Subject: [PATCH] Allow for setting password in clear text Upstream-Status: Inappropriate [OE specific] Signed-off-by: Chen Qi --- src/Makefile.am | 8 ++++---- src/groupadd.c | 20 +++++++++++++++----- src/groupmod.c | 20 +++++++++++++++----- src/useradd.c | 21 +++++++++++++++------ src/usermod.c | 20 +++++++++++++++----- 5 files changed, 64 insertions(+), 25 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 3c98a8d..b8093d5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -93,10 +93,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) -groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) +groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) -groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) +groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) grpck_LDADD = $(LDADD) $(LIBSELINUX) grpconv_LDADD = $(LDADD) $(LIBSELINUX) grpunconv_LDADD = $(LDADD) $(LIBSELINUX) @@ -117,9 +117,9 @@ su_SOURCES = \ suauth.c su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) sulogin_LDADD = $(LDADD) $(LIBCRYPT) -useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) +useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) -usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) +usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) vipw_LDADD = $(LDADD) $(LIBSELINUX) install-am: all-am diff --git a/src/groupadd.c b/src/groupadd.c index b57006c..63e1c48 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -123,9 +123,10 @@ static /*@noreturn@*/void usage (int status) (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" " (non-unique) GID\n"), usageout); (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); + (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); (void) fputs (_(" -r, --system create a system account\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout); + (void) fputs (_(" -A, --prefix PREFIX_DIR directory prefix\n"), usageout); (void) fputs ("\n", usageout); exit (status); } @@ -387,13 +388,14 @@ static void process_flags (int argc, char **argv) {"key", required_argument, NULL, 'K'}, {"non-unique", no_argument, NULL, 'o'}, {"password", required_argument, NULL, 'p'}, + {"clear-password", required_argument, NULL, 'P'}, {"system", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, - {"prefix", required_argument, NULL, 'P'}, + {"prefix", required_argument, NULL, 'A'}, {NULL, 0, NULL, '\0'} }; - while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:", + while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:", long_options, NULL)) != -1) { switch (c) { case 'f': @@ -445,12 +447,20 @@ static void process_flags (int argc, char **argv) pflg = true; group_passwd = optarg; break; + case 'P': + pflg = true; + group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); + break; case 'r': rflg = true; break; case 'R': /* no-op, handled in process_root_flag () */ break; - case 'P': /* no-op, handled in process_prefix_flag () */ + case 'A': /* no-op, handled in process_prefix_flag () */ + fprintf (stderr, + _("%s: -A is deliberately not supported \n"), + Prog); + exit (E_BAD_ARG); break; default: usage (E_USAGE); @@ -584,7 +594,7 @@ int main (int argc, char **argv) (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); - prefix = process_prefix_flag ("-P", argc, argv); + prefix = process_prefix_flag ("-A", argc, argv); OPENLOG ("groupadd"); #ifdef WITH_AUDIT diff --git a/src/groupmod.c b/src/groupmod.c index b293b98..72daf2c 100644 --- a/src/groupmod.c +++ b/src/groupmod.c @@ -134,8 +134,9 @@ static void usage (int status) (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" " PASSWORD\n"), usageout); + (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); (void) fputs ("\n", usageout); exit (status); } @@ -383,11 +384,12 @@ static void process_flags (int argc, char **argv) {"new-name", required_argument, NULL, 'n'}, {"non-unique", no_argument, NULL, 'o'}, {"password", required_argument, NULL, 'p'}, + {"clear-password", required_argument, NULL, 'P'}, {"root", required_argument, NULL, 'R'}, - {"prefix", required_argument, NULL, 'P'}, + {"prefix", required_argument, NULL, 'A'}, {NULL, 0, NULL, '\0'} }; - while ((c = getopt_long (argc, argv, "g:hn:op:R:P:", + while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:", long_options, NULL)) != -1) { switch (c) { case 'g': @@ -414,9 +416,17 @@ static void process_flags (int argc, char **argv) group_passwd = optarg; pflg = true; break; + case 'P': + group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); + pflg = true; + break; case 'R': /* no-op, handled in process_root_flag () */ break; - case 'P': /* no-op, handled in process_prefix_flag () */ + case 'A': /* no-op, handled in process_prefix_flag () */ + fprintf (stderr, + _("%s: -A is deliberately not supported \n"), + Prog); + exit (E_BAD_ARG); break; default: usage (E_USAGE); @@ -757,7 +767,7 @@ int main (int argc, char **argv) (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); - prefix = process_prefix_flag ("-P", argc, argv); + prefix = process_prefix_flag ("-A", argc, argv); OPENLOG ("groupmod"); #ifdef WITH_AUDIT diff --git a/src/useradd.c b/src/useradd.c index c74e491..7214e72 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -829,9 +829,10 @@ static void usage (int status) (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" " (non-unique) UID\n"), usageout); (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); + (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); (void) fputs (_(" -r, --system create a system account\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout); (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout); @@ -1104,9 +1105,10 @@ static void process_flags (int argc, char **argv) {"no-user-group", no_argument, NULL, 'N'}, {"non-unique", no_argument, NULL, 'o'}, {"password", required_argument, NULL, 'p'}, + {"clear-password", required_argument, NULL, 'P'}, {"system", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, - {"prefix", required_argument, NULL, 'P'}, + {"prefix", required_argument, NULL, 'A'}, {"shell", required_argument, NULL, 's'}, {"uid", required_argument, NULL, 'u'}, {"user-group", no_argument, NULL, 'U'}, @@ -1117,9 +1119,9 @@ static void process_flags (int argc, char **argv) }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:", + "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:", #else /* !WITH_SELINUX */ - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U", + "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U", #endif /* !WITH_SELINUX */ long_options, NULL)) != -1) { switch (c) { @@ -1285,12 +1287,19 @@ static void process_flags (int argc, char **argv) } user_pass = optarg; break; + case 'P': /* set clear text password */ + user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); + break; case 'r': rflg = true; break; case 'R': /* no-op, handled in process_root_flag () */ break; - case 'P': /* no-op, handled in process_prefix_flag () */ + case 'A': /* no-op, handled in process_prefix_flag () */ + fprintf (stderr, + _("%s: -A is deliberately not supported \n"), + Prog); + exit (E_BAD_ARG); break; case 's': if ( ( !VALID (optarg) ) @@ -2148,7 +2157,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); - prefix = process_prefix_flag("-P", argc, argv); + prefix = process_prefix_flag("-A", argc, argv); OPENLOG ("useradd"); #ifdef WITH_AUDIT diff --git a/src/usermod.c b/src/usermod.c index e571426..ccfbb99 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -424,8 +424,9 @@ static /*@noreturn@*/void usage (int status) " new location (use only with -d)\n"), usageout); (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); + (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout); @@ -1002,8 +1003,9 @@ static void process_flags (int argc, char **argv) {"move-home", no_argument, NULL, 'm'}, {"non-unique", no_argument, NULL, 'o'}, {"password", required_argument, NULL, 'p'}, + {"clear-password", required_argument, NULL, 'P'}, {"root", required_argument, NULL, 'R'}, - {"prefix", required_argument, NULL, 'P'}, + {"prefix", required_argument, NULL, 'A'}, {"shell", required_argument, NULL, 's'}, {"uid", required_argument, NULL, 'u'}, {"unlock", no_argument, NULL, 'U'}, @@ -1019,7 +1021,7 @@ static void process_flags (int argc, char **argv) {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, - "ac:d:e:f:g:G:hl:Lmop:R:s:u:UP:" + "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:" #ifdef ENABLE_SUBIDS "v:w:V:W:" #endif /* ENABLE_SUBIDS */ @@ -1119,9 +1121,17 @@ static void process_flags (int argc, char **argv) user_pass = optarg; pflg = true; break; + case 'P': + user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); + pflg = true; + break; case 'R': /* no-op, handled in process_root_flag () */ break; - case 'P': /* no-op, handled in process_prefix_flag () */ + case 'A': /* no-op, handled in process_prefix_flag () */ + fprintf (stderr, + _("%s: -A is deliberately not supported \n"), + Prog); + exit (E_BAD_ARG); break; case 's': if (!VALID (optarg)) { @@ -2098,7 +2108,7 @@ int main (int argc, char **argv) (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); - prefix = process_prefix_flag ("-P", argc, argv); + prefix = process_prefix_flag ("-A", argc, argv); OPENLOG ("usermod"); #ifdef WITH_AUDIT -- 2.11.0