Otherwise, it will silently disable the login for the selected account if
the argument is unrecognizable.
usr.sbin/pw/pw.h
usr.sbin/pw/pw_conf.c
usr.sbin/pw/pw_user.c
Use separate rules to validate boolean parameters and passwd
parameters. Error out if a password parameter cannot be parsed.
usr.sbin/pw/tests/Makefile
usr.sbin/pw/tests/crypt.c
usr.sbin/pw/tests/pw_useradd.sh
usr.sbin/pw/tests/pw_usermod.sh
Add tests for the validation. Also, enhance existing
password-related tests to actually validate that the correct hash is
written to master.passwd.
Reviewed by: bapt
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6840
int nis_update(void);
int boolean_val(char const * str, int dflt);
int nis_update(void);
int boolean_val(char const * str, int dflt);
+int passwd_val(char const * str, int dflt);
char const *boolean_str(int val);
char *newstr(char const * p);
char const *boolean_str(int val);
char *newstr(char const * p);
if ((str = unquote(str)) != NULL) {
int i;
if ((str = unquote(str)) != NULL) {
int i;
+ for (i = 0; booltrue[i]; i++)
+ if (strcmp(str, booltrue[i]) == 0)
+ return 1;
+ for (i = 0; boolfalse[i]; i++)
+ if (strcmp(str, boolfalse[i]) == 0)
+ return 0;
+ }
+ return dflt;
+}
+
+int
+passwd_val(char const * str, int dflt)
+{
+ if ((str = unquote(str)) != NULL) {
+ int i;
+
for (i = 0; booltrue[i]; i++)
if (strcmp(str, booltrue[i]) == 0)
return 1;
for (i = 0; booltrue[i]; i++)
if (strcmp(str, booltrue[i]) == 0)
return 1;
return -1;
if (strcmp(str, "none") == 0)
return -2;
return -1;
if (strcmp(str, "none") == 0)
return -2;
+
+ errx(1, "Invalid value for default password");
#endif
switch (i) {
case _UC_DEFAULTPWD:
#endif
switch (i) {
case _UC_DEFAULTPWD:
- config.default_password = boolean_val(q, 1);
+ config.default_password = passwd_val(q, 1);
break;
case _UC_REUSEUID:
config.reuse_uids = boolean_val(q, 0);
break;
case _UC_REUSEUID:
config.reuse_uids = boolean_val(q, 0);
mix_config(cmdcnf, cnf);
if (default_passwd)
mix_config(cmdcnf, cnf);
if (default_passwd)
- cmdcnf->default_password = boolean_val(default_passwd,
+ cmdcnf->default_password = passwd_val(default_passwd,
cnf->default_password);
if (genconf) {
if (name != NULL)
cnf->default_password);
if (genconf) {
if (name != NULL)
if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
warn("setting crypt(3) format");
login_close(lc);
if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
warn("setting crypt(3) format");
login_close(lc);
- cnf->default_password = boolean_val(passwd,
+ cnf->default_password = passwd_val(passwd,
cnf->default_password);
pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun);
edited = true;
cnf->default_password);
pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun);
edited = true;