netbsd-bugs: bin/5695: passwd -y can't deal with empty pwd

Subject: bin/5695: passwd -y can't deal with empty pwd
To: None <gnats-bugs@gnats.netbsd.org>
From: None <bgrayson@ece.utexas.edu>
List: netbsd-bugs
Date: 07/02/1998 20:04:11

>Number:         5695
>Category:       bin
>Synopsis:       passwd -y can't deal with empty pwd
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul  2 18:05:00 1998
>Last-Modified:
>Originator:     Brian Grayson
>Organization:
	Parallel and Distributed Systems
	Electrical and Computer Engineering
	The University of Texas at Austin
>Release:        June 30
>Environment:
NetBSD marvin 1.3E NetBSD 1.3E (MARVIN) #40: Thu Jun  4 09:11:48 CDT 1998     bgrayson@marvin:/a/c3p0/home/c3p0/src/sys/arch/i386/compile/MARVIN i386

>Description:
	The rpc.yppasswdd daemon can't change the password from
	"" to anything else, because it doesn't do the
	special-case check for a zero-length password that passwd
	-l does.
	
>How-To-Repeat:
	Create a new user, with an empty password.  Push the new
	password file via (cd /var/yp/`domainname` && make ...).
	Now telnet to a host in the YP domain as that user (no
	password required).  Invoke passwd and watch it not be
	able to change the password.  Reason:  crypt("", "") != "".
	
>Fix:
	As a temporary work-around, do a passwd -l on the YP master.

	As a permanent fix, make the RPC daemon skip the
	crypt() check if the old password is empty (first char is '\0'):
--- yppasswdd_mkpw.c.orig       Thu Jul  2 19:54:34 1998
+++ yppasswdd_mkpw.c    Thu Jul  2 19:54:09 1998
@@ -94,7 +94,9 @@
        if (!pw)
                RETURN(1);
 
-       if (strcmp(crypt(argp->oldpass, pw->pw_passwd), pw->pw_passwd) != 0)
+       /*  Only do the crypt check if the old password was non-null.  */
+       if (pw->pw_passwd[0] &&
+           strcmp(crypt(argp->oldpass, pw->pw_passwd), pw->pw_passwd) != 0)
                RETURN(1);
 
        pw_init();


	Note:  It's probably a Bad Idea to have null passwords
	    in a YP database, but if we want to enforce that,
	    we ought to check _before_ we yppush the passwd file
	    over the net, rather than waiting until the user
	    tries to change it, and then refuse the change
	    attempts!  :)
	
>Audit-Trail:
>Unformatted: