Improve usability of 'openssl passwd' by including
password verification where it makes sense.
This commit is contained in:
parent
28fd5c60de
commit
db70a3fd6e
12
CHANGES
12
CHANGES
@ -4,6 +4,18 @@
|
|||||||
|
|
||||||
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
|
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
|
||||||
|
|
||||||
|
*) In 'openssl passwd', verify passwords read from the terminal
|
||||||
|
unless the '-salt' option is used (which usually means that
|
||||||
|
verification would just waste user's time since the resulting
|
||||||
|
hash is going to be compared with some given password hash)
|
||||||
|
or the new '-noverify' option is used.
|
||||||
|
|
||||||
|
This is an incompatible change, but it does not affect
|
||||||
|
non-interactive use of 'openssl passwd' (passwords on the command
|
||||||
|
line, '-stdin' option, '-in ...' option) and thus should not
|
||||||
|
cause any problems.
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
*) Remove all references to RSAref, since there's no more need for it.
|
*) Remove all references to RSAref, since there's no more need for it.
|
||||||
[Richard Levitte]
|
[Richard Levitte]
|
||||||
|
|
||||||
|
@ -50,6 +50,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
|||||||
* -salt string - salt
|
* -salt string - salt
|
||||||
* -in file - read passwords from file
|
* -in file - read passwords from file
|
||||||
* -stdin - read passwords from stdin
|
* -stdin - read passwords from stdin
|
||||||
|
* -noverify - never verify when reading password from terminal
|
||||||
* -quiet - no warnings
|
* -quiet - no warnings
|
||||||
* -table - format output as table
|
* -table - format output as table
|
||||||
* -reverse - switch table columns
|
* -reverse - switch table columns
|
||||||
@ -62,6 +63,7 @@ int MAIN(int argc, char **argv)
|
|||||||
int ret = 1;
|
int ret = 1;
|
||||||
char *infile = NULL;
|
char *infile = NULL;
|
||||||
int in_stdin = 0;
|
int in_stdin = 0;
|
||||||
|
int in_noverify = 0;
|
||||||
char *salt = NULL, *passwd = NULL, **passwds = NULL;
|
char *salt = NULL, *passwd = NULL, **passwds = NULL;
|
||||||
char *salt_malloc = NULL, *passwd_malloc = NULL;
|
char *salt_malloc = NULL, *passwd_malloc = NULL;
|
||||||
size_t passwd_malloc_size = 0;
|
size_t passwd_malloc_size = 0;
|
||||||
@ -128,6 +130,8 @@ int MAIN(int argc, char **argv)
|
|||||||
else
|
else
|
||||||
badopt = 1;
|
badopt = 1;
|
||||||
}
|
}
|
||||||
|
else if (strcmp(argv[i], "-noverify") == 0)
|
||||||
|
in_noverify = 1;
|
||||||
else if (strcmp(argv[i], "-quiet") == 0)
|
else if (strcmp(argv[i], "-quiet") == 0)
|
||||||
quiet = 1;
|
quiet = 1;
|
||||||
else if (strcmp(argv[i], "-table") == 0)
|
else if (strcmp(argv[i], "-table") == 0)
|
||||||
@ -174,6 +178,7 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err, "-salt string use provided salt\n");
|
BIO_printf(bio_err, "-salt string use provided salt\n");
|
||||||
BIO_printf(bio_err, "-in file read passwords from file\n");
|
BIO_printf(bio_err, "-in file read passwords from file\n");
|
||||||
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
|
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
|
||||||
|
BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
|
||||||
BIO_printf(bio_err, "-quiet no warnings\n");
|
BIO_printf(bio_err, "-quiet no warnings\n");
|
||||||
BIO_printf(bio_err, "-table format output as table\n");
|
BIO_printf(bio_err, "-table format output as table\n");
|
||||||
BIO_printf(bio_err, "-reverse switch table columns\n");
|
BIO_printf(bio_err, "-reverse switch table columns\n");
|
||||||
@ -222,7 +227,7 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
passwds = passwds_static;
|
passwds = passwds_static;
|
||||||
if (in == NULL)
|
if (in == NULL)
|
||||||
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
|
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
|
||||||
goto err;
|
goto err;
|
||||||
passwds[0] = passwd_malloc;
|
passwds[0] = passwd_malloc;
|
||||||
}
|
}
|
||||||
|
@ -13,6 +13,7 @@ B<openssl passwd>
|
|||||||
[B<-salt> I<string>]
|
[B<-salt> I<string>]
|
||||||
[B<-in> I<file>]
|
[B<-in> I<file>]
|
||||||
[B<-stdin>]
|
[B<-stdin>]
|
||||||
|
[B<-noverify>]
|
||||||
[B<-quiet>]
|
[B<-quiet>]
|
||||||
[B<-table>]
|
[B<-table>]
|
||||||
{I<password>}
|
{I<password>}
|
||||||
@ -22,7 +23,7 @@ B<openssl passwd>
|
|||||||
The B<passwd> command computes the hash of a password typed at
|
The B<passwd> command computes the hash of a password typed at
|
||||||
run-time or the hash of each password in a list. The password list is
|
run-time or the hash of each password in a list. The password list is
|
||||||
taken from the named file for option B<-in file>, from stdin for
|
taken from the named file for option B<-in file>, from stdin for
|
||||||
option B<-stdin>, and from the command line otherwise.
|
option B<-stdin>, or from the command line, or from the terminal otherwise.
|
||||||
The Unix standard algorithm B<crypt> and the MD5-based BSD password
|
The Unix standard algorithm B<crypt> and the MD5-based BSD password
|
||||||
algorithm B<1> and its Apache variant B<apr1> are available.
|
algorithm B<1> and its Apache variant B<apr1> are available.
|
||||||
|
|
||||||
@ -45,6 +46,7 @@ Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
|
|||||||
=item B<-salt> I<string>
|
=item B<-salt> I<string>
|
||||||
|
|
||||||
Use the specified salt.
|
Use the specified salt.
|
||||||
|
When reading a password from the terminal, this implies B<-noverify>.
|
||||||
|
|
||||||
=item B<-in> I<file>
|
=item B<-in> I<file>
|
||||||
|
|
||||||
@ -54,6 +56,10 @@ Read passwords from I<file>.
|
|||||||
|
|
||||||
Read passwords from B<stdin>.
|
Read passwords from B<stdin>.
|
||||||
|
|
||||||
|
=item B<-noverify>
|
||||||
|
|
||||||
|
Don't verify when reading a password from the terminal.
|
||||||
|
|
||||||
=item B<-quiet>
|
=item B<-quiet>
|
||||||
|
|
||||||
Don't output warnings when passwords given at the command line are truncated.
|
Don't output warnings when passwords given at the command line are truncated.
|
||||||
|
Loading…
Reference in New Issue
Block a user