tacit/minix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove long-obsolete pwdauth(8) command (in usr/lib)

Browse Source 
Change-Id: I454d506199ce1d5d48295bca86b590ce0701dcc2
This commit is contained in:
Antoine Leca 2016-07-20 11:50:25 +02:00 committed by David van Moolenbroek
parent 7eb1c60ab5
commit 4aaaf2c612
7 changed files with 5 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
distrib/sets/lists/minix-base/mi
View File

@ -927,7 +927,7 @@
./usr/lib/pkgconfig/openssl.pc minix-base crypto
./usr/lib/pkgconfig/sqlite3.pc minix-base
./usr/lib/pkgconfig/zlib.pc minix-base
./usr/lib/pwdauth minix-base
./usr/lib/pwdauth minix-base obsolete
./usr/lib/security minix-base
./usr/libdata minix-base
./usr/libdata/debug minix-base

2
distrib/sets/lists/minix-man/mi
View File

@ -3424,7 +3424,7 @@
./usr/man/man8/pr_routes.8 minix-man
./usr/man/man8/printroot.8 minix-man
./usr/man/man8/pwd_mkdb.8 minix-man
./usr/man/man8/pwdauth.8 minix-man
./usr/man/man8/pwdauth.8 minix-man obsolete
./usr/man/man8/rarpd.8 minix-man
./usr/man/man8/rawspeed.8 minix-man
./usr/man/man8/rdate.8 minix-man

2
minix/commands/Makefile
View File

@ -18,7 +18,7 @@ SUBDIR= add_route arp at backup \
mount mt netconf \
nonamed \
postinstall prep printroot \
profile progressbar pr_routes pwdauth \
profile progressbar pr_routes \
ramdisk rarpd rawspeed readclock \
remsync rget rlogin \
rotate service setup \

8
minix/commands/pwdauth/Makefile
View File

@ -1,8 +0,0 @@
PROG= pwdauth
BINDIR= /usr/lib
BINMODE= 4755
MAN= pwdauth.8
LDADD+=-lcrypt
.include <bsd.prog.mk>

57
minix/commands/pwdauth/pwdauth.8
View File

@ -1,57 +0,0 @@
.SH NAME
pwdauth \- password authentication program
.SH SYNOPSIS
.B /usr/lib/pwdauth
.SH DESCRIPTION
.B Pwdauth
is a program that is used by the
.BR crypt (3)
function to do the hard work. It is a setuid root utility so that it is
able to read the shadow password file.
.PP
.B Pwdauth
expects on standard input two null terminated strings, the
password typed by the user, and the salt. That is, the two arguments of
the
.B crypt
function. The input read in a single read call must be 1024 characters or
less including the nulls.
.B Pwdauth
takes one of two actions depending on the salt.
.PP
If the salt has the form "\fB##\fIuser\fR" then the
.I user
is used to index the shadow password file to obtain the encrypted password.
The input password is encrypted with the one-way encryption function
contained within
.B pwdauth
and compared to the encrypted password from the shadow password file. If
equal then
.B pwdauth
returns the string "\fB##\fIuser\fR" with exit code 0, otherwise exit
code 2 to signal failure. The string "\fB##\fIuser\fR" is also returned
if both the shadow password and the input password are null strings to
allow a password-less login.
.PP
If the salt is not of the form "\fB##\fIuser\fR" then the password is
encrypted and the result of the encryption is returned. If salt and
password are null strings then a null string is returned.
.PP
The return value is written to standard output as a null terminated string
of 1024 characters or less including the null.
.PP
The exit code is 1 on any error.
.SH "SEE ALSO"
.BR crypt (3),
.BR passwd (5).
.SH NOTES
A password must be checked like in this example:
.PP
.RS
pw_ok = (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) == 0);
.RE
.PP
The second argument of crypt must be the entire encrypted password and
not just the two character salt.
.SH AUTHOR
Kees J. Bot (kjb@cs.vu.nl)

73
minix/commands/pwdauth/pwdauth.c
View File

@ -1,73 +0,0 @@
/* pwdauth 2.0 - check a shadow password Author: Kees J. Bot
* 7 Feb 1994
*
* This program gets as input the key and salt arguments of the crypt(3)
* function as two null terminated strings. The crypt result is output as
* one null terminated string. Input and output must be <= 1024 characters.
* The exit code will be 1 on any error.
*
* If the key has the form '##name' then the key will be encrypted and the
* result checked to be equal to the encrypted password in the shadow password
* file. If equal than '##name' will be returned, otherwise exit code 2.
*
* Otherwise the key will be encrypted normally and the result returned.
*
* As a special case, anything matches a null encrypted password to allow
* a no-password login.
*/
#define nil 0
#include <sys/types.h>
#include <pwd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#define setkey pwdauth_setkey
#define encrypt pwdauth_encrypt
#define LEN 1024
int main(int argc, char **argv)
{
char key[LEN];
char *salt;
struct passwd *pw;
int n;
/* Read input data. Check if there are exactly two null terminated
* strings.
*/
n= read(0, key, LEN);
if (n < 0) return 1;
salt = key + n;
n = 0;
while (salt > key) if (*--salt == 0) n++;
if (n != 2) return 1;
salt = key + strlen(key) + 1;
if (salt[0] == '#' && salt[1] == '#') {
if ((pw= getpwnam(salt + 2)) == nil) return 2;
/* A null encrypted password matches a null key, otherwise
* do the normal crypt(3) authentication check.
*/
if (*pw->pw_passwd == 0 && *key == 0) {
/* fine */
} else
if (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) != 0) {
return 2;
}
} else {
/* Normal encryption. */
if (*salt == 0 && *key == 0) {
/* fine */
} else {
salt= crypt(key, salt);
}
}
/* Return the (possibly new) salt to the caller. */
if (write(1, salt, strlen(salt) + 1) < 0) return 1;
return 0;
}

4
minix/man/man5/passwd.5
View File

@ -94,7 +94,7 @@ to indicate the entry
in the shadow password file. The password in this entry is then used for
authentication of the user. The shadow file can only be read by the
privileged utility
.BR pwdauth (8),
.BR pwd_mkdb (8),
so that the encrypted passwords in the shadow file are kept secret, and thus
safe from a dictionary attack.
.SS "Special password and group file entries"
@ -188,7 +188,7 @@ The shadow password file.
.BR crypt (3),
.BR getpwent (3),
.BR getgrent (3),
.BR pwdauth (8).
.BR pwd_mkdb (8).
.SH NOTES
The
.B nobody