Bug 121146

Summary:

[patch] adduser(8) produces defective blowfish cipher password hashes on FreeBSD 7.0-RC3 amd64 and i386

Product:

Base System

Reporter:

Erwin Peter <erwinpeterarcor.de>

Component:

bin

Assignee:

Antoine Brodin <antoine>

Status:

Closed FIXED

Severity:

Affects Only Me

Priority:

Normal

Version:

Unspecified

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
pw-salt-size.diff	none

Description Erwin Peter freebsd_committer

2008-02-27 14:00:03 UTC

Blowfish cipher password hashes look strange after creating users with adduser on FreeBSD 7.0-RC3 amd64 and i386:

user0:$2a$04$xYpywjtq..............p1dnhRzopxTA03kej/n.6zzH1IPnFnq:1001:1001::0:0:User &:/home/user0:/bin/sh
user1:$2a$04$x8Oz2mIk..............ic9QqpzeeBC/8UkJkon5pW5N5TfwDAG:1002:1002::0:0:User &:/home/user1:/bin/sh
user2:$2a$04$lmDQpxT6..............iNc5meFZZnmw7byA8rt2ouR9wHoXmua:1003:1003::0:0:User &:/home/user2:/bin/sh
user3:$2a$04$c.RmkxcN..............oy3vTt.DSXmmn4.0FmpAjXdWJ1Q/AOq:1004:1004::0:0:User &:/home/user3:/bin/sh
user4:$2a$04$wuch.t4M..............oyvIaigqtR9kp0q1M9I.y3fYHxtqHRm:1005:1005::0:0:User &:/home/user4:/bin/sh


You can fix it by using passwd to reset the passwords:

user0:$2a$04$3FigWO7CgDRWakxDPQ50leHU6739Qj3e62mymnSfKNDq8qs0B8fAi:1001:1001::0:0:User &:/home/user0:/bin/sh
user1:$2a$04$5ngJCj0kptu4Lm.i3o4d9OJpLQH6yY4TFtWwVBxTdnaTHaN0nqTm6:1002:1002::0:0:User &:/home/user1:/bin/sh
user2:$2a$04$tkQwdseohOkb83U2XJnmk.r6ghthOrPB9i4VByq8w49mpUbNsvyPq:1003:1003::0:0:User &:/home/user2:/bin/sh
user3:$2a$04$Lq5HoOpnsfSpiocSIQqdrOi2XkzXWRcBQ3grTXzEES0Mx2tP8IBAa:1004:1004::0:0:User &:/home/user3:/bin/sh
user4:$2a$04$x03.j9m1V/fP2biVVQzFJOjUYvobXaAbqAESdE6N6Y8vz6GyVwHuK:1005:1005::0:0:User &:/home/user4:/bin/sh

Fix: 

Reset passwords with passwd.
How-To-Repeat: 1. change default-profile's passwd_format to blf in /etc/login.conf
2. cap_mkdb /etc/login.conf
3. change crypt_default to blf in /etc/auth.conf
4. add users with adduser

Comment 1 Jaakko Heinonen 2008-02-27 18:01:56 UTC

Increasing the salt size for pw(8) might fix the problem. See the
attached patch.

-- 
Jaakko

Comment 2 Gavin Atkinson freebsd_committer

2008-03-02 19:08:55 UTC

State Changed
From-To: open->feedback

To submitter: does the patch in the PR fix the issue for you?

Comment 3 Volker Werth freebsd_committer

2008-05-17 21:26:33 UTC

State Changed
From-To: feedback->suspended


I'm pretty sure the submitters' email address is invalid so 
we can't expect any feedback. 
Erwin: If you see this message, please provide a valid and working 
email address. 
suspend this until someone will check this issue.

Comment 4 Volker Werth freebsd_committer

2008-05-17 21:26:33 UTC

Responsible Changed
From-To: freebsd-bugs->vwe


track

Comment 5 Antoine Brodin freebsd_committer

2008-05-17 23:14:39 UTC

State Changed
From-To: suspended->open

Take this.

Comment 6 Antoine Brodin freebsd_committer

2008-05-17 23:14:39 UTC

Responsible Changed
From-To: vwe->antoine

Take this.

Comment 7 dfilter service freebsd_committer

2008-05-27 20:04:36 UTC

antoine     2008-05-27 19:04:31 UTC

  FreeBSD src repository

  Modified files:
    usr.sbin/pw          pw_user.c 
  Log:
  - Increase the size of the salt in pw(8) from 8 to 32 (same as in pam_unix(8)).
   This makes blowfish password hashes look normal when set using
  pw(8)/adduser(8). [1]
  - Make it possible to have a '/' in the salt.
  
  PR:             121146 [1]
  Submitted by:   Jaakko Heinonen [1]
  Approved by:    rwatson (mentor)
  MFC after:      1 month
  
  Revision  Changes    Path
  1.62      +7 -5      src/usr.sbin/pw/pw_user.c
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"

Comment 8 Antoine Brodin freebsd_committer

2008-05-27 20:12:04 UTC

State Changed
From-To: open->patched

Patched in HEAD.

Comment 9 dfilter service freebsd_committer

2008-07-28 21:05:18 UTC

antoine     2008-07-28 20:04:39 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_7)
    usr.sbin/pw          pw_user.c 
  Log:
  SVN rev 180935 on 2008-07-28 20:04:39Z by antoine
  
  MFC r179365 to stable/7:
    - Increase the size of the salt in pw(8) from 8 to 32 (same as in pam_unix(8)).
     This makes blowfish password hashes look normal when set using
    pw(8)/adduser(8). [1]
    - Make it possible to have a '/' in the salt.
  
    PR:             121146 [1]
    Submitted by:   Jaakko Heinonen [1]
    Approved by:    rwatson (mentor)
    MFC after:      1 month
  
  Revision  Changes    Path
  1.61.2.1  +7 -5      src/usr.sbin/pw/pw_user.c
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"

Comment 10 dfilter service freebsd_committer

2008-07-28 21:08:31 UTC

antoine     2008-07-28 20:08:08 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6)
    usr.sbin/pw          pw_user.c 
  Log:
  SVN rev 180936 on 2008-07-28 20:08:08Z by antoine
  
  MFC r179365 to stable/6:
    - Increase the size of the salt in pw(8) from 8 to 32 (same as in pam_unix(8)).
     This makes blowfish password hashes look normal when set using
    pw(8)/adduser(8). [1]
    - Make it possible to have a '/' in the salt.
  
    PR:             121146 [1]
    Submitted by:   Jaakko Heinonen [1]
    Approved by:    rwatson (mentor)
    MFC after:      1 month
  
  Revision  Changes    Path
  1.57.8.4  +7 -5      src/usr.sbin/pw/pw_user.c
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"

Comment 11 Antoine Brodin freebsd_committer

2008-07-28 21:14:29 UTC

State Changed
From-To: patched->closed

Close: fix committed in head, releng_6 and releng_7. 
Thanks for the report!