From 4aaaf2c6122c518211f4bade648c9e8e530a3d09 Mon Sep 17 00:00:00 2001 From: Antoine Leca Date: Wed, 20 Jul 2016 11:50:25 +0200 Subject: [PATCH] Remove long-obsolete pwdauth(8) command (in usr/lib) Change-Id: I454d506199ce1d5d48295bca86b590ce0701dcc2 --- distrib/sets/lists/minix-base/mi | 2 +- distrib/sets/lists/minix-man/mi | 2 +- minix/commands/Makefile | 2 +- minix/commands/pwdauth/Makefile | 8 ---- minix/commands/pwdauth/pwdauth.8 | 57 ------------------------- minix/commands/pwdauth/pwdauth.c | 73 -------------------------------- minix/man/man5/passwd.5 | 4 +- 7 files changed, 5 insertions(+), 143 deletions(-) delete mode 100644 minix/commands/pwdauth/Makefile delete mode 100644 minix/commands/pwdauth/pwdauth.8 delete mode 100644 minix/commands/pwdauth/pwdauth.c diff --git a/distrib/sets/lists/minix-base/mi b/distrib/sets/lists/minix-base/mi index 41c615fe9..40f00982e 100644 --- a/distrib/sets/lists/minix-base/mi +++ b/distrib/sets/lists/minix-base/mi @@ -927,7 +927,7 @@ ./usr/lib/pkgconfig/openssl.pc minix-base crypto ./usr/lib/pkgconfig/sqlite3.pc minix-base ./usr/lib/pkgconfig/zlib.pc minix-base -./usr/lib/pwdauth minix-base +./usr/lib/pwdauth minix-base obsolete ./usr/lib/security minix-base ./usr/libdata minix-base ./usr/libdata/debug minix-base diff --git a/distrib/sets/lists/minix-man/mi b/distrib/sets/lists/minix-man/mi index 3447dd600..a188227b3 100644 --- a/distrib/sets/lists/minix-man/mi +++ b/distrib/sets/lists/minix-man/mi @@ -3424,7 +3424,7 @@ ./usr/man/man8/pr_routes.8 minix-man ./usr/man/man8/printroot.8 minix-man ./usr/man/man8/pwd_mkdb.8 minix-man -./usr/man/man8/pwdauth.8 minix-man +./usr/man/man8/pwdauth.8 minix-man obsolete ./usr/man/man8/rarpd.8 minix-man ./usr/man/man8/rawspeed.8 minix-man ./usr/man/man8/rdate.8 minix-man diff --git a/minix/commands/Makefile b/minix/commands/Makefile index ff23a8d9b..68157c149 100644 --- a/minix/commands/Makefile +++ b/minix/commands/Makefile @@ -18,7 +18,7 @@ SUBDIR= add_route arp at backup \ mount mt netconf \ nonamed \ postinstall prep printroot \ - profile progressbar pr_routes pwdauth \ + profile progressbar pr_routes \ ramdisk rarpd rawspeed readclock \ remsync rget rlogin \ rotate service setup \ diff --git a/minix/commands/pwdauth/Makefile b/minix/commands/pwdauth/Makefile deleted file mode 100644 index beba9b27e..000000000 --- a/minix/commands/pwdauth/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -PROG= pwdauth -BINDIR= /usr/lib -BINMODE= 4755 -MAN= pwdauth.8 - -LDADD+=-lcrypt - -.include diff --git a/minix/commands/pwdauth/pwdauth.8 b/minix/commands/pwdauth/pwdauth.8 deleted file mode 100644 index c1e55dad0..000000000 --- a/minix/commands/pwdauth/pwdauth.8 +++ /dev/null @@ -1,57 +0,0 @@ -.SH NAME -pwdauth \- password authentication program -.SH SYNOPSIS -.B /usr/lib/pwdauth -.SH DESCRIPTION -.B Pwdauth -is a program that is used by the -.BR crypt (3) -function to do the hard work. It is a setuid root utility so that it is -able to read the shadow password file. -.PP -.B Pwdauth -expects on standard input two null terminated strings, the -password typed by the user, and the salt. That is, the two arguments of -the -.B crypt -function. The input read in a single read call must be 1024 characters or -less including the nulls. -.B Pwdauth -takes one of two actions depending on the salt. -.PP -If the salt has the form "\fB##\fIuser\fR" then the -.I user -is used to index the shadow password file to obtain the encrypted password. -The input password is encrypted with the one-way encryption function -contained within -.B pwdauth -and compared to the encrypted password from the shadow password file. If -equal then -.B pwdauth -returns the string "\fB##\fIuser\fR" with exit code 0, otherwise exit -code 2 to signal failure. The string "\fB##\fIuser\fR" is also returned -if both the shadow password and the input password are null strings to -allow a password-less login. -.PP -If the salt is not of the form "\fB##\fIuser\fR" then the password is -encrypted and the result of the encryption is returned. If salt and -password are null strings then a null string is returned. -.PP -The return value is written to standard output as a null terminated string -of 1024 characters or less including the null. -.PP -The exit code is 1 on any error. -.SH "SEE ALSO" -.BR crypt (3), -.BR passwd (5). -.SH NOTES -A password must be checked like in this example: -.PP -.RS -pw_ok = (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) == 0); -.RE -.PP -The second argument of crypt must be the entire encrypted password and -not just the two character salt. -.SH AUTHOR -Kees J. Bot (kjb@cs.vu.nl) diff --git a/minix/commands/pwdauth/pwdauth.c b/minix/commands/pwdauth/pwdauth.c deleted file mode 100644 index 7951731de..000000000 --- a/minix/commands/pwdauth/pwdauth.c +++ /dev/null @@ -1,73 +0,0 @@ -/* pwdauth 2.0 - check a shadow password Author: Kees J. Bot - * 7 Feb 1994 - * - * This program gets as input the key and salt arguments of the crypt(3) - * function as two null terminated strings. The crypt result is output as - * one null terminated string. Input and output must be <= 1024 characters. - * The exit code will be 1 on any error. - * - * If the key has the form '##name' then the key will be encrypted and the - * result checked to be equal to the encrypted password in the shadow password - * file. If equal than '##name' will be returned, otherwise exit code 2. - * - * Otherwise the key will be encrypted normally and the result returned. - * - * As a special case, anything matches a null encrypted password to allow - * a no-password login. - */ -#define nil 0 -#include -#include -#include -#include -#include -#include - -#define setkey pwdauth_setkey -#define encrypt pwdauth_encrypt - -#define LEN 1024 - -int main(int argc, char **argv) -{ - char key[LEN]; - char *salt; - struct passwd *pw; - int n; - - /* Read input data. Check if there are exactly two null terminated - * strings. - */ - n= read(0, key, LEN); - if (n < 0) return 1; - salt = key + n; - n = 0; - while (salt > key) if (*--salt == 0) n++; - if (n != 2) return 1; - salt = key + strlen(key) + 1; - - if (salt[0] == '#' && salt[1] == '#') { - if ((pw= getpwnam(salt + 2)) == nil) return 2; - - /* A null encrypted password matches a null key, otherwise - * do the normal crypt(3) authentication check. - */ - if (*pw->pw_passwd == 0 && *key == 0) { - /* fine */ - } else - if (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) != 0) { - return 2; - } - } else { - /* Normal encryption. */ - if (*salt == 0 && *key == 0) { - /* fine */ - } else { - salt= crypt(key, salt); - } - } - - /* Return the (possibly new) salt to the caller. */ - if (write(1, salt, strlen(salt) + 1) < 0) return 1; - return 0; -} diff --git a/minix/man/man5/passwd.5 b/minix/man/man5/passwd.5 index ac902d1e6..a0ca47649 100644 --- a/minix/man/man5/passwd.5 +++ b/minix/man/man5/passwd.5 @@ -94,7 +94,7 @@ to indicate the entry in the shadow password file. The password in this entry is then used for authentication of the user. The shadow file can only be read by the privileged utility -.BR pwdauth (8), +.BR pwd_mkdb (8), so that the encrypted passwords in the shadow file are kept secret, and thus safe from a dictionary attack. .SS "Special password and group file entries" @@ -188,7 +188,7 @@ The shadow password file. .BR crypt (3), .BR getpwent (3), .BR getgrent (3), -.BR pwdauth (8). +.BR pwd_mkdb (8). .SH NOTES The .B nobody -- 2.44.0