From owner-freebsd-bugs@FreeBSD.ORG  Thu Jan 27 16:10:17 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 251A716A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 27 Jan 2005 16:10:17 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D262543D45
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 27 Jan 2005 16:10:16 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0RGAGdX085021
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 27 Jan 2005 16:10:16 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0RGAG3o085020;
	Thu, 27 Jan 2005 16:10:16 GMT
	(envelope-from gnats)
Resent-Date: Thu, 27 Jan 2005 16:10:16 GMT
Resent-Message-Id: <200501271610.j0RGAG3o085020@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Lee Burton <lburton@extremezone.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 300EA16A4CF
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 27 Jan 2005 16:06:15 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 106CC43D41
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 27 Jan 2005 16:06:15 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j0RG6EL6004484
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 27 Jan 2005 16:06:14 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j0RG6DnE004483;
	Thu, 27 Jan 2005 16:06:13 GMT
	(envelope-from nobody)
Message-Id: <200501271606.j0RG6DnE004483@www.freebsd.org>
Date: Thu, 27 Jan 2005 16:06:13 GMT
From: Lee Burton <lburton@extremezone.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Subject: bin/76756: function pw_equal in pw_util.c does not test pw_passwd
	field so any changes made by chpass to that field are ignored.
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2005 16:10:17 -0000


>Number:         76756
>Category:       bin
>Synopsis:       function pw_equal in pw_util.c does not test pw_passwd field so any changes made by chpass to that field are ignored.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 27 16:10:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Lee Burton
>Release:        5.3
>Organization:
Extrenme Internet
>Environment:
FreeBSD eiscanner01.extremezone.com 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov  5 04:19:18 UTC 2004     root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
Our organization uses the "splat" method of disabling users, i.e. an
asterisk is prepended to the encrypted password string using chpass.
After upgrading to 5.3, attempts to change the encrypted string resulted
in a "user information unchanged".
>How-To-Repeat:
Use chpass to modify only the pw_passwd field.
>Fix:
Add the following line to pw_equal:

strcmp(pw1->pw_passwd, pw2->pw_passwd) == 0 &&

so pw_equal looks like:

/*
 * Compares two struct pwds.
 */
int
pw_equal(const struct passwd *pw1, const struct passwd *pw2)
{
        return (strcmp(pw1->pw_name, pw2->pw_name) == 0 &&
            strcmp(pw1->pw_passwd, pw2->pw_passwd) == 0 &&
            pw1->pw_uid == pw2->pw_uid &&
            pw1->pw_gid == pw2->pw_gid &&
            strcmp(pw1->pw_class, pw2->pw_class) == 0 &&
            pw1->pw_change == pw2->pw_change &&
            pw1->pw_expire == pw2->pw_expire &&
            strcmp(pw1->pw_gecos, pw2->pw_gecos) == 0 &&
            strcmp(pw1->pw_dir, pw2->pw_dir) == 0 &&
            strcmp(pw1->pw_shell, pw2->pw_shell) == 0);
}

>Release-Note:
>Audit-Trail:
>Unformatted: