Date: Mon, 17 Jul 2000 21:53:15 -0700 (PDT) From: andyf@speednet.com.au To: freebsd-gnats-submit@FreeBSD.org Subject: bin/19999: pw(8) '-h -' option does not disable password [PATCH] Message-ID: <20000718045315.2DCB937B7C0@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 19999
>Category: bin
>Synopsis: pw(8) '-h -' option does not disable password [PATCH]
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jul 17 22:00:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Andy Farkas
>Release: FreeBSD 4.1-RC
>Organization:
Speednet Communications Pty Ltd
>Environment:
FreeBSD 4.1-RC #0: Mon Jul 17 04:07:41 EST 2000
>Description:
According to the man page for pw(8) you can disable a password (ie.
set the pasword to '*') by giving the '-h -' option. This option is
currently broken. See patch.
>How-To-Repeat:
Execute 'pw usermod -n <username> -h -' and notice that the user can
still login. Confirm by checking in /etc/master.passwd that username
still has a password and not a '*'.
>Fix:
Cut/pasted, sorry:
--- pw_user.c.orig Tue Jul 18 14:20:31 2000
+++ pw_user.c Tue Jul 18 14:04:27 2000
@@ -624,8 +624,8 @@
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
pwd->pw_passwd = pw_pwcrypt(line);
- edited = 1;
}
+ edited = 1;
}
/*
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000718045315.2DCB937B7C0>