gnustep/libs-ec
0
0
Fork 0
mirror of https://github.com/gnustep/libs-ec.git synced 2025-02-21 02:41:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Reverse logic of command blocking to be blocked by default.

Browse source
This commit is contained in:
Richard Frith-Macdonald 2023-03-10 16:01:19 +00:00
parent 1da13e9444
commit 82acb9d313
6 changed files with 165 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
ChangeLog
View file

@ -1,3 +1,14 @@
2023-03-10 Richard Frith-Macdonald <rfm@gnu.org>
* EcCommand.m:
* EcControl.m:
* EcProcess.h:
* EcProcess.m:
* Operators.plist:
Change Blocked array to Commands array so we list commands that the
operator is allowed to use and default (where a Commands array is
defined) to blocking all commands.
2023-03-08 Richard Frith-Macdonald <rfm@gnu.org> 2023-03-08 Richard Frith-Macdonald <rfm@gnu.org>
* EcCommand.m: * EcCommand.m:

36
EcCommand.m
View file

@ -105,17 +105,17 @@ static int comp(NSString *s0, NSString *s1)
} }
} }
static BOOL matchCmd(NSString *word, NSString *reference, NSArray *blocked) static BOOL matchCmd(NSString *word, NSString *reference, NSArray *allow)
{ {
if (comp(word, reference) < 0) if (comp(word, reference) < 0)
{ {
return NO; return NO;
} }
if ([blocked containsObject: reference]) if (nil == allow || [allow containsObject: reference])
{ {
return NO; return YES;
} }
return YES; return NO;
} }
static NSString* static NSString*
@ -4331,7 +4331,7 @@ NSLog(@"Problem %@", localException);
} }
else if (t == nil) else if (t == nil)
{ {
NSArray *blocked = [self ecBlocked: f]; NSArray *allow = [self ecCommands: f];
NSString *m = @""; NSString *m = @"";
NSString *wd = cmdWord(cmd, 0); NSString *wd = cmdWord(cmd, 0);
@ -4339,7 +4339,7 @@ NSLog(@"Problem %@", localException);
{ {
/* Quietly ignore. */ /* Quietly ignore. */
} }
else if (matchCmd(wd, @"alarms", blocked)) else if (matchCmd(wd, @"alarms", allow))
{ {
NSMutableArray *a = [NSMutableArray array]; NSMutableArray *a = [NSMutableArray array];
NSEnumerator *e = [launchInfo objectEnumerator]; NSEnumerator *e = [launchInfo objectEnumerator];
@ -4370,14 +4370,14 @@ NSLog(@"Problem %@", localException);
} }
} }
} }
else if (matchCmd(wd, @"archive", blocked)) else if (matchCmd(wd, @"archive", allow))
{ {
NSCalendarDate *when; NSCalendarDate *when;
m = [NSString stringWithFormat: @"\n%@\n", [self ecArchive: nil]]; m = [NSString stringWithFormat: @"\n%@\n", [self ecArchive: nil]];
when = [NSCalendarDate date]; when = [NSCalendarDate date];
} }
else if (matchCmd(wd, @"clear", blocked)) else if (matchCmd(wd, @"clear", allow))
{ {
NSMutableArray *a = [NSMutableArray array]; NSMutableArray *a = [NSMutableArray array];
NSEnumerator *e = [launchInfo objectEnumerator]; NSEnumerator *e = [launchInfo objectEnumerator];
@ -4458,7 +4458,7 @@ NSLog(@"Problem %@", localException);
} }
} }
} }
else if (matchCmd(wd, @"help", blocked)) else if (matchCmd(wd, @"help", allow))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] == 0) if ([wd length] == 0)
@ -4579,7 +4579,7 @@ NSLog(@"Problem %@", localException);
} }
} }
} }
else if (matchCmd(wd, @"launch", blocked)) else if (matchCmd(wd, @"launch", allow))
{ {
if (NO == launchEnabled) if (NO == launchEnabled)
{ {
@ -4725,7 +4725,7 @@ NSLog(@"Problem %@", localException);
m = @"I need the name of a program to launch.\n"; m = @"I need the name of a program to launch.\n";
} }
} }
else if (matchCmd(wd, @"list", blocked)) else if (matchCmd(wd, @"list", allow))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] == 0 || comp(wd, @"clients") >= 0) if ([wd length] == 0 || comp(wd, @"clients") >= 0)
@ -4833,7 +4833,7 @@ NSLog(@"Problem %@", localException);
} }
} }
} }
else if (matchCmd(wd, @"memory", blocked)) else if (matchCmd(wd, @"memory", allow))
{ {
if (GSDebugAllocationActive(YES) == NO) if (GSDebugAllocationActive(YES) == NO)
{ {
@ -4856,7 +4856,7 @@ NSLog(@"Problem %@", localException);
m = [NSString stringWithCString: list]; m = [NSString stringWithCString: list];
} }
} }
else if (matchCmd(wd, @"quit", blocked)) else if (matchCmd(wd, @"quit", allow))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] > 0) if ([wd length] > 0)
@ -4972,7 +4972,7 @@ NSLog(@"Problem %@", localException);
m = @"Quit what?.\n"; m = @"Quit what?.\n";
} }
} }
else if (matchCmd(wd, @"restart", blocked)) else if (matchCmd(wd, @"restart", allow))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] > 0) if ([wd length] > 0)
@ -5075,7 +5075,7 @@ NSLog(@"Problem %@", localException);
m = @"Restart what?.\n"; m = @"Restart what?.\n";
} }
} }
else if (matchCmd(wd, @"resume", blocked)) else if (matchCmd(wd, @"resume", allow))
{ {
if (NO == launchEnabled) if (NO == launchEnabled)
{ {
@ -5089,7 +5089,7 @@ NSLog(@"Problem %@", localException);
m = @"Launching was/is not suspended.\n"; m = @"Launching was/is not suspended.\n";
} }
} }
else if (matchCmd(wd, @"status", blocked)) else if (matchCmd(wd, @"status", allow))
{ {
m = [self description]; m = [self description];
if ([(wd = cmdWord(cmd, 1)) length] > 0) if ([(wd = cmdWord(cmd, 1)) length] > 0)
@ -5137,7 +5137,7 @@ NSLog(@"Problem %@", localException);
} }
} }
} }
else if (matchCmd(wd, @"suspend", blocked)) else if (matchCmd(wd, @"suspend", allow))
{ {
if (NO == launchEnabled) if (NO == launchEnabled)
{ {
@ -5149,7 +5149,7 @@ NSLog(@"Problem %@", localException);
m = @"Launching is now suspended.\n"; m = @"Launching is now suspended.\n";
} }
} }
else if (matchCmd(wd, @"tell", blocked)) else if (matchCmd(wd, @"tell", nil))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] > 0) if ([wd length] > 0)

64
EcControl.m
View file

@ -98,17 +98,17 @@ static int comp(NSString *s0, NSString *s1)
} }
} }
static BOOL matchCmd(NSString *word, NSString *reference, NSArray *blocked) static BOOL matchCmd(NSString *word, NSString *reference, NSArray *allow)
{ {
if (comp(word, reference) < 0) if (comp(word, reference) < 0)
{ {
return NO; return NO;
} }
if ([blocked containsObject: reference]) if (nil == allow || [allow containsObject: reference])
{ {
return NO; return YES;
} }
return YES; return NO;
} }
static NSString* cmdWord(NSArray* a, unsigned int pos) static NSString* cmdWord(NSArray* a, unsigned int pos)
@ -721,7 +721,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
else else
{ {
NSMutableString *full; NSMutableString *full;
NSArray *blocked; NSArray *allow;
NSString *hname = nil; NSString *hname = nil;
NSString *m = @""; NSString *m = @"";
NSString *wd = cmdWord(cmd, 0); NSString *wd = cmdWord(cmd, 0);
@ -845,9 +845,9 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
} }
} }
/* Find the commands blocked for this user. /* Find the commands allowed for this user.
*/ */
blocked = [self ecBlocked: [console name]]; allow = [self ecCommands: [console name]];
if (connected == YES || hname != nil) if (connected == YES || hname != nil)
{ {
@ -965,7 +965,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
{ {
/* Quietly ignore. */ /* Quietly ignore. */
} }
else if (matchCmd(wd, @"alarms", blocked)) else if (matchCmd(wd, @"alarms", allow))
{ {
NSArray *a = [sink alarms]; NSArray *a = [sink alarms];
@ -988,11 +988,11 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
} }
} }
} }
else if (matchCmd(wd, @"archive", blocked)) else if (matchCmd(wd, @"archive", allow))
{ {
m = [NSString stringWithFormat: @"\n%@\n\n", [self ecArchive: nil]]; m = [NSString stringWithFormat: @"\n%@\n\n", [self ecArchive: nil]];
} }
else if (matchCmd(wd, @"clear", blocked)) else if (matchCmd(wd, @"clear", allow))
{ {
NSArray *a = [sink alarms]; NSArray *a = [sink alarms];
unsigned index = 1; unsigned index = 1;
@ -1054,7 +1054,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
@"external SNMP monitoring systems.\n"; @"external SNMP monitoring systems.\n";
} }
} }
else if (matchCmd(wd, @"connect", blocked)) else if (matchCmd(wd, @"connect", nil))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] == 0) if ([wd length] == 0)
@ -1066,7 +1066,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
[console setConnectedServ: wd]; [console setConnectedServ: wd];
} }
} }
else if (matchCmd(wd, @"config", blocked)) else if (matchCmd(wd, @"config", allow))
{ {
BOOL changed; BOOL changed;
@ -1102,13 +1102,13 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
to: nil to: nil
from: nil]; from: nil];
} }
else if (matchCmd(wd, @"flush", blocked)) else if (matchCmd(wd, @"flush", allow))
{ {
[alerter flushSms]; [alerter flushSms];
[alerter flushEmail]; [alerter flushEmail];
m = @"Flushed alert messages\n"; m = @"Flushed alert messages\n";
} }
else if (matchCmd(wd, @"help", blocked)) else if (matchCmd(wd, @"help", allow))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] == 0) if ([wd length] == 0)
@ -1330,7 +1330,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
} }
} }
} }
else if (matchCmd(wd, @"host", blocked)) else if (matchCmd(wd, @"host", allow))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] == 0) if ([wd length] == 0)
@ -1348,7 +1348,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
} }
} }
} }
else if (matchCmd(wd, @"list", blocked)) else if (matchCmd(wd, @"list", allow))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] > 0 && comp(wd, @"consoles") >= 0) if ([wd length] > 0 && comp(wd, @"consoles") >= 0)
@ -1425,7 +1425,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
} }
} }
} }
else if (matchCmd(wd, @"memory", blocked)) else if (matchCmd(wd, @"memory", allow))
{ {
if (GSDebugAllocationActive(YES) == NO) if (GSDebugAllocationActive(YES) == NO)
{ {
@ -1448,7 +1448,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
m = [NSString stringWithCString: list]; m = [NSString stringWithCString: list];
} }
} }
else if (matchCmd(wd, @"quit", blocked)) else if (matchCmd(wd, @"quit", allow))
{ {
m = @"Try 'help quit' for information about shutting down.\n"; m = @"Try 'help quit' for information about shutting down.\n";
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
@ -1460,7 +1460,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
exit(0); exit(0);
} }
} }
else if (matchCmd(wd, @"restart", blocked)) else if (matchCmd(wd, @"restart", allow))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] > 0 && comp(wd, @"self") == 0) if ([wd length] > 0 && comp(wd, @"self") == 0)
@ -1513,7 +1513,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
@" or 'on host restart ...\n"; @" or 'on host restart ...\n";
} }
} }
else if (matchCmd(wd, @"set", blocked)) else if (matchCmd(wd, @"set", allow))
{ {
m = @"ok - set confirmed.\n"; m = @"ok - set confirmed.\n";
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
@ -1563,11 +1563,11 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
m = @"unknown parameter to 'set'\n"; m = @"unknown parameter to 'set'\n";
} }
} }
else if (matchCmd(wd, @"status", blocked)) else if (matchCmd(wd, @"status", allow))
{ {
m = [self description]; m = [self description];
} }
else if (matchCmd(wd, @"suppress", blocked)) else if (matchCmd(wd, @"suppress", allow))
{ {
NSArray *a = [sink alarms]; NSArray *a = [sink alarms];
unsigned index = 1; unsigned index = 1;
@ -1608,7 +1608,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
@"external SNMP monitoring systems.\n"; @"external SNMP monitoring systems.\n";
} }
} }
else if (matchCmd(wd, @"tell", blocked)) else if (matchCmd(wd, @"tell", nil))
{ {
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
if ([wd length] > 0) if ([wd length] > 0)
@ -1647,7 +1647,7 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
m = @"Tell where?.\n"; m = @"Tell where?.\n";
} }
} }
else if (matchCmd(wd, @"unset", blocked)) else if (matchCmd(wd, @"unset", allow))
{ {
m = @"ok - unset confirmed.\n"; m = @"ok - unset confirmed.\n";
wd = cmdWord(cmd, 1); wd = cmdWord(cmd, 1);
@ -2317,12 +2317,26 @@ static NSString* cmdWord(NSArray* a, unsigned int pos)
return @"Unknown user name"; return @"Unknown user name";
} }
/* We have three cases: /* We have four cases:
* Empty/missing Password ... can log in without a password * Empty/missing Password ... can log in without a password
* Password == User ... can log in with username as password * Password == User ... can log in with username as password
* Password == '-' ... login prohibited
* Other ... the entered password must hash to the stored one * Other ... the entered password must hash to the stored one
* (or be equal to the stored one if built without crypt). * (or be equal to the stored one if built without crypt).
*/ */
if ([passwd isEqual: @"-"])
{
m = [NSString stringWithFormat:
cmdLogFormat(LT_AUDIT,
@"CONSOLE_LOGIN_FAILED 1 Rejected console with"
@" info '%@' (prohibited user)"), n];
[self information: m
type: LT_AUDIT
to: nil
from: nil];
return @"Bad username/password combination";
}
if (passwd && [passwd length]) if (passwd && [passwd length])
{ {
#if defined(HAVE_LIBCRYPT) #if defined(HAVE_LIBCRYPT)

4
EcProcess.h
View file

@ -1169,10 +1169,10 @@ extern NSString* cmdVersion(NSString *ver);
*/ */
- (BOOL) cmdMatch: (NSString*)val toKey: (NSString*)key; - (BOOL) cmdMatch: (NSString*)val toKey: (NSString*)key;
/** Returns an array of commands that the named operator is not permitted /** Returns an array of commands that the named operator is permitted
* to use. * to use.
*/ */
- (NSArray*) ecBlocked: (NSString*)operator; - (NSArray*) ecCommands: (NSString*)operator;
/** Sets the operator config. /** Sets the operator config.
*/ */

84
EcProcess.m
View file

@ -994,7 +994,7 @@ setMemBase()
* if there was a match but it was in the array of commands to be blockd. * if there was a match but it was in the array of commands to be blockd.
*/ */
static NSString* static NSString*
findAction(NSString *cmd, NSArray *blocked) findAction(NSString *cmd, NSArray *allow)
{ {
NSString *found = nil; NSString *found = nil;
BOOL match = NO; BOOL match = NO;
@ -1002,7 +1002,7 @@ findAction(NSString *cmd, NSArray *blocked)
cmd = [cmd lowercaseString]; cmd = [cmd lowercaseString];
[ecLock lock]; [ecLock lock];
if (nil == (found = [cmdActions member: cmd]) if (nil == (found = [cmdActions member: cmd])
|| [blocked containsObject: found]) || (allow && NO == [allow containsObject: found]))
{ {
NSEnumerator *enumerator; NSEnumerator *enumerator;
NSString *name; NSString *name;
@ -1018,9 +1018,9 @@ findAction(NSString *cmd, NSArray *blocked)
if (YES == [name hasPrefix: cmd]) if (YES == [name hasPrefix: cmd])
{ {
match = YES; match = YES;
if ([blocked containsObject: name]) if (allow && NO == [allow containsObject: name])
{ {
continue; // This match is blocked continue; // This match is not allowed
} }
else if (nil == found) else if (nil == found)
{ {
@ -4272,11 +4272,12 @@ NSLog(@"Ignored attempt to set timer interval to %g ... using 10.0", interval);
[ecLock unlock]; [ecLock unlock];
} }
- (NSArray*) ecBlocked: (NSString*)operator - (NSArray*) ecCommands: (NSString*)operator
{ {
NSArray *blocked = nil; static NSArray *empty = nil;
NSString *name; NSArray *allow = nil;
id obj; NSString *name;
id obj;
if (nil == operator) if (nil == operator)
{ {
@ -4297,34 +4298,63 @@ NSLog(@"Ignored attempt to set timer interval to %g ... using 10.0", interval);
} }
[ecLock lock]; [ecLock lock];
if (nil == empty)
{
empty = [NSArray new];
}
obj = [ecOperators objectForKey: name]; obj = [ecOperators objectForKey: name];
if (NO == [obj isKindOfClass: [NSDictionary class]])
{
NSLog(@"Operator '%@' not found; no access to commands", operator);
obj = empty;
}
else if (nil == [obj objectForKey: @"Commands"] && [name length] > 0)
{
obj = [ecOperators objectForKey: @""];
if (NO == [obj isKindOfClass: [NSDictionary class]])
{
obj = nil; // Non-dictionary default entry ignored.
}
}
if ([obj isKindOfClass: [NSDictionary class]]) if ([obj isKindOfClass: [NSDictionary class]])
{ {
obj = [obj objectForKey: @"Blocked"]; obj = [obj objectForKey: @"Commands"];
} if ([obj isKindOfClass: [NSString class]])
else
{
obj = nil;
}
if (nil == obj && [operator length] > 0)
{
obj = [ecOperators objectForKey: @""]; // default
if ([obj isKindOfClass: [NSDictionary class]])
{ {
obj = [obj objectForKey: @"Blocked"]; /* A string is the name to get the Commands of another agent.
*/
name = (NSString*)obj;
obj = [ecOperators objectForKey: name];
if ([obj isKindOfClass: [NSDictionary class]])
{
obj = [obj objectForKey: @"Commands"];
if (NO == [obj isKindOfClass: [NSArray class]])
{
NSLog(@"Operator '%@' Commands link to '%@' which does"
@" not have Commands; no access to commands",
operator, name);
obj = empty;
}
}
else
{
NSLog(@"Operator '%@' Commands link to '%@' not found;"
@" no access to commands", operator, name);
obj = empty;
}
} }
else else if (obj != nil && NO == [obj isKindOfClass: [NSArray class]])
{ {
obj = nil; NSLog(@"Operator '%@' Commands entry invalid;"
@" no access to commands", operator);
obj = empty;
} }
} }
if ([obj isKindOfClass: [NSArray class]]) allow = (NSArray*)AUTORELEASE(RETAIN(obj));
{
blocked = (NSArray*)AUTORELEASE(RETAIN(obj));
}
[ecLock unlock]; [ecLock unlock];
return blocked; return allow;
} }
- (NSString*) ecMesg: (NSArray*)msg from: (NSString*)operator - (NSString*) ecMesg: (NSArray*)msg from: (NSString*)operator
@ -4339,7 +4369,7 @@ NSLog(@"Ignored attempt to set timer interval to %g ... using 10.0", interval);
return @"no command specified\n"; return @"no command specified\n";
} }
cmd = findAction([msg objectAtIndex: 0], [self ecBlocked: operator]); cmd = findAction([msg objectAtIndex: 0], [self ecCommands: operator]);
if (nil == cmd) if (nil == cmd)
{ {
return @"unrecognised command\n"; return @"unrecognised command\n";

44
Operators.plist
View file

@ -1,12 +1,39 @@
{ {
/* This file configures the names/passwords of the people allowed to use /* This file configures the names/passwords of the people allowed to use
* the Console program to control the system. * the Console program to control the system and the commands that each
* operator may use.
*
* On systems where security is not an issue, the Password my be an empty * On systems where security is not an issue, the Password my be an empty
* string (allows any login attempt) or may be identical to the username * string (allows any login attempt) or may be identical to the username
* (the user must enter their username as their password). * (the user must enter their username as their password).
*
* The format for a hashed password is that created by the mkpasswd * The format for a hashed password is that created by the mkpasswd
* program and the crypt() function. The SHA512 hash (starts '$6$') * program and the crypt() function. The SHA512 hash (starts '$6$')
* is preferred. * is preferred.
*
* As a special case, the password '-' may be used for a dummy operator
* entry which does not permit login to the Console, but defines a set
* of commands referenced from other entries.
*
* The (optional) Commands value is either an array listing the commands
* that the operator can use, or the name of another operator entry which
* contains such a list of commands.
*
* The omission of the Commands entry means that the commands array is
* supplied from the default entry (if there is one).
* If there is no Commands entry for the operator, and no entry for the
* default operator (or no default operator), all commands are available,
* but otherwise any error in the config (a Commands entry which is neither
* a string nor an array, or a string which does not reference an operator
* entry with a Command arry) means that no commands are available.
*
* NB. There are a few special cases for commands as follows:
* The 'quit' command is always permitted for the Console itself, and
* only needs to be listed to quit client processes, Command or Control.
* The special key words for routing commands; 'connect', 'tell', and 'on'
* are not considered to be commands and therefore do not need to be
* listed in Commands arrays.
*
* Just add a definition for yourself as below: * Just add a definition for yourself as below:
*/ */
richard = { richard = {
@ -20,21 +47,23 @@
Password = ""; Password = "";
}; };
/* If a Blocked array is supplied, the operator is prevented from /* Where a Commands array is supplied, the operator is prevented from
* using any of the commands listed in the array. * using any of the commands not listed in the array.
*/ */
restricted = { restricted = {
Password = hashedPasswordOrUsernameOrEmptyString; Password = hashedPasswordOrUsernameOrEmptyString;
Blocked = ( Commands = (
launch, launch,
list,
quit, quit,
restart restart,
status
); );
}; };
/* If the entry with no name exists, it will be used to allow login for /* If the entry with no name exists, it will be used to allow login for
* any username which doesn't exist in this file. * any username which doesn't exist in this file.
* This entry will also be used to supply a Blocked array for any user * This entry will also be used to supply a Commands array for any user
* whose own entry does not supply one. * whose own entry does not supply one.
* The format for a hashed password is that created by the mkpasswd * The format for a hashed password is that created by the mkpasswd
* program and the crypt() function. The SHA512 hash (starts '$6$') * program and the crypt() function. The SHA512 hash (starts '$6$')
@ -42,6 +71,9 @@
*/ */
"" = { "" = {
Password = hashedPasswordOrEmptyString; Password = hashedPasswordOrEmptyString;
Commands = (
status
);
}; };
} }