RE: [webmin-l] Change Password error

[Jamie C. <jca...@we...>]

Hi Dave,
You are absolutely correct .. that is a bug in Webmin, and your change fixes it. I didn't notice it myself as I don't usually have that module setup to force the admin to re-enter the old password when changing..

 - Jamie

-----Original Message-----

From:  Dave Isaacs <dav...@en...>
Subj:  RE: [webmin-l] Change Password error
Date:  Sat 18 Feb 2006 2:43 am
Size:  2K
To:  "'web...@li...'" <web...@li...>

I think I found the problem.
 
Below is a snippet from passwd/save_passwd.cgi (shown with line numbers).
Note line 70, where $user gets assigned.  I think this line should be up at
line 55.  If I compare this version of save_passwd.cgi to one from an older
version of Webmin (v1.170 to be specific), in the older version the code to
assign $user does occur before the "# Validate inputs" comment.
 
I tried moving line 70 to line 55 as described above, and the problem I was
having validating the old password went away.
 
Unfortunately this did not fix my original problem (the "Failed to encrypt
password" error), so the tweak to the unix_crypt() subroutine you described
is still necessary.
 
    53          # Update the config files directly via the useradmin module
    54          &foreign_require("useradmin", "user-lib.pl");
    55
    56          # Validate inputs
    57          if ($access{'old'} == 1 ||
    58              $access{'old'} == 2 && $user->{'user'} ne $remote_user)
{
    59                  &unix_crypt($in{'old'}, $user->{'pass'}) eq
$user->{'pass'} ||
    60                          &error($text{'passwd_eold'});
    61                  }
    62          if ($access{'repeat'}) {
    63                  $in{'new'} eq $in{'repeat'} ||
&error($text{'passwd_erepeat'});
    64                  }
    65          $err = &useradmin::check_password_restrictions(
    66                  $in{'new'}, $in{'user'});
    67          &error($err) if ($err);
    68
    69          # Find the user, either in local password file or LDAP
    70          $user = &find_user($in{'user'});
    71
    72          if ($user) {
    73                  &can_edit_passwd([ $user->{'user'}, $user->{'pass'},
    74                                     $user->{'uid'}, $user->{'gid'} ])
||
    75                          &error($text{'passwd_ecannot'});
    76
    77                  # Actually do the change
    78                  &change_password($user, $in{'new'},
    79                          $access{'others'} == 1 ||
    80                          $access{'others'} == 2 && $in{'others'});
    81                  }
    82          else {
    83                  &error($text{'passwd_euser'});
    84                  }
    85          delete($user->{'plainpass'});
    86          delete($user->{'pass'});
    87          &webmin_log("passwd", undef, $user->{'user'}, $user);
    88          }

Thanks
 
Dave I

-----Original Message-----
From: web...@li...
[mailto:web...@li...] On Behalf Of Dave Isaacs
Sent: Friday, February 17, 2006 10:10 AM
To: 'web...@li...'
Subject: RE: [webmin-l] Change Password error



Here is the line from /etc/shadow 

entconfig:FTtGqKpdrEpjg:13196:0:99999:7::: 

In Users and Groups, the Pre-encrypted password shows up as FTtGqKpdrEpjg. 

Thanks 

Dave I 

--- message truncated ---