pw should sanitize the argument of -w.

Otherwise, it will silently disable the login for the selected account if
the argument is unrecognizable.

usr.sbin/pw/pw.h
usr.sbin/pw/pw_conf.c
usr.sbin/pw/pw_user.c
	Use separate rules to validate boolean parameters and passwd
	parameters.  Error out if a password parameter cannot be parsed.

usr.sbin/pw/tests/Makefile
usr.sbin/pw/tests/crypt.c
usr.sbin/pw/tests/pw_useradd.sh
usr.sbin/pw/tests/pw_usermod.sh
	Add tests for the validation.  Also, enhance existing
	password-related tests to actually validate that the correct hash is
	written to master.passwd.

Reviewed by:	bapt
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6840

diff --git a/pw/pw.h b/pw/pw.h
index b389f1248dd144fcb89ec0c013ec317f60c98906..05a51c220723991176e69311e374e46c322c1aaa 100644 (file)
--- a/pw/pw.h
+++ b/pw/pw.h
@@ -93,6 +93,7 @@ int groupadd(struct userconf *, char *name, gid_t id, char *members, int fd,
 int nis_update(void);
 
 int boolean_val(char const * str, int dflt);
+int passwd_val(char const * str, int dflt);
 char const *boolean_str(int val);
 char *newstr(char const * p);
 

diff --git a/pw/pw_conf.c b/pw/pw_conf.c
index d30c80e980d70e2630edcb500a9793b6153503a3..a3bd0bd367333a7876bf70ee3d9b8b191bb1d383 100644 (file)
--- a/pw/pw_conf.c
+++ b/pw/pw_conf.c
@@ -180,6 +180,22 @@ boolean_val(char const * str, int dflt)
        if ((str = unquote(str)) != NULL) {
                int             i;
 
+               for (i = 0; booltrue[i]; i++)
+                       if (strcmp(str, booltrue[i]) == 0)
+                               return 1;
+               for (i = 0; boolfalse[i]; i++)
+                       if (strcmp(str, boolfalse[i]) == 0)
+                               return 0;
+       }
+       return dflt;
+}
+
+int
+passwd_val(char const * str, int dflt)
+{
+       if ((str = unquote(str)) != NULL) {
+               int             i;
+
                for (i = 0; booltrue[i]; i++)
                        if (strcmp(str, booltrue[i]) == 0)
                                return 1;
@@ -194,6 +210,8 @@ boolean_val(char const * str, int dflt)
                        return -1;
                if (strcmp(str, "none") == 0)
                        return -2;
+
+               errx(1, "Invalid value for default password");
        }
        return dflt;
 }
@@ -258,7 +276,7 @@ read_userconfig(char const * file)
 #endif
                        switch (i) {
                        case _UC_DEFAULTPWD:
-                               config.default_password = boolean_val(q, 1);
+                               config.default_password = passwd_val(q, 1);
                                break;
                        case _UC_REUSEUID:
                                config.reuse_uids = boolean_val(q, 0);

diff --git a/pw/pw_user.c b/pw/pw_user.c
index 67186c3dc0338b533c4dc170dcd528aba9c94f0d..75e7fb6e5c8887127e372b50280ec64193c072ea 100644 (file)
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -1315,7 +1315,7 @@ pw_user_add(int argc, char **argv, char *arg1)
 
        mix_config(cmdcnf, cnf);
        if (default_passwd)
-               cmdcnf->default_password = boolean_val(default_passwd,
+               cmdcnf->default_password = passwd_val(default_passwd,
                    cnf->default_password);
        if (genconf) {
                if (name != NULL)
@@ -1717,7 +1717,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
                if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
                        warn("setting crypt(3) format");
                login_close(lc);
-               cnf->default_password = boolean_val(passwd,
+               cnf->default_password = passwd_val(passwd,
                    cnf->default_password);
                pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun);
                edited = true;