shadow
/
shadow-Remove-encrypted-passwd-for-us...

From 280a8474ad87f44f9620eeac75cbf8a34b5edc2f Mon Sep 17 00:00:00 2001
From: xiongshenglan <xiongshenglan@huawei.com>
Date: Thu, 27 Jul 2023 09:30:16 +0800
Subject: [PATCH] shadow: Remove encrypted passwd for
 useradd-groupadd-groupmod-usermod

Remove encrypted passwd for useradd/groupadd/groupmod/usermod
In groupadd/useradd, p parameter does not meet password complexity checks. Do
not satisfy security requirements.

Signed-off-by: xiongshenglan <xiongshenglan@huawei.com>
---
 src/groupadd.c | 4 ++++
 src/groupmod.c | 4 ++++
 src/useradd.c  | 4 ++++
 src/usermod.c  | 4 ++++
 4 files changed, 16 insertions(+)

diff --git a/src/groupadd.c b/src/groupadd.c
index 2eda1c6..d9b920f 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -105,7 +105,9 @@ usage (int status)
 	(void) fputs (_("  -K, --key KEY=VALUE           override /etc/login.defs defaults\n"), usageout);
 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
 	                "                                (non-unique) GID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
+#endif
 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
 	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
@@ -435,10 +437,12 @@ static void process_flags (int argc, char **argv)
 		case 'o':
 			oflg = true;
 			break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
 		case 'p':
 			pflg = true;
 			group_passwd = optarg;
 			break;
+#endif
 		case 'r':
 			rflg = true;
 			break;
diff --git a/src/groupmod.c b/src/groupmod.c
index 7fd02d6..522b65e 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -121,8 +121,10 @@ static void usage (int status)
 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
 	(void) fputs (_("  -n, --new-name NEW_GROUP      change the name to NEW_GROUP\n"), usageout);
 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
 	                "                                PASSWORD\n"), usageout);
+#endif
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
 	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
 	(void) fputs (_("  -U, --users USERS             list of user members of this group\n"), usageout);
@@ -431,10 +433,12 @@ static void process_flags (int argc, char **argv)
 		case 'o':
 			oflg = true;
 			break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
 		case 'p':
 			group_passwd = optarg;
 			pflg = true;
 			break;
+#endif
 		case 'R': /* no-op, handled in process_root_flag () */
 			break;
 		case 'P': /* no-op, handled in process_prefix_flag () */
diff --git a/src/useradd.c b/src/useradd.c
index 677ea5a..209ab9c 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -970,7 +970,9 @@ static void usage (int status)
 	                "                                the user\n"), usageout);
 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
 	                "                                (non-unique) UID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
+#endif
 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
 	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
@@ -1442,6 +1444,7 @@ static void process_flags (int argc, char **argv)
 			case 'o':
 				oflg = true;
 				break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
 			case 'p':	/* set encrypted password */
 				if (!VALID (optarg)) {
 					fprintf (stderr,
@@ -1451,6 +1454,7 @@ static void process_flags (int argc, char **argv)
 				}
 				user_pass = optarg;
 				break;
+#endif
 			case 'r':
 				rflg = true;
 				break;
diff --git a/src/usermod.c b/src/usermod.c
index 0a18709..b40b569 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -393,7 +393,9 @@ usage (int status)
 	(void) fputs (_("  -m, --move-home               move contents of the home directory to the\n"
 	                "                                new location (use only with -d)\n"), usageout);
 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
+#endif
 	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
 	(void) fputs (_("  -r, --remove                  remove the user from only the supplemental GROUPS\n"
 	                "                                mentioned by the -G option without removing\n"
@@ -1128,10 +1130,12 @@ static void process_flags (int argc, char **argv)
 			case 'o':
 				oflg = true;
 				break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
 			case 'p':
 				user_pass = optarg;
 				pflg = true;
 				break;
+#endif
 			case 'r':
 				rflg = true;
 				break;
--
2.27.0