Hi all, How about doing it throughout the tree[0]?
[0] http://marc.info/?m=142689311221135 Cheers, Raf On Mon, Feb 06, 2017 at 05:53:22AM GMT, Theo Buehler wrote: > On Sun, Feb 05, 2017 at 09:47:35PM -0800, Philip Guenther wrote: > > On Sun, 5 Feb 2017, John McGuigan wrote: > > > I've noticed something strange in adduser -- when attempting to add a > > > user completely though command line argument it seems to corrupt the > > > entry in /etc/master.passwd. > > > > > > Example: > > > > > > $ echo "HorseBatteryStaple" | encrypt > > > $2b$09$ssZSLC6laHsTS7O2FwJ4Mufw6mSS/FGXw.9oNjr3BLTS7DJp5n4M2 > > > > > > # adduser -silent -noconfig -uid_start 5000 -group USER -shell ksh \ > > > -message no -batch some.user "" "Some User" \ > > > $2b$09$ssZSLC6laHsTS7O2FwJ4Mufw6mSS/FGXw.9oNjr3BLTS7DJp5n4M2 > > > Added user ``some.user'' > > ... > > > some.user:b/bin/ksh9/9uoOrbTRaf//3ZprAb9k.hOpfe9vYVqjf1a:5000:5000:: \ > > > 0:0:Some User:/home/some.user:/bin/ksh > > > > > > As you can see the password entry gets corrupted with a 'b/bin/ksh...' > > > > Let's see what the adduser command is seeing by passing that all to 'echo' > > instead: > > > > # echo \ > > > adduser -silent -noconfig -uid_start 5000 -group USER -shell ksh \ > > > -message no -batch some.user "" "Some User" \ > > > $2b$09$ssZSLC6laHsTS7O2FwJ4Mufw6mSS/FGXw.9oNjr3BLTS7DJp5n4M2 > > adduser -silent -noconfig -uid_start 5000 -group USER -shell ksh -message > > no -batch some.user Some User b/bin/ksh9/FGXw.9oNjr3BLTS7DJp5n4M2 > > # > > > > Ah, so the expansion is happening *outside* of adduser...in the shell. > > Yes, the shell does variable expansion even if the dollar-sign is in the > > middle of a word, so it's expanding the variables > > $2 --> "" > > $0 --> "/bin/ksh" > > $ssZSLC6laHsTS7O2FwJ4Mufw6mSS --> "" > > > > > > > Behavior *is* present when hash is wrapped in " > > > > Sure, because double-quotes only stop file-globbing and field splitting > > and not variable expansion. You need single quotes for that: > > > > # echo \ > > > adduser -silent -noconfig -uid_start 5000 -group USER -shell ksh \ > > > -message no -batch some.user "" "Some User" \ > > > '$2b$09$ssZSLC6laHsTS7O2FwJ4Mufw6mSS/FGXw.9oNjr3BLTS7DJp5n4M2' > > adduser -silent -noconfig -uid_start 5000 -group USER -shell ksh -message > > no -batch some.user Some User > > $2b$09$ssZSLC6laHsTS7O2FwJ4Mufw6mSS/FGXw.9oNjr3BLTS7DJp5n4M2 > > # > > The adduser.8 manual page has an example with no quotes in it, so we > should fix that. Also, let's use a new hash using $2b$ instead of $2a$. > > Index: adduser.8 > =================================================================== > RCS file: /var/cvs/src/usr.sbin/adduser/adduser.8,v > retrieving revision 1.44 > diff -u -p -r1.44 adduser.8 > --- adduser.8 24 Dec 2015 16:54:37 -0000 1.44 > +++ adduser.8 6 Feb 2017 05:49:00 -0000 > @@ -373,7 +373,7 @@ The password has been created using > .Xr encrypt 1 : > .Bd -literal -offset indent > # adduser -batch falken guest,staff,beer 'Prof. Falken' \e > - $2a$06$1Sdjxjoxg4cNmT6zAxriGOLgdLXQ3HdJ2dKBbzEk68jSrO1EtLJ3C > + '$2b$10$aOadQNznQ1YJFnqNaRRneOvYvZAEO7atYiTND3EsLf6afHT5t1UIK' > .Ed > .Pp > Create user >