Add a `-p' option, allowing the super-user to directly set a user's

encrypted password.  Kerberized `login' might use this, if I get around
to implementing the complete Allspice System behavior.

2 files changed, 31 insertions, 7 deletions

diff --git a/usr.bin/chpass/chpass.1 b/usr.bin/chpass/chpass.1
index 1a40905..534f063 100644
--- a/usr.bin/chpass/chpass.1
+++ b/usr.bin/chpass/chpass.1
@@ -40,10 +40,13 @@
 .Sh SYNOPSIS
 chpass
 .Op Fl a Ar list
+.Op Fl p Ar encpass
 .Op Fl s Ar newshell
 .Op user
 .Sh DESCRIPTION
-.Nm Chpass
+The
+.Nm chpass
+program
 allows editing of the user database information associated
 with
 .Ar user
@@ -61,6 +64,11 @@ entry, in the format specified by
 as an argument.
 This argument must be a colon (``:'') separated list of all the
 user database fields, although they may be empty.
+.It Fl p
+The super-user is allowed to directly supply an encrypted password field,
+in the format used by
+.Xr crypt 3 ,
+as an argument.
 .It Fl s
 The
 .Fl s
diff --git a/usr.bin/chpass/chpass.c b/usr.bin/chpass/chpass.c
index 0852c53..f101101 100644
--- a/usr.bin/chpass/chpass.c
+++ b/usr.bin/chpass/chpass.c
@@ -38,7 +38,9 @@ static char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)chpass.c	8.4 (Berkeley) 4/2/94";
+static char sccsid[] = "From: @(#)chpass.c	8.4 (Berkeley) 4/2/94";
+static char rcsid[] =
+	"$Id$";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -76,13 +78,13 @@ main(argc, argv)
 	int argc;
 	char **argv;
 {
-	enum { NEWSH, LOADENTRY, EDITENTRY } op;
+	enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW } op;
 	struct passwd *pw, lpw;
 	int ch, pfd, tfd;
 	char *arg;
 
 	op = EDITENTRY;
-	while ((ch = getopt(argc, argv, "a:s:")) != EOF)
+	while ((ch = getopt(argc, argv, "a:p:s:")) != EOF)
 		switch(ch) {
 		case 'a':
 			op = LOADENTRY;
@@ -92,6 +94,10 @@ main(argc, argv)
 			op = NEWSH;
 			arg = optarg;
 			break;
+		case 'p':
+			op = NEWPW;
+			arg = optarg;
+			break;
 		case '?':
 		default:
 			usage();
@@ -101,7 +107,7 @@ main(argc, argv)
 
 	uid = getuid();
 
-	if (op == EDITENTRY || op == NEWSH)
+	if (op == EDITENTRY || op == NEWSH || op == NEWPW)
 		switch(argc) {
 		case 0:
 			if (!(pw = getpwuid(uid)))
@@ -133,6 +139,16 @@ main(argc, argv)
 			exit(1);
 	}
 
+	if (op == NEWPW) {
+		if (uid)
+			baduser();
+
+		if(strchr(arg, ':')) {
+			errx(1, "invalid format for password");
+		}
+		pw->pw_passwd = arg;
+	}
+
 	/*
 	 * The temporary file/file descriptor usage is a little tricky here.
 	 * 1:	We start off with two fd's, one for the master password
@@ -179,7 +195,6 @@ main(argc, argv)
 void
 baduser()
 {
-
 	errx(1, "%s", strerror(EACCES));
 }
 
@@ -187,6 +202,7 @@ void
 usage()
 {
 
-	(void)fprintf(stderr, "usage: chpass [-a list] [-s shell] [user]\n");
+	(void)fprintf(stderr,
+		"usage: chpass [-a list] [-p encpass] [-s shell] [user]\n");
 	exit(1);
 }