hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-14 06:12:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

nuageinit: Accept plain text passwords

Browse Source 
Per pw(8), when -H is set, the password should be supplied already
encrypted in a form suitable for writing directly to the password
database (passwd in cloud-init tems); -h provides a special interface by
which interactive scripts can set an account password using pw(8) in
plain text (plain_text_passwd in cloud-init terms).

The default user (freebsd) is defined with a plain_text_passwd
(freebsd), not with an encrypted one.
This commit is contained in:
Jose Luis Duran 2024-07-23 03:49:36 +00:00 committed by Baptiste Daroussin
parent 9840598aa3
commit 7b73ecfe64
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libexec/nuageinit/nuage.lua
View File

@ -112,7 +112,7 @@ local function adduser(pwd)
postcmd = " -H 0 "
elseif pwd.plain_text_passwd then
precmd = "echo "..pwd.plain_text_passwd .. "| "
postcmd = " -H 0 "
postcmd = " -h 0 "
end
cmd = precmd .. "pw "
if root then

1
libexec/nuageinit/tests/nuageinit.sh
View File

@ -104,6 +104,7 @@ sys:*:1:0::0:0:Sys:/home/sys:/bin/csh
freebsd:freebsd:1001:1003::0:0:FreeBSD User:/home/freebsd:/bin/sh
foobar:H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/:1002:1004::0:0:Foo B. Bar:/home/foobar:/bin/sh
EOF
sed -i "" "s/freebsd:.*:1001/freebsd:freebsd:1001/" ${here}/etc/master.passwd
atf_check -o file:expectedpasswd cat ${here}/etc/master.passwd
atf_check -o file:expectedgroup cat ${here}/etc/group
}