bin/76756: function pw_equal in pw_util.c does not test pw_passwd
field so any changes made by chpass to that field are ignored.
Lee Burton
lburton at extremezone.com
Thu Jan 27 08:10:17 PST 2005
>Number: 76756
>Category: bin
>Synopsis: function pw_equal in pw_util.c does not test pw_passwd field so any changes made by chpass to that field are ignored.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 27 16:10:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Lee Burton
>Release: 5.3
>Organization:
Extrenme Internet
>Environment:
FreeBSD eiscanner01.extremezone.com 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root at harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Our organization uses the "splat" method of disabling users, i.e. an
asterisk is prepended to the encrypted password string using chpass.
After upgrading to 5.3, attempts to change the encrypted string resulted
in a "user information unchanged".
>How-To-Repeat:
Use chpass to modify only the pw_passwd field.
>Fix:
Add the following line to pw_equal:
strcmp(pw1->pw_passwd, pw2->pw_passwd) == 0 &&
so pw_equal looks like:
/*
* Compares two struct pwds.
*/
int
pw_equal(const struct passwd *pw1, const struct passwd *pw2)
{
return (strcmp(pw1->pw_name, pw2->pw_name) == 0 &&
strcmp(pw1->pw_passwd, pw2->pw_passwd) == 0 &&
pw1->pw_uid == pw2->pw_uid &&
pw1->pw_gid == pw2->pw_gid &&
strcmp(pw1->pw_class, pw2->pw_class) == 0 &&
pw1->pw_change == pw2->pw_change &&
pw1->pw_expire == pw2->pw_expire &&
strcmp(pw1->pw_gecos, pw2->pw_gecos) == 0 &&
strcmp(pw1->pw_dir, pw2->pw_dir) == 0 &&
strcmp(pw1->pw_shell, pw2->pw_shell) == 0);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list