Add support for using encrypted password strings when setting

the root / user passwords

PR:	bin/152868
Submitted by:	kmoore
Approved by:	imp

3 files changed, 40 insertions, 10 deletions

diff --git a/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh b/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
index 0b342e1..7524692 100755
--- a/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
+++ b/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
@@ -371,19 +371,32 @@ setup_gjournal()
 # Function which sets the root password from the install config
 set_root_pw()
 {
+  # Get the plaintext string
   get_value_from_cfg_with_spaces rootPass
-  PW="${VAL}"
+  local PW="${VAL}"
+
+  # Get the encrypted string
+  get_value_from_cfg_with_spaces rootEncPass
+  local ENCPW="${VAL}"
 
   # If we don't have a root pass, return
-  if [ -z "${PW}" ]
-  then
-    return 0
-  fi
+  if [ -z "${PW}" -a -z "${ENCPW}" ] ; then return 0 ; fi
 
   echo_log "Setting root password"
-  echo "${PW}" > ${FSMNT}/.rootpw
-  run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
-  rc_halt "rm ${FSMNT}/.rootpw"
+
+  # Check if setting plaintext password
+  if [ ! -z "${PW}" ] ; then
+    echo "${PW}" > ${FSMNT}/.rootpw
+    run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
+    rc_halt "rm ${FSMNT}/.rootpw"
+  fi
+
+  # Check if setting encrypted password
+  if [ ! -z "${ENCPW}" ] ; then
+    echo "${ENCPW}" > ${FSMNT}/.rootpw
+    run_chroot_cmd "cat /.rootpw | pw usermod root -H 0"
+    rc_halt "rm ${FSMNT}/.rootpw"
+  fi
 
 };
 
diff --git a/usr.sbin/pc-sysinstall/backend/functions-users.sh b/usr.sbin/pc-sysinstall/backend/functions-users.sh
index 4ba8de5..0288ba9 100755
--- a/usr.sbin/pc-sysinstall/backend/functions-users.sh
+++ b/usr.sbin/pc-sysinstall/backend/functions-users.sh
@@ -93,6 +93,13 @@ setup_users()
       USERPASS="$VAL"
     fi
 
+    echo $line | grep "^userEncPass=" >/dev/null 2>/dev/null
+    if [ "$?" = "0" ]
+    then
+      get_value_from_string "${line}"
+      USERENCPASS="$VAL"
+    fi
+
     echo $line | grep "^userShell=" >/dev/null 2>/dev/null
     if [ "$?" = "0" ]
     then
@@ -135,6 +142,10 @@ setup_users()
         then
           ARGS="${ARGS} -h 0"
           echo "${USERPASS}" >${FSMNT}/.tmpPass
+	elif [ ! -z "${USERENCPASS}" ] 
+	then
+          ARGS="${ARGS} -H 0"
+          echo "${USERENCPASS}" >${FSMNT}/.tmpPass
         else
           ARGS="${ARGS} -h -"
           rm ${FSMNT}/.tmpPass 2>/dev/null 2>/dev/null
@@ -160,7 +171,7 @@ setup_users()
         add_user "${ARGS}"
 
         # Unset our vars before looking for any more users
-        unset USERNAME USERCOMMENT USERPASS USERSHELL USERHOME USERGROUPS
+        unset USERNAME USERCOMMENT USERPASS USERENCPASS USERSHELL USERHOME USERGROUPS
       else
         exit_err "ERROR: commitUser was called without any userName= entry!!!" 
       fi
diff --git a/usr.sbin/pc-sysinstall/examples/README b/usr.sbin/pc-sysinstall/examples/README
index c972286..05e0386 100644
--- a/usr.sbin/pc-sysinstall/examples/README
+++ b/usr.sbin/pc-sysinstall/examples/README
@@ -286,7 +286,11 @@ Options for setting up usernames and passwords on the installed system
 
 # rootPass=root
 
-Set the root password of the installed system to the specified string
+Set the root password of the installed system to the specified plaintext string
+
+# rootEncPass=<encryptedstring>
+
+Set the root password of the installed system to the specified encrypted string
 
 The below variables are used to setup a user on the installed system
 Be sure to call commitUser after after adding these values, and before
@@ -295,6 +299,8 @@ starting another user block
 # userName=kris
 # userComment=Kris Moore
 # userPass=mypass
+or
+# userEncPass=<encryptedstring>
 # userShell=/bin/csh
 # userHome=/home/kris
 # userGroups=wheel,operator