diff --git a/backport-chpasswd-add-get_salt-for-generating-salt-value.patch b/backport-chpasswd-add-get_salt-for-generating-salt-value.patch new file mode 100644 index 0000000000000000000000000000000000000000..116f519d92d044e80643c49175b00fcad9a401b7 --- /dev/null +++ b/backport-chpasswd-add-get_salt-for-generating-salt-value.patch @@ -0,0 +1,117 @@ +From 6d1b10b9e516bd88fa34392395b0a7c6e6f54fd7 Mon Sep 17 00:00:00 2001 +From: juyin +Date: Thu, 31 Mar 2022 16:45:19 +0800 +Subject: [PATCH] chpasswd: add get_salt for generating salt value + +The function that generates the salt value is extracted separately, and it is more convenient to modify it later. + +Reference: https://github.com/shadow-maint/shadow/commit/a026154c6fca7c7e5d6d0723e0cc29d6cd9fa00a +Conflict: The EulerOS supports SM3. As a result, the patch is different. +--- + src/chpasswd.c | 73 +++++++++++++++++++++++++++----------------------- + 1 file changed, 39 insertions(+), 34 deletions(-) + +diff --git a/src/chpasswd.c b/src/chpasswd.c +index 5dfb995..708f973 100644 +--- a/src/chpasswd.c ++++ b/src/chpasswd.c +@@ -430,12 +430,54 @@ static void close_files (void) + pw_locked = false; + } + ++static const char *get_salt(void) ++{ ++ if ( !eflg ++ && ( (NULL == crypt_method) ++ || (0 != strcmp (crypt_method, "NONE")))) { ++ void *arg = NULL; ++ ++ if (md5flg) { ++ crypt_method = "MD5"; ++ } ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++ if (sflg) { ++#if defined(USE_SHA_CRYPT) ++ if ( (0 == strcmp (crypt_method, "SHA256")) ++ || (0 == strcmp (crypt_method, "SHA512"))) { ++ arg = &sha_rounds; ++ } ++#endif /* USE_SHA_CRYPT */ ++#if defined(USE_BCRYPT) ++ if (0 == strcmp (crypt_method, "BCRYPT")) { ++ arg = &bcrypt_rounds; ++ } ++#endif /* USE_BCRYPT */ ++#if defined(USE_YESCRYPT) ++ if (0 == strcmp (crypt_method, "YESCRYPT")) { ++ arg = &yescrypt_cost; ++ } ++#endif /* USE_YESCRYPT */ ++#if defined(USE_SM3_CRYPT) ++ if (0 == strcmp (crypt_method, "SM3")) { ++ arg = &sm3_rounds; ++ } ++#endif /* USE_SM3_CRYPT */ ++ } ++#endif ++ return crypt_make_salt (crypt_method, arg); ++ } ++ ++ return NULL; ++} ++ + int main (int argc, char **argv) + { + char buf[BUFSIZ]; + char *name; + char *newpwd; + char *cp; ++ const char *salt; + + #ifdef USE_PAM + bool use_pam = true; +@@ -545,40 +587,8 @@ int main (int argc, char **argv) + const struct passwd *pw; + struct passwd newpw; + +- if ( !eflg +- && ( (NULL == crypt_method) +- || (0 != strcmp (crypt_method, "NONE")))) { +- void *arg = NULL; +- const char *salt; +- if (md5flg) { +- crypt_method = "MD5"; +- } +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) +- if (sflg) { +-#if defined(USE_SHA_CRYPT) +- if ( (0 == strcmp (crypt_method, "SHA256")) +- || (0 == strcmp (crypt_method, "SHA512"))) { +- arg = &sha_rounds; +- } +-#endif /* USE_SHA_CRYPT */ +-#if defined(USE_BCRYPT) +- if (0 == strcmp (crypt_method, "BCRYPT")) { +- arg = &bcrypt_rounds; +- } +-#endif /* USE_BCRYPT */ +-#if defined(USE_YESCRYPT) +- if (0 == strcmp (crypt_method, "YESCRYPT")) { +- arg = &yescrypt_cost; +- } +-#endif /* USE_YESCRYPT */ +-#if defined(USE_SM3_CRYPT) +- if (0 == strcmp (crypt_method, "SM3")) { +- arg = &sm3_rounds; +- } +-#endif /* USE_SM3_CRYPT */ +- } +-#endif +- salt = crypt_make_salt (crypt_method, arg); ++ salt = get_salt(); ++ if (salt) { + cp = pw_encrypt (newpwd, salt); + if (NULL == cp) { + fprintf (stderr, +-- +2.33.0 diff --git a/backport-chpasswd-fix-function-problem-with-R-parameter.patch b/backport-chpasswd-fix-function-problem-with-R-parameter.patch new file mode 100644 index 0000000000000000000000000000000000000000..1d454ec339377c5f6b38503d880fbc8600af47f7 --- /dev/null +++ b/backport-chpasswd-fix-function-problem-with-R-parameter.patch @@ -0,0 +1,48 @@ +From 3732cf72d6f05fcd9d9f301eac84c1a61443e379 Mon Sep 17 00:00:00 2001 +From: juyin +Date: Thu, 31 Mar 2022 16:48:52 +0800 +Subject: [PATCH] chpasswd: fix function problem with -R parameter + +Generating salt value depends on /dev/urandom. But after the +function process_root_flag changed the root directory, It does +not exist. + +So, generate salt value before changeing the directory. + +Fixes: #514 + +Reference: https://github.com/shadow-maint/shadow/commit/3732cf72d6f05fcd9d9f301eac84c1a61443e379 +Conflict: NA +--- + src/chpasswd.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/chpasswd.c b/src/chpasswd.c +index 94e923ab..d0da14c6 100644 +--- a/src/chpasswd.c ++++ b/src/chpasswd.c +@@ -451,10 +451,11 @@ int main (int argc, char **argv) + (void) bindtextdomain (PACKAGE, LOCALEDIR); + (void) textdomain (PACKAGE); + +- process_root_flag ("-R", argc, argv); +- + process_flags (argc, argv); + ++ salt = get_salt(); ++ process_root_flag ("-R", argc, argv); ++ + #ifdef USE_PAM + if (md5flg || eflg || cflg) { + use_pam = false; +@@ -545,7 +546,6 @@ int main (int argc, char **argv) + const struct passwd *pw; + struct passwd newpw; + +- salt = get_salt(); + if (salt) { + cp = pw_encrypt (newpwd, salt); + if (NULL == cp) { +-- +2.23.0 + diff --git a/shadow.spec b/shadow.spec index 4cdd8fcd8fcdeb3fbc1d65e0701bf150cc4be142..77749ae519d9ff930d5d1ec817b214db9429aa92 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.9 -Release: 6 +Release: 7 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -46,6 +46,8 @@ Patch26: backport-Remove-commented-out-code-and-FIXMEs.patch Patch27: backport-Remove-redeclared-variable.patch Patch28: backport-libmisc-add-check-fopen-return-value-in-read_random_.patch Patch29: backport-passwd-erase-password-copy-on-all-error-branches.patch +Patch30: backport-chpasswd-add-get_salt-for-generating-salt-value.patch +Patch31: backport-chpasswd-fix-function-problem-with-R-parameter.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel @@ -212,6 +214,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la %{_mandir}/*/* %changelog +* Tue Nov 22 2022 yunjia_w - 2:4.9-7 +- chpasswd fix function problem with R parameter + * Mon Oct 31 2022 yunjia_w - 2:4.9-6 - add some backport to optimize some functions