packages/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!96 [sync] PR-94: shadow: Remove encrypted passwd for useradd-groupadd-groupmod-usermod

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot 2023-08-17 06:10:10 +00:00 committed by Gitee
commit 63fe17d2e5
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 138 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
shadow-Remove-encrypted-passwd-for-useradd-gr.patch Normal file
View File

@ -0,0 +1,133 @@
From 280a8474ad87f44f9620eeac75cbf8a34b5edc2f Mon Sep 17 00:00:00 2001
From: xiongshenglan <xiongshenglan@huawei.com>
Date: Thu, 27 Jul 2023 09:30:16 +0800
Subject: [PATCH] shadow: Remove encrypted passwd for
useradd-groupadd-groupmod-usermod
Remove encrypted passwd for useradd/groupadd/groupmod/usermod
In groupadd/useradd, p parameter does not meet password complexity checks. Do
not satisfy security requirements.
Signed-off-by: xiongshenglan <xiongshenglan@huawei.com>
---
src/groupadd.c | 4 ++++
src/groupmod.c | 4 ++++
src/useradd.c | 4 ++++
src/usermod.c | 4 ++++
4 files changed, 16 insertions(+)
diff --git a/src/groupadd.c b/src/groupadd.c
index d7f68b1..9b7a521 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -125,7 +125,9 @@ static /*@noreturn@*/void usage (int status)
(void) fputs (_(" -K, --key KEY=VALUE override /etc/login.defs defaults\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
" (non-unique) GID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
(void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
+#endif
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DI directory prefix\n"), usageout);
@@ -459,10 +461,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
case 'p':
pflg = true;
group_passwd = optarg;
break;
+#endif
case 'r':
rflg = true;
break;
diff --git a/src/groupmod.c b/src/groupmod.c
index acd6f35..f9dcabd 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -139,8 +139,10 @@ static void usage (int status)
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -n, --new-name NEW_GROUP change the name to NEW_GROUP\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
(void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
" PASSWORD\n"), usageout);
+#endif
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
(void) fputs (_(" -U, --users USERS list of user members of this group\n"), usageout);
@@ -449,10 +451,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
case 'p':
group_passwd = optarg;
pflg = true;
break;
+#endif
case 'R': /* no-op, handled in process_root_flag () */
break;
case 'P': /* no-op, handled in process_prefix_flag () */
diff --git a/src/useradd.c b/src/useradd.c
index 89abd5e..e5ba3dd 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -907,7 +907,9 @@ static void usage (int status)
" the user\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
" (non-unique) UID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
(void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
+#endif
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
@@ -1366,6 +1368,7 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
case 'p': /* set encrypted password */
if (!VALID (optarg)) {
fprintf (stderr,
@@ -1375,6 +1378,7 @@ static void process_flags (int argc, char **argv)
}
user_pass = optarg;
break;
+#endif
case 'r':
rflg = true;
break;
diff --git a/src/usermod.c b/src/usermod.c
index ca8db92..509a50b 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -435,7 +435,9 @@ static /*@noreturn@*/void usage (int status)
(void) fputs (_(" -m, --move-home move contents of the home directory to the\n"
" new location (use only with -d)\n"), usageout);
(void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
(void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout);
+#endif
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
(void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout);
@@ -1152,10 +1154,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
case 'p':
user_pass = optarg;
pflg = true;
break;
+#endif
case 'R': /* no-op, handled in process_root_flag () */
break;
case 'P': /* no-op, handled in process_prefix_flag () */
--
2.12.3

6
shadow.spec
View File

@ -1,6 +1,6 @@
Name: shadow Name: shadow
Version: 4.9 Version: 4.9
Release: 10 Release: 11
Epoch: 2 Epoch: 2
License: BSD and GPLv2+ License: BSD and GPLv2+
Summary: Tools for managing accounts and shadow password files Summary: Tools for managing accounts and shadow password files
@ -58,6 +58,7 @@ Patch38: backport-Overhaul-valid_field.patch
Patch39: backport-Read-whole-line-in-yes_or_no.patch Patch39: backport-Read-whole-line-in-yes_or_no.patch
Patch40: backport-commonio-free-removed-database-entries.patch Patch40: backport-commonio-free-removed-database-entries.patch
Patch41: backport-semanage-disconnect-to-free-libsemanage-internals.patch Patch41: backport-semanage-disconnect-to-free-libsemanage-internals.patch
Patch42: shadow-Remove-encrypted-passwd-for-useradd-gr.patch
BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
BuildRequires: libacl-devel, libattr-devel BuildRequires: libacl-devel, libattr-devel
@ -224,6 +225,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Fri Aug 15 2023 xiongshenglan<xiongshenglan@huawei.com> - 2:4.9-11
- Remove encrypted passwd for useradd-groupadd-groupmod-usermod
* Mon Jun 19 2023 wangyunjia <yunjia.wang@huawei.com> - 2:4.9-10 * Mon Jun 19 2023 wangyunjia <yunjia.wang@huawei.com> - 2:4.9-10
- backport patches from upstream - backport patches from upstream