diff options
| -rw-r--r-- | pw/pw.8 | 16 | ||||
| -rw-r--r-- | pw/pw.c | 10 | ||||
| -rw-r--r-- | pw/pw_group.c | 11 | ||||
| -rw-r--r-- | pw/pw_user.c | 37 |
4 files changed, 52 insertions, 22 deletions
@@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 9, 1996 +.Dd January 11, 2004 .Dt PW 8 .Os .Sh NAME @@ -51,7 +51,7 @@ .Op Fl s Ar shell .Op Fl o .Op Fl L Ar class -.Op Fl h Ar fd +.Op Fl h Ar fd | Fl H Ar fd .Op Fl N .Op Fl P .Op Fl Y @@ -101,7 +101,7 @@ .Op Fl w Ar method .Op Fl s Ar shell .Op Fl L Ar class -.Op Fl h Ar fd +.Op Fl h Ar fd | Fl H Ar fd .Op Fl N .Op Fl P .Op Fl Y @@ -130,7 +130,7 @@ .Op Fl g Ar gid .Op Fl M Ar members .Op Fl o -.Op Fl h Ar fd +.Op Fl h Ar fd | Fl H Ar fd .Op Fl N .Op Fl P .Op Fl Y @@ -152,7 +152,7 @@ .Op Fl l Ar name .Op Fl M Ar members .Op Fl m Ar newmembers -.Op Fl h Ar fd +.Op Fl h Ar fd | Fl H Ar fd .Op Fl N .Op Fl P .Op Fl Y @@ -508,6 +508,12 @@ is given as the argument then the password will be set to .Ql \&* , rendering the account inaccessible via password-based login. +.It Fl H Ar fd +Read an encrypted password string from the specified file descriptor. +This is like +.Fl h , +but the password should be supplied already encrypted in a form +suitable for writing directly to the password database. .El .Pp It is possible to use @@ -106,18 +106,18 @@ main(int argc, char *argv[]) static const char *opts[W_NUM][M_NUM] = { { /* user */ - "V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:Db:NPy:Y", + "V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:H:Db:NPy:Y", "V:C:qn:u:rY", - "V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:FNPY", + "V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:H:FNPY", "V:C:qn:u:FPa7", "V:C:q", "V:C:q", "V:C:q" }, { /* grp */ - "V:C:qn:g:h:M:pNPY", + "V:C:qn:g:h:H:M:pNPY", "V:C:qn:g:Y", - "V:C:qn:g:l:h:FM:m:NPY", + "V:C:qn:g:l:h:H:FM:m:NPY", "V:C:qn:g:FPa", "V:C:q" } @@ -315,6 +315,7 @@ cmdhelp(int mode, int which) "\t-o duplicate uid ok\n" "\t-L class user class\n" "\t-h fd read password on fd\n" + "\t-H fd read encrypted password on fd\n" "\t-Y update NIS maps\n" "\t-N no update\n" " Setting defaults:\n" @@ -357,6 +358,7 @@ cmdhelp(int mode, int which) "\t-s shell name of login shell\n" "\t-w method set new password using method\n" "\t-h fd read password on fd\n" + "\t-H fd read encrypted password on fd\n" "\t-Y update NIS maps\n" "\t-N no update\n", "usage: pw usershow [uid|name] [switches]\n" diff --git a/pw/pw_group.c b/pw/pw_group.c index c9af998..1c63a11 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -158,11 +158,13 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args) * software. */ - if ((arg = getarg(args, 'h')) != NULL) { + if ((arg = getarg(args, 'h')) != NULL || + (arg = getarg(args, 'H')) != NULL) { if (strcmp(arg->val, "-") == 0) grp->gr_passwd = "*"; /* No access */ else { int fd = atoi(arg->val); + int precrypt = (arg->ch == 'H'); int b; int istty = isatty(fd); struct termios t; @@ -196,7 +198,12 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args) *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", fd); - grp->gr_passwd = pw_pwcrypt(line); + if (precrypt) { + if (strchr(line, ':') != NULL) + return EX_DATAERR; + grp->gr_passwd = line; + } else + grp->gr_passwd = pw_pwcrypt(line); } } diff --git a/pw/pw_user.c b/pw/pw_user.c index a001e3e..149a1ee 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -86,6 +86,7 @@ static void rmopie(char const * name); * -L class user class * -l name new login name * -h fd password filehandle + * -H fd encrypted password filehandle * -F force print or add * Setting defaults: * -D set user defaults @@ -544,7 +545,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) warnx("WARNING: home `%s' is not a directory", pwd->pw_dir); } - if ((arg = getarg(args, 'w')) != NULL && getarg(args, 'h') == NULL) { + if ((arg = getarg(args, 'w')) != NULL && + getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) { login_cap_t *lc; lc = login_getpwclass(pwd); @@ -602,7 +604,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) } } - if ((arg = getarg(args, 'h')) != NULL) { + if ((arg = getarg(args, 'h')) != NULL || + (arg = getarg(args, 'H')) != NULL) { if (strcmp(arg->val, "-") == 0) { if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { pwd->pw_passwd = "*"; /* No access */ @@ -610,6 +613,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) } } else { int fd = atoi(arg->val); + int precrypt = (arg->ch == 'H'); int b; int istty = isatty(fd); struct termios t; @@ -624,7 +628,10 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) /* Disable echo */ n.c_lflag &= ~(ECHO); tcsetattr(fd, TCSANOW, &n); - printf("%sassword for user %s:", (mode == M_UPDATE) ? "New p" : "P", pwd->pw_name); + printf("%s%spassword for user %s:", + (mode == M_UPDATE) ? "new " : "", + precrypt ? "encrypted " : "", + pwd->pw_name); fflush(stdout); } } @@ -635,7 +642,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) fflush(stdout); } if (b < 0) { - warn("-h file descriptor"); + warn("-%c file descriptor", precrypt ? 'H' : + 'h'); return EX_IOERR; } line[b] = '\0'; @@ -643,12 +651,18 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", fd); - lc = login_getpwclass(pwd); - if (lc == NULL || - login_setcryptfmt(lc, "md5", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_pwcrypt(line); + if (precrypt) { + if (strchr(line, ':') != NULL) + return EX_DATAERR; + pwd->pw_passwd = line; + } else { + lc = login_getpwclass(pwd); + if (lc == NULL || + login_setcryptfmt(lc, "md5", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_pwcrypt(line); + } edited = 1; } } @@ -1086,7 +1100,8 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user) /* * We give this information back to the user */ - if (getarg(args, 'h') == NULL && getarg(args, 'N') == NULL) { + if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL && + getarg(args, 'N') == NULL) { if (isatty(STDOUT_FILENO)) printf("Password for '%s' is: ", user); printf("%s\n", pwbuf); |