Date: Thu, 3 May 2001 15:37:44 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Gerhard Sittig <Gerhard.Sittig@gmx.net> Cc: freebsd-security@freebsd.org Subject: Re: useradd/adduser Message-ID: <20010503153744.D98293@ringworld.oblivion.bg> In-Reply-To: <20010502213719.C253@speedy.gsinet>; from Gerhard.Sittig@gmx.net on Wed, May 02, 2001 at 09:37:19PM %2B0200 References: <200105021613.RAA25130@mailgate.kechara.net> <20010502180257.B88365@ringworld.oblivion.bg> <20010502180543.C88365@ringworld.oblivion.bg> <20010502202157.A76656@daphne.unloved.org> <20010502214032.F88365@ringworld.oblivion.bg> <20010502213719.C253@speedy.gsinet>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 02, 2001 at 09:37:19PM +0200, Gerhard Sittig wrote:
> On Wed, May 02, 2001 at 21:40 +0300, Peter Pentchev wrote:
> > On Wed, May 02, 2001 at 08:21:57PM +0200, Ashley Penney wrote:
> > > On Wed, May 02, 2001 at 06:05:43PM +0300, Peter Pentchev said:
> > >
> > > > And if you're really, really interested, I could give you a
> > > > little patch I made some time ago, to add a -H encrypted
> > > > pass option to pw(8), which should do exactly what you need
> > > > :)
> > >
> > > What's wrong with chpass -p "crypthere" user ?
> >
> > OK, several people pointed that out already :) I didn't know
> > chpass could do that, ok? :)
>
> Not quite in all respects. There's a short discussion in "man 8
> pw" for how the -h option and feeding it from an fd is motivated.
> By using pw(8)'s -p option you end up specifying the crypted form
> on the command line, again. Whereas producing into an fd could
> be done any way you could think of ...
>
> To cut it short: I would be happy to see your (Peter's) -H
> option incorporated into pw(8). I assume it does what -h does,
> too, but bypasses the crypt(3) call. This should make the patch
> short and rather suitable for quick and smooth verification.
OK, here it is. For those who've seen a similar patch on -arch
a couple of months ago, no, this one's not the same - the previous
version had the password on the command line, just as chpass -p does.
This one is similar to -h, and -H specifies an fd to read the encrypted
password from.
G'luck,
Peter
--
This sentence is false.
Index: src/usr.sbin/pw/pw.8
===================================================================
RCS file: /home/ncvs/src/usr.sbin/pw/pw.8,v
retrieving revision 1.23
diff -u -r1.23 pw.8
--- src/usr.sbin/pw/pw.8 2001/03/16 14:11:41 1.23
+++ src/usr.sbin/pw/pw.8 2001/05/03 12:32:15
@@ -50,6 +50,7 @@
.Op Fl s Ar shell
.Op Fl o
.Op Fl L Ar class
+.Op Fl H Ar fd
.Op Fl h Ar fd
.Op Fl N
.Op Fl P
@@ -100,6 +101,7 @@
.Op Fl w Ar method
.Op Fl s Ar shell
.Op Fl L Ar class
+.Op Fl H Ar fd
.Op Fl h Ar fd
.Op Fl N
.Op Fl P
@@ -128,6 +130,7 @@
.Op Fl g Ar gid
.Op Fl M Ar members
.Op Fl o
+.Op Fl H Ar fd
.Op Fl h Ar fd
.Op Fl N
.Op Fl P
@@ -151,6 +154,7 @@
.Op Fl l Ar name
.Op Fl M Ar members
.Op Fl m Ar newmembers
+.Op Fl H Ar fd
.Op Fl h Ar fd
.Op Fl N
.Op Fl P
@@ -468,8 +472,9 @@
See
.Xr passwd 5
for details.
+.It Fl H Ar fd
.It Fl h Ar fd
-This option provides a special interface by which interactive scripts can
+These options provide a special interface by which interactive scripts can
set an account password using
.Nm .
Because the command line and environment are fundamentally insecure mechanisms
@@ -496,6 +501,18 @@
.Xr passwd 1 ,
this must be implemented as part of an interactive script that calls
.Nm .
+.Pp
+If
+.Fl h
+is given,
+.Nm
+treats the read password as plaintext, and encrypts it using
+.Xr crypt 3 .
+If
+.Fl H
+is used,
+.Nm
+treats the read password as already encrypted, and stores it unchanged.
.Pp
If a value of
.Ql \&-
Index: src/usr.sbin/pw/pw.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/pw/pw.c,v
retrieving revision 1.24
diff -u -r1.24 pw.c
--- src/usr.sbin/pw/pw.c 2001/03/14 03:24:30 1.24
+++ src/usr.sbin/pw/pw.c 2001/05/03 12:32:15
@@ -106,18 +106,18 @@
static const char *opts[W_NUM][M_NUM] =
{
{ /* user */
- "V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:Db:NPy:Y",
+ "V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:H:Db:NPy:Y",
"V:C:qn:u:rY",
- "V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:FNPY",
+ "V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:H:FNPY",
"V:C:qn:u:FPa7",
"V:C:q",
"V:C:q",
"V:C:q"
},
{ /* grp */
- "V:C:qn:g:h:M:pNPY",
+ "V:C:qn:g:h:H:M:pNPY",
"V:C:qn:g:Y",
- "V:C:qn:g:l:h:FM:m:NPY",
+ "V:C:qn:g:l:h:H:FM:m:NPY",
"V:C:qn:g:FPa",
"V:C:q"
}
Index: src/usr.sbin/pw/pw_group.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/pw/pw_group.c,v
retrieving revision 1.13
diff -u -r1.13 pw_group.c
--- src/usr.sbin/pw/pw_group.c 2000/06/22 16:48:41 1.13
+++ src/usr.sbin/pw/pw_group.c 2001/05/03 12:32:16
@@ -158,7 +158,11 @@
* software.
*/
- if ((arg = getarg(args, 'h')) != NULL) {
+ if ((getarg(args, 'h') != NULL) && (getarg(args, 'H') != NULL))
+ err(EX_DATAERR, "-h and -H cannot be used simultaneously");
+
+ if (((arg = getarg(args, 'h')) != NULL) ||
+ ((arg = getarg(args, 'H')) != NULL)) {
if (strcmp(arg->val, "-") == 0)
grp->gr_passwd = "*"; /* No access */
else {
@@ -177,7 +181,10 @@
/* Disable echo */
n.c_lflag &= ~(ECHO);
tcsetattr(fd, TCSANOW, &n);
- printf("%sassword for group %s:", (mode == M_UPDATE) ? "New p" : "P", grp->gr_name);
+ printf("%sassword%s for group %s:",
+ (mode == M_UPDATE) ? "New p" : "P",
+ (arg->ch == 'H'? " (enc)": ""),
+ grp->gr_name);
fflush(stdout);
}
}
@@ -188,7 +195,7 @@
fflush(stdout);
}
if (b < 0) {
- warn("-h file descriptor");
+ warn("-%c file descriptor", arg->ch);
return EX_OSERR;
}
line[b] = '\0';
@@ -196,7 +203,10 @@
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
- grp->gr_passwd = pw_pwcrypt(line);
+ if (arg->ch == 'h')
+ grp->gr_passwd = pw_pwcrypt(line);
+ else
+ grp->gr_passwd = strdup(line);
}
}
Index: src/usr.sbin/pw/pw_user.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/pw/pw_user.c,v
retrieving revision 1.46
diff -u -r1.46 pw_user.c
--- src/usr.sbin/pw/pw_user.c 2001/03/21 13:46:09 1.46
+++ src/usr.sbin/pw/pw_user.c 2001/05/03 12:32:17
@@ -601,7 +601,11 @@
}
}
- if ((arg = getarg(args, 'h')) != NULL) {
+ if ((getarg(args, 'h') != NULL) && (getarg(args, 'H') != NULL))
+ errx(EX_DATAERR, "-h and -H cannot be used simultaneously");
+
+ if (((arg = getarg(args, 'h')) != NULL) ||
+ ((arg = getarg(args, 'H')) != NULL)) {
if (strcmp(arg->val, "-") == 0) {
if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
pwd->pw_passwd = "*"; /* No access */
@@ -623,7 +627,10 @@
/* Disable echo */
n.c_lflag &= ~(ECHO);
tcsetattr(fd, TCSANOW, &n);
- printf("%sassword for user %s:", (mode == M_UPDATE) ? "New p" : "P", pwd->pw_name);
+ printf("%sassword%s for user %s:",
+ (mode == M_UPDATE) ? "New p" : "P",
+ (arg->ch == 'H'? " (enc)": ""),
+ pwd->pw_name);
fflush(stdout);
}
}
@@ -634,7 +641,7 @@
fflush(stdout);
}
if (b < 0) {
- warn("-h file descriptor");
+ warn("-%c file descriptor", arg->ch);
return EX_IOERR;
}
line[b] = '\0';
@@ -647,7 +654,10 @@
login_setcryptfmt(lc, "md5", NULL) == NULL)
warn("setting crypt(3) format");
login_close(lc);
- pwd->pw_passwd = pw_pwcrypt(line);
+ if (arg->ch == 'h')
+ pwd->pw_passwd = pw_pwcrypt(line);
+ else
+ pwd->pw_passwd = strdup(line);
edited = 1;
}
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010503153744.D98293>