do batch in encrypted mode by default; ibo@val-axs.net

2 files changed, 21 insertions, 5 deletions

diff --git a/usr.sbin/adduser/adduser.8 b/usr.sbin/adduser/adduser.8
index 748dfcfbcfb..371fa921a4c 100644
--- a/usr.sbin/adduser/adduser.8
+++ b/usr.sbin/adduser/adduser.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: adduser.8,v 1.5 1998/11/08 00:21:25 aaron Exp $
+.\"	$OpenBSD: adduser.8,v 1.6 1998/12/29 12:04:37 deraadt Exp $
 .\"
 .\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
 .\" All rights reserved.
@@ -48,6 +48,7 @@
 .Op Fl uid_start Ar uid_start
 .Op Fl uid_end Ar uid_end
 .Op Fl v | verbose
+.Op Fl unencrypted
 .Sh DESCRIPTION
 .Nm adduser 
 is a simple program for adding new users.
@@ -142,6 +143,7 @@ straightforward.
 .It Sy -batch username [group[,group]...] [fullname] [password]
 Enter batch mode in which multiple users are specified on the command-line
 in a compact format.
+By default the password is assumed to already be properly encrypted.
 .It Sy -check_only
 Check the passwd, group, and shells databases for consistency and problems
 then exit without performing any other operation.
@@ -192,6 +194,12 @@ Causes the program to print fewer warnings, questions, and bug reports.
 Use UIDs from 
 .Ar uid
 up when automatically generating UIDs.
+.It Sy -unencrypted
+Causes the program to assume that the password given in batch mode is
+unencrypted. The password will be encrypted before it's added to the
+password file.
+Use of this option will leave username and cleartext password displayable
+for any user.
 .It Sy -verbose,-v
 Causes the program to print many warnings and questions.
 This option is recommended for novice users.
@@ -215,7 +223,7 @@ Start
 .Nm adduser
 in interactive mode.
 .Pp
-$ adduser -batch falken guest,staff,beer 'Prof. Falken' joshua
+$ adduser -unencrypted -batch falken guest,staff,beer 'Prof. Falken' joshua
 .Pp
 Create user
 .Dq falken
diff --git a/usr.sbin/adduser/adduser.perl b/usr.sbin/adduser/adduser.perl
index c94a8848564..7c02ade53c0 100644
--- a/usr.sbin/adduser/adduser.perl
+++ b/usr.sbin/adduser/adduser.perl
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 #
-#	$OpenBSD: adduser.perl,v 1.11 1998/10/14 19:40:27 deraadt Exp $
+#	$OpenBSD: adduser.perl,v 1.12 1998/12/29 12:04:37 deraadt Exp $
 #
 # Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
 # All rights reserved.
@@ -795,7 +795,10 @@ sub batch {
     return 0 if $flag;
 
     $cryptpwd = "*";	# Locked by default
-    $cryptpwd = encrypt($password, &salt) if $password ne "";
+    if ($password ne "" && $password ne "*") {
+	if($unencrypted)	{ $cryptpwd = encrypt($password, &salt) }
+	else			{ $cryptpwd = $password }
+    }
     # obscure perl bug
     $new_entry = "$name\:" . "$cryptpwd" .
 	"\:$u_id\:$g_id\::0:0:$fullname:$home/$name:$sh";
@@ -866,6 +869,7 @@ usage: adduser
     [-s|-silent|-q|-quiet]
     [-uid_start uid_start]
     [-uid_end uid_end]
+    [-unencrypted]
     [-v|-verbose]
 
 home=$home shell=$defaultshell dotdir=$dotdir login_group=$defaultgroup
@@ -972,6 +976,7 @@ sub parse_arguments {
 	elsif (/^--?(check_only)$/) { $check_only = 1 }
 	elsif (/^--?(message)$/) { $send_message = $argv[0]; shift @argv;
 				   $sendmessage = 1; }
+	elsif (/^--?(unencrypted)$/)	{ $unencrypted = 1 }
 	elsif (/^--?(batch)$/)	 {
 	    @batch = splice(@argv, 0, 4); $verbose = 0;
 	    die "batch: too few arguments\n" if $#batch < 0;
@@ -1442,7 +1447,7 @@ sub config_write {
 
     print C <<EOF;
 #
-# $OpenBSD: adduser.perl,v 1.11 1998/10/14 19:40:27 deraadt Exp $
+# $OpenBSD: adduser.perl,v 1.12 1998/12/29 12:04:37 deraadt Exp $
 # $config - automatic generated by adduser(8)
 #
 # Note: adduser read *and* write this file.
@@ -1509,5 +1514,8 @@ sub variable_check {
 	# Check uid_start & uid_end
 	warn "WARNING: uid_start < 1000!\n" if($uid_start < 1000);
 	die "ERROR: uid_start >= uid_end!\n" if($uid_start >= $uid_end);
+	# unencrypted really only usable in batch mode
+	warn "WARNING: unencrypted only effective in batch mode\n"
+	    if($#batch < 0 && $unencrypted);
 }