermod.sh

Modified: head/usr.sbin/pw/pw.c
==============================================================================
--- head/usr.sbin/pw/pw.c	Sat Jul  4 14:50:32 2015	(r285132)
+++ head/usr.sbin/pw/pw.c	Sat Jul  4 15:27:04 2015	(r285133)
@@ -137,6 +137,7 @@ main(int argc, char *argv[])
 	relocated = nis = false;
 	memset(&conf, 0, sizeof(conf));
 	strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath));
+	conf.fd = -1;
 
 	LIST_INIT(&arglist);
 
@@ -280,6 +281,35 @@ main(int argc, char *argv[])
 				errx(EX_USAGE, "Bad id '%s': %s", optarg,
 				    errstr);
 			break;
+		case 'H':
+			if (conf.fd != -1)
+				errx(EX_USAGE, "'-h' and '-H' are mutually "
+				    "exclusive options");
+			conf.precrypted = true;
+			if (strspn(optarg, "0123456789") != strlen(optarg))
+				errx(EX_USAGE, "'-H' expects a file descriptor");
+
+			conf.fd = strtonum(optarg, 0, INT_MAX, &errstr);
+			if (errstr != NULL)
+				errx(EX_USAGE, "Bad file descriptor '%s': %s",
+				    optarg, errstr);
+			break;
+		case 'h':
+			if (conf.fd != -1)
+				errx(EX_USAGE, "'-h' and '-H' are mutually "
+				    "exclusive options");
+
+			if (strcmp(optarg, "-") == 0)
+				conf.fd = '-';
+			else if (strspn(optarg, "0123456789") == strlen(optarg)) {
+				conf.fd = strtonum(optarg, 0, INT_MAX, &errstr);
+				if (errstr != NULL)
+					errx(EX_USAGE, "'-h' expects a "
+					    "file descriptor or '-'");
+			} else
+				errx(EX_USAGE, "'-h' expects a file "
+				    "descriptor or '-'");
+			break;
 		case 'o':
 			conf.checkduplicate = true;
 			break;

Modified: head/usr.sbin/pw/pw_user.c
==============================================================================
--- head/usr.sbin/pw/pw_user.c	Sat Jul  4 14:50:32 2015	(r285132)
+++ head/usr.sbin/pw/pw_user.c	Sat Jul  4 15:27:04 2015	(r285133)
@@ -86,6 +86,67 @@ create_and_populate_homedir(int mode, st
 	    pwd->pw_uid, pwd->pw_dir);
 }
 
+static int
+set_passwd(struct passwd *pwd, struct carg *arg, bool update)
+{
+	int		 b, istty;
+	struct termios	 t, n;
+	login_cap_t	*lc;
+	char		line[_PASSWORD_LEN+1];
+	char		*p;
+
+	if (conf.fd == '-') {
+		if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
+			pwd->pw_passwd = "*";	/* No access */
+			return (1);
+		}
+		return (0);
+	}
+
+	if ((istty = isatty(conf.fd))) {
+		if (tcgetattr(conf.fd, &t) == -1)
+			istty = 0;
+		else {
+			n.c_lflag &= ~(ECHO);
+			tcsetattr(conf.fd, TCSANOW, &n);
+			printf("%s%spassword for user %s:",
+			    update ? "new " : "",
+			    conf.precrypted ? "encrypted " : "",
+			    pwd->pw_name);
+			fflush(stdout);
+		}
+	}
+	b = read(conf.fd, line, sizeof(line) - 1);
+	if (istty) {	/* Restore state */
+		tcsetattr(conf.fd, TCSANOW, &t);
+		fputc('\n', stdout);
+		fflush(stdout);
+	}
+
+	if (b < 0)
+		err(EX_IOERR, "-%c file descriptor",
+		    conf.precrypted ? 'H' : 'h');
+	line[b] = '\0';
+	if ((p = strpbrk(line, "\r\n")) != NULL)
+		*p = '\0';
+	if (!*line)
+		errx(EX_DATAERR, "empty password read on file descriptor %d",
+		    conf.fd);
+	if (conf.precrypted) {
+		if (strchr(line, ':') != NULL)
+			return EX_DATAERR;
+		pwd->pw_passwd = line;
+	} else {
+		lc = login_getpwclass(pwd);
+		if (lc == NULL ||
+				login_setcryptfmt(lc, "sha512", NULL) == NULL)
+			warn("setting crypt(3) format");
+		login_close(lc);
+		pwd->pw_passwd = pw_pwcrypt(line);
+	}
+	return (1);
+}
+
 /*-
  * -C config      configuration file
  * -q             quiet operation
@@ -529,66 +590,8 @@ pw_user(int mode, char *name, long id, s
 		}
 	}
 
-	if ((arg = getarg(args, 'h')) != NULL ||
-	    (arg = getarg(args, 'H')) != NULL) {
-		if (strcmp(arg->val, "-") == 0) {
-			if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
-				pwd->pw_passwd = "*";	/* No access */
-				edited = 1;
-			}
-		} else {
-			int             fd = atoi(arg->val);
-			int		precrypt = (arg->ch == 'H');
-			int             b;
-			int             istty = isatty(fd);
-			struct termios  t;
-			login_cap_t	*lc;
-
-			if (istty) {
-				if (tcgetattr(fd, &t) == -1)
-					istty = 0;
-				else {
-					struct termios  n = t;
-
-					/* Disable echo */
-					n.c_lflag &= ~(ECHO);
-					tcsetattr(fd, TCSANOW, &n);
-					printf("%s%spassword for user %s:",
-					     (mode == M_UPDATE) ? "new " : "",
-					     precrypt ? "encrypted " : "",
-					     pwd->pw_name);
-					fflush(stdout);
-				}
-			}
-			b = read(fd, line, sizeof(line) - 1);
-			if (istty) {	/* Restore state */
-				tcsetattr(fd, TCSANOW, &t);
-				fputc('\n', stdout);
-				fflush(stdout);
-			}
-			if (b < 0)
-				err(EX_IOERR, "-%c file descriptor",
-				    precrypt ? 'H' : 'h');
-			line[b] = '\0';
-			if ((p = strpbrk(line, "\r\n")) != NULL)
-				*p = '\0';
-			if (!*line)
-				errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
-			if (precrypt) {
-				if (strchr(line, ':') != NULL)
-					return EX_DATAERR;
-				pwd->pw_passwd = line;
-			} else {
-				lc = login_getpwclass(pwd);
-				if (lc == NULL ||
-				    login_setcryptfmt(lc, "sha512", NULL) == NULL)
-					warn("setting crypt(3) format");
-				login_close(lc);
-				pwd->pw_passwd = pw_pwcrypt(line);
-			}
-			edited = 1;
-		}
-	}
+	if (conf.fd != -1)
+		edited = set_passwd(pwd, arg, mode == M_UPDATE);
 
 	/*
 	 * Special case: -N only displays & exits

Modified: head/usr.sbin/pw/pwupd.h
==============================================================================
--- head/usr.sbin/pw/pwupd.h	Sat Jul  4 14:50:32 2015	(r285132)
+++ head/usr.sbin/pw/pwupd.h	Sat Jul  4 15:27:04 2015	(r285133)
@@ -85,10 +85,12 @@ struct pwconf {
 	char		 etcpath[MAXPATHLEN];
 	char		*newname;
 	char		*config;
+	int		 fd;
 	bool		 dryrun;
 	bool		 pretty;
 	bool		 v7;
 	bool		 checkduplicate;
+	bool		 precrypted;
 	struct userconf	*userconf;
 };
 

Modified: head/usr.sbin/pw/tests/pw_usermod.sh
==============================================================================
--- head/usr.sbin/pw/tests/pw_usermod.sh	Sat Jul  4 14:50:32 2015	(r285132)
+++ head/usr.sbin/pw/tests/pw_usermod.sh	Sat Jul  4 15:27:04 2015	(r285133)
@@ -119,6 +119,41 @@ user_mod_rename_too_long_body() {
 		-l name_very_very_very_very_very_long
 }
 
+atf_test_case user_mod_h
+user_mod_h_body() {
+	populate_etc_skel
+
+	atf_check -s exit:0 ${PW} useradd foo
+	atf_check -s exit:0 ${PW} usermod foo -h 0 <<- EOF
+	$(echo a)
+	EOF
+	atf_check -s exit:0 -o not-match:"^foo:\*:.*" \
+		grep "^foo" ${HOME}/master.passwd
+	atf_check -s exit:0 ${PW} usermod foo -h - <<- EOF
+	$(echo b)
+	EOF
+	atf_check -s exit:0 -o match:"^foo:\*:.*" \
+		grep "^foo" ${HOME}/master.passwd
+	atf_check -e inline:"pw: '-h' expects a file descriptor or '-'\n" \
+		-s exit:64 ${PW} usermod foo -h a <<- EOF
+	$(echo a)
+	EOF
+}
+
+atf_test_case user_mod_H
+user_mod_H_body() {
+	populate_etc_skel
+
+	atf_check -s exit:0 ${PW} useradd foo
+	atf_check -s exit:0 ${PW} usermod foo -H 0 <<- EOF
+	$(echo a)
+	EOF
+	atf_check -s exit:0 -o match:"^foo:a:.*" \
+		grep "^foo" ${HOME}/master.passwd
+	atf_check -s exit:64 -e inline:"pw: '-H' expects a file descriptor\n" \
+		${PW} usermod foo -H -
+}
+
 atf_init_test_cases() {
 	atf_add_test_case user_mod
 	atf_add_test_case user_mod_noupdate
@@ -130,4 +165,6 @@ atf_init_test_cases() {
 	atf_add_test_case user_mod_name_noupdate
 	atf_add_test_case user_mod_rename
 	atf_add_test_case user_mod_rename_too_long
+	atf_add_test_case user_mod_h
+	atf_add_test_case user_mod_H
 }